chore: move to oxlint from eslint

.agents/skills/update-package-hashes/SKILL.md

@@ -0,0 +1,70 @@
+---
+name: update-package-hashes
+description: Update a package in packages/ to a new version and refresh its hashes (src, vendorHash, npmDepsHash, cargoHash, etc.) WITHOUT compiling the package. Use when the user asks to bump, update, or upgrade a specific package under packages/. Requires package name and target version/rev.
+---
+
+# Update Package Hashes (Without Building)
+
+Require the user to supply the **package name** and **target version/rev/tag**. Ask if missing.
+
+## Hard Rules — Read First
+
+1. **Never run `nix build .#<pkg>`** or `.#packages.<system>.<pkg>`. That compiles the package. Only realise **FOD sub-attributes** (`.src`, `.goModules`, `.npmDeps`, `.cargoDeps`) — those are pure downloads, not builds.
+2. **Never** use `nix-prefetch-git`, `nix-prefetch-url`, `nix hash path`, `git clone` + manual hashing, `builtins.fetchGit`, or any other ad-hoc method to compute hashes. They produce hashes in formats that don't match what `fetchgit`/`fetchFromGitHub`/etc. expect, and you will waste time chasing mismatches.
+3. There are exactly **two** correct ways to get a hash, both listed below. If neither fits, stop and ask the user — don't improvise.
+
+## The Only Two Methods
+
+### Method A — `nurl` (preferred for `src` on any git forge)
+
+`nurl` works for **any git URL**, not just GitHub: `gitea.va.reichard.io`, `gitlab`, `codeberg`, `sourcehut`, plain `https://...git`, all fine. It downloads the source and prints a complete fetcher expression with the correct hash.
+
+```bash
+nix run nixpkgs#nurl -- <git-url> <rev-or-tag>
+```
+
+Examples:
+```bash
+nix run nixpkgs#nurl -- https://github.com/owner/repo v1.2.3
+nix run nixpkgs#nurl -- https://gitea.va.reichard.io/evan/slack-cli.git 0a9484257a2adc414aa4cdab4fb9539a37e04d1f
+```
+
+Copy the `hash = "sha256-..."` line into the package's `src` block.
+
+### Method B — FOD mismatch trick (for everything else)
+
+For `vendorHash`, `npmDepsHash`, `cargoHash`, `cargoLock.outputHashes.<crate>`, or any `src` using a custom fetcher (`leaveDotGit`, `postFetch`, `fetchSubmodules`, etc. — applies to `llama-cpp` and `llama-swap`), realise the **specific FOD sub-attribute** and read the `got:` line from the error.
+
+```bash
+nix build .#<name>.src --no-link 2>&1 | tee /tmp/hash.log         # for src
+nix build .#<name>.goModules --no-link 2>&1 | tee /tmp/hash.log   # for vendorHash
+nix build .#<name>.npmDeps --no-link 2>&1 | tee /tmp/hash.log     # for npmDepsHash
+nix build .#<name>.cargoDeps --no-link 2>&1 | tee /tmp/hash.log   # for cargoHash
+grep -E '^[[:space:]]*got:' /tmp/hash.log | tail -1 | awk '{print $2}'
+```
+
+Setting the hash to `sha256-AAAA...` (44 A's) or leaving the old one in place both work — the build will fail at the FOD with `got: sha256-...` which is the correct value.
+
+**Note:** `.src`, `.goModules`, etc. are sub-attributes of the derivation. They download but do not compile. `nix build .#<name>` (without the `.src` suffix) compiles — never do that.
+
+## Flow
+
+1. Edit `packages/<name>/default.nix` — bump `version` / `rev` / `tag`. Check for sibling `.nix` files (e.g. `ui.nix`) that may also need bumping.
+2. Get the new `src` hash with **Method A** (`nurl`). If the package uses a custom fetcher, use **Method B** on `.src` instead.
+3. For each dependency hash (`vendorHash` / `npmDepsHash` / `cargoHash` / etc.), use **Method B** on the matching sub-attribute.
+4. **Opaque `outputHash` FODs** (e.g. opencode's `node_modules` which runs `bun install`) — do NOT attempt locally. Leave as-is and flag for CI in the summary.
+5. Show `git diff -- packages/<name>/` and list any hashes left for CI.
+
+## Resolving Tags Without Cloning
+
+```bash
+git ls-remote <url> refs/tags/<tag>
+```
+
+## Don't Touch What Didn't Change
+
+Skip pinned sub-dependencies whose inputs didn't change — e.g. `slack-cli`'s `python-snappy` / `zstd-python` PyPI tarballs are pinned by the upstream `dfindexeddb`, not by the slack-cli rev.
+
+## Optional Shortcut
+
+`nix-update --flake <name> --version <v>` sometimes handles everything for simple packages. Try it first; fall back to the methods above if it fails.

