diff --git a/ansible/playbooks/customize.yml b/ansible/playbooks/customize.yml
index 41c2c80..9021de9 100644
--- a/ansible/playbooks/customize.yml
+++ b/ansible/playbooks/customize.yml
@@ -46,6 +46,50 @@
         cmd: loginctl enable-linger openclaw
       changed_when: false
 
+    # ── Homebrew ───────────────────────────────────────────────────────────────
+
+    - name: Install Homebrew dependencies
+      ansible.builtin.apt:
+        name:
+          - build-essential
+          - procps
+          - curl
+          - file
+          - git
+        state: present
+
+    - name: Install Homebrew (as openclaw user)
+      ansible.builtin.shell: |
+        NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+      become_user: openclaw
+      args:
+        creates: /home/linuxbrew/.linuxbrew/bin/brew
+
+    - name: Add Homebrew to openclaw user PATH
+      ansible.builtin.blockinfile:
+        path: /home/openclaw/.bashrc
+        marker: "# {mark} HOMEBREW"
+        block: |
+          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
+        owner: openclaw
+        group: openclaw
+        create: true
+
+    - name: Install Homebrew packages
+      ansible.builtin.shell: |
+        brew list {{ item }} 2>/dev/null || brew install {{ item }}
+      become_user: openclaw
+      environment:
+        HOME: /home/openclaw
+        PATH: /home/linuxbrew/.linuxbrew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+      loop:
+        - gogcli
+        - himalaya
+        - kubernetes-cli
+        - opencode
+      register: brew_install
+      changed_when: "'Installing' in brew_install.stdout"
+
     # ── Automatic security updates ─────────────────────────────────────────
     # The upstream role installs unattended-upgrades with security-only updates.
     # We extend it here to enable automatic reboots for kernel/libc updates,