Add a setup helper to enable tailscale inside jails when FEATURE_TAILSCALE
and an auth key are present, prefetch tailscale packages, and document
the installer shortcut.
---
Build: FAIL — not run
Tests: FAIL — not run
Add the tmux-screenshot skill with full capture pipeline (TXT/JSON/PNG),
signature-based auto-triage, and secrets detection. Fix argparse crash
caused by unescaped %3 in --pane help text (Python 3.12 compat).
Include ISO build logs from 2026-03-30 and interactive screenshot viewer
with lightbox, date filtering, and sort controls. Add two initial capture
sets (8c358e1a, e71e3f24) to the gallery.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: FAIL
Add full 6-language support (SL | EN | DE | HR | BA | SR) across both sites:
Clawdie:
• Root nav: 6-language switcher with flag + code labels
• New language pages: SL, DE, HR, BA, SR (1259 lines each)
• EN redirect to root (prevents /en/ 404)
• Full content translations (headings, body, CTA, footer)
• FreeBSD references standardized to "FreeBSD sistem/system"
OSA:
• Nav updates on all 5 existing pages (reordered SL|EN|DE|HR|BA|SR)
• New German landing page (978 lines, full translation from EN)
• Language structure now consistent with Clawdie
• Fixed BA translation: "Minimalna potrošnja materijala za maksimalnu čvrstoću"
• German page links to clawdie.si/de/
Notes:
• Technical strings kept in English (PostgreSQL, FreeBSD, API, etc)
• SR uses Cyrillic for body prose, Latin for technical terms
• All navs include class="active" on current language link
• Mobile-optimized (6 lang items at 0.65rem width)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
Build: pass | Tests: FAIL — Tests 1 failed | 488 passed | 10 skipped (499)
NanoClaw URL corrected to github.com/qwibitai/nanoclaw across all files:
src/upstream/git.ts (DEFAULT_REMOTE_URL), setup/upstream.ts (comment),
both license pages, both nanoclaw-upstream guides (hrefs + code blocks),
and README.md.
Discord server link removed from README header nav and Community section
replaced with Codeberg issue tracker and hello@clawdie.si contact.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: pass — Tests 414 passed | 10 skipped (424)
Hero paragraph: add explicit sentence that LLM inference needs an API
key or local Ollama — you own the provider relationship. Clawdie itself
has no platform subscription, but inference is not free by default.
Comparison: "Most processing local — minimal cloud dependency" was vague.
Replaced with "Bring your own API key — or run Ollama with zero cloud
dependency" which is accurate and frames flexibility as a feature.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: pass — Tests 414 passed | 10 skipped (424)
README Current Release updated to v0.8.0 Warden, simplified to version
line + changelog link so the pre-commit hook only needs to patch one line.
.githooks/pre-commit: reads version from package.json and patches README
on every commit. Run `npm run install-hooks` once per clone to activate.
Main site: "No subscription" → "No platform subscription" — accurate,
since real workflows require LLM API keys (provider cost, not ours).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Restructure section around the two distinct threat classes:
in-session manipulation (LLM-level problem) vs host/OS breakout (jail-level problem)
— conflating these leads to false confidence in either direction
- Add critical FreeBSD-specific warning: Chromium's internal sandbox is disabled on
FreeBSD (seccomp/user-namespaces unavailable), making the jail the ONLY OS-level
process boundary — hardens the case for proper jail configuration
- Add Greshake et al. 2023 (arXiv:2302.12173) foundational paper reference and the
"blur between data and instructions" insight; mention 22 documented delivery techniques
(Palo Alto Unit 42, Dec 2025)
- Add direct link to Anthropic's prompt injection defenses research page; add honest
framing of the 1% figure (milestone, not solved)
- Add BrowseSafe (arXiv:2511.20597) — pre-ingestion HTML classifier, F1 0.904
- Add concrete hardening checklist: jail flags, PF egress, CDP session isolation,
lethal trifecta test, pre-ingestion classification, system prompt trust framing
- Update instruction hierarchy to include full trust levels (0/10/20/30)
- Expand CaMeL explanation with the Privileged/Unprivileged LLM split and capability
metadata mechanism (information flow control)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: pass — Tests 414 passed | 10 skipped (424)
install.html:
- Host baseline command includes Wayland (seatd/weston/cage/wayvnc/waypipe/xwayland)
and bhyve (vm-bhyve/grub2-bhyve/uefi-edk2-bhyve) packages with inline explanations
- Orchestrator step table updated to 20-step layout matching current install.ts
(management, ollama, browser-vm, debian-vm, windows-vm — no feature flags)
- IP table: remove FEATURE_OLLAMA reference; clarify .7/.8 are for human operator
sessions, not agent automation (cage in worker jails handles that)
- Sidebar: add direct links to architecture sub-sections
index.html (How It Works):
- New "Jails, Not Docker" section: IPC via nullfs-mounted Unix socket explained,
comparison table covering IPC, overhead, install/upgrade, security model,
filesystem sharing, pkg caching, Linux workloads
- New "Wayland-First Display" section: cage pattern for worker jails, comparison
table cage vs bhyve, why Wayland over X11 (isolation by default vs X11 free-for-all)
- New "Prompt Injection and Web Browsing" section: indirect prompt injection explained,
lethal trifecta (Willison), blast radius table (what jails contain vs what they don't),
instruction hierarchy (OpenAI 2024), CaMeL (DeepMind 2025 arXiv:2503.18813),
honest assessment: OS isolation + ephemeral workers + hostd whitelist contain damage;
LLM-level defense is the other half and remains ongoing work
- Quick reference table: Browser row updated to cage+Chromium; VM row added
- Sidebar: add direct links to new architecture sub-sections
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: pass — Tests 414 passed | 10 skipped (424)
Delete docs/monitoring.html and docs/security.html — maintain docs/*.md as
the single source of truth. Sidebar links in all 12 HTML files now point
directly to MONITORING.md and SECURITY.md on Codeberg (open in new tab).
No more HTML/markdown sync required for these reference docs.
---
Build: PASS | Tests: PASS
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
Build: pass | Tests: pass — Tests 414 passed | 10 skipped (424)