From 65faa40b9a4259fa07447101f6ec3b816a98f839 Mon Sep 17 00:00:00 2001 From: didericis Date: Mon, 22 Jun 2026 14:44:46 -0400 Subject: [PATCH] refactor(backend): remove _validate_git_entries host key-file check The git-gate copies the identity file at start time and surfaces a clear failure then; the pre-launch presence check was redundant. Co-Authored-By: Claude Opus 4.8 --- bot_bottle/backend/__init__.py | 28 +++++------------------- tests/integration/test_sandbox_escape.py | 7 +++--- 2 files changed, 8 insertions(+), 27 deletions(-) diff --git a/bot_bottle/backend/__init__.py b/bot_bottle/backend/__init__.py index cd77097..9f04b99 100644 --- a/bot_bottle/backend/__init__.py +++ b/bot_bottle/backend/__init__.py @@ -45,7 +45,7 @@ from ..agent_provider import AgentProvisionPlan, get_provider, build_agent_provi from ..egress import EgressPlan from ..git_gate import GitGatePlan from ..log import die, info -from ..manifest import ManifestGitEntry, Manifest +from ..manifest import Manifest from ..supervise import SupervisePlan from ..util import expand_tilde from ..env import resolve_env, ResolvedEnv @@ -356,16 +356,14 @@ class BottleBackend(ABC, Generic[PlanT, CleanupT]): pass def _validate(self, spec: BottleSpec) -> None: - """Cross-backend pre-launch checks. Confirms the agent exists, - the named skills are present on the host, and every git - IdentityFile resolves. Subclasses with additional preconditions - should override and call `super()._validate(spec)` first.""" + """Cross-backend pre-launch checks. Confirms the agent exists + and the named skills are present on the host. Subclasses with + additional preconditions should override and call + `super()._validate(spec)` first.""" manifest = spec.manifest manifest.require_agent(spec.agent_name) agent = manifest.agents[spec.agent_name] - bottle = manifest.bottle_for(spec.agent_name) self._validate_skills(agent.skills) - self._validate_git_entries(bottle.git) self._validate_agent_provider_dockerfile(spec) def _validate_skills(self, skills: Sequence[str]) -> None: @@ -380,22 +378,6 @@ class BottleBackend(ABC, Generic[PlanT, CleanupT]): f"Create it under ~/.claude/skills/, then re-run." ) - def _validate_git_entries(self, entries: Sequence[ManifestGitEntry]) -> None: - """Each `static`-provider entry's IdentityFile must exist on the - host (after expanding leading ~) — the git-gate copies it in at - start time to authenticate the upstream push (PRD 0008). Shape is - already enforced by Manifest validation; this only checks presence. - - `gitea`-provider entries (PRD 0047/0048) carry no host key: - IdentityFile is empty at parse time and the deploy key is created - at provision time, so there is nothing to check here.""" - for entry in entries: - if entry.Key.provider != "static": - continue - key = expand_tilde(entry.IdentityFile) - if not os.path.isfile(key): - die(f"git upstream key file not found for '{entry.Name}': {key}") - def _validate_agent_provider_dockerfile(self, spec: BottleSpec) -> None: bottle = spec.manifest.bottle_for(spec.agent_name) dockerfile = bottle.agent_provider.dockerfile diff --git a/tests/integration/test_sandbox_escape.py b/tests/integration/test_sandbox_escape.py index 1614203..e8fc97d 100644 --- a/tests/integration/test_sandbox_escape.py +++ b/tests/integration/test_sandbox_escape.py @@ -92,10 +92,9 @@ class TestSandboxEscape(unittest.TestCase): "on PATH: curl -sSL https://smolmachines.com/install.sh | sh" ) - # Throwaway "identity file" so the manifest's _validate_git_entries - # passes (it only checks `os.path.isfile`, not that the content is - # a real SSH key). Test 5 reaches gitleaks before any SSH attempt - # anyway. + # Throwaway "identity file" for the git-gate's `identity` field. + # It need not be a real SSH key: test 5 reaches gitleaks before + # any SSH attempt anyway. fd, kp = tempfile.mkstemp(prefix="sandbox-test-key.") os.close(fd) cls._key_path = Path(kp)