docs(agent): clarify claude oauth env

2026-05-28 18:20:09 -04:00
parent cacba087c9
commit cdb1870b1c
14 changed files with 41 additions and 40 deletions
@@ -79,7 +79,7 @@ The agent's conversation channel is therefore wide open as an exfil
 path. A prompt-injected agent that has been told a secret can ship
 it to Anthropic as conversation text, formatted however it likes,
 and pipelock sees only `CONNECT api.anthropic.com:443`. The
-`BOT_BOTTLE_OAUTH_TOKEN` itself rides this exact path.
+`BOT_BOTTLE_CLAUDE_OAUTH_TOKEN` itself rides this exact path.

 ### 3. Out-of-band channels exist regardless

@@ -134,7 +134,7 @@ per-bottle gate that:

 Two concrete instances worth implementing:

-**Anthropic-API gate.** Holds `BOT_BOTTLE_OAUTH_TOKEN`. Agent's
+**Anthropic-API gate.** Holds `BOT_BOTTLE_CLAUDE_OAUTH_TOKEN`. Agent's
 `ANTHROPIC_BASE_URL` points at the gate; gate injects
 `Authorization: Bearer …` and forwards to api.anthropic.com. The
 token is no longer in the bottle's env. Once the token is out,