nix-darwin/AGENTS.md

Repository Guidelines

Project Structure & Module Organization

This repository is a declarative macOS setup built with Nix flakes, flake-parts, and a dendritic aspect layout.

• flake.nix and flake.lock: flake entrypoint and pinned inputs.
• modules/flake/: flake assembly, repo options, shared context modules, and darwinConfigurations generation.
• modules/aspects/: public aspect entry modules auto-discovered with import-tree. Each aspect may expose flake.modules.darwin.<feature> and/or repo.homeModules.<feature>.
• modules/aspects/_*/: private implementation trees intentionally excluded from import-tree. Import these manually from the owning aspect to keep each feature plug-and-play and in control of its own composition surface.
• hosts/: auto-discovered host declarations that register repo.hosts.<hostname>.system and a flat features list.
• secrets/ and .sops.yaml: encrypted SOPS files and path rules.
• Justfile: day-to-day contributor commands.

Prefer adding a new focused aspect in modules/aspects/ and keeping host files thin. Put reusable internals under a sibling _/ tree and wire them in explicitly from the public aspect entry module.

Build, Test, and Development Commands

Use just as the primary interface:

• just darwin <hostname>: build and switch to the current host (ex: fenrir).
• just darwin-debug <hostname>: same as above with verbose trace output.
• just fmt .: format Nix files from the repository root via nix fmt (Alejandra).
• just up: update all flake inputs.
• just upp <input>: update one input (example: just upp nixpkgs).
• just history, just clean, just gc: inspect and prune Nix generations/store.

For validation without switching, run: nix build .#darwinConfigurations.fenrir.system --extra-experimental-features 'nix-command flakes'.

For dependency-graph validation without realizing a full build, run: nix build .#darwinConfigurations.fenrir.system --dry-run --extra-experimental-features 'nix-command flakes'.

Coding Style & Naming Conventions

• Use 2-space indentation in .nix files and keep attribute sets readable.
• Run just fmt . before committing; formatter is defined in flake.nix (alejandra).
• Name aspect and helper files in lowercase kebab-case.
• Keep public aspect filenames aligned with the feature names referenced from repo.hosts.<hostname>.features.
• Keep host files declarative and small: they should select features, not carry large implementation blocks.
• Use imports inside private _*/ trees to compose internals, but expose the aspect itself through one public entry module in modules/aspects/.

Testing Guidelines

There is no dedicated unit-test suite in this repo. Treat evaluation/build as the test gate:

• Run just fmt ..
• Run nix build .#darwinConfigurations.fenrir.system.
• Use nix build .#darwinConfigurations.fenrir.system --dry-run for a quick validation pass when you only need evaluation and dependency resolution.
• Use just darwin-debug <hostname> when diagnosing evaluation/runtime issues.

Document manual verification for user-facing changes (shell, terminal, window manager, app defaults, Homebrew behavior).

Commit & Pull Request Guidelines

Commit history follows Conventional Commit style: feat:, fix:, refactor:, style:.

• Keep subject lines imperative and concise.
• Scope each commit to one logical change.
• In PRs, include: summary, affected modules/paths, command output used for validation, and any relevant screenshots for UI changes (for example WezTerm/AeroSpace behavior).

Security & Configuration Tips

• Never commit plaintext secrets.
• Store secrets only in secrets/*.yaml and manage keys/rules in .sops.yaml.
• .sops.yaml currently matches secrets/.*\.yaml$; keep new secret files within that pattern or update the rule before committing.
• If adding new secret-backed modules, continue reading from encrypted files via the secrets aspect rather than hardcoding credentials into aspect modules.