chore(deps): update pre-commit hook astral-sh/ruff-pre-commit (v0.15.6 → v0.15.7)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.gitignore

@@ -29,6 +29,9 @@ config/fish/completions/kubectl.fish
 config/fish/completions/orbctl.fish
 config/fish/fish_variables
 config/fish/fish_variables.*
+config/fish/secrets.d/*
+!config/fish/secrets.d/*.example
+!config/fish/secrets.d/README.md
 config/gh/hosts.yml
 config/git/credentials
 config/git/local.d/*

.pre-commit-config.yaml

@@ -76,7 +76,7 @@ repos:
       - id: fish_indent
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.6
+    rev: v0.15.7
     hooks:
       - id: ruff-check
         args: [--fix]

.serena/project.yml

@@ -1,10 +1,4 @@
-# language of the project (csharp, python, rust, java, typescript, go, cpp, or ruby)
-#  * For C, use cpp
-#  * For JavaScript, use typescript
-# Special requirements:
-#  * csharp: Requires the presence of a .sln file in the project folder.
-language: bash
-
+---
 # whether to use the project's gitignore file to ignore files
 # Added on 2025-04-07
 ignore_all_files_in_gitignore: true
@@ -86,5 +80,81 @@ excluded_tools: []
 # initial prompt for the project. It will always be given to the LLM upon activating the project
 # (contrary to the memories, which are loaded on demand).
 initial_prompt: ""
-
+# the name by which the project can be referenced within Serena
 project_name: ".dotfiles"
+
+# list of tools to include that would otherwise be disabled (particularly optional tools that are disabled by default).
+# This extends the existing inclusions (e.g. from the global configuration).
+included_optional_tools: []
+
+# fixed set of tools to use as the base tool set (if non-empty), replacing Serena's default set of tools.
+# This cannot be combined with non-empty excluded_tools or included_optional_tools.
+fixed_tools: []
+
+# list of mode names to that are always to be included in the set of active modes
+# The full set of modes to be activated is base_modes + default_modes.
+# If the setting is undefined, the base_modes from the global configuration (serena_config.yml) apply.
+# Otherwise, this setting overrides the global configuration.
+# Set this to [] to disable base modes for this project.
+# Set this to a list of mode names to always include the respective modes for this project.
+base_modes:
+
+# list of mode names that are to be activated by default.
+# The full set of modes to be activated is base_modes + default_modes.
+# If the setting is undefined, the default_modes from the global configuration (serena_config.yml) apply.
+# Otherwise, this overrides the setting from the global configuration (serena_config.yml).
+# This setting can, in turn, be overridden by CLI parameters (--mode).
+default_modes:
+
+# time budget (seconds) per tool call for the retrieval of additional symbol information
+# such as docstrings or parameter information.
+# This overrides the corresponding setting in the global configuration; see the documentation there.
+# If null or missing, use the setting from the global configuration.
+symbol_info_budget:
+
+# The language backend to use for this project.
+# If not set, the global setting from serena_config.yml is used.
+# Valid values: LSP, JetBrains
+# Note: the backend is fixed at startup. If a project with a different backend
+# is activated post-init, an error will be returned.
+language_backend:
+
+# line ending convention to use when writing source files.
+# Possible values: unset (use global setting), "lf", "crlf", or "native" (platform default)
+# This does not affect Serena's own files (e.g. memories and configuration files), which always use native line endings.
+line_ending:
+
+# list of regex patterns which, when matched, mark a memory entry as read‑only.
+# Extends the list from the global configuration, merging the two lists.
+read_only_memory_patterns: []
+
+# the encoding used by text files in the project
+# For a list of possible encodings, see https://docs.python.org/3.11/library/codecs.html#standard-encodings
+encoding: utf-8
+
+# list of languages for which language servers are started; choose from:
+#   al                  bash                clojure             cpp                 csharp
+#   csharp_omnisharp    dart                elixir              elm                 erlang
+#   fortran             fsharp              go                  groovy              haskell
+#   java                julia               kotlin              lua                 markdown
+#   matlab              nix                 pascal              perl                php
+#   php_phpactor        powershell          python              python_jedi         r
+#   rego                ruby                ruby_solargraph     rust                scala
+#   swift               terraform           toml                typescript          typescript_vts
+#   vue                 yaml                zig
+#   (This list may be outdated. For the current list, see values of Language enum here:
+#   https://github.com/oraios/serena/blob/main/src/solidlsp/ls_config.py
+#   For some languages, there are alternative language servers, e.g. csharp_omnisharp, ruby_solargraph.)
+# Note:
+#   - For C, use cpp
+#   - For JavaScript, use typescript
+#   - For Free Pascal/Lazarus, use pascal
+# Special requirements:
+#   Some languages require additional setup/installations.
+#   See here for details: https://oraios.github.io/serena/01-about/020_programming-languages.html#language-servers
+# When using multiple languages, the first language server that supports a given file will be used for that file.
+# The first language is the default language and the respective language server will be used as a fallback.
+# Note that when using the JetBrains backend, language servers are not used and this list is correspondingly ignored.
+languages:
+  - bash
+  - lua

config/exports

@@ -503,7 +503,7 @@ export SQLITE_HISTORY="${XDG_CACHE_HOME}/sqlite_history"
 # mise — unified tool version manager
 # https://mise.jdx.dev
 if command -v mise &> /dev/null; then
-  eval "$(mise activate "$(basename "${SHELL:-bash}")")"
+  eval "$(mise activate bash)"
 fi
 
 if [ -f "$XDG_CONFIG_HOME/exports-secret" ]; then source "$XDG_CONFIG_HOME/exports-secret"; fi

config/fish/alias.fish

@@ -1,7 +1,9 @@
 # Set aliases for fish shell
 
-alias vim='nvim'
-alias vi='nvim'
+if type -q nvim
+    alias vim='nvim'
+    alias vi='nvim'
+end
 
 # eza aliases if eza is installed
 if type -q eza >/dev/null
@@ -31,6 +33,19 @@ if type -q eza >/dev/null
     function l --wraps='eza_git' --description eza
         eza_git $argv
     end
+else
+    function ls --description 'ls (system fallback)'
+        command ls $argv
+    end
+    function ll --description 'ls -lh (system fallback)'
+        command ls -lh $argv
+    end
+    function l --description 'ls (system fallback)'
+        command ls $argv
+    end
+    function lsa --description 'ls -lah (system fallback)'
+        command ls -lah $argv
+    end
 end
 
 # Edit fish alias file
@@ -130,4 +145,6 @@ alias x-datetime="date +'%Y-%m-%d %H:%M:%S'"
 alias x-timestamp="date +'%s'"
 
 # Random abbreviations
-abbr --add stats onefetch --nerd-fonts --true-color never
+if type -q onefetch
+    abbr --add stats onefetch --nerd-fonts --true-color never
+end

config/fish/config.fish

@@ -52,3 +52,4 @@ source ~/.orbstack/shell/init2.fish 2>/dev/null || :
 if status is-interactive; and not set -q GITHUB_TOKEN
     echo "Warning: GITHUB_TOKEN is not set" >&2
 end
+eval "$(/opt/homebrew/bin/brew shellenv fish)"

config/fish/exports.fish

@@ -97,8 +97,9 @@ set -q FZF_DEFAULT_OPTS; or set -x FZF_DEFAULT_OPTS \
 set -q GNUPGHOME; or set -x GNUPGHOME "$XDG_DATA_HOME/gnupg"
 
 # Go configuration
-set -q GOPATH; or set -x GOPATH "$XDG_DATA_HOME/go"
-set -q GOBIN; or set -x GOBIN "$XDG_BIN_HOME"
+set -x GOPATH "$XDG_DATA_HOME/go"
+set -x GOBIN "$XDG_BIN_HOME"
+set -e GOROOT
 
 # 1Password configuration
 set -q OP_CACHE; or set -x OP_CACHE "$XDG_STATE_HOME/1password"
@@ -179,6 +180,15 @@ if test -f "$DOTFILES/hosts/$HOSTNAME/config/fish/exports-secret.fish"
     source "$DOTFILES/hosts/$HOSTNAME/config/fish/exports-secret.fish"
 end
 
