Plan: Mac app setup via Brewfile + toggle TUI + auth helpers#4
Closed
yulonglin wants to merge 13 commits into
Closed
Plan: Mac app setup via Brewfile + toggle TUI + auth helpers#4yulonglin wants to merge 13 commits into
yulonglin wants to merge 13 commits into
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
🤖 Hi @yulonglin, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
…rrection - Prefer Mac App Store > vendor download > cask (sandbox/least-privilege), cask only when unsandboxed system access needed or not on MAS - Antivirus: recommend Malwarebytes for personal use, skip heavy Trellix EDR, never run two real-time engines - Correct Bitwarden: cask exists for desktop; MAS only needed for Safari ext - Prune list finalized: zerobrew + Coven/tap only https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
|
🤖 I'm sorry @yulonglin, but I was unable to process your request. Please see the logs for more details. |
- Install integrity vs runtime defense (Gatekeeper, sha256, XProtect already cover) - Enforce quarantine policy (no --no-quarantine) - spctl/codesign signature-verify step in auth-setup - LuLu optional outbound firewall (default OFF) - Harden curl|bash: prefer brew formula, else fetch-verify-run https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
- config/apps.conf: single-source registry (method|id|category|tier|default|name|desc|auth) for 34 GUI/App Store apps; official casks + mas only, no third-party taps - custom_bins/app-picker: gum toggle TUI reads apps.conf, generates config/Brewfile (brew/cask/mas sections); --defaults/--dry-run for non-interactive use - config/Brewfile: generated default selection (32 apps) - scripts/setup/auth-setup: post-install login checklist + spctl/codesign signature+notarization audit; App Store sign-in caveat documented
- install.sh: new --apps block (macOS) — bootstrap gum, run app-picker, brew bundle config/Brewfile; folds in Finicky. Points to auth-setup afterward. - config.sh: add 'apps' to INSTALL_REGISTRY (replaces standalone 'finicky' install component); drop INSTALL_FINICKY from server profile - Prune zerobrew (P1): remove install block, zb alias wrapper, experimental.yaml entry - Prune Coven + Crazytieguy/tap (P3): third-party tap violates no-new-taps policy (alignment-hive plugin marketplace left intact — separate, not a brew tap) - Harden uv install: prefer official brew formula on macOS over curl|bash (sha-pinned)
…UDE.md - supply-chain-security.md: GUI apps & Brewfile section (casks+mas only, no taps, MAS-first, never --no-quarantine, brew info before adding); curl|bash hardening (prefer formula > verify checksum > blind pipe; glance != integrity control) - CLAUDE.md: 'Install/manage Mac apps' quick-reference row
… add FineTune; cull iTerm Gemini CLI consumer access ends 2026-06-18; Google's official successor is Antigravity CLI (agy). Wire both the official successor and OpenCode (OSS, multi-provider) into the ai-tools component. - helpers.sh: install_gemini_cli → install_opencode (core formula) + install_antigravity_cli (cask antigravity-cli; Linux = manual per curl|bash policy) - install.sh / config.sh / update-ai-tools / ai-check: swap Gemini → OpenCode + Antigravity - auto_commit_worker + ai_automation: backend order codex,gemini → codex,opencode - scripts: sync_claude_to_gemini.sh → sync_claude_to_antigravity.sh (skills → ~/.gemini/antigravity-cli/skills; AGENTS.md; permission sync flagged untested) - apps.conf: add FineTune (audio, OSS, default-OFF per young/single-maintainer rule) - supply-chain-security.md: add two-gate modernity/adoption selection rule - cull iTerm leftovers (itermcolors); remove GEMINI.md + gemini/ - README: Gemini CLI section → Antigravity CLI + OpenCode https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
…ce switching Core formula, OSS, no driver. Complements FineTune (per-app mixer) by handling system default input/output device switching, which FineTune's per-app URL schemes don't cover. Default OFF. https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
- install.sh/helpers.sh: factor install_rust_toolchain() — prefer official brew
'rustup' formula on macOS over curl|bash (mirrors uv hardening), keep TLS-pinned
rustup installer as Linux/no-brew fallback. Both rustup call sites now consistent.
- update-ai-tools/setup_ai_update.sh: add update_antigravity (brew --cask
antigravity-cli on macOS, skip on Linux manual install). Closes the Gemini->
Antigravity migration gap in the daily AI-tools updater.
- sync_claude_to_antigravity.sh: port the permission sync — map Claude
permissions.{allow,deny,ask} to Antigravity action(target) rules, merge
idempotently into ~/.gemini/antigravity-cli/settings.json. Uncertain mappings
(web/mcp actions, glob-vs-exact) routed to a sidecar + TODO, not guessed.
Mac-only verification still pending: brew formula/cask names, agy permission load,
glob semantics.
https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
- macos_settings.sh: keep Dock tweaks (autohide, instant-show, tilesize 48); revert the menu-bar clock reformat (minimal menu bar by preference). - config/login_items.conf: curated menu-bar apps to seed at login (Stats, FineTune, Tailscale, NordVPN). - scripts/setup/setup-login-items: additive/bootstrap-once helper. Adds a curated app as a login item only if missing AND not previously added (state file at ~/.config/dotfiles/login-items.bootstrapped); never removes, never re-adds what you removed manually, never runs on deploy. System Settings stays your daily driver. --list/--force/--reset-state supported. - auth-setup: surface setup-login-items in the post-install checklist. https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
- BLOCKER: 'local status' aborted --list mode — 'status' is a zsh read-only special var (alias for $?). Renamed to 'st'. (zsh -n can't catch this; it's a runtime, not parse, error — verified the old form dies with 'read-only variable'.) - SHOULD-FIX: whitespace trim only stripped a single leading/trailing space and missed tabs. Use extendedglob [[:space:]]## runs. Verified spaces+tabs trimmed. - Note the comma-in-display-name assumption in current_login_items. https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
This was referenced Jun 17, 2026
Owner
Author
|
Superseded by a 2-way split, rebased onto current
Together they reconstruct this PR exactly (verified file-by-file), minus one cosmetic divergence (the ai-tools-block rust call stays inline instead of using the new 🤖 Generated with Claude Code |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the implementation plan for one-command new-Mac app setup (no code yet — planning artifact pending approval).
The approach:
config/apps.confregistry (method · id · category · trust-tier · default · description · auth) → generates a committedconfig/Brewfile(casks +masApp Store apps + formulae).gumtoggle TUI (app-picker) bootstrapped right after Homebrew — browse descriptions, toggle apps, emit the Brewfile.scripts/setup/auth-setupinteractive post-install login/setup checklist.brew infobefore adding.Resolved decisions
experimentalcomponent stay.--previewas drop-in alt).Full detail + verified app→cask/mas table in
plans/2026-06-16-mac-app-setup-brewfile.md.🤖 Draft — implementation to follow on plan approval.
https://claude.ai/code/session_01SfjhAKQcQMoRvQRqh7QQTg
Generated by Claude Code