FreeBSD pkg repos build against PYTHON_DEFAULT=3.11, so system packages
(git, libinput, npm-node24) pull python311 as transitive deps. We keep
python312 as the application Python — it wins the python3 symlink via
sort -V. Document this in BUILD.md, build.sh, package lists, and
bootstrap.html so the dual-version reality is explicit and intentional.
Add COLIBRI_STAGE_TEST_AGENT with dev/release defaults so validation builds can include colibri-test-agent while production/release operator USB images omit it by default. Keep poudriere guidance test-friendly and document binary roles in BUILD.md.\n\nValidation: sh -n build.sh scripts/stage-colibri-iso.sh live/operator-session/colibri-live-rebuild; ./scripts/check-format.sh; ./scripts/test-release-gate.sh; build.cfg default/override checks.
Concise, release-specific handoff for codex/osa: repo state at unified 0.11.0
(commits + tags), the release-channel build command, the release-gate clean-tree
requirement (iso/colibri/clawdie-ai/zot), and the two caveats for this build —
colibri ships as raw FreeBSD binaries (poudriere/Phase 4 deferred until
mother-build) and CI is dormant (validate via local gates, not forge checks).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add an agent-jail section to pkg-list-jails.txt mirroring Colibri agent-jail-bootstrap.sh, include python312, and use npm-node24 instead of generic npm. This satisfies issue #70 acceptance and resolves the npm package-name drift in favor of the node24-tied package.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh; git diff --check
Match the colibri relicense (AGPL-3.0 -> MIT, same as layered-soul) in the
build-server doc's port key-facts.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- build.cfg: ISO_VERSION 0.10.0 -> 0.11.0; reword the version note — clawdie-iso
and colibri now share one unified Clawdie release version (zot/clawdie-ai stay
provenance in build-manifest.json).
- CHANGELOG: [0.11.0] entry (date in EU format DD.mon.YYYY per AGENTS rule)
covering the versioning unify, operator-session hardening, poudriere
build-server scripts, and the duplicate-port retirement.
colibri Cargo.toml + port DISTVERSION bump to 0.11.0 lands in the colibri repo
(separate branch). Tags held until both bumps merge.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The canonical Colibri FreeBSD port lives in the colibri repo
(packaging/freebsd/port/sysutils/colibri), kept with the code it builds and
guarded by a CARGO_CRATES drift check in colibri CI. The copy here was a
divergent duplicate (wrong LICENSE=MIT vs AGPLv3, CARGO_BUILD=no skeleton that
could not build, different binary set) that the drift check could not protect.
- delete ports/sysutils/colibri/ (no longer maintained here)
- build.sh release gate: fail if ports/sysutils/colibri/ reappears, pointing at
the canonical location — keeps the cleanup structural, not just one-time
- docs/POUDRIERE-BUILD-SERVER.md + scripts/poudriere/README.md: state colibri
owns the port, copy it into the ports tree, this repo keeps no duplicate
Validation: build.sh sh -n clean; release-gate self-test passes; guard fires on
a reintroduced dir; markdown gate clean. Nothing references the deleted path.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Replace GH_ACCOUNT+GH_PROJECT with MASTER_SITES pointing at
code.smilepowered.org/clawdie/colibri/archive/
- Fix distinfo to match Forgejo archive naming (v0.0.1.tar.gz)
clawdie_live_power is a one-shot boot script that applies the power_profile
C-state policy once (FreeBSD's power_profile is nostart and otherwise only
runs on a devd AC-line transition). Comment-only clarification — no behavior
change:
- Move the PROVIDE/REQUIRE/BEFORE/KEYWORD rcorder block to the top (convention;
rcorder scans the whole file, so behavior is identical).
- Document scope explicitly: this selects a CPU C-state/freq profile ONLY —
never suspend/sleep/blank/DPMS (screen-blank is the separate no-blank stack).
- Record the wake-safety invariant: both AC (0x01) and battery (0x00) branches
are safe because rc.conf pins performance_cx_lowest AND economy_cx_lowest to
C3, so neither can select a deeper C-state that breaks USB resume. Guard-rail
for future editors: do not deepen on the live USB.
sh -n clean; rcorder tags intact.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The inline Makefile example claimed LICENSE=MIT (wrong — colibri is
AGPL-3.0-only) and duplicated what now lives canonically in
colibri/packaging/freebsd/port/. Replace the snippet with a pointer + the
corrected key facts (license, binaries shipped, generated files).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Turns the manual Phase 2–3 runbook (docs/POUDRIERE-BUILD-SERVER.md) into
repeatable, idempotent steps for the mother-build host — the package half of
the trusted supply chain (layered-soul HIVE-ONBOARDING §10).
- poudriere-setup.sh: verify-then-act setup. Validates root, FreeBSD version
format, pkg/openssl, and that the ZFS pool exists BEFORE acting; then installs
poudriere, generates the repo signing key (0400), writes poudriere.conf (only
if absent), and creates the build jail + ports tree. Re-running skips anything
already present.
- poudriere-build.sh: validates jail, ports tree, and each origin (category/name
+ Makefile present) before `poudriere bulk`; repo is signed automatically via
PKG_REPO_SIGNING_KEY.
- clawdie-repo.conf.in: client repo template (signature_type pubkey) + the
first-party-only priority note.
- README.md: the three-step flow and conventions.
Style matches live/operator-session/hw-report: POSIX sh, set -u, fixed PATH,
strict arg parsing, minimal checks (only what is acted upon). Host provisioning
(ZFS/base/network) stays in the runbook — these assume a FreeBSD host with a
pool. sh -n clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Build installs /usr/local/bin/clawdie-join-hive (no .sh).
