refactor: make AgentProvisionPlan the source of truth for instance_name, prompt_file, image, dockerfile, guest_home

Drop the parallel fields passed through prepare() → _resolve_plan and
read everything from agent_provision instead. The provider plugin now
declares its own guest_home (so the backend stops hardcoding
"/home/node") and the wrapper that builds the provision plan accepts
instance_name and prompt_file, which providers store on the plan.

DockerBottlePlan and SmolmachinesBottlePlan expose container_name /
machine_name, image / agent_image, dockerfile_path /
agent_dockerfile_path, and prompt_file as properties that delegate to
agent_provision so existing call sites keep working unchanged.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

bot_bottle/backend/docker/backend.py

@@ -54,11 +54,7 @@ class DockerBottleBackend(BottleBackend["DockerBottlePlan", "DockerBottleCleanup
         *,
         slug: str,
         resolved_env,
-        instance_name: str,
-        agent_image: str,
-        prompt_file: Path,
         agent_provision_plan,
-        agent_dockerfile_path: str,
         egress_plan,
         git_gate_plan,
         supervise_plan,
@@ -68,10 +64,6 @@ class DockerBottleBackend(BottleBackend["DockerBottlePlan", "DockerBottleCleanup
             spec,
             slug=slug,
             resolved_env=resolved_env,
-            instance_name=instance_name,
-            agent_image=agent_image,
-            agent_dockerfile_path=agent_dockerfile_path,
-            prompt_file=prompt_file,
             agent_provision_plan=agent_provision_plan,
             egress_plan=egress_plan,
             supervise_plan=supervise_plan,

bot_bottle/backend/docker/bottle_plan.py

@@ -22,21 +22,32 @@ class DockerBottlePlan(BottlePlan):
     `agent_provision` from BottlePlan."""
 
     slug: str
-    container_name: str
-    image: str
-    # Absolute path to the Dockerfile that builds `image`. Empty means
-    # use the repo's default Dockerfile. Populated to a per-bottle
-    # state file (~/.bot-bottle/state/<slug>/Dockerfile) after a
-    # capability-block remediation (PRD 0016).
-    dockerfile_path: str
     # name -> value for vars forwarded into the docker-run child process
     # via subprocess env (so values never land on argv or in a file).
     # repr=False keeps secret/interpolated/OAuth values out of any
     # accidental log of the plan dataclass.
     forwarded_env: dict[str, str] = field(repr=False)
-    prompt_file: Path
     use_runsc: bool
 
+    @property
+    def container_name(self) -> str:
+        return self.agent_provision.instance_name
+
+    @property
+    def image(self) -> str:
+        return self.agent_provision.image
+
+    @property
+    def dockerfile_path(self) -> str:
+        """Absolute path to the Dockerfile that builds `image`. Sourced
+        from the agent provision plan — the manifest may override per
+        bottle; otherwise the provider plugin's bundled Dockerfile."""
+        return self.agent_provision.dockerfile
+
+    @property
+    def prompt_file(self) -> Path:
+        return self.agent_provision.prompt_file
+
     @property
     def agent_command(self) -> str:
         return self.agent_provision.command

bot_bottle/backend/docker/resolve_plan.py

@@ -34,10 +34,6 @@ def resolve_plan(
     spec: BottleSpec,
     slug: str,
     resolved_env: ResolvedEnv,
-    instance_name: str,
-    agent_image: str,
-    agent_dockerfile_path: str,
-    prompt_file: Path,
     agent_provision_plan: AgentProvisionPlan,
     egress_plan: EgressPlan,
     supervise_plan: SupervisePlan,
@@ -55,12 +51,7 @@ def resolve_plan(
         spec=spec,
         stage_dir=stage_dir,
         slug=slug,
-        container_name=instance_name,
-        # container_name_pinned=container_name_pinned,
-        image=agent_image,
-        dockerfile_path=agent_dockerfile_path,
         forwarded_env=dict(resolved_env.forwarded),
-        prompt_file=prompt_file,
         git_gate_plan=git_gate_plan,
         egress_plan=egress_plan,
         supervise_plan=supervise_plan,