Skip to content

feat: Portable per-key git identity and signing#20

Open
ai-cora wants to merge 5 commits intomasterfrom
feat/KC-16-integrate-git-commit-signing-with-zone-based
Open

feat: Portable per-key git identity and signing#20
ai-cora wants to merge 5 commits intomasterfrom
feat/KC-16-integrate-git-commit-signing-with-zone-based

Conversation

@ai-cora
Copy link
Copy Markdown
Collaborator

@ai-cora ai-cora commented Dec 5, 2025

Summary

Add portable git identity and commit signing support to keycutter, enabling version-controlled git configs that work across machines with FIDO2/hardware-backed SSH keys.

New Commands

  • keycutter key link [--dry-run] - Create portable symlinks for machine-specific keys
  • keycutter git-identity create <keytag> - Create identity config (name, email, signing key)
  • keycutter git-identity list - List all identity configs
  • keycutter git-config setup - Generate master config with includeIf rules
  • keycutter setup - Bootstrap keycutter on a new machine

Key Features

  • Portable symlinks: Creates generic symlinks (e.g., github.com_alexgithub.com_alex@laptop) so config can reference portable paths
  • Automatic setup: When creating GitHub keys, offers to configure git signing automatically
  • GitHub integration: Fetches name/email from GitHub API when setting up identity
  • includeIf support: Uses gitdir patterns to apply identity based on repo location

Workflow

  1. Create key: keycutter create github.com_alex (symlinks auto-created)
  2. Accept signing setup prompt (or run git-identity create later)
  3. Clone repos to ~/Code/github.com/alex/ and commits are signed automatically

Portability

The ~/.ssh/keycutter/ directory can be version controlled:

  • Config files reference portable paths
  • Each machine creates its own symlinks to machine-specific keys
  • keycutter setup bootstraps on new machines

Test Plan

  • Test keycutter key link creates symlinks for existing keys
  • Test keycutter git-identity create generates correct config
  • Test keycutter git-config setup wires up includeIf rules
  • Test signing workflow in a matching gitdir path
  • Add BATS tests for new commands (follow-up)

TODO

  • Add BATS tests for new functionality
  • Add documentation for git signing workflow

🤖 Generated with Claude Code

ai-cora and others added 3 commits December 5, 2025 23:12
@ai-cora @claude
feat: Add portable key symlinks for cross-machine git signing
cbed33f 
Add 'keycutter key link' command to create generic symlinks from
machine-specific keys (e.g., github.com_alex@laptop -> github.com_alex).
This enables portable git configs that reference the generic path while
actual keys remain machine-specific.

Changes:
- Add ssh-keys-create-symlinks() function in lib/ssh
- Add 'key link' subcommand with --dry-run option
- Integrate symlink creation into 'keycutter create'

The symlinks are created:
- Automatically when running 'keycutter create'
- Manually via 'keycutter key link' for existing keys
- Idempotently (safe to run multiple times)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@ai-cora @claude
feat: Add git identity management and setup command
1e3262e 
Add commands for portable per-key git identity configuration:

- `git-identity create <keytag>` - Create identity config with name, email, signing key
- `git-identity list` - List all identity configs
- `git-config setup` - Generate master config with includeIf rules
- `setup` - Bootstrap keycutter on a new machine (requirements, symlinks, git config)

The identity configs reference portable key paths (symlinks created in Phase 1),
enabling version-controlled git configs that work across machines.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@ai-cora @claude
feat: Auto-configure git signing when creating GitHub keys
2232475 
When creating a GitHub key and uploading it with signing permissions,
keycutter now offers to set up git commit signing automatically:

- Detects name/email from GitHub API if logged in
- Creates the identity config with signing key
- Updates the master git config with includeIf for ~/Code/github.com/username/
- Adds the include to ~/.gitconfig if needed

This provides a seamless one-step setup for new GitHub keys.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@ai-cora ai-cora requested a review from mbailey as a code owner December 5, 2025 12:40
ai-cora and others added 2 commits December 5, 2025 23:52
@ai-cora @claude
docs: Add git commit signing documentation and tests
401748f 
- Add comprehensive git-signing.md documenting the portable identity workflow
- Add 14 BATS tests for key link, git-identity, git-config, and setup commands
- Update README.md to feature git commit signing
- Update guide.md with git signing section

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@ai-cora @claude
fix: Clear GIT_CONFIG_* env vars in test setup
515983f 
Tests were failing because the parent environment (Claude Code)
sets GIT_CONFIG_COUNT and GIT_CONFIG_KEY_0/VALUE_0 to disable
commit signing. These environment variables override all git
config sources, including local .git/config.

This fix clears these variables in setup_test_environment() to
ensure tests have a clean git config environment.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbailey mbailey Awaiting requested review from mbailey mbailey is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ai-cora