rename: Hornet → Baudbot

.env.schema

@@ -1,4 +1,4 @@
-# Hornet agent configuration schema
+# Baudbot agent configuration schema
 # See CONFIGURATION.md for details on each variable.
 #
 # Secrets live at ~/.config/.env (600 perms, never committed).
@@ -48,16 +48,16 @@ AGENTMAIL_API_KEY=
 
 # Agent's monitored email address
 # @sensitive=false @type=email
-HORNET_EMAIL=
+BAUDBOT_EMAIL=
 
 # Shared secret for email sender authentication
 # @type=string
-HORNET_SECRET=
+BAUDBOT_SECRET=
 
 # Comma-separated sender email allowlist
 # @sensitive=false @type=string
 # @example="you@example.com,teammate@example.com"
-HORNET_ALLOWED_EMAILS=
+BAUDBOT_ALLOWED_EMAILS=
 
 # ── Sentry (optional) ───────────────────────────────────────────────────────
 
@@ -91,15 +91,15 @@ KERNEL_API_KEY=
 
 # Unix username of the agent
 # @sensitive=false @type=string
-HORNET_AGENT_USER=hornet_agent
+BAUDBOT_AGENT_USER=baudbot_agent
 
 # Agent's home directory
 # @sensitive=false @type=string
-HORNET_AGENT_HOME=/home/hornet_agent
+BAUDBOT_AGENT_HOME=/home/baudbot_agent
 
 # Path to admin-owned source repo (enables source repo write protection)
 # @sensitive=false @type=string
-HORNET_SOURCE_DIR=
+BAUDBOT_SOURCE_DIR=
 
 # ── Bridge ───────────────────────────────────────────────────────────────────
 

.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
 
       - name: ShellCheck
         run: |
-          find bin/ setup.sh start.sh -type f \( -name '*.sh' -o -name 'hornet-safe-bash' -o -name 'hornet-docker' \) \
+          find bin/ setup.sh start.sh -type f \( -name '*.sh' -o -name 'baudbot-safe-bash' -o -name 'baudbot-docker' \) \
             | xargs shellcheck -s bash -S warning
 
   test:

.github/workflows/integration.yml

@@ -58,12 +58,12 @@ jobs:
 
       - name: Upload source
         run: |
-          tar czf /tmp/hornet-src.tar.gz \
+          tar czf /tmp/baudbot-src.tar.gz \
             --exclude=node_modules --exclude=.git .
           scp -o StrictHostKeyChecking=no -o BatchMode=yes \
             -i ~/.ssh/ci_key \
-            /tmp/hornet-src.tar.gz \
-            "root@${{ steps.droplet.outputs.DROPLET_IP }}:/tmp/hornet-src.tar.gz"
+            /tmp/baudbot-src.tar.gz \
+            "root@${{ steps.droplet.outputs.DROPLET_IP }}:/tmp/baudbot-src.tar.gz"
 
       - name: Setup and test
         run: |

.pi/todos/05990a5e.md

@@ -0,0 +1,21 @@
+{
+  "id": "05990a5e",
+  "title": "Rename: hornet-* binaries and files → baudbot-*",
+  "tags": [
+    "rename"
+  ],
+  "status": "done",
+  "created_at": "2026-02-17T04:32:09.542Z"
+}
+
+Rename files and references to them:
+- `bin/hornet-safe-bash` → `bin/baudbot-safe-bash`
+- `bin/hornet-safe-bash.test.sh` → `bin/baudbot-safe-bash.test.sh`
+- `bin/hornet-docker` → `bin/baudbot-docker`
+- `bin/hornet-firewall.service` → `bin/baudbot-firewall.service`
+
+Update all references in: `setup.sh`, `install.sh`, `bin/deploy.sh`, `bin/uninstall.sh`, `bin/security-audit.sh` + test, `bin/test.sh`, `AGENTS.md`, `README.md`, `SECURITY.md`
+
+Install paths change: `/usr/local/bin/hornet-safe-bash` → `/usr/local/bin/baudbot-safe-bash`, `/usr/local/bin/hornet-docker` → `/usr/local/bin/baudbot-docker`
+
+Systemd: `hornet-firewall.service` → `baudbot-firewall.service`

