diff --git a/memory/tangled-bot-and-repo-creation.md b/memory/tangled-bot-and-repo-creation.md index e44e6e3..f069101 100644 --- a/memory/tangled-bot-and-repo-creation.md +++ b/memory/tangled-bot-and-repo-creation.md @@ -12,12 +12,20 @@ PDS `https://auriporia.us-west.host.bsky.network`). Its bsky password is in `.secrets/notplants-bot.bsky.social.env` in the PO repo — **gitignored via `/.secrets/`**, perms 600, never committed. (Consider rotating to an atproto app-password; the stored one looks like the main pw.) -**Tangled networking gotcha:** knots like `knot1.tangled.sh` are Cloudflare-fronted, so **SSH (port 22) -to a knot host is unreachable** from this box, but **HTTPS (443) works**. Git push goes through the -reachable SSH proxy `git@tangled.org:/` (which routes to the knot internally) — NOT -directly to the knot. The tangled SSH proxy addresses repos by the **owner's atproto identity/handle**, -not the knot-storage DID shown in clone URLs; "repo not found" over SSH means no access OR wrong owner -identity, not necessarily nonexistent. +**Tangled SSH-path gotcha (THE big one):** the `git@tangled.org` SSH proxy matches the repo by its +**rkey, which is the lowercased repo name** — and the match is **case-sensitive**. A path with capitals +(`…/Apertus-70B-Instruct-2509-experiments`) returns **"repo not found"** even when you have access; +use the lowercased form (`…/apertus-70b-instruct-2509-experiments`). This misled a whole session into +thinking it was a network/permissions problem — it was just case. "repo not found" over SSH usually +means wrong rkey case or wrong owner path, NOT lack of access (access denial looks different). + +Address repos on the proxy by the **owner's atproto handle/DID** (e.g. `notplants.bsky.social` / +its DID `3nog…`), NOT the knot-storage repoDid shown in clone-URL redirects (e.g. `54ba…`). The +repoDid is just where bytes live (handleless, PDS=knot1); it is never the SSH path. + +**Networking:** knots like `knot1.tangled.sh` are Cloudflare-fronted — **SSH (port 22) to a knot host +is unreachable** from this box, but **HTTPS (443) works**, and git push always goes through the +reachable `git@tangled.org` proxy anyway (it routes to the knot internally), so this rarely matters. **Create a repo programmatically as the bot** (no CLI exists; this is what the web "+ new repo" does): 1. `com.atproto.server.createSession` on the PDS → `accessJwt`, `did`.