Turns the manual Phase 2–3 runbook (docs/POUDRIERE-BUILD-SERVER.md) into
repeatable, idempotent steps for the mother-build host — the package half of
the trusted supply chain (layered-soul HIVE-ONBOARDING §10).
- poudriere-setup.sh: verify-then-act setup. Validates root, FreeBSD version
format, pkg/openssl, and that the ZFS pool exists BEFORE acting; then installs
poudriere, generates the repo signing key (0400), writes poudriere.conf (only
if absent), and creates the build jail + ports tree. Re-running skips anything
already present.
- poudriere-build.sh: validates jail, ports tree, and each origin (category/name
+ Makefile present) before `poudriere bulk`; repo is signed automatically via
PKG_REPO_SIGNING_KEY.
- clawdie-repo.conf.in: client repo template (signature_type pubkey) + the
first-party-only priority note.
- README.md: the three-step flow and conventions.
Style matches live/operator-session/hw-report: POSIX sh, set -u, fixed PATH,
strict arg parsing, minimal checks (only what is acted upon). Host provisioning
(ZFS/base/network) stays in the runbook — these assume a FreeBSD host with a
pool. sh -n clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Stage a non-secret /usr/local/etc/colibri/provider.env with the Clawdie Vaultwarden endpoint so operators only add BW bootstrap credentials. Also teach clawdie-vault-fetch to honor BW_SERVER and fail closed if an existing bw login points at a different server.\n\nChecks: sh -n live/operator-session/clawdie-vault-fetch scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; COLIBRI_REPO=/home/clawdie/ai/colibri scripts/stage-colibri-iso.sh <tmp>
Standardize the ISO on the agreed Python 3.12 floor (operator + Hermes +
Claude consensus; see layered-soul/docs/TOOLCHAIN.md).
- pkg lists: python311->python312, py311-{pip,aider_chat,pillow}->py312-*
- build.sh: derive the installed python3.N for the python3/python symlink so a
future bump needs only a pkg-list change, never an edit here
- shell-deploy.sh: create the Aider venv with 'python3 -m venv' (resolves via
the symlink) instead of a hardcoded python3.11
- import-clawdie-skills.sh: python3 fallback instead of python3.11
- BUILD.md: doc references
Aider kept (bumped, not dropped): redundant coding tooling is intentional per
the agent matrix.
Pre-merge gate: confirm FreeBSD pkg coverage on osa —
pkg search '^py312-aider_chat' '^py312-pygobject'
(common modules pillow/pip are safe).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace stale colibri-smoke-agent references with colibri-test-agent, mark colibri-tui optional/desirable, update image-name comments, and avoid smoke wording in current build handoff docs.\n\nChecks: sh -n build.sh; sh -n scripts/test-release-gate.sh; ./scripts/check-format.sh; git diff --check.
Use zot's Makefile VERSION hook in release/live rebuild instructions and preflight hints so the staged binary reports 0.2.29 instead of the local-build 0.0.0 default.\n\nChecks: sh -n build.sh; sh -n scripts/stage-zot-iso.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; stage-zot-iso dummy-artifact smoke; VERSION=0.2.29 make build in zot produced 'zot 0.2.29'.
Drop the "dirty" terminology in favor of "modified" (same boolean sense:
true = working tree has uncommitted or untracked changes). Pure rename — no
logic change. Safe now: nothing consumes these keys yet (checked colibri too).
- build-manifest.json keys: zot_dirty/colibri_dirty/iso_repo_dirty
→ zot_modified/colibri_modified/iso_repo_modified
- .clawdie-source.json: dirty_at_build → modified_at_build
- iso-publish manifest (write-artifact-manifest.sh): repo_dirty → repo_modified
- gate messages, comments, shell vars, and docs (BUILD/CHANGELOG/ISO-MANIFESTS/
PLAN) reworded.
Checks: sh -n on all three scripts; release-gate smoke test PASS; prettier clean
on changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Codex's release gate (96fc1d3) had the right idea but two issues that the
verified gates (sh -n / prettier / git diff) structurally could not catch,
because none exercise the BUILD_CHANNEL=release path:
1. Blocker: check_release_gate was *called* at line ~105 but *defined* (and its
resolve_* dependencies defined) far below. In POSIX sh that's a call before
definition — with `set -e`, a release build aborted at exit 127
("check_release_gate: not found") before the gate ran. Moved the invocation
into the preflight section, after all helpers are defined.
