Module askpass 

Interactive confirmation prompts for the SSH agent daemon.

When a key was added with --confirm (SSH agent protocol’s SSH_AGENT_CONSTRAIN_CONFIRM), the daemon must ask the user before each sign request. OpenSSH handles this by invoking the program named in $SSH_ASKPASS with SSH_ASKPASS_PROMPT=confirm in its environment; that program renders a yes/no dialog and signals the user’s choice through its exit status — 0 means approved, anything else means denied.

This module mirrors that contract. It is the server-side companion to try_askpass in gitway-cli/src/main.rs, which does the client-side passphrase flow. Same security invariants apply:

• SSH_ASKPASS must be an absolute path — a relative value could be resolved via PATH to a binary the user did not intend to run.
• The file must not be world-writable on Unix — any local user could otherwise overwrite it between the check and execve(2) to spy on sign prompts.
• Askpass invocations run with a hard timeout so a wedged dialog cannot pin the Session lock indefinitely.

The confirm entry point is fail-safe: any error (missing askpass, security violation, spawn failure, timeout) resolves to a denial, which the daemon then translates into AgentError::Failure back to the client.

Functions

confirm

Prompts the user to approve a sign request. Returns true when the askpass program exits 0, false in every other case.

confirm_with

Spawns askpass with the given prompt and returns whether it exited 0. Exposed as a separate function so tests can drive the confirmation path with a known-good script without having to mutate the process environment.