phaseflow/flake.nix

# ABOUTME: Nix flake for PhaseFlow development environment and Docker build.
# ABOUTME: Provides Node.js 24, pnpm, turbo, lefthook, and Docker image output.
{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  inputs.playwright-web-flake.url = "github:pietdevries94/playwright-web-flake/1.56.1";

  outputs = { nixpkgs, playwright-web-flake, ... }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      playwright-driver = playwright-web-flake.packages.${system}.playwright-driver;

      # Custom Python package: garth (not in nixpkgs)
      garth = pkgs.python3Packages.buildPythonPackage {
        pname = "garth";
        version = "0.5.21";
        src = pkgs.fetchPypi {
          pname = "garth";
          version = "0.5.21";
          sha256 = "sha256-jZeVldHU6iOhtGarSmCVXRObcfiG9GSQvhQPzuWE2rQ=";
        };
        format = "pyproject";
        nativeBuildInputs = [ pkgs.python3Packages.hatchling ];
        propagatedBuildInputs = with pkgs.python3Packages; [
          pydantic
          requests-oauthlib
          requests
        ];
        doCheck = false;
      };

      # Python with garth for Garmin auth scripts
      pythonWithGarth = pkgs.python3.withPackages (ps: [ garth ]);

      # Common packages for development
      commonPackages = [
        pkgs.nodejs_24
        pkgs.pnpm
        pkgs.git
        pkgs.pocketbase
        pythonWithGarth
      ];
    in {
      # Docker image for production deployment
      packages.${system} = {
        dockerImage = import ./docker.nix { inherit pkgs; };
        default = import ./docker.nix { inherit pkgs; };
      };

      devShells.${system} = {
        # Default development shell with all tools
        default = pkgs.mkShell {
          packages = commonPackages ++ [
            pkgs.turbo
            pkgs.lefthook
            playwright-driver
          ];

          # For native modules (sharp, better-sqlite3, etc.)
          LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [ pkgs.stdenv.cc.cc ];

          # Playwright browser configuration for NixOS (from playwright-web-flake)
          PLAYWRIGHT_BROWSERS_PATH = "${playwright-driver.browsers}";
          PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD = "1";
        };

        # Ralph sandbox shell with minimal permissions
        # Used for autonomous Ralph loop execution
        ralph = pkgs.mkShell {
          packages = commonPackages ++ [
            playwright-driver
          ];

          # Restrictive environment for sandboxed execution
          shellHook = ''
            echo "🔒 Ralph Sandbox Environment"
            echo "   Limited to: nodejs, pnpm, git, playwright"
            echo ""
          '';

          # For native modules
          LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [ pkgs.stdenv.cc.cc ];

          # Playwright browser configuration for NixOS (from playwright-web-flake)
          PLAYWRIGHT_BROWSERS_PATH = "${playwright-driver.browsers}";
          PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD = "1";
        };
      };
    };
}