Fix: Run macha-chat as macha user for SSH key access

CRITICAL FIX: macha-chat was running as the invoking user (e.g., lily),
but SSH keys are stored at /var/lib/macha/.ssh/id_ed25519 which only
the macha user can access.

This caused password prompts when using SSH commands in macha-chat,
while macha-ask (which runs as macha user) worked correctly.

Changes:
- macha-chat now uses 'sudo -u macha' like macha-ask does
- Both interfaces now run with identical permissions
- Ensures consistent SSH key access and behavior

Now both macha-chat and macha-ask:
- Run as the macha user
- Have access to /var/lib/macha/.ssh/id_ed25519
- Use centralized command_patterns.py
- No password prompts for SSH!

module.nix

@@ -432,15 +432,15 @@ else:
         " "$QUERY" "$SYSTEM"
       '')
       
-      # Interactive chat tool (runs as invoking user, not as macha-autonomous)
+      # Interactive chat tool (runs as macha user for consistent permissions)
       (pkgs.writeScriptBin "macha-chat" ''
         #!${pkgs.bash}/bin/bash
-        export PYTHONPATH=${toString ./.}
+        # Run as macha user to ensure access to SSH keys and consistent behavior
-        export CHROMA_ENV_FILE=""
+        # Both macha-chat and macha-ask now run with the same permissions
-        export ANONYMIZED_TELEMETRY="False"
+        sudo -u ${cfg.user} ${pkgs.coreutils}/bin/env \
-        
+          PYTHONPATH=${toString ./.} \
-        # Run as the current user, not as macha-autonomous
+          CHROMA_ENV_FILE="" \
-        # This allows the chat to execute privileged commands with the user's permissions
+          ANONYMIZED_TELEMETRY="False" \
           ${pythonEnv}/bin/python3 ${./.}/chat.py
       '')