Desktop Exec had the .sh suffix — launcher would fail silently.
One-character fix: drop .sh from Exec line.
Stage a non-secret /usr/local/etc/colibri/provider.env with the Clawdie Vaultwarden endpoint so operators only add BW bootstrap credentials. Also teach clawdie-vault-fetch to honor BW_SERVER and fail closed if an existing bw login points at a different server.\n\nChecks: sh -n live/operator-session/clawdie-vault-fetch scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; COLIBRI_REPO=/home/clawdie/ai/colibri scripts/stage-colibri-iso.sh <tmp>
bw config server refuses with 'Logout required before server config update'
when the CLI is already authenticated. The helper treated that as fatal
(exit 1), which broke every repeat run on an already-logged-in host — exactly
the 'refresh .env from vault' case the helper exists for.
The bw login block already tolerates 'already logged in'; mirror that for
bw config: capture stderr/stdout and tolerate 'logout required' /
'already configured' / 'already set', failing only on a real error.
Verified on domedog: fixed helper runs cleanly from the logged-in state
(previously exited 1 at the config step).
Checks: sh -n; git diff --check; ./scripts/check-format.sh (prettier clean).
Co-Authored-By: Hermes & Sam <hello@clawdie.si>
Address the 5 review concerns on the secrets-out-of-the-box feature:
1. Seed↔fetch path alignment: _seed_split_env routes BW_* creds out of .env
into ~/.config/vault-bootstrap.env (SEED_VAULT_BOOTSTRAP_REL), the path
clawdie-vault-fetch actually reads — so 'seed bootstrap → fetch out of
the box' now lines up without an explicit --bootstrap arg.
2. Drop unused COLLECTION_ID from clawdie-vault-fetch. Items are fetched by
name via 'bw get password', which is fail-closed on ambiguity; document
that item names must be unique in the visible vault.
3. Agent dir validation: _seed_agent_name_ok rejects leading-dot dirs
(.Spotlight-V100, .fseventsd) and traversal; _seed_agent_has_payload
requires a recognized payload so an empty/stray dir can't become active.
4. No phantom homes: extra agent dirs stage under /var/db/clawdie/seed/<agent>
only — _seed_stage_agent never writes a home or SSH keys.
5. Bootstrap file mode enforcement: clawdie-vault-fetch now stat-checks the
bootstrap file and refuses group/world-readable unless
VAULT_ALLOW_INSECURE_BOOTSTRAP is set.
Also renames _seed_import_env → _seed_merge_env + _seed_split_env and adds
_seed_key_ok to guard env var names.
Checks: sh -n on vault-fetch/live-seed/build.sh; git diff --check;
./scripts/check-format.sh (prettier clean); 5 concerns verified present.
Co-Authored-By: Hermes & Sam <hello@clawdie.si>
Two parallel, additive paths so a host gets its secrets out of the box;
the manual setup wizard stays the floor (no config = no-op).
clawdie-vault-fetch (new): language-neutral bw bridge. Reads a 0600
~/.config/vault-bootstrap.env, pulls keys from the agent-secrets
collection (item name = env var name, value in password field, so no jq),
prints KEY=VALUE or --write-env upserts 0600. Exit codes distinguish
skip (3, no bootstrap) / broken (1) / no bw (4). Pinned
@bitwarden/cli@2026.5.0 for offline bundling; staged in
configure_live_operator_session.
clawdie-live-seed: extend the CLAWDIESEED FAT32 importer from the
authorized_keys allowlist to a per-agent directory convention —
/<agent>/ with env (merged 0600), harness.toml (pi|zot|local), soul/
(staged), ssh/authorized_keys. Live USB single-agent (first dir = active);
extra dirs staged + flagged for deployed multi-agent. Optional
consume-and-shred. Import core is unit-testable via CLAWDIE_SEED_TEST.
README rewritten to document the per-agent contract and the operator
decision to allow plaintext secrets on the seed (seeded sticks are
secret-bearing media; 0600 landing + shred mitigations).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Standardize the ISO on the agreed Python 3.12 floor (operator + Hermes +
Claude consensus; see layered-soul/docs/TOOLCHAIN.md).
- pkg lists: python311->python312, py311-{pip,aider_chat,pillow}->py312-*
- build.sh: derive the installed python3.N for the python3/python symlink so a
future bump needs only a pkg-list change, never an edit here
- shell-deploy.sh: create the Aider venv with 'python3 -m venv' (resolves via
the symlink) instead of a hardcoded python3.11
- import-clawdie-skills.sh: python3 fallback instead of python3.11
- BUILD.md: doc references
Aider kept (bumped, not dropped): redundant coding tooling is intentional per
the agent matrix.
Pre-merge gate: confirm FreeBSD pkg coverage on osa —
pkg search '^py312-aider_chat' '^py312-pygobject'
(common modules pillow/pip are safe).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace stale colibri-smoke-agent references with colibri-test-agent, mark colibri-tui optional/desirable, update image-name comments, and avoid smoke wording in current build handoff docs.\n\nChecks: sh -n build.sh; sh -n scripts/test-release-gate.sh; ./scripts/check-format.sh; git diff --check.
Use zot's Makefile VERSION hook in release/live rebuild instructions and preflight hints so the staged binary reports 0.2.29 instead of the local-build 0.0.0 default.\n\nChecks: sh -n build.sh; sh -n scripts/stage-zot-iso.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; stage-zot-iso dummy-artifact smoke; VERSION=0.2.29 make build in zot produced 'zot 0.2.29'.
