- Added symlink from /opt/aitbc/aitbc-cli to /usr/local/bin/aitbc-cli
- CLI now available system-wide without requiring /opt/aitbc in PATH
- Fixes hermes agent stumble when aitbc CLI not found
- Added error handling if symlink creation fails
- Provides manual PATH addition instructions as fallback
- Generate secure random passwords for all PostgreSQL database users
- Store passwords in /etc/aitbc/credentials/postgres_*_password files
- Update load-keystore-secrets.sh to load PostgreSQL passwords into runtime .env
- Set passwords for both new and existing users with ALTER USER
- Fixes PostgreSQL authentication failures in services
- Ensures secure password management for database access
- Added libpq-dev to apt-get prerequisites for psycopg2 compilation
- Added postgresql-devel to yum prerequisites for psycopg2 compilation
- Added fallback installation of psycopg2-binary when Poetry fails
- Added fallback installation of critical packages (fastapi, uvicorn, sqlmodel)
- Prevents service crashes due to missing psycopg2 module
- Ensures PostgreSQL database connectivity for services
- Added error handling for python3 secrets module failures
- Added OpenSSL fallback for credential generation
- Added timestamp-based fallback if both python3 and openssl fail
- Added fallback for proposer_id generation if not in .env
- Improved logging for each credential generation step
- Prevents setup failures when python3 secrets module unavailable
- Ensures credentials are always generated with fallback methods
- Added call to load-keystore-secrets.sh in setup_credentials function
- Generates /run/aitbc/secrets/.env during setup
- Required by blockchain-node and blockchain-rpc systemd services
- Added error handling if secrets generation fails
- Prevents service startup failures due to missing runtime secrets
- Fixes hermes setup stumble where services failed to start
- Added redis-server and redis-cli to prerequisite command checks
- Added installation cases for Redis (redis-server, redis-tools) for apt-get
- Added Redis to yum installation batch
- Redis is required for gossip configuration
- Ensures Redis is available for P2P network setup
- Add error handling for venv activation (both new and existing)
- Add error handling for pip upgrade (continues if fails)
- Add error handling for Poetry installation
- Add error handling for poetry install command
- Provide manual recovery instructions for each failure point
- Prevents script from failing completely on venv/poetry issues
- Improves hermes agent setup reliability
- Add automatic PostgreSQL service start if not running
- Add graceful handling of existing configs when venv creation fails
- Check for existing configs in /etc/aitbc before failing on venv error
- Provide manual recovery instructions when venv creation fails
- Change pyproject.toml error to warning to allow setup to continue
- Improves hermes agent setup experience by handling partial failures
- Added postgresql and psql to command checks
- Added python3-venv package check (tests venv module availability)
- Added installation cases for PostgreSQL (postgresql, postgresql-contrib, postgresql-client)
- Added installation case for python3-venv
- Updated apt-get and yum package managers to include these dependencies
- Fixes fatal venv setup error when python3-venv is missing
- Ensures PostgreSQL is available for database setup
- Updated git clone URL from Gitea to GitHub
- Updated deploy_common.sh download URL to GitHub
- Ensures public repository access for new installations
- Aligns with documentation that references GitHub as primary repo
- Added step-by-step progress markers [STEP X/10] for each setup phase
- Added clear completion markers with ✓ for each step
- Added STARTED and COMPLETED banners for easy detection
- Helps hermes agents track setup progress and identify stuck steps
- Improves debugging when setup hangs or fails
- Removed sudo from Node.js installation commands (curl ... | bash -)
- Script already runs as root (check_root enforced at start)
- Redundant sudo commands are unnecessary when script has root privileges
- Applied to both apt-get and yum package managers
- Updated Node.js installation commands to use sudo bash -
- Ensures proper execution when script is run with sudo
- Applied to both apt-get (deb.nodesource.com) and yum (rpm.nodesource.com)
- Follows standard NodeSource installation pattern
- Fixed GitHub raw URL in SETUP.md to use raw.githubusercontent.com format
- Updated setup.sh to automatically install missing prerequisites
- Added support for apt-get and yum package managers
- Auto-installs python3, pip3, git, systemd, nodejs, npm when missing
- Uses NodeSource repository for Node.js 24.x installation
- Improves hermes agent setup experience by reducing manual steps
- Updated CI workflows to track poetry.lock instead of requirements.txt
- Removed check-requirements-sync.py step from python-tests.yml
- Updated dependency_scanner.py default from requirements.txt to pyproject.toml
- Replaced all print() with click.echo() in deploy_edge_node.py (CLI script)
- Replaced print() with logger.warning() in zk_cache.py
- Updated setup.py files to read dependencies from pyproject.toml via tomli
- Removed
- Update workflow paths from docs/openclaw to docs/hermes
- Rename skill prefixes from openclaw-* to hermes-*
- Update agent skill references in refactoring and analysis docs
- Rename OPENCLAW_AITBC_MASTERY_PLAN.md to reflect hermes branding
- Update CLI examples and command references throughout documentation
- Add default_peer_rpc_url=http://127.0.0.1:8006 to blockchain-node .env.example and examples/env.example
- Extract set_env() helper function in setup.sh to handle env key-value updates (add if missing, update if exists)
- Ensure gossip_backend, gossip_broadcast_url, and default_peer_rpc_url are set in setup.sh node identity initialization
- Replace all sed -i commands with set_env() calls in workflow scripts
Add comprehensive Phase 5 documentation covering credential system implementation with /etc/aitbc/credentials/ directory (700 permissions), runtime secret loading via load-keystore-secrets.sh and systemd ExecStartPre hooks, removal of insecure API_KEY_HASH_SECRET defaults from tenant_context.py and tenant_management.py, keystore permission fixes (all files now 600), and setup_production.py migration from clear text
Remove obsolete aitbc-gpu.service references across documentation, scripts, and deployment files. GPU functionality is now unified into aitbc-marketplace.service (port 8007). Update blockchain health check to use gitea-runner hostname for aitbc2. Clarify WAL mode comment in database.py to reference btrfs raid instead of generic disk I/O errors. Mark cross-link validation checks as complete in compliance audit.
- Add MESSAGE transaction type to router.py valid_types
- Add MESSAGE handling to state_transition.py (value=0, fee-only)
- Add GasType.MESSAGE to gas schedules
- Re-enable state root computation in poa.py
- Change SQLite journal_mode to WAL for corruption prevention
- Add chattr +C to setup.sh for Btrfs CoW prevention
- Change SQLite journal mode from DELETE to WAL for better concurrency
- Add chattr +C to /var/lib/aitbc in setup.sh to disable Btrfs Copy-on-Write
- Add fallback logging when chattr is unavailable or fails
- Prevent SQLite corruption on Btrfs filesystems by ensuring overwrite-in-place behavior
- Change default P2P port from 7070 to 8001 in config and .env.example
- Add redis_url configuration option for hub persistence (default: redis://localhost:6379)
- Implement DNS-based hub registration/unregistration via HTTPS API endpoints
- Add Redis persistence for hub registrations with 1-hour TTL
- Add island join request/response protocol with member list and blockchain credentials
- Add GPU marketplace tracking (offers, bids, providers) in hub manager
- Add
Project Organization:
- Moved configuration files to project-config/ directory
- Moved documentation files to documentation/ directory
- Moved security reports to security/ directory
- Moved backup files to backup-config/ directory
- Created PROJECT_ORGANIZATION_SUMMARY.md documenting changes
- Updated all script references to new file locations
Root README Simplification:
- Replaced 715-line detailed README with 95-line structure guide
