From 68fdd55771f01971e57140e25238415d17c4555a Mon Sep 17 00:00:00 2001
From: Sam & Claude <hello@clawdie.si>
Date: Sat, 20 Jun 2026 07:40:50 +0200
Subject: [PATCH 1/2] =?UTF-8?q?feat(freebsd):=20agent=20jail=20bootstrap?=
 =?UTF-8?q?=20script=20=E2=80=94=20drift-free=20runtime=20install?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packaging/freebsd/agent-jail-bootstrap.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100755 packaging/freebsd/agent-jail-bootstrap.sh

diff --git a/packaging/freebsd/agent-jail-bootstrap.sh b/packaging/freebsd/agent-jail-bootstrap.sh
new file mode 100755
index 0000000..0d261e0
--- /dev/null
+++ b/packaging/freebsd/agent-jail-bootstrap.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Agent jail bootstrap — install minimum runtime into a fresh Bastille jail.
+# Usage: sudo agent-jail-bootstrap.sh <jail_name>
+set -e
+
+JAIL_NAME="$1"
+JAIL_ROOT="/usr/local/bastille/jails/${JAIL_NAME}/root"
+
+echo "=== Bootstrap ${JAIL_NAME} ==="
+
+# Install runtime packages (versions pinned to match host)
+pkg -c "${JAIL_ROOT}" install -y python312 node24 npm-node24 bash curl
+
+# Copy colibri binaries from host
+for bin in colibri colibri-daemon colibri-probe colibri-mcp colibri-test-agent colibri-host-status colibri-runtime-inventory; do
+    cp /usr/local/bin/${bin} "${JAIL_ROOT}/usr/local/bin/${bin}"
+    chmod 755 "${JAIL_ROOT}/usr/local/bin/${bin}"
+done
+
+echo "Done — ${JAIL_NAME} ready for vault provision."
-- 
2.45.3


From c778daf1511f8016929be8b2de90ffc69dbb6ba2 Mon Sep 17 00:00:00 2001
From: Sam & Claude <hello@clawdie.si>
Date: Sat, 20 Jun 2026 07:54:32 +0200
Subject: [PATCH 2/2] =?UTF-8?q?feat(bootstrap):=20add=20Pi=20agent=20?=
 =?UTF-8?q?=E2=80=94=20copy=20from=20host=20npm=20global?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packaging/freebsd/agent-jail-bootstrap.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packaging/freebsd/agent-jail-bootstrap.sh b/packaging/freebsd/agent-jail-bootstrap.sh
index 0d261e0..dee2b63 100755
--- a/packaging/freebsd/agent-jail-bootstrap.sh
+++ b/packaging/freebsd/agent-jail-bootstrap.sh
@@ -17,4 +17,10 @@ for bin in colibri colibri-daemon colibri-probe colibri-mcp colibri-test-agent c
     chmod 755 "${JAIL_ROOT}/usr/local/bin/${bin}"
 done
 
+# Copy npm global agents from host (jails have no internet)
+NPM_PREFIX="/home/clawdie/.npm-global"
+mkdir -p "${JAIL_ROOT}${NPM_PREFIX}/bin" "${JAIL_ROOT}${NPM_PREFIX}/lib/node_modules"
+cp -a "${NPM_PREFIX}/lib/node_modules/@earendil-works" "${JAIL_ROOT}${NPM_PREFIX}/lib/node_modules/"
+cp -a "${NPM_PREFIX}/bin/pi" "${JAIL_ROOT}${NPM_PREFIX}/bin/pi"
+
 echo "Done — ${JAIL_NAME} ready for vault provision."
-- 
2.45.3