Standardize the ISO on the agreed Python 3.12 floor (operator + Hermes +
Claude consensus; see layered-soul/docs/TOOLCHAIN.md).
- pkg lists: python311->python312, py311-{pip,aider_chat,pillow}->py312-*
- build.sh: derive the installed python3.N for the python3/python symlink so a
future bump needs only a pkg-list change, never an edit here
- shell-deploy.sh: create the Aider venv with 'python3 -m venv' (resolves via
the symlink) instead of a hardcoded python3.11
- import-clawdie-skills.sh: python3 fallback instead of python3.11
- BUILD.md: doc references
Aider kept (bumped, not dropped): redundant coding tooling is intentional per
the agent matrix.
Pre-merge gate: confirm FreeBSD pkg coverage on osa —
pkg search '^py312-aider_chat' '^py312-pygobject'
(common modules pillow/pip are safe).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- shell-system.sh (runs last, step 6): rewrite .profile with agent launcher,
full .bashrc with sudo() shell function that fire-and-forget snapshots
zroot@cli-<ts> before mdo -u root. PATH, prompt, history, aliases (ll/la/lt).
Agent fallback for non-login shells via ~/.ssh-agent-env.
- shell-ssh.sh (step 4): strip to ~/.ssh/config only. Agent/profile/tmux
seeding moved to shell-system.sh so it is not overwritten.
- AGENTS.md: document sudo→mdo decision with rationale table (ISO size,
audit surface, single privilege path, ZFS rollback safety).
- Tier 1: seed ~/.profile with eval $(ssh-agent -s) launcher (FreeBSD,
no systemd). AddKeysToAgent alone does not start an agent; without a
launcher headless/SSH-in shells still get "Could not open connection".
- Tier 3: drop set-option -g update-environment from tmux.conf seed.
tmux default already includes SSH_AUTH_SOCK + DISPLAY/XAUTHORITY.
set -g replaces the entire list, breaking X11 GUI apps on XFCE.
- Remove .graphifyignore per project policy (graph artifacts not
committed, tool not integrated into ISO repo).
shell-ssh.sh now seeds ~/.ssh/config (AddKeysToAgent yes) and
~/.tmux.conf (SSH_AUTH_SOCK persistence) after SSH key install.
Idempotent — appends to existing configs if already present.
Fixes agent-dead-after-tmux-restart for every fresh Clawdie install.
Use packages/npm-globals.txt as the source of truth for offline npm CLI tarballs, update Pi to 0.75.5, and keep Claude Code out of the XFCE USB path.
---
Build: not run — ISO build not requested
Tests: pass — sh -n fetch-npm-globals and shell-npm-globals; pinned npm pack smoke passed
- TESTING.md: expected output banner now matches updated integration-test.sh
- shell-env.sh: EMBED_BASE_URL defaults to empty when no OpenRouter key exists, letting config.ts resolve dynamically at runtime instead of baking localhost:8080 into .env
- shell-pf.sh: BRIDGE is now always warden0 (matches jail-config.ts and AGENTS.md)
- CompletePage.qml: token text now says will be generated after first boot
- NETWORKING.md: updated to reflect warden0 fix
Collect optional SSH public key and Tailscale auth key in the live installer, keep the controlplane loopback-bound by default, allow SSH over tailscale0, and rotate the post-install setup token into /var/db/clawdie-installer/setup-token with MOTD guidance for SSH tunnel access.
This slice is install-mode only; upgrade runs do not mint a new setup token.
Build: pass
Tests: pass — sh -n + QML build + config-format + mocked setup-token writer dry-run
Real-disk / bhyve install: NOT YET TESTED
Live GUI installs now write runtime handoff files under /var/run/clawdie-installer, invoke bsdinstall script through a dedicated commit helper, persist the installed handoff for first HDD boot, and point the operator at /setup after reboot.
The live autologin user is restricted to a narrow sudoers rule for the commit helper and reboot only.
Build: pass
Tests: pass — sh -n + QML build + config-format + stubbed live-commit dry-run
Real-disk / bhyve install: NOT YET TESTED
Generate CONTROLPLANE_SHARED_SECRET and BETTER_AUTH_SECRET at install
time via openssl rand. Add CONTROLPLANE_HOST_IP, CONTROLPLANE_AUTH_MODE,
CONTROLPLANE_PORT, BETTER_AUTH_URL, GIT_LOCAL_URL to both install heredoc
and upgrade append path. Default to bare git repo (CODE_HOSTING_MODE=git)
instead of Forgejo.
---
Build: pass | Tests: not run (Linux) — shell script, bash -n validated
Four critical fixes before v1.0.0 VM test, informed by PC-BSD failure
modes and GhostBSD's improvements:
1. shell-zfs.sh: zpool labelclear on fresh install
Clear ZFS labels from every device that was in the old pool before
bsdinstall writes new ones. Prevents the "can't find pool by GUID"
boot failure that made PC-BSD reinstalls unreliable.
2. shell-zfs.sh: pre-upgrade snapshot
When operator selects Upgrade, take zfs snapshot -r
pool@pre-upgrade-{timestamp} before any changes. One reboot to
roll back if the upgrade goes wrong. UPGRADE_SNAPSHOT exported for
downstream modules to reference.
