Eliminates the three operational pain points hit in the last
owner-rename incident:
1. Owner-rename drift across 14 repos
- npmrc.template now uses ${GITEA_NPM_OWNER:-learning_ai_user}
- switch-network.sh exports GITEA_NPM_OWNER on shell start
- Future renames are a one-line env change, not 14 git commits
2. Stale shell-env tokens (file rotated, env didn't)
- scripts/gitea/token.sh: status|print|validate|rotate subcommands
- 'eval "$(bash scripts/gitea/token.sh print --export)"' refreshes
any shell without re-sourcing ~/.zshrc
- rotate uses Gitea API + macOS Keychain for admin creds
3. No pre-deploy validation
- scripts/gitea/doctor.sh: NETWORK + DNS + token consistency +
registry HTTP 200 + optional package@version probe
- Run before any deploy that needs @bytelyst/* from Gitea
- NETWORK=corp → GITEA_NPM_HOST=localhost (local Gitea Docker)
- NETWORK=home → GITEA_NPM_HOST from ~/.gitea_vm_host (Azure VM)
- Fallback: localhost if ~/.gitea_vm_host doesn't exist
This enables all repo .npmrc files to use ${GITEA_NPM_HOST}:3300
instead of hardcoded localhost:3300, matching the existing
.npmrc.docker pattern used during Docker builds.
- Add NO_PROXY/no_proxy/NPM_CONFIG_NOPROXY=localhost,127.0.0.1 when
NETWORK=corp so local services (Gitea npm registry, Cosmos emulator,
Azurite) bypass the corporate proxy. Previously NO_PROXY was only set
in .zshrc line 5, making the script not self-contained.
- Add GITEA_NPM_TOKEN auto-load from ~/.gitea_npm_token file
(regardless of NETWORK). Reads are public, but publish needs the
token. This ensures local pnpm install resolves @bytelyst/* auth.
- Unset NO_PROXY/no_proxy/NPM_CONFIG_NOPROXY when NETWORK=home.
Single env var NETWORK=corp|home controls all proxy config.
Source from ~/.zshrc — sets http_proxy, NPM_CONFIG_REGISTRY,
PIP_TRUSTED_HOST, NODE_TLS_REJECT_UNAUTHORIZED automatically.
No more ~/.npmrc rewriting.
- Replace hardcoded /Users/sd9235/ paths with $HOME in all SKILLS docs
- Use WORKSPACE_DIR variable in backup-main.sh (auto-resolves from script location)
- Genericize 'Forcepoint CertChecker' / 'corporate proxy' to 'SSL-intercepting proxy'
- Add scripts/switch-network.sh for toggling npm between corporate proxy and home
- No functional code changes — only comments, docs, and paths
