Commit graph

173 commits

Author SHA1 Message Date
c19e08758b Refactor harness extension safety model and add runner tests
---
Build: pass | Tests: pass — Tests  873 passed (873)
2026-04-11 14:47:18 +00:00
a3e0d8cef3 docs: update SQLite references to PostgreSQL ops database (Sam & Claude)
Split-brain architecture now spans three PostgreSQL databases:
skills (read-only), memory (dynamic), and ops (operational state).
SQLite is fully removed from the runtime.

Updated: README, public docs site, install guide, internal docs,
agent memory, skill files, backup/restore procedure, debug checklist,
and 6 marketing page translations.

---
Build: pass | Tests: not run (Linux)
2026-04-11 14:56:24 +02:00
99affee94c Pivot control plane docs to agentic harness
---

Build: not run | Tests: not run

---
Build: pass | Tests: pass — Tests  861 passed (861)
2026-04-11 09:21:55 +00:00
f14f8556ff refactor(controlplane): rename subagent ids 2026-04-08 19:32:10 +00:00
f1a6ba7815 feat(install): rename install-all + add controlplane step 2026-04-08 19:22:46 +00:00
e315bf36eb docs: update architecture docs for Better Auth + 0.0.0.0 bind (Sam & Claude) 2026-04-08 20:56:46 +02:00
3292aafb88 docs: archive legacy spec.md (macOS/Docker/NanoClaw references)
Moved docs/public/architecture/spec.md to .archive/spec-legacy.md.
650-line spec referenced macOS, Docker, launchd, NanoClaw — all retired.
Added legacy banner. Removed from architecture index (Sam & Claude)
2026-04-08 13:13:14 +02:00
5a81441cef docs: fix multi-agent subnet defaults to match codebase (10.0.0 first agent)
Default AGENT_SUBNET_BASE is 10.0.0 in src/config.ts, second agent
example updated to 10.0.1 instead of 10.0.2 (Sam & Claude)
2026-04-08 12:38:39 +02:00
6cfccd4efb docs: finish ceo→orchestrator / Paperclip→Control Plane rename sweep
Catches the doc tail of commit 061a25f. Renames in CONTROLPLANE-*.md,
MULTI-PROVIDER-ARCHITECTURE, SYSADMIN/DBA/GIT_ADMIN identity files,
and the public controlplane page. Adds CHANGELOG entry.

Remaining NAMING-HANDOFF items (CLAWDIE.md creation, wiring
resolveIdentityFile) tracked for Pass B.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: FAIL — Tests  1 failed | 846 passed (847)
2026-04-08 09:45:49 +00:00
0b6b3ddaf3 chore: remove stale domedog hostname refs, replace xfce with Lumina
- domedog (server hostname) → osa throughout docs and skills
- XFCE/Xfce4 → Lumina desktop throughout install docs and staging files
- domedog.pro domain URLs kept (valid external references)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  833 passed (833)

---
Build: pass | Tests: pass — Tests  833 passed (833)
2026-04-07 19:11:11 +00:00
f2aac76343 docs: fix install link, add admin panel page, update roadmap, remove empty translation dirs (Sam & Claude) 2026-04-07 16:54:47 +02:00
e221be0095 Rename agent-executor → controlplane-runner (Sam & ZAI) 2026-04-07 16:34:04 +02:00
b3993090f3 feat: Phase 1 — control plane DB schema + provisioning (30/30 tests green)
src/controlplane-db.ts — PostgreSQL schema + typed queries
  - 6 tables: agents, tasks, agent_activity, agent_budgets, approvals, operators
  - DEFAULT_AGENTS: CEO (80%, on-demand), Sysadmin (10%, daily 86400s),
    DBA (5%, on-demand), Git Admin (5%, on-demand)
  - upsertAgent, getAgents, upsertBudget, getBudget, upsertOperator, getOperator
  - hashPassword (sha256 + salt), verifyPassword, generatePassword (32 chars)
  - copySkills (.agent/skills/ → data/skills/, snapshot not symlinks)
  - countSkillsInDir

setup/controlplane.ts — setup step: npm run setup -- --step controlplane
  - Runs schema migration (idempotent — IF NOT EXISTS)
  - Provisions 4 agents (ON CONFLICT DO UPDATE)
  - Creates operator account (ON CONFLICT DO NOTHING)
  - Writes OPERATOR_PASSWORD to .env
  - Seeds per-agent budgets from CONTROLPLANE_DAILY_TOKENS (default 100000)
  - Copies 15 operational skills to data/skills/

