git: Add agent auth helpers#76
Conversation
lox
force-pushed
the
lox/agent-github-auth
branch
from
6b4d99a to
db2c311
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6b4d99ae34
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 507192d8af
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| config_scope=() | ||
| if git_dir=$(git rev-parse --git-dir 2>/dev/null) && | ||
| git_common_dir=$(git rev-parse --git-common-dir 2>/dev/null) && | ||
| [[ "$git_dir" != "$git_common_dir" ]]; then |
There was a problem hiding this comment.
When extensions.worktreeConfig is enabled on the main worktree, Git reads config.worktree after .git/config and updates it via git config --worktree (git-worktree docs); this condition only selects --worktree for linked worktrees. Because the earlier git config --get-all remote.$remote.url also sees worktree-scoped values, running git-github-auth from the main worktree can copy a main-only remote or pushurl into shared .git/config, changing the remotes seen by other worktrees instead of just the current one.
Useful? React with 👍 / 👎.
| local repo_path | ||
| local target_url | ||
|
|
||
| git config --unset-all "$key" 2>/dev/null || true |
There was a problem hiding this comment.
When remote.<name>.pushurl is inherited from global or included config, this unset only edits the repository-local file by default (git-config docs), so the inherited SSH pushurl remains alongside the newly added HTTPS one. Git pushes to all defined pushurls (git-push docs), so git-github-auth gh can still attempt the original SSH/1Password push destination even after reporting that the repo was switched.
Useful? React with 👍 / 👎.
| if git_dir=$(git rev-parse --git-dir 2>/dev/null) && | ||
| git_common_dir=$(git rev-parse --git-common-dir 2>/dev/null) && | ||
| [[ "$git_dir" != "$git_common_dir" ]] && | ||
| [[ "$(git config --bool --get extensions.worktreeConfig 2>/dev/null)" == "true" ]]; then |
There was a problem hiding this comment.
When extensions.worktreeConfig is enabled on the main worktree, Git reads config.worktree after .git/config (git-worktree docs), but this condition only selects --worktree for linked worktrees. If the main worktree already has a worktree-scoped user.name, user.email, signing key, or commit.gpgsign, git-assume <identity> writes the new identity to shared .git/config while the existing config.worktree value still wins, so commits in that checkout continue using the old identity.
Useful? React with 👍 / 👎.
1 participant
Agents currently inherit Git settings that can make commits or GitHub transport depend on interactive 1Password SSH approval. That blocks otherwise-ready work when a non-interactive shell cannot approve the signing or SSH-agent prompt.
This adds executable
git-assumeandgit-github-authhelpers so agent shells can select both identity and GitHub transport explicitly.git-assumenow works outside interactive zsh, disables signing for identities without a signing key, and writes worktree-local identity config when linked worktrees support it.git-github-auth ghrewrites the current GitHub repo or worktree to use HTTPS throughgh auth;git-github-auth sshopts the repo back into SSH and 1Password. The transport helper uses repo-scoped URL rewrites so it applies to fetch and push, including sharedpushurlvalues inherited by linked worktrees.The global
lox/*SSH rewrite is removed so HTTPS remotes stay on HTTPS unless a repo opts into SSH explicitly.