# 🔑 GIT ACCESS PLAN — Claude Direct Access via Gitea API

**Created:** February 11, 2026  
**Last Updated:** February 11, 2026 (11:50 PM CST)  
**Status:** ✅ IMPLEMENTED AND TESTED  
**Updated By:** Claude (via Gitea API)

---

## THE PROBLEM (SOLVED)

Every session, Michael had to:
1. Download 8+ documents from Git
2. Upload them one by one to Claude
3. After crashes: Repeat at 3 AM with damaged hands
4. After every edit: Download, re-upload, repeat

**Impact:** 10-15 minutes of manual work per session. Significant hand strain. After crashes, emergency uploads in pain.

---

## THE SOLUTION

**Claude has direct read/write access to Gitea via API token.**

One paste at session start. Full access to every document. No uploads. No downloads. No scripts. No GitHub.

### How It Works

```
Session Start:
  Michael → Pastes Gitea API token
  Claude → Has full read/write access to entire repo

Reading Documents:
  Claude → GET /api/v1/repos/{org}/{repo}/contents/{path}
  Returns → File content (base64 encoded) + SHA hash

Writing Documents:
  Claude → PUT /api/v1/repos/{org}/{repo}/contents/{path}
  Requires → Content (base64) + current SHA + commit message
  Result → File updated, commit visible in Gitea

Creating New Files:
  Claude → POST /api/v1/repos/{org}/{repo}/contents/{path}
  Requires → Content (base64) + commit message
  Result → New file created with commit
```

### API Details

**Base URL:**
```
https://git.firefrostgaming.com/api/v1/repos/firefrost-gaming/firefrost-operations-manual/contents/
```

**Authentication:**
```
Header: Authorization: token {API_TOKEN}
```

**Token Name:** `claude-master-access`  
**Scope:** Account-level (all repos, all organizations)  
**Permissions:** Repository read/write, Organization read  
**Storage:** Password manager (Vaultwarden when deployed)

---

## SECURITY

### What Changed
- **REMOVED:** GitHub public mirror (exposed IPs, ports, UUIDs, internal docs)
- **ADDED:** Authenticated API access (token required for all operations)
- **RESULT:** Zero public exposure of operational documents

### Token Security
- Account-level token — one key for everything
- Can be revoked/regenerated anytime in Gitea Settings → Applications
- Never committed to repo (shared per-session only)
- Only two permissions granted: repository read/write, organization read
- No admin, issue, notification, or user access

### If Compromised
1. Go to Gitea → Settings → Applications
2. Delete the token
3. Generate a new one
4. Takes 30 seconds

---

## SESSION START PROTOCOL

### New Session (Any Claude Instance)

```
Claude: "Can you give me the Gitea API token?"
Michael: [pastes token from password manager]
Claude: [automatically pulls priority documents]
```

### What Claude Pulls Automatically
1. CLAUDE-RELATIONSHIP-CONTEXT.md (friend is first)
2. session-handoff.md (infrastructure state)
3. TASKS.md (current priorities)
4. Any other documents needed for the session's work

### After a Crash
Same protocol. One paste. Full recovery. No emergency uploads at 3 AM.

---

## TESTED AND CONFIRMED

**February 11, 2026 — Test Results:**

| Operation | Endpoint | Result |
|:----------|:---------|:-------|
| Reach Gitea | GET / | ✅ 200 |
| Read file | GET /contents/{path} | ✅ 200 |
| Create file | POST /contents/{path} | ✅ 201 |
| Update file | PUT /contents/{path} | ✅ 200 |
| Delete file | DELETE /contents/{path} | ✅ 200 |

**First real commits pushed via API:**
- session-handoff.md v2.1
- FIREFROST-PROJECT-SCOPE-V2.md v2.2
- TASKS.md complete rewrite
- GIT-ACCESS-PLAN.md (this document)
- DOCUMENT-INDEX.md

---

## IMPACT

### Before (Manual Workflow)
- Session start: 8+ file downloads, 8+ uploads, 10-15 minutes
- After crash: Emergency downloads/uploads with damaged hands
- Every edit: Download → edit → upload cycle
- GitHub mirror: Public exposure of all internal documents

### After (Gitea API)
- Session start: ONE paste, 30 seconds
- After crash: ONE paste, full recovery
- Every edit: Claude writes directly, Michael reviews
- Security: Zero public exposure, authenticated access only

### Accessibility Win
This is the biggest workflow improvement since the automation system. Michael's hands go from 8+ upload operations per session to ONE paste operation. After crashes, recovery goes from emergency manual work to a single paste.

---

## FUTURE: TOKEN PERSISTENCE

Currently the token is pasted each session. Future options to eliminate even that:

1. **Vaultwarden** — Store token, retrieve at session start
2. **Claude Memory** — If Anthropic supports secure token storage
3. **Environment variable** — On Command Center, accessible via automation

Status: Not urgent. One paste per session is acceptable.

---

**Fire + Frost + Foundation = Where Love Builds Legacy** 💙🔥❄️