git-pr-cleanup (prc) tried `branch -d` then fell back to `branch -D`
unconditionally, silently destroying an unmerged branch when prc was
run before the PR merged or against the wrong branch. Keep the safe
`-d` for the normal post-merge path, but prompt before forcing so
unmerged commits aren't lost without consent; decline keeps the branch.
cleanup_backups piped `git branch --list` into `while read`, so the
`deleted` counter incremented inside a pipeline subshell and never
propagated. The closing "Deleted N backup branch(es)" always reported 0,
however many were actually removed. Switch the inner loop to process
substitution (matching the outer find_forked_repos loop) so the count
survives.
Replace the stub dev-env with the real, working implementation that grew
in the reference machine config — de-identified for the public scaffold.
Nix layer:
- options.nix: full project schema (url/upstream/fork/category/
worktreeRoot/worktrees{branch,path,remote}/isClone/deployFlakeInput),
deploy.targets, github.forkUser, writeDirenvHints. Drops the
forgejo-URL block + deploy-flake auto-derivation (incoherent in a
scaffold that uses explicit per-project urls).
- lib.nix: mkProject + worktreePath/bareRepoPath/projectRemotes,
generalized to the explicit-url model (origin falls back to upstream).
- config.nix: renders /etc/dev-env/{config.sh,projects.json,
tmux-sessions.json}, installs helpers via writeShellScriptBin, loads
shell functions into interactive shells, wires the git pre-commit hook.
Scripts (config-driven, read /etc/dev-env at runtime):
- bootstrap.sh, nav.sh, worktree.sh, pr-helpers.sh, rebase.sh,
status.sh, deploy.sh, regtest.sh, tmux-launch.sh.
- Stripped aiolabs/forgejo/bitspire/lamassu/webapp hardcoding; the
github-fork remote is renamed 'fork' to match git.remotes vocabulary.
- Removes the dev.sh stub (the matured impl uses discrete commands +
shell functions, not a unified 'dev' CLI).
presets/example.nix: a worked, generic project list replacing the
identity-specific aiolabs preset. tests/smoke.nix + flake checks
exercise the schema; 'nix flake check' is green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Ships `modules/dev-env/scripts/git-hooks/pre-commit` — the same
secret-scanner pattern omnixy uses, lightly adapted (drops the
omnixy-specific test_auth.py skip, generic header comment).
New option `lnbits-sensei.devEnv.gitHooks.enable` (off by default).
When on, modules/dev-env/config.nix installs the hook at
`~/.local/share/lnbits-sensei/git-hooks/pre-commit` and sets the
consumer's git `core.hooksPath` to that directory, so every repo on
the machine picks it up without per-repo wiring.
The hook refuses to commit obvious secrets (PRIVATE KEY blocks,
`password=…`, `secret=…`, `api_key=…`, `admin_key=…`, AWS keys,
non-placeholder POSTGRES_PASSWORD) and unencrypted sops files
(checks for a top-level `sops:` block AND `mac: ENC[…]` — either
signal alone is forgeable). False positives are handled via
`# pragma: allowlist secret` line- or block-level markers (gitleaks
convention).
docs/secrets-management.md gets a new subsection covering what the
hook does, when to enable it, and the false-positive escape hatches.
The Pitfalls section's reference to "the pre-commit hook most
consumers use" is replaced with a concrete pointer to this option.
`nix flake check --no-build` stays green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds the omnixy-pattern out-of-store-symlink wiring so consumers can
opt into Claude Code orientation without copying anything by hand.
Files live in lnbits-sensei (so they evolve via PR), symlinks point
back at the consumer's checkout (so edits take effect on the next
Claude session without a nixos-rebuild).
New files under files/:
- dev-CLAUDE.md — generic workspace orientation. Workspace layout,
quick command set, pointers to docs/. Opt-in (clobbers an existing
~/dev/CLAUDE.md, so off by default).
- lnbits-CLAUDE.md — per-project orientation for the lnbits worktree
subtree. Inline summary of the four most-stepped-on gotchas
(settings precedence, Quasar UMD self-closing rule, auth-decorator
distinctions, upstream PR target = `dev` not `main`) plus pointers
to the docs/ for full reference.
New options under lnbits-sensei.devEnv:
- scaffoldPath — absolute path to the consumer's lnbits-sensei
checkout. types.str (not types.path) intentionally: types.path
would copy the file into the Nix store and defeat
mkOutOfStoreSymlink. Required when any claude.* flag is on.
- claude.enable — seeds ~/dev/lnbits/CLAUDE.md.
- claude.workspaceOrientation — additionally seeds ~/dev/CLAUDE.md.
Wiring lives in home.nix (gated via `osConfig.lnbits-sensei.devEnv.*`)
rather than the dev-env NixOS module, since the file destinations are
under home-manager's purview and the home-manager scope is where
`mkOutOfStoreSymlink` is in scope.
`nix flake check` stays green — `optionalAttrs` is lazy, so
`scaffoldPath` isn't accessed when claude.{enable,workspaceOrientation}
are both false (their defaults).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the two parallel scripts (fakewallet.sh, regtest.sh) with one
modules/dev-env/scripts/dev.sh — `dev up [--fakewallet|--regtest]`,
plus `down|logs|shell`. Default mode is fakewallet (no docker, no
chains, instant), matching what the prior scaffold did with two scripts
but giving consumers one command and one verb-set to learn.
Drops the now-redundant `lnbits.backend` enum and `features.fakewallet`
option from core.nix. Backend selection is the dev CLI's runtime
concern; a NixOS-level option would be a second knob that can disagree
with the CLI flag at runtime. `lnbits.{host,port}` stay (bind addr,
useful to docs and any later service path). `features.regtest` stays
(gates docker engine installation — consumers who'll never use the
regtest mode shouldn't pay for the container engine).
Strips modules/lnbits.nix entirely. The dev CLI runs lnbits ad-hoc; if
a NixOS-managed lnbits service becomes a real ask later, re-add a
focused module then.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Both scripts are placeholders that document the intended dispatcher
shape (up/down/logs/shell). fakewallet.sh is a deliberate no-op for
symmetry — same muscle memory whether the backend is a docker stack
or a constant.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
default.nix composes the three sub-modules. options.nix declares the
public surface (projects, regtest, fakewallet, tmux) so consumers can
wire values today even though config.nix is empty. lib.nix reserves
dev-env-scoped helpers separate from the global lnbits-sensei.lib.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
