From 3687fd48ce1fb380cd38756189656c4b8c37a220 Mon Sep 17 00:00:00 2001
From: Qubasa <consulting@qube.email>
Date: Wed, 16 Jul 2025 13:12:48 +0700
Subject: [PATCH] clan-cli: Reference HostKeyCheck literal instead of
 duplicating the list everywhere

---
 pkgs/clan-cli/clan_cli/machines/hardware.py | 4 +++-
 pkgs/clan-cli/clan_cli/machines/install.py  | 3 ++-
 pkgs/clan-cli/clan_cli/machines/update.py   | 4 +++-
 pkgs/clan-cli/clan_cli/ssh/deploy_info.py   | 4 ++--
 pkgs/clan-cli/clan_lib/ssh/host_key.py      | 4 ++--
 5 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/machines/hardware.py b/pkgs/clan-cli/clan_cli/machines/hardware.py
index faa99ba0f..0c478b519 100644
--- a/pkgs/clan-cli/clan_cli/machines/hardware.py
+++ b/pkgs/clan-cli/clan_cli/machines/hardware.py
@@ -1,6 +1,7 @@
 import argparse
 import logging
 from pathlib import Path
+from typing import get_args
 
 from clan_lib.flake import require_flake
 from clan_lib.machines.hardware import (
@@ -10,6 +11,7 @@ from clan_lib.machines.hardware import (
 )
 from clan_lib.machines.machines import Machine
 from clan_lib.machines.suggestions import validate_machine_names
+from clan_lib.ssh.host_key import HostKeyCheck
 from clan_lib.ssh.remote import Remote
 
 from clan_cli.completions import add_dynamic_completer, complete_machines
@@ -59,7 +61,7 @@ def register_update_hardware_config(parser: argparse.ArgumentParser) -> None:
     )
     parser.add_argument(
         "--host-key-check",
-        choices=["strict", "ask", "tofu", "none"],
+        choices=list(get_args(HostKeyCheck)),
         default="ask",
         help="Host key (.ssh/known_hosts) check mode.",
     )
diff --git a/pkgs/clan-cli/clan_cli/machines/install.py b/pkgs/clan-cli/clan_cli/machines/install.py
index 104ac6c1f..6791ba425 100644
--- a/pkgs/clan-cli/clan_cli/machines/install.py
+++ b/pkgs/clan-cli/clan_cli/machines/install.py
@@ -8,6 +8,7 @@ from clan_lib.errors import ClanError
 from clan_lib.flake import require_flake
 from clan_lib.machines.install import BuildOn, InstallOptions, run_machine_install
 from clan_lib.machines.machines import Machine
+from clan_lib.ssh.host_key import HostKeyCheck
 from clan_lib.ssh.remote import Remote
 
 from clan_cli.completions import (
@@ -106,7 +107,7 @@ def register_install_parser(parser: argparse.ArgumentParser) -> None:
     )
     parser.add_argument(
         "--host-key-check",
-        choices=["strict", "ask", "tofu", "none"],
+        choices=list(get_args(HostKeyCheck)),
         default="ask",
         help="Host key (.ssh/known_hosts) check mode.",
     )
diff --git a/pkgs/clan-cli/clan_cli/machines/update.py b/pkgs/clan-cli/clan_cli/machines/update.py
index 01ee4ceb6..1e6780690 100644
--- a/pkgs/clan-cli/clan_cli/machines/update.py
+++ b/pkgs/clan-cli/clan_cli/machines/update.py
@@ -1,6 +1,7 @@
 import argparse
 import logging
 import sys
+from typing import get_args
 
 from clan_lib.async_run import AsyncContext, AsyncOpts, AsyncRuntime
 from clan_lib.errors import ClanError
@@ -12,6 +13,7 @@ from clan_lib.machines.machines import Machine
 from clan_lib.machines.suggestions import validate_machine_names
 from clan_lib.machines.update import run_machine_update
 from clan_lib.nix import nix_config
+from clan_lib.ssh.host_key import HostKeyCheck
 from clan_lib.ssh.remote import Remote
 
 from clan_cli.completions import (
@@ -174,7 +176,7 @@ def register_update_parser(parser: argparse.ArgumentParser) -> None:
 
     parser.add_argument(
         "--host-key-check",
-        choices=["strict", "ask", "tofu", "none"],
+        choices=list(get_args(HostKeyCheck)),
         default="ask",
         help="Host key (.ssh/known_hosts) check mode.",
     )
diff --git a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
index 0838844d5..9688a5c57 100644
--- a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
+++ b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
@@ -4,7 +4,7 @@ import logging
 import textwrap
 from dataclasses import dataclass
 from pathlib import Path
-from typing import Any
+from typing import Any, get_args
 
 from clan_lib.cmd import run
 from clan_lib.errors import ClanError
@@ -220,7 +220,7 @@ def register_parser(parser: argparse.ArgumentParser) -> None:
 
     parser.add_argument(
         "--host-key-check",
-        choices=["strict", "ask", "tofu", "none"],
+        choices=list(get_args(HostKeyCheck)),
         default="tofu",
         help="Host key (.ssh/known_hosts) check mode.",
     )
diff --git a/pkgs/clan-cli/clan_lib/ssh/host_key.py b/pkgs/clan-cli/clan_lib/ssh/host_key.py
index 3f2e6968c..e6529bcec 100644
--- a/pkgs/clan-cli/clan_lib/ssh/host_key.py
+++ b/pkgs/clan-cli/clan_lib/ssh/host_key.py
@@ -7,7 +7,7 @@ from clan_lib.errors import ClanError
 HostKeyCheck = Literal[
     "strict",  # Strictly check ssh host keys, prompt for unknown ones
     "ask",  # Ask for confirmation on first use
-    "tofu",  # Trust on ssh keys on first use
+    "accept-new",  # Trust on ssh keys on first use
     "none",  # Do not check ssh host keys
 ]
 
@@ -21,7 +21,7 @@ def hostkey_to_ssh_opts(host_key_check: HostKeyCheck) -> list[str]:
             return ["-o", "StrictHostKeyChecking=yes"]
         case "ask":
             return []
-        case "tofu":
+        case "accept-new" | "tofu":
             return ["-o", "StrictHostKeyChecking=accept-new"]
         case "none":
             return [