docs: pre-load meta-flake design

scratchpad in claude.md and an in-flight callout at the top of
docs/approvals.md describe the upcoming overhaul so subsequent
commits can cite the design. covers: module-only agent flake
shape, /var/lib/hyperhive/meta/ as a hive-c0re-owned single
repo, applied remote pre-wired in proposed for manager git
plumbing, /meta RO bind for the system-wide deploy log,
auto-migration on hive-c0re startup with HIVE_SKIP_META_MIGRATION
kill-switch.

docs/approvals.md

@@ -37,6 +37,27 @@ step — the operator just sees the name. On approve, hive-c0re
 creates the container in a background task while the dashboard
 shows a spinner.
 
+## Meta flake (in flight)
+
+> The next overhaul (currently being implemented) introduces a
+> single hive-c0re-owned meta repo at
+> `/var/lib/hyperhive/meta/` that consumes every agent's
+> applied repo as a flake input and owns the wrapper
+> nixosConfiguration. Each agent's `applied/<n>/flake.nix`
+> shrinks to `nixosModules.default = import ./agent.nix` —
+> `agent.nix` becomes a plain NixOS module function (no
+> extendModules / hyperhive input). Containers will run
+> against `--flake /var/lib/hyperhive/meta#<n>`. Every
+> approval that builds does
+> `nix flake lock --update-input agent-<n>` in meta and
+> commits the lock; meta's git log is the system-wide deploy
+> trail. Manager additionally gets `/applied/<n>/.git`
+> pre-registered as the `applied` remote inside its proposed
+> repo, and `/meta` RO-bound for browsing the deploy log.
+> Auto-migrates on startup. Sections below describe the
+> current (still-deployed) tag-driven shape that the meta
+> flake builds on top of.
+
 ## Two repos per agent
 
 ```