fix(egress): randomize canary secret env name

bot_bottle/backend/docker/compose.py

@@ -137,10 +137,11 @@ def _sidecar_bundle_service(plan: DockerBottlePlan) -> dict[str, Any]:
         volumes.append(_bind(ep.routes_path.parent, str(Path(EGRESS_ROUTES_IN_CONTAINER).parent)))
         for token_env in sorted(ep.token_env_map.keys()):
             env.append(token_env)
-    if ep.canary:
-        # Inject canary as a literal NAME=VALUE (not a bare name) — the
-        # value is a fake secret so it need not be hidden from the compose file.
-        env.append(f"EGRESS_TOKEN_CANARY={ep.canary}")
+    if ep.canary and ep.canary_env:
+        # Inject the fake secret as a literal NAME=VALUE (not a bare name) and
+        # tell the sidecar to scan that exact env var as sensitive.
+        env.append(f"{ep.canary_env}={ep.canary}")
+        env.append(f"BOT_BOTTLE_SENSITIVE_PREFIXES={ep.canary_env}")
 
     # --- git-gate -----------------------------------------------------
     gp = plan.git_gate_plan
@@ -226,8 +227,8 @@ def _agent_service(plan: DockerBottlePlan) -> dict[str, Any]:
         env.append(name)
     # Canary token: visible to the agent as a fake secret so that any
     # outbound appearance of this value is a zero-FP exfil signal.
-    if plan.egress_plan.canary:
-        env.append(f"BOT_BOTTLE_CANARY={plan.egress_plan.canary}")
+    if plan.egress_plan.canary and plan.egress_plan.canary_env:
+        env.append(f"{plan.egress_plan.canary_env}={plan.egress_plan.canary}")
 
     service: dict[str, Any] = {
         "image": plan.image,