Cross-platform Rust control plane core
66cbc76a5b
Implements the spawner half of docs/COLIBRI-JAILED-AGENT-SPAWN-DESIGN.md so
Colibri can confine a spawned agent (e.g. pi) in a FreeBSD jail. zot untouched.
- PrivMode {Mdo, Helper, None}: how the (unprivileged) daemon gets the root that
jail attach/create needs. Resolved from COLIBRI_JAIL_PRIV_MODE (default mdo —
the live-USB posture); deployed hosts set helper. Only consulted when a spawn
requests a jail.
- JailConfig {name, path, ip4, user}: `name` enters a persistent jail (jexec,
precedence); `path` makes an ephemeral `jail -c command=` that self-cleans on
exit. Neither set = no-op. (Refines the design's `ephemeral` flag into the
clearer name-vs-path choice.)
- jail_wrap(): pure (binary,args)->(program,argv) wrapper. No-op without a jail.
jexec runs without -l so injected COLIBRI_*/provider env is inherited; stdio
flows through mdo/jexec/jail so glasspane ingestion is unchanged.
- AgentSpawnConfig gains `jail: Option<JailConfig>` (#[serde(default)]); spawn()
resolves PrivMode/helper once and routes the command through jail_wrap.
- kill(): documented jail teardown semantics + the in-jail process-group reaping
follow-up.
- 7 jail_wrap unit tests. Full daemon lib suite (58) green; clippy -D warnings clean.
Not wired through the SpawnAgent socket command yet (it builds AgentSpawnConfig
with jail=None) — that protocol field is the next small step.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
||
|---|---|---|
| .forgejo/workflows | ||
| .hermes/plans | ||
| crates | ||
| docs | ||
| manifests | ||
| packaging/freebsd | ||
| scripts | ||
| src | ||
| tests | ||
| tools | ||
| .env.example | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc | ||
| AGENTS.md | ||
| Cargo.lock | ||
| Cargo.toml | ||
| README.md | ||
| rust-toolchain.toml | ||
Colibri
The Clawdie control plane core — a small, cross-platform (FreeBSD + Linux) Rust daemon that unifies coordination (task board, agent registry, skills catalog) with cache-first cost discipline (byte-stable prompt prefixes, cache-hit metering).
Status: 11 crates; workspace gates are expected to be fmt/clippy/test/release green. Avoid fixed test-count status here — run the gate commands below for the current count. Phase 3 (coordination core) is in progress.
Next ISO integration plan: docs/ISO-INTEGRATION-PLAN.md.
ISO acceptance runbook: docs/ISO-ACCEPTANCE-RUNBOOK.md.
Clawdie Studio/Zed proposal: docs/CLAWDIE-STUDIO-PROPOSAL.md.
Workspace — 10 crates
| Crate | Role |
|---|---|
colibri-mcp |
MCP bridge for editor integration (Zed, Claude Code) via stdio JSON-RPC |
colibri-contracts |
JSON schema contracts (golden tests) |
colibri-deepseek |
DeepSeek cache-hit probe, prefix metering |
colibri-runtime |
Host status ingestion, runtime inventory |
colibri-glasspane |
Agent 5-state machine (Pi events → state) |
colibri-daemon |
Always-on Unix socket server, session lifecycle |
colibri-client |
Typed Unix-socket client + operator CLI |
colibri-glasspane-tui |
ratatui live dashboard (FreeBSD-native) |
colibri-store |
Embedded SQLite coordination (task board, agents, skills) |
colibri-skills |
Skills catalog crate |
Build
cargo build --release
Test
cargo test --workspace
cargo clippy --workspace --all-targets -- -D warnings
Architecture
colibri-daemon (always-on Unix socket server)
├── glasspane — agent state machine (Pi JSONL → idle/working/blocked/done)
├── store — SQLite coordination (tasks, agents, skills)
├── socket — newline-JSON socket API
├── session — append-only JSONL sessions, 3-region prompt assembly
└── spawner — agent subprocess management (retry/backoff)
colibri-client — CLI tools (colibri, colibri_smoke_agent)
colibri-glasspane-tui— ratatui dashboard (no Herdr dependency)
Probe binaries
# DeepSeek cache probe (needs DEEPSEEK_API_KEY)
cargo run --release --bin colibri-probe
# Runtime inventory manifest
cargo run --release --bin colibri-runtime-inventory
FreeBSD
Target x86_64-unknown-freebsd (Rust Tier-2). TLS is rustls to avoid
openssl-sys linking. Default DB path: /var/db/colibri/colibri.sqlite.