@pleri/olam-cli 0.1.158 → 0.1.160

package/hermes-bundle/version.json

@@ -1,4 +1,4 @@
 {
-  "bundledAt": "2026-05-21T02:24:20.567Z",
+  "bundledAt": "2026-05-22T05:49:33.599Z",
   "kgFirstSha": "29a9ccce1b115d049e375c4a90eb5cf7c123e610e2d0590270a4db2cdbc64a28"
 }

package/host-cp/k8s/host-side/docker-socket-proxy.compose.yaml

@@ -0,0 +1,58 @@
+# Host-side docker-socket-proxy for the olam kubernetes substrate.
+#
+# Background — round-4 wave-2 R4-W2-F (kuro-bear retest 2026-05-21):
+# on macOS + colima + virtiofs, containerd's OCI runtime spec generator
+# calls stat() on docker.sock hostPath bind mounts; virtiofs returns
+# ENOTSUP for stat/statx on socket files; pod creation fails. The R3-A
+# two-volume hostPath approach is unrecoverable on virtiofs.
+#
+# This compose file provisions the docker-socket-proxy AS A HOST-SIDE
+# CONTAINER (sibling to k3d on the operator's docker daemon), NOT as a
+# pod inside the k3d cluster. The in-cluster Service in
+# packages/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml is
+# `type: ExternalName` aliasing `host.k3d.internal` — cluster pods reach
+# THIS container via that DNS handle.
+#
+# Architecture mirrors the compose substrate's pattern (see
+# packages/host-cp/compose.yaml:170-210). Same image, same allowlist,
+# same restart policy. The only difference: this proxy publishes to
+# the operator host on 127.0.0.1:2375 so k3d nodes can reach it via
+# host.k3d.internal — the compose-substrate sibling stays internal-only.
+#
+# Operator UX: `olam upgrade -y` Step 0.7 auto-starts this on macOS via
+# `docker compose -f <this-file> up -d`. Linux operators get a no-op
+# (Step 0.7 is platform-gated). See docs/operator/kubernetes-substrate-beta.md.
+
+services:
+  docker-socket-proxy:
+    container_name: olam-host-side-docker-socket-proxy
+    # tecnativa/docker-socket-proxy:0.3.0 — matches the compose substrate's
+    # pin verbatim. T8 supply-chain: pinning prevents drift. Update via
+    # Renovate / dependabot.
+    image: tecnativa/docker-socket-proxy:0.3.0
+    environment:
+      # Whitelist matches packages/host-cp/compose.yaml:181-202 verbatim.
+      # Anything outside this list stays at proxy default (deny).
+      CONTAINERS: "1"
+      EVENTS: "1"
+      EXEC: "1"
+      # IMAGES=1 needed for GET /images/<ref>/json (version-status.mjs
+      # fetchLatestImageSha). Socket is :ro so this is read-only inspect.
+      IMAGES: "1"
+      # POST=1 required since tecnativa 0.3.0 for exec creation
+      # (POST /containers/<id>/exec + POST /exec/<id>/start). See
+      # packages/host-cp/compose.yaml:195-199 for the F-2-D dogfood
+      # finding that surfaced this.
+      POST: "1"
+      LOG_LEVEL: "warning"
+    ports:
+      # Publish to operator host on 127.0.0.1:2375 ONLY. k3d nodes reach
+      # this via host.k3d.internal:2375. Binding to 127.0.0.1 (not
+      # 0.0.0.0) is T1 mitigation: docker API surface stays loopback-only
+      # on a single-tenant operator machine.
+      - "127.0.0.1:2375:2375"
+    volumes:
+      # Read-only mount of the host's docker socket. The proxy is the
+      # only consumer of the raw socket on the operator's mac.
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart: unless-stopped

