refactor: dual-instance setup, remove dead container code
- Make STORE_DIR, DATA_DIR, GROUPS_DIR configurable via env vars (NANOCLAW_STORE_DIR, NANOCLAW_DATA_DIR, NANOCLAW_GROUPS_DIR) for running two instances from one codebase - Remove broken 'both' agent type sequential loop from processGroupMessages - Delete dead code: container-runtime, mount-security, credential-proxy, Dockerfiles, and related config constants (~1,085 lines removed) - Add codex instance launchd plist template
This commit is contained in:
25
src/types.ts
25
src/types.ts
@@ -4,35 +4,12 @@ export interface AdditionalMount {
|
||||
readonly?: boolean; // Default: true for safety
|
||||
}
|
||||
|
||||
/**
|
||||
* Mount Allowlist - Security configuration for additional mounts
|
||||
* This file should be stored at ~/.config/nanoclaw/mount-allowlist.json
|
||||
* and is NOT mounted into any container, making it tamper-proof from agents.
|
||||
*/
|
||||
export interface MountAllowlist {
|
||||
// Directories that can be mounted into containers
|
||||
allowedRoots: AllowedRoot[];
|
||||
// Glob patterns for paths that should never be mounted (e.g., ".ssh", ".gnupg")
|
||||
blockedPatterns: string[];
|
||||
// If true, non-main groups can only mount read-only regardless of config
|
||||
nonMainReadOnly: boolean;
|
||||
}
|
||||
|
||||
export interface AllowedRoot {
|
||||
// Absolute path or ~ for home (e.g., "~/projects", "/var/repos")
|
||||
path: string;
|
||||
// Whether read-write mounts are allowed under this root
|
||||
allowReadWrite: boolean;
|
||||
// Optional description for documentation
|
||||
description?: string;
|
||||
}
|
||||
|
||||
export interface ContainerConfig {
|
||||
additionalMounts?: AdditionalMount[];
|
||||
timeout?: number; // Default: 300000 (5 minutes)
|
||||
}
|
||||
|
||||
export type AgentType = 'claude-code' | 'codex' | 'both';
|
||||
export type AgentType = 'claude-code' | 'codex';
|
||||
|
||||
export interface RegisteredGroup {
|
||||
name: string;
|
||||
|
||||
Reference in New Issue
Block a user