# Changelog All notable changes to the pi-devbox container image. From v1.0.0 onward, tags follow semver: - **major** — architectural changes (v1.0.0 = decoupled from opencode-devbox) - **minor** — new variants, significant base additions - **patch** — pi version bumps, smaller fixes Pre-v1.0.0 tags followed the pi npm version (`v{pi_version}[letter]`). --- ## Unreleased ## v1.1.0 — 2026-06-10 ### Added — `:latest-studio` variant - **New `-studio` image variant** bundling [pi-studio](https://github.com/omaclaren/pi-studio) — a two-pane browser workspace (prompt/response editor, live KaTeX/Mermaid preview, tmux-backed literate REPLs for Shell/Python/IPython/Julia/R/GHCi/Clojure) plus the `/studio` slash command and `studio_repl_send` / `studio_export_*` agent tools. Published as `:latest-studio` and `:vX.Y.Z-studio` (multi-arch). - pi-studio is **vendored to `/opt/pi-studio`** at build time (gated by `INSTALL_STUDIO=true`, ref pinned via CI-resolved `PI_STUDIO_REF`) and registered on container start by `entrypoint-user.sh` via `pi install /opt/pi-studio` — the same pattern as pi-fork / pi-observational-memory. No build step: pi-studio ships its browser bundle prebuilt in git. The non-studio `:latest` image is unchanged. - CI gains independent `smoke-studio` + `build-variant-studio` jobs that gate **only** the studio tags, so a studio build/smoke failure can never block the core `:latest` / `:vX.Y.Z` release. - `STUDIO_PORT=8765` baked as an advisory default. - **`studio-expose` helper + `socat` (base).** Because pi-studio binds the container's loopback, a published Docker port can't reach it. The new `studio-expose` helper (socat, added to the base) bridges the container's loopback to its egress interface on the same port; set `STUDIO_EXPOSE=1` in compose to auto-start it on boot (default off — Studio stays loopback-only otherwise). `socat` is in the base for all variants. - **README "Using pi-studio" section.** Documents the container access reality: pi-studio hard-binds `127.0.0.1` inside the container (`.listen(port,"127.0.0.1")`, no `--host` flag), so a plain `-p` publish does not reach it. Documents the two working paths — host networking (recommended on OrbStack) and a loopback bridge for bridge networking — plus the remote `ssh -L` forward and the **mosh caveat** (mosh cannot forward ports; run a parallel `ssh -L` alongside it). ## v1.0.1 — 2026-06-10 Patch release. Works around an upstream MemPalace bug that broke pi at first prompt against the Anthropic Claude API. ### Fixed - **`mempalace_diary_write` schema rejected by Anthropic API.** Mempalace 3.3.x and 3.4.0 advertise `diary_write`'s `input_schema` with a top-level `anyOf: [{required:[entry]}, {required:[content]}]` to express "either `entry` or `content` must be supplied". Anthropic's tools API rejects top-level `anyOf` / `oneOf` / `allOf` outright, so pi failed to register tools at session start with `tools..custom.input_schema: input_schema does not support oneOf, allOf, or anyOf at the top level`. `Dockerfile.base` now patches the installed `mcp_server.py` after `uv tool install` to drop the `anyOf` block and require `["agent_name", "entry"]` instead. The mempalace handler still accepts `content` server-side as a kwarg alias, so callers using either name keep working. Tracked upstream: [issue #1728](https://github.com/MemPalace/mempalace/issues/1728), [PR #1735](https://github.com/MemPalace/mempalace/pull/1735). The workaround is idempotent + self-deactivating and will be removed once a fixed mempalace release lands on PyPI. ### Changed - **Mempalace pinned to 3.4.0** via `MEMPALACE_VERSION` build arg. Future bumps must be a reviewable diff rather than an implicit pull of `latest` (the broken 3.3.x/3.4.0 schema slipping in unannounced is what caused this release). ## v1.0.0 — 2026-06-09 **Decoupled from opencode-devbox.