agent flake.nix: forward inputs as flakeInputs module arg

new boilerplate wraps agent.nix as a sub-module + passes every flake input (minus self) through to it via _module.args.flake Inputs. manager edits the inputs block of flake.nix to pull in out-of-tree flakes (MCP servers etc.) and references them in agent.nix as flakeInputs.<name>.packages.${pkgs.system}.default — the new input's pinned sha lands in the agent's own flake .lock (already tracked + part of the proposal flow), and transitively rolls up into meta's lock. migrate's MODULE_FLAKE_MARKER swaps to _module.args.flakeInputs so existing agents on the old 'nixosModules.default = import ./agent.nix' template get re-rendered onto the new shape on next hive-c0re start. manager_server's flake.nix tamper-check goes away — the build path's failed/<id> annotated tag already provides the safety net when a manager edit breaks the flake; enforcing 'no flake.nix edits at all' was overly strict (blocks the inputs- addition pattern that's the whole point of this change). manager prompt updated with a worked example for adding an MCP-server flake input + wiring it through agent.nix.
2026-05-16 02:23:43 +02:00 · 2026-05-16 02:23:43 +02:00 · 3db33b0fe5
commit 3db33b0fe5
parent 66a69d0c7f
4 changed files with 44 additions and 55 deletions
--- a/hive-c0re/src/manager_server.rs
+++ b/hive-c0re/src/manager_server.rs
@ -324,26 +324,6 @@ async fn submit_apply_commit(
            return Err(anyhow::anyhow!("git_fetch_to_tag: {e:#}"));
        }
    };
-    // Reject proposals that touch flake.nix — that file is fixed
-    // boilerplate the meta flake depends on (it exports
-    // `nixosModules.default = import ./agent.nix`); a manager edit
-    // there silently breaks the nixosConfiguration. Prompt tells the
-    // manager not to; this is the host-side belt.
-    let proposal_ref = format!("refs/tags/{tag}");
-    match proposal_modifies(&applied_dir, &proposal_ref, "flake.nix").await {
-        Ok(true) => {
-            let note = "proposal modifies flake.nix — that file is hive-c0re-owned \
-                        boilerplate; edit only agent.nix (and sibling modules)";
-            let _ = coord.approvals.mark_failed(id, note);
-            return Err(anyhow::anyhow!(note));
-        }
-        Ok(false) => {}
-        Err(e) => {
-            // Diff itself failed — log + continue. The build will
-            // surface concrete errors if flake.nix is actually borked.
-            tracing::warn!(error = ?e, %tag, "flake.nix tamper-check failed; allowing");
-        }
-    }
    coord
        .approvals
        .set_fetched_sha(id, &sha)
@ -351,36 +331,6 @@ async fn submit_apply_commit(
    Ok((id, sha))
 }

-/// True iff `proposal_ref`'s tree differs from `refs/heads/main` at
-/// `path`. Used to enforce that proposals don't touch hive-c0re-owned
-/// files in the applied repo.
-async fn proposal_modifies(
-    applied_dir: &std::path::Path,
-    proposal_ref: &str,
-    path: &str,
-) -> anyhow::Result<bool> {
-    let out = crate::lifecycle::git_command()
-        .current_dir(applied_dir)
-        .args([
-            "diff",
-            "--name-only",
-            &format!("refs/heads/main..{proposal_ref}"),
-            "--",
-            path,
-        ])
-        .output()
-        .await
-        .map_err(|e| anyhow::anyhow!("spawn git diff: {e}"))?;
-    if !out.status.success() {
-        anyhow::bail!(
-            "git diff exited {}: {}",
-            out.status,
-            String::from_utf8_lossy(&out.stderr).trim()
-        );
-    }
-    Ok(!out.stdout.iter().all(u8::is_ascii_whitespace))
-}
-
 /// On `AskOperator { ttl_seconds: Some(n) }`, sleep n seconds and then
 /// try to resolve the question with `[expired]`. If the operator (or
 /// any other path) already answered it, `answer()` returns Err and