didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

refactor(cred_proxy): flat routes, role-driven provisioning (PRD 0010)
test / unit (pull_request) Successful in 14s
Details
test / integration (pull_request) Successful in 22s
Details

Browse Source 
Replace bottle.tokens (with Kind enum and hardcoded per-kind
route/auth tables) with bottle.cred_proxy.routes — each route
declares its own path, upstream, auth_scheme, token_ref, and
optional role[]. The manifest is now the source of truth for the
proxy's runtime route table; adding an upstream is a manifest edit,
not a code change.

Agent-side rewrites move from per-kind dispatch to per-role tags
on routes:
  anthropic-base-url -> set ANTHROPIC_BASE_URL=<proxy><path>
  npm-registry       -> write ~/.npmrc registry=
  git-insteadof      -> write ~/.gitconfig [url] insteadOf, keyed
                        off route.upstream (suppressed when
                        bottle.git brokers the same host)
  tea-login          -> add a ~/.config/tea/config.yml login

Roles are a list (string accepted as sugar). A gitea route
typically carries ["git-insteadof", "tea-login"]. Singleton roles
(anthropic-base-url, npm-registry) appear on at most one route.

token_env slots are assigned per distinct TokenRef in declaration
order — two routes sharing a token_ref (e.g. github API + git
endpoints) share a slot.

Drops: TOKEN_KINDS, _KIND_ROUTES, _KIND_AUTH_SCHEME, _TOKEN_DEFAULT_HOST,
cred_proxy_route_path_for_gitea, the kind field on CredProxyUpstream,
and the kind-based hardcoding in pipelock_token_hosts (now derives
from route.UpstreamHost).

Legacy bottle.tokens manifests now die with a hint pointing at
bottle.cred_proxy.routes + this PRD. Tests rewritten end-to-end.
Docs + example.json + the dev ~/claude-bottle.json updated to match.
This commit is contained in:
didericis
2026-05-13 21:49:55 -04:00
parent 27b2d78b11
commit fcbbc4484d
15 changed files with 798 additions and 695 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/integration/test_cred_proxy_sidecar.py
-1
View File
@@ -154,7 +154,6 @@ class TestCredProxySidecar(unittest.TestCase):
slug=self.slug,
routes_path=routes_path,
upstreams=(CredProxyUpstream(
kind="fake",
path="/fake/",
upstream=f"http://{FAKE_UPSTREAM_HOST}:{FAKE_UPSTREAM_PORT}",
auth_scheme="Bearer",
tests/unit/test_cred_proxy.py
+78 -69
View File
@@ -14,79 +14,77 @@ from claude_bottle.log import Die
from claude_bottle.manifest import Manifest
def _bottle(tokens):
def _bottle(routes):
return Manifest.from_json_obj({
"bottles": {"dev": {"tokens": tokens}},
"bottles": {"dev": {"cred_proxy": {"routes": routes}}},
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
}).bottles["dev"]
class TestUpstreamLift(unittest.TestCase):
def test_anthropic_yields_one_route(self):
b = _bottle([{"Kind": "anthropic", "TokenRef": "CLAUDE_BOTTLE_OAUTH_TOKEN"}])
def test_single_route_yields_single_upstream(self):
b = _bottle([
{"path": "/anthropic/", "upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer", "token_ref": "CLAUDE_BOTTLE_OAUTH_TOKEN",
"role": "anthropic-base-url"},
])
upstreams = cred_proxy_upstreams_for_bottle(b)
self.assertEqual(1, len(upstreams))
u = upstreams[0]
self.assertEqual("anthropic", u.kind)
self.assertEqual("/anthropic/", u.path)
self.assertEqual("https://api.anthropic.com", u.upstream)
self.assertEqual("Bearer", u.auth_scheme)
self.assertEqual("CRED_PROXY_TOKEN_0", u.token_env)
self.assertEqual("CLAUDE_BOTTLE_OAUTH_TOKEN", u.token_ref)
self.assertEqual(("anthropic-base-url",), u.roles)
def test_github_yields_two_routes_sharing_token_env(self):
b = _bottle([{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}])
def test_shared_token_ref_collapses_to_one_slot(self):
