model persisted to /state; stop auto-allowing claude-code unfree
model persistence: /model <name> now writes to /state/hyperhive-model (in-container), Bus::new reads it on init. operator override survives harness restart and container rebuild; gone on --purge like every other piece of agent state. path overridable via HYPERHIVE_MODEL_FILE for tests. failure to persist is a warn, not fatal — runtime override still applies, just won't survive a restart. unfree opt-in: drop the auto-allowUnfreePredicate from harness-base.nix and the claude-unstable overlay. operator now has to set nixpkgs.config.allowUnfree (or a predicate listing claude-code) in their own host config. silent unfree bypass was sketchy; this is honest. readme + gotchas updated to spell out the snippet. todo: drops model-persistence + container-crash + journald (all shipped); adds per-agent send allow-list (constrain who an agent can message).
This commit is contained in:
müde
parent
58c3cd853b
commit
8b9f7d21b7
6 changed files with 84 additions and 19 deletions
20
TODO.md
20
TODO.md
|
|
@ -3,6 +3,17 @@
|
|||
Pick anything from here when relevant. Cross-cutting design notes live in
|
||||
[CLAUDE.md](CLAUDE.md); high-level project intro in [README.md](README.md).
|
||||
|
||||
## Permissions / policy
|
||||
|
||||
- **Per-agent send allow-list.** Today any agent can `send` to any
|
||||
other recipient (peer, manager, operator). Add a per-agent
|
||||
policy that constrains the `to` field — declared in `agent.nix`,
|
||||
e.g. `hyperhive.allowedRecipients = [ "manager" "alice" ]`.
|
||||
Broker rejects with an `Err { message }` when the policy denies.
|
||||
Default: unrestricted (back-compat). The manager can still
|
||||
always send anywhere. Useful for sandboxing untrusted sub-agents
|
||||
so they can only talk to the manager, not other sub-agents.
|
||||
|
||||
## Security
|
||||
|
||||
- **Unprivileged containers (userns mapping).** Today the nspawn container
|
||||
|
|
@ -31,15 +42,6 @@ Pick anything from here when relevant. Cross-cutting design notes live in
|
|||
derived from the same config so the operator stays in control of
|
||||
what's exposed.
|
||||
|
||||
## Per-agent settings
|
||||
|
||||
- **Model override persistence.** `/model <name>` already switches
|
||||
the model at runtime via `Bus::set_model`; the chip on the agent
|
||||
page reflects the current value. Override is in-memory only and
|
||||
resets on harness restart — by design for now, but consider
|
||||
optional persistence (`/state/model` file?) so an operator-set
|
||||
model survives a rebuild.
|
||||
|
||||
## UI / UX
|
||||
|
||||
- **Terminal: `/model` slash command.** Operator-typeable model
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue