From 1745781f6189e9b34dad22e714d27dfaefea10ee Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 29 Nov 2025 16:59:31 +0000 Subject: [PATCH 1/2] feat: Add native Windows support and standardize vault terminology MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit High Priority Fixes: - Add MINGW/MSYS/Cygwin detection to install.sh (native Windows support) - Create bootstrap-windows.sh for Git Bash/MSYS2 environments - Add Windows shell handling to 00-init.zsh (paths, clipboard, aliases) - Rename sync-to-bitwarden.sh to sync-to-vault.sh (backend-agnostic) - Update all help text from "Bitwarden" to generic "vault" - Fix doctor line count: 573 → 446 lines Documentation Consistency: - Update README.md and docs/README.md with Windows platform support - Update vault references to use 'dotfiles vault sync' command - Update all script references and architecture docs - Add Windows (Git Bash/MSYS2) to platform support tables - Update multi-vault terminology throughout docs Files changed: - install.sh: Add MINGW/MSYS/Cygwin case - bootstrap/bootstrap-windows.sh: New Windows bootstrap script - zsh/zsh.d/00-init.zsh: Windows shell environment - zsh/zsh.d/40-aliases.zsh: Generic vault help text - vault/sync-to-vault.sh: Renamed from sync-to-bitwarden.sh - Multiple docs: Consistent vault terminology --- .github/workflows/test.yml | 2 +- CLAUDE.md | 2 +- CONTRIBUTING.md | 4 +- README.md | 73 ++++----- bootstrap/bootstrap-windows.sh | 140 ++++++++++++++++++ docs/CONTRIBUTING.md | 4 +- docs/README-FULL.md | 2 +- docs/README.md | 24 +-- docs/architecture.md | 2 +- docs/vault-README.md | 4 +- install.sh | 4 + vault/README.md | 16 +- vault/create-vault-item.sh | 2 +- ...{sync-to-bitwarden.sh => sync-to-vault.sh} | 8 +- vault/validate-schema.sh | 6 +- zsh/zsh.d/00-init.zsh | 27 ++++ zsh/zsh.d/40-aliases.zsh | 20 +-- 17 files changed, 260 insertions(+), 80 deletions(-) create mode 100755 bootstrap/bootstrap-windows.sh rename vault/{sync-to-bitwarden.sh => sync-to-vault.sh} (95%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2d3d8c3c..a7e0bc6e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -79,7 +79,7 @@ jobs: vault/restore-env.sh vault/restore-git.sh vault/restore-ssh.sh - vault/sync-to-bitwarden.sh + vault/sync-to-vault.sh ) ERRORS=0 diff --git a/CLAUDE.md b/CLAUDE.md index b4bc147f..e961f1e4 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -126,7 +126,7 @@ These run automatically on `git commit`. ├── vault/ # Multi-vault integration (Bitwarden, 1Password, pass) │ ├── _common.sh # Single source of truth (IMPORTANT!) │ ├── restore-*.sh # Restore scripts for each category -│ └── sync-to-bitwarden.sh +│ └── sync-to-vault.sh ├── zsh/ # Shell configuration │ └── zsh.d/ # Modular zsh config (10 files) ├── macos/ # macOS-specific configs diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index df8309a6..1e0639a2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -151,7 +151,7 @@ cd vault ./restore-ssh.sh --help # Test with dry-run mode (where available) -./sync-to-bitwarden.sh --dry-run SSH-Config +dotfiles vault sync --dry-run SSH-Config ``` ### Integration Testing @@ -369,7 +369,7 @@ export BW_SESSION="$(bw unlock --raw)" # Test vault operations (use test account!) ./vault/check-vault-items.sh -v -./vault/sync-to-bitwarden.sh --dry-run SSH-Config +dotfiles vault sync --dry-run SSH-Config ``` ### Debugging diff --git a/README.md b/README.md index a80504c1..236fdd5f 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ | Capability | This Repo | Typical Dotfiles | |----------------------|-----------------------------------------------|----------------------------------| | **Secrets management** | Multi-vault (Bitwarden, 1Password, pass) | Manual copy between machines | -| **Health validation** | 573-line checker with `--fix` | None | +| **Health validation** | 446-line checker with `--fix` | None | | **Drift detection** | Compare local vs vault state | None | | **Schema validation** | Validates SSH keys & config structure | None | | **Unit tests** | 80+ bats-core tests | Rare | @@ -63,7 +63,7 @@ | **Bidirectional Sync** | ✅ Local ↔ Vault | ❌ | ❌ | ❌ | ❌ | | **Cross-Platform** | ✅ macOS, Linux, Windows, WSL2, Docker | ⚠️ Limited | ⚠️ macOS only | ⚠️ macOS only | ⚠️ Limited | | **Claude Code Sessions** | ✅ Portable via `/workspace` | ❌ | ❌ | ❌ | ❌ | -| **Health Checks** | ✅ 573 lines + auto-fix | ❌ | ❌ | ❌ | ❌ | +| **Health Checks** | ✅ 446 lines + auto-fix | ❌ | ❌ | ❌ | ❌ | | **Drift Detection** | ✅ Local vs Vault | ❌ | ❌ | ❌ | ❌ | | **Schema