Follow-up to #74. Two concrete fixes to the "identity wallpaper on join" step:
1. tmp policy: the join script hardcoded WP=/tmp/clawdie-wallpaper.png, passing
it to clawdie-wallpaper-gen and overriding the safe SCRATCH_DIR default that
9ae8d25 had just introduced (project-local tmp/ or app-owned cache). The
generator now prints its chosen path on stdout (human note → stderr) and the
join script captures it: WP=$(clawdie-wallpaper-gen). No host-global /tmp.
2. wallpaper actually applies: replaced the hardcoded
/backdrop/screen0/monitor0/workspace0/last-image with an enumeration over
every existing */last-image property (XFCE keys backdrops by connector name,
e.g. monitorHDMI-1, not monitor0), falling back to creating the default
property on first boot/headless, then xfdesktop --reload.
SKILL.md updated to document the stdout contract and multi-monitor wiring.
Validation: sh -n on both scripts; prettier@3 --check SKILL.md;
python3 scripts/layered_soul.py validate . — all pass.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Panel indicator: add have() checks for nc/python3, warn on missing
deps instead of failing silently, distinct states for socket-down
vs no-response with actionable tooltip text
- Join Hive: generate and apply identity wallpaper on success as
visual 'you're in' confirmation via xfconf-query
- SKILL.md: document new behaviors
Sync the wallpaper helper and iso-visuals guidance with the project-local tmp policy, falling back to app-owned live cache paths when no project root exists.\n\nValidation: sh -n skills/iso-visuals/scripts/clawdie-wallpaper-gen.sh skills/iso-visuals/scripts/clawdie-join-hive.sh; npx --yes prettier@3 --check skills/iso-visuals/SKILL.md; python3 scripts/layered_soul.py validate .
Mirror the Clawdie ISO Join Hive and wallpaper helper hardening in the iso-visuals skill, fix the desktop Exec path, and clarify staged-helper versus wired-default behavior.\n\nValidation: sh -n skills/iso-visuals/scripts/clawdie-join-hive.sh skills/iso-visuals/scripts/clawdie-wallpaper-gen.sh; npx --yes prettier@3 --check skills/iso-visuals/SKILL.md; python3 scripts/layered_soul.py validate .
Three improvements for the Clawdie ISO first-boot desktop:
1. Panel health indicator (xfce4-genmon)
- polls colibri socket every 30s
- green/red dot + agent count + task count
- click to open colibri status in terminal
2. Identity wallpaper generator
- overlays hostname, Tailscale IP, Colibri port, FreeBSD release
- runs on first boot, caches result
- requires ImageMagick (add to ISO pkg list)
3. Join Hive launcher
- one-click agent registration in visible terminal
- checks daemon → vault creds → detect capabilities → register
- idempotent, safe to re-run
- pauses on result so operator reads before closing
All three scripts + skill.md + desktop entry in skills/iso-visuals/.
- provenance table: add vultr-svc row (Forgejo + Vaultwarden, verified off-OVH
but a shared-box SPOF) — the third provider now in the picture.
- DPIA gate: scope to automated decisions about individuals (Art. 35/22); the
internal agent scheduler (routing to machines) does not trigger it.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Append to HOST-MATRIX §4, grounded in a verified DNS check:
- Forgejo + Vaultwarden both run on Vultr (different provider than osa/OVH —
good), but share ONE box = single point of failure for backups AND secrets;
that box needs its own off-box backup + test-restore.
- broaden MFA to every master-key account (OVH, Vultr, registrar, Forgejo,
Vaultwarden) + domain auto-renew (lapsed domain kills pkg.clawdie.si/ACME/SSH).
- billing hygiene (auto-renew/commitment/price-EOL windows).
- continuity plan is contractually required (GTS §6.3); multi-host survivability
is the recovery plan since provider SLA = credits only.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Use the 460 W high-load fan/PSU mark as the planning assumption for multitenant use, with GEN-I energy and URO network tariff estimates.\n\nValidation: npx --yes prettier@3 --check docs/HOST-MATRIX.md; python3 scripts/layered_soul.py validate .
Track hosting spend as a verified fleet fact alongside disk and hardware, seed TBD rows for osa/domedom/debby/proposed OVH build capacity/ML350p, and update HIVE status now that first-proof blockers are code-complete.\n\nValidation: npx --yes prettier@3 --check docs/HOST-MATRIX.md docs/HIVE-ONBOARDING.md; python3 scripts/layered_soul.py validate .