# Two github routes share GH_PAT — they share token_env.
b = _bottle([
{"path": "/gh-api/", "upstream": "https://api.github.com",
"auth_scheme": "Bearer", "token_ref": "GH_PAT"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH_PAT",
"role": "git-insteadof"},
])
upstreams = cred_proxy_upstreams_for_bottle(b)
self.assertEqual(2, len(upstreams))
paths = [u.path for u in upstreams]
self.assertIn("/gh-api/", paths)
self.assertIn("/gh-git/", paths)
self.assertEqual({"CRED_PROXY_TOKEN_0"}, {u.token_env for u in upstreams})
for u in upstreams:
self.assertEqual("Bearer", u.auth_scheme)
self.assertEqual("GITHUB_TOKEN", u.token_ref)
self.assertEqual({"CRED_PROXY_TOKEN_0"},
{u.token_env for u in upstreams})
def test_gitea_uses_token_scheme_and_host_path(self):
def test_distinct_token_refs_get_distinct_slots(self):
b = _bottle([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is"},
])
u = cred_proxy_upstreams_for_bottle(b)[0]
self.assertEqual("/gitea/gitea.dideric.is/", u.path)
self.assertEqual("https://gitea.dideric.is", u.upstream)
self.assertEqual("token", u.auth_scheme)
def test_gitea_url_trailing_slash_stripped(self):
b = _bottle([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is/"},
])
u = cred_proxy_upstreams_for_bottle(b)[0]
self.assertEqual("https://gitea.dideric.is", u.upstream)
def test_npm_yields_one_route(self):
b = _bottle([{"Kind": "npm", "TokenRef": "NPM_TOKEN"}])
u = cred_proxy_upstreams_for_bottle(b)[0]
self.assertEqual("/npm/", u.path)
self.assertEqual("https://registry.npmjs.org", u.upstream)
def test_four_kinds_get_distinct_token_envs(self):
b = _bottle([
{"Kind": "anthropic", "TokenRef": "A"},
{"Kind": "github", "TokenRef": "G"},
{"Kind": "gitea", "TokenRef": "T",
"Url": "https://gitea.dideric.is"},
{"Kind": "npm", "TokenRef": "N"},
{"path": "/a/", "upstream": "https://a.example",
"auth_scheme": "Bearer", "token_ref": "T1"},
{"path": "/b/", "upstream": "https://b.example",
"auth_scheme": "Bearer", "token_ref": "T2"},
{"path": "/c/", "upstream": "https://c.example",
"auth_scheme": "Bearer", "token_ref": "T1"},
])
upstreams = cred_proxy_upstreams_for_bottle(b)
# 1 anthropic + 2 github + 1 gitea + 1 npm = 5 routes
self.assertEqual(5, len(upstreams))
# github shares one token_env across its two routes -> 4 distinct
envs = {u.token_env for u in upstreams}
self.assertEqual({"CRED_PROXY_TOKEN_0", "CRED_PROXY_TOKEN_1",
"CRED_PROXY_TOKEN_2", "CRED_PROXY_TOKEN_3"}, envs)
# T1 -> slot 0, T2 -> slot 1, T1 reuses slot 0.
self.assertEqual("CRED_PROXY_TOKEN_0", upstreams[0].token_env)
self.assertEqual("CRED_PROXY_TOKEN_1", upstreams[1].token_env)
self.assertEqual("CRED_PROXY_TOKEN_0", upstreams[2].token_env)
def test_empty_tokens_yields_empty_upstreams(self):
def test_upstream_trailing_slash_stripped(self):
b = _bottle([
{"path": "/x/", "upstream": "https://gitea.dideric.is/",
"auth_scheme": "token", "token_ref": "T"},
])
self.assertEqual("https://gitea.dideric.is",
cred_proxy_upstreams_for_bottle(b)[0].upstream)
def test_roles_list_passes_through(self):
b = _bottle([
{"path": "/gitea/x/", "upstream": "https://gitea.example.com",
"auth_scheme": "token", "token_ref": "T",
"role": ["git-insteadof", "tea-login"]},
])
self.assertEqual(("git-insteadof", "tea-login"),
cred_proxy_upstreams_for_bottle(b)[0].roles)
def test_empty_routes_yields_empty_upstreams(self):
b = _bottle([])
self.assertEqual((), cred_proxy_upstreams_for_bottle(b))
@@ -94,43 +92,48 @@ class TestUpstreamLift(unittest.TestCase):
class TestTokenEnvMap(unittest.TestCase):
def test_distinct_envs_yield_full_map(self):
b = _bottle([
{"Kind": "anthropic", "TokenRef": "A"},
{"Kind": "github", "TokenRef": "G"},
{"path": "/a/", "upstream": "https://a.example",
"auth_scheme": "Bearer", "token_ref": "A"},
{"path": "/b/", "upstream": "https://b.example",
"auth_scheme": "Bearer", "token_ref": "B"},
])
m = cred_proxy_token_env_map(cred_proxy_upstreams_for_bottle(b))
self.assertEqual({"CRED_PROXY_TOKEN_0": "A",
