nix

package
v0.1.157 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package nix is the codefly Nix toolbox — flake introspection and evaluation exposed as typed Tool RPCs.

This is the canonical replacement for `bash -c "nix ..."`. Agents that need to inspect a flake, list its outputs, or evaluate a nix expression call typed RPCs here; the Bash toolbox refuses every `nix` invocation and routes callers via canonical_for: nix.

Implementation shells out to the nix binary (no pure-Go nix evaluator exists). That's fine: the Nix toolbox is the canonical owner of the binary, so the parser layer routes here, and the OS sandbox grants the nix binary specifically into THIS toolbox's sandbox — not into the bash toolbox's, where it would otherwise be unreachable. This is the architectural payoff: each toolbox has its own sandbox, scoped to exactly the binaries it claims.

Phase 1 ships a minimal read-only set:

  • nix.flake_metadata — `nix flake metadata --json` on a flake
  • nix.flake_show — `nix flake show --json` (outputs surface)
  • nix.eval — `nix eval --json` of an expression

Mutation tools (build, develop, run) come later — they need careful thinking about resource caps (a `nix build` can fetch gigabytes) and about the boundary between the toolbox and the existing runners/base.NixEnvironment which manages devshells for service plugins.

Permissions: this toolbox declares `canonical_for: [nix]`. Sandbox: read-only by default, network granted to the nix substituters configured in the host (cache.nixos.org typically), writes scoped to /nix/store + the materialization cache dir.

Index

Constants

View Source 
const DefaultEvalTimeout = 30 * time.Second

DefaultEvalTimeout caps any single `nix eval` call. Nix evaluation can be unbounded (an infinite recursion in a flake will hang forever); a per-call ceiling keeps the toolbox honest. Configurable via the timeout_ms argument; this is the floor when none is given.

View Source 
const MaxEvalOutputBytes = 4 * 1024 * 1024 // 4 MiB

MaxEvalOutputBytes caps how much stdout we keep from any nix invocation. Above this we truncate with a flag; defends against a hostile or buggy expression that prints multi-GB to stdout.

Variables

This section is empty.

Functions

This section is empty.

Types

type Server 

type Server struct {
	*registry.Base
	// contains filtered or unexported fields
}

Server implements codefly.services.toolbox.v0.Toolbox for nix flake introspection and expression evaluation.

Construction is cheap — no nix binary check, no daemon connection. The first tool call exec's `nix` directly; if nix isn't on PATH the tool surfaces a clear error. This mirrors docker.Server's lazy philosophy: tests that exercise schema/dispatch don't need a live nix install.

func New 

func New(version string) *Server

New returns a Server.

func (*Server) Identity 

func (s *Server) Identity(_ context.Context, _ *toolboxv0.IdentityRequest) (*toolboxv0.IdentityResponse, error)

func (*Server) Tools 

func (s *Server) Tools() []*registry.ToolDefinition

Tools is the source of truth — see git/server.go for convention.

func (*Server) WithBinary 

func (s *Server) WithBinary(path string) *Server

WithBinary overrides the nix executable path. Production callers leave this unset and rely on PATH; tests use it to point at a scripted fake.

Source Files

View all Source files

Directories

Path Synopsis
cmd
nix-toolbox command
Command nix-toolbox is the standalone binary form of the codefly nix toolbox.
 Command nix-toolbox is the standalone binary form of the codefly nix toolbox.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.