Rename the fetch-skip flags to a consistent, descriptive scheme:
--skip-fetch skip BOTH fetches (packages + memstick) — assemble from cache
--skip-fetch-pkg skip only the package + Clawdie-AI fetch (new granular)
--skip-fetch-memstick skip only the FreeBSD memstick fetch (was --skip-memstick-fetch)
Internals split SKIP_FETCH into SKIP_PKG_FETCH + SKIP_MEMSTICK_FETCH; the umbrella
--skip-fetch sets both. The memstick step collapses to a clean skip-or-fetch (the
old three-branch form only existed to couple the pkg-skip flag to memstick reuse,
which the split removes). No legacy alias kept — the flag names state the current
way directly.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie-iso half of the .secured interlock:
- build.sh writes colibri_daemon_require_secured="YES" to the operator image's
rc.conf. Opt-in so DEPLOYED colibri hosts (shared colibri_daemon.in via the
FreeBSD port, no firstboot gate) are unaffected — they never set this knob.
- gate skip message upgraded to 'agent will NOT start or register until secured'.
Depends on the colibri-side consumer (colibri_daemon.in prestart): when
colibri_daemon_require_secured is YES and /var/db/colibri/.secured is absent,
export COLIBRI_AUTOSPAWN=NO (after the provider.env source block). Tracked as the
colibri follow-up; both must ship in the same 0.12 image for the message to hold.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds clawdie_firstboot_rootpw, an rc.d gate ordered BEFORE sddm and
colibri_daemon. On the text console (operator present at first boot) it runs a
15s countdown to engage; if engaged it forces a root AND operator (clawdie)
password, echo-off, applied via 'pw usermod -h 0' over stdin (secret never in
argv/ps, never near the agent). Idempotent via a persistent success marker
/var/db/colibri/.secured (/var persists: varmfs=NO). Skipping leaves the node
open and re-prompts next boot — never bricks an unattended/headless boot.
Running before the daemon means the security decision is always made before any
agent can autospawn/node_register, so no cross-component interlock is needed
(rc ordering replaces it). The .secured marker is also the signal a future
colibri change can read to label an unsecured node to mother.
Tests: tests/firstboot-rootpw-test.sh proves marker skip, password validation,
and that the secret is delivered on stdin and NEVER appears in argv (10/10).
Console interactivity (read -t countdown, stty echo-off on /dev/console) must be
verified by booting on osa/bhyve before merge.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds seed/ directory with:
- AGENTS.md: zot operational rules (mother, verbs, capabilities)
- harness.toml: harness="zot", model="deepseek-v4-pro"
- env.placeholder: template for API key injection
build.sh seed population step reads provider keys from the build host's
/usr/local/etc/colibri/provider.env and writes them to the seed partition's
env file. Also installs AGENTS.md, harness.toml, and the layered-soul backup.
Keys are NEVER committed — only placeholders. Real keys are injected at build
time from the build host's provider.env (DEEPSEEK_API_KEY, OPENROUTER_API_KEY).
The preflight checkout hint defaulted to v0.2.42 while the FreeBSD
build-lane handoff still named v0.2.29. Pin both to the current latest
zot tag (v0.2.47) so every reference the FreeBSD agent follows agrees,
and a release build targets one fixed agent version.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Three blockers fixed from review of fix/ootb-mother-mcp:
1. Real Tailscale IP removed from image/repo.
- external-mcp.json uses "mother" host alias (resolved by SSH config).
- Key path: /var/db/colibri/.ssh/mother-mcp (daemon user home).
- The real IP lives only on the offline seed (ssh/config), never in
the repo or the shipped image.
2. Cross-user key access fixed.
- The daemon runs as colibri (home /var/db/colibri), not clawdie.
- Seed importer now installs SSH material to both clawdie AND
colibri homes (same seed material, same key, separate ~/.ssh).
- build.sh dev convenience also copies to both homes.
- clawdie-live-seed.README.txt already documents the seed layout.