3. shell-env.sh: never overwrite secrets on upgrade
clawdie_shell_env_generate() now checks CLAWDIE_BOOT_MODE. In
upgrade mode it calls clawdie_shell_env_append_new_keys() instead
of regenerating — reads existing .env and appends only keys that
are absent. Existing DB passwords, JWT secrets, API keys are never
touched. This fixes the root cause of the orphaned-database bug:
new passwords that don't match the existing pool's data.
4. firstboot.sh: module execution matrix via run_step_if
New run_step_if "<modes>" wrapper marks steps as done without
running them when not applicable to the current boot mode.
Upgrade skips: gpu, nvidia, ssh, system, desktop, pf, tailscale
Upgrade runs: pkg, env (append-only), npm-globals, deploy
Prevents SSH key resets, rc.conf overwrites, and firewall rewrites
during upgrade — all of which undid operator customisations.
Also adds INSTALLER-PLAN.md: full architecture plan for unified
GUI/TUI installer with Fresh / Upgrade / Repair modes, boot
environment support, and a clear phase roadmap to v1.1.0.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
shell-deploy.sh was dropping to the clawdie user before running
just install. setup/service.ts checks isRoot() to decide whether
to install the rc.d service or generate start/stop wrappers — so
running as clawdie meant the agent was never registered with
FreeBSD's service manager and never started at boot.
Fix: run the installer as root. setup/service.ts already handles
privilege separation correctly when invoked as root: it writes
/usr/local/etc/rc.d/{agent}, adds -u {agent} to daemon args so
the running process is never root, and chowns data/logs/groups to
the agent user to prevent EACCES on first write.
Also adds DB_RUNTIME to the generated .env seed so operators can
see the jail vs host postgres option without reading the docs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- build.sh now runs npm ci at ISO build time and bundles node_modules into the clawdie-ai payload tarball\n- firstboot deploy ensures node_modules exist (fallback: npm ci, network required)\n- test mode skips venv/model seeding + verify to avoid host side effects\n- docs/tests updated to match
ISO deploy module now runs `just install` (with a dev fallback to `npm run install`) instead of `npm run install-all`, and docs/tests are updated accordingly.
- Updated firstboot completion messages: Aider and Pi now listed as primary harnesses, Codex as optional
- Added [Unreleased] section to CHANGELOG documenting Aider venv provisioning and harness integration
- Reflects completion of Aider+Pi harness migration across clawdie-ai and clawdie-iso
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add py311-aider_chat to host baseline for the controlplane harness
(Aider + Pi multi-agent orchestrator). Add forgejo package to jail
list for the code service. Bake ZAI_API_BASE into firstboot .env
to fix litellm endpoint mismatch discovered during Aider testing.
---
Build: pass | Tests: not run (Linux)
Ships @anthropic-ai/claude-code, @google/gemini-cli, and
@mariozechner/pi-coding-agent as prebuilt .tgz tarballs on the install
media so the agent runtime has its CLI dependencies on first boot
without network access.
Critical: installs to /home/clawdie/.npm-global to match the
npm_config_prefix set by shell-system.sh in /etc/profile.d/clawdie.sh,
so the clawdie user's PATH (and the agent's commandExists() probes)
actually resolve the binaries.
- scripts/fetch-npm-globals.sh: npm pack the 3 CLIs into tmp/npm-globals/
- firstboot/shell-npm-globals.sh: offline install as clawdie user with
matching prefix, runs between pkg setup and deploy
- build.sh: fetch + bundle into ${SHARE}/npm-globals/
- firstboot.sh: source module and run_step before deploy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ANTHROPIC_API_KEY and CLAUDE_CODE_OAUTH_TOKEN as optional password
fields to both shell wizard and GUI installer. Fields flow through to
.env via shell-env.sh. Document /tmp exemption in AGENTS.md.
Fix 2 critical issues preventing Phase 4 from working on FreeBSD:
1. Path Detection (main.cpp:438-447)
- Detect firstboot.sh location at runtime
- Try /usr/local/share/clawdie-iso/firstboot/firstboot.sh (live ISO)
- Fall back to /home/clawdie/clawdie-iso/firstboot/firstboot.sh (dev)
- Error with helpful message if neither found
- Closes blocker: installer now works on both dev + ISO
2. Progress Tracking (firstboot.sh:49-65, 253-262)
- Add optional _step_num parameter to run_step() function
- Write PROGRESS=N to progress file after each step completes
- Update all 10 step calls with step numbers (1-8)
- Closes blocker: progress bar now moves from 0% to 100%
3. Privilege Escalation (main.cpp:460)
- Add sudo wrapper to firstboot.sh execution
- Prompts for password when needed
- Closes blocker: pkg/sysrc operations now succeed
Files changed:
- main.cpp: +13 lines (path detection + sudo)
- firstboot.sh: +7 lines (progress tracking)
All changes validate:
- C++ compiles clean (2 pre-existing warnings)
- Shell syntax valid (sh -n)
- Binary created: 115 KB
Status: Ready for ISO build + FreeBSD testing
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
- Change default FEATURE_TAILSCALE from NO to YES
- Add build-time warning if TAILSCALE_AUTHKEY not set
- Update firstboot wizard: Tailscale moves to screen 2
- Add summary screen showing Tailscale status
- Update shell-tailscale.sh to handle missing auth key gracefully
- Update BUILD.md with new recommended/optional flow
User experience:
- With auth key: Tailscale auto-connects (secure)
- Without auth key: Warning shown, build continues (public SSH)
- Wizard allows enabling/disabling with clear warnings
No breaking changes - existing builds still work.
