Document what each setting does, what attack it mitigates, what
could break, and why we chose this default. Covers all git config
settings, SSH directives, and audit-only checks.
Co-Authored-By: Claude <noreply@anthropic.com>
Add safety gate prompt to all interactive tmux scenarios, add new
"safety gate decline" test scenario, update acceptance criteria.
Closes: #10🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fix incorrect CVE reference for core.fsmonitor, clarify bash/zsh
compatibility (shebang is bash, works from zsh sessions), fix -y mode
signing behavior to not break commits when no key exists, clarify
submodule.recurse scope, add pull.rebase conflict warning, improve
SSH config and credential helper detection specifics, add FIDO2
touch prompt, and clarify audit exit code for missing signing keys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Interactive shell script that audits and hardens global git config
with security-focused defaults: object integrity, protocol restrictions,
filesystem protection, hook control, SSH signing with FIDO2 support,
and credential security.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
