vinzenz/hyperhive
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hyperhive/TODO.md
müde 070b237d03 docs: SPA pattern noted, todo cleared; harness-base git config mkDefault 
programs.git.config.user.{name,email} in harness-base.nix now mkDefault
so the per-agent applied flake's override merges without mkForce.
2026-05-15 17:17:48 +02:00

2.8 KiB
Raw Blame History

TODO

Pick anything from here when relevant. Cross-cutting design notes live in CLAUDE.md; high-level project intro in README.md.

Security

  • Unprivileged containers (userns mapping). Today the nspawn container runs as a fully privileged root. Goal: PrivateUsersChown=yes (or the nixos-container equivalent) so uid 0 inside maps to an unprivileged uid on the host, and a container-root compromise lands the attacker on an ordinary user account, not the host's root. Requires per-agent state dirs to be chown'd to that uid on the host side.
  • Bash command allow-list. Replace the blanket Bash allow with a pattern allow-list (Bash(git *), Bash(nix build .*), etc.) per claude-code's --allowedTools extended grammar. Likely lives in agent.nix so each agent can scope its own shell surface.

Per-agent settings

  • Model override. Hard-coded to haiku in the turn loop right now. Surface as a per-agent override: operator via dashboard, manager via request_apply_commit setting an attr on the agent's flake (most natural place since the flake already carries per-agent env/identity).

UI / UX

  • Operator inbox view. Drain replies addressed to operator and show them on the dashboard. Today they accumulate in sqlite unread; you can only see them by watching the live panel of the agent that sent them.
  • Per-agent UI substance. Show last N inbox messages, last turn timing, link back to dashboard.
  • xterm.js terminal embedded per-agent, attached to a PTY exposed by the harness. Pairs well with the unprivileged-container work — would let the operator drop into the container without nixos-container root-login.

Loop substance

  • Notes / state persistence. Per-agent notes.md for durable scratch memory across turns. Compaction-on-overflow runs a separate short-lived claude session (à la bitburner-agent). The --continue session already gives short-term memory, but notes give cross-session durable knowledge that isn't lost on a /compact boundary.

Lifecycle / reliability

  • Bounded broker. Cap rows per recipient or auto-vacuum delivered messages older than a threshold. sqlite is growing unbounded.
  • Container crash events. Watch container@*.service via D-Bus, push HelperEvent::ContainerCrash to the manager's inbox so the manager can react (restart, escalate, etc.).
  • destroy --purge. Today destroy keeps state by design; add an opt-in flag (CLI + dashboard) to also wipe /var/lib/hyperhive/agents/<name>/ and /var/lib/hyperhive/applied/<name>/.

Cleanup / docs

  • Debug-only sub-commands. hive-ag3nt send/recv and the analogous hive-m1nd send/recv/... exist only for ops debugging. Move them into a hidden debug sub-command to declutter --help, or drop entirely.