Workstream B of the next ISO rebuild: the live image should boot with at
least one Pi instance live on the Colibri board without operator action.
On startup, after the control-plane socket is up, the daemon spawns one
DeepSeek-backed Pi when configured. Host-spawn (no jail) — the live image is
single-agent; jails remain for deployed multi-tenant hosts. The Pi inherits
DEEPSEEK_API_KEY from the daemon environment (sourced from provider.env by
the rc.d service).
- Gated by COLIBRI_AUTOSPAWN_PI (YES/1/true/on); no-op otherwise.
- Requires a DEEPSEEK_API_KEY; logs and skips if absent (operator adds it via
Join Hive, then the daemon restart spawns it).
- Idempotent: skips if a Pi subprocess is already running, so the post-creds
restart does not stack duplicates.
- Pi binary and argv are env-tunable (COLIBRI_PI_BINARY default `pi`,
COLIBRI_AUTOSPAWN_PI_ARGS default `--mode json`) so the exact invocation can
be finalized on the FreeBSD image without a rebuild.
Reuses cmd_spawn_agent so glasspane attach, stdout streaming, and board
registration are identical to an operator-issued spawn. Tests for the pure
helpers (basename, env_truthy); full daemon suite green; clippy clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
