docs(prd): activate git-gate manifest redesign

PRD 0047 is now shipped to main.

bot-bottle.demo.json

@@ -4,14 +4,15 @@
       "env": {
         "FAKE_TOKEN": "ghp_aB3cD4eF5gH6iJ7kL8mN9oP0qR1sT2uV3wX4yZ"
       },
-      "git": [
+      "git-gate": {
-        {
+        "repos": {
-          "Name": "foo",
+          "foo": {
-          "Upstream": "ssh://git@upstream.invalid/path.git",
+            "url": "ssh://git@upstream.invalid/path.git",
-          "IdentityFile": "~/.cache/bot-bottle-demo/fake-key",
+            "identity": "~/.cache/bot-bottle-demo/fake-key",
-          "KnownHostKey": "ssh-ed25519 AAAAEXAMPLE"
+            "host_key": "ssh-ed25519 AAAAEXAMPLE"
+          }
         }
-      ]
+      }
     }
   },
 

bot_bottle/git_http_backend.py

@@ -49,6 +49,18 @@ class GitHttpHandler(BaseHTTPRequestHandler):
                 check=False,
             )
             if hook.returncode != 0:
+                detail = (hook.stderr or hook.stdout).decode(
+                    "utf-8", errors="replace",
+                ).rstrip()
+                if detail:
+                    for line in detail.splitlines():
+                        self.log_message("access-hook denied %s: %s",
+                                         parsed.path, line)
+                else:
+                    self.log_message(
+                        "access-hook denied %s: exit=%d (no output)",
+                        parsed.path, hook.returncode,
+                    )
                 self.send_response(403)
                 self.send_header("Content-Type", "text/plain; charset=utf-8")
                 self.end_headers()

bot_bottle/manifest.py

@@ -14,9 +14,9 @@ the system prompt, for bottles the body is human documentation
 Bottle schema (frontmatter):
   extends:      <bottle-name>                   # optional (PRD 0025)
   env:          { <NAME>: <env-entry>, ... }
-  git:
+  git-gate:                                     # optional (PRD 0047)
     user:       { name: <str>, email: <str> }   # optional
-    remotes:    { <host>: <git-entry>, ... }    # optional
+    repos:      { <name>: <git-gate-entry>, ... }  # optional
   egress: { routes: [ <egress-route>, ... ] }
     # route keys: host, path_allowlist, auth, role, pipelock
     # pipelock: { tls_passthrough: <bool>, ssrf_ip_allowlist: [<cidr>, ...] }
@@ -25,6 +25,8 @@ Bottle schema (frontmatter):
 Agent schema (frontmatter):
   bottle:        <bottle-name>          # required
   skills:        [ <skill-name>, ... ]   # optional
+  git-gate:
+    user:        { name: <str>, email: <str> }  # optional; overlays bottle
   # Claude Code subagent passthrough fields — accepted, ignored:
   name, description, model, color, memory
 
@@ -73,7 +75,11 @@ class GitEntry:
 
     The Upstream URL is parsed once at construction and the pieces are
     stashed in the `Upstream*` fields so the git-gate render step
-    doesn't have to re-parse."""
+    doesn't have to re-parse.
+
+    Manifest source: `git-gate.repos.<Name>` (PRD 0047). The YAML keys
+    are `url`, `identity`, and `host_key`; the internal field names are
+    stable across that rename."""
 
     Name: str
     Upstream: str
@@ -86,69 +92,48 @@ class GitEntry:
     UpstreamPath: str = ""
 
     @classmethod
-    def from_dict(cls, bottle_name: str, idx: int, raw: object) -> "GitEntry":
+    def from_repos_entry(
-        d = _as_json_object(raw, f"bottle '{bottle_name}' git[{idx}]")
+        cls, bottle_name: str, repo_name: str, raw: object
-        return cls._from_object(bottle_name, d, f"git[{idx}]", None)
-
-    @classmethod
-    def from_remote_dict(
-        cls, bottle_name: str, host_key: str, raw: object
     ) -> "GitEntry":
-        if not host_key:
+        """Parse one entry from `git-gate.repos.<repo_name>`.
-            raise ManifestError(f"bottle '{bottle_name}' git.remotes has an empty host key")
-        d = _as_json_object(raw, f"bottle '{bottle_name}' git.remotes[{host_key!r}]")
-        return cls._from_object(
-            bottle_name, d, f"git.remotes[{host_key!r}]", host_key,
-        )
 
-    @classmethod
+        YAML keys: `url` (required), `identity` (required),
-    def _from_object(
+        `host_key` (optional). The repo_name becomes `Name`."""
-        cls,
+        if not repo_name:
-        bottle_name: str,
-        d: dict[str, object],
-        label: str,
-        host_key: str | None,
-    ) -> "GitEntry":
-        name = d.get("Name")
-        if not isinstance(name, str) or not name:
             raise ManifestError(
-                f"bottle '{bottle_name}' {label} missing required string "
+                f"bottle '{bottle_name}' git-gate.repos has an empty key"
-                f"field 'Name'"
             )
-        upstream = d.get("Upstream")
+        label = f"git-gate.repos[{repo_name!r}]"
+        d = _as_json_object(raw, f"bottle '{bottle_name}' {label}")
+        for k in d:
+            if k not in {"url", "identity", "host_key"}:
+                raise ManifestError(
+                    f"bottle '{bottle_name}' {label} has unknown key {k!r}; "
+                    f"allowed: url, identity, host_key"
+                )
+        upstream = d.get("url")
         if not isinstance(upstream, str) or not upstream:
             raise ManifestError(
-                f"bottle '{bottle_name}' {label} '{name}' missing required string field "
+                f"bottle '{bottle_name}' {label} missing required string field 'url'"
-                f"'Upstream'"
             )
-        ident = d.get("IdentityFile")
+        ident = d.get("identity")
         if not isinstance(ident, str) or not ident:
             raise ManifestError(
-                f"bottle '{bottle_name}' {label} '{name}' missing required string field "
+                f"bottle '{bottle_name}' {label} missing required string field 'identity'"
-                f"'IdentityFile'"
             )
         khk = _opt_str(
-            d.get("KnownHostKey"),
+            d.get("host_key"),
-            f"bottle '{bottle_name}' {label} '{name}' KnownHostKey",
+            f"bottle '{bottle_name}' {label} host_key",
         )
         user, host, port, path = _parse_git_upstream(
-            upstream, f"bottle '{bottle_name}' {label} '{name}' Upstream"
+            upstream, f"bottle '{bottle_name}' {label} url"
         )
-        if (
-            host_key is not None
-            and host_key != host
-            and not _is_ip_literal(host)
-        ):
-            raise ManifestError(
-                f"bottle '{bottle_name}' git.remotes key {host_key!r} "
-                f"does not match Upstream host {host!r}"
-            )
         return cls(
-            Name=name,
+            Name=repo_name,
             Upstream=upstream,
             IdentityFile=ident,
             KnownHostKey=khk,
-            RemoteKey=host_key or host,
+            RemoteKey=host,
             UpstreamUser=user,
             UpstreamHost=host,
             UpstreamPort=port,
@@ -258,28 +243,28 @@ class GitUser:
 
     @classmethod
     def from_dict(cls, bottle_name: str, raw: object) -> "GitUser":
-        d = _as_json_object(raw, f"bottle '{bottle_name}' git.user")
+        d = _as_json_object(raw, f"bottle '{bottle_name}' git-gate.user")
         for k in d.keys():
             if k not in {"name", "email"}:
                 raise ManifestError(
-                    f"bottle '{bottle_name}' git.user has unknown key {k!r}; "
+                    f"bottle '{bottle_name}' git-gate.user has unknown key {k!r}; "
                     f"allowed: name, email"
                 )
         name = d.get("name", "")
         email = d.get("email", "")
         if not isinstance(name, str):
             raise ManifestError(
-                f"bottle '{bottle_name}' git.user.name must be a string "
+                f"bottle '{bottle_name}' git-gate.user.name must be a string "
                 f"(was {type(name).__name__})"
             )
         if not isinstance(email, str):
             raise ManifestError(
-                f"bottle '{bottle_name}' git.user.email must be a string "
+                f"bottle '{bottle_name}' git-gate.user.email must be a string "
                 f"(was {type(email).__name__})"
             )
         if not name and not email:
             raise ManifestError(
-                f"bottle '{bottle_name}' git.user is set but neither "
+                f"bottle '{bottle_name}' git-gate.user is set but neither "
                 f"name nor email is non-empty; remove the block or "
                 f"fill at least one field."
             )
@@ -289,16 +274,16 @@ class GitUser:
         return not self.name and not self.email
 
