)]}'
{
  "log": [
    {
      "commit": "8105fe6bfa914c17c0f474bacdbe9d4c62b6b2b3",
      "tree": "3ba587467d33c5f9ef78ab20fc80a3b64967733b",
      "parents": [
        "dd6352a74f1214035785025df127ed6a0dc73ac6"
      ],
      "author": {
        "name": "Philip Zeyliger",
        "email": "philip@bold.dev",
        "time": "Sat Jun 21 21:22:34 2025 -0700"
      },
      "committer": {
        "name": "Philip Zeyliger",
        "email": "philip@bold.dev",
        "time": "Sat Jun 21 21:23:06 2025 -0700"
      },
      "message": "Removing noisy log line.\n"
    },
    {
      "commit": "e84d5c7972cb24586842473e62668ca9c689d6d2",
      "tree": "8ac4a2c314ccf13b0653e34aa5b9376a4f6abdd9",
      "parents": [
        "7871e2fd09acf3790cc292d955cdd8fee86f2fdb"
      ],
      "author": {
        "name": "Philip Zeyliger",
        "email": "philip@bold.dev",
        "time": "Fri May 30 09:32:55 2025 -0700"
      },
      "committer": {
        "name": "Philip Zeyliger",
        "email": "philip@bold.dev",
        "time": "Fri May 30 09:33:30 2025 -0700"
      },
      "message": "loop/server: enable SSH reverse port forwarding\n\n~~~~\n\nvibe-coded but tested manually with\n\n\t$python3 -mhttp.server 8000 \u0026\n\t[1] 25986\n\tServing HTTP on :: port 8000 (http://[::]:8000/) ...\n\n\t$ssh -R 8000:localhost:8000 sketch-241k-9zzx-gcbc-k4fs curl --silent http://localhost:8000/ | head -n 3\n\t::1 - - [30/May/2025 09:32:44] \"GET / HTTP/1.1\" 200 -\n\t\u003c!DOCTYPE HTML\u003e\n\t\u003chtml lang\u003d\"en\"\u003e\n\t\u003chead\u003e\n\n~~~~\n\nImplement ReversePortForwardingCallback in SSH server configuration to\nallow reverse port forwarding connections from clients.\n\nChanges include:\n\n1. SSH Server Configuration Enhancement:\n   - Added ReversePortForwardingCallback to ssh.Server struct\n   - Callback allows all reverse port forwarding requests (returns true)\n   - Consistent with existing LocalPortForwardingCallback behavior\n   - Includes debug logging for reverse forwarding requests\n\nTechnical Implementation:\n\nThe SSH server already had the necessary infrastructure for port forwarding:\n- ForwardedTCPHandler for handling forwarding requests\n- RequestHandlers for \u0027tcpip-forward\u0027 and \u0027cancel-tcpip-forward\u0027\n- LocalPortForwardingCallback for client-to-server forwarding\n\nThis change adds the missing ReversePortForwardingCallback that enables\nserver-to-client port forwarding (reverse tunneling). The callback follows\nthe same permissive pattern as the local forwarding callback, allowing\nall reverse forwarding requests while logging them for debugging.\n\nWithout this callback, the SSH library defaults to denying all reverse\nport forwarding requests, preventing clients from establishing reverse\ntunnels through the SSH connection.\n\nBenefits:\n- Enables full bidirectional port forwarding capabilities\n- Maintains consistent logging and debugging for both forwarding types\n- Follows established patterns in the existing codebase\n- No breaking changes to existing SSH functionality\n\nCo-Authored-By: sketch \u003chello@sketch.dev\u003e\nChange-ID: s9bc98f6471e2ec4dk\n"
    },
    {
      "commit": "7013e9ee282ef58104f91d64d85d4aec62f9c022",
      "tree": "baa2d5484c5a5e7add5f9caef2833a3da4abbe29",
      "parents": [
        "00442413a2d0e6d6978982f9eeec0268e533ba56"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Wed May 14 02:03:58 2025 +0000"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Wed May 14 11:15:45 2025 -0700"
      },
      "message": "ssh: use local CA, add mutual container/host auth\n\nSee loop/server/local_ssh.md for a detailed description of how sketch uses\nnow uses a local CA to sign each container certificate instead of adding\na new entry to known_hosts for each container.\n\nThis also adds another layer of security by having the container\u0027s ssh\nserver verify that incoming ssh connections have valid host certificates,\nwhereas prior to this change the authentication was only one-way (verifying\nthat the sketch container you think you\u0027re ssh\u0027ing into really is the one\nyou think you\u0027re ssh\u0027ing into).\n\nThis is somewhat inspired by https://github.com/FiloSottile/mkcert - which\nplays a similar role as ssh_theater.go local for ssh connections, but mkcert\nuses a local CA to address local development use cases for TLS/https rather\nthan for ssh.\n\nCo-Authored-By: sketch \u003chello@sketch.dev\u003e\nChange-ID: sc7b3928295277d5dk\n"
    },
    {
      "commit": "bdfb126de211f5f2fabb39498de00acde5faf58f",
      "tree": "665cedc4a7148c2ba86e915be96e1cc1d8a01450",
      "parents": [
        "cf291fafd7142308f27ec5805251f2e2bdeded6b"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Sat May 03 20:15:41 2025 -0700"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Sat May 03 20:15:41 2025 -0700"
      },
      "message": "sshserver: s/log/slog\n"
    },
    {
      "commit": "cf291fafd7142308f27ec5805251f2e2bdeded6b",
      "tree": "f18805cbe3583f62e423c5a0b17a3be3a757df54",
      "parents": [
        "d0a3cd609ca36baebd066d6fd83c153293c459eb"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Sat May 03 17:55:48 2025 -0700"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Sat May 03 17:59:43 2025 -0700"
      },
      "message": "sshserver: add scp support\n\nfixes https://github.com/boldsoftware/sketch/issues/53\n"
    },
    {
      "commit": "22bd8eb83b7c779d9d2396c75cc344124e150aee",
      "tree": "81fc507d28db05b011d463745e125e6126260fb0",
      "parents": [
        "0dcebe1bf2ec5d6f85aa71fb46367e2adf8f4947"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Mon Apr 28 10:36:37 2025 -0700"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Mon Apr 28 10:36:37 2025 -0700"
      },
      "message": "sshserver: fix env for ssh pty sessions\n"
    },
    {
      "commit": "01ed5bee0c121852d0e2ab3836a08acab68397e4",
      "tree": "e2b473d510d146f9474b2eedb5526b8a4eead1f2",
      "parents": [
        "7d5a6301a256823ab4b26a68dbd166f0d0737409"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Thu Apr 24 22:46:53 2025 -0700"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Thu Apr 24 22:46:53 2025 -0700"
      },
      "message": "sshserver: enable ssh port forwarding\n"
    },
    {
      "commit": "1d06132f5a79950ab8a64eb72219363fb63ca92f",
      "tree": "46ed36f431ee3aef7caacbae7b1ebe7560d3f544",
      "parents": [
        "6a50b1811c7fbf8be7e5ad4cc77a576e2d612a66"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Thu Apr 24 09:52:56 2025 -0700"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Thu Apr 24 11:11:44 2025 -0700"
      },
      "message": "sshserver: add direct-tcpip channel, allow non-pty\n\nThis change enables VS Code to connect to local sketch containers\nover SSH.\n\nThe VSC docs describe how to use this feature:\nhttps://code.visualstudio.com/docs/remote/ssh\n"
    },
    {
      "commit": "ae3480fee8b8ebf867a1097868d0032ff4b51324",
      "tree": "468d02673f8e9fff21fd33d9a343ef4125d646ac",
      "parents": [
        "5544d146e1ebe2747ae282e611f8d0a2c23f2b6c"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Wed Apr 23 15:28:20 2025 -0700"
      },
      "committer": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Wed Apr 23 15:57:49 2025 -0700"
      },
      "message": "allow random (ephemeral) host ports for ssh server\n\nalso fixes an issue with authorized_keys files that\ncontain multiple pks: it now checks all of them not\njust the first one it parses.\n"
    },
    {
      "commit": "baa2b590cc3a5f63bc52c3324f2835666b9ae450",
      "tree": "69b313aab41b2f3d3cd27c72ce7d09f6b6453aa6",
      "parents": [
        "97188fc1955f036e57c42a2f345b3c01fc5f0dc0"
      ],
      "author": {
        "name": "Sean McCullough",
        "email": "banksean@gmail.com",
        "time": "Wed Apr 23 10:40:08 2025 -0700"
      },
      "committer": {
        "name": "GitHub",
        "email": "noreply@github.com",
        "time": "Wed Apr 23 10:40:08 2025 -0700"
      },
      "message": "sketch: initial container ssh support (#15)\n\nAdds an in-process ssh server to the sketch agent running inside\nthe container.\n\nThe ssh server implementation uses https://github.com/gliderlabs/ssh/\n\nThis change does not automatically generate any keys (this may come later).\nYou specify the server identity private key and the user\u0027s authorized public\nkeys on the sketch command line.\n\nThe host sketch process reads these files from the cli flags at startup. Once\nthe container is launched, it passes these keys to to the container\nsketch process via new /init POST body fields."
    }
  ]
}