didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

feat: forward pipelock config dict instead of parsing individual fields
lint / lint (push) Failing after 1m32s
Details
test / unit (pull_request) Failing after 37s
Details
test / integration (pull_request) Successful in 42s
Details

Browse Source 
- Change PipelockRoutePolicy to store raw pipelock config dict instead
  of individual coerced fields (TlsPassthrough, SsrfIpAllowlist)
- Update pipelock.py and egress.py to extract values from Config dict
- Simplifies manifest validation: pipelock handles its own schema
- Enables new pipelock options like skip_scan_for_extensions without
  updating bot-bottle code

This allows bottles to configure pipelock directly, e.g.:

  pipelock:
    skip_scan_for_extensions: [".whl", ".tar.gz"]

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-06-04 13:04:12 -04:00
parent f114c861b4
commit 8601c686f3
3 changed files with 18 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bot_bottle/egress.py
+3 -1
View File
@@ -141,13 +141,15 @@ def egress_manifest_routes(
routes are merged."""
out: list[EgressRoute] = []
for r in bottle.egress.routes:
tls_pt = r.Pipelock.Config.get("tls_passthrough", False)
tls_passthrough = tls_pt if isinstance(tls_pt, bool) else False
out.append(EgressRoute(
host=r.Host,
path_allowlist=r.PathAllowlist,
auth_scheme=r.AuthScheme,
token_ref=r.TokenRef,
roles=r.Role,
tls_passthrough=r.Pipelock.TlsPassthrough,
tls_passthrough=tls_passthrough,
))
return tuple(out)