Sam & Claude
a788d99967
Workstream C of the next ISO rebuild.
C1 — Auto-spawn lit up out of the box:
provider.env now ships COLIBRI_AUTOSPAWN_PI="YES", so colibri#137 fires on
the booted image once a DeepSeek key is present (pulled by Join Hive, A).
C2 — External MCP registry staged:
/usr/local/etc/colibri/external-mcp.json shipped as {"servers":{}} at the
path colibri-mcp reads by default. Empty = mother off by default.
C3 — Opt-in "Enable Mother Link" (clawdie-enable-mother + desktop entry):
Direction is "our Pi calls mother's tools" — colibri-mcp dials OUT to mother
over SSH-stdio and proxies mother's tools to the Pi via its external-call
path. The toggle:
- provisions an SSH identity for the colibri service account
(/var/db/colibri/.ssh — the daemon and its Pi run as `colibri`),
- writes the mother entry into external-mcp.json (ssh -i <key> ... mother),
- upserts COLIBRI_MCP_EXTERNAL_CALL=1 into provider.env,
- restarts the daemon and prints colibri's pubkey to authorize on mother.
provider.env.sample documents the new toggles. sh -n clean on all scripts;
the empty default and the emitted mother entry validate as JSON and match the
ExternalMcpRegistry {servers:{command,args,env}} shape.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
102 lines
3.3 KiB
Bash
Executable file
102 lines
3.3 KiB
Bash
Executable file
#!/bin/sh
|
|
# Enable the opt-in MCP link to "mother".
|
|
#
|
|
# Direction: this agent's Pi calls mother's tools. colibri-mcp dials OUT to
|
|
# mother over SSH-stdio and proxies mother's MCP tools to the Pi via its
|
|
# external-call path. Off by default; this script turns it on.
|
|
#
|
|
# The colibri daemon (and the Pi it spawns) run as the `colibri` user, so the
|
|
# outbound SSH uses an identity in the colibri home (/var/db/colibri/.ssh).
|
|
# Run this in a visible terminal so the operator can copy the public key.
|
|
|
|
set -eu
|
|
|
|
PROVIDER_ENV="/usr/local/etc/colibri/provider.env"
|
|
EXTERNAL_MCP="/usr/local/etc/colibri/external-mcp.json"
|
|
COLIBRI_HOME="/var/db/colibri"
|
|
SSH_KEY="${COLIBRI_HOME}/.ssh/id_ed25519"
|
|
|
|
finish() {
|
|
echo ""
|
|
echo "Press Enter to close."
|
|
read -r _
|
|
exit "${1:-0}"
|
|
}
|
|
|
|
have() {
|
|
command -v "$1" >/dev/null 2>&1
|
|
}
|
|
|
|
if ! have mdo; then
|
|
echo "ERROR: mdo is required to update the colibri service configuration."
|
|
finish 1
|
|
fi
|
|
|
|
echo "========================================"
|
|
echo " Clawdie — Enable Mother Link"
|
|
echo "========================================"
|
|
echo ""
|
|
|
|
# 1. Mother's reachable address + remote MCP command.
|
|
printf " Mother SSH target (user@tailscale-ip-or-name): "
|
|
read -r MOTHER_HOST
|
|
if [ -z "${MOTHER_HOST:-}" ]; then
|
|
echo " Cancelled: no mother target entered."
|
|
finish 0
|
|
fi
|
|
printf " Mother MCP command [colibri-mcp]: "
|
|
read -r MOTHER_CMD
|
|
[ -n "${MOTHER_CMD:-}" ] || MOTHER_CMD="colibri-mcp"
|
|
|
|
# 2. Ensure the colibri service account has an SSH key for the outbound link.
|
|
echo ""
|
|
echo "[1/4] Ensuring colibri SSH identity..."
|
|
mdo -u root sh -c '
|
|
set -eu
|
|
home="$1"; key="$2"
|
|
install -d -o colibri -g colibri -m 0700 "${home}/.ssh"
|
|
if [ ! -f "$key" ]; then
|
|
ssh-keygen -t ed25519 -N "" -f "$key" -C "colibri@$(hostname)" >/dev/null
|
|
chown colibri:colibri "$key" "${key}.pub"
|
|
chmod 0600 "$key"; chmod 0644 "${key}.pub"
|
|
fi
|
|
' sh "$COLIBRI_HOME" "$SSH_KEY"
|
|
|
|
# 3. Write the mother entry into the external MCP registry.
|
|
echo "[2/4] Registering mother in ${EXTERNAL_MCP}..."
|
|
printf '%s\n' "{
|
|
\"servers\": {
|
|
\"mother\": {
|
|
\"command\": \"ssh\",
|
|
\"args\": [\"-i\", \"${SSH_KEY}\", \"-o\", \"BatchMode=yes\", \"-o\", \"StrictHostKeyChecking=accept-new\", \"${MOTHER_HOST}\", \"${MOTHER_CMD}\"],
|
|
\"env\": {}
|
|
}
|
|
}
|
|
}" | mdo -u root sh -c 'cat > "$1"; chmod 0644 "$1"' sh "$EXTERNAL_MCP"
|
|
|
|
# 4. Allow external MCP calls: upsert COLIBRI_MCP_EXTERNAL_CALL=1 into provider.env.
|
|
echo "[3/4] Enabling external MCP calls..."
|
|
mdo -u root sh -c '
|
|
set -eu
|
|
f="$1"
|
|
tmp="$(mktemp)"
|
|
grep -v "^COLIBRI_MCP_EXTERNAL_CALL=" "$f" >"$tmp" 2>/dev/null || :
|
|
printf "COLIBRI_MCP_EXTERNAL_CALL=\"1\"\n" >>"$tmp"
|
|
cat "$tmp" >"$f"
|
|
rm -f "$tmp"
|
|
chmod 0600 "$f"
|
|
' sh "$PROVIDER_ENV"
|
|
|
|
# 5. Restart the daemon so the Pi inherits the new env + registry.
|
|
echo "[4/4] Restarting colibri daemon..."
|
|
mdo -u root service colibri_daemon restart >/dev/null 2>&1 ||
|
|
echo " WARNING: restart failed; run: mdo -u root service colibri_daemon restart"
|
|
|
|
echo ""
|
|
echo "Mother link configured. Authorize this key on mother (restrict it to the"
|
|
echo "MCP command, e.g. command=\"${MOTHER_CMD}\",restrict in authorized_keys):"
|
|
echo ""
|
|
mdo -u root cat "${SSH_KEY}.pub" 2>/dev/null || echo " (could not read ${SSH_KEY}.pub)"
|
|
echo ""
|
|
echo "Once authorized on mother, the Pi can call mother's tools via colibri-mcp."
|
|
finish 0
|