feat(home): add nixpkgs wrapper scripts to avoid permission prompts (#425)

stackptr · claude · web-flow · commit 532b9e4fdfcb · 2026-04-06T15:30:29.000-07:00
The '#' character in 'nix eval nixpkgs#foo' breaks the claude-code
permission matcher. Add nixpkgs-eval, nixpkgs-run, and nixpkgs-shell
wrappers alongside the existing nix-flake wrapper, permit them in
claude-code settings, and document the pattern in CLAUDE.md.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -85,6 +85,18 @@ Custom packages and overlays are organized for clarity:
 
 - Branches should be scoped to a single host whenever possible. This keeps deploys independent and reduces risk of cross-host breakage.
 
+## Nix Commands
+
+Never use `nix <subcommand> .#<output>` — the `#` causes permission prompt failures. Use wrapper scripts instead:
+
+| Instead of | Use |
+|---|---|
+| `nix build .#foo` | `nix-flake build foo` |
+| `nix eval .#foo` | `nix-flake eval foo` |
+| `nix eval nixpkgs#foo` | `nixpkgs-eval foo` |
+| `nix run nixpkgs#foo` | `nixpkgs-run foo` |
+| `nix shell nixpkgs#foo` | `nixpkgs-shell foo` |
+
 ## Code style
 
 - All files should end with a newline.
diff --git a/modules/home/development.nix b/modules/home/development.nix
@@ -92,6 +92,9 @@ in {
               "Bash(nix store *)"
               "Bash(nix why-depends *)"
               "Bash(nix-flake *)"
+              "Bash(nixpkgs-eval *)"
+              "Bash(nixpkgs-run *)"
+              "Bash(nixpkgs-shell *)"
               # Git
               "Bash(git add *)"
               "Bash(git blame *)"
diff --git a/modules/home/utilities.nix b/modules/home/utilities.nix
@@ -94,9 +94,21 @@ in {
         nix-flake = pkgs.writeShellScriptBin "nix-flake" ''
           nix "$1" ".#$2" "''${@:3}"
         '';
+        nixpkgs-eval = pkgs.writeShellScriptBin "nixpkgs-eval" ''
+          nix eval "nixpkgs#$*"
+        '';
+        nixpkgs-run = pkgs.writeShellScriptBin "nixpkgs-run" ''
+          nix run "nixpkgs#$1" -- "''${@:2}"
+        '';
+        nixpkgs-shell = pkgs.writeShellScriptBin "nixpkgs-shell" ''
+          nix shell "''${@/#/nixpkgs#}"
+        '';
       in
         [
           nix-flake
+          nixpkgs-eval
+          nixpkgs-run
+          nixpkgs-shell
           pkgs.manix
           pkgs.nix-du
           pkgs.nix-tree
