fix(mise): correct PATH precedence, error handling, and shell detection

- Append non-mise PATH entries so mise shims keep highest precedence
- Remove legacy cargo bin from initial PATH bootstrap
- Detect current shell for mise activate instead of hardcoding bash
- Rename AWS_SESSION_TOKEN to AWS_SESSION_TOKEN_FILE (was a file path)
- Add exit-on-failure checks to dfm mise install block
- Fix reset_nvim to call mise instead of removed npm installer
- Forward all args in dfm mise-cleanup
- Auto-detect DOTFILES in cleanup script when not pre-exported
- Report brew uninstall failures instead of masking with || true
- Fix p10k segment name from MISE to ASDF
- Replace npm with yarn in CLAUDE.md Bash whitelist

CLAUDE.md

@@ -199,7 +199,8 @@ Instead use:
 ## REDIRECTED tools — use sandbox equivalents
 
 ### Bash (>20 lines output)
-Bash is ONLY for: `git`, `mkdir`, `rm`, `mv`, `cd`, `ls`, `npm install`, `pip install`, and other short-output commands.
+Bash is ONLY for: `git`, `mkdir`, `rm`, `mv`, `cd`, `ls`, `yarn install`, `pip install`,
+and other short-output commands.
 For everything else, use:
 - `ctx_batch_execute(commands, queries)` — run multiple commands + search in ONE call
 - `ctx_execute(language: "shell", code: "...")` — run in sandbox, only stdout enters context

config/exports

@@ -21,7 +21,7 @@
 # Bootstrap: ensure local/bin is on PATH so x-path is available
 PATH="$DOTFILES/local/bin:$PATH"
 # Use x-path to deduplicate PATH entries
-PATH="$(x-path prepend "$XDG_BIN_HOME" "$DOTFILES/local/bin" "$XDG_DATA_HOME/cargo/bin" "/opt/homebrew/bin" "/usr/local/bin")"
+PATH="$(x-path prepend "$XDG_BIN_HOME" "$DOTFILES/local/bin" "/opt/homebrew/bin" "/usr/local/bin")"
 export PATH
 
 if ! command -v msg &> /dev/null; then
@@ -333,7 +333,7 @@ export AWS_CONFIGURE_OUTPUT=true
 export AWS_CONFIGURE_PROFILE=true
 export AWS_CONFIGURE_PROMPT=true
 export AWS_CONFIGURE_PROMPT_DEFAULT="default"
-export AWS_SESSION_TOKEN="${XDG_STATE_HOME}/aws/session_token"
+export AWS_SESSION_TOKEN_FILE="${XDG_STATE_HOME}/aws/session_token"
 export AWS_CONFIGURE_SESSION=true
 export AWS_CONFIGURE_SESSION_DURATION=7200
 export AWS_CONFIGURE_SESSION_MFA=true
@@ -489,15 +489,21 @@ export SQLITE_HISTORY="${XDG_CACHE_HOME}/sqlite_history"
 
 # Additional PATH entries (aligned with fish config)
 [ -d "$XDG_DATA_HOME/mise/shims" ] && export PATH="$XDG_DATA_HOME/mise/shims:$PATH"
-[ -d "$YARN_GLOBAL_FOLDER/bin" ] && export PATH="$YARN_GLOBAL_FOLDER/bin:$PATH"
-[ -d "$MASON_HOME/bin" ] && export PATH="$MASON_HOME/bin:$PATH"
-[ -d "$HOME/.dotnet/tools" ] && export PATH="$HOME/.dotnet/tools:$PATH"
-[ -d "$POETRY_HOME/bin" ] && export PATH="$POETRY_HOME/bin:$PATH"
-[ -d "$HOME/.opencode/bin" ] && export PATH="$HOME/.opencode/bin:$PATH"
+[ -d "$YARN_GLOBAL_FOLDER/bin" ] && export PATH="$PATH:$YARN_GLOBAL_FOLDER/bin"
+[ -d "$MASON_HOME/bin" ] && export PATH="$PATH:$MASON_HOME/bin"
+[ -d "$HOME/.dotnet/tools" ] && export PATH="$PATH:$HOME/.dotnet/tools"
+[ -d "$POETRY_HOME/bin" ] && export PATH="$PATH:$POETRY_HOME/bin"
+[ -d "$HOME/.opencode/bin" ] && export PATH="$PATH:$HOME/.opencode/bin"
 
 # mise — unified tool version manager
 # https://mise.jdx.dev
-command -v mise &> /dev/null && eval "$(mise activate bash)"
+if command -v mise &> /dev/null; then
+  if [ -n "${ZSH_NAME:-}" ]; then
+    eval "$(mise activate zsh)"
+  else
+    eval "$(mise activate bash)"
+  fi
+fi
 
 if [ -f "$XDG_CONFIG_HOME/exports-secret" ]; then source "$XDG_CONFIG_HOME/exports-secret"; fi
 if [ -f "$XDG_CONFIG_HOME/exports-local" ]; then source "$XDG_CONFIG_HOME/exports-local"; fi

config/zsh/p10k.zsh

@@ -121,8 +121,8 @@
   # Don't show context unless root or in SSH.
   # typeset -g POWERLEVEL9K_CONTEXT_{DEFAULT,SUDO}_CONTENT_EXPANSION=
 
-  # aws, go and mise versions colors.
-  typeset -g POWERLEVEL9K_{AWS,GO,MISE}_FOREGROUND=$grey
+  # aws, go and asdf versions colors.
+  typeset -g POWERLEVEL9K_{AWS,GO,ASDF}_FOREGROUND=$grey
 
   # Show previous command duration only if it's >= 86400s = 24h.
   typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_THRESHOLD=86400

local/bin/dfm

@@ -168,17 +168,26 @@ section_install()
       msgr run "Installing tools via mise..."
       if ! command -v mise &> /dev/null; then
         msgr nested "Installing mise..."
-        curl https://mise.run | sh
+        if ! curl https://mise.run | sh; then
+          msgr err "Failed to install mise"
+          exit 1
+        fi
         export PATH="${XDG_BIN_HOME:-$HOME/.local/bin}:$PATH"
       fi
-      mise install --yes
-      mise reshim
+      if ! mise install --yes; then
+        msgr err "mise install failed"
+        exit 1
+      fi
+      if ! mise reshim; then
+        msgr err "mise reshim failed"
+        exit 1
+      fi
       msgr yay "mise tools installed!"
       ;;
 
     mise-cleanup)
       msgr run "Cleaning up old version manager installations..."
-      bash "$DOTFILES/scripts/cleanup-old-version-managers.sh" "${2:-}"
+      bash "$DOTFILES/scripts/cleanup-old-version-managers.sh" "${@:2}"
       ;;
 
     apt-packages)
@@ -539,7 +548,7 @@ section_dotfiles()
       msgr ok "Deleted old nvim files (share, state and cache + config)"
       ln -s "$DOTFILES/config/nvim" ~/.config/nvim
       msgr ok "Linked nvim and astronvim"
-      x-have npm && $0 install npm
+      x-have mise && $0 install mise
       msgr ok "Installed packages"
       msgr run_done "nvim reset!"
       ;;

scripts/cleanup-old-version-managers.sh

@@ -4,6 +4,11 @@ set -euo pipefail
 # This script targets specific known directories — NOT which/command -v,
 # because nvim's Mason installs some of the same tool names.
 #
+# Ensure DOTFILES is set even when script is invoked directly
+if [ -z "${DOTFILES:-}" ]; then
+  DOTFILES="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+  export DOTFILES
+fi
 # shellcheck source=shared.sh
 source "$DOTFILES/config/shared.sh"
 
@@ -113,8 +118,11 @@ if command -v brew &> /dev/null; then
       else
         msgr run "Uninstalling brew package: $pkg"
         msgr warn "Note: $pkg may have dependents"
-        brew uninstall "$pkg" || true
-        msgr run_done "Uninstalled $pkg"
+        if brew uninstall "$pkg"; then
+          msgr run_done "Uninstalled $pkg"
+        else
+          msgr err "Failed to uninstall $pkg"
+        fi
       fi
     fi
   done