From bde2aad9391d9e789cb81b20c19ffa9c2c21f819 Mon Sep 17 00:00:00 2001
From: Dan <dleink@gmail.com>
Date: Fri, 9 Jan 2026 20:21:57 -0800
Subject: [PATCH] Harden dev provisioning scripts (ops-review fixes)

- Remove stderr suppression from ssh-keygen (show errors)
- Add curl timeouts (--connect-timeout 5 --max-time 30)
- Add || true to arithmetic increments for set -e safety

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 scripts/dev-add.sh    | 4 +++-
 scripts/dev-remove.sh | 7 ++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/scripts/dev-add.sh b/scripts/dev-add.sh
index 1841daa..1ed1953 100755
--- a/scripts/dev-add.sh
+++ b/scripts/dev-add.sh
@@ -95,7 +95,7 @@ create_user() {
             -f "$server_key" \
             -N '' \
             -C "$username@jrz1-server-DO-NOT-REUSE" \
-            >/dev/null 2>&1
+            >/dev/null
         log_info "Server-side SSH key generated"
     else
         log_info "Server-side SSH key already exists"
@@ -212,6 +212,7 @@ upload_forgejo_key() {
 
     local http_code
     http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+        --connect-timeout 5 --max-time 30 \
         -X POST "$forgejo_url/api/v1/admin/users/$username/keys" \
         -H "Authorization: token $token" \
         -H "Content-Type: application/json" \
@@ -252,6 +253,7 @@ provision_forgejo() {
 
     local http_code
     http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+        --connect-timeout 5 --max-time 30 \
         -X POST "$forgejo_url/api/v1/admin/users" \
         -H "Authorization: token $token" \
         -H "Content-Type: application/json" \
diff --git a/scripts/dev-remove.sh b/scripts/dev-remove.sh
index 9dba172..98a9356 100755
--- a/scripts/dev-remove.sh
+++ b/scripts/dev-remove.sh
@@ -53,7 +53,7 @@ revoke_forgejo_keys() {
 
     # Get list of user's keys
     local keys_json
-    keys_json=$(curl -s \
+    keys_json=$(curl -s --connect-timeout 5 --max-time 30 \
         -H "Authorization: token $token" \
         "$forgejo_url/api/v1/admin/users/$username/keys" 2>/dev/null) || true
 
@@ -77,14 +77,15 @@ revoke_forgejo_keys() {
     for key_id in $key_ids; do
         local http_code
         http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+            --connect-timeout 5 --max-time 30 \
             -X DELETE "$forgejo_url/api/v1/admin/users/$username/keys/$key_id" \
             -H "Authorization: token $token" 2>/dev/null) || true
 
         if [[ "$http_code" == "204" ]]; then
-            ((revoked++))
+            ((revoked++)) || true
         else
             log_warn "Failed to revoke key $key_id (HTTP $http_code)"
-            ((failed++))
+            ((failed++)) || true
         fi
     done