clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 44

fix(bootstrap): jail npm PATH via /etc/profile.d, drop #120 .profile hack #121

Merged
clawdie merged 1 commit from fix/jail-npm-path-profiled into main 2026-06-21 09:00:12 +02:00
Conversation 0 Commits 1 Files changed 1 +15 -4
clawdie commented 2026-06-21 08:59:41 +02:00
Owner
Copy link

Root-causes and fixes the recurring FreeBSD "pi/bw not found in jail" bug (band-aided by #120).

How it crept in: the npm-global-on-PATH fix is canonical in the clawdie-iso image (/etc/profile.d/clawdie.sh, all shells), but the agent jail is a separate environment that never reused it — a fresh Bastille jail doesn't inherit the image's profile.d, and the bootstrap set no PATH. #120 patched it with a hardcoded append to one user's ~/.profile (sh-only, drifts from NPM_PREFIX).

Fix: use the image's mechanism, scoped to the jail —

  • write one managed /etc/profile.d/clawdie-npm.sh derived from NPM_PREFIX
  • source it from /etc/profile (all sh/bash login shells, system-wide), idempotently
  • delete the #120 ~/.profile append

PATH content now lives in a single file tied to NPM_PREFIX, so it can't miss shells or drift. Follow-up (not here): hoist the snippet into one shared file installed by both clawdie-iso and the jail bootstrap, so a new environment can't re-grow this.

Verified: sh -n clean; smoke test (NPM_PREFIX expands / $PATH literal / /etc/profile sources it / idempotent / sourced shell resolves the bin onto PATH).

🤖 Generated with Claude Code

Root-causes and fixes the recurring FreeBSD "pi/bw not found in jail" bug (band-aided by #120). **How it crept in:** the npm-global-on-PATH fix is canonical in the clawdie-iso image (`/etc/profile.d/clawdie.sh`, all shells), but the agent jail is a separate environment that never reused it — a fresh Bastille jail doesn't inherit the image's profile.d, and the bootstrap set no PATH. #120 patched it with a hardcoded append to one user's `~/.profile` (sh-only, drifts from `NPM_PREFIX`). **Fix:** use the image's mechanism, scoped to the jail — - write one managed `/etc/profile.d/clawdie-npm.sh` derived from `NPM_PREFIX` - source it from `/etc/profile` (all sh/bash login shells, system-wide), idempotently - **delete the #120 `~/.profile` append** PATH content now lives in a single file tied to `NPM_PREFIX`, so it can't miss shells or drift. Follow-up (not here): hoist the snippet into one shared file installed by both clawdie-iso and the jail bootstrap, so a new environment can't re-grow this. Verified: `sh -n` clean; smoke test (NPM_PREFIX expands / `$PATH` literal / `/etc/profile` sources it / idempotent / sourced shell resolves the bin onto PATH). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
clawdie added 1 commit 2026-06-21 08:59:43 +02:00
fix(bootstrap): set jail npm PATH via /etc/profile.d, drop per-user .profile hack
Some checks failed
CI / rust (pull_request) Has been cancelled
Details
CI / markdown (pull_request) Has been cancelled
Details
CI / port (pull_request) Has been cancelled
Details
CI / agent-jail-pkgs (pull_request) Has been cancelled
Details
b0a0ff4891 
Root cause of the recurring "pi/bw not found in jail" bug: the npm-global-on-PATH
fix was solved canonically in the clawdie-iso image (/etc/profile.d/clawdie.sh,
all login shells), but the agent jail is a separate environment that never reused
it — a fresh Bastille jail doesn't inherit the image's profile.d, and the
bootstrap set no PATH. PR #120 band-aided it with a hardcoded append to one
user's ~/.profile (sh-only, drifts from NPM_PREFIX).

Replace that band-aid with the same mechanism the image uses, scoped to the jail:
- write one managed /etc/profile.d/clawdie-npm.sh derived from NPM_PREFIX
- source it from /etc/profile (covers all sh/bash login shells, system-wide),
  idempotently
- delete the per-user ~/.profile append from #120

Now the PATH content lives in a single file tied to NPM_PREFIX, so it can't miss
shells or drift from the prefix. Follow-up (not here): hoist the snippet into one
shared file installed by both clawdie-iso and the jail bootstrap, so a future new
environment can't re-grow this.

Verified: sh -n clean; smoke test — snippet expands NPM_PREFIX (keeps $PATH
literal), /etc/profile sources it, append is idempotent, sourced shell resolves
the npm-global bin onto PATH.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie merged commit 93e8fb8479 into main 2026-06-21 09:00:12 +02:00
clawdie deleted branch fix/jail-npm-path-profiled 2026-06-21 09:00:13 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
first-proof blocker

gates the first proven end-to-end

  
hardening

security/robustness follow-up, not a first-proof gate

No labels
first-proof blocker
hardening
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/colibri#121
No description provided.
Delete branch "fix/jail-npm-path-profiled"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?