Skip to content

feat: capture macOS system defaults (home/.macos)#319

Merged
evansenter merged 2 commits into
mainfrom
feat-macos-defaults
Jun 13, 2026
Merged

feat: capture macOS system defaults (home/.macos)#319
evansenter merged 2 commits into
mainfrom
feat-macos-defaults

Conversation

@evansenter

Copy link
Copy Markdown
Owner

Summary

Captures macOS system settings (the defaults layer the repo never managed) as home/.macos — a faithful snapshot of this machine's current values, not an opinionated set.

Covers ~36 keys: Dock (autohide/size/hot corners), Finder (hidden files, list view, path bar, desktop drives), keyboard/text (show extensions, no auto-correct/capitalization/period, traditional scrolling, en_GB), trackpad (tap-to-click, three-finger drag + look-up, light click thresholds), Stage Manager off, menu-bar clock, no .DS_Store on network shares, Activity Monitor. All correctly typed (verified via defaults read-type).

Behavior

  • Applied automatically by ./bootstrap.sh -p (full install) — it restarts Dock/Finder, so it's not run on routine ./bootstrap.sh -f syncs.
  • Symlinked to ~/.macos; idempotent, macOS-gated, re-runnable manually.

Not captured (impossible via defaults)

iCloud/Apple-ID settings, Login Items, TCC permissions, network/Wi-Fi, Touch ID, and sandboxed apps (Safari, Control Center — need Full Disk Access and are fragile). Documented as manual.

Test plan

  • bash -n + shellcheck clean; make check green (now syntax-checks home/.macos)
  • Value types verified via defaults read-type before scripting
  • Not executed in CI (mutates system state / restarts Dock); will run on next bootstrap -p or manual ~/.macos

🤖 Generated with Claude Code

Snapshot of this machine's intentional macOS settings as a faithful
`defaults write` script (not opinionated): Dock (autohide/size/hot corners),
Finder (hidden files, list view, path bar, desktop drives), keyboard/text
(show extensions, no auto-correct/cap/period, traditional scrolling, en_GB),
trackpad (tap-to-click, 3-finger drag/look-up, light click), Stage Manager off,
menu-bar clock, no .DS_Store on network shares, Activity Monitor. ~36 keys,
correctly typed (verified via `defaults read-type`).

- bootstrap applies it only on a full `-p` install (it restarts Dock/Finder),
  never on a routine `-f` sync.
- Symlinked to ~/.macos; re-runnable, idempotent, macOS-gated.
- Makefile bash -n covers it; README gains a "macOS system defaults" section
  and the new-machine checklist references it.

Not captured (not possible via defaults): iCloud/Apple-ID, Login Items, TCC
permissions, network, Touch ID, sandboxed apps (Safari, Control Center).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Comment thread home/.macos
# TCC permissions, network/Wi-Fi, Touch ID, and sandboxed apps (Safari, Control
# Center) which need Full Disk Access and are fragile — configure those manually.

set -euo pipefail

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Suggestion] With set -euo pipefail, the first defaults write that returns non-zero aborts the whole script, skipping every later setting AND the final killall Dock/Finder/SystemUIServer loop. The result is a partially-written, un-applied state (bootstrap.sh only prints a generic warning). For a script billed as idempotent and re-runnable, consider relaxing errexit for the defaults section (or running the killall via a trap on EXIT) so a single failed domain write does not prevent the UI restart that applies everything that did succeed. defaults write rarely fails for valid domains, so this is robustness hardening, not a live bug.

Comment thread bootstrap.sh
[[ "$(uname)" == "Darwin" ]] || return 0
local dotfiles_dir
dotfiles_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
if [[ -x "$dotfiles_dir/home/.macos" ]]; then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Suggestion] The guard tests for the executable bit, but the script is invoked via bash on the file path, which does not need the exec bit. If that bit is ever lost (e.g. core.fileMode=false, a non-exec filesystem, or an archive extraction), the defaults would silently not apply during bootstrap with no warning. A file-exists test matches how the file is actually run and is more resilient.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review by Claude Code (prompt: home/.claude/contrib/prompts/claude-review.md). Verdict: APPROVE. Summary: clean, well-documented snapshot of macOS defaults into home/.macos, wired only into the -p install path, with matching README/Makefile updates; bootstrap gating (PULL == true), the macOS guard, idempotency, and the -f vs -p distinction all match the documented behavior. CI execution is correctly skipped (mutates system state / restarts Dock) and the Makefile adds a bash -n syntax check, the right level of coverage for a defaults script. Two non-blocking robustness suggestions were posted as inline comments (set -euo pipefail aborting before the killall restart; the -x vs -f guard in apply_macos_defaults). The verdict follows mechanically: only suggestions, nothing blocking.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review by Claude Code (prompt: home/.claude/contrib/prompts/claude-review.md). Verdict: APPROVE. Summary: clean, well-documented snapshot of macOS defaults into home/.macos, wired only into the -p install path, with matching README/Makefile updates; bootstrap gating (PULL == true), the macOS guard, idempotency, and the -f vs -p distinction all match the documented behavior. CI execution is correctly skipped (mutates system state / restarts Dock) and the Makefile adds a bash -n syntax check, the right level of coverage for a defaults script. Two non-blocking robustness suggestions were posted as inline comments (set -euo pipefail aborting before the killall restart; the -x vs -f guard in apply_macos_defaults). The verdict follows mechanically: only suggestions, nothing blocking.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prompt: evansenter/dotfiles/.../claude-review.md

Code Review

Summary. Clean, well-documented faithful snapshot of macOS defaults into home/.macos, wired only into the -p install path with matching README/Makefile updates. Bootstrap gating (PULL == true), the Darwin guard, idempotency, the osascript/killall '|| true' guards, and the -f vs -p distinction all match the documented behavior. CI execution is correctly skipped (mutates system state / restarts Dock) with a 'bash -n' syntax check added to the Makefile — the right coverage level for a defaults script.

Findings. No Critical or Important issues. Two non-blocking robustness suggestions were already posted as inline comments on prior review rounds and still stand (errexit aborting before the final killall UI restart; -x exec-bit guard vs a file-exists test for how the script is actually invoked). Both are hardening, not live bugs — defaults write effectively never fails for valid domains/types. No new findings to add.

Verdict. APPROVE — only suggestions, nothing blocking.

— Automated review by Claude Code

@evansenter evansenter merged commit 32dd829 into main Jun 13, 2026
6 checks passed
@evansenter evansenter deleted the feat-macos-defaults branch June 13, 2026 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant