fix: Explicitly disable SSH agent when using dedicated keys (#176)

asyncssh defaults to querying SSH_AUTH_SOCK even when client_keys are
provided. If the agent socket is stale or broken (common with forwarded
agents in Docker/NAS environments), this causes a ConnectionResetError
that crashes the connection before the dedicated key is even tried.

Set agent_path=None when dedicated compose-farm keys exist so asyncssh
skips the agent entirely. The agent fallback path (when no dedicated
keys exist) is unchanged.

src/compose_farm/executor.py

@@ -191,6 +191,7 @@ def ssh_connect_kwargs(host: Host) -> dict[str, Any]:
         # If dedicated key exists, force use of it and ignore agent
         # This avoids issues with stale/broken forwarded agents in Docker
         kwargs["client_keys"] = [str(key_path)]
+        kwargs["agent_path"] = None  # Prevent asyncssh from using SSH_AUTH_SOCK
     elif agent_path:
         # Fallback to agent if no dedicated key
         kwargs["agent_path"] = agent_path

tests/test_ssh_keys.py

@@ -217,6 +217,7 @@ class TestSshConnectKwargs:
             result = ssh_connect_kwargs(host)
 
             assert result["client_keys"] == [str(key_path)]
+            assert result["agent_path"] is None
 
     def test_includes_both_agent_and_key(self, tmp_path: Path) -> None:
         """Prioritize client_keys over agent_path when both available."""
@@ -229,8 +230,8 @@ class TestSshConnectKwargs:
         ):
             result = ssh_connect_kwargs(host)
 
-            # Agent should be ignored in favor of the dedicated key
-            assert "agent_path" not in result
+            # Agent must be explicitly disabled so asyncssh doesn't use SSH_AUTH_SOCK
+            assert result["agent_path"] is None
             assert result["client_keys"] == [str(key_path)]
 
     def test_custom_port(self) -> None: