From beebeb6c654796c9313fe6c09173c7aad0a5a599 Mon Sep 17 00:00:00 2001
From: Markus Fritsche <mfritsche@reauktion.de>
Date: Sat, 2 May 2026 15:45:57 +0000
Subject: [PATCH] =?UTF-8?q?claude-his-agent=20v0.2.0:=20split=20=E2=80=94?=
 =?UTF-8?q?=20public=20framework=20only,=20private=20runbook=20fetched=20a?=
 =?UTF-8?q?t=20install?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous package bundled the agent prompt + skill cheatsheet, which leaked
home-infra topology (specific hosts/IPs, plug AINs, /opt/herding cred file
paths, kid/2FA context) to anyone with the public APT/pacman repo URL.

v0.2.0 ships only the plumbing:
- /usr/bin/claude-his-fetch     (rsync runbook from $HIS_CONTEXT_HOST over SSH)
- /usr/bin/claude-his-install   (symlinks cache -> ~/.claude/)
- /usr/share/doc/claude-his-agent/README.md

Runbook content lives at $HIS_CONTEXT_HOST:/opt/his-context/ (default hertz)
and gets fetched into ~/.cache/claude-his-agent/ on install. SSH key auth is
the trust boundary.

Adds rsync + openssh-client as runtime deps. Upstream sha256:
c39dd1a956d303ac2417498dde05ac923bf686f1fc978f78f0d63ca42432b8b8
---
 arch/claude-his-agent/PKGBUILD           | 17 +++++++----------
 debian/claude-his-agent/build-deb.sh     | 23 +++++++++--------------
 debian/claude-his-agent/debian/changelog | 17 +++++++++++++++++
 debian/claude-his-agent/debian/control   | 18 ++++++++++--------
 4 files changed, 43 insertions(+), 32 deletions(-)

diff --git a/arch/claude-his-agent/PKGBUILD b/arch/claude-his-agent/PKGBUILD
index c5f78f46dd..dd0270bd42 100644
--- a/arch/claude-his-agent/PKGBUILD
+++ b/arch/claude-his-agent/PKGBUILD
@@ -3,22 +3,19 @@
 # Source of truth: git.reauktion.de/marfrit/claude-his-agent
 
 pkgname=claude-his-agent
-pkgver=0.1.9
+pkgver=0.2.0
 pkgrel=1
-pkgdesc="Home Infrastructure Specialist subagent + skill for Claude Code (mfritsche home infra)"
+pkgdesc="Claude Code framework for a private Home Infrastructure Specialist subagent — runbook fetched at install time, not bundled"
 arch=('any')
 url="https://git.reauktion.de/marfrit/claude-his-agent"
 license=('custom')
-depends=('bash')
+depends=('bash' 'rsync' 'openssh')
 source=("${pkgname}-${pkgver}.tar.gz::https://git.reauktion.de/marfrit/claude-his-agent/archive/v${pkgver}.tar.gz")
-sha256sums=('a3bdf9a77f982ab8e0af6aefe1d243923b4cc4067bed70ed552161b8ca161642')
+sha256sums=('c39dd1a956d303ac2417498dde05ac923bf686f1fc978f78f0d63ca42432b8b8')
 
 package() {
     cd "${pkgname}"
-    install -Dm644 agents/his.md             "${pkgdir}/usr/share/claude-agents/his.md"
-    install -Dm644 skills/his/SKILL.md       "${pkgdir}/usr/share/claude-skills/his/SKILL.md"
-    install -Dm755 scripts/claude-his-install "${pkgdir}/usr/bin/claude-his-install"
-    install -Dm755 scripts/repo-inventory.sh        "${pkgdir}/usr/bin/repo-inventory.sh"
-    install -Dm755 scripts/repo-inventory-nosudo.sh "${pkgdir}/usr/bin/repo-inventory-nosudo.sh"
-    install -Dm644 README.md                 "${pkgdir}/usr/share/doc/${pkgname}/README.md"
+    install -Dm755 bin/claude-his-fetch   "${pkgdir}/usr/bin/claude-his-fetch"
+    install -Dm755 bin/claude-his-install "${pkgdir}/usr/bin/claude-his-install"
+    install -Dm644 README.md              "${pkgdir}/usr/share/doc/${pkgname}/README.md"
 }
diff --git a/debian/claude-his-agent/build-deb.sh b/debian/claude-his-agent/build-deb.sh
index 6e0562f44d..3215a75cce 100755
--- a/debian/claude-his-agent/build-deb.sh
+++ b/debian/claude-his-agent/build-deb.sh
@@ -3,14 +3,14 @@
 # Mirrors the lmcp/build-deb.sh pattern.
 set -euo pipefail
 
-PKGVER=0.1.9
+PKGVER=0.2.0
 PKGREL=1
-HIS_TARBALL_SHA256=a3bdf9a77f982ab8e0af6aefe1d243923b4cc4067bed70ed552161b8ca161642
+HIS_TARBALL_SHA256=c39dd1a956d303ac2417498dde05ac923bf686f1fc978f78f0d63ca42432b8b8
 HERE=$(dirname "$(readlink -f "$0")")
 
 # Reproducible build: pin mtimes + ar member timestamps to a fixed epoch
-# tied to this release (v0.1.0, 2026-04-17 11:30 UTC).
-export SOURCE_DATE_EPOCH=1776677569
+# tied to this release (v0.2.0, 2026-05-02 11:00 UTC).
+export SOURCE_DATE_EPOCH=1778763600
 
 work=$(mktemp -d)
 trap "rm -rf $work" EXIT
@@ -23,18 +23,13 @@ tar xzf his.tar.gz
 
