clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(packages): keep agent jail drift gate parseable (Sam & Pi) #101

Merged
clawdie merged 1 commit from fix/post-pull-format-and-mother-sync-notes into main 2026-06-21 20:39:06 +02:00
Conversation 0 Commits 1 Files changed 3 +15 -12
3 changed files with 15 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
AGENTS.md
View file

@ -4,6 +4,7 @@
**clawdie-iso** builds the operator USB image — a live FreeBSD 15 XFCE
environment that serves two roles:
- **Development surface** for Colibri: build, validate, and iterate on the
control plane from a bootable USB without touching the host OS.
- **Installer** for the **Clawdie service**: deploys Colibri as an rc.d
@ -19,14 +20,14 @@ The XFCE operator USB work now uses a git-coordinated split. Agents may review
or suggest across boundaries, but must coordinate explicitly before taking over
another role's load-bearing responsibility.
| Role name | Identity | Owns | Restrictions |
| ---------------------------------- | ----------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| **Pi ISO Developer** | Pi harness (this dev agent) | Source changes, docs, static checks, commits, pushes | Does not start ISO builds or flash media unless explicitly assigned |
| **Codex ISO Builder** | codex pkg on the FreeBSD build host | `./build.sh`, mounted-image inspection, publishing, hardware validation | Focuses on targeted changes; broad source refactors require prior review; reports exact logs/output back through git or handoff notes |
| **Hermes USB/IMG Deployer** | Hermes on Debian/Linux | Downloading verified published artifacts, USB target identification, flashing | Only flashes verified artifacts to whole-disk target paths; does not need git-host access |
| **Claude Reviewer / XFCE Tweaker** | Claude (Linux) | Review/plans plus Track E XFCE GUI polish | Builds ISO only through Codex ISO Builder; validates with Linux tooling; marks speculative runtime claims as such |
| **Opencode / Z.ai Integrator** | Opencode CLI on Linux | Linux-side Colibri/dashboard experiments plus Pi/DeepSeek v4 provider-lane validation wiring | Validates on Linux and refers FreeBSD runtime claims to the build host; uses Sam-provided API keys only for provider validation |
| **Operator (Sam)** | Human operator | Product, hardware, acceptance, release judgment | Human approval required for release/tagging decisions |
| Role name | Identity | Owns | Restrictions |
| ---------------------------------- | ----------------------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| **Pi ISO Developer** | Pi harness (this dev agent) | Source changes, docs, static checks, commits, pushes | Does not start ISO builds or flash media unless explicitly assigned |
| **Codex ISO Builder** | codex pkg on the FreeBSD build host | `./build.sh`, mounted-image inspection, publishing, hardware validation | Focuses on targeted changes; broad source refactors require prior review; reports exact logs/output back through git or handoff notes |
| **Hermes USB/IMG Deployer** | Hermes on Debian/Linux | Downloading verified published artifacts, USB target identification, flashing | Only flashes verified artifacts to whole-disk target paths; does not need git-host access |
| **Claude Reviewer / XFCE Tweaker** | Claude (Linux) | Review/plans plus Track E XFCE GUI polish | Builds ISO only through Codex ISO Builder; validates with Linux tooling; marks speculative runtime claims as such |
| **Opencode / Z.ai Integrator** | Opencode CLI on Linux | Linux-side Colibri/dashboard experiments plus Pi/DeepSeek v4 provider-lane validation wiring | Validates on Linux and refers FreeBSD runtime claims to the build host; uses Sam-provided API keys only for provider validation |
| **Operator (Sam)** | Human operator | Product, hardware, acceptance, release judgment | Human approval required for release/tagging decisions |
## Agent / Codebase Check-In Matrix

4
PLAN-OPERATOR-USB-NEXT.md
View file

@ -150,8 +150,9 @@ unit-tested. `plan` + dry-run `apply` validated on FreeBSD host (osa).
#### Strategy C2: Guided firstboot wizard
A `/usr/local/sbin/clawdie-setup` shell script (or firstboot hook):
1. Run `clawdie discover`, show available pools
2. Prompt: "Which pool?"
2. Prompt: "Which pool?"
3. Show `clawdie plan --pool <chosen>` for review
4. Prompt: "Deploy? [y/N]"
5. Run `clawdie apply --pool <chosen> --yes`
@ -180,6 +181,7 @@ bhyve = true # install bhyve + vm-bhyve
```
Boot behavior:
- If `/etc/clawdie/deploy.toml` present → `clawdie apply --config …` runs on boot
- If absent → boots to desktop (operator USB mode)

6
packages/pkg-list-jails.txt
View file

@ -9,18 +9,18 @@ bash
git
rsync
curl
# jq — JSON processor for the MCP tool path. Mirrors the entry in
# Colibri packaging/freebsd/agent-jail-bootstrap.sh.
jq
# agent-jail (Colibri agent-jail-bootstrap.sh baseline)
# python312 is our application Python. System deps (npm-node24 etc.) pull
# python311 as a transitive dependency from FreeBSD's default PYTHON=3.11.
# jq is used by the MCP tool path and mirrors Colibri
# packaging/freebsd/agent-jail-bootstrap.sh.
python312
node24
npm-node24
bash
curl
jq
# cms-jail
nginx