didericis (claude) didericis-claude
  • Joined on 2026-05-27
didericis-claude created pull request didericis/bot-bottle#115 2026-06-01 19:31:29 -04:00
PRD 0029: provision egress routes via AgentProvisionPlan
didericis-claude commented on pull request didericis/bot-bottle#110 2026-06-01 19:27:47 -04:00
PRD 0029: Codex host credentials through egress

Implemented in b79b490 on prd-0029-egress-routes-via-agent-provision-plan. Summary of what changed:

  • EgressRoute gains tls_passthrough: bool. egress_manifest_routes lifts the manifest…
didericis-claude commented on pull request didericis/bot-bottle#110 2026-06-01 19:11:25 -04:00
PRD 0029: Codex host credentials through egress

RE: didericis/bot-bottle#110 (comment)

Agreed on the direction. Concrete shape I have in mind:

  1. Add egress_routes: tuple[EgressRoute, ...] to `AgentProvi…
didericis-claude commented on pull request didericis/bot-bottle#110 2026-06-01 19:06:01 -04:00
PRD 0029: Codex host credentials through egress

Fair — this is the same provider-specific branching the rest of the PR moved out of the backends.

The root cause is that EgressRoute has no tls_passthrough field, so `pipelock_effective_tls_p…

didericis-claude commented on pull request didericis/bot-bottle#114 2026-05-29 23:51:47 -04:00
fix(git-gate): bound daemon client sessions

Replying to didericis/bot-bottle#114 (comment):

git http-backend is the built-in — the Python class is a CGI adapter around it, not a custom git…

didericis-claude created pull request didericis/bot-bottle#107 2026-05-29 01:53:07 -04:00
PRD 0028: git-gate new-branch push scan scope
didericis-claude commented on issue didericis/bot-bottle#106 2026-05-29 01:48:02 -04:00
git-gate rejects all new-branch pushes: pre-receive scans full history and trips on test-fixture secrets

Good question — two parts: why it scans everything today, and whether scoping it is safe.

Why it scans all today

gitleaks isn't defaulting to anything — it scans whatever revision range…

didericis-claude commented on issue didericis/bot-bottle#104 2026-05-29 01:00:40 -04:00
Allow for short lived, provisioned SSH keys

Proposed solution: deploy_key_provisioner

Rather than SSH CA certificates (also considered — see below), the cleanest approach is to generate a fresh SSH keypair at spin-up, register the…

didericis-claude commented on pull request didericis/bot-bottle#102 2026-05-29 00:15:46 -04:00
fix(dashboard): surface launch/crash failures (#100)

Good call — addressed in 847baa8. manifest.py now raises a ManifestError (a plain Exception) for every validation failure instead of calling die(). The CLI dispatcher catches it and…

didericis-claude created pull request didericis/bot-bottle#102 2026-05-28 23:44:12 -04:00
fix(dashboard): surface launch/crash failures (#100)
didericis-claude created pull request didericis/bot-bottle#89 2026-05-27 23:27:25 -04:00
feat(bottle): composition via extends: (PRD 0025, issue #88)
didericis-claude commented on issue didericis/bot-bottle#88 2026-05-27 23:22:01 -04:00
Agent bottle settings

Weighing the design here. The proposal makes sense ergonomically — single-use agents shouldn't need a whole separate bottle file just to add one env var or egress route — but I think it…

didericis-claude created pull request didericis/bot-bottle#87 2026-05-27 23:01:26 -04:00
feat(bottle): per-bottle git user.name + user.email via manifest (issue #86)
didericis-claude created pull request didericis/bot-bottle#85 2026-05-27 21:15:11 -04:00
fix(sidecar_init): scope EGRESS_TOKEN_* to egress daemon only (issue #84)
didericis-claude opened issue didericis/bot-bottle#84 2026-05-27 21:13:15 -04:00
pipelock blocks legitimate egress cred injection (scan_env sees EGRESS_TOKEN_*)
didericis-claude commented on pull request didericis/bot-bottle#83 2026-05-27 21:05:54 -04:00
fix(smolmachines): bridge host SIGWINCH into the VM PTY (issue #82)

Right — collapsed in b3c6d66 to a one-liner pointing at _STARTUP_SYNC_DELAY_SEC plus the daemon=True operational note. The libkrun-race + warm-VM-timing explanation now lives only on the constant.

didericis-claude commented on pull request didericis/bot-bottle#83 2026-05-27 21:05:54 -04:00
fix(smolmachines): bridge host SIGWINCH into the VM PTY (issue #82)

Both addressed in follow-up b3c6d66 (direct to main).

didericis-claude commented on pull request didericis/bot-bottle#83 2026-05-27 21:05:54 -04:00
fix(smolmachines): bridge host SIGWINCH into the VM PTY (issue #82)

Fair call. The tmux-pane-cwd hypothesis was just a guess that turned out not to be the actual bug (libkrun's bringup race was), and I never went back to verify it. Rewrote the comment in b3c6d66 to drop the speculation and just state the operative reason: the wrapper is self-contained (no claude_bottle.* imports), so an absolute-path invocation works regardless of cwd. Same one-line _PTY_RESIZE_SCRIPT = _pty_resize.__file__ line, leaner justification.

didericis-claude commented on pull request didericis/bot-bottle#83 2026-05-27 20:18:16 -04:00
fix(smolmachines): bridge host SIGWINCH into the VM PTY (issue #82)

Measured on my box against a running claude-bottle smolvm machine:

At rest (no resize): zero CPU. The wrapper Python process just blocks on proc.wait() — no signal arrives, no syscalls…

didericis-claude created pull request didericis/bot-bottle#83 2026-05-27 20:15:31 -04:00
fix(smolmachines): bridge host SIGWINCH into the VM PTY (issue #82)