build.sh

@@ -1257,6 +1257,10 @@ else
 fi
 _clawdie_path_has "${_clawdie_npm_prefix}/bin" || PATH="${_clawdie_npm_prefix}/bin:${PATH}"
 export PATH
+
+# Colibri daemon socket — needed for 'colibri' CLI without --socket
+export COLIBRI_DAEMON_SOCKET="/var/run/colibri/colibri.sock"
+
 unset _clawdie_npm_prefix
 unset _clawdie_base_path
 unset -f _clawdie_path_has 2>/dev/null || true

scripts/stage-colibri-iso.sh

@@ -100,7 +100,9 @@ sed -i '' 's/ -u \${colibri_daemon_user} //' \
 # owned by the target user, which blocks non-root users (clawdie) from
 # running 'service colibri_daemon status'. Chmod in poststart.
 sed -i '' '/socket ready/a\
-    chmod 644 "${pidfile}" 2>/dev/null || true' \
+    chmod 644 "${pidfile}" 2>/dev/null || true
+a\
+    chmod 660 "${colibri_daemon_socket}" 2>/dev/null || true' \
     "${RC_DIR}/colibri_daemon"
 
 # Add DeepSeek API key and cache warming to daemon environment.