From 4f18a6c01cd3911d6bc9f671ec7afef26330eab7 Mon Sep 17 00:00:00 2001 From: mfowler Date: Tue, 23 Jun 2026 20:35:44 +0000 Subject: [PATCH] =?UTF-8?q?memory:=20correct=20Tangled=20gotcha=20?= =?UTF-8?q?=E2=80=94=20case-sensitive=20rkey=20in=20SSH=20path=20(not=20ne?= =?UTF-8?q?twork/perms)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.8 Claude-Session: https://claude.ai/code/session_01ALPo5Y86fzQjsALNZRSSG5 --- memory/tangled-bot-and-repo-creation.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/memory/tangled-bot-and-repo-creation.md b/memory/tangled-bot-and-repo-creation.md index e44e6e3..f069101 100644 --- a/memory/tangled-bot-and-repo-creation.md +++ b/memory/tangled-bot-and-repo-creation.md @@ -12,12 +12,20 @@ PDS `https://auriporia.us-west.host.bsky.network`). Its bsky password is in `.secrets/notplants-bot.bsky.social.env` in the PO repo — **gitignored via `/.secrets/`**, perms 600, never committed. (Consider rotating to an atproto app-password; the stored one looks like the main pw.) -**Tangled networking gotcha:** knots like `knot1.tangled.sh` are Cloudflare-fronted, so **SSH (port 22) -to a knot host is unreachable** from this box, but **HTTPS (443) works**. Git push goes through the -reachable SSH proxy `git@tangled.org:/` (which routes to the knot internally) — NOT -directly to the knot. The tangled SSH proxy addresses repos by the **owner's atproto identity/handle**, -not the knot-storage DID shown in clone URLs; "repo not found" over SSH means no access OR wrong owner -identity, not necessarily nonexistent. +**Tangled SSH-path gotcha (THE big one):** the `git@tangled.org` SSH proxy matches the repo by its +**rkey, which is the lowercased repo name** — and the match is **case-sensitive**. A path with capitals +(`…/Apertus-70B-Instruct-2509-experiments`) returns **"repo not found"** even when you have access; +use the lowercased form (`…/apertus-70b-instruct-2509-experiments`). This misled a whole session into +thinking it was a network/permissions problem — it was just case. "repo not found" over SSH usually +means wrong rkey case or wrong owner path, NOT lack of access (access denial looks different). + +Address repos on the proxy by the **owner's atproto handle/DID** (e.g. `notplants.bsky.social` / +its DID `3nog…`), NOT the knot-storage repoDid shown in clone-URL redirects (e.g. `54ba…`). The +repoDid is just where bytes live (handleless, PDS=knot1); it is never the SSH path. + +**Networking:** knots like `knot1.tangled.sh` are Cloudflare-fronted — **SSH (port 22) to a knot host +is unreachable** from this box, but **HTTPS (443) works**, and git push always goes through the +reachable `git@tangled.org` proxy anyway (it routes to the knot internally), so this rarely matters. **Create a repo programmatically as the bot** (no CLI exists; this is what the web "+ new repo" does): 1. `com.atproto.server.createSession` on the PDS → `accessJwt`, `did`.