LOGFILE=/var/chat/chat.log is unwritable on read-only rootfs; move to
/tmp/chat.log (tmpfs-backed). Add CapDrop=ALL assertion to verify script
so removing cap_drop from compose is caught.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Redirect all status messages in caddy.sh to stderr (add_route, remove_route, reload_caddy)
- Redirect status message in authorized_keys.sh to stderr (rebuild_authorized_keys)
- Fix install.sh to source authorized_keys.sh library and call rebuild_authorized_keys directly
- Fix .env write in edge register to use single grep -Ev + mv pattern (not three-pass append)
- Fix register.sh to source authorized_keys.sh and call rebuild_authorized_keys directly
- Fix caddy.sh remove_route to use jq to find route index by host match
- Fix authorized_keys.sh operator precedence: { [ -z ] || [ -z ]; } && continue
- Fix install.sh Caddyfile to use { admin localhost:2019 } global options
- Fix deregister and status SSH to use StrictHostKeyChecking=accept-new
- Changed SSH StrictHostKeyChecking from 'no' to 'accept-new' for better security
- Fixed .env write logic with proper deduplication before appending
- Fixed deregister .env cleanup to use single grep pattern
- Added --domain-suffix option to install.sh
- Removed no-op DOMAIN_SUFFIX sed from install.sh
- Changed cp -n to cp for idempotent script updates
- Fixed authorized_keys.sh SCRIPT_DIR to point to lib/
- Fixed Caddy route management to use POST /routes instead of /load
- Fixed Caddy remove_route to find route by host match, not hardcoded index
