docs: switch primary remote to Forgejo, add machine-user permissions (Sam & Hermes)
Some checks are pending
Update token count / update-tokens (push) Waiting to run
Some checks are pending
Update token count / update-tokens (push) Waiting to run
---
This commit is contained in:
parent
169bee2576
commit
9f155d4141
1 changed files with 28 additions and 8 deletions
36
AGENTS.md
36
AGENTS.md
|
|
@ -510,8 +510,10 @@ When setup flow, runtime architecture, supported channels, or public URLs change
|
|||
3. update any claims in `html/clawdie/index.html`
|
||||
4. redirect legacy duplicated pages instead of maintaining two divergent copies
|
||||
|
||||
## Codeberg Remotes
|
||||
## Git Remotes
|
||||
|
||||
- **Primary:** `code.smilepowered.org` (self-hosted Forgejo, port 2222 SSH). Source of truth.
|
||||
- **Mirror:** `codeberg.org/Clawdie` — public read-only mirror. Do not push to it directly.
|
||||
- The pi monorepo lives at `https://codeberg.org/Clawdie/pi.git`; do not push to the upstream GitHub remote.
|
||||
- For git jail mirrors, keep `REMOTE_GIT_URL` for the primary repo and add extras via `GIT_MIRROR_URLS` (comma-separated).
|
||||
|
||||
|
|
@ -992,15 +994,33 @@ The control plane now pivots to a terminal-first harness (extensions + safety).
|
|||
|
||||
---
|
||||
|
||||
## Cross-Repo Coordination
|
||||
## Forgejo (Primary Git Remote)
|
||||
|
||||
Clawdie spans three repos. Changes often require coordinated updates.
|
||||
Primary remote: `code.smilepowered.org` (self-hosted Forgejo, port 2222 SSH).
|
||||
Codeberg is the public mirror; Forgejo is the source of truth for all agents.
|
||||
|
||||
| Repo | Purpose | Remote |
|
||||
| ------------- | ---------------------------------------- | ------------------------------------------ |
|
||||
| `Clawdie-AI` | Agent runtime, control plane, channels | `git@codeberg.org:Clawdie/Clawdie-AI.git` |
|
||||
| `clawdie-iso` | ISO builder, firstboot wizard, installer | `git@codeberg.org:Clawdie/Clawdie-ISO.git` |
|
||||
| `Colibri` | Cross-platform Rust control plane core | `git@codeberg.org:Clawdie/Colibri.git` |
|
||||
| Repo | Purpose | Forgejo Remote |
|
||||
| ------------- | ---------------------------------------- | ----------------------------------------------------- |
|
||||
| `Clawdie-AI` | Agent runtime, control plane, channels | `git@code.smilepowered.org:clawdie/clawdie-ai.git` |
|
||||
| `clawdie-iso` | ISO builder, firstboot wizard, installer | `git@code.smilepowered.org:clawdie/clawdie-iso.git` |
|
||||
| `Colibri` | Cross-platform Rust control plane core | `git@code.smilepowered.org:clawdie/colibri.git` |
|
||||
|
||||
### Machine-User Permissions
|
||||
|
||||
Each agent host has its own Forgejo user + SSH key. No shared credentials.
|
||||
|
||||
| User | Host | Agent | Permissions |
|
||||
| ---------------- | ------ | ------ | ---------------------------------------------------------- |
|
||||
| `hermes-debby` | debby | Hermes | **write** on clawdie-ai, clawdie-iso, colibri |
|
||||
| `claude-domedog` | domedog| Claude | **write** on clawdie-ai, clawdie-iso, colibri |
|
||||
| `codex-osa` | osa | Codex | **read** on all three (initially); write on colibri + iso later for FreeBSD validation results |
|
||||
|
||||
- **SSH keys**: one per machine user, registered on Forgejo. Never copy private keys.
|
||||
- **Tokens**: scoped `write:repository` only. No admin/user/org scope on day-to-day tokens.
|
||||
- **Bootstrap token**: admin-scoped, used only for initial setup, deleted after.
|
||||
- **Email**: all machine users use `hello@clawdie.si` for now. Switch to per-agent aliases if email notifications become needed.
|
||||
- **Branch protection** (future): `main` requires PR + passing status check.
|
||||
- **Webhooks** (future): push events → FreeBSD validation on osa.
|
||||
|
||||
### When Changes Span Repos
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue