bot-bottle

didericis/bot-bottle

Fork 0

Commit Graph

Author	SHA1	Message	Date
didericis	f3f2e3e9ab	feat(pipelock-block): tool sends failed URL, supervisor merges host test / unit (pull_request) Successful in 16s Details test / integration (pull_request) Successful in 1m32s Details Reshape the pipelock-block MCP tool around what the agent actually knows at the moment of failure (the URL pipelock just refused), not what the operator needs (a full allowlist file). Before: agent had to read /etc/claude-bottle/current-config/allowlist, copy the whole file, append their host, send back. Lots of work, easy to get wrong, and the operator's diff was noisy because the proposal contained every host the agent saw — most of which weren't the change. After: agent calls pipelock-block(failed_url="https://api.github.com/repos/foo/bar", justification="...") supervisor extracts api.github.com, fetches the running allowlist, adds the host if not already present, applies the merged content. Path is captured as operator context (the detail view labels it "failed URL" instead of "proposed file") but isn't enforced — pipelock's api_allowlist is hostname-only, so the path can't become an allow rule. - supervise_server: pipelock-block input schema gains `failed_url` (replaces `allowlist`); validate_proposed_file checks for http/https + hostname. - PROPOSED_FILE_FIELD updated; tool description rewritten. - dashboard._apply_pipelock_url: extract host, fetch current, merge, apply. - _proposed_payload_label: detail view renders "failed URL" for pipelock-block, "proposed file" otherwise. - Tests updated end-to-end; new url-host-merge + idempotent-merge + invalid-url cases added. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 08:02:53 -04:00
didericis	d5ba253878	feat(supervise): MCP sidecar HTTP server + Dockerfile (PRD 0013) Phase 2 of PRD 0013. Adds the in-container MCP server: - claude_bottle/supervise_server.py: minimal JSON-RPC over HTTP MCP server. Handles initialize / notifications/initialized / tools/list / tools/call. Each tools/call validates the proposed file syntactically, writes a Proposal to the host-mounted queue, blocks waiting for a Response, archives both files, returns the operator's {status, notes} wrapped in MCP content. - Three tool definitions with JSON Schema inputs: cred-proxy-block (routes.json), pipelock-block (allowlist), capability-block (Dockerfile). - Dockerfile.supervise mirroring the cred-proxy pattern: same pinned python:3.13-alpine, copies supervise.py + supervise_server.py into /app, exposes port 9100. Stdlib-only. Tests cover JSON-RPC parsing, per-tool validation, all three handlers, the queue round-trip via a background responder thread, and an end-to-end HTTP sanity check on a random port. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 04:20:57 -04:00

Author

SHA1

Message

Date

didericis

f3f2e3e9ab

feat(pipelock-block): tool sends failed URL, supervisor merges host

test / unit (pull_request) Successful in 16s

Details

test / integration (pull_request) Successful in 1m32s

Details

Reshape the pipelock-block MCP tool around what the agent actually
knows at the moment of failure (the URL pipelock just refused), not
what the operator needs (a full allowlist file).

Before: agent had to read /etc/claude-bottle/current-config/allowlist,
copy the whole file, append their host, send back. Lots of work,
easy to get wrong, and the operator's diff was noisy because the
proposal contained every host the agent saw — most of which weren't
the change.

After: agent calls
  pipelock-block(failed_url="https://api.github.com/repos/foo/bar",
                 justification="...")
supervisor extracts api.github.com, fetches the running allowlist,
adds the host if not already present, applies the merged content.

Path is captured as operator context (the detail view labels it
"failed URL" instead of "proposed file") but isn't enforced —
pipelock's api_allowlist is hostname-only, so the path can't
become an allow rule.

- supervise_server: pipelock-block input schema gains `failed_url`
  (replaces `allowlist`); validate_proposed_file checks for
  http/https + hostname.
- PROPOSED_FILE_FIELD updated; tool description rewritten.
- dashboard._apply_pipelock_url: extract host, fetch current,
  merge, apply.
- _proposed_payload_label: detail view renders "failed URL" for
  pipelock-block, "proposed file" otherwise.
- Tests updated end-to-end; new url-host-merge + idempotent-merge +
  invalid-url cases added.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-25 08:02:53 -04:00

didericis

d5ba253878

feat(supervise): MCP sidecar HTTP server + Dockerfile (PRD 0013)

Phase 2 of PRD 0013. Adds the in-container MCP server:

- claude_bottle/supervise_server.py: minimal JSON-RPC over HTTP MCP
  server. Handles initialize / notifications/initialized / tools/list /
  tools/call. Each tools/call validates the proposed file syntactically,
  writes a Proposal to the host-mounted queue, blocks waiting for a
  Response, archives both files, returns the operator's {status, notes}
  wrapped in MCP content.
- Three tool definitions with JSON Schema inputs: cred-proxy-block
  (routes.json), pipelock-block (allowlist), capability-block
  (Dockerfile).
- Dockerfile.supervise mirroring the cred-proxy pattern: same pinned
  python:3.13-alpine, copies supervise.py + supervise_server.py into
  /app, exposes port 9100.

Stdlib-only. Tests cover JSON-RPC parsing, per-tool validation, all
three handlers, the queue round-trip via a background responder
thread, and an end-to-end HTTP sanity check on a random port.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-25 04:20:57 -04:00

2 Commits