Record provenance for unlocked inputs and impure evaluations

[edolstra]

Motivation

Example output of nix provenance show:

/tmp/nix-shell.c1UHuB/nix-test/flakes/provenance/store/p823ak1m2pg2narq0mby78pys5v7y63v-simple
← built from derivation /tmp/nix-shell.c1UHuB/nix-test/flakes/provenance/store/ckzp98sn9ck87gmrsivi6dki6wi8q0lr-simple.drv (output out) on test-host for x86_64-linux
← with derivation metadata
    Licenses:
        - lgpl21
← impurely instantiated from unlocked flake output git+file:///tmp/nix-shell.c1UHuB/nix-test/flakes/provenance/flake1#packages.x86_64-linux.default

Context

Summary by CodeRabbit

• New Features

  • Provenance tracking now includes purity and lock status indicators for flake sources
  • Enhanced provenance display output shows whether flakes and sources are locked or unlocked

• Tests

  • Updated test cases to validate new provenance metadata and display formatting

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

This PR extends flake provenance tracking to record and propagate a "pure" attribute alongside existing provenance data. Changes span constructor signatures, serialization logic, display formatting, and test expectations to consistently track evaluation purity across the provenance chain.

Changes

Cohort / File(s)	Summary
Provenance Data Model src/libflake/include/nix/flake/provenance.hh, src/libflake/provenance.cc	Added pure boolean member to FlakeProvenance struct and updated constructor to accept and initialize this parameter. Updated JSON serialization/deserialization to include optional "pure" field (defaults to true).
Provenance Creation src/libcmd/installable-flake.cc, src/libfetchers/fetchers.cc	Modified InstallableFlake::makeProvenance to unconditionally pass evalSettings.pureEval to FlakeProvenance constructor. Simplified Input::getAccessorUnchecked to eliminate conditional branching on lock status when assigning accessor->provenance.
Provenance Display src/nix/provenance.cc	Updated output formatting for FlakeProvenance and TreeProvenance paths to include "unlocked" indicators and leading status segments reflecting impurity and lock status in log messages.
Test Expectations tests/functional/flakes/provenance.sh	Extended test cases to assert non-null provenance for builders and outputs, and updated expected provenance structures and display output to reflect richer metadata including purity and lock status indicators.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• DeterminateSystems/nix-src#340: Registers/deserializes FlakeProvenance through constructor calls that require reconciliation with the updated constructor signature adding the pure parameter.

Suggested labels

flake-regression-test

Suggested reviewers

• cole-h
• grahamc

Poem

🐰 A flake's purity now tracked with care,
Through provenance chains, the truth laid bare,
No more locked gates or hidden ways—
Pure evaluation marks the days! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately reflects the main change: adding provenance recording for unlocked inputs and impure evaluations, which is substantiated across all modified files.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch eelcodolstra/nix-308-persist-provenance-data-from-dirty-repositories

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Deployed on https://699342a6135bc050de835f06--determinate-nix.netlify.app