chore: update flake inputs

2026-05-01 16:01:13 +02:00 · 2026-05-01 04:01:14 +02:00 · 2026-04-30 16:01:17 +02:00 · 2026-04-30 04:00:54 +02:00 · 2026-04-29 20:07:12 +02:00 · 2026-04-29 19:51:35 +02:00
20 changed files with 252 additions and 275 deletions
--- a/.beads/issues.jsonl
+++ b/.beads/issues.jsonl
@@ -0,0 +1 @@
 {"id":"nixpkgs-ng1","title":"Configure agent git identity in nixpkgs repo","description":"Git commits are using p@m3ta.dev instead of m3ta-chiron@agentmail.to. The GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL environment variables are not set in this environment. Need to configure the agent git identity for this repository following the pattern in AGENTS.md","status":"open","priority":2,"issue_type":"task","owner":"p@m3ta.dev","created_at":"2026-04-27T18:16:17Z","created_by":"m3tm3re","updated_at":"2026-04-27T18:16:17Z","dependency_count":0,"dependent_count":0,"comment_count":0}
--- a/flake.lock
+++ b/flake.lock
@@ -3,11 +3,11 @@
    "agents": {
      "flake": false,
      "locked": {
-        "lastModified": 1776092721,
+        "lastModified": 1777399938,
-        "narHash": "sha256-avV4Snqp0K57I9s8D61+GHlg9DYZFSIvjaS4d4RYpG8=",
+        "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=",
        "ref": "refs/heads/master",
-        "rev": "0ad41acb03eee0e22cba611b2171a3d3ee30cb10",
+        "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055",
-        "revCount": 72,
+        "revCount": 85,
        "type": "git",
        "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
      },
@@ -39,11 +39,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1775423009,
+        "lastModified": 1777268161,
-        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
+        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
+        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
        "type": "github"
      },
      "original": {
@@ -55,11 +55,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1775657231,
+        "lastModified": 1777643636,
-        "narHash": "sha256-DP8FfybiZPp5WLB9eIk0TC2mdvuYzxLGgrBODDrwPEI=",
+        "narHash": "sha256-7vvm5Ia8o3g7YNErFcDsbCx+Pk8HbnA+ZYuA5Zga7hY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4e03baaa39b7746eac5704d623461422131cd03d",
+        "rev": "da2366fac507ce7bd31852e7351e55b951656999",
        "type": "github"
      },
      "original": {
@@ -69,27 +69,6 @@
        "type": "github"
      }
    },
    "opencode": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-master"
        ]
      },
      "locked": {
        "lastModified": 1775782812,
        "narHash": "sha256-m+Ue7FWiTjKMAn1QefAwOMfOb2Vybk0mJPV9zcbkOmE=",
        "owner": "anomalyco",
        "repo": "opencode",
        "rev": "877be7e8e04142cd8fbebcb5e6c4b9617bf28cce",
        "type": "github"
      },
      "original": {
        "owner": "anomalyco",
        "ref": "v1.4.3",
        "repo": "opencode",
        "type": "github"
      }
    },
    "openspec": {
      "inputs": {
        "nixpkgs": [
@@ -97,11 +76,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1775372219,
+        "lastModified": 1777556999,
-        "narHash": "sha256-MJakKC026Sarz7nMmiFrfONWc4xgaw8ApV0Hhp4ebhM=",
+        "narHash": "sha256-HfFlRwR8IMjudRttN4T8L3DJKnNlpWfeNzQPly/HaRY=",
        "owner": "Fission-AI",
        "repo": "OpenSpec",
-        "rev": "64d476f8b924bb9b74b896ea0aa784970e37da69",
+        "rev": "347f0277e3be3549cd85cdea364fbd7710f1922b",
        "type": "github"
      },
      "original": {
@@ -116,7 +95,6 @@
        "basecamp": "basecamp",
        "nixpkgs": "nixpkgs",
        "nixpkgs-master": "nixpkgs-master",
        "opencode": "opencode",
        "openspec": "openspec"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@@ -10,12 +10,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # opencode needs newer bun from master
    opencode = {
      url = "github:anomalyco/opencode/v1.4.3";
      inputs.nixpkgs.follows = "nixpkgs-master";
    };
    # openspec - spec-driven development for AI coding assistants
    openspec = {
      url = "github:Fission-AI/OpenSpec";
--- a/modules/home-manager/coding/agents/claude-code.nix
+++ b/modules/home-manager/coding/agents/claude-code.nix
@@ -3,14 +3,16 @@
  lib,
  pkgs,
  ...
-}: let
+}: {
-  shared = import ./shared-options.nix {inherit lib;};
+  imports = [
-in
+    ./shared/default.nix
-  with lib; let
+  ];
-    cfg = config.coding.agents.claude-code;
+
  options.coding.agents.claude-code = let
    shared = import ./shared/shared-options.nix {inherit lib;};
    mcpCfg = config.programs.mcp or null;
-  in {
+  in
-    options.coding.agents.claude-code = {
+    with lib; {
      enable = mkEnableOption "Claude Code agent management via canonical agent.toml definitions";
      agentsInput = shared.mkAgentsInputOption ''
@@ -38,9 +40,12 @@ in
      };
    };
-    config = mkIf cfg.enable (let
+  config = with lib; let
    shared = import ./shared/shared-options.nix {inherit lib;};
    cfg = config.coding.agents.claude-code;
    agentsLib = (import ../../../../lib {inherit lib;}).agents;
-
+  in
    mkIf cfg.enable (let
      # Rendered agents + permissions (only if agentsInput is set)
      rendered = mkIf (cfg.agentsInput != null) (
        agentsLib.renderForClaudeCode {
--- a/modules/home-manager/coding/agents/default.nix
+++ b/modules/home-manager/coding/agents/default.nix
@@ -10,7 +10,7 @@
  pkgs,
  ...
 }: let
-  shared = import ./shared-options.nix {inherit lib;};
+  shared = import ./shared/shared-options.nix {inherit lib;};
  cfg = config.coding.agents.skills;
  mkIf = lib.mkIf;
 in {
--- a/modules/home-manager/coding/agents/opencode.nix
+++ b/modules/home-manager/coding/agents/opencode.nix
@@ -3,11 +3,15 @@
  lib,
  pkgs,
  ...
-}: let
+}: {
-  shared = import ./shared-options.nix {inherit lib;};
+  imports = [
    ./shared/default.nix
  ];
  options.coding.agents.opencode = let
    shared = import ./shared/shared-options.nix {inherit lib;};
  in
    with lib; {
    options.coding.agents.opencode = {
      enable = mkEnableOption "OpenCode agent management via canonical agent.toml definitions";
      agentsInput = shared.mkAgentsInputOption ''
@@ -19,13 +23,17 @@ in
      modelOverrides = shared.mkModelOverridesOption;
    };
-    config = mkIf config.coding.agents.opencode.enable {
+  config = with lib; let
-      # Rendered agent files symlinked to ~/.config/opencode/agents/
+    shared = import ./shared/shared-options.nix {inherit lib;};
      xdg.configFile."opencode/agents" = let
    cfg = config.coding.agents.opencode;
  in
    mkIf cfg.enable {
      # Rendered agent files symlinked to ~/.config/opencode/agents/
      xdg.configFile."opencode/agents" = let
        agentsLib = (import ../../../../lib {inherit lib;}).agents;
      in
        mkIf (cfg.agentsInput != null) {
-          source = (import ../../../../lib {inherit lib;}).agents.renderForOpencode {
+          source = agentsLib.renderForOpencode {
            inherit pkgs;
            canonical = cfg.agentsInput.lib.loadAgents;
            modelOverrides = cfg.modelOverrides;
@@ -33,22 +41,13 @@ in
        };
      # Static config dirs from AGENTS repo
-      xdg.configFile."opencode/context" = let
+      xdg.configFile."opencode/context" = mkIf (cfg.agentsInput != null) {
        cfg = config.coding.agents.opencode;
      in
        mkIf (cfg.agentsInput != null) {
        source = "${cfg.agentsInput}/context";
      };
-      xdg.configFile."opencode/commands" = let
+      xdg.configFile."opencode/commands" = mkIf (cfg.agentsInput != null) {
        cfg = config.coding.agents.opencode;
      in
        mkIf (cfg.agentsInput != null) {
        source = "${cfg.agentsInput}/commands";
      };
-      xdg.configFile."opencode/prompts" = let
+      xdg.configFile."opencode/prompts" = mkIf (cfg.agentsInput != null) {
        cfg = config.coding.agents.opencode;
      in
        mkIf (cfg.agentsInput != null) {
        source = "${cfg.agentsInput}/prompts";
      };
    };
--- a/modules/home-manager/coding/agents/pi.nix
+++ b/modules/home-manager/coding/agents/pi.nix
@@ -3,14 +3,16 @@
  lib,
  pkgs,
  ...
