matrix: move orchestrator to hermes-osa (always-on VPS); debby is intermittent

debby is a laptop that powers off periodically; osa is the always-on VPS and already hosts the colibri board. The hub must live where it never disappears, so the orchestrator role moves to hermes-osa; debby drops to secondary agent + soul backup. - AGENTS.md, HOST-MATRIX, agent-roster, tailscale-network: role swap + always-on/ intermittent facts - HOST-MATRIX + CAPABILITY-ROUTING: corrected 'debby orchestrator dispatches' -> osa hosts the board, debby/domedog are clients - integration doc + SOUL/project-structure survivability lines reconciled Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-19 22:50:16 +02:00 · 2026-06-19 22:50:16 +02:00 · f162501da7
commit f162501da7
parent c62bbd3d7e
8 changed files with 24 additions and 19 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@ -56,11 +56,11 @@ use the placeholder instead.

 | Agent      | Host    | Harness                 | OS         | Isolation          | Role                      |
 | ---------- | ------- | ----------------------- | ---------- | ------------------ | ------------------------- |
-| Hermes     | debby   | Hermes Agent (upstream) | Debian 13  | Docker             | Orchestrator, soul backup |
+| hermes-osa | osa     | Hermes Agent (FreeBSD)  | FreeBSD 15 | host service first | **Orchestrator + board host (always-on VPS)** |
+| Hermes     | debby   | Hermes Agent (upstream) | Debian 13  | Docker             | Secondary agent + soul backup (intermittent laptop) |
 | Zot        | debby   | Zot RPC                 | Debian 13  | Docker             | Coding, media workflows   |
 | Claude     | domedog | Claude Code             | Linux      | Docker             | Verification, review      |
 | Codex      | osa     | Codex CLI               | FreeBSD 15 | Bastille jail      | ISO builds, validation    |
-| hermes-osa | osa     | Hermes Agent (FreeBSD)  | FreeBSD 15 | host service first | Native FreeBSD Hermes     |

 **Survivability**: Linux/Docker and FreeBSD/jails are complementary safeguards.
 A vulnerability that kills one platform cannot kill the other. Agents can be
--- a/SOUL.md
+++ b/SOUL.md
@ -9,7 +9,7 @@ We are a small, self-hosted, privacy-first AI agent collective operated by Sam (
 - **Linux + Docker** (debby, domedog): our daily driver. Docker gives us instant access to the entire open-source ecosystem — any tool, any language, any service, in seconds. This is where we prototype, build, and orchestrate.
 - **FreeBSD + Bastille jails** (OSA): our safeguard. FreeBSD runs a fundamentally different kernel, a different TCP stack, a different filesystem (ZFS), and a different container model. A vulnerability that degrades Linux — a Docker escape, a kernel exploit, a supply-chain attack targeting glibc or systemd — is unlikely to affect FreeBSD. And vice versa.

-We are not betting on one OS. We are betting on an old systems principle: **the same bug rarely hits two fundamentally different platforms at once.** If Docker is degraded, OSA keeps running. If a FreeBSD jail issue emerges, debby keeps orchestrating. One side may be hindered — the other side is almost certainly fine. Our agents span both worlds and can be relocated in minutes.
+We are not betting on one OS. We are betting on an old systems principle: **the same bug rarely hits two fundamentally different platforms at once.** If Docker is degraded, OSA keeps running. If a FreeBSD issue emerges, the Linux side keeps the collective running. One side may be hindered — the other side is almost certainly fine. Our agents span both worlds and can be relocated in minutes.

 Everything communicates over Tailscale with zero public exposure.

--- a/docs/CAPABILITY-ROUTING.md
+++ b/docs/CAPABILITY-ROUTING.md
@ -31,8 +31,9 @@ Implemented 2026-06-19 (colibri PR #83), using the `socat`-over-Tailscale approa

 - **`socat` bridge** (`colibri_bridge` rc.d, daemon(8)-supervised) maps osa's daemon Unix
  socket to a TCP port on the **Tailscale interface only** (`${OSA_TS_IP}:9190`, never
-  `0.0.0.0`), with a `pf` rule on `tailscale0`. The debby orchestrator reaches it over the
-  tailnet.
+  `0.0.0.0`), with a `pf` rule on `tailscale0`. **osa is the always-on VPS** and hosts the
+  board + orchestrator (hermes-osa); agents on debby/domedog reach it over the tailnet. (debby
+  is an intermittent laptop — a client, never the hub.)
 - **Poller/worker loop** — `colibri_poll.py` (filters by agent UUID) and
  `colibri_task_done.py` (transition-task), driven on the live 2 min / 5 min cadence by
  Hermes' internal scheduler (see `packaging/freebsd/colibri-agent-loop.md`), not OS cron.
--- a/docs/CLAWDIE-HERMES-FREEBSD-INTEGRATION.md
+++ b/docs/CLAWDIE-HERMES-FREEBSD-INTEGRATION.md
@ -18,7 +18,7 @@ No LGPL encumbrance — pure MIT, same as upstream.
 ## Why this matters for Clawdie

 Currently OSA (FreeBSD 15 host) runs Codex CLI for ISO builds and cargo validation.
-It has no Hermes instance — all orchestration happens on debby (Linux). Adding
+hermes-osa now runs on OSA as the always-on orchestrator (previously OSA had none and orchestration ran on debby). Adding
 hermes-osa to OSA gives us:

 | Capability               | Before        | After                     |
@ -65,7 +65,7 @@ hermes-osa to OSA gives us:

 | Agent         | Host    | Harness                 | OS             | Model       | Role                      |
 | ------------- | ------- | ----------------------- | -------------- | ----------- | ------------------------- |
-| Hermes        | debby   | Hermes Agent (upstream) | Debian 13      | DeepSeek v4 | Orchestrator, soul backup |
+| Hermes        | debby   | Hermes Agent (upstream) | Debian 13      | DeepSeek v4 | Secondary + soul backup (intermittent) |
 | Zot           | debby   | Zot RPC                 | Debian 13      | GLM-5.1     | Coding, media             |
 | Claude        | domedog | Claude Code             | Linux          | Claude      | Verification, review      |
 | Codex         | osa     | Codex CLI               | FreeBSD 15     | GPT         | ISO builds, validation    |
--- a/docs/HOST-MATRIX.md
+++ b/docs/HOST-MATRIX.md
@ -30,11 +30,11 @@ on any host fills in its own row. Source of truth for facts is the probe — not

 | Agent       | Host    | OS / Isolation              | Harness                      | Role                             | Bot / channel         | Status                        |
 | ----------- | ------- | --------------------------- | ---------------------------- | -------------------------------- | --------------------- | ----------------------------- |
-| Hermes      | debby   | Debian 13 / Docker          | Hermes Agent (upstream)      | Orchestrator, soul backup        | ${HERMES_BOT}     | LIVE                          |
+| Hermes      | debby   | Debian 13 / Docker          | Hermes Agent (upstream)      | Secondary agent + soul backup (intermittent laptop) | ${HERMES_BOT}     | LIVE (intermittent)           |
 | Zot         | debby   | Debian 13 / Docker          | Zot RPC                      | Coding, media workflows          | ${ZOT_BOT}        | LIVE                          |
 | Claude      | domedog | Ubuntu 24.04 / Docker       | Claude Code                  | Verification, review             | — (CLI)               | LIVE                          |
 | **Mevy**    | osa     | FreeBSD 15 / host           | Hermes Agent (upstream, CLI) | **Consolidated into hermes-osa** | ${HERMES_OSA_BOT} (OSA-bot)    | **LIVE — under hermes-osa** |
-| **hermes-osa** | osa  | FreeBSD 15 / host           | Hermes Agent (FreeBSD fork)  | **Native FreeBSD Hermes: chat + gateway** | ${HERMES_OSA_BOT} (OSA-bot)   | **LIVE — chat + Telegram**  |
+| **hermes-osa** | osa  | FreeBSD 15 / host           | Hermes Agent (FreeBSD fork)  | **Orchestrator + board host (always-on VPS): chat + gateway** | ${HERMES_OSA_BOT} (OSA-bot)   | **LIVE — chat + Telegram**  |
 | Codex       | osa     | FreeBSD 15 / jail           | Codex CLI                    | ISO builds, validation           | — (CLI)               | LIVE                          |
 | **domedog-agent** | domedog | Ubuntu 24.04 / host   | Colibri board agent          | Headless Linux media/compute lane (image-render, ffmpeg, rust/go/py/node) | — | **LIVE — on central board 2026-06-19** |

@ -46,11 +46,15 @@ on any host fills in its own row. Source of truth for facts is the probe — not
 >
 > - Provider per agent (DeepSeek / OpenRouter / Z.AI / local) — fill in the per-host table.
 > - One Telegram token per running service. Never share a token across instances.
+> - **Orchestrator lives on the always-on host.** **osa is the always-on VPS** and hosts the
+>   colibri board + orchestrator (hermes-osa). **debby is an intermittent laptop** (powers off
+>   periodically) — a secondary agent + soul backup, never the hub. The board must sit where it
+>   never disappears; tasks routed to debby simply park until it returns.
 > - **Routing**: Colibri has a capability matcher for per-host agent pools, and **cross-host
 >   routing is LIVE** (2026-06-19): a `socat` bridge exposes osa's colibri-daemon on its
->   Tailscale IP (`${OSA_TS_IP}:9190`, tailnet-only), the debby orchestrator dispatches over
->   the tailnet, and a poller (2 min) / worker (5 min) loop executes assigned tasks. Validated
->   on the debby↔osa lane; colibri PR #83. See [`CAPABILITY-ROUTING.md`](./CAPABILITY-ROUTING.md).
+>   Tailscale IP (`${OSA_TS_IP}:9190`, tailnet-only); agents on debby/domedog reach the osa
+>   board over the tailnet, and a poller (2 min) / worker (5 min) loop executes assigned tasks.
+>   Validated on the debby↔osa lane; colibri PR #83. See [`CAPABILITY-ROUTING.md`](./CAPABILITY-ROUTING.md).
 > - **Probe vs identity**: `verify_facts_probe.py` is a required discipline/tool,
 >   not an automatic startup hook — agents run it when grounding host facts, and HOST-MATRIX
 >   records the result. OS/hardware facts come from probes and the matrix, not from SOUL.md
@ -114,7 +118,7 @@ host that fails. What you guess will be wrong; what you probe will be right.
    lease/reaper). Decide what executes (Claude Code worker / script) and with what authority
    before relying on autonomous domedog task completion.