setup/index.ts — registered 'controlplane' step

src/controlplane-setup.test.ts — 30 tests, all passing
  - agent definitions (4 agents, correct roles, all pi-local adapter)
  - heartbeat config (sysadmin daily, others on-demand)
  - budget allocations (80/10/5/5, sum to 100%)
  - operator security (password hashed, salted, never plaintext)
  - skills copy (SKILL.md detection, no symlinks, skip dirs without SKILL.md)
  - idempotency (unique ids and roles in DEFAULT_AGENTS)

docs/public/architecture/controlplane.md — Phase 1 marked 

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  708 passed | 139 todo (847)
2026-04-07 13:36:57 +00:00
1a7348fd2c docs: add Control Plane architecture page
New page at docs/public/architecture/controlplane.md covering:
- What the control plane is (multi-agent orchestration baked into clawdie service)
- Architecture diagram (single service, unified scheduler)
- Default company (CEO + Sysadmin + DBA + Git Admin, budgets, heartbeats)
- Dual-layer decision model (API governance + local operations)
- Skills catalog table (15 operational skills, invoke patterns)
- Implementation progress table (7 phases, all pending)
- Setup instructions

Added to architecture/index.md. Will update progress table as phases land.
Deploy to docs.clawdie.si after Phase 7.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  678 passed | 162 todo (840)
2026-04-07 13:31:35 +00:00
84cc452497 docs: complete Codex's public/internal restructure alignment
Codex restructured docs on 5 Apr (cc37d2c) into public/ and internal/
subdirectories. This commit completes the alignment work by updating all
references across skills, agents, and generated files.

Changes:

Skills Documentation:
- docs-deployment/SKILL.md: Update doc paths (docs/INSTALL.md → docs/public/install/install.md)
- docs-deployment/INTEGRATION.md: Update example paths for new structure
- agent-setup/SKILL.md: Update references
- ansible-freebsd/SKILL.md: Update references

Agents & Conventions:
- AGENTS.md: Add tmux "testing" window guideline for long-running commands
- AGENTS.md: Update doc path references (INSTALL.md → install.md lowercase)
- README-CLAWDIE.md: Update doc paths
- CROWDIN.md: Update structure references

Build System:
- setup/cms.ts: Improve frontmatter generation (skip files with existing h1)
- scripts/memory/embed-docs.py: Adjust for new structure
- docs-deployment/DOCUMENTATION-POLICY.md: Update guidelines

HTML/Web Output:
- html/: Version bumps, link fixes, manifest updated
- Reflect new public/ structure in rendered docs

Validation:
- All skills reference docs correctly
- Install/setup docs now at docs/public/install/
- Docs build and serve correctly (verified 6 Apr)
- 603 tests passing (from Codex's build)

Co-Authored-By: Codex (Agent) <codex@clawdie.si>
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-06 13:22:24 +00:00
3d6f99668b bump: align version to 0.9.0 + add build test report
Version alignment: clawdie-ai 1.0.3 → 0.9.0 (matches clawdie-iso 0.9.0)

Changes:
- package.json: bump version from 1.0.3 to 0.9.0
- Add BUILD-TEST-REPORT-06.APR.2026.md: comprehensive build validation results
  - All 7 stages pass (fetch, metadata, ISO assembly)
  - GPU drivers bundled (nvidia 390/470/590 + AMD + Intel firmware)
  - Privilege escalation: auto-sudo fallback for pkg fetch
  - ISO size: 50 GB (ready for USB deployment)

Test metrics: 13 min build time, 59 packages + deps, zero failures

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-06 12:37:27 +00:00
00e25fa8f9 fix: postgres permissions with DEFAULT PRIVILEGES (Sam & Claude)
- Add permissions.sql with GRANT + ALTER DEFAULT PRIVILEGES
- Add fix-permissions.sh for quick repair on existing databases
- Add POSTGRES-PERMISSIONS.md documentation
- Update setup-db-jail.sh to run permissions.sql after migrations
- Update skills-memory.ts to apply permissions after artifact import

Fixes: permission denied for table memories
2026-04-06 06:48:12 +02:00
514949ebe2 docs: standardize subnet to 10.0.0 + fix stale references
All docs now use 10.0.0.x as the canonical example subnet, matching
the code default in config.ts and shell-env.sh. Previously docs used
a mix of 192.168.100.x (architecture docs) and 10.0.1.x (install docs).

