From c45360864a0a0c84eafc370b945608223d166ef6 Mon Sep 17 00:00:00 2001 From: Sam & Claude Date: Mon, 15 Jun 2026 07:37:16 +0200 Subject: [PATCH] feat(iso): stage colibri test agent and provider key help (Sam & Codex) Switch ISO staging/docs from colibri-smoke-agent to colibri-test-agent, include rust/pkgconf for live Colibri rebuilds, stage provider.env.sample, wire the provider env rc.conf path, and document LLM key setup on the Firefox bootstrap page.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md live/operator-session/bootstrap.html BUILD.md TESTING.md README.md; sh -n scripts/stage-colibri-iso.sh; sh -n build.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check. --- BUILD.md | 2 +- TESTING.md | 8 +++---- build.sh | 5 +++-- docs/LIVE-COLIBRI-REBUILD.md | 10 ++++----- live/operator-session/bootstrap.html | 20 +++++++++++++++++ packages/pkg-list-live-operator.txt | 4 ++++ scripts/stage-colibri-iso.sh | 32 ++++++++++++++++++---------- 7 files changed, 58 insertions(+), 23 deletions(-) diff --git a/BUILD.md b/BUILD.md index c91b3f50..7c0198b6 100644 --- a/BUILD.md +++ b/BUILD.md @@ -82,7 +82,7 @@ Colibri-backed. The image includes: ```text /usr/local/bin/colibri-daemon /usr/local/bin/colibri -/usr/local/bin/colibri-smoke-agent +/usr/local/bin/colibri-test-agent /usr/local/bin/colibri-mcp # MCP bridge for Zed/Claude Code/Cursor /usr/local/bin/colibri-tui # if present in the artifact dir /usr/local/etc/rc.d/colibri_daemon diff --git a/TESTING.md b/TESTING.md index 41352075..331eb564 100644 --- a/TESTING.md +++ b/TESTING.md @@ -334,7 +334,7 @@ sudo mdconfig -d -u md0 ## Level 2: bhyve Verification Gate Use bhyve as the standard pre-hardware gate when the ML350p lane is available. -This is no longer just an opportunistic smoke test; it is the default +This is no longer just an opportunistic startup check; it is the default middle-stage verification between static artifact checks and physical hardware. Treat bhyve as authoritative for boot/runtime plumbing and still treat real @@ -558,7 +558,7 @@ proprietary NVIDIA stack. Linux baseline probe: [linux-hardware.org/?probe=efd5b5b389](https://linux-hardware.org/?probe=efd5b5b389) -This is a real deploy target. First-boot smoke set for this machine +This is a real deploy target. First-boot check set for this machine (or any AMD Ryzen U-series laptop) once the image lands: ```sh @@ -783,7 +783,7 @@ mdo -u root fwget -n # dry run ### What to do when the chipset is unsupported The live USB image is still useful — all daemons bind to `lo0` too, so -`sshd`, Avahi, and the local stack can be smoke-tested without network. +`sshd`, Avahi, and the local stack can be validated without network. For end-to-end validation, swap to a supported dongle from the lists above. @@ -1069,7 +1069,7 @@ Mark the image good only when all of these are true: - [ ] `/` is read-write, `/tmp` and `/var/log` are tmpfs, and `/var/tmp` stays on disk - [ ] `~/.cache` points at `/tmp/clawdie/cache` - [ ] `/usr/local/etc/xdg/xfce4/xinitrc` and `clawdie` xinitrc fallbacks are executable -- [ ] `xinit`/`startx`, `clawdie-startx`, `clawdie-gui`, and `xterm` are present for minimal Xorg rescue/smoke testing +- [ ] `xinit`/`startx`, `clawdie-startx`, `clawdie-gui`, and `xterm` are present for minimal Xorg rescue/startup checking - [ ] `/var/lib/xkb` exists and XKB keymap compilation succeeds - [ ] `XDG_RUNTIME_DIR` resolves to `/var/run/user/` - [ ] `clawdie_live_gpu` log shows a sensible path or a clear fallback diff --git a/build.sh b/build.sh index 84058fa1..e49ab746 100755 --- a/build.sh +++ b/build.sh @@ -337,7 +337,7 @@ preflight_colibri_artifacts() { echo " Set COLIBRI_REPO=/path/to/colibri or FEATURE_COLIBRI=NO." exit 1 fi - for _colibri_bin in colibri-daemon colibri colibri-smoke-agent colibri-mcp; do + for _colibri_bin in colibri-daemon colibri colibri-test-agent colibri-mcp; do if [ ! -x "${_resolved_colibri_artifact_dir}/${_colibri_bin}" ]; then echo "ERROR: Colibri release binary missing: ${_resolved_colibri_artifact_dir}/${_colibri_bin}" command -v cargo >/dev/null 2>&1 || \ @@ -818,6 +818,7 @@ install_colibri_service() { set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_socket="/var/run/colibri/colibri.sock"' set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_db_path="/var/db/colibri/colibri.sqlite"' set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_logfile="/var/log/colibri/daemon.log"' + set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_provider_env="/usr/local/etc/colibri/provider.env"' set_config_line "${MOUNT_POINT}/etc/rc.conf" 'colibri_daemon_host="$(hostname)"' set_config_line "${MOUNT_POINT}/etc/rc.conf" "colibri_cost_mode=\"${COLIBRI_COST_MODE:-smart}\"" @@ -851,7 +852,7 @@ install_colibri_service() { _now=$(date -u +%Y-%m-%dT%H:%M:%SZ) sqlite3 "${_colibri_db}" "INSERT OR IGNORE INTO skills (id, name, description, category, created_at) VALUES ('$(uuidgen || echo 00000000-0000-0000-0000-000000000001)', 'freebsd-live-usb', 'FreeBSD live USB operator workstation procedures', 'freebsd', '${_now}'), - ('$(uuidgen || echo 00000000-0000-0000-0000-000000000002)', 'colibri-smoke', 'Colibri daemon smoke test and validation', 'colibri', '${_now}'), + ('$(uuidgen || echo 00000000-0000-0000-0000-000000000002)', 'colibri-test', 'Colibri daemon startup check and validation', 'colibri', '${_now}'), ('$(uuidgen || echo 00000000-0000-0000-0000-000000000003)', 'iso-build', 'Clawdie ISO build and staging workflow', 'iso', '${_now}'), ('$(uuidgen || echo 00000000-0000-0000-0000-000000000004)', 'tailscale-join', 'Tailscale mesh join procedure for operator USB', 'networking', '${_now}'), ('$(uuidgen || echo 00000000-0000-0000-0000-000000000005)', 'disk-deploy', 'Deploy from USB live to permanent disk install. Provisions ZFS pool, installs FreeBSD boot environment, migrates config, and prepares for the future deployed-system clawdie service.', 'clawdie', '${_now}'), diff --git a/docs/LIVE-COLIBRI-REBUILD.md b/docs/LIVE-COLIBRI-REBUILD.md index b6da912c..300cfcef 100644 --- a/docs/LIVE-COLIBRI-REBUILD.md +++ b/docs/LIVE-COLIBRI-REBUILD.md @@ -25,7 +25,7 @@ For rebuilds, clone a fresh working checkout into a separate directory such as ## Required live packages -Future ISOs should include these packages to make this path available out of the +Live operator ISOs include these packages to make this path available out of the box: ```text @@ -102,7 +102,7 @@ Expected outputs: ```text target/release/colibri-daemon target/release/colibri -target/release/colibri-smoke-agent +target/release/colibri-test-agent target/release/colibri-mcp target/release/colibri-tui ``` @@ -122,7 +122,7 @@ mdo -u root rm -f /var/run/colibri/colibri-daemon-supervisor.pid mdo -u root install -m 0555 target/release/colibri-daemon /usr/local/bin/colibri-daemon mdo -u root install -m 0555 target/release/colibri /usr/local/bin/colibri -mdo -u root install -m 0555 target/release/colibri-smoke-agent /usr/local/bin/colibri-smoke-agent +mdo -u root install -m 0555 target/release/colibri-test-agent /usr/local/bin/colibri-test-agent mdo -u root install -m 0555 target/release/colibri-mcp /usr/local/bin/colibri-mcp mdo -u root install -m 0555 target/release/colibri-tui /usr/local/bin/colibri-tui mdo -u root install -m 0555 packaging/freebsd/colibri_daemon.in /usr/local/etc/rc.d/colibri_daemon @@ -209,8 +209,8 @@ Expected: ## Future ISO improvement -Add a helper script, tentatively `/usr/local/bin/colibri-live-rebuild`, that -automates this runbook: +A future helper script, tentatively `/usr/local/bin/colibri-live-rebuild`, should +automate this runbook: 1. clone/update `/home/clawdie/ai/colibri-build` 2. checkout requested branch or commit diff --git a/live/operator-session/bootstrap.html b/live/operator-session/bootstrap.html index f20d6205..ad83a1b2 100644 --- a/live/operator-session/bootstrap.html +++ b/live/operator-session/bootstrap.html @@ -90,6 +90,7 @@
  • colibri-daemon — agent supervisor, skills catalog, Glasspane state machine
  • colibri-tui — live ratatui dashboard (agent states, spawn/kill, sessions)
  • colibri-mcp — MCP bridge for Zed, Claude Code, Cursor, and other MCP clients
    • +
  • colibri-test-agent — local no-network Colibri launch check
  • Firefox browser
  • Tailscale package (needs auth key)
  • pi coding agent harness (npm global)
    • @@ -120,6 +121,7 @@ colibri list-tasks # Coordination board colibri list-skills # Skills catalog colibri-mcp tools # MCP bridge, read-only by default COLIBRI_MCP_WRITE=1 colibri-mcp tools # trusted write-capable profile +colibri spawn-local /usr/local/bin/colibri-test-agent --session-id local-check colibri create-task --title "check network" colibri list-tasks --status queued

