diff --git a/AGENTS.md b/AGENTS.md index 173d2ff..9c5919e 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -12,14 +12,17 @@ re-brand of opencode-devbox's `pi-only` variant. Node.js, Python toolchain, locales, ssh ControlMaster defaults, and `/etc/tmux.conf` with 0-indexed sessions. - `Dockerfile.variant` — `FROM base-`, adds pi + companions - (`pi-toolkit`, `pi-extensions`, `pi-fork`, `pi-observational-memory`). + (`pi-toolkit`, `pi-extensions`, `pi-fork`, `pi-observational-memory`) + and, when `INSTALL_STUDIO=true`, vendors `pi-studio` to `/opt/pi-studio` + (`-studio` variant). - `entrypoint.sh` — UID/GID alignment as root, then drops to `developer`. - `entrypoint-user.sh` — per-container start: SSH ControlMaster socket dir, LAN-access setup, MemPalace init, pi-toolkit + pi-extensions - deploy, mempalace-bridge symlink, fork/recall pi-install, skillset + deploy, mempalace-bridge symlink, fork/recall + pi-studio pi-install, + optional `studio-expose` bridge (when `STUDIO_EXPOSE=1`), skillset deploy. - `rootfs/` — files baked into the image (bash aliases, inputrc, - setup-lan-access.sh). + setup-lan-access.sh, `studio-expose` helper). - `scripts/smoke-test.sh` — sanity checks run by CI before pushing to Hub. - `.gitea/workflows/docker-publish.yml` — two-phase CI (base-decide → build-base → smoke → build-variant → promote-base-latest → @@ -129,8 +132,9 @@ deprecated artifacts (to be removed in opencode-devbox v2.0.0). ## Backward compatibility - The host `~/.mempalace` bind-mount path is unchanged. -- Volume names (`devbox-pi-config`, `devbox-bash-history`, - `devbox-nvim-data`, `devbox-uv-tools`, `devbox-chroma-cache`) are +- Volume names (`devbox-pi-config`, `devbox-ssh-local`, + `devbox-shell-history`, `devbox-zoxide`, `devbox-nvim-data`, + `devbox-uv`; optional `devbox-palace`, `devbox-chroma-cache`) are unchanged. - `~/.pi/agent/` layout inside the container is unchanged; existing named volumes work without recreation. diff --git a/DOCKER_HUB.md b/DOCKER_HUB.md index 742a2ba..5eb85ba 100644 --- a/DOCKER_HUB.md +++ b/DOCKER_HUB.md @@ -151,7 +151,7 @@ Optional volumes for MemPalace (commented out by default — uncomment in `docke - **pi**: https://github.com/earendil-works/pi - **pi-toolkit**: https://gitea.jordbo.se/joakimp/pi-toolkit - **pi-extensions**: https://gitea.jordbo.se/joakimp/pi-extensions -- **MemPalace**: https://github.com/joakimp/mempalace +- **MemPalace**: https://github.com/MemPalace/mempalace ## License diff --git a/README.md b/README.md index 79c9bc8..66e8fa4 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ git clone https://gitea.jordbo.se/joakimp/pi-devbox cd pi-devbox cp .env.example .env # edit if needed docker compose up -d -docker compose exec devbox bash +docker compose exec -u developer devbox bash ``` You're now in the container as user `developer` with `pi` on PATH and @@ -236,37 +236,45 @@ services: container_name: pi-devbox stdin_open: true tty: true - env_file: .env + env_file: + - .env environment: - - TZ=${TZ:-Europe/Stockholm} - TERM=xterm-256color - - AWS_PROFILE=${AWS_PROFILE:-} - - AWS_REGION=${AWS_REGION:-eu-west-1} + - GITEA_ACCESS_TOKEN=${GITEA_ACCESS_TOKEN:-} + - GITEA_HOST=${GITEA_HOST:-} + - GITHUB_PERSONAL_ACCESS_TOKEN=${GITHUB_PERSONAL_ACCESS_TOKEN:-} volumes: - # Workspace: your host source tree, read-write - - ${HOST_WORKSPACE:-./workspace}:/workspace:rw + # Workspace: your host source tree + - ${WORKSPACE_PATH:-.}:/workspace # SSH keys: read-only from host - - ${HOME}/.ssh:/home/developer/.ssh:ro - # AWS config: read-only from host - - ${HOME}/.aws:/home/developer/.aws:ro - # MemPalace: bind-mounted so host pi and container pi share a brain - - ${HOME}/.mempalace:/home/developer/.mempalace:rw + - ${SSH_KEY_PATH:-~/.ssh}:/home/developer/.ssh:ro # Per-container persistent state - devbox-pi-config:/home/developer/.pi - - devbox-bash-history:/home/developer/.cache/bash + - devbox-ssh-local:/home/developer/.ssh-local + - devbox-shell-history:/home/developer/.cache/bash + - devbox-zoxide:/home/developer/.local/share/zoxide - devbox-nvim-data:/home/developer/.local/share/nvim - - devbox-uv-tools:/opt/uv-tools - - devbox-chroma-cache:/home/developer/.cache/chroma + - devbox-uv:/home/developer/.local/share/uv + # Optional (uncomment to enable): + # - ~/.aws:/home/developer/.aws # AWS creds + # - devbox-palace:/home/developer/.mempalace # persist palace + # - devbox-chroma-cache:/home/developer/.cache/chroma # embedding cache volumes: devbox-pi-config: - devbox-bash-history: + devbox-ssh-local: + devbox-shell-history: + devbox-zoxide: devbox-nvim-data: - devbox-uv-tools: - devbox-chroma-cache: + devbox-uv: + # devbox-palace: + # devbox-chroma-cache: ``` -See `.env.example` in the repo for available environment variables. +See `docker-compose.yml` and `.env.example` in the repo for the full +template (build-from-source args, LAN-jump and skillset mounts, MemPalace +persistence). To share one palace between host pi and the container, +bind-mount your host `~/.mempalace` to `/home/developer/.mempalace`. ## uv-driven REPL recipes @@ -322,15 +330,16 @@ to refresh. | Path inside container | Volume | What survives | |---|---|---| -| `/workspace` | host bind-mount | host filesystem | -| `~/.ssh` | host bind-mount (read-only) | host filesystem | -| `~/.aws` | host bind-mount (read-only) | host filesystem | -| `~/.mempalace` | host bind-mount | host filesystem | +| `/workspace` | host bind-mount (`WORKSPACE_PATH`) | host filesystem | +| `~/.ssh` | host bind-mount (read-only, `SSH_KEY_PATH`) | host filesystem | | `~/.pi` | named volume `devbox-pi-config` | `down -v` wipes | -| `~/.cache/bash` | named volume | `down -v` wipes | -| `~/.local/share/nvim` | named volume | `down -v` wipes | -| `/opt/uv-tools` | named volume | `down -v` wipes | -| `~/.cache/chroma` | named volume | `down -v` wipes | +| `~/.ssh-local` | named volume `devbox-ssh-local` | `down -v` wipes | +| `~/.cache/bash` | named volume `devbox-shell-history` | `down -v` wipes | +| `~/.local/share/zoxide` | named volume `devbox-zoxide` | `down -v` wipes | +| `~/.local/share/nvim` | named volume `devbox-nvim-data` | `down -v` wipes | +| `~/.local/share/uv` | named volume `devbox-uv` | `down -v` wipes | +| `~/.mempalace` | host bind-mount or `devbox-palace` (optional) | host / volume | +| `~/.cache/chroma` | `devbox-chroma-cache` (optional) | `down -v` wipes | Anything not on a volume is on the writable layer and is lost on container recreate. @@ -386,9 +395,9 @@ set -g pane-base-index 0 ``` This is the default tmux indexing. It's baked here because `pi-studio` -(planned for `:latest-studio`) hard-codes its tmux send target to -`:0.0`. If you override `base-index` to 1 in a personal -`~/.tmux.conf`, pi-studio will fail with "can't find window: 0". +(shipped in the `:latest-studio` variant) hard-codes its tmux send +target to `:0.0`. If you override `base-index` to 1 in a +personal `~/.tmux.conf`, pi-studio will fail with "can't find window: 0". ## AWS Bedrock auth @@ -411,8 +420,11 @@ pi-devbox is built from this repo's CI in two phases: where `` is content-addressed over `Dockerfile.base`, `rootfs/`, and `entrypoint*.sh`. Rebuilt only when these change. 2. **Variant** (`Dockerfile.variant`) — `FROM ${BASE_IMAGE}` and adds - the pi install. The `:latest` and `vX.Y.Z` tags are produced from - this layer; future Studio variants will extend further. + the pi install (+ pi-studio when `INSTALL_STUDIO=true`). The `:latest` + / `vX.Y.Z` and `:latest-studio` / `vX.Y.Z-studio` tags are produced + from this layer. The studio variant builds via independent + `smoke-studio` + `build-variant-studio` CI jobs that gate only the + `-studio` tags. Tag naming: @@ -421,6 +433,7 @@ Tag naming: | `base-` | base image — internal building block | | `base-latest` | promoted alias of the most recent base | | `latest`, `vX.Y.Z` | variant: base + pi | +| `latest-studio`, `vX.Y.Z-studio` | variant: base + pi + pi-studio | CI resolves `PI_VERSION` to a concrete version string before building to defeat a registry-buildcache hit on `npm install -g