From 237ab20043b41d0a1aee3d626a8f68ad83441596 Mon Sep 17 00:00:00 2001
From: Sam & Claude <hello@clawdie.si>
Date: Sun, 21 Jun 2026 20:38:33 +0200
Subject: [PATCH] fix(packages): keep agent jail drift gate parseable (Sam &
 Pi)

Move jq into the agent-jail section so the package list mirrors Colibri's agent-jail-bootstrap baseline, and apply Prettier to pulled markdown drift.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh scripts/stage-colibri-iso.sh live/operator-session/clawdie-join-hive.sh live/operator-session/clawdie-enable-mother.sh live/operator-session/colibri-live-rebuild; ./scripts/test-release-gate.sh; git diff --check.
---
 AGENTS.md                   | 17 +++++++++--------
 PLAN-OPERATOR-USB-NEXT.md   |  4 +++-
 packages/pkg-list-jails.txt |  6 +++---
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index db8dacd9..22ca64bd 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -4,6 +4,7 @@
 
 **clawdie-iso** builds the operator USB image — a live FreeBSD 15 XFCE
 environment that serves two roles:
+
 - **Development surface** for Colibri: build, validate, and iterate on the
   control plane from a bootable USB without touching the host OS.
 - **Installer** for the **Clawdie service**: deploys Colibri as an rc.d
@@ -19,14 +20,14 @@ The XFCE operator USB work now uses a git-coordinated split. Agents may review
 or suggest across boundaries, but must coordinate explicitly before taking over
 another role's load-bearing responsibility.
 
-| Role name                          | Identity                            | Owns                                                                                         | Restrictions                                                                                         |
-| ---------------------------------- | ----------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
-| **Pi ISO Developer**               | Pi harness (this dev agent)         | Source changes, docs, static checks, commits, pushes                                         | Does not start ISO builds or flash media unless explicitly assigned                                  |
-| **Codex ISO Builder**              | codex pkg on the FreeBSD build host | `./build.sh`, mounted-image inspection, publishing, hardware validation                      | Focuses on targeted changes; broad source refactors require prior review; reports exact logs/output back through git or handoff notes     |
-| **Hermes USB/IMG Deployer**        | Hermes on Debian/Linux              | Downloading verified published artifacts, USB target identification, flashing                | Only flashes verified artifacts to whole-disk target paths; does not need git-host access                         |
-| **Claude Reviewer / XFCE Tweaker** | Claude (Linux)                      | Review/plans plus Track E XFCE GUI polish                                                    | Builds ISO only through Codex ISO Builder; validates with Linux tooling; marks speculative runtime claims as such |
-| **Opencode / Z.ai Integrator**     | Opencode CLI on Linux               | Linux-side Colibri/dashboard experiments plus Pi/DeepSeek v4 provider-lane validation wiring | Validates on Linux and refers FreeBSD runtime claims to the build host; uses Sam-provided API keys only for provider validation          |
-| **Operator (Sam)**                 | Human operator                      | Product, hardware, acceptance, release judgment                                              | Human approval required for release/tagging decisions                                                |
+| Role name                          | Identity                            | Owns                                                                                         | Restrictions                                                                                                                          |
+| ---------------------------------- | ----------------------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| **Pi ISO Developer**               | Pi harness (this dev agent)         | Source changes, docs, static checks, commits, pushes                                         | Does not start ISO builds or flash media unless explicitly assigned                                                                   |
+| **Codex ISO Builder**              | codex pkg on the FreeBSD build host | `./build.sh`, mounted-image inspection, publishing, hardware validation                      | Focuses on targeted changes; broad source refactors require prior review; reports exact logs/output back through git or handoff notes |
+| **Hermes USB/IMG Deployer**        | Hermes on Debian/Linux              | Downloading verified published artifacts, USB target identification, flashing                | Only flashes verified artifacts to whole-disk target paths; does not need git-host access                                             |
+| **Claude Reviewer / XFCE Tweaker** | Claude (Linux)                      | Review/plans plus Track E XFCE GUI polish                                                    | Builds ISO only through Codex ISO Builder; validates with Linux tooling; marks speculative runtime claims as such                     |
+| **Opencode / Z.ai Integrator**     | Opencode CLI on Linux               | Linux-side Colibri/dashboard experiments plus Pi/DeepSeek v4 provider-lane validation wiring | Validates on Linux and refers FreeBSD runtime claims to the build host; uses Sam-provided API keys only for provider validation       |
+| **Operator (Sam)**                 | Human operator                      | Product, hardware, acceptance, release judgment                                              | Human approval required for release/tagging decisions                                                                                 |
 
 ## Agent / Codebase Check-In Matrix
 
diff --git a/PLAN-OPERATOR-USB-NEXT.md b/PLAN-OPERATOR-USB-NEXT.md
index 076301a7..3f510e82 100644
--- a/PLAN-OPERATOR-USB-NEXT.md
+++ b/PLAN-OPERATOR-USB-NEXT.md
@@ -150,8 +150,9 @@ unit-tested. `plan` + dry-run `apply` validated on FreeBSD host (osa).
 #### Strategy C2: Guided firstboot wizard
 
 A `/usr/local/sbin/clawdie-setup` shell script (or firstboot hook):
+
 1. Run `clawdie discover`, show available pools
-2. Prompt: "Which pool?"  
+2. Prompt: "Which pool?"
 3. Show `clawdie plan --pool <chosen>` for review
 4. Prompt: "Deploy? [y/N]"
 5. Run `clawdie apply --pool <chosen> --yes`
@@ -180,6 +181,7 @@ bhyve = true             # install bhyve + vm-bhyve
 ```
 
 Boot behavior:
+
 - If `/etc/clawdie/deploy.toml` present → `clawdie apply --config …` runs on boot
 - If absent → boots to desktop (operator USB mode)
 
diff --git a/packages/pkg-list-jails.txt b/packages/pkg-list-jails.txt
index 18f9d917..c5696607 100644
--- a/packages/pkg-list-jails.txt
+++ b/packages/pkg-list-jails.txt
@@ -9,18 +9,18 @@ bash
 git
 rsync
 curl
-# jq — JSON processor for the MCP tool path. Mirrors the entry in
-# Colibri packaging/freebsd/agent-jail-bootstrap.sh.
-jq
 
 # agent-jail (Colibri agent-jail-bootstrap.sh baseline)
 # python312 is our application Python. System deps (npm-node24 etc.) pull
 # python311 as a transitive dependency from FreeBSD's default PYTHON=3.11.
+# jq is used by the MCP tool path and mirrors Colibri
+# packaging/freebsd/agent-jail-bootstrap.sh.
 python312
 node24
 npm-node24
 bash
 curl
+jq
 
 # cms-jail
 nginx