The cluster synchronization code runs either actively (before returning a response to git clone, for example) or passively (routinely, as the daemons update reposiories).
The active sync runs as the web user (if running git clone http://...) or the VCS user (if running git clone ssh://...). But the passive sync runs as the daemon user.
All of these sync processes need to run actual commands as the daemon user (git fetch ...).
For the active ones, we must sudo.
For the passive ones, we're already the right user. We run the same code, and end up trying to sudo to ourselves, which sudo isn't happy about by default.
Depending on how sudo is configured and which users things are running as this might work anyway, but it's silly and if it doesn't work it requires you to go make non-obvious, weird config changes that are unintuitive and somewhat nonsensical. This is probably worse on the balance than adding a bit of complexity to the code.
Instead, test which user we're running as. If it's already the right user, don't sudo.