Decouple the ISO identity from zot and cut the first numbered milestone.
Versioning schema (decided 2026-06-15):
- ISO_VERSION is now an explicit product version (build.cfg: 0.10.0); the
"auto"/zot-tracking path is removed and a build with no version fails fast.
The image no longer borrows zot's number — component versions are provenance.
- build-manifest.json: "iso_version_tracks":"zot" -> "version_scheme":"product",
and add colibri_commit/colibri_dirty (the image stages adjacent colibri
binaries; record which commit produced them — the main reproducibility gap).
Docs/version consistency (from docs to flashing/testing/skill):
- CHANGELOG: new [0.10.0] "Operator Image" milestone (stable XFCE + colibri
service fixes + self-rebuild lane); reword the version model and repo table.
- README/BUILD/FLASHING/TESTING/iso-publish: artifact examples 0.2.29 -> 0.10.0;
version-scheme prose updated to product-version, not zot-tracking.
Stacked on the live-rebuild branch (PR #56); merge after it.
Checks: sh -n build.sh OK; prettier clean on all changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Accept the PR #75 colibri_daemon rc.d contract, write colibri_daemon_cost_mode, and update the live rebuild doc now that /home/clawdie/ai sources are shallow git checkouts.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; scripts/stage-colibri-iso.sh dummy-artifact smoke against Colibri PR #75 rc.d.
Seed live /home/clawdie/ai repos as shallow git checkouts with .git metadata and .clawdie-source.json provenance, remove stale hardcoded ISO version strings, and keep markdown formatting green.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; git diff --check; npx --yes prettier@3 --check BUILD.md README.md live/operator-session/bootstrap.html; ./scripts/check-format.sh; local file:// shallow clone smoke.
Round 1 of the pre-final-build polish (Linux-safe, no FreeBSD runtime claims):
- Live rebuild lane now spans the whole agent stack, not just Colibri:
- add `go` to pkg-list-live-operator.txt (builds zot on the booted USB)
- seed the zot source snapshot at /home/clawdie/ai/zot via
seed_live_ai_source_repo (skipped automatically if the checkout is absent)
- docs/LIVE-COLIBRI-REBUILD.md: add the `go build` rebuild steps for zot and
list `go` under required live packages
- CHANGELOG: reconcile the stale Repository Status table to the current
zot (agent) + Colibri (control plane) architecture — pi demoted to spawnable
backend, clawdie-ai being pruned, clawdie-shell archived — and record that the
image version tracks the zot release (git describe), no invented ISO number.
Deferred to Round 2 (FreeBSD-validated): staging the `clawdie` binary and wiring
disk-install to run `clawdie apply` for the deployed-system service. That path
provisions ZFS + an rc.d service on the target and cannot be validated from
Linux, so it goes through the FreeBSD handoff rather than shipping unproven.
Checks: sh -n build.sh OK; prettier clean on changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Seed live /home/clawdie/ai repos as shallow git checkouts with .git metadata and .clawdie-source.json provenance, remove stale hardcoded ISO version strings, and keep markdown formatting green.\n\nChecks: sh -n build.sh; sh -n scripts/stage-colibri-iso.sh; git diff --check; npx --yes prettier@3 --check BUILD.md README.md live/operator-session/bootstrap.html; ./scripts/check-format.sh; local file:// shallow clone smoke.
Switch ISO staging/docs from colibri-smoke-agent to colibri-test-agent, include rust/pkgconf for live Colibri rebuilds, stage provider.env.sample, wire the provider env rc.conf path, and document LLM key setup on the Firefox bootstrap page.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md live/operator-session/bootstrap.html BUILD.md TESTING.md README.md; sh -n scripts/stage-colibri-iso.sh; sh -n build.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Keep staging validation focused on the current rc.d contract and avoid legacy variable references in the live rebuild lane branch.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Remove historical fix-it wording from the live rebuild runbook and make ISO staging validate the corrected Colibri rc.d contract directly instead of rewriting older variants.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md; sh -n scripts/stage-colibri-iso.sh; fake Colibri staging + sh -n staged rc.d script; git diff --check.
