User-domain agents are not rediscovered from the user LaunchAgents directory after reboot. Let built-in agents inherit the GUI default while keeping explicit user-domain configuration available.
'cfg.diffConfig' is an implicit submodule with sub-options that carry
their own defaults, so it never actually equals `{ }` - the previous
`cfg.diffConfig != { }` check was always true. This caused
'kitty/diff.conf' to be written (and clobber any existing unmanaged file)
even when the user configured nothing under `programs.kitty.diffConfig`.
Add an extraPackages option to the television module that wraps the `tv`
binary with additional packages in PATH. Defaults to fd, bat, and ripgrep
which are the dependencies required by television's default channels.
Existing tests updated to set extraPackages = [ ] since they test config
generation, not binary wrapping.
💘 Generated with Crush
Assisted-by: Crush:glm-5.2
podman pulls in vfkit on darwin, which fails to build on
aarch64-darwin with the current nixpkgs pin (cctools ld crashes
with 'Trace/BPT trap: 5'). The podman darwin tests reference the
real package through the machine watchdog script, establishing a
build dependency. Stub it on darwin test runs.
Both fail to build on aarch64-darwin with the current nixpkgs pin
(cctools ld crashes with 'Trace/BPT trap: 5'): gurk-rs directly, and
vfkit as a colima dependency. Stub them on darwin test runs.
Persist managed plugins in Claude Code's personal skills directory so strict-parser subcommands do not receive injected --plugin-dir arguments. Retain version-gated legacy behavior for older and unversioned packages.
When an agent's launchd.agents.<name>.domain is changed from gui to
user (or the agent is newly installed on a headless macOS system
where the gui/<UID> domain never existed), bootoutAgent attempts to
unload the agent from the old domain first. On such systems, this
fails with: Boot-out failed: 125: Domain does not support specified
action.
The bootoutAgent function only treated "No such process" as a
non-fatal condition (return 2). This change adds the domain-not-exist
error to the same handling path: the agent wasn't running in a domain
that doesn't exist, so we can safely skip the boot-out and proceed
with bootstrap into the new domain.
Follow up on home-cursor: remove legacy enable by preserving the implicit enable path that was not covered by the earlier deprecation warning.
Configurations that set home.pointerCursor without top-level enable now continue to work and emit a warning asking users to set home.pointerCursor.enable explicitly.
yubikey-agent triggers OS-level CCID/PIV PIN entry dialogs when SSH
authentication is requested. These system security prompts require
access to the macOS Aqua session (window server). Running in the user
domain (LimitLoadToSessionType=Background) blocks these prompts,
causing authentication to fail or hang.
Revert to the default gui domain so PIN prompts can render in the
graphical login session.
gpg-agent is commonly configured with graphical pinentry programs
(pinentry-mac, pinentry-gnome3) on macOS that need access to the Aqua
session to display passphrase prompts. Running in the user domain
(LimitLoadToSessionType=Background) prevents these prompts from
rendering, causing passphrase entry to fail silently or hang.
Revert to the default gui domain so the agent runs in the graphical
login session where pinentry can interact with the window server.
Fixes the following accessing issue:
```
Error accessing credential on keyring: PlatformFailure(Error { code: -25308, message: "User interaction is not allowed." })
```
Added a new config option programs.firefox.profiles.<name>.storeId.
Setting this option now writes the StoreID both to the profiles.ini
and to the settings."toolkit.profiles.storeID" of the profile.
Firefox has two different profile implementations;
- the old one that home-manager module can declare
- the new "Selectable Profile Service" introduced in 150
The new profiles are managed in a runtime db, and reads from profiles.ini
Migration without database operations is not possible right now,
but when it becomes available, this option will stop home-manager from
clobbering the linked storeIDs.
The previous test would pass no matter what the `ignoreString` was. I
don't know enough Bash/Grep to explain it, but it was easy to test by
just changing the pattern to have `WRONG` instead of `val1`, and that
would still pass the `assertFileContains` test.
I've hopefully fixed it now, by using `lib.escapeShellArg` before
passing it to `assertFileContains`, and I've also added a negative test
case, to ensure that a bad ignore string is _not_ found in the merge
script.
Taken from this nixpkgs commit by @zorrobert:
7a223b2685
Syncthing shared folders can be configured to ignore paths. These
changes add support for this functionality.
Co-authored-by: zorrobert <118135271+zorrobert@users.noreply.github.com>
Detect active fzf and history-manager Ctrl-R bindings by their configured values, warn with the winning precedence, and let the normal binding options silence the warning.
Pure Nushell sessions do not source hm-session-vars, so feed the same FZF_* values through programs.nushell.environmentVariables before sourcing fzf integration.
Move widget settings under nested option groups while preserving behavior through rename aliases, and centralize FZF environment variable rendering for later reuse.
Source the Nushell integration at order 2000 so fzf can keep chaining carapace at mkAfter while Atuin still wins Ctrl-R like it does in other shells.
Users who used programs.nushell.extraConfig = lib.mkAfter ... to beat Atuin now need lib.mkOrder 2001 or later.
User-domain agents need the Background session type to bootstrap into user/501, and activation should fail rather than silently unloading services when launchctl bootstrap fails.
The prune option uninstalled all managed Python versions (and tools)
and reinstalled them on every activation, which is slow. Instead,
resolve each requested version to the install target uv would produce
and uninstall only the difference; already-correct versions are left
untouched. Resolving to the install target (not every installed match)
also prunes superseded patch releases, which uv retains on upgrade.
Tools are diffed by PEP 503-normalized package name: requested names
are extracted and normalized at build time, and the installed set is
read from uv's tool directory, whose entries are already normalized, so
no uv output is parsed. Pruning to an empty set still removes everything.
`pkgs.formats.toml` escapes backslashes and cannot emit raw control
characters, so key-binding `chars` written as escape text (e.g.
"\uXXXX" or the "\^[" caret form) ended up as invalid literals in the
generated config. Rewrite each escape to a placeholder before
generation and restore it to "\u" afterward.
Use `builtins.split` so escapes are handled anywhere in the value,
including when repeated or mixed with other text.
forCopilotFormat only checked for type == "stdio" to add back args,
missing the case where a server already has type = "local" (e.g. set
directly by a third-party module). This caused args to be absent in the
generated mcp-config.json, failing validation.
Also, running forCopilotFormat as an extraTransform meant it ran inside
transformMcpServer, which then filtered out args = [] in its cleanup
pass. Move forCopilotFormat to run after transformMcpServer so the
empty args list is preserved in the output.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When a user configures the userChrome option, automatically enable the
`toolkit.legacyUserProfileCustomizations.stylesheets` preference with
`mkDefault` priority so that the user chrome CSS is actually loaded.
The user can still override this in the settings option if needed.
Filtering disabled shared servers out of `.mcp.json` (#9457) collapsed
"present but disabled" and "absent" into the same output, so a server
set
`enabled = false` for OpenCode could no longer remain present in Claude
Code. `.mcp.json` has no per-server `enabled` field, but settings.json
does via `disabledMcpjsonServers`.
Keep disabled servers in `.mcp.json` and list them under
`disabledMcpjsonServers` (merged with any user-set value). This honors
the
disabled intent without dropping the server, and covers both shared and
Claude Code-native servers.