4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/services/ia_dev/deploy/scripts/add-ssh-key-anthony.sh
Nicolas Cantu 58cc2493e5 chore: consolidate ia_dev module, sync tooling, and harden gateways (0.0.5) 
Initial state:
- ia_dev was historically referenced as ./ia_dev in docs and integrations, while the vendored module lives under services/ia_dev.
- AnythingLLM sync and hook installation had error masking / weak exit signaling.
- Proxy layers did not validate proxy path segments, allowing path normalization tricks.

Motivation:
- Make the IDE-oriented workflow usable (sync -> act -> deploy/preview) with explicit errors.
- Reduce security footguns in proxying and script automation.

Resolution:
- Standardize IA_DEV_ROOT usage and documentation to services/ia_dev.
- Add SSH remote data mirroring + optional AnythingLLM ingestion.
- Extend AnythingLLM pull sync to support upload-all/prefix and fail on upload errors.
- Harden smart-ide-sso-gateway and smart-ide-global-api proxying with safe-path checks and non-leaking error responses.
- Improve ia-dev-gateway runner validation and reduce sensitive path leakage.
- Add site scaffold tool (Vite/React) with OIDC + chat via sso-gateway -> orchestrator.

Root cause:
- Historical layout changes (submodule -> vendored tree) and missing central contracts for path resolution.
- Missing validation for proxy path traversal patterns.
- Overuse of silent fallbacks (|| true, exit 0 on partial failures) in automation scripts.

Impacted features:
- Project sync: git pull + AnythingLLM sync + remote data mirror ingestion.
- Site frontends: SSO gateway proxy and orchestrator intents (rag.query, chat.local).
- Agent execution: ia-dev-gateway script runner and SSE output.

Code modified:
- scripts/remote-data-ssh-sync.sh
- scripts/anythingllm-pull-sync/sync.mjs
- scripts/install-anythingllm-post-merge-hook.sh
- cron/git-pull-project-clones.sh
- services/smart-ide-sso-gateway/src/server.ts
- services/smart-ide-global-api/src/server.ts
- services/smart-ide-orchestrator/src/server.ts
- services/ia-dev-gateway/src/server.ts
- services/ia_dev/tools/site-generate.sh

Documentation modified:
- docs/** (architecture, API docs, ia_dev module + integration, scripts)

Configurations modified:
- config/services.local.env.example
- services/*/.env.example

Files in deploy modified:
- services/ia_dev/deploy/*

Files in logs impacted:
- logs/ia_dev.log (runtime only)
- .logs/* (runtime only)

Databases and other sources modified:
- None

Off-project modifications:
- None

Files in .smartIde modified:
- .smartIde/agents/*.md
- services/ia_dev/.smartIde/**

Files in .secrets modified:
- None

New patch version in VERSION:
- 0.0.5

CHANGELOG.md updated:
- yes
2026-04-04 18:36:43 +02:00

53 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Add SSH public key for anthony@4nk to proxy and services (192.168.1.104).
# Run from ia_dev root. Uses DEPLOY_SSH_KEY or ~/.ssh/id_ed25519 to authenticate.
set -euo pipefail
SCRIPT_DIR="${BASH_SOURCE%/*}"
[[ -d "$SCRIPT_DIR" ]] || SCRIPT_DIR=.
IA_DEV_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
if [[ -f "${IA_DEV_ROOT}/lib/smart_ide_logs.sh" ]]; then
# shellcheck source=../../lib/smart_ide_logs.sh
source "${IA_DEV_ROOT}/lib/smart_ide_logs.sh"
smart_ide_logs_begin "$IA_DEV_ROOT" "$0" "$*"
smart_ide_logs_register_exit_trap
fi
LIB_DIR="$(cd "$SCRIPT_DIR/../_lib" && pwd)"
# shellcheck source=../_lib/ssh.sh
source "$LIB_DIR/ssh.sh"
SSH_KEY="${DEPLOY_SSH_KEY:-$HOME/.ssh/id_ed25519}"
SSH_USER="${DEPLOY_SSH_USER:-ncantu}"
PROXY_HOST="${DEPLOY_SSH_PROXY_HOST:-4nk.myftp.biz}"
SERVICES_IP="192.168.1.104"
KEY_LINE="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIM7df89eMnNBc85o+hijYTnZALlTZssIZSYlN+hMW3c anthony@4nk"
printf -v KEY_ESC '%q' "$KEY_LINE"
require_ssh_key "$SSH_KEY"
add_key_remote() {
local target_host="$1"
local use_proxy="${2:-false}"
local proxy_args=()
if [[ "$use_proxy" == "true" ]]; then
proxy_args=(-o "ProxyJump=$SSH_USER@$PROXY_HOST")
fi
# shellcheck disable=SC2207
local common_opts=($(ssh_common_opts "$SSH_USER" "$target_host"))
ssh -i "$SSH_KEY" \
"${common_opts[@]}" \
"${proxy_args[@]}" \
"$SSH_USER@$target_host" \
"mkdir -p ~/.ssh && (grep -qF $KEY_ESC ~/.ssh/authorized_keys 2>/dev/null || echo $KEY_ESC >> ~/.ssh/authorized_keys)"
}
echo "Adding key to proxy ($PROXY_HOST)..."
add_key_remote "$PROXY_HOST" false
echo "Adding key to services ($SERVICES_IP) via proxy..."
add_key_remote "$SERVICES_IP" true
echo "Done. Key anthony@4nk added on proxy and services."
Reference in New Issue View Git Blame Copy Permalink