+# Source secret environment variables from secrets.d directory
+if test -d "$DOTFILES/config/fish/secrets.d"
+    for secret_file in "$DOTFILES/config/fish/secrets.d"/*.fish
+        if test -f "$secret_file"
+            source "$secret_file"
+        end
+    end
+end
+
 # Configure tide prompt
 set -gx tide_prompt_transient_enabled true
 set -gx tide_prompt_add_newline_before true

config/fish/secrets.d/README.md

@@ -0,0 +1,72 @@
+# Fish Shell Secrets Directory
+
+This directory contains sensitive environment variables like API tokens and credentials.
+
+## Usage
+
+1. Copy an example file (e.g., `github.fish.example`) to remove the `.example` suffix:
+
+   ```bash
+   cp github.fish.example github.fish
+   ```
+
+2. Edit the file and replace placeholder values with your actual secrets:
+
+   ```bash
+   $EDITOR github.fish
+   ```
+
+3. Reload your fish shell or source the exports:
+
+   ```fish
+   source ~/.config/fish/exports.fish
+   ```
+
+## Adding New Secret Files
+
+Create a new `.fish` file in this directory with your environment variables:
+
+```fish
+# Example: openai.fish
+set -x OPENAI_API_KEY "sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+```
+
+Common secret patterns:
+
+- `github.fish` - GitHub Personal Access Token (`GITHUB_TOKEN`)
+- `aws.fish` - AWS credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`)
+- `openai.fish` - OpenAI API key (`OPENAI_API_KEY`)
+- `anthropic.fish` - Anthropic API key (`ANTHROPIC_API_KEY`)
+
+## Security Best Practices
+
+- **Never commit actual secrets** - Only `.example` files are tracked by git
+- **Use specific permissions** - Consider `chmod 600` for secret files
+- **Rotate credentials regularly** - Update tokens when compromised
+- **Use environment-specific files** - Separate dev/staging/prod credentials
+- **Check before committing** - Run `git status` to verify secrets aren't staged
+
+## How It Works
+
+The `exports.fish` file automatically sources all `*.fish` files from this directory:
+
+```fish
+if test -d "$DOTFILES/config/fish/secrets.d"
+    for secret_file in "$DOTFILES/config/fish/secrets.d"/*.fish
+        if test -f "$secret_file"
+            source "$secret_file"
+        end
+    end
+end
+```
+
+Files ending in `.example` are ignored by the loader but tracked by git as templates.
+
+## Backward Compatibility
+
+This directory supplements the existing `exports-secret.fish` pattern. Both methods work:
+
+- **Legacy**: `config/fish/exports-secret.fish` (single file, still supported)
+- **New**: `config/fish/secrets.d/*.fish` (multiple files, recommended)
+
+Use whichever approach fits your workflow best.

config/fish/secrets.d/github.fish.example

@@ -0,0 +1,5 @@
+# GitHub Personal Access Token
+# Copy this file to github.fish (remove .example) and set your token
+# Generate token at: https://github.com/settings/tokens
+
+set -x GITHUB_TOKEN "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

config/goenv/goenvrc

@@ -1,6 +0,0 @@
-# Detect shell
-if [ -n "$BASH_VERSION" ] || [ -n "$ZSH_VERSION" ]; then
-  export GOENV_PATH_ORDER=front
-  export GOENV_PREPEND_GOPATH=true
-  export GOENV_AUTO_INSTALL=true
-fi

config/goenv/goenvrc.fish

@@ -1,3 +0,0 @@
-set -gx GOENV_PATH_ORDER front
-set -gx GOENV_PREPEND_GOPATH true
-set -gx GOENV_AUTO_INSTALL true

