From 6173e185ecc9f88016fe59b7e5747d9352109dcf Mon Sep 17 00:00:00 2001 From: Sam & Claude Date: Tue, 23 Jun 2026 11:36:10 +0200 Subject: [PATCH] docs(seed): document dual-purpose mother-mcp key for Forgejo + mother MCP - Update ssh/config example to show mother-mcp key with both Host entries (mother MCP and code.smilepowered.org with IdentitiesOnly yes) - Add dedicated mother-mcp section explaining the key serves two roles: 1. MCP calls to mother (command=colibri-mcp,restrict) 2. Git pull from Forgejo as a read-only deploy key - Note that read-only is sufficient and limits blast radius - Update START-HERE.txt to mention git pull works OOTB with seeded key --- live/operator-session/START-HERE.txt | 5 +++ .../clawdie-live-seed.README.txt | 35 +++++++++++++++++-- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/live/operator-session/START-HERE.txt b/live/operator-session/START-HERE.txt index d6b8c090..a392edf7 100644 --- a/live/operator-session/START-HERE.txt +++ b/live/operator-session/START-HERE.txt @@ -60,6 +60,11 @@ agent's keys were loaded before the daemon started, so Colibri auto-spawns the agent on boot. Check with: colibri status +If a mother-mcp key was seeded, git pull from Forgejo works out-of-the-box: + cd ~/ai/clawdie-iso && git pull + cd ~/ai/clawdie-ai && git pull +The key is wired via ~/.ssh/config for both mother MCP and code.smilepowered.org. + Readable operator guide: /usr/local/share/clawdie-iso/seed/README.txt diff --git a/live/operator-session/clawdie-live-seed.README.txt b/live/operator-session/clawdie-live-seed.README.txt index 97ae5b6b..0e133e76 100644 --- a/live/operator-session/clawdie-live-seed.README.txt +++ b/live/operator-session/clawdie-live-seed.README.txt @@ -94,12 +94,17 @@ Inside it, any of these are honored: //ssh/.pub OUTBOUND: installed to ~/.ssh/.pub (0644). //ssh/config OUTBOUND: installed to ~/.ssh/config (0600). - Typical use — a host alias for the mother server: + Typical use — host entries for the dual-purpose + mother-mcp key (see next section): Host mother HostName osa.smilepowered.org - User clawdie - IdentityFile ~/.ssh/osa-mother-2026 + User colibri + IdentityFile ~/.ssh/mother-mcp + + Host code.smilepowered.org + IdentityFile ~/.ssh/mother-mcp + IdentitiesOnly yes //ssh/known_hosts OUTBOUND: merged into ~/.ssh/known_hosts (0644), de-duplicated. Pin the mother server's host key @@ -107,6 +112,30 @@ Inside it, any of these are honored: not stop on an unknown-host prompt. Get the line with: ssh-keyscan osa.smilepowered.org + //ssh/mother-mcp DUAL-PURPOSE OUTBOUND KEY. This private key + serves two roles with a single identity: + + 1. MCP calls to mother via colibri-mcp. + The mother server's authorized_keys entry + forces command="colibri-mcp",restrict — + this key can ONLY invoke the MCP tool, + never a shell session. + + 2. Git pull from Forgejo (code.smilepowered.org). + Add this same key as a read-only deploy key + in the Forgejo repository settings (repo → + Settings → Deploy Keys → Add Deploy Key, + with "Enable write access" OFF). Read-only + is sufficient for `git pull` and limits + blast radius if the key is ever compromised. + + Placing a key named mother-mcp here gives the + agent git pull from Forgejo out-of-the-box with + no additional configuration — the accompanying + ssh/config Host entries route it for both + destinations. No other key is needed for either + purpose. + Agent directory names may contain only A-Z a-z 0-9 . _ - (no spaces or slashes). The name `ssh` is reserved for Layer 1.