chore: update flake inputs

Adds a guardrails submodule option to coding.agents.pi that:
- Generates ~/.pi/agent/extensions/guardrails.json when enabled
- Automatically injects @aliou/pi-guardrails package into settings.packages
- Provides structured options for policies, pathAccess, and permissionGate

The module generates the JSON config that pi-guardrails reads for
its security hooks (policies, permission-gate, path-access).

Limitations documented in option descriptions:
- Path access checks are lexical (not symlink-safe)
- Local project guardrails.json can override global rule IDs

flake.lock

@@ -55,11 +55,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1777470666,
+        "lastModified": 1777643636,
-        "narHash": "sha256-uAi+pTjKLturTz3XqTwnsU0fJnqf8xx8orfPpRbdaKQ=",
+        "narHash": "sha256-7vvm5Ia8o3g7YNErFcDsbCx+Pk8HbnA+ZYuA5Zga7hY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "053b9fa5f0fbdac0bd9d248cea58a11223eb495d",
+        "rev": "da2366fac507ce7bd31852e7351e55b951656999",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1776788052,
+        "lastModified": 1777556999,
-        "narHash": "sha256-L4LBHVVtgMhSJm+IzZSYOR0UXPbvIRg4xiEV5urYxdI=",
+        "narHash": "sha256-HfFlRwR8IMjudRttN4T8L3DJKnNlpWfeNzQPly/HaRY=",
         "owner": "Fission-AI",
         "repo": "OpenSpec",
-        "rev": "3c7a05c5dc88b2397c478805890b55ed392b19e8",
+        "rev": "347f0277e3be3549cd85cdea364fbd7710f1922b",
         "type": "github"
       },
       "original": {

modules/home-manager/coding/agents/pi.nix

@@ -202,6 +202,38 @@
           See pi docs/settings.md for all options.
         '';
       };
+
+      # ── Pi Guardrails ─────────────────────────────────────────────
+      guardrails = mkOption {
+        type = types.nullOr (types.submodule {
+          options = {
+            enable =
+              mkEnableOption
+              ("Generate ~/.pi/agent/extensions/guardrails.json for pi-guardrails. "
+                + "Adds @aliou/pi-guardrails to packages automatically.");
+
+            config = mkOption {
+              type = types.attrsOf types.anything;
+              default = {};
+              description = ''
+                Guardrails configuration written to ~/.pi/agent/extensions/guardrails.json.
+                See https://github.com/aliou/pi-guardrails for config schema.
+
+                IMPORTANT: Path access checks are lexical (not symlink-safe).
+                Local project .pi/extensions/guardrails.json can override same rule IDs
+                (memory > local > global > defaults). For immutable global policies,
+                consider a wrapper or upstream patch.
+              '';
+            };
+          };
+        });
+        default = null;
+        description = ''
+          Pi Guardrails security configuration.
+          Generates ~/.pi/agent/extensions/guardrails.json when enabled.
+          The @aliou/pi-guardrails package is added to settings.packages automatically.
+        '';
+      };
     };
 
   config = with lib; let
@@ -224,8 +256,37 @@
           attrs
         );
 
+      # Base settings (already filtered)
       piSettings = filterNulls cfg.settings;
 
+      # Guardrails package to inject when guardrails is enabled
+      guardrailsPackage = "npm:@aliou/pi-guardrails@0.11.1";
+
+      # Guardrails config (only when guardrails is enabled)
+      guardrailsJson =
+        if (cfg.guardrails != null && cfg.guardrails.enable)
+        then builtins.toJSON cfg.guardrails.config
+        else null;
+
+      # Merge guardrails package into settings.packages when guardrails is enabled
+      piSettingsWithGuardrails = let
+        baseSettings = cfg.settings;
+        basePackages = baseSettings.packages or [];
+        hasGuardrailsPackage =
+          lib.any
+          (p:
+            lib.hasPrefix "npm:@aliou/pi-guardrails" p
+            || (lib.hasPrefix "git:" p && lib.hasSuffix "/pi-guardrails" p))
+          basePackages;
+        packagesWithGuardrails =
+          if (cfg.guardrails != null && cfg.guardrails.enable && !hasGuardrailsPackage)
+          then basePackages ++ [guardrailsPackage]
+          else basePackages;
+      in
+        if packagesWithGuardrails != basePackages
+        then filterNulls (baseSettings // {packages = packagesWithGuardrails;})
+        else piSettings;
+
       # Coding rules config for renderForPi (only when both agentsInput and codingRules are set)
       piCodingRules =
         if cfg.agentsInput != null && cfg.codingRules != null
@@ -269,10 +330,16 @@
 
         # ── ~/.pi/agent/settings.json ──────────────────────────────────
         {
-          ".pi/agent/settings.json".text = builtins.toJSON piSettings;
+          ".pi/agent/settings.json".text = builtins.toJSON piSettingsWithGuardrails;
           ".pi/agent/settings.json".force = true;
         }
 
