{ config, lib, pkgs, inputs, ... }: let # sisyphus/oracle/prometheus → default/slow/plan = opus # librarian/explore/quick → smol/commit = haiku ompSettings = { modelRoles = { default = "anthropic/claude-opus-4-7:high"; smol = "anthropic/claude-haiku-4-5:low"; slow = "anthropic/claude-opus-4-7:xhigh"; plan = "anthropic/claude-opus-4-7:high"; commit = "anthropic/claude-haiku-4-5:low"; }; }; # provider config — secrets read at eval time via builtins.readFile # (omp treats apiKey as env-var-name-or-literal, not a shell command) ompModels = { providers = { openrouter = { apiKey = lib.strings.trim (builtins.readFile ../../secrets/home/openrouter_api_key); }; "llama.cpp" = { baseUrl = "https://llm.sigkill.computer"; apiKey = lib.strings.trim (builtins.readFile ../../secrets/home/llama_cpp_api_key); api = "openai-responses"; authHeader = true; discovery.type = "llama.cpp"; }; }; }; # Pull Google's official agent-skills (github:android/skills, Apache 2.0). # The upstream tree nests skills as //SKILL.md (build/agp/…, # jetpack-compose/migration/…, performance/r8-analyzer, etc.). omp expects a # flat layout, so we walk the tree, find every SKILL.md, and mount each # parent directory at ~/.omp/agent/skills//. Every leaf basename # in upstream is unique, so flattening is lossless. New skills upstream show # up automatically on `nix flake update --input-name android-skills`. findSkillDirs = path: let entries = builtins.readDir path; hasSkillMd = builtins.pathExists (path + "/SKILL.md"); subdirs = lib.filterAttrs (_: t: t == "directory") entries; recurse = lib.concatLists (lib.mapAttrsToList (n: _: findSkillDirs (path + "/${n}")) subdirs); in if hasSkillMd then [ path ] else recurse; androidSkillFiles = lib.listToAttrs ( map ( dir: lib.nameValuePair ".omp/agent/skills/${builtins.unsafeDiscardStringContext (baseNameOf dir)}" { source = dir; } ) (findSkillDirs inputs.android-skills) ); # ghidrecomp: command-line Ghidra decompiler. Required by pyghidra-mcp, # not in nixpkgs as of now. ghidrecomp = pkgs.python3Packages.buildPythonPackage rec { pname = "ghidrecomp"; version = "0.5.9"; pyproject = true; src = pkgs.python3Packages.fetchPypi { inherit pname version; hash = "sha256-ocluLUic2qMREO7kXWum8l3VZ/parj/WtQ9JgOood6I="; }; nativeBuildInputs = [ pkgs.python3Packages.setuptools ]; propagatedBuildInputs = [ pkgs.python3Packages.pyghidra ]; pythonImportsCheck = [ "ghidrecomp" ]; meta = { description = "Python command-line Ghidra decompiler"; homepage = "https://github.com/clearbluejar/ghidrecomp"; license = lib.licenses.mit; }; }; # pyghidra-mcp: headless MCP server exposing Ghidra analysis primitives over # the Model Context Protocol (clearbluejar/pyghidra-mcp). Replaces the # better-known LaurieWired/GhidraMCP which has been stale since mid-2025. # Pure-Python via pyghidra/jpype — no Ghidra GUI required. pyghidra-mcp = pkgs.python3Packages.buildPythonApplication rec { pname = "pyghidra-mcp"; version = "0.2.2"; pyproject = true; src = pkgs.python3Packages.fetchPypi { pname = "pyghidra_mcp"; inherit version; hash = "sha256-d3I9TP+OkLu6lU2994PR+77vIqB+4z8pHkHl56GNreY="; }; nativeBuildInputs = [ pkgs.python3Packages.hatchling ]; propagatedBuildInputs = with pkgs.python3Packages; [ pyghidra mcp click click-option-group chromadb ghidrecomp ]; # pyghidra discovers the Ghidra install via GHIDRA_INSTALL_DIR; bake it in # at the wrapper level so the agent doesn't need to set it. makeWrapperArgs = [ "--set" "GHIDRA_INSTALL_DIR" "${pkgs.ghidra}/lib/ghidra" ]; pythonImportsCheck = [ "pyghidra_mcp" ]; meta = { description = "Python command-line Ghidra MCP server"; homepage = "https://github.com/clearbluejar/pyghidra-mcp"; license = lib.licenses.mit; mainProgram = "pyghidra-mcp"; }; }; # Browser path for the playwright skill body. playwrightChromium = let browsers = pkgs.playwright-driver.browsers; chromiumDir = builtins.head ( builtins.filter (n: builtins.match "chromium-[0-9]+" n != null) ( builtins.attrNames browsers.passthru.entries ) ); in { browsers = "${browsers}"; chrome = "${browsers}/${chromiumDir}/chrome-linux64/chrome"; }; in { home.packages = [ inputs.llm-agents.packages.${pkgs.stdenv.hostPlatform.system}.omp pyghidra-mcp ]; home.file = androidSkillFiles // { # main settings: ~/.omp/agent/config.yml (JSON is valid YAML) ".omp/agent/config.yml".text = builtins.toJSON ompSettings; # model/provider config: ~/.omp/agent/models.yml ".omp/agent/models.yml".text = builtins.toJSON ompModels; # MCP server config: ~/.omp/agent/mcp.json # OMP discovers servers from this file at startup. The ghidra entry below # spawns pyghidra-mcp on stdio when the agent invokes any of its tools. ".omp/agent/mcp.json".text = builtins.toJSON { "$schema" = "https://raw.githubusercontent.com/can1357/oh-my-pi/main/packages/coding-agent/src/config/mcp-schema.json"; mcpServers = { ghidra = { command = lib.getExe pyghidra-mcp; args = [ "--transport" "stdio" ]; }; }; }; # global instructions loaded at startup ".omp/agent/AGENTS.md".text = '' You are an intelligent and observant agent. If instructed to commit, disable gpg signing. You are on nixOS, if you don't have access to a tool, you can access it via the `nix-shell` command. ## Think deeply about everything. When given a problem, break it down, abstract it out, understand the fundamentals, then solve it in the real world. ## Misc For long-running commands, make sure you set the timeout of the Bash tool provided to a larger value. Do NOT read secret files. Do not directly read files that are api keys or are contextually sensitive. ## Behavior Do not be sycophantic in your responses. Do not use emojis unless explicitly asked to. This includes in code. Use Test Driven Development methodology. ## Nix For using `nix build` append `-L` to get better visibility into the logs. If you get an error that a file can't be found, always try to `git add` the file before trying other troubleshooting steps. Never `grep` or `find` over the entire `/nix/store`, this is wasteful and will usually turn up weird results or will timeout. ## Implementation When sketching out an implementation of something, always look for tools that already exist in the space first before implementing something custom. This is also the case when it comes to submodules and sections of code, I don't want you to implement things in-house when it isn't needed. ''; ".omp/agent/skills/android-ui/SKILL.md".text = '' --- name: android-ui description: Android UI automation via ADB. Use for any Android device interaction, UI testing, screenshot analysis, element coordinate lookup, and gesture automation. --- # Android UI ## 1. Taking Screenshots ``` adb exec-out screencap -p > /tmp/screen.png ``` Captures the current screen state as a PNG image. ## 2. Analyzing Screenshots Read the screenshot file to understand the current screen state and identify UI elements. ## 3. Getting Precise Element Coordinates UI Automator dump - extracts the full UI hierarchy as XML: ``` adb shell uiautomator dump /sdcard/ui.xml && adb pull /sdcard/ui.xml /tmp/ui.xml ``` Then grep for specific elements: ```sh # Find by text grep -oP 'text="Login".*?bounds="[^"]*"' /tmp/ui.xml # Find by class grep -oP 'class="android.widget.EditText".*?bounds="[^"]*"' /tmp/ui.xml ``` Bounds format: `[left,top][right,bottom]` — tap center: `((left+right)/2, (top+bottom)/2)` ## 4. Tapping Elements ``` adb shell input tap X Y ``` Where X, Y are pixel coordinates from the bounds. ## 5. Text Input ``` adb shell input text "some_text" ``` Note: Special characters need escaping (`\!`, `\;`, etc.) ## 6. Other Gestures ```sh # Swipe/scroll adb shell input swipe startX startY endX endY duration_ms # Key events adb shell input keyevent KEYCODE_BACK adb shell input keyevent KEYCODE_ENTER ``` ## 7. WebView Limitation - UI Automator can see WebView content if accessibility is enabled - Touch events on iframe content (like Cloudflare Turnstile) often fail due to cross-origin isolation - Form fields in WebViews work if you get exact bounds from the UI dump ## Typical Flow 1. Take screenshot → analyze it (get rough layout) 2. Dump UI hierarchy → grep for exact element bounds - NEVER ASSUME COORDINATES. You must ALWAYS check first. - Do this before ANY tap action as elements on the screen may have changed. 