me seeds a macOS machine with the dependencies, dotfiles, identity material, and Codex plugin
assets that approximate how pirog does development. It is primarily consumed through the hosted
boot.sh wrapper and also ships the piroplugin Codex plugin bundle.
Supports macOS 26 or newer.
At a high level, me:
- delegates core macOS setup and 1Password-backed SSH-key installation to Bootbox
- installs applications, runtimes, and command-line tools from
Brewfile - applies the personal configuration packages under
dotfiles/to$HOME - clones or updates the editable
@pirog/mecheckout used as the machine-profile source - optionally clones or safely updates explicitly selected repositories from
@tanaabased - installs
piroplugin, Pirobased skills, shared Codex defaults, and local plugin links
For the complete installed-component inventory, see ADVANCED.md#what-gets-installed.
Provide a 1Password service account token and run the hosted bootstrap:
/bin/bash -c "$(curl -fsSL https://boot.pirog.me/boot.sh)" piroboot \
--op-token "$OP_TOKEN"The default run installs the configured SSH keys and applies the me Brewfile and dotfiles to
$HOME. It does not clone Tanaab repositories unless they are selected explicitly.
Run the hosted help directly for the complete option and environment-variable contract:
/bin/bash -c "$(curl -fsSL https://boot.pirog.me/boot.sh)" piroboot --helpFor repeated use, install the hosted script as a local command in a directory you manage on PATH:
mkdir -p "$HOME/.local/bin"
curl -fsSL https://boot.pirog.me/boot.sh -o "$HOME/.local/bin/piroboot"
chmod +x "$HOME/.local/bin/piroboot"
piroboot --helpRun it with flags when you want to keep the selected behavior explicit:
piroboot \
--op-token "$OP_TOKEN" \
--ssh-key "vmruk4ny353aly6tbom7z3v2hy/id_pirog" \
--tanaab canon \
--tanaab agentboxCommon inputs:
| Option | Environment variable | Description |
|---|---|---|
--op-token |
PIROME_OP_TOKEN |
1Password service account token used for private SSH-key access. |
--ssh-key |
PIROME_SSH_KEY |
Repeatable vault/item[:filename] SSH-key specification. |
--tanaab |
PIROME_TANAAB |
Repeatable repository name from the @tanaabased organization. |
--yes |
NONINTERACTIVE |
Accept the plan and run without prompts. |
--force |
PIROME_FORCE |
Allow supported existing targets to be replaced. |
--debug |
PIROME_DEBUG |
Show debug output with secrets masked. |
Each Tanaab repository name maps to git@github.com:tanaabased/<repo>.git and
~/tanaab/<repo>. Existing checkouts are updated only when a clean fast-forward is safe. On every
run, verified Tanaab checkouts that declare .codex-plugin/plugin.json receive local plugin source
links; installation and enablement remain explicit Codex actions.
When the installed Agentbox health script and LaunchDaemon are present, piroboot treats the
machine as an Agentbox host. The final me Brewfile apply automatically skips the tailscale-app
and 1password desktop casks while preserving any existing Homebrew Bundle cask skips. The beta
1password-cli@beta cask remains installed for service-account-backed SSH-key retrieval, and
Agentbox's formula-backed tailscaled runtime provides Tailscale.
This automatic behavior assumes Agentbox is installed before me; a checkout alone does not mark a
machine as an Agentbox host.
Use ADVANCED.md for the full option and environment-variable reference, installed components, checkout behavior, and Codex configuration and plugin sync.
Complete these app-backed steps after bootstrap.
These desktop-app steps are not required on a detected Agentbox host.
- Open 1Password, sign in, and unlock it.
- Enable Developer > Integrate with 1Password CLI.
- Enable Developer > Show 1Password Developer experience.
- Use the Brewfile-provided beta 1Password CLI; 1Password Environments require beta CLI support.
- Confirm
opcan access the signed-in account with a read-only check such asop vault list.
Detected Agentbox hosts use Agentbox's managed tailscaled runtime instead of Tailscale.app.
- Open Tailscale.
- Sign in and connect this machine to the
tanaab.devtailnet. - Confirm
tailscale status --jsonreports the local node as running and online.
- Open the Brewfile-provided Codex desktop app and sign in.
- Install
piropluginfromPirostore. If Canon was selected, installtanaabas well. - Connect the GitHub app connector as
pirog. - Connect the monday.com app connector as
Michael Pirogfor thismeenvironment.
After completing the checklist, ask Codex to run $piro-me-readiness. Readiness may trigger macOS,
Codex, or 1Password permission prompts while it verifies local desktop-app access; approve those
prompts only when you intentionally requested the check.
This repository uses Bun for local tooling:
git clone git@github.com:pirog/me.git
cd me
bun install
bun run test
bun run lintSee ADVANCED.md#codex-configuration-and-plugin-sync
for the separate ai:sync and codex:* workflows.
bun run build and Leia scenarios are CI-owned by default because they generate dist/ or mutate
macOS runner state.
Use the GitHub issue queue for bugs, regressions, or feature requests.
See CHANGELOG.md for release history and
GitHub releases for published artifacts.
Made with contrib.rocks.