nexus-agent-images
A separate repo for the Docker images agents execute inside. Kept separate
because agent images change often and may carry heavy toolchains — keeping them
out of nexus-platform keeps the core clean.
Images
| Image | Toolchain |
|---|---|
nexus-agent-base | git, curl, jq, ripgrep, ca-certificates, openssh-client |
nexus-agent-runner | the compiled nexus-agent-runner binary on top of base |
nexus-agent-rust | rust, cargo, clippy, rustfmt, cargo-nextest, cargo-audit |
nexus-agent-node | node, pnpm, npm, typescript, eslint, playwright |
nexus-agent-python | python, uv, ruff, pytest, mypy |
nexus-agent-devops | kubectl, helm, kustomize, terraform (optional) |
nexus-agent-solana | rust, solana-cli, anchor, node, pnpm, protobuf tools |
Layering
nexus-agent-base
└─ nexus-agent-runner (adds the runner binary)
├─ nexus-agent-rust
├─ nexus-agent-node
├─ nexus-agent-python
├─ nexus-agent-devops
└─ nexus-agent-solana
An agent's runtime.image field selects which image its runs execute inside.
Because the runner is generic, the toolchain image is the only thing that
varies between, say, a Rust implementer and a Python implementer.
Why separate from nexus-platform
- Toolchains are large and change on a different cadence than the orchestration code.
- Security scanning and base-image bumps are isolated.
- The platform repo stays small and fast to build.
Related
- nexus-platform — builds the runner binary
- Technical: nexus-agent-runner