feat(ci): GPG signing via org secrets + 1Password environment locally

- Rewrite scripts/gpg-unlock.sh to use `op environment read` instead of
  `op read`, matching the bootstrap script's resolve_op_passphrase pattern;
  default env ID is the Rodzinka account environment (weksim7ulja7rrhkaap3lxk2wa)
- Remove 1password/load-secrets-action from release.yml; import GPG key
  directly from org-level GitHub secrets (GPG_PRIVATE_KEY, GPG_PASSPHRASE)
- Drop id-token: write permission (no longer needed without load-secrets-action)
- Document GPG signing setup in AGENTS.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: blazejpawlak

.github/workflows/release.yml

@@ -45,6 +45,18 @@ jobs:
       - name: Build
         run: bun run build
 
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+
+      - name: Set GPG_TTY
+        run: echo "GPG_TTY=$(tty)" >> $GITHUB_ENV
+
       - name: Release
         run: bun run release
         env:

AGENTS.md

@@ -102,6 +102,29 @@ bd memories <keyword>       # Search saved memories
 - Use `bd remember` for persistent knowledge — do NOT use MEMORY.md files
 - Do NOT use `bd edit` — it opens an interactive editor that blocks agents
 
+## GPG Signing
+
+Commits and tags are signed with GPG key `60BFBD78D728EEE4`.
+
+**Local — unlock the GPG agent (run once per session):**
+
+```bash
+./scripts/gpg-unlock.sh
+```
+
+Fetches the passphrase via `op environment read opencode-env` (1Password Environments) and presets it into `gpg-agent` so subsequent `git commit`/`git tag` calls don't prompt. Env var overrides:
+
+| Variable | Default | Purpose |
+|---|---|---|
+| `GPG_SIGN_KEY` | `60BFBD78D728EEE4` | Key ID to unlock |
+| `OPENCODE_MANIFEST_SIGN_1PASSWORD_ENV_ID` | `opencode-env` | 1Password environment name |
+| `OPENCODE_MANIFEST_SIGN_1PASSWORD_ACCOUNT` | _(CLI default)_ | 1Password account |
+| `OPENCODE_MANIFEST_SIGN_1PASSWORD_VAR` | `OPENCODE_MANIFEST_SIGN_PASSPHRASE` | Variable name in the env |
+
+**CI — GitHub Actions:**
+
+`release.yml` uses `crazy-max/ghaction-import-gpg` with `secrets.GPG_PRIVATE_KEY` and `secrets.GPG_PASSPHRASE` stored as org-level GitHub secrets. The CI key is a dedicated key separate from the personal signing key — rotate it independently without touching local config. No 1Password service account is needed in CI.
+
 ## Testing
 
 Unit tests live in `test/`. Run with `bun test`.

scripts/gpg-unlock.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SIGN_KEY="${GPG_SIGN_KEY:-60BFBD78D728EEE4}"
+OP_ENV="${OPENCODE_MANIFEST_SIGN_1PASSWORD_ENV_ID:-weksim7ulja7rrhkaap3lxk2wa}"
+OP_ACCOUNT="${OPENCODE_MANIFEST_SIGN_1PASSWORD_ACCOUNT:-}"
+OP_VAR="${OPENCODE_MANIFEST_SIGN_1PASSWORD_VAR:-OPENCODE_MANIFEST_SIGN_PASSPHRASE}"
+
+# Resolve passphrase via 1Password environment
+resolve_passphrase() {
+  local -a op_args
+  op_args=(environment read "$OP_ENV")
+  [[ -n "$OP_ACCOUNT" ]] && op_args+=(--account "$OP_ACCOUNT")
+
+  local env_output line key value
+  env_output="$(OP_DISABLE_PROMPTS=1 op "${op_args[@]}" 2>/dev/null)" || {
+    echo "Failed to read 1Password environment '$OP_ENV'" >&2; exit 1
+  }
+
+  while IFS= read -r line; do
+    [[ -z "$line" ]] && continue
+    key="${line%%=*}"
+    value="${line#*=}"
+    if [[ "$key" == "$OP_VAR" ]]; then
+      printf '%s' "$value"
+      return 0
+    fi
+  done <<< "$env_output"
+
+  echo "Variable '$OP_VAR' not found in environment '$OP_ENV'" >&2
+  exit 1
+}
+
+keygrip_for_sign_key() {
+  local line keygrip
+  while IFS= read -r line; do
+    case "$line" in
+      grp:*)
+        keygrip="${line#grp:::::::::}"
+        keygrip="${keygrip%%:*}"
+        [[ -n "$keygrip" ]] && { printf '%s' "$keygrip"; return 0; }
+        ;;
+    esac
+  done < <(gpg --with-colons --with-keygrip --list-secret-keys "$SIGN_KEY" 2>/dev/null)
+  return 1
+}
+
+SIGN_PASSPHRASE="$(resolve_passphrase)"
+
+libexecdir="$(gpgconf --list-dirs libexecdir 2>/dev/null)"
+preset_bin="${libexecdir%/}/gpg-preset-passphrase"
+[[ ! -x "$preset_bin" ]] && preset_bin="$(command -v gpg-preset-passphrase 2>/dev/null || true)"
+[[ -z "$preset_bin" || ! -x "$preset_bin" ]] && { echo "gpg-preset-passphrase not found" >&2; exit 1; }
+
+keygrip="$(keygrip_for_sign_key)"
+[[ -z "$keygrip" ]] && { echo "Could not get keygrip for $SIGN_KEY" >&2; exit 1; }
+
+"$preset_bin" -c -P "$SIGN_PASSPHRASE" "$keygrip"
+echo "GPG agent unlocked for key $SIGN_KEY"