feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth #99

Merged

clawdie merged 1 commit from hive-key-exchange into main

2026-06-21 20:31:10 +02:00

Author	SHA1	Message	Date
Sam & Claude	3a2228a6b7	feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth Vault-mediated key exchange (direction B — we call mother). After ensuring the colibri SSH identity, enable-mother now upserts the pubkey into Vaultwarden as `hive-pubkey-<hostname>` (via bw, run as root so it can read the BW_* bootstrap creds from provider.env). Mother's mother-sync-hive-keys rebuilds its authorized_keys from these items, so no operator copy-paste between machines. The printed pubkey + restricted command= line remain as a manual fallback when the vault publish is unavailable. Uses the bitwarden-cli-vault skill's session+upsert pattern. sh -n clean; embedded JSON/id-extraction tested. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 20:18:27 +02:00

Author

SHA1

Message

Date

Sam & Claude

3a2228a6b7

feat(enable-mother): publish colibri pubkey to Vaultwarden for hive auth

Vault-mediated key exchange (direction B — we call mother). After ensuring the
colibri SSH identity, enable-mother now upserts the pubkey into Vaultwarden as
`hive-pubkey-<hostname>` (via bw, run as root so it can read the BW_* bootstrap
creds from provider.env). Mother's mother-sync-hive-keys rebuilds its
authorized_keys from these items, so no operator copy-paste between machines.

The printed pubkey + restricted command= line remain as a manual fallback when
the vault publish is unavailable. Uses the bitwarden-cli-vault skill's
session+upsert pattern. sh -n clean; embedded JSON/id-extraction tested.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-21 20:18:27 +02:00