readme and tests
This commit is contained in:
288
flake.nix
288
flake.nix
@@ -23,71 +23,59 @@
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
jail = jail-nix.lib.init pkgs;
|
||||
|
||||
makeJailedAgent =
|
||||
{
|
||||
name,
|
||||
pkg,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
}:
|
||||
jail name pkg (
|
||||
with jail.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
(add-pkg-deps (
|
||||
with pkgs;
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
]
|
||||
))
|
||||
(add-pkg-deps extraPkgs)
|
||||
]
|
||||
++ extraCombinators
|
||||
)
|
||||
defaultPackages = with pkgs;
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
|
||||
makeJailedConfig = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
with jail.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
(add-pkg-deps defaultPackages)
|
||||
(add-pkg-deps extraPkgs)
|
||||
]
|
||||
++ extraCombinators
|
||||
);
|
||||
|
||||
opencodePkg = llm-agents.packages.${system}.opencode;
|
||||
makeJailedAgent = { name, pkg, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
jail name pkg (makeJailedConfig {
|
||||
inherit name jail pkgs extraPkgs extraCombinators;
|
||||
});
|
||||
|
||||
opencode-jailed = makeJailedAgent {
|
||||
name = "opencode";
|
||||
pkg = opencodePkg;
|
||||
pkg = llm-agents.packages.${system}.opencode;
|
||||
};
|
||||
|
||||
claudePkg = llm-agents.packages.${system}.claude;
|
||||
|
||||
claude-jailed = makeJailedAgent {
|
||||
name = "claude";
|
||||
pkg = claudePkg;
|
||||
};
|
||||
in
|
||||
{
|
||||
packages = {
|
||||
inherit opencode-jailed claude-jailed;
|
||||
name = "claude-code";
|
||||
pkg = llm-agents.packages.${system}.claude-code;
|
||||
};
|
||||
|
||||
lib = {
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { extraPkgs = [...]; }
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; }
|
||||
makeJailed =
|
||||
system':
|
||||
{
|
||||
@@ -99,44 +87,164 @@
|
||||
pkgs' = nixpkgs.legacyPackages.${system'};
|
||||
jail' = jail-nix.lib.init pkgs';
|
||||
pkg' = llm-agents.packages.${system'}.opencode;
|
||||
in
|
||||
jail' agentTool pkg' (
|
||||
with jail'.combinators;
|
||||
(
|
||||
defaultPackages' = with pkgs';
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
(readwrite (noescape "~/.config/${agentTool}"))
|
||||
(readwrite (noescape "~/.local/share/${agentTool}"))
|
||||
(readwrite (noescape "~/.local/state/${agentTool}"))
|
||||
(add-pkg-deps (
|
||||
with pkgs';
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
]
|
||||
))
|
||||
(add-pkg-deps extraPkgs)
|
||||
]
|
||||
++ extraCombinators
|
||||
)
|
||||
);
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
makeJailedConfig' = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
with jail.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
(add-pkg-deps defaultPackages')
|
||||
(add-pkg-deps extraPkgs)
|
||||
]
|
||||
++ extraCombinators
|
||||
);
|
||||
in
|
||||
jail' agentTool pkg' (makeJailedConfig' {
|
||||
name = agentTool;
|
||||
jail = jail';
|
||||
pkgs = pkgs';
|
||||
inherit extraPkgs extraCombinators;
|
||||
});
|
