feat: install own claude-code

hosts/nb/configuration.nix

@@ -35,6 +35,8 @@ in {
       ./cachix.nix
       ./users
 
+      ./modules/epicenter.nix
+
       # ./modules/steam.nix
       ./modules/fingerprint.nix
       ./modules/set-nix-channel.nix

hosts/nb/modules/desktop/default.nix

@@ -9,7 +9,6 @@ in {
     ./thunderbird.nix
     ./bitwarden.nix
     ./rustdesk.nix
-    ./rustdesk-epicenter.nix
     ./flatpak-packages.nix
   ];
 

hosts/nb/modules/desktop/rustdesk-epicenter.nix

@@ -1,38 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  wrapperScript = pkgs.writeShellScriptBin "rustdesk-wrapper" ''
-    CONFIG_FILE="$HOME/.config/rustdesk/RustDesk2.toml"
-    CONFIG_DIR="$(dirname "$CONFIG_FILE")"
-
-    if [ ! -f "$CONFIG_FILE" ]; then
-        ${pkgs.rustdesk-flutter}/bin/rustdesk &
-        RUSTDESK_PID=$!
-        sleep 3
-        kill $RUSTDESK_PID 2>/dev/null || true
-        sleep 1
-    fi
-
-    if [ -f "$CONFIG_FILE" ]; then
-        sed -i "s|^rendezvous_server = .*|rendezvous_server = 'tools.epicenter.works:21116'|" "$CONFIG_FILE"
-        sed -i "s|^custom-rendezvous-server = .*|custom-rendezvous-server = 'tools.epicenter.works'|" "$CONFIG_FILE"
-        sed -i "/^key\s*=.*/d" "$CONFIG_FILE"
-    fi
-
-    # Launch RustDesk
-    exec ${pkgs.rustdesk-flutter}/bin/rustdesk "$@"
-  '';
-
-  rustdeskEpicenterDesktopItem = pkgs.makeDesktopItem {
-    name = "rustdesk-epicenter";
-    desktopName = "RustDesk Epicenter";
-    exec = "${wrapperScript}/bin/rustdesk-wrapper";
-    icon = "rustdesk";  # Using the standard rustdesk icon
-    categories = [ "Network" "RemoteAccess" ];
-    comment = "Remote desktop software configured for Epicenter";
-  };
-in {
-  environment.systemPackages = [
-    rustdeskEpicenterDesktopItem
-  ];
-}

hosts/nb/modules/development/coding.nix

@@ -5,7 +5,7 @@ let
   };
 in {
   environment.systemPackages = with pkgs; [
-    unstable.claude-code
+    claude-code  # Using custom overlay with version 2.0.55
     unstable.code-cursor
     unstable.vscode
     # android-studio-full

hosts/nb/modules/epicenter.nix

@@ -0,0 +1,78 @@
+{ lib, pkgs, ... }: 
+let
+  wrapperScript = pkgs.writeShellScriptBin "rustdesk-epicenter-wrapper" ''
+    # Grant epicenter user access to the Wayland socket
+    ${pkgs.acl}/bin/setfacl -m u:epicenter:x "$XDG_RUNTIME_DIR"
+    ${pkgs.acl}/bin/setfacl -m u:epicenter:rwx "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
+
+    # Run rustdesk as epicenter user with absolute path to Wayland socket
+    exec /run/wrappers/bin/sudo -u epicenter \
+      WAYLAND_DISPLAY="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \
+      XDG_RUNTIME_DIR=/run/user/1001 \
+      ${pkgs.rustdesk-flutter}/bin/rustdesk "$@"
+  '';
+
+  rustdeskEpicenterDesktopItem = pkgs.makeDesktopItem {
+    name = "rustdesk-epicenter";
+    desktopName = "RustDesk Epicenter";
+    exec = "${wrapperScript}/bin/rustdesk-epicenter-wrapper";
+    icon = "rustdesk";
+    categories = [ "Network" "RemoteAccess" ];
+    comment = "Remote desktop software for office user (Epicenter)";
+  };
+in {
+  environment.systemPackages = [
+    rustdeskEpicenterDesktopItem
+  ];
+
+  users.users.epicenter = {
+    isNormalUser = true;
+    extraGroups = [ ];  # Minimal groups
+  };
+
+  users.groups.epicenter = {};
+
+  # Allow dominik to run rustdesk as epicenter user without password
+  security.sudo.extraRules = [
+    {
+      users = [ "dominik" ];
+      runAs = "epicenter";
+      commands = [
+        {
+          command = "${pkgs.rustdesk-flutter}/bin/rustdesk";
+          options = [ "NOPASSWD" "SETENV" ];
+        }
+      ];
+    }
+  ];
+
+  home-manager.users.epicenter = {
+    home.stateVersion = "24.05";
+    home.username = "epicenter";
+    home.homeDirectory = "/home/epicenter";
+
+    # Add rustdesk to the epicenter user's packages
+    home.packages = with pkgs; [
+      rustdesk-flutter
+    ];
+
+    # Declaratively configure RustDesk for Epicenter server
+    home.file.".config/rustdesk/RustDesk2.toml" = {
+      force = true;
+      text = ''
+rendezvous_server = 'rustdesk.helsinki.tools:21116'
+nat_type = 1
+serial = 0
+unlock_pin = '''
+trusted_devices = '''
+
+[options]
+av1-test = 'N'
+key = '8jkD3HoWK+flkWcAMIqRnyn0jr4r9VPb+JYIbBtb+7k='
+api-server = 'https://rustdesk.helsinki.tools'
+custom-rendezvous-server = 'rustdesk.helsinki.tools'
+      '';
+    };
+  };
+
+}

