feat: add --remote-dir flag and use ssh alias as mount label

- New `-r` / `--remote-dir` flag to mount a specific remote subdirectory;
  empty default preserves prior home-dir behaviour.
- Validate the flag value via a dedicated `rxRemoteDir` allowlist before it
  reaches the sshfs argv.
- Use the ssh_config alias (not the resolved HostName) as the local
  mountpoint name and as the sshfs source. File managers now show the
  human-readable label instead of the raw IP.
- Validate `args[0]` against `rxHostUser` since it now flows into argv.
- Rename `verify_mount_dir` parameter `hostname -> name` and `mount_sshfs`
  first parameter `hostname -> alias` for clarity.

DECISIONS.md

@@ -1,6 +1,51 @@
 # Decisions
 
-## 2026-04-26 – Audit remediation: cache flag, host-key policy, argv hardening
+## 2026-04-28 – Use ssh_config alias as label for mountpoint and sshfs source
+- **Who**: Dom, ClaudeCode
+- **Why**: File managers showed the resolved `HostName` (often a raw IP) for
+  both the mount source (`user@10.0.0.5:`) and the mountpoint directory
+  (`~/Servers/10.0.0.5/`). The ssh_config alias is the human-readable label;
+  using it makes mounts identifiable in Nautilus/Dolphin/etc.
+- **Tradeoffs**:
+  - sshfs now resolves the alias internally via `~/.ssh/config` instead of
+    receiving a pre-resolved IP. Our explicit `-o IdentityFile=` and `-p port`
+    still win as overrides — the resolved values were redundant but kept as a
+    belt-and-suspenders sanity check (early failure if config is malformed).
+  - The CLI argument flows into the sshfs argv, so it must be validated.
+    Added `validate_ssh_field("alias", args[0], rxHostUser)` immediately after
+    arg parsing to gate injection-shaped input.
+  - Existing mounts under `~/Servers/<ip>/` are now orphaned. User must
+    manually `fusermount -u` and `rmdir` the IP-named directories. Documented
+    in the README pointer.
+- **How**:
+  - `args[0]` captured into `alias`, validated via `rxHostUser`.
+  - `verify_mount_dir(alias)` instead of `(hostname)`; param renamed to `name`
+    for clarity since it no longer represents a resolved hostname.
+  - `mount_sshfs` first arg renamed `hostname → alias`; argv source string
+    becomes `user+"@"+alias+":"+remoteDir`.
+
+## 2026-04-28 – Add `-r` / `--remote-dir` flag for custom remote path
+- **Who**: Dom, ClaudeCode
+- **Why**: Mounting only the remote home was too restrictive; sometimes a
+  specific subdirectory (e.g. `/var/www`, `~/projects`) is the actual target.
+- **Tradeoffs**:
+  - Two flag aliases (`-r` and `--remote-dir`) registered against the same
+    target via `flag.StringVar`. Doubles the `flag.PrintDefaults` output but
+    matches typical short/long convention.
+  - `rxRemoteDir` deliberately stricter than `rxIdentityFile` — no `:`, `@`,
+    `+`, `=`, `%` since remote paths rarely need them and looser allowlists
+    invite injection-shaped surprises in the `user@host:path` argv slot.
+  - Local mount path stays `~/Servers/<host>` regardless of remote dir — one
+    host = one mountpoint, even if `-r` differs between invocations. Re-mount
+    requires `fusermount -u` first.
+- **How**:
+  - `rDir` package-level `string`, registered in `init()` as `r` and
+    `remote-dir`; validated against `rxRemoteDir = ^[A-Za-z0-9/~][A-Za-z0-9._/~-]*$`.
+  - `mount_sshfs` signature gains `remoteDir string`; appended to the
+    `user@host:` argv slot. Empty string preserves the previous home-dir
+    default.
+  - `-v` output includes `Remote:` line when `rDir` is set.
+  - Tests extended with eight `rxRemoteDir` boundary cases.
 - **Who**: Dom, ClaudeCode
 - **Why**: Audit found `kernel_cache` causes stale reads on a network FS;
   `StrictHostKeyChecking` was implicit (depended on system default);