Docs: add jail extension mount handoff for next agent
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
0f7fbc400c
commit
263ae89404
1 changed files with 56 additions and 0 deletions
56
doc/HANDOFF-JAIL-EXTENSIONS.md
Normal file
56
doc/HANDOFF-JAIL-EXTENSIONS.md
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
# Handoff: Fix Pi Extension Loading in Jails
|
||||
|
||||
**Date:** 2026-04-18
|
||||
**From:** Claude Opus session
|
||||
**Priority:** High — blocks reliable jail task execution
|
||||
|
||||
## Problem
|
||||
|
||||
When agents run inside Bastille jails (mevy_db_worker, mevy_git_worker, mevy_ctrl_worker), the pi extension at `/opt/pi-extensions/clawdie-harness/index.ts` fails to load:
|
||||
|
||||
```
|
||||
Error: Cannot find module '../../../src/hostd/client.js'
|
||||
Require stack:
|
||||
- /opt/pi-extensions/clawdie-harness/hostd-bridge.ts
|
||||
```
|
||||
|
||||
## What Was Fixed
|
||||
|
||||
The **code** is already fixed. `.pi/extensions/clawdie-harness/hostd-bridge.ts` was rewritten to be self-contained — uses `node:fs` + `node:net` directly to talk to the hostd Unix socket. No more `../../../src/hostd/client.js` import. The git-admin worktree was also synced to match.
|
||||
|
||||
## What Remains
|
||||
|
||||
The **nullfs mount** that exposes `.pi/extensions` → `/opt/pi-extensions` inside jails is not configured. The fstab entries for the jails need to be checked/created.
|
||||
|
||||
### Steps
|
||||
|
||||
1. Check jail fstab files at `/usr/local/bastille/jails/mevy_db_worker/fstab` (and git_worker, ctrl_worker)
|
||||
2. Add nullfs mount if missing:
|
||||
```
|
||||
/home/mevy/mevy-ai/.pi/extensions /usr/local/bastille/jails/mevy_db_worker/root/opt/pi-extensions nullfs ro 0 0
|
||||
```
|
||||
3. Create `/opt/pi-extensions` inside each jail root if it doesn't exist
|
||||
4. Restart jails or mount manually: `mount -F /usr/local/bastille/jails/mevy_db_worker/fstab -a`
|
||||
5. Verify: `bastille cmd mevy_db_worker ls /opt/pi-extensions/clawdie-harness/`
|
||||
6. Test: create a db_admin_agent task and confirm the extension loads without error
|
||||
|
||||
### Mount config reference
|
||||
|
||||
`infra/jails.yaml` defines `PI_EXTENSIONS_DIR:/opt/pi-extensions:ro` for all worker jails. `setup/agent-jails.ts:390` resolves `PI_EXTENSIONS_DIR` → `PROJECT_ROOT/.pi/extensions`. The setup script may need to be re-run, or mounts added manually.
|
||||
|
||||
### Socket access in jails
|
||||
|
||||
The hostd-bridge detects the socket path from env vars or defaults:
|
||||
- `HOSTD_SOCKET` or `MEVY_HOSTD_SOCKET` env var
|
||||
- `/var/run/mevy-hostd.sock`
|
||||
- `/var/run/clawdie-hostd.sock`
|
||||
|
||||
The hostd socket also needs to be accessible inside jails (nullfs mount or shared path). Verify the socket is reachable from inside the jail after mounting.
|
||||
|
||||
## Context
|
||||
|
||||
- 3 running jails: mevy_db_worker (10.0.1.211), mevy_git_worker (10.0.1.212), mevy_ctrl_worker (10.0.1.213)
|
||||
- Controlplane uses mevy_brain DB pool (not mevy_ops)
|
||||
- 5 agents: mevy (orchestrator 80%), sysadmin_agent (10%), db_admin_agent (5%), git_admin_agent (5%), coordinator (0%)
|
||||
- Task execution on host works end-to-end (validated this session)
|
||||
- Legacy agent IDs fully removed in commit `0f7fbc4`
|
||||
Loading…
Add table
Reference in a new issue