docs: ingest Cloudron 9.1 official AI skills and update docs

.agents/configs/skill-sources.json

@@ -93,6 +93,39 @@
       "last_checked": "2026-01-29T01:37:00Z",
       "merge_strategy": "added",
       "notes": "SEO audit skill from marketingskills repo (skills/seo-audit subpath), includes references/"
+    },
+    {
+      "name": "cloudron-app-packaging",
+      "upstream_url": "https://git.cloudron.io/docs/skills",
+      "upstream_commit": "b247b124d168730051186aa63afad87c0c1f5a52",
+      "local_path": ".agents/tools/deployment/cloudron-app-packaging-skill.md",
+      "format_detected": "skill-md-nested",
+      "imported_at": "2026-03-01T18:00:00Z",
+      "last_checked": "2026-03-01T18:00:00Z",
+      "merge_strategy": "added",
+      "notes": "Official Cloudron skill from git.cloudron.io/docs/skills. Includes manifest-ref.md and addons-ref.md in cloudron-app-packaging-skill/"
+    },
+    {
+      "name": "cloudron-app-publishing",
+      "upstream_url": "https://git.cloudron.io/docs/skills",
+      "upstream_commit": "b247b124d168730051186aa63afad87c0c1f5a52",
+      "local_path": ".agents/tools/deployment/cloudron-app-publishing-skill.md",
+      "format_detected": "skill-md",
+      "imported_at": "2026-03-01T18:00:00Z",
+      "last_checked": "2026-03-01T18:00:00Z",
+      "merge_strategy": "added",
+      "notes": "Official Cloudron skill for CloudronVersions.json publishing and community packages (9.1+)"
+    },
+    {
+      "name": "cloudron-server-ops",
+      "upstream_url": "https://git.cloudron.io/docs/skills",
+      "upstream_commit": "b247b124d168730051186aa63afad87c0c1f5a52",
+      "local_path": ".agents/tools/deployment/cloudron-server-ops-skill.md",
+      "format_detected": "skill-md",
+      "imported_at": "2026-03-01T18:00:00Z",
+      "last_checked": "2026-03-01T18:00:00Z",
+      "merge_strategy": "added",
+      "notes": "Official Cloudron skill for CLI server operations (logs, exec, backups, env vars, CI/CD)"
     }
   ]
 }

.agents/services/hosting/cloudron.md

@@ -18,13 +18,13 @@ tools:
 ## Quick Reference
 
 - **Type**: Self-hosted app platform (100+ apps), auto-updates/backups/SSL
-- **Auth**: API token from Dashboard > Settings > API Access
+- **Auth**: API token from Dashboard > Settings > API Access (9.1+: passkey/OIDC login)
 - **Config**: `configs/cloudron-config.json`
 - **Commands**: `cloudron-helper.sh [servers|connect|status|apps|install-app|update-app|restart-app|logs|backup-app|domains|add-domain|users|add-user] [server] [args]`
+- **CLI ops**: `cloudron-server-ops-skill.md` (full CLI reference from upstream)
+- **Packaging**: `cloudron-app-packaging.md` (native guide), `cloudron-app-packaging-skill.md` (upstream skill)
+- **Publishing**: `cloudron-app-publishing-skill.md` (community packages via CloudronVersions.json)
 - **API test**: `curl -H "Authorization: Bearer TOKEN" https://cloudron.domain.com/api/v1/cloudron/status`
-- **App ops**: `install-app [server] [app] [subdomain]`, `update-app`, `restart-app`, `logs`
-- **Backup**: `backup-system`, `backup-app`, `list-backups`, `restore-backup`
-- **User mgmt**: `users`, `add-user`, `update-user`, `reset-password`
 - **SSH access**: `ssh root@cloudron.domain.com` for direct server diagnosis
 - **Forum**: [forum.cloudron.io](https://forum.cloudron.io) for known issues and solutions
 - **Docker**: `docker ps -a` (states), `docker logs <container>`, `docker exec -it mysql mysql`
@@ -33,17 +33,33 @@ tools:
 
 Cloudron is a complete solution for running apps on your server, providing easy app installation, automatic updates, backups, and domain management.
 
+## What's New in 9.1
+
+Cloudron 9.1 (released to unstable 2026-03-01) introduces major features:
+
+- **Custom app build and deploy**: `cloudron install` uploads package source and builds on-server. Source is backed up and rebuilt on restore. CLI-driven workflow for developers building custom apps or patching existing packages.
+- **Community packages**: Install third-party apps from a `CloudronVersions.json` URL via the dashboard. Cloudron tracks the URL and auto-checks for updates. See `cloudron-app-publishing-skill.md`.
+- **Passkey authentication**: FIDO2/WebAuthn passkey support for Cloudron login. Tested with Bitwarden, YubiKey 5, Nitrokey, and native browser/OS support.
+- **OIDC CLI login**: CLI uses browser-based OIDC login to support passkeys. Pre-obtained API tokens still work for CI/CD pipelines.
+- **Addon upgrades**: MongoDB 8, Redis 8.4, Node.js 24.x
+- **ACME ARI support**: RFC 9773 for certificate renewal information
+- **Backup integrity verification UI**: Verify backup integrity from the dashboard
+- **Improved progress reporting**: Percentage complete and elapsed/estimated time for backups and installations
+- **Better event log UI**: Separate notifications view
+
+**Source**: [forum.cloudron.io/topic/14976](https://forum.cloudron.io/topic/14976/what-s-coming-in-9-1)
+
 ## Provider Overview
 
 ### **Cloudron Characteristics:**
 
 - **Service Type**: Self-hosted app platform and server management
-- **App Ecosystem**: 100+ pre-configured apps available
+- **App Ecosystem**: 100+ pre-configured apps + community packages (9.1+)
 - **Management**: Web-based dashboard for complete server management
 - **Automation**: Automatic updates, backups, and SSL certificates
 - **Multi-tenancy**: Support for multiple users and domains
 - **API Support**: REST API for automation and integration
-- **Security**: Built-in firewall, automatic security updates
+- **Security**: Built-in firewall, automatic security updates, passkey auth (9.1+)
 
 ### **Best Use Cases:**
 
@@ -479,4 +495,16 @@ done
 
 ---
 
-**Cloudron provides a comprehensive app platform with excellent management capabilities, making it ideal for organizations needing easy-to-manage, self-hosted applications.** 🚀
+## Related Skills and Subagents
+
+| Resource | Path | Purpose |
+|----------|------|---------|
+| App packaging (native) | `tools/deployment/cloudron-app-packaging.md` | Full packaging guide with aidevops helper scripts |
+| App packaging (upstream) | `tools/deployment/cloudron-app-packaging-skill.md` | Official Cloudron skill with manifest/addon refs |
+| App publishing | `tools/deployment/cloudron-app-publishing-skill.md` | CloudronVersions.json and community packages |
+| Server ops | `tools/deployment/cloudron-server-ops-skill.md` | Full CLI reference for managing installed apps |
+| Git reference | `tools/deployment/cloudron-git-reference.md` | Using git.cloudron.io for packaging patterns |
+| Helper script | `scripts/cloudron-helper.sh` | Multi-server management via API |
+| Package helper | `scripts/cloudron-package-helper.sh` | Local packaging development workflow |
+
+**Cloudron provides a comprehensive app platform with excellent management capabilities, making it ideal for organizations needing easy-to-manage, self-hosted applications.**

.agents/subagent-index.toon

@@ -23,7 +23,7 @@ pro,gemini-2.5-pro,Capable large context
 grok,grok-3,Research and real-time web knowledge
 -->
 
-<!--TOON:subagents[58]{folder,purpose,key_files}:
+<!--TOON:subagents[59]{folder,purpose,key_files}:
 aidevops/,Framework internals - extending aidevops and architecture and plugins,setup|architecture|troubleshooting|self-improving-agents|claude-flow-comparison|plugins
 business/,Company orchestration - runner configs for company functions,company-runners
 memory/,Cross-session memory - SQLite FTS5 storage,README
@@ -56,7 +56,7 @@ tools/vision/,Vision AI - image generation understanding and editing with local
 tools/voice/,Voice AI - TTS/STT/S2S model catalog voice bridge Pipecat pipeline and cloud voice agents,voice-models|voice-ai-models|speech-to-speech|cloud-voice-agents|voice-bridge|hyprwhspr|pipecat-opencode|transcription|buzz|qwen3-tts
 tools/research/,Website research - tech stack detection and analysis providers,providers/crft-lookup
 tools/data-extraction/,Data extraction - scraping business data,outscraper
-tools/deployment/,Deployment automation - self-hosted PaaS and orchestration,coolify|coolify-cli|vercel|cloudron-app-packaging|uncloud
+tools/deployment/,Deployment automation - self-hosted PaaS and orchestration,coolify|coolify-cli|vercel|cloudron-app-packaging|cloudron-app-packaging-skill|cloudron-app-publishing-skill|cloudron-server-ops-skill|uncloud
 tools/git/,Git operations - GitHub/GitLab/Gitea CLIs and diff tools,github-cli|gitlab-cli|gitea-cli|github-actions|worktrunk|lumen|jujutsu|conflict-resolution
 tools/credentials/,Secret management - API keys vaults and encryption stack,api-key-setup|api-key-management|vaultwarden|gopass|psst|multi-tenant|list-keys|sops|gocryptfs|encryption-stack
 tools/security/,Security tools - terminal guards privacy filtering IP reputation scanning and opsec,tirith|shannon|cdn-origin-ip|privacy-filter|ip-reputation|opsec

.agents/tools/deployment/cloudron-app-packaging-skill.md

@@ -0,0 +1,239 @@
+---
+description: "Official Cloudron app packaging skill - Dockerfile patterns, manifest, addons, build methods"
+mode: subagent
+imported_from: external
+tools:
+  read: true
+  write: true
+  edit: true
+  bash: true
+  webfetch: true
+  task: true
+---
+
+# Cloudron App Packaging (Official Skill)
+
+A Cloudron app is a Docker image with a `CloudronManifest.json`. The platform provides a readonly filesystem, addon services, and a managed backup/restore lifecycle.
+
+<!-- AI-CONTEXT-START -->
+
+## Quick Reference
+
+- **Purpose**: Official upstream skill for Cloudron app packaging
+- **Upstream**: [git.cloudron.io/docs/skills](https://git.cloudron.io/docs/skills) (`cloudron-app-packaging`)
+- **Docs**: [docs.cloudron.io/packaging](https://docs.cloudron.io/packaging/)
+- **Reference files**: `cloudron-app-packaging-skill/manifest-ref.md`, `cloudron-app-packaging-skill/addons-ref.md`
+- **Also see**: `cloudron-app-packaging.md` (native aidevops guide with helper scripts and local dev workflow)
+
+<!-- AI-CONTEXT-END -->
+
+## Quick Start
+
+```bash
+npm install -g cloudron
+cloudron login my.example.com
+cloudron init                    # creates CloudronManifest.json and Dockerfile
+cloudron install                 # uploads source, builds on server, installs app
+cloudron update                  # re-uploads, rebuilds, updates running app
+```
+
+## Key Constraints
+
+- Filesystem is **readonly** at runtime. Writable dirs: `/tmp`, `/run`, `/app/data`.
+- Databases, caching, email, and auth are **addons** -- env vars injected at runtime.
+- `CloudronManifest.json` declares metadata, ports, and addon requirements.
+- App listens on HTTP (not HTTPS). The platform handles TLS termination.
+- Default memory limit is 256 MB (RAM + swap). Set `memoryLimit` in manifest to change.
+
+## Build Methods (9.1+)
+
+### On-Server Build (Default, Recommended)
+
+`cloudron install` and `cloudron update` upload the source and build on the server. No local Docker needed. Source is part of the app backup -- on restore, the app rebuilds from the backed-up source.
+
+```bash
+cloudron install --location myapp    # uploads, builds, installs
+cloudron update --app myapp          # uploads, rebuilds, updates
+```
+
+### Local Docker Build
+
+Build locally, push to registry, install with image:
+
+```bash
+docker login
+cloudron build              # builds, tags, pushes
+cloudron install             # detects the built image
+cloudron build && cloudron update   # update cycle
+```
+
+### Build Service
+
+Offload builds to a remote Docker Builder App:
+
+```bash
+cloudron build login         # authenticate with build service
+cloudron build               # source sent to remote builder
+```
+
+## Dockerfile Patterns
+
+Name the file `Dockerfile`, `Dockerfile.cloudron`, or `cloudron/Dockerfile`.
+
+### Typical Structure
+
+```dockerfile
+FROM cloudron/base:5.0.0@sha256:...
+
+RUN mkdir -p /app/code
+WORKDIR /app/code
+
+# Install app
+COPY . /app/code/
+
+# Create symlinks for runtime config
+RUN ln -sf /run/app/config.json /app/code/config.json
+
+# Ensure start script is executable
+RUN chmod +x /app/code/start.sh
+
+CMD [ "/app/code/start.sh" ]
+```
+
+### start.sh Conventions
+
+- Runs as root. Use `gosu cloudron:cloudron <cmd>` to drop privileges.
+- Fix ownership on every start (backups/restores can reset it):
+
+  ```bash
+  chown -R cloudron:cloudron /app/data
+  ```
+
+- Use `exec` as the last command to forward SIGTERM:
+
+  ```bash
+  exec gosu cloudron:cloudron node /app/code/server.js
+  ```
+
+- Track first-run with a marker file:
+
+  ```bash
+  if [[ ! -f /app/data/.initialized ]]; then
+    # first-time setup
+    touch /app/data/.initialized
+  fi
+  ```
+
+### Writable Directories
+
+| Path | Persists across restarts | Backed up |
+|------|--------------------------|-----------|
