refactor(cred_proxy): flat routes, role-driven provisioning (PRD 0010)

Replace bottle.tokens (with Kind enum and hardcoded per-kind route/auth tables) with bottle.cred_proxy.routes — each route declares its own path, upstream, auth_scheme, token_ref, and optional role[]. The manifest is now the source of truth for the proxy's runtime route table; adding an upstream is a manifest edit, not a code change. Agent-side rewrites move from per-kind dispatch to per-role tags on routes: anthropic-base-url -> set ANTHROPIC_BASE_URL=<proxy><path> npm-registry -> write ~/.npmrc registry= git-insteadof -> write ~/.gitconfig [url] insteadOf, keyed off route.upstream (suppressed when bottle.git brokers the same host) tea-login -> add a ~/.config/tea/config.yml login Roles are a list (string accepted as sugar). A gitea route typically carries ["git-insteadof", "tea-login"]. Singleton roles (anthropic-base-url, npm-registry) appear on at most one route. token_env slots are assigned per distinct TokenRef in declaration order — two routes sharing a token_ref (e.g. github API + git endpoints) share a slot. Drops: TOKEN_KINDS, _KIND_ROUTES, _KIND_AUTH_SCHEME, _TOKEN_DEFAULT_HOST, cred_proxy_route_path_for_gitea, the kind field on CredProxyUpstream, and the kind-based hardcoding in pipelock_token_hosts (now derives from route.UpstreamHost). Legacy bottle.tokens manifests now die with a hint pointing at bottle.cred_proxy.routes + this PRD. Tests rewritten end-to-end. Docs + example.json + the dev ~/claude-bottle.json updated to match.
2026-05-13 21:49:55 -04:00
parent 27b2d78b11
commit fcbbc4484d
15 changed files with 798 additions and 695 deletions
@@ -14,79 +14,77 @@ from claude_bottle.log import Die
 from claude_bottle.manifest import Manifest


-def _bottle(tokens):
+def _bottle(routes):
    return Manifest.from_json_obj({
-        "bottles": {"dev": {"tokens": tokens}},
+        "bottles": {"dev": {"cred_proxy": {"routes": routes}}},
        "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
    }).bottles["dev"]


 class TestUpstreamLift(unittest.TestCase):
-    def test_anthropic_yields_one_route(self):
-        b = _bottle([{"Kind": "anthropic", "TokenRef": "CLAUDE_BOTTLE_OAUTH_TOKEN"}])
+    def test_single_route_yields_single_upstream(self):
+        b = _bottle([
+            {"path": "/anthropic/", "upstream": "https://api.anthropic.com",
+             "auth_scheme": "Bearer", "token_ref": "CLAUDE_BOTTLE_OAUTH_TOKEN",
+             "role": "anthropic-base-url"},
+        ])
        upstreams = cred_proxy_upstreams_for_bottle(b)
        self.assertEqual(1, len(upstreams))
        u = upstreams[0]
-        self.assertEqual("anthropic", u.kind)
        self.assertEqual("/anthropic/", u.path)
        self.assertEqual("https://api.anthropic.com", u.upstream)
        self.assertEqual("Bearer", u.auth_scheme)
        self.assertEqual("CRED_PROXY_TOKEN_0", u.token_env)
        self.assertEqual("CLAUDE_BOTTLE_OAUTH_TOKEN", u.token_ref)
+        self.assertEqual(("anthropic-base-url",), u.roles)

-    def test_github_yields_two_routes_sharing_token_env(self):
-        b = _bottle([{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}])
+    def test_shared_token_ref_collapses_to_one_slot(self):
+        # Two github routes share GH_PAT — they share token_env.
+        b = _bottle([
+            {"path": "/gh-api/", "upstream": "https://api.github.com",
+             "auth_scheme": "Bearer", "token_ref": "GH_PAT"},
+            {"path": "/gh-git/", "upstream": "https://github.com",
+             "auth_scheme": "Bearer", "token_ref": "GH_PAT",
+             "role": "git-insteadof"},
+        ])
        upstreams = cred_proxy_upstreams_for_bottle(b)
        self.assertEqual(2, len(upstreams))
-        paths = [u.path for u in upstreams]
-        self.assertIn("/gh-api/", paths)
-        self.assertIn("/gh-git/", paths)
-        self.assertEqual({"CRED_PROXY_TOKEN_0"}, {u.token_env for u in upstreams})
-        for u in upstreams:
-            self.assertEqual("Bearer", u.auth_scheme)
-            self.assertEqual("GITHUB_TOKEN", u.token_ref)
+        self.assertEqual({"CRED_PROXY_TOKEN_0"},
+                         {u.token_env for u in upstreams})

-    def test_gitea_uses_token_scheme_and_host_path(self):
+    def test_distinct_token_refs_get_distinct_slots(self):
        b = _bottle([
-            {"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
-             "Url": "https://gitea.dideric.is"},
-        ])
-        u = cred_proxy_upstreams_for_bottle(b)[0]
-        self.assertEqual("/gitea/gitea.dideric.is/", u.path)
-        self.assertEqual("https://gitea.dideric.is", u.upstream)
-        self.assertEqual("token", u.auth_scheme)
-
-    def test_gitea_url_trailing_slash_stripped(self):
-        b = _bottle([
-            {"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
-             "Url": "https://gitea.dideric.is/"},
-        ])
-        u = cred_proxy_upstreams_for_bottle(b)[0]
-        self.assertEqual("https://gitea.dideric.is", u.upstream)
-
-    def test_npm_yields_one_route(self):
-        b = _bottle([{"Kind": "npm", "TokenRef": "NPM_TOKEN"}])
-        u = cred_proxy_upstreams_for_bottle(b)[0]
-        self.assertEqual("/npm/", u.path)
-        self.assertEqual("https://registry.npmjs.org", u.upstream)
-
-    def test_four_kinds_get_distinct_token_envs(self):
-        b = _bottle([
-            {"Kind": "anthropic", "TokenRef": "A"},
-            {"Kind": "github", "TokenRef": "G"},
-            {"Kind": "gitea", "TokenRef": "T",
-             "Url": "https://gitea.dideric.is"},
-            {"Kind": "npm", "TokenRef": "N"},
+            {"path": "/a/", "upstream": "https://a.example",
+             "auth_scheme": "Bearer", "token_ref": "T1"},
+            {"path": "/b/", "upstream": "https://b.example",
+             "auth_scheme": "Bearer", "token_ref": "T2"},
+            {"path": "/c/", "upstream": "https://c.example",
+             "auth_scheme": "Bearer", "token_ref": "T1"},
        ])
        upstreams = cred_proxy_upstreams_for_bottle(b)
-        # 1 anthropic + 2 github + 1 gitea + 1 npm = 5 routes
-        self.assertEqual(5, len(upstreams))
-        # github shares one token_env across its two routes -> 4 distinct
-        envs = {u.token_env for u in upstreams}
-        self.assertEqual({"CRED_PROXY_TOKEN_0", "CRED_PROXY_TOKEN_1",
-                          "CRED_PROXY_TOKEN_2", "CRED_PROXY_TOKEN_3"}, envs)
+        # T1 -> slot 0, T2 -> slot 1, T1 reuses slot 0.
+        self.assertEqual("CRED_PROXY_TOKEN_0", upstreams[0].token_env)
+        self.assertEqual("CRED_PROXY_TOKEN_1", upstreams[1].token_env)
+        self.assertEqual("CRED_PROXY_TOKEN_0", upstreams[2].token_env)

-    def test_empty_tokens_yields_empty_upstreams(self):
+    def test_upstream_trailing_slash_stripped(self):
+        b = _bottle([
+            {"path": "/x/", "upstream": "https://gitea.dideric.is/",
+             "auth_scheme": "token", "token_ref": "T"},
+        ])
+        self.assertEqual("https://gitea.dideric.is",
+                         cred_proxy_upstreams_for_bottle(b)[0].upstream)
+
+    def test_roles_list_passes_through(self):
+        b = _bottle([
+            {"path": "/gitea/x/", "upstream": "https://gitea.example.com",
+             "auth_scheme": "token", "token_ref": "T",
+             "role": ["git-insteadof", "tea-login"]},
+        ])
+        self.assertEqual(("git-insteadof", "tea-login"),
+                         cred_proxy_upstreams_for_bottle(b)[0].roles)
+
+    def test_empty_routes_yields_empty_upstreams(self):
        b = _bottle([])
        self.assertEqual((), cred_proxy_upstreams_for_bottle(b))

