clawdie-ai/CHANGELOG.md

Changelog

All notable changes to Clawdie Controlplane will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Changed

• Harness migration: Codex → Aider+Pi. src/controlplane-runner.ts (formerly controlplane-codex-runner.ts) now invokes Aider as the primary controlplane harness. CONTROLPLANE_RUNNER config: 'aider' | 'pi' (was 'codex'). Aider runner built with --message flag (one-shot prompt), no JSON streaming. Env vars renamed: CONTROLPLANE_AIDER_* (was CONTROLPLANE_CODEX_*). Aider+Pi provide superior multi-turn reasoning and are available in both dev (pip install aider-chat) and ISO (venv at /opt/clawdie/venv/aider). Codex, Claude Code, and other CLIs remain installed as optional tools.
• setup/agent-cli-check.ts: Aider and Pi now listed first in CLI detection order (primary harness preference).
• Ops database now provisioned in setup pipeline (setup/secrets.ts + setup/db.ts with role/database/grants). Split-brain databases now: skills, memory, ops.
• justfile — All npm package commands now prefixed with npx: tsc, tsx, prettier, vitest. Fixes FreeBSD PATH issues where npm packages are not globally installed.
• src/controlplane-aider-runner.ts stream handling: Added guard to prevent race-condition writes after stream end; waits for finish event before resolving promise.

Added

• src/controlplane-aider-runner.ts — Aider task execution with prompt building (identity + skill + user), argument passing, timeout handling, log streaming, token estimation.
• src/controlplane-aider-runner.test.ts — 13 tests covering prompt sections, flags, success/error paths, timeout, env passthrough, token math.
• scripts/glass.sh updated: right pane now launches aider instead of shell.
• Better Auth integration for dashboard authentication (better-auth@^1.6.0). Two modes: local_trusted (no login required on internal network) and authenticated (email+password sessions for public exposure). src/auth.ts creates a Better Auth instance tied to the existing pg Pool, using custom table names (cp_users, cp_sessions, cp_accounts, cp_verifications) to avoid collisions.
• CONTROLPLANE_BIND_HOST config — defaults to 0.0.0.0 (was hardcoded 127.0.0.1). Dashboard and API accessible from any jail on the subnet.
• CONTROLPLANE_AUTH_MODE config — local_trusted (default) or authenticated.
• BETTER_AUTH_SECRET config — required when authenticated mode is active.
• /api/auth/* routes — Better Auth handler mounted in control plane API for sign-in, sign-up, session management.
• /dashboard static file serving — built React SPA served from dashboard/dist/ with SPA fallback to index.html.
• ControlplaneApiOptions — startControlplaneApi now accepts a structured options object ({ pool, authInstance, dashboardDir? }) instead of a bare Pool.
• Agent bearer token auth (op: scheme) preserved alongside Better Auth sessions — agents continue to authenticate via Authorization: Bearer header.

Changed

• controlplane-api.ts bind address changed from 127.0.0.1 to 0.0.0.0 by default. Override with CONTROLPLANE_BIND_HOST in .env.
• startControlplaneApi(pool, port) signature changed to startControlplaneApi(opts, port) — requires ControlplaneApiOptions with auth instance.

Added (rename completion)

• CLAWDIE.md — primary orchestrator identity file (seeded from SOUL.md). resolveIdentityFile() looks for ${AGENT_NAME.toUpperCase()}.md first, then falls back to SOUL.md.
• buildControlplaneRunCommand now requires agentName and routes through resolveIdentityFile() instead of hard-coding SOUL.md. Heartbeat caller and tests updated. Removed stale require('fs') from ESM module.
• doc/NAMING-HANDOFF.md deleted — all checklist items complete (vitest 847/847 green).

