A. SSH Security Handshakes (The “Interactive” Problem)

• Host Key Fingerprints: Docker containers generate new SSH keys on every start. Standard clients detect this change and abort the connection to prevent “Man-in-the-Middle” attacks.
• Prompt Hanging: In CI/CD (GitHub Actions/act), there is no terminal user to type “yes” to the “Trust this host?” prompt, causing tests to time out or crash.

B. Network Architecture Conflicts (The “Port” Problem)

• Local/Cloud VM: The R process runs outside the Docker engine. It must use Port Mapping (127.0.0.1:2222 or 2223) to reach the container.
• act (Local CI): The R process runs inside a container on the same Docker network. It sees the SFTP container as a “neighbor” and must use the Internal IP/Port (sftp:22).
• Port Clashing: Using port 2222 for both local dev and CI tests causes failures if a local container is already active.

Layer 1: R6 Class “Blindfold” (Security Bypass)

Modified the R handle initialization to bypass strict SSH checks. * ssh_knownhosts = NULL: Instructs libcurl to ignore the system known_hosts file. * ssl_verifyhost = 0: Prevents connection drops if the IP/Host doesn’t match the certificate/key exactly.

Layer 2: Environment-Aware Routing (helper-sftp.R)

Implemented a logic gate that detects the runner environment and selects the correct connection string: * act Logic: Connects to sftp on Port 22. * Cloud Logic: Connects to 127.0.0.1 on Port 2223. * Local Logic: Connects to 127.0.0.1 on Port 2222.

Layer 3: Dynamic Infrastructure (R-CMD-check.yaml)

• Isolation: Shifted the CI port to 2223 to prevent interference with local dev.
• DNS Injection: Used docker inspect to grab the internal IP and added it to /etc/hosts as sftp.
• Network Discovery: Added logic to identify the specific Docker network name used by act to ensure containers can “see” each other.