GLASSPANE-TUI-DESIGN.md was a self-declared "scratch space" working doc
— but everything in it had shipped (the attention bar, n/N jump keys,
the `a` filter, the All-sessions fix). Its enduring decisions lived
only in this stale plan, while the wiki carried just a keybindings
table and a TODO roadmap stub.
Fold the durable design decisions into wiki/tui.md (the natural home —
it already had the keybindings section):
- complete the keybindings table (was missing n/N + a)
- "The attention model" section: needs_attention() definition, the
4h stall threshold rationale, attention-bar layout spec, row-highlight
color spec, and the session-filter-AND composition contract
Repoint the one code reference (the all_sessions regression comment in
main.rs) from GLASSPANE-TUI-DESIGN.md to the wiki section it now lives
in. Delete the 208-line scratch doc — zero remaining references.
wiki-lint --strict: 147 pass. TUI crate: fmt/clippy/20 tests green.
(Sam & Claude)
Issue #183 Part B: show node secured/unsecured state so operators can
tell the difference between a broken node and one waiting for first-boot
password setup.
daemon: add "secured": bool to status response
(true iff ${data_dir}/.secured exists)
TUI: fetch secured from daemon status each refresh cycle
render [UNSECURED — set root password to activate agent]
in red bold when node is unsecured
Part A (rc.d gate gating autospawn on .secured) was already complete.
#219 replaced just install with clawdie binary commands but #213
merge (0aeebee) overwrote controlplane-install.md, index.md, and
requirements.md — restoring the corrected versions from f60aca1.
Two fixes in one commit:
1. Terminology: ozadnji proces → proces v ozadju
- More natural Slovenian — noun inflects, prepositional phrase stays fixed
- 60 replacements across 19 sl/ files
- Glossary header updated to match
- Reverts the bad merge that restored "demon" in glasspane.md and
task-board.md (including enouporabniški→enonajemniški fix)
- Forms: proces v ozadju / procesa v ozadju / procesu v ozadju /
procesom v ozadju / procesov v ozadju
2. New wiki page: daemon-not-demon (EN + SL)
- Explains the FreeBSD daemon (Beastie mascot, helper spirit) vs
Slovenian demon (devil, bad spirit)
- Documents the decision to use proces v ozadju in Slovenian
- Confirms daemon (with a) is the only English spelling in Colibri
- Linked from both EN and SL wiki indexes
Standardize Slovenian wiki terminology after 9ca7ac6 and dc752d6:
- krajevni → lokalni (glasspane, headroom-sidecar, task-board)
- oprema → vprega (glasspane, naming-decisions — harness context)
- vrata za poslušanje → vhodna vrata (glasspane)
- Vrata za branje/pisanje → Preverjanje za branje/pisanje (external-mcp)
- demon → proces (task-board — single-tenant context)
- enonajemniški → enouporabniški (task-board)
Skips (correct idiomatic Slovenian):
- vhodna vrata (agent-harness — front door, not quality gate)
- vmesna programska oprema (cost-model — middleware)
- demon (standalone — standard term for daemon process)
Sam & Hermes
Replace legacy just install / just setup-* references with
clawdie binary commands (clawdie plan, clawdie apply --yes).
Document scope: what the installer does not do (yet).
Trim the clawdie-ai just orchestrator step tables.
Rebased from #213 onto current main; supersedes #217.
Glossary alignment — demon (devil) replaced with the established ozadnji
proces (background process) per okrajsave.md glossary. Full sweep across
all sl/ wiki and guide files (61 replacements in 18 files).
demon→ozadnji proces (nominative, 15 instances)
demona→ozadnjega procesa (genitive, 42 instances)
demonom→ozadnjim procesom (instrumental, 1 instance)
demonov→ozadnjih procesov, demonovem/demonovim rephrased (3 instances)
krajevni→lokalni (7 instances across 4 files)
oprema→vprega (agent harness context, 3 instances)
vrata→preverjanje (quality gate context, 1 instance)
Positive framing — each former "pitfall" is now a prescriptive step:
1. Quote all YAML frontmatter values
2. Declare content-path constants inside getStaticPaths()
3. Create explicit routes for SL content
4. Clean the dist cache before every build
5. Resolve content paths with path.resolve("src/content")
6. Extract markdown H1 as a title fallback
7. Placeholder TLS cert for first deploy (reference)
Every step follows Why → What → Result. No "broken/failed/symptom/cause"
language. An agent reading this gets a recipe, not a post-mortem.
The agent harness page describes THREE agents: pi (fallback), zot (default),
and Colibri (supervisor). Title updated in both EN and SL.
