docs(agent): clarify claude oauth env
This commit is contained in:
@@ -88,7 +88,7 @@ already on the attacker's box. Detection has to be at *commit* time
|
||||
Two surfaces are exposed:
|
||||
|
||||
1. **The bot-bottle repo itself.** Development happens on a host
|
||||
with `BOT_BOTTLE_OAUTH_TOKEN`, Gitea tokens, and other
|
||||
with `BOT_BOTTLE_CLAUDE_OAUTH_TOKEN`, Gitea tokens, and other
|
||||
credentials in the environment. A fixture, test snapshot, log
|
||||
capture, or pasted-in debug output could carry one of them into a
|
||||
tracked file. The repo's Gitea remote is private, but mirrors or
|
||||
|
||||
Reference in New Issue
Block a user