Asks users to confirm they've reviewed the script before it modifies
config. On decline, prints instructions for piping the script to
Claude Code or Gemini CLI for a security review. Skipped with -y
and --audit flags. 3 new tests (53 total).
Closes: #7🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Covers arg parsing, version comparison, audit phase (git config,
signing, SSH), apply phase (settings, SSH directives, url rewrite),
signing key detection (standard/custom/tilde/sk-preference),
allowed signers, -y mode, backup, and end-to-end idempotency.
All tests run in isolated HOME to avoid touching real config.
Closes: #6🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fix incorrect CVE reference for core.fsmonitor, clarify bash/zsh
compatibility (shebang is bash, works from zsh sessions), fix -y mode
signing behavior to not break commits when no key exists, clarify
submodule.recurse scope, add pull.rebase conflict warning, improve
SSH config and credential helper detection specifics, add FIDO2
touch prompt, and clarify audit exit code for missing signing keys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Interactive shell script that audits and hardens global git config
with security-focused defaults: object integrity, protocol restrictions,
filesystem protection, hook control, SSH signing with FIDO2 support,
and credential security.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
