RagAgent/docker/ssh/README.md

SSH for webhook (git fetch in container)

When the app runs in Docker and the webhook does git fetch origin <branch>, git uses SSH. The container has no keys by default, so you get "Host key verification failed" or "Permission denied".

Setup

1. Deploy key (read-only key for the repo you index):

   • Generate: ssh-keygen -t ed25519 -f docker/ssh/id_ed25519 -N "" -C "rag-agent-deploy"
   • Add the public key (docker/ssh/id_ed25519.pub) to your Git server (GitHub/GitLab/… → repo → Deploy keys).

2. Known hosts (optional; GIT_SSH_COMMAND in compose accepts new host keys on first connect):

   • To pin the host key: ssh-keyscan -t ed25519 git.example.com >> docker/ssh/known_hosts
   • Replace git.example.com with your Git host (e.g. github.com, git.lesha.spb.ru).

3. Permissions: key file must be readable only by you, e.g. chmod 600 docker/ssh/id_ed25519.

4. Compose: by default this directory is mounted into the app container as /root/.ssh. Override with RAG_SSH_DIR in .env if you use another path (e.g. RAG_SSH_DIR=/Users/you/.ssh to use your main SSH dir).

After that, restart the app: docker compose up -d.