clawdie-iso/packages/pkg-list-jails.txt

# Combined jail package list — union of all jail package lists from clawdie-ai
# Mirrors infra/packages/*-jail.txt (deduplicated), with browser package choices
# adjusted for the operator USB's Firefox-first package closure.
# Keep in sync when jail package lists change. The agent-jail section also
# mirrors Colibri packaging/freebsd/agent-jail-bootstrap.sh.

# Shared across jails
bash
git
rsync
curl

# agent-jail (Colibri agent-jail-bootstrap.sh baseline)
# python312 is our application Python. System deps (npm-node24 etc.) pull
# python311 as a transitive dependency from FreeBSD's default PYTHON=3.11.
# jq is used by the MCP tool path and mirrors Colibri
# packaging/freebsd/agent-jail-bootstrap.sh.
python312
node24
npm-node24
bash
curl
jq

# cms-jail
nginx
node24
npm-node24
postgresql18-client

# db-jail
postgresql18-server
postgresql18-contrib
postgresql18-pgvector

# worker-jail
cage
firefox

# management-jail (observability)
victoria-metrics
grafana

# ollama-jail (optional local inference)
ollama

# forgejo-jail (optional code hosting UI, extends git-jail baseline)
forgejo
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00			`# Combined jail package list — union of all jail package lists from clawdie-ai`
Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-05-24 23:21:02 +02:00			`# Mirrors infra/packages/*-jail.txt (deduplicated), with browser package choices`
			`# adjusted for the operator USB's Firefox-first package closure.`
fix(packages): align agent jail package list with bootstrap (Sam & Pi) Add an agent-jail section to pkg-list-jails.txt mirroring Colibri agent-jail-bootstrap.sh, include python312, and use npm-node24 instead of generic npm. This satisfies issue #70 acceptance and resolves the npm package-name drift in favor of the node24-tied package.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh; git diff --check 2026-06-20 22:31:32 +02:00			`# Keep in sync when jail package lists change. The agent-jail section also`
			`# mirrors Colibri packaging/freebsd/agent-jail-bootstrap.sh.`
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00
			`# Shared across jails`
			`bash`
			`git`
			`rsync`
			`curl`

fix(packages): align agent jail package list with bootstrap (Sam & Pi) Add an agent-jail section to pkg-list-jails.txt mirroring Colibri agent-jail-bootstrap.sh, include python312, and use npm-node24 instead of generic npm. This satisfies issue #70 acceptance and resolves the npm package-name drift in favor of the node24-tied package.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh; git diff --check 2026-06-20 22:31:32 +02:00			`# agent-jail (Colibri agent-jail-bootstrap.sh baseline)`
docs: document Python 3.11/3.12 coexistence with FreeBSD defaults FreeBSD pkg repos build against PYTHON_DEFAULT=3.11, so system packages (git, libinput, npm-node24) pull python311 as transitive deps. We keep python312 as the application Python — it wins the python3 symlink via sort -V. Document this in BUILD.md, build.sh, package lists, and bootstrap.html so the dual-version reality is explicit and intentional. 2026-06-21 09:36:28 +02:00			`# python312 is our application Python. System deps (npm-node24 etc.) pull`
			`# python311 as a transitive dependency from FreeBSD's default PYTHON=3.11.`
fix(packages): keep agent jail drift gate parseable (Sam & Pi) Move jq into the agent-jail section so the package list mirrors Colibri's agent-jail-bootstrap baseline, and apply Prettier to pulled markdown drift.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh live/operator-session/clawdie-join-hive.sh live/operator-session/clawdie-enable-mother.sh live/operator-session/colibri-live-rebuild; ./scripts/test-release-gate.sh; git diff --check. 2026-06-21 20:38:33 +02:00			`# jq is used by the MCP tool path and mirrors Colibri`
			`# packaging/freebsd/agent-jail-bootstrap.sh.`
fix(packages): align agent jail package list with bootstrap (Sam & Pi) Add an agent-jail section to pkg-list-jails.txt mirroring Colibri agent-jail-bootstrap.sh, include python312, and use npm-node24 instead of generic npm. This satisfies issue #70 acceptance and resolves the npm package-name drift in favor of the node24-tied package.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh; git diff --check 2026-06-20 22:31:32 +02:00			`python312`
			`node24`
			`npm-node24`
			`bash`
			`curl`
fix(packages): keep agent jail drift gate parseable (Sam & Pi) Move jq into the agent-jail section so the package list mirrors Colibri's agent-jail-bootstrap baseline, and apply Prettier to pulled markdown drift.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh live/operator-session/clawdie-join-hive.sh live/operator-session/clawdie-enable-mother.sh live/operator-session/colibri-live-rebuild; ./scripts/test-release-gate.sh; git diff --check. 2026-06-21 20:38:33 +02:00			`jq`
fix(packages): align agent jail package list with bootstrap (Sam & Pi) Add an agent-jail section to pkg-list-jails.txt mirroring Colibri agent-jail-bootstrap.sh, include python312, and use npm-node24 instead of generic npm. This satisfies issue #70 acceptance and resolves the npm package-name drift in favor of the node24-tied package.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh; git diff --check 2026-06-20 22:31:32 +02:00
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00			`# cms-jail`
			`nginx`
			`node24`
fix(packages): align agent jail package list with bootstrap (Sam & Pi) Add an agent-jail section to pkg-list-jails.txt mirroring Colibri agent-jail-bootstrap.sh, include python312, and use npm-node24 instead of generic npm. This satisfies issue #70 acceptance and resolves the npm package-name drift in favor of the node24-tied package.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh; git diff --check 2026-06-20 22:31:32 +02:00			`npm-node24`
Update PostgreSQL 17 → 18 in package lists and docs Reflects the PG 18 upgrade already applied in the main repo. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-04-19 07:58:13 +00:00			`postgresql18-client`
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00
			`# db-jail`
Update PostgreSQL 17 → 18 in package lists and docs Reflects the PG 18 upgrade already applied in the main repo. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-04-19 07:58:13 +00:00			`postgresql18-server`
			`postgresql18-contrib`
Boot live installer session and narrow install-time contract (Sam & Codex) 2026-05-12 12:17:59 +02:00			`postgresql18-pgvector`
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00
			`# worker-jail`
			`cage`
Merge xfce-operator-usb: Track F Colibri, DeepSeek smoke, LLM provider harness 2026-05-24 23:21:02 +02:00			`firefox`
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00
			`# management-jail (observability)`
			`victoria-metrics`
Boot live installer session and narrow install-time contract (Sam & Codex) 2026-05-12 12:17:59 +02:00			`grafana`
feat: CI/CD pipeline, package lists, offline pkg-cache seeding .forgejo/workflows/build.yml: - Forgejo Actions pipeline: push to main + weekly cron + manual dispatch - Two-stage: fetch-only (no root) → assemble ISO (root via sudo) - Publishes ISO to CMS nginx downloads; Codeberg release entry (metadata only) - Uploads packages/ as workflow artifact for pkg-cache seeding packages/: - pkg-list-host.txt — host baseline (mirrors clawdie-ai infra/packages/) - pkg-list-jails.txt — union of all jail package lists - pkg-list-desktop-base.txt — Xorg + drm base for all DEs - pkg-list-xfce.txt / kde.txt / mate.txt / nvidia.txt — per-DE packages build.sh: - --fetch-only flag: downloads packages + memstick, no root, CI step 1 - Real pkg fetch loop: reads all pkg-list-*.txt, deduplicates, runs pkg fetch - pkg repo step: generates offline repo metadata after fetch - Resolves "latest" Clawdie version via Codeberg API firstboot/firstboot.sh: - Seeds zroot/pkg-cache from USB packages/ after desktop install - npm run install-all runs fully offline — no internet needed for jails - Creates ZFS dataset if not present, falls back to plain directory runner/README.md: - forgejo-runner install + register on FreeBSD - Scoped sudoers entry (build.sh + publish.sh only) - rc.d service setup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-17 11:12:32 +00:00
			`# ollama-jail (optional local inference)`
			`ollama`
feat: bundle Aider and Forgejo packages, add ZAI_API_BASE to .env seed (Sam & Claude) Add py311-aider_chat to host baseline for the controlplane harness (Aider + Pi multi-agent orchestrator). Add forgejo package to jail list for the code service. Bake ZAI_API_BASE into firstboot .env to fix litellm endpoint mismatch discovered during Aider testing. --- Build: pass \| Tests: not run (Linux) 2026-04-12 06:52:23 +02:00
			`# forgejo-jail (optional code hosting UI, extends git-jail baseline)`
			`forgejo`