Credential fallback chain for CLI authentication

## Requirement

**REQ-CLI-024** — Credential fallback chain for CLI authentication

## Summary

Implement a prioritized credential resolution chain for all authenticated CLI operations.

## Fallback Order

1. **`FORKZERO_TOKEN`** env var — direct access token (CI/pipelines)
2. **`FORKZERO_CREDENTIALS_FILE`** env var — path to credential JSON
3. **Encrypted keyring** — OS keychain from `lattice auth login`
4. **Encrypted file** — `~/.forkzero/credentials.enc` (headless fallback)
5. **Interactive device flow** — prompt user to authenticate

## Behavior

- Fail hard on explicit config errors (e.g., FORKZERO_CREDENTIALS_FILE points to missing file)
- Fall through silently on ambient sources (keyring not available → try file)
- Attempt token refresh on 401 before failing (anti-pattern from GWS: they only retry on 429)

## Lattice

- Depends on: REQ-CLI-023
- Source: SRC-AUTH-PATTERNS (#6)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Credential fallback chain for CLI authentication #11

Requirement

Summary

Fallback Order

Behavior

Lattice

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Credential fallback chain for CLI authentication #11

Description

Requirement

Summary

Fallback Order

Behavior

Lattice

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions