From 548f70ba7277057d7b89b70c0b5976317d99bdbf Mon Sep 17 00:00:00 2001 From: Damocles Date: Fri, 1 May 2026 14:51:31 +0200 Subject: [PATCH] deploy script: build, chown state to muede, lock SYSTEM.md as root 644 --- scripts/deploy.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 scripts/deploy.sh diff --git a/scripts/deploy.sh b/scripts/deploy.sh new file mode 100755 index 0000000..119db3e --- /dev/null +++ b/scripts/deploy.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# Build, deploy, and fix permissions on the damocles-lab state tree. +# Run from the damocles-daemon repo root (or anywhere - resolves paths absolutely). + +set -euo pipefail + +REPO="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +TARGET=/persist/damocles-lab +STATE="$TARGET/state" + +echo "==> building" +cd "$REPO" +nix develop --command cargo build --bin damocles-daemon --bin damocles-mcp 2>&1 | tail -3 + +echo "==> deploying binaries to $TARGET" +for bin in damocles-daemon damocles-mcp; do + cp "$REPO/target/debug/$bin" "$TARGET/$bin.new" + chown muede:users "$TARGET/$bin.new" + mv "$TARGET/$bin.new" "$TARGET/$bin" +done +ls -la "$TARGET/damocles-daemon" "$TARGET/damocles-mcp" + +echo "==> fixing state tree ownership (muede:users)" +# Anything touched by full-Damocles from the (root-running) damocles container +# ends up root-owned and unwritable by the daemon. Bulk-fix every time we deploy. +chown -R muede:users "$STATE" + +# SYSTEM.md is the harness contract. Daemon must read it but not write it - +# it ships as part of the system prompt on each shard spawn. Restore root:root 644. +if [ -f "$STATE/identity/SYSTEM.md" ]; then + chown root:root "$STATE/identity/SYSTEM.md" + chmod 644 "$STATE/identity/SYSTEM.md" +fi +echo " state tree fixed" + +echo "==> done. restart daemon to pick up new binary:" +echo " ~/lab.sh \"cd /workspace && RUST_LOG=info ./damocles-daemon\""