when defining query packs, do you have to define a query separately and then reference by name? or can you just define the query itself

Yes, queries must be defined separately and referenced by name. It could be interesting to allow them to be defined inline.

It just makes the config file simpler IMO

Many folks convert those query packs with

fleetctl convert

and use them.

The osquery distributed packs are highly unmaintained. Caution is recommended.