-}: let
+}: {
-  shared = import ./shared-options.nix {inherit lib;};
+  imports = [
-in
+    ./shared/default.nix
-  with lib; let
+  ];
-    cfg = config.coding.agents.pi;
+
  options.coding.agents.pi = let
    shared = import ./shared/shared-options.nix {inherit lib;};
    mcpCfg = config.programs.mcp or null;
-  in {
+  in
-    options.coding.agents.pi = {
+    with lib; {
      enable = mkEnableOption "Pi agent management via canonical agent.toml definitions";
      mcpServers = mkOption {
@@ -200,9 +202,45 @@ in
          See pi docs/settings.md for all options.
        '';
      };
      # ── Pi Guardrails ─────────────────────────────────────────────
      guardrails = mkOption {
        type = types.nullOr (types.submodule {
          options = {
            enable =
              mkEnableOption
              ("Generate ~/.pi/agent/extensions/guardrails.json for pi-guardrails. "
                + "Adds @aliou/pi-guardrails to packages automatically.");
            config = mkOption {
              type = types.attrsOf types.anything;
              default = {};
              description = ''
                Guardrails configuration written to ~/.pi/agent/extensions/guardrails.json.
                See https://github.com/aliou/pi-guardrails for config schema.
                IMPORTANT: Path access checks are lexical (not symlink-safe).
                Local project .pi/extensions/guardrails.json can override same rule IDs
                (memory > local > global > defaults). For immutable global policies,
                consider a wrapper or upstream patch.
              '';
            };
          };
        });
        default = null;
        description = ''
          Pi Guardrails security configuration.
          Generates ~/.pi/agent/extensions/guardrails.json when enabled.
          The @aliou/pi-guardrails package is added to settings.packages automatically.
        '';
      };
    };
-    config = mkIf cfg.enable (let
+  config = with lib; let
    shared = import ./shared/shared-options.nix {inherit lib;};
    cfg = config.coding.agents.pi;
  in
    mkIf cfg.enable (let
      # Build settings.json by filtering out null values recursively
      filterNulls = attrs:
        lib.filterAttrs (_: v: v != null) (
@@ -218,8 +256,37 @@ in
          attrs
        );
      # Base settings (already filtered)
      piSettings = filterNulls cfg.settings;
      # Guardrails package to inject when guardrails is enabled
      guardrailsPackage = "npm:@aliou/pi-guardrails@0.11.1";
      # Guardrails config (only when guardrails is enabled)
      guardrailsJson =
        if (cfg.guardrails != null && cfg.guardrails.enable)
        then builtins.toJSON cfg.guardrails.config
        else null;
      # Merge guardrails package into settings.packages when guardrails is enabled
      piSettingsWithGuardrails = let
        baseSettings = cfg.settings;
        basePackages = baseSettings.packages or [];
        hasGuardrailsPackage =
          lib.any
          (p:
            lib.hasPrefix "npm:@aliou/pi-guardrails" p
            || (lib.hasPrefix "git:" p && lib.hasSuffix "/pi-guardrails" p))
          basePackages;
        packagesWithGuardrails =
          if (cfg.guardrails != null && cfg.guardrails.enable && !hasGuardrailsPackage)
          then basePackages ++ [guardrailsPackage]
          else basePackages;
      in
        if packagesWithGuardrails != basePackages
        then filterNulls (baseSettings // {packages = packagesWithGuardrails;})
        else piSettings;
      # Coding rules config for renderForPi (only when both agentsInput and codingRules are set)
      piCodingRules =
        if cfg.agentsInput != null && cfg.codingRules != null
@@ -263,10 +330,16 @@ in
        # ── ~/.pi/agent/settings.json ──────────────────────────────────
        {
-          ".pi/agent/settings.json".text = builtins.toJSON piSettings;
+          ".pi/agent/settings.json".text = builtins.toJSON piSettingsWithGuardrails;
          ".pi/agent/settings.json".force = true;
        }
        # ── pi-guardrails config ─────────────────────────────────────
        (mkIf (guardrailsJson != null) {
          ".pi/agent/extensions/guardrails.json".text = guardrailsJson;
          ".pi/agent/extensions/guardrails.json".force = true;
        })
        # ── AGENTS.md — agent descriptions and specialist listing ──────
        (mkIf (cfg.agentsInput != null) {
          ".pi/agent/AGENTS.md".source = "${rendered}/AGENTS.md";
--- a/modules/home-manager/coding/agents/shared/default.nix
+++ b/modules/home-manager/coding/agents/shared/default.nix
@@ -0,0 +1,7 @@
 # Shared agent module exports
 # Imports all shared modules for the coding.agents namespace.
 {
  imports = [
    ./git-identity.nix
  ];
 }
--- a/modules/home-manager/coding/agents/shared/git-identity.nix
+++ b/modules/home-manager/coding/agents/shared/git-identity.nix
@@ -0,0 +1,64 @@
 # Git identity module for agent commits.
 # Sets GIT_AUTHOR_*, GIT_COMMITTER_*, and GIT_SSH_COMMAND environment variables.
 {
  pkgs,
  lib,
  config,
  ...
