conf.d/sponge_privacy.fish registers patterns and filters that prevent
credentials from reaching fish history:
Layer 1 (static regex, universal): auth flags, env assignments,
credential-bearing URLs, Authorization headers, sshpass, docker
login, openssl -passin/-passout
Layer 2 (dynamic values, session globals): on the first prompt, after
secrets.fish has loaded, reads the literal values of all exported
credential-named vars (TOKEN, PASSWORD, SECRET, etc.), escapes them
for regex, and merges them with the static patterns as a session
global — auto-refreshes on login so rotated tokens are never stale
Layer 3 (per-command filter, sponge_filter_secrets): catches
credentials in variables exported mid-session (e.g. project .env)
Also exempts functions/sponge_filter_secrets.fish from the sponge_*
gitignore glob so our custom filter is committed alongside the config.
meaningful-ooo/sponge is now the one true Fisher-managed plugin,
giving the bootstrap a concrete purpose. Its files (and functions/fisher.fish,
completions/fisher.fish) are gitignored so Fisher owns them exclusively —
no committed/managed conflict possible.
Updates docs, index, requirements, and README to distinguish
Fisher-managed plugins from bundled customized ones.
Only jorgebucaran/fisher itself is in fish_plugins. The functionality
from catppuccin/fish, fzf.fish, done, autopair, and puffer-fish is
bundled directly with this config in modified form and must not be
installed or updated via fisher.
Removes sponge (not present), corrects file path mappings for bundled
components, fixes stale "Plugin sync failed" message in first_run.fish,
and expands fish-config.index with missing sections 9–11.