- build.cfg: ISO_VERSION 0.10.0 -> 0.11.0; reword the version note — clawdie-iso
and colibri now share one unified Clawdie release version (zot/clawdie-ai stay
provenance in build-manifest.json).
- CHANGELOG: [0.11.0] entry (date in EU format DD.mon.YYYY per AGENTS rule)
covering the versioning unify, operator-session hardening, poudriere
build-server scripts, and the duplicate-port retirement.
colibri Cargo.toml + port DISTVERSION bump to 0.11.0 lands in the colibri repo
(separate branch). Tags held until both bumps merge.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace stale colibri-smoke-agent references with colibri-test-agent, mark colibri-tui optional/desirable, update image-name comments, and avoid smoke wording in current build handoff docs.\n\nChecks: sh -n build.sh; sh -n scripts/test-release-gate.sh; ./scripts/check-format.sh; git diff --check.
Use zot's Makefile VERSION hook in release/live rebuild instructions and preflight hints so the staged binary reports 0.2.29 instead of the local-build 0.0.0 default.\n\nChecks: sh -n build.sh; sh -n scripts/stage-zot-iso.sh; sh -n scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; stage-zot-iso dummy-artifact smoke; VERSION=0.2.29 make build in zot produced 'zot 0.2.29'.
Decouple the ISO identity from zot and cut the first numbered milestone.
Versioning schema (decided 2026-06-15):
- ISO_VERSION is now an explicit product version (build.cfg: 0.10.0); the
"auto"/zot-tracking path is removed and a build with no version fails fast.
The image no longer borrows zot's number — component versions are provenance.
- build-manifest.json: "iso_version_tracks":"zot" -> "version_scheme":"product",
and add colibri_commit/colibri_dirty (the image stages adjacent colibri
binaries; record which commit produced them — the main reproducibility gap).
Docs/version consistency (from docs to flashing/testing/skill):
- CHANGELOG: new [0.10.0] "Operator Image" milestone (stable XFCE + colibri
service fixes + self-rebuild lane); reword the version model and repo table.
- README/BUILD/FLASHING/TESTING/iso-publish: artifact examples 0.2.29 -> 0.10.0;
version-scheme prose updated to product-version, not zot-tracking.
Stacked on the live-rebuild branch (PR #56); merge after it.
Checks: sh -n build.sh OK; prettier clean on all changed docs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Drop the hand-maintained ISO_VERSION=0.1.0. Default ISO_VERSION=auto resolves at
build time from the zot checkout (git describe --tags), falling back to the pinned
ZOT_VERSION, and strips the leading v (v0.2.29 -> 0.2.29). Records zot_version +
zot_commit in build-manifest.json; the banner shows which zot it tracks. Set
ISO_VERSION=x.y.z to override.
Also drops the stale 'independent from Clawdie-AI runtime version' comment — the
version's only anchor is zot now.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The agent (a static Go binary) was a separately-named opt-in stage gated by
FEATURE_ZOT=NO, so baseline builds shipped colibri without its agent. It is
really a component of colibri, not its own product surface — so name and stage
it under the colibri umbrella.
- build.cfg: remove FEATURE_ZOT; add internal COLIBRI_STAGE_AGENT (default YES,
undocumented escape hatch for daemon-only debug builds). Keep ZOT_REPO/
ZOT_VERSION as internal staging inputs (they point at the real agent repo+tag).
- build.sh: preflight + install now gate on FEATURE_COLIBRI (and the hidden
COLIBRI_STAGE_AGENT), banner folds the agent into the Colibri line, messages
use colibri-agent naming.
- README: agent harness presented under the colibri control plane; pi retained
as a spawnable agent backend rather than the default harness.
Behavior change for the builder: with FEATURE_COLIBRI=YES (default) the agent
now stages on baseline builds, so preflight FAILS if the agent binary is not
prebuilt in $ZOT_REPO/bin. Build it first (GOOS=freebsd go build -o bin/zot
./cmd/zot) or pass COLIBRI_STAGE_AGENT=NO for a daemon-only image.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
Removes stale Herdr references, reserves service clawdie for deployed disk/server targets, and keeps the live USB on colibri_daemon. Drops the baseline live rc.d/clawdie wrapper so the mounted-image contract matches the docs.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
First concrete step of the zot consolidation (colibri ADR). Opt-in FEATURE_ZOT
(default NO; Pi stays default during migration).
- build.cfg: FEATURE_ZOT, ZOT_VERSION (pinned v0.2.29), ZOT_REPO,
ZOT_ARTIFACT_DIR, ZOT_DEEPSEEK_KEY (optional bake).
- scripts/stage-zot-iso.sh: install the prebuilt zot binary -> /usr/local/bin/zot;
populate the operator's $ZOT_HOME (~/.local/state/zot) with auth.json
({"deepseek":{"api_key":...}}, 0600) when a key is given, else an
auth.json.sample template + README (telegram via `zot telegram-bot setup`).
- build.sh: status line, resolve_zot_paths, preflight_zot_artifacts (errors with
the GOOS=freebsd go-build hint — zot has no FreeBSD release), install_zot_agent
(+ chown operator state), wired into preflight + install sequences.
zot is built on the FreeBSD host from the pinned tag:
(cd $ZOT_REPO && git checkout v0.2.29 && GOOS=freebsd GOARCH=amd64 \
go build -trimpath -o bin/zot ./cmd/zot)
sh -n clean; staging smoke-tested (binary staged, auth.json 0600 valid).
