feat(git-auth): fleet-wide non-interactive git auth

Add setup-git-auth.sh: idempotent, fail-silent script that primes the git credential store from the vault Gitea token, scoped per-repo by the actual origin host. Only seizes the helper from the prompting GCM `manager` (leaves Mac osxkeychain alone); fast-path no-op once set. Wire it into a backgrounded SessionStart hook and set GIT_TERMINAL_PROMPT=0 / GCM_INTERACTIVE=Never in settings.json env so no session on any machine can hang on a credential prompt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 15:02:09 -07:00
parent 9ff5a9f04f
commit 162145b559
3 changed files with 117 additions and 0 deletions
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -2,6 +2,10 @@
  "permissions": {
    "defaultMode": "bypassPermissions"
  },
+  "env": {
+    "GIT_TERMINAL_PROMPT": "0",
+    "GCM_INTERACTIVE": "Never"
+  },
  "preferences": {
    "autoCompact": true,
    "verbose": false
@@ -37,6 +41,11 @@
            "type": "command",
            "command": "bash -c 'if [ -f \"${CLAUDE_PROJECT_DIR}/.claude/scripts/sync-memory.sh\" ]; then nohup bash \"${CLAUDE_PROJECT_DIR}/.claude/scripts/sync-memory.sh\" >/dev/null 2>&1 & fi; exit 0'",
            "timeout": 10
+          },
+          {
+            "type": "command",
+            "command": "bash -c 'if [ -f \"${CLAUDE_PROJECT_DIR}/.claude/scripts/setup-git-auth.sh\" ]; then nohup bash \"${CLAUDE_PROJECT_DIR}/.claude/scripts/setup-git-auth.sh\" >/dev/null 2>&1 & fi; exit 0'",
+            "timeout": 10
          }
        ]
      }