Commit Graph

463 Commits

Author SHA1 Message Date
didericis-claude 61740cdb6a fix(git-gate): accept any key type from ssh-keyscan, prefer ed25519
lint / lint (push) Successful in 2m0s
test / unit (pull_request) Successful in 53s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 1m6s
Servers that don't offer ed25519 (ecdsa-only or rsa-only gitea
instances) would raise "ssh-keyscan returned no ed25519 key" because
`-t ed25519` produced no output.

Remove the `-t ed25519` restriction: ssh-keyscan now returns all
supported key types and the function picks the best available via
_KEY_TYPE_PREFERENCE (ed25519 > ecdsa > rsa > first).

Also adds four new fetch_host_key tests covering multi-type preference
logic and updates the stale "no ed25519 key" assertion.
2026-07-09 16:45:47 +00:00
didericis-claude f9662c88a5 fix: pyright errors in test file, bump pyright floor to 1.1.411
lint / lint (push) Successful in 2m10s
test / unit (pull_request) Successful in 56s
test / integration (pull_request) Successful in 17s
test / coverage (pull_request) Successful in 1m10s
- Remove unused `import dataclasses` and stray `die as real_die` import
- Replace lambda side_effect callbacks with list side_effect; lambdas
  with untyped parameters trigger reportUnknownLambdaType in pyright
  >=1.1.400 — side_effect=[...] is both cleaner and type-safe
- Bump pyright floor from >=1.1.300 to >=1.1.411 in requirements-dev.txt
  so CI installs a version that matches what the lint job runs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-09 16:11:14 +00:00
didericis-claude e89dffa899 fix: pyright/pylint clean-up and 100% branch coverage
lint / lint (push) Failing after 2m17s
test / unit (pull_request) Successful in 1m5s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m12s
- Remove unused ManifestBottle/ManifestGitEntry imports
- Add check=False to subprocess.run (pylint subprocess-run-check)
- Add `from e` to TimeoutExpired re-raise (raise-missing-from)
- Catch UnicodeDecodeError alongside OSError/YamlSubsetError in
  _find_and_update_bottle_file
- Add 14 new test cases covering: malformed ssh-keyscan output lines,
  stderr in error messages, blank lines inside frontmatter blocks,
  repo entry with no children (child_indent fallback), missing closing
  `---` delimiter, files without git-gate section, non-dict repos
  section, invalid UTF-8 files, unreadable files, update producing no
  text change, _prompt_tty TTY read and stdin fallback, fetch failure
  in preflight, and the "persist failed / kept in memory" warning path

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-09 16:03:39 +00:00
didericis-claude 21d03b7cc9 feat: preflight git-gate host key population
lint / lint (push) Failing after 2m3s
test / unit (pull_request) Successful in 1m3s
test / integration (pull_request) Successful in 22s
test / coverage (pull_request) Failing after 1m11s
When a git-gate repo entry has no host_key configured, the prepare step
now either errors (headless) or fetches the key via ssh-keyscan, shows
it to the operator for confirmation, and optionally persists it to the
bottle config .md file on disk.

Closes #333

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-09 15:51:50 +00:00
didericis b765f87fb5 test(smolmachines): verify Linux sandbox escape gate + fix platform check
lint / lint (push) Successful in 1m57s
test / unit (push) Successful in 56s
test / integration (push) Successful in 18s
test / coverage (push) Successful in 1m6s
Update Quality Badges / update-badges (push) Successful in 1m0s
Empirical verification on NixOS/Linux with /dev/kvm + smolvm 1.4.7:

  1. DB path confirmed: ~/.local/share/smolvm/server/smolvm.db exists,
     schema matches (vms table, data BLOB with allowed_cidrs JSON field).

  2. smolvm 1.4.7 still silently drops --allow-cidr with --from
     (allowed_cidrs=None in DB after create). force_allowlist patch
     is still necessary and correct.

  3. All 5 sandbox-escape attacks blocked with BOT_BOTTLE_BACKEND=smolmachines
     on Linux: hostname/IP allowlist, HTTP DLP, DNS exfil, git-gate gitleaks.

