refactor!: rename project to bot-bottle

Assisted-by: Codex

docs/research/network-egress-guard.md

@@ -1,4 +1,4 @@
-# Network egress guard for claude-bottle containers
+# Network egress guard for bot-bottle containers
 
 Research into preventing data exfiltration from Docker containers running
 Claude Code (`--dangerously-skip-permissions`), with a focus on approaches
@@ -358,7 +358,7 @@ services:
       - agent-net
 
   claude-agent:
-    image: claude-bottle:latest
+    image: bot-bottle-claude:latest
     environment:
       HTTPS_PROXY: "http://proxy:4750"
       HTTP_PROXY:  "http://proxy:4750"
@@ -387,7 +387,7 @@ docker run -d --name "$container_name" \
   --network agent-net-"$slug" \
   -e HTTPS_PROXY=http://"$proxy_name":4750 \
   -e HTTP_PROXY=http://"$proxy_name":4750 \
-  claude-bottle:latest
+  bot-bottle-claude:latest
 ```
 
 The `--internal` flag on the network prevents containers from reaching
@@ -639,7 +639,7 @@ this is not relevant — the binary uses the Linux certificate store.
 
 Justified only if the threat model includes sophisticated actors deliberately
 crafting domain-fronting payloads. The extra complexity and CA-trust-management
-overhead is not worth it for v1. Keep in view for v2 if the claude-bottle use
+overhead is not worth it for v1. Keep in view for v2 if the bot-bottle use
 case expands to high-value agent deployments.
 
 ---