pi-devbox/CHANGELOG.md

Changelog

All notable changes to the pi-devbox container image.

From v1.0.0 onward, tags follow semver:

• major — architectural changes (v1.0.0 = decoupled from opencode-devbox)
• minor — new variants, significant base additions
• patch — pi version bumps, smaller fixes

Pre-v1.0.0 tags followed the pi npm version (v{pi_version}[letter]).

---

Unreleased

v1.1.0 — 2026-06-10

Added — :latest-studio variant

• New -studio image variant bundling pi-studio — a two-pane browser workspace (prompt/response editor, live KaTeX/Mermaid preview, tmux-backed literate REPLs for Shell/Python/IPython/Julia/R/GHCi/Clojure) plus the /studio slash command and studio_repl_send / studio_export_* agent tools. Published as :latest-studio and :vX.Y.Z-studio (multi-arch).
  • pi-studio is vendored to /opt/pi-studio at build time (gated by INSTALL_STUDIO=true, ref pinned via CI-resolved PI_STUDIO_REF) and registered on container start by entrypoint-user.sh via pi install /opt/pi-studio — the same pattern as pi-fork / pi-observational-memory. No build step: pi-studio ships its browser bundle prebuilt in git. The non-studio :latest image is unchanged.
  • CI gains independent smoke-studio + build-variant-studio jobs that gate only the studio tags, so a studio build/smoke failure can never block the core :latest / :vX.Y.Z release.
  • STUDIO_PORT=8765 baked as an advisory default.
• studio-expose helper + socat (base). Because pi-studio binds the container's loopback, a published Docker port can't reach it. The new studio-expose helper (socat, added to the base) bridges the container's loopback to its egress interface on the same port; set STUDIO_EXPOSE=1 in compose to auto-start it on boot (default off — Studio stays loopback-only otherwise). socat is in the base for all variants.
• README "Using pi-studio" section. Documents the container access reality: pi-studio hard-binds 127.0.0.1 inside the container (.listen(port,"127.0.0.1"), no --host flag), so a plain -p publish does not reach it. Documents the two working paths — host networking (recommended on OrbStack) and a loopback bridge for bridge networking — plus the remote ssh -L forward and the mosh caveat (mosh cannot forward ports; run a parallel ssh -L alongside it).

v1.0.1 — 2026-06-10

Patch release. Works around an upstream MemPalace bug that broke pi at first prompt against the Anthropic Claude API.

Fixed

• mempalace_diary_write schema rejected by Anthropic API. Mempalace 3.3.x and 3.4.0 advertise diary_write's input_schema with a top-level anyOf: [{required:[entry]}, {required:[content]}] to express "either entry or content must be supplied". Anthropic's tools API rejects top-level anyOf / oneOf / allOf outright, so pi failed to register tools at session start with tools.<n>.custom.input_schema: input_schema does not support oneOf, allOf, or anyOf at the top level. Dockerfile.base now patches the installed mcp_server.py after uv tool install to drop the anyOf block and require ["agent_name", "entry"] instead. The mempalace handler still accepts content server-side as a kwarg alias, so callers using either name keep working. Tracked upstream: issue #1728, PR #1735. The workaround is idempotent + self-deactivating and will be removed once a fixed mempalace release lands on PyPI.

Changed

• Mempalace pinned to 3.4.0 via MEMPALACE_VERSION build arg. Future bumps must be a reviewable diff rather than an implicit pull of latest (the broken 3.3.x/3.4.0 schema slipping in unannounced is what caused this release).

v1.0.0 — 2026-06-09

Decoupled from opencode-devbox. pi-devbox is now self-contained: own Dockerfile.base + Dockerfile.variant, own CI pipeline, own release cadence. Previously v0.79.0 and earlier were thin re-brands of the pi-only variant built by opencode-devbox CI.

Architectural

• Self-contained build chain. Dockerfile.base produces joakimp/pi-devbox:base-<hash> (content-addressed); Dockerfile.variant FROMs the base and adds the pi install. Replaces the prior 5-line Dockerfile shim that FROMed joakimp/pi-devbox:base-pi-only (an opencode-devbox CI artifact).
• No more publish-ordering coupling. pi-devbox releases no longer require rebuilding opencode-devbox first.
• Adapted from opencode-devbox at the time of decoupling — the apt set, ssh ControlMaster setup, MemPalace integration, entrypoint UID/GID dance, and CI pipeline shape are all derived from there. See Acknowledgements in README.md.
• CI workflow rewritten as two-phase split-base build pipeline (mirrors opencode-devbox's docker-publish-split.yml shape, simplified to a single variant). Includes crane-based base-latest promotion, registry-buildcache footgun guard via concrete PI_VERSION resolution, and the c6f9d11 smoke-test gate (waits for keybindings + mempalace.ts
  • ≥4 *.ts before sampling).

