From e70ea171b345492906a461c643b82662d138ce8c Mon Sep 17 00:00:00 2001
From: Sam & Claude <hello@clawdie.si>
Date: Sat, 20 Jun 2026 07:27:51 +0200
Subject: [PATCH] fix(vault): bake Vaultwarden endpoint defaults into ISO (Sam
 & Pi)

Stage a non-secret /usr/local/etc/colibri/provider.env with the Clawdie Vaultwarden endpoint so operators only add BW bootstrap credentials. Also teach clawdie-vault-fetch to honor BW_SERVER and fail closed if an existing bw login points at a different server.\n\nChecks: sh -n live/operator-session/clawdie-vault-fetch scripts/stage-colibri-iso.sh; ./scripts/check-format.sh; git diff --check; COLIBRI_REPO=/home/clawdie/ai/colibri scripts/stage-colibri-iso.sh <tmp>
---
 live/operator-session/bootstrap.html          | 22 ++++++++++-------
 .../clawdie-live-seed.README.txt              |  5 +++-
 live/operator-session/clawdie-vault-fetch     | 16 +++++++++----
 scripts/stage-colibri-iso.sh                  | 24 +++++++++++++++++--
 4 files changed, 51 insertions(+), 16 deletions(-)

diff --git a/live/operator-session/bootstrap.html b/live/operator-session/bootstrap.html
index 3e336e31..09d9d516 100644
--- a/live/operator-session/bootstrap.html
+++ b/live/operator-session/bootstrap.html
@@ -129,19 +129,25 @@ colibri list-tasks --status queued</pre>
         <code>/usr/local/share/clawdie-iso/mcp-examples/</code>.
       </p>
 
-      <h2>LLM provider keys</h2>
+      <h2>LLM provider keys + Vaultwarden bootstrap</h2>
       <p>
-        Colibri can run local checks without a key. Remote providers need a key
-        in <code>/usr/local/etc/colibri/provider.env</code>. Keep this file
-        root-owned and mode <code>0600</code>; it is read when
-        <code>colibri_daemon</code> starts.
+        Colibri can run local checks without a key. The ISO prepopulates the
+        non-secret Vaultwarden endpoint in
+        <code>/usr/local/etc/colibri/provider.env</code>. To let agents populate
+        their own provider secrets from Vaultwarden, add only the bootstrap
+        credentials there. Keep this file root-owned and mode <code>0600</code>;
+        it is read when <code>colibri_daemon</code> starts.
       </p>
       <pre>
-mdo -u root cp /usr/local/etc/colibri/provider.env.sample /usr/local/etc/colibri/provider.env
-mdo -u root chmod 600 /usr/local/etc/colibri/provider.env
 mdo -u root ee /usr/local/etc/colibri/provider.env
+mdo -u root chmod 600 /usr/local/etc/colibri/provider.env
 mdo -u root service colibri_daemon restart</pre>
-      <p>Put only the providers you use in that file:</p>
+      <p>The endpoint is already present. Add the three Vaultwarden bootstrap values:</p>
+      <pre>
+BW_CLIENTID="..."
+BW_CLIENTSECRET="..."
+BW_PASSWORD="..."</pre>
+      <p>Direct provider keys are optional fallback entries:</p>
       <pre>
 DEEPSEEK_API_KEY="sk-..."
 OPENROUTER_API_KEY="sk-or-..."
diff --git a/live/operator-session/clawdie-live-seed.README.txt b/live/operator-session/clawdie-live-seed.README.txt
index fa897902..17428381 100644
--- a/live/operator-session/clawdie-live-seed.README.txt
+++ b/live/operator-session/clawdie-live-seed.README.txt
@@ -46,8 +46,11 @@ Inside it, any of these are honored:
                                  preserved. Blank/`#` lines are ignored.
                                  Typical contents: provider API keys
                                  (ANTHROPIC_API_KEY=..., ZAI_API_KEY=...),
-                                 and optionally the Vaultwarden bootstrap
+                                 or the Vaultwarden bootstrap
                                  (BW_CLIENTID/BW_CLIENTSECRET/BW_PASSWORD).
+                                 The Vaultwarden endpoint is baked into the
+                                 image; do not put it on the seed unless you
+                                 are deliberately overriding it.
 
