| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
The four password commands (PDF protect/unprotect, remove-zip-encryption, create-encrypted-zip) wrote the password to a temp file, launched an async dwim-shell command, then deleted the file in unwind-protect. Since the command is async, that delete ran the instant it launched, so qpdf or 7z could start after the password file was already gone.
I extracted cj/dwim-shell--run-with-password-file and cj/dwim-shell--password-cleanup-callback. The temp file (mode 600) is now deleted from an :on-completion callback that fires after the process exits, on both success and failure, and the synchronous unwind-protect stays only as a backstop for a throw before the async launch. All four commands now go through the one helper.
qpdf already reads the password via --password-file, so it stays out of the argv. 7z still takes it as -p"$(cat ...)", which lands on its command line. That's tracked as a separate follow-up.
|
| | |
|
| |
|
|
|
|
| |
cj/restclient-skyfi-buffer opened the SkyFi template in a file-visiting buffer and rewrote the :skyfi-key line with the live key from authinfo. An accidental save would then persist the plaintext key to disk, which breaks the module's own "key never stored on disk" promise. The template file was gitignored and never tracked, so the exposure was local only, not a repo leak.
I removed the feature rather than hardening it: cj/skyfi-api-key, cj/restclient--inject-skyfi-key, cj/restclient-skyfi-buffer, the C-; R s binding, and the two SkyFi test files are gone, along with the local template. The generic restclient setup stays: scratch buffer on C-; R n, open a .rest file on C-; R o.
|
| |
|
|
|
|
|
|
| |
linear-emacs-check-setup read linear-emacs-api-key directly and bailed to "API key is not set" before making any request, so the lazy :before advice on the GraphQL request never fired for it. A fresh session always reported the key missing even though it was in authinfo. I extracted cj/linear--install-key-advice and put the loader on check-setup as well as the request entry point, with a regression test.
I also pinned linear-emacs-org-file-path to data/linear.org inside emacs home, next to the calendar-sync output. Left to its default it falls back to org-directory/gtd/linear.org and silently created a stray ~/org tree on the first pull.
The init.el require is commented out for now while linear-emacs is reworked. The config will need rework once that lands.
|
| |
|
|
|
|
| |
I added modules/linear-config.el to load the local linear-emacs checkout (the same :load-path + :ensure nil shape gptel and org-drill use) and point it at DeepSat's Linear workspace. The personal API key comes from authinfo.gpg, loaded lazily by a named :before advice on the request function, so there's no GPG prompt at startup. The default team is DeepSat's Software Engineering team, and the commands sit under a C-; L prefix.
Verified live against DeepSat: the connection authenticates, lists all five workspace teams, and pulls real issues (SE-*, DEE-*). Tests cover the key-loader (loads when unset, keeps an existing key, stays nil when absent) and the keymap wiring.
|
| |
|
|
| |
I triaged the ~50 open hardening findings against the codebase. Closed five whose premise was stale because the work already shipped: the personal-calendar-config split, the shared cache helper, the cache idle-timer gating, and AI-conversation-persistence coverage. Tagged 31 findings :solo: — bounded work an agent can finish and verify without a decision from me. The rest carry a preference, policy, or design call and stay untagged.
|
| |
|
|
| |
I added docs/mu4e-org-msg-compose-buffer-cleanup.org explaining the one setting that controls whether mail compose buffers close on exit (message-kill-buffer-on-exit), why org-msg needs no setting of its own (it reads the variable, never sets it), and the trap that a stray setter in org-msg's :config silently wins over the mu4e one.
|
| |
|
|
| |
org-msg only reads message-kill-buffer-on-exit (in org-msg--widen-and-undo) and never sets it, so the duplicate setq in org-msg's :config was redundant. I removed it and kept the single t in the mu4e :config, with a comment noting org-msg honors whatever mu4e leaves in place. No behavior change. Compose buffers still kill on exit.
|
| | |
|
| |
|
|
|
|
| |
The earlier setup kept compose buffers after exit (org-msg set message-kill-buffer-on-exit to nil), so HTML draft buffers lingered after a message was sent or aborted. I want them cleaned up, so I set the org-msg value to t to match the mu4e default. Both composers now kill the buffer on exit.