 ROOT="$work/pkgroot"
 mkdir -p "$ROOT/DEBIAN" \
-         "$ROOT/usr/share/claude-agents" \
-         "$ROOT/usr/share/claude-skills/his" \
          "$ROOT/usr/bin" \
          "$ROOT/usr/share/doc/claude-his-agent"
 
-install -m 644 claude-his-agent/agents/his.md              "$ROOT/usr/share/claude-agents/his.md"
-install -m 644 claude-his-agent/skills/his/SKILL.md        "$ROOT/usr/share/claude-skills/his/SKILL.md"
-install -m 755 claude-his-agent/scripts/claude-his-install "$ROOT/usr/bin/claude-his-install"
-install -m 755 claude-his-agent/scripts/repo-inventory.sh        "$ROOT/usr/bin/repo-inventory.sh"
-install -m 755 claude-his-agent/scripts/repo-inventory-nosudo.sh "$ROOT/usr/bin/repo-inventory-nosudo.sh"
-install -m 644 claude-his-agent/README.md                  "$ROOT/usr/share/doc/claude-his-agent/README.md"
-install -m 644 "$HERE/debian/copyright"                    "$ROOT/usr/share/doc/claude-his-agent/copyright"
+install -m 755 claude-his-agent/bin/claude-his-fetch   "$ROOT/usr/bin/claude-his-fetch"
+install -m 755 claude-his-agent/bin/claude-his-install "$ROOT/usr/bin/claude-his-install"
+install -m 644 claude-his-agent/README.md              "$ROOT/usr/share/doc/claude-his-agent/README.md"
+install -m 644 "$HERE/debian/copyright"                "$ROOT/usr/share/doc/claude-his-agent/copyright"
 
 # Render control from the source debian/control, filling in version
 CONTROL_SRC="$HERE/debian/control"
@@ -46,7 +41,7 @@ CONTROL_SRC="$HERE/debian/control"
     echo "Homepage: https://git.reauktion.de/marfrit/claude-his-agent"
     echo "Section: utils"
     echo "Priority: optional"
-    echo "Depends: bash"
+    echo "Depends: bash, rsync, openssh-client"
     # Trailing description from the source control (indented multi-line block)
     awk '/^Description:/{p=1} p' "$CONTROL_SRC"
 } > "$ROOT/DEBIAN/control"
diff --git a/debian/claude-his-agent/debian/changelog b/debian/claude-his-agent/debian/changelog
index 82a3237b2c..20ee887ccd 100644
--- a/debian/claude-his-agent/debian/changelog
+++ b/debian/claude-his-agent/debian/changelog
@@ -1,3 +1,20 @@
+claude-his-agent (0.2.0-1) bookworm trixie; urgency=medium
+
+  * Distribution-model split: package now ships only the framework
+    (claude-his-fetch + claude-his-install). The agent prompt and skill
+    cheatsheet — which previously embedded home-infra topology, plug AINs,
+    and cred file paths — have moved to a private host at
+    $HIS_CONTEXT_HOST:/opt/his-context/ (default host hertz) and are
+    pulled into ~/.cache/claude-his-agent/ over SSH at install time.
+    No infrastructure context is in the public package or its history.
+  * Adds rsync + openssh-client as runtime deps.
+  * Drops repo-inventory.sh and repo-inventory-nosudo.sh from /usr/bin
+    (now fetched into ~/.cache/claude-his-agent/scripts/ alongside the
+    runbook); existing prose updated to reference the cache path.
+  * Upstream history rewritten — pre-rewrite tree preserved out-of-band.
+
+ -- Markus Fritsche <mfritsche@reauktion.de>  Sat, 02 May 2026 11:00:00 +0000
+
 claude-his-agent (0.1.9-1) bookworm trixie; urgency=medium
 
   * Runbook updates closing claude-his-agent #1 #2 #3:
diff --git a/debian/claude-his-agent/debian/control b/debian/claude-his-agent/debian/control
index 02310d18af..d72b263d98 100644
--- a/debian/claude-his-agent/debian/control
+++ b/debian/claude-his-agent/debian/control
@@ -7,12 +7,14 @@ Homepage: https://git.reauktion.de/marfrit/claude-his-agent
 
 Package: claude-his-agent
 Architecture: all
-Depends: bash
-Description: Home Infrastructure Specialist subagent + skill for Claude Code
- Ships the His subagent (agents/his.md) and skill (skills/his/SKILL.md) that
- encode operational knowledge of mfritsche's home network — distcc hosts,
- wake procedures, /opt/herding/ tooling, lmcp endpoints — so sibling Claude
- Code instances can summon it instead of re-learning the infra every session.
+Depends: bash, rsync, openssh-client
+Description: Claude Code framework for a private Home Infrastructure Specialist
+ Ships the plumbing for a personal "His" (Home Infrastructure Specialist)
+ subagent + skill: a fetcher (claude-his-fetch) that rsyncs the runbook from
+ a private host the user controls into a per-user cache, and an installer
+ (claude-his-install) that symlinks the cached files into ~/.claude/.
  .
- Files install to /usr/share/claude-agents/ and /usr/share/claude-skills/his/.
- Run 'claude-his-install' as a user to symlink them into ~/.claude/.
+ No infrastructure context is bundled in the package — the runbook prose lives
+ on $HIS_CONTEXT_HOST:/opt/his-context/ (default host: hertz) and is pulled
+ over SSH using the user's existing key auth. Refresh by re-running
+ claude-his-fetch.