diff --git a/docs/HIVE-ONBOARDING.md b/docs/HIVE-ONBOARDING.md
index eef2b3e..757fbdb 100644
--- a/docs/HIVE-ONBOARDING.md
+++ b/docs/HIVE-ONBOARDING.md
@@ -28,13 +28,15 @@ server-match (#67/#68/#69), and the first-proof runbook (#103).
 path in [`../docs/VAULT-PROVISION-FIRST-PROOF.md`](https://code.smilepowered.org/clawdie/colibri)
 (colibri). Critical path now: operator runs the runbook (scratch jail + test collection,
 manual SQLite tenant insert, raw-socket jailed spawn) → verify `.env` at `0600` + tenant
-`active`.
+`active`. With #101/#102 merged, the manual SQLite insert and raw-socket spawn are now
+`colibri register-tenant …` and `colibri spawn-agent … --jail-name … --jail-root …`.
 
 Open work, categorized:
 
 - **Hardening:** #92 (path canonicalization/containment).
-- **CLI-driveability (post-proof ergonomics, not proof blockers):** #101 (`register-tenant`
-  command), #102 (`--jail` on `spawn-agent`) — these replace the runbook's manual steps.
+- **CLI-driveability — DONE, merged:** #101 (`register-tenant` + `list-tenants`) and #102
+  (`--jail-name`/`--jail-root` on `spawn-agent`/`spawn-local`) are merged to colibri `main`
+  (PR #107); they replace the runbook's manual SQLite insert and raw-socket spawn.
 - **Source-of-truth/naming:** #98 (`npm-node24` vs `npm`), clawdie-iso #70 (agent-jail
   section in `pkg-list-jails.txt`).
 - **Cost/source-of-truth:** fill `docs/HOST-MATRIX.md` cost provenance rows before buying
@@ -43,7 +45,7 @@ Open work, categorized:
   (poudriere) and a signed skill repo — so paid tenants run first-party-only skills and
   packages instead of external marketplaces.
 
-**One-line plan:** run the first-proof runbook → then land #101/#102 for CLI driveability,
+**One-line plan:** run the first-proof runbook (now CLI-driveable via merged #101/#102) →
 #92 before promoting past scratch, and fill verified OVH/self-host cost data before buying
 or depending on a new mother/build host.