Dead PRD: SSH Config Provisioning #151

Closed

didericis-codex wants to merge 2 commits from prd-0046-ssh-config-provisioning into main

pull from: prd-0046-ssh-config-provisioning

merge into: didericis:main

didericis:main

didericis:core-coverage-badge

didericis:ratchet-supervise-90

didericis:ratchet-manifest-90

didericis:ratchet-git-gate-90

didericis:ratchet-egress-core-90

didericis:ratchet-yaml-subset-90

didericis:ratchet-egress-addon-90

didericis:cover-global-90

didericis:table-drive-dlp-tests

didericis:flatten-deep-nesting

didericis:decompose-egress-dlp-config

didericis:cover-egress-addon-adapter

didericis:prd-egress-control-plane

didericis:prd-smolmachines-linux

didericis:fix-integration-test-failures

didericis:fix/macos-container-relative-dockerfile

didericis:prd-0054-install-script

didericis:commit-bottle-state

didericis:pr-211

didericis:move-codex-auth-to-contrib

didericis:feat/pipelock-skip-scan-extensions

didericis:prd-0049-named-labelled-agents

didericis:harden-git-gate-shell-rendering

Conversation 5 Commits 2 Files Changed 1

+230

didericis-codex commented 2026-06-02 13:51:56 -04:00

Collaborator

Copy Link

Copy Source

Closes #150.

This PRD is dead and no longer owns PRD 0046. PRD 0046 now refers to the git remote host override removal work: 46e596d0b1/docs/prds/0046-remove-git-remote-host-overrides.md

Original abandoned draft: 859092297f/docs/prds/0046-ssh-config-provisioning.md

Closes #150. This PRD is dead and no longer owns PRD 0046. PRD 0046 now refers to the git remote host override removal work: https://gitea.dideric.is/didericis/bot-bottle/src/commit/46e596d0b170fe50b29040c92837594de5592b33/docs/prds/0046-remove-git-remote-host-overrides.md Original abandoned draft: https://gitea.dideric.is/didericis/bot-bottle/src/commit/859092297f5056685bd30ef7b4eb7bc448c44725/docs/prds/0046-ssh-config-provisioning.md

didericis-codex added 1 commit 2026-06-02 13:51:57 -04:00

docs(prd): add ssh config provisioning plan 859092297f

didericis commented 2026-06-02 13:58:55 -04:00

Owner

Copy Link

Copy Source

PRD looks mostly good, but think we can also strip out ExtraHosts from the git config, and we should add a section under ssh for known host keys. After this the only thing under git remotes remaining should be Name and Upstream, and we should change it to look like this:

git:
  remotes:
    bot-bottle: ssh://git@100.78.141.42:30009/didericis/bot-bottle.git
ssh:
  known_hosts:
    - "[100.78.141.42]:30009 ssh-rsa ..." 
  config:
    - Host: gitea
      Hostname: 100.78.141.42
      Port: 30009
      User: git
      IdentityFile: ~/.ssh/gitea-delos-2.pem
    - Host: gitea.dideric.is
      Hostname: 100.78.141.42
      Port: 30009
      User: git
      IdentityFile: ~/.ssh/gitea-delos-2.pem

PRD looks mostly good, but think we can also strip out `ExtraHosts` from the git config, and we should add a section under ssh for known host keys. After this the only thing under git remotes remaining should be `Name` and `Upstream`, and we should change it to look like this: ```yaml git: remotes: bot-bottle: ssh://git@100.78.141.42:30009/didericis/bot-bottle.git ssh: known_hosts: - "[100.78.141.42]:30009 ssh-rsa ..." config: - Host: gitea Hostname: 100.78.141.42 Port: 30009 User: git IdentityFile: ~/.ssh/gitea-delos-2.pem - Host: gitea.dideric.is Hostname: 100.78.141.42 Port: 30009 User: git IdentityFile: ~/.ssh/gitea-delos-2.pem ```

didericis-codex commented 2026-06-02 13:59:54 -04:00

Author

Collaborator

Copy Link

Copy Source

Agreed. That is a cleaner split, and it keeps the manifest from having three different host-resolution mechanisms hidden under git.remotes.

I’ll update the PRD around this shape:

git:
  remotes:
    bot-bottle: ssh://git@100.78.141.42:30009/didericis/bot-bottle.git
ssh:
  known_hosts:
    - "[100.78.141.42]:30009 ssh-rsa ..."
  config:
    - Host: gitea
      Hostname: 100.78.141.42
      Port: 30009
      User: git
      IdentityFile: ~/.ssh/gitea-delos-2.pem

Concretely, I think the PRD should say:

• git.remotes becomes only the logical remote name to upstream URL mapping. No ExtraHosts, no identity material, no SSH host metadata.
• ssh.known_hosts is a list of OpenSSH known_hosts lines and renders to the agent-side default known-hosts file, normally ~/.ssh/known_hosts for the node user.
• ssh.config renders to ~/.ssh/config, with IdentityFile rewritten to the staged in-bottle key path.
• The git-gate path should consume the same SSH material where it needs SSH verification/key config, but this should not create Docker extra_hosts, sidecar host mappings, agent /etc/hosts, or egress DNS behavior.
• ExtraHosts can be removed from the new PRD’s target model rather than preserved as part of git config.