+        # ── pi-guardrails config ─────────────────────────────────────
+        (mkIf (guardrailsJson != null) {
+          ".pi/agent/extensions/guardrails.json".text = guardrailsJson;
+          ".pi/agent/extensions/guardrails.json".force = true;
+        })
+
         # ── AGENTS.md — agent descriptions and specialist listing ──────
         (mkIf (cfg.agentsInput != null) {
           ".pi/agent/AGENTS.md".source = "${rendered}/AGENTS.md";

pkgs/kestractl/sources.json

@@ -1,13 +1,13 @@
 {
-  "version": "1.2.2",
+  "version": "1.3.0",
   "sources": {
     "aarch64-linux": {
-      "url": "https://github.com/kestra-io/kestractl/releases/download/1.2.2/kestractl_1.2.2_linux_arm64.tar.gz",
+      "url": "https://github.com/kestra-io/kestractl/releases/download/1.3.0/kestractl_1.3.0_linux_arm64.tar.gz",
-      "hash": "sha256-sidFsCZPnJ07PM5QayPBqaqlBBJTLEdecfd0AWnL7Yo="
+      "hash": "sha256-/18F6CZnnLbet4BmI1oQ5pZWkJwIshCq30qd+cm0GGA="
     },
     "x86_64-linux": {
-      "url": "https://github.com/kestra-io/kestractl/releases/download/1.2.2/kestractl_1.2.2_linux_amd64.tar.gz",
+      "url": "https://github.com/kestra-io/kestractl/releases/download/1.3.0/kestractl_1.3.0_linux_amd64.tar.gz",
-      "hash": "sha256-0C2naN2ougBJSY2z2m6eORnLkLen87HD+a+gvtrUvdw="
+      "hash": "sha256-xmsBiqNKvob8xHDyU253o6c25YIubHanNdLqzWaOvSA="
     }
   }
 }

pkgs/n8n/default.nix

@@ -26,20 +26,20 @@
 in
   stdenv.mkDerivation (finalAttrs: {
     pname = "n8n";
-    version = "2.17.8";
+    version = "2.18.5";
 
     src = fetchFromGitHub {
       owner = "n8n-io";
       repo = "n8n";
       tag = "n8n@${finalAttrs.version}";
-      hash = "sha256-+Fr7zYca4+3R9J77TkHTGki8oz4FrE9MNsxOaDCF2GM=";
+      hash = "sha256-ws0DXGQFR+z3nVyd4Yn9pIM7yh+H6GnuCRSLxgvtPxo=";
     };
 
     pnpmDeps = fetchPnpmDeps {
       inherit (finalAttrs) pname version src;
       pnpm = pnpm_10;
       fetcherVersion = 3;
-      hash = "sha256-MBSxAsZXCaxwQpstJVxOOCIAE+0RqwlIrgXtE/hiTJM=";
+      hash = "sha256-Ajgne0neNm6HgMK6z3jnEkUJJxVOTgzjpSaMaJgIndQ=";
     };
 
     nativeBuildInputs =

pkgs/n8n/update.sh

@@ -2,9 +2,14 @@
 #!nix-shell -i bash -p bash curl jq nix-update cacert git nix
 set -euo pipefail
 
-# n8n now publishes two releases per version: a "stable" tag and a "n8n@X.Y.Z" versioned tag.
+# n8n releases are published with two tags per version:
-# Skip the "stable" tag and get the actual version from the next release.
+#   - "n8n@X.Y.Z" - the versioned tag
-# Note: We removed --pure from the shebang because nix-update needs network access to prefetch hashes.
+#   - "stable"   - always points to the latest stable version
+#
+# We query the "stable" tag and extract the version from its target commitish (e.g., "release/2.18.5").
+# This ensures we always get the actual latest stable version, not the most recently created tag.
+
+set -euo pipefail
 
 # Get the directory where this script lives (should be pkgs/n8n/)
 script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
@@ -14,10 +19,10 @@ nixpkgs_root="$(cd "$script_dir/../.." && pwd)"
 
 cd "$nixpkgs_root"
 
-release_info=$(curl -s "https://api.github.com/repos/n8n-io/n8n/releases")
+# Query the "stable" tag and extract version from target_commitish (e.g., "release/2.18.5")
-new_version=$(echo "$release_info" | jq --raw-output 'map(select(.tag_name != "stable")) | .[0].tag_name | ltrimstr("n8n@")')
+new_version=$(curl -s "https://api.github.com/repos/n8n-io/n8n/releases/tags/stable" | jq --raw-output '.target_commitish | ltrimstr("release/")')
 
-echo "Latest version: n8n@${new_version}"
+echo "Latest stable version: n8n@${new_version}"
 echo "Running from: $(pwd)"
 
 # Use --flake --system to properly evaluate the flake-based package