Add pi-ssh.sh wrapper to scope SSH access to the Raspberry Pi

[skwid138]

Summary

Create a pi-ssh.sh wrapper script in ~/code/scripts/agent/ that wraps SSH access to the Raspberry Pi network server (hunter@100.86.205.116, used by the ~/code/pi-network-server project).

Motivation

A permission audit of opencode bash prompts showed ssh * triggered 54 prompts in a ~1.3-day window — the single largest unscoped prompt family. Because ssh * is too broad to safely allow wholesale, the fix is a scoped wrapper script that can be allow-listed by anchored absolute path (the same pattern used by every other agent/ script).

Scope

• Wrapper around SSH to the Pi (hunter@100.86.205.116).
• Decision needed: LAN-first vs tailnet-first connection strategy (document the tradeoff and pick a default; allow override).
• Read-only / safe-by-default posture; no destructive remote operations without an explicit opt-in flag.

Design requirements (~/code/scripts conventions)

• Anchored absolute path: /Users/hunter/code/scripts/agent/pi-ssh.sh.
• -h/--help usage.
• Source lib/common.sh; use the standard exit-code helpers (die, die_usage, die_missing_dep, …).
• Dependency checks with clear errors.
• bats tests covering arg parsing, help, and connection-strategy selection.

Follow-up

Once the wrapper exists and is tested, add a scoped allow rule to ~/.config/opencode/opencode.jsonc:

"/Users/hunter/code/scripts/agent/pi-ssh.sh": "allow",
"/Users/hunter/code/scripts/agent/pi-ssh.sh *": "allow"

This routes Pi access through the wrapper instead of prompting on raw ssh *.

Acceptance criteria

• pi-ssh.sh exists in ~/code/scripts/agent/, follows repo design rules.
• LAN-first vs tailnet-first decision documented and implemented with override.
• bats tests pass.
• opencode allow rule added and verified (raw ssh * to the Pi no longer prompts when routed through the wrapper).