Validation** | ✅ SSH keys, configs | ❌ | ❌ | ❌ | ❌ | | **Unit Tests** | ✅ 80+ bats tests | ❌ | ❌ | ❌ | ❌ | @@ -112,7 +112,7 @@ 1. **Only dotfiles with multi-vault backend support** - Bitwarden, 1Password, or pass with unified API 2. **Only dotfiles with Claude Code session portability** - `/workspace` symlink + auto-redirect -3. **Only dotfiles with comprehensive health checks** - 573-line validator with auto-fix +3. **Only dotfiles with comprehensive health checks** - 446-line validator with auto-fix 4. **Only dotfiles with drift detection** - Compare local vs vault state 5. **Only dotfiles with schema validation** - Ensures SSH keys/configs are valid before restore 6. **Only dotfiles with Docker bootstrap testing** - Reproducible CI/CD environments @@ -138,13 +138,15 @@ SKIP_WORKSPACE_SYMLINK=true SKIP_CLAUDE_SETUP=true ./bootstrap/bootstrap-linux.s # Then manually configure ~/.ssh, ~/.aws, ~/.gitconfig ``` -> 💡 **Don't use Bitwarden?** No problem! +> 💡 **Don't use a vault manager?** No problem! > > The vault system is completely optional. Run with `--minimal` flag: > ```bash > curl -fsSL https://raw.githubusercontent.com/blackwell-systems/dotfiles/main/install.sh | bash -s -- --minimal > ``` > Then manually configure `~/.ssh`, `~/.aws`, `~/.gitconfig`. All shell config, aliases, and tools still work! +> +> Or choose your preferred vault backend: Bitwarden (default), 1Password, or pass. Inspired by: holman/dotfiles, thoughtbot/dotfiles, mathiasbynens/dotfiles @@ -162,7 +164,7 @@ Inspired by: holman/dotfiles, thoughtbot/dotfiles, mathiasbynens/dotfiles - Modern CLI tools (eza, fzf, ripgrep, etc. via Brewfile) **Optional (for vault features only):** -- **Bitwarden CLI + account** - For automated secret sync +- **Vault CLI** - Bitwarden (`bw`), 1Password (`op`), or pass for automated secret sync - Skip with `--minimal` flag (or just don't run `dotfiles vault` commands) - Without vault: manually configure `~/.ssh`, `~/.aws`, `~/.gitconfig` @@ -172,7 +174,7 @@ Inspired by: holman/dotfiles, thoughtbot/dotfiles, mathiasbynens/dotfiles To clone via SSH (recommended), you’ll also want an SSH key configured with GitHub. If you don’t have Git yet, you can either: - install it the way you normally would on your platform, or -- download this repository as a ZIP from GitHub, extract it, and run `bootstrap-mac.sh` / `bootstrap-linux.sh` – the scripts will install Git and the Bitwarden CLI for you. +- download this repository as a ZIP from GitHub, extract it, and run `bootstrap-mac.sh` / `bootstrap-linux.sh` / `bootstrap-windows.sh` – the scripts will install Git and configure your environment. --- @@ -205,9 +207,9 @@ cd ~/workspace/dotfiles ./bootstrap/bootstrap-mac.sh # macOS ./bootstrap/bootstrap-linux.sh # Linux / WSL2 / Lima / Docker -# 3. Restore secrets from Bitwarden -bw login -export BW_SESSION="$(bw unlock --raw)" +# 3. Restore secrets from vault +bw login # or: op signin (1Password) / gpg for pass +export BW_SESSION="$(bw unlock --raw)" # Bitwarden only ./vault/bootstrap-vault.sh # 4. Verify @@ -217,9 +219,9 @@ dotfiles doctor **That's it.** Shell configured, secrets restored, health validated.
-Don't use Bitwarden? +Don't use a vault manager? -The vault system is completely optional. Two options: +The vault system supports Bitwarden, 1Password, and pass. Or skip it entirely: **Option 1: Use `--minimal` flag** ```bash @@ -254,7 +256,7 @@ SKIP_WORKSPACE_SYMLINK=true SKIP_CLAUDE_SETUP=true ./bootstrap/bootstrap-mac.sh **Available flags:** - `SKIP_WORKSPACE_SYMLINK=true` – Skip `/workspace` symlink creation (for single-machine setups) - `SKIP_CLAUDE_SETUP=true` – Skip `~/.claude` configuration symlink -- `DOTFILES_OFFLINE=1` – Skip all Bitwarden vault operations (for air-gapped or offline environments) +- `DOTFILES_OFFLINE=1` – Skip all vault operations (for air-gapped or offline environments) All features are opt-in by default and can be disabled without breaking the rest of the setup.
