box

Personal development environment. One command to set up a new machine.

Quick Recovery (Any Server)

(command -v git >/dev/null 2>&1 || { s=""; [ "$(id -u)" -ne 0 ] && s="sudo"; (command -v apt-get >/dev/null 2>&1 && $s apt-get update && $s apt-get install -y git) || (command -v dnf >/dev/null 2>&1 && $s dnf install -y git) || (command -v yum >/dev/null 2>&1 && $s yum install -y git) || (command -v apk >/dev/null 2>&1 && $s apk add --no-cache git bash curl) || (command -v pacman >/dev/null 2>&1 && $s pacman -Sy --noconfirm git) || (command -v zypper >/dev/null 2>&1 && $s zypper --non-interactive install git) || { echo "install git manually" >&2; exit 1; }; }) && ([ -d "$HOME/box/.git" ] || git clone https://github.com/Baltsat/box.git "$HOME/box") && cd "$HOME/box" && git fetch origin && git reset --hard origin/main && rm -f ~/.box_setup_done && (./setup.sh || (unset NIX_REMOTE NIX_DAEMON_SOCKET_PATH; NIX_REMOTE=local ./setup.sh)) && exec "$SHELL" -l

Setup

Fresh machine:

git clone https://github.com/Baltsat/box.git ~/box && ~/box/setup.sh

Update existing box:

cd ~/box && git fetch origin && git reset --hard origin/main && rm -f ~/.box_setup_done && ./setup.sh

What It Does

1. Installs Nix + Homebrew (macOS)
2. Decrypts secrets (API keys, SSH keys, tokens)
3. Configures macOS system settings (dock, keyboard, trackpad, etc.)
4. Installs all packages and apps via Nix and Homebrew
5. Sets up shell (zsh, starship prompt, aliases)
6. Symlinks config files to proper locations
7. Configures AI coding agents (Claude, Codex, Pi, Gemini, Copilot, Cursor, Windsurf)
8. Sets up multi-agent delegation infrastructure (delegate MCP)
9. Syncs GLOBAL.md as global AI instructions across all agents

Structure

~/box/
├── flake.nix              # nix flake entry point
├── macos.nix              # macOS system settings + homebrew casks/brews
├── linux.nix              # linux home-manager config
├── shared.nix             # packages for both platforms
├── setup.sh               # one-command setup (entry point)
├── GLOBAL.md              # global AI agent instructions
├── CLAUDE.md              # repo-specific agent instructions
│
├── tools/
│   ├── aliases.sh         # shell aliases and functions
│   ├── zshrc              # zsh config (symlinked to ~/.zshrc)
│   ├── starship.toml      # prompt config
│   ├── secrets.sh         # encrypt/decrypt/edit secrets
│   ├── code-quality.sh    # static analysis runner
│   ├── gitconfig           # git config
│   ├── tmux.conf          # tmux config
│   │
│   ├── claude.json        # claude code settings + hooks
│   ├── claude/             # claude agents, skills, statusline
│   ├── codex.toml         # codex settings
│   ├── codex-hooks.json   # codex hook config
│   ├── pi/                # pi agent settings + extensions
│   ├── gemini/            # gemini settings
│   ├── copilot/           # github copilot config
│   ├── cursor/            # cursor editor settings
│   ├── windsurf/          # windsurf settings
│   ├── vscode/            # vscode settings
│   ├── zed/               # zed settings
│   │
│   ├── hooks/             # claude code hooks (formatting, security, quality)
│   ├── adversarial-review/ # cross-model code review system
│   ├── delegate-mcp/      # multi-agent delegation server
│   └── tokf/              # token filter tool
│
├── script/
│   ├── files.ts           # symlinks configs to proper locations
│   ├── precommit.sh       # pre-commit formatters
│   ├── hardening.sh       # server hardening script
│   └── macos.ts           # macOS-specific setup helpers
│
├── .env.sops              # encrypted secrets (committed)
├── .env.template          # secret key template (committed)
└── .env                   # decrypted secrets (gitignored)

AI Agent Infrastructure

setup.sh configures multiple AI coding agents with shared conventions:

• Claude Code — primary agent. hooks for auto-formatting, secret scanning, static analysis, workflow enforcement
• Codex — secondary agent. hooks for git safety and debug cleanup
• Pi — unified interface to copilot, gemini-cli, GLM-5 with auto-failover
• Delegate MCP — MCP server enabling agents to delegate work to each other across models
• Adversarial Review — cross-model code review (claude reviews codex's work and vice versa)

Agent configs live in tools/ and get symlinked by script/files.ts.

Resilient Remote Connect

mssh wrapper for mosh with automatic SSH fallback:

mssh user@server
mssh my-ssh-alias

Uses mosh when available, falls back to SSH on failure. Tracks unhealthy hosts to avoid repeated mosh failures. Override with MSSH_FORCE_MOSH=1.

Secrets

~/box/tools/secrets.sh decrypt  # decrypt to .env
~/box/tools/secrets.sh encrypt  # encrypt .env to .env.sops
~/box/tools/secrets.sh edit     # edit secrets in $EDITOR
~/box/tools/secrets.sh rekey    # change encryption password

Customization

• Packages: shared.nix
• macOS settings: macos.nix
• Homebrew apps: homebrew.casks in macos.nix
• Aliases: tools/aliases.sh
• AI agent settings: tools/claude.json, tools/codex.toml, tools/pi/settings.json

After changes: ./setup.sh