packaging/freebsd/agent-jail-bootstrap.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+# Agent jail bootstrap — install minimum runtime into a fresh Bastille jail.
+# Usage: sudo agent-jail-bootstrap.sh <jail_name>
+set -e
+
+JAIL_NAME="$1"
+JAIL_ROOT="/usr/local/bastille/jails/${JAIL_NAME}/root"
+
+echo "=== Bootstrap ${JAIL_NAME} ==="
+
+# Install runtime packages (versions pinned to match host)
+pkg -c "${JAIL_ROOT}" install -y python312 node24 npm-node24 bash curl
+
+# Copy colibri binaries from host
+for bin in colibri colibri-daemon colibri-probe colibri-mcp colibri-test-agent colibri-host-status colibri-runtime-inventory; do
+    cp /usr/local/bin/${bin} "${JAIL_ROOT}/usr/local/bin/${bin}"
+    chmod 755 "${JAIL_ROOT}/usr/local/bin/${bin}"
+done
+
+# Copy npm global agents from host (jails have no internet)
+NPM_PREFIX="/home/clawdie/.npm-global"
+mkdir -p "${JAIL_ROOT}${NPM_PREFIX}/bin" "${JAIL_ROOT}${NPM_PREFIX}/lib/node_modules"
+cp -a "${NPM_PREFIX}/lib/node_modules/@earendil-works" "${JAIL_ROOT}${NPM_PREFIX}/lib/node_modules/"
+cp -a "${NPM_PREFIX}/bin/pi" "${JAIL_ROOT}${NPM_PREFIX}/bin/pi"
+
+echo "Done — ${JAIL_NAME} ready for vault provision."