Added (base image)

• pandoc — universal Markdown↔HTML/Org/RST/etc. conversion. ~200 MB.
• graphviz — dot rendering for diagram pipelines. ~10 MB.
• imagemagick — image conversion (invoked as magick, not convert, in v7+). ~50 MB.
• yq — YAML-aware companion to jq.
• tldr (tealdeer) — Rust port of tldr-pages, ~5 MB static binary. Replaced the Node tldr global (which was ~140 MB).
• /etc/tmux.conf with set -g base-index 0 + set -g pane-base-index 0. Required for the planned :latest-studio variant; pi-studio hard-codes its tmux send target to :0.0. User- level ~/.tmux.conf overrides still win.

Added (smoke test)

• Asserts pandoc, graphviz, imagemagick, yq, and tldr are present.
• Asserts /etc/tmux.conf has the 0-indexed config baked.
• Asserts /tmp/sshcm/ directory created mode 700 by entrypoint.
• Image-size measurement now sums docker history layer sizes (the prior image inspect --format='{{.Size}}' approach returned only the variant-unique layer when the base was content-addressed and shared, understating the user-facing image size by 2+ GB).
• Size threshold raised to 3500 MB (was 2850) to cover the new base additions plus +200 MB safety margin. Tighten in a follow-up release once amd64 actuals settle.

Image size

Local arm64 build of pi-devbox-test:latest (this branch's content): 3.20 GB. Up ~390 MB from the prior pi-only-equivalent (~2.81 GB) due to pandoc, graphviz, imagemagick, yq, and minor expansion in pi npm dependencies.

Migration notes

• Existing volumes (devbox-pi-config, devbox-bash-history, devbox-nvim-data, devbox-uv-tools, devbox-chroma-cache) are unchanged in name and structure. docker compose pull && docker compose up -d --force-recreate is a clean upgrade path.
• The :latest and vX.Y.Z Hub tags continue to point at a "base + pi" image. Same shape, just built differently.
• :base-pi-only and :base-pi-only-vX.Y.Z tags from prior releases remain on Hub for now; will be deprecated when opencode-devbox retires the pi paths in its next major release.

Future work

• v1.1.0: :latest-studio variant (adds pi-studio).
• v1.2.0: :latest-studio-tex variant (adds texlive-xetex for PDF export).

v0.79.0 — 2026-06-08

First build on pi 0.79.0 (upstream @earendil-works/pi-coding-agent bump from 0.78.1). Built FROM the freshly republished joakimp/pi-devbox:base-pi-only from opencode-devbox v1.16.2, which carries pi 0.79.0 (and picks up opencode 1.16.2 in the sibling opencode-bearing variants, though this pi-only image has no opencode).

Bumped: pi 0.78.1 → 0.79.0

Resolved from the tag and asserted by the smoke base-freshness guard (EXPECTED_PI_VERSION). Highlights from the upstream CHANGELOG.md:

• Project trust for local inputs — pi now asks before loading project-local settings, resources, instructions, and packages, with saved decisions and --approve / --no-approve controls for non-interactive modes, plus a project_trust extension event so global/CLI extensions can decide or defer.
• Cache-hit visibility in the footer — the interactive footer shows the latest prompt cache hit rate (CH).
• Richer SDK/RPC extension surfaces — public exports now include RPC extension UI request/response types and package asset path helpers.
• Plus a large batch of TUI and provider fixes (Kitty keyboard fallback, prompt-history cursor placement, large-JSONL session reads, custom-provider routing).

Smoke size threshold 2750 → 2850 MB

Tracks opencode-devbox's pi-only variant, which was raised to 2850 MB in v1.16.2 for headroom against the pi 0.79.0 bump (and routine apt drift). Kept in lockstep so this image's guard matches its source-of-truth variant.

v0.78.1 — 2026-06-04

First build on pi 0.78.1 (upstream @earendil-works/pi-coding-agent bump from 0.78.0). Built FROM the freshly republished joakimp/pi-devbox:base-pi-only from opencode-devbox v1.15.13e, which carries pi 0.78.1 plus the LAN-jump key-persistence work and the devbox-ssh-local volume ownership fix. Adds compose/env documentation in this repo.

