feat(seed): OOTB zot seed — AGENTS.md→ZOT_HOME, content + staging, regression tests #137

Merged

clawdie merged 3 commits from feat/seed-population into main

2026-06-25 05:09:35 +02:00

clawdie commented

2026-06-25 05:04:14 +02:00

Owner

What

Out-of-the-box zot seed propagation for the operator image, plus the regression
tests that prove it. Carries feat/seed-agents-md (stacked).

Seed importer (clawdie-live-seed): installs AGENTS.md from the
CLAWDIESEED partition to $ZOT_HOME (/var/db/colibri/.local/state/zot) —
the global slot the autospawned zot rpc reads as system-prompt context.
Installed as its own block after the ssh-material step.
Seed content: seed/AGENTS.md (mother, MCP verbs, capabilities, "install
Hermes next"), seed/harness.toml (zot), seed/env.placeholder (no secrets
baked), wired into build.sh + stage-colibri-iso.sh staging.
Autospawn kickoff: COLIBRI_AUTOSPAWN_RPC_PROMPT tells the booted zot to
read CLAWDIE_HW_PROFILE and call node_register on mother.
Tests (tests/):
- seed-import-test.sh (Layer 0): runs the real importer in a sandbox and
  asserts the full propagation contract; 23/23 in REQUIRE_AGENTS_MD=1.
- mcp-boundary-test.sh (Layer 2): forced-command allowlist + MCP handshake,
  incl. a real loopback sshd; skips cleanly without a sibling colibri.

Cross-repo dependency

The importer writes AGENTS.md to /var/db/colibri/.local/state/zot. That only
matches zot's runtime $ZOT_HOME once colibri fix/zot-home pins it
(zot inherits the daemon's HOME; without the pin ZOT_HOME resolves elsewhere
and the file is never read). These two PRs must land together.

Verification (Linux, pre-merge)

Layer 0 importer test: green against this branch's importer.
Layer 1 (zot built from source): readAgentsContext reads $ZOT_HOME/AGENTS.md;
a unit test reproduces the HOME-mismatch miss and confirms the ZOT_HOME pin fixes it.
Layer 1b: real colibri-daemon autospawn → zot inherits daemon HOME, no ZOT_HOME
set — confirming the pin is required.
Layer 2: 11/11 incl. real sshd forced-command.

Not yet proven: the runtime link (zot actually calling node_register on a
live mother) — that's Layer 3 on osa, after setup-mother.sh.

🤖 Generated with Claude Code

## What Out-of-the-box zot seed propagation for the operator image, plus the regression tests that prove it. Carries `feat/seed-agents-md` (stacked). - **Seed importer** (`clawdie-live-seed`): installs `AGENTS.md` from the CLAWDIESEED partition to `$ZOT_HOME` (`/var/db/colibri/.local/state/zot`) — the global slot the autospawned `zot rpc` reads as system-prompt context. Installed as its own block after the ssh-material step. - **Seed content**: `seed/AGENTS.md` (mother, MCP verbs, capabilities, "install Hermes next"), `seed/harness.toml` (zot), `seed/env.placeholder` (no secrets baked), wired into `build.sh` + `stage-colibri-iso.sh` staging. - **Autospawn kickoff**: `COLIBRI_AUTOSPAWN_RPC_PROMPT` tells the booted zot to read `CLAWDIE_HW_PROFILE` and call `node_register` on mother. - **Tests** (`tests/`): - `seed-import-test.sh` (Layer 0): runs the real importer in a sandbox and asserts the full propagation contract; **23/23 in `REQUIRE_AGENTS_MD=1`**. - `mcp-boundary-test.sh` (Layer 2): forced-command allowlist + MCP handshake, incl. a real loopback sshd; skips cleanly without a sibling colibri. ## Cross-repo dependency The importer writes `AGENTS.md` to `/var/db/colibri/.local/state/zot`. That only matches zot's runtime `$ZOT_HOME` once **colibri `fix/zot-home`** pins it (zot inherits the daemon's `HOME`; without the pin `ZOT_HOME` resolves elsewhere and the file is never read). **These two PRs must land together.** ## Verification (Linux, pre-merge) - Layer 0 importer test: green against this branch's importer. - Layer 1 (zot built from source): `readAgentsContext` reads `$ZOT_HOME/AGENTS.md`; a unit test reproduces the HOME-mismatch miss and confirms the ZOT_HOME pin fixes it. - Layer 1b: real colibri-daemon autospawn → zot inherits daemon `HOME`, no `ZOT_HOME` set — confirming the pin is required. - Layer 2: 11/11 incl. real sshd forced-command. **Not yet proven:** the runtime link (zot actually calling `node_register` on a live mother) — that's Layer 3 on osa, after `setup-mother.sh`. 🤖 Generated with Claude Code

