feat: add WSL GPG integration with Windows pinentry support

Configure chezmoi to automatically set up WSL to use Windows GPG for native
Qt5 GUI passphrase prompts during git commit signing:

- Add symlink_dot_gnupg.tmpl to link ~/.gnupg to Windows GPG directory
- Add run_onchange_before_setup-wsl-gpg.sh.tmpl for system GPG symlink
- Update .chezmoiignore to handle .gnupg appropriately per platform
- Document GPG configuration in CLAUDE.md and ONBOARDING.md

This enables seamless git commit signing in WSL environments (including
Claude Code) without passphrase prompt issues, while maintaining platform
independence for regular Linux installations.

CLAUDE.md

@@ -33,6 +33,12 @@ This is a **chezmoi source directory** for managing dotfiles across multiple mac
 - Bootstrap encryption key from Doppler before apply
 - Handle `chezmoi init` and `chezmoi update --init`
 
+**GPG Configuration (WSL-only):**
+- `~/.gnupg` → Symlink to Windows GPG directory (`C:\Users\Xevion\AppData\Roaming\gnupg`)
+- `/usr/local/bin/gpg` → Symlink to Windows `gpg.exe` (via `run_onchange_before_setup-wsl-gpg.sh.tmpl`)
+- Enables native Windows Qt5 pinentry GUI for passphrase prompts
+- Automatic setup on WSL; ignored on regular Linux
+
 ## Critical Restrictions
 
 ### NEVER Do These Actions

ONBOARDING.md

@@ -13,3 +13,7 @@ When **bolded**, this application won't be installed automatically. It implies t
 - Preferred applications
   - [ ] kitty
   - [ ] micro
+- WSL-specific requirements
+  - [ ] **GPG4win** (Windows) - Required for Git commit signing with GUI pinentry
+    - Install via: `scoop install gpg4win`
+    - WSL will automatically link to Windows GPG for native passphrase dialogs

home/.chezmoiignore

@@ -22,5 +22,12 @@ key.txt
 
 # Windows-only
 Documents/PowerShell
+AppData/
+
+{{/* WSL-specific: .gnupg is symlinked to Windows GPG directory */}}
+{{ if not .wsl }}
+# On non-WSL Linux, .gnupg is managed separately (not via chezmoi)
+.gnupg
+{{ end }}
 
 {{ end }}

home/run_onchange_before_setup-wsl-gpg.sh.tmpl

@@ -0,0 +1,38 @@
+{{- if .wsl -}}
+#!/bin/bash
+set -eu
+
+# WSL GPG Setup - Link to Windows GPG for native pinentry support
+# This script creates a system-level symlink from /usr/local/bin/gpg to Windows gpg.exe
+# This allows WSL to use Windows' native Qt5 pinentry GUI for passphrase prompts
+
+GPG_WINDOWS="/mnt/c/Users/{{ .chezmoi.username }}/scoop/apps/gpg4win/current/GnuPG/bin/gpg.exe"
+GPG_LINK="/usr/local/bin/gpg"
+
+# Check if Windows GPG exists
+if [ ! -f "$GPG_WINDOWS" ]; then
+    echo "WARNING: Windows GPG not found at $GPG_WINDOWS"
+    echo "         Skipping GPG symlink setup"
+    exit 0
+fi
+
+# Check if symlink already exists and is correct
+if [ -L "$GPG_LINK" ]; then
+    CURRENT_TARGET=$(readlink "$GPG_LINK")
+    if [ "$CURRENT_TARGET" = "$GPG_WINDOWS" ]; then
+        echo "GPG symlink already configured correctly"
+        exit 0
+    else
+        echo "Updating GPG symlink (was pointing to: $CURRENT_TARGET)"
+    fi
+else
+    echo "Creating GPG symlink to Windows GPG"
+fi
+
+# Create/update the symlink (requires sudo)
+echo "Note: This requires sudo to create a symlink in /usr/local/bin"
+sudo ln -sf "$GPG_WINDOWS" "$GPG_LINK"
+
+echo "✓ GPG symlink configured: $GPG_LINK -> $GPG_WINDOWS"
+echo "  WSL will now use Windows GPG with native GUI pinentry"
+{{- end -}}

home/symlink_dot_gnupg.tmpl

@@ -0,0 +1,3 @@
+{{- if .wsl -}}
+/mnt/c/Users/Xevion/AppData/Roaming/gnupg
+{{- end -}}