- shell-pf.sh: BRIDGE is now always warden0 (matches jail-config.ts and AGENTS.md)
- CompletePage.qml: token text now says will be generated after first boot
- NETWORKING.md: updated to reflect warden0 fix
Collect optional SSH public key and Tailscale auth key in the live installer, keep the controlplane loopback-bound by default, allow SSH over tailscale0, and rotate the post-install setup token into /var/db/clawdie-installer/setup-token with MOTD guidance for SSH tunnel access.
This slice is install-mode only; upgrade runs do not mint a new setup token.
Build: pass
Tests: pass — sh -n + QML build + config-format + mocked setup-token writer dry-run
Real-disk / bhyve install: NOT YET TESTED
Live GUI installs now write runtime handoff files under /var/run/clawdie-installer, invoke bsdinstall script through a dedicated commit helper, persist the installed handoff for first HDD boot, and point the operator at /setup after reboot.
The live autologin user is restricted to a narrow sudoers rule for the commit helper and reboot only.
Build: pass
Tests: pass — sh -n + QML build + config-format + stubbed live-commit dry-run
Real-disk / bhyve install: NOT YET TESTED
mDNS resolves single-label names under .home.arpa (e.g.
mevy.home.arpa) but cannot resolve multi-label names like
blog.mevy.home.arpa because no single device "owns" the compound
name. The Clawdie multitenant naming policy uses hierarchical site
naming (<site>.<tenant>.<base>), so a local DNS resolver is required.
dnsmasq is a small (~2 MB) FreeBSD-native DNS server used by most
home routers and homelabs. Bundling it with the ISO removes the
"works on my machine" failure mode for fresh installs that try to
reach blog.mevy.home.arpa.
Mirrors the addition that will land in clawdie-ai's
infra/packages/host-baseline.txt once the multitenant naming policy
note is approved.
Generate CONTROLPLANE_SHARED_SECRET and BETTER_AUTH_SECRET at install
time via openssl rand. Add CONTROLPLANE_HOST_IP, CONTROLPLANE_AUTH_MODE,
CONTROLPLANE_PORT, BETTER_AUTH_URL, GIT_LOCAL_URL to both install heredoc
and upgrade append path. Default to bare git repo (CODE_HOSTING_MODE=git)
instead of Forgejo.
---
Build: pass | Tests: not run (Linux) — shell script, bash -n validated
Four critical fixes before v1.0.0 VM test, informed by PC-BSD failure
modes and GhostBSD's improvements:
1. shell-zfs.sh: zpool labelclear on fresh install
Clear ZFS labels from every device that was in the old pool before
bsdinstall writes new ones. Prevents the "can't find pool by GUID"
boot failure that made PC-BSD reinstalls unreliable.
2. shell-zfs.sh: pre-upgrade snapshot
When operator selects Upgrade, take zfs snapshot -r
pool@pre-upgrade-{timestamp} before any changes. One reboot to
roll back if the upgrade goes wrong. UPGRADE_SNAPSHOT exported for
downstream modules to reference.
3. shell-env.sh: never overwrite secrets on upgrade
clawdie_shell_env_generate() now checks CLAWDIE_BOOT_MODE. In
upgrade mode it calls clawdie_shell_env_append_new_keys() instead
of regenerating — reads existing .env and appends only keys that
are absent. Existing DB passwords, JWT secrets, API keys are never
touched. This fixes the root cause of the orphaned-database bug:
new passwords that don't match the existing pool's data.
4. firstboot.sh: module execution matrix via run_step_if
New run_step_if "<modes>" wrapper marks steps as done without
running them when not applicable to the current boot mode.
Upgrade skips: gpu, nvidia, ssh, system, desktop, pf, tailscale
Upgrade runs: pkg, env (append-only), npm-globals, deploy
Prevents SSH key resets, rc.conf overwrites, and firewall rewrites
during upgrade — all of which undid operator customisations.
Also adds INSTALLER-PLAN.md: full architecture plan for unified
GUI/TUI installer with Fresh / Upgrade / Repair modes, boot
environment support, and a clear phase roadmap to v1.1.0.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
shell-deploy.sh was dropping to the clawdie user before running
just install. setup/service.ts checks isRoot() to decide whether
to install the rc.d service or generate start/stop wrappers — so
running as clawdie meant the agent was never registered with
FreeBSD's service manager and never started at boot.
Fix: run the installer as root. setup/service.ts already handles
privilege separation correctly when invoked as root: it writes
/usr/local/etc/rc.d/{agent}, adds -u {agent} to daemon args so
the running process is never root, and chowns data/logs/groups to
the agent user to prevent EACCES on first write.
Also adds DB_RUNTIME to the generated .env seed so operators can
see the jail vs host postgres option without reading the docs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- build.sh now runs npm ci at ISO build time and bundles node_modules into the clawdie-ai payload tarball\n- firstboot deploy ensures node_modules exist (fallback: npm ci, network required)\n- test mode skips venv/model seeding + verify to avoid host side effects\n- docs/tests updated to match
ISO deploy module now runs `just install` (with a dev fallback to `npm run install`) instead of `npm run install-all`, and docs/tests are updated accordingly.
- Updated firstboot completion messages: Aider and Pi now listed as primary harnesses, Codex as optional
- Added [Unreleased] section to CHANGELOG documenting Aider venv provisioning and harness integration
- Reflects completion of Aider+Pi harness migration across clawdie-ai and clawdie-iso
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Bundles the 'just' command runner on the USB image. Provides
discoverable project commands via justfile in Clawdie-AI.
---
Build: pass | Tests: not run (Linux)
Add py311-aider_chat to host baseline for the controlplane harness
(Aider + Pi multi-agent orchestrator). Add forgejo package to jail
list for the code service. Bake ZAI_API_BASE into firstboot .env
to fix litellm endpoint mismatch discovered during Aider testing.
---
Build: pass | Tests: not run (Linux)
Ships @anthropic-ai/claude-code, @google/gemini-cli, and
@mariozechner/pi-coding-agent as prebuilt .tgz tarballs on the install
media so the agent runtime has its CLI dependencies on first boot
without network access.
Critical: installs to /home/clawdie/.npm-global to match the
npm_config_prefix set by shell-system.sh in /etc/profile.d/clawdie.sh,
so the clawdie user's PATH (and the agent's commandExists() probes)
actually resolve the binaries.
- scripts/fetch-npm-globals.sh: npm pack the 3 CLIs into tmp/npm-globals/
- firstboot/shell-npm-globals.sh: offline install as clawdie user with
matching prefix, runs between pkg setup and deploy
- build.sh: fetch + bundle into ${SHARE}/npm-globals/
- firstboot.sh: source module and run_step before deploy
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ANTHROPIC_API_KEY and CLAUDE_CODE_OAUTH_TOKEN as optional password
fields to both shell wizard and GUI installer. Fields flow through to
.env via shell-env.sh. Document /tmp exemption in AGENTS.md.
