Respect commit.gpgsign config in auto-commit strategy

[oryanmoshe]

Summary

• When commit.gpgsign=true is set in git config, commitOrHead() now falls back to the git CLI so commits are properly signed
• The go-git code path is completely unchanged when signing is not configured
• Only affects user-facing commits on the active branch; internal checkpoint/shadow branch commits are untouched

Fixes #311

Why git CLI instead of go-git?

go-git v5's CommitOptions.SignKey only accepts *openpgp.Entity — an in-process OpenPGP key. This means it cannot handle:

• SSH signing (gpg.format = ssh) — increasingly common, GitHub's default recommendation
• gpg-agent — most GPG users rely on the agent for passphrase caching and hardware key access
• Hardware tokens (YubiKey, etc.) — the agent mediates access; go-git can't talk to it
• X.509 signing (gpg.format = x509) — used in enterprise environments

The git CLI handles all of these automatically based on the user's config. This is the same pattern used by HardResetWithProtection and CheckoutBranch in this codebase — go-git is preferred, but the CLI is used when go-git has a gap:

// common.go – HardResetWithProtection
// "Uses the git CLI instead of go-git because go-git's HardReset incorrectly
// deletes untracked directories"

// git_operations.go – CheckoutBranch
// "Uses git CLI instead of go-git to work around go-git v5 bug where Checkout
// deletes untracked files"

The signing gap is similar: go-git can create commits but can't sign them in a way that covers all methods users actually use.

What changed

auto_commit.go — 3 functions added/modified:

• commitOrHead() — checks shouldSignCommits() before the existing go-git path. When false (most users), behavior is identical to before.
• shouldSignCommits() — reads commit.gpgsign via git config --get (respects local/global/system/includes).
• commitWithCLI() — creates the commit via git commit, with the same empty-commit handling as the go-git path.

auto_commit_test.go — 4 new tests:

• TestShouldSignCommits_Disabled / _Enabled — config detection
• TestCommitWithCLI_CreatesCommit — verifies commit message and author
• TestCommitWithCLI_EmptyCommit — returns HEAD hash (matches go-git behavior)

Verified end-to-end

Tested with a fresh repo, commit.gpgsign=true, auto-commit strategy:

$ git log -1 --show-signature
commit b07b8ca...
gpg: Signature made Thu Feb 12 22:41:37 2026 IST
gpg:                using EDDSA key B1682980C361FE9099B5B91843D93E80972F401A
gpg: Good signature from "Oryan Moshe <43927816+oryanmoshe@users.noreply.github.com>" [ultimate]

    Add a hello world function

    Entire-Checkpoint: b540e82835a1

Without this fix, the same commit would have no signature (go-git ignores commit.gpgsign).

Test plan

• TestShouldSignCommits_Disabled — returns false when gpgsign=false
• TestShouldSignCommits_Enabled — returns true when gpgsign=true
• TestCommitWithCLI_CreatesCommit — CLI path creates commit with correct message/author
• TestCommitWithCLI_EmptyCommit — CLI path returns HEAD hash for empty commits
• Full test suite passes (mise run test:ci — unit + integration with race detection)
• End-to-end: verified signed commit in fresh repo with commit.gpgsign=true

🤖 Generated with Claude Code