Added: persist the LAN-jump key + one-line authorize hint

• compose: persist ~/.ssh-local via a new devbox-ssh-local named volume so the generated LAN-jump key survives docker compose up --force-recreate. You authorize the key on the host once per machine instead of after every container update.
• Inherited from base: setup-lan-access.sh now prints a copy-paste echo '…' >> ~/.ssh/authorized_keys line when it generates a new key (published via opencode-devbox's base-pi-only). No helper file to locate.

Docs: document optional host-owned config in the compose + env templates

• compose: added a commented-out ~/.config/devbox-shell bind mount with a note — the image's ~/.bash_aliases sources ~/.config/devbox-shell/bash_aliases if present, and setup-lan-access.sh reads ~/.config/devbox-shell/ssh-lan.conf for named-peer ProxyJump host overrides (reach LAN peers by name via dssh <peer>).
• .env.example: documented DEVBOX_HOST_ALIAS (host hostname to reach, default host.docker.internal) so getting-started is self-contained.

Template/example comments only; no behavior change.

v0.78.0c — 2026-06-04

Fixed / Added (inherited from the base via FROM)

LAN-access improvements made in opencode-devbox's setup-lan-access.sh (baked into the base-pi-only image, published by opencode-devbox v1.15.13d) flow through to pi-devbox automatically — no pi-devbox source change. Built FROM the rebuilt joakimp/pi-devbox:base-pi-only (digest 83b45335…):

• Fixed: the generated ~/.ssh-local/config had Include ~/.ssh/config scoped to the host/mac block, so dssh <peer> by name was ignored.
• Fixed: read-only ~/.ssh/cm ControlPath broke multiplexed hosts (pmx-jh, proxmox*, …); master sockets now use the writable sidecar.
• Added: host-owned ~/.config/devbox-shell/ssh-lan.conf for named-peer ProxyJump host overrides (Included before ~/.ssh/config).
• Added: DEVBOX_LAN_AUTOJUMP_PRIVATE=1 — ProxyJump any RFC1918 IP through the host for roaming laptops.

v0.78.0b — 2026-06-03

Container-level rebuild on pi 0.78.0 (unchanged): re-brands the pi-only build as a thin FROM joakimp/pi-devbox:base-pi-only, inheriting fork/recall and host-OS-agnostic LAN access. Letter-suffix release (pi version unchanged).

Changed: refactored to re-brand the opencode-devbox pi-only variant

pi-devbox no longer installs pi itself. The Dockerfile is now a thin FROM joakimp/pi-devbox:base-pi-only (overridable via the BASE_IMAGE arg), inheriting pi + pi-toolkit + pi-extensions and all base tooling from the single source of truth. This eliminates the install-logic duplication that used to drift against opencode-devbox/Dockerfile.variant.

The pi-only artifact is built by opencode-devbox's CI (from opencode-devbox/Dockerfile.variant with INSTALL_OPENCODE=false) but is published into this repo as the internal building-block tag joakimp/pi-devbox:base-pi-only (+ base-pi-only-vX.Y.Z, where vX.Y.Z is the opencode-devbox release version). This supersedes the brief approach of publishing it as opencode-devbox:latest-pi-only — an "opencode-devbox" tag with no opencode in it confused users. base-pi-only is internal; end users pull joakimp/pi-devbox:latest or a vX.Y.Z tag.

The pi-only build uses INSTALL_OPENCODE=false, so this image stays lean and pi-focused — it does not carry opencode, and remains distinct from opencode-devbox:latest-with-pi (which has both).

Added (inherited from the pi-only variant)

• fork tool (pi-fork) and recall tool (pi-observational-memory), baked into /opt with node_modules and registered at runtime.
• Host-OS-agnostic LAN access: on VM-backed hosts (macOS OrbStack / Docker Desktop) the entrypoint sets up the host as an SSH jump to reach LAN peers (dssh alias; DEVBOX_LAN_ACCESS / HOST_SSH_USER env). No-op on native Linux. See the opencode-devbox README for details.

Consequences / notes

• Publish ordering: release opencode-devbox first so base-pi-only carries the target pi version, then tag this repo. The smoke test asserts pi --version matches the tag and fails loudly if the base is stale.
• CI no longer passes PI_VERSION as a build-arg (the Dockerfile installs nothing); it still resolves the tag version to feed the smoke base-freshness guard. Smoke size threshold 2200 → 2750 MB (now tracks the pi-only variant).

pi version unchanged at 0.78.0 (still latest).

v0.78.0 — 2026-05-29

pi 0.77.0 → 0.78.0 bump (first container build on the pi 0.78 line, published upstream 2026-05-29). Built against joakimp/opencode-devbox:base-latest (unchanged from the v0.77.0 build).

Bumped: pi 0.77.0 → 0.78.0

New Features

• Named startup sessions — --name / -n sets the session display name before startup across interactive, print, JSON, and RPC modes.
• Clickable file tool paths — built-in file tool titles render OSC 8 file:// hyperlinks when the terminal supports them, including supported tmux clients.

Added

• Exported convertToPng for extension authors.
• Exported parseArgs and type Args for extension authors.
• Added a resume command hint when exiting interactive sessions.
• Added custom Amazon Bedrock request header support.

Fixed

• Fixed early interactive input typed before the prompt loop starts so it is buffered instead of dropped.
• Fixed OpenRouter Moonshot Kimi K2.6 requests to use system instead of unsupported developer messages.
• Fixed OSC 8 hyperlinks to pass through tmux when the client supports them.
• Fixed ANSI text wrapping to avoid stack overflows on very long wrapped lines.
• Fixed OpenAI Codex Responses SSE streams to abort response body reads after terminal events.

v0.77.0 — 2026-05-29

pi 0.76.0 → 0.77.0 bump (first container build on the pi 0.77 line, published upstream 2026-05-28). Built against joakimp/opencode-devbox:base-latest (unchanged from the v0.76.0 build — same SSH-CM, gitleaks, git-crypt baked in).

Bumped: pi 0.76.0 → 0.77.0

Notable upstream changes (from pi's CHANGELOG):

• Claude Opus 4.8 support — Anthropic Opus 4.8 model metadata + adaptive-thinking coverage updated.
• Selective tool disablement — --exclude-tools / -xt disables specific built-in, extension, or custom tools while leaving the rest available.
• Headless Codex subscription login — /login can use device-code auth for ChatGPT Plus/Pro Codex subscriptions; browser login remains the default.
• Streaming-aware extension input — InputEvent.streamingBehavior lets extensions distinguish idle prompts from mid-stream steers and queued follow-ups.
• Bugfixes — startup timing output excludes createAgentSessionRuntime work; OpenRouter DeepSeek V4 xhigh reasoning preserves OpenRouter's native effort; SIGTERM/SIGHUP exits run extension session_shutdown cleanup; keyboard protocol negotiation ignores delayed terminal responses (no false Kitty detection); Windows MSYS2 ucrt64 startup crash fixed via napi-rs 3.x clipboard addon; API-key/header config resolution treats plain strings as literals with $ENV_VAR / ${ENV_VAR} interpolation and $! escaping; session disposal aborts in-flight agent/compaction/branch-summary/retry/bash work; pi.getAllTools() exposes per-tool promptGuidelines; OpenAI Codex Responses replay after switching from Anthropic extended-thinking sessions; Anthropic-compatible replay supports allowEmptySignature for providers returning empty thinking signatures; OpenAI/OpenRouter GPT-5.5 Pro thinking levels limited to supported efforts; OpenCode Go Kimi K2.6 thinking-off requests; Xiaomi Token Plan model metadata cleaned of unsupported variants; follow-up messages queued by agent_end extension handlers drain before idle; system prompt tool-selection guidance avoids unavailable file-exploration tools; fenced diff highlighting restored.

Workflow continues to derive PI_VERSION from the git tag (v0.77.0 → 0.77.0) and pass it as a build-arg per the v0.75.5b cache-hit fix; smoke test asserts pi --version matches.

Inheritance from base

No base change in joakimp/opencode-devbox:base-latest since v0.76.0 — the v1.15.12 opencode-devbox release also reused the unchanged base. SSH ControlMaster on a writable socket path, gitleaks, and git-crypt continue to ride along from the base.