"CRED_PROXY_TOKEN_1": "G"}, m)
"CRED_PROXY_TOKEN_1": "B"}, m)
def test_github_two_routes_coalesce_to_one_env(self):
b = _bottle([{"Kind": "github", "TokenRef": "G"}])
def test_shared_token_ref_yields_one_env(self):
b = _bottle([
{"path": "/gh-api/", "upstream": "https://api.github.com",
"auth_scheme": "Bearer", "token_ref": "GH"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH"},
])
m = cred_proxy_token_env_map(cred_proxy_upstreams_for_bottle(b))
self.assertEqual({"CRED_PROXY_TOKEN_0": "G"}, m)
self.assertEqual({"CRED_PROXY_TOKEN_0": "GH"}, m)
class TestRoutesRender(unittest.TestCase):
def test_renders_json_with_expected_shape(self):
b = _bottle([
{"Kind": "anthropic", "TokenRef": "CLAUDE_BOTTLE_OAUTH_TOKEN"},
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is"},
{"path": "/anthropic/", "upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer", "token_ref": "CLAUDE_BOTTLE_OAUTH_TOKEN"},
{"path": "/gitea/x/", "upstream": "https://gitea.dideric.is",
"auth_scheme": "token", "token_ref": "GITEA_TOKEN"},
])
rendered = cred_proxy_render_routes(cred_proxy_upstreams_for_bottle(b))
payload = json.loads(rendered)
self.assertEqual(["routes"], list(payload.keys()))
self.assertEqual(2, len(payload["routes"]))
anthropic = payload["routes"][0]
first = payload["routes"][0]
self.assertEqual({"path", "upstream", "auth_scheme", "token_env"},
set(anthropic.keys()))
self.assertEqual("/anthropic/", anthropic["path"])
self.assertEqual("https://api.anthropic.com", anthropic["upstream"])
self.assertEqual("Bearer", anthropic["auth_scheme"])
self.assertEqual("CRED_PROXY_TOKEN_0", anthropic["token_env"])
set(first.keys()))
def test_routes_carry_no_token_values_or_host_env_names(self):
# routes.json lives mode-600 in the staging dir and gets
# docker cp'd into the sidecar — it must not leak secret values
# or even the host-side TokenRef name.
b = _bottle([{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}])
# or the host-side TokenRef name.
b = _bottle([{"path": "/x/", "upstream": "https://x.example",
"auth_scheme": "Bearer", "token_ref": "GITHUB_TOKEN"}])
rendered = cred_proxy_render_routes(cred_proxy_upstreams_for_bottle(b))
self.assertNotIn("GITHUB_TOKEN", rendered)
@@ -173,7 +176,13 @@ class TestCredProxyPrepare(unittest.TestCase):
def start(self, plan): return ""
def stop(self, target): return None
b = _bottle([{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}])
b = _bottle([
{"path": "/gh-api/", "upstream": "https://api.github.com",
"auth_scheme": "Bearer", "token_ref": "GITHUB_TOKEN"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GITHUB_TOKEN",
"role": "git-insteadof"},
])
with tempfile.TemporaryDirectory() as td:
stage = Path(td)
plan = StubCredProxy().prepare(b, "test-slug", stage)
tests/unit/test_docker_cred_proxy.py
+3 -3
View File
@@ -57,7 +57,7 @@ class TestStartGuards(unittest.TestCase):
def test_missing_internal_network_dies(self):
upstream = CredProxyUpstream(
kind="anthropic", path="/anthropic/",
path="/anthropic/",
upstream="https://api.anthropic.com",
auth_scheme="Bearer", token_env="CRED_PROXY_TOKEN_0",
token_ref="T",
@@ -67,7 +67,7 @@ class TestStartGuards(unittest.TestCase):
def test_missing_routes_file_dies(self):
upstream = CredProxyUpstream(
kind="anthropic", path="/anthropic/",
path="/anthropic/",
upstream="https://api.anthropic.com",
auth_scheme="Bearer", token_env="CRED_PROXY_TOKEN_0",
token_ref="T",
@@ -84,7 +84,7 @@ class TestStartGuards(unittest.TestCase):
# URL set + CA path empty/missing is a wiring bug: either both
# populated (production) or both empty (test escape hatch).
upstream = CredProxyUpstream(
kind="anthropic", path="/anthropic/",
path="/anthropic/",
upstream="https://api.anthropic.com",
auth_scheme="Bearer", token_env="CRED_PROXY_TOKEN_0",
token_ref="T",
tests/unit/test_manifest_tokens.py
+112 -133
View File
@@ -1,4 +1,4 @@
"""Unit: Bottle.tokens manifest parsing + validation (PRD 0010)."""
