feat: Add Nix flake and Devbox support for reproducible builds

[levonk]

What

Adds Nix flake support and Devbox configuration for reproducible builds and development environments.

Why

Nix users cannot currently build or run agentmemory from source without manually managing Node.js and npm outside their declarative configuration. This PR provides a hermetic, reproducible path for both development (nix develop, devbox shell) and distribution (nix run, nix build).

Changes

• flake.nix — Nix flake with:

  • packages.<system>.default: buildNpmPackage derivation
  • apps.<system>.default: runnable agentmemory CLI
  • devShells.default: development shell with nodejs_22
  • overlays.default: for composing into other flakes
  • checks.build: CI verification target

• devbox.json — Devbox environment with nodejs_22, npm, and git

• .gitignore — Track package-lock.json (required for Nix buildNpmPackage), ignore /result symlinks

• README.md — Document nix run, nix build, and nix develop workflows

Verification

nix build .            # produces result/bin/agentmemory
nix run . -- --version # outputs: 0.9.24
nix develop            # npm install && npm test passes
devbox run build       # works
devbox run test        # works

Related Issue
Fixes #730

Summary by CodeRabbit

• Documentation

  • Added Nix and Devbox installation guides with development, build, and local run instructions.

• Chores

  • Added Nix flake-based packaging, devShell and checks for reproducible builds and dev environments.
  • Added Devbox configuration to streamline environment initialization and common scripts.
  • Updated VCS ignore rules to track the primary lockfile, keep other lockfiles ignored, and ignore Nix build result symlinks.

[vercel]

@levonk is attempting to deploy a commit to the rohitg00's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: af79de7f-4d12-42bf-b42a-3a48bd28138f

📥 Commits

Reviewing files that changed from the base of the PR and between 8fe65b0 and d4dded8.

📒 Files selected for processing (3)

• .gitignore
• README.md
• devbox.json

✅ Files skipped from review due to trivial changes (1)

• .gitignore

🚧 Files skipped from review as they are similar to previous changes (2)

• README.md
• devbox.json

---

📝 Walkthrough

Walkthrough

Adds Nix flake and Devbox configurations (flake.nix, devbox.json), extends README with Nix and Devbox install/dev instructions, and updates .gitignore to track package-lock.json while ignoring pnpm-lock.yaml, yarn.lock, and Nix /result symlinks.

Changes

Nix Flake and Devbox Development Environment

Layer / File(s)	Summary
Nix flake configuration for building and developing agentmemory flake.nix	flake.nix defines agentmemory as a buildNpmPackage with a pinned npmDepsHash, applies build options and a postPatch to enable legacy peer deps, disables NPM script execution during the build, and exports packages.default, apps.default, overlays.default, devShells.default, and checks.build.
Devbox configuration for reproducible development shell devbox.json	devbox.json declares required packages (nodejs_22, npm, git), an on_create hook that runs npm install --legacy-peer-deps if node_modules is missing, a shell init_hook welcome message, and shell script aliases for install, build, test, and dev.
Documentation and build artifact management README.md, .gitignore	README.md adds Nix and Devbox installation and development subsections (run/build/dev shell and Devbox init/build steps); .gitignore stops ignoring package-lock.json, keeps ignores for pnpm-lock.yaml and yarn.lock, and adds /result and /result-* Nix build symlink ignores.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through flakes and shell today,

pins set neat, dependencies at bay.
Devbox cradles my npm song,
README guides me steady and strong.
Results tucked, locks kept where they stay.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: adding Nix flake and Devbox support for reproducible builds, which is the primary focus of all modified files.
Linked Issues check	✅ Passed	The PR successfully implements all core requirements from issue #730: flake.nix with packages.default and apps.default, devbox.json for reproducible development, updated README documentation, and .gitignore entries for Nix artifacts.
Out of Scope Changes check	✅ Passed	All changes directly support the stated objectives: flake.nix and devbox.json implementations, .gitignore updates for Nix build artifacts, and README documentation for Nix/Devbox workflows. No unrelated changes detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.gitignore:
- Around line 22-23: The comment about lock files is contradictory: update the
.gitignore comment so it states that lock files are generally not committed but
make a clear exception that package-lock.json is intentionally tracked for the
Nix buildNpmPackage; reference the existing comment text (the two lines about
"Lock files — never commit" and "NOTE: package-lock.json is tracked because it
is required for Nix buildNpmPackage") and rewrite them into a single unambiguous
sentence clarifying the general rule and the explicit exception for
package-lock.json.

In `@devbox.json`:
- Line 13: The devbox "install" script currently runs plain npm install which
differs from the Nix workflow that enables legacy peer deps; update the
"install" entry in devbox.json (the "install" script key) to run npm install
with the same flag used by Nix, e.g. change the command to include
--legacy-peer-deps so Devbox's dependency resolution matches the Nix workflow.

In `@README.md`:
- Around line 133-138: The quick-start sequence currently shows "devbox shell"
then "devbox run build" which can fail on first run due to missing dependencies;
insert "devbox run install" after the "devbox shell" step and before "devbox run
build" (and add a brief note that this installs node_modules for first-time
setups) so first-time builds succeed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8ef83a7b-fa99-4849-bd49-bedce4ef276d

📥 Commits

Reviewing files that changed from the base of the PR and between fd9e3bd and 166fd42.

⛔ Files ignored due to path filters (2)

• flake.lock is excluded by !**/*.lock
• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• .gitignore
• README.md
• devbox.json
• flake.nix

[rohitg00]

you have lot of hard-coded things here

[rohitg00]

do we require lock file here?