From fb74c568d015eae6931357bde866c4207ebe715d Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:10:05 -0400 Subject: [PATCH 1/9] ci: remove release-signing-artifacts to fix 404 on release --- .github/workflows/publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 352accf4..f3020013 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -80,7 +80,6 @@ jobs: inputs: >- dist/*.tar.gz dist/*.whl - release-signing-artifacts: true source: false - name: Upload attestations to GitHub Release From e36cec58b2acfd5a5430134a9d92d575a1afaa0f Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:18:55 -0400 Subject: [PATCH 2/9] chore(deps): bump coreason-manifest to 0.60.1 --- pyproject.toml | 2 +- uv.lock | 21 +++++++++------------ 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 57d93b2a..29bcb10f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ authors = [ { name = "Gowtham A Rao", email = "gowtham.rao@coreason.ai" }, ] dependencies = [ - "coreason-manifest==0.60.0", + "coreason-manifest==0.60.1", "click>=8.1.7", "loguru>=0.7.2", "typer>=0.9.0", diff --git a/uv.lock b/uv.lock index c0e61c44..1f32d0a5 100644 --- a/uv.lock +++ b/uv.lock @@ -1,13 +1,10 @@ version = 1 revision = 3 -requires-python = ">=3.14" +requires-python = "==3.14.*" resolution-markers = [ - "python_full_version >= '3.15' and sys_platform == 'win32'", - "python_full_version >= '3.15' and sys_platform == 'emscripten'", - "python_full_version >= '3.15' and sys_platform != 'emscripten' and sys_platform != 'win32'", - "python_full_version < '3.15' and sys_platform == 'win32'", - "python_full_version < '3.15' and sys_platform == 'emscripten'", - "python_full_version < '3.15' and sys_platform != 'emscripten' and sys_platform != 'win32'", + "sys_platform == 'win32'", + "sys_platform == 'emscripten'", + "sys_platform != 'emscripten' and sys_platform != 'win32'", ] [[package]] @@ -540,7 +537,7 @@ dev = [ requires-dist = [ { name = "boto3", specifier = ">=1.38.0" }, { name = "click", specifier = ">=8.1.7" }, - { name = "coreason-manifest", specifier = "==0.60.0" }, + { name = "coreason-manifest", specifier = "==0.60.1" }, { name = "cryptography", specifier = ">=44.0.0" }, { name = "fastapi", specifier = ">=0.135.3" }, { name = "httpx", specifier = ">=0.27.0" }, @@ -595,7 +592,7 @@ dev = [ [[package]] name = "coreason-manifest" -version = "0.60.0" +version = "0.60.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "canonicaljson" }, @@ -605,9 +602,9 @@ dependencies = [ { name = "pycrdt" }, { name = "pydantic" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/ad/fc/209a5d17b2591f2c1d53403bacc4ac25f365d596e2eb97a305c874359bb0/coreason_manifest-0.60.0.tar.gz", hash = "sha256:486a6353d76c3ea23145498aca06fc4f97b3c80d9d606f307ec254e04fcb5d12", size = 857916, upload-time = "2026-05-14T01:15:56.724Z" } +sdist = { url = "https://files.pythonhosted.org/packages/49/d1/bf498b3e32615499ac370355bebc9621aef9790e3a6b4e0fc96594bea4ca/coreason_manifest-0.60.1.tar.gz", hash = "sha256:e7df4961a141c1d82663b1f41c7bd22254437c35855ffcc15d68d9d81addc9cf", size = 857964, upload-time = "2026-05-14T02:08:04.049Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/c0/c2/8f2ff2dcd944bfa76cc3cefbe05475b1d413d325a30da25b66f74d16cec1/coreason_manifest-0.60.0-py3-none-any.whl", hash = "sha256:ebee726dbc1fd168e4c0a7746cad302fab81ba75d28e3209eacfc94d66886c42", size = 199359, upload-time = "2026-05-14T01:15:55.459Z" }, + { url = "https://files.pythonhosted.org/packages/f1/16/e6ce7e2b3ae09df903b44f1dbc608d685d26ef6e55df76164cb937d09688/coreason_manifest-0.60.1-py3-none-any.whl", hash = "sha256:c2e35bcf5e3e9c05d4011d8113d16f13ba21ec67302d8bebfcfc4bf60ce5f958", size = 199405, upload-time = "2026-05-14T02:08:02.829Z" }, ] [[package]] @@ -745,7 +742,7 @@ dependencies = [ { name = "colorama", marker = "sys_platform == 'win32'" }, { name = "packaging" }, { name = "requirements-parser" }, - { name = "tomli", marker = "python_full_version < '3.15'" }, + { name = "tomli" }, ] sdist = { url = "https://files.pythonhosted.org/packages/b8/b2/50ccc99362ae7757342978b7ecb3b98e47fade721fd617d74db1948ec3a1/deptry-0.25.1.tar.gz", hash = "sha256:45c8cd982c85cd4faae573ddff6920de7eec735336db6973f26a765ae7950f7d", size = 509748, upload-time = "2026-03-18T23:22:18.139Z" } wheels = [ From 058f2a7e0d4cdc72762d87ebe605a1a2716f0734 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:29:13 -0400 Subject: [PATCH 3/9] docs: add pi.dev to prerequisites --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3ccff144..39f1abf2 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ To boot the local ephemeral fleet and project the capability mesh, you must exec * [uv](https://github.com/astral-sh/uv) (The canonical Python dependency manager) * Docker Engine (For hosting local Sovereign MCPs) * Pulumi CLI (For thermodynamic infrastructure actuation) +* [Pi.dev](https://pi.dev) (The standard agentic terminal harness: `npm install -g @earendil-works/pi-coding-agent`) ### The Ignition Sequence From 2edbda26b21a1c63b2ea3fe90b94cc7cff651af2 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:35:49 -0400 Subject: [PATCH 4/9] docs: append zero-waste engineering mandate to agent rule files --- .clinerules | 5 +++++ .cursorrules | 5 +++++ AGENTS.md | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/.clinerules b/.clinerules index edcb032f..c24e4eb2 100644 --- a/.clinerules +++ b/.clinerules @@ -20,3 +20,8 @@ # Submit 100% schema-compliant AST differentials to the Forge for deterministic "etching." # Copyright (c) 2026 CoReason, Inc. Licensed under the Prosperity Public License 3.0. + + +## The "Zero-Waste Engineering" Mandate +You are strictly bound by the "Borrow vs. Build" philosophy. You MUST maximize the use of stable Open Source Software (OSS) whenever available. You are mathematically forbidden from building custom, proprietary implementations for logging, tracing, graph layout, container routing, UI components, or serialization if a mature OSS standard (e.g., OpenTelemetry, Zep Graphiti, Pi.dev, React Flow) exists to solve the problem. + diff --git a/.cursorrules b/.cursorrules index eaf3daca..98d3da10 100644 --- a/.cursorrules +++ b/.cursorrules @@ -25,3 +25,8 @@ I expect real tests. No mocks. You are strictly forbidden from using unittest.mock, pytest.MonkeyPatch, responses, or any other mocking library to simulate environment variables, network calls, or API responses. All tests MUST execute against real local servers, real environment state, or deterministic string/file inputs. + + +## The "Zero-Waste Engineering" Mandate +You are strictly bound by the "Borrow vs. Build" philosophy. You MUST maximize the use of stable Open Source Software (OSS) whenever available. You are mathematically forbidden from building custom, proprietary implementations for logging, tracing, graph layout, container routing, UI components, or serialization if a mature OSS standard (e.g., OpenTelemetry, Zep Graphiti, Pi.dev, React Flow) exists to solve the problem. + diff --git a/AGENTS.md b/AGENTS.md index 4ef0a6b7..c9dab16e 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -103,3 +103,8 @@ If any of the above verification commands yield a non-zero exit code (failure), I expect real tests. No mocks. You are strictly forbidden from