{ pkgs, ... }:
{
  programs.claude-code = {
    enable = true;
    package = pkgs.claude-code-bin;

    agents = {
      docs-verifier = ./agents/docs-verifier.md;
      security-reviewer = ./agents/security-reviewer.md;
    };

    skills = {
      pr = ./skills/pr;
    };

    settings = {
      model = "opus";
      enabledPlugins = {
        "gopls-lsp@claude-plugins-official" = true;
      };
      env = {
        DISABLE_AUTOUPDATER = "1";
      };
      permissions = {
        allow = [
          "Bash(git diff:*)"
          "Bash(git log:*)"
          "Bash(git branch:*)"
          "Bash(git commit:*)"
          "Bash(git status:*)"
          "Bash(git add:*)"
          "Bash(nix build:*)"
          "Bash(nix fmt:*)"
          "Bash(nix flake check:*)"
          "Bash(nix flake show:*)"
          "Bash(nix eval:*)"
          "Bash(nvd diff:*)"
        ];
        deny = [
          "Read(*.tfvars)"
          "Read(**/*.tfvars)"
          "Read(.env)"
          "Read(**/.env)"
          "Read(./secrets/**)"
          "Read(.sops.yaml)"
          "Read(~/.ssh/*)"
        ];
      };
      hooks = {
        PostToolUse = [
          {
            matcher = "EnterPlanMode";
            hooks = [
              {
                type = "command";
                command = "echo 'A plan is being created. If this session has not been renamed yet, suggest a concise, descriptive session name based on the conversation so far and ask the user to run /rename <suggested-name>.'";
              }
            ];
          }
        ];
      };
      statusLine = {
        type = "command";
        command = ''input=$(cat); echo "$(basename "$(echo "$input" | jq -r '.workspace.current_dir')") | $(echo "$input" | jq -r '.model.display_name')"'';
      };
    };
  };
}