Changes:
- test_sandbox_escape: remove darwin-only guard; allow linux too
- contrib/claude/Dockerfile: add dnsutils (dig) for attack 4 DNS test

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-09 00:54:50 -04:00
didericis 36e62cd7e8 test: add unit tests to pass diff-coverage gate (91%)
test / unit (pull_request) Successful in 57s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 1m4s
lint / lint (push) Successful in 1m56s
prd-number / assign-numbers (push) Successful in 19s
test / unit (push) Successful in 1m0s
test / integration (push) Successful in 19s
test / coverage (push) Successful in 1m5s
Update Quality Badges / update-badges (push) Failing after 59s
Cover the new production lines added on this branch:

- cli/__init__: MissingEnvVarError maps to return 1
- cli/start: no-agents-defined path, prepare_with_preflight calls
  render_preflight, _text_render_preflight backend name output
- env: resolve_env raises MissingEnvVarError for missing interpolated var
- smolmachines/launch: _proxy_host Linux/non-Linux branches,
  _discover_urls git-gate host and supervise URL stamping

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-09 00:19:24 -04:00
didericis 70e58f1333 test: fix test_cache_miss and remove unused re import
lint / lint (push) Successful in 2m8s
test / unit (pull_request) Successful in 1m1s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Failing after 1m6s
- test_smolmachines_launch_image: save mock now touches the tarball path
  so tarball.chmod(0o644) doesn't fail with FileNotFoundError
- test_smolmachines_launch (integration): remove unused `re` import
  (pyright reportUnusedImport)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-09 00:03:00 -04:00
didericis 3703b6f59f test: fix unit test failures after main rebase
lint / lint (push) Failing after 1m58s
test / unit (pull_request) Failing after 57s
test / integration (pull_request) Successful in 18s
test / coverage (pull_request) Failing after 56s
- test_egress: expect MissingEnvVarError instead of Die for missing/empty token refs
- test_git_gate, test_git_gate_render_provision: expect MissingEnvVarError instead of RuntimeError for missing forge token
- test_smolmachines_provision: handle 2 exec calls (mkdir -p + chmod/update-ca-certificates) in provision_ca
- test_smolmachines_smolvm: update machine create/delete argv assertions to --name flag form (smolvm 1.4.7+)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-08 23:46:47 -04:00
didericis c5b9f05467 fix(smolmachines): use bridge gateway as TSI proxy host on Linux
On Linux the guest kernel's LOCAL routing table routes all
127.0.0.0/8 to the guest's own loopback interface (priority 0,
checked before any main-table route), so TSI never sees
connections to the per-bottle loopback alias — the fix_guest_
loopback_routing approach confirmed this at the kernel level.

Use the per-bottle docker bridge gateway (192.168.N.1) instead.
It is not a loopback address, so the guest routes it via eth0
and TSI intercepts it normally.  The TSI allowlist remains a
/32 that is distinct from the container IP (192.168.N.2), so
direct bypass to egress:9099 is still blocked by TSI.

Changes:
- Add _proxy_host() helper: returns bundle_gateway on Linux,
  loopback alias on macOS
- Thread proxy_host through _start_bundle, _discover_urls,
  _launch_vm, and _bundle_launch_spec (publish_host_ip)
- Remove _fix_guest_loopback_routing (no longer needed)
- Relax proxy-URL assertion in the integration test to accept
  any http://IP:port (with a comment explaining the difference)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-08 22:01:58 -04:00
didericis-codex 09a2329f31 test(smolmachines): annotate pyright test helpers 2026-07-08 22:01:35 -04:00
didericis 03c89dae81 feat(smolmachines): run backend on Linux
Port the smolmachines backend so BOT_BOTTLE_BACKEND=smolmachines
works on Linux (KVM), not just macOS:

- Preflight gates /dev/kvm presence + accessibility on Linux with
  actionable remediation (kvm module, kvm group).
- smolvm state-DB path is platform-derived (XDG on Linux).
- force_allowlist runs on both platforms and is fail-closed: it
  verifies the persisted TSI allowlist and dies rather than booting
  a VM whose egress confinement it can't confirm. Previously it
  no-oped on Linux, failing OPEN.
- allocate() does per-bottle 127.0.0.<N> scoping on Linux too (no
  ifconfig needed — all of 127/8 is already loopback); only
  ensure_pool's lo0 aliasing stays macOS-only.
- README documents Linux + NixOS host setup.

Linux/KVM integration (the sandbox-escape acceptance gate) is
pending verification on a NixOS host; unit tests cover the new
platform branches.

