Per operator decision: stop fighting FreeBSD's PYTHON_DEFAULT=3.11 — python3 is
3.11 everywhere, python3.12 stays available for apps needing newer. This makes
Pillow trivial (py311-pillow imports on python3), so the prior "3.12 floor +
py312-pillow absent + run on 3.11 explicitly" explanation collapses.
- TOOLCHAIN.md: table row + decision section flipped to 3.11-default and cut to a
few lines (supersedes the 17.jun.2026 "3.12 floor" decision); symlink note now
says build.sh points python3 at 3.11.
- CAPABILITY-ROUTING.md: trimmed the osa line + worked example — image-render via
py311-pillow on python3, no version gymnastics.
- HOST-MATRIX.md: trimmed the operator-image image-render/screenshot note.
prettier + layered_soul validate clean. Dates in edited blocks use EU format.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Follow-on to clawdie-iso #85 (py311-pillow + join-hive capability detection):
the operator image now advertises image-render and screenshot, so the
capability is no longer Linux/domedog-only. Update the CAPABILITY-ROUTING worked
example and the HOST-MATRIX capability note accordingly.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
External skill marketplaces (clawhub.ai, skills.sh, lobehub, browse.sh,
claude-marketplace) are unvetted instruction streams ingested into an agent's
context — a prompt-injection / supply-chain vector, the same class of risk as
`pkg install` from a random mirror, one layer up. Combined with the poudriere
plan, the conclusion is a first-party repository for BOTH layers.
- HIVE-ONBOARDING §10 (new): the trusted supply chain. pkg.clawdie.si (packages)
gets a sibling first-party skill repo (proposed skills.clawdie.si). External
sources become staging/review input, never a direct tenant runtime dep:
curate → pin → sign → publish. Clarifies clawhub.ai is third-party, unrelated
to pkg.clawdie.si (different layer + ownership).
- HIVE-ONBOARDING §5: mother expanded as the PAID product surface — paid tenants
are provisioned first-party-only; that hardening is the thing worth paying for.
§6 moat + §7 invariant + Status open-work updated to match.
- HOST-MATRIX §2: new "Registry & supply-chain provenance" table (first-party vs
third-party per layer); mother-build row notes it serves pkg.clawdie.si.
Validation: prettier@3 --check; python3 scripts/layered_soul.py validate . — pass.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- provenance table: add vultr-svc row (Forgejo + Vaultwarden, verified off-OVH
but a shared-box SPOF) — the third provider now in the picture.
- DPIA gate: scope to automated decisions about individuals (Art. 35/22); the
internal agent scheduler (routing to machines) does not trigger it.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Append to HOST-MATRIX §4, grounded in a verified DNS check:
- Forgejo + Vaultwarden both run on Vultr (different provider than osa/OVH —
good), but share ONE box = single point of failure for backups AND secrets;
that box needs its own off-box backup + test-restore.
- broaden MFA to every master-key account (OVH, Vultr, registrar, Forgejo,
Vaultwarden) + domain auto-renew (lapsed domain kills pkg.clawdie.si/ACME/SSH).
- billing hygiene (auto-renew/commitment/price-EOL windows).
- continuity plan is contractually required (GTS §6.3); multi-host survivability
is the recovery plan since provider SLA = credits only.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Use the 460 W high-load fan/PSU mark as the planning assumption for multitenant use, with GEN-I energy and URO network tariff estimates.\n\nValidation: npx --yes prettier@3 --check docs/HOST-MATRIX.md; python3 scripts/layered_soul.py validate .
Track hosting spend as a verified fleet fact alongside disk and hardware, seed TBD rows for osa/domedom/debby/proposed OVH build capacity/ML350p, and update HIVE status now that first-proof blockers are code-complete.\n\nValidation: npx --yes prettier@3 --check docs/HOST-MATRIX.md docs/HIVE-ONBOARDING.md; python3 scripts/layered_soul.py validate .
debby is a laptop that powers off periodically; osa is the always-on VPS and
already hosts the colibri board. The hub must live where it never disappears, so
the orchestrator role moves to hermes-osa; debby drops to secondary agent + soul
backup.
