Add team Claude Code setup, Python tooling, and shell improvements

[cloudprobe]

Summary

• Team Claude Code: Project template overhauled with shared hooks (secret file protection, auto-format), GitHub MCP server config, dedicated testing.md and security.md rules, settings.local.json.template for per-dev overrides
• New agents/commands: pr-reviewer (CRITICAL/WARNING/INFO output via gh) and standup (git log + open PRs)
• Shell improvements: pyenv, Python Starship module, alias search function h(), .zshrc.local.template
• Config quality: .editorconfig, aws/config.sample, pinned ShellCheck CI, PreToolUse secret file protection hook

What changed

Claude Code — global (~/.claude/)

• settings.json: PreToolUse hook blocks writes to .env, *.key, *.pem (exit 2 — hard block). Added terraform fmt and shellcheck PostToolUse hooks.
• agents/pr-reviewer.md: New agent — /pr-reviewer 42 fetches PR via gh and outputs structured CRITICAL / WARNING / INFO review with file:line citations
• commands/standup.md: New command — /standup pulls git log + open PRs and formats a three-bullet standup

Claude Code — project template (committed to each repo)

• CLAUDE.md: Now has Team conventions, CI/CD pipeline, and Reviewers sections — the context teammates actually need
• settings.json: Full hook set matching global config (secret protection + gofmt + terraform fmt + shellcheck)
• settings.local.json.template: Copy → settings.local.json for machine-specific AWS profiles, kubeconfig. Never committed (enforced by new .gitignore)
• .mcp.json: GitHub MCP server — team gets shared PR/issue access without per-machine setup
• rules/testing.md: Table tests, boundary testing, no time.Sleep, what requires tests and what doesn't
• rules/security.md: IAM least-priv, K8s no-root, SQL parameterization, secret handling

Shell / tooling

• install.sh + .zshrc: pyenv installed and initialized; shellcheck installed alongside other tools
• zsh/starship.toml: Python module added to prompt
• zsh/.aliases: h() function — h k8s finds all matching aliases
• zsh/.zshrc.local.template: Documented template for AWS, K8s, tokens, work paths
• aws/config.sample: assume-role and SSO config patterns
• .editorconfig: Consistent indentation for Go, Shell, TF, YAML, JSON, Markdown

CI

• .github/workflows/shellcheck.yml: Pinned ludeeus/action-shellcheck from @master to @2.0.0

Test plan

• shellcheck install.sh — passes clean
• shellcheck -s bash zsh/.zshrc — passes clean
• bash -n install.sh — syntax OK
• All JSON files validated with python3 -m json.tool
• Install from scratch on a new Mac and verify all components work

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added Python environment management support with pyenv integration.
  • Added PR review agent for automated pull request analysis.
  • Added standup automation to summarize recent work activity.
  • Added search function for shell aliases.
  • Added security and testing guidelines for projects.

• Documentation

  • Updated setup documentation with local configuration templates.
  • Added AWS credential configuration template.
  • Enhanced developer workflow guides.

• Chores

  • Standardized editor configuration across repository.
  • Pinned GitHub Actions to specific versions.

[coderabbitai]

Warning

Rate limit exceeded

@cloudprobe has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 17 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 511a2be5-69b2-412a-80fa-40fa97cec8c5

📥 Commits

Reviewing files that changed from the base of the PR and between 8a9724e and 71a7e74.

📒 Files selected for processing (5)

• claude/project-template/CLAUDE.md
• claude/project-template/settings.json
• claude/project-template/settings.local.json.template
• claude/settings.json
• install.sh

📝 Walkthrough

Walkthrough

The PR introduces comprehensive infrastructure and documentation for dotfiles management, including editor configuration standardization, Python environment tooling (pyenv), AWS credential templates, Claude AI agent workflows and commands, project-template scaffolding with security and testing guidelines, automated formatting/validation hooks, and shell environment enhancements.