 
-def _parse_git_config(
+def _parse_git_gate_config(
     bottle_name: str,
     raw: object,
 ) -> tuple[tuple[GitEntry, ...], GitUser]:
-    d = _as_json_object(raw, f"bottle '{bottle_name}' git")
+    d = _as_json_object(raw, f"bottle '{bottle_name}' git-gate")
     for k in d.keys():
-        if k not in {"user", "remotes"}:
+        if k not in {"user", "repos"}:
             raise ManifestError(
-                f"bottle '{bottle_name}' git has unknown key {k!r}; "
+                f"bottle '{bottle_name}' git-gate has unknown key {k!r}; "
-                f"allowed: user, remotes"
+                f"allowed: user, repos"
             )
 
     git_user = (
@@ -308,12 +293,12 @@ def _parse_git_config(
     )
 
     git: tuple[GitEntry, ...] = ()
-    remotes_raw = d.get("remotes")
+    repos_raw = d.get("repos")
-    if remotes_raw is not None:
+    if repos_raw is not None:
-        remotes = _as_json_object(remotes_raw, f"bottle '{bottle_name}' git.remotes")
+        repos = _as_json_object(repos_raw, f"bottle '{bottle_name}' git-gate.repos")
         git = tuple(
-            GitEntry.from_remote_dict(bottle_name, host, entry)
+            GitEntry.from_repos_entry(bottle_name, name, entry)
-            for host, entry in remotes.items()
+            for name, entry in repos.items()
         )
         _validate_unique_git_names(bottle_name, git)
 
@@ -573,10 +558,9 @@ class Bottle:
     agent_provider: AgentProvider = field(default_factory=AgentProvider)
     git: tuple[GitEntry, ...] = ()
     # Per-bottle git identity (issue #86). Empty default — bottles
-    # that don't set `git.user:` in the manifest skip the
+    # that don't set `git-gate.user:` in the manifest skip the
-    # `git config --global` step entirely. Set independently of
+    # `git config --global` step entirely. A bottle can declare a user
-    # the `git.remotes:` upstream map above: a bottle can declare a user
+    # identity without any git-gate.repos upstreams, and vice versa.
-    # identity without any git-gate upstreams, and vice versa.
     git_user: GitUser = field(default_factory=GitUser)
     egress: EgressConfig = field(default_factory=EgressConfig)
     # Opt-in per-bottle stuck-recovery sidecar (PRD 0013). When true,
@@ -603,16 +587,22 @@ class Bottle:
         if "ssh" in d:
             raise ManifestError(
                 f"bottle '{name}' has an 'ssh' field, which has been removed "
-                f"(PRD 0009). Move each entry to 'git': declare the upstream "
+                f"(PRD 0009). Declare upstreams under 'git-gate.repos' with "
-                f"as a git remote with Name + Upstream URL + IdentityFile, "
+                f"url + identity + host_key; the git-gate sidecar (PRD 0008) "
-                f"and the per-bottle git-gate (PRD 0008) will hold the "
+                f"holds the credential and gitleaks-scans pushes."
-                f"credential and gitleaks-scan pushes."
+            )
+
+        if "git" in d:
+            raise ManifestError(
+                f"bottle '{name}' uses 'git' which has been replaced by "
+                f"'git-gate' (PRD 0047). Move git.user → git-gate.user "
+                f"and git.remotes → git-gate.repos (fields: url, identity, host_key)."
             )
 
         if "git_user" in d:
             raise ManifestError(
                 f"bottle '{name}' has a 'git_user' field, which has been "
-                f"removed. Move it under 'git.user'."
+                f"removed. Move it under 'git-gate.user'."
             )
 
         unknown = set(d.keys()) - BOTTLE_KEYS
@@ -637,9 +627,9 @@ class Bottle:
 
         git: tuple[GitEntry, ...] = ()
         git_user = GitUser()
-        git_raw = d.get("git")
+        git_raw = d.get("git-gate")
         if git_raw is not None:
-            git, git_user = _parse_git_config(name, git_raw)
+            git, git_user = _parse_git_gate_config(name, git_raw)
 
         agent_provider = (
             AgentProvider.from_dict(name, d["agent_provider"])
@@ -672,9 +662,9 @@ class Agent:
     skills: tuple[str, ...] = ()
     prompt: str = ""
     # Per-agent git identity (issue #94). Overlays the referenced
-    # bottle's git.user per-field at `Manifest.bottle_for`. Only the
+    # bottle's git-gate.user per-field at `Manifest.bottle_for`. Only
-    # `user` block is allowed at the agent level; `git.remotes` stays
+    # `user` is allowed at the agent level; `repos` stays bottle-only
-    # bottle-only because it carries credentials and host trust.
+    # because it carries credentials and host trust.
     git_user: GitUser = GitUser()
 
     @classmethod
@@ -722,19 +712,18 @@ class Agent:
         else:
             raise ManifestError(f"agent '{name}' prompt must be a string (was {type(prompt_raw).__name__})")
 
-        # git: agents may declare only `git.user` (name/email). Any
+        # git-gate: agents may declare only `git-gate.user` (name/email).
-        # other git key — notably `remotes` — is rejected: remotes
+        # `git-gate.repos` is bottle-only — it carries credentials and host trust.
-        # carry credentials and host trust and stay bottle-only.
         git_user = GitUser()
-        git_raw = d.get("git")
+        git_raw = d.get("git-gate")
         if git_raw is not None:
-            gd = _as_json_object(git_raw, f"agent '{name}' git")
+            gd = _as_json_object(git_raw, f"agent '{name}' git-gate")
             for k in gd.keys():
                 if k != "user":
                     raise ManifestError(
-                        f"agent '{name}' git.{k} is not allowed at the "
+                        f"agent '{name}' git-gate.{k} is not allowed at the "
-                        f"agent level; only git.user (name/email) may be "
+                        f"agent level; only git-gate.user (name/email) may be "
-                        f"set on an agent. git.remotes is bottle-only "
+                        f"set on an agent. git-gate.repos is bottle-only "
                         f"(it carries credentials and host trust)."
                     )
             if "user" in gd:
@@ -1011,9 +1000,10 @@ def _validate_egress_routes(
     The proxy matches by exact-host (v1); duplicate hosts leave the
     route choice ambiguous so we reject them up front.
 
-    No cross-validation against `bottle.git` is performed. git-gate
+    No cross-validation against `bottle.git-gate.repos` is performed.
-    (SSH push/fetch) and egress (HTTPS) broker different protocols;
+    git-gate (SSH push/fetch) and egress (HTTPS) broker different
-    declaring both for the same host is a legitimate dev setup."""
+    protocols; declaring both for the same host is a legitimate dev
+    setup."""
     seen_hosts: dict[str, None] = {}
     for r in routes:
         key = r.Host.lower()
@@ -1030,7 +1020,7 @@ def _validate_unique_git_names(bottle_name: str, git: tuple[GitEntry, ...]) -> N
     for g in git:
         if g.Name in seen:
             raise ManifestError(
-                f"bottle '{bottle_name}' git entries have duplicate Name '{g.Name}'; "
+                f"bottle '{bottle_name}' git-gate.repos has duplicate name '{g.Name}'; "
                 f"each entry maps to a distinct bare repo on the gate."
             )
         seen[g.Name] = None

bot_bottle/manifest_extends.py

@@ -81,19 +81,19 @@ def _merge_bottles(
     # env: dict merge, child wins on collision.
     merged_env = {**parent.env, **child.env}
 
-    # git.user: per-field overlay. Each non-empty field on child
+    # git-gate.user: per-field overlay. Each non-empty field on child
     # wins; empties fall through to parent. The default GitUser()
-    # is two empty strings, so a child that omits git.user
+    # is two empty strings, so a child that omits git-gate.user
     # inherits the parent's user verbatim.
     merged_git_user = GitUser(
         name=child.git_user.name or parent.git_user.name,
         email=child.git_user.email or parent.git_user.email,
     )
 
-    # git.remotes: missing means inherit; an explicit empty object
+    # git-gate.repos: missing means inherit; an explicit empty object
     # clears; otherwise parent and child merge by UpstreamHost with
     # child entries replacing duplicate hosts.
-    if _child_declares_git_remotes(child_raw):
+    if _child_declares_git_gate_repos(child_raw):
         merged_git = _merge_git_remotes(parent.git, child.git) if child.git else ()
     else:
         merged_git = parent.git
@@ -121,14 +121,14 @@ def _merge_bottles(
     )
 
 
-def _child_declares_git_remotes(child_raw: dict[str, object]) -> bool:
+def _child_declares_git_gate_repos(child_raw: dict[str, object]) -> bool:
     from .manifest import _as_json_object
 
-    git_raw = child_raw.get("git")
+    git_raw = child_raw.get("git-gate")
     if git_raw is None:
         return False
-    git_obj = _as_json_object(git_raw, "child git")
+    git_obj = _as_json_object(git_raw, "child git-gate")
-    return "remotes" in git_obj
+    return "repos" in git_obj
 
 
 def _merge_git_remotes(

bot_bottle/manifest_loader.py

@@ -93,13 +93,13 @@ def load_agents_from_dir(
         validate_agent_frontmatter_keys(path, fm.keys())
         # Build the dict Agent.from_dict expects. The body becomes
         # prompt; Claude Code passthrough fields stay in fm and get
-        # ignored by Agent.from_dict (which reads bottle/skills/git/prompt).
+        # ignored by Agent.from_dict (reads bottle/skills/git-gate/prompt).
         agent_dict: dict[str, object] = {
             "bottle": fm.get("bottle"),
             "skills": fm.get("skills", []),
             "prompt": body.strip(),
         }
-        if "git" in fm:
+        if "git-gate" in fm:
-            agent_dict["git"] = fm["git"]
+            agent_dict["git-gate"] = fm["git-gate"]
         out[name] = Agent.from_dict(name, agent_dict, bottle_names)
     return out

bot_bottle/manifest_schema.py

@@ -16,10 +16,10 @@ _FILENAME_RX = re.compile(r"^[a-z][a-z0-9-]*$")
 # sets dies with a "did you mean" pointer: typos should not silently
 # ghost into an empty config.
 BOTTLE_KEYS = frozenset(
-    {"env", "extends", "agent_provider", "git", "egress", "supervise"}
+    {"env", "extends", "agent_provider", "git-gate", "egress", "supervise"}
 )
 AGENT_KEYS_REQUIRED = frozenset({"bottle"})
-AGENT_KEYS_OPTIONAL = frozenset({"skills", "git"})
+AGENT_KEYS_OPTIONAL = frozenset({"skills", "git-gate"})
 
 # Claude Code subagent fields bot-bottle ignores at launch but does
 # not reject. This lets the same file double as

docs/prds/0047-git-gate-manifest-redesign.md

@@ -0,0 +1,170 @@
+# PRD 0047: Git-gate Manifest Redesign
+
+- **Status:** Active
+- **Author:** didericis
+- **Created:** 2026-06-03
+- **Issue:** #160
+
+## Summary
+
+Replace the `git` top-level key in bottle and agent manifests with `git-gate`,
+consolidating git-identity configuration (`user`) and git-gate sidecar
+configuration (`repos`) under a single section. Within `repos`, field names
+move to lowercase snake_case and the local repo name is promoted to the YAML
+key. The change removes the ambiguity in the current `git` block: its fields
+are not generic git or SSH config — they are specifically the credential,
+host-trust, and identity material that is managed in relation to git-gate.
+
+## Problem
+
+The current bottle manifest uses a `git` top-level key that mixes two concerns:
+
+- `git.user` — `git config --global user.name / user.email` identity, which
+  the provisioner injects into the agent's shell.
+- `git.remotes` — upstream URL, identity file, and host key material that the
+  git-gate sidecar consumes; the agent never sees these values.
+
+That grouping suggests the `remotes` entries behave like an SSH config or a
+generic `.gitconfig` remote declaration. They do not. The gate reads the
+credential material to push upstream after gitleaks passes; the agent's
+`.gitconfig` receives only the `insteadOf` rewrite that redirects traffic
+through the gate. Nothing in the current key name or field names signals this.
+
+Splitting `git.user` into a separate section from `git.remotes` also doesn't
+help: both concepts exist because of git-gate, and keeping them under a single
+`git-gate` key makes their relationship and purpose explicit.
+
+The field names inside each remote entry also use PascalCase (`Name`,
+`Upstream`, `IdentityFile`, `KnownHostKey`), inconsistent with every other
+manifest section, which uses snake_case.
+
+The current `git.remotes` dict is keyed by upstream host, which works for
+simple remotes but forces a separate `Name` field to give the gate's bare repo
+a local label. The host key and `Name` field are often redundant or confusing
+(e.g., IP-literal upstreams where the key carries no semantic meaning).
+
+## Goals / Success Criteria
+
+- `git-gate` is accepted as a top-level bottle and agent key; `git` is removed
+  from both allowed-key sets.
+- `git-gate.repos` is a named map where each key is the local repo name
+  exposed by the gate (bottle-only; rejected at the agent level).
+- Each entry in `git-gate.repos` accepts exactly: `url` (required), `identity`
+  (required), `host_key` (optional).
+- `git-gate.user` replaces `git.user` on both bottles and agents, with the
+  same `name` / `email` fields and overlay semantics.
+- The manifest parser rejects `git.remotes` and `git.user` with errors that
+  point to the new keys.
+- `GitEntry` internal fields are updated to match the new names; all callers
+  (provisioner, git-gate render, plan, tests) compile and pass.
+- Existing unit tests in `tests/unit/test_manifest_git.py` and
+  `tests/unit/test_manifest_git_user.py` are rewritten to use the new YAML
+  shape; all other manifest unit tests remain green.
+- The demo manifest (`bot-bottle.demo.json`) and any examples using the old
+  shape are updated.
+
+## Non-goals
+
+- No change to `git.user` / `git-gate.user` semantics or field names (`name`,
+  `email`).
+- No change to git-gate runtime behavior (mirroring, gitleaks, access-hook
+  refresh).
+- No change to the `insteadOf` rewrite the provisioner emits.
+- No migration shim: the old `git.*` shape is rejected immediately with clear
+  error messages pointing to the new keys.
+- No change to how agent-level user config overlays the bottle-level value.
+
+## Design
+
+### New manifest shape
+
+**Before** (bottle frontmatter):
+
+```yaml
+git:
+  user:
+    name: implementer-bot
+    email: eric+implementer@dideric.is
+  remotes:
+    gitea.dideric.is:
+      Name: bot-bottle
+      Upstream: ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git
+      IdentityFile: ~/.ssh/gitea-delos-2.pem
+      KnownHostKey: "ssh-rsa AAAA..."
+```
+
+**After**:
+
+```yaml
+git-gate:
+  user:
+    name: implementer-bot
+    email: eric+implementer@dideric.is
+  repos:
+    bot-bottle:
+      url: ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git
+      identity: ~/.ssh/gitea-delos-2.pem
+      host_key: "ssh-rsa AAAA..."
+```
+
+`git-gate` is the single optional top-level key for all git configuration.
+Bottles that previously used only `git.user` now use only `git-gate.user`;
+those that used only `git.remotes` now use only `git-gate.repos`.
+
+### Key-name-as-repo-name
+
+The YAML key in `git-gate.repos` becomes the local repo name (previously
+`Name`). The upstream host is no longer the primary key; the provisioner and
+gate derive it from the `url` field during parse. IP-literal upstreams work
+without an artificial host-as-key constraint.
+
+### Field renames
+
+| Old field | New field |
+|-----------|-----------|
+| `Name` (from dict key) | YAML key in `repos` |
+| `Upstream` | `url` |
+| `IdentityFile` | `identity` |
+| `KnownHostKey` | `host_key` |
+
+### Parser changes
+
+- `manifest_schema.py`: replace `"git"` with `"git-gate"` in `BOTTLE_KEYS`
+  and `AGENT_KEYS_OPTIONAL`.
+- `manifest.py`: replace `_parse_git_config` with `_parse_git_gate_config`
+  that validates both `user` and `repos` subkeys. Update `Bottle.from_dict`
+  and `Agent.from_dict` to call it for the `"git-gate"` key.
+- `Agent.from_dict` continues to reject `repos` at the agent level with a
+  clear error.
+- Remove `from_remote_dict` and update `GitEntry._from_object` to accept the
+  new field names. Internal dataclass field names (`UpstreamUser`, etc.) are
+  unchanged — they are internal plumbing, not user-facing.
+- Any existing `"git"` key raises a targeted error:
+
+  ```
+  bottle 'dev' uses 'git' which has been replaced by 'git-gate' (PRD 0047).
+  Move git.user → git-gate.user and git.remotes → git-gate.repos.
+  ```
+
+## Testing Strategy
+
+Run:
+
+```
+python3 -m unittest discover -s tests/unit
+```
+
+Test files to update:
+
+- `tests/unit/test_manifest_git.py` — rewrite fixtures and assertions to use
+  `git-gate.repos` / lowercase fields. Cover: minimal entry, optional
+  `host_key`, missing `url`, missing `identity`, unknown key, IP-literal
+  upstreams, duplicate name rejection, old `git.remotes` and bare `git` key
+  both rejected.
+- `tests/unit/test_manifest_git_user.py` and
+  `tests/unit/test_manifest_agent_git_user.py` — update fixtures to use
+  `git-gate.user` at both bottle and agent level.
+
+## Open Questions
+
+None.

examples/agents/implementer.md

@@ -5,7 +5,7 @@ model: opus
 bottle: dev
 skills:
   - init-prd
-git:
+git-gate:
   user:
     name: implementer-bot
     email: eric+implementer@dideric.is

tests/fixtures.py

@@ -38,23 +38,21 @@ def fixture_with_egress_dict() -> dict[str, Any]:
 
 
 def fixture_with_git_dict() -> dict[str, Any]:
-    """Bottle declares a git-gate upstream. JSON shape."""
+    """Bottle declares git-gate upstreams. JSON shape."""
     return {
         "bottles": {
             "dev": {
-                "git": {
+                "git-gate": {
-                    "remotes": {
+                    "repos": {
-                        "gitea.dideric.is": {
+                        "bot-bottle": {
-                            "Name": "bot-bottle",
+                            "url": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
-                            "Upstream": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
+                            "identity": "/dev/null",
-                            "IdentityFile": "/dev/null",
+                            "host_key": "ssh-ed25519 AAAA...",
-                            "KnownHostKey": "ssh-ed25519 AAAA...",
                         },
-                        "github.com": {
+                        "foo": {
-                            "Name": "foo",
+                            "url": "ssh://git@github.com/didericis/foo.git",
-                            "Upstream": "ssh://git@github.com/didericis/foo.git",
+                            "identity": "/dev/null",
-                            "IdentityFile": "/dev/null",
+                            "host_key": "ssh-ed25519 BBBB...",
-                            "KnownHostKey": "ssh-ed25519 BBBB...",
                         },
                     },
                 }

tests/unit/test_compose.py

@@ -49,11 +49,10 @@ def _manifest(*, supervise: bool, with_git: bool, with_egress: bool) -> Manifest
     if supervise:
         bottle["supervise"] = True
     if with_git:
-        bottle["git"] = {"remotes": {
+        bottle["git-gate"] = {"repos": {
-            "example.com": {
+            "upstream": {
-                "Name": "upstream",
+                "url": "ssh://git@example.com:22/x/y.git",
-                "Upstream": "ssh://git@example.com:22/x/y.git",
+                "identity": "/etc/hostname",  # any existing file
-                "IdentityFile": "/etc/hostname",  # any existing file
             },
         }}
     if with_egress:

tests/unit/test_docker_provision_git_user.py

@@ -30,7 +30,7 @@ def _plan(*, git_user: dict | None = None,
           stage_dir: Path | None = None) -> DockerBottlePlan:
     bottle_json: dict = {}
     if git_user is not None:
-        bottle_json["git"] = {"user": git_user}
+        bottle_json["git-gate"] = {"user": git_user}
     manifest = Manifest.from_json_obj({
         "bottles": {"dev": bottle_json},
         "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},

tests/unit/test_git_gate.py

@@ -220,11 +220,10 @@ class TestPrepare(unittest.TestCase):
 
     def test_prepare_skips_known_hosts_file_when_key_missing(self):
         manifest = Manifest.from_json_obj({
-            "bottles": {"dev": {"git": {"remotes": {
+            "bottles": {"dev": {"git-gate": {"repos": {
-                "github.com": {
+                "foo": {
-                    "Name": "foo",
+                    "url": "ssh://git@github.com/didericis/foo.git",
-                    "Upstream": "ssh://git@github.com/didericis/foo.git",
+                    "identity": "/dev/null",
-                    "IdentityFile": "/dev/null",
                 },
             }}}},
             "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},

tests/unit/test_git_http_backend.py

@@ -150,6 +150,97 @@ class TestGitHttpBackend(unittest.TestCase):
             )
             self.assertEqual("git/test", env["HTTP_USER_AGENT"])
 
+    def test_access_hook_denial_is_logged_to_stdout(self):
+        """When the access-hook exits non-zero we still return 403 to the
+        client, but the hook's stderr must also appear on the handler's
+        stdout so docker logs surface *why* — otherwise the agent sees
+        the message and the operator just sees `403 -`."""
+        from http.server import ThreadingHTTPServer
+        import io
+        import sys
+
+        with tempfile.TemporaryDirectory() as tmp:
+            root = Path(tmp)
+            (root / "repo.git").mkdir()
+            old_root = os.environ.get("GIT_PROJECT_ROOT")
+            os.environ["GIT_PROJECT_ROOT"] = str(root)
+            self.addCleanup(self._restore_env, old_root)
+
+            server = ThreadingHTTPServer(("127.0.0.1", 0), GitHttpHandler)
+            thread = threading.Thread(target=server.serve_forever, daemon=True)
+            thread.start()
+            self.addCleanup(server.shutdown)
+            self.addCleanup(server.server_close)
+
+            denial = b"git-gate: upstream fetch failed; refusing to serve stale data\n"
+            with mock.patch(
+                "bot_bottle.git_http_backend.subprocess.run",
+                return_value=subprocess.CompletedProcess(
+                    ["hook"], 1, b"", denial,
+                ),
+            ):
+                buf = io.StringIO()
+                with mock.patch.object(sys, "stdout", buf):
+                    req = urllib.request.Request(
+                        f"http://127.0.0.1:{server.server_port}"
+                        "/repo.git/info/refs?service=git-upload-pack",
+                        method="GET",
+                    )
+                    try:
+                        urllib.request.urlopen(req, timeout=5)
+                        self.fail("expected HTTPError 403")
+                    except urllib.error.HTTPError as e:
+                        self.assertEqual(403, e.code)
+                        self.assertIn(b"upstream fetch failed", e.read())
+
+                logged = buf.getvalue()
+                self.assertIn("access-hook denied", logged)
+                self.assertIn("upstream fetch failed", logged)
+
+    def test_access_hook_denial_without_output_logs_exit_code(self):
+        """If the hook exits non-zero but produces no stderr/stdout, the
+        log line should still say *something* — the exit code — instead
+        of silently emitting an empty line."""
+        from http.server import ThreadingHTTPServer
+        import io
+        import sys
+
+        with tempfile.TemporaryDirectory() as tmp:
+            root = Path(tmp)
+            (root / "repo.git").mkdir()
+            old_root = os.environ.get("GIT_PROJECT_ROOT")
+            os.environ["GIT_PROJECT_ROOT"] = str(root)
+            self.addCleanup(self._restore_env, old_root)
+
+            server = ThreadingHTTPServer(("127.0.0.1", 0), GitHttpHandler)
+            thread = threading.Thread(target=server.serve_forever, daemon=True)
+            thread.start()
+            self.addCleanup(server.shutdown)
+            self.addCleanup(server.server_close)
+
+            with mock.patch(
+                "bot_bottle.git_http_backend.subprocess.run",
+                return_value=subprocess.CompletedProcess(
+                    ["hook"], 2, b"", b"",
+                ),
+            ):
+                buf = io.StringIO()
+                with mock.patch.object(sys, "stdout", buf):
+                    req = urllib.request.Request(
+                        f"http://127.0.0.1:{server.server_port}"
+                        "/repo.git/info/refs?service=git-upload-pack",
+                        method="GET",
+                    )
+                    try:
+                        urllib.request.urlopen(req, timeout=5)
+                        self.fail("expected HTTPError 403")
+                    except urllib.error.HTTPError as e:
+                        self.assertEqual(403, e.code)
+
+                logged = buf.getvalue()
+                self.assertIn("access-hook denied", logged)
+                self.assertIn("exit=2", logged)
+
     @staticmethod
     def _restore_env(value: str | None) -> None:
         if value is None:

tests/unit/test_manifest_agent_git_user.py

@@ -1,14 +1,14 @@
-"""Unit: agent-level git.user overlay + provenance (PRD 0027, issue #94).
+"""Unit: agent-level git-gate.user overlay + provenance (PRD 0027, PRD 0047).
 
-An agent file may declare `git.user` (name/email). At
+An agent file may declare `git-gate.user` (name/email). At
 `Manifest.bottle_for()` it overlays the referenced bottle's
-`git.user` per-field, agent-wins-on-non-empty. `git.remotes` is
+`git-gate.user` per-field, agent-wins-on-non-empty. `git-gate.repos` is
 rejected on agents. `Manifest.git_identity_summary()` reports the
 effective identity with per-field `(agent)`/`(bottle)` provenance.
 
 The `from_json_obj` path drives `Agent.from_dict` + `bottle_for`;
 a temp-dir case locks the md loader (the `_AGENT_KEYS` allow + the
-`git` threading into `agent_dict`)."""
+`git-gate` threading into `agent_dict`)."""
 
 from __future__ import annotations
 
@@ -34,10 +34,10 @@ def _error_message(callable_, *args, **kwargs) -> str:
 def _manifest(*, bottle_user=None, agent_git=None) -> Manifest:
     bottle: dict = {}
     if bottle_user is not None:
-        bottle = {"git": {"user": bottle_user}}
+        bottle = {"git-gate": {"user": bottle_user}}
     agent: dict = {"skills": [], "prompt": "", "bottle": "dev"}
     if agent_git is not None:
-        agent["git"] = agent_git
+        agent["git-gate"] = agent_git
     return Manifest.from_json_obj({
         "bottles": {"dev": bottle},
         "agents": {"impl": agent},
@@ -71,7 +71,6 @@ class TestAgentGitUserOverlay(unittest.TestCase):
 
     def test_agent_identity_with_bottle_declaring_none(self):
         m = _manifest(agent_git={"user": {"name": "a", "email": "a@b"}})
-        # The underlying bottle declares no identity; the merged one does.
         self.assertTrue(m.bottles["dev"].git_user.is_empty())
         self.assertFalse(m.bottle_for("impl").git_user.is_empty())
 
@@ -82,14 +81,10 @@ class TestAgentGitUserOverlay(unittest.TestCase):
         self.assertEqual("b@c", u.email)
 
     def test_bottle_for_returns_same_instance_when_no_overlay(self):
-        # No agent git.user → no replace(); the cached Bottle is
-        # returned as-is (identity check guards against churn).
         m = _manifest(bottle_user={"name": "B"})
         self.assertIs(m.bottles["dev"], m.bottle_for("impl"))
 
     def test_bottle_for_returns_same_instance_when_overlay_is_noop(self):
-        # Agent restates exactly what the bottle already has → merged
-        # == bottle.git_user → same instance, no replace().
         m = _manifest(
             bottle_user={"name": "B", "email": "b@c"},
             agent_git={"user": {"name": "B", "email": "b@c"}},
@@ -101,11 +96,11 @@ class TestAgentGitUserOverlay(unittest.TestCase):
             "bottles": {"dev": {
                 "env": {"FOO": "bar"},
                 "supervise": True,
-                "git": {"user": {"name": "B"}},
+                "git-gate": {"user": {"name": "B"}},
             }},
             "agents": {"impl": {
                 "bottle": "dev", "skills": [], "prompt": "",
-                "git": {"user": {"name": "a"}},
+                "git-gate": {"user": {"name": "a"}},
             }},
         })
         b = m.bottle_for("impl")
@@ -115,11 +110,11 @@ class TestAgentGitUserOverlay(unittest.TestCase):
 
 
 class TestAgentGitUserRejections(unittest.TestCase):
-    def test_agent_remotes_dies_bottle_only(self):
+    def test_agent_repos_dies_bottle_only(self):
         msg = _error_message(_manifest, agent_git={
-            "remotes": {"h": {"Name": "r", "Upstream": "ssh://x/y.git"}},
+            "repos": {"r": {"url": "ssh://git@x/y.git", "identity": "/dev/null"}},
         })
-        self.assertIn("git.remotes", msg)
+        self.assertIn("git-gate.repos", msg)
         self.assertIn("bottle-only", msg)
 
     def test_agent_unknown_git_subkey_dies(self):
@@ -127,7 +122,6 @@ class TestAgentGitUserRejections(unittest.TestCase):
         self.assertIn("not allowed at the agent level", msg)
 
     def test_agent_git_user_both_empty_dies(self):
-        # Reuses GitUser.from_dict validation.
         msg = _error_message(_manifest, agent_git={"user": {"name": "", "email": ""}})
         self.assertIn("neither name nor email", msg)
 
@@ -164,7 +158,7 @@ class TestGitIdentitySummary(unittest.TestCase):
 
 _BOTTLE_DEV = """
     ---
-    git:
+    git-gate:
       user:
         name: bottle-name
         email: bottle@example.com
@@ -176,7 +170,7 @@ _BOTTLE_DEV = """
 _AGENT_WITH_GIT = """
     ---
     bottle: dev
-    git:
+    git-gate:
       user:
         name: agent-name
     ---
@@ -184,14 +178,14 @@ _AGENT_WITH_GIT = """
     impl agent.
 """
 
-_AGENT_WITH_REMOTES = """
+_AGENT_WITH_REPOS = """
     ---
     bottle: dev
-    git:
+    git-gate:
-      remotes:
+      repos:
-        h:
+        r:
-          Name: r
+          url: ssh://git@x/y.git
-          Upstream: ssh://x/y.git
+          identity: /dev/null
     ---
 
     bad agent.
@@ -199,9 +193,9 @@ _AGENT_WITH_REMOTES = """
 
 
 class TestAgentGitUserMdLoader(unittest.TestCase):
-    """Locks the md path: `git` is an accepted agent key and threads
+    """Locks the md path: `git-gate` is an accepted agent key and threads
-    into the parsed Agent (not rejected as an unknown frontmatter
+    into the parsed Agent (not rejected as an unknown frontmatter key),
-    key), and agent `git.remotes` dies through the same loader."""
+    and agent `git-gate.repos` dies through the same loader."""
 
     def setUp(self) -> None:
         self.home = Path(tempfile.mkdtemp(prefix="cb-home-"))
@@ -225,18 +219,18 @@ class TestAgentGitUserMdLoader(unittest.TestCase):
         self._write("agents/impl.md", _AGENT_WITH_GIT)
         m = Manifest.resolve(str(self.home))
         u = m.bottle_for("impl").git_user
-        self.assertEqual("agent-name", u.name)        # agent wins
+        self.assertEqual("agent-name", u.name)
-        self.assertEqual("bottle@example.com", u.email)  # bottle falls through
+        self.assertEqual("bottle@example.com", u.email)
         self.assertEqual(
             "name=agent-name (agent), email=bottle@example.com (bottle)",
             m.git_identity_summary("impl"),
         )
 
-    def test_md_agent_remotes_dies(self):
+    def test_md_agent_repos_dies(self):
         self._write("bottles/dev.md", _BOTTLE_DEV)
-        self._write("agents/impl.md", _AGENT_WITH_REMOTES)
+        self._write("agents/impl.md", _AGENT_WITH_REPOS)
         msg = _error_message(Manifest.resolve, str(self.home))
-        self.assertIn("git.remotes", msg)
+        self.assertIn("git-gate.repos", msg)
         self.assertIn("bottle-only", msg)
 
 

tests/unit/test_manifest_extends.py

@@ -113,42 +113,30 @@ class TestExtendsEnvMerge(unittest.TestCase):
 
 
 class TestExtendsGitMerge(unittest.TestCase):
-    """git.user overlays by field; git.remotes merges by upstream
+    """git-gate.user overlays by field; git-gate.repos merges by upstream
     host, with child entries replacing duplicate hosts."""
 
