{inputs, ...}: { coding.agents.pi = { enable = true; agentsInput = inputs.agents; modelOverrides = { chiron = "minimax/MiniMax-M2.7"; chiron-forge = "minimax/MiniMax-M2.7"; }; # Coding rules for Pi agent # Rules sourced from AGENTS repo codingRules = { # Language-specific rules languages = [ "nix" # Nix language conventions ]; # Standard concerns from AGENTS repo concerns = [ "coding-style" # General coding principles "naming" # Naming conventions (camelCase, snake_case, etc.) "documentation" # Documentation standards "testing" # Testing guidelines (Arrange-Act-Assert) "git-workflow" # Conventional commits, branch naming "git-identity" # Git identity configuration for agents "project-structure" # Project layout conventions ]; # No framework-specific rules for NixOS config frameworks = []; }; settings = { packages = [ "npm:@dreadedzombie/pi-init" "npm:@plannotator/pi-extension" "npm:@thesethrose/pi-zai-provider" "npm:pi-agent-browser-native" "npm:pi-beads-extension" "npm:pi-lens" "npm:pi-markdown-preview" "npm:pi-mcp-adapter" "npm:pi-powerline-footer" "npm:pi-prompt-template-model" "npm:pi-subagents" "npm:pi-tool-display" "npm:pi-web-access" "git:github.com/hk-vk/pi-connect" ]; defaultProvider = "minimax"; defaultModel = "MiniMax-M2.7"; defaultThinkingLevel = "high"; }; # pi-guardrails: strict security config # NOTE: Path access checks are lexical (not symlink-safe). # NOTE: Local project .pi/extensions/guardrails.json can override same rule IDs. # For immutable global policies, consider a wrapper or upstream patch. guardrails = { enable = true; config = { enabled = true; applyBuiltinDefaults = true; onboarding = { completed = true; }; features = { policies = true; permissionGate = true; pathAccess = true; }; pathAccess = { mode = "ask"; allowedPaths = [ "/nix/store/" "/tmp/" ]; }; policies = { rules = [ # ── SSH keys ─────────────────────────────────────────── { id = "home-ssh"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "~/.ssh/**";} {pattern = "~/.ssh/*_rsa";} {pattern = "~/.ssh/*_ed25519";} {pattern = "~/.ssh/*.pem";} ]; allowedPatterns = [ {pattern = "~/.ssh/*.pub";} ]; } # ── GPG keys ───────────────────────────────────────── { id = "home-gpg"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "~/.gnupg/**";} {pattern = "~/*.gpg";} {pattern = "~/.gpg-agent.conf";} ]; } # ── AWS credentials ──────────────────────────────────── { id = "home-aws"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "~/.aws/**";} {pattern = "~/.aws/credentials";} {pattern = "~/.aws/config";} ]; } # ── Kubernetes configs ──────────────────────────────── { id = "home-kube"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "~/.kube/**";} {pattern = "*kubeconfig*";} ]; } # ── Cloud CLI configs ──────────────────────────────── { id = "home-config"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "~/.config/gh/**";} {pattern = "~/.config/gcloud/**";} {pattern = "~/.config/op/**";} {pattern = "~/.config/sops/**";} ]; } # ── agenix secrets ─────────────────────────────────── { id = "agenix-secrets"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "/run/agenix/**";} ]; } # ── Pi auth and sessions ──────────────────────────── { id = "pi-auth-sessions"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "~/.pi/agent/auth.json";} {pattern = "~/.pi/agent/sessions/**";} ]; } # ── Environment files ───────────────────────────────── { id = "secret-files"; enabled = true; protection = "noAccess"; onlyIfExists = true; patterns = [ {pattern = ".env";} {pattern = ".env.*";} {pattern = ".dev.vars";} ]; allowedPatterns = [ {pattern = "*.example.env";} {pattern = "*.sample.env";} {pattern = "*.test.env";} {pattern = ".env.example";} {pattern = ".env.sample";} {pattern = ".env.test";} ]; } # ── Private keys and certificates ─────────────────── { id = "private-keys"; enabled = true; protection = "noAccess"; onlyIfExists = false; patterns = [ {pattern = "*.pem";} {pattern = "*.key";} {pattern = "*.p12";} {pattern = "*.pfx";} {pattern = "*id_rsa*";} {pattern = "*id_ed25519*";} {pattern = "*id_ecdsa*";} ]; allowedPatterns = [ {pattern = "*.pub";} {pattern = "*.csr";} ]; } ]; }; permissionGate = { explainCommands = false; # Auto-deny patterns: env leakage and credential dumping autoDenyPatterns = [ { pattern = "\\benv\\b"; regex = true; description = "env command (may dump environment)"; } { pattern = "\\bprintenv\\b"; regex = true; description = "printenv command (dumps environment variables)"; } { pattern = "/proc/[0-9]+/environ"; regex = true; description = "reading process environment files"; } { pattern = "gpg\\s+--export-secret-keys"; regex = true; description = "GPG secret key export"; } { pattern = "gpg\\s+--export-secret-subkeys"; regex = true; description = "GPG secret subkey export"; } { pattern = "ssh-add\\s+-D"; regex = true; description = "delete all SSH identities"; } { pattern = "\\b(op|pass)\\s+(read|show|get)"; regex = true; description = "password manager read operations"; } ]; }; }; }; # MCP servers auto-inherited from programs.mcp in default.nix }; }