From 36c932a5b3263f28d58245417fb5349a38b4cfc8 Mon Sep 17 00:00:00 2001 From: Hare Date: Sat, 30 May 2026 11:26:32 +0900 Subject: [PATCH] plan: approve lua profile implementation --- .../item.md | 2 +- .../thread.md | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/work-items/open/20260530-022235-lua-profile-authoring/item.md b/work-items/open/20260530-022235-lua-profile-authoring/item.md index 8c2342f6..13ae4305 100644 --- a/work-items/open/20260530-022235-lua-profile-authoring/item.md +++ b/work-items/open/20260530-022235-lua-profile-authoring/item.md @@ -7,7 +7,7 @@ kind: task priority: P1 labels: [manifest, profiles, lua, architecture] created_at: 2026-05-30T02:22:35Z -updated_at: 2026-05-30T02:23:16Z +updated_at: 2026-05-30T02:26:32Z assignee: null legacy_ticket: null --- diff --git a/work-items/open/20260530-022235-lua-profile-authoring/thread.md b/work-items/open/20260530-022235-lua-profile-authoring/thread.md index 57f89fb2..df74bcdd 100644 --- a/work-items/open/20260530-022235-lua-profile-authoring/thread.md +++ b/work-items/open/20260530-022235-lua-profile-authoring/thread.md @@ -28,4 +28,35 @@ Current plan gate: - If the plan respects the boundary, the orchestrator may authorize implementation in the same Pod/worktree. +--- + + + +## Decision + +## Implementation plan accepted with constraints + +The implementation Pod produced a plan for Lua-based reusable Profile authoring. The plan is accepted as the implementation direction, with these constraints: + +- Lua is the primary authoring path for this ticket; Nix is not the primary profile layer. +- Do not keep legacy `.nix` profile evaluation just for compatibility if it complicates the design. Prefer removing/disabling Nix profile resolution from the normal profile selector path, while leaving `--manifest` as the explicit low-level escape hatch. +- Builtin/default must resolve from Lua/Profile or Rust in-process data without external `nix`. +- Public authoring boundary is `profile` / `require("insomnia.profile")`, not public `mkManifest`. +- Controlled `require` is part of the implementation: host virtual `insomnia.*` modules and profile-local modules only; no installed resource path imports. +- Profile may be manifest-like, but runtime-bound or authority-bearing fields such as `pod.name`, concrete `scope.allow`/`scope.deny`, resolved paths, sockets, runtime state, and raw secret material must be rejected or clearly diagnosed. +- Scope in Profile is intent/policy only; concrete authority is resolved against runtime/delegation inputs. +- Model/context-derived compaction can use Lua locals and/or helper policy such as `compact.ratio`, not Nix recursive sets. +- Preserve profile selection semantics where still meaningful: default/builtin/user/project/source-qualified/path selectors and persisted resolved Manifest snapshots. + +Implementation plan summary: + +- Add embedded Lua evaluation in `crates/manifest` using a vendored Lua crate such as `mlua` if dependency/license/build characteristics are acceptable. +- Add a Profile data model that is a reusable manifest-like recipe template and converts into a concrete `PodManifest` only through resolver runtime inputs. +- Add sandboxed Lua evaluation with denied `os`, `io`, `debug`, unrestricted `package`, `dofile`, `loadfile`, and uncontrolled loaders. +- Add host-provided virtual modules such as `insomnia`, `insomnia.profile`, `insomnia.models`, `insomnia.compact`, and `insomnia.scope`. +- Add profile-local controlled `require` with canonical path checks, module cache, and cycle diagnostics. +- Migrate builtin/default from `resources/nix/profiles/default.nix` to a Lua/Profile source or in-process equivalent. +- Add focused tests for builtin/default without external nix, host modules, local require, sandbox denial, invalid Manifest-shaped returns, scope intent resolution, and selector semantics. + + ---