-    _GIT_ENTRY_A = {
+    _GIT_ENTRY_A = {"url": "ssh://git@host-a/a.git", "identity": "/dev/null"}
-        "Name": "a",
+    _GIT_ENTRY_B = {"url": "ssh://git@host-b/b.git", "identity": "/dev/null"}
-        "Upstream": "ssh://git@host-a/a.git",
-        "IdentityFile": "/dev/null",
-    }
-    _GIT_ENTRY_B = {
-        "Name": "b",
-        "Upstream": "ssh://git@host-b/b.git",
-        "IdentityFile": "/dev/null",
-    }
 
-    def test_child_git_remotes_merge_with_parent(self):
+    def test_child_git_repos_merge_with_parent(self):
         m = _build(
-            base={"git": {"remotes": {"host-a": self._GIT_ENTRY_A}}},
+            base={"git-gate": {"repos": {"a": self._GIT_ENTRY_A}}},
             child={
                 "extends": "base",
-                "git": {"remotes": {"host-b": self._GIT_ENTRY_B}},
+                "git-gate": {"repos": {"b": self._GIT_ENTRY_B}},
             },
         )
         names = [e.Name for e in m.bottles["child"].git]
         self.assertEqual(["a", "b"], names)
 
-    def test_child_git_remote_replaces_same_host(self):
+    def test_child_git_repo_replaces_same_host(self):
-        replacement = {
+        replacement = {"url": "ssh://git@host-a/replacement.git", "identity": "/dev/null"}
-            "Name": "a2",
-            "Upstream": "ssh://git@host-a/replacement.git",
-            "IdentityFile": "/dev/null",
-        }
         m = _build(
-            base={"git": {"remotes": {"host-a": self._GIT_ENTRY_A}}},
+            base={"git-gate": {"repos": {"a": self._GIT_ENTRY_A}}},
             child={
                 "extends": "base",
-                "git": {"remotes": {"host-a": replacement}},
+                "git-gate": {"repos": {"a2": replacement}},
             },
         )
         entries = m.bottles["child"].git
@@ -156,30 +144,30 @@ class TestExtendsGitMerge(unittest.TestCase):
         self.assertEqual("a2", entries[0].Name)
         self.assertEqual("replacement.git", entries[0].UpstreamPath)
 
-    def test_child_omits_git_inherits_full_list(self):
+    def test_child_omits_git_gate_inherits_full_list(self):
         m = _build(
-            base={"git": {"remotes": {
+            base={"git-gate": {"repos": {
-                "host-a": self._GIT_ENTRY_A,
+                "a": self._GIT_ENTRY_A,
-                "host-b": self._GIT_ENTRY_B,
+                "b": self._GIT_ENTRY_B,
             }}},
             child={"extends": "base"},
         )
         names = [e.Name for e in m.bottles["child"].git]
         self.assertEqual(["a", "b"], names)
 
-    def test_child_explicit_empty_git_clears_parent(self):
+    def test_child_explicit_empty_repos_clears_parent(self):
-        # `git.remotes: {}` is the documented way to say "drop
+        # `git-gate.repos: {}` is the documented way to say "drop
-        # the parent's remotes" rather than "inherit them".
+        # the parent's repos" rather than "inherit them".
         m = _build(
-            base={"git": {"remotes": {"host-a": self._GIT_ENTRY_A}}},
+            base={"git-gate": {"repos": {"a": self._GIT_ENTRY_A}}},
-            child={"extends": "base", "git": {"remotes": {}}},
+            child={"extends": "base", "git-gate": {"repos": {}}},
         )
         self.assertEqual((), m.bottles["child"].git)
 
-    def test_child_git_user_inherits_parent_remotes(self):
+    def test_child_git_user_inherits_parent_repos(self):
         m = _build(
-            base={"git": {"remotes": {"host-a": self._GIT_ENTRY_A}}},
+            base={"git-gate": {"repos": {"a": self._GIT_ENTRY_A}}},
-            child={"extends": "base", "git": {"user": {"name": "Child"}}},
+            child={"extends": "base", "git-gate": {"user": {"name": "Child"}}},
         )
         self.assertEqual(["a"], [e.Name for e in m.bottles["child"].git])
         self.assertEqual("Child", m.bottles["child"].git_user.name)
@@ -209,12 +197,12 @@ class TestExtendsListsFullReplace(unittest.TestCase):
 
 
 class TestExtendsGitUserOverlay(unittest.TestCase):
-    """git.user: per-field overlay. Each non-empty field on child
+    """git-gate.user: per-field overlay. Each non-empty field on child
     wins; empties fall through to parent."""
 
     def test_parent_full_child_omits(self):
         m = _build(
-            base={"git": {"user": {"name": "Parent", "email": "p@x"}}},
+            base={"git-gate": {"user": {"name": "Parent", "email": "p@x"}}},
             child={"extends": "base"},
         )
         u = m.bottles["child"].git_user
@@ -223,10 +211,10 @@ class TestExtendsGitUserOverlay(unittest.TestCase):
 
     def test_child_overrides_both(self):
         m = _build(
-            base={"git": {"user": {"name": "Parent", "email": "p@x"}}},
+            base={"git-gate": {"user": {"name": "Parent", "email": "p@x"}}},
             child={
                 "extends": "base",
-                "git": {"user": {"name": "Child", "email": "c@x"}},
+                "git-gate": {"user": {"name": "Child", "email": "c@x"}},
             },
         )
         u = m.bottles["child"].git_user
@@ -234,11 +222,9 @@ class TestExtendsGitUserOverlay(unittest.TestCase):
         self.assertEqual("c@x", u.email)
 
     def test_child_adds_email_inherits_name(self):
-        # Parent sets only name; child sets only email. Both end
-        # up populated on the child.
         m = _build(
-            base={"git": {"user": {"name": "Parent"}}},
+            base={"git-gate": {"user": {"name": "Parent"}}},
-            child={"extends": "base", "git": {"user": {"email": "c@x"}}},
+            child={"extends": "base", "git-gate": {"user": {"email": "c@x"}}},
         )
         u = m.bottles["child"].git_user
         self.assertEqual("Parent", u.name)
@@ -246,11 +232,10 @@ class TestExtendsGitUserOverlay(unittest.TestCase):
 
     def test_child_overrides_only_email(self):
         m = _build(
-            base={"git": {"user": {"name": "Parent", "email": "p@x"}}},
+            base={"git-gate": {"user": {"name": "Parent", "email": "p@x"}}},
-            child={"extends": "base", "git": {"user": {"email": "c@x"}}},
+            child={"extends": "base", "git-gate": {"user": {"email": "c@x"}}},
         )
         u = m.bottles["child"].git_user
-        # Child overrides email; name inherited from parent.
         self.assertEqual("Parent", u.name)
         self.assertEqual("c@x", u.email)
 

tests/unit/test_manifest_git.py

@@ -1,39 +1,25 @@
-"""Unit: Bottle.git manifest parsing + validation (PRD 0008)."""
+"""Unit: git-gate.repos manifest parsing + validation (PRD 0047)."""
 
 import unittest
 
 from bot_bottle.manifest import ManifestError, Manifest
 
 
-def _manifest(git_entries):
+def _manifest(repos: dict) -> dict:
     return {
-        "bottles": {"dev": {"git": {"remotes": {
+        "bottles": {"dev": {"git-gate": {"repos": repos}}},
-            _host_for(entry): entry for entry in git_entries
-        }}}},
         "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
     }
 
