From 1d1283f942fd569af2bce53ce776beaa2ac1dd86 Mon Sep 17 00:00:00 2001 From: pi Date: Wed, 3 Jun 2026 16:14:05 +0200 Subject: [PATCH] refactor: FROM opencode-devbox:latest-pi-only (lean, no opencode) Re-point the re-brand at the new pi-only variant instead of with-pi, so pi-devbox stays a lean pi-focused image (no opencode) while the pi install logic still lives in one place upstream. This keeps pi-devbox meaningfully distinct from opencode-devbox:latest-with-pi. - Dockerfile: BASE_IMAGE default -> joakimp/opencode-devbox:latest-pi-only. - smoke-test.sh: size threshold 2900 -> 2750 MB (pi-only = with-pi minus opencode's ~145 MB binary). - Docs (README/AGENTS/DOCKER_HUB/CHANGELOG/docker-compose): drop the 'also contains opencode' notes; describe pi-only basis and the distinction from with-pi. Publish ordering unchanged: release opencode-devbox first so latest-pi-only carries the target pi version, then tag here (smoke asserts pi --version). --- AGENTS.md | 22 +++++++++++----------- CHANGELOG.md | 17 +++++++++-------- DOCKER_HUB.md | 14 ++++++++------ Dockerfile | 26 +++++++++++++------------- README.md | 26 ++++++++++++++------------ docker-compose.yml | 4 ++-- scripts/smoke-test.sh | 10 +++++----- 7 files changed, 62 insertions(+), 57 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 57dd96d..7e4a481 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,11 +1,11 @@ # AGENTS.md — pi-devbox -Container image that re-brands the opencode-devbox **with-pi** variant as a +Container image that re-brands the opencode-devbox **pi-only** variant as a pi-focused image. As of 2026-06-03 it no longer installs pi itself. ## Repository layout -- `Dockerfile` — thin re-brand: `FROM opencode-devbox:latest-with-pi` (overridable via `BASE_IMAGE` arg). No install logic of its own — pi + companions are inherited from the with-pi variant. This refactor removed the install-logic duplication that used to drift against `opencode-devbox/Dockerfile.variant`. +- `Dockerfile` — thin re-brand: `FROM opencode-devbox:latest-pi-only` (overridable via `BASE_IMAGE` arg). No install logic of its own — pi + companions are inherited from the pi-only variant (built `INSTALL_OPENCODE=false`, so **no opencode** — that's the distinction from `latest-with-pi`). This refactor removed the install-logic duplication that used to drift against `opencode-devbox/Dockerfile.variant`. - `docker-compose.yml` — compose file for local use - `.env.example` — environment variable template - `scripts/smoke-test.sh` — sanity checks run by CI before pushing to Docker Hub @@ -14,12 +14,12 @@ pi-focused image. As of 2026-06-03 it no longer installs pi itself. ## Versioning scheme - Tags follow the pi npm version: `v{pi_version}[letter]` -- The image inherits pi from `latest-with-pi`, so the **publish ordering matters**: rebuild opencode-devbox first so `latest-with-pi` carries the target pi version, *then* tag this repo. The smoke test asserts `pi --version` matches the tag (`EXPECTED_PI_VERSION`) and fails loudly if the base is stale. +- The image inherits pi from `latest-pi-only`, so the **publish ordering matters**: rebuild opencode-devbox first so `latest-pi-only` carries the target pi version, *then* tag this repo. The smoke test asserts `pi --version` matches the tag (`EXPECTED_PI_VERSION`) and fails loudly if the base is stale. - Docker Hub: `joakimp/pi-devbox:vX.Y.Z` + `joakimp/pi-devbox:latest` ## Release-day checklist -1. Ensure opencode-devbox has been released so `joakimp/opencode-devbox:latest-with-pi` carries the target pi version (and the fork/recall extensions). This is the hard prerequisite — the smoke guard enforces it. +1. Ensure opencode-devbox has been released so `joakimp/opencode-devbox:latest-pi-only` carries the target pi version (and the fork/recall extensions). This is the hard prerequisite — the smoke guard enforces it. 2. Update `CHANGELOG.md`: promote `Unreleased` → `vX.Y.Z — YYYY-MM-DD` 3. Add fresh `## Unreleased` section 4. Commit, tag `vX.Y.Z`, push tag → CI fires automatically @@ -39,27 +39,27 @@ per version. Don't try to derive notes from the npm registry metadata ## Key facts -- **Base image**: `joakimp/opencode-devbox:latest-with-pi` — the single source of truth for the