From 962f8144fcfe6e0a808939a8e643806dc45a02c6 Mon Sep 17 00:00:00 2001
From: claude <eric+claude@dideric.is>
Date: Tue, 2 Jun 2026 01:34:25 +0000
Subject: [PATCH] fix(agent): always emit passthrough egress route for
 api.anthropic.com

Mirrors the Codex pattern: Claude always gets a tls_passthrough route
for api.anthropic.com so user-set tokens aren't stripped by pipelock,
whether or not auth_token is declared. Auth injection (scheme + token_ref)
and the placeholder env only apply when auth_token is set.

Assisted-by: Claude Code
---
 bot_bottle/agent_provider.py      | 13 +++++++------
 tests/unit/test_agent_provider.py | 11 +++++++++--
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/bot_bottle/agent_provider.py b/bot_bottle/agent_provider.py
index 32874b6..80f99d1 100644
--- a/bot_bottle/agent_provider.py
+++ b/bot_bottle/agent_provider.py
@@ -193,17 +193,18 @@ def agent_provision_plan(
                 "codex host credentials: dummy auth was copied into the "
                 "guest, but Codex did not accept it"
             )))
-    if template == PROVIDER_CLAUDE and auth_token:
+    if template == PROVIDER_CLAUDE:
         egress_routes.append(EgressRoute(
             host="api.anthropic.com",
-            auth_scheme="Bearer",
+            auth_scheme="Bearer" if auth_token else "",
             token_ref=auth_token,
             tls_passthrough=True,
         ))
-        env_vars["CLAUDE_CODE_OAUTH_TOKEN"] = "egress-placeholder"
-        env_vars["CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC"] = "1"
-        env_vars["DISABLE_ERROR_REPORTING"] = "1"
-        hidden_env_names = frozenset({"CLAUDE_CODE_OAUTH_TOKEN"})
+        if auth_token:
+            env_vars["CLAUDE_CODE_OAUTH_TOKEN"] = "egress-placeholder"
+            env_vars["CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC"] = "1"
+            env_vars["DISABLE_ERROR_REPORTING"] = "1"
+            hidden_env_names = frozenset({"CLAUDE_CODE_OAUTH_TOKEN"})
 
     return AgentProvisionPlan(
         template=template,
diff --git a/tests/unit/test_agent_provider.py b/tests/unit/test_agent_provider.py
index 5b333fb..8d4f4b6 100644
--- a/tests/unit/test_agent_provider.py
+++ b/tests/unit/test_agent_provider.py
@@ -129,14 +129,21 @@ class TestAgentProviderRuntime(unittest.TestCase):
             self.assertEqual("", r.token_ref)
             self.assertTrue(r.tls_passthrough)
 
-    def test_claude_plan_has_no_egress_routes(self):
+    def test_claude_without_auth_token_has_passthrough_egress_route(self):
         with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
             plan = agent_provision_plan(
                 template="claude",
                 dockerfile="",
                 state_dir=Path(tmp),
             )
-        self.assertEqual((), plan.egress_routes)
+        self.assertEqual(1, len(plan.egress_routes))
+        route = plan.egress_routes[0]
+        self.assertEqual("api.anthropic.com", route.host)
+        self.assertEqual("", route.auth_scheme)
+        self.assertEqual("", route.token_ref)
+        self.assertTrue(route.tls_passthrough)
+        self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", plan.env_vars)
+        self.assertEqual(frozenset(), plan.hidden_env_names)
 
 
 if __name__ == "__main__":