 }: let
  cfg = config.coding.agents.gitIdentity;
 in {
  options.coding.agents.gitIdentity = {
    enable = lib.mkEnableOption ''
      Agent Git identity for commits. When enabled, sets GIT_AUTHOR_* and
      GIT_COMMITTER_* environment variables for consistent bot identity.
    '';
    name = lib.mkOption {
      type = lib.types.str;
      default = "m3ta-chiron";
      description = "Git user name for agent commits.";
      example = "m3ta-chiron";
    };
    email = lib.mkOption {
      type = lib.types.str;
      default = "m3ta-chiron@agentmail.to";
      description = "Git email for agent commits.";
      example = "m3ta-chiron@agentmail.to";
    };
    signingKey = lib.mkOption {
      type = lib.types.nullOr lib.types.path;
      default = null;
      description = ''
        Optional GPG signing key for verified commits.
        Set to null to disable signing.
      '';
      example = "/home/user/.gnupg/sign_key.gpg";
    };
    sshKey = lib.mkOption {
      type = lib.types.path;
      description = ''
        Path to SSH private key for git push authentication.
        Use agenix-managed paths like /run/agenix/m3ta-chiron-ssh-key
        for secure secret management.
      '';
      example = "/run/agenix/m3ta-chiron-ssh-key";
    };
  };
  config = lib.mkIf cfg.enable {
    home.sessionVariables = {
      # Git author/committer identity
      GIT_AUTHOR_NAME = cfg.name;
      GIT_AUTHOR_EMAIL = cfg.email;
      GIT_COMMITTER_NAME = cfg.name;
      GIT_COMMITTER_EMAIL = cfg.email;
      # SSH command for git push
      GIT_SSH_COMMAND = "ssh -i ${cfg.sshKey} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new";
    };
  };
 }
--- a/modules/home-manager/coding/agents/shared/shared-options.nix
+++ b/modules/home-manager/coding/agents/shared/shared-options.nix
--- a/pkgs/code2prompt/default.nix
+++ b/pkgs/code2prompt/default.nix
@@ -1,40 +0,0 @@
 {
  lib,
  fetchFromGitHub,
  nix-update-script,
  rustPlatform,
  pkg-config,
  perl,
  openssl,
 }:
 rustPlatform.buildRustPackage rec {
  pname = "code2prompt";
  version = "4.2.0";
  src = fetchFromGitHub {
    owner = "mufeedvh";
    repo = "code2prompt";
    rev = "v${version}";
    hash = "sha256-Gh8SsSTZW7QlyyC3SWJ5pOK2x85/GT7+LPJn2Jeczpc=";
  };
  cargoLock = {
    lockFile = src + "/Cargo.lock";
  };
  buildAndTestSubdir = "crates/code2prompt";
  nativeBuildInputs = [pkg-config perl];
  buildInputs = [openssl];
  passthru.updateScript = nix-update-script {};
  meta = with lib; {
    description = "A CLI tool that converts your codebase into a single LLM prompt with a source tree, prompt templating, and token counting";
    homepage = "https://github.com/mufeedvh/code2prompt";
    license = licenses.mit;
    platforms = platforms.linux;
    mainProgram = "code2prompt";
  };
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -18,7 +18,6 @@ in {
  sidecar = pkgs.callPackage ./sidecar {};
  td = pkgs.callPackage ./td {};
  code2prompt = pkgs.callPackage ./code2prompt {};
  eigent = pkgs.callPackage ./eigent {};
  hyprpaper-random = pkgs.callPackage ./hyprpaper-random {};
  launch-webapp = pkgs.callPackage ./launch-webapp {};
@@ -39,13 +38,4 @@ in {
  basecamp = inputs.basecamp.packages.${system}.default;
  openspec = inputs.openspec.packages.${system}.default;
