Plan: Mac app setup via Brewfile + toggle TUI + auth helpers

CLAUDE.md

@@ -28,6 +28,7 @@ If you're an AI agent (Claude Code, Codex, etc.) working in this repo, read this
 | Add a new alias | `config/aliases.sh` (or `aliases_<name>.sh` for env-specific) |
 | Add a deploy component | Create `deploy_X()` in `deploy.sh` — see [Adding New Features](#adding-new-features) |
 | Add a custom binary | Drop it in `custom_bins/` (already on PATH); `chmod +x` |
+| Install/manage Mac apps | Add a line to `config/apps.conf` → run `app-picker` (gum TUI) → `brew bundle --file=config/Brewfile`. Official casks + `mas` only, **no third-party taps**. Then `scripts/setup/auth-setup` |
 | Add an encrypted secret | `secrets-edit` (interactive dotenv editor) |
 | Run an experiment with resource caps | `jexp uv run python -m ...` (Linux: needs pueue + systemd user session) |
 | Commit / commit + push + PR | `/commit` skill or `/commit-push-sync` |

README.md

@@ -86,7 +86,7 @@ For cloud environments (RunPod, Hetzner, Lambda Labs, etc):
 - [AI Assistants](#ai-assistants)
   - [Claude Code](#claude-code-primary-ai-assistant)
   - [Codex CLI](#codex-cli-openai)
-  - [Gemini CLI](#gemini-cli-google)
+  - [Antigravity CLI + OpenCode](#antigravity-cli-google--opencode)
 - [Terminal & Shell](#terminal--shell)
   - [Ghostty](#ghostty-terminal-emulator)
   - [Powerlevel10k Prompt](#powerlevel10k-prompt)
@@ -273,22 +273,22 @@ claude-tools context --list             # Show active plugins and available prof
 
 The configuration follows the same research discipline as Claude Code but adapted for Codex's execution model.
 
-### Gemini CLI (Google)
+### Antigravity CLI (Google) + OpenCode
 
-[Gemini CLI](https://github.com/google-gemini/gemini-cli) can sync with Claude Code configurations:
+Gemini CLI was retired by Google on **2026-06-18**; [Antigravity CLI](https://antigravity.google/docs/cli-features) (`agy`) is its official successor. [OpenCode](https://opencode.ai) is installed alongside as a model-agnostic OSS option. Both are installed by the `ai-tools` component.
+
+Antigravity CLI can sync with Claude Code skills:
 
 ```bash
-./scripts/sync_claude_to_gemini.sh  # Syncs skills/agents/permissions
+./scripts/sync_claude_to_antigravity.sh  # Symlinks Claude skills into agy
 ```
 
 **What it does:**
 
-- Symlinks Claude Code skills to `~/.gemini/skills/`
-- Converts Claude agents to Gemini skill format
-- Syncs permissions from `.claude/settings.json` to Gemini policies
-- Creates `GEMINI.md` pointer to CLAUDE.md
+- Symlinks Claude Code skills to `~/.gemini/antigravity-cli/skills/`
+- Project instructions come from `AGENTS.md` (Antigravity reads it natively)
 
-**Note:** Gemini CLI uses a different skills format. The sync script adapts Claude's configuration but some features may not translate directly.
+**Note:** Antigravity CLI is closed-source and brand-new; its skills/permissions schema differs from Claude's. The skills sync is adapted but untested end-to-end — permission sync is not yet ported (see the script header).
 
 ## Terminal & Shell
 

claude/hooks/auto_commit_worker.sh

@@ -63,7 +63,7 @@ fi
 : "${AUTO_AGENT_APPROVAL_FILE:=$HOME/.claude/flags/auto-agent-approved-until}"
 : "${AUTO_AGENT_STATE_DIR:=$HOME/.claude/state}"
 : "${AUTO_AGENT_LOG_DIR:=$HOME/.claude/logs/auto-commit}"
-: "${AUTO_COMMIT_BACKEND_ORDER:=codex,gemini}"
+: "${AUTO_COMMIT_BACKEND_ORDER:=codex,opencode}"
 : "${AUTO_COMMIT_ENABLE_CLAUDE_FALLBACK:=0}"
 : "${AUTO_COMMIT_DRY_RUN:=0}"
 : "${AUTO_AGENT_EXCLUDE_REGEX:=^\\.claude/worktrees/}"
@@ -246,10 +246,9 @@ run_backend() {
       command -v codex >/dev/null 2>&1 || return 1
       run_with_timeout 240 codex -a never -s workspace-write exec --cd "$REPO_ROOT" --skip-git-repo-check "$prompt" >> "$log_file" 2>&1
       ;;
-    gemini)
-      command -v gemini >/dev/null 2>&1 || return 1
-      run_with_timeout 240 gemini \
-        -p "$prompt" --approval-mode yolo --output-format text >> "$log_file" 2>&1
+    opencode)
+      command -v opencode >/dev/null 2>&1 || return 1
+      run_with_timeout 240 opencode run "$prompt" >> "$log_file" 2>&1
       ;;
     claude)
       [[ "${AUTO_COMMIT_ENABLE_CLAUDE_FALLBACK:-0}" == "1" ]] || return 1

claude/rules/supply-chain-security.md

@@ -50,6 +50,50 @@ All package managers are configured with a **7-day quarantine** (`min-release-ag
 - Skip hash verification for production Python dependencies
 - Bypass min-release-age quarantine without explicit user approval
 
+## Tool Selection: Security Floor, then Adoption (two-gate)
+
+When choosing between tools, apply two gates in order:
+
+1. **Hard security floor (non-negotiable):** official core formula / cask / Mac App Store
+   only; **no third-party taps** without approval; notarization + quarantine on for casks;
+   `min-release-age` for language packages. A tool that fails the floor is out regardless
+   of popularity.
+2. **Among options that clear the floor, prefer the more *modern / adopted* one** — GitHub
+   stars, monthly actives, release cadence, and HN/Reddit consensus. Higher adoption is
+   *also* a security positive (more eyes → faster CVE discovery), so this complements the
+   floor rather than fighting it. Don't default to a stale "boring" tool when a
+   well-adopted modern one clears the same floor.
+
+**Residual-risk case:** a tool that is *young AND single-maintainer AND not-yet-widely-
+adopted* (e.g. FineTune). High stars only partially offset bus-factor risk — such tools may
+be *added* but ship **default-OFF** (conscious opt-in), never auto-on.
+
+## GUI Apps & Brewfile (macOS)
+
+Apps live in `config/apps.conf` (registry) → `config/Brewfile` (generated by `app-picker`).
+
+- **Homebrew official casks + Mac App Store (`mas`) ONLY.** NEVER add a third-party tap
+  to `apps.conf`, install.sh, or a Brewfile without explicit user approval.
+- **Prefer `mas`** (sandboxed, Apple-reviewed) when an app ships full-featured on the
+  App Store — highest trust tier ("MAS-first"). Use a cask when MAS is crippled/absent.
+- Before adding any app: run `brew info <cask>` / `mas info <id>`, verify vendor + homepage.
+- **Never `--no-quarantine`.** Gatekeeper + notarization must stay enabled; that's the
+  defense against malicious casks (brew also verifies a pinned sha256 on download).
+- Tier in `apps.conf`: 1 = official vendor auto-approve · 2 = mature OSS (review) ·
+  3 = explicit approval (ships `default=false`).
+
+## curl|bash Installers
+
+Official-page `curl … | sh` gives **authenticity** (HTTPS proves the domain) but NOT
+**integrity** (runs whatever's live, unpinned, unreviewed). Prefer, best→worst:
+1. Official Homebrew **formula** if one exists (`uv`, `rustup-init`, `bun`) — vendor's
+   artifact + sha pin + reviewed PR + reproducible.
+2. No formula → `curl -o` a versioned URL and **verify the vendor checksum/signature**.
+3. Blind `curl … | sh` only as last resort, HTTPS-to-official-domain only.
+
+Eyeballing the script ("glance at it") is a smell test for gross tampering, NOT an
+integrity control — don't treat it as a safeguard.
+
 ## Secrets Awareness
 
 - API keys are scoped per-project via direnv `.envrc`, NOT globally exported

config.sh

@@ -33,12 +33,12 @@ INSTALL_REGISTRY=(
     "core|Core packages, CLI tools, gh, SOPS/age, uv|all|true"
     "zsh|ZSH + oh-my-zsh + powerlevel10k theme|all|true"
     "tmux|Terminal multiplexer|all|true"
-    "ai-tools|Claude Code, Gemini CLI, Codex CLI|all|true"
+    "ai-tools|Claude Code, Codex CLI, OpenCode, Antigravity CLI|all|true"
     "extras|hyperfine, gitui, code2prompt, terminal-notifier|all|true"
     "cleanup|Automatic cleanup (macOS only)|all|true"
-    "experimental|ty type checker, zerobrew|all|true"
+    "experimental|ty type checker, zotero MCP|all|true"
     "macos-settings|macOS system defaults (Dock, Finder, keyboard)|macos|true"
-    "finicky|Finicky browser routing|macos|true"
+    "apps|GUI + App Store apps via Brewfile (picker TUI)|macos|true"
     "docker|Docker engine + compose|linux|true"
     "pueue|Pueue job scheduler + pueued daemon|linux|true"
     "create-user|Create non-root dev user|linux|true"
@@ -64,7 +64,7 @@ DEPLOY_REGISTRY=(
     "dep-audit|Weekly dependency audit (supply chain defense)|all|true"
     "cleanup|Auto-cleanup Downloads/Screenshots (macOS)|all|true"
     "claude-cleanup|Remove idle Claude sessions after 24h|all|true"
-    "ai-update|Daily auto-update: Claude, Gemini, Codex|all|true"
+    "ai-update|Daily auto-update: Claude, Codex, OpenCode|all|true"
     "mcp-sync|Daily shared MCP sync for Claude and Codex|all|true"
     "brew-update|Weekly package upgrade + cleanup|all|true"
     "claude-tools|Build claude-tools Rust binary|all|true"
@@ -229,7 +229,7 @@ apply_profile() {
             INSTALL_DOCKER=false
             INSTALL_EXTRAS=false
             INSTALL_MACOS_SETTINGS=false
-            INSTALL_FINICKY=false
+            INSTALL_APPS=false
             DEPLOY_EDITOR=false
             DEPLOY_SERENA=false
             DEPLOY_GHOSTTY=false

