+80 -84

.devcontainer/entry.fish

reviewed

··· 504 504 log_step "PHASE 6: SSL certificates" 505 505 ensure_ssl_dev_certs 506 506 507 507 - log_step "PHASE 7: GitHub authentication" 508 508 - # Login to Github - use GH_TOKEN from vault if available 509 509 - set -l gh_authenticated 1 510 510 - if not gh auth status >/dev/null 2>&1 511 511 - if test -n "$GH_TOKEN" 512 512 - log_info "Authenticating to GitHub using GH_TOKEN..." 513 513 - echo $GH_TOKEN | gh auth login --with-token 514 514 - if gh auth status >/dev/null 2>&1 515 515 - log_ok "GitHub authentication successful" 516 516 - else 517 517 - log_error "GitHub authentication failed" 518 518 - log_warn "Continuing without GitHub auth; vault/git operations may be limited." 519 519 - set gh_authenticated 0 520 520 - end 521 521 - else 522 522 - log_warn "Not logged into GitHub and no GH_TOKEN available." 523 523 - log_warn "Continuing startup without GitHub auth." 524 524 - set gh_authenticated 0 525 525 - end 526 526 - else 527 527 - log_ok "Already authenticated to GitHub" 528 528 - end 507 507 + log_step "PHASE 7: GitHub authentication" 508 508 + # Login to Github - use GH_TOKEN from vault if available 509 509 + set -l gh_authenticated 1 510 510 + if not gh auth status >/dev/null 2>&1 511 511 + if test -n "$GH_TOKEN" 512 512 + log_info "Authenticating to GitHub using GH_TOKEN..." 513 513 + echo $GH_TOKEN | gh auth login --with-token 514 514 + if gh auth status >/dev/null 2>&1 515 515 + log_ok "GitHub authentication successful" 516 516 + else 517 517 + log_error "GitHub authentication failed" 518 518 + log_warn "Continuing without GitHub auth; vault/git operations may be limited." 519 519 + set gh_authenticated 0 520 520 + end 521 521 + else 522 522 + log_warn "Not logged into GitHub and no GH_TOKEN available." 523 523 + log_warn "Continuing startup without GitHub auth." 524 524 + set gh_authenticated 0 525 525 + end 526 526 + else 527 527 + log_ok "Already authenticated to GitHub" 528 528 + end 529 529 530 530 log_step "PHASE 8: Git configuration" 531 531 if test -n "$GIT_USER_EMAIL" ··· 544 544 # Set rebase as default for pull operations. 545 545 git config --global pull.rebase true 546 546 547 547 - # Disable GPG signing to prevent commit issues in dev environment 548 548 - git config --global commit.gpgsign false 549 549 - 550 550 - # Make sure git is setup and authorized for making commits via `gh`. 551 551 - if test $gh_authenticated -eq 1 552 552 - gh auth setup-git 553 553 - else 554 554 - log_warn "Skipping 'gh auth setup-git' because GitHub auth is unavailable." 555 555 - end 547 547 + # Disable GPG signing to prevent commit issues in dev environment 548 548 + git config --global commit.gpgsign false 549 549 + 550 550 + # Make sure git is setup and authorized for making commits via `gh`. 551 551 + if test $gh_authenticated -eq 1 552 552 + gh auth setup-git 553 553 + else 554 554 + log_warn "Skipping 'gh auth setup-git' because GitHub auth is unavailable." 555 555 + end 556 556 557 557 # Ensure GPG signing is disabled at both global and local levels (GitHub CLI might re-enable it) 558 558 git config --global commit.gpgsign false ··· 673 673 log_ok "Fixed permissions for /home/me/.ssh" 674 674 end 675 675 676 676 - # Fix Copilot CLI directory permissions (volume mount may have root ownership) 677 677 - if test -d /home/me/.copilot 678 678 - sudo chown -R me:me /home/me/.copilot 2>/dev/null 679 679 - sudo chmod 700 /home/me/.copilot 2>/dev/null 676 676 + # Fix Copilot CLI directory permissions (volume mount may have root ownership) 677 677 + if test -d /home/me/.copilot 678 678 + sudo chown -R me:me /home/me/.copilot 2>/dev/null 679 679 + sudo chmod 700 /home/me/.copilot 2>/dev/null 680 680 # Ensure pkg directory exists and is writable for package extraction 681 681 mkdir -p /home/me/.copilot/pkg 2>/dev/null 682 682 chmod 755 /home/me/.copilot/pkg 2>/dev/null 683 683 - sudo chmod 600 /home/me/.copilot/config.json 2>/dev/null 684 684 - echo "✅ Fixed permissions for /home/me/.copilot (Copilot CLI config)" 685 685 - end 686 686 - 687 687 - # Fix Claude/Codex config directory permissions after bind mounts are attached. 688 688 - # On Linux hosts, these mounts keep host ownership, so UID remapping is the main 689 689 - # fix; this container-side pass normalizes modes when ownership is already writable. 690 690 - for dir in /home/me/.claude /home/me/.codex 691 691 - if test -d $dir 692 692 - sudo chown -R me:me $dir 2>/dev/null 693 693 - chmod 700 $dir 2>/dev/null 694 694 - find $dir -type d -exec chmod 700 {} + 2>/dev/null 695 695 - find $dir -type f -exec chmod 600 {} + 2>/dev/null 696 696 - echo "✅ Fixed permissions for $dir" 697 697 - end 698 698 - end 699 699 - 700 700 - if test -f /home/me/.claude.json 701 701 - sudo chown me:me /home/me/.claude.json 2>/dev/null 702 702 - chmod 600 /home/me/.claude.json 2>/dev/null 703 703 - echo "✅ Fixed permissions for /home/me/.claude.json" 704 704 - end 705 705 - 706 706 - # Fix VS Code extension SecretStorage persistence paths. 