feat(ssh): prefill default private key

[janburzinski]

summary

• autofills the default ssh key when connecting to a remote

[greptile-apps]

Greptile Summary

This PR auto-fills the private key path field in the SSH connection modal by detecting the first readable default OpenSSH identity file (id_ed25519, id_ecdsa, id_rsa, id_dsa) on the main process and surfacing it via a new RPC endpoint.

• controller.ts: Adds getDefaultPrivateKeyPath, iterating over default key filenames and returning the first readable one as a ~/.ssh/… string.
• use-ssh-config-hosts.ts: New useDefaultPrivateKeyPath hook with staleTime: Infinity to avoid redundant IPC round-trips.
• add-ssh-conn-modal.tsx: A useEffect prefills privateKeyPath on query resolution, and handleAuthTypeChange fills it when the user switches to key auth — but the useEffect is missing an isEditing guard and can silently overwrite the field when editing a key-auth connection that has no saved path.

Confidence Score: 4/5

Safe to merge after adding an isEditing guard to the prefill effect in add-ssh-conn-modal.tsx.

The main process logic and hook are solid. The only defect is in the modal: the async useEffect that fills privateKeyPath does not check whether the modal is in edit mode, so opening an existing key-auth connection that has no saved private key path will silently inject the system default before the user does anything.

src/renderer/lib/components/add-ssh-conn-modal.tsx — the prefill useEffect (lines 188–196) needs an isEditing guard.

Important Files Changed

Filename	Overview
src/main/core/ssh/controller.ts	Adds getDefaultPrivateKeyPath helper that iterates over OpenSSH default key filenames in priority order, checks readability with R_OK, and exposes the result via RPC.
src/renderer/lib/components/add-ssh-conn-modal.tsx	Adds prefill logic via a useEffect and handleAuthTypeChange; the effect lacks an isEditing guard, so it can silently overwrite the private-key field when editing a key-auth connection that has no saved path.
src/renderer/lib/hooks/use-ssh-config-hosts.ts	Adds useDefaultPrivateKeyPath hook with staleTime: Infinity, correctly avoiding unnecessary refetches for a filesystem value that is stable during a session.
src/renderer/lib/stores/ssh-connection-store.ts	Thin RPC delegation — adds getDefaultPrivateKeyPath() that forwards to rpc.ssh.getDefaultPrivateKeyPath().

Sequence Diagram

sequenceDiagram
    participant Modal as AddSshConnModal
    participant Hook as useDefaultPrivateKeyPath
    participant Store as SshConnectionStore
    participant RPC as rpc.ssh
    participant Main as controller.ts (main)
    participant FS as Filesystem (~/.ssh)

    Modal->>Hook: mount / query
    Hook->>Store: getDefaultPrivateKeyPath()
    Store->>RPC: rpc.ssh.getDefaultPrivateKeyPath()
    RPC->>Main: getDefaultPrivateKeyPath()
    loop id_ed25519 → id_ecdsa → id_rsa → id_dsa
        Main->>FS: "access(~/.ssh/<name>, R_OK)"
        alt readable
            FS-->>Main: ok
            Main-->>RPC: "~/.ssh/<name>"
        else not found / unreadable
            FS-->>Main: error (continue)
        end
    end
    Main-->>RPC: null (none found)
    RPC-->>Store: "string | null"
    Store-->>Hook: "string | null"
    Hook-->>Modal: defaultPrivateKeyPathQuery.data

    alt "authType === 'key' and privateKeyPath empty"
        Modal->>Modal: setFieldValue('privateKeyPath', path)
    end

Loading

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
src/renderer/lib/components/add-ssh-conn-modal.tsx:188-196
**Effect silently modifies `privateKeyPath` in edit mode**

When editing an existing connection that has `authType: 'key'` and no saved `privateKeyPath` (e.g. the field was left blank and persisted as `undefined`), the form initialises with `privateKeyPath: ''`. Once `defaultPrivateKeyPathQuery` resolves, every guard passes and the effect injects the default path — changing the connection's credentials without any user action. Adding `if (isEditing) return;` at the top of the effect prevents this. The `handleAuthTypeChange` path is fine because it only fires on an explicit user gesture.

_{Reviews (2): Last reviewed commit: "fix(ssh): refine default key prefill" | Re-trigger Greptile}

[janburzinski]

@greptileai