External skill marketplaces (clawhub.ai, skills.sh, lobehub, browse.sh,
claude-marketplace) are unvetted instruction streams ingested into an agent's
context — a prompt-injection / supply-chain vector, the same class of risk as
`pkg install` from a random mirror, one layer up. Combined with the poudriere
plan, the conclusion is a first-party repository for BOTH layers.
- HIVE-ONBOARDING §10 (new): the trusted supply chain. pkg.clawdie.si (packages)
gets a sibling first-party skill repo (proposed skills.clawdie.si). External
sources become staging/review input, never a direct tenant runtime dep:
curate → pin → sign → publish. Clarifies clawhub.ai is third-party, unrelated
to pkg.clawdie.si (different layer + ownership).
- HIVE-ONBOARDING §5: mother expanded as the PAID product surface — paid tenants
are provisioned first-party-only; that hardening is the thing worth paying for.
§6 moat + §7 invariant + Status open-work updated to match.
- HOST-MATRIX §2: new "Registry & supply-chain provenance" table (first-party vs
third-party per layer); mother-build row notes it serves pkg.clawdie.si.
Validation: prettier@3 --check; python3 scripts/layered_soul.py validate . — pass.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Track hosting spend as a verified fleet fact alongside disk and hardware, seed TBD rows for osa/domedom/debby/proposed OVH build capacity/ML350p, and update HIVE status now that first-proof blockers are code-complete.\n\nValidation: npx --yes prettier@3 --check docs/HOST-MATRIX.md docs/HIVE-ONBOARDING.md; python3 scripts/layered_soul.py validate .
Persist the reconstructed plan: all four MVP steps code-complete on colibri main;
first proof is not code-blocked (interim manual runbook path); open work
categorized (hardening #100/#92, CLI-driveability #101/#102, naming #98/iso#70).
PR #90 (tenants table) closed as superseded — already on main.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
First proven end-to-end uses a scratch jail + throwaway test collection only; no
real tenant data until path hardening (#92) lands. First-proof blockers are #88
(resolve collection by name) and #89 (per-call unlock); #92 is hardening.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