Changes

Cohort / File(s)	Summary
Version Control & Workflow Configuration .editorconfig, .github/workflows/shellcheck.yml	Added EditorConfig to standardize charset (UTF-8), line endings (LF), and indentation rules per filetype (tabs for Go/Makefile, 2-space for YAML/JSON/TOML/shell); pinned ShellCheck workflow action to version 2.0.0.
ZSH Shell Environment zsh/.aliases, zsh/.zshrc, zsh/.zshrc.local.template, zsh/starship.toml	Added pyenv initialization and PATH configuration in .zshrc; new h() alias-search function in .aliases; Python module to Starship prompt with pyenv version display; new .zshrc.local.template for machine-specific overrides (GitHub/AWS/Kubernetes/work paths).
AWS Credential Configuration aws/config.sample	Added AWS credentials template with default profile and commented examples for assume-role and SSO authentication patterns; includes security guidance against hardcoded credentials.
Claude Agent & Command Documentation claude/agents/pr-reviewer.md, claude/commands/standup.md	Added PR review agent workflow with prioritized findings (CRITICAL/WARNING/INFO), structured output format, and GitHub integration; added standup command to summarize recent commits and pull requests with Git/GitHub CLI snippets.
Claude Project Templates & Security/Testing Rules claude/project-template/.gitignore, claude/project-template/.mcp.json, claude/project-template/CLAUDE.md, claude/project-template/rules/security.md, claude/project-template/rules/testing.md, claude/project-template/settings.local.json.template	Expanded project template with MCP GitHub server configuration; updated CLAUDE.md with architecture, team conventions, CI/CD, and out-of-scope sections; added security rules (secrets, input validation, IAM, cloud hardening) and testing rules (Go test patterns, coverage requirements, anti-patterns); added local settings template for per-developer AWS/Kubernetes configuration.
Claude Configuration with Auto-Formatting Hooks claude/settings.json, claude/project-template/settings.json	Added PreToolUse hook to block edits/writes to secret files (*.env*, *.key, *.pem, *.p12, *.pfx); added PostToolUse hook to conditionally auto-format code (gofmt, terraform fmt, shellcheck) based on file type when tools are available; updated command-parameter deny patterns for dangerous bash commands.
Installation & Setup Script install.sh	Added pyenv and shellcheck to Homebrew dependencies; updated next-steps guidance to include ZSH local template copy and new AWS config directory setup; quoted backup filename variable for safe path expansion.
Repository Documentation README.md	Documented new tools (pyenv, Claude commands, team setup section), AWS setup bootstrapping, expanded project template structure (security/testing rules, MCP config, settings templates), and team feature table (secret protection, auto-format hooks, security testing, PR review, standup).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 With .editorconfig whiskers and hooks so refined,
Templates and secrets that safely bind,
Pyenv paths hopping through shell-scripted skies,
PR reviewers with keen, careful eyes,
A warren of configs—where order's combined!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main focus: adding team Claude Code setup, Python tooling support, and shell improvements—all primary changes reflected in the changeset.
Description check	✅ Passed	The description is comprehensive, clearly organized into sections (Summary, What changed, Test plan), and covers all major changes. It exceeds template requirements with detailed component documentation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch improve/team-claude-code-setup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (9)

claude/settings.json (1)

42-45: Note: shellcheck is a linter, not a formatter.

Unlike gofmt and terraform fmt which auto-fix files, shellcheck only reports issues without modifying the file. The warnings will appear in hook output but won't auto-correct. This is fine for awareness, just wanted to clarify the behavioral difference.

If you want auto-fixing, consider shfmt for formatting shell scripts:

-            "command": "file=$(jq -r '.tool_input.file_path // empty' 2>/dev/null); if [[ \"$file\" == *.sh ]] && command -v shellcheck >/dev/null 2>&1; then shellcheck \"$file\"; fi"
+            "command": "file=$(jq -r '.tool_input.file_path // empty' 2>/dev/null); if [[ \"$file\" == *.sh ]]; then command -v shfmt >/dev/null 2>&1 && shfmt -w \"$file\"; command -v shellcheck >/dev/null 2>&1 && shellcheck \"$file\"; fi"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/settings.json` around lines 42 - 45, The configured hook currently
runs shellcheck (the "command" string that invokes shellcheck on files matching
*.sh) but shellcheck is a linter only and won't auto-fix files; update the hook
to either run an auto-formatter like shfmt (e.g., run shfmt -w on matched .sh
files) or run both tools (shellcheck for linting and shfmt -w for formatting) so
scripts get auto-fixed; modify the "command" value accordingly in the
settings.json entry that contains the shellcheck invocation.

claude/project-template/.mcp.json (1)

10-12: Documentation gap: GITHUB_TOKEN requirement not explicitly documented.

The MCP config depends on ${GITHUB_TOKEN} being set, but settings.local.json.template (context snippet 2) lacks this variable. Users may encounter silent auth failures.

Consider adding GITHUB_TOKEN to the template:

  "env": {
+   "GITHUB_TOKEN": "",
    "AWS_PROFILE": "my-dev-profile",
    "KUBECONFIG": "/Users/me/.kube/config"
  }

Or add an inline comment in the README's team setup section clarifying that GITHUB_TOKEN must be exported (e.g., via ~/.zshrc.local).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/project-template/.mcp.json` around lines 10 - 12, The MCP config's env
mapping uses "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}" but the example
local config (settings.local.json.template) and README team setup don't
document/export GITHUB_TOKEN; update settings.local.json.template to include a
"GITHUB_TOKEN" entry with a placeholder value and/or add a short note in the
README team setup instructing developers to export GITHUB_TOKEN (e.g., via
~/.zshrc.local) so the "GITHUB_PERSONAL_ACCESS_TOKEN" env interpolation works
and avoids silent auth failures.

.github/workflows/shellcheck.yml (1)

15-15: Good improvement pinning to a version tag instead of master.

Note that GitHub release tags (like 2.0.0) cannot be force-pushed and are immutable by GitHub's design, making them secure. However, if you prefer stricter supply-chain security, you could pin to the commit SHA (currently 2.0.0 points to a stable release from January 2023). This is optional and less common in GitHub Actions usage, where version tags are the standard practice.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/shellcheck.yml at line 15, The workflow currently pins the
ShellCheck action using the tag "ludeeus/action-shellcheck@2.0.0"; to further
harden supply-chain security optionally replace the tag with the specific commit
SHA that the 2.0.0 tag points to (e.g.,
"ludeeus/action-shellcheck@<commit-sha>") by looking up the tag's commit on
GitHub and updating the uses line, or keep the immutable release tag "2.0.0" if
you prefer the standard tagging practice.

claude/project-template/settings.json (1)

34-37: Shellcheck runs but failures don't block the operation.

Unlike gofmt and terraform fmt which are formatters, shellcheck is a linter that reports issues but doesn't modify files. Since this is a PostToolUse hook, shellcheck output will appear after the write completes, serving as informational feedback rather than a gate.

If blocking on shellcheck errors is desired, consider moving this to PreToolUse for existing files or accepting this as advisory-only (which seems intentional given the pattern).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/project-template/settings.json` around lines 34 - 37, The PostToolUse
hook currently runs ShellCheck as an informational linter (the command string
under "type": "command" that invokes shellcheck on $file) but its failures don't
block the operation; to make ShellCheck block writes move this command into a
PreToolUse hook (or change the hook group from PostToolUse to PreToolUse) and
modify the command to return non‑zero on any ShellCheck findings (e.g., run
shellcheck "$file" and if it exits non‑zero then echo the output and exit 1) so
the PreToolUse will fail and prevent the write when shellcheck reports problems.

claude/commands/standup.md (1)

5-8: Consider the "Monday problem" with --since="yesterday".

On Mondays, --since="yesterday" only captures Sunday's commits, missing Friday's work. Consider documenting this limitation or using a smarter date calculation.

Alternative approach for cross-weekend coverage:

# Last 3 days covers weekend gaps
git log --oneline --since="3 days ago" --author="$(git config user.name)" 2>/dev/null \
  || git log --oneline -10

This is minor since users can adjust the command, and the fallback to -10 provides a reasonable safety net.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/commands/standup.md` around lines 5 - 8, The `git log --oneline
--since="yesterday" --author="$(git config user.name)"` snippet can miss work
across weekends (the "Monday problem"); update the standup instructions in
standup.md to either document this limitation explicitly or replace the
`--since="yesterday"` usage with a wider window such as `--since="3 days ago"`
(or recommend that alternative) and keep the fallback `|| git log --oneline -10`
unchanged so users still have the safe default.

claude/project-template/settings.local.json.template (1)

10-10: Hardcoded macOS-specific path in template.

/Users/me/.kube/config uses the macOS home directory structure. Consider using a more generic placeholder that hints at cross-platform usage.

Suggested fix

-    "KUBECONFIG": "/Users/me/.kube/config"
+    "KUBECONFIG": "$HOME/.kube/config"

Or add a comment noting this is macOS-specific and Linux users should use /home/<user>/.kube/config.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/project-template/settings.local.json.template` at line 10, The
template currently hardcodes a macOS-specific path for the KUBECONFIG value
("KUBECONFIG"), which should be made cross-platform; update the "KUBECONFIG"
template value to a generic placeholder (for example: "${HOME}/.kube/config" or
"<home>/.kube/config") or add an inline comment next to the "KUBECONFIG" key
stating that the shown path is macOS-specific and Linux users should use
/home/<user>/.kube/config, so the setting is not tied to a single OS and clearly
documents the platform differences.

claude/project-template/rules/security.md (1)

5-5: Clarify environment variable guidance for secrets.