config/homebrew/Brewfile

@@ -1,13 +1,18 @@
 tap "1password/tap"
+tap "anchore/grype"
+tap "caarlos0/tap"
 tap "cormacrelf/tap"
+tap "dagger/tap"
 tap "ddosify/tap"
 tap "dm3ch/tap"
 tap "doron-cohen/tap"
 tap "gesquive/tap"
+tap "github/gh"
 tap "golangci/tap"
 tap "homebrew/autoupdate"
-tap "homebrew/bundle"
-tap "homebrew/services"
+tap "ivuorinen/tap"
+tap "jesseduffield/lazygit"
+tap "k8sgpt-ai/k8sgpt"
 tap "keith/formulae"
 tap "koekeishiya/formulae"
 tap "mongodb/brew"
@@ -16,21 +21,10 @@ tap "pantheon-systems/external"
 tap "reviewdog/tap"
 tap "shivammathur/extensions"
 tap "shivammathur/php"
+tap "snyk/tap"
 tap "tabbyml/tabby"
 tap "teamookla/speedtest"
 tap "xwmx/taps"
-# Mozilla CA certificate store
-brew "ca-certificates"
-# Mozilla CA bundle for Python
-brew "certifi"
-# Cryptography and SSL/TLS Toolkit
-brew "openssl@3"
-# Cryptographic recipes and primitives for Python
-brew "cryptography"
-# YAML Parser
-brew "libyaml"
-# Display directories as trees (with optional color/HTML output)
-brew "tree"
 # Generic-purpose lossless compression algorithm by Google
 brew "brotli"
 # Library and utilities for processing GIFs
@@ -41,6 +35,8 @@ brew "highway"
 brew "imath"
 # JPEG image codec that aids compression and decompression
 brew "jpeg-turbo"
+# Library for manipulating PNG images
+brew "libpng"
 # Zstandard is a real-time compression algorithm
 brew "zstd"
 # New file format for still image compression
@@ -49,6 +45,10 @@ brew "jpeg-xl"
 brew "aom"
 # Apache Portable Runtime library
 brew "apr"
+# Mozilla CA certificate store
+brew "ca-certificates"
+# Cryptography and SSL/TLS Toolkit
+brew "openssl@3"
 # Companion library to apr, the Apache Portable Runtime library
 brew "apr-util"
 # Password hashing library and CLI utility
@@ -69,10 +69,10 @@ brew "autogen"
 brew "automake"
 # GNU internationalization (i18n) and localization (l10n) library
 brew "gettext"
+# Text-based UI library
+brew "ncurses"
 # Bourne-Again SHell, a UNIX command interpreter
 brew "bash"
-# GNU File, Shell, and Text utilities
-brew "coreutils"
 # Parser generator
 brew "bison"
 # Freely available high-quality data compressor
@@ -83,37 +83,27 @@ brew "freetype"
 brew "fontconfig"
 # Core application library for C
 brew "glib"
-# Multi-platform support library with a focus on asynchronous I/O
-brew "libuv"
-# CLI tool for analyzing Claude Code usage from local JSONL files
-brew "ccusage"
-# JSON Schema CLI
-brew "check-jsonschema"
+# Mozilla CA bundle for Python
+brew "certifi"
+# GNU File, Shell, and Text utilities
+brew "coreutils"
+# Cryptographic recipes and primitives for Python
+brew "cryptography"
 # Get a file from an HTTP, HTTPS or FTP server
 brew "curl"
-# Network authentication protocol
-brew "krb5"
 # OpenType text shaping engine
 brew "harfbuzz"
 # OWASP dependency-check
 brew "dependency-check"
 # Lightweight DNS forwarder and DHCP server
 brew "dnsmasq"
+# .NET Core
+brew "dotnet@8", link: true
 # Spellchecker wrapping library
 brew "enchant"
-# Command-line tool to interact with exercism.io
-brew "exercism"
 # Perl lib for reading and writing EXIF metadata
 brew "exiftool"
-# Validating, recursive, caching DNS resolver
-brew "unbound"
-# GNU Transport Layer Security (TLS) Library
-brew "gnutls"
-# Secure hashing function
-brew "libb2"
-# Framework for layout and rendering of i18n text
-brew "pango"
-# Play, record, convert, and stream audio and video
+# Play, record, convert, and stream select audio and video codecs
 brew "ffmpeg"
 # Banner-like program prints strings as ASCII art
 brew "figlet"
@@ -127,17 +117,19 @@ brew "freetds"
 brew "fswatch"
 # Graphics library to dynamically manipulate images
 brew "gd"
+# Conversion library
+brew "libiconv"
 # Distributed revision control system
 brew "git"
-# Enable transparent encryption/decryption of files in a git repo
-brew "git-crypt"
 # Small git utilities
 brew "git-extras"
-# Browse your latest git branches, formatted real fancy
-brew "git-recent"
 # GNU implementation of the famous stream editor
 brew "gnu-sed"
-# GNU Pretty Good Privacy (PGP) package
+# Validating, recursive, caching DNS resolver
+brew "unbound"
+# GNU Transport Layer Security (TLS) Library
+brew "gnutls"
+# GNU Privacy Guard (OpenPGP)
 brew "gnupg"
 # Library access to GnuPG
 brew "gpgme"
@@ -145,6 +137,8 @@ brew "gpgme"
 brew "gpg-tui"
 # Image manipulation
 brew "netpbm"
+# Framework for layout and rendering of i18n text
+brew "pango"
 # Library to render SVG files using Cairo
 brew "librsvg"
 # Graph visualization software from AT&T and Bell Labs
@@ -153,13 +147,15 @@ brew "graphviz"
 brew "grep"
 # Popular GNU data compression program
 brew "gzip"
+# Secure hashing function
+brew "libb2"
 # Improved top (interactive process viewer)
 brew "htop"
 # Portable abstraction of the hierarchical topology of modern architectures
 brew "hwloc"
 # ISO/IEC 23008-12:2017 HEIF file format decoder and encoder
 brew "libheif"
-# Tools and libraries to manipulate images in many formats
+# Tools and libraries to manipulate images in select formats
 brew "imagemagick"
 # Modular IRC client
 brew "irssi"