@@ -94,43 +92,48 @@ class TestUpstreamLift(unittest.TestCase):
 class TestTokenEnvMap(unittest.TestCase):
    def test_distinct_envs_yield_full_map(self):
        b = _bottle([
-            {"Kind": "anthropic", "TokenRef": "A"},
-            {"Kind": "github", "TokenRef": "G"},
+            {"path": "/a/", "upstream": "https://a.example",
+             "auth_scheme": "Bearer", "token_ref": "A"},
+            {"path": "/b/", "upstream": "https://b.example",
+             "auth_scheme": "Bearer", "token_ref": "B"},
        ])
        m = cred_proxy_token_env_map(cred_proxy_upstreams_for_bottle(b))
        self.assertEqual({"CRED_PROXY_TOKEN_0": "A",
-                          "CRED_PROXY_TOKEN_1": "G"}, m)
+                          "CRED_PROXY_TOKEN_1": "B"}, m)

-    def test_github_two_routes_coalesce_to_one_env(self):
-        b = _bottle([{"Kind": "github", "TokenRef": "G"}])
+    def test_shared_token_ref_yields_one_env(self):
+        b = _bottle([
+            {"path": "/gh-api/", "upstream": "https://api.github.com",
+             "auth_scheme": "Bearer", "token_ref": "GH"},
+            {"path": "/gh-git/", "upstream": "https://github.com",
+             "auth_scheme": "Bearer", "token_ref": "GH"},
+        ])
        m = cred_proxy_token_env_map(cred_proxy_upstreams_for_bottle(b))
-        self.assertEqual({"CRED_PROXY_TOKEN_0": "G"}, m)
+        self.assertEqual({"CRED_PROXY_TOKEN_0": "GH"}, m)


 class TestRoutesRender(unittest.TestCase):
    def test_renders_json_with_expected_shape(self):
        b = _bottle([
-            {"Kind": "anthropic", "TokenRef": "CLAUDE_BOTTLE_OAUTH_TOKEN"},
-            {"Kind": "gitea", "TokenRef": "GITEA_TOKEN",
-             "Url": "https://gitea.dideric.is"},
+            {"path": "/anthropic/", "upstream": "https://api.anthropic.com",
+             "auth_scheme": "Bearer", "token_ref": "CLAUDE_BOTTLE_OAUTH_TOKEN"},
+            {"path": "/gitea/x/", "upstream": "https://gitea.dideric.is",
+             "auth_scheme": "token", "token_ref": "GITEA_TOKEN"},
        ])
        rendered = cred_proxy_render_routes(cred_proxy_upstreams_for_bottle(b))
        payload = json.loads(rendered)
        self.assertEqual(["routes"], list(payload.keys()))
        self.assertEqual(2, len(payload["routes"]))
-        anthropic = payload["routes"][0]
+        first = payload["routes"][0]
        self.assertEqual({"path", "upstream", "auth_scheme", "token_env"},
-                         set(anthropic.keys()))
-        self.assertEqual("/anthropic/", anthropic["path"])
-        self.assertEqual("https://api.anthropic.com", anthropic["upstream"])
-        self.assertEqual("Bearer", anthropic["auth_scheme"])
-        self.assertEqual("CRED_PROXY_TOKEN_0", anthropic["token_env"])
+                         set(first.keys()))

    def test_routes_carry_no_token_values_or_host_env_names(self):
        # routes.json lives mode-600 in the staging dir and gets
        # docker cp'd into the sidecar — it must not leak secret values
-        # or even the host-side TokenRef name.
-        b = _bottle([{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}])
+        # or the host-side TokenRef name.
+        b = _bottle([{"path": "/x/", "upstream": "https://x.example",
+                      "auth_scheme": "Bearer", "token_ref": "GITHUB_TOKEN"}])
        rendered = cred_proxy_render_routes(cred_proxy_upstreams_for_bottle(b))
        self.assertNotIn("GITHUB_TOKEN", rendered)

@@ -173,7 +176,13 @@ class TestCredProxyPrepare(unittest.TestCase):
            def start(self, plan): return ""
            def stop(self, target): return None

-        b = _bottle([{"Kind": "github", "TokenRef": "GITHUB_TOKEN"}])
+        b = _bottle([
+            {"path": "/gh-api/", "upstream": "https://api.github.com",
+             "auth_scheme": "Bearer", "token_ref": "GITHUB_TOKEN"},
+            {"path": "/gh-git/", "upstream": "https://github.com",
+             "auth_scheme": "Bearer", "token_ref": "GITHUB_TOKEN",
+             "role": "git-insteadof"},
+        ])
        with tempfile.TemporaryDirectory() as td:
            stage = Path(td)
            plan = StubCredProxy().prepare(b, "test-slug", stage)