Line 5 recommends "environment variables or a secrets manager" for credentials, while line 21 states "No credentials in environment variables — use instance profiles or IRSA."

Both are valid in different contexts (local dev vs cloud workloads), but the apparent contradiction may confuse readers.

Suggested clarification for line 21

-- No credentials in environment variables — use instance profiles or IRSA
+- In AWS/cloud workloads: no credentials in environment variables — use instance profiles or IRSA

Also applies to: 21-21

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/project-template/rules/security.md` at line 5, Clarify the apparent
contradiction between the two guidance statements by specifying contexts: update
the phrase "Use environment variables or a secrets manager (AWS Secrets Manager,
Vault)" to indicate it's intended for local development and CI environments, and
revise "No credentials in environment variables — use instance profiles or IRSA"
to state it's the recommended practice for cloud workloads running on managed
instances or Kubernetes; reference the exact phrases "Use environment variables
or a secrets manager (AWS Secrets Manager, Vault)" and "No credentials in
environment variables — use instance profiles or IRSA" so the editor knows which
lines to modify and add a short rationale sentence indicating which scenarios
each approach is appropriate.

claude/agents/pr-reviewer.md (2)

46-62: Consider adding a language specifier to the output format block.

This template block was also flagged by the linter. Since it's a markdown-formatted output template, you could use markdown or text as the language identifier.

📝 Proposed fix

 4. Output format:
-   ```
+   ```markdown
    ## PR #<n>: <title>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/agents/pr-reviewer.md` around lines 46 - 62, Update the output
template's fenced code block to include a language specifier (e.g., change the
opening "```" to "```markdown" or "```text") so the linter no longer flags it;
specifically modify the PR template block that starts with the triple backticks
and the header "## PR #<n>: <title>" to include the chosen language identifier.

---

8-15: Add language specifiers to fenced code blocks.

The static analysis tool flagged these code blocks for missing language specifiers. Since these are shell command examples, adding the language identifier improves syntax highlighting and linter compliance.

📝 Proposed fix

 Called with a PR number:
-```
+```bash
 /pr-reviewer 42

Or the current branch:
- +bash
/pr-reviewer

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude/agents/pr-reviewer.md` around lines 8 - 15, Update the two fenced code
blocks that show the CLI examples "/pr-reviewer 42" and "/pr-reviewer" to
include a shell language specifier (e.g., ```bash) so the blocks become ```bash
... ```; locate the literal code fences containing "/pr-reviewer 42" and
"/pr-reviewer" and add "bash" immediately after the opening backticks to satisfy
the linter and enable proper syntax highlighting.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@claude/project-template/CLAUDE.md`:
- Line 4: The HTML comment in the template uses nested comment delimiters ("<!--
comments -->") which will close the outer comment prematurely; replace the
nested comment text with plain placeholder text or a different non-HTML marker
(e.g., use "REPLACE_ME" or wrap the inner note in square brackets) so the outer
comment stays valid — update the comment in CLAUDE.md to remove any inner "-->"
or "<!--" sequences and leave a clear human-readable placeholder for
contributors.

In `@claude/project-template/settings.local.json.template`:
- Line 4: The existing pattern string "Bash(kubectl * --context my-local-cluster
*)" is too strict and fails to match commands with no args after the context;
update the pattern in the settings template to allow an optional trailing
argument (for example change it to "Bash(kubectl * --context my-local-cluster*)"
or otherwise include a trailing wildcard after the context) so commands like
"kubectl get pods --context my-local-cluster" match, or document that users must
adjust the pattern to their kubectl usage.

---

Nitpick comments:
In @.github/workflows/shellcheck.yml:
- Line 15: The workflow currently pins the ShellCheck action using the tag
"ludeeus/action-shellcheck@2.0.0"; to further harden supply-chain security
optionally replace the tag with the specific commit SHA that the 2.0.0 tag
points to (e.g., "ludeeus/action-shellcheck@<commit-sha>") by looking up the
tag's commit on GitHub and updating the uses line, or keep the immutable release
tag "2.0.0" if you prefer the standard tagging practice.