@@ -269,7 +271,7 @@ All features are opt-in by default and can be disabled without breaking the rest - **Docker/CI environments** – Bootstrap in containers for reproducible builds. Vault restore from CI secrets. -- **Air-gapped/Offline** – Use `DOTFILES_OFFLINE=1` when Bitwarden isn't available. Vault operations skip gracefully. +- **Air-gapped/Offline** – Use `DOTFILES_OFFLINE=1` when vault isn't available. Vault operations skip gracefully. - **Multi-machine workflow** – Develop on macOS, test on Linux VM, deploy from WSL. Same dotfiles, same secrets, same Claude sessions everywhere. @@ -288,13 +290,13 @@ All features are opt-in by default and can be disabled without breaking the rest - Homebrew package manager - Git, GitHub CLI, Node.js - Docker, Lima (Linux VM) -- AWS CLI, Bitwarden CLI +- AWS CLI, Vault CLI (Bitwarden/1Password/pass) ### Configurations -- SSH keys and config (from Bitwarden) -- AWS credentials and config (from Bitwarden) -- Git configuration (from Bitwarden) -- Environment secrets (from Bitwarden) +- SSH keys and config (from vault) +- AWS credentials and config (from vault) +- Git configuration (from vault) +- Environment secrets (from vault) - Claude Code settings (shared workspace) See [Brewfile](Brewfile) for complete package list. @@ -456,7 +458,7 @@ A unified command for managing your dotfiles: dotfiles status # Quick visual dashboard (color-coded) dotfiles doctor # Comprehensive health check dotfiles doctor --fix # Auto-repair permission issues -dotfiles drift # Compare local files vs Bitwarden vault +dotfiles drift # Compare local files vs vault dotfiles diff # Preview changes before sync/restore # Backup & Restore @@ -467,7 +469,7 @@ dotfiles backup restore # Restore from backup # Vault Operations dotfiles vault restore # Restore secrets (checks for local drift first) dotfiles vault restore --force # Skip drift check, overwrite local -dotfiles vault sync # Sync local files to Bitwarden +dotfiles vault sync # Sync local files to vault dotfiles vault list # List vault items dotfiles vault check # Validate vault items exist @@ -500,7 +502,7 @@ Validate your environment anytime: ```bash dotfiles doctor # Comprehensive check dotfiles doctor --fix # Auto-repair permissions -dotfiles drift # Compare local vs Bitwarden vault +dotfiles drift # Compare local vs vault ``` **Checks performed:** @@ -508,7 +510,7 @@ dotfiles drift # Compare local vs Bitwarden vault - Required commands (brew, zsh, git, bw, aws) - SSH keys and permissions (600 private, 644 public) - AWS configuration and credentials -- Bitwarden login status +- Vault login status - Drift detection (local vs vault) --- @@ -524,12 +526,12 @@ dotfiles-upgrade # Pull latest, run bootstrap, check health ### Sync Secrets ```bash -# Update SSH config locally, then sync to Bitwarden +# Update SSH config locally, then sync to vault vim ~/.ssh/config -./vault/sync-to-bitwarden.sh SSH-Config +dotfiles vault sync SSH-Config # View what would be synced (dry run) -./vault/sync-to-bitwarden.sh --dry-run --all +dotfiles vault sync --dry-run --all ``` ### Add New SSH Key @@ -539,12 +541,12 @@ vim ~/.ssh/config ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_newkey # 2. Add to vault/_common.sh SSH_KEYS array -# 3. Sync to Bitwarden -./vault/sync-to-bitwarden.sh SSH-GitHub-NewKey +# 3. Sync to vault +dotfiles vault sync SSH-GitHub-NewKey # 4. Update SSH config vim ~/.ssh/config -./vault/sync-to-bitwarden.sh SSH-Config +dotfiles vault sync SSH-Config ``` See [Maintenance Checklists](docs/README-FULL.md#maintenance-checklists) for more. @@ -582,7 +584,7 @@ dotfiles/ │ │ └── pass.sh # pass (GPG) backend │ ├── bootstrap-vault.sh # Orchestrator │ ├── restore-*.sh # Restore SSH, AWS, Git, env -│ ├── sync-to-bitwarden.sh # Sync local → vault +│ ├── sync-to-vault.sh # Sync local → vault │ ├── validate-schema.sh # Validate vault item structure │ └── check-vault-items.sh # Pre-flight validation │ @@ -656,7 +658,7 @@ docker build -t dotfiles-dev . # Run interactive shell docker run -it --rm dotfiles-dev -# Run with Bitwarden vault restore +# Run with vault restore (Bitwarden example) export BW_SESSION="$(bw unlock --raw)" docker run -it --rm -e BW_SESSION="$BW_SESSION" dotfiles-dev @@ -737,6 +739,7 @@ To customize: | macOS (Intel) | ✅ Fully tested | Auto-detects architecture | | Lima (Ubuntu 24.04) | ✅ Fully tested | Recommended Linux VM for macOS | | WSL2 (Windows) | ✅ Auto-detected | Uses Linux bootstrap | +| Windows (Git Bash/MSYS2) | ✅ Native support | Uses Windows bootstrap | | Ubuntu/Debian | ✅ Compatible | Tested on Ubuntu 24.04 | | Arch/Fedora/BSD | ⚠️ Experimental | 15-30 min adaptation needed | @@ -749,7 +752,7 @@ To customize: - **[Template Guide](docs/templates.md)** - Machine-specific configuration templates - **[Architecture](docs/architecture.md)** - System diagrams and component overview - **[Troubleshooting](docs/troubleshooting.md)** - Common issues and solutions -- **[Vault README](vault/README.md)** - Bitwarden vault details +- **[Vault README](vault/README.md)** - Multi-vault backend details - **[CONTRIBUTING.md](CONTRIBUTING.md)** - Contributor