diff --git a/dist/tools.js b/dist/tools.js
index 2b0dbf4..0e0dcd0 100644
--- a/dist/tools.js
+++ b/dist/tools.js
@@ -377,13 +377,21 @@ async function gitCommitAndPush(message, ctx) {
     try {
         await execAsync('git add -A', { cwd });
         await execAsync(`git commit -m "${message.replace(/"/g, '\\"')}"`, { cwd });
-        // Ensure remote has credentials
-        const remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
-        const authedUrl = remoteUrl.startsWith('https://')
-            ? remoteUrl.replace('https://', `https://${username}:${apiToken}@`)
-            : remoteUrl;
-        await execAsync(`git push "${authedUrl}" HEAD`, { cwd, timeout: 60000 });
-        return { success: true, message };
+        // Get current remote URL, strip any existing credentials, re-inject cleanly
+        let remoteUrl = '';
+        try {
+            remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
+        }
+        catch { /* no remote yet */ }
+        const cleanUrl = remoteUrl.replace(/https:\/\/[^@]+@/, 'https://');
+        const baseUrl = cleanUrl || apiUrl;
+        const authedUrl = baseUrl.replace('https://', `https://${username}:${apiToken}@`);
+        await execAsync(`git remote set-url origin "${authedUrl}"`, { cwd }).catch(async () => {
+            await execAsync(`git remote add origin "${authedUrl}"`, { cwd });
+        });
+        const branch = (await execAsync('git rev-parse --abbrev-ref HEAD', { cwd })).stdout.trim();
+        await execAsync(`git push -u origin "${branch}"`, { cwd, timeout: 60000 });
+        return { success: true, message, branch };
     }
     catch (err) {
         const cleaned = (err.message || '').replace(new RegExp(apiToken, 'g'), '***');
diff --git a/src/tools.ts b/src/tools.ts
index 9c76fed..874e31d 100644
--- a/src/tools.ts
+++ b/src/tools.ts
@@ -372,14 +372,24 @@ async function gitCommitAndPush(message: string, ctx: ToolContext): Promise<unkn
         await execAsync('git add -A', { cwd });
         await execAsync(`git commit -m "${message.replace(/"/g, '\\"')}"`, { cwd });
 
-        // Ensure remote has credentials
-        const remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
-        const authedUrl = remoteUrl.startsWith('https://')
-            ? remoteUrl.replace('https://', `https://${username}:${apiToken}@`)
-            : remoteUrl;
-        await execAsync(`git push "${authedUrl}" HEAD`, { cwd, timeout: 60_000 });
+        // Get current remote URL, strip any existing credentials, re-inject cleanly
+        let remoteUrl = '';
+        try {
+            remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
+        } catch { /* no remote yet */ }
 
-        return { success: true, message };
+        const cleanUrl = remoteUrl.replace(/https:\/\/[^@]+@/, 'https://');
+        const baseUrl = cleanUrl || apiUrl;
+        const authedUrl = baseUrl.replace('https://', `https://${username}:${apiToken}@`);
+
+        await execAsync(`git remote set-url origin "${authedUrl}"`, { cwd }).catch(async () => {
+            await execAsync(`git remote add origin "${authedUrl}"`, { cwd });
+        });
+
+        const branch = (await execAsync('git rev-parse --abbrev-ref HEAD', { cwd })).stdout.trim();
+        await execAsync(`git push -u origin "${branch}"`, { cwd, timeout: 60_000 });
+
+        return { success: true, message, branch };
     } catch (err: any) {
         const cleaned = (err.message || '').replace(new RegExp(apiToken, 'g'), '***');
         return { error: `Git operation failed: ${cleaned}` };