From 2a33697cda3df16b3ac40af25862c35224463a3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?m=C3=BCde?= <git@darkest.space>
Date: Thu, 14 May 2026 23:24:28 +0200
Subject: [PATCH] CLAUDE.md: Phase 5c split

---
 CLAUDE.md | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index 0190186..0203005 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -143,8 +143,11 @@ in.
 - ✅ Phase 4 — `hm1nd` manager binary + manager socket + declarative `containers.hm1nd`
 - ✅ Phase 5 — git-commit approval flow:
   - 5a — sqlite approval queue (`request_apply_commit` / `pending` / `approve` / `deny`)
-  - 5b — per-agent config flakes at `/var/lib/hyperhive/agents/<name>/config/`;
-    `approve <id>` validates the commit + advances `main` + rebuilds
+  - 5b — per-agent config flakes (proposed + applied repos)
+  - 5c — split: manager edits `proposed`, hive-c0re writes-only `applied`; the
+    container builds from `applied`. Approve = read `agent.nix` at the
+    approved commit from `proposed`, copy into `applied`, commit + rebuild.
+    Manager cannot move `main` on its own.
 - 🔜 Phase 6 — per-agent web UI + dashboard MVP
 - 🔜 Phase 7 — dashboard commit-view + polish
 
@@ -168,19 +171,30 @@ sudo hive-c0re approve N        # validates, advances main, rebuilds h-alice
 sudo nixos-container run h-alice -- which htop   # /run/current-system/sw/bin/htop
 ```
 
-Per-agent flake layout (generated by `setup_config` on every spawn / rebuild):
+Per-agent layout — two separate git repos:
 
 ```
-/var/lib/hyperhive/agents/<name>/config/
+/var/lib/hyperhive/agents/<name>/config/    # proposed — manager edits, hive-c0re reads only
 ├── .git/
-├── flake.nix     # managed by hive-c0re — rewritten when hyperhive flake URL changes
-└── agent.nix     # manager-editable; per-agent NixOS overrides
+└── agent.nix                               # the only file the manager can change
+                                            # (initial commit by hive-c0re on first spawn,
+                                            # never touched by hive-c0re again)
+
+/var/lib/hyperhive/applied/<name>/          # applied — hive-c0re-only; container builds here
+├── .git/
+├── flake.nix                               # hive-c0re-managed; references hyperhive_flake
+└── agent.nix                               # overwritten by approve from the proposed commit
 ```
 
-The flake's `inputs.hyperhive.url` is the same URL `hive-c0re` was launched with
-(`services.hive-c0re.hyperhiveFlake`), inlined as a string. The flake's
+The container's `--flake` ref is `<applied_dir>#default`. The flake's
 `nixosConfigurations.default` extends `hyperhive.nixosConfigurations.agent-base`
-with `./agent.nix`. So adding packages is a one-line edit in `agent.nix`.
+with `./agent.nix` plus an inline module setting `environment.etc."gitconfig".text`
+with the agent's name as the git committer identity.
+
+On approve: `git show <commit>:agent.nix` from `proposed/<name>`, write the bytes
+into `applied/<name>/agent.nix`, commit there as `hive-c0re`, then
+`nixos-container update`. The manager can only propose; only hive-c0re advances
+`applied`'s `main`.
 
 See PLAN.md for the full design and the deferred-out-of-scope list.