Renamed

• Control plane terminology sweep across docs: CEO/'ceo' → orchestrator, company → system, Paperclip → Control Plane, board → operator. Affects SYSADMIN_AGENT.md, DB_ADMIN_AGENT.md, GIT_ADMIN_AGENT.md, doc/CONTROLPLANE-*.md, doc/MULTI-PROVIDER-ARCHITECTURE.md, docs/public/architecture/controlplane.md. Code rename landed earlier in 061a25f; this catches the doc tail. (doc/NAMING-HANDOFF.md remaining items: CLAWDIE.md creation + wiring resolveIdentityFile() — tracked for follow-up.)

Added

• setup/agent-cli-check.ts — fail-fast gate at the top of setup onboard requiring at least one of claude, codex, gemini, pi on PATH (mirrors Paperclip's per-adapter ensureCommandResolvable pattern as a single check)
• setup/environment.ts now surfaces CLAUDE/GEMINI/PI alongside the existing CODEX key in setup verify
• doc/AGENT-CLI-VALIDATION.md — end-to-end validation report for all four agent CLIs in a freshly-provisioned clawdieworker jail (claude 2.1.96, gemini 0.36.0, pi 0.65.2, codex 0.117.0)
• clawdie-iso/scripts/fetch-npm-globals.sh + clawdie-iso/firstboot/shell-npm-globals.sh — offline npm-globals bundle for claude/gemini/pi installed under ~/.npm-global during firstboot
• setup/jails.ts chsh hook — sets the worker jail's root login shell to /usr/local/bin/bash so bastille cmd heredocs and bash-isms work in provisioning scripts
• infra/packages/worker-jail.txt — adds bash, node24, npm-node24, git to the baseline worker-jail package list

Docs

• README.md, CLAWDIE-ISO.md, AGENTS.md synced to mention the agent-CLI prereq gate and the npm-globals bundle path
• AGENTS.md + nginx/freebsd-admin skills updated with controlplane dashboard build notes (Paperclip UI) and Tailscale proxy/PF pointers

Added (operator observability + provider fallback, apr.2026)

• Provider fallback layer (src/provider-fallback.ts) — automatically swaps the configured LLM provider for an operator-defined fallback when the primary hits a usage cap. Detects 429 Usage limit reached from pi stderr/stdout, parses Your limit will reset at YYYY-MM-DD HH:MM:SS, and marks a cooldown until the reset timestamp passes. Cooldowns are in-memory plus persisted to $CLAWDIE_VAR_DIR/provider-cooldowns.json (default $HOME/.clawdie/state/) so a restart inside the cap window does not re-trip the cap. Wired into agent-runner.ts (main chat) and controlplane-heartbeat.ts (specialists). Per-chat overrides (group.jailConfig.provider) are unchanged — only the spawn-time effective values are swapped while the cooldown is live.
• LLM_FALLBACK_PROVIDER, LLM_FALLBACK_MODEL, LLM_FALLBACK_DEFAULT_COOLDOWN_SECONDS config — operator picks the fallback (e.g. openrouter + a free-tier model). Default cooldown (3600s) is used only when the cap message has no parseable reset stamp.
• getLlmKeyForProvider(provider) (src/env.ts) — provider-aware secret resolution so the right API key is injected when fallback swaps providers; falls back to first-available when the requested key is absent.
• Startup validation: when LLM_FALLBACK_PROVIDER is set, the matching API key is now in the criticalConfig warn list. Warns separately when LLM_FALLBACK_PROVIDER is set without LLM_FALLBACK_MODEL.
• /clearcooldown admin command (ops-chat-gated) — lists active cooldowns when called without args; takes <provider> or all. Persists immediately so cleared state survives restart.
• /policy now shows a Provider cooldown: <provider> until <iso> → fallback <provider/model> line for each active cooldown.
• Activity payload now records effective_provider / effective_model next to actual_* so for any run you can read configured vs effective vs actual.
• Structured operator reports family with consistent Observed / Interpretation / Operator Notes sections — src/reports/{system,disk,tasks,budget,publish,test}-report.ts. Each report is a pure builder + renderer fed by raw inputs (DB rows, command output, JSON status files), tested independently of the wiring layer.
• /report, /disk, /tasks, /budgetreport, /publishreport, /testreport Telegram commands — the structured-report surfaces.
• Test/build status pipeline — scripts/write-test-build-status.sh runs the project's npm run build and npx vitest run --reporter=json --outputFile=..., then writes build-status.json and test-status.json to the status directory: $AGENT_STATUS_DIR (primary) → $CLAWDIE_VAR_DIR (legacy) → <project-root>/tmp/status (default). /testreport reads these files; missing or stale (>6h) files degrade to unknown with an action note rather than fabricating success. Pre-commit/post-commit hooks append the latest status to commit messages so reviewers see what was passing at commit time.
• Free-text ops routing (src/report-intent.ts) — bot-addressed phrasings like "disk usage", "are the tests passing", "what tasks do we have", "budget report" are classified by classifyReportIntent() and routed to the matching structured builder instead of the LLM path. Keeps memory/narrative recall from overriding a fresh probe.
• isOpsFlavored() — broader pattern matcher used to suppress stale memory injection on ops-flavored prompts so the LLM answers from live tools rather than narrative recall.
• Specialist capability gate (src/agent-capabilities.ts) — pre-flight check that compares the requested skill (and task description) against the assigned jail's installed tools, refusing the run with a clear reason when the agent cannot perform it.
• Telegram bot now publishes a proper command menu via setMyCommands with separate command lists for private chats vs the ops chat (src/channels/telegram.ts).
• AGENTS.md § "Verify Before Claiming Remote State" — convention requiring git fetch before reporting on any remote ref. Born from a real two-agent confusion on 26.apr where stale origin/multitenant refs in two worktrees produced contradictory "no new remote work" claims.

