From c63d8e0f9daf49f4fdc7d1f0be803928c78e186d Mon Sep 17 00:00:00 2001
From: didericis <eric@dideric.is>
Date: Mon, 11 May 2026 20:04:28 -0400
Subject: [PATCH] refactor(docker): forward OAuth token through resolved env

Previously _run_agent_container set os.environ["CLAUDE_CODE_OAUTH_TOKEN"]
deep inside the launch path and added a one-off `-e` pair to docker_args,
which was the only env var to bypass the resolved.forwarded flow used
for everything else.

Move the os.environ mutation + name registration into prepare, right
after resolve_env, so the OAuth token rides the same forwarded-by-name
mechanism as secrets and interpolated entries. _run_agent_container
loses the special case entirely.
---
 claude_bottle/backend/docker/backend.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/claude_bottle/backend/docker/backend.py b/claude_bottle/backend/docker/backend.py
index 0ad0c15..7e85420 100644
--- a/claude_bottle/backend/docker/backend.py
+++ b/claude_bottle/backend/docker/backend.py
@@ -118,6 +118,11 @@ class DockerBottleBackend(BottleBackend["DockerBottlePlan", "DockerBottleCleanup
 
         proxy_plan = self._proxy.prepare(bottle, slug, stage_dir)
         resolved = resolve_env(manifest, spec.agent_name)
+        if spec.forward_oauth_token:
+            # Re-export under the name claude expects, then forward by-name
+            # so the value never lands on argv or in env_file.
+            os.environ["CLAUDE_CODE_OAUTH_TOKEN"] = os.environ["CLAUDE_BOTTLE_OAUTH_TOKEN"]
+            resolved.forwarded.append("CLAUDE_CODE_OAUTH_TOKEN")
         self._write_env_files(resolved, env_file, args_file)
         prompt_file.write_text(agent.prompt)
 
@@ -238,10 +243,6 @@ class DockerBottleBackend(BottleBackend["DockerBottlePlan", "DockerBottleCleanup
             i += 1
             docker_args.extend([flag, vname])
 
-        if plan.spec.forward_oauth_token:
-            os.environ["CLAUDE_CODE_OAUTH_TOKEN"] = os.environ["CLAUDE_BOTTLE_OAUTH_TOKEN"]
-            docker_args.extend(["-e", "CLAUDE_CODE_OAUTH_TOKEN"])
-
         docker_args.extend([plan.runtime_image, "sleep", "infinity"])
 
         info(f"starting container {plan.container_name} from {plan.runtime_image}")