diff --git a/module.nix b/module.nix
index 716c9f2..bf34132 100644
--- a/module.nix
+++ b/module.nix
@@ -432,16 +432,16 @@ else:
         " "$QUERY" "$SYSTEM"
       '')
       
-      # Interactive chat tool (runs as invoking user, not as macha-autonomous)
+      # Interactive chat tool (runs as macha user for consistent permissions)
       (pkgs.writeScriptBin "macha-chat" ''
         #!${pkgs.bash}/bin/bash
-        export PYTHONPATH=${toString ./.}
-        export CHROMA_ENV_FILE=""
-        export ANONYMIZED_TELEMETRY="False"
-        
-        # Run as the current user, not as macha-autonomous
-        # This allows the chat to execute privileged commands with the user's permissions
-        ${pythonEnv}/bin/python3 ${./.}/chat.py
+        # Run as macha user to ensure access to SSH keys and consistent behavior
+        # Both macha-chat and macha-ask now run with the same permissions
+        sudo -u ${cfg.user} ${pkgs.coreutils}/bin/env \
+          PYTHONPATH=${toString ./.} \
+          CHROMA_ENV_FILE="" \
+          ANONYMIZED_TELEMETRY="False" \
+          ${pythonEnv}/bin/python3 ${./.}/chat.py
       '')
       
       # Tool to read full config file