  # ── Modified packages ────────────────────────────────────────────
  # Imported from flake inputs but built with local overrides.
  # inputs.opencode is used for:
  #   - opencode binary (copied into the Tauri sidecars directory)
  #   - node_modules (with FOD hash fix for upstream issue #11755)
  #   - src + patches (via inputs.opencode)
  opencode-desktop = pkgs.callPackage ./opencode-desktop {inherit inputs;};
 }
--- a/pkgs/kestractl/sources.json
+++ b/pkgs/kestractl/sources.json
@@ -1,13 +1,13 @@
 {
-  "version": "1.2.2",
+  "version": "1.3.0",
  "sources": {
    "aarch64-linux": {
-      "url": "https://github.com/kestra-io/kestractl/releases/download/1.2.2/kestractl_1.2.2_linux_arm64.tar.gz",
+      "url": "https://github.com/kestra-io/kestractl/releases/download/1.3.0/kestractl_1.3.0_linux_arm64.tar.gz",
-      "hash": "sha256-sidFsCZPnJ07PM5QayPBqaqlBBJTLEdecfd0AWnL7Yo="
+      "hash": "sha256-/18F6CZnnLbet4BmI1oQ5pZWkJwIshCq30qd+cm0GGA="
    },
    "x86_64-linux": {
-      "url": "https://github.com/kestra-io/kestractl/releases/download/1.2.2/kestractl_1.2.2_linux_amd64.tar.gz",
+      "url": "https://github.com/kestra-io/kestractl/releases/download/1.3.0/kestractl_1.3.0_linux_amd64.tar.gz",
-      "hash": "sha256-0C2naN2ougBJSY2z2m6eORnLkLen87HD+a+gvtrUvdw="
+      "hash": "sha256-xmsBiqNKvob8xHDyU253o6c25YIubHanNdLqzWaOvSA="
    }
  }
 }
--- a/pkgs/mem0/default.nix
+++ b/pkgs/mem0/default.nix
@@ -6,14 +6,14 @@
 }:
 python3.pkgs.buildPythonPackage rec {
  pname = "mem0ai";
-  version = "1.0.9";
+  version = "2.0.1";
  pyproject = true;
  src = fetchFromGitHub {
    owner = "mem0ai";
    repo = "mem0";
    rev = "v${version}";
-    hash = "sha256-tcWH5VbjIBSHinfjirxbUhxqgU0xOUlcHTQHraMuALg=";
+    hash = "sha256-lNSE0Yit+FmM8opC4XYtfVef7JfGd3wMKbLj67Kp4Qw=";
  };
  # Relax Python dependency version constraints
--- a/pkgs/n8n/default.nix
+++ b/pkgs/n8n/default.nix
@@ -26,20 +26,20 @@
 in
  stdenv.mkDerivation (finalAttrs: {
    pname = "n8n";
-    version = "2.17.5";
+    version = "2.18.5";
    src = fetchFromGitHub {
      owner = "n8n-io";
      repo = "n8n";
      tag = "n8n@${finalAttrs.version}";
-      hash = "sha256-JwPrQOohXXeuUEcr5S+41ZElBJ3TxR3cgT45CjbzyR4=";
+      hash = "sha256-ws0DXGQFR+z3nVyd4Yn9pIM7yh+H6GnuCRSLxgvtPxo=";
    };
    pnpmDeps = fetchPnpmDeps {
      inherit (finalAttrs) pname version src;
      pnpm = pnpm_10;
      fetcherVersion = 3;
-      hash = "sha256-MBSxAsZXCaxwQpstJVxOOCIAE+0RqwlIrgXtE/hiTJM=";
+      hash = "sha256-Ajgne0neNm6HgMK6z3jnEkUJJxVOTgzjpSaMaJgIndQ=";
    };
    nativeBuildInputs =
--- a/pkgs/n8n/update.sh
+++ b/pkgs/n8n/update.sh
@@ -1,8 +1,29 @@
 #!/usr/bin/env nix-shell
-#!nix-shell --pure -i bash -p bash curl jq nix-update cacert git
+#!nix-shell -i bash -p bash curl jq nix-update cacert git nix
 set -euo pipefail
-# n8n now publishes two releases per version: a "stable" tag and a "n8n@X.Y.Z" versioned tag.
+# n8n releases are published with two tags per version:
-# Skip the "stable" tag and get the actual version from the next release.
+#   - "n8n@X.Y.Z" - the versioned tag
-new_version="$(curl -s "https://api.github.com/repos/n8n-io/n8n/releases" | jq --raw-output 'map(select(.tag_name != "stable")) | .[0].tag_name | ltrimstr("n8n@")')"
+#   - "stable"   - always points to the latest stable version
-nix-update n8n --flake --version "$new_version"
