diff --git a/flake.lock b/flake.lock index 72443dc..cd7a610 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1769353768, - "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", + "lastModified": 1771437256, + "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=", "owner": "numtide", "repo": "blueprint", - "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", + "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33", "type": "github" }, "original": { @@ -42,11 +42,11 @@ }, "jail-nix": { "locked": { - "lastModified": 1765903853, - "narHash": "sha256-buoPpx7moJzAXbLuHAImn6x9fGRdk3x0T57goPv1vnc=", + "lastModified": 1770418571, + "narHash": "sha256-EzQUbe1gwW/xpJoMuMeblWcjAEF+F92cz/enz0Mz/qo=", "owner": "~alexdavid", "repo": "jail.nix", - "rev": "bf9f49c8118e7a77b68a675dbe26e93e91412066", + "rev": "c141cf8cc68617625b4a28a7d8ce0a35904815d5", "type": "sourcehut" }, "original": { @@ -62,11 +62,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1769813338, - "narHash": "sha256-IlRKon8+bfoi/uOa8CUPAAWW0Pv6AHBSF1jVSD4QO8U=", + "lastModified": 1772165712, + "narHash": "sha256-ThpPDZeGjLKXb3UW1rIFOmrNVBB0T3LxO8cu9c5B/ig=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "58939415e56d01c30d429cf0c49a9d8e2a6a07c3", + "rev": "e3356720c7b3d4c20e06396997c5d76fa7241f0e", "type": "github" }, "original": { @@ -77,11 +77,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "lastModified": 1771423170, + "narHash": "sha256-K7Dg9TQ0mOcAtWTO/FX/FaprtWQ8BmEXTpLIaNRhEwU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", + "rev": "bcc4a9d9533c033d806a46b37dc444f9b0da49dd", "type": "github" }, "original": { @@ -93,11 +93,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { @@ -153,11 +153,11 @@ ] }, "locked": { - "lastModified": 1769691507, - "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 052956e..15bb352 100644 --- a/flake.nix +++ b/flake.nix @@ -23,33 +23,41 @@ pkgs = nixpkgs.legacyPackages.${system}; jail = jail-nix.lib.init pkgs; - defaultPackages = with pkgs; - [ - bashInteractive - curl - wget - jq - git - which - ripgrep - gnugrep - gawkInteractive - ps - findutils - gzip - unzip - gnutar - diffutils - ]; + defaultPackages = with pkgs; [ + bashInteractive + curl + wget + jq + git + which + ripgrep + gnugrep + gawkInteractive + ps + findutils + gzip + unzip + gnutar + diffutils + ]; - makeJailedConfig = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }: + makeJailedConfig = { + name, + jail, + pkgs, + extraPkgs ? [ ], + extraCombinators ? [ ], + mountCwd ? true, + }: with jail.combinators; ( [ network time-zone no-new-session - mount-cwd + ] + ++ (if mountCwd then [ mount-cwd ] else [ ]) + ++ [ (readwrite (noescape "~/.config/${name}")) (readwrite (noescape "~/.local/share/${name}")) (readwrite (noescape "~/.local/state/${name}")) @@ -59,11 +67,18 @@ ++ extraCombinators ); - makeJailedAgent = { name, pkg, extraPkgs ? [ ], extraCombinators ? [ ] }: + makeJailedAgent = { + name, + pkg, + extraPkgs ? [ ], + extraCombinators ? [ ], + mountCwd ? true, + }: jail name pkg (makeJailedConfig { - inherit name jail pkgs extraPkgs extraCombinators; + inherit name jail pkgs extraPkgs extraCombinators mountCwd; }); + # CWD-mounted variants opencode-jailed = makeJailedAgent { name = "opencode"; pkg = llm-agents.packages.${system}.opencode; @@ -74,45 +89,67 @@ pkg = llm-agents.packages.${system}.claude-code; }; + # No-CWD variants + opencode-jailed-nocwd = makeJailedAgent { + name = "opencode-nocwd"; + pkg = llm-agents.packages.${system}.opencode; + mountCwd = false; + }; + + claude-jailed-nocwd = makeJailedAgent { + name = "claude-code-nocwd"; + pkg = llm-agents.packages.