3. Calculate center coordinates from bounds 4. Tap/interact 5. Wait → screenshot → verify result ''; # omp has a built-in browser tool with NixOS auto-detection, # but this skill provides playwright MCP as a supplementary option ".omp/agent/skills/playwright/SKILL.md".text = '' --- name: playwright description: Browser automation via Playwright MCP. Use as an alternative to the built-in browser tool for Playwright-specific workflows, testing, and web scraping. Chromium is provided by NixOS. --- # Playwright ## Browser Setup Chromium is provided by NixOS. Do NOT attempt to download browsers. - Chromium path: `${playwrightChromium.chrome}` - Browsers path: `${playwrightChromium.browsers}` ## Usage Launch the Playwright MCP server for browser automation: ```bash npx @playwright/mcp@latest --executable-path "${playwrightChromium.chrome}" --user-data-dir "${config.home.homeDirectory}/.cache/playwright-mcp" ``` Set these environment variables if not already set: ```bash export PLAYWRIGHT_BROWSERS_PATH="${playwrightChromium.browsers}" export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 ``` ''; ".omp/agent/skills/ghidra/SKILL.md".text = '' --- name: ghidra description: Static binary reverse engineering via the Ghidra MCP server (pyghidra-mcp). Use for analyzing compiled binaries (Windows .exe, Linux ELF, Mach-O, .NET, JVM, raw firmware blobs) when you need decompiled C-pseudocode, function-level analysis, string searches inside .rdata, cross-references to imported APIs, or call-graph navigation. --- # Ghidra (via pyghidra-mcp) A headless MCP server is configured at `mcpServers.ghidra` in `~/.omp/agent/mcp.json` and binds Ghidra's analysis engine to MCP tools you can call directly. The Ghidra install lives at `''${pkgs.ghidra}/lib/ghidra`; pyghidra-mcp picks it up via the GHIDRA_INSTALL_DIR env var that's wired into the binary's wrapper. ## When to use this - Static analysis of any compiled binary you have on disk. - Finding the decision logic behind an observed runtime behavior, when the source isn't available. - Extracting embedded tables/constants from `.rdata`/`.data` sections. - Discovering which APIs (libc, OS, vendor SDKs) a binary imports and where it calls them. - Recovering structures, function signatures, and type information from a stripped binary. ## Workflow The first invocation imports a binary into a fresh Ghidra project and runs auto-analysis (10-90 minutes depending on size). Subsequent calls hit the cached project and are fast. Typical exploration sequence for a stripped binary: 1. `list_strings(filter="")` to find string literals related to the behavior you're investigating. 2. `list_imports()` filtered for the API surface you care about (e.g. HID, networking, crypto) to find call sites. 3. `get_xrefs_to()` to surface every function that touches the symbol. 4. `decompile_function_by_address()` to read C-pseudocode. 5. `set_decompiler_comment` and `rename_function` as you identify components, so the database remembers your findings across calls. ## Loading a binary Drop the binary somewhere readable (don't commit to git — size + often proprietary) and pass the absolute path to pyghidra-mcp's import tool. Auto-analysis runs once; the project database persists in `~/.cache/pyghidra-mcp/` so re-invocations are fast. ## What this is NOT for - Dynamic / runtime analysis — use a debugger, usbmon/strace, or a protocol sniffer for that. - Encrypted/DRM-protected binaries — out of scope without the keys. - Network-traffic decoding on the wire — separate tooling. Reverse engineering for interoperability, security research, and bug-fix purposes is permitted under DMCA §1201(f) and analogous EU provisions. Don't share decrypted or cracked binaries. ''; }; }