Detect missing Project intake token during repo init and configure

[codeforester]

Context

Base-managed repositories carry .github/base-project.yml and .github/workflows/project-intake.yml so issues created outside basectl gh issue create can still be reconciled into the repo-named GitHub Project.

The generated workflow uses secrets.BASE_PROJECT_TOKEN || github.token. For private user Projects, the fallback github.token may not be able to list or edit the user Project. In that case issue-created workflow runs fail with a misleading message such as:

GitHub Project '<repo-name>' was not found for owner '<owner>'.

This happened in codeforester/base-bash-libs: issues existed, the repo Project existed, but the Project Intake workflow could not see the Project because the repo had no BASE_PROJECT_TOKEN secret.

Scope

• Make basectl repo init and/or basectl repo configure verify whether BASE_PROJECT_TOKEN is present when Project intake support is enabled.

• If the secret is missing, print a clear next-step command, for example:

  gh auth token | gh secret set BASE_PROJECT_TOKEN --repo <owner/name>

  or the safer dedicated-token equivalent.

• Keep Base out of silent credential copying by default; this should be detection and guidance unless an explicit opt-in is designed.

• Improve generated project-intake.yml failure messaging so missing or under-scoped token access is distinguishable from a genuinely missing Project.

• Update docs that describe repo init/configure Project support.

Acceptance Criteria

• basectl repo init or basectl repo configure reports when Project intake is configured but BASE_PROJECT_TOKEN is absent.
• The report includes an actionable command for setting the secret.
• The generated intake workflow emits a clearer diagnostic when Project listing fails because the token cannot see user Projects.
• Existing Project setup and repo baseline behavior remain idempotent.
• Tests cover the missing-secret guidance path.

Validation

• env -u BASE_HOME ./bin/base-test
• Focused basectl repo init/configure tests for the new diagnostic path

Notes

This should prevent future repos created through basectl repo init from silently entering a state where GitHub-native issue creation works, but Project intake fails after the fact.

[codeforester]

Observed again while creating #851. Root cause evidence:

• The repo-named Project base exists and is open as user Project Add managed Bash/Zsh startup files and document shell bootstrap #7.
• Detect outdated Homebrew artifacts declared as latest #851 was absent from Project items after plain gh issue create.
• The Project Intake workflow run for Detect outdated Homebrew artifacts declared as latest #851 failed with: GitHub Project 'base' was not found for owner 'codeforester'.\n- gh secret list --repo codeforester/base returned no configured repo secrets, so the workflow appears to be falling back to github.token. That token cannot see/write the user-level Project even though a normal user token can.\n\nManual repair used:\n\nbash\nbasectl gh project issue set-fields 851 \\\n --repo codeforester/base \\\n --project base \\\n --owner codeforester \\\n --status Backlog \\\n --priority P2 \\\n --area Setup \\\n --initiative "Adoption Polish" \\\n --size S\n\n\nThis issue should make the failure explicit and prevent silent dashboard misses: repo init / repo configure should detect the missing Project token or workflow inability to see the repo Project, and issue creation paths should verify Project membership after creating an issue.