Also:
- Fix dead link to setup-wizard.ts in git-storage.md (now points to
  setup/git.ts and setup/install.ts)
- Update stale nomic-embed-text reference in SKILLS-ARTIFACT-V1-PLAN.md
  to current BAAI/bge-m3 at 1024 dims
- Fix uppercase display text in internal doc cross-references

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-06 02:15:41 +00:00
3b28e9d0de docs: align install steps with default-on jails
Forgejo, skills-memory, and skills-init now ship enabled by default
(FEATURE_GITEA=YES, artifact.sql bundled). Updated the step flow diagram
and required/optional table to distinguish DEFAULT (runs unless operator
opts out) from optional (skipped unless enabled). Added skills-init step
that was missing from docs. Step count now 20.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-06 02:09:01 +00:00
18efa6e691 Fix Starlight build: add frontmatter to all public docs
18 markdown files under docs/public/ were missing YAML frontmatter
(title field). Starlight requires this for content collection schema
validation. Extracted titles from existing # headings.

Build: PASS (cms setup succeeds, site deployed)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-06 01:54:45 +00:00
3ab5d01ba9 Regenerate built-in knowledge: 84 docs, 1853 embeddings
Rewrote embed-builtin-knowledge.py to dynamically discover all project
docs, internal docs, identity files, and skill definitions instead of
using a hardcoded 6-chunk array.  Artifact now covers full corpus via
OpenRouter BAAI/bge-m3 at 1024 dimensions.

Also fixed stale config.ts defaults: EMBED_MODEL from nomic-embed to
BAAI/bge-m3, EMBED_DIMENSIONS from 768 to 1024 (matching the pgvector
schema's vector(1024) column).

Tested: imported into live clawdie_skills DB, FTS search confirmed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-06 01:37:26 +00:00
c9658d6bc9 Rework Starlight docs structure (Sam & Codex)
---

Build: FAIL | Tests: FAIL — not run (deferred)

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-05 16:57:25 +00:00
3d456c9402 Document z.ai env-only key source (Sam & Codex)
---

Build: pass | Tests: pass — 0 passed (0 files)

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-05 08:11:50 +00:00
6ec5ee3bc6 Worker jail naming fix; reset doc update (Sam & Codex)
---

Build: pass | Tests: pass - 603 passed (44 files)

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-05 06:59:51 +00:00
cc37d2c8cf Public/internal docs restructure; CMS/verify cleanup (Sam & Codex)
---

Build: pass | Tests: pass - 603 passed (44 files)

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-05 06:29:19 +00:00
ca32c39a71 Unify CMS webroot + Starlight build fixes (Sam & Codex)
---

Build: FAIL — not run

Tests: FAIL — not run

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-04 20:09:10 +00:00
c875e7770c Document per-agent locale overrides
---
Build: pass | Tests: FAIL — Tests  1 failed | 602 passed (603)
2026-04-04 14:24:44 +00:00
1452da8d75 Enforce UTF-8 locales and expand snapshot coverage
---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-04 14:17:04 +00:00
b0921f4fb4 Normalize domain defaults to home.arpa (Sam & Codex)
---

Build: pass | Tests: pass — 603 passed (44 files)

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-04 09:47:07 +00:00
3f598270a8 chore(install): codex out-of-box + headless login tip (Sam & Codex)
---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-03 10:06:23 +00:00
a13e391f76 docs: align install + multi-agent + hostd naming (Sam & Codex)
- Update install orchestrator docs and host model to match current setup steps

- Add multi-agent guide and clarify warden0/subnet isolation

- Document jail SSH port mapping (2222..2226) and SSH_PUBLIC_KEY

---

Build: pass | Tests: pass — 603 passed (44 files)

