feat(seed): zero-touch boot from a personalized seed (provider keys → provider.env) #110

Merged

clawdie merged 1 commit from seed-zero-touch-provisioning into main

2026-06-22 08:57:50 +02:00

clawdie commented

2026-06-22 08:57:10 +02:00

Owner

Why

The live seed importer already ingests a full per-agent payload (env, harness.toml, soul/, ssh keys) from the FAT32 CLAWDIESEED partition. But it merged provider keys into the operator's ~/.env, while colibri_daemon reads /usr/local/etc/colibri/provider.env (colibri_daemon_provider_env in rc.conf). So a personalized stick carrying real provider keys never reached the daemon, and no agent auto-spawned — onboarding still needed the Join Hive click + Vaultwarden round-trip.

What

Route the active agent's non-BW_* keys into provider.env (0600 root) in addition to ~/.env.

The boot ordering already makes this zero-touch:

clawdie_live_seed runs as root, BEFORE: LOGIN
colibri_daemon runs REQUIRE: LOGIN — strictly after

So the daemon starts after the keys land, finds DEEPSEEK_API_KEY, and auto-spawns the agent (COLIBRI_AUTOSPAWN_PI=YES) on first boot — no click, no vault round-trip, no typing. BW_* still route to ~/.config/vault-bootstrap.env for operators who prefer the vault-fetch path.

This makes a personalized seed the onboarding primitive: the image stays generic and publishable, the FAT32 seed is the (offline, secret-bearing) personalization layer. It supersedes the earlier xdg-autostart "delete the click" plan — removes the click for free without a first-login sentinel or a first-boot network dependency.

Changes

live/operator-session/clawdie-live-seed — SEED_PROVIDER_ENV var + merge active-agent provider keys into it
live/operator-session/clawdie-live-seed.README.txt — document the routing + zero-touch behavior
live/operator-session/START-HERE.txt — "seeded = nothing to do" note
docs/ONBOARDING-SIMPLIFICATION.md — record the implemented direct-keys path

Test

Exercised the importer offline (CLAWDIE_SEED_TEST=1, fake mount): provider keys land in both provider.env and ~/.env (0600), BW_* route to vault-bootstrap, soul staged, active-agent recorded. sh -n clean; markdown format gate green.

🤖 Generated with Claude Code

## Why The live seed importer already ingests a full per-agent payload (`env`, `harness.toml`, `soul/`, ssh keys) from the FAT32 `CLAWDIESEED` partition. But it merged provider keys into the operator's `~/.env`, while `colibri_daemon` reads `/usr/local/etc/colibri/provider.env` (`colibri_daemon_provider_env` in rc.conf). So a personalized stick carrying real provider keys never reached the daemon, and no agent auto-spawned — onboarding still needed the Join Hive click + Vaultwarden round-trip. ## What Route the active agent's non-`BW_*` keys into `provider.env` (0600 root) **in addition to** `~/.env`. The boot ordering already makes this zero-touch: - `clawdie_live_seed` runs as root, `BEFORE: LOGIN` - `colibri_daemon` runs `REQUIRE: LOGIN` — strictly after So the daemon starts after the keys land, finds `DEEPSEEK_API_KEY`, and auto-spawns the agent (`COLIBRI_AUTOSPAWN_PI=YES`) on first boot — **no click, no vault round-trip, no typing.** `BW_*` still route to `~/.config/vault-bootstrap.env` for operators who prefer the vault-fetch path. This makes a **personalized seed** the onboarding primitive: the image stays generic and publishable, the FAT32 seed is the (offline, secret-bearing) personalization layer. It supersedes the earlier xdg-autostart "delete the click" plan — removes the click for free without a first-login sentinel or a first-boot network dependency. ## Changes - `live/operator-session/clawdie-live-seed` — `SEED_PROVIDER_ENV` var + merge active-agent provider keys into it - `live/operator-session/clawdie-live-seed.README.txt` — document the routing + zero-touch behavior - `live/operator-session/START-HERE.txt` — "seeded = nothing to do" note - `docs/ONBOARDING-SIMPLIFICATION.md` — record the implemented direct-keys path ## Test Exercised the importer offline (`CLAWDIE_SEED_TEST=1`, fake mount): provider keys land in both `provider.env` and `~/.env` (0600), `BW_*` route to vault-bootstrap, soul staged, active-agent recorded. `sh -n` clean; markdown format gate green. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

clawdie added 1 commit 2026-06-22 08:57:12 +02:00

feat(seed): route seeded provider keys to provider.env for zero-touch boot ba2f09f290

The live seed importer merged the active agent's provider keys into the
operator ~/.env, but colibri_daemon reads /usr/local/etc/colibri/provider.env
(rc.conf colibri_daemon_provider_env). So a personalized seed carrying real
provider keys never reached the daemon and no agent auto-spawned.

Route the active agent's non-BW_* keys into provider.env (0600 root) in
addition to ~/.env. The importer runs as root BEFORE LOGIN and colibri_daemon
REQUIREs LOGIN, so the daemon starts after the keys land and auto-spawns the
agent on first boot — no Join Hive click, no Vaultwarden round-trip, no typing.

This makes a personalized seed the zero-touch onboarding primitive: the image
stays generic/publishable, the FAT32 seed is the (offline) personalization
layer. BW_* still route to vault-bootstrap.env for the vault-fetch path.

Docs: seed README, START-HERE, and ONBOARDING-SIMPLIFICATION updated to
describe the direct-keys path (supersedes the xdg-autostart plan).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>