clawdie-iso/CHANGELOG.md

Clawdie Changelog

All notable changes to Clawdie-ISO are documented here.

---

[Unreleased]

Nothing yet.

---

[0.11.0] — 20.jun.2026

Versioning

• Unify the Clawdie release version across clawdie-iso and colibri at 0.11.0. This supersedes the 0.10.0 decoupling for these two components, which always ship together. zot and clawdie-ai keep their own versions, recorded as provenance in build-manifest.json.

Added

• Out-of-the-box Join Hive provisioning. Entering Bitwarden credentials pulls the DeepSeek key from Vaultwarden, restarts the daemon, and confirms the auto-spawned agent — the live image now provisions itself from the vault on first boot (COLIBRI_AUTOSPAWN_PI staged in provider.env).
• Tailscale auto-join from Vaultwarden. Join Hive fetches a tailscale-auth-key item and brings the tailnet up once on first boot; the key is consumed after use (not cached locally), with Vaultwarden as the source of truth.
• Opt-in Mother MCP link (clawdie-enable-mother): publishes the node's Colibri pubkey to Vaultwarden for hive authorization and registers mother in the external MCP registry (jq-merged so existing servers survive).
• jq added to the live-operator and jail package lists for the MCP config path.

Changed

• zot agent pinned to v0.2.42 (was v0.2.29).
• Live operator-session scripts hardened: identity wallpaper off host-global /tmp with multi-monitor apply; Join Hive captures the generator's output path; vault fetch work dir moved to a 0700 runtime dir; scratch/tmp policy documented in AGENTS.md.
• Added first-party poudriere build-server scripts (scripts/poudriere/) and retargeted docs/POUDRIERE-BUILD-SERVER.md to the mother-build host and pkg.clawdie.si.

Removed

• Duplicate sysutils/colibri FreeBSD port; the colibri repo is the single source of truth. build.sh's release gate fails if it reappears here.

---

[0.10.0] — 15.jun.2026

Codename: Operator Image

First numbered milestone since the architecture settled on zot (agent) + Colibri (control plane). Not production, but a real, flashable operator image: the XFCE live experience is stable and the Colibri service bugs are fixed, so the image is meant to work out of the box. Work continues from here toward 1.0.0.

Versioning

• The ISO now carries its own product version and no longer borrows zot's number. ISO_VERSION is explicit (set in build.cfg); auto/zot-tracking is gone and a build with no version fails fast. Component versions (zot, colibri, clawdie-ai, clawdie-iso) are recorded as provenance in build-manifest.json.
• build-manifest.json now records colibri_commit/colibri_modified — the image stages adjacent colibri binaries, so the commit that produced them is captured for reproducibility.

Added

• colibri-live-rebuild helper staged at /usr/local/bin (with the Colibri service): one command to rebuild + redeploy Colibri from source on a booted USB (clone/build/stop/install/restart/validate/record). See docs/LIVE-COLIBRI-REBUILD.md.
• Image-size headroom guard: the build reports df/du on the mounted live filesystem and fails before shipping if free space is under a floor (IMAGE_MIN_FREE_MB, default 1024) — catches a 32 GB-stick overflow at build time, not on the stick.
• Live rebuild lane now covers the whole agent stack: go added to the live-operator package list and the zot source seeded at /home/clawdie/ai/zot, so a booted USB can rebuild zot (Go) as well as Colibri (Rust). See docs/LIVE-COLIBRI-REBUILD.md.
• Aider+Pi harness venv provisioning — firstboot/shell-deploy.sh now creates /opt/clawdie/venv/aider with pinned deps: aider-chat==0.86.2, litellm==1.81.10, tree_sitter==0.20.4
• Aider availability check in post-install verification (logs aider version at end of deployment)

Fixed

• Colibri daemon now handles SIGTERM (graceful socket cleanup + agent reaping on service stop), refuses to steal a live socket, and fails closed if it cannot bind a control socket (colibri PR #75).

Improvements

• Updated firstboot completion messages to highlight Aider and Pi as primary harnesses (Codex listed as optional alternative)

---

[0.9.0] — 06.apr.2026

Codename: Unified Architecture

Breaking Changes

• ✂️ Unified ISO: Single ./build.sh builds for all targets (VPS, baremetal, cloud)
• ✂️ Removed --target and --gpu-driver flags (runtime detection now handles this)
• ✂️ Dropped doas/sudo from the live image — privileged operations use FreeBSD mac_do/mdo
• ✂️ clawdie-shell repo archived (merged into clawdie-iso)

New Features

• 🎯 Runtime GPU detection (Intel, AMD, NVIDIA 390/470/590)
• 🎯 Runtime display detection (VPS headless, baremetal with desktop session)
• 🎯 PF firewall with glasspane VNC (secure remote browser access)
• 🎯 Tailscale integration (mandatory, with optional opt-out)
• 🎯 12 shell modules for modular firstboot orchestration

Improvements

• 📈 Comprehensive REQUIREMENTS.md (pre-install checklist)
• 📈 NETWORKING.md with architecture diagrams
• 📈 SHELL-MODULES.md with all 8 module specifications
• 📈 BUILD.md with detailed build process
• 📈 Integration tests for full module flow validation
• 📈 Preflight validation scripts

Deprecations

• ⚠️ PLAN-UNIFY.md (archived — planning complete)
• ⚠️ IMPLEMENTATION-PLAN.md (archived — implementation merged)
• ⚠️ clawdie-shell repo (archived — use clawdie-iso main)

Performance

• ISO size: 50 GB (includes all packages for offline installation)
• Build time: ~13 minutes (with package cache)
• GPU support: 3 NVIDIA versions + AMD + Intel firmware (all bundled)

---

Repository Status

The agent stack is zot (Go agent) + Colibri (Rust control plane); "Clawdie" is the product name for the two together. The image carries its own product version; component versions are recorded as provenance in build-manifest.json.

Repo	Status	Version source
zot	Active — the agent (front door)	pinned tag (ZOT_VERSION)
colibri	Active — control plane + installer	workspace Cargo.toml
clawdie-iso	Active — image builder	product version (ISO_VERSION)
clawdie-ai	Being pruned (features → zot/Colibri)	—
pi	Demoted — spawnable backend, not default	upstream npm
clawdie-shell	Archived (merged into clawdie-iso)	—