guide - **[SECURITY.md](SECURITY.md)** - Security policy - **[CHANGELOG.md](CHANGELOG.md)** - Version history @@ -776,9 +779,13 @@ ssh-add -l # Verify keys loaded ssh -T git@github.com # Test connection ``` -**Bitwarden session expired:** +**Vault session expired:** ```bash +# Bitwarden export BW_SESSION="$(bw unlock --raw)" + +# 1Password - re-sign in +op signin ``` **Tab completion not working:** @@ -805,7 +812,7 @@ See [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for community guidelines. ## Security -- All secrets stored in Bitwarden (encrypted) +- All secrets stored in vault (encrypted) - Session caching with 600 permissions - Pre-commit hooks prevent secret leaks - Regular security audits (see [SECURITY.md](SECURITY.md)) diff --git a/bootstrap/bootstrap-windows.sh b/bootstrap/bootstrap-windows.sh new file mode 100755 index 00000000..6a746b1e --- /dev/null +++ b/bootstrap/bootstrap-windows.sh @@ -0,0 +1,140 @@ +#!/usr/bin/env bash +# ============================================================ +# FILE: bootstrap-windows.sh +# Windows bootstrap (Git Bash / MSYS2 / Cygwin) +# Usage: +# ./bootstrap-windows.sh # Standard bootstrap +# ./bootstrap-windows.sh --interactive # Prompt for options +# ./bootstrap-windows.sh --help # Show help +# ============================================================ +set -euo pipefail + +# DOTFILES_DIR is parent of bootstrap/ +DOTFILES_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" + +# ============================================================ +# Detect Windows environment +# ============================================================ +IS_GITBASH=false +IS_MSYS2=false +IS_CYGWIN=false +export PLATFORM_NAME="Windows" + +case "$(uname -s)" in + MINGW*) + IS_GITBASH=true + export PLATFORM_NAME="Git Bash" + ;; + MSYS*) + IS_MSYS2=true + export PLATFORM_NAME="MSYS2" + ;; + CYGWIN*) + IS_CYGWIN=true + export PLATFORM_NAME="Cygwin" + ;; +esac + +# Source shared bootstrap functions +# shellcheck source=bootstrap/_common.sh +source "$DOTFILES_DIR/bootstrap/_common.sh" + +# Parse arguments (sets INTERACTIVE flag) +parse_bootstrap_args "$@" + +# Run interactive configuration if --interactive +run_interactive_config + +echo "=== Windows bootstrap starting ($PLATFORM_NAME) ===" + +# ============================================================ +# 1. Check prerequisites +# ============================================================ +echo "Checking prerequisites..." + +if ! command -v git >/dev/null 2>&1; then + fail "Git is required. Please install Git for Windows first." + exit 1 +fi + +if ! command -v zsh >/dev/null 2>&1; then + warn "Zsh not found. Some features may not work." + if $IS_MSYS2; then + echo "Install zsh with: pacman -S zsh" + elif $IS_GITBASH; then + echo "For full zsh support, consider using MSYS2 or WSL2 instead." + fi +fi + +# ============================================================ +# 2. MSYS2-specific package installation +# ============================================================ +if $IS_MSYS2 && command -v pacman >/dev/null 2>&1; then + echo "Installing packages via pacman..." + pacman -Syu --noconfirm --needed \ + git zsh curl wget \ + 2>/dev/null || warn "Some packages may not have installed" +fi + +# ============================================================ +# 3. Workspace layout (shared) +# ============================================================ +setup_workspace_layout + +# ============================================================ +# 4. Skip /workspace symlink on Windows (requires admin) +# ============================================================ +if [[ "${SKIP_WORKSPACE_SYMLINK:-}" != "true" ]]; then + echo "Note: /workspace symlink requires administrator privileges on Windows." + echo "Skipping automatic creation. To create manually (as admin):" + echo " mklink /D C:\\workspace %USERPROFILE%\\workspace" + echo "" + echo "Or set SKIP_WORKSPACE_SYMLINK=true to suppress this message." +fi + +# ============================================================ +# 5. Dotfiles symlinks (shared) +# ============================================================ +link_dotfiles + +# ============================================================ +# 6. Shell configuration +# ============================================================ +if command -v zsh >/dev/null 2>&1; then + if [[ "$SHELL" != "$(command -v zsh)" ]]; then + echo "Note: To use zsh as default shell on Windows:" + if $IS_MSYS2; then + echo " Add to ~/.bashrc: exec zsh" + elif $IS_GITBASH; then + echo " Add to ~/.bashrc: exec zsh (if zsh is installed)" + fi + fi +fi + +# ============================================================ +# Done - Platform-specific tips +# ============================================================ +echo "=== Windows bootstrap complete ($PLATFORM_NAME) ===" +echo "" +echo "Next steps:" +echo " - Open a new shell to use the dotfiles configuration" +echo " - Some features (Homebrew, Lima) are not available on Windows" +echo "" + +if $IS_GITBASH; then + echo "Git Bash notes:" + echo " - Consider using WSL2 for full Linux compatibility" + echo " - Homebrew is not available; use chocolatey or scoop for packages" + echo "" +elif $IS_MSYS2; then + echo "MSYS2 notes:" + echo " - Use 'pacman -S ' to install packages" + echo " - Some tools may need to be installed separately" + echo "" +fi + +echo "To restore secrets from vault:" +echo " # Bitwarden: bw login && export BW_SESSION=\"\$(bw unlock --raw)\"" +echo " # 1Password: op signin" +echo " # pass: (uses GPG, ensure gpg is configured)" +echo " dotfiles vault restore" diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index df8309a6..1e0639a2 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -151,7 +151,7 @@ cd vault ./restore-ssh.sh --help # Test with dry-run mode (where available) -./sync-to-bitwarden.sh --dry-run SSH-Config +dotfiles vault sync --dry-run SSH-Config ``` ### Integration Testing @@ -369,7 +369,7 @@ export BW_SESSION="$(bw unlock --raw)" # Test vault operations (use test account!) ./vault/check-vault-items.sh -v -./vault/sync-to-bitwarden.sh --dry-run SSH-Config +dotfiles vault sync --dry-run SSH-Config ``` ### Debugging diff --git a/docs/README-FULL.md b/docs/README-FULL.md index c2d0eba0..006fa2ce 100644 --- a/docs/README-FULL.md +++ b/docs/README-FULL.md @@ -153,7 +153,7 @@ The dotfiles are organized as follows: │ ├── create-vault-item.sh # Creates new vault secure notes │ ├── delete-vault-item.sh # Deletes items from vault (with safety) │ ├── list-vault-items.sh # Lists all vault items (debug/inventory) -│ ├── sync-to-bitwarden.sh # Syncs local changes back to vault +│ ├── sync-to-vault.sh # Syncs local changes back to vault │ ├── restore-ssh.sh # Restores SSH keys and config from vault │ ├── restore-aws.sh # Restores ~/.aws/config & ~/.aws/credentials │ ├── restore-env.sh # Restores environment secrets to ~/.local diff --git a/docs/README.md b/docs/README.md index ffb19e93..eb78334c 100644 --- a/docs/README.md +++ b/docs/README.md @@ -43,7 +43,7 @@ | Capability | This Repo | Typical Dotfiles | |----------------------|-----------------------------------------------|----------------------------------| | **Secrets management** | Multi-vault (Bitwarden, 1Password, pass) | Manual copy between machines | -| **Health validation** | 573-line checker with `--fix` | None | +| **Health validation** | 446-line checker with `--fix` | None | | **Drift detection** | Compare local vs vault state | None | | **Schema validation** | Validates SSH keys & config structure | None | | **Unit tests** | 80+ bats-core tests | Rare | @@ -63,7 +63,7 @@ | **Bidirectional Sync** | ✅ Local ↔ Vault | ❌ | ❌ | ❌ | ❌ | | **Cross-Platform** | ✅ macOS, Linux, Windows, WSL2, Docker | ⚠️ Limited | ⚠️ macOS only | ⚠️ macOS only | ⚠️ Limited | | **Claude Code Sessions** | ✅ Portable via `/workspace` | ❌ | ❌ | ❌ | ❌ | -| **Health Checks** | ✅ 573 lines + auto-fix | ❌ | ❌ | ❌ | ❌ | +| **Health Checks** | ✅ 446 lines + auto-fix | ❌ | ❌ | ❌ | ❌ | | **Drift Detection** | ✅ Local vs Vault | ❌ | ❌ | ❌ | ❌ | | **Schema Validation** | ✅ SSH keys, configs | ❌ | ❌ | ❌ | ❌ | | **Unit Tests** | ✅ 80+ bats tests | ❌ | ❌ | ❌ | ❌ | @@ -112,7 +112,7 @@ 1. **Only dotfiles with multi-vault backend support** - Bitwarden, 1Password, or pass with unified API 2. **Only dotfiles with Claude Code session portability** - `/workspace` symlink + auto-redirect -3. **Only dotfiles with comprehensive health checks** - 573-line validator with auto-fix +3. **Only dotfiles with comprehensive health checks** - 446-line validator with auto-fix 4. **Only dotfiles with drift detection** - Compare local vs vault state 5. **Only dotfiles with schema validation** - Ensures SSH keys/configs are valid before restore 6. **Only dotfiles with Docker bootstrap testing** - Reproducible CI/CD environments @@ -174,7 +174,7 @@ Inspired by: holman/dotfiles, thoughtbot/dotfiles, mathiasbynens/dotfiles To clone via SSH (recommended), you’ll also want an SSH key configured with GitHub. If you don’t have Git yet, you can either: - install it