pi install + companions. Rebuilt whenever opencode-devbox releases. -- **Inherited content**: pi (`/usr/bin/pi`), pi-toolkit, pi-extensions, pi-fork (`fork`), pi-observational-memory (`recall`), the mempalace bridge, the LAN-access helper, entrypoints, and all base dev tooling. Because it FROMs with-pi, the image **also contains opencode**. -- **Companion repos**: cloned to `/opt/` by the with-pi build; `entrypoint-user.sh` (inherited) deploys/registers them on container start. +- **Base image**: `joakimp/opencode-devbox:latest-pi-only` — the single source of truth for the pi install + companions. Rebuilt whenever opencode-devbox releases. +- **Inherited content**: pi (`/usr/bin/pi`), pi-toolkit, pi-extensions, pi-fork (`fork`), pi-observational-memory (`recall`), the mempalace bridge, the LAN-access helper, entrypoints, and all base dev tooling. The pi-only variant is built `INSTALL_OPENCODE=false`, so the image does **not** contain opencode. +- **Companion repos**: cloned to `/opt/` by the pi-only build; `entrypoint-user.sh` (inherited) deploys/registers them on container start. - **MemPalace**: fully operational — inherited from base; bridge extension deployed by entrypoint. ## Conventions - This repo no longer installs pi or clones companion repos — do **not** re-add that logic here. Change it in `opencode-devbox/Dockerfile.variant` (the single source of truth) instead. -- The smoke test threshold is 2900 MB (tracks the with-pi variant) — update if the image legitimately grows past it. +- The smoke test threshold is 2750 MB (tracks the pi-only variant) — update if the image legitimately grows past it. - The CI still resolves the tag's pi version, but only to feed `EXPECTED_PI_VERSION` to the smoke base-freshness guard — it is no longer passed as a build-arg (nothing in the Dockerfile consumes it). -- To pin a specific base build instead of tracking `latest-with-pi`, override the `BASE_IMAGE` arg (a version tag or a digest). +- To pin a specific base build instead of tracking `latest-pi-only`, override the `BASE_IMAGE` arg (a version tag or a digest). ## Documentation drift sweep Before committing any non-trivial change, check that prose still matches code. Drift hotspots in this repo: -- `README.md` — quick-start examples, env-var table, base-image reference (must match `FROM` in `Dockerfile`), "what's inside" (now includes opencode + fork/recall). +- `README.md` — quick-start examples, env-var table, base-image reference (must match `FROM` in `Dockerfile`), "what's inside" (fork/recall; no opencode). - `AGENTS.md` (this file) — `Key facts` block (base-image tag, inherited content), smoke-test threshold number. - `CHANGELOG.md` — promote `Unreleased` only on tag, but record post-release fixes in a fresh `Unreleased` block. - `DOCKER_HUB.md` — hand-maintained slim Hub description; sync anything user-facing that changes (env vars, run command, base image). - `.env.example` — hand-updated, must match Dockerfile/entrypoint env vars (including the inherited LAN-access knobs). -- `Dockerfile` `BASE_IMAGE` ARG default — the with-pi tag this image tracks. +- `Dockerfile` `BASE_IMAGE` ARG default — the pi-only tag this image tracks. Quick triage: `git diff --name-only HEAD | xargs -I{} grep -l 'thing-you-changed' README.md AGENTS.md DOCKER_HUB.md CHANGELOG.md .env.example`. diff --git a/CHANGELOG.md b/CHANGELOG.md index bc2697c..1a3c867 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,15 +8,19 @@ Tags follow the pi npm version: `v{pi_version}[letter]` — bare tag for the fir ## Unreleased -### Changed: refactored to re-brand the opencode-devbox `with-pi` variant +### Changed: refactored to re-brand the opencode-devbox `pi-only` variant pi-devbox no longer installs pi itself. The `Dockerfile` is now a thin -`FROM joakimp/opencode-devbox:latest-with-pi` (overridable via the `BASE_IMAGE` +`FROM joakimp/opencode-devbox:latest-pi-only` (overridable via the `BASE_IMAGE` arg), inheriting pi + pi-toolkit + pi-extensions and all base tooling from the single source of truth. This eliminates the install-logic duplication that used to drift against `opencode-devbox/Dockerfile.variant`. -### Added (inherited from the with-pi variant) +The `pi-only` variant is built