using unittest.mock, pytest.MonkeyPatch, responses, or any other mocking library to simulate environment variables, network calls, or API responses. All tests MUST execute against real local servers, real environment state, or deterministic string/file inputs. Mocking produces false confidence and is mathematically classified as non-isomorphic testing. + + +## The "Zero-Waste Engineering" Mandate +You are strictly bound by the "Borrow vs. Build" philosophy. You MUST maximize the use of stable Open Source Software (OSS) whenever available. You are mathematically forbidden from building custom, proprietary implementations for logging, tracing, graph layout, container routing, UI components, or serialization if a mature OSS standard (e.g., OpenTelemetry, Zep Graphiti, Pi.dev, React Flow) exists to solve the problem. + From 25ee61a6d89fed694d2b8d0e43e764f40b33de23 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:46:57 -0400 Subject: [PATCH 5/9] feat: trigger minor version bump for OSS pivot Signed-off-by: agent From d343fca39d79e9ff5892191f419f1db2c4c3a451 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:57:21 -0400 Subject: [PATCH 6/9] chore: update dependencies for v0.61.0 pivot --- pyproject.toml | 2 +- uv.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 29bcb10f..1edb3662 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ authors = [ { name = "Gowtham A Rao", email = "gowtham.rao@coreason.ai" }, ] dependencies = [ - "coreason-manifest==0.60.1", + "coreason-manifest==0.61.0", "click>=8.1.7", "loguru>=0.7.2", "typer>=0.9.0", diff --git a/uv.lock b/uv.lock index 1f32d0a5..e4e7cb19 100644 --- a/uv.lock +++ b/uv.lock @@ -537,7 +537,7 @@ dev = [ requires-dist = [ { name = "boto3", specifier = ">=1.38.0" }, { name = "click", specifier = ">=8.1.7" }, - { name = "coreason-manifest", specifier = "==0.60.1" }, + { name = "coreason-manifest", specifier = "==0.61.0" }, { name = "cryptography", specifier = ">=44.0.0" }, { name = "fastapi", specifier = ">=0.135.3" }, { name = "httpx", specifier = ">=0.27.0" }, @@ -592,7 +592,7 @@ dev = [ [[package]] name = "coreason-manifest" -version = "0.60.1" +version = "0.61.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "canonicaljson" }, @@ -602,9 +602,9 @@ dependencies = [ { name = "pycrdt" }, { name = "pydantic" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/49/d1/bf498b3e32615499ac370355bebc9621aef9790e3a6b4e0fc96594bea4ca/coreason_manifest-0.60.1.tar.gz", hash = "sha256:e7df4961a141c1d82663b1f41c7bd22254437c35855ffcc15d68d9d81addc9cf", size = 857964, upload-time = "2026-05-14T02:08:04.049Z" } +sdist = { url = "https://files.pythonhosted.org/packages/0e/9d/ef67a31ca1a8521e31814e5ae0907983b091ca80e636402f6c42a1ad823d/coreason_manifest-0.61.0.tar.gz", hash = "sha256:6f92cece2a9566d519396dd603de64ded36b3ea7c76d77da91be4eb490364e04", size = 857962, upload-time = "2026-05-14T02:51:31.771Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/f1/16/e6ce7e2b3ae09df903b44f1dbc608d685d26ef6e55df76164cb937d09688/coreason_manifest-0.60.1-py3-none-any.whl", hash = "sha256:c2e35bcf5e3e9c05d4011d8113d16f13ba21ec67302d8bebfcfc4bf60ce5f958", size = 199405, upload-time = "2026-05-14T02:08:02.829Z" }, + { url = "https://files.pythonhosted.org/packages/53/21/62f838f9d37c598acc55d0532b47c828e9c968b24ae890cdab87c818bdfc/coreason_manifest-0.61.0-py3-none-any.whl", hash = "sha256:9aacf2b880192a2364cfb5cbbadd4d79ecf179b4528bf6b2617ddc34c660c240", size = 199405, upload-time = "2026-05-14T02:51:30.595Z" }, ] [[package]] From 542b951113042b0682fbadfbe3527bbf74fa03c7 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 22:59:53 -0400 Subject: [PATCH 7/9] feat: embed pi.dev kinetic harness and setup scripts --- scripts/setup_pi.py | 52 +++++++++++++++++++++++++++++++++++ src/coreason_ecosystem/cli.py | 15 ++++++++++ 2 files changed, 67 insertions(+) create mode 100644 scripts/setup_pi.py diff --git a/scripts/setup_pi.py b/scripts/setup_pi.py new file mode 100644 index 00000000..22726a9b --- /dev/null +++ b/scripts/setup_pi.