- build.cfg: FREEBSD_VERSION -> ${FREEBSD_VERSION:-15.1-RELEASE}. The memstick
URL, checksum URL, cache path, and build-manifest all derive from it, so the
live-USB build bumps from this one line. The :- form also lets an operator
override at build time (FREEBSD_VERSION=15.2-RELEASE ./build.sh) without
editing git — previously a plain assignment clobbered any env value.
- docs: de-version README/BUILD/REQUIREMENTS + iso-build skill from '15.0' to
'15.x' so they stop drifting on every point release.
Verified: default derives the 15.1 memstick URL (HTTP 200, dated 12.jun.2026);
env override cascades to 15.2. ABI stays FreeBSD:15:amd64 (same major — no
package rebuild needed). build-vps.sh (mfsbsd) and poudriere keep their own
version knobs and are intentionally untouched (ABI-compatible, separate paths).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
All decompress-and-write one-liners now share the same form:
xz -dc ...img.xz | of=/dev/sdX bs=4M status=progress conv=fsync && sync
- sudo removed (operator runs as root on USB stick)
- && sync appended to all image-write commands
- /dev/zero wipe commands unchanged
- build.sh echo updated to match
Stages the publish-time doc bump from 0.10.0 to 0.11.0: artifact filenames and
osa download/verify URLs (FLASHING, README, TESTING, BUILD, iso-publish skill),
the ISO product-version claims (README, BUILD), and enriches the existing
CHANGELOG [0.11.0] entry with this cycle's operator-facing ISO merges
(Join Hive vault provisioning, Tailscale auto-join, Mother MCP link, jq).
Left untouched: --clawdie-version examples (clawdie-ai namespace) and the
[0.10.0] CHANGELOG history. HOLD until the 0.11.0 image is built + hosted —
the download URLs 404 until then.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The one-liner's `output/FreeBSD-*.img` matched nothing — OUTPUT_DIR is
tmp/output, the built image is clawdie-*.img, and the cached memstick lives in
tmp/cache (FreeBSD-*-memstick.img). Replace with `tmp/packages tmp/cache
tmp/output` — clears bundled packages, all caches (incl. work.img + the cached
memstick), and built outputs; all regenerable, all under repo-local tmp/.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Stop fighting FreeBSD's PYTHON_DEFAULT=3.11: make python3 resolve to 3.11
(python312 stays installed and available as python3.12 for anything needing
newer). This also makes Pillow trivial — py311-pillow imports on plain python3,
so the image-render/screenshot skill needs no version gymnastics.
- build.sh: python3/python symlink → 3.11 (prefer python3.11, else lowest).
- pkg-list-live-operator.txt: add py311-pillow.
- clawdie-join-hive.sh: advertise image-render when `python3 -c import PIL`
works, and screenshot when $DISPLAY is set.
- BUILD.md: short note (python3=3.11; python3.12 available; image-render via
py311-pillow).
Validated: sh -n build.sh + join-hive clean; markdown gate clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
FreeBSD pkg repos build against PYTHON_DEFAULT=3.11, so system packages
(git, libinput, npm-node24) pull python311 as transitive deps. We keep
python312 as the application Python — it wins the python3 symlink via
sort -V. Document this in BUILD.md, build.sh, package lists, and
bootstrap.html so the dual-version reality is explicit and intentional.
Add COLIBRI_STAGE_TEST_AGENT with dev/release defaults so validation builds can include colibri-test-agent while production/release operator USB images omit it by default. Keep poudriere guidance test-friendly and document binary roles in BUILD.md.\n\nValidation: sh -n build.sh scripts/stage-colibri-iso.sh live/operator-session/colibri-live-rebuild; ./scripts/check-format.sh; ./scripts/test-release-gate.sh; build.cfg default/override checks.
Standardize the ISO on the agreed Python 3.12 floor (operator + Hermes +
Claude consensus; see layered-soul/docs/TOOLCHAIN.md).
- pkg lists: python311->python312, py311-{pip,aider_chat,pillow}->py312-*
- build.sh: derive the installed python3.N for the python3/python symlink so a
future bump needs only a pkg-list change, never an edit here
- shell-deploy.sh: create the Aider venv with 'python3 -m venv' (resolves via
the symlink) instead of a hardcoded python3.11
- import-clawdie-skills.sh: python3 fallback instead of python3.11
- BUILD.md: doc references
Aider kept (bumped, not dropped): redundant coding tooling is intentional per
the agent matrix.
Pre-merge gate: confirm FreeBSD pkg coverage on osa —
pkg search '^py312-aider_chat' '^py312-pygobject'
(common modules pillow/pip are safe).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Drop the "dirty" terminology in favor of "modified" (same boolean sense:
true = working tree has uncommitted or untracked changes). Pure rename — no
logic change. Safe now: nothing consumes these keys yet (checked colibri too).