Issue: #283

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-07-08 22:01:35 -04:00
didericis 76fdefded3 fix: repair codex resume paths
lint / lint (push) Successful in 1m55s
test / unit (push) Successful in 57s
test / integration (push) Successful in 19s
test / coverage (push) Successful in 1m6s
Update Quality Badges / update-badges (push) Successful in 1m1s
2026-07-08 12:38:15 -04:00
didericis 1085a2280d fix(macos_container): mount supervise db's parent dir, not the file
lint / lint (push) Successful in 1m55s
test / unit (push) Successful in 59s
test / integration (push) Successful in 19s
test / coverage (push) Successful in 1m8s
Update Quality Badges / update-badges (push) Successful in 57s
Apple's `container run --mount type=bind` only accepts directory
sources — a file source fails with "path '<file>' is not a
directory". Move the sqlite db into its own ~/.bot-bottle/db/
subdirectory so it can be bind-mounted the same way the CA/routes
mounts already are, without exposing the rest of ~/.bot-bottle.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-06 15:48:36 -04:00
didericis-claude 142974a4b8 refactor: rename check_migrations → is_migrated
test / unit (pull_request) Successful in 58s
test / integration (pull_request) Successful in 18s
test / coverage (pull_request) Successful in 1m6s
lint / lint (push) Successful in 1m55s
prd-number / assign-numbers (push) Successful in 16s
test / unit (push) Successful in 54s
test / integration (push) Successful in 19s
test / coverage (push) Successful in 1m6s
Update Quality Badges / update-badges (push) Successful in 1m2s
Boolean-returning methods should read as predicates.
Renames DbStore.check_migrations, StoreManager.check_migrations,
and the test patch accordingly.
2026-07-06 19:19:49 +00:00
didericis-claude 9fb83ef1b0 refactor: rename _supervise_types → supervise_types (treat as public)
lint / lint (push) Successful in 2m1s
test / unit (pull_request) Successful in 56s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m6s
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-06 18:53:53 +00:00
didericis-claude e7e8c7fdb4 refactor: extract supervise types to _supervise_types, eliminate get_supervise_mod()
Proposal, Response, AuditEntry, host_db_path, bot_bottle_root, and their
shared constants/helpers are moved to a new _supervise_types.py module.
queue_store and audit_store now import these directly instead of deferring
through get_supervise_mod() at call time.

host_db_path() in _supervise_types uses sys.modules[__name__].bot_bottle_root()
so monkey-patches on _supervise_types.bot_bottle_root propagate through it.
supervise.host_db_path() is re-defined to call bot_bottle_root() through
supervise's own globals, preserving patchability for callers that go through
the supervise module.

Test fixtures that create stores without an explicit db_path now patch
_sv_types.bot_bottle_root alongside supervise.bot_bottle_root. The server
test patches both flat and package _supervise_types since handle_tools_call
runs in the package context while the responder thread uses the flat module.

Dockerfile.sidecars gets a COPY for _supervise_types.py so the sidecar
bundle retains its flat import chain.

Follow-up to issuecomment-2872 on PR #320.
2026-07-06 18:53:25 +00:00
didericis-claude ed8fbfdfa8 feat: add StoreManager singleton for centralized store migration
lint / lint (push) Successful in 1m59s
test / unit (pull_request) Successful in 58s
test / integration (pull_request) Successful in 19s
test / coverage (pull_request) Failing after 1m3s
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-06 18:52:01 +00:00
didericis-claude 5fcca2060f feat(db_store): decouple migration from store construction
lint / lint (push) Failing after 2m4s
test / unit (pull_request) Successful in 1m2s
test / integration (pull_request) Successful in 18s
test / coverage (pull_request) Failing after 1m9s
Remove auto-migration from DbStore.__init__; add explicit check_migrations()
and migrate() methods. The CLI now checks both stores on every startup and
prompts the user to confirm before migrating. supervise.prepare() calls
.migrate() directly now that __init__ no longer does it implicitly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-06 17:16:18 +00:00
didericis-claude 5f0fc0d540 test: cover QueueStore/AuditStore guard branches and supervise bundle spec
lint / lint (push) Successful in 1m57s
test / unit (pull_request) Successful in 52s
test / integration (pull_request) Successful in 19s
test / coverage (pull_request) Successful in 1m2s
Add 8 tests covering the branches that were keeping diff-coverage below
90%: explicit db_path constructor arg, early-return guards when the DB
file is absent, _chmod OSError swallowing in both store classes, and the
supervise volume/env/daemon path in _bundle_launch_spec.

Diff-coverage rises from 89.2% to 94.6% (176/186 changed lines).
2026-07-02 02:59:26 +00:00
didericis-claude 244ad6a914 refactor: extract QueueStore and AuditStore to their own modules
lint / lint (push) Successful in 2m2s
test / unit (pull_request) Successful in 56s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Failing after 59s
Moves _QueueStore → bot_bottle/queue_store.py (public QueueStore) and
_AuditStore → bot_bottle/audit_store.py (public AuditStore). Removes
the public queue_db_path() function; QueueStore resolves the DB path
via host_db_path() on the host, or via the SUPERVISE_DB_PATH env var
in the sidecar container (internal mechanism, not public API).

Adds queue_store.py and audit_store.py to Dockerfile.sidecars so the
sidecar bundle picks them up. Updates __all__ in supervise.py.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-01 21:45:08 +00:00
didericis-codex 29904609da fix(supervise): remove queue directory from db-backed flow
lint / lint (push) Successful in 2m4s
test / unit (pull_request) Successful in 59s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m10s
2026-07-01 19:50:38 +00:00
didericis-codex 3067b067d2 fix(supervise): store queue rows in host sqlite db
lint / lint (push) Successful in 2m5s
test / unit (pull_request) Successful in 58s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m2s
2026-07-01 19:33:43 +00:00
didericis-codex f1b8bbdfa1 test(supervise): update edge cases for sqlite storage
lint / lint (push) Successful in 1m55s
test / unit (pull_request) Successful in 53s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m10s
2026-07-01 16:57:45 +00:00
didericis-codex 08918f9a8a feat(supervise): store queue and audit data in sqlite
lint / lint (push) Failing after 1m53s
test / unit (pull_request) Failing after 45s
test / integration (pull_request) Successful in 17s
test / coverage (pull_request) Failing after 50s
2026-07-01 16:56:23 +00:00
didericis 2f5cf81cf5 fix(git-gate): defer dynamic key provisioning
lint / lint (push) Successful in 1m59s
test / unit (push) Successful in 49s
test / integration (push) Successful in 23s
test / coverage (push) Successful in 1m0s
Update Quality Badges / update-badges (push) Successful in 53s
2026-07-01 12:45:46 -04:00
didericis b93fe58523 feat(cli): add headless launch mode for orchestrators
test / unit (pull_request) Successful in 47s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 1m4s
lint / lint (push) Successful in 2m0s
test / unit (push) Successful in 48s
test / integration (push) Successful in 18s
test / coverage (push) Successful in 57s
Update Quality Badges / update-badges (push) Successful in 57s
`--headless` is a non-interactive launch path for `cli.py start`:
agent, bottles, label, and color come from flags + manifest defaults
with no TUI selectors and no y/N preflight (auto-confirmed via a new
`assume_yes` param threaded into the shared `_launch_bottle` core).

- `--bottle` (repeatable) defaults to the agent's own `bottle:`;
  `--label` defaults to the agent name and auto-uniquifies on slug
  collision; `--color` defaults to none.
- `--prompt TEXT` is required in headless mode and is delivered to the
  agent via a new `headless_prompt(prompt)` method on `AgentProvider`,
  implemented for claude (`-p`), codex (positional), and pi (`-p`).
- The agent still execs on inherited stdio/PTY, so whatever allocates
  the PTY drives the live session; only the launch chrome is headless.
- `--headless --dry-run` previews the resolved plan without launching.

Adds unit coverage in tests/unit/test_cli_start_headless.py and
headless_prompt tests for each provider. Also stubs headless_prompt on
the in-test AgentProvider subclasses so the unit suite collects cleanly.

Closes #315.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01WL77TgFxKbs3cidGMG9dz7
2026-06-30 15:08:14 -04:00
didericis 94eca35b4f fix(skills): validate skill names and quote provisioning paths
test / unit (push) Successful in 55s
test / integration (push) Successful in 23s
test / coverage (push) Successful in 1m11s
Update Quality Badges / update-badges (push) Successful in 1m3s
lint / lint (push) Successful in 2m18s
Skill names become host/guest path segments interpolated into the
`bottle.exec` shell strings in each contrib provider's provision_skills.
They were validated only as strings, so a name with shell metacharacters
or path traversal could reach the command.

Layer two defenses:
  - Primary: reject any skill name that isn't kebab-case
    ([a-z][a-z0-9-]*) at manifest load, reusing the convention already
    enforced on bottle/agent filenames (new is_valid_entity_name helper
    in manifest_schema). Fails loud and early, protecting every consumer
    of the name — not just the exec call sites.
  - Failsafe: shlex.quote the interpolated skills_dir / dst paths in the
    claude, codex, and pi providers, so a future unvalidated field can't
    inject shell metacharacters even if it bypasses the load-time check.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-27 02:15:30 -04:00
didericis b7f5f6439e perf(dlp): linearize injection proximity check; bound variant cache; dedup supervise schema
lint / lint (push) Successful in 2m21s
test / unit (pull_request) Successful in 1m1s
test / integration (pull_request) Successful in 27s
test / coverage (pull_request) Successful in 1m15s
- dlp_detectors._closest_pair: replace the O(n*m) cross product with an
  O(n log n) sort + O(n) two-pointer merge, and early-out once a pair
  falls within the proximity threshold. The inputs are attacker-controlled
  response-body matches past the body-size cap, so the quadratic form was a
  latent DoS. Extract _match_gap to share the span-gap calc with the caller.
- dlp_detectors._compute_encoded_variants: back the memo with a bounded
  functools.lru_cache instead of an unbounded module dict, so a long-lived
  proxy seeing rotating secrets evicts rather than growing without limit.
- supervise_server: extract the duplicated routes.yaml inputSchema into
  _proposal_input_schema()/_ROUTES_YAML_DESCRIPTION so the egress-allow and
  egress-block tools can't drift.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-26 23:22:18 -04:00
didericis 0bb47bd754 perf(dlp): memoize encoded variants and linearize partial-window scan
Two per-request hot-path costs in the egress DLP scanner:

- `_encoded_variants` derived the full variant set (gzip + nine
  encodings) for every provisioned secret on every redaction and
  known-secret scan — once per host, path, header, and body. Cache it
  per distinct secret; callers still get a fresh list so they can't
  corrupt the shared cached tuple.
- `_find_partial_window` searched the text once per secret n-gram,
  giving O(len(secret) * len(text)). Build the secret's n-gram set once
  and sweep the text a single time: O(len(text)), no coverage loss.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-26 22:53:27 -04:00
didericis 33fe8d2c7a refactor(git-gate): split git_gate.py into render / provision / control
lint / lint (push) Successful in 2m18s
test / unit (push) Successful in 56s
test / integration (push) Successful in 24s
test / coverage (push) Successful in 1m8s
Update Quality Badges / update-badges (push) Failing after 2m18s
git_gate.py (699 LOC) mixed three responsibilities. Split into:

- git_gate_render.py — pure host-side rendering: the gate constants,
  GitGateUpstream, gitconfig/known-hosts rendering, and the entrypoint /
  pre-receive / access-hook script builders.
- git_gate_provision.py — the gitea deploy-key lifecycle
  (_provision_dynamic_key / revoke / _resolve_identity_file).
- git_gate.py — the GitGate ABC + GitGatePlan, now 169 LOC, re-exporting
  all moved names (see __all__) so the 19 importers are unchanged.

Host-side only (not flat-bundled), so no sidecar import shim. The one
test that patched the internal `_provision_dynamic_key` lookup is
repointed to its new module (public API unchanged). The two new modules
are added to scripts/critical-modules.txt so the decompose doesn't move
security code out of the measured core — critical aggregate stays 95%
(git_gate 100%, render 100%, provision 97%).

Closes #303

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-26 21:19:47 -04:00
didericis 0db76b877a test(manifest): cover lazy (on-disk) loader branches
lint / lint (push) Successful in 2m25s
test / unit (push) Successful in 59s
test / integration (push) Successful in 28s
test / coverage (push) Successful in 1m14s
Update Quality Badges / update-badges (push) Failing after 2m22s
The eager from_json_obj path is unit-tested; the lazy resolve()/
from_md_dirs path was only hit by the integration suite, so a critical
module relied on Docker for branch coverage. Add tmp-dir tests driving:
all_agent_names with a cwd overlay, load_for_agent on unknown and
malformed-frontmatter agent files, and require_agent's names-only
file-existence checks (home + cwd).

manifest.py: 86% -> 99%. The one remaining line is the OSError branch on
an unreadable agent file (not reliably triggerable cross-environment).

Closes #304

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-26 21:19:27 -04:00
didericis 8006702ee7 test: isolate HOME for the unit suite (hermetic audit/queue/state)
test / unit (pull_request) Successful in 58s
test / integration (pull_request) Successful in 26s
test / coverage (pull_request) Successful in 1m13s
lint / lint (push) Successful in 2m22s
test / unit (push) Successful in 58s
test / integration (push) Successful in 26s
test / coverage (push) Successful in 1m17s
Update Quality Badges / update-badges (push) Successful in 2m24s
The unit suite could write to and flock the real ~/.bot-bottle: state,
queue, and audit dirs all derive from supervise.bot_bottle_root() ->
Path.home(). A test taking a flock on the real audit log blocks
indefinitely when a live bottle's supervise sidecar holds that lock
(observed: a `coverage run` hung at 0% CPU), and unisolated tests
otherwise pollute the developer's home dir.

Point HOME at a throwaway temp dir for the whole tests/unit package
(restored + cleaned at exit). Tests that set their own HOME now restore
to the isolated dir, not the real one; tests that patch bot_bottle_root
directly are unaffected.

Closes #302

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-26 20:35:47 -04:00
didericis 0a3832f0fb test(dlp): table-drive token-pattern detector cases
lint / lint (push) Successful in 2m14s
test / unit (push) Successful in 53s
test / integration (push) Successful in 26s
test / coverage (push) Successful in 1m15s
Update Quality Badges / update-badges (push) Failing after 2m11s
The token-pattern detector had 15 near-identical test methods across
`TestScanTokenPatterns` and `TestScanTokenPatternsExtended`, each
scanning a body carrying one synthetic token and asserting the reason
names the credential type.

Collapse them into a single `_TOKEN_PATTERN_CASES` table driven by
`subTest`, so adding a new token shape is a one-line row. Each case now
also asserts block severity (previously only the AWS case did).
`TestScanTokenPatternsExtended` is removed; its rows live in the table.
The non-matrix cases (clean text, location, context, reason) stay as
explicit methods. No production code change.

Closes #289

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-26 17:32:03 -04:00
didericis 8caa79ee76 test(supervise): ratchet supervise coverage to >=90%
test / unit (pull_request) Successful in 46s
test / integration (pull_request) Successful in 17s
test / coverage (pull_request) Successful in 58s
lint / lint (push) Successful in 2m22s
test / unit (push) Successful in 57s
test / integration (push) Successful in 28s
test / coverage (push) Successful in 1m17s
Update Quality Badges / update-badges (push) Failing after 2m8s
Sixth per-module ratchet under ADR 0004. Cover the queue/audit
malformed-input and fallback branches:

- path helpers (bot_bottle_root, queue_dir_for_slug,
  _id_from_proposal_filename non-match)
- read_proposal / read_response reject non-object JSON
- list_pending_proposals skips unreadable/non-dict/incomplete
  proposals and ones with a response already present
- wait_for_response tolerates a malformed or incomplete response file
  and then times out at the deadline
- read_audit_entries returns [] for a missing log and skips blank /
  non-JSON / non-dict / missing-field lines
- the fcntl flock helpers swallow OSError on a bad fd

supervise.py: 89% -> 99%. The one remaining line is an unreachable
`continue` (glob already guarantees the .proposal.json suffix).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 22:19:37 -04:00
didericis 74060192e0 test(manifest): ratchet manifest + manifest_agent to >=90%
test / unit (pull_request) Successful in 46s
test / integration (pull_request) Successful in 17s
test / coverage (pull_request) Successful in 56s
lint / lint (push) Successful in 2m24s
test / unit (push) Successful in 56s
test / integration (push) Successful in 27s
test / coverage (push) Successful in 1m17s
Update Quality Badges / update-badges (push) Failing after 2m11s
Fifth per-module ratchet under ADR 0004. Drive the validation
rejection and edge paths:

- ManifestBottle.from_dict: unknown key, non-string env value,
  non-bool supervise, removed `runtime` field.
- ManifestAgentProvider.from_dict: unknown key, empty template,
  non-string dockerfile, auth_token / forward_host_credentials
  template constraints.
- _parse_provider_settings: pass-through for non-built-in templates,
  startup_args shape, and the pi-specific string/int/bool/models/
  max_tokens_field/api-key-conflict checks.
- ManifestAgent.from_dict: bottle empty/undefined, skills shape, prompt
  type, agent-level git-gate.repos rejection, empty git-gate allowed.
- Eager ManifestIndex: empty bottles section, unknown-agent load,
  has_agent / require_agent, git_identity_summary (set and empty).

manifest_agent.py: 84% -> 99%; manifest.py: 86% -> 94%. Remaining
manifest.py misses are the lazy on-disk loader paths exercised by the
integration suite.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 22:15:07 -04:00
didericis 5365a7a852 test(git-gate): ratchet git_gate coverage to >=90%
test / unit (pull_request) Successful in 43s
test / integration (pull_request) Successful in 17s
test / coverage (pull_request) Successful in 58s
lint / lint (push) Successful in 2m20s
test / unit (push) Successful in 58s
test / integration (push) Successful in 20s
test / coverage (push) Successful in 1m16s
Update Quality Badges / update-badges (push) Failing after 2m4s
Fourth per-module ratchet under ADR 0004. Cover the pure
`git_gate_render_gitconfig` renderer (empty entries, insteadOf URL,
scheme override, RemoteKey ssh alias with/without non-default port,
newline-injection rejection) and the dynamic gitea deploy-key
lifecycle with the forge provisioner mocked:

- `_provision_dynamic_key`: writes key + key-id files, strips `.git`
  from owner/repo, builds the proposal title; missing token raises.
- `revoke_git_gate_provisioned_keys`: revokes a gitea key when the
  id-file is present, skips static-provider entries and missing
  id-files, raises on a missing token.

bot_bottle/git_gate.py: 70% -> 99% (unit only). Two remaining partial
branches are inner conditionals on the alias/owner-repo paths.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 22:11:19 -04:00
didericis f289b6382c test(egress): ratchet egress_addon_core coverage to >=90%
test / unit (pull_request) Successful in 44s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 57s
lint / lint (push) Successful in 2m17s
test / unit (push) Successful in 57s
test / integration (push) Successful in 28s
test / coverage (push) Successful in 1m17s
Update Quality Badges / update-badges (push) Failing after 2m8s
Third per-module ratchet under ADR 0004. Add a parsing/serialization
suite for the egress engine's core:

- route validation rejections: payload/route shape, host, auth pairing,
  git block, every matches sub-field (paths/methods/headers type +
  regex-compile + unknown-key), and the dlp block (detector type/name,
  outbound_on_match, unknown key)
- a full valid route round-trips; detectors:false disables
- parse_config log-level validation + load_config invalid-YAML
- route_to_yaml_dict: minimal/auth/git/dlp/matches with default-omission
- evaluate_matches: exact/prefix/regex paths, method filter, exact +
  regex header matching (match and non-match)

egress_addon_core.py: 84% -> 99%. The two remaining missed statements
are defensive guards (an unreachable separator-return and a
no-matching-path-type fallthrough).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 22:04:27 -04:00
didericis 3073230f58 test(yaml): ratchet yaml_subset coverage to >=90%
test / integration (pull_request) Successful in 16s
test / unit (pull_request) Successful in 45s
test / coverage (pull_request) Successful in 58s
lint / lint (push) Successful in 2m7s
test / unit (push) Successful in 54s
test / integration (push) Successful in 26s
test / coverage (push) Successful in 1m14s
Update Quality Badges / update-badges (push) Failing after 2m17s
Second per-module ratchet under ADR 0004. Add a branch-coverage suite
for the YAML-subset parser's reachable error/edge cases: literal `#`,
blank-line skipping, unterminated/empty/bad inline list+dict, quoted
commas in flow, missing `:` separators, non-bare keys, empty block ->
None, bare-dash nested lists, quoted-colon list scalars, nested/empty
list-item mappings, duplicate keys, document-level rejections
(block scalars, anchors, tags, non-column-0, top-level list), and
empty frontmatter.

yaml_subset.py: 82% -> 95%. The remaining misses are dead/defensive
guards (e.g. the unreachable bool branch, indent-mismatch raises that
the callers never trigger).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 22:00:17 -04:00
didericis 18059f2a78 test(egress): ratchet egress_addon coverage to >=90%
test / unit (pull_request) Successful in 44s
test / coverage (pull_request) Successful in 58s
test / integration (pull_request) Successful in 16s
lint / lint (push) Successful in 2m12s
test / unit (push) Successful in 59s
test / integration (push) Successful in 28s
test / coverage (push) Successful in 1m14s
Update Quality Badges / update-badges (push) Failing after 2m18s
First per-module ratchet under ADR 0004. Extend the adapter flow suite
to cover the remaining behavioural gaps:

- inbound response DLP: injection block (403), warn (logged, forwarded),
  and LOG_FULL response logging
- WebSocket inbound (server->client) scanning: injection kills the
  connection; warn does not; no-websocket is a no-op
- redaction scrubs the token in a header and the request path, not just
  the body
- supervise queue-write OSError fails closed (403)
- _token_allow_timeout_from_env: unset/valid/non-numeric/non-positive
- SIGHUP handler reloads routes; a reload failure keeps the last good
  config
- LOG_FULL logs the forwarded request

egress_addon.py: 76% -> 94%. The remaining misses are the low-value
edges (no-SIGHUP platform, hostname-redaction-fails-closed) called out
in the egress adapter PR.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 21:54:36 -04:00
didericis 632ab002ed ci(coverage): risk-weighted coverage policy + diff-coverage gate
test / unit (pull_request) Successful in 46s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 1m2s
lint / lint (push) Successful in 2m16s
test / unit (push) Successful in 59s
test / integration (push) Successful in 29s
test / coverage (push) Successful in 1m9s
Update Quality Badges / update-badges (push) Failing after 2m9s
Adopt ADR 0004: stop chasing a single global coverage number and
measure what matters instead.

- Omit the genuinely-interactive `cli/init.py` shell (read_tty_line
  prompt loops) alongside the existing `cli/tui.py`, with a rationale
  comment in .coveragerc. Subprocess/backend orchestration is NOT
  omitted — it stays visible and is scored via the integration suite.
- scripts/coverage.sh runs unit + integration under one coverage
  measurement (the policy's yardstick) and can report the critical
  security/logic core held to the >=90% target.
- scripts/diff_coverage.py is a stdlib-only gate (no diff-cover dep):
  new/changed executable lines must be >=90% covered. This is the
  enforced regression guard; the global number is informational.
- CI gains a `coverage` job: combined report + the diff-coverage gate.
- Unit-test `cli/__init__.py` dispatch/exit-code mapping (it's logic,
  not I/O, so it earns tests rather than an omit).