"""Unit: bottle.cred_proxy.routes manifest parsing + validation (PRD 0010)."""
import unittest
@@ -6,8 +6,8 @@ from claude_bottle.log import Die
from claude_bottle.manifest import Manifest
def _manifest(tokens, git=None):
bottle: dict[str, object] = {"tokens": tokens}
def _manifest(routes, git=None):
bottle: dict[str, object] = {"cred_proxy": {"routes": routes}}
if git is not None:
bottle["git"] = git
return {
@@ -16,177 +16,156 @@ def _manifest(tokens, git=None):
}
class TestTokenEntryParsing(unittest.TestCase):
def test_parses_anthropic_entry(self):
class TestCredProxyRouteParsing(unittest.TestCase):
def test_parses_minimal_route(self):
m = Manifest.from_json_obj(_manifest([
{"Kind": "anthropic", "TokenRef": "CLAUDE_BOTTLE_OAUTH_TOKEN"},
{"path": "/anthropic/",
"upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer",
"token_ref": "CLAUDE_BOTTLE_OAUTH_TOKEN"},
]))
entries = m.bottles["dev"].tokens
self.assertEqual(1, len(entries))
e = entries[0]
self.assertEqual("anthropic", e.Kind)
self.assertEqual("CLAUDE_BOTTLE_OAUTH_TOKEN", e.TokenRef)
self.assertEqual("", e.Url)
self.assertEqual("api.anthropic.com", e.UpstreamHost)
routes = m.bottles["dev"].cred_proxy.routes
self.assertEqual(1, len(routes))
r = routes[0]
self.assertEqual("/anthropic/", r.Path)
self.assertEqual("https://api.anthropic.com", r.Upstream)
self.assertEqual("Bearer", r.AuthScheme)
self.assertEqual("CLAUDE_BOTTLE_OAUTH_TOKEN", r.TokenRef)
self.assertEqual((), r.Role)
self.assertEqual("api.anthropic.com", r.UpstreamHost)
def test_parses_github_entry(self):
def test_role_string_normalizes_to_tuple(self):
m = Manifest.from_json_obj(_manifest([
{"Kind": "github", "TokenRef": "GITHUB_TOKEN"},
{"path": "/anthropic/", "upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer", "token_ref": "T",
"role": "anthropic-base-url"},
]))
e = m.bottles["dev"].tokens[0]
self.assertEqual("github", e.Kind)
self.assertEqual("github.com", e.UpstreamHost)
self.assertEqual(("anthropic-base-url",),
m.bottles["dev"].cred_proxy.routes[0].Role)
def test_parses_npm_entry(self):
def test_role_list_supported(self):
m = Manifest.from_json_obj(_manifest([
{"Kind": "npm", "TokenRef": "NPM_TOKEN"},
{"path": "/gitea/x/", "upstream": "https://gitea.example.com",
"auth_scheme": "token", "token_ref": "T",
"role": ["git-insteadof", "tea-login"]},
]))
e = m.bottles["dev"].tokens[0]
self.assertEqual("registry.npmjs.org", e.UpstreamHost)
self.assertEqual(("git-insteadof", "tea-login"),
m.bottles["dev"].cred_proxy.routes[0].Role)
def test_parses_gitea_entry_with_url(self):
def test_upstream_host_extracted(self):
m = Manifest.from_json_obj(_manifest([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is"},
{"path": "/gitea/x/", "upstream": "https://gitea.dideric.is:30443",
"auth_scheme": "token", "token_ref": "T"},
]))
e = m.bottles["dev"].tokens[0]
self.assertEqual("gitea", e.Kind)
self.assertEqual("https://gitea.dideric.is", e.Url)
self.assertEqual("gitea.dideric.is", e.UpstreamHost)
def test_gitea_url_with_port_strips_port_from_host(self):
m = Manifest.from_json_obj(_manifest([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is:30009"},
]))
self.assertEqual("gitea.dideric.is", m.bottles["dev"].tokens[0].UpstreamHost)
self.assertEqual("gitea.dideric.is",
m.bottles["dev"].cred_proxy.routes[0].UpstreamHost)
class TestTokenEntryValidation(unittest.TestCase):
def test_unknown_kind_dies(self):
class TestCredProxyRouteValidation(unittest.TestCase):
def _route(self, **overrides):
base = {
"path": "/x/",
"upstream": "https://example.com",
"auth_scheme": "Bearer",
"token_ref": "TOK",
}
base.update(overrides)
return base
def test_missing_path_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "aws", "TokenRef": "AWS_TOKEN"},
]))
Manifest.from_json_obj(_manifest([self._route(path=None)]))
def test_missing_kind_dies(self):
def test_path_without_trailing_slash_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"TokenRef": "GITHUB_TOKEN"},
]))
Manifest.from_json_obj(_manifest([self._route(path="/no-slash")]))
def test_path_without_leading_slash_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([self._route(path="no-slash/")]))
def test_missing_upstream_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([self._route(upstream=None)]))
def test_non_https_upstream_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([self._route(upstream="http://x.example")]))
def test_unknown_auth_scheme_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([self._route(auth_scheme="Basic")]))
def test_missing_token_ref_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "github"},
]))
Manifest.from_json_obj(_manifest([self._route(token_ref=None)]))
def test_gitea_without_url_dies(self):
def test_unknown_role_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([self._route(role="something-made-up")]))
class TestCredProxyCrossValidation(unittest.TestCase):
def test_duplicate_path_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN"},
{"path": "/x/", "upstream": "https://a.example",
"auth_scheme": "Bearer", "token_ref": "T1"},
{"path": "/x/", "upstream": "https://b.example",
"auth_scheme": "Bearer", "token_ref": "T2"},
]))
def test_gitea_with_non_https_url_dies(self):
def test_two_routes_same_anthropic_role_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "http://gitea.dideric.is"},
{"path": "/anthropic/", "upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer", "token_ref": "A1",
"role": "anthropic-base-url"},
{"path": "/anthropic-2/", "upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer", "token_ref": "A2",
"role": "anthropic-base-url"},
]))
def test_non_gitea_kind_with_url_dies(self):
