feat(nix): add extraDependencyGroups for sealed venv extras (#21817)

Expose the dependency-groups parameter from python.nix through hermes-agent.nix and the NixOS module, allowing users to opt into pyproject.toml optional extras (e.g. hindsight, voice, matrix) that are resolved by uv inside the sealed venv. Unlike extraPythonPackages (which appends to PYTHONPATH and requires collision checking), extraDependencyGroups resolves the full dependency graph in a single uv pass — no PYTHONPATH patching, no version conflicts, no collision risk. When to use which: - extraDependencyGroups: enable a pyproject.toml optional extra - extraPythonPackages: add an external Python plugin not in pyproject.toml Usage: services.hermes-agent.extraDependencyGroups = [ "hindsight" ]; Or via overlay: pkgs.hermes-agent.override { extraDependencyGroups = [ "hindsight" ]; } Refs: #8873, #9194
2026-05-26 06:01:49 +00:00 · 2026-05-11 12:23:48 +05:30 · 2026-05-11 12:23:48 +05:30 · 5606258855
commit 5606258855
parent d992fd9aaf
4 changed files with 71 additions and 4 deletions
--- a/nix/checks.nix
+++ b/nix/checks.nix
@ -240,6 +240,27 @@ json.dump(sorted(leaf_paths(DEFAULT_CONFIG)), sys.stdout, indent=2)
          echo "ok" > $out/result
        '';

+        # Verify extraDependencyGroups passes through to python.nix
+        extra-dependency-groups = let
+          hermesWithGroups = hermes-agent.override {
+            extraDependencyGroups = [ "honcho" ];
+          };
+        in pkgs.runCommand "hermes-extra-dependency-groups" { } ''
+          set -e
+          echo "=== Checking extraDependencyGroups override evaluates ==="
+
+          # Eval-only: verify the override produces valid derivation paths
+          # without building the full venv (which is expensive and redundant
+          # since the mechanism is just list concatenation into python.nix).
+          echo "derivation: ${hermesWithGroups}"
+          echo "venv: ${hermesWithGroups.hermesVenv}"
+          echo "PASS: extraDependencyGroups override evaluates cleanly"
+
+          echo "=== All extraDependencyGroups checks passed ==="
+          mkdir -p $out
+          echo "ok" > $out/result
+        '';
+
        # ── Config merge + round-trip test ────────────────────────────────
        # Tests the merge script (Nix activation behavior) across 7
        # scenarios, then verifies Python's load_config() reads correctly.