3. Doc fully de-obfuscated.
- All m0th3r/c0l1br1/n0d3_r3g1st3r → mother/colibri/node_register.
- All real IPs → <mother-tailscale-ip> placeholder.
- Removed Step 2 (manual external MCP) + Step 3 (register) — both
are now baked into the ISO.
- Removed trailing "colibri-mcp" remote command from examples
(hardened wrapper rejects non-allowlisted commands).
The image shipped a hard pin (@earendil-works/pi-coding-agent@0.78.0) while
'pi upgrade' on hosts had moved to 0.80.2, so builds lagged. Switch Pi to the
@latest dist-tag so every image bundles the newest Pi.
To keep the floating spec traceable, record the version that actually got
fetched in build-manifest.json as pi_version, derived from the bundled tarball
name (earendil-works-pi-coding-agent-<version>.tgz) after fetch+install.
fetch-npm-globals.sh now also echoes the resolved tarball so the build log
shows the version a dist-tag resolved to.
Other globals (bw) stay pinned. Image is node24, compatible with current Pi
(the legacy-node20 dist-tag is for node20 only).
Verified: fetch resolves @latest → 0.80.2; version extraction matches npm.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Copy Astro landing page source into docs/website/ (20K, no node_modules)
- Add ISO version badge to LandingBody.astro (only shown when
ASTRO_ISO_VERSION is set during build)
- Add build_and_stage_docs() to build.sh: builds the Astro site with
the ISO version, stages output at /usr/local/share/clawdie-iso/docs/
- Skips gracefully when node/npm unavailable
- On the booted USB: open docs/index.html to see version-matched docs
- Stage hermes-bsd as shallow clone in /home/clawdie/ai/ (next to colibri/zot)
- Switch default harness from pi to zot (COLIBRI_PI_BINARY=zot)
- Add TELEGRAM_BOT_TOKEN placeholder to provider.env and sample
- Removes stale zot-rpc-driver blocker comment (colibri#143 resolved)
pkg lock prevents pkg upgrade from replacing the repacked
networkmgr (mdo-based) with upstream (sudo-dependent).
Run inside the chroot while devfs is still mounted.
Places uBlock Origin XPI in Firefox's distribution/extensions
directory during ISO build. Also sets DontCheckDefaultBrowser via
policies.json — Firefox is the only browser on the USB so the
popup is pointless.
Firefox auto-installs the extension on first launch with no
internet required on the booted USB.
All decompress-and-write one-liners now share the same form:
xz -dc ...img.xz | of=/dev/sdX bs=4M status=progress conv=fsync && sync
- sudo removed (operator runs as root on USB stick)
- && sync appended to all image-write commands
- /dev/zero wipe commands unchanged
- build.sh echo updated to match
The image-assembly guard (build/mother-ssh-key, #113) refuses to copy the
mother key into a release image, but only after a full build run. Add the
same check to check_release_gate so a BUILD_CHANNEL=release build with the
key present on the host aborts in seconds, not after fetch/build/assemble.
The assembly-time guard stays as defense in depth.
(BUILD_CHANNEL already defaults to dev in build.cfg:17, so no change needed
there.)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The trigger copies osa-mother-2026 from the build host into any ISO
as long as the key file exists (which it does permanently on OSA).
A BUILD_CHANNEL=release build would embed the private key into a
publicly hosted image = mother compromise.
Add a fail-closed guard: release builds exit with an error before
copying the key. Dev builds (including personalized sticks) are
unaffected.
Copies /home/clawdie/.ssh/osa-mother-2026 (ed25519) from the build
host into the ISO at /home/clawdie/.ssh/osa-mother-2026 (0600).
Public key is in mother's authorized_keys. Lets the live USB node
SSH straight into the mother server without manual key exchange.
Skipped silently if the key file doesn't exist on the build host.
clawdie-ai (TypeScript) is being phased out in favor of the colibri
(Rust) control plane. Remove its shallow git checkout from
/home/clawdie/ai/ on the ISO. The build manifest still records
clawdie-ai provenance; skills import and release gate checks are
unaffected — this only drops the source snapshot.
