clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdie-iso/scripts/stage-zot-iso.sh
Sam & Claude 7704fae717 feat(iso): stage zot agent (pinned) + populate ZOT_HOME/auth.json (Sam & Claude) 
First concrete step of the zot consolidation (colibri ADR). Opt-in FEATURE_ZOT
(default NO; Pi stays default during migration).

- build.cfg: FEATURE_ZOT, ZOT_VERSION (pinned v0.2.29), ZOT_REPO,
  ZOT_ARTIFACT_DIR, ZOT_DEEPSEEK_KEY (optional bake).
- scripts/stage-zot-iso.sh: install the prebuilt zot binary -> /usr/local/bin/zot;
  populate the operator's $ZOT_HOME (~/.local/state/zot) with auth.json
  ({"deepseek":{"api_key":...}}, 0600) when a key is given, else an
  auth.json.sample template + README (telegram via `zot telegram-bot setup`).
- build.sh: status line, resolve_zot_paths, preflight_zot_artifacts (errors with
  the GOOS=freebsd go-build hint — zot has no FreeBSD release), install_zot_agent
  (+ chown operator state), wired into preflight + install sequences.

zot is built on the FreeBSD host from the pinned tag:
  (cd $ZOT_REPO && git checkout v0.2.29 && GOOS=freebsd GOARCH=amd64 \
     go build -trimpath -o bin/zot ./cmd/zot)

sh -n clean; staging smoke-tested (binary staged, auth.json 0600 valid).
Credentials use zot's own resolution (--api-key -> env -> auth.json), replacing
baked-into-binary keys. Default build unchanged (FEATURE_ZOT=NO).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 10:33:37 +02:00

89 lines
2.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
# Stage the prebuilt `zot` agent binary + credentials into an image root.
#
# zot is the agent-harness consolidation target (one static Go binary). It has no
# FreeBSD release, so build it on the host first and point ZOT_ARTIFACT_DIR here:
# (cd ../zot && git checkout "$ZOT_VERSION" \
# && GOOS=freebsd GOARCH=amd64 go build -trimpath -o bin/zot ./cmd/zot)
#
# Credentials: zot resolves provider keys as --api-key -> provider env var ->
# $ZOT_HOME/auth.json. This stages auth.json (DeepSeek) under the operator's
# default ZOT_HOME (~/.local/state/zot). The Telegram token is configured
# separately at runtime via `zot telegram-bot setup` (it lives in zot state).
#
# Usage:
# ZOT_ARTIFACT_DIR=/path/to/bin scripts/stage-zot-iso.sh /path/to/image-root
set -eu
if [ "${1:-}" = "" ]; then
echo "usage: $0 DESTDIR" >&2
exit 64
fi
DESTDIR=$1
ZOT_ARTIFACT_DIR=${ZOT_ARTIFACT_DIR:?set ZOT_ARTIFACT_DIR to the dir holding the built zot binary}
ZOT_OPERATOR=${ZOT_OPERATOR:-clawdie}
ZOT_DEEPSEEK_KEY=${ZOT_DEEPSEEK_KEY:-}
BIN_SRC="${ZOT_ARTIFACT_DIR}/zot"
BIN_DIR="${DESTDIR}/usr/local/bin"
# zot's default ZOT_HOME on FreeBSD is ~/.local/state/zot
ZOT_HOME_REL=".local/state/zot"
OP_HOME="${DESTDIR}/home/${ZOT_OPERATOR}"
ZOT_HOME="${OP_HOME}/${ZOT_HOME_REL}"
if [ ! -x "${BIN_SRC}" ]; then
echo "missing executable zot artifact: ${BIN_SRC}" >&2
echo "hint: (cd \$ZOT_REPO && GOOS=freebsd GOARCH=amd64 go build -trimpath -o bin/zot ./cmd/zot)" >&2
exit 66
fi
mkdir -p "${BIN_DIR}" "${ZOT_HOME}"
install -m 0555 "${BIN_SRC}" "${BIN_DIR}/zot"
# auth.json: bake the DeepSeek key if provided (0600), else leave a template.
if [ -n "${ZOT_DEEPSEEK_KEY}" ]; then
umask 077
cat > "${ZOT_HOME}/auth.json" <<EOF
{
"deepseek": { "api_key": "${ZOT_DEEPSEEK_KEY}" }
}
EOF
chmod 0600 "${ZOT_HOME}/auth.json"
_cred_note="auth.json baked with DeepSeek key (0600)"
else
cat > "${ZOT_HOME}/auth.json.sample" <<'EOF'
{
"deepseek": { "api_key": "sk-REPLACE-ME" }
}
EOF
_cred_note="auth.json.sample staged (operator copies to auth.json, chmod 0600)"
fi
cat > "${ZOT_HOME}/README.iso" <<EOF
zot agent — ISO staging notes
=============================
Binary: /usr/local/bin/zot (pinned build; FreeBSD-native, no release tarball)
State (ZOT_HOME): ~/.local/state/zot (config.json, auth.json, sessions/, logs/)
Credentials (zot order: --api-key -> provider env -> auth.json):
- ${_cred_note}
- or export DEEPSEEK_API_KEY at runtime.
Telegram bridge (token stored in zot state, not auth.json):
zot telegram-bot setup # paste BotFather token
zot telegram-bot start
Supervision contract for Colibri glasspane:
zot --json "..." # newline-delimited json events
zot rpc # json-rpc loop
EOF
cat <<EOF
Staged zot into ${DESTDIR}
binary : ${BIN_DIR}/zot (from ${BIN_SRC})
state : home/${ZOT_OPERATOR}/${ZOT_HOME_REL}
creds : ${_cred_note}
EOF
Reference in a new issue View git blame Copy permalink