Problem
The @agentos-software/* registry packages have no automated CI build/publish:
- Commands live in
registry/software/*, agents in registry/agent/*.
- They are deliberately excluded from the secure-exec preview publish workflow (
scripts/publish/src/lib/packages.ts → SECURE_EXEC_WORKSPACE_PACKAGES skips everything under @agentos-software/* except @agentos-software/manifest).
- The only publish path is a manual
registry/Makefile make publish run from a dev machine.
The manual/local path is impractical for contributors: publishing a registry update requires a full local wasm toolchain build:
make sysroot → patch-wasi-libc.sh + build-llvm-runtimes.sh (patched wasi-libc with networking, e.g. netdb.h),
- then the heavy C builds (curl, sqlite3, duckdb — duckdb alone is 20+ min via CMake),
- then Rust wasm (
wasm32-wasip1, ~139 commands) + agent packing.
Realistically 30–60+ min of from-source LLVM/wasi-libc/duckdb builds, fallible, and it pins the machine. So registry updates don't happen reliably.
Ask
A CI workflow that builds and publishes the registry packages automatically on change.
Requirements
- Incremental — some packages take a long time to build (duckdb, curl, the patched sysroot). Reuse the existing per-package
.last-publish-hash change-detection so only changed packages rebuild/republish, and cache the wasm toolchain (patched wasi-libc sysroot, wasi-sdk, LLVM runtimes) across runs. The registry should be updatable incrementally rather than all-or-nothing.
- Non-
latest dist-tag — never move the latest pointer (consistent with the manual path's DIST_TAG=dev).
- Cover both
registry/software/* (commands + meta) and registry/agent/* (agents).
- Trigger on changes under
registry/ (and the native toolchain).
Context
Surfaced while migrating the registry to the { packageDir } + agentos-package.json model (secure-exec #150 / agent-os #1561): every @agentos-software/* package needs republishing with the new shape, but there is no non-manual way to do it.
Problem
The
@agentos-software/*registry packages have no automated CI build/publish:registry/software/*, agents inregistry/agent/*.scripts/publish/src/lib/packages.ts→SECURE_EXEC_WORKSPACE_PACKAGESskips everything under@agentos-software/*except@agentos-software/manifest).registry/Makefilemake publishrun from a dev machine.The manual/local path is impractical for contributors: publishing a registry update requires a full local wasm toolchain build:
make sysroot→patch-wasi-libc.sh+build-llvm-runtimes.sh(patched wasi-libc with networking, e.g.netdb.h),wasm32-wasip1, ~139 commands) + agent packing.Realistically 30–60+ min of from-source LLVM/wasi-libc/duckdb builds, fallible, and it pins the machine. So registry updates don't happen reliably.
Ask
A CI workflow that builds and publishes the registry packages automatically on change.
Requirements
.last-publish-hashchange-detection so only changed packages rebuild/republish, and cache the wasm toolchain (patched wasi-libc sysroot, wasi-sdk, LLVM runtimes) across runs. The registry should be updatable incrementally rather than all-or-nothing.latestdist-tag — never move thelatestpointer (consistent with the manual path'sDIST_TAG=dev).registry/software/*(commands + meta) andregistry/agent/*(agents).registry/(and the native toolchain).Context
Surfaced while migrating the registry to the
{ packageDir }+agentos-package.jsonmodel (secure-exec #150 / agent-os #1561): every@agentos-software/*package needs republishing with the new shape, but there is no non-manual way to do it.