manager: same lifecycle as agents; auto-spawn on hive-c0re start

CLAUDE.md

@@ -156,6 +156,34 @@ docs/damocles-migration.md   options for moving damocles onto hyperhive
   marks them `failed` with note `"agent state dir missing"` so they fall out
   of `pending`. They stay in sqlite for audit.
 
+## Manager (hm1nd) is hive-c0re-managed
+
+The manager container runs through the **same lifecycle as sub-agents** —
+no separate code path. On `hive-c0re serve` startup, if `nixos-container
+list` doesn't include `hm1nd`, hive-c0re creates it. The manager's flake
+lives at `/var/lib/hyperhive/applied/hm1nd/`; its proposed (manager-editable)
+config at `/var/lib/hyperhive/agents/hm1nd/config/`. Manager can edit its
+own `agent.nix` (visible inside the container at `/agents/hm1nd/config/`),
+commit, and submit `request-apply-commit hm1nd <sha>` for operator
+approval — same flow as for sub-agents.
+
+Differences from sub-agents:
+- `flake.nix` extends `hyperhive.nixosConfigurations.manager` (vs
+  `agent-base`).
+- Container name is `hm1nd` (no `h-` prefix).
+- Fixed web UI port (`MANAGER_PORT = 8000`).
+- `set_nspawn_flags` adds an extra bind: `/var/lib/hyperhive/agents` →
+  `/agents` (RW), so the manager can edit per-agent proposed repos.
+- First-deploy spawn bypasses the approval queue (manager is required
+  infrastructure).
+- Per-agent socket is the manager socket at `/run/hyperhive/manager/`, owned
+  by `manager_server::start`. `coordinator::ensure_runtime` returns that
+  path for manager and the usual `/run/hyperhive/agents/<name>/` for the
+  rest.
+
+**Migration note:** drop any `containers.hm1nd = { ... }` block from your
+host NixOS config. hyperhive creates and updates the manager itself now.
+
 ## Auto-update on startup
 
 `hive-c0re serve` runs `auto_update::run` in a background task right after