# t_3a368a52 — Gitea login selection for USC repos

## Objective

Fix Mosaic git wrapper behavior so `git.uscllc.com` repositories use the USC Gitea/tea login instead of the Mosaic Stack login during PR merge operations.

## Issue / tracking

- Kanban: `t_3a368a52`
- Gitea issue: `#516` (`http://git.mosaicstack.dev/mosaicstack/stack/issues/516`)
- Branch: `fix/t_3a368a52-gitea-usc-login`

## Scope

- In scope: Mosaic framework git wrapper scripts under `packages/mosaic/framework/tools/git/` and matching framework docs.
- Out of scope: U-Connect source, PR #1905 contents, Authentik settings, smoke credentials, and runtime infrastructure manifests.

## Root cause

`pr-merge.sh` always built the Gitea merge command with `--login ${GITEA_LOGIN:-mosaicstack}`. In a `git.uscllc.com/USC/uconnect` repo with no explicit `GITEA_LOGIN`, this selected the `mosaicstack` tea login even though the remote host requires the `usc` login. While validating `pr-metadata.sh`, I also found that `load_credentials` preserves existing env vars; an ambient `GITEA_TOKEN` for a different account could override host-specific credential loading unless the lookup clears Gitea env vars inside the credential-loader subshell.

## Plan

1. Add regression coverage for host → tea login selection.
2. Add shared `get_gitea_login(host)` helper in `detect-platform.sh`.
3. Update `pr-merge.sh` to derive the tea login from the current remote host.
4. Document the host mapping in framework `TOOLS.md`.
5. Validate with safe fake-`tea` merge command captures; do not perform a real merge.

## Evidence log

- Reproduced old behavior safely from `/src/uconnect` with fake `tea`: PR #1905 command used `--login mosaicstack` for repo `USC/uconnect`.
- RED test: `bash packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh` failed because `get_gitea_login` did not exist.
- RED test extension: same test failed with `expected 'usc-token', got 'ambient-wrong-token'`, proving ambient `GITEA_TOKEN` could override host-specific USC credentials.
- GREEN test: `bash packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh` passed after adding host mapping and clearing Gitea env vars in the credential-loader subshell.
- Syntax check: `bash -n packages/mosaic/framework/tools/git/detect-platform.sh packages/mosaic/framework/tools/git/pr-merge.sh packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh` passed.
- Metadata validation from `/src/uconnect` using the fixed wrapper source and `MOSAIC_CREDENTIALS_FILE=/src/jarvis-brain/credentials.json`:
  - PR #1905: `number=1905 state=open base=main head=edith/t_39ce717c-authentik-smoke-gate mergeable=True`.
  - PR #1869: `number=1869 state=closed base=main head=fix/t_6f492e4a-cert-renewal-malformed-crt mergeable=True`.
- Safe fake-`tea` merge validation from `/src/uconnect` using the fixed wrapper source and `MOSAIC_CREDENTIALS_FILE=/src/jarvis-brain/credentials.json`:
  - PR #1905 command captured `pr merge 1905 --style squash --repo USC/uconnect --login usc` and exited through fake `tea` with code 42; no merge was attempted.
  - PR #1869 command captured `pr merge 1869 --style squash --repo USC/uconnect --login usc` and exited through fake `tea` with code 42; no merge was attempted.
- `ci-queue-wait.sh --purpose merge -B main -t 5 -i 1` from `/src/uconnect` resolved `platform=gitea`, branch `main`, SHA `49f0bce75c242eee19472ed367295658da9e56fc`, state `unknown`, exit 0.
- Final shell regression: `bash packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh` passed, including `pr-merge.sh` fake-`tea` argv capture for USC login selection and a negative metacharacter login override test.
- Final syntax check: `bash -n packages/mosaic/framework/tools/git/detect-platform.sh packages/mosaic/framework/tools/git/pr-merge.sh packages/mosaic/framework/tools/git/pr-metadata.sh packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh` passed.
- Independent review initially found the changed `pr-merge.sh` path still used string-built `eval`; remediated by switching GitHub/Gitea merge execution to argv arrays, validating numeric PR numbers, and rejecting unsupported characters in explicit `GITEA_LOGIN` overrides.
- Workspace gates: `pnpm typecheck`, `pnpm lint`, and `pnpm format:check` passed after dependency install.

## Current blocker/risk

`ci-queue-wait.sh` still reports `state=unknown` for U-Connect main because the Gitea commit status payload does not classify into success/failure/pending/no-status. This task fixed the wrong tea login selection path; it did not alter CI status semantics.

Full `pnpm test` remains blocked by unrelated gateway database setup in this Kanban workspace: gateway tests fail with `PostgresError: relation "messages" does not exist` (`42P01`) even after starting Postgres/Valkey with Docker Compose. Jaeger also fails to start because host port `16686` is already allocated. The targeted wrapper regression and repo type/lint/format gates pass.