2. Unsatisfiable + asymmetric: the gate required clawdie-ai to be on a vX.Y.Z
tag, but clawdie-ai has no v-tag and is being pruned — so release was
impossible. Replaced with reproducibility-by-record: every staged source
(clawdie-iso, clawdie-ai, colibri, zot) must be a clean, committed tree; the
manifest's recorded commits then fully describe the artifact. A recorded SHA
is as pinned as a tag. Dropped the tag requirement.
Also:
- "clean" now uses `git status --porcelain`, so untracked files (which a
diff-only check misses but which still change the build) fail the gate.
- Factored the repeated resolve+dirty boilerplate into assert_clean_repo.
- New scripts/test-release-gate.sh smoke test: asserts the porcelain semantics
and that the gate is invoked after its definition (guards the exit-127
regression). A 5-line test that the three "verified gates" could not provide.
Checks: sh -n build.sh; sh -n + run scripts/test-release-gate.sh (PASS);
git diff --check.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Accept the PR #75 colibri_daemon rc.d contract, write colibri_daemon_cost_mode, and update the live rebuild doc now that /home/clawdie/ai sources are shallow git checkouts.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; scripts/stage-colibri-iso.sh dummy-artifact smoke against Colibri PR #75 rc.d.
Switch ISO staging/docs from colibri-smoke-agent to colibri-test-agent, include rust/pkgconf for live Colibri rebuilds, stage provider.env.sample, wire the provider env rc.conf path, and document LLM key setup on the Firefox bootstrap page.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md live/operator-session/bootstrap.html BUILD.md TESTING.md README.md; sh -n scripts/stage-colibri-iso.sh; sh -n build.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Keep staging validation focused on the current rc.d contract and avoid legacy variable references in the live rebuild lane branch.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Remove historical fix-it wording from the live rebuild runbook and make ISO staging validate the corrected Colibri rc.d contract directly instead of rewriting older variants.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md; sh -n scripts/stage-colibri-iso.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Keep ISO staging compatible with Colibri rc.d sources that already use colibri_daemon_binary and include pid/socket chmods. This lets the source rc.d file be copied directly for live USB repair while preserving compatibility with older Colibri sources.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake staging against old and corrected Colibri rc sources; sh -n staged rc.d scripts; git diff --check.
Replace fragile BSD sed append usage with awk when adding poststart chmods to the staged colibri_daemon rc.d script. The previous sed form appended the socket chmod after every line, corrupting the live USB service script.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake COLIBRI_ARTIFACT_DIR staging; sh -n staged usr/local/etc/rc.d/colibri_daemon; git diff --check.
Smaller downloads that Rufus/balenaEtcher/RPi-Imager still read directly (zstd
would break Windows flashers). Switches the image artifact, flashing commands
(xz -dc | dd, xz -t, unxz), publish flow (xz -T0 -c), the artifact-manifest
script, and all skills + docs to .img.xz. Adds a Windows (Rufus/Etcher) flashing
section + README pointer. Source tarballs (clawdie-ai *.tar.gz) unchanged.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Makes colibri-mcp a required Colibri artifact for the live operator USB, copies it into the image, documents the read-only default and explicit trusted COLIBRI_MCP_WRITE profile, and updates ISO build handoff docs.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; git diff --check
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Removes stale Herdr references, reserves service clawdie for deployed disk/server targets, and keeps the live USB on colibri_daemon. Drops the baseline live rc.d/clawdie wrapper so the mounted-image contract matches the docs.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
First concrete step of the zot consolidation (colibri ADR). Opt-in FEATURE_ZOT
(default NO; Pi stays default during migration).
- build.cfg: FEATURE_ZOT, ZOT_VERSION (pinned v0.2.29), ZOT_REPO,
ZOT_ARTIFACT_DIR, ZOT_DEEPSEEK_KEY (optional bake).
- scripts/stage-zot-iso.sh: install the prebuilt zot binary -> /usr/local/bin/zot;
populate the operator's $ZOT_HOME (~/.local/state/zot) with auth.json
({"deepseek":{"api_key":...}}, 0600) when a key is given, else an
auth.json.sample template + README (telegram via `zot telegram-bot setup`).
- build.sh: status line, resolve_zot_paths, preflight_zot_artifacts (errors with
the GOOS=freebsd go-build hint — zot has no FreeBSD release), install_zot_agent
(+ chown operator state), wired into preflight + install sequences.
zot is built on the FreeBSD host from the pinned tag:
(cd $ZOT_REPO && git checkout v0.2.29 && GOOS=freebsd GOARCH=amd64 \
go build -trimpath -o bin/zot ./cmd/zot)
sh -n clean; staging smoke-tested (binary staged, auth.json 0600 valid).
