{ pkgs, ... }:
{
  # Shared scaffolding for any hyperhive harness container — both
  # sub-agents (`agent-base.nix`) and the manager (`manager.nix`) extend
  # this. The systemd service that actually runs the harness binary
  # differs per role and lives in the child module.

  boot.isNspawnContainer = true;

  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "claude-code" ];

  environment.systemPackages = with pkgs; [
    hyperhive
    claude-code
    bashInteractive
    coreutils-full
  ];

  # Git is needed by claude's Bash tool (for the agent <-> manager config
  # request flow) and by hive-c0re's own setup_applied / setup_proposed.
  # `programs.git.enable` installs the binary + manages `/etc/gitconfig`
  # declaratively so the inline module in `applied/<name>/flake.nix` can
  # override `user.name` / `user.email` per agent without fighting a raw
  # `environment.etc."gitconfig"` block.
  programs.git = {
    enable = true;
    config = {
      user = {
        name = "hyperhive";
        email = "hyperhive@local";
      };
      init.defaultBranch = "main";
    };
  };

  # claude's Bash tool refuses to run without a POSIX shell + $SHELL set.
  environment.variables.SHELL = "${pkgs.bashInteractive}/bin/bash";

  system.stateVersion = "25.11";
}