package/host-cp/k8s/manifests/50-deployment.yaml

@@ -18,38 +18,30 @@
 #     before the main container starts, granting UID-1000 write access on the
 #     freshly-provisioned PV. fsGroup alone is insufficient for hostPath volumes.
 #
-#   docker-sock (/var/run/docker.sock): two-volume pattern for colima+k3d.
-#     R3-A fix (v0.1.156+): k3d MUST be created with a parent-directory bind
-#     (not a socket-file bind) so colima's socket is correctly visible inside
-#     the k3d node. The operator command is:
+#   docker access — NO LONGER VIA hostPath (changed in olam-k3d-on-mac-
+#     substrate-decision Phase B B2, 2026-05-21). The previous R3-A two-volume
+#     hostPath pattern is retracted: round-4 R4-W2-F showed virtiofs returns
+#     ENOTSUP on stat/statx of socket files, and that failure is unrecoverable
+#     at the containerd OCI runtime layer. host-cp now reaches docker via TCP
+#     through the docker-socket-proxy ExternalName Service in the olam
+#     namespace (packages/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml),
+#     which kube-dns resolves as a CNAME to host.k3d.internal. The actual
+#     proxy container runs on the operator's docker daemon (sibling to k3d),
+#     started by `olam upgrade` Step 0.7. See also
+#     packages/host-cp/src/lib/docker-request-options.mjs (both substrates now
+#     return identical TCP options).
 #
-#     k3d cluster create olam-host \
-#       --volume $HOME/.colima/default/:/host-colima/@server:* \
-#       --volume ~/.config/gh:/host/.config/gh \
-#       --wait --timeout 90s
-#
-#     This mounts the entire colima directory into the k3d node at /host-colima/.
-#     The docker socket appears at /host-colima/docker.sock inside the node.
-#     The Deployment then uses:
-#       - host-colima volume (type: Directory) for the init container chmod
-#       - docker-socket volume (type: Socket, source /host-colima/docker.sock)
-#         for the main container /var/run/docker.sock mount
-#
-#     An init container (socket-perm) runs `chmod 666 /host-colima/docker.sock`
-#     as root BEFORE the main container starts. This grants the non-root main
-#     container (UID 1000) read+write access to the daemon socket.
-#     Deliberate platform-permission concession — see Decision #15.
-#     R3-A: init container mounts host-colima (directory) and runs chmod on the
-#     socket file inside it. No symlink init container needed — empirically
-#     verified in plan pass-2 on kuro-bear 2026-05-20.
+#     The operator's k3d cluster create command is therefore simpler — no
+#     `--volume $HOME/.colima/default/:/host-colima/@server:*` flag needed.
+#     See docs/operator/kubernetes-substrate-beta.md for the current install
+#     command.
 #
 #   gh-config (/gh-config) and operator-repo (/operator-repo) remain hostPath
 #   volumes that resolve to paths inside the k3d node container.
-#   OPERATORS MUST pass these volume mounts when creating the k3d cluster (see
-#   the k3d command above). Without these flags the gh-config and operator-repo
-#   mounts will be empty. The pod will still start — features that depend on
-#   GitHub auth or the operator repo will fail gracefully. The Phase D install
-#   guide surfaces this requirement prominently.
+#   OPERATORS MUST pass these volume mounts when creating the k3d cluster.
+#   Without these flags the gh-config and operator-repo mounts will be empty.
+#   The pod will still start — features that depend on GitHub auth or the
+#   operator repo will fail gracefully.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -108,28 +100,18 @@ spec:
           volumeMounts:
             - name: olam-home
               mountPath: /data
-        - name: socket-perm
-          # busybox:1.36 — same sha256-pinned image as chown-data above.
-          # Deliberate platform-permission concession — see Decision #15.
-          # R3-A: runs chmod against /host-colima/docker.sock (the socket path
-          # inside the k3d node after the parent-directory bind). Mounts the
-          # host-colima Directory volume (not the docker-socket Socket volume)
-          # so the entire colima directory is accessible — chmod operates on
-          # the socket file within that directory. 666 (world-rw) is intentional
-          # on a single-tenant operator machine.
