diff --git a/AGENTS.md b/AGENTS.md index 015fca1..44ae58b 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -104,6 +104,7 @@ cd /tmp && npm pack @earendil-works/pi-coding-agent@0.75.5 && tar -xzf earendil- - **`actions/upload-artifact` and `actions/download-artifact` must stay at @v3 on Gitea.** v4+ uses a GitHub-Enterprise-specific Artifact API; runs fail with `GHESNotSupportedError`. If you need artifacts for a new reason (build logs, SBOMs, etc.), pin @v3 explicitly. - **Step scripts run under `/bin/sh` (dash), not bash.** Avoid bash-isms like `${VAR//a/b}` parameter-pattern substitution; use POSIX alternatives (`tr`, `sed`) or declare `shell: bash` on the step. - **`BUILDKIT_PROGRESS=plain`** is set at workflow level on `docker-publish-split.yml` so arm64-under-QEMU builds log each layer line-by-line. The default collapsed progress UI hides which step is stalled, which made diagnosing earlier hangs expensive. +- **`STRICT_REGISTRATION` gates the fork/recall *registration* smoke assertions.** `smoke-test.sh`'s two pi-extension registration checks (that `pi-fork`/`pi-observational-memory` registered in `~/.pi/agent/settings.json`) depend on the *base* entrypoint running `pi install /opt/`. `validate.yml` builds variants from the **published** `base-latest`, which lags the in-repo entrypoint until a release rebuilds the base — so those checks would false-negative there. They are therefore warn-only unless `STRICT_REGISTRATION=1`: `validate.yml` leaves it unset (warn), and `docker-publish-split.yml` (which builds the base fresh in the same run) sets `STRICT_REGISTRATION: "1"` on the three pi-bearing smoke jobs to enforce them. Build-time `/opt` + `node_modules` checks stay hard in both paths. If you touch the registration checks or the base-freshness model, keep this flag wiring in lockstep across both workflows. ## Testing changes diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f325d1..24ce8b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,17 @@ Tags follow `v{opencode_version}[letter]` — bare tag for the first build on a ## Unreleased +_(no changes since v1.15.13e)_ + +## v1.15.13e — 2026-06-04 + +Letter-suffix rebuild on opencode `1.15.13` (version unchanged). Picks up +**pi `0.78.1`** (resolved fresh by CI's `resolve-versions` job) plus the LAN-jump +key-persistence work, an entrypoint ownership fix for the new `devbox-ssh-local` +volume, a CI smoke false-negative fix, and documentation. Touches `entrypoint.sh` +and `setup-lan-access.sh` (both in the base hash), so `base-latest` / +`base-pi-only` advance and the fixes propagate to `pi-devbox`. + ### Docs: per-host `ControlPath` overrides break `pi --ssh` (read-only `~/.ssh`) Documented a gotcha in the README "Reaching your LAN" section: the bind-mounted @@ -61,7 +72,15 @@ stayed root-owned while `setup-lan-access.sh` runs as `developer` — both its the persistence change. `entrypoint.sh` now chowns `~/.ssh-local` to the developer user alongside the other named-volume mount points. -_(no other changes since v1.15.13d)_ +### Docs: document the optional `~/.config/devbox-shell` mount in the compose template + +`docker-compose.yml` now carries a commented-out `~/.config/devbox-shell` bind +mount with an explanatory note. It's the recommended home for host-owned shell +config: the image's `~/.bash_aliases` sources `~/.config/devbox-shell/bash_aliases` +if present, and `setup-lan-access.sh` reads `~/.config/devbox-shell/ssh-lan.conf` +for named-peer `ProxyJump host` overrides. A directory mount is preferred over +the single-file `~/.bash_aliases` mount because it survives editors' atomic-save. +Template comment only; no behavior change. ## v1.15.13d — 2026-06-04