Mike Swanson
162145b559
Add setup-git-auth.sh: idempotent, fail-silent script that primes the git credential store from the vault Gitea token, scoped per-repo by the actual origin host. Only seizes the helper from the prompting GCM `manager` (leaves Mac osxkeychain alone); fast-path no-op once set. Wire it into a backgrounded SessionStart hook and set GIT_TERMINAL_PROMPT=0 / GCM_INTERACTIVE=Never in settings.json env so no session on any machine can hang on a credential prompt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
3.2 KiB
name, description, metadata
| name | description | metadata | ||
|---|---|---|---|---|
| feedback_git_noninteractive_auth | Mike's objection to Git for Windows is interactive password/credential prompts, not the tool itself. Git must authenticate non-interactively — any solution that never prompts is fine. |
|
Mike (admin, owner) clarified: he doesn't dislike git itself or the PowerShell-vs-bash choice. He dislikes that Git for Windows constantly prompts for passwords and is impossible to automate (Git Credential Manager, credential.helper = manager, pops a prompt that silently hangs background pushes). His instruction: "use any solution that doesn't bother me all the time."
Why: An interactive credential prompt is invisible to a background agent — it hangs forever and the work never completes. Observed live 2026-06-06: a Gitea Agent background git push hung on a GCM prompt; git log origin/main..main still showed the commit unpushed. Killing the agent + pushing with a token fixed it.
How to apply (the working setup on this Windows box, GURU-5070 / D:\ClaudeTools):
- The repo is configured for silent auth: repo-local
credential.helper = store, primed with theazcomputerguruGitea API token in~/.git-credentials, scoped to the internal Gitea hosthttp://172.16.3.20:3000. Plaingit push origin main/git fetchthen works with no prompt. Global GCM (manager) left untouched for other repos. - ALWAYS export
GIT_TERMINAL_PROMPT=0before git calls so auth failures error fast instead of hanging on a hidden prompt. - Token source if it needs re-priming: vault
services/gitea.sops.yamlfieldapi-token, usernameazcomputerguru. One-shot push URL:http://azcomputerguru:<token>@172.16.3.20:3000/azcomputerguru/claudetools.git. - Run git from the PowerShell tool (native
git.exe). Under PowerShell 5.1, git's stderr progress (even "Everything up-to-date") surfaces as a redNativeCommandErroron success — trust$LASTEXITCODE, not the text. - The Gitea Agent definition (
.claude/agents/gitea.md) carries this same guidance so delegated pushes also stay non-interactive.
Fleet-wide automation (set for ALL sessions, every machine):
.claude/scripts/setup-git-auth.shprimes the credential store from the vault token for the claudetools + vault repos, deriving each repo's host from its actualorigin(this box:http://172.16.3.20:3000; Mac likelyhttps://git.azcomputerguru.com). Idempotent, fast-path no-op once configured, fail-silent. Only seizes the helper from GCMmanager/unset — leaves a Mac osxkeychain setup alone.- A backgrounded
SessionStarthook in.claude/settings.jsonruns it every session, so a fresh clone / reinstalled machine self-heals. .claude/settings.jsonenvsetsGIT_TERMINAL_PROMPT=0andGCM_INTERACTIVE=Never(committed → all sessions, all machines) so git can never hang on a prompt even before the store is primed.- Token field in vault:
services/gitea.sops.yaml->credentials.api.api-token.get-fieldneeds PyYAML (py -m pip install pyyaml); the script falls back toget+grep if PyYAML/yq is absent.
Related Windows gotchas (separate issues, still real): feedback_windows_bash_mapping, feedback_tmp_path_windows, feedback_jq_crlf_windows. Gitea API auth detail: reference_gitea_api_credential.