Add config/fish/secrets.d/ directory pattern to .gitignore while
allowing *.example and README.md through. Add README and example file
documenting the secrets convention. Source secrets.d/*.fish files in
exports.fish so secret environment variables are loaded automatically.
Delete goenv config files as goenv is superseded by mise for Go
version management. Clean up Go env vars in fish exports: drop
set -q guards and remove GOROOT export.
Use ${VAR:-} defaults in shared.sh to prevent set -u failures on
unset variables (DOTFILES, ZSH_CUSTOM_COMPLETION_PATH, FPATH).
Export DOTFILES/BREWFILE/HOSTFILES in dfm so sourced scripts see them.
Replace `[ -f ] && source` with `if/then/fi` for conditional source
lines so the file returns 0 even when optional exports files don't
exist. Also use `${VAR:-}` for XDG defaults to avoid set -u failures.
* fix(ci): replace broad permissions with specific scopes in workflows
Replace read-all/write-all with minimum required permission scopes
across all GitHub Actions workflows to follow the principle of least
privilege (SonarCloud rule githubactions:S8234).
* fix(shell): use [[ instead of [ for conditional tests
Replace single brackets with double brackets in bash conditional
expressions across 14 files (28 changes). All scripts use bash
shebangs so [[ is safe everywhere (SonarCloud rule shelldre:S7688).
* fix(shell): add explicit return statements to functions
Add return 0 as the last statement in ~46 shell functions across
17 files that previously relied on implicit return codes
(SonarCloud rule shelldre:S7682).
* fix(shell): assign positional parameters to local variables
Replace direct $1/$2/$3 usage with named local variables in _log(),
msg(), msg_err(), msg_done(), msg_run(), msg_ok(), and array_diff()
(SonarCloud rule shelldre:S7679).
* fix(python): replace dict() constructor with literal
Use {} instead of dict() for empty dictionary initialization
(SonarCloud rule python:S7498).
* fix(shell): fix husky shebang and tolerate npm outdated exit code
* docs(shell): add function docstring comments
* fix(shell): fix heredoc indentation in x-sonarcloud
* feat(python): add ruff linter and formatter configuration
* fix(ci): align megalinter config with biome, ruff, and shfmt settings
* fix(ci): disable black and yaml-prettier in megalinter config
* chore(ci): update ruff-pre-commit to v0.15.0 and fix hook name
* fix(scripts): check for .git dir before skipping clone in install-fonts
* fix(shell): address code review issues in scripts and shared.sh
- Guard wezterm show-keys failure in create-wezterm-keymaps.sh
- Stop masking git failures with return 0 in install-cheat-purebashbible.sh
- Add missing shared.sh source in install-xcode-cli-tools.sh
- Replace exit 1 with return 1 in sourced shared.sh
* fix(scripts): address code review and security findings
- Guard wezterm show-keys failure in create-wezterm-keymaps.sh
- Stop masking git failures with return 0 in install-cheat-purebashbible.sh
- Add missing shared.sh source in install-xcode-cli-tools.sh
- Replace exit 1 with return 1 in sourced shared.sh
- Remove shell=True subprocess calls in x-git-largest-files.py
* style(shell): apply shfmt formatting and add args to pre-commit hook
* fix(python): suppress bandit false positives in x-git-largest-files
* fix(python): add nosemgrep suppression for check_output call
* feat(format): add prettier for YAML formatting
Install prettier, add .prettierrc.json config (200-char width, 2-space
indent, LF endings), .prettierignore, yarn scripts (lint:prettier,
fix:prettier, format:yaml), and pre-commit hook scoped to YAML files.
* style(yaml): apply prettier formatting
* fix(scripts): address remaining code review findings
- Python: use list comprehension to filter empty strings instead of
slicing off the last element
- create-wezterm-keymaps: write to temp file and mv for atomic updates
- install-xcode-cli-tools: fix shellcheck source directive path
* fix(python): sort imports alphabetically in x-git-largest-files
* fix(lint): disable PYTHON_ISORT in MegaLinter, ruff handles it
* chore(git): add __pycache__ to gitignore
* fix(python): rename ambiguous variable l to line (E741)
* style: remove trailing whitespace and blank lines
* style(fzf): apply shfmt formatting
* style(shell): apply shfmt formatting
* docs(plans): add design documents
* style(docs): add language specifier to fenced code block
* feat(lint): add markdown-table-formatter to dev tooling
Add markdown-table-formatter as a dev dependency with yarn scripts
(lint:md-table, fix:md-table) and a local pre-commit hook to
automatically format markdown tables on commit.
- Remove deprecated GREP_OPTIONS (handled via alias)
- Quote $ZSH_COMPDUMP to prevent word splitting
- Remove duplicate vim alias (nvim alias takes precedence)
- Consolidate completion path to ZSH_CUSTOM_COMPLETION_PATH
- Simplify PATH setup in rcfiles, centralize in exports
- Move LM Studio PATH from rcfiles to exports
- Add clarifying comments for macOS-specific ssh-add
Drop config folders (aerospace, aqua, asdf, direnv, flipperdevices,
ghostty, htop, misc, nano, task, tealdeer, tms, wtf, yamlfmt,
yamllint) along with starship.toml, nbrc, and aerospace scripts/docs.
Clean up references in dfm, _dfm completions, bashrc, exports, and
exports-lakka to match.
Replace pip install --user with uv tool install for CLI tools
(ansible) and uv pip install --system for libraries (libtmux, pynvim).
Drop pipx and pipenv (uv replaces both), delete the external
config/asdf/python-packages file, and rename the script to
install-python-packages to reflect the broader scope.
Replace sesh-gum.sh and sesh-tmux.fish with a unified sesh.sh that
cascades through available tools: gum, fzf-tmux, fzf, bash select.
Falls back to native tmux choose-tree if sesh is not installed.
Switch pane navigation from Alt-arrow to Ctrl-arrow (Alt doesn't
work reliably on Linux). Add copy-mode-vi clipboard bindings and
C-p/C-n for window switching.
Replace terminal-overrides + terminal-features with a single
terminal-features line declaring RGB, clipboard, usstyle,
strikethrough and overline for xterm-256color (WezTerm).
Update fisher to v4.4.8 with uninstall alias and rate limit
handling. Add catppuccin/fish plugin, consolidate Latte theme
into Mocha as light/dark variants, and add Frappe and Macchiato
themes. Set Catppuccin Mocha as the default theme in config.
Move package list from config/asdf/cargo-packages into
install-cargo-packages.sh as a bash array and remove the
external file. Update documentation accordingly.
