v1.4.0

Added

• Dockerfile.nosudo: parameterized test image covering two no-sudo install
  scenarios, selected via build args:
  • nosudo-auto (GRANT_SUDO=false, NOSUDO_INSTALL=""): no sudo binary
    present; detect_sudo() auto-detects CAN_SUDO=false — mirrors bare Ubuntu
    containers and shared hosts without sudo
  • nosudo-forced (GRANT_SUDO=true, NOSUDO_INSTALL=1): user has passwordless
    sudo but NOSUDO=1 overrides it — tests that the explicit env-var override
    is respected even when sudo would otherwise work
    Both variants install the minimal profile and land all binaries in ~/.local/bin.

Changed

• modules/tmux.sh: removed tmux-resurrect and tmux-continuum from
  _TMUX_PLUGINS — they were removed from .tmux.conf.local in v1.1.3 but the
  installer was never updated; they were being cloned on every workstation install
  without ever being sourced
• test.sh: comprehensive coverage improvements across all profiles:
  • Critical fix: nosudo sudo -v check was _fail if sudo was present —
    this always failed nosudo-forced (where user intentionally has sudo but
    NOSUDO=1 overrides it). Replaced with informational _ok for both variants;
    the real invariant (binaries in ~/.local/bin) is verified by check_local_bin
  • check_local_bin made strict: no longer accepts system-path binaries via
    command -v fallback — binary must be specifically at ~/.local/bin/<cmd>
    so a NOSUDO=1 regression (binary landing in /usr/local/bin) is caught
  • Added delta, jq, python3 to core tools section (installed by every
    profile; were only partially or never tested)
  • Added eza and shellcheck to the minimal/workstation section
  • Added eza and delta functional smoke tests to the nosudo section
  • Added tmux plugin dir checks (tmux-fzf, tmux-cpu) for workstation profile
  • Fixed _skip(): used $* where $1 was intended, doubling the label text
  • Fixed fd smoke test label ("can find files") to actually search files instead of
    running --version
  • Removed unreachable else _fail "zoxide not installed" (zoxide is now in
    core tools, which already catches a missing binary)
  • Added nosudo to the profile list in the usage comment
• ci-local.sh (renamed from test-local.sh): expanded nosudo coverage from one
  scenario to two variants (forced / auto); added --profile nosudo-forced and
  --profile nosudo-auto CLI selectors (--profile nosudo still selects both);
  _run_step gained an optional -u USER flag so nosudo containers run tests as
  the owning user rather than root; run_nosudo now runs the full 5-step pipeline
  (install → test → idempotency → update → re-test) matching run_combination for
  regular profiles; total default combinations increased from 12 to 15
• .github/workflows/install.yml: install-nosudo job expanded with
  variant: [auto, forced] matrix axis (3 Ubuntu × 2 variants = 6 combinations,
  up from 3); added if: matrix.variant == 'forced' step that installs sudo
  and grants passwordless access only for the forced variant; added
  update.sh step and re-test step so the no-sudo CI pipeline matches the
  regular install job; total CI combinations increased from 12 to 15

