clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdie-iso/docs/SETUP-USB-TO-MOTHER.md

196 lines
10 KiB
Markdown
Raw Normal View History

docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
# Setup: USB → Mother MCP Connection
2026-06-23 | Step-by-step | Tested on OSA + 0.11 USB
Connects a booted Clawdie USB to the mother node (OSA) via MCP over SSH.
After setup, `clawdie-hw-probe` runs on the USB, the hardware profile is
mother: drop duplicate scripts from iso; canonical = colibri; docs → hive_nodes The mother MCP scripts were copied into clawdie-iso (packaging/mother/) AND colibri. The iso copies drifted: node-register-mcp on iso main was the old, SQL-injectable version (E'${HOST_ESCAPED}' string interpolation) using usb_nodes — while colibri #161 carries the reviewed, parameterized (psql -v :'var') hive_nodes version. One canonical home: colibri. Remove packaging/mother/ from the iso (nothing in the iso build references it), redirect the two doc path references to the colibri repo, and align the docs to hive_nodes (matching the colibri schema rename). Supersedes #127 (which only renamed docs and conflicted after the iso copies landed). Doc-only + file removals; markdown gate green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 10:10:09 +02:00
sent to mother, and stored in PostgreSQL `mother_hive.hive_nodes`.
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
## Hosts used in this guide
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
| Host | IP (Tailscale) | User for MCP | Role |
| ---------------------- | ------------------------ | ------------ | ----------------------------------------------- |
| `mother` (OSA) | `<mother-tailscale-ip>` | `colibri` | Mother — runs PostgreSQL, external MCP servers |
| `clawdie-usb` (USB) | `<node-tailscale-ip>` | `clawdie` | Operator workstation — sends hw-probe to mother |
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
## How it works
```
┌─ USB ────────────────────────────────────────────────────────┐
│ │
│ colibri-daemon │
│ │ │
fix(iso): pre-configure mother MCP OOTB + fix docs Two changes so the USB connects to mother on first boot with no manual steps: 1. stage-colibri-iso.sh: external-mcp.json is now pre-configured with the mother server entry (colibri@100.72.229.63, no remote command — the hardened wrapper starts colibri-mcp in stdio MCP mode). Previously staged as empty {}; the operator had to create it manually or run clawdie-enable-mother. 2. provider.env now includes COLIBRI_MCP_EXTERNAL_CALL=1 by default (already set on osa; missing from the ISO defaults). 3. SETUP-USB-TO-MOTHER.md: removed Step 3 (manual external-mcp.json), fixed the diagram to match the hardened wrapper (no remote command), corrected the server name from "m0th3r"/"c0l1br1" to the real names. The SSH key, config, and known_hosts still come from the CLAWDIESEED seed partition — the image carries no secrets. Without the seed the connection fails gracefully.
2026-06-24 11:04:36 +02:00
│ │ external-mcp.json (baked): │
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
│ │ "mother": { │
│ │ "command": "ssh", │
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
│ │ "args": ["-i", "/var/db/colibri/.ssh/mother-mcp", │
│ │ "mother"] │
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
│ │ } │
│ │ │
fix(iso): pre-configure mother MCP OOTB + fix docs Two changes so the USB connects to mother on first boot with no manual steps: 1. stage-colibri-iso.sh: external-mcp.json is now pre-configured with the mother server entry (colibri@100.72.229.63, no remote command — the hardened wrapper starts colibri-mcp in stdio MCP mode). Previously staged as empty {}; the operator had to create it manually or run clawdie-enable-mother. 2. provider.env now includes COLIBRI_MCP_EXTERNAL_CALL=1 by default (already set on osa; missing from the ISO defaults). 3. SETUP-USB-TO-MOTHER.md: removed Step 3 (manual external-mcp.json), fixed the diagram to match the hardened wrapper (no remote command), corrected the server name from "m0th3r"/"c0l1br1" to the real names. The SSH key, config, and known_hosts still come from the CLAWDIESEED seed partition — the image carries no secrets. Without the seed the connection fails gracefully.
