needs_attention() = Error + Blocked + Stalled (free function, single
source of truth). Includes Blocked because glasspane doc comments say
Blocked = 'operator attention needed' (queue_update / pending steering).
Tier 1 — Attention bar:
Red-bordered panel with '⚠ ATTENTION (N)' title replaces the header
when any pane needs attention. Shows pane id, reason, and agent.
Tier 2 — Jump keys (n/N):
n = next attention pane, N = previous (wrapping). Respects session
scope via filtered_panes(). Detail pane follows the jump.
Tier 3 — Attention filter (a key):
Toggles attention_only on App. Composes with session filter.
Tier 4 — Row highlight:
Attention rows get red background when unselected, inverted
dark-gray+light-red+bold when selected. Global row_highlight
neutralized.
Also:
- fix(tui): remove hardcoded dark-terminal assumptions — theme-agnostic
- fix(tui): force crossterm color output — override NO_COLOR=1 inherited
from Hermes sessions (crossterm honours no-color.org standard)
Adds colibri_daemon_require_secured knob (default NO). When enabled, the
daemon refuses to autospawn an agent until /var/db/colibri/.secured exists.
This interlock pairs with the clawdie-iso firstboot password gate (#139):
the gate writes .secured after the operator sets passwords, the daemon
reads it to gate autospawn + node_register.
Must run AFTER the provider.env block — otherwise COLIBRI_AUTOSPAWN=YES
from provider.env would override the NO set here. Defaults to NO so
deployed/disk hosts (which never run the firstboot gate) are unaffected.
Paired with: clawdie-iso PR #139 (force-root-password-on-first-boot).
The rc.d drops privilege via su -m, which preserves the environment from
/etc/rc (HOME=/). Without an explicit ZOT_HOME, zot resolves to
/.local/state/zot — missing any AGENTS.md installed by the seed importer.
Pin ZOT_HOME to /var/db/colibri/.local/state/zot. The seed importer
(clawdie-iso) targets this same path, so AGENTS.md placed on the seed
reaches the autospawned zot's global slot.
- §2: list colibri-mcp instead of colibri-test-agent (matches preflight at
build.sh:335 — test-agent is optional, gated by COLIBRI_STAGE_TEST_AGENT)
- §3: name the specific binaries preflight checks
- Notes: add Node.js (npm) to host toolchain requirements — build_and_stage_docs
needs node+npm, and the handoff should match REQUIREMENTS.md
geodesic-dome-mcp imports numpy + PIL at module load (not stdlib-only, as
#178 incorrectly stated). A present python3 therefore proves nothing — the
preflight would pass on a host missing numpy/Pillow and the tool would fail
only when the MCP host first invokes it.
- setup-mother.sh: add a 'python3 -c "import numpy, PIL"' check after the
python3-exists check, with a pkg install py311-numpy py311-pillow hint.
- MOTHER-SETUP.md: correct the prereq from 'stdlib only, no pip' to
'python3 + numpy + Pillow'.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Three reinforcing changes so the next agent's mother setup lands instead
of failing late:
- setup-mother.sh: fail-fast preflight for python3 (geodesic-dome-mcp is a
python3 script that otherwise installs fine and fails only when invoked).
- MOTHER-SETUP.md: new Prerequisites section — python3 on PATH, and the
COLIBRI_AUTOSPAWN_RPC_PROMPT boot decision (set = auto-spawn agent on
boot; unset = quiet token-free boot).
- FREEBSD-BUILD-LANE-HANDOFF.md: pointer to MOTHER-SETUP.md/setup-mother.sh
so the mother docs are discoverable from the build-lane entry point.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The handoff named v0.2.29 while clawdie-iso build.sh preflight defaulted
to v0.2.42. Pin to the current latest zot tag (v0.2.47) so the agent
builds the intended version and all references agree.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The wiki-expansion move left the top-level README pointing at the old
docs/HEADROOM-SIDECAR.md path. wiki-lint only scans docs/wiki, so this
slipped through; repoint to docs/wiki/headroom-sidecar.md.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Remove genuinely-stale docs (decision/evidence now elsewhere):
- TRUSS-SPAWN-ANALYSIS.md — debug trace of a jail-spawn bug that was fixed
- PLAN-MOTHER-MCP-VAULT-KEYS.md — planned a vaultwarden-pubkey exchange; the
shipped mother MCP is seed-based (wiki/mother-hive + MOTHER-SETUP)
- PRIORITY-HANDOFF-ISO-SPAWN-COST.md — self-superseded by MULTI-AGENT-HOST-PLAN
Repointed referrers (README, AGENTS, FREEBSD-BUILD-LANE-HANDOFF, docs/README)
to MULTI-AGENT-HOST-PLAN. Fixed the wiki ADR note (the stale 'referenced in
stage-colibri-iso.sh' claim — those refs were already cleaned up).
KEPT the two design docs (COLIBRI-JAILED-AGENT-SPAWN-DESIGN,
COLIBRI-EXTERNAL-MCP-PROTOTYPE): on closer look they hold how-it-works detail
the wiki only summarizes + links, so folding would lose detail or bloat the wiki.
Gates: wiki-lint --strict (131) + markdown format clean.
Brings the wiki-expansion pages onto current main WITHOUT the stale baggage the
original feature/wiki-expansion branch carried (it predated the rename + date
PRs and would have reverted them). Cherry-picked only the 9 genuinely-new pages:
contracts, store-schema, external-mcp, operator-cli, tui, runtime-inventory,
skills-catalog, vault-provision, deployment. Added them to index.md.
