feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth #99

Merged

clawdie merged 1 commit from hive-key-exchange into main 2026-06-21 20:31:10 +02:00

Conversation 0 Commits 1 Files changed 1 +68 -10

clawdie commented 2026-06-21 20:19:47 +02:00

Owner

Copy link

Agent side of the vault-mediated mother key exchange (direction B — we call mother's tools).

clawdie-enable-mother now, after ensuring the colibri SSH identity, upserts the pubkey to Vaultwarden as hive-pubkey-<hostname> (via bw, run as root so it can read BW_* from provider.env; the pubkey is public so it's passed via env, no secret in ps). Mother's mother-sync-hive-keys (colibri PR) rebuilds its authorized_keys from these items — no operator copy-paste between machines.

The printed pubkey + restricted command= line stay as a manual fallback. Uses the bitwarden-cli-vault skill's session+upsert pattern.

Verified: sh -n clean; embedded id-extraction + base64-JSON snippets tested. Needs Hermes hardware validation (bw + vault reachability).

🤖 Generated with Claude Code

Agent side of the vault-mediated mother key exchange (direction B — we call mother's tools). `clawdie-enable-mother` now, after ensuring the colibri SSH identity, **upserts the pubkey to Vaultwarden** as `hive-pubkey-<hostname>` (via `bw`, run as root so it can read `BW_*` from `provider.env`; the pubkey is public so it's passed via env, no secret in `ps`). Mother's `mother-sync-hive-keys` (colibri PR) rebuilds its `authorized_keys` from these items — no operator copy-paste between machines. The printed pubkey + restricted `command=` line stay as a manual fallback. Uses the `bitwarden-cli-vault` skill's session+upsert pattern. Verified: `sh -n` clean; embedded id-extraction + base64-JSON snippets tested. Needs Hermes hardware validation (bw + vault reachability). 🤖 Generated with Claude Code

clawdie added 1 commit 2026-06-21 20:19:49 +02:00

feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth ... 3a2228a6b7

Vault-mediated key exchange (direction B — we call mother). After ensuring the
colibri SSH identity, enable-mother now upserts the pubkey into Vaultwarden as
`hive-pubkey-<hostname>` (via bw, run as root so it can read the BW_* bootstrap
creds from provider.env). Mother's mother-sync-hive-keys rebuilds its
authorized_keys from these items, so no operator copy-paste between machines.

The printed pubkey + restricted command= line remain as a manual fallback when
the vault publish is unavailable. Uses the bitwarden-cli-vault skill's
session+upsert pattern. sh -n clean; embedded JSON/id-extraction tested.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

clawdie merged commit a7102d293d into main 2026-06-21 20:31:10 +02:00

clawdie deleted branch hive-key-exchange 2026-06-21 20:31:10 +02:00

clawdie referenced this pull request from a commit 2026-06-21 20:31:14 +02:00

Merge pull request 'feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth' (#99) from hive-key-exchange into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/clawdie-iso#99

No description provided.