# AI Worker Restricted Access

This module provides restricted access for the AI worker (hermes-agent) to manage the infra repository.

## Security Model

The `ai-worker` user has:

### Filesystem Access
- **Bind mount**: `/home/ai-worker/infra` → `/home/gortium/infra` (read-write)
- **Cannot access**: Any other files outside the bind mount and standard system paths

### Sudo Access (Whitelist Only)
The following commands are allowed via sudo without password:
- `/run/current-system/sw/bin/nh` - NixOS home manager
- `/run/current-system/sw/bin/nixos-rebuild` - System rebuild
- `/run/current-system/sw/bin/nixpkgs-fmt` - Nix formatter
- `/run/current-system/sw/bin/nix` - Nix package manager

### Docker Access
- Member of `docker` group - can manage containers
- Cannot modify host system directly

### Audit Logging
- All changes to `/home/gortium/infra` are logged via Linux audit subsystem
- Audit rule: `-w /home/gortium/infra -p wa -k infra_changes`

## Workflow: Ask First, Always

**CRITICAL**: Before running any deployment command (`nh os switch` or `nixos-rebuild`), the AI MUST:

1. **Show the planned changes** to the user
2. **Explain the impact** of the changes
3. **Wait for explicit confirmation** before executing

### Example Workflow

```bash
# AI prepares changes
cd /home/ai-worker/infra
# ... edits files ...
nixpkgs-fmt .

# AI shows diff to user
git diff

# AI asks: "Ready to deploy? This will restart the ai_stack service."
# User responds: "Yes, proceed"

# Only then does AI run:
sudo nh os switch --flake .#lazyworkhorse
```

## SSH Access

Connect as:
```bash
ssh ai-worker@lazyworkhorse
```

The working directory will be `/home/ai-worker`, with infra repo accessible at `/home/ai-worker/infra`.

## Verification

Check ai-worker permissions:
```bash
# On the host, as root or gortium:
sudo -u ai-worker sudo -l
```

Expected output should show only the whitelisted commands.

## Troubleshooting

If ai-worker cannot access infra:
```bash
# Check bind mount
mount | grep ai-worker/infra

# Check permissions
ls -la /home/gortium/infra
ls -la /home/ai-worker/infra
```

If sudo commands fail:
```bash
# Check sudo rules
sudo cat /etc/sudoers.d/* | grep ai-worker

# Check audit logs
sudo ausearch -k infra_changes
```