Dangerous command approval: run_command skill now checks commands
against 9 regex patterns (rm -rf /, dd, mkfs, fork bombs, shutdown,
device writes, etc.) and blocks execution with a clear message.
Defense-in-depth layer on top of VM isolation.
Cron agents: templates support schedule (5-field cron) and
schedule_timeout (seconds, default 300) fields. Overseer checks
every 60s, spawns {name}-cron agents on match, auto-destroys after
timeout. Inline cron parser supports *, ranges, lists, and steps.
No npm dependencies added.
- New read_file skill: paginated file reading with line ranges,
path restricted to /workspace, binary detection, directory listing
- Session persistence via SQLite + FTS5: conversation history survives
agent restarts, last N messages restored into deque on boot,
auto-prune to 1000 messages
- Update truncation hint to reference read_file instead of run_command
- New scripts/update.sh for patching rootfs + rebuilding snapshot
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Tool outputs >2K chars saved to workspace/tool_outputs/ with preview
- Agent gets first 1500 chars + file path to read the rest
- Iteration budget bumped to 10 rounds (configurable per template)
- Warning injected when 2 rounds remaining to help model wrap up
Bump to v0.1.3. Since v0.1.2:
- Install script with verbose output and error handling
- Uninstall script
- Alpine rootfs in setup.ts (was Ubuntu)
- DNS fix for all chroot operations
- Stale tap cleanup before every createTap
- Dynamic binary paths (no hardcoded /usr/local/bin)
- Node.js upgrade handling
- Shellcheck clean
- !status command and web search tool
- Battle-tested on Ubuntu GPU server deployment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
$(which fireclaw) instead of hardcoded /usr/local/bin/fireclaw.
Fixes 203/EXEC on systems where npm link installs to /usr/bin/.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
deleteTap before createTap in all four call sites:
snapshot restore, cold boot, agent start, snapshot create.
Prevents "Device or resource busy" from leftover taps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Don't overwrite the host's resolv.conf with hardcoded 8.8.8.8.
The host's DNS config is already correct for both build and runtime.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copy host /etc/resolv.conf into chroot before apk install.
Set static nameserver after install for runtime.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Copy host /etc/resolv.conf into chroot before apk install (fixes DNS)
- Set static DNS (8.8.8.8) after chroot install for runtime
- Use PATH-based mkfs.ext4 instead of hardcoded /usr/sbin/
- Show chroot package install output (stdio: inherit)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Unmount and remove leftover files from previous failed install
attempts before starting the agent rootfs build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- All commands now show their output for debugging
- Use PATH-based e2fsck/resize2fs instead of hardcoded /usr/sbin/
- Add error checks with meaningful messages at each step
- set -e in chroot to fail fast on errors
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- setup.ts now downloads Alpine Linux minirootfs instead of Ubuntu squashfs
- Installs Alpine packages (openssh, python3, curl, ca-certificates) in chroot
- Fixes install script failing on non-Alpine base rootfs (adduser syntax)
- Clean up unused imports and lint warnings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Step headers, checkmarks, skip indicators for each component
- Shows what's being installed vs already present
- Progress messages for long operations (model pulls, rootfs build)
- Banner at start and summary at end with disk usage and model count
- Per-package install status on Debian/Ubuntu
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Install script now detects existing Node.js < 20 and upgrades it
instead of skipping. Supports apt, dnf, and apk package managers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Quote all variable expansions in setup-bridge.sh, teardown-bridge.sh,
and install.sh. Fix redirect order and unused variable in test-suite.sh.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