.pi/skills/update-package-hashes/SKILL.md

@@ -1,51 +0,0 @@
----
-name: update-package-hashes
-description: Update a package in packages/ to a new version and refresh its hashes (src, vendorHash, npmDepsHash, cargoHash, etc.) WITHOUT compiling the package. Use when the user asks to bump, update, or upgrade a specific package under packages/. Requires package name and target version/rev.
----
-
-# Update Package Hashes (Without Building)
-
-Require the user to supply the **package name** and **target version/rev/tag**. Ask if missing.
-
-## Hard Rule
-
-**Never run `nix build .#<pkg>`** — it compiles. Only realise FOD sub-attributes (`.src`, `.goModules`, `.npmDeps`, `.cargoDeps`) which are pure downloads.
-
-## Flow
-
-1. Edit `packages/<name>/default.nix` — bump `version` / `rev` / `tag`. Check for sibling `.nix` files (e.g. `ui.nix`).
-
-2. **`src` hash** — use `nurl` (downloads source only, prints the fetcher expression):
-
-   ```bash
-   nix run nixpkgs#nurl -- https://github.com/<owner>/<repo> <tag-or-rev>
-   ```
-
-   Paste the new `hash = "sha256-..."` into the `src` block.
-
-3. **Dependency hashes** (`vendorHash`, `npmDepsHash`, `cargoHash`, `cargoLock.outputHashes.<crate>`) — after the version bump the old hash is already wrong, so just trigger the mismatch:
-
-   ```bash
-   nix build .#<name>.goModules --no-link 2>&1 | tee /tmp/hash.log   # or .npmDeps / .cargoDeps
-   grep -E '^[[:space:]]*got:' /tmp/hash.log | tail -1 | awk '{print $2}'
-   ```
-
-   Paste into the matching attribute.
-
-4. **Custom fetchers** (`leaveDotGit`, `postFetch`, `fetchSubmodules`) — `nurl` will be wrong. Use the same mismatch trick on `.src`:
-
-   ```bash
-   nix build .#<name>.src --no-link 2>&1 | tee /tmp/hash.log
-   ```
-
-   Applies to `llama-cpp` and `llama-swap`.
-
-5. **Opaque `outputHash` FODs** (e.g. opencode `node_modules` runs `bun install`) — do NOT attempt locally. Leave as-is and flag for CI in the summary.
-
-6. Show `git diff -- packages/<name>/` and list any hashes left for CI.
-
-## Notes
-
-- Don't touch hashes whose inputs didn't change (e.g. `slack-cli`'s pinned `python-snappy`/`zstd-python`).
-- Resolve a tag → rev without cloning: `git ls-remote <url> refs/tags/<tag>`.
-- `nix-update --flake <name> --version <v>` can sometimes do all of this; try it first for simple packages.

modules/home/programs/terminal/git/config/.gitignore

@@ -1,3 +1,4 @@
 _scratch
 .direnv
 .envrc
+.agents

modules/home/programs/terminal/nvim/config/lua/lsp-config.lua

@@ -138,10 +138,23 @@ setup_lsp("ts_ls", {
 	filetypes = { "typescript", "typescriptreact", "javascript" },
 })
 
--- ESLint LSP
+-- Oxlint - Prefer a project-local oxlint from node_modules so the LSP
-setup_lsp("eslint", {
+-- version matches the project's pinned dependency; fall back to PATH.
+setup_lsp("oxlint", {
 	on_attach = on_attach_no_formatting,
-	cmd = { nix_vars.vscls .. "/bin/vscode-eslint-language-server", "--stdio" },
+	root_markers = { ".oxlintrc.json", "oxlint.config.json", "package.json", ".git" },
+	cmd = function(dispatchers, config)
+		local bin = "oxlint"
+		if config.root_dir then
+			local local_bin = config.root_dir .. "/node_modules/.bin/oxlint"
+			if vim.fn.executable(local_bin) == 1 then
+				bin = local_bin
+			end
+		end
+		return vim.lsp.rpc.start({ bin, "--lsp" }, dispatchers, {
+			cwd = config.root_dir,
+		})
+	end,
 })
 
 -- C LSP Configuration
@@ -208,6 +221,7 @@ setup_lsp("gopls", {
 		})
 	end,
 	filetypes = { "go" },
+	cmd = { "gopls", "-remote=auto" },
 	settings = {
 		gopls = {
 			buildFlags = { "-tags=e2e" },

modules/home/programs/terminal/pi/config/skills/git-commit/SKILL.md

@@ -9,12 +9,19 @@ description: 'Execute git commit with conventional commit message analysis, inte
 
 Create standardized, semantic git commits using the Conventional Commits specification. Analyze the actual diff to determine appropriate type, scope, and message.
 
-## Automatic Execution
+## Automatic Execution — CRITICAL
 
-**When invoked, execute the commit immediately without asking for confirmation.** Simply analyze the diff and create the commit. Do not ask "what would you like to do" or wait for further input. Only ask clarifying questions if:
+**When this skill is invoked, EXECUTE THE COMMIT IMMEDIATELY. Do NOT ask for confirmation. Do NOT say "I'm ready" or "let me know when you want to proceed." Do NOT wait for further input. Do NOT acknowledge and then wait.**
-- Nothing is staged or modified
+
-- Changes span multiple unrelated logical groups that should be committed separately
+The skill is invoked when the user says "commit", "do it", "/commit", "make a commit", "create a commit", or any similar phrase. The moment you recognize this intent, analyze the diff and run `git commit`. That's it.
-- Secrets appear to be about to be committed
+
+**Zero prompts. Zero confirmation requests. Zero hand-holding.**
+
+Only skip the commit if:
+- Nothing is staged or modified (say "Nothing to commit" and stop)
+- Secrets appear to be about to be committed (refuse and stop)
+
+For everything else — just commit.
 
 ## Conventional Commit Format
 

modules/nixos/services/llama-swap/config.nix

@@ -124,6 +124,32 @@ in
       };
     };
 
+    # https://huggingface.co/unsloth/Qwen3.6-35B-A3B-GGUF/tree/main
+    "qwen3.6-35b-thinking" = {
+      name = "Qwen3.6 (35B) - Thinking";
+      macros.ctx = "262144";
+      cmd = ''
+        ${llama-cpp}/bin/llama-server \
+          --port ''${PORT} \
+          -m /mnt/ssd/Models/Qwen3.6/Qwen3.6-35B-A3B-UD-IQ4_XS.gguf \
+          -c ''${ctx} \
+          --temp 0.6 \
+          --top-p 0.95 \
+          --top-k 20 \
+          --min-p 0.0 \
+          --presence-penalty 0.0 \
+          --repeat-penalty 1.0 \
+          -dev CUDA0 \
+          -fit off
+      '';
+      metadata = {
+        type = [
+          "text-generation"
+          "coding"
+        ];
+      };
+    };
+
     # https://huggingface.co/bartowski/Qwen_Qwen3.5-27B-GGUF/tree/main
     "qwen3.5-27b-thinking" = {
       name = "Qwen3.5 (27B) - Thinking";

packages/slack-cli/default.nix

@@ -69,8 +69,8 @@ pythonPackages.buildPythonApplication {
 
   src = fetchgit {
     url = "https://gitea.va.reichard.io/evan/slack-cli.git";
-    rev = "f49c944efe96ee9379f519e93100b4601b6b1afa";
+    rev = "0a9484257a2adc414aa4cdab4fb9539a37e04d1f";
-    hash = "sha256-XIifH3PlS9ZPlqZ+h2jGnvEOMciuPmR57CppMVSVL6M=";
+    hash = "sha256-FbzE1yRdVIhmhqrxtT3C/Pomqv8iAjI9ydQGBZr+UgY=";
   };
 
   build-system = [ pythonPackages.setuptools ];