Credentials use zot's own resolution (--api-key -> env -> auth.json), replacing
baked-into-binary keys. Default build unchanged (FEATURE_ZOT=NO).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
User-facing timestamps in run-bhyve-test.sh used the ambiguous numeric form
%Y-%m-%d. Switch to European display (date +%d.%b.%Y %H:%M:%S). Log filename
keeps sortable ISO 8601 basic (machine artifact, per the rule's internal-storage
exemption).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
bhyve-test.sh captures the guest serial console; this adds a QA gate over that
log so the harness can be used as a build gate (appliance runbook §3):
- CRITICAL (gate the exit): no kernel panic, no reboot loop, boot reached
login/sddm, and no "permission denied" (regression guard for the colibri
socket EACCES we just fixed).
- INFO (best-effort console markers): colibri socket ready, no store-open panic,
clawdie-live-gpu ran.
- Prints the deeper in-guest checklist (socket mode, glasspane query, GPU
branch) that lives in guest logs, not the console.
Exit is non-zero if the boot harness failed OR any critical assert failed.
Also pass-through args to bhyve-test.sh (ISO path / --name).
sh -n clean; gate logic unit-tested (clean boot → pass/exit0; panic+EACCES+no-login
→ fail). INFO/CRITICAL patterns should be confirmed against a real boot console
on first run.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Use packages/npm-globals.txt as the source of truth for offline npm CLI tarballs, update Pi to 0.75.5, and keep Claude Code out of the XFCE USB path.
---
Build: not run — ISO build not requested
Tests: pass — sh -n fetch-npm-globals and shell-npm-globals; pinned npm pack smoke passed
Ships @anthropic-ai/claude-code, @google/gemini-cli, and
@mariozechner/pi-coding-agent as prebuilt .tgz tarballs on the install
media so the agent runtime has its CLI dependencies on first boot
without network access.
Critical: installs to /home/clawdie/.npm-global to match the
npm_config_prefix set by shell-system.sh in /etc/profile.d/clawdie.sh,
so the clawdie user's PATH (and the agent's commandExists() probes)
actually resolve the binaries.
- scripts/fetch-npm-globals.sh: npm pack the 3 CLIs into tmp/npm-globals/
- firstboot/shell-npm-globals.sh: offline install as clawdie user with
matching prefix, runs between pkg setup and deploy
- build.sh: fetch + bundle into ${SHARE}/npm-globals/
- firstboot.sh: source module and run_step before deploy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves bhyve VMs off warden0 (jail bridge) to avoid ARP/routing conflicts
with running agent jails. Auto-picks unused tap interface, adds PF NAT
idempotently, cleans up tap on exit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- build.sh: force LC_TIME=C so date +%b always outputs "Mar" not "Mar."
Prevents double-dot filenames (e.g. 30.mar..2026.img) on sl_SI locale
- bhyve-test.sh: auto-detect newest baremetal .img or accept path as $1
Removes hardcoded filename that breaks after each new build
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wraps build.sh, captures stdout+stderr with tee, generates a styled
HTML page matching the site's dark theme (DM Mono terminal block,
status badge, duration). Publishes two copies:
- /docs/iso-build-log.html (always latest)
- /docs/iso-build-YYYY-MM-DD.html (dated archive permalink)
Usage: sudo ./scripts/build-and-log.sh [build.sh args...]
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
firstboot.sh:
- Set SHELL_{GPU,NVIDIA,PKG,ENV,DEPLOY}_TEST=1 before sourcing modules
(prevents double-execution on source — same bug fixed in integration-test)
- Add --resume: run_step() skips steps already recorded in progress file
- Add --reset: clears progress file, starts over from scratch
- Add --help
- Wizard tracked as checkpoint so --resume skips re-prompting the user
- run_step() helper: guard → run → mark done in one call
scripts/bhyve-test.sh (was tmp/bhyve-test-setup.sh):
- Moved to tracked scripts/ directory (tmp/ is gitignored)
- Timeout 300→1800s (full install is 20–25 min, not 5)
scripts/run-bhyve-test.sh (was tmp/run-bhyve-test.sh):
- Moved to scripts/, log output redirected to logs/ (also gitignored)
BUILD.md, TESTING.md, IMPLEMENTATION-PLAN.md:
- Update all bhyve script references to scripts/bhyve-test.sh
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1. Determine memstick partition layout: /dev/\${MD}s2a (UFS)
2. Implement payload injection in build.sh steps 5-6
3. Create scripts/publish.sh to copy ISO to CMS nginx /downloads/
4. Fix --fetch-only to not require root (use temp pkg config)
All 4 quickstart tasks now unblocked. Next: test in bhyve VM.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
