feat(agents): add gitIdentity module

- Renamed shared-options.nix to shared/shared-options.nix
- Created shared/default.nix importing git-identity.nix and shared-options.nix
- Created shared/git-identity.nix with gitIdentity option set:
  - enable: Toggle for agent git identity
  - name: Git author name (default: m3ta-chiron)
  - email: Git author email (default: m3ta-chiron@agentmail.to)
  - signingKey: Optional GPG signing key path
  - sshKey: SSH private key path for git push auth
- Updated opencode.nix, pi.nix, claude-code.nix to import shared/default.nix
- Restructured modules to follow proper Nix module syntax with imports at top level

modules/home-manager/coding/agents/claude-code.nix

@@ -3,14 +3,16 @@
   lib,
   pkgs,
   ...
-}: let
+}: {
-  shared = import ./shared-options.nix {inherit lib;};
+  imports = [
-in
+    ../shared/default.nix
-  with lib; let
+  ];
-    cfg = config.coding.agents.claude-code;
+
+  options.coding.agents.claude-code = let
+    shared = import ../shared/shared-options.nix {inherit lib;};
     mcpCfg = config.programs.mcp or null;
-  in {
+  in
-    options.coding.agents.claude-code = {
+    with lib; {
       enable = mkEnableOption "Claude Code agent management via canonical agent.toml definitions";
 
       agentsInput = shared.mkAgentsInputOption ''
@@ -38,9 +40,12 @@ in
       };
     };
 
-    config = mkIf cfg.enable (let
+  config = with lib; let
+    shared = import ../shared/shared-options.nix {inherit lib;};
+    cfg = config.coding.agents.claude-code;
     agentsLib = (import ../../../../lib {inherit lib;}).agents;
-
+  in
+    mkIf cfg.enable (let
       # Rendered agents + permissions (only if agentsInput is set)
       rendered = mkIf (cfg.agentsInput != null) (
         agentsLib.renderForClaudeCode {

modules/home-manager/coding/agents/opencode.nix

@@ -3,11 +3,15 @@
   lib,
   pkgs,
   ...
-}: let
+}: {
-  shared = import ./shared-options.nix {inherit lib;};
+  imports = [
+    ../shared/default.nix
+  ];
+
+  options.coding.agents.opencode = let
+    shared = import ../shared/shared-options.nix {inherit lib;};
   in
     with lib; {
-    options.coding.agents.opencode = {
       enable = mkEnableOption "OpenCode agent management via canonical agent.toml definitions";
 
       agentsInput = shared.mkAgentsInputOption ''
@@ -19,13 +23,17 @@ in
       modelOverrides = shared.mkModelOverridesOption;
     };
 
-    config = mkIf config.coding.agents.opencode.enable {
+  config = with lib; let
-      # Rendered agent files symlinked to ~/.config/opencode/agents/
+    shared = import ../shared/shared-options.nix {inherit lib;};
-      xdg.configFile."opencode/agents" = let
     cfg = config.coding.agents.opencode;
+  in
+    mkIf cfg.enable {
+      # Rendered agent files symlinked to ~/.config/opencode/agents/
+      xdg.configFile."opencode/agents" = let
+        agentsLib = (import ../../../../lib {inherit lib;}).agents;
       in
         mkIf (cfg.agentsInput != null) {
-          source = (import ../../../../lib {inherit lib;}).agents.renderForOpencode {
+          source = agentsLib.renderForOpencode {
             inherit pkgs;
             canonical = cfg.agentsInput.lib.loadAgents;
             modelOverrides = cfg.modelOverrides;
@@ -33,22 +41,13 @@ in
         };
 
