bot-bottle

didericis/bot-bottle

Fork 0

Commit Graph

Author	SHA1	Message	Date
didericis	f04fbb68a9	feat(egress-proxy): drive claude-code OAuth placeholder off a role marker test / unit (pull_request) Successful in 18s Details test / integration (pull_request) Successful in 1m3s Details The chunk 2 detection keyed on `token_ref == "CLAUDE_CODE_OAUTH_TOKEN"`, which broke any bottle whose host env var has a different name (e.g. `CLAUDE_BOTTLE_OAUTH_TOKEN`). The token_ref is the user's choice — the placeholder-env trigger shouldn't be locked to one specific string. Restoring a minimal `role` marker on `EgressProxyRoute`: - `EGRESS_PROXY_ROLES = frozenset({"claude_code_oauth"})` — one marker for now; the field is back so we can grow it. - `EGRESS_PROXY_SINGLETON_ROLES` — claude_code_oauth is a singleton (only one route per bottle can carry it). - `Role: tuple[str, ...]` field on `EgressProxyRoute` (manifest + runtime), parsed as string or list-of-strings; unknown roles are rejected so typos can't become silent no-ops. `prepare.py:has_anthropic_auth` now checks for `"claude_code_oauth" in r.roles` instead of matching a literal token_ref string. Bottles can name their host OAuth env var anything; the role marker is what flips on `CLAUDE_CODE_OAUTH_TOKEN=<placeholder>` and the telemetry-off env vars on the agent. Test coverage: 7 new manifest tests (omitted / string / list / unknown role rejected / non-string rejected / list-item non-string rejected / singleton enforced). 364 tests pass. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 15:28:11 -04:00
didericis	3df54573d4	feat(egress-proxy): add mitmproxy-based sidecar core (PRD 0017 chunk 1) test / unit (pull_request) Successful in 18s Details test / integration (pull_request) Successful in 1m39s Details Lands the new egress-proxy artifact alongside cred-proxy. Chunk 2 wires the agent's HTTP_PROXY to it and removes cred-proxy. - `Dockerfile.egress-proxy` — mitmproxy 11.1.3 base, COPY addon files flat to /app, mkdir routes dir at /etc/egress-proxy/. Digest pin deferred to chunk 2. - `egress_proxy_addon_core.py` — pure-logic parse + decide (host-importable; 21 unit tests). - `egress_proxy_addon.py` — mitmproxy hook wrapper, container-only (boot + SIGHUP reload, strip-Authorization + decide + 403/inject). - `egress_proxy.py` — host helpers: manifest lift, routes.yaml render (JSON content), token-env-map, Plan + abstract class. - `backend/docker/egress_proxy.py` — `DockerEgressProxy` start/stop mirroring `DockerCredProxy`; not yet called from launch.py. - `manifest.py` — new `EgressProxyRoute` + `EgressProxyConfig` types with the nested `auth: { scheme, token_ref }` block per PRD; `bottle.egress_proxy` added to the bottle key set alongside `cred_proxy` (chunk 2 hard-fails on the latter). All 427 unit tests pass. Image builds; `docker run` boots mitmdump and the addon loads routes from a mounted routes.yaml. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 13:58:24 -04:00

Author

SHA1

Message

Date

didericis

f04fbb68a9

feat(egress-proxy): drive claude-code OAuth placeholder off a role marker

test / unit (pull_request) Successful in 18s

Details

test / integration (pull_request) Successful in 1m3s

Details

The chunk 2 detection keyed on `token_ref == "CLAUDE_CODE_OAUTH_TOKEN"`,
which broke any bottle whose host env var has a different name (e.g.
`CLAUDE_BOTTLE_OAUTH_TOKEN`). The token_ref is the user's choice —
the placeholder-env trigger shouldn't be locked to one specific
string.

Restoring a minimal `role` marker on `EgressProxyRoute`:

  - `EGRESS_PROXY_ROLES = frozenset({"claude_code_oauth"})` — one
    marker for now; the field is back so we can grow it.
  - `EGRESS_PROXY_SINGLETON_ROLES` — claude_code_oauth is a
    singleton (only one route per bottle can carry it).
  - `Role: tuple[str, ...]` field on `EgressProxyRoute` (manifest +
    runtime), parsed as string or list-of-strings; unknown roles
    are rejected so typos can't become silent no-ops.

`prepare.py:has_anthropic_auth` now checks for `"claude_code_oauth"
in r.roles` instead of matching a literal token_ref string. Bottles
can name their host OAuth env var anything; the role marker is what
flips on `CLAUDE_CODE_OAUTH_TOKEN=<placeholder>` and the
telemetry-off env vars on the agent.

Test coverage: 7 new manifest tests (omitted / string / list /
unknown role rejected / non-string rejected / list-item non-string
rejected / singleton enforced).

364 tests pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-25 15:28:11 -04:00

didericis

3df54573d4

feat(egress-proxy): add mitmproxy-based sidecar core (PRD 0017 chunk 1)

test / unit (pull_request) Successful in 18s

Details

test / integration (pull_request) Successful in 1m39s

Details

Lands the new egress-proxy artifact alongside cred-proxy. Chunk 2
wires the agent's HTTP_PROXY to it and removes cred-proxy.

  - `Dockerfile.egress-proxy` — mitmproxy 11.1.3 base, COPY addon
    files flat to /app, mkdir routes dir at /etc/egress-proxy/.
    Digest pin deferred to chunk 2.
  - `egress_proxy_addon_core.py` — pure-logic parse + decide
    (host-importable; 21 unit tests).
  - `egress_proxy_addon.py` — mitmproxy hook wrapper, container-only
    (boot + SIGHUP reload, strip-Authorization + decide + 403/inject).
  - `egress_proxy.py` — host helpers: manifest lift, routes.yaml
    render (JSON content), token-env-map, Plan + abstract class.
  - `backend/docker/egress_proxy.py` — `DockerEgressProxy` start/stop
    mirroring `DockerCredProxy`; not yet called from launch.py.
  - `manifest.py` — new `EgressProxyRoute` + `EgressProxyConfig` types
    with the nested `auth: { scheme, token_ref }` block per PRD;
    `bottle.egress_proxy` added to the bottle key set alongside
    `cred_proxy` (chunk 2 hard-fails on the latter).

All 427 unit tests pass. Image builds; `docker run` boots mitmdump
and the addon loads routes from a mounted routes.yaml.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-25 13:58:24 -04:00

2 Commits