-          image: busybox@sha256:73aaf090f3d85aa34ee199857f03fa3a95c8ede2ffd4cc2cdb5b94e566b11662
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            runAsUser: 0
-            runAsNonRoot: false
-            allowPrivilegeEscalation: false
-          command: ["sh", "-c", "chmod 666 /host-colima/docker.sock"]
-          volumeMounts:
-            - name: host-colima
-              mountPath: /host-colima
+        # socket-perm init container REMOVED in olam-k3d-on-mac-substrate-decision
+        # Phase B B2 (2026-05-21). The R3-A two-volume hostPath approach for
+        # docker.sock has been retracted: round-4 R4-W2-F showed virtiofs
+        # ENOTSUP on socket-file stat blocks the mount entirely. host-cp now
+        # reaches docker via TCP through the docker-socket-proxy ExternalName
+        # Service in the olam namespace (see
+        # packages/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml).
+        # The proxy itself runs on the operator's docker daemon (sibling to
+        # k3d), started by `olam upgrade` Step 0.7 — not inside this Pod.
       containers:
         - name: olam-host-cp
-          image: ghcr.io/pleri/olam-host-cp@sha256:ea586fdbd1856c739bf241b7d8a2099485dad9c0d2469ca3e0e821ed24681976
+          image: ghcr.io/pleri/olam-host-cp@sha256:3bf4a89af3544e382bf2d708ff73baa6704cf91a0b509f8b1a153fbe603a4223
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true
@@ -158,8 +140,13 @@ spec:
               readOnly: true
             - name: tmp
               mountPath: /tmp
-            - name: docker-socket
-              mountPath: /var/run/docker.sock
+            # docker-socket volumeMount REMOVED in olam-k3d-on-mac-substrate-
+            # decision Phase B B2. Docker access now goes via TCP to the
+            # docker-socket-proxy ExternalName Service in the olam namespace.
+            # host-cp's `getDockerRequestOptions('kubernetes')` returns
+            # `{ host: 'docker-socket-proxy', port: 2375 }` (collapsed to the
+            # same value as the compose substrate's branch — see
+            # packages/host-cp/src/lib/docker-request-options.mjs).
           readinessProbe:
             httpGet:
               path: /health
@@ -197,23 +184,13 @@ spec:
             type: DirectoryOrCreate
         - name: tmp
           emptyDir: {}
-        - name: host-colima
-          # R3-A — Parent-directory bind for colima+k3d (Decision R3-#1).
-          # k3d is created with: --volume $HOME/.colima/default/:/host-colima/@server:*
-          # The entire colima directory (including docker.sock) mounts at /host-colima/.
-          # Used by the socket-perm init container to chmod the socket file.
-          # type: Directory because the colima directory (not socket) is the source.
-          hostPath:
-            path: /host-colima
-            type: Directory
-        - name: docker-socket
-          # R3-A — Socket file within the colima directory (Decision R3-#1).
-          # Source is /host-colima/docker.sock — the socket file inside the k3d
-          # node's /host-colima directory (set by the colima parent-dir bind).
-          # Mounted at /var/run/docker.sock in the main container so host-cp can
-          # reach the operator's docker daemon without path changes in app code.
-          # The socket-perm init container runs chmod 666 on this path before
-          # the main container starts (Decision #15 — same root-init pattern).
-          hostPath:
-            path: /host-colima/docker.sock
-            type: Socket
+        # host-colima + docker-socket volumes REMOVED in olam-k3d-on-mac-
+        # substrate-decision Phase B B2 (2026-05-21). R3-A's two-volume
+        # hostPath approach is fully retracted: round-4 R4-W2-F demonstrated
+        # virtiofs ENOTSUP on socket-file stat is unrecoverable at the
+        # containerd OCI runtime layer (kubelet bypass via R4-W2-E was
+        # necessary-but-not-sufficient). host-cp now reaches docker via TCP
+        # through the docker-socket-proxy ExternalName Service — see
+        # packages/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml.
+        # The proxy itself runs on the operator's docker daemon (sibling to
+        # k3d), started by `olam upgrade` Step 0.7 on macOS.

