# Phase 6: Default Repos & SSH Mount - Discussion Log > **Audit trail only.** Do not use as input to planning, research, or execution agents. > Decisions are captured in CONTEXT.md — this log preserves the alternatives considered. **Date:** 2026-06-14 **Phase:** 6-Default Repos & SSH Mount **Areas discussed:** Git auth strategy, Workspace path, Init script, Default repos list, Configurability --- ## Git Auth Strategy | Option | Description | Selected | |--------|-------------|----------| | Mount full ~/.ssh:ro | Simple, exposes all keys including personal ones | | | Mount specific key files | More surgical — only the keys needed for bitbucket | ✓ | | HTTPS + App Password | No SSH in container, env var based | | **User's choice:** Mount specific keys — `id_ed25519razer` and `id_rsa` plus `~/.ssh/config` **Notes:** The config already maps bitbucket.org → `id_ed25519razer`. Keys mounted read-only. --- ## Workspace Path | Option | Description | Selected | |--------|-------------|----------| | Clone into Docker volume | Ephemeral, lost on restart | | | Mount host repo dirs | Repos at ~/Razer/* mounted directly into container | ✓ | | Hybrid clone + mount | Some repos cloned, some mounted | | **User's choice:** Mount host repo dirs directly **Notes:** Repos live at `~/Razer/rai-ops`, `~/Razer/rai-deployment`, `~/Razer/rai-devtools`. Mounted read-write per folder. Host-side git worktrees are preserved — no re-cloning needed. --- ## Init Script | Option | Description | Selected | |--------|-------------|----------| | Ok | session-init.sh in ~/.hermes/scripts/ | ✓ | **User's choice:** Approved as proposed **Notes:** Script goes in `~/.hermes/scripts/session-init.sh`, configured via `shell_init_files`. --- ## Default Repos List | Option | Description | Selected | |--------|-------------|----------| | rai-ops, rai-deployment, rai-devtools only | 3 repos on Bitbucket razersw workspace | ✓ | **User's choice:** These 3 for now, but wants it configurable **Notes:** DEFAULT_REPOS as env var in .env so user can add/remove without editing the script. --- ## Configurability | Option | Description | Selected | |--------|-------------|----------| | Hardcoded in script | Simple but requires editing script to change | | | Env var in .env | Configurable by editing .env | ✓ | | Config file | Dedicated config file | | **User's choice:** Env var in .env **Notes:** `DEFAULT_REPOS=rai-ops,rai-deployment,rai-devtools` in `~/.hermes/.env`, forwarded into Docker via `docker_forward_env`. --- ## the agent's Discretion - Init script error handling (non-blocking on missing repos) - On-demand clone destination (default to /workspace/) ## Deferred Ideas - Per-repo deploy keys for future security hardening - Auto-register repos as git worktrees (already handled host-side)