Add pre-push hook to sync refs/auths/registry to project repo #73
Description
Problem
After auths init, the registry (refs/auths/registry) is written to ~/.auths/.git, not to the current project repo. Users must manually run:
git fetch ~/.auths refs/auths/registry:refs/auths/registry
git push origin refs/auths/registry --forceThis is undiscoverable — nothing in the CLI tells users they need to do this, and downstream tools (e.g., the @auths-dev/verify widget) silently fail because the project repo on GitHub has no refs/auths/registry.
Proposal
Add a pre-push Git hook that automatically syncs refs/auths/registry from ~/.auths into the project repo before pushing.
Why pre-push (not pre-commit)
- Not every commit needs the registry synced — only when pushing to a remote
- Catches all pushes including direct-to-main workflows
- Pre-commit would be too frequent and noisy
Suggested behavior
- On
git push, the hook checks if~/.auths/.git/refs/auths/registryexists - If so, fetch it into the local repo:
git fetch ~/.auths refs/auths/registry:refs/auths/registry - Include
refs/auths/registryin the push - If
~/.authshas no registry, skip silently (user hasn't runauths init)
Installation
The hook could be installed automatically by auths init or auths git setup, similar to how git signing is configured.
Context
Discovered while dogfooding the verify widget (@auths-dev/verify) with the example-verify-badge repo. The widget fetches refs/auths/registry from the GitHub API to verify attestations, but the ref was missing from the remote because the manual sync step was not documented or automated.
🤖 Generated with Claude Code