didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

fix(manifest): allow token + git on the same host (PRD 0010)
test / unit (pull_request) Successful in 13s
Details
test / integration (pull_request) Successful in 22s
Details

Browse Source 
git-gate holds an SSH IdentityFile for push/fetch; cred-proxy holds
a PAT for HTTPS REST API calls. The two brokers are orthogonal —
the common dev setup names both on the same host (e.g. gitea.dideric.is
SSH for push, gitea.dideric.is PAT for `tea pr create`).

The original PRD 0010 wording called this a "configuration smell"
and rejected it at parse time. That was wrong; this drops the
overlap rejection from the validator and updates the PRD prose to
match. Tests flip from "rejection" to "coexistence" assertions.
This commit is contained in:
didericis
2026-05-13 16:38:36 -04:00
parent 431e7481ef
commit c8ab90d01d
3 changed files with 46 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
claude_bottle/manifest.py
+7 -13
View File
@@ -570,11 +570,14 @@ def _validate_tokens(
- At most one entry per Kind, except `gitea` which may have
multiple entries (one per Gitea instance) with distinct Urls.
- No overlap with `bottle.git` hosts: a `github` or `gitea` token
whose host matches a `bottle.git` upstream host would put two
credential brokers on the same remote (git-gate's gitleaks-
scanning gate AND cred-proxy's bearer injection). Pick one.
A `github` or `gitea` token MAY name the same host as a
`bottle.git` entry: the two paths broker different protocols
(git-gate handles SSH push/fetch with an IdentityFile; cred-proxy
handles HTTPS REST API calls with a PAT), so declaring both on
one host is a legitimate dev setup, not a configuration error.
"""
del git # cross-host overlap is intentionally not rejected.
by_kind: dict[str, list[TokenEntry]] = {}
for t in tokens:
by_kind.setdefault(t.Kind, []).append(t)
@@ -595,15 +598,6 @@ def _validate_tokens(
f"that may have multiple entries)."
)
git_hosts = {g.UpstreamHost for g in git}
for t in tokens:
if t.Kind in ("github", "gitea") and t.UpstreamHost in git_hosts:
die(
f"bottle '{bottle_name}' token ({t.Kind}, host {t.UpstreamHost!r}) "
f"overlaps a bottle.git upstream on the same host. git-gate already "
f"brokers this remote; drop the token entry or remove the git entry."
)
def _validate_unique_git_names(bottle_name: str, git: tuple[GitEntry, ...]) -> None:
seen: dict[str, None] = {}