** pi-devbox is now self-contained: own `Dockerfile.base` + `Dockerfile.variant`, own CI pipeline, own release cadence. Previously v0.79.0 and earlier were thin re-brands of the `pi-only` variant built by opencode-devbox CI. ### Architectural - **Self-contained build chain.** `Dockerfile.base` produces `joakimp/pi-devbox:base-` (content-addressed); `Dockerfile.variant` FROMs the base and adds the pi install. Replaces the prior 5-line `Dockerfile` shim that FROMed `joakimp/pi-devbox:base-pi-only` (an opencode-devbox CI artifact). - **No more publish-ordering coupling.** pi-devbox releases no longer require rebuilding opencode-devbox first. - **Adapted from opencode-devbox** at the time of decoupling — the apt set, ssh ControlMaster setup, MemPalace integration, entrypoint UID/GID dance, and CI pipeline shape are all derived from there. See Acknowledgements in README.md. - **CI workflow** rewritten as two-phase split-base build pipeline (mirrors opencode-devbox's `docker-publish-split.yml` shape, simplified to a single variant). Includes `crane`-based `base-latest` promotion, registry-buildcache footgun guard via concrete `PI_VERSION` resolution, and the c6f9d11 smoke-test gate (waits for keybindings + mempalace.ts + ≥4 *.ts before sampling). ### Added (base image) - **pandoc** — universal Markdown↔HTML/Org/RST/etc. conversion. ~200 MB. - **graphviz** — `dot` rendering for diagram pipelines. ~10 MB. - **imagemagick** — image conversion (invoked as `magick`, not `convert`, in v7+). ~50 MB. - **yq** — YAML-aware companion to jq. - **tldr (tealdeer)** — Rust port of tldr-pages, ~5 MB static binary. Replaced the Node `tldr` global (which was ~140 MB). - **`/etc/tmux.conf`** with `set -g base-index 0` + `set -g pane-base-index 0`. Required for the planned `:latest-studio` variant; pi-studio hard-codes its tmux send target to `:0.0`. User- level `~/.tmux.conf` overrides still win. ### Added (smoke test) - Asserts pandoc, graphviz, imagemagick, yq, and tldr are present. - Asserts `/etc/tmux.conf` has the 0-indexed config baked. - Asserts `/tmp/sshcm/` directory created mode 700 by entrypoint. - Image-size measurement now sums `docker history` layer sizes (the prior `image inspect --format='{{.Size}}'` approach returned only the variant-unique layer when the base was content-addressed and shared, understating the user-facing image size by 2+ GB). - Size threshold raised to 3500 MB (was 2850) to cover the new base additions plus +200 MB safety margin. Tighten in a follow-up release once amd64 actuals settle. ### Image size Local arm64 build of `pi-devbox-test:latest` (this branch's content): 3.20 GB. Up ~390 MB from the prior pi-only-equivalent (~2.81 GB) due to pandoc, graphviz, imagemagick, yq, and minor expansion in pi npm dependencies. ### Migration notes - Existing volumes (`devbox-pi-config`, `devbox-bash-history`, `devbox-nvim-data`, `devbox-uv-tools`, `devbox-chroma-cache`) are unchanged in name and structure. `docker compose pull && docker compose up -d --force-recreate` is a clean upgrade path. - The `:latest` and `vX.Y.Z` Hub tags continue to point at a "base + pi" image. Same shape, just built differently. - `:base-pi-only` and `:base-pi-only-vX.Y.Z` tags from prior releases remain on Hub for now; will be deprecated when opencode-devbox retires the pi paths in its next major release. ### Future work - v1.1.0: `:latest-studio` variant (adds [pi-studio](https://github.com/omaclaren/pi-studio)). - v1.2.0: `:latest-studio-tex` variant (adds texlive-xetex for PDF export). ## v0.79.0 — 2026-06-08 First build on pi **`0.79.0`** (upstream `@earendil-works/pi-coding-agent` bump from `0.78.1`). Built `FROM` the freshly republished `joakimp/pi-devbox:base-pi-only` from opencode-devbox `v1.16.2`, which carries pi `0.79.0` (and picks up opencode `1.16.2` in the sibling opencode-bearing variants, though this pi-only image has no opencode). ### Bumped: pi 0.78.1 → 0.79.0 Resolved from the tag and asserted by the smoke base-freshness guard (`EXPECTED_PI_VERSION`). Highlights from the upstream `CHANGELOG.md`: - **Project trust for local inputs** — pi now asks before loading project-local settings, resources, instructions, and packages, with saved decisions and `--approve` / `--no-approve` controls for non-interactive modes, plus a `project_trust` extension event so global/CLI extensions can decide or defer. - **Cache-hit visibility in the footer** — the interactive footer shows the latest prompt cache hit rate (`CH`). - **Richer SDK/RPC extension surfaces** — public exports now include RPC extension UI request/response types and package asset path helpers. - Plus a large batch of TUI and provider fixes (Kitty keyboard fallback, prompt-history cursor placement, large-JSONL session reads, custom-provider routing). ### Smoke size threshold 2750 → 2850 MB Tracks opencode-devbox's `pi-only` variant, which was raised to 2850 MB in `v1.16.2` for headroom against the pi `0.79.0` bump (and routine apt drift). Kept in lockstep so this image's guard matches its source-of-truth variant. ## v0.78.1 — 2026-06-04 First build on pi **`0.78.1`** (upstream `@earendil-works/pi-coding-agent` bump from `0.78.0`). Built `FROM` the freshly republished `joakimp/pi-devbox:base-pi-only` from opencode-devbox `v1.15.13e`, which carries pi `0.78.1` plus the LAN-jump key-persistence work and the `devbox-ssh-local` volume ownership fix. Adds compose/env documentation in this repo. ### Added: persist the LAN-jump key + one-line authorize hint - **compose:** persist `~/.ssh-local` via a new `devbox-ssh-local` named volume so the generated LAN-jump key survives `docker compose up --force-recreate`. You authorize the key on the host **once per machine** instead of after every container update. - **Inherited from base:** `setup-lan-access.sh` now prints a copy-paste `echo '…' >> ~/.ssh/authorized_keys` line when it generates a new key (published via opencode-devbox's `base-pi-only`). No helper file to locate. ### Docs: document optional host-owned config in the compose + env templates - **compose:** added a commented-out `~/.config/devbox-shell` bind mount with a note — the image's `~/.bash_aliases` sources `~/.config/devbox-shell/bash_aliases` if present, and `setup-lan-access.sh` reads `~/.config/devbox-shell/ssh-lan.conf` for named-peer `ProxyJump host` overrides (reach LAN peers by name via `dssh `). - **.env.example:** documented `DEVBOX_HOST_ALIAS` (host hostname to reach, default `host.docker.internal`) so getting-started is self-contained. Template/example comments only; no behavior change. ## v0.78.0c — 2026-06-04 ### Fixed / Added (inherited from the base via `FROM`) LAN-access improvements made in opencode-devbox's `setup-lan-access.sh` (baked into the `base-pi-only` image, published by opencode-devbox v1.15.13d) flow through to pi-devbox automatically — no pi-devbox source change. Built `FROM` the rebuilt `joakimp/pi-devbox:base-pi-only` (digest `83b45335…`): - **Fixed:** the generated `~/.ssh-local/config` had `Include ~/.ssh/config` scoped to the `host`/`mac` block, so `dssh ` by name was ignored. - **Fixed:** read-only `~/.ssh/cm` ControlPath broke multiplexed hosts (`pmx-jh`, `proxmox*`, …); master sockets now use the writable sidecar. - **Added:** host-owned `~/.config/devbox-shell/ssh-lan.conf` for named-peer `ProxyJump host` overrides (Included before `~/.ssh/config`). - **Added:** `DEVBOX_LAN_AUTOJUMP_PRIVATE=1` — ProxyJump any RFC1918 IP through the host for roaming laptops. ## v0.78.0b — 2026-06-03 Container-level rebuild on