Document how a running live USB can clone, build, install, and validate Colibri without a full ISO rebuild, plus the future helper-script shape.\n\nChecks: npx --yes prettier@3 --check docs/LIVE-COLIBRI-REBUILD.md; git diff --check. Note: ./scripts/check-format.sh still reports existing PLAN-OPERATOR-USB-NEXT.md formatting drift outside this change.
Keep ISO staging compatible with Colibri rc.d sources that already use colibri_daemon_binary and include pid/socket chmods. This lets the source rc.d file be copied directly for live USB repair while preserving compatibility with older Colibri sources.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake staging against old and corrected Colibri rc sources; sh -n staged rc.d scripts; git diff --check.
Replace fragile BSD sed append usage with awk when adding poststart chmods to the staged colibri_daemon rc.d script. The previous sed form appended the socket chmod after every line, corrupting the live USB service script.\n\nChecks: sh -n scripts/stage-colibri-iso.sh; fake COLIBRI_ARTIFACT_DIR staging; sh -n staged usr/local/etc/rc.d/colibri_daemon; git diff --check.
Go (builds the zot agent) and Rust (builds the Colibri release binaries) are
required on the build host to produce the binaries build.sh stages, but were
undocumented. Add them to REQUIREMENTS.md (build-host only, not the image), and
make the binary-missing preflights note when the matching toolchain (go/cargo)
isn't installed so that case surfaces up front instead of later.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Smaller downloads that Rufus/balenaEtcher/RPi-Imager still read directly (zstd
would break Windows flashers). Switches the image artifact, flashing commands
(xz -dc | dd, xz -t, unxz), publish flow (xz -T0 -c), the artifact-manifest
script, and all skills + docs to .img.xz. Adds a Windows (Rufus/Etcher) flashing
section + README pointer. Source tarballs (clawdie-ai *.tar.gz) unchanged.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
IMAGE_NAME is now clawdie-${codename}-${ISO_VERSION}.img (e.g.
clawdie-quindecim-0.2.29.img), the version tracking zot. Drops desktop/usb/date/
commit from the filename; per-build provenance (date, clawdie-iso commit, zot
commit) lives in build-manifest.json. Removes the now-unused date/commit name
vars. Updates docs + publish-skill globs (clawdie-*) to the new format.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Drop the hand-maintained ISO_VERSION=0.1.0. Default ISO_VERSION=auto resolves at
build time from the zot checkout (git describe --tags), falling back to the pinned
ZOT_VERSION, and strips the leading v (v0.2.29 -> 0.2.29). Records zot_version +
zot_commit in build-manifest.json; the banner shows which zot it tracks. Set
ISO_VERSION=x.y.z to override.
Also drops the stale 'independent from Clawdie-AI runtime version' comment — the
version's only anchor is zot now.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Installs read-only and trusted-write MCP client config examples under /usr/local/share/clawdie-iso/mcp-examples and links them from the bootstrap page.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; python3 -m json.tool MCP examples; git diff --check
Makes colibri-mcp a required Colibri artifact for the live operator USB, copies it into the image, documents the read-only default and explicit trusted COLIBRI_MCP_WRITE profile, and updates ISO build handoff docs.\n\nChecks: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh; git diff --check
The agent (a static Go binary) was a separately-named opt-in stage gated by
FEATURE_ZOT=NO, so baseline builds shipped colibri without its agent. It is
really a component of colibri, not its own product surface — so name and stage
it under the colibri umbrella.
- build.cfg: remove FEATURE_ZOT; add internal COLIBRI_STAGE_AGENT (default YES,
undocumented escape hatch for daemon-only debug builds). Keep ZOT_REPO/
ZOT_VERSION as internal staging inputs (they point at the real agent repo+tag).
- build.sh: preflight + install now gate on FEATURE_COLIBRI (and the hidden
COLIBRI_STAGE_AGENT), banner folds the agent into the Colibri line, messages
use colibri-agent naming.