Also update the ai/README.txt to note the phase-out.
Bumps the zot agent tag the image ships, consistently across build.cfg,
the preflight hint (build.sh), the staging hint (stage-zot-iso.sh), and the
live-rebuild doc. Continues work started by Codex (chore/zot-0.2.42-pin).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Workstream C of the next ISO rebuild.
C1 — Auto-spawn lit up out of the box:
provider.env now ships COLIBRI_AUTOSPAWN_PI="YES", so colibri#137 fires on
the booted image once a DeepSeek key is present (pulled by Join Hive, A).
C2 — External MCP registry staged:
/usr/local/etc/colibri/external-mcp.json shipped as {"servers":{}} at the
path colibri-mcp reads by default. Empty = mother off by default.
C3 — Opt-in "Enable Mother Link" (clawdie-enable-mother + desktop entry):
Direction is "our Pi calls mother's tools" — colibri-mcp dials OUT to mother
over SSH-stdio and proxies mother's tools to the Pi via its external-call
path. The toggle:
- provisions an SSH identity for the colibri service account
(/var/db/colibri/.ssh — the daemon and its Pi run as `colibri`),
- writes the mother entry into external-mcp.json (ssh -i <key> ... mother),
- upserts COLIBRI_MCP_EXTERNAL_CALL=1 into provider.env,
- restarts the daemon and prints colibri's pubkey to authorize on mother.
provider.env.sample documents the new toggles. sh -n clean on all scripts;
the empty default and the emitted mother entry validate as JSON and match the
ExternalMcpRegistry {servers:{command,args,env}} shape.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
PR #92 wired the ISO to the shared clawdie-npm-profile.sh but hardcoded
${SCRIPT_DIR}/../colibri and had no existence guard. Every other colibri
consumer in build.sh resolves through resolve_colibri_paths (default
/home/clawdie/ai/colibri, honoring COLIBRI_REPO), so the hardcoded path
diverged from the real build-host layout and ignored the override; a
missing file let cat fail silently into a half-written snippet.
Now: resolve via resolve_colibri_paths and preflight the file with a
clear error pointing at COLIBRI_REPO, matching preflight_colibri_artifacts.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Completes colibri#122. The ISO now installs the canonical
clawdie-npm-profile.sh from colibri (same file agent-jail-bootstrap
uses). The ISO-specific clawdie.sh sources it rather than
duplicating the npm PATH + npm config lines.
Stop fighting FreeBSD's PYTHON_DEFAULT=3.11: make python3 resolve to 3.11
(python312 stays installed and available as python3.12 for anything needing
newer). This also makes Pillow trivial — py311-pillow imports on plain python3,
so the image-render/screenshot skill needs no version gymnastics.
- build.sh: python3/python symlink → 3.11 (prefer python3.11, else lowest).
- pkg-list-live-operator.txt: add py311-pillow.
- clawdie-join-hive.sh: advertise image-render when `python3 -c import PIL`
works, and screenshot when $DISPLAY is set.
- BUILD.md: short note (python3=3.11; python3.12 available; image-render via
py311-pillow).
Validated: sh -n build.sh + join-hive clean; markdown gate clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
FreeBSD pkg repos build against PYTHON_DEFAULT=3.11, so system packages
(git, libinput, npm-node24) pull python311 as transitive deps. We keep
python312 as the application Python — it wins the python3 symlink via
sort -V. Document this in BUILD.md, build.sh, package lists, and
bootstrap.html so the dual-version reality is explicit and intentional.
Add COLIBRI_STAGE_TEST_AGENT with dev/release defaults so validation builds can include colibri-test-agent while production/release operator USB images omit it by default. Keep poudriere guidance test-friendly and document binary roles in BUILD.md.\n\nValidation: sh -n build.sh scripts/stage-colibri-iso.sh live/operator-session/colibri-live-rebuild; ./scripts/check-format.sh; ./scripts/test-release-gate.sh; build.cfg default/override checks.