 
-def _host_for(entry):
-    upstream = entry.get("Upstream", "")
-    if "@a.example" in upstream:
-        return "a.example"
-    if "@b.example" in upstream:
-        return "b.example"
-    if "@github.com" in upstream:
-        return "github.com"
-    if "@gitea.dideric.is" in upstream:
-        return "gitea.dideric.is"
-    return "example.com"
-
-
 class TestGitEntryParsing(unittest.TestCase):
     def test_parses_minimal_entry(self):
-        m = Manifest.from_json_obj(_manifest([{
+        m = Manifest.from_json_obj(_manifest({
-            "Name": "bot-bottle",
+            "bot-bottle": {
-            "Upstream": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
+                "url": "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
-            "IdentityFile": "/dev/null",
+                "identity": "/dev/null",
-        }]))
+            },
+        }))
         entries = m.bottles["dev"].git
         self.assertEqual(1, len(entries))
         e = entries[0]
@@ -44,138 +30,145 @@ class TestGitEntryParsing(unittest.TestCase):
         self.assertEqual("didericis/bot-bottle.git", e.UpstreamPath)
 
     def test_default_port_is_22(self):
-        m = Manifest.from_json_obj(_manifest([{
+        m = Manifest.from_json_obj(_manifest({
-            "Name": "foo",
+            "foo": {
-            "Upstream": "ssh://git@github.com/didericis/foo.git",
+                "url": "ssh://git@github.com/didericis/foo.git",
-            "IdentityFile": "/dev/null",
+                "identity": "/dev/null",
-        }]))
+            },
+        }))
         e = m.bottles["dev"].git[0]
         self.assertEqual("22", e.UpstreamPort)
         self.assertEqual("github.com", e.UpstreamHost)
 
-    def test_known_host_key_optional(self):
+    def test_host_key_optional(self):
-        m = Manifest.from_json_obj(_manifest([{
+        m = Manifest.from_json_obj(_manifest({
-            "Name": "foo",
+            "foo": {
-            "Upstream": "ssh://git@github.com/foo.git",
+                "url": "ssh://git@github.com/foo.git",
-            "IdentityFile": "/dev/null",
+                "identity": "/dev/null",
-        }]))
+            },
+        }))
         self.assertEqual("", m.bottles["dev"].git[0].KnownHostKey)
 
-    def test_missing_name_dies(self):
+    def test_host_key_stored(self):
-        with self.assertRaises(ManifestError):
+        m = Manifest.from_json_obj(_manifest({
-            Manifest.from_json_obj(_manifest([{
+            "foo": {
-                "Upstream": "ssh://git@github.com/foo.git",
+                "url": "ssh://git@github.com/foo.git",
-                "IdentityFile": "/dev/null",
+                "identity": "/dev/null",
-            }]))
+                "host_key": "ssh-ed25519 AAAA",
+            },
+        }))
+        self.assertEqual("ssh-ed25519 AAAA", m.bottles["dev"].git[0].KnownHostKey)
 
-    def test_missing_upstream_dies(self):
+    def test_repo_name_becomes_Name(self):
-        with self.assertRaises(ManifestError):
+        m = Manifest.from_json_obj(_manifest({
-            Manifest.from_json_obj(_manifest([{
+            "my-repo": {
-                "Name": "foo",
+                "url": "ssh://git@github.com/foo.git",
-                "IdentityFile": "/dev/null",
+                "identity": "/dev/null",
-            }]))
+            },
+        }))
+        self.assertEqual("my-repo", m.bottles["dev"].git[0].Name)
 
-    def test_missing_identity_file_dies(self):
+    def test_missing_url_dies(self):
         with self.assertRaises(ManifestError):
-            Manifest.from_json_obj(_manifest([{
+            Manifest.from_json_obj(_manifest({
-                "Name": "foo",
+                "foo": {"identity": "/dev/null"},
-                "Upstream": "ssh://git@github.com/foo.git",
+            }))
-            }]))
 
-    def test_non_ssh_upstream_dies(self):
+    def test_missing_identity_dies(self):
         with self.assertRaises(ManifestError):
-            Manifest.from_json_obj(_manifest([{
+            Manifest.from_json_obj(_manifest({
-                "Name": "foo",
+                "foo": {"url": "ssh://git@github.com/foo.git"},
-                "Upstream": "https://github.com/didericis/foo.git",
+            }))
-                "IdentityFile": "/dev/null",
-            }]))
 
-    def test_scp_style_upstream_dies(self):
+    def test_unknown_key_in_entry_dies(self):
-        # SCP-style "git@host:path" is intentionally not supported in
-        # v1 — ssh:// only.
         with self.assertRaises(ManifestError):
-            Manifest.from_json_obj(_manifest([{
+            Manifest.from_json_obj(_manifest({
-                "Name": "foo",
+                "foo": {
-                "Upstream": "git@github.com:didericis/foo.git",
+                    "url": "ssh://git@github.com/foo.git",
-                "IdentityFile": "/dev/null",
+                    "identity": "/dev/null",
-            }]))
+                    "IdentityFile": "/dev/null",  # old PascalCase key
+                },
+            }))
 
-    def test_upstream_without_user_dies(self):
+    def test_non_ssh_url_dies(self):
         with self.assertRaises(ManifestError):
-            Manifest.from_json_obj(_manifest([{
+            Manifest.from_json_obj(_manifest({
-                "Name": "foo",
+                "foo": {
-                "Upstream": "ssh://github.com/foo.git",
+                    "url": "https://github.com/didericis/foo.git",
-                "IdentityFile": "/dev/null",
+                    "identity": "/dev/null",
-            }]))
+                },
+            }))
 
-    def test_upstream_without_path_dies(self):
+    def test_scp_style_url_dies(self):
         with self.assertRaises(ManifestError):
-            Manifest.from_json_obj(_manifest([{
+            Manifest.from_json_obj(_manifest({
-                "Name": "foo",
+                "foo": {
-                "Upstream": "ssh://git@github.com",
+                    "url": "git@github.com:didericis/foo.git",
-                "IdentityFile": "/dev/null",
+                    "identity": "/dev/null",
-            }]))
+                },
+            }))
+
+    def test_url_without_user_dies(self):
+        with self.assertRaises(ManifestError):
+            Manifest.from_json_obj(_manifest({
+                "foo": {
+                    "url": "ssh://github.com/foo.git",
+                    "identity": "/dev/null",
+                },
+            }))
+
+    def test_url_without_path_dies(self):
+        with self.assertRaises(ManifestError):
+            Manifest.from_json_obj(_manifest({
+                "foo": {
+                    "url": "ssh://git@github.com",
+                    "identity": "/dev/null",
+                },
+            }))
 
     def test_non_numeric_port_dies(self):
         with self.assertRaises(ManifestError):
-            Manifest.from_json_obj(_manifest([{
+            Manifest.from_json_obj(_manifest({
-                "Name": "foo",
+                "foo": {
-                "Upstream": "ssh://git@github.com:notaport/foo.git",
+                    "url": "ssh://git@github.com:notaport/foo.git",
-                "IdentityFile": "/dev/null",
+                    "identity": "/dev/null",
-            }]))
+                },
+            }))
+
+    def test_ip_literal_upstream(self):
+        m = Manifest.from_json_obj(_manifest({
+            "bot-bottle": {
+                "url": "ssh://git@100.78.141.42:30009/didericis/bot-bottle.git",
+                "identity": "/dev/null",
+            },
+        }))
+        e = m.bottles["dev"].git[0]
+        self.assertEqual("100.78.141.42", e.UpstreamHost)
+        self.assertEqual("30009", e.UpstreamPort)
+        self.assertEqual("bot-bottle", e.Name)
 
