Practical guides for AI coding agents, terminal customization, and development tooling. Each guide documents a real problem encountered during daily work, the solution that fixed it, and copy-paste configurations to replicate the setup.

Origin story: An AI agent ran git checkout -- on files containing hours of uncommitted work from a parallel coding session. The files were recovered via git fsck --lost-found, but this prompted creating a mechanical enforcement system.

A Python hook for Claude Code that intercepts Bash commands and blocks destructive operations before they execute.

Blocked commands:

How it works: Claude Code's PreToolUse hook system runs the guard script before each Bash command. The script pattern-matches against known destructive commands and returns a deny decision with an explanation. Safe variants (like git checkout -b, git clean -n, rm -rf /tmp/...) are allowlisted.

# Restart Claude Code for hooks to take effect

echo '{"tool_name": "Bash", "tool_input": {"command": "git checkout -- file.txt"}}' | \
  python3 .claude/hooks/git_safety_guard.py
# Should output: permissionDecision: deny

Full guide →

Problem: During long coding sessions, Claude Code compacts the conversation to stay within context limits. After compaction, Claude "forgets" project-specific conventions documented in AGENTS.md.

A bash hook that detects context compaction and injects a reminder for Claude to re-read AGENTS.md.

How it works: Claude Code's SessionStart hook fires with source: "compact" after compaction. The hook checks this field and outputs a reminder message that Claude sees immediately.

curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/install-post-compact-reminder.sh | bash
# Restart Claude Code after installation

#!/usr/bin/env bash
set -e
INPUT=$(cat)
SOURCE=$(echo "$INPUT" | jq -r '.source // empty')
if [[ "$SOURCE" == "compact" ]]; then
    cat <<'EOF'
<post-compact-reminder>
Context was just compacted. Please reread AGENTS.md to refresh your understanding of project conventions and agent coordination patterns.
</post-compact-reminder>
EOF
fi
exit 0

{
  "hooks": {
    "SessionStart": [
      {
        "matcher": "compact",
        "hooks": [
          { "type": "command", "command": "$HOME/.local/bin/claude-post-compact-reminder" }
        ]
      }
    ]
  }
}

Full guide →

When using Ghostty to SSH into remote servers, you might see garbage like [57414u when pressing numpad Enter. This happens because the remote system doesn't understand the Kitty keyboard protocol that Ghostty uses.

One-liner fix:

infocmp -x xterm-ghostty | ssh user@your-server 'mkdir -p ~/.terminfo && tic -x -o ~/.terminfo -'

ghostty_push_terminfo() {
  local host="$1"
  [[ -z "$host" ]] && { echo "Usage: ghostty_push_terminfo <host>" >&2; return 1; }
  infocmp -x xterm-ghostty | ssh "$host" 'mkdir -p ~/.terminfo && tic -x -o ~/.terminfo -'
}

Full guide →

When you have terminals open to multiple servers, color-coding each connection prevents accidentally running commands on the wrong machine.

┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│  PURPLE         │ │  AMBER          │ │  CRIMSON        │
│  dev-server     │ │  staging        │ │  production     │
└─────────────────┘ └─────────────────┘ └─────────────────┘

Two approaches:

my-server() {
  printf '\e]11;#1a0d1a\a\e]10;#e8d4f8\a\e]12;#bb9af7\a'  # purple theme
  ssh [email protected] "$@"
  printf '\e]111\a\e]110\a\e]112\a\e]104\a'               # reset on exit
}

Full guide →

Remote terminal sessions that survive Mac sleep, reboot, or power loss. Uses WezTerm's native multiplexing with wezterm-mux-server running on remote servers via systemd.

┌──────────────┐  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐
│ 󰍹  Local    │  │ 󰒋  Dev      │  │ 󰒋  Staging  │  │ 󰻠  Workstation│
│  [3 tabs]    │  │  [3 tabs]    │  │  [3 tabs]    │  │  [3 tabs]     │
│  (fresh)     │  │ (persistent) │  │ (persistent) │  │ (persistent)  │
└──────────────┘  └──────────────┘  └──────────────┘  └───────────────┘

Key features:

# Create systemd user service
mkdir -p ~/.config/systemd/user
cat > ~/.config/systemd/user/wezterm-mux-server.service << 'EOF'
[Unit]
Description=WezTerm Mux Server
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/wezterm-mux-server --daemonize=false
Restart=on-failure

[Install]
WantedBy=default.target
EOF

# Enable and start
systemctl --user daemon-reload
systemctl --user enable --now wezterm-mux-server
sudo loginctl enable-linger $USER

Full guide →

When running 20+ AI coding agents (Claude, Codex) simultaneously, the default wezterm-mux-server configuration can't keep up. Output buffers overflow, caches thrash, and connections time out, killing all your agent sessions.

This guide provides RAM-tiered performance profiles that trade memory for throughput:

Smart sizing: Uses linear interpolation based on actual RAM, not fixed tiers. A 200GB system gets proportionally scaled settings.

Bonus: Emergency rescue procedure to migrate agent sessions to tmux using reptyr when the mux server becomes unresponsive (saves ~50-70% of sessions).

./wezterm-mux-tune.sh              # Auto-detect RAM, interpolate
./wezterm-mux-tune.sh --dry-run    # Preview settings
./wezterm-mux-tune.sh --ram 200    # Specific RAM amount
./wezterm-mux-tune.sh --profile 256  # Fixed profile
./wezterm-mux-tune.sh --restore    # Restore backup

pkill -9 -f wezterm-mux
wezterm-mux-server --daemonize

Full guide → | Install script →

The horizontal thumbwheel on Logitech MX Master mice is designed for horizontal scrolling, which most developers rarely use. This guide repurposes it for tab switching across terminals, editors, and browsers.

Setup:

1. Install BetterMouse ($10 one-time)
2. Map thumbwheel to Ctrl+Shift+Arrow:

   Thumbwheel <<  →  Ctrl+Shift+Left
   Thumbwheel >>  →  Ctrl+Shift+Right
   

3. Add keybindings to each app (WezTerm, Ghostty, VS Code, etc.)

Companion script: bettermouse_config.py exports and imports BetterMouse settings as JSON for backup or sharing. Run with uv run bettermouse_config.py show to view your current config.

Full guide →

A vibrant cyberpunk-inspired color scheme for Ghostty featuring deep space black backgrounds with electric neon accents.

┌─────────────────────────────────────────────────────┐
│  Background: #0a0e14 (deep space black)             │
│  Foreground: #b3f4ff (electric cyan)                │
│  Cursor:     #ff00ff (hot magenta)                  │
│                                                     │
│  Palette highlights:                                │
│    Red:    #ff3366 → #ff6b9d (electric pink)        │
│    Green:  #39ffb4 → #6bffcd (neon teal)            │
│    Blue:   #00aaff → #66ccff (cyber blue)           │
│    Magenta:#ff00ff → #ff66ff (hot purple)           │
└─────────────────────────────────────────────────────┘

Quick install:

# Copy theme to Ghostty themes directory
mkdir -p ~/.config/ghostty/themes
cp doodlestein-punk-theme-for-ghostty ~/.config/ghostty/themes/

Usage: Add to your Ghostty config (~/.config/ghostty/config):

theme = doodlestein-punk-theme-for-ghostty

Theme file →

Problem: When SSH'd into a remote Linux machine running Zellij as the terminal multiplexer, the mouse scroll wheel sends arrow keys instead of scrolling the terminal buffer. If you use atuin for shell history, the up arrow opens a full-screen history TUI on every scroll.

This is a known Zellij limitation — Zellij receives proper mouse scroll events but converts them to arrow key presses. The workaround uses Hammerspoon on macOS to intercept scroll wheel events and convert them to Alt+Up/Alt+Down keystrokes, which Zellij handles as scroll commands.

Scroll wheel → Hammerspoon (macOS) → Alt+Up/Down → SSH → Zellij → ScrollUp/ScrollDown

Three components:

keybinds clear-defaults=true {
    locked {
        bind "Ctrl g" { SwitchToMode "Normal"; }
        bind "Alt Up" { ScrollUp; }
        bind "Alt Down" { ScrollDown; }
    }
    // ...
}

The guide also covers why WezTerm's native mouse_bindings don't reliably work for this, and how to tune scroll sensitivity with smooth scrolling mice.

Full guide →

If you have a remote Linux workstation with projects at /data/projects, you can make it automatically mount on your Mac at boot with graceful retry logic.