package/host-cp/k8s/manifests/auth-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-auth-service
-          image: ghcr.io/pleri/olam-auth@sha256:690fab7365a8309a8176f207e96ded9eee1af9640297c109be3a43305e727382
+          image: ghcr.io/pleri/olam-auth@sha256:a7b1e4c0ddee4fc6bfb2689c4d23d8bc0fcc95bc7b42a28d977b990f1408505b
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/docker-socket-proxy/60-service.yaml

@@ -0,0 +1,37 @@
+# ExternalName Service for the host-side docker-socket-proxy.
+#
+# Provides in-cluster DNS for pods to reach the host-side proxy
+# container (defined in packages/host-cp/k8s/host-side/docker-socket-proxy.compose.yaml).
+# The Service has NO backing Pod — `type: ExternalName` is a kube-dns
+# CNAME alias to `host.k3d.internal`, the gateway address that k3d
+# auto-provisions inside every node container.
+#
+# Decision #7 (round-4 plan pass 2): Universal across all k8s substrates
+# (macOS+colima+virtiofs, Linux native k3d, WSL2). One codepath; the
+# per-Pod cost of running an in-cluster proxy elsewhere is invisible
+# against the maintenance tax of OS-conditional Service generation.
+#
+# Why ExternalName and not in-cluster Pod with hostPath:
+# the in-cluster Pod would itself need to bind /var/run/docker.sock
+# from the lima VM, hitting the same virtiofs ENOTSUP class that
+# R4-W2-F is. The proxy must live OUTSIDE the k3d cluster, on the
+# operator's colima docker daemon. ExternalName makes that
+# transparent to consumers: host-cp configures
+# { host: 'docker-socket-proxy', port: 2375 } regardless of where
+# the actual proxy container lives.
+apiVersion: v1
+kind: Service
+metadata:
+  name: docker-socket-proxy
+  namespace: olam
+  labels:
+    app: docker-socket-proxy
+    olam.io/component: host-stack
+spec:
+  type: ExternalName
+  externalName: host.k3d.internal
+  ports:
+    - name: tcp-2375
+      port: 2375
+      targetPort: 2375
+      protocol: TCP

package/host-cp/k8s/manifests/kg-service/50-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-kg-service
-          image: ghcr.io/pleri/olam-kg-service@sha256:72030f3054315e7ebf575f6dcb9b4965e1ddee13ea7bfdeb0bde32253beeb1c7
+          image: ghcr.io/pleri/olam-kg-service@sha256:72fdfb96981903cd83d0b6ad997985bad86a7892c0d1ec7c5dcc9b4d9f8f44db
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml

@@ -68,7 +68,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-mcp-auth-service
-          image: ghcr.io/pleri/olam-mcp-auth@sha256:4d4806e2aa7c782de60471a9742d9e85dcf9f5ba0af3c496c26ff7aab9847a43
+          image: ghcr.io/pleri/olam-mcp-auth@sha256:d8fb62e437142bf352e0d6f637c2b912baa592f25f4abbac1acc2c8cced976c2
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/memory-service/30-configmap.yaml

@@ -22,3 +22,14 @@ data:
   # AGENTMEMORY_HOST=0.0.0.0 but ConfigMap override is explicit defense against
   # a future image regression reverting to 127.0.0.1.
   AGENTMEMORY_HOST: "0.0.0.0"
+  # III_REST_PORT is the env var the agentmemory CLI wrapper reads when it
+  # polls its iii subprocess for readiness (cli.mjs:155 — `process.env
+  # ["III_REST_PORT"] || "3111"`). The iii engine itself binds the port
+  # declared in iii-config.yaml's iii-http worker (overridden via the
+  # olam-memory-service-iii-config ConfigMap to 3110, so it does not
+  # collide with the metrics-proxy on 3111). Without this env var the
+  # wrapper polls 3111 forever, prints "iii-engine did not become ready",
+  # and exits — entrypoint propagates the exit, container restarts, and
+  # the liveness probe returns 502 from the proxy (its backend was never
+  # up). Must equal the iii-http port in 35-configmap-iii-config.yaml.
+  III_REST_PORT: "3110"

