From dc68c947e9f2f6d57616a4b3360bc7dfa35ed957 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=BF=20corey?= <corey@x64.co>
Date: Mon, 6 Apr 2026 15:23:33 -0700
Subject: [PATCH] feat(home): add nixpkgs wrapper scripts to avoid permission
 prompts

The '#' character in 'nix eval nixpkgs#foo' breaks the claude-code
permission matcher. Add nixpkgs-eval, nixpkgs-run, and nixpkgs-shell
wrappers alongside the existing nix-flake wrapper, permit them in
claude-code settings, and document the pattern in CLAUDE.md.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 CLAUDE.md                    | 12 ++++++++++++
 modules/home/development.nix |  3 +++
 modules/home/utilities.nix   | 12 ++++++++++++
 3 files changed, 27 insertions(+)

diff --git a/CLAUDE.md b/CLAUDE.md
index 8affda6f..e1642775 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -85,6 +85,18 @@ Custom packages and overlays are organized for clarity:
 
 - Branches should be scoped to a single host whenever possible. This keeps deploys independent and reduces risk of cross-host breakage.
 
+## Nix Commands
+
+Never use `nix <subcommand> .#<output>` — the `#` causes permission prompt failures. Use wrapper scripts instead:
+
+| Instead of | Use |
+|---|---|
+| `nix build .#foo` | `nix-flake build foo` |
+| `nix eval .#foo` | `nix-flake eval foo` |
+| `nix eval nixpkgs#foo` | `nixpkgs-eval foo` |
+| `nix run nixpkgs#foo` | `nixpkgs-run foo` |
+| `nix shell nixpkgs#foo` | `nixpkgs-shell foo` |
+
 ## Code style
 
 - All files should end with a newline.
diff --git a/modules/home/development.nix b/modules/home/development.nix
index 18fad8fe..3da44922 100644
--- a/modules/home/development.nix
+++ b/modules/home/development.nix
@@ -92,6 +92,9 @@ in {
               "Bash(nix store *)"
               "Bash(nix why-depends *)"
               "Bash(nix-flake *)"
+              "Bash(nixpkgs-eval *)"
+              "Bash(nixpkgs-run *)"
+              "Bash(nixpkgs-shell *)"
               # Git
               "Bash(git add *)"
               "Bash(git blame *)"
diff --git a/modules/home/utilities.nix b/modules/home/utilities.nix
index e1540634..5f68d88d 100644
--- a/modules/home/utilities.nix
+++ b/modules/home/utilities.nix
@@ -94,9 +94,21 @@ in {
         nix-flake = pkgs.writeShellScriptBin "nix-flake" ''
           nix "$1" ".#$2" "''${@:3}"
         '';
+        nixpkgs-eval = pkgs.writeShellScriptBin "nixpkgs-eval" ''
+          nix eval "nixpkgs#$*"
+        '';
+        nixpkgs-run = pkgs.writeShellScriptBin "nixpkgs-run" ''
+          nix run "nixpkgs#$1" -- "''${@:2}"
+        '';
+        nixpkgs-shell = pkgs.writeShellScriptBin "nixpkgs-shell" ''
+          nix shell "''${@/#/nixpkgs#}"
+        '';
       in
         [
           nix-flake
+          nixpkgs-eval
+          nixpkgs-run
+          nixpkgs-shell
           pkgs.manix
           pkgs.nix-du
           pkgs.nix-tree