The modules byte-compile and the mail-config tests stay green. The kill-on-exit behavior itself only shows up in live use, not in batch.
|
| | |
|
| |
|
|
|
|
| |
mail-config.el set message-kill-buffer-on-exit to t in mu4e's config and nil in org-msg's, with no note on which wins. org-msg-mode runs in every compose buffer, so org-msg's nil is the effective policy: compose buffers are kept, not killed. The org-msg comment said "always kill buffers on exit", which is backwards.
I rewrote both comments. The mu4e t is the plain-mu4e fallback that only matters if org-msg is ever disabled, and org-msg owns the live policy of keeping a draft buffer on exit so an in-progress HTML message isn't lost. No behavior change.
|
| | |
|
| |
|
|
| |
The `<java` Org Tempo template expanded to "#+begin_src javas", a typo for "java", so a Java source block came out tagged with a bogus language. I fixed the entry to "src java" and added a test that pins seven common aliases (bash, zsh, el, py, json, yaml, java) to their intended src language names, so the next typo in the template list gets caught.
|
| | |
|
| |
|
|
|
|
| |
flyspell-and-abbrev.el had no tests. I added eight: cj/--require-spell-checker (errors when no checker is on PATH, passes when one is), cj/find-previous-flyspell-overlay against synthetic overlays (finds the closest previous flyspell overlay, ignores non-flyspell ones, returns nil when none exist), and cj/flyspell-on-for-buffer-type dispatching to flyspell-prog-mode in code buffers and flyspell-mode in text buffers.
I left cj/flyspell-then-abbrev to manual testing. Pinning its flyspell-UI orchestration would mean mocking flyspell internals rather than our own logic.
|
| | |
|
| |
|
|
| |
media-utils.el had no tests. I added eight: cj/get-available-media-players filtering by executable-find, cj/media-play-it building a direct command versus the yt-dlp -g stream-URL wrap (plus the missing-player error), and cj/yt-dl-it erroring when yt-dlp or tsp is absent and queueing through tsp + yt-dlp when both are present. Every external boundary is mocked, so nothing launches.
|
| | |
|
| |
|
|
| |
The state machine in cj/title-case-region skips leading non-word characters and passes caseless letters through, but no test pinned that. I added three boundary cases: a leading double-quote and a leading paren each still capitalize the first real word, and a caseless RTL first word (Hebrew) passes through while consuming the is-first slot, so the following minor word stays lowercase.
|
| | |
|
| |
|
|
|
|
| |
env-desktop-p's docstring described a laptop, but the function returns t for the desktop case (no battery). env-x-p compared the window system against the string "x" while its sibling env-x11-p used `eq` against the symbol, so the two read differently for the same check.
I corrected the docstring and switched env-x-p to the symbol comparison. I also spelled out the difference between env-x-p (any X display, including XWayland) and env-x11-p (a real X11 session, no Wayland). Behavior is unchanged, so the existing display-predicate tests stay green.
|
| | |
|
| |
|
|
|
|
| |
cj/set-wallpaper passed `(dired-file-name-at-point)` straight to `expand-file-name`, so running it with no file at point raised a bare `wrong-type-argument` instead of a clear error. cj/dired-create-playlist-from-marked expanded the raw playlist name under `music-dir` without checking it, so a name like "../foo" or "/etc/foo" would write outside the music directory.
I added a nil-file guard to set-wallpaper and a `cj/--playlist-name-safe-p` check that rejects any name carrying a directory separator before the path is built. Both paths now fail cleanly with a user-error. Regression tests went into the existing wrapper and playlist test files.
|
| |
|
|
| |
I added a :solo: tag to the legend for tasks Claude can take end to end with no input from me: bounded scope, no design or preference call, verifiable locally. Tagged the nine hardening findings I've already assessed that way. Also closed the dirvish runtime-require task, shipped in b63c4f83.
|
| |
|
|
|
|
| |
dirvish-config builds `dirvish-quick-access-entries` from `code-dir`, `music-dir`, `pix-dir`, and the recording dirs at load time, and binds keys to `cj/xdg-open` and `cj/open-file-with-command`. Those come from user-constants and system-utils, but the module only required them under `eval-when-compile`, so the compiled module carries no runtime require and leans on init order having loaded them first.
I switched both to plain requires, matching host-environment, system-lib, and external-open-lib right below. Added a dependency-contract smoke test that fails if the requires are dropped.
|
| |
|
|
|
|
| |
I traced why remote dirvish shows "?" for dates: dirvish fetches remote attributes through an async `ls -1lahi` parser that only runs when the connection has direct-async and the remote has GNU ls. It falls back to skipping `file-attributes` (rendering "?") when either gate is shut. That's why the earlier dired-listing-switches attempts missed the real path, and why disabling direct-async made it worse.
The config already enables direct-async, so the rest is per-host and needs a live remote. I left the three diagnostic evals and the likely fixes in the task body.
|
| | |
|
| |
|
|
|
|
| |
`org-log-done` was set in two places: `cj/org-todo-settings` in org-config.el set it nil, and org-roam-config.el's `:config` set it to 'time. Whichever module loaded last won, so the effective value was load-order-dependent and fragile.
I set it once in `cj/org-todo-settings` and dropped the org-roam-config setter, leaving a comment at the old site so it doesn't creep back. The value is 'time rather than nil because the dated-completion workflow wants a CLOSED timestamp stamped on every TODO->DONE.
|
| | |
|
| |
|
|
|
|
| |
The save lived inside the `unless` branch that only ran when the completed task needed an `org-refile` into a different file. When the task was already in today's daily, the copy left the buffer modified but unsaved. A crash before the next manual save lost it, and shutdown prompted about the unsaved journal buffer.
I pulled the save out of the refile branch into a `cj/--org-roam-save-daily` helper that runs on both paths and only writes when the buffer is modified. Extracting it also makes the save logic testable without driving the org-roam capture machinery.
|
| |
|
|
| |
I closed the auth-source-idiom consolidation. The four copies now delegate to one system-lib helper.
|
| |
|
|
|
|
|
|
| |
The auth-source-search + funcall-the-secret block was copied four times: calendar-sync--calendar-url, cj/auth-source-secret (ai-config), cj/--auth-source-password (transcription), and cj/slack--get-credential. Each searched authinfo, pulled :secret, and called it when the netrc backend returned a function.
I pulled that into cj/auth-source-secret-value in system-lib (a leaf, so calendar-sync doesn't have to depend on ai-config and drag in the gptel stack). It takes an optional user and returns the secret or nil. The four callers now delegate to it: ai-config layers its required-secret error on top, and the others keep their nil-on-miss behavior. With the direct auth-source-search calls gone, I dropped the now-unused (require 'auth-source) from transcription, slack, and calendar-sync. The helper's autoload covers it.
The transcription tests that exercise the delegated path stay green, and the primitive and the error wrapper get their own tests.
|
| |
|
|
| |
I closed the navigator and keymap duplication task. Both now derive from one launcher table.
|
| |
|
|
|
|
|
|
| |
table
The 12 dashboard launchers were inlined twice (once as navigator icon buttons, once as dashboard-mode-map keybindings), so adding or reordering one meant editing both lists, and the icon-row order could drift from the key order.