The canonical Colibri FreeBSD port lives in the colibri repo
(packaging/freebsd/port/sysutils/colibri), kept with the code it builds and
guarded by a CARGO_CRATES drift check in colibri CI. The copy here was a
divergent duplicate (wrong LICENSE=MIT vs AGPLv3, CARGO_BUILD=no skeleton that
could not build, different binary set) that the drift check could not protect.
- delete ports/sysutils/colibri/ (no longer maintained here)
- build.sh release gate: fail if ports/sysutils/colibri/ reappears, pointing at
the canonical location — keeps the cleanup structural, not just one-time
- docs/POUDRIERE-BUILD-SERVER.md + scripts/poudriere/README.md: state colibri
owns the port, copy it into the ports tree, this repo keeps no duplicate
Validation: build.sh sh -n clean; release-gate self-test passes; guard fires on
a reintroduced dir; markdown gate clean. Nothing references the deleted path.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Two parallel, additive paths so a host gets its secrets out of the box;
the manual setup wizard stays the floor (no config = no-op).
clawdie-vault-fetch (new): language-neutral bw bridge. Reads a 0600
~/.config/vault-bootstrap.env, pulls keys from the agent-secrets
collection (item name = env var name, value in password field, so no jq),
prints KEY=VALUE or --write-env upserts 0600. Exit codes distinguish
skip (3, no bootstrap) / broken (1) / no bw (4). Pinned
@bitwarden/cli@2026.5.0 for offline bundling; staged in
configure_live_operator_session.
clawdie-live-seed: extend the CLAWDIESEED FAT32 importer from the
authorized_keys allowlist to a per-agent directory convention —
/<agent>/ with env (merged 0600), harness.toml (pi|zot|local), soul/
(staged), ssh/authorized_keys. Live USB single-agent (first dir = active);
extra dirs staged + flagged for deployed multi-agent. Optional
consume-and-shred. Import core is unit-testable via CLAWDIE_SEED_TEST.
README rewritten to document the per-agent contract and the operator
decision to allow plaintext secrets on the seed (seeded sticks are
secret-bearing media; 0600 landing + shred mitigations).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Standardize the ISO on the agreed Python 3.12 floor (operator + Hermes +
Claude consensus; see layered-soul/docs/TOOLCHAIN.md).
- pkg lists: python311->python312, py311-{pip,aider_chat,pillow}->py312-*
- build.sh: derive the installed python3.N for the python3/python symlink so a
future bump needs only a pkg-list change, never an edit here
- shell-deploy.sh: create the Aider venv with 'python3 -m venv' (resolves via
the symlink) instead of a hardcoded python3.11
- import-clawdie-skills.sh: python3 fallback instead of python3.11
- BUILD.md: doc references
Aider kept (bumped, not dropped): redundant coding tooling is intentional per
the agent matrix.
Pre-merge gate: confirm FreeBSD pkg coverage on osa —
pkg search '^py312-aider_chat' '^py312-pygobject'
(common modules pillow/pip are safe).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Use zot's Makefile VERSION hook in release/live rebuild instructions and preflight hints so the staged binary reports 0.2.29 instead of the local-build 0.0.0 default.\n\nChecks: sh -n build.sh; sh -n scripts/stage-zot-iso.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; stage-zot-iso dummy-artifact smoke; VERSION=0.2.29 make build in zot produced 'zot 0.2.29'.
Drop the "dirty" terminology in favor of "modified" (same boolean sense:
true = working tree has uncommitted or untracked changes). Pure rename — no
logic change. Safe now: nothing consumes these keys yet (checked colibri too).
- build-manifest.json keys: zot_dirty/colibri_dirty/iso_repo_dirty
→ zot_modified/colibri_modified/iso_repo_modified
- .clawdie-source.json: dirty_at_build → modified_at_build
- iso-publish manifest (write-artifact-manifest.sh): repo_dirty → repo_modified
- gate messages, comments, shell vars, and docs (BUILD/CHANGELOG/ISO-MANIFESTS/
PLAN) reworded.