- AGENTS.md, HOST-MATRIX, agent-roster, tailscale-network: role swap + always-on/
intermittent facts
- HOST-MATRIX + CAPABILITY-ROUTING: corrected 'debby orchestrator dispatches' ->
osa hosts the board, debby/domedog are clients
- integration doc + SOUL/project-structure survivability lines reconciled
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Real tailnet IPs and Telegram bot handles were being committed in docs/
memories/skills. Scrubbed all tracked markdown to ${VAR} placeholders; real
values now live in fleet.env (gitignored) and stay live via 'tailscale status'.
- add fleet.env.example (committed) + fleet.env (gitignored); .gitignore *.env
- AGENTS.md + HOST-MATRIX: masking convention so it can't recur
- also: domedog registered as Colibri agent (image-render/ffmpeg/build lane);
correct CAPABILITY-ROUTING example to real registered caps (domedog headless)
Past commits not rewritten (history moves to Codeberg at v1.0); this fixes HEAD.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cross-host transport landed via colibri PR #83 (socat bridge on osa
100.72.229.63:9190, Tailscale-only, + poller/worker loop), validated
debby<->osa.
- HOST-MATRIX: Current-vs-Designed note -> Routing LIVE; Track C -> DONE
- CAPABILITY-ROUTING: banner, caveat, topology [PLANNED]->[LIVE], worked example
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Mevy (@zleht_bot) token migrated from old backup .env to hermes-osa
- Gateway running in polling mode via tmux session hermes-gateway
- python-telegram-bot[webhooks]==22.6 installed
- pip bootstrapped via python3 -m ensurepip (not in Hermes venv)
- Track B (Telegram/gateway) marked DONE, rc.d daemonization still deferred
- hermes-osa: LIVE (local chat validated), Mevy: separate (coexists)
- Provider: DeepSeek direct primary, OpenRouter fallback, Z.AI deferred
- Telegram/gateway/daemon explicitly OFF/deferred, 4 tracks documented
- CAPABILITY-ROUTING.md: labelled [LIVE] [PLANNED] [DESIGN] throughout
- Cross-host routing: explicitly 'not live yet' — local Unix socket only
- Removed stale install-note section superseded by osa detail block
- osa section compacted: single list format, no redundant entries
- Merges and supersedes Linux Hermes commit 9ec7f39
- hermes-osa: installed, local chat validated, DeepSeek direct primary
- Telegram: off (separate token from Mevy), daemon: not enabled
- Mevy vs hermes-osa: separate bots, separate tokens, coexisting
- Current vs Designed: Colibri routing local-only today, probe is tool not hook
- OS/hardware facts come from probes + matrix, not SOUL.md
Reconcile the HERMES_HOME path: /home/clawdie/.hermes is authoritative for
first validation; /home/clawdie/clawdie-ai (an earlier target) is the old
orphaned runtime and off-limits. Align agents here before install.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fold blind spots P2-P5 into the install note: pkg-install prereqs first
(bash/uv/git/curl), bash required (shebang now portable via hermes-bsd PR #3),
run attended (interactive prompts), core-only first validation (native-build
extras may not compile on FreeBSD 15), and rc.d as a deliberate re-setup
(/var/db/hermes, hermes user) — validation state won't migrate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
'Autolycus' is an LGPL upstream dependency the clean-room MIT hermes-bsd layer
explicitly avoids — never a service we run. Rename the osa agent label to
hermes-osa across AGENTS.md, agent-roster.md, HOST-MATRIX.md, and the FreeBSD
integration doc. Fix the roster's wrong 'LGPL v2.1 fork' -> clean-room MIT.
Correct the install facts (grounded in code): service is hermes_daemon
(packaging/freebsd/hermes_daemon.in), state home env is HERMES_HOME (not the
no-op AUTOLYCUS_HOME). Records the don't-mv-clawdie-ai caution and commit f8bf2803d.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Make free space a first-class probed fact: check df/--storage before
installing toolchains or building, keep the Disk (free) column current,
flag hosts past ~85%. Records reference footprints (Go ~290MB, Rust ~1.8GB)
and the standing debby ~95%-full watch.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
domedog row probed and filled; debby/osa left for those agents to populate
via verify_facts_probe.py. Corrects placement: Hermes=debby (live),
Mevy=osa (live operator bot).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
