feat(colibri-vault): scaffold vault credential provision crate #85

Merged

clawdie merged 2 commits from feat/colibri-vault into main 2026-06-19 21:26:49 +02:00

Conversation 0 Commits 2 Files changed 4 +318 -1

clawdie commented 2026-06-19 21:16:07 +02:00

Owner

Copy link

Scaffolds colibri-vault — the missing limb between Bastille jail creation and a participating hive member.

• provision(collection_name, target_dir) — fetches a Vaultwarden collection, writes 0600 .env into the target
• Wraps existing bw CLI; does NOT reimplement Bitwarden protocol
• Fail-closed: no bw → error, no collection → error, empty collection → no-op
• Handles login items (username=KEY, password=VALUE) and secure notes (KEY=VALUE lines)

This is step 1 of the HIVE-ONBOARDING.md plan.

Next steps: tenants table in colibri-store, spawner hook that calls provision() after jail create, mother skill in layered-soul.

Scaffolds `colibri-vault` — the missing limb between Bastille jail creation and a participating hive member. - `provision(collection_name, target_dir)` — fetches a Vaultwarden collection, writes 0600 `.env` into the target - Wraps existing `bw` CLI; does NOT reimplement Bitwarden protocol - Fail-closed: no bw → error, no collection → error, empty collection → no-op - Handles login items (username=KEY, password=VALUE) and secure notes (KEY=VALUE lines) This is step 1 of the [HIVE-ONBOARDING.md](https://code.smilepowered.org/clawdie/layered-soul/src/branch/main/docs/HIVE-ONBOARDING.md) plan. Next steps: tenants table in colibri-store, spawner hook that calls provision() after jail create, mother skill in layered-soul.

clawdie added 1 commit 2026-06-19 21:16:10 +02:00

feat(colibri-vault): scaffold vault credential provision crate ... 3e1951762c

- lib.rs: provision() fetches Vaultwarden collection → jail .env
- Wraps existing bw CLI, does not reimplement Bitwarden protocol
- Fail-closed: no bw = error, no collection = error, empty = no-op
- Writes 0600 .env with KEY=VALUE pairs from login items + secure notes
- Workspace: added crates/colibri-vault (member #12)

clawdie added 1 commit 2026-06-19 21:25:58 +02:00

fix(colibri-vault): correct field contract (name=KEY, not username=KEY) ... fa7fe1c42b

- Bug: used login.username as env KEY; actual convention is item.name
- Add validate_key() — rejects non-[A-Z0-9_] chars (.env injection safeguard)
- Add parse test: key_from_item_name_not_username (would have caught this)
- Add test: validate_key_rejects_dangerous_chars
- Fix: unclosed delimiter brace from initial scaffold

Review: Claude (domedog) — caught both the contract bug and missing validation

clawdie merged commit 900e8048de into main 2026-06-19 21:26:49 +02:00

clawdie deleted branch feat/colibri-vault 2026-06-19 21:26:49 +02:00

clawdie referenced this pull request from a commit 2026-06-19 21:26:52 +02:00

Merge pull request 'feat(colibri-vault): scaffold vault credential provision crate' (#85) from feat/colibri-vault into main

clawdie referenced this pull request 2026-06-19 21:59:04 +02:00

feat(spawner): post-spawn vault provision hook (HIVE step 3) #87

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

first-proof blocker

gates the first proven end-to-end

  

hardening

security/robustness follow-up, not a first-proof gate

No labels

first-proof blocker

hardening

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/colibri#85

No description provided.