    @@ -127,6 +129,24 @@ colibri list-tasks --status queued /usr/local/share/clawdie-iso/mcp-examples/.

    +

    LLM provider keys

    +

    + Colibri can run local checks without a key. Remote providers need a key + in /usr/local/etc/colibri/provider.env. Keep this file + root-owned and mode 0600; it is read when + colibri_daemon starts. +

    + 
    +mdo -u root cp /usr/local/etc/colibri/provider.env.sample /usr/local/etc/colibri/provider.env
+mdo -u root chmod 600 /usr/local/etc/colibri/provider.env
+mdo -u root ee /usr/local/etc/colibri/provider.env
+mdo -u root service colibri_daemon restart
    +

    Put only the providers you use in that file:

    + 
    +DEEPSEEK_API_KEY="sk-..."
+OPENROUTER_API_KEY="sk-or-..."
+ANTHROPIC_API_KEY="sk-ant-..."
    +

    pi assistant

     pi                         # interactive session
diff --git a/packages/pkg-list-live-operator.txt b/packages/pkg-list-live-operator.txt
index 9f4bd4c4..d404cac4 100644
--- a/packages/pkg-list-live-operator.txt
+++ b/packages/pkg-list-live-operator.txt
@@ -21,6 +21,10 @@ bash
 zsh
 ohmyzsh
 git
+# Live Colibri rebuild lane: lets the running USB rebuild and redeploy Colibri
+# without a full ISO rebuild for every small service/runtime iteration.
+rust
+pkgconf
 tailscale
 avahi-app
 nss_mdns
diff --git a/scripts/stage-colibri-iso.sh b/scripts/stage-colibri-iso.sh
index 7d258122..5342c5e1 100755
--- a/scripts/stage-colibri-iso.sh
+++ b/scripts/stage-colibri-iso.sh
@@ -60,7 +60,7 @@ mkdir -p "${BIN_DIR}" "${RC_DIR}" "${ETC_DIR}" "${NEWSYSLOG_DIR}" "${DB_DIR}" "$
 
