Skip to content

feat: pre-install project devShell packages at build time#5

Draft
gotha wants to merge 3 commits into
mainfrom
001-devshell-package-prebuild
Draft

feat: pre-install project devShell packages at build time#5
gotha wants to merge 3 commits into
mainfrom
001-devshell-package-prebuild

Conversation

@gotha

@gotha gotha commented Jun 27, 2026

Copy link
Copy Markdown
Owner

Summary

Adds an opt-in option to bake a project flake's devShell packages into the agentbox VM image at build time. When enabled, agentbox reads the declared devShell from a locked project flake input, extracts its packages, and installs them as global system packages — so they are on PATH the moment the VM boots: no download, no build, works offline, and a later nix develop finds them already in the Nix store.

Implements specs/001-devshell-package-prebuild.

What's included

  • New options agentbox.project.devShellPackages.{enable,flake,name} (disabled by default; default behavior unchanged).
  • lib/extract-devshell-packages.nix — extracts the package set from a devShells.<system>.<name>.
  • modules/devshell-packages.nix — wires the extracted packages into systemPackages and writes the resolved set to /etc/agentbox/devshell-packages for visibility.
  • Git source only (via a locked flake input, fetched with normal git/SSH credentials). mount/copy sources fail clearly, since their contents only exist after boot.
  • Defaults to the default devShell; name selects a named shell.
  • Fails loudly when the named devShell is missing or declares no packages, rather than producing a confusing VM.
  • Bumps nixpkgs to nixos-26.05.
  • Tests (tests/devshell-packages*.nix, fixture project) + example (examples/devshell-prebuild-git) + spec docs.

Notes for reviewers

  • This branch is based on local main, which is 2 commits ahead of origin/main (examples: pin to v0.1.0 + examples: regenerate flake.lock). Those will appear in this PR's diff until main is pushed.
  • Behavior is backward compatible: with the option disabled, builds are identical to current behavior.

Test plan

  • nix flake check passes (eval + module-eval tests).
  • Build a VM with devShellPackages.enable = true against a project flake with a known devShell; boot with networking disabled and confirm the declared packages are on PATH.
  • Confirm /etc/agentbox/devshell-packages lists the extracted set.
  • Build with the option disabled and confirm no devShell inspection occurs.

🤖 Generated with Claude Code

gotha added 3 commits May 4, 2026 08:56
@gotha
examples: pin agentbox input to v0.1.0
9dbeadd 
Pins the agentbox flake input from the floating default branch to the
v0.1.0 tag in all four example flakes. Without this pin, consumers of
the examples would silently pick up arbitrary future commits to the
agentbox repo.
@gotha
examples: regenerate flake.lock against v0.1.0
c9cc7e8 
Adds flake.lock files for all four examples, pinning agentbox to
commit 38317bb (= v0.1.0) and recording cryptographic narHashes for
all transitive dependencies (nixpkgs, home-manager, gotha-nixpkgs,
dotfiles). Provides a full reproducibility audit trail for the
example builds.
@gotha
feat: pre-install project devShell packages at build time
a4b1138 
Add an opt-in option to bake a project flake's devShell packages into the
VM image at build time. When enabled, agentbox reads the declared devShell
from a locked project flake input, extracts its packages, and installs them
as global system packages so they are on PATH at boot — no download, no
build, works offline, and a later `nix develop` finds them already in the
store.

- New `agentbox.project.devShellPackages` options (enable/flake/name)
- lib/extract-devshell-packages.nix: extract packages from a devShell
- modules/devshell-packages.nix: wire extracted packages into systemPackages
  and write the resolved set to /etc/agentbox/devshell-packages for visibility
- Git source only (via locked flake input); fails clearly otherwise
- Defaults to the "default" devShell; `name` selects a named shell
- Fails loudly when the devShell is missing or declares no packages
- Bump nixpkgs to nixos-26.05
- Tests + example (examples/devshell-prebuild-git) + spec docs

Implements specs/001-devshell-package-prebuild.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gotha