From 3fd3bc7560021b65b45adff8ee38c2c792fb8885 Mon Sep 17 00:00:00 2001 From: Sam & Claude Date: Wed, 24 Jun 2026 11:04:36 +0200 Subject: [PATCH] fix(iso): pre-configure mother MCP OOTB + fix docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two changes so the USB connects to mother on first boot with no manual steps: 1. stage-colibri-iso.sh: external-mcp.json is now pre-configured with the mother server entry (colibri@100.72.229.63, no remote command — the hardened wrapper starts colibri-mcp in stdio MCP mode). Previously staged as empty {}; the operator had to create it manually or run clawdie-enable-mother. 2. provider.env now includes COLIBRI_MCP_EXTERNAL_CALL=1 by default (already set on osa; missing from the ISO defaults). 3. SETUP-USB-TO-MOTHER.md: removed Step 3 (manual external-mcp.json), fixed the diagram to match the hardened wrapper (no remote command), corrected the server name from "m0th3r"/"c0l1br1" to the real names. The SSH key, config, and known_hosts still come from the CLAWDIESEED seed partition — the image carries no secrets. Without the seed the connection fails gracefully. --- docs/SETUP-USB-TO-MOTHER.md | 47 ++++++++---------------------------- scripts/stage-colibri-iso.sh | 26 ++++++++++++++++---- 2 files changed, 31 insertions(+), 42 deletions(-) diff --git a/docs/SETUP-USB-TO-MOTHER.md b/docs/SETUP-USB-TO-MOTHER.md index a7f5fa25..faa8b8d3 100644 --- a/docs/SETUP-USB-TO-MOTHER.md +++ b/docs/SETUP-USB-TO-MOTHER.md @@ -20,15 +20,14 @@ sent to mother, and stored in PostgreSQL `mother_hive.hive_nodes`. │ │ │ colibri-daemon │ │ │ │ -│ │ external-mcp.json: │ +│ │ external-mcp.json (baked): │ │ │ "mother": { │ │ │ "command": "ssh", │ -│ │ "args": ["-i", "~/.ssh/m0th3r-mcp", │ -│ │ "c0l1br1@100.72.229.63", │ -│ │ "colibri-mcp"] │ +│ │ "args": ["-i", "~/.ssh/mother-mcp", │ +│ │ "colibri@100.72.229.63"] │ │ │ } │ │ │ │ -│ │ spawns persistent SSH child process │ +│ │ spawns persistent SSH child (no remote command) │ │ │ JSON-RPC flows over stdin/stdout ──────────────────────┐ │ │ │ │ │ │ │ clawdie-hw-probe → JSON → │ │ @@ -45,8 +44,7 @@ sent to mother, and stored in PostgreSQL `mother_hive.hive_nodes`. │ /var/db/colibri/.ssh/authorized_keys: │ │ │ command="/usr/local/bin/colibri-mcp-ssh",restrict,... ◄────┘ │ │ │ -│ colibri-mcp-ssh → strips forced-command wrapper │ -│ → passes "tools" subcommand to colibri-mcp │ +│ colibri-mcp-ssh → starts colibri-mcp in stdio MCP mode │ │ │ │ PostgreSQL mother_hive.hive_nodes ← hw-probe JSON stored │ │ │ @@ -112,37 +110,12 @@ grep EXTERNAL_CALL /usr/local/etc/colibri/provider.env ## Step 3: Register mother as external MCP server (on USB) -```bash -# === ON USB, as clawdie === +external-mcp.json is now baked into the ISO image by +`scripts/stage-colibri-iso.sh` with the mother server pre-configured. +No manual step is needed — the daemon picks it up on first boot. -sudo tee /usr/local/etc/colibri/external-mcp.json << 'JSON' -{ - "servers": { - "m0th3r": { - "command": "ssh", - "args": [ - "-i", "/home/clawdie/.ssh/m0th3r-mcp", - "-o", "StrictHostKeyChecking=accept-new", - "c0l1br1@100.72.229.63", - "colibri-mcp" - ], - "env": {} - } - } -} -JSON - -# Verify JSON syntax: -python3.11 -m json.tool /usr/local/etc/colibri/external-mcp.json > /dev/null \ - && echo "OK" || echo "INVALID JSON" -``` - -**What happens at daemon startup**: the daemon reads `external-mcp.json`, -spawns `ssh c0l1br1@100.72.229.63 colibri-mcp` as a persistent child process, -and pipes JSON-RPC over stdin/stdout. The mother-side `colibri-mcp-ssh` -wrapper (in `authorized_keys` via `command=`) strips the SSH forced-command -layer and passes subcommands directly to `colibri-mcp`. One SSH connection -per daemon lifetime — no reconnect overhead. +To add additional external MCP servers post-install, edit +`/usr/local/etc/colibri/external-mcp.json` and restart the daemon. ## Step 4: Install clawdie-hw-probe (on USB) diff --git a/scripts/stage-colibri-iso.sh b/scripts/stage-colibri-iso.sh index 17df709a..5678b8c8 100755 --- a/scripts/stage-colibri-iso.sh +++ b/scripts/stage-colibri-iso.sh @@ -124,16 +124,32 @@ COLIBRI_AUTOSPAWN_BINARY="zot" # Telegram bot token — set this to enable the bot channel (@your_bot). # Leave blank to use CLI/TUI/Dashboard channels only. # TELEGRAM_BOT_TOKEN="" + +# Enable external MCP server calls so the daemon can connect to mother +# (OSA) for hive-node registration. The SSH key comes from the seed +# partition; without it the connection fails gracefully. +COLIBRI_MCP_EXTERNAL_CALL="1" EOF chmod 0600 "${ETC_DIR}/provider.env" 2>/dev/null || true -# External MCP server registry — empty by default. The "Enable Mother Link" -# action (clawdie-enable-mother) adds a server entry here; colibri-mcp reads it -# when launched with COLIBRI_MCP_EXTERNAL_CALL=1. Path matches colibri-mcp's -# default COLIBRI_MCP_EXTERNAL_CONFIG. +# External MCP server registry. The mother server entry is pre-configured so +# the daemon connects to mother OOTB; the SSH key, known_hosts, and config +# come from the CLAWDIESEED seed partition (see clawdie-live-seed.README.txt). +# Without the seed, the connection fails gracefully — the daemon keeps running. +# Path matches colibri-mcp's default COLIBRI_MCP_EXTERNAL_CONFIG. cat > "${ETC_DIR}/external-mcp.json" <<'EOF' { - "servers": {} + "servers": { + "mother": { + "command": "ssh", + "args": [ + "-i", "/home/clawdie/.ssh/mother-mcp", + "-o", "StrictHostKeyChecking=accept-new", + "colibri@100.72.229.63" + ], + "env": {} + } + } } EOF chmod 0644 "${ETC_DIR}/external-mcp.json" 2>/dev/null || true