---
Build: pass | Tests: pass — Tests  603 passed (603)
2026-04-03 09:38:20 +00:00
2179e23ec9 feat: add local LLM runtime selection
---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-02 15:18:22 +00:00
61ced15c99 chore: drop start-clawdie.sh in favor of run-clawdie
---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-02 10:55:05 +00:00
e0dd328990 fix: correct preflight summary path and hardcoded session name
- Evidence script and checklist looked in logs/preflight-* but preflight
  writes to tmp/preflight/ — fixed both to match actual output path
- Checklist referenced npm run preflight (missing) — corrected to
  preflight-check
- preflight.ts screenshot capture had hardcoded 'clawdie' session —
  now uses AGENT_NAME

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-02 06:12:26 +00:00
4795f95677 Add guest safety checks before editing .env (Sam & Codex)
---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-02 06:05:35 +00:00
8f14ce0573 chore: replace legacy klavdija refs with agent-agnostic names, fix checklist to use Bastille
Replaces hardcoded "klavdija" with ${AGENT_NAME} or generic phrasing across
docs, scripts, and identity files. Fixes fresh-install checklist: jls → bastille
list, parameterized log paths, Bastille-based service checks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-01 21:59:13 +00:00
013f5fb40d docs: add fresh-install checklist with timing, IPC, and screenshot checks (Sam & Claude)
10-section verification checklist for new installations covering:
timing milestones, jail status, .env correctness, watchdog IPC,
database, LLM provider, Telegram, Lumina, network/PF, ZFS health,
and screenshot smoke test. Includes all log paths and preflight
integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-01 21:13:36 +00:00
6ce4b41e33 Drop root in run-clawdie launcher (Sam & Codex)
---
Build: pass | Tests: pass — Tests  605 passed (605)
2026-04-01 19:57:48 +00:00
a24e5a6757 Add attribution policy and dbus note (C&C)
---
Build: pass | Tests: FAIL
2026-04-01 19:30:40 +00:00
0bcb8efc64 Use project temp dir for watchdog IPC and TMPDIR
---
Build: pass | Tests: FAIL
2026-04-01 18:56:17 +00:00
ef19f3078e Document FreeBSD Codex recovery status
---
Build: pass | Tests: FAIL
2026-04-01 18:56:03 +00:00
4ee57c50f1 docs: pi skills integration guide for Phase 1-3 implementation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  600 passed (600)
2026-03-30 22:30:04 +00:00
5fdc5fc7b6 docs: fix LOCAL-LLM and HEARTBEAT to reflect actual running state
LOCAL-LLM.md was wrong about a two-instance setup. Reality:
- One instance: Phi-4-mini chat on :8081 (llama_chat rc.d service)
- Embeddings: OpenRouter BAAI/bge-m3 — not local
- llama_server (bge-m3 :8080) disabled; bge-m3 model downloaded but inactive
- GLM 5.1 via z.ai/pi remains the main agent LLM
- Updated IP 192.168.100.5 → 10.0.1.5, jail name → llamacpp

HEARTBEAT.md: removed :8080 embed health check, updated jail names,
updated model name to microsoft_Phi-4-mini-instruct.

.gitignore: narrowed HEARTBEAT.md → /HEARTBEAT.md so docs/HEARTBEAT.md
(design doc) is tracked; root HEARTBEAT.md (live state) stays ignored.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  600 passed (600)
2026-03-30 20:45:52 +00:00
1cf3c61443 docs: add CONTROLPLANE-INSTALL guide + generated run-clawdie.sh
Full step-by-step guide for setting up the agent controlplane jail from
scratch, written from a live reinstall session. Documents all snags hit
(bastille interface config, npm prefix, pi install path, nullfs thin-jail
path, ZFS mountpoint update, destroy order). Includes a snag summary table
for quick agent reference.

Also commits the run-clawdie.sh wrapper generated by `--step service`, and
the trimmed run-klavdija.sh (tmux logic moved into the newer script).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  431 passed (431)
2026-03-30 04:50:46 +00:00
eb85bff262 docs: sync embedding dimensions to 1024 (bge-m3)
- POSTGRES-HYBRID-MEMORY.md: update from OpenAI text-embedding-3-large
  (1536 dims) to bge-m3 (1024 dims) with OpenRouter fallback
- builtin-knowledge-base.sql: change vector(1536) to vector(1024)

---
Build: skip (FreeBSD-only) | Tests: skip (FreeBSD-only)
2026-03-29 22:37:44 +02:00
f637389088 infra: agent-prefix controlplane jail, keep shared services un-prefixed
- setup-controlplane-jail.sh: JAIL=${AGENT_NAME}-controlplane (was hardcoded)
- setup-llamacpp-jail.sh: JAIL=llamacpp — shared service, no agent prefix
- destroy-jails.sh: reads AGENT_NAME from .env, targets prefixed jail names
- heartbeat.sh: checks prefixed name first, falls back to un-prefixed

