revert(egress-proxy): drop Role + agent provisioner (keep git-push block)
Partial revert offa06a3a. The role + agent-side provisioner felt overengineered: anthropic-base-url + npm-registry's only realistic host values match the tool defaults, so the role tags drove no-op dotfile writes most of the time. If non-default npm registry / tea config is needed in a future bottle, we can ship it through a more direct mechanism then. What stays fromfa06a3a: - Universal HTTPS git-push block in the egress-proxy addon (`is_git_push_request` in egress_proxy_addon_core, called from the request hook before route matching; 403s git-receive-pack regardless of route). This is the security backstop so git-gate remains the only outbound write path; PR #29 keeps it. What gets reverted: - `Role` field on EgressProxyRoute (manifest + runtime). - `EGRESS_PROXY_ROLES` + `EGRESS_PROXY_SINGLETON_ROLES` constants and singleton-role validation. - `backend/docker/provision/egress_proxy.py` (npmrc + tea config). - `provision_egress_proxy` slot in `BottleBackend.provision`. - `prepare.py`'s role-based ANTHROPIC_BASE_URL detection (back to the token_ref="CLAUDE_CODE_OAUTH_TOKEN" auto-detect). - Manifest + provisioner tests for the above. 355 unit + 24 integration tests pass. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -219,23 +219,20 @@ class BottleBackend(ABC, Generic[PlanT, CleanupT]):
|
||||
argv.
|
||||
|
||||
Default orchestration: ca → prompt → skills → git →
|
||||
egress_proxy → supervise. CA install runs first so the
|
||||
agent's trust store is rebuilt before anything inside the
|
||||
agent makes a TLS call. egress_proxy runs after git because
|
||||
its provisioner may layer on top of `~/.gitconfig` entries
|
||||
provision_git writes. Subclasses typically don't override
|
||||
this; they implement the sub-methods below.
|
||||
supervise. CA install runs first so the agent's trust store
|
||||
is rebuilt before anything inside the agent makes a TLS call.
|
||||
Subclasses typically don't override this; they implement the
|
||||
sub-methods below.
|
||||
|
||||
PRD 0017: most agent-side rewrites (HTTPS routing) are
|
||||
obsolete because egress-proxy sits on the HTTPS_PROXY path.
|
||||
The remaining rewrites — npm registry, tea config,
|
||||
ANTHROPIC_BASE_URL — exist for tools that need an explicit
|
||||
URL config rather than just respecting HTTPS_PROXY."""
|
||||
PRD 0017: cred-proxy's agent-side dotfile rewrites (~/.npmrc,
|
||||
~/.gitconfig insteadOf, tea config) are gone. Egress-proxy is
|
||||
on the agent's HTTP_PROXY path so every tool that respects
|
||||
HTTPS_PROXY (claude-code, git over HTTPS, npm, curl) is
|
||||
intercepted without per-tool reconfiguration."""
|
||||
self.provision_ca(plan, target)
|
||||
prompt_path = self.provision_prompt(plan, target)
|
||||
self.provision_skills(plan, target)
|
||||
self.provision_git(plan, target)
|
||||
self.provision_egress_proxy(plan, target)
|
||||
self.provision_supervise(plan, target)
|
||||
return prompt_path
|
||||
|
||||
@@ -265,12 +262,6 @@ class BottleBackend(ABC, Generic[PlanT, CleanupT]):
|
||||
"""Copy the host's cwd `.git` directory into the running
|
||||
bottle if the user requested --cwd. No-op otherwise."""
|
||||
|
||||
def provision_egress_proxy(self, plan: PlanT, target: str) -> None:
|
||||
"""Drop the agent-side dotfiles driven by `egress_proxy.routes[].role`
|
||||
per PRD 0017 (~/.npmrc, ~/.config/tea/config.yml). Default
|
||||
impl is a no-op for backends that don't yet support the
|
||||
egress-proxy sidecar; the Docker backend overrides."""
|
||||
|
||||
def provision_supervise(self, plan: PlanT, target: str) -> None:
|
||||
"""Write the in-bottle Claude Code MCP config so the agent
|
||||
discovers the per-bottle supervise sidecar (PRD 0013).
|
||||
|
||||
Reference in New Issue
Block a user