skill(freebsd): freebsd-os-upgrade — minor point-release runbook #19

Merged

clawdie merged 5 commits from freebsd-os-upgrade-skill into main

2026-06-25 11:05:30 +02:00

clawdie commented

2026-06-25 10:42:00 +02:00

Owner

What

New layered-soul skill freebsd-os-upgrade — the runbook for moving a hive
node across a FreeBSD point release within the same major (e.g. 15.0 → 15.1).

references/freebsd-update-reboot.md — the verified 95-line doc ported from
clawdie-ai (.agent/skills/freebsd-admin/references/): reboot-needed detection
(freebsd-version -kru vs uname -r), pre/post status capture, package/service
notes, vuln-audit wording.
SKILL.md — wraps it with the Clawdie specifics: same-major ⇒ ABI
FreeBSD:15:amd64 unchanged (no package rebuild, no PG dump/restore), reboot
only on operator go-ahead, build-host-first sequence, and the clawdie-iso side
(bump/override FREEBSD_VERSION, version-agnostic 15.x docs).

Two-track

This is the draft track. Hermes runs the real OSA 15.0 → 15.1 upgrade and
folds the captured freebsd-version/service/jail/PF output into the
Validation evidence slot to mark the skill proven.

Pairs with clawdie-iso #143 (the image bump) — this skill is the upgrade runbook
that bump's note points at.

Dropped (per triage): the unbuilt /reboots Telegram feature (reboot-intent) and
the Telegram integration (zot-native via TELEGRAM_BOT_TOKEN).

🤖 Generated with Claude Code

## What New layered-soul skill **`freebsd-os-upgrade`** — the runbook for moving a hive node across a FreeBSD point release within the same major (e.g. 15.0 → 15.1). - `references/freebsd-update-reboot.md` — the **verified 95-line doc** ported from clawdie-ai (`.agent/skills/freebsd-admin/references/`): reboot-needed detection (`freebsd-version -kru` vs `uname -r`), pre/post status capture, package/service notes, vuln-audit wording. - `SKILL.md` — wraps it with the Clawdie specifics: same-major ⇒ ABI `FreeBSD:15:amd64` unchanged (no package rebuild, no PG dump/restore), reboot only on operator go-ahead, build-host-first sequence, and the clawdie-iso side (bump/override `FREEBSD_VERSION`, version-agnostic `15.x` docs). ## Two-track This is the **draft** track. Hermes runs the real OSA `15.0 → 15.1` upgrade and folds the captured `freebsd-version`/service/jail/PF output into the **Validation evidence** slot to mark the skill proven. Pairs with clawdie-iso #143 (the image bump) — this skill is the upgrade runbook that bump's note points at. Dropped (per triage): the unbuilt `/reboots` Telegram feature (reboot-intent) and the Telegram integration (zot-native via `TELEGRAM_BOT_TOKEN`). 🤖 Generated with Claude Code

clawdie added 1 commit 2026-06-25 10:42:02 +02:00

skill(freebsd): add freebsd-os-upgrade — minor point-release runbook 080d18fab8

Ports the verified freebsd-update-reboot.md (reboot-needed detection, pre/post
status capture, package/service notes, vuln-audit wording) from clawdie-ai into
a layered-soul skill, alongside the existing freebsd-* operational skills.

SKILL.md wraps it as the same-major upgrade procedure (15.0 -> 15.1): ABI
FreeBSD:15:amd64 unchanged so no package rebuild / no PG dump-restore; reboot
only on operator go-ahead; build-host-first sequence; and the clawdie-iso side
(bump/override FREEBSD_VERSION, version-agnostic docs). Escalation is
host-agnostic (mdo on the operator image, sudo/doas elsewhere).

Validation-evidence slot left for the real OSA 15.0->15.1 run to fold in.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

claude-domedog added 1 commit 2026-06-25 10:47:39 +02:00

skill(freebsd): cover pkgbase (OSA) alongside freebsd-update 73304e7f41

OSA manages its base via pkgbase (FreeBSD-kernel-generic 15.0p10), not
freebsd-update — the two are mutually exclusive. Add a detection step
(pkg info -e FreeBSD-runtime) and branch the upgrade procedure:

- pkgbase: confirm the base repo targets the new series (a pinned base_release_0
  only delivers patch levels; base_release_<N>/base_latest crosses a point
  release), then pkg update && pkg upgrade (base + ports together).
- freebsd-update: freebsd-update -r <target> upgrade/install + pkg for ports.

Reboot detection, verification, and the clawdie-iso side are identical for both.
Fold in OSA partial evidence: pre-status clean (k/u/uname all matched).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

claude-domedog added 1 commit 2026-06-25 10:53:49 +02:00

skill(freebsd): harden pkgbase path — edit existing repo, dry-run first 2ae2481acd

A pkgbase host already has a FreeBSD-base repo; appending a second block creates
a duplicate repo name (undefined, last-wins). Inspect and EDIT the existing entry
in place (base_release_0 -> base_release_N/base_latest to cross a point release),
then pkg update + pkg upgrade -n (dry run to confirm 15.1 is offered) before the
real pkg upgrade. Also align the pre-status capture with the reference
(freebsd-version -k/-u + uname -r, not -kru).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

claude-domedog added 1 commit 2026-06-25 10:57:23 +02:00

skill(freebsd): include Bastille thin/thick jail upgrade in the process 1b6e11775f

A host base upgrade leaves jails on the old release — they carry their own
userland. Add a Jails section + runbook step: upgrade jails after the host
reaches the new kernel; thick = independent base each, thin = clone of a
bootstrapped release template; detect pkgbase vs freebsd-update per jail; Bastille
bootstrap/upgrade flow; same-major ABI means no in-jail package rebuild; verify
each jail with bastille cmd <jail> freebsd-version. Validation slot now also
captures per-jail evidence.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

claude-domedog added 1 commit 2026-06-25 11:00:32 +02:00

skill(freebsd): sharpen thin-jail detection caveat 6b39929fb5

The per-jail 'pkg info -e FreeBSD-runtime' detection is reliable for thick jails
(independent base) but may be empty or error on thin jails — a thin jail has no
independent pkg-managed base; its method follows the release template it was
bootstrapped from, and it's upgraded at the template level, not per-jail.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>