hosts/nb/users/dominik.nix

@@ -172,7 +172,7 @@ in
   home-manager.users.dominik = { lib, pkgs, ... }: {
     # imports = [ "${impermanence}/home-manager.nix" ];
     /* The home.stateVersion option does not have a default and must be set */
-    home.stateVersion = "24.05";
+    home.stateVersion = "25.05";
     home.enableNixpkgsReleaseCheck = false;
     home.sessionVariables = {
       MOZ_ENABLE_WAYLAND = "1";

utils/overlays/packages.nix

@@ -5,6 +5,7 @@ self: super: {
   openaudible = (super.callPackage ../pkgs/openaudible.nix { });
   openmanus = (super.callPackage ../pkgs/openmanus.nix { });
   ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { };
+  claude-code = self.callPackage ../pkgs/claude-code { claude-code = super.claude-code; };
 
   # Python packages
   python3 = super.python3.override {

utils/pkgs/claude-code/default.nix

@@ -0,0 +1,30 @@
+{ lib, pkgs, runCommand, claude-code }:
+
+let
+  version = "2.0.55";
+
+  src = pkgs.fetchzip {
+    url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz";
+    hash = "sha256-wsjOkNxuBLMYprjaZQyUZHiqWl8UG7cZ1njkyKZpRYg=";
+  };
+
+  # Create a modified source with our package-lock.json
+  srcWithLock = runCommand "claude-code-src-${version}" {} ''
+    cp -r ${src} $out
+    chmod -R +w $out
+    cp ${./package-lock.json} $out/package-lock.json
+  '';
+
+in
+(claude-code.override {}).overrideAttrs (oldAttrs: {
+  inherit version;
+  src = srcWithLock;
+
+  npmDeps = pkgs.fetchNpmDeps {
+    src = srcWithLock;
+    hash = "sha256-cFvPoCmh3XpJe/5LPZizfBz6F6xAPYnBNimrK4+VbPw=";
+  };
+
+  # Remove the old postPatch since srcWithLock already includes package-lock.json
+  postPatch = "";
+})

utils/pkgs/claude-code/package-lock.json

@@ -0,0 +1,319 @@
+{
+  "name": "claude-code",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "dependencies": {
+        "@anthropic-ai/claude-code": "^2.0.55"
+      }
+    },
+    "node_modules/@anthropic-ai/claude-code": {
+      "version": "2.0.55",
+      "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.0.55.tgz",
+      "integrity": "sha512-IVY6J2KgTP5BiCbLmuP3kAl8jbXfd6yGoXtvc0L0eiZwxJUMa+cubUU0U8qHRnVkNmDAis+O4P00KmeuGzSLWg==",
+      "license": "SEE LICENSE IN README.md",
+      "bin": {
+        "claude": "cli.js"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "optionalDependencies": {
+        "@img/sharp-darwin-arm64": "^0.33.5",
+        "@img/sharp-darwin-x64": "^0.33.5",
+        "@img/sharp-linux-arm": "^0.33.5",
+        "@img/sharp-linux-arm64": "^0.33.5",
+        "@img/sharp-linux-x64": "^0.33.5",
+        "@img/sharp-linuxmusl-arm64": "^0.33.5",
+        "@img/sharp-linuxmusl-x64": "^0.33.5",
+        "@img/sharp-win32-x64": "^0.33.5"
+      }
+    },
+    "node_modules/@img/sharp-darwin-arm64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.33.5.tgz",
+      "integrity": "sha512-UT4p+iz/2H4twwAoLCqfA9UH5pI6DggwKEGuaPy7nCVQ8ZsiY5PIcrRvD1DzuY3qYL07NtIQcWnBSY/heikIFQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-darwin-arm64": "1.0.4"
+      }
+    },
+    "node_modules/@img/sharp-darwin-x64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.33.5.tgz",
+      "integrity": "sha512-fyHac4jIc1ANYGRDxtiqelIbdWkIuQaI84Mv45KvGRRxSAa7o7d1ZKAOBaYbnepLC1WqxfpimdeWfvqqSGwR2Q==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-darwin-x64": "1.0.4"
+      }
+    },
+    "node_modules/@img/sharp-libvips-darwin-arm64": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.0.4.tgz",
+      "integrity": "sha512-XblONe153h0O2zuFfTAbQYAX2JhYmDHeWikp1LM9Hul9gVPjFY427k6dFEcOL72O01QxQsWi761svJ/ev9xEDg==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-darwin-x64": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.0.4.tgz",
+      "integrity": "sha512-xnGR8YuZYfJGmWPvmlunFaWJsb9T/AO2ykoP3Fz/0X5XV2aoYBPkX6xqCQvUTKKiLddarLaxpzNe+b1hjeWHAQ==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-arm": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.0.5.tgz",
+      "integrity": "sha512-gvcC4ACAOPRNATg/ov8/MnbxFDJqf/pDePbBnuBDcjsI8PssmjoKMAz4LtLaVi+OnSb5FK/yIOamqDwGmXW32g==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-arm64": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.0.4.tgz",
+      "integrity": "sha512-9B+taZ8DlyyqzZQnoeIvDVR/2F4EbMepXMc/NdVbkzsJbzkUjhXv/70GQJ7tdLA4YJgNP25zukcxpX2/SueNrA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-x64": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.0.4.tgz",
+      "integrity": "sha512-MmWmQ3iPFZr0Iev+BAgVMb3ZyC4KeFc3jFxnNbEPas60e1cIfevbtuyf9nDGIzOaW9PdnDciJm+wFFaTlj5xYw==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linuxmusl-arm64": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.0.4.tgz",
+      "integrity": "sha512-9Ti+BbTYDcsbp4wfYib8Ctm1ilkugkA/uscUn6UXK1ldpC1JjiXbLfFZtRlBhjPZ5o1NCLiDbg8fhUPKStHoTA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linuxmusl-x64": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.0.4.tgz",
+      "integrity": "sha512-viYN1KX9m+/hGkJtvYYp+CCLgnJXwiQB39damAO7WMdKWlIhmYTfHjwSbQeUK/20vY154mwezd9HflVFM1wVSw==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-linux-arm": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.33.5.tgz",
+      "integrity": "sha512-JTS1eldqZbJxjvKaAkxhZmBqPRGmxgu+qFKSInv8moZ2AmT5Yib3EQ1c6gp493HvrvV8QgdOXdyaIBrhvFhBMQ==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-arm": "1.0.5"
+      }
+    },
+    "node_modules/@img/sharp-linux-arm64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.33.5.tgz",
+      "integrity": "sha512-JMVv+AMRyGOHtO1RFBiJy/MBsgz0x4AWrT6QoEVVTyh1E39TrCUpTRI7mx9VksGX4awWASxqCYLCV4wBZHAYxA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-arm64": "1.0.4"
+      }
+    },
+    "node_modules/@img/sharp-linux-x64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.33.5.tgz",
+      "integrity": "sha512-opC+Ok5pRNAzuvq1AG0ar+1owsu842/Ab+4qvU879ippJBHvyY5n2mxF1izXqkPYlGuP/M556uh53jRLJmzTWA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-x64": "1.0.4"
+      }
+    },
+    "node_modules/@img/sharp-linuxmusl-arm64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.33.5.tgz",
+      "integrity": "sha512-XrHMZwGQGvJg2V/oRSUfSAfjfPxO+4DkiRh6p2AFjLQztWUuY/o8Mq0eMQVIY7HJ1CDQUJlxGGZRw1a5bqmd1g==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linuxmusl-arm64": "1.0.4"
+      }
+    },
+    "node_modules/@img/sharp-linuxmusl-x64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.33.5.tgz",
+      "integrity": "sha512-WT+d/cgqKkkKySYmqoZ8y3pxx7lx9vVejxW/W4DOFMYVSkErR+w7mf2u8m/y4+xHe7yY9DAXQMWQhpnMuFfScw==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linuxmusl-x64": "1.0.4"
+      }
+    },
+    "node_modules/@img/sharp-win32-x64": {
+      "version": "0.33.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.33.5.tgz",
+      "integrity": "sha512-MpY/o8/8kj+EcnxwvrP4aTJSWw/aZ7JIGR4aBeZkZw5B7/Jn+tY9/VNwtcoGmdT7GfggGIU4kygOMSbYnOrAbg==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "Apache-2.0 AND LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    }
+  }
+}