Persist the reconstructed plan: all four MVP steps code-complete on colibri main;
first proof is not code-blocked (interim manual runbook path); open work
categorized (hardening #100/#92, CLI-driveability #101/#102, naming #98/iso#70).
PR #90 (tenants table) closed as superseded — already on main.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
First proven end-to-end uses a scratch jail + throwaway test collection only; no
real tenant data until path hardening (#92) lands. First-proof blockers are #88
(resolve collection by name) and #89 (per-call unlock); #92 is hardening.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The handoff's work shipped (hermes-osa LIVE, validated, Telegram consolidated,
cross-host routing done); its facts now live in HOST-MATRIX. It carried the last
legacy 'do not do the old thing' content (Autolycus / AUTOLYCUS_HOME / preserve
clawdie-ai runtime) — removed per its own deletion criteria and the
decisions-match-shipped-code principle.
Kept (deliberately): security rules (never commit secrets/share tokens, bootstrap
never enters the jail) and technical guidance (FreeBSD --remote, lock ordering,
test counting) — those are correct current decisions stated as imperatives, not
legacy cruft.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
debby is a laptop that powers off periodically; osa is the always-on VPS and
already hosts the colibri board. The hub must live where it never disappears, so
the orchestrator role moves to hermes-osa; debby drops to secondary agent + soul
backup.
- AGENTS.md, HOST-MATRIX, agent-roster, tailscale-network: role swap + always-on/
intermittent facts
- HOST-MATRIX + CAPABILITY-ROUTING: corrected 'debby orchestrator dispatches' ->
osa hosts the board, debby/domedog are clients
- integration doc + SOUL/project-structure survivability lines reconciled
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Real tailnet IPs and Telegram bot handles were being committed in docs/
memories/skills. Scrubbed all tracked markdown to ${VAR} placeholders; real
values now live in fleet.env (gitignored) and stay live via 'tailscale status'.
- add fleet.env.example (committed) + fleet.env (gitignored); .gitignore *.env
- AGENTS.md + HOST-MATRIX: masking convention so it can't recur
- also: domedog registered as Colibri agent (image-render/ffmpeg/build lane);
correct CAPABILITY-ROUTING example to real registered caps (domedog headless)
Past commits not rewritten (history moves to Codeberg at v1.0); this fixes HEAD.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New docs/MCP-INTEGRATION.md: how the two Hermes instances connect via MCP
using colibri-mcp as the hub-and-spoke front-end to the shared board, rather
than a direct mesh. Grounded in actual code:
- Hermes is both MCP server (hermes mcp serve) and client (mcp_servers config)
- colibri-mcp tool surface + env vars (COLIBRI_MCP_SOCKET/WRITE), socket transport
- ties into the live board + poller/worker loop and the socat cross-host bridge
- LIVE/SETUP/PLANNED tags; security, rejected mesh alternative, external-MCP future
Cross-linked from CAPABILITY-ROUTING.md.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cross-host transport landed via colibri PR #83 (socat bridge on osa
100.72.229.63:9190, Tailscale-only, + poller/worker loop), validated
debby<->osa.
- HOST-MATRIX: Current-vs-Designed note -> Routing LIVE; Track C -> DONE
- CAPABILITY-ROUTING: banner, caveat, topology [PLANNED]->[LIVE], worked example
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- scripts/colibri_poll.py: poll Colibri board for tasks assigned to an agent
- PR opened on colibri: feat/cli-register-agent (register-agent + list-agents CLI)
- Mevy (@zleht_bot) token migrated from old backup .env to hermes-osa
- Gateway running in polling mode via tmux session hermes-gateway
- python-telegram-bot[webhooks]==22.6 installed
- pip bootstrapped via python3 -m ensurepip (not in Hermes venv)
- Track B (Telegram/gateway) marked DONE, rc.d daemonization still deferred
- hermes-osa: LIVE (local chat validated), Mevy: separate (coexists)
- Provider: DeepSeek direct primary, OpenRouter fallback, Z.AI deferred
- Telegram/gateway/daemon explicitly OFF/deferred, 4 tracks documented
- CAPABILITY-ROUTING.md: labelled [LIVE] [PLANNED] [DESIGN] throughout
- Cross-host routing: explicitly 'not live yet' — local Unix socket only
- Removed stale install-note section superseded by osa detail block
- osa section compacted: single list format, no redundant entries
- Merges and supersedes Linux Hermes commit 9ec7f39
- hermes-osa: installed, local chat validated, DeepSeek direct primary
