feat: gracefully skip SSH commit signing when agent is unavailable

Add ssh_signing_available() check so commits proceed unsigned when the
1Password / SSH agent socket is not reachable, instead of failing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: lynnwallenstein

scripts/doctor.sh

@@ -38,7 +38,11 @@ if [ -f .env ]; then
     if [ -n "${SSH_PUBLIC_KEY:-}" ]; then
         git config --global gpg.format ssh
         git config --global user.signingkey "key::${SSH_PUBLIC_KEY}"
-        git config --global commit.gpgsign true
+        if ssh_signing_available; then
+            git config --global commit.gpgsign true
+        else
+            git config --global commit.gpgsign false
+        fi
     fi
     if [ -n "${GITHUB_TOKEN:-}" ] && command -v gh &> /dev/null; then
         gh auth setup-git 2>/dev/null || true
@@ -59,9 +63,13 @@ else
 fi
 
 # --- SSH commit signing ---
-SIGNING=$(git config --global commit.gpgsign 2>/dev/null || echo "")
-if [ "$SIGNING" = "true" ]; then
-    log_success "SSH commit signing enabled."
+SIGNING_KEY=$(git config --global user.signingkey 2>/dev/null || echo "")
+if [ -n "$SIGNING_KEY" ]; then
+    if ssh_signing_available; then
+        log_success "SSH commit signing enabled (1Password / SSH agent detected)."
+    else
+        log_info "SSH signing key configured but agent not available — signing disabled."
+    fi
 else
     log_info "SSH commit signing not configured (optional)."
 fi

scripts/setup-env.sh

@@ -96,7 +96,13 @@ fi
 if [ -n "$SSH_PUBLIC_KEY" ]; then
     git config --global gpg.format ssh
     git config --global user.signingkey "key::${SSH_PUBLIC_KEY}"
-    git config --global commit.gpgsign true
+    if ssh_signing_available; then
+        git config --global commit.gpgsign true
+        log_success "SSH commit signing enabled (agent available)."
+    else
+        git config --global commit.gpgsign false
+        log_warn "SSH key saved but agent not available — signing disabled. Commits will proceed unsigned."
+    fi
 fi
 
 if [ -n "$GEMINI_API_KEY" ]; then

scripts/utils.sh

@@ -82,6 +82,12 @@ read_env() {
     fi
 }
 
+# Check if the SSH agent is available for commit signing.
+# Returns 0 if SSH_AUTH_SOCK is set and the agent responds.
+ssh_signing_available() {
+    [ -n "${SSH_AUTH_SOCK:-}" ] && [ -S "${SSH_AUTH_SOCK}" ] && ssh-add -L &>/dev/null
+}
+
 # Ensure we are at the repository root
 ensure_root() {
     local script_dir

templates/README.md

@@ -104,18 +104,18 @@ make setup
 
 Start developing! Use the universal `Makefile` targets:
 
-| Command           | Purpose                          |
-| ----------------- | -------------------------------- |
-| `make help`       | Show all available targets       |
-| `make setup`      | Install deps & configure hooks    |
-| `make doctor`     | Check environment health         |
-| `make new-adr`    | Scaffold a new architecture record|
-| `make ai-context` | Bundle project context for AI    |
-| `make dev`        | Start the development server     |
-| `make test`       | Run the test suite               |
-| `make build`      | Create a production build        |
-| `make lint`       | Run code formatting & linting    |
-| `make clean`      | Remove build artifacts           |
+| Command           | Purpose                            |
+| ----------------- | ---------------------------------- |
+| `make help`       | Show all available targets         |
+| `make setup`      | Install deps & configure hooks     |
+| `make doctor`     | Check environment health           |
+| `make new-adr`    | Scaffold a new architecture record |
+| `make ai-context` | Bundle project context for AI      |
+| `make dev`        | Start the development server       |
+| `make test`       | Run the test suite                 |
+| `make build`      | Create a production build          |
+| `make lint`       | Run code formatting & linting      |
+| `make clean`      | Remove build artifacts             |
 
 ---
 

templates/scripts/doctor.sh

@@ -38,7 +38,11 @@ if [ -f .env ]; then
     if [ -n "${SSH_PUBLIC_KEY:-}" ]; then
         git config --global gpg.format ssh
         git config --global user.signingkey "key::${SSH_PUBLIC_KEY}"
-        git config --global commit.gpgsign true
+        if ssh_signing_available; then
+            git config --global commit.gpgsign true
+        else
+            git config --global commit.gpgsign false
+        fi
     fi
     if [ -n "${GITHUB_TOKEN:-}" ] && command -v gh &> /dev/null; then
         gh auth setup-git 2>/dev/null || true
@@ -59,9 +63,13 @@ else
 fi
 
 # --- SSH commit signing ---
-SIGNING=$(git config --global commit.gpgsign 2>/dev/null || echo "")
-if [ "$SIGNING" = "true" ]; then
-    log_success "SSH commit signing enabled."
+SIGNING_KEY=$(git config --global user.signingkey 2>/dev/null || echo "")
+if [ -n "$SIGNING_KEY" ]; then
+    if ssh_signing_available; then
+        log_success "SSH commit signing enabled (1Password / SSH agent detected)."
+    else
+        log_info "SSH signing key configured but agent not available — signing disabled."
+    fi
 else
     log_info "SSH commit signing not configured (optional)."
 fi

templates/scripts/setup-env.sh

@@ -98,7 +98,13 @@ fi
 if [ -n "$SSH_PUBLIC_KEY" ]; then
     git config --global gpg.format ssh
     git config --global user.signingkey "key::${SSH_PUBLIC_KEY}"
-    git config --global commit.gpgsign true
+    if ssh_signing_available; then
+        git config --global commit.gpgsign true
+        log_success "SSH commit signing enabled (agent available)."
+    else
+        git config --global commit.gpgsign false
+        log_warn "SSH key saved but agent not available — signing disabled. Commits will proceed unsigned."
+    fi
 fi
 
 if [ -n "$GEMINI_API_KEY" ]; then

templates/scripts/utils.sh

@@ -82,6 +82,12 @@ read_env() {
     fi
 }
 
+# Check if the SSH agent is available for commit signing.
+# Returns 0 if SSH_AUTH_SOCK is set and the agent responds.
+ssh_signing_available() {
+    [ -n "${SSH_AUTH_SOCK:-}" ] && [ -S "${SSH_AUTH_SOCK}" ] && ssh-add -L &>/dev/null
+}
+
 # Ensure we are at the repository root
 ensure_root() {
     local script_dir