Credentials use zot's own resolution (--api-key -> env -> auth.json), replacing
baked-into-binary keys. Default build unchanged (FEATURE_ZOT=NO).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Re-landed on current main (the earlier branch never merged — main moved under
it). Flip COLIBRI_DAEMON_ENABLE default NO -> YES now that live boot is proven
on AMD hardware. rc.d is REQUIRE: LOGIN, so it starts after login and cannot
block SDDM/XFCE. Still env-overridable. Pair with colibri socket-perms fix so
operators connect without EACCES. CLAWDIE_ENABLE left NO.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
build.cfg hard-set GPU_DRIVER="" , and build.sh sources build.cfg after the
environment is already set, so `env GPU_DRIVER=nvidia-590 ./build.sh` was
silently clobbered to "" (no NVIDIA branch baked). There is no --gpu-driver
flag in build.sh, so the environment is the only way to set it.
Use GPU_DRIVER="${GPU_DRIVER:-}" so an env value is honored; default stays "".
Verified: env nvidia-590 -> nvidia-590; no env -> "". Replaces the
detached-worktree workaround applied during the live build.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Opt-in NVIDIA_UNIVERSAL lane (default NO; normal/single-branch builds unchanged):
one ISO that adapts to an unknown NVIDIA target.
- build.cfg: NVIDIA_UNIVERSAL flag.
- build.sh: install_nvidia_universal_repo() stages an on-image pkg repo with all
three branches (390/470/580 + settings), pkg-repo metadata, and a file:// repo
conf; universal mode bakes no branch and sets clawdie_live_gpu_mode=nvidia-auto.
- clawdie_live_gpu: nvidia-auto mode detects the device id (PR #30 fix) -> branch
{390,470,590} -> pkg-name -> `pkg install -r clawdie-nvidia` -> kldload, all
best-effort with fallback to integrated/scfb (never blocks boot).
- doc/NVIDIA-UNIVERSAL-HANDOFF.md: Codex FreeBSD build + hardware validation plan.
sh -n clean; detector+branch+pkg map unit-tested on Linux
(1c8c->590->nvidia-driver-580, 0fc8->470, 0e22->390). The pkg fetch/repo layout,
offline boot install, writable root, kernel ABI, and image size MUST be validated
on the FreeBSD build host + real NVIDIA hardware (see handoff).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Change default FEATURE_TAILSCALE from NO to YES
- Add build-time warning if TAILSCALE_AUTHKEY not set
- Update firstboot wizard: Tailscale moves to screen 2
- Add summary screen showing Tailscale status
- Update shell-tailscale.sh to handle missing auth key gracefully
- Update BUILD.md with new recommended/optional flow
User experience:
- With auth key: Tailscale auto-connects (secure)
- Without auth key: Warning shown, build continues (public SSH)
- Wizard allows enabling/disabling with clear warnings
No breaking changes - existing builds still work.
The .env template was missing two vars that src/config.ts reads at
runtime. Without them embeddings silently fall back to wrong defaults
(768 dims vs the 1024 the pgvector schema expects).
- shell-env.sh: add EMBED_API_KEY + EMBED_DIMENSIONS to template
- build.cfg: add matching defaults (1024 dims)
- firstboot.sh: export the new vars
- cloud-path-test.sh: add EMBED var checks (now 19 total)
Build: not tested | Tests: PASS (cloud-path 19/19, integration 7/7)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
build.cfg now uses ${VAR:-} pattern so env vars take precedence,
enabling cloud builds with arbitrary agent config via environment.
build.sh step 6 now injects all new fields (AGENT_GENDER,
PI_TUI_PROVIDER, PI_TUI_MODEL, API keys, Telegram, embeddings)
into the baked build.cfg inside the image.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create packages/pkg-list-lumina.txt with Lumina desktop environment packages
- Delete pkg-list-xfce.txt, pkg-list-mate.txt, pkg-list-kde.txt
- Remove desktop-installer from pkg-list-desktop-base.txt
- build.cfg: DEFAULT_DESKTOP=lumina (sole supported DE)
- build.sh: use pkg-list-lumina.txt instead of pkg-list-xfce.txt
- BUILD.md: update DEFAULT_DESKTOP comment
- CLAWDIE-ISO.md: add deprecation notice, update all DE references to Lumina only
Lumina is the sole supported FreeBSD-native desktop environment as per
LUMINA-INTEGRATION.md and CLAWDIE-ISO-REFACTORED.md specifications.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Add --ssh-key flag for providing SSH public key at build time
- Add --root-password and --clawdie-password flags for custom system passwords
- Update build.cfg with SSH_PUBLIC_KEY, ROOT_PASSWORD, CLAWDIE_USER_PASSWORD
- Bake all security-related vars into ISO for firstboot access
Enables secure passwordless SSH auth and custom password provisioning.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add deploy target configuration and cloud pre-bake variables.
Cloud builds accept these via CLI flags; baremetal leaves them blank
for interactive collection via bsddialog wizard.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add GPU_DRIVER configuration variable (defaults to empty) to enable --gpu-driver
flag parametrization at build time. Supports 6 variants:
- intel | amd | nvidia-590 | nvidia-470 | nvidia-390 | vesa | "" (auto-detect)
This allows build.sh to bake GPU driver selection into the ISO, bypassing live
pciconf detection at firstboot and guaranteeing ONE reboot instead of TWO.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Change IMAGE_NAME from YYYYMMDD to DD.mmm.YYYY per AGENTS.md convention.
No numeric-only months — ambiguous for humans and LLMs.
Output: clawdie-iso-17.mar.2026.img (instead of clawdie-iso-20260317.img)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