- README: agent harness presented under the colibri control plane; pi retained
as a spawnable agent backend rather than the default harness.
Behavior change for the builder: with FEATURE_COLIBRI=YES (default) the agent
now stages on baseline builds, so preflight FAILS if the agent binary is not
prebuilt in $ZOT_REPO/bin. Build it first (GOOS=freebsd go build -o bin/zot
./cmd/zot) or pass COLIBRI_STAGE_AGENT=NO for a daemon-only image.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Removes stale Herdr references, reserves service clawdie for deployed disk/server targets, and keeps the live USB on colibri_daemon. Drops the baseline live rc.d/clawdie wrapper so the mounted-image contract matches the docs.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Rewords live display-manager guardrails around SDDM without stale LightDM framing, clarifies qt6/kf6 rows as package dependencies rather than installer direction, and fixes the CHANGELOG trailing EOF blank flagged by diff-check.\n\nChecks: ./scripts/check-format.sh; git diff --check
First concrete step of the zot consolidation (colibri ADR). Opt-in FEATURE_ZOT
(default NO; Pi stays default during migration).
- build.cfg: FEATURE_ZOT, ZOT_VERSION (pinned v0.2.29), ZOT_REPO,
ZOT_ARTIFACT_DIR, ZOT_DEEPSEEK_KEY (optional bake).
- scripts/stage-zot-iso.sh: install the prebuilt zot binary -> /usr/local/bin/zot;
populate the operator's $ZOT_HOME (~/.local/state/zot) with auth.json
({"deepseek":{"api_key":...}}, 0600) when a key is given, else an
auth.json.sample template + README (telegram via `zot telegram-bot setup`).
- build.sh: status line, resolve_zot_paths, preflight_zot_artifacts (errors with
the GOOS=freebsd go-build hint — zot has no FreeBSD release), install_zot_agent
(+ chown operator state), wired into preflight + install sequences.
zot is built on the FreeBSD host from the pinned tag:
(cd $ZOT_REPO && git checkout v0.2.29 && GOOS=freebsd GOARCH=amd64 \
go build -trimpath -o bin/zot ./cmd/zot)
sh -n clean; staging smoke-tested (binary staged, auth.json 0600 valid).
Credentials use zot's own resolution (--api-key -> env -> auth.json), replacing
baked-into-binary keys. Default build unchanged (FEATURE_ZOT=NO).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
User-facing timestamps in run-bhyve-test.sh used the ambiguous numeric form
%Y-%m-%d. Switch to European display (date +%d.%b.%Y %H:%M:%S). Log filename
keeps sortable ISO 8601 basic (machine artifact, per the rule's internal-storage
exemption).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
bhyve-test.sh captures the guest serial console; this adds a QA gate over that
log so the harness can be used as a build gate (appliance runbook §3):
- CRITICAL (gate the exit): no kernel panic, no reboot loop, boot reached
login/sddm, and no "permission denied" (regression guard for the colibri
socket EACCES we just fixed).
- INFO (best-effort console markers): colibri socket ready, no store-open panic,
clawdie-live-gpu ran.
- Prints the deeper in-guest checklist (socket mode, glasspane query, GPU
branch) that lives in guest logs, not the console.
Exit is non-zero if the boot harness failed OR any critical assert failed.
Also pass-through args to bhyve-test.sh (ISO path / --name).
sh -n clean; gate logic unit-tested (clean boot → pass/exit0; panic+EACCES+no-login
→ fail). INFO/CRITICAL patterns should be confirmed against a real boot console
on first run.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Re-landed on current main (the earlier branch never merged — main moved under
it). Flip COLIBRI_DAEMON_ENABLE default NO -> YES now that live boot is proven
on AMD hardware. rc.d is REQUIRE: LOGIN, so it starts after login and cannot
block SDDM/XFCE. Still env-overridable. Pair with colibri socket-perms fix so
operators connect without EACCES. CLAWDIE_ENABLE left NO.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