.pi/todos/3162a16b.md

@@ -0,0 +1,17 @@
+{
+  "id": "3162a16b",
+  "title": "Rename: GitHub repo modem-dev/hornet → modem-dev/baudbot",
+  "tags": [
+    "rename"
+  ],
+  "status": "open",
+  "created_at": "2026-02-17T04:32:27.710Z"
+}
+
+After all code changes land:
+1. Rename repo on GitHub (Settings → General → Repository name)
+2. GitHub auto-redirects old URLs, but update:
+   - `git remote set-url origin git@github.com:modem-dev/baudbot.git`
+   - CI badge URLs in README.md
+   - Clone URLs in README.md and install.sh
+3. Update local clone dir: `mv ~/hornet ~/baudbot` (optional but less confusing)

.pi/todos/3a60235c.md

@@ -0,0 +1,17 @@
+{
+  "id": "3a60235c",
+  "title": "Rename: verify — run tests + integration on both distros",
+  "tags": [
+    "rename"
+  ],
+  "status": "open",
+  "created_at": "2026-02-17T04:32:33.441Z",
+  "assigned_to_session": "381813d9-c69a-4472-9a00-e232ffb746d1"
+}
+
+After all renames:
+1. `bin/test.sh` — all 5 suites pass (tool-guard tests reference hornet paths/vars)
+2. ShellCheck clean
+3. `grep -ri hornet` returns zero hits (excluding .git, node_modules)
+4. Integration tests pass on Ubuntu + Arch droplets
+5. Deploy to live agent and verify boot

.pi/todos/77a6dd23.md

@@ -0,0 +1,21 @@
+{
+  "id": "77a6dd23",
+  "title": "Rename: HORNET_ env vars → BAUDBOT_ (schema, scripts, docs)",
+  "tags": [
+    "rename"
+  ],
+  "status": "done",
+  "created_at": "2026-02-17T04:32:03.601Z"
+}
+
+Rename all `HORNET_*` env vars to `BAUDBOT_*`:
+- `HORNET_EMAIL` → `BAUDBOT_EMAIL`
+- `HORNET_SECRET` → `BAUDBOT_SECRET`
+- `HORNET_ALLOWED_EMAILS` → `BAUDBOT_ALLOWED_EMAILS`
+- `HORNET_AGENT_USER` → `BAUDBOT_AGENT_USER`
+- `HORNET_AGENT_HOME` → `BAUDBOT_AGENT_HOME`
+- `HORNET_SOURCE_DIR` → `BAUDBOT_SOURCE_DIR`
+
+Files: `.env.schema`, `CONFIGURATION.md`, `install.sh`, `setup.sh`, `pi/extensions/tool-guard.ts` + test, `pi/extensions/email-monitor/index.ts`, `pi/skills/*/SKILL.md`
+
+Also rename internal vars: `HORNET_HOME`, `HORNET_SRC`, `HORNET_SRC_DIR` in scripts.

.pi/todos/8347a4ba.md

@@ -0,0 +1,20 @@
+{
+  "id": "8347a4ba",
+  "title": "Rename: branding — Hornet → Baudbot in docs, README, emoji",
+  "tags": [
+    "rename"
+  ],
+  "status": "done",
+  "created_at": "2026-02-17T04:32:21.521Z"
+}
+
+Update all branding/prose:
+- `# 🐝 Hornet` → `# 🤖 Baudbot` (or pick emoji)
+- "Hornet is..." → "Baudbot is..." in README.md, AGENTS.md, SECURITY.md
+- "Careful — you might get stung." → new tagline
+- `hornet-version.json`, `hornet-manifest.json` → `baudbot-version.json`, `baudbot-manifest.json`
+- `hornet-src.tar.gz` → `baudbot-src.tar.gz` in CI scripts
+- GitHub badges URL: `modem-dev/hornet` → update if repo renamed
+- `package.json` name field
+- `slack-bridge/package.json` if any hornet references
+- CI workflow names if they reference "hornet"