I pulled them into a single cj/dashboard--launchers table of (KEY ICON-FN ICON-NAME LABEL TOOLTIP ACTION) tuples. cj/dashboard--navigator-rows chunks it four per row into the navigator buttons, and cj/dashboard--bind-launchers binds each key to its action. The icons and the keys now come from one place, with no behavior change: same icons, labels, order, and keys, locked by tests.
|
| |
|
|
|
|
| |
follow-up
I closed the subtitle-centering and the navigator/item color bugs, and filed a follow-up to give the navigator its own color separate from the list items, which is blocked by the shared dashboard-items-face overlay.
|
| |
|
|
|
|
| |
The banner subtitle sat left of center because dashboard-banner-title-offset was 5, which over-shifts. I dropped it to 3, which lines the subtitle up under the banner image.
The navigator and the recentf/project/bookmark list rendered in the default near-white. I set dashboard-items-face to steel+2 so they pick up a theme color, and the section headers stay blue via dashboard-heading. The navigator and the items share dashboard-items-face, because the navigator is drawn with a dashboard-items-face overlay that wins over its per-button dashboard-navigator face, so they take one color by design here.
|
| |
|
|
|
|
| |
The committed palette PNG had drifted from the theme. It labeled steel as "cyan", invented magenta colors the palette never had, and left out blue+2. There was no generator, so the preview and the source diverged silently.
I added gen-palette-preview.py, which parses the (name "#hex") pairs straight out of dupre-palette.el and emits the preview HTML grouped one row per color family. I regenerated the HTML and the PNG from it, so all 32 colors show with square swatches at 2x, columns aligned, and nothing drifts from palette.el again.
|
| |
|
|
| |
The real cause wasn't gptel: the gptel-tools tests already stub the constructors. test-name aborted because a test file leaked default-directory at load. Fixed with absolute load paths plus containment.
|
| |
|
|
|
|
| |
make test-name loads every test file into one Emacs, then selects by name. test-system-defaults-functions.el requires system-defaults at load, which runs (setq default-directory user-home-dir), an intentional config choice. That leaked the cwd into the shared session, so every relative -l tests/X.el load after it resolved against the wrong directory and aborted the whole run with Error 255.
I made two changes. test-name now passes absolute paths to -l so loads survive any cwd change, and the test contains the leak by let-binding default-directory around the require. The production setq stays as is.
|
| |
|
|
| |
The fork's backend constructors load again, verified end-to-end.
|
| |
|
|
|
|
| |
cj/toggle-gptel and gptel chat errored with "Symbol's function definition is void: gptel-make-anthropic". The local gptel fork on :load-path with :ensure nil ships no generated autoloads, so (require 'gptel) loads gptel.el but never gptel-anthropic.el or gptel-openai.el, where the gptel-make-* constructors live. cj/ensure-gptel-backends then reached gptel-make-anthropic before it was defined.
cj/ensure-gptel-backends now requires gptel-anthropic and gptel-openai first, through a small cj/--gptel-load-backend-libs helper. Verified end-to-end: with the fork on load-path, the constructors are fbound and both backends build.
|
| |
|
|
| |
I closed the finalize-task keybinding work and recorded its design in the task body. Three follow-ups came out of it: reconcile the duplicate org-log-done setting, always save the daily after a journal task-copy, and manually verify the live journal copy that the unit tests mock out.
|
| |
|
|
|
|
|
|
|
|
| |
I added a command on C-; O d that finalizes the task at point. It prompts for a finalized keyword from org-done-keywords, so the picker tracks org-todo-keywords automatically. Marking the task done fires the org-roam journal-copy hook, so the completed task lands in today's daily.
Then the heading is reshaped by depth. A sub-task (level 3 or deeper, or a VERIFY at any depth) becomes a dated log entry: the keyword and priority cookie are stripped, a sortable timestamp is prepended, and the tags are kept. A top-level task keeps its keyword and gains a date-only CLOSED line.
The command binds org-inhibit-logging around the org-todo call so it owns the CLOSED line rather than depending on org-log-done, which is set inconsistently across two modules. The journal hook keys off org-state, not org-log-done, so the copy still fires.