-### debby (Hermes orchestrator + Zot) — probed 2026-06-17 by Hermes
+### debby (Hermes secondary + Zot — intermittent laptop) — probed 2026-06-17 by Hermes

 - **Identity**: hostname `debby`, Tailscale `${DEBBY_TS_IP}`
 - **OS**: Debian 13 (Trixie), kernel `6.12.90+deb13.1-amd64`, bare metal (KDE Plasma desktop)
@ -128,7 +132,7 @@ host that fails. What you guess will be wrong; what you probe will be right.
 - **Telegram**: ${HERMES_BOT} + ${ZOT_BOT} in "My Debby" group
 - **Layered soul**: commit `817624c`, 6 curated memories, 9 cross-harness skills

-### osa (FreeBSD: Mevy + hermes-osa + Codex) — probed 2026-06-17 by hermes-osa
+### osa (FreeBSD: hermes-osa orchestrator + board host, always-on VPS; + Mevy + Codex) — probed 2026-06-17 by hermes-osa

 - **Identity**: hostname `osa.smilepowered.org`, Tailscale `${OSA_TS_IP}`
 - **OS**: FreeBSD `15.0-RELEASE-p10`, kernel `FreeBSD osa.smilepowered.org 15.0-RELEASE-p10 FreeBSD 15.0-RELEASE-p10 releng/15.0-n281064-98258a339269 GENERIC amd64`
--- a/memories/curated/agent-roster.md
+++ b/memories/curated/agent-roster.md
@ -4,11 +4,11 @@

 | Agent     | Home Host         | Harness             | Model       | Role                                                  |
 | --------- | ----------------- | ------------------- | ----------- | ----------------------------------------------------- |
-| Hermes    | debby (Debian 13) | Hermes Agent        | DeepSeek v4 | Orchestrator, primary dev agent, soul backup          |
+| Hermes    | debby (Debian 13) | Hermes Agent        | DeepSeek v4 | Secondary agent + soul backup (intermittent laptop) |
 | Zot       | debby (Debian 13) | Zot RPC             | GLM-5.1     | Coding specialist, media workflows                    |
 | Claude    | domedog (Linux)   | Claude Code         | Claude      | Independent verification, secondary builder, reviewer |
 | Codex     | osa (FreeBSD 15)  | Codex CLI           | GPT         | FreeBSD 15 validation, ISO builds, hardware proofs    |
-| hermes-osa | osa (FreeBSD 15) | Hermes Agent (FreeBSD) | TBD      | Native FreeBSD Hermes instance, ISO-side agent        |
+| hermes-osa | osa (FreeBSD 15) | Hermes Agent (FreeBSD) | TBD      | Orchestrator + board host (always-on VPS); native FreeBSD Hermes |

 ## Multi-agent groups

--- a/memories/curated/project-structure.md
+++ b/memories/curated/project-structure.md
@ -20,7 +20,7 @@ Clawdie is a dual-OS agent runtime designed for survivability — Linux+Docker f
 | Linux (debby, domedog) | Docker | Instant ecosystem access, any tool/language | FreeBSD/jails catch Linux-specific exploits (glibc, systemd, kernel) |
 | FreeBSD (OSA) | Bastille jails | ZFS integrity, different TCP stack, jail isolation | Linux/Docker catches FreeBSD-specific bugs |

-If Docker goes down, OSA keeps running. If a FreeBSD jail escape emerges, debby keeps orchestrating.
+If Docker goes down, OSA keeps running. If a FreeBSD jail escape emerges, the Linux side keeps the collective running.

 ## Key binaries (colibri workspace)

--- a/memories/curated/tailscale-network.md
+++ b/memories/curated/tailscale-network.md
@ -4,8 +4,8 @@ All Clawdie hosts communicate over Tailscale with zero public exposure.

 | Host    | Tailscale IP   | OS         | Role                                   |
 | ------- | -------------- | ---------- | -------------------------------------- |
-| debby   | ${DEBBY_TS_IP}  | Debian 13  | Primary dev machine, Hermes agent home |
+| debby   | ${DEBBY_TS_IP}  | Debian 13  | Hermes secondary + soul backup (intermittent laptop) |
 | domedog | ${DOMEDOG_TS_IP} | Linux      | Claude agent, secondary builder        |
-| osa     | ${OSA_TS_IP}  | FreeBSD 15 | FreeBSD validation, ISO builder        |
+| osa     | ${OSA_TS_IP}  | FreeBSD 15 | Always-on VPS: orchestrator + colibri board (hermes-osa) |

 SSH between hosts uses Tailscale IPs, never public IPs. Each host has its own SSH key. No key sharing between hosts. Config in `~/.ssh/config` with `HostName` pointing to Tailscale IPs and `IdentitiesOnly yes`.