Created
February 8, 2026 17:03
-
-
Save shift/72a0dd1c9c94e17948e48eaa0b136f76 to your computer and use it in GitHub Desktop.
Agentic rust development environment
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| description = "Rust Agentic Environment (High-Performance & Security Enforced)"; | |
| inputs = { | |
| nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; | |
| flake-utils.url = "github:numtide/flake-utils"; | |
| }; | |
| outputs = { self, nixpkgs, flake-utils }: | |
| flake-utils.lib.eachDefaultSystem (system: | |
| let | |
| pkgs = nixpkgs.legacyPackages.${system}; | |
| # --------------------------------------------------------------------- | |
| # 1. AGENT-SECURE-DEPS (Dependency Guardrail) | |
| # --------------------------------------------------------------------- | |
| # We don't just trust 'cargo add'. We audit the tree after every addition. | |
| agentAudit = pkgs.writeShellScriptBin "agent-audit" '' | |
| echo "π [Audit] Scanning dependency tree for CVEs..." | |
| ${pkgs.cargo-audit}/bin/cargo-audit | |
| ''; | |
| # --------------------------------------------------------------------- | |
| # 2. AGENT-LINT (The Ruthless Reviewer) | |
| # --------------------------------------------------------------------- | |
| # -D warnings: Fail on ANY warning. | |
| # -W clippy::pedantic: Nitpick the code structure. | |
| # -W clippy::perf: Warn about inefficient code (e.g. .clone() on Copy types). | |
| # -W clippy::unwrap_used: BAN .unwrap() entirely. | |
| agentLint = pkgs.writeShellScriptBin "agent-lint" '' | |
| echo "π§Ή [Lint] Running High-Performance & Security Checks..." | |
| ${pkgs.cargo}/bin/cargo clippy -- \ | |
| -D warnings \ | |
| -W clippy::pedantic \ | |
| -W clippy::perf \ | |
| -D clippy::unwrap_used \ | |
| -D clippy::expect_used \ | |
| -D unsafe_code | |
| ''; | |
| # --------------------------------------------------------------------- | |
| # 3. AGENT-BENCH (Performance Verification) | |
| # --------------------------------------------------------------------- | |
| # If the user asks for perf, we should enable easy benchmarking. | |
| agentBench = pkgs.writeShellScriptBin "agent-bench" '' | |
| echo "ποΈ [Bench] Running micro-benchmarks..." | |
| ${pkgs.cargo}/bin/cargo bench | |
| ''; | |
| # --------------------------------------------------------------------- | |
| # AGENT CONTEXT (The High-Perf/Sec Contract) | |
| # --------------------------------------------------------------------- | |
| agentContext = '' | |
| # Rust Agent Protocol (High-Performance & Secure) | |
| ## π¨ CRITICAL RESTRICTIONS | |
| 1. **NO MANUAL TOML EDITS:** You are strictly FORBIDDEN from editing \`Cargo.toml\`. | |
| - **MUST USE:** \`cargo add <crate>\` (This ensures latest versions). | |
| - **MUST USE:** \`cargo add <crate> --features <feat>\` (Validates flags). | |
| 2. **ZERO UNWRAP POLICY:** | |
| - You may NOT use \`.unwrap()\` or \`.expect()\`. | |
| - You MUST handle errors using \`Result\`, \`?\` propagation, or \`match\`. | |
| - **Security:** Panics are a Denial of Service vector. | |
| 3. **PERFORMANCE FIRST:** | |
| - **Avoid Cloning:** Do not casually \`.clone()\`. Use references (\`&str\`), lifetimes, or \`std::borrow::Cow\`. | |
| - **Allocations:** Minimize heap allocations. Reuse buffers where possible. | |
| - **Async:** Never perform blocking IO (std::fs) in an async context. Use \`tokio::fs\`. | |
| 4. **SECURITY:** | |
| - **No Unsafe:** \`unsafe\` blocks are strictly prohibited. | |
| - **Audit:** You must run \`agent-audit\` if you change dependencies. | |
| ## π YOUR TOOLCHAIN | |
| | Command | Purpose | When to Run | | |
| | :--- | :--- | :--- | | |
| | \`agent-lint\` | **Enforcer.** Checks for perf issues, unwraps, and unsafe code. | Before \`agent-check\`. | | |
| | \`agent-audit\` | **Security.** Scans for Vulnerabilities (CVEs). | After adding any dependency. | | |
| | \`agent-test\` | **Correctness.** Runs standard tests. | After logic changes. | | |
| ''; | |
| in | |
| { | |
| devShells.default = pkgs.mkShell { | |
| buildInputs = with pkgs; [ | |
| cargo | |
| rustc | |
| rust-analyzer | |
| clippy | |
| rustfmt | |
| # Security Tooling | |
| cargo-audit # Checks RustSec Advisory Database | |
| cargo-edit # Provides 'cargo add', 'cargo rm', 'cargo upgrade' | |
| # Custom Scripts | |
| agentLint | |
| agentAudit | |
| agentBench | |
| # System Libs (Commonly needed for high-perf networking/crypto) | |
| pkg-config | |
| openssl | |
| ]; | |
| shellHook = '' | |
| echo "π‘οΈ Initializing HIGH-PERFORMANCE Rust Environment..." | |
| # 1. Generate Strict Context | |
| echo "${agentContext}" > AGENT_CONTEXT.md | |
| echo "π Generated AGENT_CONTEXT.md (Strict Mode)" | |
| # 2. Bootstrap Project | |
| if [ ! -f Cargo.toml ]; then | |
| echo "π¦ Initializing..." | |
| cargo init | |
| # Pre-install standard High-Perf stack | |
| # Tokio: Async Runtime | |
| # Serde: Serialization (standard) | |
| # Thiserror: Performant error deriving (better than anyhow for libs) | |
| cargo add tokio --features full | |
| cargo add serde --features derive | |
| cargo add thiserror | |
| echo "β Bootstrapped with Tokio + Serde + Thiserror" | |
| fi | |
| echo "π Ready. Remember: NO manual Cargo.toml edits." | |
| ''; | |
| }; | |
| } | |
| ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment