Real tailnet IPs and Telegram bot handles were being committed in docs/
memories/skills. Scrubbed all tracked markdown to ${VAR} placeholders; real
values now live in fleet.env (gitignored) and stay live via 'tailscale status'.
- add fleet.env.example (committed) + fleet.env (gitignored); .gitignore *.env
- AGENTS.md + HOST-MATRIX: masking convention so it can't recur
- also: domedog registered as Colibri agent (image-render/ffmpeg/build lane);
correct CAPABILITY-ROUTING example to real registered caps (domedog headless)
Past commits not rewritten (history moves to Codeberg at v1.0); this fixes HEAD.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New docs/MCP-INTEGRATION.md: how the two Hermes instances connect via MCP
using colibri-mcp as the hub-and-spoke front-end to the shared board, rather
than a direct mesh. Grounded in actual code:
- Hermes is both MCP server (hermes mcp serve) and client (mcp_servers config)
- colibri-mcp tool surface + env vars (COLIBRI_MCP_SOCKET/WRITE), socket transport
- ties into the live board + poller/worker loop and the socat cross-host bridge
- LIVE/SETUP/PLANNED tags; security, rejected mesh alternative, external-MCP future
Cross-linked from CAPABILITY-ROUTING.md.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cross-host transport landed via colibri PR #83 (socat bridge on osa
100.72.229.63:9190, Tailscale-only, + poller/worker loop), validated
debby<->osa.
- HOST-MATRIX: Current-vs-Designed note -> Routing LIVE; Track C -> DONE
- CAPABILITY-ROUTING: banner, caveat, topology [PLANNED]->[LIVE], worked example
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- scripts/colibri_poll.py: poll Colibri board for tasks assigned to an agent
- PR opened on colibri: feat/cli-register-agent (register-agent + list-agents CLI)
- Mevy (@zleht_bot) token migrated from old backup .env to hermes-osa
- Gateway running in polling mode via tmux session hermes-gateway
- python-telegram-bot[webhooks]==22.6 installed
- pip bootstrapped via python3 -m ensurepip (not in Hermes venv)
- Track B (Telegram/gateway) marked DONE, rc.d daemonization still deferred
- hermes-osa: LIVE (local chat validated), Mevy: separate (coexists)
- Provider: DeepSeek direct primary, OpenRouter fallback, Z.AI deferred
- Telegram/gateway/daemon explicitly OFF/deferred, 4 tracks documented
- CAPABILITY-ROUTING.md: labelled [LIVE] [PLANNED] [DESIGN] throughout
- Cross-host routing: explicitly 'not live yet' — local Unix socket only
- Removed stale install-note section superseded by osa detail block
- osa section compacted: single list format, no redundant entries
- Merges and supersedes Linux Hermes commit 9ec7f39
- hermes-osa: installed, local chat validated, DeepSeek direct primary
- Telegram: off (separate token from Mevy), daemon: not enabled
- Mevy vs hermes-osa: separate bots, separate tokens, coexisting
- Current vs Designed: Colibri routing local-only today, probe is tool not hook
- OS/hardware facts come from probes + matrix, not SOUL.md
- separate 'present in recovered env' from 'Hermes-supported' (Codex nuance)
- flag Telegram token reuse as a getUpdates collision risk vs Mevy
- first .env = provider keys only, Telegram deferred; Vaultwarden durable home
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Reconcile the HERMES_HOME path: /home/clawdie/.hermes is authoritative for
first validation; /home/clawdie/clawdie-ai (an earlier target) is the old
orphaned runtime and off-limits. Align agents here before install.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fold blind spots P2-P5 into the install note: pkg-install prereqs first
(bash/uv/git/curl), bash required (shebang now portable via hermes-bsd PR #3),
run attended (interactive prompts), core-only first validation (native-build
extras may not compile on FreeBSD 15), and rc.d as a deliberate re-setup
(/var/db/hermes, hermes user) — validation state won't migrate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
'Autolycus' is an LGPL upstream dependency the clean-room MIT hermes-bsd layer
explicitly avoids — never a service we run. Rename the osa agent label to
hermes-osa across AGENTS.md, agent-roster.md, HOST-MATRIX.md, and the FreeBSD
integration doc. Fix the roster's wrong 'LGPL v2.1 fork' -> clean-room MIT.