Checks: sh -n on all three scripts; release-gate smoke test PASS; prettier clean
on changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Codex's release gate (96fc1d3) had the right idea but two issues that the
verified gates (sh -n / prettier / git diff) structurally could not catch,
because none exercise the BUILD_CHANNEL=release path:
1. Blocker: check_release_gate was *called* at line ~105 but *defined* (and its
resolve_* dependencies defined) far below. In POSIX sh that's a call before
definition — with `set -e`, a release build aborted at exit 127
("check_release_gate: not found") before the gate ran. Moved the invocation
into the preflight section, after all helpers are defined.
2. Unsatisfiable + asymmetric: the gate required clawdie-ai to be on a vX.Y.Z
tag, but clawdie-ai has no v-tag and is being pruned — so release was
impossible. Replaced with reproducibility-by-record: every staged source
(clawdie-iso, clawdie-ai, colibri, zot) must be a clean, committed tree; the
manifest's recorded commits then fully describe the artifact. A recorded SHA
is as pinned as a tag. Dropped the tag requirement.
Also:
- "clean" now uses `git status --porcelain`, so untracked files (which a
diff-only check misses but which still change the build) fail the gate.
- Factored the repeated resolve+dirty boilerplate into assert_clean_repo.
- New scripts/test-release-gate.sh smoke test: asserts the porcelain semantics
and that the gate is invoked after its definition (guards the exit-127
regression). A 5-line test that the three "verified gates" could not provide.
Checks: sh -n build.sh; sh -n + run scripts/test-release-gate.sh (PASS);
git diff --check.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Decouple the ISO identity from zot and cut the first numbered milestone.
Versioning schema (decided 2026-06-15):
- ISO_VERSION is now an explicit product version (build.cfg: 0.10.0); the
"auto"/zot-tracking path is removed and a build with no version fails fast.
The image no longer borrows zot's number — component versions are provenance.
- build-manifest.json: "iso_version_tracks":"zot" -> "version_scheme":"product",
and add colibri_commit/colibri_dirty (the image stages adjacent colibri
binaries; record which commit produced them — the main reproducibility gap).
Docs/version consistency (from docs to flashing/testing/skill):
- CHANGELOG: new [0.10.0] "Operator Image" milestone (stable XFCE + colibri
service fixes + self-rebuild lane); reword the version model and repo table.
- README/BUILD/FLASHING/TESTING/iso-publish: artifact examples 0.2.29 -> 0.10.0;
version-scheme prose updated to product-version, not zot-tracking.
Stacked on the live-rebuild branch (PR #56); merge after it.
Checks: sh -n build.sh OK; prettier clean on all changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Accept the PR #75 colibri_daemon rc.d contract, write colibri_daemon_cost_mode, and update the live rebuild doc now that /home/clawdie/ai sources are shallow git checkouts.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; scripts/stage-colibri-iso.sh dummy-artifact smoke against Colibri PR #75 rc.d.
Seed live /home/clawdie/ai repos as shallow git checkouts with .git metadata and .clawdie-source.json provenance, remove stale hardcoded ISO version strings, and keep markdown formatting green.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; git diff --check; npx --yes prettier@3 --check BUILD.md README.md live/operator-session/bootstrap.html; ./scripts/check-format.sh; local file:// shallow clone smoke.
Round 1 of the pre-final-build polish (Linux-safe, no FreeBSD runtime claims):
- Live rebuild lane now spans the whole agent stack, not just Colibri:
- add `go` to pkg-list-live-operator.txt (builds zot on the booted USB)
- seed the zot source snapshot at /home/clawdie/ai/zot via
seed_live_ai_source_repo (skipped automatically if the checkout is absent)
- docs/LIVE-COLIBRI-REBUILD.md: add the `go build` rebuild steps for zot and
list `go` under required live packages
- CHANGELOG: reconcile the stale Repository Status table to the current
zot (agent) + Colibri (control plane) architecture — pi demoted to spawnable
backend, clawdie-ai being pruned, clawdie-shell archived — and record that the
image version tracks the zot release (git describe), no invented ISO number.