       # Static config dirs from AGENTS repo
-      xdg.configFile."opencode/context" = let
+      xdg.configFile."opencode/context" = mkIf (cfg.agentsInput != null) {
-        cfg = config.coding.agents.opencode;
-      in
-        mkIf (cfg.agentsInput != null) {
         source = "${cfg.agentsInput}/context";
       };
-      xdg.configFile."opencode/commands" = let
+      xdg.configFile."opencode/commands" = mkIf (cfg.agentsInput != null) {
-        cfg = config.coding.agents.opencode;
-      in
-        mkIf (cfg.agentsInput != null) {
         source = "${cfg.agentsInput}/commands";
       };
-      xdg.configFile."opencode/prompts" = let
+      xdg.configFile."opencode/prompts" = mkIf (cfg.agentsInput != null) {
-        cfg = config.coding.agents.opencode;
-      in
-        mkIf (cfg.agentsInput != null) {
         source = "${cfg.agentsInput}/prompts";
       };
     };

modules/home-manager/coding/agents/pi.nix

@@ -3,14 +3,16 @@
   lib,
   pkgs,
   ...
-}: let
+}: {
-  shared = import ./shared-options.nix {inherit lib;};
+  imports = [
-in
+    ../shared/default.nix
-  with lib; let
+  ];
-    cfg = config.coding.agents.pi;
+
+  options.coding.agents.pi = let
+    shared = import ../shared/shared-options.nix {inherit lib;};
     mcpCfg = config.programs.mcp or null;
-  in {
+  in
-    options.coding.agents.pi = {
+    with lib; {
       enable = mkEnableOption "Pi agent management via canonical agent.toml definitions";
 
       mcpServers = mkOption {
@@ -202,7 +204,11 @@ in
       };
     };
 
-    config = mkIf cfg.enable (let
+  config = with lib; let
+    shared = import ../shared/shared-options.nix {inherit lib;};
+    cfg = config.coding.agents.pi;
+  in
+    mkIf cfg.enable (let
       # Build settings.json by filtering out null values recursively
       filterNulls = attrs:
         lib.filterAttrs (_: v: v != null) (

modules/home-manager/coding/agents/shared/default.nix

@@ -0,0 +1,8 @@
+# Shared agent module exports
+# Imports all shared modules for the coding.agents namespace.
+{
+  imports = [
+    ./git-identity.nix
+    ./shared-options.nix
+  ];
+}

modules/home-manager/coding/agents/shared/git-identity.nix

@@ -0,0 +1,64 @@
+# Git identity module for agent commits.
+# Sets GIT_AUTHOR_*, GIT_COMMITTER_*, and GIT_SSH_COMMAND environment variables.
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.coding.agents.gitIdentity;
+in {
+  options.coding.agents.gitIdentity = {
+    enable = lib.mkEnableOption ''
+      Agent Git identity for commits. When enabled, sets GIT_AUTHOR_* and
+      GIT_COMMITTER_* environment variables for consistent bot identity.
+    '';
+
+    name = lib.mkOption {
+      type = lib.types.str;
+      default = "m3ta-chiron";
+      description = "Git user name for agent commits.";
+      example = "m3ta-chiron";
+    };
+
+    email = lib.mkOption {
+      type = lib.types.str;
+      default = "m3ta-chiron@agentmail.to";
+      description = "Git email for agent commits.";
+      example = "m3ta-chiron@agentmail.to";
+    };
+
+    signingKey = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        Optional GPG signing key for verified commits.
+        Set to null to disable signing.
+      '';
+      example = "/home/user/.gnupg/sign_key.gpg";
+    };
+
+    sshKey = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        Path to SSH private key for git push authentication.
+        Use agenix-managed paths like /run/agenix/m3ta-chiron-ssh-key
+        for secure secret management.
+      '';
+      example = "/run/agenix/m3ta-chiron-ssh-key";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home.sessionVariables = {
+      # Git author/committer identity
+      GIT_AUTHOR_NAME = cfg.name;
+      GIT_AUTHOR_EMAIL = cfg.email;
+      GIT_COMMITTER_NAME = cfg.name;
+      GIT_COMMITTER_EMAIL = cfg.email;
+
+      # SSH command for git push
+      GIT_SSH_COMMAND = "ssh -i ${cfg.sshKey} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new";
+    };
+  };
+}