{ description = "Reusable jailed LLM agents (opencode)"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; jail-nix.url = "sourcehut:~alexdavid/jail.nix"; llm-agents.url = "github:numtide/llm-agents.nix"; flake-utils.url = "github:numtide/flake-utils"; }; outputs = { self, nixpkgs, flake-utils, jail-nix, llm-agents, ... }: flake-utils.lib.eachDefaultSystem ( system: let pkgs = nixpkgs.legacyPackages.${system}; jail = jail-nix.lib.init pkgs; makeJailedAgent = { name, pkg, extraPkgs ? [ ], extraCombinators ? [ ], }: jail name pkg ( with jail.combinators; ( [ network time-zone no-new-session mount-cwd (readwrite (noescape "~/.config/${name}")) (readwrite (noescape "~/.local/share/${name}")) (readwrite (noescape "~/.local/state/${name}")) (add-pkg-deps ( with pkgs; [ bashInteractive curl wget jq git which ripgrep gnugrep gawkInteractive ps findutils gzip unzip gnutar diffutils ] )) (add-pkg-deps extraPkgs) ] ++ extraCombinators ) ); opencodePkg = llm-agents.packages.${system}.opencode; opencode-jailed = makeJailedAgent { name = "opencode"; pkg = opencodePkg; }; claudePkg = llm-agents.packages.${system}.claude; claude-jailed = makeJailedAgent { name = "claude"; pkg = claudePkg; }; in { packages = { inherit opencode-jailed claude-jailed; }; lib = { # Call as: inputs.jailed-agents.lib.makeJailed system { extraPkgs = [...]; } makeJailed = system': { agentTool, extraPkgs ? [ ], extraCombinators ? [ ], }: let pkgs' = nixpkgs.legacyPackages.${system'}; jail' = jail-nix.lib.init pkgs'; pkg' = llm-agents.packages.${system'}.opencode; in jail' agentTool pkg' ( with jail'.combinators; ( [ network time-zone no-new-session mount-cwd (readwrite (noescape "~/.config/${agentTool}")) (readwrite (noescape "~/.local/share/${agentTool}")) (readwrite (noescape "~/.local/state/${agentTool}")) (add-pkg-deps ( with pkgs'; [ bashInteractive curl wget jq git which ripgrep gnugrep gawkInteractive ps findutils gzip unzip gnutar diffutils ] )) (add-pkg-deps extraPkgs) ] ++ extraCombinators ) ); }; } ); }