pi `0.78.0` (unchanged): re-brands the pi-only build as a thin `FROM joakimp/pi-devbox:base-pi-only`, inheriting fork/recall and host-OS-agnostic LAN access. Letter-suffix release (pi version unchanged). ### Changed: refactored to re-brand the opencode-devbox `pi-only` variant pi-devbox no longer installs pi itself. The `Dockerfile` is now a thin `FROM joakimp/pi-devbox:base-pi-only` (overridable via the `BASE_IMAGE` arg), inheriting pi + pi-toolkit + pi-extensions and all base tooling from the single source of truth. This eliminates the install-logic duplication that used to drift against `opencode-devbox/Dockerfile.variant`. The pi-only artifact is **built** by opencode-devbox's CI (from `opencode-devbox/Dockerfile.variant` with `INSTALL_OPENCODE=false`) but is **published into this repo** as the internal building-block tag `joakimp/pi-devbox:base-pi-only` (+ `base-pi-only-vX.Y.Z`, where `vX.Y.Z` is the opencode-devbox release version). This supersedes the brief approach of publishing it as `opencode-devbox:latest-pi-only` — an "opencode-devbox" tag with no opencode in it confused users. `base-pi-only` is internal; end users pull `joakimp/pi-devbox:latest` or a `vX.Y.Z` tag. The pi-only build uses `INSTALL_OPENCODE=false`, so this image stays lean and pi-focused — it does **not** carry opencode, and remains distinct from `opencode-devbox:latest-with-pi` (which has both). ### Added (inherited from the pi-only variant) - **`fork` tool** (pi-fork) and **`recall` tool** (pi-observational-memory), baked into `/opt` with `node_modules` and registered at runtime. - **Host-OS-agnostic LAN access**: on VM-backed hosts (macOS OrbStack / Docker Desktop) the entrypoint sets up the host as an SSH jump to reach LAN peers (`dssh` alias; `DEVBOX_LAN_ACCESS` / `HOST_SSH_USER` env). No-op on native Linux. See the opencode-devbox README for details. ### Consequences / notes - **Publish ordering**: release opencode-devbox first so `base-pi-only` carries the target pi version, *then* tag this repo. The smoke test asserts `pi --version` matches the tag and fails loudly if the base is stale. - CI no longer passes `PI_VERSION` as a build-arg (the Dockerfile installs nothing); it still resolves the tag version to feed the smoke base-freshness guard. Smoke size threshold 2200 → 2750 MB (now tracks the pi-only variant). _pi version unchanged at `0.78.0` (still latest)._ ## v0.78.0 — 2026-05-29 pi `0.77.0` → `0.78.0` bump (first container build on the pi 0.78 line, published upstream 2026-05-29). Built against `joakimp/opencode-devbox:base-latest` (unchanged from the v0.77.0 build). ### Bumped: pi 0.77.0 → 0.78.0 **New Features** - **Named startup sessions** — `--name` / `-n` sets the session display name before startup across interactive, print, JSON, and RPC modes. - **Clickable file tool paths** — built-in file tool titles render OSC 8 `file://` hyperlinks when the terminal supports them, including supported tmux clients. **Added** - Exported `convertToPng` for extension authors. - Exported `parseArgs` and type `Args` for extension authors. - Added a resume command hint when exiting interactive sessions. - Added custom Amazon Bedrock request header support. **Fixed** - Fixed early interactive input typed before the prompt loop starts so it is buffered instead of dropped. - Fixed OpenRouter Moonshot Kimi K2.6 requests to use `system` instead of unsupported `developer` messages. - Fixed OSC 8 hyperlinks to pass through tmux when the client supports them. - Fixed ANSI text wrapping to avoid stack overflows on very long wrapped lines. - Fixed OpenAI Codex Responses SSE streams to abort response body reads after terminal events. ## v0.77.0 — 2026-05-29 pi `0.76.0` → `0.77.0` bump (first container build on the pi 0.77 line, published upstream 2026-05-28). Built