azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(git-auth): fleet-wide non-interactive git auth

Browse Source 
Add setup-git-auth.sh: idempotent, fail-silent script that primes the
git credential store from the vault Gitea token, scoped per-repo by the
actual origin host. Only seizes the helper from the prompting GCM
`manager` (leaves Mac osxkeychain alone); fast-path no-op once set.

Wire it into a backgrounded SessionStart hook and set
GIT_TERMINAL_PROMPT=0 / GCM_INTERACTIVE=Never in settings.json env so
no session on any machine can hang on a credential prompt.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-06-06 15:02:09 -07:00
parent 9ff5a9f04f
commit 162145b559
3 changed files with 117 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.claude/memory/feedback_git_noninteractive_auth.md
View File

@@ -16,4 +16,10 @@ Mike (admin, owner) clarified: he doesn't dislike git itself or the PowerShell-v
- Run git from the PowerShell tool (native `git.exe`). Under PowerShell 5.1, git's stderr progress (even "Everything up-to-date") surfaces as a red `NativeCommandError` on success — trust `$LASTEXITCODE`, not the text.
- The Gitea Agent definition (`.claude/agents/gitea.md`) carries this same guidance so delegated pushes also stay non-interactive.
**Fleet-wide automation (set for ALL sessions, every machine):**
- `.claude/scripts/setup-git-auth.sh` primes the credential store from the vault token for the claudetools + vault repos, deriving each repo's host from its actual `origin` (this box: `http://172.16.3.20:3000`; Mac likely `https://git.azcomputerguru.com`). Idempotent, fast-path no-op once configured, fail-silent. Only seizes the helper from GCM `manager`/unset — leaves a Mac osxkeychain setup alone.
- A backgrounded `SessionStart` hook in `.claude/settings.json` runs it every session, so a fresh clone / reinstalled machine self-heals.
- `.claude/settings.json` `env` sets `GIT_TERMINAL_PROMPT=0` and `GCM_INTERACTIVE=Never` (committed → all sessions, all machines) so git can never hang on a prompt even before the store is primed.
- Token field in vault: `services/gitea.sops.yaml` -> `credentials.api.api-token`. `get-field` needs PyYAML (`py -m pip install pyyaml`); the script falls back to `get`+grep if PyYAML/yq is absent.
Related Windows gotchas (separate issues, still real): [[feedback_windows_bash_mapping]], [[feedback_tmp_path_windows]], [[feedback_jq_crlf_windows]]. Gitea API auth detail: [[reference_gitea_api_credential]].