the way you normally would on your platform, or -- download this repository as a ZIP from GitHub, extract it, and run `bootstrap-mac.sh` / `bootstrap-linux.sh` – the scripts will install Git and the Bitwarden CLI for you. +- download this repository as a ZIP from GitHub, extract it, and run `bootstrap-mac.sh` / `bootstrap-linux.sh` / `bootstrap-windows.sh` – the scripts will install Git and configure your environment. --- @@ -290,7 +290,7 @@ All features are opt-in by default and can be disabled without breaking the rest - Homebrew package manager - Git, GitHub CLI, Node.js - Docker, Lima (Linux VM) -- AWS CLI, Bitwarden CLI +- AWS CLI, Vault CLI (Bitwarden/1Password/pass) ### Configurations - SSH keys and config (from vault) @@ -522,10 +522,10 @@ dotfiles-upgrade # Pull latest, run bootstrap, check health ```bash # Update SSH config locally, then sync to vault vim ~/.ssh/config -./vault/sync-to-bitwarden.sh SSH-Config +dotfiles vault sync SSH-Config # View what would be synced (dry run) -./vault/sync-to-bitwarden.sh --dry-run --all +dotfiles vault sync --dry-run --all ``` ### Add New SSH Key @@ -536,11 +536,11 @@ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_newkey # 2. Add to vault/_common.sh SSH_KEYS array # 3. Sync to vault -./vault/sync-to-bitwarden.sh SSH-GitHub-NewKey +dotfiles vault sync SSH-GitHub-NewKey # 4. Update SSH config vim ~/.ssh/config -./vault/sync-to-bitwarden.sh SSH-Config +dotfiles vault sync SSH-Config ``` See [Maintenance Checklists](docs/README-FULL.md#maintenance-checklists) for more. @@ -559,6 +559,7 @@ dotfiles/ │ ├── _common.sh # Shared bootstrap functions │ ├── bootstrap-mac.sh # macOS setup │ ├── bootstrap-linux.sh # Linux/WSL2/Lima setup +│ ├── bootstrap-windows.sh # Windows (Git Bash/MSYS2) │ └── bootstrap-dotfiles.sh # Symlink creation │ ├── bin/ # CLI commands (use: dotfiles ) @@ -578,7 +579,7 @@ dotfiles/ │ │ └── pass.sh # pass (GPG) backend │ ├── bootstrap-vault.sh # Orchestrator │ ├── restore-*.sh # Restore SSH, AWS, Git, env -│ ├── sync-to-bitwarden.sh # Sync local → vault +│ ├── sync-to-vault.sh # Sync local → vault │ ├── validate-schema.sh # Validate vault item structure │ └── check-vault-items.sh # Pre-flight validation │ @@ -652,7 +653,7 @@ docker build -t dotfiles-dev . # Run interactive shell docker run -it --rm dotfiles-dev -# Run with Bitwarden vault restore +# Run with vault restore (Bitwarden example) export BW_SESSION="$(bw unlock --raw)" docker run -it --rm -e BW_SESSION="$BW_SESSION" dotfiles-dev @@ -723,6 +724,7 @@ To customize: | macOS (Intel) | ✅ Fully tested | Auto-detects architecture | | Lima (Ubuntu 24.04) | ✅ Fully tested | Recommended Linux VM for macOS | | WSL2 (Windows) | ✅ Auto-detected | Uses Linux bootstrap | +| Windows (Git Bash/MSYS2) | ✅ Native support | Uses Windows bootstrap | | Ubuntu/Debian | ✅ Compatible | Tested on Ubuntu 24.04 | | Arch/Fedora/BSD | ⚠️ Experimental | 15-30 min adaptation needed | diff --git a/docs/architecture.md b/docs/architecture.md index 8852a0d3..c82ff05b 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -122,7 +122,7 @@ dotfiles/ ├── vault/ │ ├── _common.sh # Shared definitions │ ├── bootstrap-vault.sh # Restore secrets -│ ├── sync-to-bitwarden.sh +│ ├── sync-to-vault.sh │ └── restore-*.sh # Category restores │ ├── macos/ diff --git a/docs/vault-README.md b/docs/vault-README.md index a5b7921c..0b850dd7 100644 --- a/docs/vault-README.md +++ b/docs/vault-README.md @@ -47,7 +47,7 @@ All `dotfiles vault` commands work identically regardless of backend. | `restore-env.sh` | Restores env secrets | Called by bootstrap | | `restore-git.sh` | Restores gitconfig | Called by bootstrap | | `create-vault-item.sh` | Creates new vault items | `dotfiles vault create ITEM` | -| `sync-to-bitwarden.sh` | Syncs local → vault | `dotfiles vault sync --all` | +| `sync-to-vault.sh` | Syncs local → vault | `dotfiles vault sync --all` | | `validate-schema.sh` | Validates vault item schema | `dotfiles vault validate` | | `delete-vault-item.sh` | Deletes items from vault | `dotfiles vault delete ITEM` | | `check-vault-items.sh` | Pre-flight validation | `dotfiles vault check` | @@ -188,7 +188,7 @@ When offline mode is enabled: │ │ │ OPERATION LAYER │ │ ═════════════════════════════════════════════════════════════ │ -│ restore-*.sh, sync-to-bitwarden.sh, create/delete scripts │ +│ restore-*.sh, sync-to-vault.sh, create/delete scripts │ │ ↓ │ │ _common.sh (data structures, validation, drift detection) │ │ ↓ │ diff --git a/install.sh b/install.sh index 0872c9dc..f58675e8 