refactor!: rename project to bot-bottle

Assisted-by: Codex

docs/prds/0010-cred-proxy.md

@@ -51,7 +51,7 @@ already rely on.
 The research note
 [`agent-credential-proxy-landscape.md`](../research/agent-credential-proxy-landscape.md)
 surveys the existing tools and concludes that a small
-claude-bottle-specific reverse proxy is less work and less risk
+bot-bottle-specific reverse proxy is less work and less risk
 than either adopting nono (alpha, unaudited) or Infisical Agent
 Vault (TLS-MITM topology that doubles up on pipelock's CA stack).
 This PRD is the build.
@@ -118,7 +118,7 @@ common upstreams (Anthropic, GitHub, Gitea, npm) as
 - **Cross-bottle credential sharing.** One proxy per bottle, same
   one-sidecar-per-agent posture as pipelock and git-gate.
 - **`claude --bare` mode.** Reads only `ANTHROPIC_API_KEY`, not
-  the OAuth token. Not in claude-bottle's flow today.
+  the OAuth token. Not in bot-bottle's flow today.
 - **MCP-server tokens, package-installer tokens for languages
   beyond npm.** PyPI / Bun / cargo can land in a follow-up if
   needed; the routing pattern generalizes.
@@ -175,7 +175,7 @@ common upstreams (Anthropic, GitHub, Gitea, npm) as
   side-effect-free; `start` does `docker create` + `docker start`
   on the bottle's internal network with hostname `cred-proxy`;
   `stop` is idempotent `docker rm -f`. Container name:
-  `claude-bottle-cred-proxy-<slug>`. The agent container starts
+  `bot-bottle-cred-proxy-<slug>`. The agent container starts
   after the sidecar is up so DNS resolution succeeds on the
   agent's first call.
 - **pipelock interop.** cred-proxy's outbound HTTPS traverses
@@ -230,7 +230,7 @@ common upstreams (Anthropic, GitHub, Gitea, npm) as
 ```
 ┌── Host (macOS) ──────────────────────────────────────────────────┐
 │   Secrets at rest (keychain / .env):                             │
-│     CLAUDE_BOTTLE_OAUTH_TOKEN, GITHUB_TOKEN,                     │
+│     BOT_BOTTLE_OAUTH_TOKEN, GITHUB_TOKEN,                     │
 │     GITEA_SERVER_TOKEN, NPM_TOKEN                                │
 │        │ docker run -e KEY  (no =VALUE on argv)                  │
 │        ▼                                                         │
@@ -288,18 +288,18 @@ Why the agent can't reach the sidecar's environ:
 
 ### New components
 
-- **`claude_bottle/cred_proxy.py`** (new): abstract `CredProxy`
+- **`bot_bottle/cred_proxy.py`** (new): abstract `CredProxy`
   + `CredProxyPlan` dataclass. `prepare` is host-side and
   side-effect-free; renders the route table and resolves
   `TokenRef`s against host env. Mirrors the existing `GitGate` /
   `Pipelock` shape.
-- **`claude_bottle/backend/docker/cred_proxy.py`** (new):
+- **`bot_bottle/backend/docker/cred_proxy.py`** (new):
   `DockerCredProxy` concrete subclass. `start` does
   `docker create` on the bottle's internal network with hostname
   `cred-proxy`, copies the route-table file into the container,
   then `docker start`. `stop` is idempotent `docker rm -f`.
-  Container name: `claude-bottle-cred-proxy-<slug>`.
-- **`claude_bottle/backend/docker/provision/cred_proxy.py`**
+  Container name: `bot-bottle-cred-proxy-<slug>`.
+- **`bot_bottle/backend/docker/provision/cred_proxy.py`**
   (new): renders `ANTHROPIC_BASE_URL`, `~/.npmrc`,
   `~/.gitconfig` `insteadOf` blocks, and `~/.config/tea/config.yml`
   into the agent's home for each declared kind — all pointing at
@@ -310,12 +310,12 @@ Why the agent can't reach the sidecar's environ:
 
 ### Existing code touched
 
-- **`claude_bottle/manifest.py`** — add `CredProxyRoute`,
+- **`bot_bottle/manifest.py`** — add `CredProxyRoute`,
   `CredProxyConfig`, `Bottle.cred_proxy: CredProxyConfig`. Parse
   + validate route shape, role enum, path uniqueness, singleton-
   role constraints.
-- **`claude_bottle/backend/docker/prepare.py`** — drop the
-  legacy `CLAUDE_BOTTLE_OAUTH_TOKEN` → `CLAUDE_CODE_OAUTH_TOKEN`
+- **`bot_bottle/backend/docker/prepare.py`** — drop the
+  legacy `BOT_BOTTLE_OAUTH_TOKEN` → `CLAUDE_CODE_OAUTH_TOKEN`
   forward entirely. cred-proxy is the only path the Anthropic
   OAuth token reaches the bottle. When a route claims the
   `anthropic-base-url` role, write `ANTHROPIC_BASE_URL`
@@ -324,27 +324,27 @@ Why the agent can't reach the sidecar's environ:
   otherwise; the proxy strips & replaces on every request).
   Bottles that need claude-code to authenticate must declare
   the route; there is no fallback.
-- **`claude_bottle/backend/docker/backend.py`** — instantiate
+- **`bot_bottle/backend/docker/backend.py`** — instantiate
   `DockerCredProxy` alongside `DockerPipelockProxy` and
   `DockerGitGate`; thread its `prepare` / `start` / `stop`
   through `resolve_plan` / `launch`.
-- **`claude_bottle/backend/docker/launch.py`** — add cred-proxy
+- **`bot_bottle/backend/docker/launch.py`** — add cred-proxy
   start/stop to the `ExitStack` after pipelock and before the
   agent; populate `pipelock_proxy_url` + `pipelock_ca_host_path`
   on the cred-proxy plan so its outbound HTTPS routes through
   pipelock.
-- **`claude_bottle/backend/docker/bottle_plan.py`** — new
+- **`bot_bottle/backend/docker/bottle_plan.py`** — new
   `cred_proxy_plan` field; preflight shows route count + token
   refs + a path→upstream line per route; `to_dict` emits a
   `cred_proxy` array of `{path, upstream, auth_scheme, token_ref,
   roles}`.
-- **`claude_bottle/pipelock.py`** — `pipelock_token_hosts` derives
+- **`bot_bottle/pipelock.py`** — `pipelock_token_hosts` derives
   from each route's `UpstreamHost` (not a hardcoded Kind→hosts
   map). Allowlist auto-includes them; passthrough does not (the
   proxy trusts pipelock's CA so MITM works).
 - **`README.md`** — architecture diagram includes the cred-proxy
   lane; manifest section documents `bottle.cred_proxy.routes`.
-- **`claude-bottle.example.json`** — one bottle demonstrates the
+- **`bot-bottle.example.json`** — one bottle demonstrates the
   four common routes (Anthropic, GitHub, Gitea, npm).
 - **Tests** — manifest parsing/validation, route lift + token-env
   slot assignment, role-based dispatch in the provisioner,