Changed (operator observability)

• Many Telegram commands moved from requireRegistered(ctx) gate to direct chat resolution; per-handler requireAdmin / requireOpsChat still enforce auth. Effect: admins can run read-only ops commands from any chat without registering it first.
• /status ZFS section caps at 8 lines with a "… N more dataset(s) hidden" footer.
• parseBastilleList consolidated to use the shared bastille-list.ts parser. summarizeZfsRows extracted as a pure exportable helper.

Fixed (operator observability)

• /report controlplane probe: when CONTROLPLANE_BIND_HOST=0.0.0.0, getControlplaneProbeHost() now derives a reachable host from BETTER_AUTH_URL instead of probing the wildcard address. Previously the report would say "controlplane unreachable" even when controlplane was healthy.
• Test artifacts now write to repo-local tmp/ instead of system /tmp (per AGENTS.md § "Temporary File Storage").

[0.10.0] - 2026-04-07

Paperclip Control Plane Integration

Major architectural addition: Paperclip as multi-agent orchestration layer for Clawdie.

Added

• doc/PAPERCLIP-INTEGRATION.md — Full architecture, security model, deployment guide, operations, and troubleshooting for Paperclip control plane
• doc/PAPERCLIP-COMPANY-STRUCTURE.md — Default organization chart (CEO + Sysadmin + DBA + Git Admin), role definitions, skills mapping, decision logic, approval workflows
• setup/paperclip.ts — Jail provisioning for Paperclip at 10.0.0.2, company auto-provisioning, skills mounting
• Identity files: SYSADMIN_AGENT.md, DB_ADMIN_AGENT.md, GIT_ADMIN_AGENT.md — Agent role instructions with skill-aware decision logic (alongside existing SOUL.md)
• Operational skills: jail-status, backup-db, disk-usage, service-restart, system-stats, db-migrate, db-vacuum, db-analyze, git-pull, git-merge, git-release-tag, git-branch-protect, git-push-mirror
• All 33 skills in .agent/skills/ updated with compatibility: FreeBSD 15.x marker in SKILL.md frontmatter
• PostgreSQL integration — Paperclip connects to existing PostgreSQL jail at 10.0.0.3, shares database instance with Clawdie
• Skills mounting — .agent/skills/ mounted read-only into Paperclip jail via nullfs for agent discovery

