shift · February 8, 2026 17:15
diff --git a/flake.nix b/flake.nix
 {
  description = "Rust Agentic Padded Cell (Tools Hidden, Wrappers Only)";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
    rust-overlay.url = "github:oxalica/rust-overlay";
  };

  outputs = { self, nixpkgs, flake-utils, rust-overlay }:
    flake-utils.lib.eachDefaultSystem (system:
      let
        overlays = [ (import rust-overlay) ];
        pkgs = import nixpkgs { inherit system overlays; };

        # ---------------------------------------------------------------------
        # 1. THE HIDDEN TOOLCHAIN
        # ---------------------------------------------------------------------
        # We define this here, but we NEVER put it in 'buildInputs'.
        # The agent will never see 'rustc' or 'cargo' in its PATH.
        hiddenRust = pkgs.rust-bin.nightly.latest.default.override {
          extensions = [ "rust-src" "clippy" "rustfmt" "llvm-tools-preview" ];
        };

        # ---------------------------------------------------------------------
        # 2. THE ALLOWED INTERFACE (Wrappers)
        # ---------------------------------------------------------------------
        
        # WRAPPER: agent-build
        # Hardcodes the path to the hidden cargo.
        # Forces 'release' mode and short errors.
        agentBuild = pkgs.writeShellScriptBin "agent-build" ''
          echo "🏗️  Restricted Build..."
          ${hiddenRust}/bin/cargo build --release --message-format short --color never
        '';

        # WRAPPER: agent-check
        # Forces diagnostics tracking.
        agentCheck = pkgs.writeShellScriptBin "agent-check" ''
          echo "🔍 Restricted Check..."
          ${hiddenRust}/bin/cargo check -Z track-diagnostics --message-format short --color never
        '';

        # WRAPPER: agent-add (The ONLY way to modify deps)
        # We wrap 'cargo add' so we can immediately audit the result.
        # The agent cannot run 'cargo add' without triggering the audit.
        agentAdd = pkgs.writeShellScriptBin "agent-add" ''
          if [ -z "$1" ]; then echo "Usage: agent-add <crate>"; exit 1; fi
          
          echo "📦 Adding dependency: $1"
          ${hiddenRust}/bin/cargo add "$@"
          
          echo "🔒 Auto-running Security Audit..."
          ${pkgs.cargo-audit}/bin/cargo-audit --color never
        '';

        # WRAPPER: agent-fix (The "Get out of Jail" card)
        # Allows `cargo fix` but only safe fixes.
        agentFix = pkgs.writeShellScriptBin "agent-fix" ''
          echo "🚑 Attempting Auto-Fix..."
          ${hiddenRust}/bin/cargo fix --allow-no-vcs --broken-code
        '';

        # ---------------------------------------------------------------------
        # 3. THE AGENT CONTEXT
        # ---------------------------------------------------------------------
        agentContext = ''
          # Restricted Environment Protocol

          ## 🚫 ACCESS DENIED
          - You do **not** have access to \`cargo\`, \`rustc\`, or \`clippy\`.
          - Do not attempt to run them directly. It will fail.

          ## ✅ ALLOWED ACTIONS
          | Action | Command |
          | :--- | :--- |
          | Check Syntax | \`agent-check\` |
          | Build Release | \`agent-build\` |
          | Add Dependency | \`agent-add <crate>\` (Auto-audits) |
          | Auto-Fix Code | \`agent-fix\` |
        '';

      in
      {
        devShells.default = pkgs.mkShell {
          # -----------------------------------------------------------------
          # THE PRISON BARS
          # We only expose the scripts. We DO NOT expose 'hiddenRust'.
          # We include 'stdenv.cc' because the linker is needed at runtime,
          # but the high-level tools are gone.
          # -----------------------------------------------------------------
          buildInputs = [
            pkgs.stdenv.cc   # Linker (Required for build to work)
            pkgs.pkg-config  # Helper for finding C libs
            pkgs.openssl     # Common C lib
            
            # The Interface
            agentBuild
            agentCheck
            agentAdd
            agentFix
          ];

          shellHook = ''
            echo "🔒 Initializing Restricted Agent Environment..."
            echo "${agentContext}" > AGENT_CONTEXT.md
            
            # Verify the jail
            if command -v cargo &> /dev/null; then
               echo "⚠️  WARNING: Cargo leaked into PATH!"
            else
               echo "✅ Cargo is successfully hidden."
            fi
            
