claude-skills
/
fea
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity
fea/references/auth.md

70 lines
1.7 KiB
Markdown
Raw Permalink Blame History

# Authentication
Agents need Gitea credentials to work autonomously via both MCP tools and the `tea` CLI fallback.
## Credential Source
Credentials are stored in a **project-level** `.claude/.env` file (never in global env, to avoid overriding user's personal credentials).
### Required variables
```
GITEA_HOST=https://git.marlerino-apps.io
GITEA_ACCESS_TOKEN=<api-token>
GITEA_USER=<username>
GITEA_PASS=<password>
```
- `GITEA_ACCESS_TOKEN` — primary auth method (API token, used by MCP and `tea`)
- `GITEA_USER` / `GITEA_PASS` — fallback for basic auth when token is unavailable
### Bootstrap
If `.claude/.env` does not exist, create it with empty values as a template:
```bash
mkdir -p .claude
cat > .claude/.env << 'EOF'
GITEA_HOST=
GITEA_ACCESS_TOKEN=
GITEA_USER=
GITEA_PASS=
EOF
```
Then tell the user: "Created `.claude/.env` — please fill in your Gitea credentials and re-run."
Stop execution — do not proceed without credentials.
Also ensure `.claude/.env` is in `.gitignore`:
```bash
grep -qxF '.claude/.env' .gitignore 2>/dev/null || echo '.claude/.env' >> .gitignore
```
### Loading credentials
Before any Gitea operation, load credentials:
```bash
set -a; source .claude/.env; set +a
```
After loading, verify values are non-empty. If any required variable is empty, tell the user to fill in `.claude/.env` and stop.
### tea CLI login
If `tea` is not yet logged in for this project, authenticate using loaded credentials:
```bash
tea login add \
--name project \
--url "$GITEA_HOST" \
--token "$GITEA_ACCESS_TOKEN" \
--user "$GITEA_USER"
```
## Security
- `.claude/.env` MUST be in `.gitignore` — never commit credentials
- Agents bootstrap `.claude/.env` automatically if missing, but never fill in credential values themselves
Reference in New Issue View Git Blame Copy Permalink