 copy_bin colibri-daemon
 copy_bin colibri
-copy_bin colibri-smoke-agent
+copy_bin colibri-test-agent
 copy_bin colibri-mcp
 
 if [ "${COLIBRI_STAGE_INCLUDE_TUI}" != "0" ] && [ -x "${COLIBRI_ARTIFACT_DIR}/colibri-tui" ]; then
@@ -72,6 +72,7 @@ install -m 0644 "${NEWSYSLOG_SOURCE}" "${NEWSYSLOG_DIR}/colibri.conf"
 
 if ! grep -q '^command="/usr/sbin/daemon"' "${RC_DIR}/colibri_daemon" || \
    ! grep -q -- '-o .*colibri_daemon_binary' "${RC_DIR}/colibri_daemon" || \
+   ! grep -q 'colibri_daemon_provider_env' "${RC_DIR}/colibri_daemon" || \
    ! grep -q 'rm -f "${colibri_daemon_socket}" "${pidfile}" "${supervisor_pidfile}"' "${RC_DIR}/colibri_daemon" || \
    ! grep -q 'chmod 644 "${pidfile}"' "${RC_DIR}/colibri_daemon" || \
    ! grep -q 'chmod 660 "${colibri_daemon_socket}"' "${RC_DIR}/colibri_daemon"; then
@@ -86,15 +87,6 @@ if grep -q -- '-u \${colibri_daemon_user}' "${RC_DIR}/colibri_daemon"; then
     exit 66
 fi
 
-# Add DeepSeek API key and cache warming to daemon environment.
-# These are injected into the rc.d prestart so the daemon picks them up
-# without needing a separate config file.
-sed -i '' '/export COLIBRI_COST_MODE/a\
-    export DEEPSEEK_API_KEY="${DEEPSEEK_API_KEY:-}"\
-    export COLIBRI_CACHE_WARMING="true"\
-    export COLIBRI_CACHE_WARMING_INTERVAL_HOURS="6"' \
-    "${RC_DIR}/colibri_daemon"
-
 cat > "${ETC_DIR}/rc.conf.sample" < "${ETC_DIR}/provider.env.sample" <<'EOF'
+# Optional provider keys for colibri_daemon. Copy this file to provider.env,
+# chmod it 0600, fill in only the providers you use, then restart the service.
+#
+# DEEPSEEK_API_KEY="sk-..."
+# OPENROUTER_API_KEY="sk-or-..."
+# ANTHROPIC_API_KEY="sk-ant-..."
+#
+# Optional endpoints/models:
+# DEEPSEEK_ENDPOINT="https://api.deepseek.com/chat/completions"
+# DEEPSEEK_MODEL="deepseek-chat"
+EOF
+
 cat > "${ETC_DIR}/README.iso" <<'EOF'
 Colibri ISO staging notes
 =========================
@@ -117,11 +123,15 @@ Colibri ISO staging notes
 The ISO build creates the colibri user/group and stages the rc.d service.
 The colibri-daemon runs under daemon(8) supervision and is enabled at boot.
 If the daemon fails, it restarts automatically without blocking SDDM/XFCE.
+Provider keys are optional and live in /usr/local/etc/colibri/provider.env.
+Keep that file root-owned and mode 0600, then restart colibri_daemon.
+
 Runtime validation:
 
   service colibri_daemon start
   colibri status
-  colibri create-task --title "iso smoke"
+  colibri spawn-local /usr/local/bin/colibri-test-agent --session-id iso-check
+  colibri create-task --title "iso check"
   colibri list-tasks --status queued
   colibri-mcp tools
   COLIBRI_MCP_WRITE=1 colibri-mcp tools   # trusted write-capable MCP profile