fix(git-gate): use smart http for smolmachines pushes

bot_bottle/backend/smolmachines/bottle_plan.py

@@ -68,7 +68,7 @@ class SmolmachinesBottlePlan(BottlePlan):
     # empty when the agent has no prompt — claude-code reads it
     # via --append-system-prompt-file only when non-empty.
     prompt_file: Path
-    # Inner Plans for the four bundle daemons. The same shape the
+    # Inner Plans for the sidecar bundle daemons. The same shape the
     # docker backend uses — same `.prepare()` calls produced
     # them — but our launch step doesn't populate the
     # docker-specific network fields (internal_network,

bot_bottle/backend/smolmachines/launch.py

@@ -45,7 +45,6 @@ from ..docker.git_gate import (
     GIT_GATE_CREDS_DIR_IN_CONTAINER,
     GIT_GATE_ENTRYPOINT_IN_CONTAINER,
     GIT_GATE_HOOK_IN_CONTAINER,
-    GIT_GATE_PORT as _GIT_GATE_PORT,
 )
 from ..docker.pipelock import (
     BUNDLE_LOCAL_PIPELOCK_URL,
@@ -77,6 +76,7 @@ _SMOLMACHINE_CACHE_DIR = Path.home() / ".cache" / "bot-bottle" / "smolmachines"
 # them up post-start. Pipelock's port is an env-overridable string
 # in docker.pipelock; coerce to int here.
 _PIPELOCK_PORT = int(_PIPELOCK_PORT_STR)
+_GIT_HTTP_PORT = 9420
 _SUPERVISE_PORT = SUPERVISE_PORT
 
 
@@ -172,7 +172,7 @@ def launch(
         agent_git_gate_host = ""
         if plan.git_gate_plan.upstreams:
             git_gate_host_port = _bundle.bundle_host_port(
-                plan.slug, _GIT_GATE_PORT, host_ip=loopback_ip,
+                plan.slug, _GIT_HTTP_PORT, host_ip=loopback_ip,
             )
             agent_git_gate_host = f"{loopback_ip}:{git_gate_host_port}"
         agent_supervise_url = ""
@@ -190,10 +190,11 @@ def launch(
         # otherwise claude's HTTPS_PROXY catches direct calls to
         # the supervise URL (`http://<alias>:<port>/`) and proxies
         # them through egress, which has no route for the alias
-        # and rejects with "Failed to connect". The git-gate URL
-        # uses git://, not affected by HTTP_PROXY, so the alias
-        # only has to be in NO_PROXY for the MCP / supervise
-        # path. Append rather than overwrite so prepare.py's
+        # and rejects with "Failed to connect". The smolmachines
+        # git-gate URL uses smart HTTP, so it also has to bypass
+        # the agent's HTTP_PROXY and go straight to the host-
+        # published git HTTP endpoint. Append rather than overwrite
+        # so prepare.py's
         # `localhost,127.0.0.1` baseline stays in place.
         existing_no_proxy = plan.guest_env.get("NO_PROXY", "localhost,127.0.0.1")
         guest_env = {
@@ -203,7 +204,7 @@ def launch(
             "NO_PROXY":    f"{existing_no_proxy},{loopback_ip}",
         }
         if agent_git_gate_host:
-            guest_env["GIT_GATE_URL"] = f"git://{agent_git_gate_host}"
+            guest_env["GIT_GATE_URL"] = f"http://{agent_git_gate_host}"
         if agent_supervise_url:
             guest_env["MCP_SUPERVISE_URL"] = agent_supervise_url
         plan = dataclasses.replace(
@@ -305,10 +306,10 @@ def _bundle_launch_spec(
     Daemons in the CSV:
       - egress + pipelock are always present (pipelock is the
         agent's first hop; egress is its upstream).
-      - git-gate is conditional on plan.git_gate_plan.upstreams.
+      - git-gate + git-http are conditional on plan.git_gate_plan.upstreams.
       - supervise is conditional on plan.supervise_plan.
 
-    Env + volumes are the union of the four daemons' needs, with
+    Env + volumes are the union of the sidecar daemons' needs, with
     daemon-private values only (HTTPS_PROXY is scoped to the
     egress process by egress_entrypoint.sh — see PRD 0024's bundle
     bind-address PR)."""
@@ -353,7 +354,7 @@ def _bundle_launch_spec(
     extra_hosts: list[str] = []
     gp = plan.git_gate_plan
     if gp.upstreams:
-        daemons.append("git-gate")
+        daemons += ["git-gate", "git-http"]
         volumes += [
             (str(gp.entrypoint_script), GIT_GATE_ENTRYPOINT_IN_CONTAINER, True),
             (str(gp.hook_script), GIT_GATE_HOOK_IN_CONTAINER, True),
@@ -395,7 +396,7 @@ def _bundle_launch_spec(
     else:
         ports_to_publish = [_PIPELOCK_PORT]
     if gp.upstreams:
-        ports_to_publish.append(_GIT_GATE_PORT)
+        ports_to_publish.append(_GIT_HTTP_PORT)
     if sp is not None:
         ports_to_publish.append(_SUPERVISE_PORT)
 

bot_bottle/backend/smolmachines/provision/git.py

@@ -18,7 +18,7 @@ Three concerns, all about git in the agent:
 Differs from `backend.docker.provision.git` in one address detail:
 the TSI-allowlisted guest can only reach the bundle's pinned IP
 (no DNS resolver in the /32 allowlist), so the insteadOf URLs
-are `git://<bundle_ip>:<port>/<name>.git` rather than the
+are `http://<bundle_ip>:<port>/<name>.git` rather than the
 docker backend's `git://git-gate/<name>.git`. The render itself
 is the shared `git_gate_render_gitconfig` on the platform-neutral
 git_gate module."""
@@ -82,12 +82,14 @@ def _provision_git_gate_config(plan: SmolmachinesBottlePlan, target: str) -> Non
     if not bottle.git:
         return
 
-    # `127.0.0.1:<host port>` form: the bundle's git-gate port
-    # is published on host loopback at launch time so the
-    # smolvm guest (which can only reach macOS networking via
+    # `<loopback alias>:<host port>` form: the bundle's git-gate
+    # HTTP port is published on host loopback at launch time so
+    # the smolvm guest (which can only reach macOS networking via
     # TSI, not the docker bridge IP) can dial it. launch.py
     # populates `plan.agent_git_gate_host` after bundle bringup.
-    content = git_gate_render_gitconfig(bottle.git, plan.agent_git_gate_host)
+    content = git_gate_render_gitconfig(
+        bottle.git, plan.agent_git_gate_host, scheme="http",
+    )
 
     guest_gitconfig = f"{_guest_home()}/.gitconfig"
     # Stage the file under the plan's stage_dir so `machine cp`