feat(mother): MCP infra — hive_nodes registry, hardened wrapper/builder, idempotent setup #161

Merged

clawdie merged 2 commits from feature/mother-mcp-infra into main

2026-06-24 10:00:54 +02:00

Author	SHA1	Message	Date
Sam & Claude	e941fdd494	mother: rename usb_nodes→hive_nodes (+node_type), harden setup/register Some checks failed CI / rust (pull_request) Has been cancelled Details CI / markdown (pull_request) Has been cancelled Details CI / port (pull_request) Has been cancelled Details CI / agent-jail-pkgs (pull_request) Has been cancelled Details Review pass on the mother MCP infra: - Rename usb_nodes → hive_nodes: a node is any host that joined the hive (live-usb/disk/vps/mother), not just a USB boot. Add a first-class node_type column (live-usb\|disk\|vps\|mother\|unknown). The schema migrates an existing osa DB in place (ALTER TABLE + ALTER SEQUENCE, guarded by to_regclass) and ADD COLUMN IF NOT EXISTS for already-renamed tables — data preserved, idempotent. FKs/trigger/indexes follow. - node-register-mcp: accepts + validates node_type, UPSERTs into hive_nodes. Add ON_ERROR_STOP=1 (psql otherwise exits 0 on SQL error → false success) and fold stderr into the captured result so failures are reported. - setup-mother.sh: apply schema BEFORE granting on its tables (fresh installs had no tables when grants ran); pipe the schema via stdin so the postgres user need not read the repo checkout; locate pg_hba via SHOW hba_file (was hardcoded) and PREPEND the peer rule (pg_hba is first-match); grants target hive_nodes/hive_nodes_id_seq. - build-colibri.sh: fast-forward a checked-out branch to origin so it builds current upstream code, not a stale local copy. Validated: prettier + sh -n green. Schema migration/UPSERT to be exercised on osa (no local postgres server here). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-24 09:45:39 +02:00
Sam & Claude	7b3e757817	feat(mother): idempotent MCP setup, injection-proof node-register, hardened wrapper + builder Consolidates mother MCP infrastructure into packaging/mother/: - setup-mother.sh: idempotent deploy script (binaries, MCP tools, SSH keys, PostgreSQL peer auth, jq-merge external-mcp.json, daemon env update) - node-register-mcp: UPSERT hw-probe JSON into mother_hive.usb_nodes using psql -v :variable heredoc (bound parameter, no SQL interpolation) - colibri-mcp-ssh: SSH forced-command wrapper with allowlist (only "" → stdio MCP mode, "tools" → discovery; everything else rejected) - build-colibri.sh: branch-allowlisted builder (main + semver tags + COLIBRI_BUILD_ALLOW_BRANCHES), features validated, array-quoted cargo args - MOTHER-SETUP.md: architecture document with security properties Security fixes vs. the clawdie-iso versions: - node-register-mcp: was E${ESCAPED} (vulnerable to E backslash interpretation); now psql -v :variable in a heredoc - colibri-mcp-ssh: was unquoted ${SSH_ORIGINAL_COMMAND} passthrough; now case-match allowlist - build-colibri.sh: was arbitrary git checkout + unquoted cargo flags; now branch allowlist + features validation + array args - USB spawn args: no trailing "colibri-mcp" remote command; forced-command wrapper handles empty command - Key management: one key per trust domain (mother-mcp != Forgejo); key lives on seed partition, not baked into image	2026-06-24 09:31:04 +02:00

Author

SHA1

Message

Date

Sam & Claude

e941fdd494

mother: rename usb_nodes→hive_nodes (+node_type), harden setup/register

CI / rust (pull_request) Has been cancelled

Details

CI / markdown (pull_request) Has been cancelled

Details

CI / port (pull_request) Has been cancelled

Details

CI / agent-jail-pkgs (pull_request) Has been cancelled

Details

Review pass on the mother MCP infra:

- Rename usb_nodes → hive_nodes: a node is any host that joined the hive
  (live-usb/disk/vps/mother), not just a USB boot. Add a first-class
  node_type column (live-usb|disk|vps|mother|unknown). The schema migrates an
  existing osa DB in place (ALTER TABLE + ALTER SEQUENCE, guarded by
  to_regclass) and ADD COLUMN IF NOT EXISTS for already-renamed tables — data
  preserved, idempotent. FKs/trigger/indexes follow.
- node-register-mcp: accepts + validates node_type, UPSERTs into hive_nodes.
  Add ON_ERROR_STOP=1 (psql otherwise exits 0 on SQL error → false success)
  and fold stderr into the captured result so failures are reported.
- setup-mother.sh: apply schema BEFORE granting on its tables (fresh installs
  had no tables when grants ran); pipe the schema via stdin so the postgres
  user need not read the repo checkout; locate pg_hba via SHOW hba_file (was
  hardcoded) and PREPEND the peer rule (pg_hba is first-match); grants target
  hive_nodes/hive_nodes_id_seq.
- build-colibri.sh: fast-forward a checked-out branch to origin so it builds
  current upstream code, not a stale local copy.

Validated: prettier + sh -n green. Schema migration/UPSERT to be exercised on
osa (no local postgres server here).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-24 09:45:39 +02:00

Sam & Claude

7b3e757817

feat(mother): idempotent MCP setup, injection-proof node-register, hardened wrapper + builder

Consolidates mother MCP infrastructure into packaging/mother/:

- setup-mother.sh: idempotent deploy script (binaries, MCP tools, SSH keys,
  PostgreSQL peer auth, jq-merge external-mcp.json, daemon env update)
- node-register-mcp: UPSERT hw-probe JSON into mother_hive.usb_nodes
  using psql -v :variable heredoc (bound parameter, no SQL interpolation)
- colibri-mcp-ssh: SSH forced-command wrapper with allowlist
  (only "" → stdio MCP mode, "tools" → discovery; everything else rejected)
- build-colibri.sh: branch-allowlisted builder (main + semver tags +
  COLIBRI_BUILD_ALLOW_BRANCHES), features validated, array-quoted cargo args
- MOTHER-SETUP.md: architecture document with security properties

Security fixes vs. the clawdie-iso versions:
- node-register-mcp: was E${ESCAPED} (vulnerable to E backslash
  interpretation); now psql -v :variable in a heredoc
- colibri-mcp-ssh: was unquoted ${SSH_ORIGINAL_COMMAND} passthrough;
  now case-match allowlist
- build-colibri.sh: was arbitrary git checkout + unquoted cargo flags;
  now branch allowlist + features validation + array args
- USB spawn args: no trailing "colibri-mcp" remote command;
  forced-command wrapper handles empty command
- Key management: one key per trust domain (mother-mcp != Forgejo);
  key lives on seed partition, not baked into image

2026-06-24 09:31:04 +02:00