arne/keys
0
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity
keys/log.md
Arne Skaar Fismen 87c2cd1689 Tag v0.1.3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 08:06:23 +01:00

3.8 KiB
Raw Permalink Blame History

Changelog

Unreleased

v0.1.3 — 2026-03-15 08:15

2026-03-15 08:15 — Fix selector border color

Rebuilt delegate SelectedTitle/SelectedDesc styles from the per-session renderer so the blue left border actually renders over SSH (same root cause as the general colors fix — the global renderer has no color support in SSH sessions).

2026-03-15 07:56 — Colored list selector, hostname as pending title, hostname for bootstrap

List delegate selected border uses blue (62) consistent with the title color. Pending item title shows the resolved hostname (ProposedLabel) instead of the fingerprint hash when available. Bootstrap label now prefers reverse DNS hostname over SSH username, so first-time connections from Tailscale nodes are labeled automatically.

v0.1.2 — 2026-03-15 07:34

2026-03-15 07:34 — TUI colors over SSH + Tailscale hostname as proposed label

TUI styles are now built from a per-session lipgloss.Renderer created via bubbletea.MakeRenderer(sess), fixing colors for SSH clients. The old globals queried the server's stdout at startup which has no color support.

When an unknown key connects, a reverse DNS lookup on the connecting IP is stored as ProposedLabel on the pending key. On a Tailscale network this resolves to the machine hostname (e.g. macbook), which is pre-filled in the approve-pending form.

2026-03-15 07:07 — deploy.sh: three explicit modes, no silent destruction

Replaced the ambiguous --update / implicit-delete behaviour with three explicit modes: fresh install (aborts if container exists), --update (aborts if container does not exist), and --reinstall --confirm (explicit two-flag opt-in for the destructive path). Fixed a POSIX sh portability bug where if "$UPDATE" evaluated incorrectly in busybox ash, causing --update to fall through to the full setup path and delete the container.

v0.1.0 — 2026-03-15

2026-03-15 07:07 — README rewrite and TUI colors

README rewritten to lead with the problem statement and better explain the pending key approval flow. Added styleApprove (green) and styleReject (red) lipgloss styles; [a] approve and [r] reject in the pending view are now color-coded, as is [y] yes / [n/esc] cancel in the delete confirmation.

2026-03-14 — Rename keys

Added r keybinding in the TUI list view to rename a key. Input is pre-filled with the current label.

2026-03-14 — Pending keys: "Key submitted for approval" instead of Permission denied

Unknown keys are now accepted at the SSH level. A middleware intercepts the session before the TUI, writes "Key submitted for approval." and closes cleanly. Avoids confusing "Permission denied" messages for legitimate new keys.

2026-03-14 — SSH integration tests

ssh_test.go starts a real wish server on a random local port — no Tailscale or incus needed. Covers bootstrap, approved key auth, unknown key → pending.

2026-03-14 — Deploy script

deploy.sh is curl-runnable. Handles full setup and --update. Uses Tailscale's official install script and prompts for web auth via tailscale up --qr. Includes retry logic and an error trap.

2026-03-14 — HTTP server serves all paths

Any HTTP request returns the authorized_keys list, not just /authorized_keys.

2026-03-14 — SSH port changed to 22

Default SSH port changed from :2222 to :22. Service uses cap_net_bind_service so it can bind port 22 as the unprivileged keys user.

2026-03-14 — Tests

  • store_test.go — unit tests for all store operations including concurrent bootstrap
  • server_test.go — HTTP handler tests
  • tui_test.go — bubbletea model state transition tests

2026-03-14 — Auto-bootstrap + remove manual CLI commands

First SSH connection to an empty store automatically approves the connecting key. Removed add, list, and remove CLI subcommands — no longer needed for setup.