+| `/tmp` | No | No |
+| `/run` | No | No |
+| `/app/data` | Yes | Yes (requires `localstorage` addon) |
+
+### Logging
+
+Log to stdout/stderr. The platform manages rotation and streaming. If the app cannot log to stdout, write to `/run/<subdir>/*.log` (two levels deep). These files are autorotated.
+
+### Multiple Processes
+
+Use `supervisor` or `pm2` when the app has multiple components. Configure supervisor to send output to stdout:
+
+```ini
+[program:app]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+```
+
+### Memory-Aware Worker Count
+
+```bash
+if [[ -f /sys/fs/cgroup/cgroup.controllers ]]; then
+    memory_limit=$(cat /sys/fs/cgroup/memory.max)
+    [[ "${memory_limit}" == "max" ]] && memory_limit=$((2 * 1024 * 1024 * 1024))
+else
+    memory_limit=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)
+fi
+worker_count=$((memory_limit / 1024 / 1024 / 150))
+worker_count=$((worker_count > 8 ? 8 : worker_count))
+worker_count=$((worker_count < 1 ? 1 : worker_count))
+```
+
+## Manifest Essentials
+
+Minimal `CloudronManifest.json`:
+
+```json
+{
+  "id": "com.example.myapp",
+  "title": "My App",
+  "author": "Jane Developer <jane@example.com>",
+  "version": "1.0.0",
+  "healthCheckPath": "/",
+  "httpPort": 8000,
+  "addons": {
+    "localstorage": {}
+  },
+  "manifestVersion": 2
+}
+```
+
+For the full field reference, see [manifest-ref.md](cloudron-app-packaging-skill/manifest-ref.md).
+
+## Addons Overview
+
+| Addon | Provides | Key env var |
+|-------|----------|-------------|
+| `localstorage` | Writable `/app/data`, backup support | -- |
+| `mysql` | MySQL 8.0 database | `CLOUDRON_MYSQL_URL` |
+| `postgresql` | PostgreSQL 14.9 database | `CLOUDRON_POSTGRESQL_URL` |
+| `mongodb` | MongoDB 8.0 database | `CLOUDRON_MONGODB_URL` |
+| `redis` | Redis 8.4 cache (persistent) | `CLOUDRON_REDIS_URL` |
+| `ldap` | LDAP v3 authentication | `CLOUDRON_LDAP_URL` |
+| `oidc` | OpenID Connect authentication | `CLOUDRON_OIDC_DISCOVERY_URL` |
+| `sendmail` | Outgoing email (SMTP relay) | `CLOUDRON_MAIL_SMTP_SERVER` |
+| `recvmail` | Incoming email (IMAP) | `CLOUDRON_MAIL_IMAP_SERVER` |
+| `proxyauth` | Authentication wall | -- |
+| `scheduler` | Cron-like periodic tasks | -- |
+| `tls` | App certificate files | `/etc/certs/tls_cert.pem` |
+| `docker` | Create containers (restricted) | `CLOUDRON_DOCKER_HOST` |
+
+Read env vars at runtime on every start -- values can change across restarts. Run DB migrations on each start.
+
+For full env var lists and addon options, see [addons-ref.md](cloudron-app-packaging-skill/addons-ref.md).
+
+## Stack-Specific Notes
+
+**Apache** -- Disable default sites, set `Listen 8000`, log errors to stderr, start with `exec /usr/sbin/apache2 -DFOREGROUND`.
+
+**Nginx** -- Use `/run/` for temp paths (`client_body_temp_path`, `proxy_temp_path`, etc.). Run with supervisor alongside the app.
+
+**PHP** -- Move sessions from `/var/lib/php/sessions` to `/run/php/sessions` via symlink.
+
+**Java** -- Read cgroup memory limit and set `-XX:MaxRAM` accordingly.
+
+## Debugging
+
+```bash
+cloudron logs                # view app logs
+cloudron logs -f             # follow logs in real time
+cloudron exec                # shell into running app
+cloudron debug               # pause app (read-write filesystem)
+cloudron debug --disable     # exit debug mode
+```
+
+## Examples
+
+All published Cloudron apps are open source: https://git.cloudron.io/packages
+
+Browse by framework:
+[PHP](https://git.cloudron.io/explore/projects?tag=php) |
+[Node](https://git.cloudron.io/explore/projects?tag=node) |
+[Python](https://git.cloudron.io/explore/projects?tag=python) |
+[Ruby/Rails](https://git.cloudron.io/explore/projects?tag=rails) |
+[Java](https://git.cloudron.io/explore/projects?tag=java) |
+[Go](https://git.cloudron.io/explore/projects?tag=go) |
+[Rust](https://git.cloudron.io/explore/projects?tag=rust)