fix: clean git credentials before push to avoid double-auth URLs

Made-with: Cursor

src/tools.ts

@@ -372,14 +372,24 @@ async function gitCommitAndPush(message: string, ctx: ToolContext): Promise<unkn
         await execAsync('git add -A', { cwd });
         await execAsync(`git commit -m "${message.replace(/"/g, '\\"')}"`, { cwd });
 
-        // Ensure remote has credentials
-        const remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
-        const authedUrl = remoteUrl.startsWith('https://')
-            ? remoteUrl.replace('https://', `https://${username}:${apiToken}@`)
-            : remoteUrl;
-        await execAsync(`git push "${authedUrl}" HEAD`, { cwd, timeout: 60_000 });
+        // Get current remote URL, strip any existing credentials, re-inject cleanly
+        let remoteUrl = '';
+        try {
+            remoteUrl = (await execAsync('git remote get-url origin', { cwd })).stdout.trim();
+        } catch { /* no remote yet */ }
 
-        return { success: true, message };
+        const cleanUrl = remoteUrl.replace(/https:\/\/[^@]+@/, 'https://');
+        const baseUrl = cleanUrl || apiUrl;
+        const authedUrl = baseUrl.replace('https://', `https://${username}:${apiToken}@`);
+
+        await execAsync(`git remote set-url origin "${authedUrl}"`, { cwd }).catch(async () => {
+            await execAsync(`git remote add origin "${authedUrl}"`, { cwd });
+        });
+
+        const branch = (await execAsync('git rev-parse --abbrev-ref HEAD', { cwd })).stdout.trim();
+        await execAsync(`git push -u origin "${branch}"`, { cwd, timeout: 60_000 });
+
+        return { success: true, message, branch };
     } catch (err: any) {
         const cleaned = (err.message || '').replace(new RegExp(apiToken, 'g'), '***');
         return { error: `Git operation failed: ${cleaned}` };