Disable SSH askpass for upstream status fetches

[merrkry]

What Changed

• Extended ExecuteGitOptions with env field
• Pass SSH_ASKPASS_REQUIRE=never to upstream status fetch to prevent annoying popups that cannot be usefully responded

Why

GitCore.fetchUpstreamRefForStatus periodically runs git fetch. When Git interacts with an SSH remote that requires a passphrase to unlock the SSH key, an ssh-askpass window pops up each time this is invoked if the key is not available in the SSH agent. With a timeout of 5 seconds, it is difficult to react and type the passphrase.

This change has minimal UX impact because users currently have to add the key manually nonetheless due to the timeout.

This should work around #356 and #1190.

Some possible remaining work:

• HTTPS credential handling
• A switch to disable automatic fetching.

Checklist

• This PR is small and focused
• I explained what changed and why
• [ ] I included before/after screenshots for any UI changes Not applicable
• [ ] I included a video for animation/interaction changes Not applicable

---

Note

Low Risk
Low risk: only the background GitCore.fetchUpstreamRefForStatus git fetch gets an extra environment override to suppress SSH credential prompting, plus test adjustments to assert the new behavior.

Overview
Upstream status refresh git fetch calls now run with SSH_ASKPASS_REQUIRE=never to prevent SSH askpass prompts during the periodic behind/ahead refresh.

This introduces an optional env field on ExecuteGitOptions and forwards it through executeGit, and updates the relevant checkout/status test to assert the fetch environment.

^{Reviewed by Cursor Bugbot for commit ae8379b. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Set SSH_ASKPASS_REQUIRE=never on upstream status fetches in GitCore

• Adds an optional env field to the ExecuteGitOptions interface in GitCore.ts, forwarded to the underlying execute call.
• Sets { SSH_ASKPASS_REQUIRE: 'never' } when calling fetchUpstreamRefForStatus, preventing SSH from prompting for credentials during background status fetches.
• Behavioral Change: upstream git fetch calls now run with a modified environment; other executeGit callers are unaffected unless they pass env explicitly.

^{Macroscope summarized ae8379b.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes extend git command execution infrastructure to support custom environment variables. An optional env parameter is added to ExecuteGitOptions, and a specific environment override (SSH_ASKPASS_REQUIRE: "never") is applied to upstream status refresh fetch operations to suppress SSH password prompts.

Changes

Cohort / File(s)	Summary
GitCore Implementation apps/server/src/git/Layers/GitCore.ts	Extended ExecuteGitOptions interface with optional env property and updated executeGit wiring to pass environment variables to ChildProcess.make(). Added per-command env override for upstream status fetch setting SSH_ASKPASS_REQUIRE: "never".
GitCore Tests apps/server/src/git/Layers/GitCore.test.ts	Added capture and assertion of the fetchEnv variable to verify that the upstream status refresh fetch invocation receives the expected environment override { SSH_ASKPASS_REQUIRE: "never" }.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A gentle hop through git's fresh air,
No prompts to trouble or despair,
SSH_ASKPASS_REQUIRE set to "never" true,
Environment whispers tell git what to do! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'Disable SSH askpass for upstream status fetches' accurately and specifically describes the main change: setting SSH_ASKPASS_REQUIRE=never for upstream status refresh git fetch operations.
Description check	✅ Passed	The PR description comprehensively documents the changes, rationale, and context with clear sections matching the template structure.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c1be4c9920

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[macroscopeapp]

Approvability

Verdict: Needs human review

This PR changes runtime behavior by disabling SSH askpass during background git fetch operations. While the change is small and includes tests, it modifies how the application interacts with SSH for all users, and the author is a first-time contributor to this file. A maintainer should verify the SSH behavior change is appropriate.

^{You can customize Macroscope's approvability policy. Learn more.}

[merrkry]

According to review comments, SSH_ASKPASS_REQUIRE=never seems less intrusive.

[merrkry]

@coderabbitai review
@codex review

[coderabbitai]

@merrkry Sure, I'll review the PR now!

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

@merrkry Sure, I'll review the PR now!

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. You're on a roll.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".