From 8875d8cc17aea0abf786179cd37f6c6c8abaa393 Mon Sep 17 00:00:00 2001 From: codex Date: Thu, 28 May 2026 17:24:39 -0400 Subject: [PATCH] fix(agent): address provider review feedback Assisted-by: Codex --- Dockerfile => Dockerfile.claude | 0 README.md | 7 +------ claude_bottle/agent_provider.py | 2 +- claude_bottle/backend/docker/capability_apply.py | 4 ++-- claude_bottle/backend/docker/prepare.py | 2 +- 5 files changed, 5 insertions(+), 10 deletions(-) rename Dockerfile => Dockerfile.claude (100%) diff --git a/Dockerfile b/Dockerfile.claude similarity index 100% rename from Dockerfile rename to Dockerfile.claude diff --git a/README.md b/README.md index 6da0e3a..4d79c8d 100644 --- a/README.md +++ b/README.md @@ -48,11 +48,6 @@ development history, Docker and smolmachines backends, dashboard and remediation flows, and unit/integration tests covering exfiltration and sandbox escape scenarios. -Current status: personal/small-team security tool, not yet enterprise -fleet infrastructure. Next work: central policy and audit, stronger -container hardening, SBOM/vulnerability scanning, and team/RBAC -support. - ## Security model Each agent runs in its own bottle: its own container, its own internal @@ -143,7 +138,7 @@ and MCP endpoints resolve without an agent-side change. ``` - **agent image** — built from the provider template Dockerfile - (`Dockerfile` for Claude, `Dockerfile.codex` for Codex, or + (`Dockerfile.claude` for Claude, `Dockerfile.codex` for Codex, or `agent_provider.dockerfile`) on first run; runs the selected agent CLI with the manifest-granted skills, env vars, and `~/.gitconfig` (the latter for the git-gate's `insteadOf` rules when `bottle.git` diff --git a/claude_bottle/agent_provider.py b/claude_bottle/agent_provider.py index 6b496e3..9991d52 100644 --- a/claude_bottle/agent_provider.py +++ b/claude_bottle/agent_provider.py @@ -38,7 +38,7 @@ _RUNTIMES = { template=PROVIDER_CLAUDE, command="claude", image="claude-bottle:latest", - dockerfile="", + dockerfile=str(_REPO_ROOT / "Dockerfile.claude"), auth_role="claude_code_oauth", placeholder_env="CLAUDE_CODE_OAUTH_TOKEN", prompt_mode="claude_append_file", diff --git a/claude_bottle/backend/docker/capability_apply.py b/claude_bottle/backend/docker/capability_apply.py index 6b69dcd..9451042 100644 --- a/claude_bottle/backend/docker/capability_apply.py +++ b/claude_bottle/backend/docker/capability_apply.py @@ -128,11 +128,11 @@ def apply_capability_change(slug: str, new_dockerfile: str) -> tuple[str, str]: def _repo_dockerfile_path() -> Path: - """Path to the repo's Dockerfile (one dir above this module's + """Path to the repo's Claude Dockerfile (one dir above this module's package root). Resolved at call time so the path is correct regardless of where this module is imported from.""" # claude_bottle/backend/docker/capability_apply.py -> repo root - return Path(__file__).resolve().parent.parent.parent.parent / "Dockerfile" + return Path(__file__).resolve().parent.parent.parent.parent / "Dockerfile.claude" def snapshot_transcript(slug: str) -> None: diff --git a/claude_bottle/backend/docker/prepare.py b/claude_bottle/backend/docker/prepare.py index eab53c6..c0baa38 100644 --- a/claude_bottle/backend/docker/prepare.py +++ b/claude_bottle/backend/docker/prepare.py @@ -183,7 +183,7 @@ def resolve_plan( supervise_dockerfile_path = ( Path(dockerfile_path) if dockerfile_path - else Path(__file__).resolve().parent.parent.parent.parent / "Dockerfile" + else Path(__file__).resolve().parent.parent.parent.parent / "Dockerfile.claude" ) dockerfile_content = ( supervise_dockerfile_path.read_text()