- Telegram: off (separate token from Mevy), daemon: not enabled
- Mevy vs hermes-osa: separate bots, separate tokens, coexisting
- Current vs Designed: Colibri routing local-only today, probe is tool not hook
- OS/hardware facts come from probes + matrix, not SOUL.md
- separate 'present in recovered env' from 'Hermes-supported' (Codex nuance)
- flag Telegram token reuse as a getUpdates collision risk vs Mevy
- first .env = provider keys only, Telegram deferred; Vaultwarden durable home
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Reconcile the HERMES_HOME path: /home/clawdie/.hermes is authoritative for
first validation; /home/clawdie/clawdie-ai (an earlier target) is the old
orphaned runtime and off-limits. Align agents here before install.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fold blind spots P2-P5 into the install note: pkg-install prereqs first
(bash/uv/git/curl), bash required (shebang now portable via hermes-bsd PR #3),
run attended (interactive prompts), core-only first validation (native-build
extras may not compile on FreeBSD 15), and rc.d as a deliberate re-setup
(/var/db/hermes, hermes user) — validation state won't migrate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
'Autolycus' is an LGPL upstream dependency the clean-room MIT hermes-bsd layer
explicitly avoids — never a service we run. Rename the osa agent label to
hermes-osa across AGENTS.md, agent-roster.md, HOST-MATRIX.md, and the FreeBSD
integration doc. Fix the roster's wrong 'LGPL v2.1 fork' -> clean-room MIT.
Correct the install facts (grounded in code): service is hermes_daemon
(packaging/freebsd/hermes_daemon.in), state home env is HERMES_HOME (not the
no-op AUTOLYCUS_HOME). Records the don't-mv-clawdie-ai caution and commit f8bf2803d.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Make free space a first-class probed fact: check df/--storage before
installing toolchains or building, keep the Disk (free) column current,
flag hosts past ~85%. Records reference footprints (Go ~290MB, Rust ~1.8GB)
and the standing debby ~95%-full watch.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Multi-OS routing: hosts advertise capability tags, tasks declare
required_capabilities, Colibri's scheduler (pick_agent/capability_match_score,
already implemented) places each task on a qualifying host. Documents the
vocabulary, the probe->capability mapping, the SkillManifest.required_capabilities
addition, central-daemon topology, and the tmux-screenshot skill as the worked
example (why dropping FreeBSD Pillow loses no capability).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Standardize toolchain across the matrix: Python 3.12 floor (no version-pinned
shebangs; ISO-time symlink python3->python3.N + uv for venvs), Node LTS
(flags debby Node22 vs FreeBSD node24 divergence to resolve), Rust/Go/Zig
and managed tools (tmux/codex/pi/zot) conventions.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
domedog row probed and filled; debby/osa left for those agents to populate
via verify_facts_probe.py. Corrects placement: Hermes=debby (live),
Mevy=osa (live operator bot).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Don't put all eggs in one basket — provider redundancy mirrors OS redundancy
- DeepSeek, OpenRouter, Z.AI/GLM, local llama.cpp — spread across providers
- A provider outage shouldn't be a collective outage
- 'the same bug rarely hits two fundamentally different platforms at once'
- 'degraded' / 'hindered' instead of 'killed' / 'died'
- Bastille jails named explicitly
- SOUL.md: rewritten identity — Linux/Docker for reach, FreeBSD/jails
for resilience. A vulnerability that kills one OS won't kill the other.
- AGENTS.md: agent matrix now includes isolation column (Docker/Bastille)
- memories/curated/project-structure.md: dual-OS strategy table
- verify_facts_probe.py: proper Docker detection (socket check, daemon status)
We are not betting on one OS. We are betting that catastrophic events
won't hit both platforms simultaneously.
- detect_os() runs first, builds Linux/FreeBSD/Darwin command map
- All subsequent probes can use the map for safe cross-platform ops
- SOUL.md: explicit callout — Linux vs FreeBSD command differences
(grep, sed, dd, sha256sum, bash, make, pkg vs apt, device names)
are the primary reason to verify facts before acting
- docs/CLAWDIE-HERMES-FREEBSD-INTEGRATION.md: renamed from typo 'CLAIRE'
- AGENTS.md: updated reference path
- Purpose: phased plan to put Hermes on FreeBSD/OSA natively, via our
MIT-licensed hermes-bsd fork (not the LGPL Autolycus fork)
