# Git identity module for agent commits.
# Sets GIT_AUTHOR_*, GIT_COMMITTER_*, and GIT_SSH_COMMAND environment variables.
{
  pkgs,
  lib,
  config,
  ...
}: let
  cfg = config.coding.agents.gitIdentity;
in {
  options.coding.agents.gitIdentity = {
    enable = lib.mkEnableOption ''
      Agent Git identity for commits. When enabled, sets GIT_AUTHOR_* and
      GIT_COMMITTER_* environment variables for consistent bot identity.
    '';

    name = lib.mkOption {
      type = lib.types.str;
      default = "m3ta-chiron";
      description = "Git user name for agent commits.";
      example = "m3ta-chiron";
    };

    email = lib.mkOption {
      type = lib.types.str;
      default = "m3ta-chiron@agentmail.to";
      description = "Git email for agent commits.";
      example = "m3ta-chiron@agentmail.to";
    };

    signingKey = lib.mkOption {
      type = lib.types.nullOr lib.types.path;
      default = null;
      description = ''
        Optional GPG signing key for verified commits.
        Set to null to disable signing.
      '';
      example = "/home/user/.gnupg/sign_key.gpg";
    };

    sshKey = lib.mkOption {
      type = lib.types.path;
      description = ''
        Path to SSH private key for git push authentication.
        Use agenix-managed paths like /run/agenix/m3ta-chiron-ssh-key
        for secure secret management.
      '';
      example = "/run/agenix/m3ta-chiron-ssh-key";
    };
  };

  config = lib.mkIf cfg.enable {
    home.sessionVariables = {
      # Git author/committer identity
      GIT_AUTHOR_NAME = cfg.name;
      GIT_AUTHOR_EMAIL = cfg.email;
      GIT_COMMITTER_NAME = cfg.name;
      GIT_COMMITTER_EMAIL = cfg.email;

      # SSH command for git push
      GIT_SSH_COMMAND = "ssh -i ${cfg.sshKey} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new";
    };
  };
}