Update skill
Seto Elkahfi committed
Jun 17, 2026 at 16:52 UTC
729d5cd7b25fc52945c05568ddfa573524be6f86
1 file changed
+38
.agents/skills/sigit-app/SKILL.md
+38
index 060588b..c9b16a7 100644
--- a/.agents/skills/sigit-app/SKILL.md
+++ b/.agents/skills/sigit-app/SKILL.md
@@ -78,6 +78,40 @@ If switching to the API path, change the command bodies to call
`sigit.si/api/v1/*` and keep the **same** `AccountStatus` / `ErrorResponse`
shapes so the frontend and token storage are unaffected.
+## Git operations (repos)
+
+Git uses **Smart HTTP with token auth — no SSH.** Live commands in
+`src-tauri/src/repos/` (registered in `lib.rs`):
+
+- `clone_repo` · `publish_repo` · `push_repo` / `pull_repo` · `list_repos`
+
+Two-token flow — **never use the account access token as a git credential**:
+
+1. login → **account access token** persisted via `crate::store::store_token`
+2. `repos::api::fetch_git_token(env, access_token)` POSTs `sigit.si` →
+ `git_credentials` (bearer = access token) → returns a **short-lived scoped
+ `git_token`**
+3. git2 credential callback authenticates over HTTPS via HTTP Basic:
+ `Cred::userpass_plaintext("x-access-token", git_token)` — username is the
+ literal string `x-access-token`, password is the scoped git token
+4. `repos::api::create_remote_repo` POSTs `repos` (bearer = access token) to
+ create the bare repo before first publish
+
+This is in-process libgit2 (`git2` / `gix`, vendored) over HTTPS — no subprocess,
+no key files — so it works inside the **sandboxed App Store build** and the
+container-stored-repo model.
+
+### Legacy SSH path (deprecated — do not extend)
+
+`src/_git/{clone_project,desktop_deploy}.rs`,
+`src/project/command_clone_frontend_app.rs`, and
+`src/ssh/command_generate_ssh_key.rs` still use `Cred::ssh_key` and remain
+registered (`clone_project`, `clone_frontend_app`, `ssh_clone`,
+`generate_ssh_key`), but SSH-based git is **no longer the model** — new work uses
+the Smart HTTP path above. `desktop_deploy.rs` also hardcodes
+`/Users/setoelkahfi/.ssh/...`, which is dead in any non-author or sandboxed
+build. Candidates for removal, not extension.
+
## Validation
- `cargo check` in `src-tauri`
@@ -93,3 +127,7 @@ shapes so the frontend and token storage are unaffected.
- Treating the Anthropic API key field as an auth credential — it is local-only
- Shipping smbCloud `app_secret` in the binary and assuming it is confidential
- Diverging account features from the sigit-si web account page
+- Reaching for SSH credentials / `generate_ssh_key` for git auth — the live path
+ is Smart HTTP over HTTPS (`repos::*`), not `Cred::ssh_key`
+- Using the account access token directly as the git credential — always
+ exchange it for a short-lived scoped `git_token` via `fetch_git_token` first