87c075d6ba
External MCP servers are arbitrary third-party binaries — at least as untrusted as the agents the spawner already jails — but the #36 prototype spawned them directly on the host. Close that gap by reusing the existing confinement primitive instead of growing a second one. - ExternalMcpServer gains `jail: Option<JailConfig>` (#[serde(default)]). - ExternalMcpSession::start routes Command::new through colibri_daemon::spawner::jail_wrap with the shared COLIBRI_JAIL_PRIV_MODE policy (mdo live / helper deploy). No jail => unchanged. stdio (incl. the piped JSON-RPC stdin/stdout) flows through jexec/jail/mdo unaffected. - docs/COLIBRI-EXTERNAL-MCP-PROTOTYPE: document the `jail` field + confinement. - 3 tests (no-jail passthrough, jexec wrap, registry jail deserialize). colibri-mcp already depends on colibri-daemon, so no new dep. Build/test/clippy/ fmt green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .forgejo/workflows | ||
| .hermes/plans | ||
| crates | ||
| docs | ||
| manifests | ||
| packaging/freebsd | ||
| scripts | ||
| src | ||
| tests | ||
| tools | ||
| .env.example | ||
| .gitignore | ||
| .prettierignore | ||
| .prettierrc | ||
| AGENTS.md | ||
| Cargo.lock | ||
| Cargo.toml | ||
| README.md | ||
| rust-toolchain.toml | ||
Colibri
The Clawdie control plane core — a small, cross-platform (FreeBSD + Linux) Rust daemon that unifies coordination (task board, agent registry, skills catalog) with cache-first cost discipline (byte-stable prompt prefixes, cache-hit metering).
Status: 11 crates; workspace gates are expected to be fmt/clippy/test/release green. Avoid fixed test-count status here — run the gate commands below for the current count. Phase 3 (coordination core) is in progress.
Next ISO integration plan: docs/ISO-INTEGRATION-PLAN.md.
ISO acceptance runbook: docs/ISO-ACCEPTANCE-RUNBOOK.md.
Clawdie Studio/Zed proposal: docs/CLAWDIE-STUDIO-PROPOSAL.md.
External MCP host prototype: docs/COLIBRI-EXTERNAL-MCP-PROTOTYPE.md.
Workspace — 10 crates
| Crate | Role |
|---|---|
colibri-mcp |
MCP bridge for editor integration (Zed, Claude Code) via stdio JSON-RPC |
colibri-contracts |
JSON schema contracts (golden tests) |
colibri-deepseek |
DeepSeek cache-hit probe, prefix metering |
colibri-runtime |
Host status ingestion, runtime inventory |
colibri-glasspane |
Agent 5-state machine (Pi events → state) |
colibri-daemon |
Always-on Unix socket server, session lifecycle |
colibri-client |
Typed Unix-socket client + operator CLI |
colibri-glasspane-tui |
ratatui live dashboard (FreeBSD-native) |
colibri-store |
Embedded SQLite coordination (task board, agents, skills) |
colibri-skills |
Skills catalog crate |
Build
cargo build --release
Test
cargo test --workspace
cargo clippy --workspace --all-targets -- -D warnings
Architecture
colibri-daemon (always-on Unix socket server)
├── glasspane — agent state machine (Pi JSONL → idle/working/blocked/done)
├── store — SQLite coordination (tasks, agents, skills)
├── socket — newline-JSON socket API
├── session — append-only JSONL sessions, 3-region prompt assembly
└── spawner — agent subprocess management (retry/backoff)
colibri-client — CLI tools (colibri, colibri_smoke_agent)
colibri-glasspane-tui— ratatui dashboard (no Herdr dependency)
Probe binaries
# DeepSeek cache probe (needs DEEPSEEK_API_KEY)
cargo run --release --bin colibri-probe
# Runtime inventory manifest
cargo run --release --bin colibri-runtime-inventory
FreeBSD
Target x86_64-unknown-freebsd (Rust Tier-2). TLS is rustls to avoid
openssl-sys linking. Default DB path: /var/db/colibri/colibri.sqlite.