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 +# Copyright (c) 2026 CoReason, Inc +# +# This software is proprietary and dual-licensed +# Licensed under the Prosperity Public License 3.0 (the "License") +# A copy of the license is available at +# For details, see the LICENSE file +# Commercial use beyond a 30-day trial requires a separate license +# +# Source Code: + +import os +import sys +from pathlib import Path + +def setup_pi_agent() -> None: + """Configures the local pi.dev coding agent with CoReason's strict ontology.""" + + home = Path.home() + pi_dir = home / ".pi" / "agent" + + print(f"Configuring pi.dev Sovereign Developer Console at {pi_dir}...") + + if not pi_dir.exists(): + print(f"Directory {pi_dir} does not exist. Creating it.") + pi_dir.mkdir(parents=True, exist_ok=True) + + system_md_path = pi_dir / "system.md" + + system_prompt = """# CoReason Sovereign Developer Console +You are the official kinetic execution harness for the CoReason Swarm. +You operate as a zero-waste, deterministic CLI proxy. + +## The Hollow Data Plane Mandate +1. **Zero Hallucination:** All structural boundaries must be derived directly from `coreason-manifest` Pydantic models. +2. **Epistemic Isolation:** You must not execute runtime capabilities outside the strict confines of the WASM/OpenShell sandboxes. +3. **URN Addressing:** All newly created capabilities must be registered via `__action_space_urn__` and documented with the 4-part Epistemic Bounds docstring. + +## Execution Rules +- Use `Read`, `Write`, `Edit`, and `Bash` tools exclusively to mutate the Abstract Syntax Tree (AST) within the boundaries of the repository. +- Avoid native web-search. Delegate high-entropy semantic logic to external URN Oracles. +- All code generation MUST adhere strictly to the `AGENTS.md` rules inside the corresponding workspace. +""" + + with open(system_md_path, "w", encoding="utf-8") as f: + f.write(system_prompt) + + print(f"Successfully wrote CoReason Epistemic Constraints to {system_md_path}") + print("You may now launch the console by running `npx @mariozechner/pi-coding-agent` in your terminal.") + +if __name__ == "__main__": + setup_pi_agent() diff --git a/src/coreason_ecosystem/cli.py b/src/coreason_ecosystem/cli.py index 63c581a5..4d62663c 100644 --- a/src/coreason_ecosystem/cli.py +++ b/src/coreason_ecosystem/cli.py @@ -177,6 +177,21 @@ def build_docs_cmd() -> None: console.print(f"[bold red]Documentation Pipeline Failed:[/bold red] {e}") +@app.command(name="pi") +def pi_terminal() -> None: + """Launch the pi.dev Sovereign Developer Console.""" + import subprocess + + console.print("[bold green]Launching the pi.dev Kinetic Harness...