package/host-cp/k8s/manifests/memory-service/35-configmap-iii-config.yaml

@@ -0,0 +1,76 @@
+# Overrides the iii-config.yaml shipped inside the agentmemory image so the
+# iii engine binds the INTERNAL port (3110) instead of the EXTERNAL port
+# (3111). The shipped yaml hardcodes `port: 3111` and the agentmemory CLI
+# reads its bind from yaml (NOT from the AGENTMEMORY_PORT env var), so
+# entrypoint.sh's `AGENTMEMORY_PORT=3110` override has no effect.
+#
+# Without this override, the engine and the metrics-proxy both try to bind
+# 0.0.0.0:3111. The proxy starts first and wins the port; the engine fails
+# silently. Probes to /agentmemory/livez hit the proxy and get forwarded to
+# 127.0.0.1:3110, where nothing is listening — proxy returns 502, readiness
+# fails, container restarts.
+#
+# Mounted at /usr/local/lib/node_modules/@agentmemory/agentmemory/dist/iii-config.yaml
+# via subPath in 50-deployment.yaml.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: olam-memory-service-iii-config
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+data:
+  iii-config.yaml: |
+    workers:
+      - name: iii-http
+        config:
+          port: 3110
+          host: 0.0.0.0
+          default_timeout: 180000
+          cors:
+            allowed_origins: ["http://localhost:3111", "http://localhost:3113", "http://127.0.0.1:3111", "http://127.0.0.1:3113"]
+            allowed_methods: [GET, POST, PUT, DELETE, OPTIONS]
+      - name: iii-state
+        config:
+          adapter:
+            name: kv
+            config:
+              store_method: file_based
+              file_path: ./data/state_store.db
+      - name: iii-queue
+        config:
+          adapter:
+            name: builtin
+      - name: iii-pubsub
+        config:
+          adapter:
+            name: local
+      - name: iii-cron
+        config:
+          adapter:
+            name: kv
+      - name: iii-stream
+        config:
+          port: 3112
+          host: 0.0.0.0
+          adapter:
+            name: kv
+            config:
+              store_method: file_based
+              file_path: ./data/stream_store
+      - name: iii-observability
+        config:
+          enabled: true
+          service_name: agentmemory
+          exporter: memory
+          sampling_ratio: 1.0
+          metrics_enabled: true
+          logs_enabled: true
+          logs_console_output: true
+      - name: iii-exec
+        config:
+          watch:
+            - src/**/*.ts
+          exec:
+            - node dist/index.mjs

package/host-cp/k8s/manifests/memory-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
           # bootstrap-placeholder comment + run `npm run refresh:manifest-digests`
           # once ghcr.io/pleri/olam-memory-service has a real published digest.
           # bootstrap-placeholder: pre-publish; refresh after first release
-          image: ghcr.io/pleri/olam-memory-service@sha256:2c31c0f1f93c6b9a3a6d7e94db91dbc9f99cfe17aa8088e594ef4b484b039066
+          image: ghcr.io/pleri/olam-memory-service@sha256:bc377f94911baff74f7b91c44ea471580fdfdc1947e757dd6f550675084312d6
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true
@@ -93,6 +93,13 @@ spec:
               mountPath: /data
             - name: tmp
               mountPath: /tmp
+            # Overrides the shipped iii-config.yaml so the engine binds the
+            # internal port (3110) instead of colliding with the metrics-proxy
+            # on 3111. See 35-configmap-iii-config.yaml for full rationale.
+            - name: iii-config-override
+              mountPath: /usr/local/lib/node_modules/@agentmemory/agentmemory/dist/iii-config.yaml
+              subPath: iii-config.yaml
+              readOnly: true
           readinessProbe:
             httpGet:
               # D15 (LOAD-BEARING): memory-service health path is /agentmemory/livez.
@@ -126,3 +133,6 @@ spec:
             claimName: olam-memory-data
         - name: tmp
           emptyDir: {}
+        - name: iii-config-override
+          configMap:
+            name: olam-memory-service-iii-config