- shell-system.sh: exit → return in sourced module (would kill firstboot)
- maintenance-mode.sh: replace bash += with POSIX concat, fix subshell
scope in pipe-to-while-read (vdev_status/failed_disks were always
empty), quote all $POOL_NAME and $disk expansions
- build-vps.sh: portable _sed_i() wrapper for FreeBSD/Linux
- firstboot.sh: set -eu; set USB_PKG_PATH to SHARE/packages so offline
package repo works after HDD boot (was defaulting to /mnt/media)
- firstboot-vps.sh: remove plaintext password log, check loader.efi
exists before EFI copy
Integration test: PASS (7/7 modules)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
shell-deploy.sh now branches on CLAWDIE_BOOT_MODE:
- install: existing fresh path (extract tarball, seed .env, install-all)
- upgrade: extract to staging dir, run skills-engine applyUpdate()
for three-way merge preserving customizations, restore existing
.env, then install-all for db migrations. Falls back to overwrite
+ migrateExisting() if no .nanoclaw/ present.
Overwrite fallback preserves data/, store/, logs/, groups/,
.nanoclaw/, node_modules/ across the upgrade.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrite vps/firstboot-vps.sh as phase-1 only: partition disk,
create ZFS pool "clawdie", install FreeBSD base, inject firstboot
payload, install bootloader, reboot. On first HDD boot the standard
firstboot.sh modular pipeline runs (zfs detect, wizard, gpu, pkg,
ssh, env, system, tailscale, deploy).
Pre-baked clawdie.conf values get written to build.cfg with
TARGET=cloud so the wizard is skipped. Pool named "clawdie"
(not zroot) for pool detection compatibility.
Remove duplicate clawdie-vps-setup.sh.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New shell-zfs.sh module: detects existing clawdie pool, presents
boot mode menu (install/upgrade/maintenance/shell). Runs as first
step in firstboot.sh before wizard. Upgrade mode loads existing
.env and skips wizard. Maintenance mode exec's to maintenance-mode.sh.
Also: fix POSIX herestrings in maintenance-mode.sh, fix paren
mismatch in snapshot age calc, add nda (NVMe) to disk detection
patterns across all ZFS scripts for FreeBSD 15.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add .nanoclaw/ and bootstrap artifact checks to shell-deploy.sh
post-install verification. Complements the new skills-init step
added to clawdie-ai's install pipeline.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Moves bhyve VMs off warden0 (jail bridge) to avoid ARP/routing conflicts
with running agent jails. Auto-picks unused tap interface, adds PF NAT
idempotently, cleans up tap on exit.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
build.cfg now uses ${VAR:-} pattern so env vars take precedence,
enabling cloud builds with arbitrary agent config via environment.
build.sh step 6 now injects all new fields (AGENT_GENDER,
PI_TUI_PROVIDER, PI_TUI_MODEL, API keys, Telegram, embeddings)
into the baked build.cfg inside the image.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- build.sh: force LC_TIME=C so date +%b always outputs "Mar" not "Mar."
Prevents double-dot filenames (e.g. 30.mar..2026.img) on sl_SI locale
- bhyve-test.sh: auto-detect newest baremetal .img or accept path as $1
Removes hardcoded filename that breaks after each new build
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wraps build.sh, captures stdout+stderr with tee, generates a styled
HTML page matching the site's dark theme (DM Mono terminal block,
status badge, duration). Publishes two copies:
- /docs/iso-build-log.html (always latest)
- /docs/iso-build-YYYY-MM-DD.html (dated archive permalink)
Usage: sudo ./scripts/build-and-log.sh [build.sh args...]
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
firstboot.sh:
- Set SHELL_{GPU,NVIDIA,PKG,ENV,DEPLOY}_TEST=1 before sourcing modules
(prevents double-execution on source — same bug fixed in integration-test)
- Add --resume: run_step() skips steps already recorded in progress file
- Add --reset: clears progress file, starts over from scratch
- Add --help
- Wizard tracked as checkpoint so --resume skips re-prompting the user
- run_step() helper: guard → run → mark done in one call
scripts/bhyve-test.sh (was tmp/bhyve-test-setup.sh):
- Moved to tracked scripts/ directory (tmp/ is gitignored)
- Timeout 300→1800s (full install is 20–25 min, not 5)
scripts/run-bhyve-test.sh (was tmp/run-bhyve-test.sh):
- Moved to scripts/, log output redirected to logs/ (also gitignored)
BUILD.md, TESTING.md, IMPLEMENTATION-PLAN.md:
- Update all bhyve script references to scripts/bhyve-test.sh
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each shell module guards auto-run with SHELL_*_TEST env vars but the
integration test wasn't setting them, causing every module to execute
twice (once on source, once on explicit call).
Fixes:
- Set SHELL_{ENV,PKG,GPU,NVIDIA,SYSTEM,DEPLOY}_TEST=1 before sourcing
- Mock CLAWDIE_TARBALL with a real tar.gz of the pre-populated test dir
so the deploy module can extract + verify without needing the ISO
- Redirect shell-system stdout+stderr to /dev/null (service enables
write "does not exist" to stdout on a headless host)
All 6 modules now execute exactly once, cleanly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
integration-test.sh still sourced old clawdie-shell-*.sh names after
the rename in 66484dc. BUILD.md and TESTING.md referenced /tmp/ (system)
instead of ./tmp/ (repo-local) for bhyve-test-setup.sh. Add /tmp/ to
.gitignore.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Create packages/pkg-list-lumina.txt with Lumina desktop environment packages
- Delete pkg-list-xfce.txt, pkg-list-mate.txt, pkg-list-kde.txt
- Remove desktop-installer from pkg-list-desktop-base.txt
- build.cfg: DEFAULT_DESKTOP=lumina (sole supported DE)
- build.sh: use pkg-list-lumina.txt instead of pkg-list-xfce.txt
- BUILD.md: update DEFAULT_DESKTOP comment
- CLAWDIE-ISO.md: add deprecation notice, update all DE references to Lumina only
Lumina is the sole supported FreeBSD-native desktop environment as per
LUMINA-INTEGRATION.md and CLAWDIE-ISO-REFACTORED.md specifications.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add welcome screen with experimental build disclaimer
- Add SSH public key input field to baremetal wizard
- Export SSH_PUBLIC_KEY to environment
- Call clawdie_shell_ssh_setup in module sequence (after pkg, before env)
Wizard now collects: name, domain, timezone, SSH key
Users can optionally provide SSH key to enable passwordless auth.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Create new shell-ssh.sh module for SSH key installation and password setup
* Install SSH public keys to authorized_keys (root + clawdie)
* Configure sshd: disable password auth if key provided, enable if not
* Set system user passwords (auto-generate or use provided)
* Save emergency root password to root/.firstboot-emergency-password
- Restore shell-system.sh (was accidentally overwritten during rename)
Enables secure SSH-key-first access with password fallback.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add --ssh-key flag for providing SSH public key at build time
- Add --root-password and --clawdie-password flags for custom system passwords
- Update build.cfg with SSH_PUBLIC_KEY, ROOT_PASSWORD, CLAWDIE_USER_PASSWORD
- Bake all security-related vars into ISO for firstboot access
Enables secure passwordless SSH auth and custom password provisioning.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Rename all modules: clawdie-shell-{func}.sh → shell-{func}.sh
- Update references in firstboot.sh and installerconfig
- Update self-detection case statements in each module
- Reduces naming redundancy and improves clarity
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Remove individual chmod for legacy gpu-detect.sh (no longer called)
- Replace with loop glob over clawdie-shell-*.sh pattern
- Ensures all present and future shell modules are executable
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Remove hardcoded USB_MOUNT_POINT=/mnt/media
- Remove USB_PKG_PATH based on mount point
- Add SHARE (default: /usr/local/share/clawdie-iso)
- Add USB_PACKAGES (default: \${SHARE}/packages)
- Update all references to use SHARE-relative paths:
* clawdie_shell_pkg_write_clawdie_usb_conf()
* clawdie_shell_pkg_seed_cache()
Path now resolves at install time from actual ISO payload location,
not a hardcoded mount point that may not exist.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add early return for cloud deployments before any GPU detection logic.
Cloud VMs have no real GPU hardware, so skip pciconf detection entirely.
Mark [GPU] COMPLETE in progress file and return cleanly.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add deploy target configuration and cloud pre-bake variables.
Cloud builds accept these via CLI flags; baremetal leaves them blank
for interactive collection via bsddialog wizard.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add early check in clawdie_shell_nvidia_detect(): if GPU_DRIVER is pre-baked as
nvidia-590, nvidia-470, or nvidia-390, extract version number and set
NVIDIA_DRIVER_VERSION env var for unattended mode.
Logic:
- Case match GPU_DRIVER (nvidia-590|nvidia-470|nvidia-390)
- Set DETECTED_GPU=nvidia and NVIDIA_DRIVER_VERSION to extracted version (e.g., "470")
- Existing clawdie_shell_nvidia_select_version() already bypasses bsddialog when
NVIDIA_DRIVER_VERSION is set (L71-74)
Benefit: Automates NVIDIA driver version selection when pre-baked at build time,
eliminating the interactive bsddialog menu in firstboot. Combined with GPU
pre-bake logic, enables fully unattended firstboot for GPU-specific ISO variants.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add early check in clawdie_shell_gpu_detect(): if GPU_DRIVER is pre-baked
(set via build.cfg at ISO build time), skip live pciconf detection and proceed
directly to kld_list configuration.
Logic:
- Check if GPU_DRIVER env var is non-empty
- Map GPU_DRIVER to kld modules (intel→i915kms, amd→amdgpu, nvidia-*→nvidia-modeset nvidia)
- Write kld_list to rc.conf (idempotent)
- Mark GPU detection complete; return early
Benefit: Eliminates variable hardware detection at firstboot. rc.d/kld reads
kld_list from rc.conf early in boot (REQUIRE: NETWORKING), before
clawdie-firstboot service runs (REQUIRE: NETWORKING LOGIN), so driver is live
when Lumina starts. Guarantees ONE reboot instead of risking TWO.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Major changes enable 6 GPU-specific ISO variants with pre-baked driver configuration:
1. Argument parsing: Add --gpu-driver flag with validation (intel|amd|nvidia-{590,470,390}|vesa)
2. IMAGE_NAME: Add GPU suffix to output filename:
- clawdie-iso-intel-24.mar.2026.img (with --gpu-driver intel)
- clawdie-iso-24.mar.2026.img (without flag, auto-detect)
3. pkg_list_all(): Conditional GPU package selection based on GPU_DRIVER
4. Payload baking (Step 6): Append GPU_DRIVER to build.cfg on ISO so firstboot
can skip live pciconf detection—driver is pre-baked in kld_list at boot time
5. Fix IMAGE_SIZE usage: Replace hardcoded 25G with "${IMAGE_SIZE}" variable
Result: Firstboot reads GPU_DRIVER from build.cfg, writes kld_list to rc.conf,
and rc.d/kld loads driver early in boot (REQUIRE: NETWORKING) before clawdie-firstboot
service runs—guaranteeing ONE reboot instead of risking TWO.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
