docs(agent): clarify claude oauth env
This commit is contained in:
@@ -26,7 +26,7 @@ entry and pushes straight at gitea/github with ssh-gate doing dumb
|
||||
L4 forwarding. There is no boundary between "the agent thinks this
|
||||
commit is fine" and "the secret hits an external remote." If a
|
||||
compromised or careless agent stages a `.env`, slips a token into
|
||||
a fixture, or commits the `BOT_BOTTLE_OAUTH_TOKEN` itself, `git
|
||||
a fixture, or commits the `BOT_BOTTLE_CLAUDE_OAUTH_TOKEN` itself, `git
|
||||
push` ships it.
|
||||
|
||||
Host-side pre-commit / pre-push hooks are the usual defense, but
|
||||
|
||||
@@ -230,7 +230,7 @@ common upstreams (Anthropic, GitHub, Gitea, npm) as
|
||||
```
|
||||
┌── Host (macOS) ──────────────────────────────────────────────────┐
|
||||
│ Secrets at rest (keychain / .env): │
|
||||
│ BOT_BOTTLE_OAUTH_TOKEN, GITHUB_TOKEN, │
|
||||
│ BOT_BOTTLE_CLAUDE_OAUTH_TOKEN, GITHUB_TOKEN, │
|
||||
│ GITEA_SERVER_TOKEN, NPM_TOKEN │
|
||||
│ │ docker run -e KEY (no =VALUE on argv) │
|
||||
│ ▼ │
|
||||
@@ -315,7 +315,7 @@ Why the agent can't reach the sidecar's environ:
|
||||
+ validate route shape, role enum, path uniqueness, singleton-
|
||||
role constraints.
|
||||
- **`bot_bottle/backend/docker/prepare.py`** — drop the
|
||||
legacy `BOT_BOTTLE_OAUTH_TOKEN` → `CLAUDE_CODE_OAUTH_TOKEN`
|
||||
legacy `BOT_BOTTLE_CLAUDE_OAUTH_TOKEN` → `CLAUDE_CODE_OAUTH_TOKEN`
|
||||
forward entirely. cred-proxy is the only path the Anthropic
|
||||
OAuth token reaches the bottle. When a route claims the
|
||||
`anthropic-base-url` role, write `ANTHROPIC_BASE_URL`
|
||||
|
||||
@@ -261,7 +261,7 @@ cred_proxy:
|
||||
- path: /anthropic/
|
||||
upstream: https://api.anthropic.com
|
||||
auth_scheme: Bearer
|
||||
token_ref: BOT_BOTTLE_OAUTH_TOKEN
|
||||
token_ref: BOT_BOTTLE_CLAUDE_OAUTH_TOKEN
|
||||
role: anthropic-base-url
|
||||
- path: /gitea/dideric/
|
||||
upstream: https://gitea.dideric.is
|
||||
|
||||
Reference in New Issue
Block a user