Tests run in org temp-buffers with the journal hook bound to nil, exercise the real org primitives, and inject a fixed time so the stamp shape is deterministic.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I walked all 24 unreviewed top-level tasks in one pass and stamped each with :LAST_REVIEWED: 2026-05-22. That dropped the threshold-7 staleness count from 24 to 0.
I re-graded "gptel fork not loading: gptel-make-anthropic void" from [#C] to [#B]. It breaks gptel chat entirely and is the root cause of the test-name batch-load abort, so it shouldn't sit at the bottom of the pile.
I reworded the sentence-shaped keybinding task to a terse topic and tagged it :quick:. Then I answered its embedded request with a cj/org-heading-to-dated-log sketch that drops the keyword and priority cookie and prepends a sortable timestamp, plus three mnemonic key candidates.
I switched the org-noter task from VERIFY to TODO. It's in-progress implementation work, not an open question waiting on input.
I expanded the Company-to-Corfu task with the migration spec's nine implementation steps as sub-tasks, so the work is ready to pick up without re-reading the design doc.
|
| |
|
|
| |
I filed the gptel-fork-load error, the org-contacts launch error, and two dashboard polish bugs (off-center banner subtitle, uncolored navigator icons + titles). I tagged the genuinely quick tasks :quick:, dropped all gptel work to #C, and closed the two tasks shipped this session: the ai-vterm graceful close and the org-contacts launch fix.
|
| |
|
|
|
|
|
|
| |
At startup the agenda-finalize hook ran cj/org-contacts-anniversaries-safe, which calls org-contacts-anniversaries, which calls org-contacts-files. That function messages "[org-contacts] ERROR: Your custom variable `org-contacts-files' is nil." when the variable is nil, and at that point it was nil. The value was set via the use-package :custom, which only applies when org-contacts loads, and that load is deferred behind :after (org mu4e) — later than the first agenda finalize.
I set org-contacts-files eagerly at require time instead, so it's never nil by the time the hook fires. I also guarded the wrapper: org-contacts-files emits a message rather than signaling, so ignore-errors couldn't suppress it on its own. Now the call only runs when the variable is set.
Three tests cover the eager set, the guard skipping when files are nil, and the wrapper running when they're set. Full suite green.
|
| |
|
|
|
|
|
|
| |
cj/ai-vterm-close tears an agent down cleanly: it kills the agent's tmux session (stopping the process), removes the vterm window when it isn't the only one in the frame, then kills the buffer. It targets the current agent buffer, the sole live agent, or prompts among several, and confirms before killing since that interrupts work in progress.
I also folded the whole F9 family onto ai-vterm. M-f9 used to run cj/toggle-gptel, but gptel is broken right now (the local fork doesn't load, so gptel-make-anthropic is void), and grouping every ai-vterm command under F9 reads better anyway. M-f9 is the primary close binding. C-S-f9 is a second binding that the Wayland/PGTK layer may swallow on some machines.
I covered it with 7 tests over the tmux-kill helper, the per-buffer teardown, and target selection, mocking process-file and the prompt at the boundary.
|
| |
|
|
| |
Moved the ai-vterm sizing and dashboard fixes to Resolved now that they've shipped. Filed two follow-ups: make test-name aborting on gptel-dependent test files, and consolidating the duplicated auth-source secret-funcall idiom.
|
| |
|
|
|
|
| |
A calendar's .ics feed URL is a secret token, so I'd rather not keep it in a plaintext config file. A calendar can now name a :secret-host, and calendar-sync--calendar-url looks the URL up in auth-source (~/.authinfo.gpg) at sync time. Inline :url still works and wins when both are set, so existing configs are unaffected.
I added 7 tests covering the explicit-url, string-secret, function-secret, precedence, and no-match paths, and switched the .example template to the :secret-host shape.
|
