Self-Modification

Design for cowboy agents to modify their own configuration at ~/.config/agent/flake.nix, with safe rollback and PR-gated approval for dangerous changes.

Status

Not implemented. No agent-switch script, generation directory management, config flake self-modification, or PR-gated approval workflow exists in the codebase. The heartbeat mechanism exists in the WASM plugin but serves a different purpose (Zellij timer events for polling).

Concept

The agent maintains a Nix flake as its own configuration. Changes are categorized by risk:

Freely Modifiable (no approval)

  • Tools: Add, remove, or update tool definitions
  • Skills: Modify skill definitions and prompts
  • Scheduled tasks: Add cron-like operations within agent scope
  • Working memory/state: Agent state files

PR-Gated (requires human approval)

  • Permissions: Network access, filesystem paths, execution capabilities
  • Filters: Block patterns, allowed hosts, file size limits
  • Core config: Model selection, API endpoints, heartbeat interval, generation depth
  • System services: Systemd unit changes

Safe Switch Workflow

  1. Agent prepares new configuration
  2. Snapshot current generation to ~/.local/share/agent/generations/
  3. Start heartbeat monitor with 60-second timeout
  4. Apply new config via home-manager switch --flake
  5. Run health check (tools available, skills loaded, filters active)
  6. Send heartbeat confirmation
  7. If no heartbeat within 60s: automatic rollback to previous generation

Configuration Inheritance

The agent's flake inherits security-critical settings from the parent cowboy repository. These cannot be overridden locally:

inherit (parent-config.agentConfig)
  permissions
  filters
  core
  ;

Generation Management

Each config change creates a timestamped generation in ~/.local/share/agent/generations/ with metadata tracking the parent generation, change type, trigger, and confirmation status. Generations are garbage-collected based on configurable retention (keep last N, keep N days, always keep confirmed).

Audit Logging

All switches logged to ~/.local/share/agent/audit.log as structured JSON with events: switch_initiated, switch_confirmed, switch_rolled_back, switch_failed, generation_created/deleted, pr_submitted/approved/rejected.

Rate Limiting

To prevent configuration churn: max 10 switches/hour, 50/day, minimum 60 seconds between switches.

Prerequisites

Implementing this requires:

  • A cowboy NixOS module that provisions the agent flake structure
  • Integration with the existing agent-bridge for PR creation
  • A health check protocol in the WASM plugin
  • Generation directory management tooling