utils/pkgs/claude-code/update.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p nodejs nix-prefetch cacert
+
+set -euo pipefail
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+# Get latest version from npm
+version=$(npm view @anthropic-ai/claude-code version)
+echo "Latest version: $version"
+
+# Update version in default.nix
+sed -i "s/version = \".*\";/version = \"$version\";/" default.nix
+
+# Fetch and update source hash
+echo "Fetching source tarball..."
+url="https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"
+hash=$(nix-prefetch-url --unpack --type sha256 "$url" 2>/dev/null)
+sri_hash=$(nix-hash --type sha256 --to-sri "$hash")
+# Update only the source hash (in fetchzip block)
+sed -i "/src = pkgs.fetchzip/,/};/ s|hash = \"sha256-.*\";|hash = \"$sri_hash\";|" default.nix
+
+# Generate new package-lock.json
+echo "Generating package-lock.json..."
+npm i --package-lock-only @anthropic-ai/claude-code@"$version"
+rm -f package.json
+
+# Set placeholder for npmDepsHash only (in fetchNpmDeps block)
+sed -i "/npmDeps = pkgs.fetchNpmDeps/,/};/ s|hash = \"sha256-.*\";|hash = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\";|" default.nix
+
+echo ""
+echo "Updated to version $version"
+echo "Source hash: $sri_hash"
+echo ""
+
+# Go to repo root (3 levels up from utils/pkgs/claude-code)
+repo_root="$(cd ../../.. && pwd)"
+cd "$repo_root"
+
+# Build to get the correct npmDepsHash
+echo "Building package to determine npmDepsHash..."
+build_output=$(NIXPKGS_ALLOW_UNFREE=1 nix build --impure --no-link --expr 'with import <nixpkgs> {}; callPackage ./utils/pkgs/claude-code { inherit lib pkgs runCommand claude-code; }' 2>&1 || true)
+
+# Extract the hash from build output
+npm_deps_hash=$(echo "$build_output" | grep -oP "got:\s+sha256-[A-Za-z0-9+/=]+" | tail -1 | awk '{print $2}')
+
+if [ -z "$npm_deps_hash" ]; then
+    echo "Error: Could not determine npmDepsHash from build output"
+    echo "Build output:"
+    echo "$build_output"
+    exit 1
+fi
+
+echo "npmDepsHash: $npm_deps_hash"
+
+# Update npmDepsHash in default.nix
+cd "$repo_root/utils/pkgs/claude-code"
+sed -i "/npmDeps = pkgs.fetchNpmDeps/,/};/ s|hash = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\";|hash = \"$npm_deps_hash\";|" default.nix
+
+# Verify the build works
+echo ""
+echo "Verifying build..."
+cd "$repo_root"
+if NIXPKGS_ALLOW_UNFREE=1 nix build --impure --no-link --expr 'with import <nixpkgs> {}; callPackage ./utils/pkgs/claude-code { inherit lib pkgs runCommand claude-code; }'; then
+    echo ""
+    echo "✓ Successfully updated claude-code to version $version"
+    echo "  Source hash: $sri_hash"
+    echo "  npmDepsHash: $npm_deps_hash"
+else
+    echo ""
+    echo "✗ Build failed after updating hashes"
+    exit 1
+fi