feat: containerized pi agent
This commit is contained in:
m3tm3re
57
PLAN.md
Normal file
57
PLAN.md
Normal file
@@ -0,0 +1,57 @@
|
||||
# PLAN
|
||||
|
||||
## Context
|
||||
- Implement **Option A**: run `pi` through a **rootless Podman** container while keeping a native terminal UX.
|
||||
- Preserve `flake.nix` + `nix develop` workflows by using the **host Nix daemon** from inside the container.
|
||||
- Keep logic centralized in `nixpkgs` and host-specific values in `nixos-config`.
|
||||
|
||||
## Approach
|
||||
- Extend the existing Home Manager module at `modules/home-manager/coding/agents/pi.nix` with a `coding.agents.pi.container.*` option set.
|
||||
- Implement **Option A defaults** from your decisions:
|
||||
- wrapper command name is `pi` (native command replacement),
|
||||
- project roots are mounted read-write,
|
||||
- `autoStart = true` by default,
|
||||
- `autoNixDevelop = false` by default,
|
||||
- `image` default set to `docker.io/nixos/nix:latest` as a conservative base and overridden in host config for a Pi-ready image.
|
||||
- Generate a deterministic wrapper script (installed via Home Manager) that:
|
||||
- verifies cwd is within allowed project roots,
|
||||
- ensures rootless container exists/runs,
|
||||
- maps cwd and runs `podman exec -it <container> pi "$@"`,
|
||||
- optionally runs via `nix develop -c pi ...` when `autoNixDevelop=true` and `flake.nix` is present.
|
||||
- Configure safe Podman mounts:
|
||||
- allowed project roots only,
|
||||
- host Nix daemon socket (Option A),
|
||||
- minimal Nix config/certs needed for CLI operation.
|
||||
- Wire host-specific config in `nixos-config/home/features/coding/pi.nix` and remove direct host `pi` binary installation from the coding package list to avoid command-path ambiguity.
|
||||
|
||||
## Files to modify
|
||||
- `modules/home-manager/coding/agents/pi.nix` (new container options + wrapper + container lifecycle logic)
|
||||
- `/home/m3tam3re/p/NIX/nixos-config/home/features/coding/pi.nix` (host-specific container settings)
|
||||
|
||||
## Reuse
|
||||
- Existing Pi HM module and option namespace:
|
||||
- `modules/home-manager/coding/agents/pi.nix`
|
||||
- Existing coding feature wiring in nixos-config:
|
||||
- `/home/m3tam3re/p/NIX/nixos-config/home/features/coding/default.nix`
|
||||
- `/home/m3tam3re/p/NIX/nixos-config/home/features/coding/pi.nix`
|
||||
|
||||
## Steps
|
||||
- [ ] Add `coding.agents.pi.container` options (enable/name/image/projectRoots/autoStart/autoNixDevelop/extraRunArgs/extraEnv) with defaults matching your preferences (`autoStart=true`, `autoNixDevelop=false`, default image as above).
|
||||
- [ ] Implement wrapper script generation in HM module with cwd allowlist checks and container create/start/exec behavior.
|
||||
- [ ] Make wrapper binary name `pi` (native UX) when container mode is enabled.
|
||||
- [ ] Add deterministic container run/create args with safe mounts and host Nix daemon socket.
|
||||
- [ ] Add optional in-container `nix develop -c pi` path when flake project is detected.
|
||||
- [ ] Wire host-specific values in nixos-config `home/features/coding/pi.nix`.
|
||||
- [ ] Remove direct host `pi` package install in nixos-config coding packages so wrapper is the effective `pi` command.
|
||||
- [ ] Validate eval/build and document command outputs for flake and non-flake wrapper behavior.
|
||||
|
||||
## Verification
|
||||
- Static checks for both repos (module eval/build where appropriate).
|
||||
- Home Manager evaluation/switch check in nixos-config.
|
||||
- Manual wrapper checks:
|
||||
- Inside a flake project: `pi` resolves via `nix develop -c pi ...` when enabled.
|
||||
- Outside flake project: `pi` runs directly via container exec.
|
||||
- Capture exact commands + outputs for report.
|
||||
|
||||
## Open questions
|
||||
- None currently blocking; proceed with conservative default image and host override guidance.
|
||||
Reference in New Issue
Block a user