2026-04-01 19:30:59 +00:00
# Clawdie ISO Agent Guidelines
2026-05-24 23:21:02 +02:00
## Agent Identity and Current Role Split
The XFCE operator USB work now uses a git-coordinated split. Agents may review
or suggest across boundaries, but should not silently take over another role's
load-bearing responsibility.
2026-05-28 00:46:24 +02:00
| Role name | Identity | Owns | Restrictions |
| ---------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| **Pi ISO Developer** | Pi harness (this dev agent) | Source changes, docs, static checks, commits, pushes | Does not start ISO builds or flash media unless explicitly assigned |
| **Codex ISO Builder** | codex pkg on the FreeBSD 15 build host | `./build.sh` , mounted-image inspection, publishing, hardware validation | Should avoid broad source refactors; reports exact logs/output back through git or handoff notes |
| **Hermes USB/IMG Deployer** | Hermes on Debian/Linux | Downloading verified published artifacts, USB target identification, flashing | Does not need Codeberg; never flashes unverified artifacts or partition paths |
| **Claude Reviewer / XFCE Tweaker** | Claude (Linux) | Review/plans plus Track E XFCE GUI polish | Cannot build ISO, cannot run FreeBSD-only validation, should mark speculative runtime claims as such |
| **Opencode / Z.ai Integrator** | Opencode CLI on Linux | Linux-side Herdr/dashboard experiments plus Pi/DeepSeek v4 provider-lane smoke wiring | Cannot claim FreeBSD runtime proof; uses Sam-provided API keys only for provider validation |
| **Operator (Sam)** | Human operator | Product, hardware, acceptance, release judgment | Human approval required for release/tagging decisions |
2026-05-24 23:21:02 +02:00
### Git Coordination Rules
- Coordinate through git: fetch before commenting on remote state, push small
reviewable commits, and include test/build status in commit messages.
- Claude may push critique/suggestion commits, but Pi ISO Developer should
re-check and adjust implementation details before the next build target is
treated as final.
- Codex ISO Builder consumes pushed build targets, builds/publishes artifacts,
and reports hardware findings with exact commands and output.
- Hermes USB/IMG Deployer consumes published artifact URLs/manifests, verifies
checksums on Linux, identifies the USB target, and owns the final image-to-USB
deployment handoff.
- Opencode / Z.ai Integrator owns Linux-side Herdr/dashboard experiments and
the Pi/DeepSeek v4 smoke lane when Sam provides a `ZAI_API_KEY` ; findings
should come back as exact commands, output, provider/version notes, and small
manifests/summaries that Colibri can ingest.
- If a change needs a long ISO build, USB flash, or real hardware proof, hand it
to the owning role instead of running it opportunistically.
### Markdown Formatting Gate
Markdown formatting is tool-owned, not taste-owned. Before pushing any commit
that edits `*.md` , run:
```sh
./scripts/check-format.sh
```
If it fails, format only the touched markdown files, then rerun the check:
```sh
npx --yes prettier@3 --write path/to/file.md
```
Do not hand-align Markdown tables or reflow prose manually. `.prettierrc` uses
`proseWrap: preserve` so existing prose line breaks stay intentional, while
Prettier still catches table padding, list spacing, and emphasis drift.
### Private Planning Workspace
`private/` is gitignored and may contain operator-private strategy notes or PRDs.
Agents on this host may read files there only when directly relevant to the
assigned work. Do not commit, quote, summarize publicly, or copy private content
to Codeberg unless the operator explicitly approves it.
If working on custom ISO / hardware-report monetization, check
`private/PRD-CUSTOM-ISO.md` when present. Codex ISO Builder should focus first
on the local-only `hw-report` feasibility path and, after analysis,
return concise action notes for Claude Reviewer / XFCE Tweaker on what GUI
surface should expose for report collection and review.
docs: announce Tailscale mandatory, --target flag, glasspane, repo unification (Sam & Claude)
- README: rewrite for unified iso repo, two targets, mandatory Tailscale pre-req
- BUILD: add Step 0 (auth key), --target flag, --insecure-no-tailscale, first boot Tailscale screen 1
- AGENTS: note clawdie-shell archived, clawdie-iso is canonical, point to PLAN-UNIFY.md
2026-04-06 03:44:02 +00:00
2026-05-24 23:21:02 +02:00
### Linux Agent Constraints
docs: announce Tailscale mandatory, --target flag, glasspane, repo unification (Sam & Claude)
- README: rewrite for unified iso repo, two targets, mandatory Tailscale pre-req
- BUILD: add Step 0 (auth key), --target flag, --insecure-no-tailscale, first boot Tailscale screen 1
- AGENTS: note clawdie-shell archived, clawdie-iso is canonical, point to PLAN-UNIFY.md
2026-04-06 03:44:02 +00:00
2026-05-24 23:21:02 +02:00
Linux agents MUST NOT attempt to build the ISO (`./build.sh` , `./build-vps.sh` ).