CI

This is the second pi-devbox release exercising the cache-export-disabled workflow (after v0.76.0's clean publish on run #340) and the first to also exercise the 3-attempt retry wrapper added in 2d39766 along the publish path.

v0.76.0 — 2026-05-28

pi 0.75.5 → 0.76.0 bump (first minor-version release on pi 0.76 line, published upstream 2026-05-27 20:03 UTC). Built against a fresh joakimp/opencode-devbox:base-latest which now bakes in SSH ControlMaster on a writable socket path, plus gitleaks and git-crypt — see the inherited-from-base notes below for details on each.

Bumped: pi 0.75.5 → 0.76.0

Notable upstream changes (from pi's CHANGELOG):

• Explicit session IDs for automation — --session-id <id> lets scripts create or resume an exact project-local session.
• RPC bash output can stay out of model context — RPC clients can pass excludeFromContext to bash for commands whose output should not be sent with the next prompt.
• More predictable provider retries and timeouts — Codex WebSocket/SSE waits are bounded; retry.provider.maxRetries controls provider retries instead of hidden SDK defaults; SDK retries default to 0; quota/billing 429s are no longer retried behind Pi's retry handling.
• Better terminal editing across environments — Apple Terminal Shift+Enter detection on macOS, Windows Terminal OSC 8 hyperlink support, JetBrains truecolor with disabled OSC 8, Unicode-aware word navigation and deletion.
• Bugfixes — pi update bypasses npm/pnpm/Bun minimum-release-age gates; user-authored ordered-list markers preserved in transcripts; image attachment token estimates aligned with tool-result images; Codex Responses cache-affinity header fixed (session-id not session_id); OpenRouter/Poolside context-overflow detection; managed npm extension updates avoid peer-dependency conflicts; RpcClient handles unexpected child exits cleanly.

Workflow continues to derive PI_VERSION from the git tag (v0.76.0 → 0.76.0) and pass it as a build-arg, per the v0.75.5b cache-hit fix; smoke test asserts pi --version matches.

Workflow change: registry cache-export disabled

• .gitea/workflows/docker-publish.yml — cache-from/cache-to removed from the publish step. buildkit's mode=max cache-export to registry-1.docker.io reproducibly returns HTTP 400 on the resumable-upload PUT, surfacing ~2026-05-23. Diagnosed during opencode-devbox v1.15.12's manual host-side publish: image push works fine, only --cache-to fails. See opencode-devbox CHANGELOG v1.15.12 Unreleased for the full root-cause analysis. The pi-devbox Dockerfile is single-stage with a tiny diff (npm install pi only) on top of base-latest, so builds are fast even without cache (~30-60s expected).

Inherited from opencode-devbox base: SSH ControlMaster on a writable socket path

No Dockerfile change here — just a note that this release picks up the system-wide SSH ControlMaster default (/etc/ssh/ssh_config.d/00-devbox-controlmaster.conf → ControlPath /tmp/sshcm/%r@%h:%p, ControlMaster auto, ControlPersist 10m). This unblocks ssh and pi --ssh user@host from inside the container when ~/.ssh is bind-mounted read-only from the host (the standard pi-devbox compose layout) — previously, OpenSSH's default ControlPath under ~/.ssh/cm/ was unwritable, so multiplexing failed with unix_listener: cannot bind ... Read-only file system and ssh fell back to fresh TCP connections, which on residential CGNAT manifested as banner-exchange timeouts. The fix is purely additive (per-container /tmp/sshcm dir, mode 700, created by entrypoint) and user ~/.ssh/config per-host overrides still win because Debian's stock ssh_config sources ssh_config.d/*.conf before its own Host * block. See opencode-devbox CHANGELOG v1.15.12 for the base-side details.

Inherited from opencode-devbox base: gitleaks + git-crypt

No Dockerfile change here — just a note that this release includes gitleaks (newly added to the base) and git-crypt (was always installed via apt; just wasn't called out). Both are useful inside the container for repos that use a gitleaks pre-commit hook or git-crypt-encrypted canonical config and don't want host-side dependencies. See opencode-devbox CHANGELOG v1.15.12 for the base-side details.

v0.75.5b — 2026-05-23

Recovery release fixing a silent cache-hit regression discovered in the v0.75.5 image. All four releases v0.74.0 through v0.75.5 had been shipping the same image bytes because the Dockerfile's npm install -g @earendil-works/pi-coding-agent (bare, when PI_VERSION=latest) produces an identical layer-hash across builds. Combined with the registry buildcache, Docker reused the layer from whatever pi version was current when the cache was first populated.