Deferred to Round 2 (FreeBSD-validated): staging the `clawdie` binary and wiring
disk-install to run `clawdie apply` for the deployed-system service. That path
provisions ZFS + an rc.d service on the target and cannot be validated from
Linux, so it goes through the FreeBSD handoff rather than shipping unproven.
Checks: sh -n build.sh OK; prettier clean on changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Switch ISO staging/docs from colibri-smoke-agent to colibri-test-agent, include rust/pkgconf for live Colibri rebuilds, stage provider.env.sample, wire the provider env rc.conf path, and document LLM key setup on the Firefox bootstrap page.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md live/operator-session/bootstrap.html BUILD.md TESTING.md README.md; sh -n scripts/stage-colibri-iso.sh; sh -n build.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Go (builds the zot agent) and Rust (builds the Colibri release binaries) are
required on the build host to produce the binaries build.sh stages, but were
undocumented. Add them to REQUIREMENTS.md (build-host only, not the image), and
make the binary-missing preflights note when the matching toolchain (go/cargo)
isn't installed so that case surfaces up front instead of later.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
IMAGE_NAME is now clawdie-${codename}-${ISO_VERSION}.img (e.g.
clawdie-quindecim-0.2.29.img), the version tracking zot. Drops desktop/usb/date/
commit from the filename; per-build provenance (date, clawdie-iso commit, zot
commit) lives in build-manifest.json. Removes the now-unused date/commit name
vars. Updates docs + publish-skill globs (clawdie-*) to the new format.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Drop the hand-maintained ISO_VERSION=0.1.0. Default ISO_VERSION=auto resolves at
build time from the zot checkout (git describe --tags), falling back to the pinned
ZOT_VERSION, and strips the leading v (v0.2.29 -> 0.2.29). Records zot_version +
zot_commit in build-manifest.json; the banner shows which zot it tracks. Set
ISO_VERSION=x.y.z to override.
Also drops the stale 'independent from Clawdie-AI runtime version' comment — the
version's only anchor is zot now.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Installs read-only and trusted-write MCP client config examples under /usr/local/share/clawdie-iso/mcp-examples and links them from the bootstrap page.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; python3 -m json.tool MCP examples; git diff --check
Makes colibri-mcp a required Colibri artifact for the live operator USB, copies it into the image, documents the read-only default and explicit trusted COLIBRI_MCP_WRITE profile, and updates ISO build handoff docs.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; git diff --check
The agent (a static Go binary) was a separately-named opt-in stage gated by
FEATURE_ZOT=NO, so baseline builds shipped colibri without its agent. It is
really a component of colibri, not its own product surface — so name and stage
it under the colibri umbrella.
- build.cfg: remove FEATURE_ZOT; add internal COLIBRI_STAGE_AGENT (default YES,
undocumented escape hatch for daemon-only debug builds). Keep ZOT_REPO/
ZOT_VERSION as internal staging inputs (they point at the real agent repo+tag).
- build.sh: preflight + install now gate on FEATURE_COLIBRI (and the hidden
COLIBRI_STAGE_AGENT), banner folds the agent into the Colibri line, messages
use colibri-agent naming.
- README: agent harness presented under the colibri control plane; pi retained
as a spawnable agent backend rather than the default harness.
Behavior change for the builder: with FEATURE_COLIBRI=YES (default) the agent
now stages on baseline builds, so preflight FAILS if the agent binary is not
prebuilt in $ZOT_REPO/bin. Build it first (GOOS=freebsd go build -o bin/zot
./cmd/zot) or pass COLIBRI_STAGE_AGENT=NO for a daemon-only image.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
