clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 44

fix(daemon): gate autospawn on .secured marker when require_secured=YES #184

Merged
clawdie merged 1 commit from fix/require-secured-interlock into main 2026-06-25 07:25:45 +02:00
Conversation 0 Commits 1 Files changed 1 +17

1 commit

Author SHA1 Message Date
Sam & Claude
796070605b fix(daemon): gate autospawn on .secured marker when require_secured=YES
Some checks failed
CI / rust (pull_request) Has been cancelled
Details
CI / markdown (pull_request) Has been cancelled
Details
CI / port (pull_request) Has been cancelled
Details
CI / agent-jail-pkgs (pull_request) Has been cancelled
Details 
Adds colibri_daemon_require_secured knob (default NO). When enabled, the
daemon refuses to autospawn an agent until /var/db/colibri/.secured exists.
This interlock pairs with the clawdie-iso firstboot password gate (#139):
the gate writes .secured after the operator sets passwords, the daemon
reads it to gate autospawn + node_register.

Must run AFTER the provider.env block — otherwise COLIBRI_AUTOSPAWN=YES
from provider.env would override the NO set here. Defaults to NO so
deployed/disk hosts (which never run the firstboot gate) are unaffected.

Paired with: clawdie-iso PR #139 (force-root-password-on-first-boot).
 2026-06-25 07:04:59 +02:00