Verification: docker manifest inspect joakimp/pi-devbox:vX.Y.Z showed identical SHA256 digests on both linux/amd64 and linux/arm64 for v0.74.0, v0.75.3, v0.75.4, v0.75.5. Users on :latest were getting whatever pi version was baked into the v0.74.0 build (probably 0.74.0 itself).

• Workflow fix: Both smoke and publish jobs now derive PI_VERSION from github.ref_name (e.g. v0.75.5b → 0.75.5) and pass it as a build-arg. The Dockerfile's existing if PI_VERSION=latest branch never fires in CI now — always takes the @${PI_VERSION} branch — so the layer-hash includes the version and cache invalidates correctly.
• Smoke test: New run_expect helper asserts pi --version output contains EXPECTED_PI_VERSION (passed from the resolve step). Would have caught this regression on v0.75.3 if it had existed.
• Dockerfile: Comment added above ARG PI_VERSION=latest documenting the cache-hit footgun and pointing at the workflow's resolve step + AGENTS.md gotcha.
• AGENTS.md: New convention bullet explaining the cache-hit class of bug and noting the latent same-bug in opencode-devbox's with-pi variants (currently masked by OPENCODE_VERSION bumps).

No image-side changes vs v0.75.5 intent — this build will produce the actual pi 0.75.5 image content that v0.75.5 was supposed to ship.

v0.75.5 — 2026-05-23

pi 0.75.4 → 0.75.5 bump (one upstream patch release, two days after v0.75.4).

Notable upstream changes (from pi's CHANGELOG):

• Cleaner read tool output (collapsed cards show only the read line; Ctrl+O expands).
• Faster file tools on Windows (async fs ops during streaming, image resize off the main TUI thread).
• More reliable package updates (pi update reconciles git-pinned refs without losing settings).
• Custom Anthropic-compatible adaptive thinking via compat.forceAdaptiveThinking.
• Several bash/read tool card display fixes; macOS Bun clipboard sidecar resolution; per-session OpenCode-Zen routing headers; Amazon Bedrock token cap fix.

Plus a new pi 0.74.2 rescue release advising Node 20 users to upgrade Node before going to newer Pi versions — the devbox base image runs newer Node so this doesn't affect us, but worth noting for users running pi outside the devbox.

• Bump: pi @earendil-works/pi-coding-agent@0.75.5 baked at /usr/bin/pi (via PI_VERSION=latest resolving to 0.75.5 at build time — no Dockerfile change needed).
• No image-side changes from v0.75.4 beyond the pi npm version. Built on joakimp/opencode-devbox:base-latest which itself is unchanged (cache-hit on base-35ee5fe7861a since v1.14.50b).

v0.75.4 — 2026-05-21

pi 0.75.3 → 0.75.4 bump (one upstream patch release). Plus the AGENTS.md documentation-drift sweep clause that landed on main between v0.75.3 and now.

• Bump: pi @earendil-works/pi-coding-agent@0.75.4 baked at /usr/bin/pi (via PI_VERSION=latest resolving to 0.75.4 at build time — no Dockerfile change needed).
• AGENTS.md: documentation drift sweep as explicit pre-commit workflow step (commit ae6253a). Companion clause added across the wider repo set the same day.
• No image-side changes beyond the pi npm version. Built on joakimp/opencode-devbox:base-latest which itself is unchanged (cache-hit on base-35ee5fe7861a since v1.14.50b).

v0.75.3 — 2026-05-18

pi 0.74.0 → 0.75.3 bump (one upstream minor + three patch releases since the initial pi-devbox release on 2026-05-14).

• Bump: pi @earendil-works/pi-coding-agent@0.75.3 baked at /usr/bin/pi (via PI_VERSION=latest resolving to 0.75.3 at build time).
• No image-side changes from the v0.74.0 baseline beyond the pi npm version. The pi-toolkit + pi-extensions clones, mempalace bridge symlink, and NPM_CONFIG_PREFIX named-volume setup all unchanged.

v0.74.0 — 2026-05-14

Initial release.

• pi @earendil-works/pi-coding-agent@0.74.0 baked at /usr/bin/pi
• pi-toolkit and pi-extensions cloned at build time; deployed to ~/.pi/agent/ by entrypoint on container start
• mempalace bridge (mempalace.ts) symlinked from /opt/mempalace-toolkit/
• Built on joakimp/opencode-devbox:base-latest