Implement quire exec dispatch with git command allowlist
Parses SSH_ORIGINAL_COMMAND, validates git commands against an
allowlist (receive-pack, upload-pack, upload-archive), sanitizes
repo paths, and execs the git subprocess. Removes the separate
quire-dispatch shell script — the binary handles dispatch directly.
Updates host reference configs to use quire exec in ForceCommand.
Replace binary release with Docker image build and push
Multi-stage Dockerfile builds the Rust binary then copies it into a
slim runtime image with git and ca-certificates. CI workflow follows
the ketchup pattern: single ci.yml with test, zizmor, and build jobs.
Build pushes to GHCR on green main, tags with YYYYMMDD-<short-sha>,
and creates a GitHub release. Removes the old release workflow and
dotslash config.
sshd_config Match block, quire-dispatch script with repo path
validation and git-command allowlist, and a README covering setup
steps. These are reference configs versioned with the repo — the
dispatch script will be replaced by quire exec in step 2.
Minimal image: debian bookworm, git, quire user, bare test repo
at /var/quire/repos/foo.git. Entrypoint passes through to docker
exec invocations. No sshd, no quire binary yet.
Scaffold Rust binary project with clap, CI, and tooling
Restructure from a minimal lib+main into a proper binary project
layout: library target with error types, separate binary target
under src/bin/quire/ with clap subcommands (serve, exec), CalVer
versioning via build.rs, integration tests, justfile, clippy config,
mutation testing config, and GitHub Actions CI/release workflows.
projects / quire.git / log