- shell-system.sh (runs last, step 6): rewrite .profile with agent launcher,
full .bashrc with sudo() shell function that fire-and-forget snapshots
zroot@cli-<ts> before mdo -u root. PATH, prompt, history, aliases (ll/la/lt).
Agent fallback for non-login shells via ~/.ssh-agent-env.
- shell-ssh.sh (step 4): strip to ~/.ssh/config only. Agent/profile/tmux
seeding moved to shell-system.sh so it is not overwritten.
- AGENTS.md: document sudo→mdo decision with rationale table (ISO size,
audit surface, single privilege path, ZFS rollback safety).
- Tier 1: seed ~/.profile with eval $(ssh-agent -s) launcher (FreeBSD,
no systemd). AddKeysToAgent alone does not start an agent; without a
launcher headless/SSH-in shells still get "Could not open connection".
- Tier 3: drop set-option -g update-environment from tmux.conf seed.
tmux default already includes SSH_AUTH_SOCK + DISPLAY/XAUTHORITY.
set -g replaces the entire list, breaking X11 GUI apps on XFCE.
- Remove .graphifyignore per project policy (graph artifacts not
committed, tool not integrated into ISO repo).
shell-ssh.sh now seeds ~/.ssh/config (AddKeysToAgent yes) and
~/.tmux.conf (SSH_AUTH_SOCK persistence) after SSH key install.
Idempotent — appends to existing configs if already present.
Fixes agent-dead-after-tmux-restart for every fresh Clawdie install.
Pass 1 + Pass 2 panel polish is on main and build-ready (XML valid, build.sh install paths + Whisker icon verified). Baton passes from the Claude/Linux config lane to the FreeBSD build host (osa) for an ISO rebuild + a boot on the AMD/ASUS box to check the verification items. No domedog config work remains.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Consolidates the operator-USB work into main now that the AMD ASUS hardware-evidence collection is closed and Codex is parked. Brings the live-session hardware lane (XInput/libinput touchpad guard, internal audio + resolver bootstrap, hw-report with gated public upload, operator-USB branding) and the config-only XFCE panel polish (Pass 1 + Pass 2: branded Whisker PNG, xkb text mode, panel 40px, systray square-icons).
Conflict: doc/LLM-PROVIDER-HARNESS.md was evolved on both sides. Resolved as a union with no content lost — the xfce-side harness/provider/fabric restructure is the base, and main's two unique blocks (Verifying Key Cleanup flow, the 2D Platform x Harness matrix + populate/add procedures) are preserved. The doc owner may later dedupe the overlap between the two 1D matrices and the 2D matrix.
Verification debt stays explicit and open (not closed by this merge): XFCE visual-polish confirmation and the next rebuilt-image hardware retest, per doc/XFCE-PANEL-BUGS-HANDOFF.md and PLAN-OPERATOR-USB-NEXT.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Use packages/npm-globals.txt as the source of truth for offline npm CLI tarballs, update Pi to 0.75.5, and keep Claude Code out of the XFCE USB path.
---
Build: not run — ISO build not requested
Tests: pass — sh -n fetch-npm-globals and shell-npm-globals; pinned npm pack smoke passed
- TESTING.md: expected output banner now matches updated integration-test.sh
- shell-env.sh: EMBED_BASE_URL defaults to empty when no OpenRouter key exists, letting config.ts resolve dynamically at runtime instead of baking localhost:8080 into .env
- shell-pf.sh: BRIDGE is now always warden0 (matches jail-config.ts and AGENTS.md)
- CompletePage.qml: token text now says will be generated after first boot
- NETWORKING.md: updated to reflect warden0 fix
Collect optional SSH public key and Tailscale auth key in the live installer, keep the controlplane loopback-bound by default, allow SSH over tailscale0, and rotate the post-install setup token into /var/db/clawdie-installer/setup-token with MOTD guidance for SSH tunnel access.
This slice is install-mode only; upgrade runs do not mint a new setup token.
Build: pass
Tests: pass — sh -n + QML build + config-format + mocked setup-token writer dry-run
Real-disk / bhyve install: NOT YET TESTED
Live GUI installs now write runtime handoff files under /var/run/clawdie-installer, invoke bsdinstall script through a dedicated commit helper, persist the installed handoff for first HDD boot, and point the operator at /setup after reboot.
The live autologin user is restricted to a narrow sudoers rule for the commit helper and reboot only.
Build: pass
Tests: pass — sh -n + QML build + config-format + stubbed live-commit dry-run
Real-disk / bhyve install: NOT YET TESTED