What you get:

~/dev-projects → /Volumes/dev-server/projects → 10.0.0.50:/data/projects

Components:

# Create mount script
sudo tee /usr/local/bin/mount-dev-nfs << 'EOF'
#!/bin/bash
REMOTE_HOST="10.0.0.50"
MOUNT_POINT="/Volumes/dev-server"
[ -d "$MOUNT_POINT" ] || mkdir -p "$MOUNT_POINT"
mount | grep -q "$MOUNT_POINT" && exit 0
ping -c 1 -W 1 "$REMOTE_HOST" &>/dev/null || exit 1
/sbin/mount_nfs -o resvport,rw,soft,intr,bg "$REMOTE_HOST:/data" "$MOUNT_POINT"
EOF
sudo chmod +x /usr/local/bin/mount-dev-nfs

# Create LaunchDaemon (see full guide for complete plist)
# Then: sudo launchctl load /Library/LaunchDaemons/com.local.mount-dev-nfs.plist

# Create symlink
ln -sf /Volumes/dev-server/projects ~/dev-projects

Full guide →

Connect your Mac directly to a Linux workstation with 10GbE for ~$90 total, achieving 800+ MB/s transfers.

Mac Mini M4                    Linux Workstation
┌─────────────┐                ┌─────────────────┐
│ Thunderbolt │◄──Cat6 $5────►│ Built-in 10GbE  │
│ 10GbE ~$85  │                │ (Aquantia)      │
└─────────────┘                └─────────────────┘
     Static IPs: 10.10.10.x | Speed: ~850 MB/s

What you need:

Many high-end workstations (Threadripper PRO, EPYC) have unused 10GbE ports. The IOCREST adapter uses the same Aquantia chip as Mac Studio's built-in 10GbE.

Also includes:

• SHA-256 verified file transfers with speed reporting
• Clipboard sync between Mac and Linux (Wayland/X11)
• Remote display wake-up commands
• AI coding agent aliases (Claude, Gemini, Codex)

Full guide →

After installing Claude Code via curl -fsSL https://claude.ai/install.sh | bash, you might still see the old version if a previous bun/npm installation is earlier in your PATH.

Symptoms:

• claude --version shows old version
• "Auto-update failed" errors
• claude doctor shows "Currently running: unknown"

Fix:

# Use explicit path in aliases
alias cc='~/.local/bin/claude --dangerously-skip-permissions'

# Update alias uses native updater
alias uca='~/.local/bin/claude update'

# Remove stale symlinks
rm ~/.bun/bin/claude 2>/dev/null

Full guide →

Claude Code stores MCP server configurations in ~/.claude.json. These can get wiped out by fresh installs, updates, or config corruption. Instead of running the full MCP Agent Mail installer, use this lightweight script that only restores the MCP config.

One command fix:

fix_cc_mcp

What it restores:

# Download and install the script
curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/FIX_CLAUDE_CODE_MCP_CONFIG.md | \
  sed -n '/^SCRIPT$/,/^SCRIPT$/p' | sed '1d;$d' > ~/.local/bin/fix_cc_mcp
chmod +x ~/.local/bin/fix_cc_mcp

# Edit to add your Morph API key
nano ~/.local/bin/fix_cc_mcp

Token discovery: The script automatically finds your bearer token from MCP_AGENT_MAIL_TOKEN env var, ~/mcp_agent_mail/.env, or existing ~/.claude.json.

Full guide →

Claude Code skills are directories containing a SKILL.md file, stored in .claude/skills/. Project-local skills only work in that project, but global skills in ~/.claude/skills/ are available everywhere. This script mirrors skills from a project to the global directory using rsync.

Usage:

mirror_cc_skills                     # Mirror from current project
mirror_cc_skills /path/to/project    # Mirror from specific project
mirror_cc_skills --dry-run           # Preview changes
mirror_cc_skills --sync              # Delete skills not in source (backs up first)

Behavior:

# Download and install
curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/mirror_cc_skills \
  -o ~/.local/bin/mirror_cc_skills
chmod +x ~/.local/bin/mirror_cc_skills

cp mirror_cc_skills ~/.local/bin/
chmod +x ~/.local/bin/mirror_cc_skills

Note: The script automatically installs gum on first run for prettier output (styled boxes and spinners). Works fine without it if installation fails.

