Tighten agent-jail-bootstrap.sh per review of #96:
- pin each package to the host's EXACT installed version (pkg query '%v' ->
install name-version from the host's mounted cache); fail loudly if the host
lacks it, instead of pulling a different version into the jail
- set -eu; validate jail name ([A-Za-z0-9_-], non-empty) so it can't escape the
bastille jails root; assert the jail root exists before touching it
- guard every host source (binaries, npm modules) so a missing source fails
clearly rather than producing a half-bootstrapped jail
Relies on the existing host pkg-cache reachability from the jail (offline install).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