2026-06-24 11:04:36 +02:00
│ │ spawns persistent SSH child (no remote command) │
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
│ │ JSON-RPC flows over stdin/stdout ──────────────────────┐ │
│ │ │ │
│ │ clawdie-hw-probe → JSON → │ │
│ │ colibri_external_mcp_call_tool( │ │
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
│ │ server="mother", tool="node_register", ...) ──────┤ │
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
│ │ │ │
└────┼─────────────────────────────────────────────────────────┘ │
│ │
│ Tailscale (WireGuard encrypted) │
│ │
┌────┼─────────────────────────────────────────────────────────┐ │
│ ▼ Mother (OSA) │ │
│ │ │
│ /var/db/colibri/.ssh/authorized_keys: │ │
│ command="/usr/local/bin/colibri-mcp-ssh",restrict,... ◄────┘ │
│ │
fix(iso): pre-configure mother MCP OOTB + fix docs Two changes so the USB connects to mother on first boot with no manual steps: 1. stage-colibri-iso.sh: external-mcp.json is now pre-configured with the mother server entry (colibri@100.72.229.63, no remote command — the hardened wrapper starts colibri-mcp in stdio MCP mode). Previously staged as empty {}; the operator had to create it manually or run clawdie-enable-mother. 2. provider.env now includes COLIBRI_MCP_EXTERNAL_CALL=1 by default (already set on osa; missing from the ISO defaults). 3. SETUP-USB-TO-MOTHER.md: removed Step 3 (manual external-mcp.json), fixed the diagram to match the hardened wrapper (no remote command), corrected the server name from "m0th3r"/"c0l1br1" to the real names. The SSH key, config, and known_hosts still come from the CLAWDIESEED seed partition — the image carries no secrets. Without the seed the connection fails gracefully.
2026-06-24 11:04:36 +02:00
│ colibri-mcp-ssh → starts colibri-mcp in stdio MCP mode │
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
│ │
mother: drop duplicate scripts from iso; canonical = colibri; docs → hive_nodes The mother MCP scripts were copied into clawdie-iso (packaging/mother/) AND colibri. The iso copies drifted: node-register-mcp on iso main was the old, SQL-injectable version (E'${HOST_ESCAPED}' string interpolation) using usb_nodes — while colibri #161 carries the reviewed, parameterized (psql -v :'var') hive_nodes version. One canonical home: colibri. Remove packaging/mother/ from the iso (nothing in the iso build references it), redirect the two doc path references to the colibri repo, and align the docs to hive_nodes (matching the colibri schema rename). Supersedes #127 (which only renamed docs and conflicted after the iso copies landed). Doc-only + file removals; markdown gate green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 10:10:09 +02:00
│ PostgreSQL mother_hive.hive_nodes ← hw-probe JSON stored │
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
│ │
└───────────────────────────────────────────────────────────────┘
```
## Step 1: SSH key + config (on USB)
Copy the `mother-mcp` private key to the USB. The public key is already
authorized on mother. For production: the seed partition places this
automatically. For testing: scp from OSA or copy manually.
```bash
# === ON USB, as clawdie ===
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# Create the private key — replace with real key content
# This key is authorized on mother as:
# command="/usr/local/bin/colibri-mcp-ssh",restrict,no-pty,...
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
cat > ~/.ssh/mother-mcp << 'KEY'
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
-----BEGIN OPENSSH PRIVATE KEY-----
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
<your-private-key-here>
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
-----END OPENSSH PRIVATE KEY-----
KEY
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
chmod 600 ~/.ssh/mother-mcp
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
# SSH config — use Tailscale IP so it works without DNS.
# The Host alias "mother" must match the external-mcp.json entry
# baked into the ISO. The real IP lives only on the seed, never in the repo.
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
cat > ~/.ssh/config << 'SSH'
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
Host mother
HostName <mother-tailscale-ip>
User colibri
IdentityFile ~/.ssh/mother-mcp
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
IdentitiesOnly yes
StrictHostKeyChecking accept-new
SSH
chmod 600 ~/.ssh/config
# Test the connection:
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
ssh mother 'tools' 2>&1 | head -5
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
# Expected output:
# colibri_status Get Colibri daemon status...
# colibri_snapshot Get Glasspane snapshot...
# ...
```
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
## Step 2: External MCP calls + registry (baked into ISO)
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
`COLIBRI_MCP_EXTERNAL_CALL=1` and the mother `external-mcp.json` entry
are pre-configured in the ISO image by `scripts/stage-colibri-iso.sh`.