${system}.claude-code; + mountCwd = false; + }; + lib = { - # Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; } + # Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; mountCwd = false; } makeJailed = system': { agentTool, extraPkgs ? [ ], extraCombinators ? [ ], + mountCwd ? true, }: let pkgs' = nixpkgs.legacyPackages.${system'}; jail' = jail-nix.lib.init pkgs'; pkg' = llm-agents.packages.${system'}.opencode; - defaultPackages' = with pkgs'; - [ - bashInteractive - curl - wget - jq - git - which - ripgrep - gnugrep - gawkInteractive - ps - findutils - gzip - unzip - gnutar - diffutils - ]; - makeJailedConfig' = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }: - with jail.combinators; + defaultPackages' = with pkgs'; [ + bashInteractive + curl + wget + jq + git + which + ripgrep + gnugrep + gawkInteractive + ps + findutils + gzip + unzip + gnutar + diffutils + ]; + makeJailedConfig' = { + name, + jail, + pkgs, + extraPkgs ? [ ], + extraCombinators ? [ ], + mountCwd ? true, + }: + with jail'.combinators; ( [ network time-zone no-new-session - mount-cwd + ] + ++ (if mountCwd then [ mount-cwd ] else [ ]) + ++ [ (readwrite (noescape "~/.config/${name}")) (readwrite (noescape "~/.local/share/${name}")) (readwrite (noescape "~/.local/state/${name}")) @@ -126,7 +163,7 @@ name = agentTool; jail = jail'; pkgs = pkgs'; - inherit extraPkgs extraCombinators; + inherit extraPkgs extraCombinators mountCwd; }); }; @@ -141,7 +178,12 @@ in { packages = { - inherit opencode-jailed claude-jailed; + inherit + opencode-jailed + claude-jailed + opencode-jailed-nocwd + claude-jailed-nocwd + ; }; checks = { @@ -159,6 +201,20 @@ touch $out ''; + opencode-jailed-nocwd-build = pkgs.runCommand "test-opencode-jailed-nocwd" { + buildInputs = [ opencode-jailed-nocwd ]; + } '' + test -f ${opencode-jailed-nocwd}/bin/opencode-nocwd + touch $out + ''; + + claude-jailed-nocwd-build = pkgs.runCommand "test-claude-jailed-nocwd" { + buildInputs = [ claude-jailed-nocwd ]; + } '' + test -f ${claude-jailed-nocwd}/bin/claude-code-nocwd + touch $out + ''; + lib-makeJailed-basic = pkgs.runCommand "test-lib-makeJailed-basic" { buildInputs = [ test-agent-basic ]; } '' @@ -190,44 +246,53 @@ }; lib = { - # Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; } + # Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; mountCwd = false; } makeJailed = system': { agentTool, extraPkgs ? [ ], extraCombinators ? [ ], + mountCwd ? true, }: let pkgs' = nixpkgs.legacyPackages.${system'}; jail' = jail-nix.lib.init pkgs'; pkg' = llm-agents.packages.${system'}.opencode; - defaultPackages' = with pkgs'; - [ - bashInteractive - curl - wget - jq - git - which - ripgrep - gnugrep - gawkInteractive - ps - findutils - gzip - unzip - gnutar - diffutils - ]; - makeJailedConfig' = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }: - with jail.combinators; + defaultPackages' = with pkgs'; [ + bashInteractive + curl + wget + jq + git + which + ripgrep + gnugrep + gawkInteractive + ps + findutils + gzip + unzip + gnutar + diffutils + ]; + makeJailedConfig' = { + name, + jail, + pkgs, + extraPkgs ? [ ], + extraCombinators ? [ ], + mountCwd ? true, + }: + with jail'.combinators; ( [ network time-zone no-new-session - mount-cwd + ] + ++ (if mountCwd then [ mount-cwd ] else [ ]) + ++ [ (readwrite (noescape "~/.config/${name}")) (readwrite (noescape "~/.local/share/${name}")) (readwrite (noescape "~/.local/state/${name}")) @@ -241,10 +306,9 @@ name = agentTool; jail = jail'; pkgs = pkgs'; - inherit extraPkgs extraCombinators; + inherit extraPkgs extraCombinators mountCwd; }); }; } ); } -