tools/git/ci-queue-wait.sh

@@ -31,41 +31,7 @@ Examples:
 EOF
 }
 
-get_remote_host() {
-    local remote_url
-    remote_url=$(git remote get-url origin 2>/dev/null || true)
-    if [[ -z "$remote_url" ]]; then
-        return 1
-    fi
-    if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    if [[ "$remote_url" =~ ^git@([^:]+): ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    return 1
-}
-
-get_gitea_token() {
-    local host="$1"
-    if [[ -n "${GITEA_TOKEN:-}" ]]; then
-        echo "$GITEA_TOKEN"
-        return 0
-    fi
-
-    local creds="$HOME/.git-credentials"
-    if [[ -f "$creds" ]]; then
-        local token
-        token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1)
-        if [[ -n "$token" ]]; then
-            echo "$token"
-            return 0
-        fi
-    fi
-    return 1
-}
+# get_remote_host and get_gitea_token are provided by detect-platform.sh
 
 get_state_from_status_json() {
     python3 - <<'PY'

tools/git/detect-platform.sh

@@ -74,6 +74,75 @@ get_repo_name() {
     echo "${repo_info##*/}"
 }
 
+get_remote_host() {
+    local remote_url
+    remote_url=$(git remote get-url origin 2>/dev/null || true)
+    if [[ -z "$remote_url" ]]; then
+        return 1
+    fi
+    if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then
+        echo "${BASH_REMATCH[1]}"
+        return 0
+    fi
+    if [[ "$remote_url" =~ ^git@([^:]+): ]]; then
+        echo "${BASH_REMATCH[1]}"
+        return 0
+    fi
+    return 1
+}
+
+# Resolve a Gitea API token for the given host.
+# Priority: Mosaic credential loader → GITEA_TOKEN env → ~/.git-credentials
+get_gitea_token() {
+    local host="$1"
+    local script_dir
+    script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+    local cred_loader="$script_dir/../_lib/credentials.sh"
+
+    # 1. Mosaic credential loader (host → service mapping, run in subshell to avoid polluting env)
+    if [[ -f "$cred_loader" ]]; then
+        local token
+        token=$(
+            source "$cred_loader"
+            case "$host" in
+                git.mosaicstack.dev) load_credentials gitea-mosaicstack 2>/dev/null ;;
+                git.uscllc.com)      load_credentials gitea-usc 2>/dev/null ;;
+                *)
+                    for svc in gitea-mosaicstack gitea-usc; do
+                        load_credentials "$svc" 2>/dev/null || continue
+                        [[ "${GITEA_URL:-}" == *"$host"* ]] && break
+                        unset GITEA_TOKEN GITEA_URL
+                    done
+                    ;;
+            esac
+            echo "${GITEA_TOKEN:-}"
+        )
+        if [[ -n "$token" ]]; then
+            echo "$token"
+            return 0
+        fi
+    fi
+
+    # 2. GITEA_TOKEN env var (may be set by caller)
+    if [[ -n "${GITEA_TOKEN:-}" ]]; then
+        echo "$GITEA_TOKEN"
+        return 0
+    fi
+
+    # 3. ~/.git-credentials file
+    local creds="$HOME/.git-credentials"
+    if [[ -f "$creds" ]]; then
+        local token
+        token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1)
+        if [[ -n "$token" ]]; then
+            echo "$token"
+            return 0
+        fi
+    fi
+
+    return 1
+}
+
 # If script is run directly (not sourced), output the platform
 if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
     detect_platform

tools/git/issue-create.sh

@@ -13,40 +13,7 @@ BODY=""
 LABELS=""
 MILESTONE=""
 
-get_remote_host() {
-    local remote_url
-    remote_url=$(git remote get-url origin 2>/dev/null || true)
-    if [[ -z "$remote_url" ]]; then
-        return 1
-    fi
-    if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    if [[ "$remote_url" =~ ^git@([^:]+): ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    return 1
-}
-
-get_gitea_token() {
-    local host="$1"
-    if [[ -n "${GITEA_TOKEN:-}" ]]; then
-        echo "$GITEA_TOKEN"
-        return 0
-    fi
-    local creds="$HOME/.git-credentials"
-    if [[ -f "$creds" ]]; then
-        local token
-        token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1)
-        if [[ -n "$token" ]]; then
-            echo "$token"
-            return 0
-        fi
-    fi
-    return 1
-}
+# get_remote_host and get_gitea_token are provided by detect-platform.sh
 
 gitea_issue_create_api() {
     local host repo token url payload

tools/git/issue-view.sh

@@ -10,40 +10,7 @@ source "$SCRIPT_DIR/detect-platform.sh"
 # Parse arguments
 ISSUE_NUMBER=""
 
