refactor(setup): use executable shims instead of aliases for reliable role access

native_crumbcore_v1/setup_missions.sh

@@ -111,22 +111,29 @@ fi
 if ! grep -q "alias dumbo" "$HOME_DIR/.bashrc"; then
     cat << 'EOF' >> "$HOME_DIR/.bashrc"
 
-# 🎭 Role Aliases (Secure Wrapper)
+# 🎭 Role Shims (Global Executables)
+# We use /usr/local/bin so that scripts (which ignore aliases) can also call 'dumbo', 'templatus' etc.
 WRAPPER="/opt/crumbforest/native_crumbcore_v1/scripts/role_wrapper.sh"
 ROLES_DIR="/opt/crumbforest/app/crumbforest_roles"
 
-# Dynamic Alias Generation
-# Scans $ROLES_DIR for *_zero.sh files and creates aliases
-# e.g. dumbo_zero.sh -> alias dumbo="..."
+print_info "Generating secure role shims in /usr/local/bin..."
+
 if [ -d "$ROLES_DIR" ]; then
     for script in "$ROLES_DIR"/*_zero.sh; do
         if [ -f "$script" ]; then
             # Extract basename without extension (dumbo_zero)
             filename=$(basename -- "$script")
             role_base="${filename%_zero.sh}"
+            target_shim="/usr/local/bin/$role_base"
             
-            # Create alias
-            echo "alias $role_base=\"$WRAPPER $script\"" >> "$HOME_DIR/.bashrc"
+            # Create shim script
+            cat <<SHIM > "$target_shim"
+#!/bin/bash
+exec "$WRAPPER" "$script" "\$@"
+SHIM
+            
+            chmod +x "$target_shim"
+            print_info "Created shim: $role_base -> $script"
         fi
     done
 fi