- build-manifest.json keys: zot_dirty/colibri_dirty/iso_repo_dirty
→ zot_modified/colibri_modified/iso_repo_modified
- .clawdie-source.json: dirty_at_build → modified_at_build
- iso-publish manifest (write-artifact-manifest.sh): repo_dirty → repo_modified
- gate messages, comments, shell vars, and docs (BUILD/CHANGELOG/ISO-MANIFESTS/
PLAN) reworded.
Checks: sh -n on all three scripts; release-gate smoke test PASS; prettier clean
on changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Decouple the ISO identity from zot and cut the first numbered milestone.
Versioning schema (decided 2026-06-15):
- ISO_VERSION is now an explicit product version (build.cfg: 0.10.0); the
"auto"/zot-tracking path is removed and a build with no version fails fast.
The image no longer borrows zot's number — component versions are provenance.
- build-manifest.json: "iso_version_tracks":"zot" -> "version_scheme":"product",
and add colibri_commit/colibri_dirty (the image stages adjacent colibri
binaries; record which commit produced them — the main reproducibility gap).
Docs/version consistency (from docs to flashing/testing/skill):
- CHANGELOG: new [0.10.0] "Operator Image" milestone (stable XFCE + colibri
service fixes + self-rebuild lane); reword the version model and repo table.
- README/BUILD/FLASHING/TESTING/iso-publish: artifact examples 0.2.29 -> 0.10.0;
version-scheme prose updated to product-version, not zot-tracking.
Stacked on the live-rebuild branch (PR #56); merge after it.
Checks: sh -n build.sh OK; prettier clean on all changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Accept the PR #75 colibri_daemon rc.d contract, write colibri_daemon_cost_mode, and update the live rebuild doc now that /home/clawdie/ai sources are shallow git checkouts.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; scripts/stage-colibri-iso.sh dummy-artifact smoke against Colibri PR #75 rc.d.
Seed live /home/clawdie/ai repos as shallow git checkouts with .git metadata and .clawdie-source.json provenance, remove stale hardcoded ISO version strings, and keep markdown formatting green.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; git diff --check; npx --yes prettier@3 --check BUILD.md README.md live/operator-session/bootstrap.html; ./scripts/check-format.sh; local file:// shallow clone smoke.
Switch ISO staging/docs from colibri-smoke-agent to colibri-test-agent, include rust/pkgconf for live Colibri rebuilds, stage provider.env.sample, wire the provider env rc.conf path, and document LLM key setup on the Firefox bootstrap page.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md live/operator-session/bootstrap.html BUILD.md TESTING.md README.md; sh -n scripts/stage-colibri-iso.sh; sh -n build.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Smaller downloads that Rufus/balenaEtcher/RPi-Imager still read directly (zstd
would break Windows flashers). Switches the image artifact, flashing commands
(xz -dc | dd, xz -t, unxz), publish flow (xz -T0 -c), the artifact-manifest
script, and all skills + docs to .img.xz. Adds a Windows (Rufus/Etcher) flashing
section + README pointer. Source tarballs (clawdie-ai *.tar.gz) unchanged.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
IMAGE_NAME is now clawdie-${codename}-${ISO_VERSION}.img (e.g.
clawdie-quindecim-0.2.29.img), the version tracking zot. Drops desktop/usb/date/
commit from the filename; per-build provenance (date, clawdie-iso commit, zot
commit) lives in build-manifest.json. Removes the now-unused date/commit name
vars. Updates docs + publish-skill globs (clawdie-*) to the new format.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Installs read-only and trusted-write MCP client config examples under /usr/local/share/clawdie-iso/mcp-examples and links them from the bootstrap page.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; python3 -m json.tool MCP examples; git diff --check
Makes colibri-mcp a required Colibri artifact for the live operator USB, copies it into the image, documents the read-only default and explicit trusted COLIBRI_MCP_WRITE profile, and updates ISO build handoff docs.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; git diff --check
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Removes stale Herdr references, reserves service clawdie for deployed disk/server targets, and keeps the live USB on colibri_daemon. Drops the baseline live rc.d/clawdie wrapper so the mounted-image contract matches the docs.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Rewords live display-manager guardrails around SDDM without stale LightDM framing, clarifies qt6/kf6 rows as package dependencies rather than installer direction, and fixes the CHANGELOG trailing EOF blank flagged by diff-check.\n\nChecks: ./scripts/check-format.sh; git diff --check
BREAKING CHANGE: Removes --target and --gpu-driver flags, unified ISO for all use cases
## Phase 0: GPU Fix + Unified ISO
### Core Changes
**GPU Package Installation (FIXES CRITICAL GAP):**
- Add clawdie_shell_nvidia_install() function to shell-nvidia.sh
- NVIDIA drivers now installed after detection (previously only configured)
- Works offline (USB packages) or online (pkg install)
- Resolves issue where rc.conf was set but driver not installed
**Unified ISO Architecture:**
- Remove --target flag from build.sh (no more vps/baremetal branching)
- Remove --gpu-driver flag from build.sh (runtime detection instead)
- All packages included on every ISO (desktop + all GPU drivers)
- Single image works on VPS, baremetal, and cloud
**Runtime Detection:**
- Add shell-desktop.sh for display detection at firstboot
- VPS/cloud: no display → lightdm disabled (headless)
- Baremetal: display detected → lightdm enabled (Lumina desktop)
- GPU detection always runs, installs correct driver version
**Sudo Unification:**
- Replace all doas references with sudo across entire codebase
- Update AGENTS.md with system configuration guidelines
- Update all documentation (BUILD.md, README.md, REQUIREMENTS.md, etc.)