+#
 # We query the "stable" tag and extract the version from its target commitish (e.g., "release/2.18.5").
 # This ensures we always get the actual latest stable version, not the most recently created tag.
 set -euo pipefail
 # Get the directory where this script lives (should be pkgs/n8n/)
 script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 # Get the nixpkgs root (parent of pkgs/)
 nixpkgs_root="$(cd "$script_dir/../.." && pwd)"
 cd "$nixpkgs_root"
 # Query the "stable" tag and extract version from target_commitish (e.g., "release/2.18.5")
 new_version=$(curl -s "https://api.github.com/repos/n8n-io/n8n/releases/tags/stable" | jq --raw-output '.target_commitish | ltrimstr("release/")')
 echo "Latest stable version: n8n@${new_version}"
 echo "Running from: $(pwd)"
 # Use --flake --system to properly evaluate the flake-based package
 nix-update --flake --system x86_64-linux n8n --version "$new_version"
--- a/pkgs/opencode-desktop/default.nix
+++ b/pkgs/opencode-desktop/default.nix
@@ -1,114 +0,0 @@
 {
  lib,
  stdenv,
  symlinkJoin,
  makeWrapper,
  rustPlatform,
  pkg-config,
  cargo-tauri,
  bun,
  nodejs,
  cargo,
  rustc,
  jq,
  wrapGAppsHook4,
  dbus,
  glib,
  gtk4,
  libsoup_3,
  librsvg,
  libappindicator,
  glib-networking,
  openssl,
  webkitgtk_4_1,
  gst_all_1,
  inputs ? null,
 }: let
  # Get upstream opencode package for shared attributes
  opencode = inputs.opencode.packages.${stdenv.hostPlatform.system}.default;
  # Workaround for https://github.com/anomalyco/opencode/issues/11755
  # Upstream is missing outputHashes for git dependencies
  # Also fix stale npm deps hash in upstream node_modules FOD
  fixedNodeModules = opencode.node_modules.overrideAttrs {
    outputHash = "sha256-285KZ7rZLRoc6XqCZRHc25NE+mmpGh/BVeMpv8aPQtQ=";
  };
  opencode-desktop = rustPlatform.buildRustPackage (finalAttrs: {
    pname = "opencode-desktop";
    version = opencode.version;
    src = opencode.src;
    node_modules = fixedNodeModules;
    patches = opencode.patches;
    cargoRoot = "packages/desktop/src-tauri";
    cargoLock = {
      lockFile = finalAttrs.src + "/packages/desktop/src-tauri/Cargo.lock";
      outputHashes = {
        "specta-2.0.0-rc.22" = "sha256-YsyOAnXELLKzhNlJ35dHA6KGbs0wTAX/nlQoW8wWyJQ=";
        "tauri-2.9.5" = "sha256-dv5E/+A49ZBvnUQUkCGGJ21iHrVvrhHKNcpUctivJ8M=";
        "tauri-specta-2.0.0-rc.21" = "sha256-n2VJ+B1nVrh6zQoZyfMoctqP+Csh7eVHRXwUQuiQjaQ=";
      };
    };
    buildAndTestSubdir = finalAttrs.cargoRoot;
    nativeBuildInputs =
      [pkg-config cargo-tauri.hook bun nodejs cargo rustc jq makeWrapper]
      ++ lib.optionals stdenv.hostPlatform.isLinux [wrapGAppsHook4];
    buildInputs = lib.optionals stdenv.isLinux [
      dbus
      glib
      gtk4
      libsoup_3
      librsvg
      libappindicator
      glib-networking
      openssl
      webkitgtk_4_1
      gst_all_1.gstreamer
      gst_all_1.gst-plugins-base
      gst_all_1.gst-plugins-good
      gst_all_1.gst-plugins-bad
    ];
    strictDeps = true;
    preBuild = ''
      cp -a ${finalAttrs.node_modules}/{node_modules,packages} .
