nix-agent
mcp
Fail
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in install-skill.sh
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool is a local MCP server that automates NixOS system management. It allows an AI agent to read local files, apply configuration patches, format Nix files, and execute system rebuilds.
Security Assessment
Risk: High. The tool fundamentally requires highly privileged shell command execution. It is designed to modify local files and explicitly runs `nixos-rebuild switch`, which alters the core operating system state. If guided poorly by an AI host, it could make destructive changes to your system. Additionally, the automated rule-based scan failed because the companion installation script (`install-skill.sh`) contains a recursive force deletion command (`rm -rf`). While this deletion is likely just meant for cleaning up temporary installation directories, the presence of forceful removal scripts warrants manual code review before execution. No hardcoded secrets or dangerous network requests were detected, but the local execution capabilities are extensive.
Quality Assessment
The project is very new and highly experimental. It has an MIT license and is actively maintained, with repository pushes occurring as recently as today. However, it suffers from extremely low visibility, having only 7 GitHub stars. It lacks a broad base of community trust, which means unidentified bugs or security edge cases are highly likely.
Verdict
Use with extreme caution. Only deploy this if you fully understand the NixOS rebuild process and accept the risks of experimental, root-level OS automation.
This tool is a local MCP server that automates NixOS system management. It allows an AI agent to read local files, apply configuration patches, format Nix files, and execute system rebuilds.
Security Assessment
Risk: High. The tool fundamentally requires highly privileged shell command execution. It is designed to modify local files and explicitly runs `nixos-rebuild switch`, which alters the core operating system state. If guided poorly by an AI host, it could make destructive changes to your system. Additionally, the automated rule-based scan failed because the companion installation script (`install-skill.sh`) contains a recursive force deletion command (`rm -rf`). While this deletion is likely just meant for cleaning up temporary installation directories, the presence of forceful removal scripts warrants manual code review before execution. No hardcoded secrets or dangerous network requests were detected, but the local execution capabilities are extensive.
Quality Assessment
The project is very new and highly experimental. It has an MIT license and is actively maintained, with repository pushes occurring as recently as today. However, it suffers from extremely low visibility, having only 7 GitHub stars. It lacks a broad base of community trust, which means unidentified bugs or security edge cases are highly likely.
Verdict
Use with extreme caution. Only deploy this if you fully understand the NixOS rebuild process and accept the risks of experimental, root-level OS automation.
Agent MCP server + skill for managing your NixOS system
README.md
nix-agent
nix-agent is a local MCP server for trusted NixOS automation.
It works alongside mcp-nixos:
nix-agenthandles local inspection, patching, validation, and switchingmcp-nixoshandles package and option discovery
NOTE: This is experimental and a work in progress. Feedback and contributions are very welcome.
What you get
- a runnable stdio MCP server
- a Nix flake package and app
- a NixOS module at
nixosModules.default - a companion agent skill in
skills/nix-agent/ - example MCP host configs in
examples/
One-shot agent install
Paste this to a capable coding agent (Claude Code, opencode, etc.) and it will do the install for you:
Read https://raw.githubusercontent.com/JEFF7712/nix-agent/main/docs/agent-install.md and follow every step to install nix-agent on this NixOS system, install the companion skill, and register nix-agent in my MCP settings for this machine.
Fast install
Add this flake input and module to your NixOS config:
{
inputs.nix-agent.url = "github:JEFF7712/nix-agent";
outputs = { nixpkgs, nix-agent, ... }: {
nixosConfigurations.my-host = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nix-agent.nixosModules.default
({ ... }: {
programs.nix-agent.enable = true;
})
];
};
};
}
Then rebuild:
sudo nixos-rebuild switch --flake .#my-host
That installs the nix-agent binary.
MCP host config
Point your MCP host at:
{
"mcpServers": {
"nix-agent": {
"command": "nix-agent",
"args": []
}
}
}
See examples/claude-code-mcp.json and examples/opencode-mcp.json.
Companion skill
Install or copy skills/nix-agent/ into your agent's skill directory.
Quick install:
./install-skill.sh opencode
The MCP exposes the tools. The skill teaches the correct workflow.
Tool surface
nix-agent exposes two tools:
inspect_state(path)— read a local file.apply_patch_set(patch_set, flake_uri=None)— write eachPatch(path, content), format any.nixfiles, and (whenflake_uriis given) runnixos-rebuild dry-activatethenswitch. Returnschanged_files,rollback_generation,current_generation, command outputs, and astatus.
mcp-nixos handles package and option discovery.
Basic workflow
- If you need package or option info, query
mcp-nixosfirst. - Build a
PatchSetofPatch(path, content)entries. - Call
apply_patch_set(patch_set, flake_uri="/etc/nixos#hostname"). - If anything looks wrong, recover with
sudo nixos-rebuild switch --rollback. The response includesrollback_generationfor reference.
Verification
pytest
nix build .#default
nix flake check
Design notes
nix-agentdeliberately does not ship an in-MCP approval gate. Path restrictions belong in the host's permission system (e.g. Claude Code's allow/deny lists), and rollback safety belongs to Nix generations. Re-implementing either inside the MCP just adds friction without improving safety.- Do not write secret payloads through patches — reference secrets via
sops-nixoragenix. - v1 assumes a trusted local environment.
- Fully non-interactive apply requires privileged automation; see
docs/privileged-automation.md.
More detail
- release notes:
docs/releases/v0.1.0.md - skill docs:
skills/nix-agent/SKILL.md - examples:
examples/
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found