refactor!: rename project to bot-bottle

Assisted-by: Codex

docs/prds/0001-per-agent-egress-proxy-via-pipelock.md

@@ -6,7 +6,7 @@
 
 ## Summary
 
-Run pipelock as a sidecar container on each claude-bottle agent's only
+Run pipelock as a sidecar container on each bot-bottle agent's only
 egress route, scanning all outbound HTTP for hostname allowlist violations
 and DLP matches.
 
@@ -95,18 +95,18 @@ The feature is **done** when all of the following ship:
 
 ### New services / components
 
-Two new modules under `claude_bottle/`:
+Two new modules under `bot_bottle/`:
 
-- **`claude_bottle/pipelock.py`** — pipelock-specific logic. Generates
+- **`bot_bottle/pipelock.py`** — pipelock-specific logic. Generates
   the per-bottle YAML config from the manifest's `egress` block plus
   baked-in defaults; copies the YAML into the sidecar via `docker cp`;
   starts and stops the sidecar container; resolves the allowlist for
   display in the preflight.
-- **`claude_bottle/network.py`** — Docker network plumbing. Creates the
-  per-agent `--internal` network (named `claude-bottle-net-<slug>` with
+- **`bot_bottle/network.py`** — Docker network plumbing. Creates the
+  per-agent `--internal` network (named `bot-bottle-net-<slug>` with
   the same slug-and-suffix scheme used for container names), attaches
   the agent and sidecar to it, removes it on teardown. Kept separate
-  from `claude_bottle/docker.py` so a future PRD can add non-pipelock
+  from `bot_bottle/docker.py` so a future PRD can add non-pipelock
   network controls without entangling them with pipelock specifics.
 
 This split mirrors the existing per-concern module pattern
@@ -114,7 +114,7 @@ This split mirrors the existing per-concern module pattern
 
 ### Existing code touched
 
-- **`claude_bottle/cli/start.py`** — wire the new lifecycle into the
+- **`bot_bottle/cli/start.py`** — wire the new lifecycle into the
   `start` subcommand: create the internal network, launch the pipelock
   sidecar, then launch the agent container with `HTTPS_PROXY` /
   `HTTP_PROXY` set to the sidecar's service name. Add the resolved
@@ -129,9 +129,9 @@ This split mirrors the existing per-concern module pattern
 the image. This keeps the image agnostic to whether a sidecar is in use
 (useful if a future bottle definition opts out of the proxy for testing).
 
-`claude_bottle/docker.py` may grow one or two helpers if there is a
+`bot_bottle/docker.py` may grow one or two helpers if there is a
 clean place for shared primitives, but the network-specific helpers
-live in `claude_bottle/network.py`. Decide during implementation; not a
+live in `bot_bottle/network.py`. Decide during implementation; not a
 contract.
 
 ### Data model changes
@@ -176,7 +176,7 @@ bottle share the same allowlist.
 
 - **Pipelock binary** is pulled from
   `ghcr.io/luckypipewrench/pipelock@sha256:<digest>`. The digest is
-  pinned in `claude_bottle/pipelock.py` (or a sibling constants module)
+  pinned in `bot_bottle/pipelock.py` (or a sibling constants module)
   and bumped deliberately, mirroring the claude-code version pinning
   pattern in `Dockerfile`.
 - No new host-side runtimes. The pipelock image is the only new
@@ -192,8 +192,8 @@ bottle share the same allowlist.
   (proxy + 48 default DLP patterns + subdomain entropy + sidecar
   topology) is expected to be core-only, but this should be confirmed.
 - **Where to put the digest pin.** A constant in
-  `claude_bottle/pipelock.py` is the lowest-friction option; a separate
-  `claude_bottle/versions.py` (or similar) may be cleaner once there
+  `bot_bottle/pipelock.py` is the lowest-friction option; a separate
+  `bot_bottle/versions.py` (or similar) may be cleaner once there
   are multiple pinned dependencies. Decide during implementation.
 - **Per-agent overrides.** The PRD scopes egress to the bottle. If a
   later use case calls for tightening (not loosening) the allowlist for