Correct the install facts (grounded in code): service is hermes_daemon
(packaging/freebsd/hermes_daemon.in), state home env is HERMES_HOME (not the
no-op AUTOLYCUS_HOME). Records the don't-mv-clawdie-ai caution and commit f8bf2803d.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Make free space a first-class probed fact: check df/--storage before
installing toolchains or building, keep the Disk (free) column current,
flag hosts past ~85%. Records reference footprints (Go ~290MB, Rust ~1.8GB)
and the standing debby ~95%-full watch.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Multi-OS routing: hosts advertise capability tags, tasks declare
required_capabilities, Colibri's scheduler (pick_agent/capability_match_score,
already implemented) places each task on a qualifying host. Documents the
vocabulary, the probe->capability mapping, the SkillManifest.required_capabilities
addition, central-daemon topology, and the tmux-screenshot skill as the worked
example (why dropping FreeBSD Pillow loses no capability).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Standardize toolchain across the matrix: Python 3.12 floor (no version-pinned
shebangs; ISO-time symlink python3->python3.N + uv for venvs), Node LTS
(flags debby Node22 vs FreeBSD node24 divergence to resolve), Rust/Go/Zig
and managed tools (tmux/codex/pi/zot) conventions.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
domedog row probed and filled; debby/osa left for those agents to populate
via verify_facts_probe.py. Corrects placement: Hermes=debby (live),
Mevy=osa (live operator bot).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Don't put all eggs in one basket — provider redundancy mirrors OS redundancy
- DeepSeek, OpenRouter, Z.AI/GLM, local llama.cpp — spread across providers
- A provider outage shouldn't be a collective outage
- 'the same bug rarely hits two fundamentally different platforms at once'
- 'degraded' / 'hindered' instead of 'killed' / 'died'
- Bastille jails named explicitly
- SOUL.md: rewritten identity — Linux/Docker for reach, FreeBSD/jails
for resilience. A vulnerability that kills one OS won't kill the other.
- AGENTS.md: agent matrix now includes isolation column (Docker/Bastille)
- memories/curated/project-structure.md: dual-OS strategy table
- verify_facts_probe.py: proper Docker detection (socket check, daemon status)
We are not betting on one OS. We are betting that catastrophic events
won't hit both platforms simultaneously.
- detect_os() runs first, builds Linux/FreeBSD/Darwin command map
- All subsequent probes can use the map for safe cross-platform ops
- SOUL.md: explicit callout — Linux vs FreeBSD command differences
(grep, sed, dd, sha256sum, bash, make, pkg vs apt, device names)
are the primary reason to verify facts before acting
- docs/CLAWDIE-HERMES-FREEBSD-INTEGRATION.md: renamed from typo 'CLAIRE'
- AGENTS.md: updated reference path
- Purpose: phased plan to put Hermes on FreeBSD/OSA natively, via our
MIT-licensed hermes-bsd fork (not the LGPL Autolycus fork)
- Agent roster: add Autolycus (Hermes fork on FreeBSD 15/OSA)
- AGENTS.md: full 5-agent matrix with harness/OS/role
- New doc: CLAIRE-FREEBSD-HERMES-INTEGRATION.md — phased plan
- Added hermes-freebsd to private sources list
Move skills/freebsd/freebsd-cost-optimization.md to
skills/freebsd-cost-optimization/SKILL.md so the Colibri importer (skills/**/SKILL.md)
picks it up. Import smoke now loads 10 skills.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Remove the PLAN-CONFIGURE-PRIVATE-REPO plan — its phases are done (identity/
memories/skills populated, Colibri import working, headroom sidecar shipped);
the ongoing curation workflow lives in CONNECT-HERMES-SOUL.md and the system_brain/
system_ops design lives in colibri docs. Clarify in the README that this repo is
both the template and a working reference (real content, not placeholders), and
fix the skills glob in CONNECT to skills/**/SKILL.md to match the importer.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The adapter described importing into system_skills/system_brain/system_ops via a
"Layered Memory Fabric", but only skills import is built (into Colibri's flat
skills table, via colibri scripts/import-layered-soul.sh). Mark skills as
implemented and brain/ops as planned, and point at colibri's
docs/INTEGRATION-LAYERED-SOUL.md.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
