jailed-agents no-cwd
This commit is contained in:
204
flake.nix
204
flake.nix
@@ -23,33 +23,41 @@
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
jail = jail-nix.lib.init pkgs;
|
||||
|
||||
defaultPackages = with pkgs;
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
defaultPackages = with pkgs; [
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
|
||||
makeJailedConfig = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
makeJailedConfig = {
|
||||
name,
|
||||
jail,
|
||||
pkgs,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
mountCwd ? true,
|
||||
}:
|
||||
with jail.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
]
|
||||
++ (if mountCwd then [ mount-cwd ] else [ ])
|
||||
++ [
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
@@ -59,11 +67,18 @@
|
||||
++ extraCombinators
|
||||
);
|
||||
|
||||
makeJailedAgent = { name, pkg, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
makeJailedAgent = {
|
||||
name,
|
||||
pkg,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
mountCwd ? true,
|
||||
}:
|
||||
jail name pkg (makeJailedConfig {
|
||||
inherit name jail pkgs extraPkgs extraCombinators;
|
||||
inherit name jail pkgs extraPkgs extraCombinators mountCwd;
|
||||
});
|
||||
|
||||
# CWD-mounted variants
|
||||
opencode-jailed = makeJailedAgent {
|
||||
name = "opencode";
|
||||
pkg = llm-agents.packages.${system}.opencode;
|
||||
@@ -74,45 +89,67 @@
|
||||
pkg = llm-agents.packages.${system}.claude-code;
|
||||
};
|
||||
|
||||
# No-CWD variants
|
||||
opencode-jailed-nocwd = makeJailedAgent {
|
||||
name = "opencode-nocwd";
|
||||
pkg = llm-agents.packages.${system}.opencode;
|
||||
mountCwd = false;
|
||||
};
|
||||
|
||||
claude-jailed-nocwd = makeJailedAgent {
|
||||
name = "claude-code-nocwd";
|
||||
pkg = llm-agents.packages.${system}.claude-code;
|
||||
mountCwd = false;
|
||||
};
|
||||
|
||||
lib = {
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; }
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; mountCwd = false; }
|
||||
makeJailed =
|
||||
system':
|
||||
{
|
||||
agentTool,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
mountCwd ? true,
|
||||
}:
|
||||
let
|
||||
pkgs' = nixpkgs.legacyPackages.${system'};
|
||||
jail' = jail-nix.lib.init pkgs';
|
||||
pkg' = llm-agents.packages.${system'}.opencode;
|
||||
defaultPackages' = with pkgs';
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
makeJailedConfig' = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
with jail.combinators;
|
||||
defaultPackages' = with pkgs'; [
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
makeJailedConfig' = {
|
||||
name,
|
||||
jail,
|
||||
pkgs,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
mountCwd ? true,
|
||||
}:
|
||||
with jail'.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
]
|
||||
++ (if mountCwd then [ mount-cwd ] else [ ])
|
||||
++ [
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
@@ -126,7 +163,7 @@
|
||||
name = agentTool;
|
||||
jail = jail';
|
||||
pkgs = pkgs';
|
||||
inherit extraPkgs extraCombinators;
|
||||
inherit extraPkgs extraCombinators mountCwd;
|
||||
});
|
||||
};
|
||||
|
||||
@@ -141,7 +178,12 @@
|
||||
in
|
||||
{
|
||||
packages = {
|
||||
inherit opencode-jailed claude-jailed;
|
||||
inherit
|
||||
opencode-jailed
|
||||
claude-jailed
|
||||
opencode-jailed-nocwd
|
||||
claude-jailed-nocwd
|
||||
;
|
||||
};
|
||||
|
||||
checks = {
|
||||
@@ -159,6 +201,20 @@
|
||||
touch $out
|
||||
'';
|
||||
|
||||
opencode-jailed-nocwd-build = pkgs.runCommand "test-opencode-jailed-nocwd" {
|
||||
buildInputs = [ opencode-jailed-nocwd ];
|
||||
} ''
|
||||
test -f ${opencode-jailed-nocwd}/bin/opencode-nocwd
|
||||
touch $out
|
||||
'';
|
||||
|
||||
claude-jailed-nocwd-build = pkgs.runCommand "test-claude-jailed-nocwd" {
|
||||
buildInputs = [ claude-jailed-nocwd ];
|
||||
} ''
|
||||
test -f ${claude-jailed-nocwd}/bin/claude-code-nocwd
|
||||
touch $out
|
||||
'';
|
||||
|
||||
lib-makeJailed-basic = pkgs.runCommand "test-lib-makeJailed-basic" {
|
||||
buildInputs = [ test-agent-basic ];
|
||||
} ''
|
||||
@@ -190,44 +246,53 @@
|
||||
};
|
||||
|
||||
lib = {
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; }
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; mountCwd = false; }
|
||||
makeJailed =
|
||||
system':
|
||||
{
|
||||
agentTool,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
mountCwd ? true,
|
||||
}:
|
||||
let
|
||||
pkgs' = nixpkgs.legacyPackages.${system'};
|
||||
jail' = jail-nix.lib.init pkgs';
|
||||
pkg' = llm-agents.packages.${system'}.opencode;
|
||||
defaultPackages' = with pkgs';
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
makeJailedConfig' = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
with jail.combinators;
|
||||
defaultPackages' = with pkgs'; [
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
makeJailedConfig' = {
|
||||
name,
|
||||
jail,
|
||||
pkgs,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
mountCwd ? true,
|
||||
}:
|
||||
with jail'.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
]
|
||||
++ (if mountCwd then [ mount-cwd ] else [ ])
|
||||
++ [
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
@@ -241,10 +306,9 @@
|
||||
name = agentTool;
|
||||
jail = jail';
|
||||
pkgs = pkgs';
|
||||
inherit extraPkgs extraCombinators;
|
||||
inherit extraPkgs extraCombinators mountCwd;
|
||||
});
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user