707 707 - for dir in /home/me/.config/Code/User/globalStorage /home/me/.config/Code/User/workspaceStorage 708 708 - if test -d $dir 709 709 - sudo chown -R me:me $dir 2>/dev/null 710 710 - find $dir -type d -exec chmod 700 {} + 2>/dev/null 711 711 - find $dir -type f -exec chmod 600 {} + 2>/dev/null 712 712 - echo "✅ Fixed permissions for $dir" 713 713 - end 714 714 - end 715 715 - 716 716 - if test -d /home/me/.local/share/keyrings 717 717 - sudo chown -R me:me /home/me/.local/share/keyrings 2>/dev/null 718 718 - chmod 700 /home/me/.local/share/keyrings 2>/dev/null 719 719 - find /home/me/.local/share/keyrings -type f -exec chmod 600 {} + 2>/dev/null 720 720 - echo "✅ Fixed permissions for /home/me/.local/share/keyrings" 721 721 - end 722 722 - 723 723 - # --- GPG agent: cache passphrase for the entire container lifetime --- 724 724 - mkdir -p /home/me/.gnupg 2>/dev/null 725 725 - chmod 700 /home/me/.gnupg 683 683 + sudo chmod 600 /home/me/.copilot/config.json 2>/dev/null 684 684 + echo "✅ Fixed permissions for /home/me/.copilot (Copilot CLI config)" 685 685 + end 686 686 + 687 687 + # Fix Claude/Codex config directory permissions after bind mounts are attached. 688 688 + # On Linux hosts, these mounts keep host ownership, so UID remapping is the main 689 689 + # fix; this container-side pass normalizes modes when ownership is already writable. 690 690 + for dir in /home/me/.claude /home/me/.codex 691 691 + if test -d $dir 692 692 + sudo chown -R me:me $dir 2>/dev/null 693 693 + chmod 700 $dir 2>/dev/null 694 694 + find $dir -type d -exec chmod 700 {} + 2>/dev/null 695 695 + find $dir -type f -exec chmod 600 {} + 2>/dev/null 696 696 + echo "✅ Fixed permissions for $dir" 697 697 + end 698 698 + end 699 699 + 700 700 + if test -f /home/me/.claude.json 701 701 + sudo chown me:me /home/me/.claude.json 2>/dev/null 702 702 + chmod 600 /home/me/.claude.json 2>/dev/null 703 703 + echo "✅ Fixed permissions for /home/me/.claude.json" 704 704 + end 705 705 + 706 706 + # Fix VS Code extension SecretStorage persistence paths. 707 707 + for dir in /home/me/.config/Code/User/globalStorage /home/me/.config/Code/User/workspaceStorage 708 708 + if test -d $dir 709 709 + sudo chown -R me:me $dir 2>/dev/null 710 710 + find $dir -type d -exec chmod 700 {} + 2>/dev/null 711 711 + find $dir -type f -exec chmod 600 {} + 2>/dev/null 712 712 + echo "✅ Fixed permissions for $dir" 713 713 + end 714 714 + end 715 715 + 716 716 + if test -d /home/me/.local/share/keyrings 717 717 + sudo chown -R me:me /home/me/.local/share/keyrings 2>/dev/null 718 718 + chmod 700 /home/me/.local/share/keyrings 2>/dev/null 719 719 + find /home/me/.local/share/keyrings -type f -exec chmod 600 {} + 2>/dev/null 720 720 + echo "✅ Fixed permissions for /home/me/.local/share/keyrings" 721 721 + end 722 722 + 723 723 + # --- GPG agent: cache passphrase for the entire container lifetime --- 724 724 + mkdir -p /home/me/.gnupg 2>/dev/null 725 725 + chmod 700 /home/me/.gnupg 726 726 printf "allow-loopback-pinentry\npinentry-program /usr/sbin/pinentry-curses\ndefault-cache-ttl 999999\nmax-cache-ttl 999999\n" > /home/me/.gnupg/gpg-agent.conf 727 727 gpgconf --reload gpg-agent 2>/dev/null 728 728 log_ok "GPG agent configured (passphrase cached for container lifetime)" 729 729 730 730 - if not test -d /home/me/aesthetic-computer/aesthetic-computer-code 731 731 - gh repo clone whistlegraph/aesthetic-computer-code /home/me/aesthetic-computer/aesthetic-computer-code 732 732 - else 733 733 - cd /home/me/aesthetic-computer/aesthetic-computer-vault 734 734 - git pull 735 735 - end 730 730 + cd /home/me/aesthetic-computer/aesthetic-computer-vault 731 731 + git pull 736 732 737 733 # Function to check and install npm dependencies in a directory 738 734 set -g NODE_DEPS_CHECK_SCRIPT /workspaces/aesthetic-computer/.devcontainer/scripts/check-node-deps.mjs

-3

.gitignore

reviewed

··· 71 71 72 72 # any instance of the aesthetic-computer-vault repository 73 73 aesthetic-computer-vault/ 74 74 - # any instance of the aesthetic-computer-code repository 75 75 - aesthetic-computer-code/ 76 76 - 77 74 # Local clones of external repos 78 75 feral-file/ 79 76 modes/

-1

.vscode/settings.json

reviewed

··· 42 42 "**/.emacs.d": true, 43 43 "**/.netlify": true, 44 44 "**/.vscode-test-web/**": true, 45 45 - "**/aesthetic-computer-code/**": false, 46 45 "**/aesthetic-computer-vault/**": false, 47 46 "**/ac-event-daemon/target/**": true, 48 47 "**/ac-event-daemon/Cargo.lock": true,