[/bold green]") + try: + # We invoke the pi.dev CLI natively using npx + subprocess.run(["npx", "@mariozechner/pi-coding-agent"], check=True) + except FileNotFoundError: + console.print("[bold red]Error:[/bold red] Node.js and npx are required to launch pi.dev.") + except subprocess.CalledProcessError as e: + console.print(f"[bold red]Pi terminal exited with code {e.returncode}[/bold red]") + + def main() -> None: # pragma: no cover """Entry point for the CLI.""" app() From 6d9204b01dafe11e65d04a980d9e9a1edc3a4e56 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 23:03:54 -0400 Subject: [PATCH 8/9] style: fix ruff formatting errors --- scripts/setup_pi.py | 20 +++++++++++--------- src/coreason_ecosystem/cli.py | 10 +++++++--- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/scripts/setup_pi.py b/scripts/setup_pi.py index 22726a9b..2d442c15 100644 --- a/scripts/setup_pi.py +++ b/scripts/setup_pi.py @@ -9,24 +9,23 @@ # # Source Code: -import os -import sys from pathlib import Path + def setup_pi_agent() -> None: """Configures the local pi.dev coding agent with CoReason's strict ontology.""" - + home = Path.home() pi_dir = home / ".pi" / "agent" - + print(f"Configuring pi.dev Sovereign Developer Console at {pi_dir}...") - + if not pi_dir.exists(): print(f"Directory {pi_dir} does not exist. Creating it.") pi_dir.mkdir(parents=True, exist_ok=True) - + system_md_path = pi_dir / "system.md" - + system_prompt = """# CoReason Sovereign Developer Console You are the official kinetic execution harness for the CoReason Swarm. You operate as a zero-waste, deterministic CLI proxy. @@ -44,9 +43,12 @@ def setup_pi_agent() -> None: with open(system_md_path, "w", encoding="utf-8") as f: f.write(system_prompt) - + print(f"Successfully wrote CoReason Epistemic Constraints to {system_md_path}") - print("You may now launch the console by running `npx @mariozechner/pi-coding-agent` in your terminal.") + print( + "You may now launch the console by running `npx @mariozechner/pi-coding-agent` in your terminal." + ) + if __name__ == "__main__": setup_pi_agent() diff --git a/src/coreason_ecosystem/cli.py b/src/coreason_ecosystem/cli.py index 4d62663c..fa95e670 100644 --- a/src/coreason_ecosystem/cli.py +++ b/src/coreason_ecosystem/cli.py @@ -181,15 +181,19 @@ def build_docs_cmd() -> None: def pi_terminal() -> None: """Launch the pi.dev Sovereign Developer Console.""" import subprocess - + console.print("[bold green]Launching the pi.dev Kinetic Harness...[/bold green]") try: # We invoke the pi.dev CLI natively using npx subprocess.run(["npx", "@mariozechner/pi-coding-agent"], check=True) except FileNotFoundError: - console.print("[bold red]Error:[/bold red] Node.js and npx are required to launch pi.dev.") + console.print( + "[bold red]Error:[/bold red] Node.js and npx are required to launch pi.dev." + ) except subprocess.CalledProcessError as e: - console.print(f"[bold red]Pi terminal exited with code {e.returncode}[/bold red]") + console.print( + f"[bold red]Pi terminal exited with code {e.returncode}[/bold red]" + ) def main() -> None: # pragma: no cover From fa1fb674f45d9b527325bc24ffea9a26d99141c1 Mon Sep 17 00:00:00 2001 From: Gowtham Rao MD PhD Date: Wed, 13 May 2026 23:06:09 -0400 Subject: [PATCH 9/9] fix: bandit warnings for subprocess in cli.py --- src/coreason_ecosystem/cli.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/coreason_ecosystem/cli.py b/src/coreason_ecosystem/cli.py index fa95e670..88a80d5e 100644 --- a/src/coreason_ecosystem/cli.py +++ b/src/coreason_ecosystem/cli.py @@ -180,12 +180,12 @@ def build_docs_cmd() -> None: @app.command(name="pi") def pi_terminal() -> None: """Launch the pi.dev Sovereign Developer Console.""" - import subprocess + import subprocess # nosec: B404 console.print("[bold green]Launching the pi.dev Kinetic Harness...[/bold green]") try: # We invoke the pi.dev CLI natively using npx - subprocess.run(["npx", "@mariozechner/pi-coding-agent"], check=True) + subprocess.run(["npx", "@mariozechner/pi-coding-agent"], check=True) # nosec: B603, B607 except FileNotFoundError: console.print( "[bold red]Error:[/bold red] Node.js and npx are required to launch pi.dev."