Non-Blocking Review Concern: setup-ssh-access.sh idempotency gap on AcceptEnv conf file
Source: claude (PR review bot)
Location: scripts/server/setup-ssh-access.sh:~191
PR: #35 — feat(phase4): drop target-keychain path, use ssh AcceptEnv for OP token (#35)
Date: 2026-04-16
What was flagged
The guard only skips writing 200-claude-env.conf when the file exists AND already contains the exact AcceptEnv line. If a future operator manually edits the file with additional entries, a re-run of setup-ssh-access.sh will silently overwrite their changes via sudo tee. Low impact today since the file is fully script-managed, but worth hardening (e.g., append-if-missing rather than overwrite) before any other content lands in this conf file.
Context
This issue was automatically created from a non-blocking concern identified
during pre-merge review of PR #35. It was safe to merge but worth tracking.
Created by lib-review-issues.sh
Non-Blocking Review Concern: setup-ssh-access.sh idempotency gap on AcceptEnv conf file
Source: claude (PR review bot)
Location:
scripts/server/setup-ssh-access.sh:~191PR: #35 — feat(phase4): drop target-keychain path, use ssh AcceptEnv for OP token (#35)
Date: 2026-04-16
What was flagged
The guard only skips writing 200-claude-env.conf when the file exists AND already contains the exact AcceptEnv line. If a future operator manually edits the file with additional entries, a re-run of setup-ssh-access.sh will silently overwrite their changes via
sudo tee. Low impact today since the file is fully script-managed, but worth hardening (e.g., append-if-missing rather than overwrite) before any other content lands in this conf file.Context
This issue was automatically created from a non-blocking concern identified
during pre-merge review of PR #35. It was safe to merge but worth tracking.
Created by lib-review-issues.sh