# Url is fixed for anthropic / github / npm — passing one is a
# configuration smell, not an override knob.
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "github", "TokenRef": "GITHUB_TOKEN",
"Url": "https://api.example.com"},
]))
def test_duplicate_non_gitea_kind_dies(self):
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "github", "TokenRef": "A"},
{"Kind": "github", "TokenRef": "B"},
]))
def test_two_gitea_with_distinct_urls_ok(self):
def test_multiple_git_insteadof_ok(self):
# git-insteadof is not a singleton role — each route can
# independently rewrite its own host.
m = Manifest.from_json_obj(_manifest([
{"Kind": "gitea", "TokenRef": "T1",
"Url": "https://gitea.dideric.is"},
{"Kind": "gitea", "TokenRef": "T2",
"Url": "https://gitea.example.com"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH",
"role": "git-insteadof"},
{"path": "/gitea/x/", "upstream": "https://gitea.example.com",
"auth_scheme": "token", "token_ref": "GT",
"role": "git-insteadof"},
]))
self.assertEqual(2, len(m.bottles["dev"].tokens))
self.assertEqual(2, len(m.bottles["dev"].cred_proxy.routes))
def test_two_gitea_with_same_url_dies(self):
class TestLegacyTokensField(unittest.TestCase):
def test_legacy_tokens_field_dies_with_hint(self):
# The PRD-iteration shape ({"tokens": [{Kind: ...}]}) was
# replaced by cred_proxy.routes; old manifests must fail
# loudly with a pointer.
with self.assertRaises(Die):
Manifest.from_json_obj(_manifest([
{"Kind": "gitea", "TokenRef": "T1",
"Url": "https://gitea.dideric.is"},
{"Kind": "gitea", "TokenRef": "T2",
"Url": "https://gitea.dideric.is"},
]))
Manifest.from_json_obj({
"bottles": {"dev": {"tokens": [
{"Kind": "anthropic", "TokenRef": "T"},
]}},
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
})
class TestTokenGitCoexistence(unittest.TestCase):
"""git-gate brokers SSH push/fetch via an IdentityFile; cred-proxy
brokers HTTPS REST API calls via a PAT. Declaring both on the same
host is the common dev setup (SSH key for git ops, PAT for `tea` /
`gh` API calls), not a configuration error."""
def test_github_token_and_github_git_entry_coexist(self):
m = Manifest.from_json_obj(_manifest(
tokens=[{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}],
git=[{
"Name": "myrepo",
"Upstream": "ssh://git@github.com/me/myrepo.git",
"IdentityFile": "/dev/null",
}],
))
self.assertEqual(1, len(m.bottles["dev"].tokens))
self.assertEqual(1, len(m.bottles["dev"].git))
def test_gitea_token_and_same_host_git_entry_coexist(self):
m = Manifest.from_json_obj(_manifest(
tokens=[{
"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is",
}],
git=[{
"Name": "myrepo",
"Upstream": "ssh://git@gitea.dideric.is:30009/me/myrepo.git",
"IdentityFile": "/dev/null",
}],
))
self.assertEqual("gitea.dideric.is", m.bottles["dev"].tokens[0].UpstreamHost)
self.assertEqual("gitea.dideric.is", m.bottles["dev"].git[0].UpstreamHost)
def test_anthropic_token_and_git_unrelated(self):
