docs: First draft of the devcontainer specs

zah · zah · commit aa1ba96e0daa · 2025-08-25T12:51:52.000+03:00
diff --git a/docs/agents/_template.md b/docs/agents/_template.md
@@ -0,0 +1,29 @@
+## <Agent Tool> — Integration Notes
+
+### Overview
+
+Summarize what this tool does and how Agents‑Workflow uses it.
+
+### Credentials
+
+- Environment variables: list supported vars and precedence.
+- Config files/locations: paths to mount read‑only if available.
+- Host agents/sockets: whether forwarding is supported.
+- Minimal test/probe command to validate auth.
+
+### Execution Hooks
+
+- How commands are invoked inside sessions.
+- Points where timeline markers should be emitted.
+- Any stderr/stdout peculiarities affecting recording.
+
+### Time‑Travel Considerations
+
+- Side effects on the filesystem and how to snapshot effectively.
+- Required quiesce/flush operations before anchoring (if any).
+
+### Known Issues
+
+- Platform quirks, rate limits, stability notes.
+
+
diff --git a/docs/devcontainer-design.md b/docs/devcontainer-design.md
@@ -0,0 +1,141 @@
+## Devcontainer Design — Requirements, Rationale, Implementation
+
+### Scope
+
+Define a layered devcontainer architecture for Agents‑Workflow:
+
+- A lower‑level Nix devcontainer base that standardizes Nix, caches, and host↔guest cache sharing.
+- An Agents Base Image that builds on the Nix base and ships all supported agentic CLIs plus the framework glue for task execution, recording, and credential propagation.
+- Downstream project images that extend the Agents Base Image by adding a project‑specific Nix devshell for building/testing that codebase.
+
+This document describes requirements, rationale, and implementation details. Nix base specifications live under `docs/nix-devcontainer/`.
+
+### Requirements
+
+- Provide a consistent developer experience across Linux, macOS, and Windows (Docker Desktop/WSL) with minimal host prerequisites.
+- Support all agentic CLIs integrated by agents‑workflow (see per‑agent docs under `docs/agents/`).
+- Implement credential propagation: when host is authenticated to a provider, the guest resolves the same credentials without re‑login.
+- Provide persistent build caches and Nix store layers across container rebuilds; enable optional host↔guest cache sharing for language package managers.
+- Integrate execution hooks needed by Agent Time‑Travel (timeline markers, snapshot triggers) without interfering with normal shell use.
+- Keep secrets out of images; use runtime env/secrets and read‑only mounts; be auditable.
+
+### Design Rationale
+
+- Layering separates concerns:
+  - Nix base focuses on reproducibility and performant builds via shared caches.
+  - Agents base concentrates agent tools, shell setup, recording hooks, and credential bridges.
+  - Projects remain small: generally a `devcontainer.json` and a Nix devshell.
+- Nix is the lingua franca for project dependencies and toolchains; downstream projects reuse the same workflow regardless of language.
+- Cache sharing is opt‑in and explicit per package manager to avoid accidental leakage and permission issues.
+- Credential propagation prioritizes agent‑approved mechanisms (env vars, config files, OS agents) and relies on read‑only host mounts or forwarded sockets where feasible.
+
+### Layered Images
+
+1) Nix Devcontainer Base (see `docs/nix-devcontainer/`)
+   - Installs Nix (flakes enabled), configures substituters/cachix.
+   - Declares persistent volumes for `/nix`, Nix DB, and general caches.
+   - Provides optional shared cache mounts for common package managers (npm/pnpm/yarn, pip/pipx, cargo, go, maven/gradle, etc.).
+   - Exposes a thin entrypoint that sources project devshell when present.
+
+2) Agents Base Image
+   - FROM: Nix Devcontainer Base.
+   - Installs agentic CLIs supported by Agents‑Workflow (see `docs/agents/`). Examples include: OpenAI/Anthropic CLI tooling, GitHub CLI, and other agent runners referenced by `bin/*` and `*-setup` scripts.
+   - Copies `bin/`, `common-pre-setup`, `common-post-setup`, and setup shims (`codex-setup`, `copilot-setup`, `open-hands-setup`, `goose-setup`, `jules-setup`).
+   - Configures shell integration (zsh/bash/fish) to emit execution markers via preexec/DEBUG traps in support of time‑travel anchors.
+   - Prepares netrc/SSH/gh credential bridges (runtime only; nothing baked into the image).
+
+3) Project Image
+   - FROM: Agents Base Image.
+   - Adds project `flake.nix`/`devshell` and any extra tools.
+   - Optionally extends cache mounts for project‑specific package managers.
+
+### devcontainer.json (reference)
+
+Downstream projects consume the base like this (illustrative):
+
+```json
+{
+  "name": "agents-workflow-dev",
+  "image": "ghcr.io/blocksense/agents-workflow-agents-base:latest",
+  "features": {},
+  "remoteUser": "vscode",
+  "updateRemoteUserUID": true,
+  "containerEnv": {
+    "ZDOTDIR": "/home/vscode/.zsh",
+    "NIX_CONFIG": "experimental-features = nix-command flakes"
+  },
+  "mounts": [
+    "source=aw-nix-store,target=/nix,type=volume",
+    "source=aw-cache-home,target=/home/vscode/.cache,type=volume",
+    "source=aw-cargo,target=/home/vscode/.cargo,type=volume",
+    "source=aw-go-cache,target=/home/vscode/.cache/go-build,type=volume",
+    "source=aw-go-mod,target=/home/vscode/go/pkg/mod,type=volume"
+  ],
+  "runArgs": ["--init"],
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "terminal.integrated.defaultProfile.linux": "zsh"
+      },
+      "extensions": ["ms-vscode-remote.remote-containers"]
+    }
+  },
+  "postCreateCommand": "./codex-setup || true"
+}
+```
+
+### Credential Propagation Framework
+
+Principles:
+
+- Never bake secrets into images. Use runtime environment variables, forwarded agents/sockets, and read‑only mounts of host config where safe.
+- Normalize through the shell setup scripts so agent CLIs find credentials predictably.
+
+Mechanisms:
+
+- Env pass‑through: Allowlist known vars (examples: `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `OPENROUTER_API_KEY`, `HUGGING_FACE_HUB_TOKEN`, `GITHUB_TOKEN`, `GITLAB_TOKEN`, `BITBUCKET_TOKEN`).
+- Git hosting: generate `~/.netrc` from `GITHUB_TOKEN`/`GITLAB_TOKEN`/`BITBUCKET_TOKEN` (as in `codex-setup`).
+- GitHub CLI and Copilot CLI: prefer `gh auth` state by mounting `~/.config/gh/hosts.yml` read‑only or exporting `GH_TOKEN` if org policy allows.
+- SSH agent forwarding: mount `SSH_AUTH_SOCK` and pass through `~/.ssh/known_hosts` read‑only; avoid copying private keys.
+- Cloud SDKs: allow optional read‑only mounts of provider config (e.g., `~/.aws`, `~/.config/gcloud`) when required by a specific agent; otherwise rely on env‑based credentials.
+
+Each agent’s exact mapping is captured in `docs/agents/<tool>.md` and validated in CI with probe commands (e.g., `gh auth status`, minimal API ping for OpenAI/Anthropic).
+
+### Time‑Travel Execution Hooks in Devcontainer
+
+- zsh: `preexec` emits a timeline marker before execution; `precmd` after. bash: `trap DEBUG` + `PROMPT_COMMAND`. fish: `fish_preexec`/`fish_postexec`.
+- The hook writes a small JSON event (`{ts, cmd, cwd, session}`) to a FIFO/log consumed by the runner to align markers with snapshot anchors.
+- Hooks are opt‑out via config key (see `docs/configuration.md`), and no‑op for non‑interactive shells.
+
+### Caching and Host↔Guest Cache Sharing
+
+- Persistent volumes for: `/nix`, language caches (Cargo, Go, npm/pnpm/yarn, pip, maven/gradle), and compiler caches (sccache/ccache).
+- Host↔guest sharing guidelines and test plans are defined in `docs/nix-devcontainer/cache-guidelines.md` and `test-suite.md`.
+- For Windows hosts, prefer Docker volumes over bind mounts to avoid permission/line‑ending pitfalls; on macOS/Linux, bind mounts are acceptable for read‑only config.
+
+### Implementation Details
+
+- User/UID: set `remoteUser` to a non‑root user matching host UID to simplify shared cache permissions.
+- Entrypoint: minimal init (tini), run `common-pre-setup`, source project hooks if present `.agents/*-setup`, then `common-post-setup`.
+- Health: ship `aw doctor` checks for snapshot providers, Nix, caches, gh/ssh/auth readiness.
+- Security: secrets via env or forwarded sockets; config mounts read‑only; no tokens written to image layers.
+
+### Testing and CI
+
+- Cold/warm build benchmarks with and without caches.
+- Credential probes for each agent (non‑destructive): `gh auth status`, short `curl` to model/provider endpoints when keys present.
+- Time‑travel hook smoke tests: run a few commands and verify markers are emitted.
+- Cross‑platform matrix: Linux, macOS (Docker Desktop), Windows (WSL2/Hyper‑V).
+
+### Migration Plan
+
+- Phase 1 (this repo): build and publish `agents‑workflow‑nix‑base` and `agents‑workflow‑agents‑base` images to a registry (e.g., GHCR).
+- Phase 2 (extraction): split Nix base to a standalone repo; keep Agents base here, pinning base by digest.
+
+### Open Questions
+
+- Exact per‑agent credential files and minimal scopes (document in `docs/agents/`).
+- Which package manager caches to enable by default vs opt‑in.
