feat: 实现 SSH Remote — 本地 UI + 远程工具执行

[amDosion]

Summary

• 完整实现 claude ssh <host> [dir] 功能：本地运行 REPL UI，远程主机执行工具
• API 凭据通过 SSH 反向端口转发安全隧道传输（Unix socket / TCP+nonce）
• 自动探测远端环境、部署二进制、建立 NDJSON pipe 传输
• 连接断开自动重连（指数退延，最多 3 次，--continue 恢复会话）
• SSH_REMOTE feature flag 加入 build 默认启用列表

新增文件

文件	说明
src/ssh/SSHAuthProxy.ts	本地 HTTP 代理，注入 API key / OAuth token
src/ssh/SSHProbe.ts	SSH 探测远端平台/架构/二进制版本
src/ssh/SSHDeploy.ts	SCP 上传 + wrapper 脚本安装

修改文件

文件	说明
src/ssh/SSHSessionManager.ts	从 stub 恢复为完整实现 + 重连逻辑
src/ssh/createSSHSession.ts	完整编排：probe → deploy → proxy → tunnel → spawn
scripts/defines.ts	SSH_REMOTE 加入 DEFAULT_BUILD_FEATURES

Test plan

• bun run typecheck 零错误
• claude ssh --local 本地 pipe 模式启动成功
• claude ssh user@host 远程连接 + 工具执行
• SSH 进程意外 kill 后自动重连（观察 reconnecting 系统消息）
• Windows TCP 反向转发 fallback（nonce 验证）
• 用户主动 Ctrl+C 断开不触发重连

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • SSH remote mode enabled by default
  • Added SSH remote session creation with automatic binary deployment
  • Added remote host detection (platform, architecture, version identification)
  • Added secure local authentication proxy for SSH connections
  • Implemented SSH session management with automatic reconnection support
  • Added remote binary verification and deployment validation

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR implements complete SSH remote mode functionality by adding the feature flag, creating authentication proxy infrastructure, implementing remote environment probing and binary deployment, and building the session manager to orchestrate SSH subprocess lifecycle with JSON message handling.

Changes

Cohort / File(s)	Summary
Configuration scripts/defines.ts	Added 'SSH_REMOTE' to DEFAULT_BUILD_FEATURES to enable SSH remote mode by default.
Authentication Infrastructure src/ssh/SSHAuthProxy.ts	Created local HTTP proxy that forwards requests to upstream Anthropic/OAuth services with injected authorization headers. Supports both Unix domain sockets (non-Windows) and TCP loopback (Windows) with nonce-based request validation.
Remote Environment Detection src/ssh/SSHProbe.ts	Implemented remote host probing to detect platform (Linux/Darwin), architecture (x64/arm64), default working directory, existing CLI binary path and version through SSH commands with timeout and comprehensive error handling.
Binary Deployment src/ssh/SSHDeploy.ts	Added CLI binary deployment to remote hosts via SSH/SCP, including remote directory creation, file upload, wrapper script generation with executable permissions, and installation verification.
Session Management src/ssh/SSHSessionManager.ts, src/ssh/createSSHSession.ts	Implemented SSH subprocess lifecycle management with newline-delimited JSON message parsing, permission request handling, exponential backoff reconnection, and coordinated initialization across local/remote CLI instances with authentication proxy integration.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant createSSHSession
    participant SSHProbe
    participant SSHDeploy
    participant SSHAuthProxy
    participant SSHProcess
    participant RemoteSSH

    User->>createSSHSession: Start SSH session
    createSSHSession->>SSHProbe: Probe remote environment
    SSHProbe->>RemoteSSH: ssh hostname "uname/pwd/command -v"
    RemoteSSH-->>SSHProbe: Platform, arch, binary info
    SSHProbe-->>createSSHSession: ProbeResult (version, platform, arch)
    
    alt Binary missing or outdated
        createSSHSession->>SSHDeploy: Deploy CLI binary
        SSHDeploy->>RemoteSSH: scp upload + chmod +x wrapper
        RemoteSSH-->>SSHDeploy: Verify with --version
        SSHDeploy-->>createSSHSession: Deployment complete
    end
    
    createSSHSession->>SSHAuthProxy: Start auth proxy
    SSHAuthProxy-->>createSSHSession: Local socket/port + authEnv
    
    createSSHSession->>SSHProcess: Spawn SSH subprocess<br/>(with reverse forwarding + authEnv)
    SSHProcess->>RemoteSSH: Connect with forwarding
    
    createSSHSession->>SSHProcess: Read stdout for system:init
    SSHProcess->>RemoteSSH: Execute CLI on remote
    RemoteSSH->>SSHAuthProxy: Auth request (reverse tunnel)
    SSHAuthProxy-->>RemoteSSH: Inject ANTHROPIC_API_KEY
    RemoteSSH-->>SSHProcess: system:init message
    SSHProcess-->>createSSHSession: remoteCwd + ready
    
    createSSHSession-->>User: SSHSession ready

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• feat: enable SHOT_STATS, PROMPT_CACHE_BREAK_DETECTION, TOKEN_BUDGET #140: Also modifies DEFAULT_BUILD_FEATURES configuration, adding feature flags alongside the 'SSH_REMOTE' flag introduced in this PR.

Suggested reviewers

• KonghaYao

Poem

🐰 Through tunnels deep and proxies bright,
SSH channels dance in flight,
With auth and probes and binaries sent,
Remote machines now heaven-scent!
A hoppy hop to lands afar,
With JSON whispers, near and far! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title is in Chinese and describes SSH Remote feature with local UI and remote tool execution, which aligns with the PR's main implementation of the claude ssh command.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}