      chmod -R u+w node_modules packages
      patchShebangs node_modules
      patchShebangs packages/desktop/node_modules
      mkdir -p packages/desktop/src-tauri/sidecars
      cp ${opencode}/bin/opencode packages/desktop/src-tauri/sidecars/opencode-cli-${stdenv.hostPlatform.rust.rustcTarget}
    '';
    tauriBuildFlags = ["--config" "tauri.prod.conf.json" "--no-sign"];
    postFixup = lib.optionalString stdenv.hostPlatform.isLinux ''
      mv $out/bin/OpenCode $out/bin/opencode-desktop
      sed -i 's|^Exec=OpenCode$|Exec=opencode-desktop|' $out/share/applications/OpenCode.desktop
    '';
  });
  # Wrapper for Wayland support
 in
  symlinkJoin {
    name = "opencode-desktop";
    paths = [opencode-desktop];
    nativeBuildInputs = [makeWrapper];
    postBuild = ''
      wrapProgram $out/bin/opencode-desktop \
        --run 'if [[ "$NIXOS_OZONE_WL" == "1" ]]; then export OC_ALLOW_WAYLAND=1; fi'
    '';
    meta = {
      description = "OpenCode Desktop App with Wayland support";
      homepage = "https://opencode.ai";
      license = lib.licenses.mit;
      platforms = lib.platforms.linux;
      mainProgram = "opencode-desktop";
    };
  }
--- a/pkgs/sidecar/default.nix
+++ b/pkgs/sidecar/default.nix
@@ -13,16 +13,16 @@
 }:
 buildGoModule (finalAttrs: {
  pname = "sidecar";
-  version = "0.83.0";
+  version = "0.84.0";
  src = fetchFromGitHub {
    owner = "marcus";
    repo = "sidecar";
    tag = "v${finalAttrs.version}";
-    hash = "sha256-L6q2eZO1rNngWwHVhBJ2ftVbvYTConpqYHEb3nwiXxs=";
+    hash = "sha256-80ldZlaZ99ti8dvw+Awev7ucz03iOVD2yzz/+IFHDvA=";
  };
-  vendorHash = "sha256-fIaHzc0L4jwVSh/YjrXBB7nENqCgOfHF5bnljFsGbVo=";
+  vendorHash = "sha256-IDD+hQZODNPj+Gy9CX5GFdMcsvt75aFLpabXZehAjaw=";
  subPackages = ["cmd/sidecar"];
--- a/pkgs/td/default.nix
+++ b/pkgs/td/default.nix
@@ -9,13 +9,13 @@
 }:
 buildGoModule (finalAttrs: {
  pname = "td";
-  version = "0.43.0";
+  version = "0.44.0";
  src = fetchFromGitHub {
    owner = "marcus";
    repo = "td";
    tag = "v${finalAttrs.version}";
-    hash = "sha256-DwzuXumEEQWfZW+GbbY9kyqkEFZQ9sC+sSbVxfrY6bM=";
+    hash = "sha256-k1OCK6LE99fHLuxv8HZUW8cSn2Wmk74J7kb6Mi5ZpVw=";
  };
  vendorHash = "sha256-hFFG+vLXcL2NNdLQvQZ1hzu++pp5AkbFOPQS10wtsec=";
--- a/shells/coding.nix
+++ b/shells/coding.nix
@@ -57,7 +57,6 @@ in
      customPackages.sidecar
      # Code analysis tools
      customPackages.code2prompt
      # Nix development tools (for this repo)
      nil
Author	SHA1	Message	Date
nix-update bot	c6c3ffb548	chore: update flake inputs	2026-05-01 16:01:13 +02:00
nix-update bot	9b423315b3	chore: update flake inputs All checks were successful Update Nix Packages with nix-update / nix-update (push) Successful in 2m42s Details	2026-05-01 04:01:14 +02:00
nix-update bot	14d906ef93	chore: update flake inputs All checks were successful Update Nix Packages with nix-update / nix-update (push) Successful in 2m36s Details	2026-04-30 16:01:17 +02:00
nix-update bot	e7393d6fa4	chore: update flake inputs All checks were successful Update Nix Packages with nix-update / nix-update (push) Successful in 4m6s Details	2026-04-30 04:00:54 +02:00
m3ta-chiron	1da8c96447	fix(pi): correct guardrails enable option string Some checks failed Update Nix Packages with nix-update / nix-update (push) Failing after 34m23s Details	2026-04-29 20:07:12 +02:00
m3ta-chiron	6a8cb62903	style(pi): format guardrails module with alejandra	2026-04-29 19:51:35 +02:00
m3ta-chiron	a3e247e5af	feat(pi): add guardrails config option for pi-guardrails integration Adds a guardrails submodule option to coding.agents.pi that: - Generates ~/.pi/agent/extensions/guardrails.json when enabled - Automatically injects @aliou/pi-guardrails package into settings.packages - Provides structured options for policies, pathAccess, and permissionGate The module generates the JSON config that pi-guardrails reads for its security hooks (policies, permission-gate, path-access). Limitations documented in option descriptions: - Path access checks are lexical (not symlink-safe) - Local project guardrails.json can override global rule IDs	2026-04-29 19:48:10 +02:00