# api.anthropic.com isn't a git host; coexistence is trivial.
m = Manifest.from_json_obj(_manifest(
tokens=[{"Kind": "anthropic", "TokenRef": "CLAUDE_BOTTLE_OAUTH_TOKEN"}],
git=[{
"Name": "myrepo",
"Upstream": "ssh://git@gitea.dideric.is:30009/me/myrepo.git",
"IdentityFile": "/dev/null",
}],
))
self.assertEqual(1, len(m.bottles["dev"].tokens))
class TestEmptyTokensField(unittest.TestCase):
def test_no_tokens_field_yields_empty_tuple(self):
class TestEmptyCredProxy(unittest.TestCase):
def test_no_cred_proxy_field_yields_empty_routes(self):
m = Manifest.from_json_obj({
"bottles": {"dev": {}},
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
})
self.assertEqual((), m.bottles["dev"].tokens)
self.assertEqual((), m.bottles["dev"].cred_proxy.routes)
def test_tokens_array_type_required(self):
def test_routes_array_type_required(self):
with self.assertRaises(Die):
Manifest.from_json_obj({
"bottles": {"dev": {"tokens": "not-a-list"}},
"bottles": {"dev": {"cred_proxy": {"routes": "not-a-list"}}},
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
})
tests/unit/test_pipelock_allowlist.py
+38 -53
View File
@@ -37,54 +37,43 @@ class TestEffectiveAllowlist(unittest.TestCase):
self.assertEqual(eff, sorted(eff), "sorted")
def _routes(routes):
return {"cred_proxy": {"routes": routes}}
class TestTokenHosts(unittest.TestCase):
def test_github_yields_both_hosts(self):
hosts = pipelock_token_hosts(_bottle({
"tokens": [{"Kind": "github", "TokenRef": "GH"}],
}))
def test_each_route_contributes_its_upstream_host(self):
hosts = pipelock_token_hosts(_bottle(_routes([
{"path": "/gh-api/", "upstream": "https://api.github.com",
"auth_scheme": "Bearer", "token_ref": "GH"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH"},
])))
self.assertEqual(["api.github.com", "github.com"], hosts)
def test_gitea_yields_configured_host(self):
hosts = pipelock_token_hosts(_bottle({
"tokens": [{"Kind": "gitea", "TokenRef": "T",
"Url": "https://gitea.dideric.is"}],
}))
self.assertEqual(["gitea.dideric.is"], hosts)
def test_dedupe_across_routes(self):
hosts = pipelock_token_hosts(_bottle(_routes([
{"path": "/a/", "upstream": "https://x.example",
"auth_scheme": "Bearer", "token_ref": "T1"},
{"path": "/b/", "upstream": "https://x.example",
"auth_scheme": "Bearer", "token_ref": "T2"},
])))
self.assertEqual(["x.example"], hosts)
def test_npm_yields_registry(self):
hosts = pipelock_token_hosts(_bottle({
"tokens": [{"Kind": "npm", "TokenRef": "N"}],
}))
self.assertEqual(["registry.npmjs.org"], hosts)
def test_anthropic_yields_api_host(self):
hosts = pipelock_token_hosts(_bottle({
"tokens": [{"Kind": "anthropic", "TokenRef": "A"}],
}))
self.assertEqual(["api.anthropic.com"], hosts)
def test_no_tokens_empty(self):
def test_no_routes_empty(self):
self.assertEqual([], pipelock_token_hosts(_bottle({})))
class TestAllowlistWithTokens(unittest.TestCase):
def test_token_hosts_added_to_allowlist(self):
eff = pipelock_effective_allowlist(_bottle({
"tokens": [
{"Kind": "npm", "TokenRef": "N"},
{"Kind": "github", "TokenRef": "G"},
],
}))
def test_route_hosts_added_to_allowlist(self):
eff = pipelock_effective_allowlist(_bottle(_routes([
{"path": "/npm/", "upstream": "https://registry.npmjs.org",
"auth_scheme": "Bearer", "token_ref": "N"},
{"path": "/gh-api/", "upstream": "https://api.github.com",
"auth_scheme": "Bearer", "token_ref": "G"},
])))
self.assertIn("registry.npmjs.org", eff)
self.assertIn("api.github.com", eff)
self.assertIn("github.com", eff)
def test_gitea_host_added(self):
eff = pipelock_effective_allowlist(_bottle({
"tokens": [{"Kind": "gitea", "TokenRef": "T",
"Url": "https://gitea.dideric.is"}],
}))
self.assertIn("gitea.dideric.is", eff)
class TestTlsPassthrough(unittest.TestCase):
@@ -92,21 +81,17 @@ class TestTlsPassthrough(unittest.TestCase):
passthrough = pipelock_effective_tls_passthrough(_bottle({}))
self.assertEqual(["api.anthropic.com"], passthrough)
def test_token_hosts_NOT_added_to_passthrough(self):
# cred-proxy now trusts pipelock's per-bottle CA (loaded into
# its container's trust store via docker cp + update-ca-
# certificates at start time), so pipelock can MITM the
# cred-proxy -> upstream leg and body-scan it. Auto-adding
# cred-proxy hosts to passthrough would silently disable that
# second scanner for github / gitea / npm.
passthrough = pipelock_effective_tls_passthrough(_bottle({
"tokens": [
{"Kind": "github", "TokenRef": "G"},
{"Kind": "npm", "TokenRef": "N"},
{"Kind": "gitea", "TokenRef": "T",
"Url": "https://gitea.dideric.is"},
],
}))
def test_route_hosts_NOT_added_to_passthrough(self):
