feat: improve proxy SSH client management and configuration

[appleboy]

• Add settings.local.json file to configure Claude permissions
• Ensure proxy SSH client connections are closed on timeout, error, or after successful connection in Connect method
• Add a test to verify proxy clients are properly cleaned up during multiple Connect attempts

fix https://github.com/appleboy/easyssh-proxy/issues/88

Summary by CodeRabbit

• Bug Fixes

  • Improved SSH proxy connection cleanup to prevent resource leaks and reduce hangs/timeouts during failed or proxied connections.

• Tests

  • Added tests to verify reliable cleanup on repeated failed proxy connection attempts.

• Chores

  • Added local configuration for AI tooling permissions.

[coderabbitai[bot]]

Walkthrough

Adds local Claude settings. Updates proxy connection handling in easyssh.go to close proxyClient across success and error paths. Introduces a test validating cleanup on repeated proxy connection attempts.

Changes

Cohort / File(s)	Summary
Proxy connection lifecycle cleanup easyssh.go	Ensures proxyClient.Close() is called on context timeout during proxy dial, on post-dial errors, on NewClientConn errors, and immediately after successful target connection establishment. Adds clarifying comment.
Proxy cleanup tests easyssh_test.go	Adds TestProxyClientCleanup to repeatedly invoke Connect() via a non-routable proxy with short timeouts, checking for failure without leaking resources.
Local AI config .claude/settings.local.json	Adds local Claude settings allowing mcp__github__get_issue; no denied/asked permissions.

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant Connect as MakeConfig.Connect
    participant Proxy as ProxyServer
    participant Target as TargetHost
    participant SSH as SSHClient

    Caller->>Connect: Connect(ctx, cfg with Proxy)
    rect rgb(240,248,255)
      note right of Connect: Proxy dial phase
      Connect->>Proxy: ssh.Dial(protocol, server:port)
      alt Context timeout or dial error
        Connect-->>Proxy: proxyClient.Close()
        Connect-->>Caller: error
      else Dial OK
        note right of Connect: Establish target connection via proxy
        Connect->>Target: net.Dial/NewClientConn
        alt NewClientConn error
          Connect-->>Proxy: proxyClient.Close()
          Connect-->>Caller: error
        else Success
          note right of Connect: Proxy no longer needed once ncc ready
          Connect-->>Proxy: proxyClient.Close()
          Connect->>SSH: NewClient(ncc)
          Connect-->>Caller: *SSH client*
        end
      end
    end

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• appleboy/easyssh-proxy#98 — Adjusts proxy handling in MakeConfig.Connect and adds tests around proxy connection cleanup, overlapping with this PR’s proxyClient lifecycle changes.

Poem

I hop through sockets, light and keen,
Closing tunnels, squeaky-clean.
No dangling burrows left behind—
Just tidy paths for bytes to wind.
Thump, thump! The proxy’s done;
Connections sealed, I’m off to run. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	The addition of .claude/settings.local.json to configure Claude permissions is unrelated to the linked issue’s goal of closing proxyClient instances and does not impact SSH proxy client management. While the code and test changes in easyssh.go and easyssh_test.go are in scope, the configuration file falls outside the issue’s coding requirements.	Consider removing the .claude/settings.local.json addition or moving it into a separate pull request focused on configuration changes only, so that this PR remains strictly scoped to proxyClient cleanup. If the file is required for CI or testing, document its necessity and isolate it from the core code changes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately summarizes the primary change by highlighting improved proxy SSH client management and also denotes the addition of configuration via the settings file. It is concise, specific to the changeset, and informs a reviewer of both the code and configuration aspects without unnecessary detail. Therefore it meets the title guidelines.
Linked Issues Check	✅ Passed	The changes directly address issue #88 by adding proxyClient.Close() calls on error paths, timeouts, and after successful connection, fulfilling the objective of cleaning up proxy clients. The new TestProxyClientCleanup validates that repeated Connect calls do not leak resources, covering the scenario described in the issue. No additional coding requirements from the linked issue remain outstanding.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• [ ] 📝 Generate docstrings

🧪 Generate unit tests (beta)

• [ ] Create PR with unit tests
• [ ] Post copyable unit tests in a comment
• [ ] Commit unit tests in branch timeout

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist[bot]]

Summary of Changes

Hello @appleboy, I'm Gemini Code Assist[^1]! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the reliability and resource efficiency of the SSH proxy client by implementing robust connection cleanup logic. It ensures that proxy connections are always closed, regardless of whether the connection attempt succeeds or fails, thereby preventing potential resource leaks. A dedicated test case has been added to validate this improved cleanup behavior, alongside a minor update for Claude permissions.

Highlights

• Improved Proxy Client Management: The Connect method now explicitly closes proxy SSH client connections in all relevant scenarios: upon timeout, if an error occurs during proxy dialing or target connection establishment, and immediately after a successful target connection is made. This prevents resource leaks and ensures proper cleanup.
• New Test for Client Cleanup: A new test, TestProxyClientCleanup, has been added to verify that proxy clients are correctly closed even when multiple connection attempts fail. This test uses non-routable IPs to simulate connection failures and assert proper resource deallocation.
• Claude Permissions Configuration: A new configuration file, .claude/settings.local.json, has been introduced to manage Claude permissions, specifically allowing the mcp__github__get_issue action.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with :thumbsup: and :thumbsdown: on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

[^1]: Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.