Root cause of the recurring "pi/bw not found in jail" bug: the npm-global-on-PATH
fix was solved canonically in the clawdie-iso image (/etc/profile.d/clawdie.sh,
all login shells), but the agent jail is a separate environment that never reused
it — a fresh Bastille jail doesn't inherit the image's profile.d, and the
bootstrap set no PATH. PR #120 band-aided it with a hardcoded append to one
user's ~/.profile (sh-only, drifts from NPM_PREFIX).
Replace that band-aid with the same mechanism the image uses, scoped to the jail:
- write one managed /etc/profile.d/clawdie-npm.sh derived from NPM_PREFIX
- source it from /etc/profile (covers all sh/bash login shells, system-wide),
idempotently
- delete the per-user ~/.profile append from #120
Now the PATH content lives in a single file tied to NPM_PREFIX, so it can't miss
shells or drift from the prefix. Follow-up (not here): hoist the snippet into one
shared file installed by both clawdie-iso and the jail bootstrap, so a future new
environment can't re-grow this.
Verified: sh -n clean; smoke test — snippet expands NPM_PREFIX (keeps $PATH
literal), /etc/profile sources it, append is idempotent, sourced shell resolves
the npm-global bin onto PATH.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