            # Ensure Cargo.toml exists
            if [ ! -f Cargo.toml ]; then
               # We have to use the hidden tool to init
               ${hiddenRust}/bin/cargo init --quiet
            fi
          '';
        };
      }
    );
 }
	{
	description = "Rust Agentic Padded Cell (Tools Hidden, Wrappers Only)";

	inputs = {
	nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
	flake-utils.url = "github:numtide/flake-utils";
	rust-overlay.url = "github:oxalica/rust-overlay";
	};

	outputs = { self, nixpkgs, flake-utils, rust-overlay }:
	flake-utils.lib.eachDefaultSystem (system:
	let
	overlays = [ (import rust-overlay) ];
	pkgs = import nixpkgs { inherit system overlays; };

	# ---------------------------------------------------------------------
	# 1. THE HIDDEN TOOLCHAIN
	# ---------------------------------------------------------------------
	# We define this here, but we NEVER put it in 'buildInputs'.
	# The agent will never see 'rustc' or 'cargo' in its PATH.
	hiddenRust = pkgs.rust-bin.nightly.latest.default.override {
	extensions = [ "rust-src" "clippy" "rustfmt" "llvm-tools-preview" ];
	};

	# ---------------------------------------------------------------------
	# 2. THE ALLOWED INTERFACE (Wrappers)
	# ---------------------------------------------------------------------

	# WRAPPER: agent-build
	# Hardcodes the path to the hidden cargo.
	# Forces 'release' mode and short errors.
	agentBuild = pkgs.writeShellScriptBin "agent-build" ''
	echo "🏗️ Restricted Build..."
	${hiddenRust}/bin/cargo build --release --message-format short --color never
	'';

	# WRAPPER: agent-check
	# Forces diagnostics tracking.
	agentCheck = pkgs.writeShellScriptBin "agent-check" ''
	echo "🔍 Restricted Check..."
	${hiddenRust}/bin/cargo check -Z track-diagnostics --message-format short --color never
	'';

	# WRAPPER: agent-add (The ONLY way to modify deps)
	# We wrap 'cargo add' so we can immediately audit the result.
	# The agent cannot run 'cargo add' without triggering the audit.
	agentAdd = pkgs.writeShellScriptBin "agent-add" ''
	if [ -z "$1" ]; then echo "Usage: agent-add <crate>"; exit 1; fi

	echo "📦 Adding dependency: $1"
	${hiddenRust}/bin/cargo add "$@"

	echo "🔒 Auto-running Security Audit..."
	${pkgs.cargo-audit}/bin/cargo-audit --color never
	'';

	# WRAPPER: agent-fix (The "Get out of Jail" card)
	# Allows `cargo fix` but only safe fixes.
	agentFix = pkgs.writeShellScriptBin "agent-fix" ''
	echo "🚑 Attempting Auto-Fix..."
	${hiddenRust}/bin/cargo fix --allow-no-vcs --broken-code
	'';

	# ---------------------------------------------------------------------
	# 3. THE AGENT CONTEXT
	# ---------------------------------------------------------------------
	agentContext = ''
	# Restricted Environment Protocol

	## 🚫 ACCESS DENIED
	- You do not have access to \`cargo\`, \`rustc\`, or \`clippy\`.
	- Do not attempt to run them directly. It will fail.

	## ✅ ALLOWED ACTIONS
	\| Action \| Command \|
	\| :--- \| :--- \|
	\| Check Syntax \| \`agent-check\` \|
	\| Build Release \| \`agent-build\` \|
	\| Add Dependency \| \`agent-add <crate>\` (Auto-audits) \|
	\| Auto-Fix Code \| \`agent-fix\` \|
	'';

	in
	{
	devShells.default = pkgs.mkShell {
	# -----------------------------------------------------------------
	# THE PRISON BARS
	# We only expose the scripts. We DO NOT expose 'hiddenRust'.
	# We include 'stdenv.cc' because the linker is needed at runtime,
	# but the high-level tools are gone.
	# -----------------------------------------------------------------
	buildInputs = [
	pkgs.stdenv.cc # Linker (Required for build to work)
	pkgs.pkg-config # Helper for finding C libs
	pkgs.openssl # Common C lib

	# The Interface
	agentBuild
	agentCheck
	agentAdd
	agentFix
	];

	shellHook = ''
	echo "🔒 Initializing Restricted Agent Environment..."
	echo "${agentContext}" > AGENT_CONTEXT.md

	# Verify the jail
	if command -v cargo &> /dev/null; then
	echo "⚠️ WARNING: Cargo leaked into PATH!"
	else
	echo "✅ Cargo is successfully hidden."
	fi

	# Ensure Cargo.toml exists
	if [ ! -f Cargo.toml ]; then
	# We have to use the hidden tool to init
	${hiddenRust}/bin/cargo init --quiet
	fi
	'';
	};
	}
	);
	}
No results found