plan: hive- prefix for managed containers

2026-05-14 20:43:54 +02:00 · 2026-05-14 20:43:54 +02:00 · 27bc538fd7
commit 27bc538fd7
parent c67584c7c1
1 changed files with 6 additions and 4 deletions
--- a/PLAN.md
+++ b/PLAN.md
@ -54,7 +54,7 @@ A multi-Claude-Code-agent setup on a single host:
 │  ├── /run/hyperhive/manager.sock       → manager container  │
 │  └── /run/hyperhive/agents/<name>.sock → that agent         │
 │                                                             │
-│  ┌─ nixos-container: manager ────────────────────┐          │
+│  ┌─ nixos-container: hive-manager ───────────────┐          │
 │  │  hive-m1nd (Rust, hive-ag3nt crate)           │          │
 │  │   ├ MCP client → /run/hyperhive/manager.sock  │          │
 │  │   ├ turn loop driving `claude`                │          │
@ -68,7 +68,7 @@ A multi-Claude-Code-agent setup on a single host:
 │  │   update_shared_instructions                  │          │
 │  └────────────────────────────────────────────────┘         │
 │                                                             │
-│  ┌─ nixos-container: agent-<name> ───────────────┐          │
+│  ┌─ nixos-container: hive-<name> ────────────────┐          │
 │  │  hive-ag3nt (Rust)                            │          │
 │  │   MCP client → /run/hyperhive/agents/<name>.sock         │
 │  │  state/ RW, config/ + prompts/ + shared RO    │          │
@ -82,6 +82,8 @@ A multi-Claude-Code-agent setup on a single host:

 **Sockets, not identity gating.** One unix socket per principal, bind-mounted into the right place. The socket *is* the principal — no `SO_PEERCRED` lookups, no token plumbing. Perms are filesystem perms on the host side, plus the fact that only the matching container has the bind-mount. Each socket runs the MCP tool surface appropriate to its principal.

+**Container naming.** All nixos-containers managed by `hive-c0re` are prefixed `hive-`. An agent named `foo` runs as nixos-container `hive-foo`; the manager runs as `hive-manager`. The prefix prevents collisions with other containers on the host and makes ownership obvious. On-disk paths (`/var/lib/hyperhive/agents/foo/`) and socket paths (`/run/hyperhive/agents/foo.sock`) use the bare logical name; the prefix lives only at the nixos-container layer.
+
 **Approvals are git commits.** `hive-c0re` maintains a `state-repo` on host that records the world (which agents exist, their roles, etc.). Per-agent flake configs (`agents/<name>/config/`) are themselves git repos. The manager edits clones with plain `git` CLI inside its container and asks `hive-c0re` to apply a commit via `request_apply_commit(agent, sha)`. `hive-c0re` queues it; once approved, fast-forwards `main` and reconciles state (rebuild containers, etc.). **No abstract "approval token" — the commit hash is the token.**

 **Approval UX evolves.** Early phases approve by CLI (`hive-c0re approve <sha>`) or even direct `git merge` on the host. The dashboard's commit-view UI is one of the last features built (so the system runs end-to-end on CLI long before the browser does anything useful).
@ -115,7 +117,7 @@ A multi-Claude-Code-agent setup on a single host:
 - **Exit:** `nixos-container create test-agent --flake .#agent-base && nixos-container start test-agent` brings up a container whose `hive-ag3nt` prints "hello" and exits.

 ### Phase 1 — container lifecycle + Risk 1
- `hive-c0re`: open host admin socket (`/run/hyperhive/host.sock`); verbs `spawn(name)`, `kill(name)`, `rebuild(name)`, `list()`. Uses `nixos-container` underneath.
+- `hive-c0re`: open host admin socket (`/run/hyperhive/host.sock`); verbs `spawn(name)`, `kill(name)`, `rebuild(name)`, `list()`. Uses `nixos-container` underneath; container name on the host is `hive-<name>`.
 - CLI tool talking to the admin socket (same `hive-c0re` binary, subcommand-driven).
 - Manually mutate an agent's config flake, call `rebuild`, observe whether `hive-ag3nt` survives.
 - **Decision:** if hot-reload doesn't preserve the harness, that becomes a hard requirement of `hive-ag3nt`'s design (resume from disk state). Document the outcome.
@ -134,7 +136,7 @@ A multi-Claude-Code-agent setup on a single host:

 ### Phase 4 — `hive-m1nd` + privileged surface
 - `hive-m1nd` binary (second `[[bin]]` in `hive-ag3nt`) wires the manager tool surface.
- Manager container declared in host NixOS module (auto-restart). Bind-mount `agents/**` RW.
+- Manager container (`hive-manager`) declared in host NixOS module (auto-restart). Bind-mount `agents/**` RW.
 - Manager socket gets the privileged tool surface: `request_spawn`/`request_kill`, `request_apply_commit`, `inject_peer_info`, `send(..., wait_for_reply=true)`.
 - Smoke: attach a terminal to the manager container (`nixos-container root-login`); ask `hive-m1nd` to spawn an agent and route a message to it.
 - **Exit:** manager spawns, routes, kills a child agent end-to-end; lifecycle still gated by manual CLI approval (no GUI yet).