100755 --- a/install.sh +++ b/install.sh @@ -101,6 +101,10 @@ case "$OS" in PLATFORM="Lima" fi ;; + MINGW*|MSYS*|CYGWIN*) + PLATFORM="Windows (Git Bash)" + BOOTSTRAP_SCRIPT="bootstrap/bootstrap-windows.sh" + ;; *) fail "Unsupported operating system: $OS" exit 1 diff --git a/vault/README.md b/vault/README.md index 5849a0d7..3ce21340 100644 --- a/vault/README.md +++ b/vault/README.md @@ -47,7 +47,7 @@ All `dotfiles vault` commands work identically regardless of backend. | `restore-env.sh` | Restores env secrets | Called by bootstrap | | `restore-git.sh` | Restores gitconfig | Called by bootstrap | | `create-vault-item.sh` | Creates new vault items | `dotfiles vault create ITEM` | -| `sync-to-bitwarden.sh` | Syncs local → vault | `dotfiles vault sync --all` | +| `sync-to-vault.sh` | Syncs local → vault | `dotfiles vault sync --all` | | `validate-schema.sh` | Validates vault item schema | `dotfiles vault validate` | | `delete-vault-item.sh` | Deletes items from vault | `dotfiles vault delete ITEM` | | `check-vault-items.sh` | Pre-flight validation | `dotfiles vault check` | @@ -261,20 +261,20 @@ Restores Git configuration. --- -### `sync-to-bitwarden.sh` +### `sync-to-vault.sh` Pushes local config changes back to vault. ```bash # Preview changes (no modification) -./sync-to-bitwarden.sh --dry-run --all +dotfiles vault sync --dry-run --all # Sync specific items -./sync-to-bitwarden.sh SSH-Config -./sync-to-bitwarden.sh AWS-Config Git-Config +dotfiles vault sync SSH-Config +dotfiles vault sync AWS-Config Git-Config # Sync all -./sync-to-bitwarden.sh --all +dotfiles vault sync --all ``` **Supported items:** @@ -344,7 +344,7 @@ SYNCABLE_ITEMS["Git-Config"]="$HOME/.gitconfig" │ │ │ OPERATION LAYER │ │ ═════════════════════════════════════════════════════════════ │ -│ restore-*.sh, sync-to-bitwarden.sh, create/delete scripts │ +│ restore-*.sh, sync-to-vault.sh, create/delete scripts │ │ ↓ │ │ _common.sh (data structures, validation, drift detection) │ │ ↓ │ @@ -483,4 +483,4 @@ rm vault/.vault-session ``` This automatically propagates to `restore-ssh.sh` and `bin/dotfiles-doctor`. 4. Update `~/.ssh/config` with Host entry -5. Sync: `./sync-to-bitwarden.sh SSH-Config` +5. Sync: `dotfiles vault sync SSH-Config` diff --git a/vault/create-vault-item.sh b/vault/create-vault-item.sh index 6a730c5e..4a06203c 100755 --- a/vault/create-vault-item.sh +++ b/vault/create-vault-item.sh @@ -144,7 +144,7 @@ if [[ -n "$EXISTING_JSON" ]]; then echo "" if ! $FORCE; then - fail "Use --force to overwrite, or use sync-to-bitwarden.sh to update" + fail "Use --force to overwrite, or use 'dotfiles vault sync' to update" exit 1 fi diff --git a/vault/sync-to-bitwarden.sh b/vault/sync-to-vault.sh similarity index 95% rename from vault/sync-to-bitwarden.sh rename to vault/sync-to-vault.sh index 3e2e63ab..0c548794 100755 --- a/vault/sync-to-bitwarden.sh +++ b/vault/sync-to-vault.sh @@ -1,8 +1,8 @@ #!/usr/bin/env zsh # ============================================================ -# FILE: vault/sync-to-bitwarden.sh -# Syncs local config files back to Bitwarden (inverse of restore) -# Usage: ./sync-to-bitwarden.sh [--dry-run] [--all | item...] +# FILE: vault/sync-to-vault.sh +# Syncs local config files back to vault (inverse of restore) +# Usage: ./sync-to-vault.sh [--dry-run] [--all | item...] # ============================================================ set -uo pipefail @@ -16,7 +16,7 @@ usage() { cat </dev/null 2>&1; then + alias pbcopy='clip.exe' + alias pbpaste='powershell.exe -command "Get-Clipboard"' + fi + ;; esac diff --git a/zsh/zsh.d/40-aliases.zsh b/zsh/zsh.d/40-aliases.zsh index 6ebc62bd..d33a178c 100644 --- a/zsh/zsh.d/40-aliases.zsh +++ b/zsh/zsh.d/40-aliases.zsh @@ -1,7 +1,7 @@ # ========================= # 40-aliases.zsh # ========================= -# Shell aliases for navigation, bitwarden, dotfiles, and utilities +# Shell aliases for navigation, vault, dotfiles, and utilities # Convenient shortcuts for common operations # Convenience navigation aliases @@ -43,7 +43,7 @@ dotfiles() { "$VAULT_DIR/bootstrap-vault.sh" "$@" ;; sync) - "$VAULT_DIR/sync-to-bitwarden.sh" "$@" + "$VAULT_DIR/sync-to-vault.sh" "$@" ;; list) "$VAULT_DIR/list-vault-items.sh" "$@" @@ -61,14 +61,14 @@ dotfiles() { "$VAULT_DIR/delete-vault-item.sh" "$@" ;; help|--help|-h|"") - echo "dotfiles vault - Bitwarden vault operations" + echo "dotfiles vault - Secret vault operations" echo "" echo "Usage: dotfiles vault [options]" echo "" echo "Commands:" - echo " restore Restore all secrets from