config/Brewfile

@@ -0,0 +1,43 @@
+# Brewfile — GENERATED by app-picker from config/apps.conf. Do not edit by hand.
+# Regenerate: app-picker   (or app-picker --defaults)
+# Install:    brew bundle --file=config/Brewfile
+# Policy: official casks + Mac App Store only; never --no-quarantine.
+
+# mas-cli drives Mac App Store installs (must be signed into the App Store).
+brew "mas"
+
+# ── Casks (official Homebrew casks) ──
+cask "aldente"
+cask "alfred"
+cask "antigravity"
+cask "appcleaner"
+cask "beardedspice"
+cask "chatgpt"
+cask "claude"
+cask "cleanshot"
+cask "cursor"
+cask "dropbox"
+cask "finicky"
+cask "ghostty"
+cask "granola"
+cask "keyboardcleantool"
+cask "mouseless"
+cask "nordvpn"
+cask "notion"
+cask "popclip"
+cask "readdle-spark"
+cask "slack"
+cask "spotify"
+cask "stats"
+cask "super-productivity"
+cask "tailscale-app"
+cask "voiceink"
+cask "zed"
+
+# ── Mac App Store (sandboxed, Apple-reviewed) ──
+mas "2FAS Auth Browser Extension", id: 6443941139
+mas "Bear", id: 1091189122
+mas "Bitwarden", id: 1352778147
+mas "Things 3", id: 904280696
+mas "Userscripts", id: 1463298887
+mas "uBlock Origin Lite", id: 6745342698

config/ai_automation.sh

@@ -35,7 +35,7 @@
 
 # Auto-commit policy
 # Keep Claude fallback opt-in because it is usually the most expensive backend.
-: "${AUTO_COMMIT_BACKEND_ORDER:=codex,gemini}"
+: "${AUTO_COMMIT_BACKEND_ORDER:=codex,opencode}"
 : "${AUTO_COMMIT_ENABLE_CLAUDE_FALLBACK:=0}"
 : "${AUTO_COMMIT_DRY_RUN:=0}"
 : "${AUTO_COMMIT_USE_ASYNC:=1}"

config/aliases.sh

@@ -1215,7 +1215,7 @@ fi
 # AI CLI Tools
 # -------------------------------------------------------------------
 # Health check for all AI CLI tools
-alias ai-check='echo "Checking AI CLI tools..." && claude --version 2>/dev/null && gemini --version 2>/dev/null && codex --version 2>/dev/null'
+alias ai-check='echo "Checking AI CLI tools..." && claude --version 2>/dev/null && codex --version 2>/dev/null && opencode --version 2>/dev/null'
 
 # Log sandbox denials for a command (macOS/Linux)
 codex-denials() {
@@ -1322,21 +1322,6 @@ alias ai-update='update-ai-tools'
 # Detects: brew (macOS), apt/dnf/pacman (Linux)
 alias pkg-update='update-packages'
 
-# zerobrew: faster Homebrew client (use zb for interactive installs, brew for scripts)
-# `zb install` falls back to `brew install` on failure (zerobrew doesn't handle casks)
-if command -v zb &>/dev/null; then
-    zb() {
-        if [[ "$1" == "install" ]]; then
-            shift
-            command zb install "$@" || { echo "→ zb failed, falling back to brew install" >&2; brew install "$@"; }
-        else
-            command zb "$@"
-        fi
-    }
-    alias zbi='zb install'
-    alias zbu='zb uninstall'
-fi
-
 # Auto-agent guard controls
 alias auto-guard='auto-agent-guardctl status'
 alias auto-approve='auto-agent-guardctl approve'