Changed

• .agent/skills/*/SKILL.md — All skill files now include platform compatibility marker (e.g., compatibility: FreeBSD 15.x)

Notes

• Paperclip is separate repository; fork available at https://codeberg.org/Clawdie/Paperclip
• v0.10.0 targets testing phase; v1.0.0 will follow after USB installer validation + end-to-end multi-agent testing
• Security model: authenticated mode (login required), board user approvals, agent API keys, encrypted secrets
• Agent heartbeat policy: CEO and specialists wake on-demand only (cost-conscious); Sysadmin has daily check-in
• Token budget model: daily allocations, hard-stops at company + per-agent limits
• Future: Option B (v0.11.0+) — Bastille wrapper adapters for per-task jail isolation

[1.0.3] - 04.apr.2026

Domain Defaults Fix

Added

• GIT_MIRROR_URLS to mirror additional repos into the git jail; status output now includes MIRROR_EXTRAS
• GIT_JAIL_NAME to override the git jail ID when Bastille/VNET naming constraints apply

Changed

• Default domains now use home.arpa for internal names, aligning onboarding and env audit output with <agent>.home.arpa

Fixed

• setup/env-audit.ts no longer warns about missing REMOTE_GIT_URL when mirror URLs are configured

[1.0.2] - 2026-04-03

Out-of-the-Box Jails + SSH Baseline

Added

• setup/db.ts, setup/jails.ts, setup/hostd.ts — previously referenced install steps are now implemented in-tree
• setup/pf.ts now writes /etc/pf.warden.conf and ensures pf.conf includes it (NAT egress baseline for warden0)
• Ansible: infra/ansible/playbooks/jails-ssh-baseline.yaml + optional PF SSH exposure in infra/ansible/playbooks/host-pf-baseline.yaml (host ports 2222..2226)
• Docs: docs/public/reference/multi-agent.md (same-host multi-agent procedure, subnet + warden0/PF notes)

Changed

• setup/install.ts plan aligns with the step registry and can run root-only steps via sudo when invoked as non-root
• Default jail naming prefers {agent}-* (with legacy fallbacks) to avoid collisions when a second agent is added later
• .env.example documents SSH_PUBLIC_KEY for Ansible jail SSH readiness

Fixed

• Temp files/artifacts use <project-root>/tmp/ instead of system /tmp (skills engine + scripts + Telegram voice download)

[0.7.2] - 2026-03-15

Docs Redesign + Skills Artifact Plan

Changed

• html/docs-clawdie-si/css/shared.css: full CSS rewrite — soft pastel light theme, sticky top-bar and sidebar in document flow, no backdrop-filter, matches Clawdie brand (Cormorant Garamond + DM Mono, #4fb3ce accent)
• Top-left brand renamed to "Clawdie Docs" across all 12 HTML pages
• Self-referencing "Docs" nav link removed from all pages
• Introduction headline: "Sysadmin Skills in Vector Format — Human Operator in charge from ground up!"
• Introduction copy: FreeBSD-native → FreeBSD based, terminology pass throughout
• All <code>main</code> branch references in prose now link to Codeberg src/branch/main
• Technical terms linked to external docs (FreeBSD handbook, pgvector, sqlite.org, nodejs.org, etc.)
• built-in knowledge links to docs/internal/BUILTIN-KNOWLEDGE-SPEC.md on Codeberg
• install.html simplified: quick-start collapsed to 4 lines, Package Note trimmed, duplicate "Simple Onboarding Flow" section removed

Added

• docs/internal/SKILLS-ARTIFACT-V1-PLAN.md: SQLite + sqlite-vec architecture for skills artifact, v1 trigger conditions, generation pipeline, size estimates, open questions — embeddings deferred until docs stabilise

---

[0.7.1] - 2026-03-15

Control Plane Refactoring

Naming consistency pass and observability wiring on top of 0.7.0.

