packaging/freebsd/agent-jail-bootstrap.sh

@@ -83,10 +83,21 @@ if [ ! -e "${NPM_PREFIX}/bin/pi" ]; then
 fi
 cp -a "${NPM_PREFIX}/bin/pi" "${JAIL_ROOT}${NPM_PREFIX}/bin/pi"
 
-# Add npm-global bin to clawdie's PATH so pi/bw are found on login
-if ! grep -q 'npm-global/bin' "${JAIL_ROOT}/home/clawdie/.profile" 2>/dev/null; then
-    echo 'PATH="/home/clawdie/.npm-global/bin:$PATH"' >> "${JAIL_ROOT}/home/clawdie/.profile"
-    echo 'export PATH' >> "${JAIL_ROOT}/home/clawdie/.profile"
+# Put the npm-global bin on PATH for every login shell. Canonical mechanism
+# (same shape as the clawdie-iso image): the PATH content lives in one managed
+# /etc/profile.d snippet derived from NPM_PREFIX, and /etc/profile sources it —
+# not a per-user, single-shell ~/.profile line that drifts from the prefix.
+install -d -m 0755 "${JAIL_ROOT}/etc/profile.d"
+cat > "${JAIL_ROOT}/etc/profile.d/clawdie-npm.sh" <<EOF
+# Managed by agent-jail-bootstrap.sh — clawdie npm-global bin on PATH.
+PATH="${NPM_PREFIX}/bin:\$PATH"
+export PATH
+EOF
+chmod 0644 "${JAIL_ROOT}/etc/profile.d/clawdie-npm.sh"
+
+if ! grep -q '/etc/profile.d/clawdie-npm.sh' "${JAIL_ROOT}/etc/profile" 2>/dev/null; then
+    printf '\n[ -r /etc/profile.d/clawdie-npm.sh ] && . /etc/profile.d/clawdie-npm.sh\n' \
+        >> "${JAIL_ROOT}/etc/profile"
 fi
 
 echo "Done — ${JAIL_NAME} ready for vault provision."