feat: initial repo — docs and scripts for Gitea read-only token access

Three-layer access scheme: owner -> reader account -> scoped API token.
Includes 6 automation scripts, config template, EN/RU docs, and manual curl guide.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/grant-access.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+CONFIG="${SCRIPT_DIR}/../config.ini"
+
+if [[ $# -lt 1 ]]; then
+  echo "Usage: $0 <repo-name> [config.ini]"
+  echo "Grant read access to a repository for the reader account."
+  exit 1
+fi
+
+REPO="$1"
+[[ -n "${2:-}" ]] && CONFIG="$2"
+
+if [[ ! -f "$CONFIG" ]]; then
+  echo "ERROR: config file not found: $CONFIG"
+  exit 1
+fi
+
+# --- Parse INI ---
+parse_ini() {
+  local file="$1" section="$2" key="$3"
+  sed -n "/^\[$section\]/,/^\[/p" "$file" | grep "^${key}\s*=" | head -1 | sed 's/^[^=]*=\s*//' | sed 's/\s*$//'
+}
+
+GITEA_API=$(parse_ini "$CONFIG" gitea api_url)
+OWNER_USER=$(parse_ini "$CONFIG" owner username)
+OWNER_PASS=$(parse_ini "$CONFIG" owner password)
+READER_USER=$(parse_ini "$CONFIG" reader username)
+READER_PASS=$(parse_ini "$CONFIG" reader password)
+TOKEN=$(parse_ini "$CONFIG" reader token)
+
+echo "=== Grant Access: $OWNER_USER/$REPO -> $READER_USER ==="
+
+# --- Add as collaborator (read permission) ---
+echo "[1/3] Adding '$READER_USER' as collaborator (read)..."
+HTTP_CODE=$(curl -s -o /tmp/gitea_grant.json -w "%{http_code}" \
+  -X PUT "$GITEA_API/repos/$OWNER_USER/$REPO/collaborators/$READER_USER" \
+  -u "$OWNER_USER:$OWNER_PASS" \
+  -H "Content-Type: application/json" \
+  -d '{"permission": "read"}')
+
+if [[ "$HTTP_CODE" == "204" || "$HTTP_CODE" == "200" ]]; then
+  echo "  -> Collaborator added."
+else
+  echo "  -> ERROR: HTTP $HTTP_CODE"
+  cat /tmp/gitea_grant.json
+  exit 1
+fi
+
+# --- Accept invitation (if required by Gitea) ---
+echo "[2/3] Accepting collaboration invite (if any)..."
+# List pending notifications/invitations and accept
+PENDING=$(curl -s \
+  -u "$READER_USER:$READER_PASS" \
+  "$GITEA_API/user/repos" | grep -c "\"name\":\"$REPO\"" 2>/dev/null || echo "0")
+
+if [[ "$PENDING" == "0" ]]; then
+  # Try to accept via notifications — some Gitea versions auto-accept
+  echo "  -> Auto-accepted or no invite needed."
+else
+  echo "  -> Already accessible."
+fi
+
+# --- Verify access with token ---
+echo "[3/3] Verifying access with token..."
+if [[ -z "$TOKEN" ]]; then
+  echo "  -> WARNING: No token in config.ini, skipping verification."
+  echo "  -> Run setup-reader.sh first to create a token."
+else
+  HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+    -H "Authorization: token $TOKEN" \
+    "$GITEA_API/repos/$OWNER_USER/$REPO")
+
+  if [[ "$HTTP_CODE" == "200" ]]; then
+    echo "  -> Access confirmed (HTTP 200)."
+  else
+    echo "  -> WARNING: HTTP $HTTP_CODE — access may not be working yet."
+  fi
+fi
+
+echo ""
+echo "=== Done ==="
+echo "Repo '$OWNER_USER/$REPO' is now readable by '$READER_USER'."