The agent (a static Go binary) was a separately-named opt-in stage gated by
FEATURE_ZOT=NO, so baseline builds shipped colibri without its agent. It is
really a component of colibri, not its own product surface — so name and stage
it under the colibri umbrella.
- build.cfg: remove FEATURE_ZOT; add internal COLIBRI_STAGE_AGENT (default YES,
undocumented escape hatch for daemon-only debug builds). Keep ZOT_REPO/
ZOT_VERSION as internal staging inputs (they point at the real agent repo+tag).
- build.sh: preflight + install now gate on FEATURE_COLIBRI (and the hidden
COLIBRI_STAGE_AGENT), banner folds the agent into the Colibri line, messages
use colibri-agent naming.
- README: agent harness presented under the colibri control plane; pi retained
as a spawnable agent backend rather than the default harness.
Behavior change for the builder: with FEATURE_COLIBRI=YES (default) the agent
now stages on baseline builds, so preflight FAILS if the agent binary is not
prebuilt in $ZOT_REPO/bin. Build it first (GOOS=freebsd go build -o bin/zot
./cmd/zot) or pass COLIBRI_STAGE_AGENT=NO for a daemon-only image.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Removes stale Herdr references, reserves service clawdie for deployed disk/server targets, and keeps the live USB on colibri_daemon. Drops the baseline live rc.d/clawdie wrapper so the mounted-image contract matches the docs.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
First concrete step of the zot consolidation (colibri ADR). Opt-in FEATURE_ZOT
(default NO; Pi stays default during migration).
- build.cfg: FEATURE_ZOT, ZOT_VERSION (pinned v0.2.29), ZOT_REPO,
ZOT_ARTIFACT_DIR, ZOT_DEEPSEEK_KEY (optional bake).
- scripts/stage-zot-iso.sh: install the prebuilt zot binary -> /usr/local/bin/zot;
populate the operator's $ZOT_HOME (~/.local/state/zot) with auth.json
({"deepseek":{"api_key":...}}, 0600) when a key is given, else an
auth.json.sample template + README (telegram via `zot telegram-bot setup`).
- build.sh: status line, resolve_zot_paths, preflight_zot_artifacts (errors with
the GOOS=freebsd go-build hint — zot has no FreeBSD release), install_zot_agent
(+ chown operator state), wired into preflight + install sequences.
zot is built on the FreeBSD host from the pinned tag:
(cd $ZOT_REPO && git checkout v0.2.29 && GOOS=freebsd GOARCH=amd64 \
go build -trimpath -o bin/zot ./cmd/zot)
sh -n clean; staging smoke-tested (binary staged, auth.json 0600 valid).
Credentials use zot's own resolution (--api-key -> env -> auth.json), replacing
baked-into-binary keys. Default build unchanged (FEATURE_ZOT=NO).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Opt-in NVIDIA_UNIVERSAL lane (default NO; normal/single-branch builds unchanged):
one ISO that adapts to an unknown NVIDIA target.
- build.cfg: NVIDIA_UNIVERSAL flag.
- build.sh: install_nvidia_universal_repo() stages an on-image pkg repo with all
three branches (390/470/580 + settings), pkg-repo metadata, and a file:// repo
conf; universal mode bakes no branch and sets clawdie_live_gpu_mode=nvidia-auto.
- clawdie_live_gpu: nvidia-auto mode detects the device id (PR #30 fix) -> branch
{390,470,590} -> pkg-name -> `pkg install -r clawdie-nvidia` -> kldload, all
best-effort with fallback to integrated/scfb (never blocks boot).
- doc/NVIDIA-UNIVERSAL-HANDOFF.md: Codex FreeBSD build + hardware validation plan.
sh -n clean; detector+branch+pkg map unit-tested on Linux
(1c8c->590->nvidia-driver-580, 0fc8->470, 0e22->390). The pkg fetch/repo layout,
offline boot install, writable root, kernel ABI, and image size MUST be validated
on the FreeBSD build host + real NVIDIA hardware (see handoff).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Consolidates the operator-USB work into main now that the AMD ASUS hardware-evidence collection is closed and Codex is parked. Brings the live-session hardware lane (XInput/libinput touchpad guard, internal audio + resolver bootstrap, hw-report with gated public upload, operator-USB branding) and the config-only XFCE panel polish (Pass 1 + Pass 2: branded Whisker PNG, xkb text mode, panel 40px, systray square-icons).
Conflict: doc/LLM-PROVIDER-HARNESS.md was evolved on both sides. Resolved as a union with no content lost — the xfce-side harness/provider/fabric restructure is the base, and main's two unique blocks (Verifying Key Cleanup flow, the 2D Platform x Harness matrix + populate/add procedures) are preserved. The doc owner may later dedupe the overlap between the two 1D matrices and the 2D matrix.
Verification debt stays explicit and open (not closed by this merge): XFCE visual-polish confirmation and the next rebuilt-image hardware retest, per doc/XFCE-PANEL-BUGS-HANDOFF.md and PLAN-OPERATOR-USB-NEXT.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Use packages/npm-globals.txt as the source of truth for offline npm CLI tarballs, update Pi to 0.75.5, and keep Claude Code out of the XFCE USB path.
---
Build: not run — ISO build not requested
Tests: pass — sh -n fetch-npm-globals and shell-npm-globals; pinned npm pack smoke passed
Live GUI installs now write runtime handoff files under /var/run/clawdie-installer, invoke bsdinstall script through a dedicated commit helper, persist the installed handoff for first HDD boot, and point the operator at /setup after reboot.
The live autologin user is restricted to a narrow sudoers rule for the commit helper and reboot only.
Build: pass
Tests: pass — sh -n + QML build + config-format + stubbed live-commit dry-run
Real-disk / bhyve install: NOT YET TESTED
- build.sh now runs npm ci at ISO build time and bundles node_modules into the clawdie-ai payload tarball\n- firstboot deploy ensures node_modules exist (fallback: npm ci, network required)\n- test mode skips venv/model seeding + verify to avoid host side effects\n- docs/tests updated to match
Ships @anthropic-ai/claude-code, @google/gemini-cli, and
@mariozechner/pi-coding-agent as prebuilt .tgz tarballs on the install
media so the agent runtime has its CLI dependencies on first boot
without network access.
Critical: installs to /home/clawdie/.npm-global to match the
npm_config_prefix set by shell-system.sh in /etc/profile.d/clawdie.sh,
so the clawdie user's PATH (and the agent's commandExists() probes)
actually resolve the binaries.
- scripts/fetch-npm-globals.sh: npm pack the 3 CLIs into tmp/npm-globals/
- firstboot/shell-npm-globals.sh: offline install as clawdie user with
matching prefix, runs between pkg setup and deploy
- build.sh: fetch + bundle into ${SHARE}/npm-globals/
- firstboot.sh: source module and run_step before deploy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
- Change default FEATURE_TAILSCALE from NO to YES
- Add build-time warning if TAILSCALE_AUTHKEY not set
- Update firstboot wizard: Tailscale moves to screen 2
- Add summary screen showing Tailscale status
- Update shell-tailscale.sh to handle missing auth key gracefully
- Update BUILD.md with new recommended/optional flow
User experience:
- With auth key: Tailscale auto-connects (secure)
- Without auth key: Warning shown, build continues (public SSH)
- Wizard allows enabling/disabling with clear warnings
No breaking changes - existing builds still work.