||||
};
|
||||
|
||||
test-agent-basic = lib.makeJailed system {
|
||||
agentTool = "test-agent";
|
||||
};
|
||||
|
||||
test-agent-extra = lib.makeJailed system {
|
||||
agentTool = "test-agent-extra";
|
||||
extraPkgs = [ pkgs.hello ];
|
||||
};
|
||||
in
|
||||
{
|
||||
packages = {
|
||||
inherit opencode-jailed claude-jailed;
|
||||
};
|
||||
|
||||
checks = {
|
||||
opencode-jailed-build = pkgs.runCommand "test-opencode-jailed" {
|
||||
buildInputs = [ opencode-jailed ];
|
||||
} ''
|
||||
test -f ${opencode-jailed}/bin/opencode
|
||||
touch $out
|
||||
'';
|
||||
|
||||
claude-jailed-build = pkgs.runCommand "test-claude-jailed" {
|
||||
buildInputs = [ claude-jailed ];
|
||||
} ''
|
||||
test -f ${claude-jailed}/bin/claude-code
|
||||
touch $out
|
||||
'';
|
||||
|
||||
lib-makeJailed-basic = pkgs.runCommand "test-lib-makeJailed-basic" {
|
||||
buildInputs = [ test-agent-basic ];
|
||||
} ''
|
||||
test -f ${test-agent-basic}/bin/test-agent
|
||||
touch $out
|
||||
'';
|
||||
|
||||
lib-makeJailed-with-extraPkgs = pkgs.runCommand "test-lib-makeJailed-extraPkgs" {
|
||||
buildInputs = [ test-agent-extra ];
|
||||
} ''
|
||||
test -f ${test-agent-extra}/bin/test-agent-extra
|
||||
test -d ${pkgs.hello}
|
||||
touch $out
|
||||
'';
|
||||
|
||||
test-opencode-tools = pkgs.runCommand "test-opencode-tools" {
|
||||
buildInputs = [ opencode-jailed ];
|
||||
} ''
|
||||
test -f ${opencode-jailed}/bin/opencode
|
||||
touch $out
|
||||
'';
|
||||
|
||||
test-claude-tools = pkgs.runCommand "test-claude-tools" {
|
||||
buildInputs = [ claude-jailed ];
|
||||
} ''
|
||||
test -f ${claude-jailed}/bin/claude-code
|
||||
touch $out
|
||||
'';
|
||||
};
|
||||
|
||||
lib = {
|
||||
# Call as: inputs.jailed-agents.lib.makeJailed system { agentTool = "opencode"; extraPkgs = [...]; }
|
||||
makeJailed =
|
||||
system':
|
||||
{
|
||||
agentTool,
|
||||
extraPkgs ? [ ],
|
||||
extraCombinators ? [ ],
|
||||
}:
|
||||
let
|
||||
pkgs' = nixpkgs.legacyPackages.${system'};
|
||||
jail' = jail-nix.lib.init pkgs';
|
||||
pkg' = llm-agents.packages.${system'}.opencode;
|
||||
defaultPackages' = with pkgs';
|
||||
[
|
||||
bashInteractive
|
||||
curl
|
||||
wget
|
||||
jq
|
||||
git
|
||||
which
|
||||
ripgrep
|
||||
gnugrep
|
||||
gawkInteractive
|
||||
ps
|
||||
findutils
|
||||
gzip
|
||||
unzip
|
||||
gnutar
|
||||
diffutils
|
||||
];
|
||||
makeJailedConfig' = { name, jail, pkgs, extraPkgs ? [ ], extraCombinators ? [ ] }:
|
||||
with jail.combinators;
|
||||
(
|
||||
[
|
||||
network
|
||||
time-zone
|
||||
no-new-session
|
||||
mount-cwd
|
||||
(readwrite (noescape "~/.config/${name}"))
|
||||
(readwrite (noescape "~/.local/share/${name}"))
|
||||
(readwrite (noescape "~/.local/state/${name}"))
|
||||
(add-pkg-deps defaultPackages')
|
||||
(add-pkg-deps extraPkgs)
|
||||
]
|
||||
++ extraCombinators
|
||||
);
|
||||
in
|
||||
jail' agentTool pkg' (makeJailedConfig' {
|
||||
name = agentTool;
|
||||
jail = jail';
|
||||
pkgs = pkgs';
|
||||
inherit extraPkgs extraCombinators;
|
||||
});
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user