against `joakimp/opencode-devbox:base-latest` (unchanged from the v0.76.0 build — same SSH-CM, gitleaks, git-crypt baked in). ### Bumped: pi 0.76.0 → 0.77.0 Notable upstream changes (from pi's CHANGELOG): - **Claude Opus 4.8 support** — Anthropic Opus 4.8 model metadata + adaptive-thinking coverage updated. - **Selective tool disablement** — `--exclude-tools` / `-xt` disables specific built-in, extension, or custom tools while leaving the rest available. - **Headless Codex subscription login** — `/login` can use device-code auth for ChatGPT Plus/Pro Codex subscriptions; browser login remains the default. - **Streaming-aware extension input** — `InputEvent.streamingBehavior` lets extensions distinguish idle prompts from mid-stream steers and queued follow-ups. - **Bugfixes** — startup timing output excludes `createAgentSessionRuntime` work; OpenRouter DeepSeek V4 `xhigh` reasoning preserves OpenRouter's native effort; SIGTERM/SIGHUP exits run extension `session_shutdown` cleanup; keyboard protocol negotiation ignores delayed terminal responses (no false Kitty detection); Windows MSYS2 ucrt64 startup crash fixed via napi-rs 3.x clipboard addon; API-key/header config resolution treats plain strings as literals with `$ENV_VAR` / `${ENV_VAR}` interpolation and `$!` escaping; session disposal aborts in-flight agent/compaction/branch-summary/retry/bash work; `pi.getAllTools()` exposes per-tool `promptGuidelines`; OpenAI Codex Responses replay after switching from Anthropic extended-thinking sessions; Anthropic-compatible replay supports `allowEmptySignature` for providers returning empty thinking signatures; OpenAI/OpenRouter GPT-5.5 Pro thinking levels limited to supported efforts; OpenCode Go Kimi K2.6 thinking-off requests; Xiaomi Token Plan model metadata cleaned of unsupported variants; follow-up messages queued by `agent_end` extension handlers drain before idle; system prompt tool-selection guidance avoids unavailable file-exploration tools; fenced `diff` highlighting restored. Workflow continues to derive `PI_VERSION` from the git tag (`v0.77.0` → `0.77.0`) and pass it as a build-arg per the v0.75.5b cache-hit fix; smoke test asserts `pi --version` matches. ### Inheritance from base No base change in `joakimp/opencode-devbox:base-latest` since v0.76.0 — the v1.15.12 opencode-devbox release also reused the unchanged base. SSH ControlMaster on a writable socket path, gitleaks, and git-crypt continue to ride along from the base. ### CI This is the second pi-devbox release exercising the cache-export-disabled workflow (after v0.76.0's clean publish on run #340) and the first to also exercise the 3-attempt retry wrapper added in 2d39766 along the publish path. ## v0.76.0 — 2026-05-28 pi `0.75.5` → `0.76.0` bump (first minor-version release on pi 0.76 line, published upstream 2026-05-27 20:03 UTC). Built against a fresh `joakimp/opencode-devbox:base-latest` which now bakes in SSH ControlMaster on a writable socket path, plus gitleaks and git-crypt — see the inherited-from-base notes below for details on each. ### Bumped: pi 0.75.5 → 0.76.0 Notable upstream changes (from pi's CHANGELOG): - **Explicit session IDs for automation** — `--session-id ` lets scripts create or resume an exact project-local session. - **RPC bash output can stay out of model context** — RPC clients can pass `excludeFromContext` to `bash` for commands whose output should not be sent with the next prompt. - **More predictable provider retries and timeouts** — Codex WebSocket/SSE waits are bounded; `retry.provider.maxRetries` controls provider retries instead of hidden SDK defaults; SDK retries default to 0; quota/billing 429s are no longer retried behind Pi's retry handling. - **Better terminal editing across environments** — Apple Terminal Shift+Enter detection