Changed

• src/infra.ts renamed to src/controlplane.ts; all exported symbols renamed (runControlPlaneChecks, CONTROLPLANE_CHECK_INTERVAL_MS, ControlPlaneReport, ControlPlaneCheckResult)
• Watchdog stores lastControlPlaneReport and exposes it as controlplane in IPC status response
• All stale src/infra.ts references eliminated from docs, skills, and HTML

Added

• npm run doctor now queries the watchdog IPC socket and prints WATCHDOG_MODE, WATCHDOG_THROTTLED, WATCHDOG_FREE_MEMORY_MB, WATCHDOG_ACTIVE_JAILS, WATCHDOG_QUEUED, and per-check CONTROLPLANE_* lines; shows WATCHDOG: offline when agent is not running

Documentation

• README.md: v0.7.1, simplified "Web Serving" section (was 18 lines of future tense), collapsed step entrypoints list, updated key files
• docs/public/operate/monitoring.md: rewritten with Watchdog and Control Plane layers, check table, updated Doctor section
• docs/public/operate/security.md: "Host Administration" updated to describe hostd as the implemented executor; architecture diagram gains clawdie-hostd (root) column
• docs/public/architecture/host-operator-model.md: new "Privileged Host Daemon" section with delegation chain and two-entry rc.conf
• docs/internal/CMS-DEPLOYMENT-PLAN.md: setup refactor checklist updated (✅ pf/cms done, ⏳ Astro/verify pending)
• html/docs-clawdie-si/: v0.7.1 badge, src/controlplane.ts references throughout
• .agent/skills/nginx/SKILL.md: fully rewritten to cms-jail-centric model; legacy host-edge sections removed
• .agent/skills/setup/SKILL.md: privilege delegation model section, src/controlplane.ts reference
• .agent/skills/freebsd-admin/SKILL.md: "Privileged delegation boundary" section

---

[0.7.0] - 2026-03-15

Privileged Host Daemon + PF Web Edge

Added

• clawdie-hostd: root daemon on /var/run/clawdie-hostd.sock (mode 0660, group clawdie). All privileged host operations go through whitelisted Zod-validated op handlers — bastille start/stop/restart/list, zfs snapshot/rollback/create, pf-reload/enable, service start/stop/restart, pkg-install, sysrc-set, sanoid-snapshot. Agent user calls hostd(op, params) from src/hostd/client.ts; never needs sudo at runtime
• setup/pf.ts: writes /etc/pf.conf with NAT egress for jail subnet and rdr pass rules forwarding port 80/443 to the cms jail; detects external interface from .env, route -n get default, or fallback vtnet0; validates with pfctl -nf, backs up existing config, enables PF
• src/controlplane.ts (originally src/infra.ts): self-healing layer checks hostd reachability, persistent service jails ({agent}-db/git/cms), and PF at startup and every 5 minutes via watchdog; attempts repairs via hostd; process.exit(1) if db jail still down after fix attempt
• setup/hostd.ts: setup step that writes the rc.d script, sets clawdie_hostd_enable=YES, starts the daemon
• npm run hostd / npm run hostd:dev scripts

Changed

• src/watchdog.ts: infraTimer fires runControlPlaneChecks() every 5 minutes
• src/index.ts: runs control plane checks before initDatabase()
• setup/service.ts: generateRunScript() creates tmux session before exec; opens setup window if PI_PROFILE=setup
• Preflight: 15 steps (added pf at position 3, hostd at position 12)
• package.json: version 0.6.0 → 0.7.0

Removed

• infra/ansible/playbooks/host-nginx.yaml: transitional playbook deleted
• Host nginx as a required Clawdie dependency