No manual steps are needed — the daemon picks up both on first boot.
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
## Step 3: Install clawdie-hw-probe (on USB)
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
```bash
# === ON USB, as clawdie ===
# From the 0.12 feature branch (already committed):
# Option A — from local repo (if unshallowed):
cd /home/clawdie/ai/clawdie-iso
git fetch origin feature/0.12.0
git show origin/feature/0.12.0:live/operator-session/clawdie-hw-probe \
| sudo tee /usr/local/bin/clawdie-hw-probe > /dev/null
sudo chmod 755 /usr/local/bin/clawdie-hw-probe
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
# Option B — scp from mother:
# scp colibri@mother:/home/clawdie/ai/clawdie-iso/live/operator-session/clawdie-hw-probe \
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
# /tmp/ && sudo install -m 755 /tmp/clawdie-hw-probe /usr/local/bin/
# Test:
sudo clawdie-hw-probe 2>/dev/null | python3.11 -m json.tool | head -10
# Expected: JSON with hostname, ram_gb, cpu_model, disks, network_interfaces...
```
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
## Step 4: Restart daemon + verify (on USB)
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
```bash
# === ON USB, as clawdie ===
# Restart the daemon so it picks up external-mcp.json and the env var
sudo service colibri_daemon restart
# Expected: Starting colibri_daemon.
# colibri-daemon socket ready after 1s
# Verify external MCP tools are visible
colibri-mcp tools 2>&1 | grep external
# Expected:
# colibri_external_mcp_servers List configured external MCP servers...
# colibri_external_mcp_list_tools List tools exposed by...
# colibri_external_mcp_call_tool Call a tool on an external MCP server...
# List mother's registered tools
colibri-mcp --external-config /usr/local/etc/colibri/external-mcp.json \
--external-call tools 2>&1 | head -10
# Expected: tools registered on mother (colibri_status, geodesic_dome, etc.)
```
## End-to-end test
```bash
# === ON USB ===
# 1. Run hw-probe, capture JSON
HW_JSON=$(sudo clawdie-hw-probe 2>/dev/null)
# 2. View what would be sent to mother
echo "$HW_JSON" | python3.11 -m json.tool | head -15
mother: drop duplicate scripts from iso; canonical = colibri; docs → hive_nodes The mother MCP scripts were copied into clawdie-iso (packaging/mother/) AND colibri. The iso copies drifted: node-register-mcp on iso main was the old, SQL-injectable version (E'${HOST_ESCAPED}' string interpolation) using usb_nodes — while colibri #161 carries the reviewed, parameterized (psql -v :'var') hive_nodes version. One canonical home: colibri. Remove packaging/mother/ from the iso (nothing in the iso build references it), redirect the two doc path references to the colibri repo, and align the docs to hive_nodes (matching the colibri schema rename). Supersedes #127 (which only renamed docs and conflicted after the iso copies landed). Doc-only + file removals; markdown gate green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 10:10:09 +02:00
# 3. Send to mother via MCP (node_register tool lives in the colibri repo: packaging/mother/node-register-mcp)
feat(mother): add node-register MCP tool for USB hw-probe registration New packaging/mother/node-register-mcp accepts JSON-RPC tools/call, inserts hw_profile into mother_hive.usb_nodes, and returns the row with auto-derived capabilities (derive_capabilities trigger fires). Requires one-time PostgreSQL setup on mother: CREATE ROLE colibri WITH LOGIN; GRANT CONNECT ON DATABASE mother_hive TO colibri; GRANT INSERT, UPDATE ON usb_nodes TO colibri; GRANT USAGE ON SEQUENCE usb_nodes_id_seq TO colibri; Also updates docs to reflect 0.12 daemon behavior: hw-probe is collected by the daemon (not the agent) and passed via CLAWDIE_HW_PROFILE env var. COLIBRI_AUTOSPAWN_ARGS default is binary-dependent (zot->rpc, others->--mode json).