clawdie added 4 commits 2026-06-25 05:04:17 +02:00

feat(seed): install AGENTS.md from seed to zot's ZOT_HOME global slot 06e8f4b77c

The seed importer already dual-writes SSH material to the daemon home.
Adds an AGENTS.md install block targeting /var/db/colibri/.local/state/zot/ —
the path pinned by colibri_daemon.in's ZOT_HOME export. Zot reads this as
its first AGENTS.md source, giving the autospawned agent operational rules
(mother, verbs, capabilities) on first boot.

feat(seed): populate CLAWDIESEED partition with agent operational files 1a85f17733

Adds seed/ directory with:
- AGENTS.md: zot operational rules (mother, verbs, capabilities)
- harness.toml: harness="zot", model="deepseek-v4-pro"
- env.placeholder: template for API key injection

build.sh seed population step reads provider keys from the build host's
/usr/local/etc/colibri/provider.env and writes them to the seed partition's
env file. Also installs AGENTS.md, harness.toml, and the layered-soul backup.

Keys are NEVER committed — only placeholders. Real keys are injected at build
time from the build host's provider.env (DEEPSEEK_API_KEY, OPENROUTER_API_KEY).

fix(seed): close three OOTB gaps before merge 85ac1ceec5

A. ZOT_VERSION drift: build.cfg defaulted to v0.2.42 while build.sh
   preflight hint said v0.2.47. Now both default to v0.2.47.

B. AGENTS.md hw-probe phrasing: told zot to run clawdie-hw-probe,
   but the daemon already collects it into CLAWDIE_HW_PROFILE at
   autospawn time. zot should read the env var, not shell out.

C. RPC_PROMPT missing: COLIBRI_AUTOSPAWN=YES starts zot in RPC mode,
   but without RPC_PROMPT, zot blocks on stdin and idles. Added
   a prompt telling zot to read CLAWDIE_HW_PROFILE, call node_register
   on mother, and report its assigned capabilities.

test(seed): add Layer 0 importer + Layer 2 MCP-boundary regression tests 5df307aaf4

Layer 0 (seed-import-test.sh): runs the real clawdie-live-seed importer in a
sandbox (CLAWDIE_SEED_TEST=1, all paths overridden) and asserts the seed->runtime
propagation contract — env split, provider.env, dual-home ssh, soul staging, and
AGENTS.md -> $ZOT_HOME (the global slot the autospawned zot reads). Idempotent
re-import is checked. REQUIRE_AGENTS_MD=1 enforces the AGENTS.md install added on
this branch; it passes 23/23 here.

Layer 2 (mcp-boundary-test.sh): exercises the mother MCP-over-SSH boundary on
Linux — colibri-mcp-ssh forced-command allowlist (""/"tools" route, everything
else rejected) and the MCP tools/list handshake, including a real loopback sshd
with command=. Skips cleanly when colibri isn't a sibling checkout.

Verified end to end on Linux before merge: importer target path and the ZOT_HOME
pin in colibri (fix/zot-home) both resolve to /var/db/colibri/.local/state/zot.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

clawdie commented

2026-06-25 05:06:05 +02:00

Author

Owner

Paired merge — land with colibri#182.

This PR's seed importer writes AGENTS.md to /var/db/colibri/.local/state/zot.
That only matches the autospawned zot's runtime $ZOT_HOME once colibri#182 pins
it (zot inherits the daemon's HOME; without the pin the file is written where
zot never looks). Merging this alone is inert; merging colibri#182 alone has
nothing to read. Merge both, then verify on osa (Layer 3).

**Paired merge — land with [colibri#182](https://code.smilepowered.org/clawdie/colibri/pulls/182).** This PR's seed importer writes `AGENTS.md` to `/var/db/colibri/.local/state/zot`. That only matches the autospawned zot's runtime `$ZOT_HOME` once colibri#182 pins it (zot inherits the daemon's `HOME`; without the pin the file is written where zot never looks). Merging this alone is inert; merging colibri#182 alone has nothing to read. **Merge both, then verify on osa (Layer 3).**