@@ -167,22 +163,26 @@ brew "irssi"
 brew "jpeg"
 # JSON parser for C
 brew "json-c"
-# Crawling and spidering framework
-brew "katana"
-# Style and grammar checker
-brew "languagetool"
-# Tool to detect/remediate misconfig and security risks of GitHub/GitLab assets
-brew "legitify"
+# Code coverage tester for compiled programs, Python, and shell scripts
+brew "kcov"
+# Network authentication protocol
+brew "krb5"
 # BSD-style licensed readline alternative
 brew "libedit"
-# Conversion library
-brew "libiconv"
+# Postgres C API library
+brew "libpq"
 # Version of the SSL/TLS protocol forked from OpenSSL
 brew "libressl"
+# Multi-platform support library with a focus on asynchronous I/O
+brew "libuv"
 # Linguistic software and Finnish dictionary
 brew "libvoikko"
 # GNOME XML library
 brew "libxml2"
+# YAML Parser
+brew "libyaml"
+# C library for reading, creating, and modifying zip archives
+brew "libzip"
 # Package manager for the Lua programming language
 brew "luarocks"
 # LZMA-based compression program similar to gzip or bzip2
@@ -210,27 +210,33 @@ brew "ossp-uuid"
 # General-purpose scripting language
 brew "php", link: false
 # General-purpose scripting language
+brew "php@8.1"
+# General-purpose scripting language
 brew "php@8.2", link: true
 # General-purpose scripting language
 brew "php@8.3"
+# Execute binaries from Python packages in isolated environments
+brew "pipx"
+# Easily download, build, install, upgrade, and uninstall Python packages
+brew "python-setuptools"
 # Interpreted, interactive, object-oriented programming language
 brew "python@3.11"
+# Interpreted, interactive, object-oriented programming language
+brew "python@3.13"
 # Generate C-based recognizers from regular expressions
 brew "re2c"
-# User interface to the TELNET protocol
-brew "telnet"
 # Send macOS User Notifications from the command-line
 brew "terminal-notifier"
 # Tool which checks for the support of TLS/SSL ciphers and flaws
 brew "testssl"
 # Terminal multiplexer
 brew "tmux"
+# Display directories as trees (with optional color/HTML output)
+brew "tree"
 # Executes a program periodically, showing output fullscreen
 brew "watch"
 # Internet file retriever
 brew "wget"
-# Check your $HOME for unwanted files and directories
-brew "xdg-ninja", args: ["HEAD"]
 # General-purpose lossless data-compression library
 brew "zlib"
 # Watcher for macOS 10.14+ light/dark mode changes
@@ -241,32 +247,50 @@ brew "doron-cohen/tap/antidot"
 brew "gesquive/tap/git-user"
 # Simple hotkey-daemon for macOS.
 brew "koekeishiya/formulae/skhd"
-# Automated code review tool integrated with any code analysis tools regardless of programming language.
-brew "reviewdog/tap/reviewdog"
-# Igbinary PHP extension
-brew "shivammathur/extensions/igbinary@8.3"
+# Imagick PHP extension
+brew "shivammathur/extensions/imagick@8.1"
+# Imagick PHP extension
+brew "shivammathur/extensions/imagick@8.2"
 # Imagick PHP extension
 brew "shivammathur/extensions/imagick@8.3"
+# Imagick PHP extension
+brew "shivammathur/extensions/imagick@8.4"
 # Mcrypt PHP extension
 brew "shivammathur/extensions/mcrypt@8.3"
 # Msgpack PHP extension
 brew "shivammathur/extensions/msgpack@8.3"
 # PCOV PHP extension
+brew "shivammathur/extensions/pcov@8.1"
+# PCOV PHP extension
+brew "shivammathur/extensions/pcov@8.2"
+# PCOV PHP extension
 brew "shivammathur/extensions/pcov@8.3"
 # Redis PHP extension
-brew "shivammathur/extensions/redis@8.3"
+brew "shivammathur/extensions/phpredis@8.3"
 # Uuid PHP extension
 brew "shivammathur/extensions/uuid@8.3"
+# Xdebug PHP extension
+brew "shivammathur/extensions/xdebug@8.1"
+# Xdebug PHP extension
+brew "shivammathur/extensions/xdebug@8.2"
+# Xdebug PHP extension
+brew "shivammathur/extensions/xdebug@8.4"
+# Xdebug PHP extension
+brew "shivammathur/extensions/xdebug@8.5"
 # Yaml PHP extension
 brew "shivammathur/extensions/yaml@8.3"
 # General-purpose scripting language
-brew "shivammathur/php/php-debug"
+brew "shivammathur/php/php-debug", link: false
+# General-purpose scripting language
+brew "shivammathur/php/php@8.1-debug"
 # General-purpose scripting language
 brew "shivammathur/php/php@8.2-debug"
-# Tabby: AI Coding Assistant
-brew "tabbyml/tabby/tabby"
+# General-purpose scripting language
+brew "shivammathur/php/php@8.4"
 # Command-line interface for 1Password
 cask "1password-cli"
+# Semantic code analysis engine
+cask "codeql"
 # Universal database tool and SQL client
 cask "dbeaver-community"
 # Database version management tool
@@ -332,6 +356,8 @@ cask "thonny"
 cask "todoist-app"
 # Configuration application for the Ultimate Hacking Keyboard
 cask "uhk-agent"
+# Google Chromium, sans integration with Google
+cask "ungoogled-chromium"
 # Open-source code editor
 cask "visual-studio-code"
 # Multimedia player
@@ -340,7 +366,7 @@ cask "vlc"
 cask "voikkospellservice"
 # GPU-accelerated cross-platform terminal emulator and multiplexer
 cask "wezterm"
-# Application for generating TOTP and HOTP codes
+# Full-featured companion app to the YubiKey
 cask "yubico-authenticator"
 # Multiplayer code editor
 cask "zed"

config/mise/config.toml

@@ -5,45 +5,50 @@ python = "3"
 go = "latest"
 rust = "stable"
 
-# Pre-built binaries via ubi (fast — no compilation)
-"ubi:sharkdp/fd" = "latest"
-"ubi:BurntSushi/ripgrep" = "latest"
-"ubi:eza-community/eza" = "latest"
-"ubi:ClementTsang/bottom" = "latest"
-"ubi:ajeetdsouza/zoxide" = "latest"
-"ubi:tree-sitter/tree-sitter" = "latest"
-"ubi:neovim/neovim" = "latest" # Neovim editor binary
-"ubi:dandavison/delta" = "latest"
+# Pre-built binaries via aqua registry
+fd = "latest"
+ripgrep = "latest"
+eza = "latest"
+bottom = "latest"
+zoxide = "latest"
+tree-sitter = "latest"
+neovim = "latest" # Neovim editor binary
+delta = "latest"
+difftastic = "latest"
 
-# Cargo-based tools (no pre-built binary available)
-"cargo:bkt" = "latest"
-"cargo:difftastic" = "latest"
-"cargo:tmux-sessionizer" = "latest"
+# GitHub releases (no aqua entry)
+"github:dimo414/bkt" = "latest"
+"github:jrmoulton/tmux-sessionizer" = "latest"
 
-# Go-based tools
-"go:github.com/google/yamlfmt/cmd/yamlfmt" = "latest"
-"go:github.com/cheat/cheat/cmd/cheat" = "latest"
-"go:github.com/charmbracelet/glow" = "latest"
-"go:github.com/junegunn/fzf" = "latest"
-"go:github.com/charmbracelet/gum" = "latest"
+# Go-compiled tools (no registry binary available)
 "go:github.com/joshmedeski/sesh/v2" = "latest"
 "go:github.com/dotzero/git-profile" = "latest"
 
+# Registry shorthands (aqua binaries)
+yamlfmt = "latest"
+cheat = "latest"
+glow = "latest"
+fzf = "latest"
+gum = "latest"
+
 # npm-based tools
-"npm:editorconfig-checker" = "latest"
+editorconfig-checker = "latest"
 "npm:github-release-notes" = "latest"
 "npm:neovim" = "latest" # Node.js client for Neovim's RPC API (required by plugins)
 "npm:corepack" = "latest"
 