   /<agent>/harness.toml          Which agent harness to run + basic knobs:
 
diff --git a/live/operator-session/clawdie-vault-fetch b/live/operator-session/clawdie-vault-fetch
index e3b7898b..0a116f1c 100644
--- a/live/operator-session/clawdie-vault-fetch
+++ b/live/operator-session/clawdie-vault-fetch
@@ -28,7 +28,7 @@
 #   4  `bw` CLI not installed
 set -eu
 
-SERVER="${VAULT_SERVER:-https://vault.smilepowered.org}"
+SERVER="${VAULT_SERVER:-${BW_SERVER:-https://vault.smilepowered.org}}"
 # NOTE: items are fetched by name with `bw get password`, which is fail-closed
 # on ambiguity (multiple matches error out). Item names must therefore be unique
 # in the agent account's visible vault — see docs/VAULTWARDEN-SETUP.md. We do not
@@ -106,11 +106,17 @@ cleanup() {
 trap cleanup EXIT INT TERM
 
 # Set the server. When already logged in, `bw config` refuses with
-# "Logout required before server config update" — tolerate that, since the
-# server is already set to the right value (we read it from VAULT_SERVER).
-# Mirror the login tolerance: capture stderr and only fail on a real error.
+# "Logout required before server config update". Tolerate that only when the
+# current bw server already matches the expected Clawdie endpoint; otherwise
+# fail closed so a stale login cannot fetch from the wrong Bitwarden host.
 if ! bw config server "$SERVER" >"$WORK/config.out" 2>"$WORK/config.err"; then
-    if ! grep -qi 'logout required\|already configured\|already set' "$WORK/config.err" "$WORK/config.out" 2>/dev/null; then
+    if grep -qi 'logout required\|already configured\|already set' "$WORK/config.err" "$WORK/config.out" 2>/dev/null; then
+        CURRENT_SERVER="$(bw config server 2>/dev/null || true)"
+        if [ "$CURRENT_SERVER" != "$SERVER" ]; then
+            log "bw is already logged in with server '$CURRENT_SERVER' (expected '$SERVER'); logout and rerun"
+            exit 1
+        fi
+    else
         log "could not set bw server to $SERVER:"
         sed 's/^/  /' "$WORK/config.err" >&2
         exit 1
diff --git a/scripts/stage-colibri-iso.sh b/scripts/stage-colibri-iso.sh
index 1805aedb..780a0a7f 100755
--- a/scripts/stage-colibri-iso.sh
+++ b/scripts/stage-colibri-iso.sh
@@ -103,10 +103,30 @@ colibri_daemon_host="\$(/bin/hostname)"
 colibri_daemon_cost_mode="${COLIBRI_COST_MODE}"
 EOF
 
+cat > "${ETC_DIR}/provider.env" <<'EOF'
+# Non-secret Clawdie defaults. Keep this file mode 0600: operators may add
+# provider keys and Vaultwarden bootstrap credentials here after boot.
+VAULT_SERVER="https://vault.smilepowered.org"
+BW_SERVER="https://vault.smilepowered.org"
+EOF
+chmod 0600 "${ETC_DIR}/provider.env" 2>/dev/null || true
+
 cat > "${ETC_DIR}/provider.env.sample" <<'EOF'
-# Optional provider keys for colibri_daemon. Copy this file to provider.env,
-# chmod it 0600, fill in only the providers you use, then restart the service.
+# Optional provider keys and Vaultwarden bootstrap credentials for
+# colibri_daemon. The ISO already stages provider.env with the non-secret
+# Clawdie Vaultwarden endpoint; copy values from here into provider.env,
+# keep it mode 0600, then restart the service.
 #
+# Baked non-secret defaults:
+VAULT_SERVER="https://vault.smilepowered.org"
+BW_SERVER="https://vault.smilepowered.org"
+#
+# Vaultwarden bootstrap credentials (secret; operator-provided):
+# BW_CLIENTID="..."
+# BW_CLIENTSECRET="..."
+# BW_PASSWORD="..."
+#
+# Direct provider keys (optional when Vaultwarden provisioning is used):
 # DEEPSEEK_API_KEY="sk-..."
 # OPENROUTER_API_KEY="sk-or-..."
 # ANTHROPIC_API_KEY="sk-ant-..."
-- 
2.45.3