diff options
Diffstat (limited to 'internal/executor/claude.go')
| -rw-r--r-- | internal/executor/claude.go | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/internal/executor/claude.go b/internal/executor/claude.go index e3f8e1c..fa68382 100644 --- a/internal/executor/claude.go +++ b/internal/executor/claude.go @@ -117,7 +117,7 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi e.SandboxDir = "" if projectDir != "" { var err error - sandboxDir, err := setupSandbox(t.Agent.ProjectDir, r.Logger) + sandboxDir, err = setupSandbox(t.Agent.ProjectDir, r.Logger) if err != nil { return fmt.Errorf("setting up sandbox: %w", err) } @@ -129,7 +129,7 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi } } else if projectDir != "" { var err error - sandboxDir, err := setupSandbox(t.Agent.ProjectDir, r.Logger) + sandboxDir, err = setupSandbox(t.Agent.ProjectDir, r.Logger) if err != nil { return fmt.Errorf("setting up sandbox: %w", err) } @@ -226,11 +226,22 @@ func extractQuestionText(questionJSON string) string { return strings.TrimSpace(q.Text) } -// gitSafe returns git arguments that prepend "-c safe.directory=*" so that -// commands succeed regardless of the repository owner. This is needed when -// claudomator operates on project directories owned by a different OS user. +// gitSafe returns git arguments that prepend safety overrides so that +// commands succeed regardless of the repository owner or the host's global +// git configuration. Specifically: +// +// - "-c safe.directory=*" lets us operate on directories owned by a +// different OS user. +// - "-c commit.gpgsign=false" / "-c tag.gpgsign=false" stop git from +// trying to sign commits via the host's signing tooling. Sandbox commits +// are internal and don't need to be signed; an unconfigured or broken +// signing setup on the host should never block a sandbox merge. func gitSafe(args ...string) []string { - return append([]string{"-c", "safe.directory=*"}, args...) + return append([]string{ + "-c", "safe.directory=*", + "-c", "commit.gpgsign=false", + "-c", "tag.gpgsign=false", + }, args...) } // sandboxCloneSource returns the URL to clone the sandbox from. It prefers a |