 # Python tools (via pipx backend)
-"pipx:ansible" = "latest"
+"pipx:detect-secrets" = "latest"
+"pipx:git-filter-repo" = "latest"
+yamllint = "latest"
+ansible = "latest"
 "pipx:ansible-lint" = "latest"
-"pipx:ruff" = "latest"
+ruff = "latest"
 "pipx:openapi-python-client" = "latest"
+"pipx:python-lsp-server[websockets]" = "latest"
 
 # .NET tools (via dotnet backend)
 "dotnet:coverlet.console" = "latest"
-"dotnet:csharp-ls" = "latest"
 "dotnet:csharpier" = "latest"
 "dotnet:ilspycmd" = "latest"
 "dotnet:dotnet-ef" = "latest"
@@ -56,8 +61,12 @@ checkov = "latest"
 grype = "latest"
 pinact = "latest"
 snyk = "latest"
+cosign = "latest"
+gitleaks = "latest"
+syft = "latest"
 
 # Dev tools (pre-built binaries)
+gitui = "latest"
 lazygit = "latest"
 bat = "latest"
 bats = "latest"
@@ -66,14 +75,21 @@ cmake = "latest"
 gdu = "latest"
 github-cli = "latest"
 jq = "latest"
+hadolint = "latest"
+hugo = "latest"
+just = "latest"
+yq = "latest"
+"github:exercism/cli" = "latest"
+"github:projectdiscovery/katana" = "latest"
+"github:Legit-Labs/legitify" = "latest"
 shellcheck = "latest"
 shfmt = "latest"
 stylua = "latest"
 actionlint = "latest"
 "aqua:mpalmer/action-validator" = "latest"
 oh-my-posh = "latest"
-"ubi:o2sh/onefetch" = "latest"
-"ubi:wakatime/wakatime-cli" = "latest"
+"github:o2sh/onefetch" = "latest"
+"github:wakatime/wakatime-cli" = "latest"
 
 # Terraform (replaces tfenv)
 terraform = "latest"
@@ -103,3 +119,4 @@ lockfile = true
 # Save disk space — don't keep downloaded archives or failed installs
 always_keep_download = false
 always_keep_install = false
+experimental = true

scripts/cleanup-old-version-managers.sh

@@ -133,6 +133,15 @@ if command -v brew &> /dev/null; then
       fi
     fi
   done
+
+  # Clean up orphaned dependencies left after the removals above
+  if [[ "$DRY_RUN" = "--dry-run" ]]; then
+    msgr warn "[DRY RUN] Would run: brew autoremove"
+  else
+    msgr run "Removing orphaned brew dependencies..."
+    brew autoremove
+    msgr run_done "Orphaned dependencies removed"
+  fi
 fi
 
 msgr yay "Cleanup complete! Run 'mise install' to set up tools via mise."

scripts/install-git-crypt.md

@@ -1,12 +0,0 @@
-# install-git-crypt
-
-Installs `git-crypt` for transparent encryption of files in Git repositories.
-
-## Usage
-
-```bash
-scripts/install-git-crypt.sh
-```
-
-After installation you can run `git-crypt init` inside a repository to begin
-encrypting files.

scripts/install-git-crypt.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-# @description Install git-crypt
-#
-# NOTE: Experimental, wip
-#
-# shellcheck source=shared.sh
-source "${DOTFILES}/config/shared.sh"
-
-msgr run "Installing git-crypt"
-
-if ! command -v git-crypt &> /dev/null; then
-  REPO_URL="https://github.com/AGWA/git-crypt.git"
-  CHECK_PATH="${XDG_BIN_HOME}/git-crypt"
-  BUILD_PATH="$(mktemp -d)"
-  trap 'rm -rf "$BUILD_PATH"' EXIT
-
-  if [[ ! -f "$CHECK_PATH" ]]; then
-    git clone --depth 1 "$REPO_URL" "$BUILD_PATH" || {
-      msgr err "Failed to clone $REPO_URL"
-      exit 1
-    }
-    cd "$BUILD_PATH" || {
-      msgr err "$BUILD_PATH not found"
-      exit 1
-    }
-    make && make install PREFIX="$HOME/.local"
-  else
-    msgr run_done "git-crypt ($CHECK_PATH) already installed"
-  fi
-fi
-
-msgr run_done "Done installing git-crypt"