Also: H1 extraction fallback for pages without YAML frontmatter —
content.match(/^#\s+(.+)$/m)?.[1] so pages with only markdown H1 still
get a proper <title> tag instead of the slug.
Skills were copied flat (.agent/*/SKILL.md) instead of nested
(.agent/skills/*/SKILL.md). The ISO import script
(import-colibri-skills.sh) expects the nested structure.
Now matches clawdie-ai canonical layout. 52 SKILL.md files verify.
Three hiccups from the wiki.clawdie.si deployment (26.jun.2026):
1. Placeholder cert — nginx refuses to start when ssl_certificate files
dont exist yet. Create a temporary self-signed cert first, then
acme.sh --issue overwrites it with the real cert.
2. ACME challenge location ordering — nginx matches location blocks in
order. .well-known/acme-challenge/ MUST come before the
location / { return 301 https://... } redirect, otherwise ACME
validation returns 301 instead of the challenge file.
3. acme.sh --key-file + --fullchain-file — these flags write directly
to the nginx SSL paths, replacing the placeholder. The cert paths
must match between nginx config and acme.sh invocation.
New "Adding a new public static HTTPS site — full flow" section covers
the complete pattern: DNS first → placeholder cert → vhost with ordered
locations → real cert → content deploy → renewal.
Two new troubleshooting entries: BIO_new_file() failed (missing cert),
ACME challenge 404/301 (location ordering or missing directory).
- Remove 'sl' from EXCLUDE — Slovenian wiki pages now served
- Locale-aware link resolver: ./page.md → /sl/page/ in sl/ context
- Language switcher in nav bar (English ↔ Slovenščina)
- Slovenian index at /sl/ with translated prose
- lang attribute dynamic per locale
- Matches docs.clawdie.si Starlight pattern: /<lang>/<page>/
Match the lean SL style: one terse sentence, no legacy narration.
"clawdie provisions the host service. Jail, DB, CMS, and Git
provisioning are not yet in the installer."
The install/ section was clawdie-ai docs ported into colibri: it documented a
`just install` Node/tsx 20-step orchestrator + Ansible, none of which exists
here (colibri is a Cargo workspace). colibri's real installer is the `clawdie`
binary (crates/clawdie): `discover` / `plan` / `apply --yes` → ZFS datasets +
clawdie service user + rc.d/systemd unit running colibri-daemon.
- install.md: rewritten to the clawdie flow (commands, storage strategy,
what apply provisions, --create-pool safety) from crates/clawdie/README.md.
Adds a Scope section marking PF/jails/PostgreSQL/CMS provisioning as legacy
clawdie-ai (not yet in the colibri installer) — no invented commands.
- controlplane-install.md: rewritten to `cargo build -p clawdie` + apply.
- index.md: "Install orchestrator / just install" → clawdie discover/plan/apply.
- requirements.md: toolchain → Cargo/clawdie (drop Node/tsx), install command
fixed, and a note that the runtime-philosophy prose is still clawdie-ai
pending reconciliation.
Out of scope (flagged for follow-up): first-boot.md (ISO QML rewrite pending),
fresh-install-checklist.md, and the `just install/setup/doctor` mentions in the
architecture pages — all broader clawdie-ai legacy.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- New page: docs/guide/sl/reference/okrajsave.md (15 abbreviations
explained in plain Slovenian — LLM, JSON, JSONL, ACL, PF, NAT,
ZFS, API, HTTPS, TCP, SHA, BCP, ISO, UI, VPS)
- Linked from reference index
- First occurrence of each abbreviation in every Slovenian page
now links to the glossary
- Fix broken ./install/ link (English + Slovenian)
- requirements title: 'Zahteve' → 'Osnovne zahteve'
- prettier-clean
- colibri.md: complete rewrite — was TypeScript "event fabric" with pi-centric
ingestion modules, proof gates, Herdr evaluation. Now describes the actual
v0.12 Rust control plane: crate map, agent model (zot/pi), mother MCP flow,
links to wiki decision pages.
- "broken" → "inconsistent" (docs-publishing), "compromised" (install),
"not suitable" (sdk-deep-dive)
- Zero remainders: no kill, smoke, fake, hacky, TODOs, stale pi patterns
Document the cross-host control-plane bridge (socat TCP on tailscale0 →
colibri-daemon Unix socket): FreeBSD rc.d vs Linux systemd parity, the
interface-scoped firewall gate (pf / ufw), the "tailnet boundary is the auth"
security model (no socket auth; scope :9190 via Tailscale ACL), and config
notes (TAILSCALE_IP_REQUIRED placeholder, socket-path parity, 0770 group).
Points at packaging/{freebsd,linux}/ for install. Linked from the architecture
index next to Control Plane. No real tailnet IPs (placeholders only).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