m3ta-chiron	f7f0c4072e	fix(n8n): use stable tag target to get actual version The previous jq filter grabbed the first non-stable release by creation date, which incorrectly returned 1.123.38 instead of the latest stable 2.18.5. Now query the 'stable' tag directly and extract version from its target_commitish (e.g., 'release/2.18.5' -> '2.18.5'), ensuring we always get the actual latest stable version. Also bump version from 2.17.8 to 2.18.5 with updated hashes.	2026-04-29 18:40:49 +02:00
m3tm3re	e601fde026	kestractl: 1.2.2 -> 1.3.0	2026-04-29 18:39:03 +02:00
nix-update bot	642e764b81	chore: update flake inputs	2026-04-29 16:01:26 +02:00
nix-update bot	0a224db2fc	chore: update flake inputs All checks were successful Update Nix Packages with nix-update / nix-update (push) Successful in 2m39s Details	2026-04-29 04:01:44 +02:00
nix-update bot	69e8fb93be	chore: update flake inputs All checks were successful Update Nix Packages with nix-update / nix-update (push) Successful in 23m34s Details	2026-04-28 16:01:26 +02:00
nix-update bot	c63ecc899c	td: 0.43.0 -> 0.44.0 All checks were successful Update Nix Packages with nix-update / nix-update (push) Successful in 2m35s Details Diff: https://github.com/marcus/td/compare/v0.43.0...v0.44.0	2026-04-28 04:03:27 +02:00
nix-update bot	5d2bfbd27c	sidecar: 0.83.0 -> 0.84.0 Diff: https://github.com/marcus/sidecar/compare/v0.83.0...v0.84.0 Changelog: https://github.com/marcus/sidecar/releases/tag/v0.84.0	2026-04-28 04:02:57 +02:00
nix-update bot	66c398d196	mem0: 1.0.9 -> 2.0.1 Diff: https://github.com/mem0ai/mem0/compare/v1.0.9...v2.0.1 Changelog: https://github.com/mem0ai/mem0/releases/tag/v2.0.1	2026-04-28 04:02:08 +02:00
nix-update bot	729ea971c5	chore: update flake inputs	2026-04-28 04:01:09 +02:00
m3tm3re	ce16dfff2e	chore(beads): initialize issue tracker Some checks failed Update Nix Packages with nix-update / nix-update (push) Failing after 37m14s Details Add nixpkgs-ng1 task: Configure agent git identity	2026-04-27 20:16:27 +02:00
m3tm3re	31464e245e	chore(nix): remove deprecated packages - Remove opencode flake input (old v1.4.3 URL, superseded) - Remove code2prompt package - Remove opencode-desktop package	2026-04-27 20:14:18 +02:00
m3ta-chiron	251a6892a3	fix(n8n): resolve nix-update hash prefetch failure - Remove --pure from nix-shell shebang to allow network access - Add --flake --system x86_64-linux for proper flake evaluation - Navigate to nixpkgs root before running nix-update - Also bump version 2.17.5 -> 2.17.8	2026-04-27 19:46:14 +02:00
m3tam3re	95aeff28ad	Merge pull request 'feature/agent-git-identity' (#16 ) from feature/agent-git-identity into master Reviewed-on: #16	2026-04-27 17:56:26 +02:00
m3tm3re	fa339ae8cc	fix(agents): correct shared-options.nix import paths from ../ to ./	2026-04-27 13:17:11 +02:00
m3tm3re	cec0c31d91	fix(agents): correct shared-options.nix import path	2026-04-27 13:11:11 +02:00
m3tm3re	6a8360305d	fix(agents): remove shared-options.nix from imports to avoid module system conflict	2026-04-27 13:08:40 +02:00
m3tm3re	5edd0929d0	fix(agents): correct import paths for shared module	2026-04-27 13:00:52 +02:00
m3tm3re	60aeec7cfe	feat(agents): add gitIdentity module - Renamed shared-options.nix to shared/shared-options.nix - Created shared/default.nix importing git-identity.nix and shared-options.nix - Created shared/git-identity.nix with gitIdentity option set: - enable: Toggle for agent git identity - name: Git author name (default: m3ta-chiron) - email: Git author email (default: m3ta-chiron@agentmail.to) - signingKey: Optional GPG signing key path - sshKey: SSH private key path for git push auth - Updated opencode.nix, pi.nix, claude-code.nix to import shared/default.nix - Restructured modules to follow proper Nix module syntax with imports at top level	2026-04-27 12:43:56 +02:00
		`@@ -0,0 +1 @@`
							{"id":"nixpkgs-ng1","title":"Configure agent git identity in nixpkgs repo","description":"Git commits are using p@m3ta.dev instead of m3ta-chiron@agentmail.to. The GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL environment variables are not set in this environment. Need to configure the agent git identity for this repository following the pattern in AGENTS.md","status":"open","priority":2,"issue_type":"task","owner":"p@m3ta.dev","created_at":"2026-04-27T18:16:17Z","created_by":"m3tm3re","updated_at":"2026-04-27T18:16:17Z","dependency_count":0,"dependent_count":0,"comment_count":0}