with `INSTALL_OPENCODE=false`, so this image +stays lean and pi-focused — it does **not** carry opencode, and remains +distinct from `opencode-devbox:latest-with-pi` (which has both). + +### Added (inherited from the pi-only variant) - **`fork` tool** (pi-fork) and **`recall` tool** (pi-observational-memory), baked into `/opt` with `node_modules` and registered at runtime. @@ -27,15 +31,12 @@ used to drift against `opencode-devbox/Dockerfile.variant`. ### Consequences / notes -- Because it FROMs `with-pi`, the image **now also contains opencode**. If a - leaner pi-only image is wanted, add a pi-only variant to opencode-devbox and - FROM that instead. -- **Publish ordering**: release opencode-devbox first so `latest-with-pi` +- **Publish ordering**: release opencode-devbox first so `latest-pi-only` carries the target pi version, *then* tag this repo. The smoke test asserts `pi --version` matches the tag and fails loudly if the base is stale. - CI no longer passes `PI_VERSION` as a build-arg (the Dockerfile installs nothing); it still resolves the tag version to feed the smoke base-freshness - guard. Smoke size threshold 2200 → 2900 MB (now tracks with-pi). + guard. Smoke size threshold 2200 → 2750 MB (now tracks the pi-only variant). _pi version unchanged at `0.78.0` (still latest)._ diff --git a/DOCKER_HUB.md b/DOCKER_HUB.md index 8d8ff3d..8319bf4 100644 --- a/DOCKER_HUB.md +++ b/DOCKER_HUB.md @@ -38,8 +38,11 @@ Full setup guide — authentication for each provider (Anthropic, OpenAI, Gemini ## What's inside -pi-devbox is a re-brand of the **opencode-devbox `with-pi` variant** — it builds -`FROM joakimp/opencode-devbox:latest-with-pi` and adds no layers of its own. +pi-devbox is a re-brand of the **opencode-devbox `pi-only` variant** — it builds +`FROM joakimp/opencode-devbox:latest-pi-only` and adds no layers of its own. +The pi-only variant is built `INSTALL_OPENCODE=false`, so this image is lean +and pi-focused (no opencode — use `opencode-devbox:latest-with-pi` if you want +both). Everything below is inherited from that single source of truth. Base tooling: @@ -55,18 +58,17 @@ Base tooling: pi and companions: -- **pi** ([`@earendil-works/pi-coding-agent`](https://www.npmjs.com/package/@earendil-works/pi-coding-agent)) — baked at `/usr/bin/pi`, version set by the with-pi base build +- **pi** ([`@earendil-works/pi-coding-agent`](https://www.npmjs.com/package/@earendil-works/pi-coding-agent)) — baked at `/usr/bin/pi`, version set by the pi-only base build - **[pi-toolkit](https://gitea.jordbo.se/joakimp/pi-toolkit)** — keybindings (mosh/tmux-friendly Shift+Enter, Ctrl+J, Alt+J newline bindings), AWS env loader, settings template - **[pi-extensions](https://gitea.jordbo.se/joakimp/pi-extensions)** — 7 user-facing extensions: `ext-toggle`, `mcp-loader`, `todo`, `ssh-controlmaster`, `notify`, `git-checkpoint`, `confirm-destructive` - **`fork`** ([pi-fork](https://github.com/elpapi42/pi-fork)) and **`recall`** ([pi-observational-memory](https://github.com/elpapi42/pi-observational-memory)) tools -- **mempalace bridge** — MCP extension auto-symlinked so pi can read/write the same palace as opencode -- **opencode** — also present (the image FROMs the with-pi variant) +- **mempalace bridge** — MCP extension auto-symlinked so pi can read/write the same palace as opencode-devbox The entrypoint deploys/registers all of these on first container start. Re-running is idempotent and preserves user edits. ## Versioning -Tags follow the pi npm version: `v0.74.0`, `v0.75.0`, etc. `latest` always points at the most recent release. The pi binary is inherited from `opencode-devbox:latest-with-pi`, so each release follows an opencode-devbox release that bakes the target pi version. +Tags follow the pi npm version: `v0.74.0`, `v0.75.0`, etc. `latest` always points at the most recent release. The pi binary is inherited from `opencode-devbox:latest-pi-only`, so each release follows an opencode-devbox release that bakes the target pi version. For container-level rebuilds on the same pi version (security updates, base bumps, fixes) the tag gets a letter suffix: `v0.74.0b`, `v0.74.0c`, … diff --git a/Dockerfile b/Dockerfile index 7ae3fb2..24aee30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,29 @@ # pi-devbox — pi coding-agent container # # As of 2026-06-03 this image is a thin re-brand of the opencode-devbox -# "with-pi" variant, which is the SINGLE SOURCE OF TRUTH for the pi install +# "pi-only" variant, which is the SINGLE SOURCE OF TRUTH for the pi install # and its companion repos (pi-toolkit, pi-extensions, pi-fork, # pi-observational-memory). Previously pi-devbox/Dockerfile duplicated that # install logic, which drifted from opencode-devbox/Dockerfile.variant; this # refactor eliminates the duplication. # -# Everything is inherited from the with-pi image: +# The "pi-only" variant is built with INSTALL_OPENCODE=false, so this image +# does NOT contain opencode — it stays a lean, pi-focused image, distinct +# from opencode-devbox:latest-with-pi (which carries both). +# +# Everything is inherited from the pi-only image: # pi + pi-toolkit + pi-extensions + pi-fork (fork) + pi-observational-memory # (recall), the mempalace bridge, the LAN-access helper, entrypoints, and # all base dev tooling. # -# NOTES / consequences of FROM-ing with-pi: -# - This image now ALSO contains opencode (with-pi has INSTALL_OPENCODE=true). -# If a leaner pi-only image is wanted later, add a dedicated pi-only variant -# to opencode-devbox and FROM that instead. -# - PUBLISH ORDERING: rebuild opencode-devbox (so `latest-with-pi` carries the -# target pi version) BEFORE tagging this repo. The smoke test asserts -# `pi --version` matches this repo's tag and fails loudly if the base is -# stale — turning the version coupling into an enforced ordering check. +# NOTE on PUBLISH ORDERING: rebuild opencode-devbox (so `latest-pi-only` +# carries the target pi version) BEFORE tagging this repo. The smoke test +# asserts `pi --version` matches this repo's tag and fails loudly if the +# base is stale — turning the version coupling into an enforced ordering check. # -# Override BASE_IMAGE to pin a specific with-pi build (e.g. a version tag or a -# digest) instead of tracking latest-with-pi. -ARG BASE_IMAGE=joakimp/opencode-devbox:latest-with-pi +# Override BASE_IMAGE to pin a specific pi-only build (e.g. a version tag or a +# digest) instead of tracking latest-pi-only. +ARG BASE_IMAGE=joakimp/opencode-devbox:latest-pi-only FROM ${BASE_IMAGE} # WORKDIR / ENTRYPOINT / CMD and all tooling inherited from the base. diff --git a/README.md b/README.md index 2b174b2..f58f6d2 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,10 @@ A Docker container with [pi coding-agent](https://github.com/earendil-works/pi) ## What's inside -pi-devbox is a re-brand of the **opencode-devbox `with-pi` variant** — it `FROM`s -`opencode-devbox:latest-with-pi` and adds no layers of its own. Everything below -is inherited from that single source of truth. +pi-devbox is a re-brand of the **opencode-devbox `pi-only` variant** — it `FROM`s +`opencode-devbox:latest-pi-only` and adds no layers of its own. Everything below +is inherited from that single source of truth. The pi-only variant is built with +`INSTALL_OPENCODE=false`, so this image is lean and pi-focused — no opencode. Base tooling: @@ -26,12 +27,13 @@ Base tooling: pi and companions: -- **pi** ([`@earendil-works/pi-coding-agent`](https://www.npmjs.com/package/@earendil-works/pi-coding-agent)) — baked at `/usr/bin/pi`, version pinned by the with-pi base build +- **pi** ([`@earendil-works/pi-coding-agent`](https://www.npmjs.com/package/@earendil-works/pi-coding-agent)) — baked at `/usr/bin/pi`, version pinned by the pi-only base build - **[pi-toolkit](https://gitea.jordbo.se/joakimp/pi-toolkit)** — mosh/tmux-friendly keybindings (Shift+Enter, Ctrl+J, Alt+J newline), AWS env loader, settings template - **[pi-extensions](https://gitea.jordbo.se/joakimp/pi-extensions)** — 7 extensions: `ext-toggle`, `mcp-loader`, `todo`, `ssh-controlmaster`, `notify`, `git-checkpoint`, `confirm-destructive` - **`fork` tool** ([pi-fork](https://github.com/elpapi42/pi-fork)) and **`recall` tool** ([pi-observational-memory](https://github.com/elpapi42/pi-observational-memory)) — baked into `/opt` and registered at runtime -- **mempalace bridge** — auto-symlinked MCP extension so pi reads/writes the same palace as opencode -- **opencode** — also