Fixed

• get.sh / install.sh: NOSUDO=1 curl ... | bash was silently ignored because
  in a shell pipeline VAR=val cmd1 | cmd2 the variable prefix is scoped only to
  cmd1 (curl), not cmd2 (bash). Both scripts now accept --nosudo as a CLI flag
  so the curl-pipe form works: curl ... | bash -s -- --nosudo workstation.
  NOSUDO=1 bash get.sh workstation (local-file usage) is unchanged and still works.
• README.md: updated nosudo one-liner to use --nosudo flag instead of the broken
  NOSUDO=1 curl ... form.
• update.sh: spurious \" in cheat URL pattern ("linux-${cheat_arch}\"") injected
  a literal " into the grep pattern, making it impossible to match the .gz asset
  URL. Cheat updates had been silently failing. Fixed to "linux-${cheat_arch}.gz".
• update.sh: xcape update block used local and trap ... RETURN at script
  top-level where RETURN traps never fire, leaking the mktemp directory on every
  xcape rebuild. Extracted into _do_update_xcape() function so the trap fires
  correctly on function return.
• modules/base.sh: no-sudo install paths for delta, ripgrep, fd, and zoxide
  all constructed GitHub asset download URLs manually. CLAUDE.md forbids this because
  asset names change between releases (delta 0.19.0 renamed its tarball). All four now
  use _gh_release_info to look up the actual asset URL from the API, matching the
  pattern already used by the sudo paths.
• modules/zsh.sh _install_ohmyzsh: sh -c "$($installer)" — if curl/wget failed,
  sh -c "" returned 0 and set -e never triggered, silently reporting success while
  oh-my-zsh was never installed. Now downloads the script into a variable with an
  explicit failure guard before passing to sh -c. Installer failure also now warns
  and returns instead of triggering set -e.
• update.sh oh-my-zsh update: zsh ... || git pull — if git pull (the fallback)
  failed, set -e exited the entire update script, leaving all remaining tools not
  updated with no warning message. Rewritten as if/elif/else that logs a warning
  and continues.
• lib/utils.sh _download_tar_bin: no trap RETURN and no || return 1 on the
  pipe, so a download failure triggered set -e exit inside the function — callers'
  || log_warn handlers were never reached. Added trap RETURN for cleanup and
  || return 1 so failures propagate correctly to callers.
• modules/neovim.sh install_neovim, update.sh _do_update_neovim,
  update.sh _do_update_uv, update.sh cheat update,
  modules/base.sh _install_eza PPA: all had curl | tar/gpg/gunzip pipes with
  no error handlers. A network failure would exit the whole script mid-run with no
  user message. Each now logs a warning and returns/skips cleanly.
• scripts/install-git.sh / scripts/install-cmake.sh: curl | tar and curl -o
  download failures were silently caught by set -euo pipefail, exiting the script
  with no message. Both now use || die "…" so network failures print an actionable
  error before exiting.
• modules/base.sh _install_eza (no-sudo path) and _install_jq: used
  _gh_latest_tag_noapi followed by manual URL construction — the same fragile
  pattern that CLAUDE.md prohibits because asset names change between releases.
  Both now use _gh_release_info to look up the verified asset URL in one API call.

v1.3.0

What's Changed

Added

• scripts/install-neovim-src.sh: standalone script to build the latest stable neovim from source; intended for systems where glibc < 2.32 prevents running prebuilt GitHub release binaries (e.g. Ubuntu 20.04); supports NEOVIM_TAG (pin version) and NEOVIM_PREFIX (install path) env vars

Fixed

• modules/neovim.sh: detect glibc version before downloading — saves ~100 MB download on incompatible systems; fall back to v0.9.5 tarball (nvim-linux64.tar.gz, built on Ubuntu 18.04 CI, glibc 2.17+ baseline) when system glibc < 2.32; verify binary executes before declaring success; clean up any broken binary left by a prior failed install when the glibc fallback triggers; ARM64 systems with glibc < 2.32 fall back to apt
• nvim/init.lua: gate nvim-treesitter, nvim-lspconfig, nvim-treesitter-context, mini.ai, and mini.bracketed behind cond = vim.fn.has('nvim-0.10') == 1 — these plugins use nvim 0.10+ APIs (vim.fs.joinpath, LspRequest event) or declare nvim < 0.10 soft-deprecated; nvim 0.9.5 now starts cleanly with regex highlighting and no LSP
• nvim/init.lua: use the correct post-2024 nvim-treesitter install API (require('nvim-treesitter').install({...})) — the old require('nvim-treesitter.install').ensure_initialized no longer exists after the nvim-treesitter refactor

Full Changelog: v1.2.5...v1.3.0

v1.2.5 — tmux bell notification for Claude Code sessions

What's Changed

Added

• tmux/.tmux.conf.local: enable bell-action any so terminal bells from background tmux windows propagate to the status bar, triggering the existing 🔔 tab indicator and blink,bold styling on the window tab
• ~/.claude/settings.json: append & printf '\a' > /dev/tty to the PermissionRequest, PreToolUse→AskUserQuestion, and Stop hook commands so Claude Code sessions emit a terminal bell (alongside the existing audio alert) when they need user attention

Full Changelog: v1.2.4...v1.2.5

v1.2.4

Fixed

• get.sh: existing-clone update block now fails loudly instead of silently continuing with a stale clone when git pull cannot proceed; detects and handles four distinct failure modes with actionable recovery instructions:
  • Stale .git/index.lock (interrupted git operation) — die with rm command
  • Unfinished merge or rebase state — die with git status guidance
  • Local modifications (dirty working tree) — die with full manual stash sequence including exec bash escape hatch for broken ~/.zshrc via symlink; recovery points to bash install.sh (not get.sh, which is gone after curl-pipe)
  • Local commits ahead of upstream — die with git fetch && reset --hard '@{u}'
  • Network / diverged-history pull failure — warn and continue on existing clone (resilient)
• All die/warn paths consistently point to bash <dest>/install.sh rather than "re-run get.sh"

Added

• tmux/.tmux.conf.local: server-local override include at end of file — machine-specific tmux settings now go in ~/.tmux.conf.server (untracked) so git pull never conflicts with server customisations

Removed

• VERSION.md: stale duplicate of VERSION (stuck at 1.1.3); VERSION is the canonical semver file

v1.2.3

Fixed

• nvim/init.lua: blink.cmp path completions truncated long names — default label.width.max=60 and label_description.width.max=30 were the culprits; raised to 80/50 respectively and bumped min_width from 15 to 30

v1.2.2

Bug fix

Fixed

• delta install broken on Ubuntu 20.04/22.04 (modules/base.sh): delta 0.19.0 renamed its Debian package asset from git-delta_VERSION_amd64.deb to git-delta-musl_VERSION_amd64.deb. The installer was constructing the filename rather than looking it up, so the download silently 404'd and delta was left uninstalled. Fixed by using _gh_release_info to retrieve the exact asset URL from the GitHub API — no more brittle filename construction that breaks on upstream renames.

v1.2.1

Changes

Fixed

• Post-install message showed ./scripts/install-fonts.sh (relative path) which doesn't work when installed via curl | bash since the user is not in the dotfiles directory.

Changed

• Font install instructions now offer three explicit options in both the post-install message and README:
  • Option A — p10k configure (wizard installs MesloLGS NF interactively, easiest path)
  • Option B — ~/.dotfiles/scripts/install-fonts.sh (absolute path, always works)
  • Option C — bash <(curl -fsSL .../install-fonts.sh) (no local repo needed)

v1.2.0

What's new

Added

• PATH shadow detection (update.sh): _check_path_shadows runs at the end of every update.sh invocation (read-only). It walks PATH dirs before /usr/local/bin and reports older, duplicate, or newer shadows for managed tools (nvim, xcape). Skipped gracefully if /usr/local/bin is absent from PATH.
• Neovim shadow check (modules/neovim.sh): _nvim_warn_shadows runs at install time and on the skip-already-current path. Uses direct file probes (~/.local/bin/nvim, ~/bin/nvim) — bypasses install-time bash PATH ambiguity.
• _ver_older_than (lib/utils.sh): version comparison helper using sort -V; handles 0.9.0 < 0.10.4 correctly.

Fixed

• Perl locale warning on Ctrl+R (modules/base.sh): adds locales package and runs locale-gen en_US.UTF-8 on fresh minimal Ubuntu images where the locale data is absent. fzf's history widget invokes perl for multi-line deduplication — without the locale data, every Ctrl+R produced a Perl warning.
• Post-install messaging (install.sh + modules/zsh.sh): the "next steps" block now correctly reports whether the default shell change succeeded or failed (via _SHELL_IS_ZSH flag). Clarifies that exec zsh activates the shell immediately without a re-login.

v1.1.3

What's Changed

Fixed

• zsh/.zshrc: set fzf-tab popup minimum size (60 columns × 8 rows) so file/folder names are not truncated in the completion popup
• tmux/.tmux.conf.local: removed tmux-resurrect and tmux-continuum plugins — @continuum-restore 'on' was automatically restoring all saved sessions on every tmux launch, causing ~20 unwanted windows/panes to appear on startup

Removed

• tmux-resurrect and tmux-continuum tmux plugins

Full Changelog: v1.1.2...v1.1.3

v1.1.2

Changed

• README.md: added Table of Contents