chore: snapshot main sync
This commit is contained in:
@@ -47,6 +47,12 @@ Reuses jobType `action` from the existing `ControlJobFrame` (no contracts change
|
||||
- `applyRemoteConfig` `mode` defaults to `shell` -> existing call sites + tests unchanged.
|
||||
- No `control_job` schema change; the web `useControlStream` already accepts `jobType: 'action'`.
|
||||
|
||||
## Implementation notes (sam-desktop host findings, 2026-06-13)
|
||||
|
||||
- **Windows wrapper must target PowerShell 5.1.** sam-desktop's default `powershell` is Windows PowerShell 5.1, which lacks the `??` null-coalescing operator. `boocontrol-edit.ps1` was changed to an explicit `if ($null -eq $cmd)` guard. Verb chain verified live: `read` returns the real config, `whoami` -> denied, `pull ../x` -> bad repo id.
|
||||
- **This host's `sshd_config` has no `Match Group administrators` block**, so sshd uses the per-user `~/.ssh/authorized_keys` for the admin user `samki` (NOT `administrators_authorized_keys`, which is silently ignored). The forced-command key must go in `C:\Users\samki\.ssh\authorized_keys`. (Stock Windows OpenSSH ships the admin-match block; this install's is stripped.)
|
||||
- **No `Subsystem sftp`** in this host's `sshd_config`, so `scp`/`sftp` fail ("subsystem request failed"). Deploy the wrapper via `powershell -EncodedCommand` (base64 UTF-16LE) over the exec channel, or add `Subsystem sftp sftp-server.exe` + restart sshd. The go-live runbook uses the encoded-command method.
|
||||
|
||||
## Validation lenses folded in
|
||||
|
||||
- **V1 (adversarial):** wrapper `backup` must return the path the wrapper chose, not a client-computed one (clock skew between control host and GPU host) -> wrapper `backup` reads stdout.
|
||||
|
||||
Reference in New Issue
Block a user