Skip to content
Clawdie

Warden Runtime

Warden is the project name for Clawdie’s isolated execution and service layer on FreeBSD.

It does not replace Bastille or FreeBSD jail terminology. It describes how Clawdie uses those primitives together.

Current Model

Section titled “Current Model”
  • the FreeBSD host runs the main orchestrator
  • Bastille manages the jailed service and worker layer
  • worker execution happens inside jailed runtimes
  • persistent service jails provide database and CMS functions

In practice:

  • FreeBSD enforces isolation
  • Bastille creates and manages jails
  • Clawdie dispatches work and services into the Warden layout

Canonical Roles

Section titled “Canonical Roles”

Current main uses these runtime classes:

RoleRuntimeShapePersistenceNetwork
workerFreeBSD jailthinephemeralshared
networked-workerFreeBSD jailthinephemeralVNET
controlplanehost processpersistenthost
dbFreeBSD jailthickpersistentVNET
gitFreeBSD jailthickpersistentVNET
cmsFreeBSD jailthickpersistentVNET
browser-vmLinux VMimagepersistentbridged

The controlplane is NOT a jail — it runs on the host as part of the main agent service.

The database jail is provisioned by setup/db.ts, the git jail by setup/git.ts; neither uses the generic jail profile table.

Canonical Network Layout

Section titled “Canonical Network Layout”

The default internal Warden subnet is 10.0.0.0/24 on bridge warden0.

Reserved addresses:

  • 10.0.0.1 gateway on warden0
  • 10.0.0.2 git
  • 10.0.0.3 cms
  • 10.0.0.4 Local AI Models (ollama / llama.cpp)
  • 10.0.0.5 optional db
  • 10.0.0.101+ workers
  • 10.0.0.150 browser/gui profile

Internal names should use AGENT_INTERNAL_DOMAIN=<agent>.home.arpa.

Naming Rules

Section titled “Naming Rules”
  • public domain: AGENT_DOMAIN
  • internal jail/service domain: AGENT_INTERNAL_DOMAIN
  • jail names derive from AGENT_NAME
  • do not use .local as the internal default
  • do not reintroduce the old operator-jail model into the active runtime

Operator Model

Section titled “Operator Model”

There is no operator jail on current main.

  • SSH and Ansible target the FreeBSD host
  • the host manages Bastille, PF, services, and ZFS
  • db, git, and cms stay as host-managed service jails
  • workers remain sandboxed execution jails, not SSH-managed servers

Canonical operator reference:

Long-Term Direction

Section titled “Long-Term Direction”
  • keep host orchestration on the FreeBSD host
  • keep persistent services in dedicated thick jails
  • keep worker execution isolated from those services
  • add browser automation through the separate VM class, not by bloating the jail model