didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

feat(egress-proxy): retarget remediation at egress-proxy (PRD 0017 chunk 3)
test / unit (pull_request) Successful in 19s
Details
test / integration (pull_request) Successful in 1m6s
Details

Browse Source 
Finishes PRD 0017. The `cred-proxy-block` MCP tool is renamed and
its remediation apply path is repointed at egress-proxy.

  - `claude_bottle/supervise.py` — `TOOL_CRED_PROXY_BLOCK` →
    `TOOL_EGRESS_PROXY_BLOCK`; `COMPONENT_FOR_TOOL` maps the new
    tool ID to `egress-proxy` for audit-log routing.

  - `claude_bottle/supervise_server.py` — tool definition renamed
    + description rewritten: "Call when egress-proxy refused your
    HTTPS request ... Read the current routes.yaml from /etc/
    claude-bottle/current-config/routes.yaml, compose a modified
    version, pass the full new file plus a justification." The
    syntactic validator dispatches on the new tool ID.

  - `claude_bottle/backend/docker/egress_proxy_apply.py` — renamed
    from `cred_proxy_apply.py`. Reads routes.yaml from
    /etc/egress-proxy/routes.yaml via `docker exec cat`; validates
    via `egress_proxy_addon_core.load_routes` (so both sides use
    the same parser); writes via `docker cp`; SIGHUPs egress-proxy
    with `docker kill --signal HUP`. `EgressProxyApplyError`
    replaces `CredProxyApplyError`.

  - `claude_bottle/cli/dashboard.py` — wires the new apply +
    `discover_egress_proxy_slugs` helper; the operator-initiated
    `routes edit <bottle>` verb now writes to egress-proxy with
    `.yaml` suffix. Stale follow-up comment about path-aware
    filtering removed — PRD 0017 settled that question.

  - `tests/integration/test_supervise_sidecar.py` — restores the
    approval round-trip test (chunk 2 had switched it to a reject
    path because no cred-proxy existed). Approval stubs
    `apply_routes_change` so the test focuses on the supervise
    queue/response plumbing rather than docker-exec into a real
    egress-proxy sidecar (that's covered separately).

  - `tests/unit/test_egress_proxy_apply.py` — rewritten against
    the new validator; covers JSON shape, missing routes key,
    partial-auth-pair rejection (the addon-core parser catches
    these before SIGHUP).

  - PRDs 0010 + 0014 — status headers updated to
    Superseded / Retargeted with a callout block pointing at PRD
    0017's migration section. Historical text preserved.

384 unit + integration tests pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-05-25 15:13:44 -04:00
parent a135415dfe
commit 9cd583fbbb
14 changed files with 361 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/prds/0010-cred-proxy.md
+9 -1
View File
@@ -1,8 +1,16 @@
# PRD 0010: Credential proxy for agent-bound API tokens
- **Status:** Draft
- **Status:** Superseded by [PRD 0017](0017-egress-proxy-via-mitmproxy.md)
- **Author:** didericis
- **Created:** 2026-05-13
- **Superseded:** 2026-05-25
> **Historical reference only.** The cred-proxy sidecar this PRD
> describes was replaced by the egress-proxy sidecar (PRD 0017) in
> a hard cutover. The auth-injection role moved over largely intact;
> path-prefix routing is replaced by universal MITM at the agent's
> HTTP_PROXY. See PRD 0017's "Migration — hard cutover" section for
> the field-by-field manifest rename.
## Summary
docs/prds/0014-cred-proxy-block-remediation.md
+13 -1
View File
@@ -1,11 +1,23 @@
# PRD 0014: cred-proxy block remediation
- **Status:** Draft
- **Status:** Retargeted by [PRD 0017](0017-egress-proxy-via-mitmproxy.md)
- **Author:** didericis
- **Created:** 2026-05-25
- **Retargeted:** 2026-05-25
- **Parent:** PRD 0012
- **Depends on:** PRD 0013
> **Retarget notice.** The remediation shape this PRD describes (MCP
> tool → operator approve → SIGHUP a sidecar) is intact, but the
> sidecar moved: cred-proxy is gone, replaced by egress-proxy under
> PRD 0017. The MCP tool is now named `egress-proxy-block`; the
> proposed file is `routes.yaml` (JSON content) in egress-proxy's
> route shape (host + path_allowlist + nested `auth` block); the
> apply path docker-cps + SIGHUPs egress-proxy. The audit-log
> component label changed from `cred-proxy` to `egress-proxy`.
> Operator-initiated `routes edit <bottle>` still exists with the
> same UX, now pointed at the egress-proxy sidecar.
## Summary
Wires the **cred-proxy block** path (PRD 0012 *Stuck categories*) end-to-end. cred-proxy gains SIGHUP-based hot reload of `routes.json`. The supervisor, on approval of a `cred-proxy-block` proposal, writes the new `routes.json` to the host and SIGHUPs cred-proxy — no restart, no dropped connections. The TUI gains a proactive `routes edit <bottle>` verb for operator-initiated edits unrelated to a tool call. The cred-proxy audit log (format defined in PRD 0013) is filled in with real entries on every edit.