present, since the image FROMs the with-pi variant +- **mempalace bridge** — auto-symlinked MCP extension so pi reads/writes the same palace as opencode-devbox's palace + +(opencode itself is **not** included — that's the difference from `opencode-devbox:latest-with-pi`. If you want both opencode and pi in one image, use that variant instead.) The entrypoint deploys/registers all of these on first container start. Idempotent and preserves user edits. @@ -206,22 +208,22 @@ Tags follow the pi npm package version: `v0.74.0`, `v0.75.0`, … `latest` alway Container-level rebuilds on the same pi version (security updates, base bumps, fixes) get a letter suffix: `v0.74.0b`, `v0.74.0c`, … -The pi binary is inherited from `opencode-devbox:latest-with-pi`, so a release of this image must be preceded by an opencode-devbox release that bakes the target pi version into `latest-with-pi`. The smoke test enforces this (it asserts `pi --version` matches the tag). +The pi binary is inherited from `opencode-devbox:latest-pi-only`, so a release of this image must be preceded by an opencode-devbox release that bakes the target pi version into `latest-pi-only`. The smoke test enforces this (it asserts `pi --version` matches the tag). --- ## Building from source -This image is a thin re-brand of the with-pi variant, so building it just pulls -the base. To pin a specific with-pi build or hack on it: +This image is a thin re-brand of the pi-only variant, so building it just pulls +the base. To pin a specific pi-only build or hack on it: ```bash git clone https://gitea.jordbo.se/joakimp/pi-devbox cd pi-devbox -# Default tracks latest-with-pi; override BASE_IMAGE to pin a build: +# Default tracks latest-pi-only; override BASE_IMAGE to pin a build: docker compose build \ - --build-arg BASE_IMAGE=joakimp/opencode-devbox:v1.15.13-with-pi + --build-arg BASE_IMAGE=joakimp/opencode-devbox:v1.15.13-pi-only docker compose up -d ``` @@ -234,7 +236,7 @@ Build args supported: | Arg | Default | Effect | |---|---|---| -| `BASE_IMAGE` | `joakimp/opencode-devbox:latest-with-pi` | Parent image — set to a `:vX.Y.Z-with-pi` tag or a digest for reproducible builds | +| `BASE_IMAGE` | `joakimp/opencode-devbox:latest-pi-only` | Parent image — set to a `:vX.Y.Z-pi-only` tag or a digest for reproducible builds | --- diff --git a/docker-compose.yml b/docker-compose.yml index 3233edd..a9ab5e2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,8 +17,8 @@ services: # build: # context: . # args: - # # Pin a specific with-pi build instead of tracking latest-with-pi: - # BASE_IMAGE: "joakimp/opencode-devbox:v1.15.13-with-pi" + # # Pin a specific pi-only build instead of tracking latest-pi-only: + # BASE_IMAGE: "joakimp/opencode-devbox:v1.15.13-pi-only" container_name: pi-devbox stdin_open: true tty: true diff --git a/scripts/smoke-test.sh b/scripts/smoke-test.sh index 649a3c8..1f6c138 100755 --- a/scripts/smoke-test.sh +++ b/scripts/smoke-test.sh @@ -17,10 +17,10 @@ set -euo pipefail IMAGE="${1:?usage: $0 }" PASS=0; FAIL=0 -# Since the refactor to FROM opencode-devbox:latest-with-pi, this image equals -# the with-pi variant (pi + opencode + companions + fork/recall node_modules), -# so the threshold tracks with-pi's (2900 MB), not the old pi-only 2200 MB. -SIZE_THRESHOLD_MB=2900 +# Since the refactor to FROM opencode-devbox:latest-pi-only, this image equals +# the pi-only variant (pi + companions + fork/recall node_modules, NO opencode), +# so the threshold tracks pi-only's (2750 MB), not the old standalone 2200 MB. +SIZE_THRESHOLD_MB=2750 run() { local label="$1"; local cmd="$2" @@ -71,7 +71,7 @@ echo "── Repo clones ──" run "pi-toolkit clone" "test -d /opt/pi-toolkit && git -C /opt/pi-toolkit rev-parse --short HEAD" run "pi-extensions clone" "test -d /opt/pi-extensions && git -C /opt/pi-extensions rev-parse --short HEAD" # pi-fork (fork tool) + pi-observational-memory (recall tool) — inherited from -# the with-pi base, cloned to /opt with node_modules baked at build time. +# the pi-only base, cloned to /opt with node_modules baked at build time. run "pi-fork clone + node_modules" \ "test -f /opt/pi-fork/package.json && test -d /opt/pi-fork/node_modules" run "pi-observational-memory clone + node_modules" \