Bitwarden" + echo " restore Restore all secrets from vault" echo " --force: Skip drift check, overwrite local changes" - echo " sync [item] Sync local files to Bitwarden (--all for all)" + echo " sync [item] Sync local files to vault (--all for all)" echo " list List vault items" echo " check Validate vault items exist" echo " validate Validate vault item schema" @@ -77,7 +77,7 @@ dotfiles() { echo "" echo "Examples:" echo " dotfiles vault restore # Restore all secrets" - echo " dotfiles vault sync --all # Sync all to Bitwarden" + echo " dotfiles vault sync --all # Sync all to vault" echo " dotfiles vault sync Git-Config" ;; *) @@ -123,10 +123,10 @@ dotfiles() { echo "Commands:" echo " status, s Quick visual dashboard" echo " doctor, health Run comprehensive health check" - echo " drift Compare local files vs Bitwarden vault" + echo " drift Compare local files vs vault" echo " diff Preview changes before sync/restore" echo " backup Backup and restore configuration" - echo " vault Bitwarden vault operations (restore, sync, list...)" + echo " vault Secret vault operations (restore, sync, list...)" echo " template, tmpl Machine-specific config templates" echo " lint Validate shell config syntax" echo " packages, pkg Check/install Brewfile packages" @@ -145,8 +145,8 @@ dotfiles() { echo " dotfiles packages --install # Install from Brewfile" echo " dotfiles template init # Setup machine-specific config" echo " dotfiles template render # Generate configs from templates" - echo " dotfiles vault restore # Restore secrets from Bitwarden" - echo " dotfiles vault sync --all # Sync local to Bitwarden" + echo " dotfiles vault restore # Restore secrets from vault" + echo " dotfiles vault sync --all # Sync local to vault" ;; *) echo "Unknown command: $cmd" From 1fa34ace819d03767b3e9e3e4b2e61f2a85bca9c Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 29 Nov 2025 17:42:27 +0000 Subject: [PATCH 2/2] feat: Add git safety rules and session start hook - Add on_session_start hook to check git sync status automatically - Add comprehensive Git Safety Rules section to CLAUDE.md - Rules cover: sync before working, no force push, check before commit, one session at a time - Hook runs `git fetch && git status --porcelain=v2 --branch` to detect divergence before any work begins - Bump version to 1.8.0 --- CLAUDE.md | 47 +++++++++++++++++++++++++++++++++++++++++++- claude/settings.json | 7 +++++++ 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/CLAUDE.md b/CLAUDE.md index e961f1e4..97d150a0 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -236,6 +236,51 @@ When modifying zsh config: --- +## 🔒 Git Safety Rules + +**CRITICAL: Follow these rules to prevent merge conflicts and diverging branches.** + +### 1. Always sync before working +- Run `git fetch && git status` at the start of every session +- If the branch has diverged from remote, STOP and ask the user before proceeding +- Run `git pull --rebase` before making any commits + +### 2. Never force push +- Do not use `git push --force` or `git push -f` +- If a push is rejected, ask the user how to proceed + +### 3. Check before committing +- Run `git status` before staging changes +- Ensure you're on the correct branch +- Verify no unexpected changes are staged + +### 4. One session at a time +- If you detect uncommitted changes you didn't make, ask the user +- If remote has commits not in local, pull before continuing + +### Session Start Hook + +This repository includes a session start hook that automatically checks git sync status: + +```json +{ + "hooks": [ + { + "event": "on_session_start", + "command": "git fetch && git status --porcelain=v2 --branch", + "description": "Check git sync status at session start" + } + ] +} +``` + +The hook output will show: +- `# branch.ab +N -M` - N commits ahead, M commits behind remote +- If behind remote, run `git pull --rebase` before making changes +- If diverged, ask the user before proceeding + +--- + ## 📋 Commit Message Guidelines Use conventional commits format: @@ -343,4 +388,4 @@ Before completing work, verify: --- **Last Updated:** 2025-11-29 -**Version:** 1.7.0 +**Version:** 1.8.0 diff --git a/claude/settings.json b/claude/settings.json index 04d705df..78af68c3 100644 --- a/claude/settings.json +++ b/claude/settings.json @@ -1,4 +1,11 @@ { + "hooks": [ + { + "event": "on_session_start", + "command": "git fetch && git status --porcelain=v2 --branch", + "description": "Check git sync status at session start" + } + ], "permissions": { "allow_bash": true, "allow_read": true,