Update skill

Seto Elkahfi committed Jun 17, 2026 at 16:52 UTC 729d5cd7b25fc52945c05568ddfa573524be6f86
1 file changed +38
.agents/skills/sigit-app/SKILL.md
+38
index 060588b..c9b16a7 100644 --- a/.agents/skills/sigit-app/SKILL.md +++ b/.agents/skills/sigit-app/SKILL.md @@ -78,6 +78,40 @@ If switching to the API path, change the command bodies to call `sigit.si/api/v1/*` and keep the **same** `AccountStatus` / `ErrorResponse` shapes so the frontend and token storage are unaffected. +## Git operations (repos) + +Git uses **Smart HTTP with token auth — no SSH.** Live commands in +`src-tauri/src/repos/` (registered in `lib.rs`): + +- `clone_repo` · `publish_repo` · `push_repo` / `pull_repo` · `list_repos` + +Two-token flow — **never use the account access token as a git credential**: + +1. login → **account access token** persisted via `crate::store::store_token` +2. `repos::api::fetch_git_token(env, access_token)` POSTs `sigit.si` → + `git_credentials` (bearer = access token) → returns a **short-lived scoped + `git_token`** +3. git2 credential callback authenticates over HTTPS via HTTP Basic: + `Cred::userpass_plaintext("x-access-token", git_token)` — username is the + literal string `x-access-token`, password is the scoped git token +4. `repos::api::create_remote_repo` POSTs `repos` (bearer = access token) to + create the bare repo before first publish + +This is in-process libgit2 (`git2` / `gix`, vendored) over HTTPS — no subprocess, +no key files — so it works inside the **sandboxed App Store build** and the +container-stored-repo model. + +### Legacy SSH path (deprecated — do not extend) + +`src/_git/{clone_project,desktop_deploy}.rs`, +`src/project/command_clone_frontend_app.rs`, and +`src/ssh/command_generate_ssh_key.rs` still use `Cred::ssh_key` and remain +registered (`clone_project`, `clone_frontend_app`, `ssh_clone`, +`generate_ssh_key`), but SSH-based git is **no longer the model** — new work uses +the Smart HTTP path above. `desktop_deploy.rs` also hardcodes +`/Users/setoelkahfi/.ssh/...`, which is dead in any non-author or sandboxed +build. Candidates for removal, not extension. + ## Validation - `cargo check` in `src-tauri` @@ -93,3 +127,7 @@ shapes so the frontend and token storage are unaffected. - Treating the Anthropic API key field as an auth credential — it is local-only - Shipping smbCloud `app_secret` in the binary and assuming it is confidential - Diverging account features from the sigit-si web account page +- Reaching for SSH credentials / `generate_ssh_key` for git auth — the live path + is Smart HTTP over HTTPS (`repos::*`), not `Cred::ssh_key` +- Using the account access token directly as the git credential — always + exchange it for a short-lived scoped `git_token` via `fetch_git_token` first