Infrastructure

• .web-staging/pf.conf.txt: updated to PF RDR model (rdr pass rules replacing host nginx passthrough)
• .agent/skills/nginx/SKILL.md: updated scope, design direction, and hosted sites table to reflect cms-jail-only model

---

[0.6.0] - 2026-03-14

db Jail Mandatory + Watchdog + FreeBSD Onboarding

Added

• setup/db.ts: db jail is now mandatory (not opt-in); renamed Brain A / Brain B to Agent System Skills / User/Agent Memory throughout
• src/watchdog.ts: resource watchdog with run modes (auto/slow/fast/permanent) and Unix IPC socket; reads host free memory via sysctl, throttles jail spawns below configurable threshold
• Three-mode service autostart: AUTO (rc.d managed), YES (always), NONE (default — user starts manually); documented with plain-language rc.conf examples
• feat(setup): add FreeBSD onboarding and baseline sync — npm run wizard now syncs host package baseline and sets up jail bridge alongside the TUI config flow
• Auto-detect host locale from LANG/LC_ALL/locale without prompting; apply to ~/.login_conf after onboarding
• feat(freebsd): manage jail hostnames and /etc/hosts — setup writes hostname into each jail config and syncs /etc/hosts on host and inside jails for home.arpa resolution
• feat(skills): built-in knowledge in default db setup — skills artifact loaded into db during npm run setup -- --step db; feat(skills): add host-side runtime lookup — agent resolves built-in knowledge from db at runtime; follow-up jail messages enriched with built-in knowledge
• fix(split-brain): make verify enforce skills artifact integrity — npm run setup -- --step verify checks skills artifact version matches db
• feat(cms): add repo-owned Strapi seed bootstrap — Strapi data seeded from committed baseline; secrets generated per-install
• feat(doctor): surface split-brain readiness — npm run doctor prints SPLIT_BRAIN, SKILLS_*, and MEMORY_* lines
• feat(setup): make local git a default jail — git jail now created in the standard setup flow, not opt-in

Changed

• fix(freebsd): replace clawdie0 leftovers with warden0 — last stale bridge references eliminated
• fix(db): generate split-brain secrets and remove bootstrap deadlocks
• refactor(payments): simplify Stripe integration — remove unused webhook surface
• refactor(setup): unify FreeBSD package baselines — single source of truth for host pkg install line
• fix(setup): pin uv guidance to Python 3.11

Documentation

• Manifesto: added "Code does not lie" section to Why page
• fix(docs): align docs.clawdie.si design with main site and restore ToC column
• FreeBSD onboarding flow diagram added

---

[0.5.0] - 2026-03-13

docs.clawdie.si Launch + Built-in Knowledge

Added

• docs.clawdie.si launched: split-brain docs, architecture guide, and NanoClaw upstream guide published
• Built-in knowledge spec: docs/internal/BUILTIN-KNOWLEDGE-SPEC.md defines the skills artifact format, bootstrap flow, and freshness badge contract
• NanoClaw upstream toggle (git remote, Option A): operator can pull agent improvements from upstream without a full reinstall
• Stripe (add-stripe) and ProtonMail (add-protonmail) integration skills added to .agent/skills/
• Deploy helper (deploy.sh) and freshness badge wired into the docs site

Changed

• BSD-3-Clause license emphasis throughout; license page added to docs site
• Docs redesign (Instrument Codex aesthetic — dark editorial, Cormorant Garamond + DM Mono)

---

[0.4.0] - 2026-03-13

Host-First Architecture + Multi-Agent Naming

Comprehensive naming refactor to support multi-agent deployments and the host-first runtime model.

Changed

• Four-phase AGENT_NAME refactor: all installer steps, jail config, platform detection, and the orchestrator host migration now read AGENT_NAME from .env instead of hardcoded names
• warden→jail rename throughout runtime; clawdie-cp prefix removed
• AGENT_SUBNET_BASE config: subnet base read from .env, IPs computed automatically
• Website redesign: architecture diagram, status badges, Why Clawdie table added to landing page
• Docs redesign (first pass — Instrument Codex aesthetic)

Added

• feat: NanoClaw upstream toggle — git remote for pulling upstream agent improvements
• feat: add add-stripe and add-protonmail skills — integration runbooks
• docs: built-in knowledge spec groundwork (bootstrap flow, local knowledge definition)

Removed

• PI-ZAI-KEY.md — notes absorbed into REFACTOR-PLAN.md
• Hardcoded clawdie-cp references from all playbooks and service configs

---

[0.3.0] - 2026-03-10

🎉 Milestone Release

This release marks a significant milestone: Clawdie now has a complete FreeBSD bsdinstall-style onboarding wizard, proper resource management, and a clean separation between code and configuration.

Added

Setup Wizard (npm run wizard)

• 11-page curses-style TUI modeled after FreeBSD's bsdinstall
• Deployment profiles: Minimal (controlplane + db), Standard (+ CMS), Full (+ bhyve GUI VM)
• Network configuration with auto-calculated IPs from subnet base
• VMM prerequisites check - validates bhyve support before enabling GUI VM feature
• Protected paths password - auto-generates secure password for /screenshots/ auth
• htpasswd generation - creates nginx basic auth file automatically
• Non-interactive mode for CI/CD: npm run wizard -- --non-interactive

Configuration Management

• Environment-driven Ansible - all IPs read from .env with fallback defaults
• Feature flags in .env: FEATURE_CMS, FEATURE_BHYVE_GUI, FEATURE_SANOID
• CLAWDIE_TMP_DIR - project-relative temp directory (no more /tmp usage)
• TMP_DIR, TMP_IPC_DIR, TMP_TESTS_DIR, TMP_SKILLS_DIR exports from config.ts

Infrastructure

• jail-resource-limits.yaml playbook - applies ZFS quotas and RCTL memory limits
• CMS resource limits - 20G ZFS quota, 2G memory limit
• Screenshot gallery generator - setup/screenshot-wizard.ts + ansi-to-html.ts

Changed

• Removed hardcoded IPs from Ansible playbooks (was 51.83.197.1, now reads from env)
• Removed /tmp usage - all temp files now use <project-root>/tmp/
• Removed redundant controlplane_jail_name from playbook (uses group_vars)
• Standardized date format - European format for user-facing, ISO for internal

Fixed

• Protected paths htpasswd is now generated during wizard, not manually
• Wizard preserves existing .env - only adds missing keys
• Shell scripts use project-relative tmp/ instead of system /tmp

Security

• SCREENSHOTS_PASSWORD auto-generated with 32-char secure random
• htpasswd file created with proper ownership (root:www, mode 640)
• No real IPs or secrets in committed files

Documentation

• Session logs in docs/internal/sessions/ with ISO filename, European content dates
• ZFS snapshot naming convention documented (DD.MMM.YYYY)
• VMM prerequisites documented in freebsd-admin skill

---

Attribution

This release was made possible with assistance from:

AI Systems: Openclaw, NanoClaw, z.ai, Anthropic Claude, OpenAI Codex, OpenRouter, Deepseek, Groq, Ollama, pi-tui

Human: Peter Steinberger

---

[0.2.0] - 2026-03-06

Added

• PostgreSQL 17 with pgvector for hybrid memory search
• Memory pipeline scripts (Phase 2)
• AI brain schema with embeddings
• Controlplane operator documentation
• PI coding agent integration
• Test deployment plan

Changed

• Internal IP and domain redesign
• Adopted shared npm service user model

---

[0.1.0] - 2026-02-28

Added

• Initial FreeBSD jail architecture
• Bastille jail creation playbooks
• Basic Ansible inventory structure
• Telegram bot integration
• Grammy messaging framework