From 0f0e2429064aae3ac42259a1f626ee5574962b86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?m=C3=BCde?= <git@darkest.space>
Date: Fri, 15 May 2026 16:16:14 +0200
Subject: [PATCH] programs.git.enable + harness PATH tracks systemPackages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- harness-base.nix: switch to programs.git for declarative gitconfig.
- agent + manager service path = /run/current-system/sw → agents pick up
  new packages from their own agent.nix without harness edits.
- generated applied/<name>/flake.nix overrides programs.git.config.user
  (no more raw etc.gitconfig collision).
---
 hive-c0re/src/lifecycle.rs     | 11 ++++-------
 nix/templates/agent-base.nix   | 14 +++++++-------
 nix/templates/harness-base.nix | 31 ++++++++++++++++++-------------
 nix/templates/manager.nix      |  9 +++++----
 4 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/hive-c0re/src/lifecycle.rs b/hive-c0re/src/lifecycle.rs
index 69e3f20..3602119 100644
--- a/hive-c0re/src/lifecycle.rs
+++ b/hive-c0re/src/lifecycle.rs
@@ -243,13 +243,10 @@ pub async fn setup_applied(
         modules = [
           ./agent.nix
           {{
-            environment.etc."gitconfig".text = ''
-              [user]
-                name = {name}
-                email = {name}@hyperhive
-              [init]
-                defaultBranch = main
-            '';
+            programs.git.config.user = {{
+              name = "{name}";
+              email = "{name}@hyperhive";
+            }};
             systemd.services.{service}.environment = {{
               HIVE_PORT = "{port}";
               HIVE_LABEL = "{name}";
diff --git a/nix/templates/agent-base.nix b/nix/templates/agent-base.nix
index 420e129..4fb5345 100644
--- a/nix/templates/agent-base.nix
+++ b/nix/templates/agent-base.nix
@@ -6,13 +6,13 @@
     description = "hive-ag3nt harness";
     wantedBy = [ "multi-user.target" ];
     after = [ "network.target" ];
-    # `claude` for the turn loop + `bash` for claude's Bash tool. systemd
-    # units get a minimal PATH by default; entries in
-    # `environment.systemPackages` aren't on it.
-    path = [
-      pkgs.claude-code
-      pkgs.bashInteractive
-    ];
+    # systemd units get a minimal PATH by default and don't inherit
+    # `environment.systemPackages`. Pointing at `/run/current-system/sw`
+    # gives the harness (and any tools claude shells out to via Bash)
+    # access to everything declared in `systemPackages` — including
+    # anything an agent adds to its own `agent.nix` — without having to
+    # touch the service definition.
+    path = [ "/run/current-system/sw" ];
     environment.SHELL = "${pkgs.bashInteractive}/bin/bash";
     serviceConfig = {
       ExecStart = "${pkgs.hyperhive}/bin/hive-ag3nt serve";
diff --git a/nix/templates/harness-base.nix b/nix/templates/harness-base.nix
index 2804215..8140244 100644
--- a/nix/templates/harness-base.nix
+++ b/nix/templates/harness-base.nix
@@ -13,23 +13,28 @@
     hyperhive
     claude-code
     bashInteractive
-    git
     coreutils-full
   ];
+
+  # Git is needed by claude's Bash tool (for the agent <-> manager config
+  # request flow) and by hive-c0re's own setup_applied / setup_proposed.
+  # `programs.git.enable` installs the binary + manages `/etc/gitconfig`
+  # declaratively so the inline module in `applied/<name>/flake.nix` can
+  # override `user.name` / `user.email` per agent without fighting a raw
+  # `environment.etc."gitconfig"` block.
+  programs.git = {
+    enable = true;
+    config = {
+      user = {
+        name = "hyperhive";
+        email = "hyperhive@local";
+      };
+      init.defaultBranch = "main";
+    };
+  };
+
   # claude's Bash tool refuses to run without a POSIX shell + $SHELL set.
   environment.variables.SHELL = "${pkgs.bashInteractive}/bin/bash";
 
-  # Default gitconfig for any commits the harness makes. The per-agent
-  # `applied/<name>/flake.nix` overrides this with the agent's own name +
-  # email; this fallback only kicks in if the container is built straight
-  # from `agent-base` / `manager` without the per-agent extension.
-  environment.etc."gitconfig".text = ''
-    [user]
-      name = hyperhive
-      email = hyperhive@local
-    [init]
-      defaultBranch = main
-  '';
-
   system.stateVersion = "25.11";
 }
diff --git a/nix/templates/manager.nix b/nix/templates/manager.nix
index 2b46261..f88e2fb 100644
--- a/nix/templates/manager.nix
+++ b/nix/templates/manager.nix
@@ -15,10 +15,11 @@
       HIVE_LABEL = "hm1nd";
       SHELL = "${pkgs.bashInteractive}/bin/bash";
     };
-    path = [
-      pkgs.claude-code
-      pkgs.bashInteractive
-    ];
+    # See note in agent-base.nix — `/run/current-system/sw` makes the
+    # harness service PATH track `environment.systemPackages` so anything
+    # an agent adds to its own `agent.nix` is visible without editing the
+    # service definition.
+    path = [ "/run/current-system/sw" ];
     serviceConfig = {
       ExecStart = "${pkgs.hyperhive}/bin/hive-m1nd serve";
       Restart = "on-failure";