clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Seed live AI source snapshots under home

Browse source 
Prepopulate /home/clawdie/ai with source snapshots for clawdie-iso, clawdie-ai, and colibri when available on the build host. Use git archive of HEAD so provider keys, .env files, tmp, caches, and uncommitted private state are not baked into the image.\n\nChecks: sh -n build.sh live/operator-session/clawdie-xfce-visuals-guard.sh live/operator-session/hw-report; ./scripts/check-format.sh; git diff --check.
This commit is contained in:
Sam & Claude 2026-06-01 22:28:19 +02:00
parent 6e8e68fdb1
commit fc10d622de
2 changed files with 69 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
PLAN-OPERATOR-USB-NEXT.md
View file

@ -624,12 +624,13 @@ and let that agent inspect the live system and the shipped source side by side.
**Goal:** make the live USB self-debuggable without first cloning repositories **Goal:** make the live USB self-debuggable without first cloning repositories
over a possibly flaky network. over a possibly flaky network.
**Candidate layout:** **Candidate layout:** keep the source snapshots under one operator-facing
folder so `$HOME` stays uncluttered:
```text ```text
/home/clawdie/src/clawdie-iso /home/clawdie/ai/clawdie-iso
/home/clawdie/src/clawdie-ai /home/clawdie/ai/clawdie-ai
/home/clawdie/src/colibri /home/clawdie/ai/colibri
``` ```
**Implementation notes:** **Implementation notes:**
@ -640,7 +641,7 @@ over a possibly flaky network.
- Prefer the exact branch/commit used by the image build, recorded in - Prefer the exact branch/commit used by the image build, recorded in
`/usr/local/share/clawdie-iso/build-manifest.json` and visible from `/usr/local/share/clawdie-iso/build-manifest.json` and visible from
`hw-report`. `hw-report`.
- The checkouts should be owned by `clawdie:clawdie` and readable/writable from - The snapshots should be owned by `clawdie:clawdie` and readable/writable from
XFCE terminals. XFCE terminals.
- Keep provider authentication manual. The image may include code, but it must - Keep provider authentication manual. The image may include code, but it must
not bake provider credentials. not bake provider credentials.

63
build.sh
View file

@ -802,6 +802,67 @@ install_live_npm_globals() {
fi fi
} }
seed_live_ai_source_repo() {
_repo_src="$1"
_repo_name="$2"
_repo_dest="${MOUNT_POINT}/home/clawdie/ai/${_repo_name}"
if [ ! -d "${_repo_src}" ]; then
echo " Skipping AI source seed ${_repo_name}: ${_repo_src} not found"
return 0
fi
if ! command -v git >/dev/null 2>&1 || ! git -C "${_repo_src}" rev-parse --git-dir >/dev/null 2>&1; then
echo " Skipping AI source seed ${_repo_name}: not a git worktree"
return 0
fi
echo " Seeding AI source snapshot: ${_repo_name}"
rm -rf "${_repo_dest}"
mkdir -p "${_repo_dest}"
git -C "${_repo_src}" archive --format=tar HEAD | tar -C "${_repo_dest}" -xf -
_repo_branch=$(git -C "${_repo_src}" symbolic-ref --short -q HEAD 2>/dev/null || echo detached)
_repo_commit=$(git -C "${_repo_src}" rev-parse HEAD 2>/dev/null || echo unknown)
_repo_origin=$(git -C "${_repo_src}" remote get-url origin 2>/dev/null || echo unknown)
_repo_dirty=false
if ! git -C "${_repo_src}" diff --quiet 2>/dev/null || ! git -C "${_repo_src}" diff --cached --quiet 2>/dev/null; then
_repo_dirty=true
fi
cat > "${_repo_dest}/.clawdie-source.json" <<EOF
{
"name": "$(json_escape "${_repo_name}")",
"source_path": "$(json_escape "${_repo_src}")",
"origin": "$(json_escape "${_repo_origin}")",
"branch": "$(json_escape "${_repo_branch}")",
"commit": "$(json_escape "${_repo_commit}")",
"dirty_at_build": ${_repo_dirty},
"snapshot_note": "git archive of HEAD; uncommitted changes and ignored/private files are not included"
}
EOF
}
install_live_ai_source_snapshots() {
echo " Installing live AI source snapshots..."
mkdir -p "${MOUNT_POINT}/home/clawdie/ai"
cat > "${MOUNT_POINT}/home/clawdie/ai/README.txt" <<'EOF'
Clawdie live AI source snapshots
These directories are included so the operator can start a local provider-backed
Pi session from the live XFCE desktop and inspect the shipped source beside the
running system.
No API keys, .env files, SSH private keys, build caches, package caches, tmp/
directories, or uncommitted worktree changes are included. Each snapshot has a
.clawdie-source.json file recording the source remote, branch, commit, and dirty
state at image build time.
EOF
seed_live_ai_source_repo "${SCRIPT_DIR}" "clawdie-iso"
seed_live_ai_source_repo "${SCRIPT_DIR}/../clawdie-ai" "clawdie-ai"
seed_live_ai_source_repo "${SCRIPT_DIR}/../colibri" "colibri"
chroot "${MOUNT_POINT}" chown -R clawdie:clawdie /home/clawdie/ai
}
configure_live_operator_session() { configure_live_operator_session() {
echo " Configuring live operator session..." echo " Configuring live operator session..."
@ -1152,6 +1213,8 @@ EOF
"${MOUNT_POINT}/home/clawdie/Desktop/Clawdie Bootstrap.desktop" \ "${MOUNT_POINT}/home/clawdie/Desktop/Clawdie Bootstrap.desktop" \
"${MOUNT_POINT}/home/clawdie/Desktop/Clawdie Hardware Report.desktop" "${MOUNT_POINT}/home/clawdie/Desktop/Clawdie Hardware Report.desktop"
install_live_ai_source_snapshots
# The stock FreeBSD install memstick is intentionally read-only. This live # The stock FreeBSD install memstick is intentionally read-only. This live
# operator USB needs a writable root so SDDM, Xorg, NetworkMgr, logs, and # operator USB needs a writable root so SDDM, Xorg, NetworkMgr, logs, and
# operator diagnostics can create runtime state on the flashed stick. # operator diagnostics can create runtime state on the flashed stick.