clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 43

feat(spawner): post-spawn vault provision hook (HIVE step 3) #87

Merged
clawdie merged 1 commit from feat/spawner-vault-hook into main 2026-06-19 23:08:24 +02:00
Conversation 0 Commits 1 Files changed 4 +77
clawdie commented 2026-06-19 21:59:04 +02:00
Owner
Copy link

Wires the vault provision hook into the spawn path.

After a jailed agent is created, if a tenant record matches the jail name, colibri_vault::provision() fetches the Vaultwarden collection and materializes a 0600 .env into the jail root. Agent starts with secrets in place.

HIVE steps 1-3 complete:

  • Step 1: colibri-vault crate (PR #85)
  • Step 2: tenants table in colibri-store (branch feat/tenants-table)
  • Step 3: spawner hook (this PR)

Step 4 (mother skill) already drafted by hermes-osa in layered-soul.

Wires the vault provision hook into the spawn path. After a jailed agent is created, if a tenant record matches the jail name, `colibri_vault::provision()` fetches the Vaultwarden collection and materializes a 0600 `.env` into the jail root. Agent starts with secrets in place. HIVE steps 1-3 complete: - Step 1: `colibri-vault` crate (PR #85) - Step 2: tenants table in colibri-store (branch feat/tenants-table) - Step 3: spawner hook (this PR) Step 4 (mother skill) already drafted by hermes-osa in layered-soul.
clawdie added 1 commit 2026-06-19 21:59:07 +02:00
feat(spawner): post-spawn vault provision hook (HIVE step 3)
Some checks failed
CI / rust (pull_request) Has been cancelled
Details
CI / markdown (pull_request) Has been cancelled
Details
6cc47a55d4 
- daemon.rs: provision_tenant_env() — looks up tenant, calls colibri-vault,
  marks tenant active on success
- socket.rs: extract jail info before spawn, fire provision hook after
  agent insert (fire-and-forget via tokio::spawn)
- colibri-vault dep added to colibri-daemon Cargo.toml

After jail creation, if a tenant record matches the jail name, the hook
fetches the Vaultwarden collection and writes a 0600 .env into the jail
root before the agent starts. HIVE steps 1-3 complete.
clawdie merged commit 34f4a92295 into main 2026-06-19 23:08:24 +02:00
clawdie deleted branch feat/spawner-vault-hook 2026-06-19 23:08:27 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
first-proof blocker

gates the first proven end-to-end

  
hardening

security/robustness follow-up, not a first-proof gate

No labels
first-proof blocker
hardening
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/colibri#87
No description provided.
Delete branch "feat/spawner-vault-hook"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?