feat(git-hangman-lab): add --visibility flag to repo create

Previously repo create only initialized the local repo and relied on
Gitea's push-to-create feature, which always yields a private
repository. Now the script pre-creates the remote via the Gitea API
honoring --visibility public|private (default: private), and falls
back to a PATCH when the repo already exists.

git-hangman-lab/scripts/repo

@@ -14,8 +14,32 @@ GIT_HOST="root@vps.git"
 # create
 # ─────────────────────────────────────────────
 do_create() {
-  if [[ $# -lt 1 ]]; then
+  local REPO_NAME="" VISIBILITY="private"
-    echo "Usage: $0 create <repo-name>"
+
+  while [[ $# -gt 0 ]]; do
+    case "$1" in
+      --visibility)
+        VISIBILITY="$2"; shift 2 ;;
+      -h|--help)
+        echo "Usage: $0 create <repo-name> [--visibility <public|private>]"
+        exit 0 ;;
+      *)
+        if [[ -z "$REPO_NAME" ]]; then
+          REPO_NAME="$1"; shift
+        else
+          echo "Error: unexpected argument '$1'"
+          exit 1
+        fi ;;
+    esac
+  done
+
+  if [[ -z "$REPO_NAME" ]]; then
+    echo "Usage: $0 create <repo-name> [--visibility <public|private>]"
+    exit 1
+  fi
+
+  if [[ "$VISIBILITY" != "public" && "$VISIBILITY" != "private" ]]; then
+    echo "Error: --visibility must be 'public' or 'private' (got '$VISIBILITY')"
     exit 1
   fi
 
@@ -24,8 +48,6 @@ do_create() {
     exit 1
   fi
 
-  REPO_NAME="$1"
-
   # Validate repo name
   if ! [[ "$REPO_NAME" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
     echo "Error: Invalid repository name '$REPO_NAME'"
@@ -35,19 +57,73 @@ do_create() {
 
   REPO_DIR="${AGENT_WORKSPACE}/${REPO_NAME}"
 
+  # Pre-create the repo on Gitea so --visibility is honoured. Relying on
+  # push-to-create always yields a private repo regardless of flag.
+  if ! secret-mgr list | grep -q "git-access-token"; then
+    echo "Error: git-access-token not found. Generate one first."
+    exit 1
+  fi
+
+  local USERNAME TOKEN PRIVATE_JSON STATUS BODY
+  USERNAME="$(secret-mgr get-username --key git)"
+  TOKEN="$(secret-mgr get-secret --key git-access-token)"
+  if [[ "$VISIBILITY" == "public" ]]; then
+    PRIVATE_JSON="false"
+  else
+    PRIVATE_JSON="true"
+  fi
+
+  echo "Creating ${USERNAME}/${REPO_NAME} on git.hangman-lab.top (visibility: ${VISIBILITY})..."
+  RESP=$(curl -s -w "
+%{http_code}" -X POST \
+    -H "Authorization: token ${TOKEN}" \
+    -H "Content-Type: application/json" \
+    -d "{\"name\": \"${REPO_NAME}\", \"private\": ${PRIVATE_JSON}, \"auto_init\": false}" \
+    "https://git.hangman-lab.top/api/v1/user/repos")
+  STATUS=$(printf "%s" "$RESP" | tail -n1)
+  BODY=$(printf "%s" "$RESP" | sed '$d')
+
+  case "$STATUS" in
+    201)
+      echo "  Remote repository created."
+      ;;
+    409)
+      echo "  Remote repository already exists — ensuring visibility..."
+      PATCH_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X PATCH \
+        -H "Authorization: token ${TOKEN}" \
+        -H "Content-Type: application/json" \
+        -d "{\"private\": ${PRIVATE_JSON}}" \
+        "https://git.hangman-lab.top/api/v1/repos/${USERNAME}/${REPO_NAME}")
+      if [[ "$PATCH_STATUS" != "200" ]]; then
+        echo "Warning: failed to update visibility (HTTP $PATCH_STATUS)"
+      fi
+      ;;
+    *)
+      echo "Error: remote repo creation failed (HTTP $STATUS): $BODY"
+      exit 1
+      ;;
+  esac
+
   mkdir -p "${REPO_DIR}"
   cd "${REPO_DIR}"
-  git init
+  if [[ ! -d .git ]]; then
+    git init
+  fi
 
-  USERNAME="$(secret-mgr get-username --key git)"
   REMOTE_URL="https://git.hangman-lab.top/${USERNAME}/${REPO_NAME}.git"
-  git remote add origin "${REMOTE_URL}"
+  if ! git remote get-url origin >/dev/null 2>&1; then
+    git remote add origin "${REMOTE_URL}"
+  else
+    git remote set-url origin "${REMOTE_URL}"
+  fi
 
   do_config --repo-path "${REPO_DIR}"
 
   echo "Done! Repository created at: ${REPO_DIR}"
+  echo "Remote: ${REMOTE_URL}"
 }
 
+
 # ─────────────────────────────────────────────
 # add-collaborators
 # ─────────────────────────────────────────────