That also gives the implementation a better boundary: git remotes define what repos exist; ssh defines how SSH resolves/authenticates/verifies hosts; egress remains HTTP/API policy.

Agreed. That is a cleaner split, and it keeps the manifest from having three different host-resolution mechanisms hidden under `git.remotes`. I’ll update the PRD around this shape: ```yaml git: remotes: bot-bottle: ssh://git@100.78.141.42:30009/didericis/bot-bottle.git ssh: known_hosts: - "[100.78.141.42]:30009 ssh-rsa ..." config: - Host: gitea Hostname: 100.78.141.42 Port: 30009 User: git IdentityFile: ~/.ssh/gitea-delos-2.pem ``` Concretely, I think the PRD should say: - `git.remotes` becomes only the logical remote name to upstream URL mapping. No `ExtraHosts`, no identity material, no SSH host metadata. - `ssh.known_hosts` is a list of OpenSSH `known_hosts` lines and renders to the agent-side default known-hosts file, normally `~/.ssh/known_hosts` for the `node` user. - `ssh.config` renders to `~/.ssh/config`, with `IdentityFile` rewritten to the staged in-bottle key path. - The git-gate path should consume the same SSH material where it needs SSH verification/key config, but this should not create Docker `extra_hosts`, sidecar host mappings, agent `/etc/hosts`, or egress DNS behavior. - `ExtraHosts` can be removed from the new PRD’s target model rather than preserved as part of git config. That also gives the implementation a better boundary: git remotes define what repos exist; ssh defines how SSH resolves/authenticates/verifies hosts; egress remains HTTP/API policy.

didericis added 1 commit 2026-06-02 14:01:46 -04:00

docs(prd): revise ssh provisioning schema 28cbe40a22

didericis-codex commented 2026-06-02 14:01:50 -04:00

Author

Collaborator

Copy Link

Copy Source

Updated in 28cbe40.

The PRD now uses the requested shape:

• git.remotes is a simple logical-name to upstream-URL mapping.
• ssh.known_hosts is a top-level list of OpenSSH known-host lines.
• ssh.config owns SSH client stanzas and identity-file references.
• ExtraHosts, IdentityFile, and embedded known-host fields are removed from the target git.remotes model.
• Acceptance criteria and tests now cover known-host rendering and hosts/DNS isolation without preserving ExtraHosts as part of git config.

Updated in `28cbe40`. The PRD now uses the requested shape: - `git.remotes` is a simple logical-name to upstream-URL mapping. - `ssh.known_hosts` is a top-level list of OpenSSH known-host lines. - `ssh.config` owns SSH client stanzas and identity-file references. - `ExtraHosts`, `IdentityFile`, and embedded known-host fields are removed from the target `git.remotes` model. - Acceptance criteria and tests now cover known-host rendering and hosts/DNS isolation without preserving `ExtraHosts` as part of git config.

didericis commented 2026-06-02 14:08:53 -04:00

Owner

Copy Link

Copy Source

Actually this architecture will break a bunch of assumptions we were making in order to route everything through git-gate... maybe we should just back out of this entirely. The only reason to do this is so that the local remote I have configured gets routed to the correct location and can take my ssh config into account, but it's a bit of a weird/atypical remote set up (I think), and I don't think it justifies the complexity of all this.

That said, I DO think we should probably remove ExtraHosts, as that adds some unexpected behavior (original reason for filing the bug). Let's add a new issue about just removing ExtraHosts from the git portion of the manifest.

Actually this architecture will break a bunch of assumptions we were making in order to route everything through git-gate... maybe we should just back out of this entirely. The only reason to do this is so that the local remote I have configured gets routed to the correct location and can take my ssh config into account, but it's a bit of a weird/atypical remote set up (I think), and I don't think it justifies the complexity of all this. That said, I DO think we should probably remove `ExtraHosts`, as that adds some unexpected behavior (original reason for filing the bug). Let's add a new issue about just removing `ExtraHosts` from the git portion of the manifest.

didericis-codex commented 2026-06-02 14:09:59 -04:00

Author

Collaborator

Copy Link

Copy Source

Agreed. The top-level SSH config provisioning path is too much machinery for the specific remote-alias case, and it changes git-gate assumptions more than this bug warrants.

I created #152 for the narrower follow-up: remove ExtraHosts from git.remotes and stop plumbing it into git-gate/hosts behavior. I will not continue the broader PRD 0046 implementation from this PR.

Agreed. The top-level SSH config provisioning path is too much machinery for the specific remote-alias case, and it changes git-gate assumptions more than this bug warrants. I created #152 for the narrower follow-up: remove `ExtraHosts` from `git.remotes` and stop plumbing it into git-gate/hosts behavior. I will not continue the broader PRD 0046 implementation from this PR.

didericis closed this pull request 2026-06-02 14:10:44 -04:00

didericis referenced this pull request 2026-06-02 14:11:36 -04:00

Dead: provision SSH config for bottles #150

didericis-codex changed title from PRD 0046: SSH Config Provisioning to Dead PRD: SSH Config Provisioning 2026-06-02 14:33:36 -04:00

Some checks are pending

Hide all checks

test / unit (pull_request) Successful in 34s

Details

test / integration (pull_request) Successful in 42s

Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#151