---
name: iso-validate-image
description: Inspect a freshly built Clawdie operator USB image or mounted root to validate static runtime contracts and emit a Colibri validation manifest.
---

# iso-validate-image

Use this skill on the FreeBSD build host after an image exists and the operator
has assigned mounted-image validation. This is static validation only; it does
not replace real hardware proof that SDDM/XFCE/input/audio work.

## Manifest output

Write the result to:

```sh
tmp/colibri/iso-validation/<run_id>.json
tmp/colibri/iso-validation/latest.json
```

Schema: `clawdie.iso.validation.v1`. See `docs/ISO-MANIFESTS.md`.

## Preconditions

Run from the repo root on FreeBSD. Fetch before reporting repo state:

```sh
git fetch origin
git status --short --branch
git rev-parse --short HEAD
ls -lh tmp/output
```

If an image is already mounted under `tmp/cache/mnt`, inspect it cautiously. If
mount state is stale or unclear, use `iso-build-cleanup` before retrying.

## Validation checklist

Record each item as a named check in the manifest:

- `/etc/rc.conf` enables `sddm`.
- `/etc/rc.conf` enables `clawdie_live_gpu`.
- `/etc/rc.conf` enables `powerdxx` and the expected no-blank power/session
  policy files are present.
- `/usr/local/bin/mdo` exists and is executable; `sudo` is not required by live
  operator-facing paths.
- Operator CLIs expected by the current plan are present (`pi`, `codex`, and any
  intentionally retained package-list CLIs).
- `/usr/local/share/clawdie-iso/build-manifest.json` exists inside the image.
- `CLAWDIESEED` slice 3 exists when inspecting the full disk image.
- `clawdie-live-gpu` and hardware report scripts are present and executable.
- Intel and AMD KMS modules/firmware expected by the package lists are present;
  NVIDIA packages are staged/offline but not forced to load by default.
- XFCE panel/session assets referenced by the live session are present.
- Colibri binaries and `colibri_daemon` rc.d script are present and enabled for
  the live USB.
- `/usr/local/etc/rc.d/clawdie` is absent on the baseline live USB; the Clawdie
  rc.d service name is reserved for installed/deployed systems.

## Suggested inspection commands

Use exact device names from `mdconfig`/`gpart` on the build host; do not paste
these blindly if another build is active.

```sh
IMG="tmp/output/<image>.img"
md=$(mdconfig -a -t vnode -f "$IMG")
gpart show -p "/dev/$md"
```

Mount the root partition read-only when possible, then inspect files under the
mountpoint. Clean up the md device before finishing.

## Finish

Write a `clawdie.iso.validation.v1` manifest with:

- image path and checksum/manifest inputs when available
- mount devices and mountpoint used
- pass/fail status for each checklist item
- cleanup status for unmounts and `mdconfig -d`
- an explicit limitation note: mounted validation is not graphical hardware proof