feat(server): 新增 zeabur server exec(DES-802)#263
Hidden character warning
Conversation
Running a command on a dedicated server previously meant `server ssh-info` + a hand-rolled ssh2/sshpass invocation. That embeds the password into a multi-layer-escaped shell script, so passwords with special characters (]/@/…) get corrupted and auth fails; it also needs an external ssh/sshpass client. `server exec [server-id] -- <command>` fetches the credentials and opens the connection entirely in-process via golang.org/x/crypto/ssh: - Password is never printed nor passed through a shell → special chars are safe. - Streams stdout/stderr live (no buffering for long output). - Propagates the remote command's exit code. - StrictHostKeyChecking=no equivalent (dedicated servers rotate host keys). - Non-interactive: stdin left unset so the remote sees EOF (no hang). `ssh-info` stays as the primitive for users who want the raw credentials to drive their own client / take over manually. DES-802 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Note Currently processing new changes in this PR, please wait... 📦 Commits (1)Reviewed via multi-agent panel 📂 Files selected for processing (4)Details available in the full review |
|
LGTM ✅ — New What This PR DoesAdds How It Works
Findings
Finding Details🟡 F1: Unreachable custom error for empty command after
|
| Auth: auth, | ||
| // Equivalent to `-o StrictHostKeyChecking=no`: dedicated servers are | ||
| // reached by IP with rotating host keys, so pinning would only wedge. | ||
| HostKeyCallback: ssh.InsecureIgnoreHostKey(), |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds a 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 9487b6eb-9ffe-4392-83ec-07c140c2eda8
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (3)
go.modinternal/cmd/server/exec/exec.gointernal/cmd/server/server.go
…assword errors Review follow-up on #263: - Bump golang.org/x/crypto to v0.52.0 (fixes GO-2026-5013 in ssh.Dial). - Prompt for a server when no id is given in interactive mode (mirrors `server ssh`); the remote command stays non-interactive. - Return RevealServerPassword errors instead of swallowing them as "no password available", so an API/authz failure surfaces its real cause. HostKeyCallback stays ssh.InsecureIgnoreHostKey() intentionally: it's the StrictHostKeyChecking=no equivalent already used by `server ssh`, since dedicated servers are reached by IP with rotating host keys and can't be pinned. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Addressed in
On the CodeQL |
|
LGTM ✅ — Round-2 fixes (crypto bump, interactive server selection, error propagation) are correct; prior non-blocking findings remain but are not blockers. What This PR DoesAdds How It Works
FindingsResolved
Note: F1 and F2 from round 1 were not addressed by the author's fix-note and remain outstanding (non-blocking). Outstanding
New
Finding Details🟡 F1: Unreachable custom error for empty command after
|
canyugs
left a comment
There was a problem hiding this comment.
確認一下 CodeQL CI 的問題, 除此之外 LGTM
|
@canyugs 關於 CodeQL 的
建議:把 code-scanning #8 以「won't fix / accepted risk」dismiss(帶上以上理由)。這是 maintainer 的決定,所以我沒有擅自 dismiss —— 你或有權限的人確認後點一下即可,或告訴我要不要我用 API 幫忙 dismiss。若之後 API 能提供 host key,我很樂意回來改成 pin。 |
本機實測:

背景
DES-802。在 server 上跑命令原本要
server ssh-info拿憑證 → 自己拼 ssh2/sshpass。這會把密碼塞進多層轉義的 shell 腳本,含特殊字元的密碼(]/@/…)會被弄壞導致認證失敗,也依賴外部 ssh/sshpass client。實測證據:一組含特殊字元的 server 密碼透過 agent 的 node ssh2 腳本連線 →
All configured authentication methods failed(轉義崩壞)。改動
新增
zeabur server exec [server-id] -- <command>,用golang.org/x/crypto/ssh在 process 內拿憑證、開連線、跑命令:StrictHostKeyChecking=no等價(dedicated server host key 會輪替)。ssh host <command>(--後的 args 以空白 join);compound 命令用單一引號包起來即可。ssh-info原語保留,讓想自己拿憑證接手的用戶不受影響。驗證
go build ./.../go vet/gofmt全過(golangci-lint 本機未裝,交 CI)。server exec --help正常;exec <id>(無--)→ 「missing command」;exec <id> --(空)→ 「no command given」;exec出現在server --help。後續(不在本 PR)
zeabur-server-sshskill 改成優先推薦server exec(agent-skills repo)。🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
server execcommand to run remote commands on servers.--idoption (with interactive selection when appropriate).Chores
golang.org/x/cryptoand bumping relatedx/*versions.