Skip to content

refnil/opencode-jail-devenv

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 
devenv.lock
devenv.lock
 
 
devenv.nix
devenv.nix
 
 
devenv.yaml
devenv.yaml
 
 

Repository files navigation

opencode-jail-devenv

Status: Alpha - Experimental, may have breaking changes

A devenv module that provides secure sandboxing for the opencode LLM agent using jail.nix. Run AI coding agents safely with restricted filesystem and network access, preventing accidental or malicious system modifications.

Inspired by How I Run LLM Agents in a Secure Nix Sandbox.

Dependencies

Installation

Add to your devenv.yaml:

inputs:
  opencode:
    url: github:refnil/opencode-jail-devenv
  jail-nix:
    url: sourcehut:~alexdavid/jail.nix

imports:
  - opencode

Options

Option Type Default Description
programs.opencode.enable bool false Enable the opencode module
programs.opencode.addProjectPackages bool true Include config.packages in the opencode environment
programs.opencode.basePackages list See below Base packages available to the agent (curl, git, ripgrep, etc.)
programs.opencode.packages list [] Additional custom packages to add
programs.opencode.opencodePackage package pkgs.opencode The opencode package to use
programs.opencode.baseJailCombinators list See below Base sandbox permissions
programs.opencode.jailCombinators list [] Additional sandbox permissions

Default base packages: bashInteractive, curl, wget, jq, git, which, ripgrep, gnugrep, gawkInteractive, ps, findutils, gzip, unzip, gnutar, diffutils

Default jail permissions: network access, timezone info, no new sessions, tmpfs at /tmp, read-write access to ~/.config/opencode, ~/.local/share/opencode, ~/.local/state/opencode, and read-write access to the project root.

Example Configuration

# devenv.nix
{ pkgs, ... }: {
  # Standard Rust environment - this compiler is automatically included
  # in the opencode jail through addProjectPackages = true
  languages.rust.enable = true;
  languages.rust.channel = "stable";

  programs.opencode = {
    enable = true;

    # Packages only available inside the jail - analysis and management tools
    packages = with pkgs; [
      cargo-expand     # Expand macros to see generated code
      cargo-edit       # Add/remove dependencies via CLI
      cargo-tree       # Visualize dependency tree
    ];

    # Share cargo registry cache between host and jail for faster builds
    jailCombinators = with pkgs.jail.combinators; [
      (rw-bind "~/.cargo/registry" "~/.cargo/registry")
    ];
  };
}

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages