Follow-up to a99f971: covers the remaining ${TENANT_ID} interpolation
sites that produced leading-hyphen / empty-path values on root installs.
- setup/ollama.ts, setup/llama-cpp.ts: preferred jail names
- setup/sanoid.ts: tenant-era home candidate
- setup/hosts.ts: jail-name discovery filter (+ test mock)
- src/telegram-commands.ts: status identity line, suppress empty
tenant clause on root installs
Root-detection sites that key off TENANT_ID === '' are intentionally
left untouched; the invariant is preserved.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
Build: FAIL | Tests: FAIL — 15 failed
Replace ambiguous AGENT_NAME usage across runtime, setup, and helper scripts with explicit TENANT_ID or platform runtime identity where appropriate. Keep AGENT_NAME as a compatibility boundary instead of the primary source for shared runtime naming.
---
Build: pass | Tests: pass — 138 passed (10 files)
Introduces infra/jails.yaml as single source of truth for jail definitions,
src/jail-schema.ts with Zod validation, src/jail-registry.ts for runtime,
setup/bastille-helpers.ts as shared module replacing 7 copy-pasted
bastille()/jailExists()/detectFreeBSDRelease() wrappers.
Refactors setup/{db,cms,git,forgejo,jails,llama-cpp,ollama,skills-memory}.ts
to import from bastille-helpers. Archives infra/ansible/ to .archive/.
Net reduction: ~300 lines of duplicated code. All IPs now derive
from jails.yaml with env var overrides preserved.
Build: pass | Tests: not run (Linux)
Add a setup helper to enable tailscale inside jails when FEATURE_TAILSCALE
and an auth key are present, prefetch tailscale packages, and document
the installer shortcut.
---
Build: FAIL — not run
Tests: FAIL — not run