Combined unit+integration coverage now reports 83% global / 87% across
the critical modules; per-module ratcheting toward 90% is the ongoing
work this policy frames.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 21:29:08 -04:00
didericis af7f74dc32 test(egress): cover egress_addon adapter; drop coverage omit
test / unit (pull_request) Successful in 46s
test / integration (pull_request) Successful in 17s
lint / lint (push) Successful in 2m26s
test / unit (push) Successful in 1m5s
test / integration (push) Successful in 29s
Update Quality Badges / update-badges (push) Failing after 2m28s
The mitmproxy adapter `egress_addon.py` was omitted from coverage
because it can't import on the host (mitmproxy is sidecar-only) and
only its log-redaction helpers were exercised. Add a request/response
flow suite that stubs mitmproxy and drives the adapter glue:
introspection, allowlist enforcement, auth strip+inject, git
push/fetch blocking, the outbound-DLP block/redact/supervise policy
branches (including the operator approval round-trip), inbound
response scanning, and WebSocket frame scanning.

Removes the `bot_bottle/egress_addon.py` omit from `.coveragerc`;
the adapter now reports ~76% covered.

Closes #286

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9
2026-06-25 19:31:21 -04:00
didericis ca910f8f4f fix(start): show bottle lineage root-first with -> arrows
test / unit (pull_request) Successful in 43s
test / integration (pull_request) Successful in 18s
lint / lint (push) Successful in 1m51s
prd-number / assign-numbers (push) Successful in 21s
test / unit (push) Successful in 43s
test / integration (push) Successful in 17s
Update Quality Badges / update-badges (push) Failing after 1m47s
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-25 16:13:19 -04:00
didericis-codex 338c08a243 test: fix cli selector typing 2026-06-25 16:13:19 -04:00
didericis-claude 6faa6f67aa feat(tui,start): space/enter split, bottle lineage, YAML preflight
Three UX improvements requested in #270 review:

- filter_multiselect: Space toggles selection, Enter confirms (was both)
- bottle picker: bottles with extends chains show ancestry labels
  (e.g. 'claude-dev <- bot-bottle-dev <- dev') for at-a-glance lineage
- preflight: replaces key-value summary with YAML of the resolved manifest
2026-06-25 16:13:19 -04:00
didericis-claude b6ae6af63a fix(types): resolve pyright errors introduced in #269 changes
- manifest.py: remove unused load_bottle_chain_from_dir import
- manifest_extends.py: drop redundant ManifestEgressRoute annotation
- test_cli_start_selector.py: remove unused call import
- test_cli_tui.py: move Optional/constants to top, annotate FakeScreen,
  remove unused curses import
- test_manifest_bottle_merge.py: add type args to dict, annotate **kwargs
2026-06-25 16:13:19 -04:00
didericis-claude ad72eeddc1 feat(tui): add reordering to filter_multiselect
Tab switches focus to the selected-order panel; K/J shift the
highlighted item up/down; Space/Enter removes it. The filter list dims
while the order panel is active. Help line updates per focus mode.
2026-06-25 16:13:19 -04:00
didericis-claude 1ba185d1e0 feat(#269): separate agent and bottle selection at launch time
- `bottle:` in agent frontmatter is now optional; agents without it
  are portable and require bottles to be selected at launch.
- Adds `filter_multiselect` to `tui.py`: multi-select picker with
  ordered selection list, Space/Enter to toggle, Ctrl-D to confirm.
- `ManifestIndex` gains `all_bottle_names` and `load_for_agent` accepts
  `bottle_names: tuple[str, ...]` to merge bottles in order at runtime.
- `merge_bottles_runtime` in `manifest_extends.py` applies the same
  field-merge rules as `extends:` to pre-resolved bottle objects.
- `BottleSpec` gains `bottle_names`; `_validate` and `write_launch_metadata`
  thread it through so `resume` replays the same bottle configuration.
- `cmd_start` shows the bottle multiselect after agent selection,
  pre-populated from the agent's `bottle:` field when present.
- Existing agents with `bottle:` declared continue to work unchanged.
2026-06-25 16:13:19 -04:00
didericis-claude 45a096413f fix: add type annotations to __exit__ context manager (pyright)
lint / lint (push) Successful in 1m47s
test / unit (pull_request) Successful in 43s
test / integration (pull_request) Successful in 16s
2026-06-25 15:03:06 -04:00
didericis c6479d62e4 test: add coverage for git gate and supervise server 2026-06-25 15:03:06 -04:00
didericis c2ddac1be5 test: fix integration coverage failures 2026-06-25 15:03:06 -04:00