 
 class TestGitEntryCrossValidation(unittest.TestCase):
-    def test_duplicate_name_dies(self):
+    def test_two_repos_different_hosts_both_parsed(self):
-        with self.assertRaises(ManifestError):
+        # Repo names come from dict keys; two distinct keys always produce
-            Manifest.from_json_obj({
+        # two distinct entries (uniqueness is guaranteed at the YAML/dict level).
-                "bottles": {"dev": {"git": {"remotes": {
-                    "a.example": {
-                        "Name": "foo",
-                        "Upstream": "ssh://git@a.example/x.git",
-                        "IdentityFile": "/dev/null",
-                    },
-                    "b.example": {
-                        "Name": "foo",
-                        "Upstream": "ssh://git@b.example/y.git",
-                        "IdentityFile": "/dev/null",
-                    },
-                }}}},
-                "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
-            })
-
-    def test_remote_key_must_match_upstream_host(self):
-        with self.assertRaises(ManifestError):
-            Manifest.from_json_obj({
-                "bottles": {"dev": {"git": {"remotes": {
-                    "wrong.example": {
-                        "Name": "foo",
-                        "Upstream": "ssh://git@github.com/foo.git",
-                        "IdentityFile": "/dev/null",
-                    },
-                }}}},
-                "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
-            })
-
-    def test_remote_key_can_name_logical_host_for_ip_upstream(self):
         m = Manifest.from_json_obj({
-            "bottles": {"dev": {"git": {"remotes": {
+            "bottles": {"dev": {"git-gate": {"repos": {
-                "gitea.dideric.is": {
+                "foo": {
-                    "Name": "bot-bottle",
+                    "url": "ssh://git@a.example/x.git",
-                    "Upstream": "ssh://git@100.78.141.42:30009/didericis/bot-bottle.git",
+                    "identity": "/dev/null",
-                    "IdentityFile": "/dev/null",
+                },
+                "bar": {
+                    "url": "ssh://git@b.example/y.git",
+                    "identity": "/dev/null",
                 },
             }}}},
             "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
         })
-        e = m.bottles["dev"].git[0]
+        names = {e.Name for e in m.bottles["dev"].git}
-        self.assertEqual("gitea.dideric.is", e.RemoteKey)
+        self.assertEqual({"foo", "bar"}, names)
-        self.assertEqual("100.78.141.42", e.UpstreamHost)
-        self.assertEqual("30009", e.UpstreamPort)
 
     def test_legacy_ssh_field_dies_with_hint(self):
-        # PRD 0009: bottle.ssh is removed; manifests carrying it must
-        # fail loudly with a hint pointing at bottle.git.
         with self.assertRaises(ManifestError):
             Manifest.from_json_obj({
                 "bottles": {
@@ -192,25 +185,37 @@ class TestGitEntryCrossValidation(unittest.TestCase):
                 "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
             })
 
+    def test_legacy_git_key_dies_with_hint(self):
+        msg = ""
+        try:
+            Manifest.from_json_obj({
+                "bottles": {"dev": {"git": {"remotes": {}}}},
+                "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
+            })
+        except ManifestError as e:
+            msg = str(e)
+        self.assertIn("git-gate", msg)
+        self.assertIn("PRD 0047", msg)
 
-class TestEmptyGitField(unittest.TestCase):
+
-    def test_no_git_field_yields_empty_tuple(self):
+class TestEmptyGitGateField(unittest.TestCase):
+    def test_no_git_gate_field_yields_empty_tuple(self):
         m = Manifest.from_json_obj({
             "bottles": {"dev": {}},
             "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
         })
         self.assertEqual((), m.bottles["dev"].git)
 
-    def test_git_object_type_required(self):
+    def test_git_gate_object_type_required(self):
         with self.assertRaises(ManifestError):
             Manifest.from_json_obj({
-                "bottles": {"dev": {"git": "not-a-list"}},
+                "bottles": {"dev": {"git-gate": "not-a-dict"}},
                 "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
             })
 
-    def test_empty_remotes_yields_empty_tuple(self):
+    def test_empty_repos_yields_empty_tuple(self):
         m = Manifest.from_json_obj({
-            "bottles": {"dev": {"git": {"remotes": {}}}},
+            "bottles": {"dev": {"git-gate": {"repos": {}}}},
             "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
         })
         self.assertEqual((), m.bottles["dev"].git)

tests/unit/test_manifest_git_user.py

@@ -1,4 +1,4 @@
-"""Unit: Bottle git.user manifest parsing + validation (issue #86)."""
+"""Unit: Bottle git-gate.user manifest parsing + validation (issue #86, PRD 0047)."""
 
 import unittest
 
@@ -16,7 +16,7 @@ def _error_message(callable_, *args, **kwargs) -> str:
 
 def _manifest(git_user):
     return {
-        "bottles": {"dev": {"git": {"user": git_user}}},
+        "bottles": {"dev": {"git-gate": {"user": git_user}}},
         "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
     }
 
@@ -75,13 +75,13 @@ class TestGitUserParsing(unittest.TestCase):
         msg = _error_message(
             Manifest.from_json_obj, _manifest({"name": 42}),
         )
-        self.assertIn("git.user.name must be a string", msg)
+        self.assertIn("git-gate.user.name must be a string", msg)
 
     def test_non_string_email_dies(self):
         msg = _error_message(
             Manifest.from_json_obj, _manifest({"email": ["x@y.z"]}),
         )
-        self.assertIn("git.user.email must be a string", msg)
+        self.assertIn("git-gate.user.email must be a string", msg)
 
     def test_legacy_top_level_git_user_dies(self):
         msg = _error_message(
@@ -92,7 +92,7 @@ class TestGitUserParsing(unittest.TestCase):
             },
         )
         self.assertIn("git_user", msg)
-        self.assertIn("git.user", msg)
+        self.assertIn("git-gate.user", msg)
 
 
 class TestGitUserDirect(unittest.TestCase):

tests/unit/test_provision_git.py

@@ -69,13 +69,14 @@ class TestGitGateGitconfigRender(unittest.TestCase):
             '[url "http://127.0.0.16:57001/bot-bottle.git"]', out,
         )
 
-    def test_ip_upstream_also_rewrites_logical_remote_key(self):
+    def test_ip_upstream_emits_single_insteadof(self):
+        # In the new format the dict key is the repo name, not a host
+        # alias, so there is only one insteadOf rule — for the IP URL.
         m = Manifest.from_json_obj({
-            "bottles": {"dev": {"git": {"remotes": {
+            "bottles": {"dev": {"git-gate": {"repos": {
-                "gitea.dideric.is": {
+                "bot-bottle": {
-                    "Name": "bot-bottle",
+                    "url": "ssh://git@100.78.141.42:30009/didericis/bot-bottle.git",
-                    "Upstream": "ssh://git@100.78.141.42:30009/didericis/bot-bottle.git",
+                    "identity": "/dev/null",
-                    "IdentityFile": "/dev/null",
                 },
             }}}},
             "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
@@ -86,11 +87,7 @@ class TestGitGateGitconfigRender(unittest.TestCase):
             "ssh://git@100.78.141.42:30009/didericis/bot-bottle.git",
             out,
         )
-        self.assertIn(
+        self.assertNotIn("gitea.dideric.is", out)
-            "\tinsteadOf = "
-            "ssh://git@gitea.dideric.is:30009/didericis/bot-bottle.git",
-            out,
-        )
 
 
 if __name__ == "__main__":

tests/unit/test_smolmachines_provision.py

@@ -42,11 +42,6 @@ from bot_bottle.supervise import SupervisePlan
 from bot_bottle.workspace import workspace_plan
 
 
-def _remote_host(g: GitEntry) -> str:
-    if g.UpstreamHost:
-        return g.UpstreamHost
-    return g.Upstream.split("@", 1)[1].split("/", 1)[0].split(":", 1)[0]
-
 
 def _plan(
     *,
@@ -69,20 +64,19 @@ def _plan(
     guest_env: dict[str, str] | None = None,
 ) -> SmolmachinesBottlePlan:
     bottle_json: dict = {}
-    git_json: dict = {}
+    git_gate_json: dict = {}
     if git:
-        git_json["remotes"] = {
+        git_gate_json["repos"] = {
-            _remote_host(g): {
+            g.Name: {
-                "Name": g.Name,
+                "url": g.Upstream,
-                "Upstream": g.Upstream,
+                "identity": g.IdentityFile,
-                "IdentityFile": g.IdentityFile,
             }
             for g in git
         }
     if git_user is not None:
-        git_json["user"] = git_user
+        git_gate_json["user"] = git_user
-    if git_json:
+    if git_gate_json:
-        bottle_json["git"] = git_json
+        bottle_json["git-gate"] = git_gate_json
     if supervise:
         bottle_json["supervise"] = True
     manifest = Manifest.from_json_obj({