2026-06-24 09:07:48 +02:00
# The 0.12 daemon collects hw-probe at autospawn time and passes it to agents
# via CLAWDIE_HW_PROFILE env var. For manual testing, pipe JSON-RPC directly:
printf '{"jsonrpc":"2.0","method":"tools/call","id":1,"params":{"name":"node_register","arguments":{"hostname":"%s","hw_profile":%s}}}\n' \
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
"$(hostname)" "$HW_JSON" | ssh mother 'cat - | /usr/local/bin/node-register-mcp'
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
# 4. Verify on mother
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
ssh mother 'sudo -u postgres psql -d mother_hive \
mother: drop duplicate scripts from iso; canonical = colibri; docs → hive_nodes The mother MCP scripts were copied into clawdie-iso (packaging/mother/) AND colibri. The iso copies drifted: node-register-mcp on iso main was the old, SQL-injectable version (E'${HOST_ESCAPED}' string interpolation) using usb_nodes — while colibri #161 carries the reviewed, parameterized (psql -v :'var') hive_nodes version. One canonical home: colibri. Remove packaging/mother/ from the iso (nothing in the iso build references it), redirect the two doc path references to the colibri repo, and align the docs to hive_nodes (matching the colibri schema rename). Supersedes #127 (which only renamed docs and conflicted after the iso copies landed). Doc-only + file removals; markdown gate green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 10:10:09 +02:00
-c "SELECT hostname, status, capabilities FROM hive_nodes;"'
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
# Expected: both osa.smilepowered.org and clawdie-usb listed
```
## What happens after (future — 0.12+)
Once the daemon is restarted with `COLIBRI_AUTOSPAWN=YES` and
`COLIBRI_AUTOSPAWN_BINARY=zot`:
1. **zot autospawns** — DeepSeek API key from seed partition
feat(mother): add node-register MCP tool for USB hw-probe registration New packaging/mother/node-register-mcp accepts JSON-RPC tools/call, inserts hw_profile into mother_hive.usb_nodes, and returns the row with auto-derived capabilities (derive_capabilities trigger fires). Requires one-time PostgreSQL setup on mother: CREATE ROLE colibri WITH LOGIN; GRANT CONNECT ON DATABASE mother_hive TO colibri; GRANT INSERT, UPDATE ON usb_nodes TO colibri; GRANT USAGE ON SEQUENCE usb_nodes_id_seq TO colibri; Also updates docs to reflect 0.12 daemon behavior: hw-probe is collected by the daemon (not the agent) and passed via CLAWDIE_HW_PROFILE env var. COLIBRI_AUTOSPAWN_ARGS default is binary-dependent (zot->rpc, others->--mode json).
2026-06-24 09:07:48 +02:00
2. **Daemon collects hw-probe** — runs `clawdie-hw-probe` at spawn time, passes result
to zot as `CLAWDIE_HW_PROFILE` env var (zot doesn't run hw-probe itself in 0.12)
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
3. **zot reads env var and calls mother**: `colibri_external_mcp_call_tool(server="mother", tool="node_register", arguments={hostname:..., hw_profile:...})`
docs: USB→mother MCP setup — step-by-step guide with real hosts 5 steps from nothing to working: SSH key + config → enable external MCP → register mother server → install hw-probe → restart daemon. Uses real hosts (osa.smilepowered.org at 100.72.229.63, USB as clawdie-usb) with l33t placeholder keys. ASCII architecture diagram showing persistent SSH child process, JSON-RPC over stdin/stdout, mother-side forced-command wrapper. Includes: end-to-end test, future autospawn flow, and troubleshooting table for all common failure modes.
2026-06-23 16:46:18 +02:00
4. **Mother stores** the hardware profile in PostgreSQL
5. **Capability trigger fires** — derives `has_gpu`, `ram_gb`, `cpu_cores`, `geodesic_dome_mcp` etc.
6. **Mother returns capabilities** — zot now knows what this node can do
7. **zot logs**: "node registered — 12GB RAM, 6 cores, no GPU, geodesic_dome_mcp=true"
## Troubleshooting
docs: harness-neutral cleanup + restore green markdown gate Pi-era residue in current-tense docs/strings (CHANGELOG history left intact): - ONBOARDING-SIMPLIFICATION: COLIBRI_AUTOSPAWN_PI -> COLIBRI_AUTOSPAWN; 'Pi agent' -> 'agent'. - clawdie-join-hive.sh: user-facing 'Pi agent is live' / 'no Pi agent' -> harness-neutral (default agent is now zot). - clawdie-live-seed.README.txt: COLIBRI_AUTOSPAWN_PI -> COLIBRI_AUTOSPAWN. - stage-colibri-iso.sh provider.env.sample: the AUTOSPAWN_ARGS example showed '--mode json' (invalid for the zot default); note the default is harness-derived (zot -> rpc, pi -> --mode json). Also restore the markdown format gate: 5 docs from the 0.12.0 work were prettier-dirty, so ./scripts/check-format.sh was already failing on main (the gate was red and unenforced — same pattern as the colibri build break). prettier --write brings them to style; gate is green again. No prose changes in those 5 — formatting only. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 18:08:58 +02:00
| Symptom | Likely cause | Fix |
| ----------------------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------- |
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
| `ssh mother` hangs | Tailscale not up | `sudo tailscale up` on USB |
| `Permission denied (publickey)` | Key not in authorized_keys on mother | Verify: `cat /var/db/colibri/.ssh/authorized_keys` on mother |
| `Permission denied (publickey)` | Key permissions wrong on USB | `chmod 600 /var/db/colibri/.ssh/mother-mcp` (daemon user) or `~/.ssh/mother-mcp` (clawdie user) |
docs: harness-neutral cleanup + restore green markdown gate Pi-era residue in current-tense docs/strings (CHANGELOG history left intact): - ONBOARDING-SIMPLIFICATION: COLIBRI_AUTOSPAWN_PI -> COLIBRI_AUTOSPAWN; 'Pi agent' -> 'agent'. - clawdie-join-hive.sh: user-facing 'Pi agent is live' / 'no Pi agent' -> harness-neutral (default agent is now zot). - clawdie-live-seed.README.txt: COLIBRI_AUTOSPAWN_PI -> COLIBRI_AUTOSPAWN. - stage-colibri-iso.sh provider.env.sample: the AUTOSPAWN_ARGS example showed '--mode json' (invalid for the zot default); note the default is harness-derived (zot -> rpc, pi -> --mode json). Also restore the markdown format gate: 5 docs from the 0.12.0 work were prettier-dirty, so ./scripts/check-format.sh was already failing on main (the gate was red and unenforced — same pattern as the colibri build break). prettier --write brings them to style; gate is green again. No prose changes in those 5 — formatting only. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 18:08:58 +02:00
| `daemon: open: Permission denied` | Log file ownership wrong | `chown clawdie: /var/log/colibri/daemon.log` |
| Daemon starts but no external tools | `COLIBRI_MCP_EXTERNAL_CALL` not set | Check provider.env, restart daemon |
fix(iso): remove real IPs from image, install mother key for daemon user, de-obfuscate docs Three blockers fixed from review of fix/ootb-mother-mcp: 1. Real Tailscale IP removed from image/repo. - external-mcp.json uses "mother" host alias (resolved by SSH config). - Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home). - The real IP lives only on the offline seed (ssh/config), never in the repo or the shipped image. 2. Cross-user key access fixed. - The daemon runs as colibri (home /var/db/colibri), not clawdie. - Seed importer now installs SSH material to both clawdie AND colibri homes (same seed material, same key, separate ~/.ssh). - build.sh dev convenience also copies to both homes. - clawdie-live-seed.README.txt already documents the seed layout. 3. Doc fully de-obfuscated. - All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register. - All real IPs → <mother-tailscale-ip> placeholder. - Removed Step 2 (manual external MCP) + Step 3 (register) — both are now baked into the ISO. - Removed trailing "colibri-mcp" remote command from examples (hardened wrapper rejects non-allowlisted commands).
2026-06-24 11:19:21 +02:00
| Daemon starts, external tools visible, but calls fail | SSH key path wrong in external-mcp.json | Baked path: `/var/db/colibri/.ssh/mother-mcp` |
| `error: unrecognized subcommand` | SSH wrapper getting non-allowlisted command | Wrapper only allows `""` (stdio) and `"tools"`; `ssh mother tools` is correct |
Reference in a new issue Copy permalink