Skip to content

Add bubblewrap path for running Nimi#14

Open
baileylu121 wants to merge 20 commits intobaileylu/restrict-systemsfrom
baileylu/bubblewrap
Open

Add bubblewrap path for running Nimi#14
baileylu121 wants to merge 20 commits intobaileylu/restrict-systemsfrom
baileylu/bubblewrap

Conversation

@baileylu121
Copy link
Contributor

@baileylu121 baileylu121 commented Jan 28, 2026
edited by cursor bot
Loading

Add Sandbox Feature Using Bubblewrap

This PR introduces a lightweight sandbox runner via mkBwrap that uses bubblewrap to run services in an isolated environment without requiring container runtimes like Docker or Podman.

The sandbox offers:

  • Isolated filesystem with tmpfs mounts and selective read-only binds
  • Environment variables and working directory configuration
  • Namespace isolation (user, PID, UTS, IPC, cgroup)
  • Read-only access to the Nix store for dependencies
  • Writable tmpfs directories for runtime data

Added:

  • Documentation in docs/sandbox.md with examples and comparison to containers
  • Simple Redis example in examples/sandboxed.nix
  • Test case to verify sandbox environment isolation
  • New settings.bubblewrap module with comprehensive configuration options
  • Implementation in nix/lib.nix that wraps the nimi binary in bubblewrap
  • New public API to guarantee that the nimi module only gets evaluated once

The sandbox requires Linux with user namespace support and is marked as incompatible with Darwin systems.

Note

Medium Risk
Introduces a new mkBwrap execution path that changes how services can be launched (bubblewrap namespaces/mounts) and adds new module options/tests; misconfiguration could break runtime behavior on Linux or in CI.

Overview
Adds a new Bubblewrap-based sandbox runner (mkBwrap/mkBwrapWithConfig) that wraps the generated nimi runner in bwrap, with a new settings.bubblewrap module to configure mounts, env vars, working dir, and namespace/unshare flags (and marks the sandbox as unsupported on Darwin).

Refactors the Nix API to avoid double module evaluation by introducing mkNimiBinWithConfig and mkContainerImageWithConfig, and updates container defaults to set imageConfig.WorkingDir to /root.

Includes new docs (docs/sandbox.md + SUMMARY entry), a minimal sandboxed Redis example, a NixOS test validating env/chdir/tmpfs behavior, and updates flake.lock plus a small clap import cleanup in src/cli.rs.

Written by Cursor Bugbot for commit 8073c24. This will update automatically on new commits. Configure here.

@baileylu121 Graphite App
Copy link
Contributor Author

baileylu121 commented Jan 28, 2026

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

@baileylu121 baileylu121 mentioned this pull request Jan 28, 2026
Open
@baileylu121 baileylu121 changed the title First pass on a bubblewrap based sandbox Run nimi configs inside a bubblewrap wrapper Jan 28, 2026
@github-actions
Copy link

github-actions bot commented Jan 28, 2026
edited
Loading

PR Preview Action v1.8.1

QR code for preview link

🚀 View preview at
https://weyl-ai.github.io/nimi/pr-preview/pr-14/

Built to branch gh-pages at 2026-01-29 19:00 UTC.
Preview will be ready when the GitHub Pages deployment is complete.

@baileylu121 baileylu121 marked this pull request as ready for review January 28, 2026 18:05
graphite-app[bot]
graphite-app bot reviewed Jan 28, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 28, 2026
View reviewed changes
@baileylu121 baileylu121 marked this pull request as draft January 28, 2026 18:20
@baileylu121 baileylu121 marked this pull request as ready for review January 28, 2026 19:05
@baileylu121 baileylu121 changed the title Run nimi configs inside a bubblewrap wrapper Add a new bubblewrap path for running nimi Jan 28, 2026
@baileylu121 baileylu121 changed the title Add a new bubblewrap path for running nimi Add bubblewrap path for running Nimi Jan 28, 2026
cursor[bot]
cursor bot reviewed Jan 28, 2026
View reviewed changes
graphite-app[bot]
graphite-app bot reviewed Jan 28, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 28, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 28, 2026
View reviewed changes
graphite-app[bot]
graphite-app bot reviewed Jan 28, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 28, 2026
View reviewed changes
@baileylu121 baileylu121 requested a review from b7r6 January 28, 2026 20:10
@baileylu121 baileylu121 force-pushed the baileylu/bubblewrap branch 2 times, most recently from 6d5bc1a to 1d25ce9 Compare January 29, 2026 16:16
cursor[bot]
cursor bot reviewed Jan 29, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 29, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 29, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@b7r6 b7r6 Awaiting requested review from b7r6

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@baileylu121