on macOS, Windows Terminal OSC 8 hyperlink support, JetBrains truecolor with disabled OSC 8, Unicode-aware word navigation and deletion. - **Bugfixes** — `pi update` bypasses npm/pnpm/Bun minimum-release-age gates; user-authored ordered-list markers preserved in transcripts; image attachment token estimates aligned with tool-result images; Codex Responses cache-affinity header fixed (`session-id` not `session_id`); OpenRouter/Poolside context-overflow detection; managed npm extension updates avoid peer-dependency conflicts; RpcClient handles unexpected child exits cleanly. Workflow continues to derive `PI_VERSION` from the git tag (`v0.76.0` → `0.76.0`) and pass it as a build-arg, per the v0.75.5b cache-hit fix; smoke test asserts `pi --version` matches. ### Workflow change: registry cache-export disabled - **`.gitea/workflows/docker-publish.yml`** — `cache-from`/`cache-to` removed from the `publish` step. buildkit's `mode=max` cache-export to `registry-1.docker.io` reproducibly returns HTTP 400 on the resumable-upload PUT, surfacing ~2026-05-23. Diagnosed during opencode-devbox v1.15.12's manual host-side publish: image push works fine, only `--cache-to` fails. See opencode-devbox CHANGELOG v1.15.12 `Unreleased` for the full root-cause analysis. The pi-devbox Dockerfile is single-stage with a tiny diff (npm install pi only) on top of `base-latest`, so builds are fast even without cache (~30-60s expected). ### Inherited from opencode-devbox base: SSH ControlMaster on a writable socket path No Dockerfile change here — just a note that this release picks up the system-wide SSH ControlMaster default (`/etc/ssh/ssh_config.d/00-devbox-controlmaster.conf` → `ControlPath /tmp/sshcm/%r@%h:%p`, `ControlMaster auto`, `ControlPersist 10m`). This unblocks `ssh` and `pi --ssh user@host` from inside the container when `~/.ssh` is bind-mounted read-only from the host (the standard pi-devbox compose layout) — previously, OpenSSH's default `ControlPath` under `~/.ssh/cm/` was unwritable, so multiplexing failed with `unix_listener: cannot bind ... Read-only file system` and ssh fell back to fresh TCP connections, which on residential CGNAT manifested as banner-exchange timeouts. The fix is purely additive (per-container `/tmp/sshcm` dir, mode 700, created by entrypoint) and user `~/.ssh/config` per-host overrides still win because Debian's stock `ssh_config` sources `ssh_config.d/*.conf` before its own `Host *` block. See opencode-devbox CHANGELOG `v1.15.12` for the base-side details. ### Inherited from opencode-devbox base: gitleaks + git-crypt No Dockerfile change here — just a note that this release includes `gitleaks` (newly added to the base) and `git-crypt` (was always installed via apt; just wasn't called out). Both are useful inside the container for repos that use a gitleaks pre-commit hook or git-crypt-encrypted canonical config and don't want host-side dependencies. See opencode-devbox CHANGELOG `v1.15.12` for the base-side details. ## v0.75.5b — 2026-05-23 Recovery release fixing a **silent cache-hit regression** discovered in the v0.75.5 image. All four releases v0.74.0 through v0.75.5 had been shipping the same image bytes because the Dockerfile's `npm install -g @earendil-works/pi-coding-agent` (bare, when `PI_VERSION=latest`) produces an identical layer-hash across builds. Combined with the registry buildcache, Docker reused the layer from whatever pi version was current when the cache was first populated. Verification: `docker manifest inspect joakimp/pi-devbox:vX.Y.Z` showed identical SHA256 digests on both `linux/amd64` and `linux/arm64` for v0.74.0, v0.75.3, v0.75.4, v0.75.5. Users on `:latest` were getting whatever pi version was baked into the v0.74.0 build (probably 0.74.0 itself). - **Workflow fix:** Both `smoke` and `publish` jobs now derive `PI_VERSION` from `github.ref_name` (e.g. `v0.75.5b` → `0.75.5`) and pass it as a build-arg. The Dockerfile's existing `if PI_VERSION=latest` branch never fires in CI now — always takes the `@${PI_VERSION}` branch — so the layer-hash includes the version and cache invalidates correctly. - **Smoke test:** New `run_expect` helper asserts `pi --version` output contains `EXPECTED_PI_VERSION` (passed from the resolve step). Would have caught this regression on v0.75.3 if it had existed. - **Dockerfile:** Comment added above `ARG PI_VERSION=latest` documenting the cache-hit footgun and pointing at the workflow's resolve step + AGENTS.md gotcha. - **AGENTS.md:** New convention bullet explaining the cache-hit class of bug and noting the latent same-bug in opencode-devbox's `with-pi` variants (currently masked by OPENCODE_VERSION bumps). No image-side changes vs v0.75.5 *intent* — this build will produce the actual pi 0.75.5 image content that v0.75.5 was supposed to ship. ## v0.75.5 — 2026-05-23 pi `0.75.4` → `0.75.5` bump (one upstream patch release, two days after v0.75.4). Notable upstream changes (from pi's CHANGELOG): - Cleaner read tool output (collapsed cards show only the read line; Ctrl+O expands). - Faster file tools on Windows (async fs ops during streaming, image resize off the main TUI thread). - More reliable package updates (`pi update` reconciles git-pinned refs without losing settings). - Custom Anthropic-compatible adaptive thinking via `compat.forceAdaptiveThinking`. - Several bash/read tool card display fixes; macOS Bun clipboard sidecar resolution; per-session OpenCode-Zen routing headers; Amazon Bedrock token cap fix. Plus a new pi 0.74.2 rescue release advising Node 20 users to upgrade Node before going to newer Pi versions — the devbox base image runs newer Node so this doesn't affect us, but worth noting for users running pi outside the devbox. - **Bump:** pi `@earendil-works/pi-coding-agent@0.75.5` baked at `/usr/bin/pi` (via `PI_VERSION=latest` resolving to 0.75.5 at build time — no Dockerfile change needed). - No image-side changes from v0.75.4 beyond the pi npm version. Built on `joakimp/opencode-devbox:base-latest` which itself is unchanged (cache-hit on `base-35ee5fe7861a` since v1.14.50b). ## v0.75.4 — 2026-05-21 pi `0.75.3` → `0.75.4` bump (one upstream patch release). Plus the AGENTS.md documentation-drift sweep clause that landed on `main` between v0.75.3 and now. - **Bump:** pi `@earendil-works/pi-coding-agent@0.75.4` baked at `/usr/bin/pi` (via `PI_VERSION=latest` resolving to 0.75.4 at build time — no Dockerfile change needed). - **AGENTS.md:** documentation drift sweep as explicit pre-commit workflow step (commit `ae6253a`). Companion clause added across the wider repo set the same day. - No image-side changes beyond the pi npm version. Built on `joakimp/opencode-devbox:base-latest` which itself is unchanged (cache-hit on `base-35ee5fe7861a` since v1.14.50b). ## v0.75.3 — 2026-05-18 pi `0.74.0` → `0.75.3` bump (one upstream minor + three patch releases since the initial pi-devbox release on 2026-05-14). - **Bump:** pi `@earendil-works/pi-coding-agent@0.75.3` baked at `/usr/bin/pi` (via `PI_VERSION=latest` resolving to 0.75.3 at build time). - No image-side changes from the v0.74.0 baseline beyond the pi npm version. The pi-toolkit + pi-extensions clones, mempalace bridge symlink, and `NPM_CONFIG_PREFIX` named-volume setup all unchanged. ## v0.74.0 — 2026-05-14 Initial release. - pi `@earendil-works/pi-coding-agent@0.74.0` baked at `/usr/bin/pi` - pi-toolkit and pi-extensions cloned at build time; deployed to `~/.pi/agent/` by entrypoint on container start - mempalace bridge (`mempalace.ts`) symlinked from `/opt/mempalace-toolkit/` - Built on `joakimp/opencode-devbox:base-latest`