didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

fix(agent): always emit passthrough egress route for api.anthropic.com
test / unit (pull_request) Successful in 45s
Details
test / integration (pull_request) Successful in 56s
Details

Browse Source 
Mirrors the Codex pattern: Claude always gets a tls_passthrough route
for api.anthropic.com so user-set tokens aren't stripped by pipelock,
whether or not auth_token is declared. Auth injection (scheme + token_ref)
and the placeholder env only apply when auth_token is set.

Assisted-by: Claude Code
This commit is contained in:
didericis (claude)
2026-06-02 01:34:25 +00:00
parent 200a113cce
commit 962f8144fc
2 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bot_bottle/agent_provider.py
+7 -6
View File
@@ -193,17 +193,18 @@ def agent_provision_plan(
"codex host credentials: dummy auth was copied into the " "codex host credentials: dummy auth was copied into the "
"guest, but Codex did not accept it" "guest, but Codex did not accept it"
))) )))
if template == PROVIDER_CLAUDE and auth_token: if template == PROVIDER_CLAUDE:
egress_routes.append(EgressRoute( egress_routes.append(EgressRoute(
host="api.anthropic.com", host="api.anthropic.com",
auth_scheme="Bearer", auth_scheme="Bearer" if auth_token else "",
token_ref=auth_token, token_ref=auth_token,
tls_passthrough=True, tls_passthrough=True,
)) ))
env_vars["CLAUDE_CODE_OAUTH_TOKEN"] = "egress-placeholder" if auth_token:
env_vars["CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC"] = "1" env_vars["CLAUDE_CODE_OAUTH_TOKEN"] = "egress-placeholder"
env_vars["DISABLE_ERROR_REPORTING"] = "1" env_vars["CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC"] = "1"
hidden_env_names = frozenset({"CLAUDE_CODE_OAUTH_TOKEN"}) env_vars["DISABLE_ERROR_REPORTING"] = "1"
hidden_env_names = frozenset({"CLAUDE_CODE_OAUTH_TOKEN"})
return AgentProvisionPlan( return AgentProvisionPlan(
template=template, template=template,
tests/unit/test_agent_provider.py
+9 -2
View File
@@ -129,14 +129,21 @@ class TestAgentProviderRuntime(unittest.TestCase):
self.assertEqual("", r.token_ref) self.assertEqual("", r.token_ref)
self.assertTrue(r.tls_passthrough) self.assertTrue(r.tls_passthrough)
def test_claude_plan_has_no_egress_routes(self): def test_claude_without_auth_token_has_passthrough_egress_route(self):
with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp: with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
plan = agent_provision_plan( plan = agent_provision_plan(
template="claude", template="claude",
dockerfile="", dockerfile="",
state_dir=Path(tmp), state_dir=Path(tmp),
) )
self.assertEqual((), plan.egress_routes) self.assertEqual(1, len(plan.egress_routes))
route = plan.egress_routes[0]
self.assertEqual("api.anthropic.com", route.host)
self.assertEqual("", route.auth_scheme)
self.assertEqual("", route.token_ref)
self.assertTrue(route.tls_passthrough)
self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", plan.env_vars)
self.assertEqual(frozenset(), plan.hidden_env_names)
if __name__ == "__main__": if __name__ == "__main__":