# cred-proxy now trusts pipelock's per-bottle CA, so pipelock
# can MITM the cred-proxy -> upstream leg and body-scan it.
# Auto-adding cred-proxy hosts to passthrough would silently
# disable that second scanner.
passthrough = pipelock_effective_tls_passthrough(_bottle(_routes([
{"path": "/gh-api/", "upstream": "https://api.github.com",
"auth_scheme": "Bearer", "token_ref": "G"},
{"path": "/npm/", "upstream": "https://registry.npmjs.org",
"auth_scheme": "Bearer", "token_ref": "N"},
])))
self.assertEqual(["api.anthropic.com"], passthrough)
tests/unit/test_provision_cred_proxy.py
+73 -55
View File
@@ -14,103 +14,106 @@ from claude_bottle.cred_proxy import cred_proxy_upstreams_for_bottle
from claude_bottle.manifest import Manifest
def _bottle(tokens):
def _bottle(routes):
return Manifest.from_json_obj({
"bottles": {"dev": {"tokens": tokens}},
"bottles": {"dev": {"cred_proxy": {"routes": routes}}},
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
}).bottles["dev"]
def _upstreams(tokens):
return cred_proxy_upstreams_for_bottle(_bottle(tokens))
def _upstreams(routes):
return cred_proxy_upstreams_for_bottle(_bottle(routes))
class TestRenderNpmrc(unittest.TestCase):
def test_empty_when_no_npm_route(self):
def test_empty_when_no_role(self):
self.assertEqual("", render_npmrc(_upstreams([])))
self.assertEqual("", render_npmrc(_upstreams([
{"Kind": "anthropic", "TokenRef": "A"},
{"path": "/x/", "upstream": "https://x.example",
"auth_scheme": "Bearer", "token_ref": "T"},
])))
def test_writes_registry_line(self):
def test_writes_registry_line_for_npm_registry_role(self):
out = render_npmrc(_upstreams([
{"Kind": "npm", "TokenRef": "NPM_TOKEN"},
{"path": "/npm/", "upstream": "https://registry.npmjs.org",
"auth_scheme": "Bearer", "token_ref": "NPM_TOKEN",
"role": "npm-registry"},
]))
self.assertEqual("registry=http://cred-proxy:9099/npm/\n", out)
def test_omits_authtoken(self):
# The proxy injects Authorization at request time. The npmrc
# deliberately carries no _authToken — a stale token there
# would just get stripped, but it also creates the false
# impression that the agent holds a credential.
# The proxy injects Authorization at request time.
out = render_npmrc(_upstreams([
{"Kind": "npm", "TokenRef": "NPM_TOKEN"},
{"path": "/npm/", "upstream": "https://registry.npmjs.org",
"auth_scheme": "Bearer", "token_ref": "NPM_TOKEN",
"role": "npm-registry"},
]))
self.assertNotIn("_authToken", out)
self.assertNotIn("NPM_TOKEN", out)
class TestRenderGitconfig(unittest.TestCase):
def test_empty_when_no_github_or_gitea(self):
def test_empty_when_no_role(self):
self.assertEqual("", render_cred_proxy_gitconfig(_upstreams([
{"Kind": "anthropic", "TokenRef": "A"},
{"Kind": "npm", "TokenRef": "N"},
{"path": "/anthropic/", "upstream": "https://api.anthropic.com",
"auth_scheme": "Bearer", "token_ref": "A"},
])))
def test_github_writes_https_insteadof(self):
def test_writes_insteadof_for_git_insteadof_role(self):
out = render_cred_proxy_gitconfig(_upstreams([
{"Kind": "github", "TokenRef": "GITHUB_TOKEN"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH",
"role": "git-insteadof"},
]))
self.assertIn('[url "http://cred-proxy:9099/gh-git/"]', out)
self.assertIn("insteadOf = https://github.com/", out)
def test_gitea_writes_per_host_insteadof(self):
out = render_cred_proxy_gitconfig(_upstreams([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is"},
{"path": "/gitea/dideric/", "upstream": "https://gitea.dideric.is",
"auth_scheme": "token", "token_ref": "GITEA",
"role": "git-insteadof"},
]))
self.assertIn('[url "http://cred-proxy:9099/gitea/gitea.dideric.is/"]', out)
self.assertIn('[url "http://cred-proxy:9099/gitea/dideric/"]', out)
self.assertIn("insteadOf = https://gitea.dideric.is/", out)
def test_two_giteas_yield_two_rules(self):
def test_two_routes_yield_two_rules(self):
out = render_cred_proxy_gitconfig(_upstreams([
{"Kind": "gitea", "TokenRef": "G1",
"Url": "https://gitea.dideric.is"},
{"Kind": "gitea", "TokenRef": "G2",
"Url": "https://gitea.example.com"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH",
"role": "git-insteadof"},
{"path": "/gitea/x/", "upstream": "https://gitea.example.com",
"auth_scheme": "token", "token_ref": "GT",
"role": "git-insteadof"},
]))
self.assertEqual(2, out.count("insteadOf"))
self.assertIn("gitea.dideric.is/", out)
self.assertIn("gitea.example.com/", out)
self.assertIn("github.com", out)
self.assertIn("gitea.example.com", out)
def test_github_suppressed_when_git_gate_covers_host(self):
def test_suppressed_when_git_gate_covers_host(self):
# When bottle.git brokers github.com over SSH, git-gate is the
# canonical git path. The cred-proxy https://github.com/
# rewrite would let the agent push over HTTPS — bypassing
# gitleaks. Suppress it.
out = render_cred_proxy_gitconfig(
_upstreams([{"Kind": "github", "TokenRef": "GH"}]),
_upstreams([
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "GH",
"role": "git-insteadof"},
]),
{"github.com"},
)
self.assertEqual("", out)
def test_gitea_suppressed_when_git_gate_covers_host(self):
out = render_cred_proxy_gitconfig(
_upstreams([{"Kind": "gitea", "TokenRef": "T",
"Url": "https://gitea.dideric.is"}]),
{"gitea.dideric.is"},
)
self.assertEqual("", out)
def test_partial_suppression_keeps_other_giteas(self):
# Two gitea instances; git-gate brokers one. The other still
# gets the cred-proxy rewrite.
def test_partial_suppression_keeps_other_hosts(self):
out = render_cred_proxy_gitconfig(
_upstreams([
{"Kind": "gitea", "TokenRef": "T1",
"Url": "https://gitea.dideric.is"},
{"Kind": "gitea", "TokenRef": "T2",
"Url": "https://gitea.example.com"},
{"path": "/gitea/a/", "upstream": "https://gitea.dideric.is",
"auth_scheme": "token", "token_ref": "T1",
"role": "git-insteadof"},
{"path": "/gitea/b/", "upstream": "https://gitea.example.com",
"auth_scheme": "token", "token_ref": "T2",
"role": "git-insteadof"},
]),
{"gitea.dideric.is"},
)
@@ -119,24 +122,39 @@ class TestRenderGitconfig(unittest.TestCase):
class TestRenderTeaConfig(unittest.TestCase):
def test_empty_when_no_gitea(self):
def test_empty_when_no_role(self):
self.assertEqual("", render_tea_config(_upstreams([
{"Kind": "github", "TokenRef": "G"},
{"path": "/gh-git/", "upstream": "https://github.com",
"auth_scheme": "Bearer", "token_ref": "G"},
])))
def test_single_gitea_login_block(self):
def test_single_login_block(self):
out = render_tea_config(_upstreams([
{"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
"Url": "https://gitea.dideric.is"},
{"path": "/gitea/dideric/", "upstream": "https://gitea.dideric.is",
"auth_scheme": "token", "token_ref": "GITEA",
"role": "tea-login"},
]))
self.assertIn("logins:", out)
# Login name comes from the upstream host, not the path —
# the path may not encode the host.
self.assertIn("- name: gitea.dideric.is", out)
self.assertIn("url: http://cred-proxy:9099/gitea/gitea.dideric.is/", out)
# Placeholder token, not the host env var name (which is not a
# secret but also not useful) or the real value (which the
# provisioner does not have).
self.assertIn("url: http://cred-proxy:9099/gitea/dideric/", out)
self.assertIn("token: cred-proxy-placeholder", out)
self.assertNotIn("GITEA_TOKEN", out)
self.assertNotIn("GITEA", out)
class TestCombinedRoles(unittest.TestCase):
"""A single gitea route typically carries both `git-insteadof`
and `tea-login` the renderers should each fire independently."""
def test_gitea_route_fires_both_renderers(self):
routes = _upstreams([
{"path": "/gitea/x/", "upstream": "https://gitea.example.com",
"auth_scheme": "token", "token_ref": "T",
"role": ["git-insteadof", "tea-login"]},
])
self.assertIn("insteadOf", render_cred_proxy_gitconfig(routes))
self.assertIn("logins:", render_tea_config(routes))
if __name__ == "__main__":