-get_remote_host() {
-    local remote_url
-    remote_url=$(git remote get-url origin 2>/dev/null || true)
-    if [[ -z "$remote_url" ]]; then
-        return 1
-    fi
-    if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    if [[ "$remote_url" =~ ^git@([^:]+): ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    return 1
-}
-
-get_gitea_token() {
-    local host="$1"
-    if [[ -n "${GITEA_TOKEN:-}" ]]; then
-        echo "$GITEA_TOKEN"
-        return 0
-    fi
-    local creds="$HOME/.git-credentials"
-    if [[ -f "$creds" ]]; then
-        local token
-        token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1)
-        if [[ -n "$token" ]]; then
-            echo "$token"
-            return 0
-        fi
-    fi
-    return 1
-}
+# get_remote_host and get_gitea_token are provided by detect-platform.sh
 
 gitea_issue_view_api() {
     local host repo token url

tools/git/pr-ci-wait.sh

@@ -27,41 +27,7 @@ Examples:
 EOF
 }
 
-get_remote_host() {
-    local remote_url
-    remote_url=$(git remote get-url origin 2>/dev/null || true)
-    if [[ -z "$remote_url" ]]; then
-        return 1
-    fi
-    if [[ "$remote_url" =~ ^https?://([^/]+)/ ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    if [[ "$remote_url" =~ ^git@([^:]+): ]]; then
-        echo "${BASH_REMATCH[1]}"
-        return 0
-    fi
-    return 1
-}
-
-get_gitea_token() {
-    local host="$1"
-    if [[ -n "${GITEA_TOKEN:-}" ]]; then
-        echo "$GITEA_TOKEN"
-        return 0
-    fi
-
-    local creds="$HOME/.git-credentials"
-    if [[ -f "$creds" ]]; then
-        local token
-        token=$(grep -F "$host" "$creds" 2>/dev/null | sed -n 's#https\?://[^@]*:\([^@/]*\)@.*#\1#p' | head -n 1)
-        if [[ -n "$token" ]]; then
-            echo "$token"
-            return 0
-        fi
-    fi
-    return 1
-}
+# get_remote_host and get_gitea_token are provided by detect-platform.sh
 
 extract_state_from_status_json() {
     python3 - <<'PY'

tools/git/pr-diff.sh

@@ -68,11 +68,10 @@ elif [[ "$PLATFORM" == "gitea" ]]; then
 
     DIFF_URL="https://${HOST}/api/v1/repos/${OWNER}/${REPO}/pulls/${PR_NUMBER}.diff"
 
-    # Use tea's auth token if available
-    TEA_TOKEN=$(tea login list 2>/dev/null | grep "$HOST" | awk '{print $NF}' || true)
+    GITEA_API_TOKEN=$(get_gitea_token "$HOST" || true)
 
-    if [[ -n "$TEA_TOKEN" ]]; then
-        DIFF_CONTENT=$(curl -sS -H "Authorization: token $TEA_TOKEN" "$DIFF_URL")
+    if [[ -n "$GITEA_API_TOKEN" ]]; then
+        DIFF_CONTENT=$(curl -sS -H "Authorization: token $GITEA_API_TOKEN" "$DIFF_URL")
     else
         DIFF_CONTENT=$(curl -sS "$DIFF_URL")
     fi

tools/git/pr-metadata.sh

@@ -69,11 +69,10 @@ elif [[ "$PLATFORM" == "gitea" ]]; then
 
     API_URL="https://${HOST}/api/v1/repos/${OWNER}/${REPO}/pulls/${PR_NUMBER}"
 
-    # Use tea's auth token if available
-    TEA_TOKEN=$(tea login list 2>/dev/null | grep "$HOST" | awk '{print $NF}' || true)
+    GITEA_API_TOKEN=$(get_gitea_token "$HOST" || true)
 
-    if [[ -n "$TEA_TOKEN" ]]; then
-        RAW=$(curl -sS -H "Authorization: token $TEA_TOKEN" "$API_URL")
+    if [[ -n "$GITEA_API_TOKEN" ]]; then
+        RAW=$(curl -sS -H "Authorization: token $GITEA_API_TOKEN" "$API_URL")
     else
         RAW=$(curl -sS "$API_URL")
     fi