In `@claude/agents/pr-reviewer.md`:
- Around line 46-62: Update the output template's fenced code block to include a
language specifier (e.g., change the opening "```" to "```markdown" or
"```text") so the linter no longer flags it; specifically modify the PR template
block that starts with the triple backticks and the header "## PR #<n>: <title>"
to include the chosen language identifier.
- Around line 8-15: Update the two fenced code blocks that show the CLI examples
"/pr-reviewer 42" and "/pr-reviewer" to include a shell language specifier
(e.g., ```bash) so the blocks become ```bash ... ```; locate the literal code
fences containing "/pr-reviewer 42" and "/pr-reviewer" and add "bash"
immediately after the opening backticks to satisfy the linter and enable proper
syntax highlighting.

In `@claude/commands/standup.md`:
- Around line 5-8: The `git log --oneline --since="yesterday" --author="$(git
config user.name)"` snippet can miss work across weekends (the "Monday
problem"); update the standup instructions in standup.md to either document this
limitation explicitly or replace the `--since="yesterday"` usage with a wider
window such as `--since="3 days ago"` (or recommend that alternative) and keep
the fallback `|| git log --oneline -10` unchanged so users still have the safe
default.

In `@claude/project-template/.mcp.json`:
- Around line 10-12: The MCP config's env mapping uses
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}" but the example local config
(settings.local.json.template) and README team setup don't document/export
GITHUB_TOKEN; update settings.local.json.template to include a "GITHUB_TOKEN"
entry with a placeholder value and/or add a short note in the README team setup
instructing developers to export GITHUB_TOKEN (e.g., via ~/.zshrc.local) so the
"GITHUB_PERSONAL_ACCESS_TOKEN" env interpolation works and avoids silent auth
failures.

In `@claude/project-template/rules/security.md`:
- Line 5: Clarify the apparent contradiction between the two guidance statements
by specifying contexts: update the phrase "Use environment variables or a
secrets manager (AWS Secrets Manager, Vault)" to indicate it's intended for
local development and CI environments, and revise "No credentials in environment
variables — use instance profiles or IRSA" to state it's the recommended
practice for cloud workloads running on managed instances or Kubernetes;
reference the exact phrases "Use environment variables or a secrets manager (AWS
Secrets Manager, Vault)" and "No credentials in environment variables — use
instance profiles or IRSA" so the editor knows which lines to modify and add a
short rationale sentence indicating which scenarios each approach is
appropriate.

In `@claude/project-template/settings.json`:
- Around line 34-37: The PostToolUse hook currently runs ShellCheck as an
informational linter (the command string under "type": "command" that invokes
shellcheck on $file) but its failures don't block the operation; to make
ShellCheck block writes move this command into a PreToolUse hook (or change the
hook group from PostToolUse to PreToolUse) and modify the command to return
non‑zero on any ShellCheck findings (e.g., run shellcheck "$file" and if it
exits non‑zero then echo the output and exit 1) so the PreToolUse will fail and
prevent the write when shellcheck reports problems.

In `@claude/project-template/settings.local.json.template`:
- Line 10: The template currently hardcodes a macOS-specific path for the
KUBECONFIG value ("KUBECONFIG"), which should be made cross-platform; update the
"KUBECONFIG" template value to a generic placeholder (for example:
"${HOME}/.kube/config" or "<home>/.kube/config") or add an inline comment next
to the "KUBECONFIG" key stating that the shown path is macOS-specific and Linux
users should use /home/<user>/.kube/config, so the setting is not tied to a
single OS and clearly documents the platform differences.

In `@claude/settings.json`:
- Around line 42-45: The configured hook currently runs shellcheck (the
"command" string that invokes shellcheck on files matching *.sh) but shellcheck
is a linter only and won't auto-fix files; update the hook to either run an
auto-formatter like shfmt (e.g., run shfmt -w on matched .sh files) or run both
tools (shellcheck for linting and shfmt -w for formatting) so scripts get
auto-fixed; modify the "command" value accordingly in the settings.json entry
that contains the shellcheck invocation.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 09e9bb8c-8925-46b2-9221-11e629be9e7e

📥 Commits

Reviewing files that changed from the base of the PR and between c364267 and 8a9724e.

📒 Files selected for processing (19)

• .editorconfig
• .github/workflows/shellcheck.yml
• README.md
• aws/config.sample
• claude/agents/pr-reviewer.md
• claude/commands/standup.md
• claude/project-template/.gitignore
• claude/project-template/.mcp.json
• claude/project-template/CLAUDE.md
• claude/project-template/rules/security.md
• claude/project-template/rules/testing.md
• claude/project-template/settings.json
• claude/project-template/settings.local.json.template
• claude/settings.json
• install.sh
• zsh/.aliases
• zsh/.zshrc
• zsh/.zshrc.local.template
• zsh/starship.toml