.pi/todos/8bbaa7ca.md

@@ -0,0 +1,18 @@
+{
+  "id": "8bbaa7ca",
+  "title": "Rename: iptables chain HORNET_OUTPUT → BAUDBOT_OUTPUT",
+  "tags": [
+    "rename"
+  ],
+  "status": "done",
+  "created_at": "2026-02-17T04:32:14.022Z"
+}
+
+Rename iptables chain and log prefixes:
+- `HORNET_OUTPUT` → `BAUDBOT_OUTPUT`
+- `HORNET_BLOCKED` → `BAUDBOT_BLOCKED`
+- `HORNET_LOCAL_BLOCKED` → `BAUDBOT_LOCAL_BLOCKED`
+- `hornet-out:` → `baudbot-out:` (log prefix)
+- `hornet-dns:` → `baudbot-dns:` (log prefix)
+
+Files: `bin/setup-firewall.sh`, `bin/uninstall.sh`, `bin/security-audit.sh` + test

.pi/todos/9a151969.md

@@ -0,0 +1,26 @@
+{
+  "id": "9a151969",
+  "title": "Rename: hornet_agent → baudbot_agent (Unix user, all scripts)",
+  "tags": [
+    "rename"
+  ],
+  "status": "done",
+  "created_at": "2026-02-17T04:31:57.706Z"
+}
+
+Replace `hornet_agent` with `baudbot_agent` everywhere:
+- `setup.sh` (user creation, all references)
+- `install.sh` (user, home dir, .env path)
+- `start.sh` (home dir)
+- `bin/deploy.sh`
+- `bin/harden-permissions.sh`
+- `bin/security-audit.sh` + test
+- `bin/setup-firewall.sh`
+- `bin/uninstall.sh`
+- `bin/redact-logs.sh`
+- `bin/ci/setup-ubuntu.sh`, `bin/ci/setup-arch.sh`
+- `pi/extensions/tool-guard.ts` + test
+- `AGENTS.md`, `CONFIGURATION.md`, `README.md`, `SECURITY.md`
+- `hooks/pre-commit`
+
+~181 occurrences. Also rename `hornet_admin` → `baudbot_admin` (~20 occurrences) in CI scripts.

AGENTS.md

@@ -1,6 +1,6 @@
-# Hornet — Agent Guidelines
+# Baudbot — Agent Guidelines
 
-Hornet is hardened infrastructure for running always-on AI agents. Source is admin-owned; agents run from deployed copies.
+Baudbot is hardened infrastructure for running always-on AI agents. Source is admin-owned; agents run from deployed copies.
 
 ## Repo Layout
 
@@ -9,8 +9,8 @@ bin/                        security & operations scripts
   deploy.sh                 stages source → /tmp → agent runtime (run as admin)
   security-audit.sh         24-check security posture audit
   setup-firewall.sh         iptables per-UID egress allowlist
-  hornet-safe-bash          shell command deny list (installed to /usr/local/bin)
-  hornet-docker             Docker wrapper (blocks privilege escalation)
+  baudbot-safe-bash          shell command deny list (installed to /usr/local/bin)
+  baudbot-docker             Docker wrapper (blocks privilege escalation)
   harden-permissions.sh     filesystem hardening (runs on boot)
   scan-extensions.mjs       extension static analysis
   redact-logs.sh            secret scrubber for session logs
@@ -46,29 +46,29 @@ See [CONFIGURATION.md](CONFIGURATION.md) for all env vars and how to obtain them
 
 ## Architecture: Source / Runtime Separation
 
-The admin owns the source (`~/hornet/`). The agent (`hornet_agent` user) owns the runtime. The agent **cannot read the source repo** — admin home is `700`.
+The admin owns the source (`~/baudbot/`). The agent (`baudbot_agent` user) owns the runtime. The agent **cannot read the source repo** — admin home is `700`.
 
 Deploy is a one-way push:
 ```
-admin: ~/hornet/bin/deploy.sh
-  → stages to /tmp/hornet-deploy.XXXXXX (world-readable)
-  → copies as hornet_agent via sudo -u
-  → stamps hornet-version.json + hornet-manifest.json (SHA256 hashes)
+admin: ~/baudbot/bin/deploy.sh
+  → stages to /tmp/baudbot-deploy.XXXXXX (world-readable)
+  → copies as baudbot_agent via sudo -u
+  → stamps baudbot-version.json + baudbot-manifest.json (SHA256 hashes)
   → cleans up staging dir
 ```
 
 Agent runtime layout:
 ```
-/home/hornet_agent/
+/home/baudbot_agent/
 ├── runtime/
 │   ├── start.sh                deployed launcher
 │   ├── bin/                    harden-permissions.sh, redact-logs.sh
 │   └── slack-bridge/           deployed bridge
 ├── .pi/agent/
 │   ├── extensions/             deployed extensions
 │   ├── skills/                 agent-owned (can modify freely)
-│   ├── hornet-version.json     deploy version (git SHA, timestamp)
-│   └── hornet-manifest.json    SHA256 hashes of all deployed files
+│   ├── baudbot-version.json     deploy version (git SHA, timestamp)
+│   └── baudbot-manifest.json    SHA256 hashes of all deployed files
 ├── workspace/                  project repos + git worktrees
 └── .config/.env                secrets (600 perms)
 ```
@@ -77,18 +77,18 @@ Agent runtime layout:
 
 ```bash
 # First-time install (interactive — handles everything)
-sudo ~/hornet/install.sh
+sudo ~/baudbot/install.sh
 
-# Edit source files directly in ~/hornet/
+# Edit source files directly in ~/baudbot/
 
 # Deploy to agent runtime
-~/hornet/bin/deploy.sh
+~/baudbot/bin/deploy.sh
 
 # Launch agent
-sudo -u hornet_agent ~/runtime/start.sh
+sudo -u baudbot_agent ~/runtime/start.sh
 
 # Or in tmux
-tmux new-window -n hornet 'sudo -u hornet_agent ~/runtime/start.sh'
+tmux new-window -n baudbot 'sudo -u baudbot_agent ~/runtime/start.sh'
 ```
 
 ## Running Tests
@@ -136,8 +136,8 @@ eval "$(bin/ci/droplet.sh create my-test 217410218 /tmp/ci_key.pub)"
 
 # Wait for SSH, upload source, run a CI script
 bin/ci/droplet.sh wait-ssh "$DROPLET_IP" /tmp/ci_key
-tar czf /tmp/hornet-src.tar.gz --exclude=node_modules --exclude=.git .
-scp -i /tmp/ci_key /tmp/hornet-src.tar.gz "root@$DROPLET_IP:/tmp/"
+tar czf /tmp/baudbot-src.tar.gz --exclude=node_modules --exclude=.git .
+scp -i /tmp/ci_key /tmp/baudbot-src.tar.gz "root@$DROPLET_IP:/tmp/"
 bin/ci/droplet.sh run "$DROPLET_IP" /tmp/ci_key bin/ci/setup-ubuntu.sh
 
 # Or SSH in for manual poking
@@ -153,9 +153,9 @@ The CI scripts (`bin/ci/setup-ubuntu.sh`, `bin/ci/setup-arch.sh`) run `install.s
 
 ## Security Notes
 
-- `tool-guard.ts` blocks: writes outside `/home/hornet_agent/`, writes to source repo, writes to protected runtime files, dangerous bash patterns (reverse shells, fork bombs, rm -rf /, etc.), credential exfiltration.
-- `hornet-safe-bash` (root-owned, `/usr/local/bin/`) is a second layer that blocks the same patterns at the shell level.
-- The firewall (`setup-firewall.sh`) restricts `hornet_agent`'s network egress to an allowlist.
+- `tool-guard.ts` blocks: writes outside `/home/baudbot_agent/`, writes to source repo, writes to protected runtime files, dangerous bash patterns (reverse shells, fork bombs, rm -rf /, etc.), credential exfiltration.
+- `baudbot-safe-bash` (root-owned, `/usr/local/bin/`) is a second layer that blocks the same patterns at the shell level.
+- The firewall (`setup-firewall.sh`) restricts `baudbot_agent`'s network egress to an allowlist.
 - `/proc` is mounted with `hidepid=2` — agent can only see its own processes.
 - Secrets in `~/.config/.env` are `600` perms, never committed.
 - Session logs are auto-redacted of API keys/tokens on boot.