feat: add --snapshot and --nfs-opts flags#66
Merged
jamestexas merged 4 commits intomainfrom Mar 5, 2026
Merged
Conversation
--snapshot copies .db sources to a temp file before mounting, providing true isolation (the agent reads a snapshot, not the live source DB). Non-.db paths already snapshot implicitly (MemoryStore or temp index). --nfs-opts lets users append custom NFS mount options (e.g. rsize,wsize) to the defaults. Refactors BuildMountOpts as a testable exported function. Public mount.Options struct added so external consumers (x-ray) can pass NFS options through mount.NFS(). Breaking: mount.NFS() now takes *Options as third arg (pass nil for defaults). Signed-off-by: jamestexas <18285880+jamestexas@users.noreply.github.com>
jamestexas
force-pushed
the
feat/snapshot-nfs-opts
branch
from
f6c80c5 to
8658650
Compare
--snapshot now copies both .db files AND source directories to temp before mounting. Directory copy skips .git, node_modules, target, etc. Write-back in agent mode now splices into the snapshot copy, not the original source files — true sandbox isolation. --agent now implies --snapshot by default, so agent mode always operates on a copy. The snapshot is cleaned up on unmount. Signed-off-by: jamestexas <18285880+jamestexas@users.noreply.github.com>
1. Writable snapshots preserved on unmount (agent edits survive). Prints diff/rsync/discard commands. Read-only snapshots still auto-cleaned. 2. agentMetadata.Source updated to snapshot path after copy, so PROMPT.txt shows the sandbox path, not the original source. 3. --snapshot=false overrides agent mode default (uses cmd.Flags().Changed to detect explicit user intent). 4. NFS server binds to 127.0.0.1 (was 0.0.0.0). SECURITY.md documents NullAuthHandler and localhost-only scope. 5. dirSize() warns before copying directories >1GB. Shared shouldSkipDir() keeps skip lists in sync between copyDir/dirSize. 6. --snapshot help text documents non-atomic copy limitation. Bonus: mache clean now removes orphaned snapshots (snap-<PID>-* where PID is dead). Signed-off-by: jamestexas <18285880+jamestexas@users.noreply.github.com>
The prompt now explicitly explains "do this, not that" — agents should read source files per-construct, not cat entire .go files. Includes: - Table-based quick reference for common commands - Clear "do/don't" section to override cat-the-whole-file habits - Snapshot sandbox context: tells agent it's on an isolated copy - Mode displayed as "Writable (snapshot sandbox)" not just "true" - Editing workflow as numbered steps with diagnostics check Signed-off-by: jamestexas <18285880+jamestexas@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--snapshot: copies.dbsources to temp before mounting for true sandbox isolation (non-.dbpaths already snapshot implicitly)--nfs-opts: appends custom NFS mount options to defaults (e.g.rsize=32768,wsize=32768)mount.Optionsstruct added to public API so external consumers can pass NFS optionsBreaking
mount.NFS()now takes*Optionsas third arg — passnilfor defaults. x-ray needs a one-liner update.Test plan
BuildMountOpts(darwin/linux, writable, extra opts, unsupported OS)task test)mache --snapshot -d foo.db /tmp/mntmounts from temp copy🤖 Generated with Claude Code