+- Windows credential manager integrations (e.g., Git Credential Manager) via bind vs env.
+
+
diff --git a/docs/nix-devcontainer/cache-guidelines.md b/docs/nix-devcontainer/cache-guidelines.md
@@ -0,0 +1,58 @@
+## Host↔Guest Cache Sharing — Guidelines and Goals
+
+### Goals
+
+- Reduce build/install times across container rebuilds and branches.
+- Avoid secret/material leakage via shared caches.
+- Keep cache consistency and correctness (no silent corruption, deterministic rebuilds when needed).
+
+### General Principles
+
+- Prefer Docker volumes for persistence; use bind mounts for read‑only configs when necessary.
+- Set clear ownership/permissions by aligning container user UID/GID with host where possible.
+- Use content‑addressed caches (where supported) and verify cache keys include OS/arch/toolchain.
+- Provide a kill‑switch env/flag to disable cache sharing when debugging purity issues.
+
+### Package Manager Patterns
+
+- Node (npm/pnpm/yarn):
+  - Volumes: `~/.npm`, `~/.cache/pnpm`, `~/.yarn`, project `.pnpm-store`.
+  - Ensure lockfiles are honored; enable `corepack` where applicable.
+  - Tests: cold vs warm install; lockfile change invalidation.
+
+- Python (pip/pipx/poetry):
+  - Volumes: `~/.cache/pip`, `~/.cache/pipx`, virtualenv directories under project `.venv`.
+  - Pin interpreter from Nix; ensure ABI compatibility.
+  - Tests: wheel reuse, virtualenv isolation, hash mismatch behavior.
+
+- Rust (cargo):
+  - Volumes: `~/.cargo`, `~/.cargo/registry`, `~/.cargo/git`.
+  - Consider `sccache` for compiler outputs; volume for `~/.cache/sccache`.
+  - Tests: build twice, ensure network disabled on second run.
+
+- Go:
+  - Volumes: `~/go/pkg/mod`, `~/.cache/go-build`.
+  - Module proxy configuration via env; verify GOPATH hygiene.
+  - Tests: module reuse and build cache hit rate across rebuilds.
+
+- Java (Maven/Gradle):
+  - Volumes: `~/.m2`, `~/.gradle`.
+  - Ensure Gradle Gradle Enterprise/daemon settings sane for containers.
+  - Tests: offline build viability after warm run.
+
+- System Caches (ccache/sccache):
+  - Volumes: `~/.ccache`, `~/.cache/sccache`.
+  - Configure size limits and compression; record hit/miss metrics.
+
+### Security Considerations
+
+- Treat caches as untrusted inputs when switching branches or contributors; prefer read‑write volumes scoped per project or per user.
+- Do not mount credential stores (e.g., `~/.aws`) as caches; keep those separate and read‑only.
+- Avoid mounting host package manager sockets/daemons unless required.
+
+### Observability
+
+- Expose cache directories and sizes via `aw doctor`.
+- Emit basic metrics (hits/misses) where tools provide them (cargo, sccache).
+
+
diff --git a/docs/nix-devcontainer/test-suite.md b/docs/nix-devcontainer/test-suite.md
@@ -0,0 +1,46 @@
+## Nix Devcontainer — Cache Sharing Test Suite
+
+### Purpose
+
+Validate cache persistence and correctness for supported package managers and toolchains across container rebuilds and typical workflows.
+
+### Test Matrix
+
+- Platforms: Linux, macOS (Docker Desktop), Windows (WSL2)
+- Images: Nix Base, Agents Base, representative project images
+- Package Managers: npm/pnpm/yarn, pip/pipx/poetry, cargo, go, maven/gradle, ccache/sccache
+
+### Scenarios
+
+1) Cold → Warm Install
+   - Cold: clear volumes; install dependencies; record time/size.
+   - Warm: rebuild container; reinstall; expect significant speedup and no network fetches where offline cache applies.
+
+2) Lockfile Change Invalidation
+   - Modify lockfile (add dependency); ensure caches do not cause stale results; verify correct new graph.
+
+3) Toolchain Change
+   - Change Nix devshell tool versions; validate caches with different ABI get invalidated as needed.
+
+4) Concurrent Builds
+   - Run two builds concurrently in separate containers sharing volumes; ensure no corruption.
+
+5) Security Hygiene
+   - Verify no secrets present in cache volumes; permissions are scoped to devcontainer user.
+
+6) Offline Build
+   - Disable network; confirm warm caches enable successful builds where expected (cargo/go/java).
+
+### Measurements
+
+- Wall‑clock durations (cold vs warm)
+- Network requests count/bytes (where observable)
+- Cache sizes before/after
+- Hit/miss metrics (cargo, sccache)
+
+### Automation
+
+- Provide `aw doctor --caches` to print configured mounts and sizes.
+- CI jobs per package manager with synthetic sample projects.
+
+