2026-05-27 02:25:40 +02:00
ISO builds require FreeBSD 15 system tools (`mdconfig` , `mount_msdosfs` , `pkg` ).
Instead, guide Codex ISO Builder with exact commands to run on the FreeBSD 15
2026-05-24 23:21:02 +02:00
system.
docs: announce Tailscale mandatory, --target flag, glasspane, repo unification (Sam & Claude)
- README: rewrite for unified iso repo, two targets, mandatory Tailscale pre-req
- BUILD: add Step 0 (auth key), --target flag, --insecure-no-tailscale, first boot Tailscale screen 1
- AGENTS: note clawdie-shell archived, clawdie-iso is canonical, point to PLAN-UNIFY.md
2026-04-06 03:44:02 +00:00
2026-05-24 23:21:02 +02:00
Agents on any platform MUST NOT start a new ISO build unless explicitly assigned.
Builds are long-running, mutate repo-local caches, and can leave mounted md(4)
devices that require cleanup.
2026-04-07 19:52:48 +02:00
2026-05-27 02:25:40 +02:00
### Colibri Dependency
2026-05-28 00:46:24 +02:00
The ISO build stages FreeBSD-native Colibri control-plane artifacts from the
adjacent `../colibri` checkout (`FEATURE_COLIBRI=YES` is the default lane). The
staging is wired into `build.sh` and `scripts/stage-colibri-iso.sh` ; the ISO
does **not** build Rust while the image is mounted.
- Build Colibri release artifacts on the FreeBSD/OSA host, not on Debian/Linux.
- Build order, binary verification, and cleanup timing live in the `iso-build`
skill (§Colibri artifact preflight).
- Staging layout (installed paths, rc.d, directory ownership) is owned by
Colibri `docs/ISO-INTEGRATION-PLAN.md` .
- Required by ISO preflight: `colibri-daemon` , `colibri` , `colibri-smoke-agent` .
`colibri-tui` is optional in staging code but desired for this USB target and
should be verified alongside the other three.
**Invariant:** do not `cargo clean` the Colibri checkout until the ISO
preflight/build has consumed `../colibri/target/release` .
2026-05-27 02:25:40 +02:00
2026-05-24 23:21:02 +02:00
---
2026-04-07 19:52:48 +02:00
2026-05-24 23:21:02 +02:00
## Current XFCE Operator USB Baseline
2026-04-07 19:52:48 +02:00
2026-05-24 23:21:02 +02:00
The active branch target is the XFCE live operator USB. Authoritative state
lives in `packages/` (what ships) and `PLAN-OPERATOR-USB-NEXT.md` (round-scope
decisions and any "for now" retention notes). Final graphical validation
requires real hardware — do not treat bhyve, nested VMs, or static image
inspection as final proof that SDDM/XFCE works.
2026-04-07 19:52:48 +02:00
---
Unify ISO and fix GPU installation gap (Sam & ZAI)
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
2026-04-06 13:28:56 +02:00
## System Configuration
2026-05-24 23:21:02 +02:00
**Privilege model:** distinguish build-host administration from live-USB runtime.
2026-05-10 14:23:03 +02:00
2026-05-27 02:25:40 +02:00
- On the FreeBSD 15 build host, operator-facing commands may use `sudo` .
2026-05-27 15:48:31 +02:00
- Inside the live USB, `sudo` is intentionally absent (deleted via `pkg delete -f sudo` ).
2026-05-24 23:21:02 +02:00
- Live privileged actions use FreeBSD `mac_do` via `mdo -u root <command>` .
2026-05-27 15:48:31 +02:00
- `~/.bashrc` aliases `sudo` → `mdo -u root` for muscle-memory compatibility.
The shell function wraps `mdo` with a fire-and-forget ZFS snapshot
(`zroot@cli-<timestamp>` ) before each privileged invocation, so rollback
is always available without confirmation prompts or warning popups.
2026-05-24 23:21:02 +02:00
- Agent runtime code must not shell out to `sudo` for privileged host changes.
- Privileged Clawdie-AI host operations go through the hostd RPC layer.
Unify ISO and fix GPU installation gap (Sam & ZAI)
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
2026-04-06 13:28:56 +02:00
2026-05-27 15:48:31 +02:00
**Why `sudo` as alias, not as pkg:**
2026-05-28 00:46:24 +02:00
| Approach | Install sudo pkg | Alias to mdo |
| ------------------- | ------------------------ | ---------------------------- |
| Extra package | Yes (sudo + deps) | No |
| Two privilege paths | `sudo` AND `mdo` coexist | Single path (`mdo` ) |
| Audit surface | Two tools to audit | One kernel-enforced MAC |
| ZFS safety net | Requires sudoers hooks | Built into bash function |
| Agent confusion | Agents try both paths | Agents use `sudo` , get `mdo` |
| ISO size | Larger | Zero bytes |
2026-05-27 15:48:31 +02:00
The alias approach keeps the ISO lean, eliminates dual-privilege-path
confusion, and bakes ZFS rollback safety directly into the operator shell.
`mac_do` is FreeBSD base system — no package dependency, kernel-enforced,
auditable via MAC framework.
Unify ISO and fix GPU installation gap (Sam & ZAI)
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
2026-04-06 13:28:56 +02:00
---
2026-04-07 18:10:17 +02:00
## Installer Temp Files
The GUI installer uses `/tmp/clawdie-install.conf` to pass wizard values to
`firstboot.sh` . This is an exemption from the project-local `tmp/` rule.
**Rationale:**
2026-05-10 14:23:03 +02:00
2026-04-07 18:10:17 +02:00
- Live ISO has no project root
- Single-user install phase (no other users on the system)
- File is consumed once by `firstboot.sh` then deleted on reboot
- PF firewall is not yet running during install
**Applies to:**
2026-05-10 14:23:03 +02:00
2026-04-07 18:10:17 +02:00
- `/tmp/clawdie-install.conf` — GUI wizard config output
- `/tmp/clawdie-firstboot.*` — firstboot progress and log (written by rc.d)
2026-05-24 23:21:02 +02:00
## Repo-local ISO Build Workspace
ISO builds use repo-local `tmp/` for large caches and output artifacts:
- `tmp/cache` — build cache
- `tmp/cache/mnt` — temporary md(4) work-image mountpoint
- `tmp/output` — generated `.img.gz` artifacts and checksums
- `tmp/packages` — fetched package archives
`tmp/cache/mnt` is an ISO-builder-specific mountpoint exception. Do not mount
unrelated datasets, recovery filesystems, or scratch filesystems elsewhere under
repo `tmp/` . If a build is interrupted, use the `iso-build-cleanup` skill before
retrying.
2026-04-07 18:10:17 +02:00
---
2026-04-07 19:52:48 +02:00
## Cross-Repo Coordination
2026-05-27 02:25:40 +02:00
Clawdie spans three repos. Changes often require coordinated updates.
2026-04-07 19:52:48 +02:00
2026-05-10 14:23:03 +02:00
| Repo | Purpose | Remote |
| ------------- | ---------------------------------------- | ------------------------------------------ |
| `Clawdie-AI` | Agent runtime, control plane, channels | `git@codeberg.org:Clawdie/Clawdie-AI.git` |
2026-04-07 19:52:48 +02:00
| `clawdie-iso` | ISO builder, firstboot wizard, installer | `git@codeberg.org:Clawdie/Clawdie-ISO.git` |
2026-05-27 02:25:40 +02:00
| `Colibri` | Cross-platform Rust control plane core | `git@codeberg.org:Clawdie/Colibri.git` |
2026-04-07 19:52:48 +02:00
2026-05-27 02:25:40 +02:00
When changes span repos, create a handoff doc in the secondary repo
2026-04-07 19:52:48 +02:00
listing what needs updating. See `Clawdie-AI/AGENTS.md` for full protocol.
---
## Agent Handoff Documents
Use ephemeral handoff files to transfer context between agents.
- **Name:** `doc/<FEATURE>-HANDOFF.md` or `<FEATURE>-HANDOFF.md` (repo root)
- **Lifecycle:** Create when handing off, delete when complete
- **Structure:** Must include task checklist, deletion criteria, results section
See `Clawdie-AI/AGENTS.md` for the full handoff template and protocol.
---
2026-04-01 19:30:59 +00:00
## Attribution in Commit History
Use attribution in commit messages, not in code comments.
Labels:
2026-05-10 14:23:03 +02:00
2026-04-01 19:30:59 +00:00
- `Sam & Codex` — changes made by Sam and Codex
- `Sam & Claude` — changes made by Sam and Claude
- `C&C` — joint change with equal credit for Claude and Codex
Add the label to the commit subject or body. Example:
```
Fix bhyve preflight checks (C& C)
```