Architecture decision: llamacpp/db/cms are shared services (one instance,
all agents). Only controlplane is per-agent. Heartbeat handles both naming
conventions during the live migration window.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  431 passed (431)
2026-03-29 08:28:41 +00:00
05a79a0bd9 fix: thin jail home mount must target usr/home not home (symlink)
Bastille thin jails symlink /home -> usr/home. fstab entries pointing at
/root/home cause jail start failure: "mount.fstab: symbolic link".
Mount target must be the real path: ${JAIL_ROOT}/usr/home/<agent>.

Discovered during post-reboot controlplane jail startup.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  431 passed (431)
2026-03-28 22:42:49 +00:00
b489e21c92 docs: add jail provisioning scripts from live migration learnings
Lessons captured from the 192.168.100.x → 10.0.1.x subnet migration:

- setup-db-jail.sh: add allow.sysvipc=1 (required for PostgreSQL shmget),
  set postgresql_data in rc.conf, note postgres uid=770 in pkgbase jails
- setup-controlplane-jail.sh: new — node24, nullfs /home/<agent> mount,
  npm-global auto-mounts via ZFS mountpoint (no fstab entry), rc.d service
- setup-llamacpp-jail.sh: new — llama-cpp pkg, ro models mount, creates
  llama_chat rc.d (not shipped with pkg, needed for second instance :8081)
- setup-cms-jail.sh: new — nginx + node24, Strapi deferred

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  431 passed (431)
2026-03-28 22:27:41 +00:00
8965baa337 feat: Phi-4-mini-instruct chat model live on :8081
- Download correct URL from bartowski/microsoft_Phi-4-mini-instruct-GGUF
- Fix: models mount is nullfs read-only in jail — download to host path
  /var/db/llm-models/ instead of from inside the jail
- llama-chat rc.d service configured and running in llamacpp jail
- .env: CHAT_BASE_URL, CHAT_MODEL, HEARTBEAT_LLM_URL vars added
- docs/LOCAL-LLM.md: correct host path, rc.d sysrc commands

heartbeat.sh now gets LLM interpretation — chat :8081 ✓

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  431 passed (431)
2026-03-28 11:03:35 +00:00
49ae80512d feat: heartbeat agent + local LLM path; docs consistency pass
Heartbeat:
- scripts/heartbeat.sh — cron-ready health monitor; checks jails,
  PostgreSQL, llama-server instances; writes HEARTBEAT.md; optional
  Telegram alert on WARN/CRIT; LLM interpretation via local :8081
- docs/HEARTBEAT.md — architecture, schedule, escalation model,
  memory integration, LLM model path by RAM tier
- HEARTBEAT.md added to .gitignore (runtime-generated, changes every 30 min)

Local LLM:
- docs/LOCAL-LLM.md — two-instance llama-server design (:8080 embed,
  :8081 chat); model choices for 12/32/64 GB; setup instructions;
  upgrade path from dolphin3.0-phi4-mini → Qwen3-14B with no schema change
- docs/REFACTOR-PLAN.md — replace stale z.ai recharge note with local
  llama-cpp direction; add action item to migrate pi to :8081

Docs consistency pass:
- Replace 10.0.0.x → 192.168.100.x in 8 docs files
- Replace jexec → bastille cmd in FREEBSD-JAIL-IMPLEMENTATION.md,
  HOST-OPERATOR-MODEL.md, SECURITY.md
- Fix /home/clawdija/ path typo in WARDEN.md, HOST-OPERATOR-MODEL.md,
  SECURITY.md
- Fix AGENT_SUBNET_BASE default in HOST-OPERATOR-MODEL.md
- Fix CMS PF redirect IP bug in CMS-DEPLOYMENT-PLAN.md (.5 → .4)
- Clarify git jail has no fixed IP slot in GIT-STORAGE.md
- Fix user-facing dates to DD.mmm.YYYY in REFACTOR-PLAN.md,
  DEBUG_CHECKLIST.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---
Build: pass | Tests: pass — Tests  431 passed (431)
2026-03-28 10:43:22 +00:00