lifecycle: bind each sub-agent's config repo read-only at /agents/<name>/config

2026-05-20 10:00:28 +02:00 · 2026-05-20 10:00:28 +02:00 · 1529c2d777
commit 1529c2d777
parent 56e7eb6e73
4 changed files with 46 additions and 3 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -183,6 +183,20 @@ read them à la carte.
 In-flight or recent context that hasn't earned a section yet.
 Prune freely.

+- **Just landed:** sub-agents get a read-only view of their own
+  config repo. `set_nspawn_flags` now adds
+  `--bind-ro={proposed_dir}:/agents/<name>/config` for every
+  sub-agent container (manager unchanged — it already has the whole
+  `/agents` tree RW). The agent can read `agent.nix` + whatever
+  extra files the manager split the config into, so it can request
+  precise changes from the manager instead of guessing. RO is
+  load-bearing: config edits only ever flow through the manager's
+  proposed repo + the approval queue. `setup_proposed` seeds the
+  dir before spawn reaches `set_nspawn_flags`; a defensive
+  `create_dir_all` keeps a missing repo from becoming a
+  won't-boot container. Takes effect on next rebuild/restart of
+  each existing sub-agent. `agent.md` system prompt + `docs/
+  persistence.md` updated.
 - **Just landed:** `request_apply_commit` fetch fix. The old
  `git_fetch_to_tag` built a refspec `<sha>:refs/tags/proposal/<id>`
  and ran `git fetch <proposed> <sha>:...` — but `git fetch` resolves