Fixed on the way in: vault-provision referenced the pre-rename
VAULT-PROVISION-FIRST-PROOF → repointed to VAULT-PROVISION-RUNBOOK. (No US dates
in these pages.)
Gates: wiki-lint --strict clean (131 pass); markdown format clean.
Convert US/ISO prose dates (2026-06-21) to EU format (21.jun.2026) across colibri
docs + wiki. Left as-is (data, not prose): the captured JSON "time" timestamp in
AGENT-EVENTS-REFERENCE and the rustc/cargo version strings in
CLAWDIE-INSTALLER-HANDOFF — ISO is correct for machine timestamps/filenames.
Gates: wiki-lint --strict clean; markdown format clean.
- ZOT-RPC-TRANSCRIPT.md → AGENT-EVENTS-REFERENCE.md: neutral, per-harness event
reference (currently documents zot; pi uses pi --mode json). Avoids baking the
current default harness into a name — same lesson as the pi_* renames. Adds a
'Developer reference — operators can skip' header.
- VAULT-PROVISION-FIRST-PROOF.md → VAULT-PROVISION-RUNBOOK.md: it's a runbook;
'first-proof' was redundant.
- Updated referrers: spawner.rs, wiki/agent-harness.md, docs/README.md.
- wiki/naming-decisions.md: new 'Naming principle — harness-agnostic by default'
section (neutral concept → neutral name + configurable value; harness-specific
→ harness in the name, kept symmetric zot_/pi_).
- Fixed US/ISO prose dates → DD.mon.YYYY (21.jun.2026) per AGENTS.md; left the
literal JSON "time" timestamps in the captured transcript as-is (data).
Gates: wiki-lint --strict clean; markdown format clean.
Two more TestBackend render tests on top of the connecting/populated/empty set:
- render_stalled_pane_shows_warning_icon — covers the distinct stalled branch
(state_icon → ⚠), which the healthy-Working test (●) didn't exercise.
- render_does_not_panic_on_tiny_terminal — renders at 20x5 to guard against
cramped-layout panics (a classic ratatui footgun).
10 tests pass; fmt clean.
Closes the 'compiles but never verified to draw' gap:
- render_connecting_state_shows_connecting_text — asserts 'connecting…'
and 'colibri-harness' title render before daemon connects
- render_with_snapshot_shows_panes_and_agent — asserts pane id, agent
name, state label, and state icon appear in rendered buffer
- render_does_not_panic_on_empty_snapshot — smoke test for the
snapshot=None path
All three use ratatui::TestBackend (no terminal needed, CI-friendly).
The installer symlinked a RELATIVE target (../../scripts/pre-push), which only
resolves for a standard <repo>/.git/hooks layout — it breaks in git worktrees
or when .git is a file/elsewhere (both used by the agent harness), and assumed
.git/hooks already exists.
Resolve the real hooks dir via 'git rev-parse --git-path hooks' (worktree-safe),
mkdir -p it, and symlink to the ABSOLUTE source path so it works regardless of
where the hooks dir lives. Also verify pre-push exists + is executable.
Tested: installs, link resolves to scripts/pre-push, idempotent.
- New docs/wiki/mother-hive.md — thin decisions page covering forced-command
SSH boundary, single-home-in-colibri, hive_nodes rationale, peer auth,
key-on-seed, and daemon-user design. Links to MOTHER-SETUP.md for setup
instructions; never duplicates them.
- Flip wiki-lint to --strict in ci-checks.sh — drift failures now block the
gate the same as clippy warnings. 42 PASS / 0 FAIL, clean since merge.
- New scripts/pre-push — runs ci-checks.sh on every git push to main. Install
once: ln -sf ../../scripts/pre-push .git/hooks/pre-push. Bypass only with
--no-verify. Closes the gap that let pi_binary reach main (gate existed but
nobody was forced through it).
- Updated AGENTS.md, quality-gates.md, and index.md to reflect all three.
An ordered first-run checklist for deploying on osa (or any new mother),
covering the things that can only be validated against a live PostgreSQL +
FreeBSD host:
- build 0.12 on FreeBSD from current main + ci-checks (Linux binaries won't run)
- record any pre-existing node-register before install
- post-install integrity: installed node-register is the hardened hive_nodes
version (grep -c "E'" == 0; grep hive_nodes > 0) — not the injectable copy
- schema migrated in place (usb_nodes renamed, not duplicated; node_type present)
- peer auth works; pg_hba peer rule present AND precedes generic local rules
- external-mcp has all three servers (jq-merge preserved existing)
- SSH forced-command wrapper rejects non-allowlisted commands
- daemon env + service live; key hygiene (private key → seed only)
Captures the operational risks flagged during the mother-infra review.
Residue item #1: rename the pi-era `pi_type` field/param to `event_type` in
colibri-glasspane. It names the normalized event-type string (zot events map
onto the same taxonomy), so the harness-neutral name is correct. Internal only
— PiStreamUpdate is not serialized — so no wire impact.
Wiki ledger updated:
- pi_type → event_type added to Shipped (now enforced by wiki-lint).
- Residue items resolved and recorded under Structural decisions:
- FEATURE_COLIBRI is an internal build-time escape hatch, not a user-facing
flag — README clarified (clawdie-iso #130).
- clawdie-gui is the stable operator command; clawdie-startx retained as a
back-compat alias (both installed) — verified intentional, not drift.
- Known residue now down to the dangling ADR reference only.
Verified: ci-checks.sh green (fmt/clippy/test/markdown); wiki-lint --strict clean.