- Admin panel now uses sudo for privileged operations
### Files Modified
**Core System:**
- build.sh: Remove target/gpu-driver logic, unified package selection
- firstboot/firstboot.sh: Add desktop detection module
- firstboot/shell-nvidia.sh: Add package installation function (+33 lines)
**New Files:**
- firstboot/shell-desktop.sh: Display detection and desktop enablement
- packages/pkg-list-nvidia-all.txt: All three NVIDIA driver versions (390/470/590)
- .opencode/plans/phase0-gpu-fix-unified-iso.md: Implementation plan
**Documentation:**
- PLAN-UNIFY.md: Update Step 3 for unified approach
- REQUIREMENTS.md: Simplify (no target choice), update for sudo
- BUILD.md: Update for unified ISO, sudo commands
- README.md: Update installation instructions
- AGENTS.md: Add system configuration section (sudo standardization)
- ADMIN-PANEL.md: Update privileged operations to use sudo
- CLAWDIE-SHELL.md: Update example commands to sudo
- CLAWDIE-ISO-REFACTORED.md: Update access paths to sudo
- REFACTOR-SUMMARY.md: Update permissions section to sudo
### Benefits
**Simplicity:**
- One build command: ./build.sh (no flags needed)
- One ISO to test and maintain
- No wrong choices for users
- No documentation explaining target differences
**Flexibility:**
- VPS can use GUI via VNC (wayvnc always available)
- Baremetal can run headless (disable lightdm)
- Repurpose hardware without reinstall
- All GPU drivers available for any hardware
**Technical:**
- Fixes critical GPU driver installation gap
- Runtime detection replaces build-time decisions
- Disk overhead: ~650MB (1-2% of 50GB - acceptable)
- No runtime overhead on VPS (services disabled by detection)
### Testing Required
- [ ] Build unified ISO: ./build.sh
- [ ] Test on VPS (no display): lightdm disabled, packages installed
- [ ] Test on baremetal (display): lightdm enabled, Lumina boots
- [ ] Test on NVIDIA hardware: driver installed and loaded
- [ ] Test sudo commands work without password prompts
- [ ] Verify all doas references removed
- Change default FEATURE_TAILSCALE from NO to YES
- Add build-time warning if TAILSCALE_AUTHKEY not set
- Update firstboot wizard: Tailscale moves to screen 2
- Add summary screen showing Tailscale status
- Update shell-tailscale.sh to handle missing auth key gracefully
- Update BUILD.md with new recommended/optional flow
User experience:
- With auth key: Tailscale auto-connects (secure)
- Without auth key: Warning shown, build continues (public SSH)
- Wizard allows enabling/disabling with clear warnings
No breaking changes - existing builds still work.
firstboot.sh:
- Set SHELL_{GPU,NVIDIA,PKG,ENV,DEPLOY}_TEST=1 before sourcing modules
(prevents double-execution on source — same bug fixed in integration-test)
- Add --resume: run_step() skips steps already recorded in progress file
- Add --reset: clears progress file, starts over from scratch
- Add --help
- Wizard tracked as checkpoint so --resume skips re-prompting the user
- run_step() helper: guard → run → mark done in one call
scripts/bhyve-test.sh (was tmp/bhyve-test-setup.sh):
- Moved to tracked scripts/ directory (tmp/ is gitignored)
- Timeout 300→1800s (full install is 20–25 min, not 5)
scripts/run-bhyve-test.sh (was tmp/run-bhyve-test.sh):
- Moved to scripts/, log output redirected to logs/ (also gitignored)
BUILD.md, TESTING.md, IMPLEMENTATION-PLAN.md:
- Update all bhyve script references to scripts/bhyve-test.sh
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
integration-test.sh still sourced old clawdie-shell-*.sh names after
the rename in 66484dc. BUILD.md and TESTING.md referenced /tmp/ (system)
instead of ./tmp/ (repo-local) for bhyve-test-setup.sh. Add /tmp/ to
.gitignore.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Create packages/pkg-list-lumina.txt with Lumina desktop environment packages
- Delete pkg-list-xfce.txt, pkg-list-mate.txt, pkg-list-kde.txt
- Remove desktop-installer from pkg-list-desktop-base.txt
- build.cfg: DEFAULT_DESKTOP=lumina (sole supported DE)
- build.sh: use pkg-list-lumina.txt instead of pkg-list-xfce.txt
- BUILD.md: update DEFAULT_DESKTOP comment
- CLAWDIE-ISO.md: add deprecation notice, update all DE references to Lumina only
Lumina is the sole supported FreeBSD-native desktop environment as per
LUMINA-INTEGRATION.md and CLAWDIE-ISO-REFACTORED.md specifications.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
