Hare/yoi
1
1
Fork 0
Code Actions Packages Releases Activity
35ac6cb61f
yoi/work-items/open/20260530-022235-lua-profile-authoring/thread.md

5.9 KiB
Raw Blame History

Created

Created by tickets.sh create.

Plan

Ticket preflight

Classification: implementation-ready after implementation Pod plan review.

Requirements are synchronized enough to ask an implementation Pod for a concrete plan, but not enough to skip planning. The Pod must plan first and wait for orchestrator approval before coding.

Current critical risks:

  • Recreating Manifest authoring under another name. Profile may be manifest-like, but runtime-bound and authority-bearing fields (pod.name, concrete scope.allow, resolved paths, secret material, runtime state) must be rejected or diagnosed.
  • Exposing mkManifest as the public normal API. The normal boundary should be profile / insomnia.profile.
  • Implementing uncontrolled Lua require, standard library access, or installed resource path imports.
  • Breaking existing profile selection semantics or resolved Manifest snapshot persistence.
  • Letting Profile express capability expansion instead of scope intent/policy checked by runtime/delegation.

Current plan gate:

  • Implementation Pod must produce a plan covering dependency/crate placement, sandbox, module loading, return contract, Profile data model, resolver integration, builtin/default migration, diagnostics, and tests.
  • If the plan respects the boundary, the orchestrator may authorize implementation in the same Pod/worktree.

Decision

Implementation plan accepted with constraints

The implementation Pod produced a plan for Lua-based reusable Profile authoring. The plan is accepted as the implementation direction, with these constraints:

  • Lua is the primary authoring path for this ticket; Nix is not the primary profile layer.
  • Do not keep legacy .nix profile evaluation just for compatibility if it complicates the design. Prefer removing/disabling Nix profile resolution from the normal profile selector path, while leaving --manifest as the explicit low-level escape hatch.
  • Builtin/default must resolve from Lua/Profile or Rust in-process data without external nix.
  • Public authoring boundary is profile / require("insomnia.profile"), not public mkManifest.
  • Controlled require is part of the implementation: host virtual insomnia.* modules and profile-local modules only; no installed resource path imports.
  • Profile may be manifest-like, but runtime-bound or authority-bearing fields such as pod.name, concrete scope.allow/scope.deny, resolved paths, sockets, runtime state, and raw secret material must be rejected or clearly diagnosed.
  • Scope in Profile is intent/policy only; concrete authority is resolved against runtime/delegation inputs.
  • Model/context-derived compaction can use Lua locals and/or helper policy such as compact.ratio, not Nix recursive sets.
  • Preserve profile selection semantics where still meaningful: default/builtin/user/project/source-qualified/path selectors and persisted resolved Manifest snapshots.

Implementation plan summary:

  • Add embedded Lua evaluation in crates/manifest using a vendored Lua crate such as mlua if dependency/license/build characteristics are acceptable.
  • Add a Profile data model that is a reusable manifest-like recipe template and converts into a concrete PodManifest only through resolver runtime inputs.
  • Add sandboxed Lua evaluation with denied os, io, debug, unrestricted package, dofile, loadfile, and uncontrolled loaders.
  • Add host-provided virtual modules such as insomnia, insomnia.profile, insomnia.models, insomnia.compact, and insomnia.scope.
  • Add profile-local controlled require with canonical path checks, module cache, and cycle diagnostics.
  • Migrate builtin/default from resources/nix/profiles/default.nix to a Lua/Profile source or in-process equivalent.
  • Add focused tests for builtin/default without external nix, host modules, local require, sandbox denial, invalid Manifest-shaped returns, scope intent resolution, and selector semantics.

Review: approve

Approve.

The implementation shifts normal profile authoring from Nix-primary evaluation to embedded Lua/Profile authoring. The public authoring boundary is profile / require("insomnia.profile"); builtin/default resolves without external nix; controlled require supports host virtual modules and profile-local modules; unsafe Lua facilities are denied; runtime-bound and authority-bearing Manifest fields are rejected; and --manifest remains the explicit low-level escape hatch.

Blocker findings: none.

Non-blocking follow-ups:

  • docs/pod-factory.md still contains old ambient manifest cascade wording and should be refreshed later.
  • Unsupported .nix entries in user/project profiles.toml can still appear as selectable entries before failing at resolution with the intended diagnostic.
  • Builtin profile directory scanning currently treats every top-level .lua as a profile, so future helper files should use a convention that avoids accidental selection.
  • Nested reused Manifest structs remain more lenient about unknown fields than Profile top-level validation; stronger profile-specific nested diagnostics can be considered later.

SpawnPod integration timeout assessment:

  • The failing spawn_pod_delegates_scope_and_sends_run timeout appears unrelated to Lua profile authoring. SpawnPod hidden --spawn-config-json takes the direct manifest config path before profile/manifest CLI resolution, and does not invoke ProfileResolver/Lua discovery. Track separately if it remains reproducible.

Validation reviewed:

  • Coder: cargo fmt, git diff --check, cargo test -p manifest, cargo test -p client -p tui, cargo test -p pod --lib --bins passed.
  • Reviewer: cargo test -p manifest passed, 119 tests.

Final verdict: approve.