docs(wiki): extract audit log + coi audit into dedicated Audit-Log page
Security-Monitoring was the largest page (~500 lines). Move the on-disk audit
log format, field reference, and the full 'coi audit' command docs into a new
Audit-Log page (Security-Monitoring now links to it with a short stub). Retarget
inbound links (Session-Logs, Migration-Guide, Home, sidebar). Security-Monitoring
328 lines; all internal links verified.
docs: 0.9 updates — upgrade guide (0.8→0.9), sockets, env_commands, pi
- Migration-Guide: add 'Upgrading from 0.8 to 0.9' (trust gate, network
sanitize, read-only .coi, protected git paths, allowlist/IPv6 tightening;
new features: sockets, env_commands, coi trust/audit, pi)
- Configuration: document [[sockets]] and [defaults.env_commands]; fix default
protected_paths list; add pi to tool name
- Supported-Tools: add pi section
- Home: link the 0.8→0.9 upgrade guide
docs: fix bugs and fill content gaps from re-analysis
Bug fixes:
- Linux-Setup-Guide: fix usermod command (incus,incus-admin not
'incus incus-admin $USER' which passed incus-admin as a username)
- Image-Management: clarify Best Practices item 4 — coi image publish
captures filesystem state, not process memory; stateful = snapshots only
Content improvements:
- Home.md: add one-sentence description of what COI is before the callout
- Tmux-Automation: replace non-deterministic sleep-based CI examples with
polling helpers; add Note callout explaining why fixed sleeps are unreliable
- FAQ.md: expand Troubleshooting Quick Links from 2 to 7 entries covering
container pause/kill, privileged=true error, Docker Compose, DNS build issues
- Resource-and-Time-Limits: add prose section explaining what each limit
actually does (CPU enforce/priority, memory hard vs soft, swap semantics,
disk I/O cgroup blkio, tmpfs, runtime auto-stop)
- File-Transfer: add UID shifting note explaining automatic ownership mapping
and when to chown after pushing to system paths
- Security-Monitoring: clarify [monitoring] vs [monitoring.nft] as two
independent subsystems with separate prerequisites
- Configuration: note that forward_env is top-level in profiles vs under
[defaults] in main config
- Migration-Guide: add 4 more entries from Troubleshooting content (bool
pointer fix, settings.json deep merge, Docker Compose three-step launch,
EXDEV session save fix, UID/GID remapping)
docs: complete structural, content, and style improvements (S4-S6, C1-C5, F5)
Structural:
- S4: Add Slot System section to Container-Lifecycle-and-Sessions explaining
container naming, auto-allocation, per-slot isolation, and alias suffixes
- S5: Merge Self-Update into System-Health-Check (update commands, how-it-works,
post-update steps); Self-Update.md becomes a redirect
- S6: Add Migration-Guide.md covering .coi.toml → .coi/config.toml move and
[[mounts]] vs [[mounts.default]] syntax difference
Content:
- C1: Add Best-Practices.md covering session mode selection, network mode
guide, monitoring recommendations, long-running tasks, team workflows,
AI-generated code handling, and storage cleanup
- C2: Expand Snapshot-Management.md with context opener (stateless vs stateful
tradeoffs, restore requirement) and Best Practices section
- C3: Add Troubleshooting section to Image-Management.md (image not found,
build failures, wrong image applied, stale image after update) and
Best Practices section
- C4: Document coi run in Container-Operations.md with use cases, flags,
and differences from coi shell
- C5: Add JSONL field schema tables to Security-Monitoring.md (common fields,
type-specific fields, NFT-specific fields)
Formatting:
- F5: Add Best Practices sections to Network-Isolation, Profiles,
Image-Management, and Snapshot-Management
Navigation:
- Home.md updated with Best-Practices and Migration-Guide in nav