diff --git a/scripts/workstation/packages.txt b/scripts/workstation/packages.txt
new file mode 100644
index 00000000..6b7c3451
--- /dev/null
+++ b/scripts/workstation/packages.txt
@@ -0,0 +1,26 @@
+# Declarative host toolset for the devvm Workstation (apt packages, one per line).
+# Consumed by setup-devvm.sh:  apt-get install -y $(grep -vE '^\s*(#|$)' packages.txt)
+# Comments (#) and blank lines are ignored. Tools NOT in the standard apt repos
+# are listed below as comments with their real install path (handled explicitly
+# in setup-devvm.sh) so this manifest stays a safe argument to `apt-get install`.
+git
+zsh
+tmux
+ripgrep
+fd-find
+jq
+curl
+ca-certificates
+python3
+python3-yaml
+python3-pip
+podman
+
+# --- installed by setup-devvm.sh via NON-apt paths (not apt-installable) ---
+# nodejs + npm                -> NodeSource repo (claude-code needs node >= 18; distro nodejs is too old)
+# @anthropic-ai/claude-code   -> npm install -g
+# kubectl                     -> k8s apt repo OR pinned binary (already present on devvm)
+# vault                       -> HashiCorp apt repo OR pinned binary (already present on devvm)
+# kubelogin (kubectl oidc-login) -> `kubectl krew install oidc-login` or int128/kubelogin release.
+#                                NOTE: the apt package literally named "kubelogin" is the AZURE
+#                                tool, NOT the OIDC one we need -- do not apt-install it.
diff --git a/scripts/workstation/roster.yaml b/scripts/workstation/roster.yaml
new file mode 100644
index 00000000..0319c824
--- /dev/null
+++ b/scripts/workstation/roster.yaml
@@ -0,0 +1,21 @@
+# THE single source of truth for the devvm Workstation lifecycle (onboard -> offboard).
+# Consumed by roster_engine.py (derive/validate) + t3-provision-users.sh (apply).
+#
+# os_user (the map KEY, pinned) -> authentik_user . k8s_user . tier . namespaces
+# The three identifiers differ per person (verified 2026-06-08) -- no email->username
+# derivation; record each explicitly.
+#
+# Tiers: admin | power-user | namespace-owner
+#   admin           - cluster-admin, unlocked tree, secrets (groups: sudo,docker,code-shared)
+#   power-user      - cluster-wide READ (no Secrets) via oidc-power-user-readonly; locked clone
+#   namespace-owner - admin in their own namespace(s) only; locked clone
+#
+# wizard IS listed (as admin): the reconcile REGENERATES /etc/ttyd-user-map +
+# dispatch.json from this file, so omitting him would drop his t3 instance. The
+# provisioner skips account/group/clone mutations for already-existing users, so
+# listing him is safe (he keeps his unlocked tree + cluster-admin untouched).
+users:
+  wizard:    {authentik_user: vbarzin,     k8s_user: wizard, tier: admin}                                          # base config author + cluster-admin
+  emo:       {authentik_user: emil.barzin, k8s_user: emo,    tier: power-user}                                     # NET-NEW k8s_users entry (add as power-user before provisioning)
+  ancamilea: {authentik_user: ancaelena98, k8s_user: anca,   tier: namespace-owner, namespaces: [plotting-book]}   # ALREADY provisioned in-cluster -- assert, don't re-create
+# gheorghe:  {authentik_user: vabbit81,    k8s_user: vabbit81, tier: namespace-owner, namespaces: [vabbit81]}      # already a cluster ns-owner; uncomment to give him a devvm workstation