Script source →

Beads uses git worktrees for sync operations. If your sync.branch is set to your current branch, you'll get:

fatal: 'main' is already checked out at '/path/to/repo'

Fix: Create a dedicated sync branch:

git branch beads-sync main
git push -u origin beads-sync
bd config set sync.branch beads-sync

Full guide →

Google's Gemini CLI (@google/gemini-cli) has two bugs that make it nearly unusable in practice:

1. EBADF crash on every launch (wide terminals): The CLI uses node-pty for shell execution. A useEffect in the shell tool component fires resizePty() after the PTY's file descriptor is already closed. The native C++ addon throws Error("ioctl(2) failed, EBADF"), but the catch blocks only check err.code === 'ESRCH' — the native addon sets no .code property (only .message), so the error falls through and crashes the entire CLI.

2. "Sorry there's high demand" gives up after 10 tries: The default retry config (DEFAULT_MAX_ATTEMPTS = 10, maxDelayMs = 30000) means Gemini gives up quickly during high-demand periods. Worse, TerminalQuotaError (which fires for daily limits and temporary overload) bypasses retry entirely and immediately surrenders.

One-liner fix:

curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/fix-gemini-cli-ebadf-crash.sh | bash

What it patches (4 patches across 3 files, all idempotent):

./fix-gemini-cli-ebadf-crash.sh --check     # check if patches are needed (no changes)
./fix-gemini-cli-ebadf-crash.sh --verify    # reproduce the EBADF bug + show retry config
./fix-gemini-cli-ebadf-crash.sh --revert    # undo all patches
./fix-gemini-cli-ebadf-crash.sh --uninstall # same as --revert

$ node -e "const pty = require('@lydell/node-pty-linux-x64/pty.node'); \
  try { pty.resize(-1, 80, 24); } catch(e) { \
    console.log('message:', e.message); \
    console.log('code:', e.code); \
    console.log('has code:', 'code' in e); }"

message: ioctl(2) failed, EBADF
code: undefined
has code: false

Note: Patches live in node_modules and will be overwritten by package updates. Re-run the script after bun update -g @google/gemini-cli.

Script source →

Vercel's automatic deployments on every push can burn through Pro plan credits quickly. Use the REST API to disable auto-deployments and take control of when builds happen.

Before:

git push → Vercel webhook → Build → Deploy → 💸 (every single push)

After:

git push → (nothing)
vercel --prod → Build → Deploy → 💸 (only when you're ready)

API command to disable auto-deploys:

curl -X PATCH "https://api.vercel.com/v9/projects/${PROJECT_ID}?teamId=${TEAM_ID}" \
  -H "Authorization: Bearer ${VERCEL_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{"gitProviderOptions": {"createDeployments": "disabled"}}'

Full guide →

Master the CLI for each cloud platform instead of clicking through web dashboards. This guide covers installation, authentication, and common commands for the tools you use daily.

# GitHub CLI
brew install gh
gh auth login

# Vercel
bun add -g vercel
vercel login

# Cloudflare Wrangler
bun add -g wrangler
wrangler login

# Supabase
bun add -g supabase
supabase login

The guide also includes AGENTS.md blurbs for each tool with placeholders for your project-specific values.

Full guide →

Setup for streaming from a Linux workstation (Hyprland/Wayland, dual RTX 4090) to a Mac client using Moonlight with AV1 encoding.

ml      # Start Moonlight streaming
trj     # SSH into remote server
wu      # Wake up remote display
cptl    # Copy clipboard to Linux
cpfm    # Copy clipboard from Mac

Common issues: Display sleep disconnects GPU from DRM, causing "GPU doesn't support AV1" errors. Fix: enable NVIDIA persistence mode (nvidia-smi -pm 1) and disable hypridle.

Full guide →

A highly available secrets manager using 3-node Raft consensus. If the leader fails, the cluster elects a new leader and keeps running.

┌──────────────────┐   ┌──────────────────┐   ┌──────────────────┐
│   NODE 1         │   │   NODE 2         │   │   NODE 3         │
│   (Leader)       │   │   (Follower)     │   │   (Follower)     │
│   10.0.1.10      │   │   10.0.1.11      │   │   10.0.1.12      │
└────────┬─────────┘   └────────┬─────────┘   └────────┬─────────┘
         └──────────────────────┼──────────────────────┘
                          Raft Consensus

Why Integrated Raft:

export VAULT_ADDR='http://127.0.0.1:8200'

# Initialize with Shamir's Secret Sharing
vault operator init -key-shares=5 -key-threshold=3

# Save the unseal keys and root token securely!
# You need 3 of 5 keys to unseal after restart.

# Unseal
vault operator unseal  # x3 with different keys

vault operator raft list-peers
# Node     Address              State       Voter
# node1    10.0.1.10:8201       leader      true
# node2    10.0.1.11:8201       follower    true
# node3    10.0.1.12:8201       follower    true

Full guide →

Problem: You want to accept sensitive security reports (vulnerabilities, credentials, PII) through public GitHub issues without exposing the content to anyone except you and your coding agents.

The solution uses age, a modern X25519 elliptic-curve encryption tool. Reporters encrypt to your public key; only your private key can decrypt. No shared secrets, no out-of-band key exchange, no GPG complexity.

Coding agents: Run gh-issue-decrypt with no arguments for an interactive guide that walks through the encrypt/submit/scan/decrypt workflow and detects your local keys automatically.

Reporter                                 Your Coding Agent
────────                                 ─────────────────
1. Gets your public key from README      4. Scans issues (gh api)
2. Encrypts with age -a -r PUBKEY        5. Detects armored age blocks
3. Pastes ciphertext in GitHub issue     6. Decrypts with age -d -i key

One-liner install (sets up age, gh CLI, and generates your keypair):

curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/gh-issue-decrypt?$(date +%s)" | bash -s -- --install

For reporters submitting an encrypted issue:

# Install age if needed, then encrypt and submit in one command:
echo "SSRF vulnerability in /api/proxy — allows internal network scanning via user-controlled URL parameter" \
  | gh-issue-decrypt --encrypt age1YOUR_PUBKEY_HERE --submit OWNER/REPO --title "Security: SSRF in proxy endpoint"

Or manually, encrypt and paste:

echo "your secret report" | age -a -r age1PUBKEY_HERE
# Paste the output into a GitHub issue wrapped in [enc:age]...[/enc:age] markers

# 1. Install age
brew install age          # macOS
sudo apt install age      # Ubuntu/Debian
# Or let the script handle it:
gh-issue-decrypt --install

# 2. Get the project's public key from their README
# It looks like: age1k5fz7d7zqsd4k60rn024a3gsd4tumjrkaqna0r20jz4gsu7mmvvql2k3jr

# 3. Encrypt your message (armored for pasting)
echo "The auth middleware at line 42 skips token expiry validation
when the iss claim is missing. An attacker can forge expired JWTs
by omitting the issuer field." \
  | age -a -r age1k5fz7d7zqsd4k60rn024a3gsd4tumjrkaqna0r20jz4gsu7mmvvql2k3jr

# 4. Paste the output into a GitHub issue:
#
#   [enc:age]
#   -----BEGIN AGE ENCRYPTED FILE-----
#   YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA...
#   -----END AGE ENCRYPTED FILE-----
#   [/enc:age]

# Scan all open issues in a repo
gh-issue-decrypt Dicklesworthstone/some_project

# Decrypt a specific issue
gh-issue-decrypt Dicklesworthstone/some_project 42

# Machine-readable output for automation
gh-issue-decrypt --json Dicklesworthstone/some_project

# Manual decryption of a single block
age -d -i ~/.config/age/issuebot.key <<'EOF'
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA...
-----END AGE ENCRYPTED FILE-----
EOF

gh-issue-decrypt
# Prints:
#   - How public-key encryption works in this context
#   - Step-by-step sender instructions
#   - Three submission methods (--submit, gh issue create, manual paste)
#   - Receiver scanning commands
#   - All available flags

Script source → | Full Claude Code session transcript → (the full Claude Code session that built this system: 19 human prompts, ~400 tool calls, from initial concept through fleet testing)

• Claude Code Documentation
• MCP Agent Mail - Multi-agent coordination server
• Morph MCP - AI-powered code search
• Beads Project
• Moonlight / Sunshine
• BetterMouse
• WezTerm / Ghostty
• HashiCorp Vault / Vault Tutorials
• Vercel REST API
• age encryption — Simple, modern X25519 encryption

Last updated: March 2026