feat(supervise)!: remove egress-block MCP tool and runtime route-mutation

Drops `egress-block` from the supervise sidecar, removes
`_merge_single_route`, `add_route`, and `apply_routes_change` from
egress_apply.py, and strips the proposal/approve/reject flow for egress
from the supervise CLI. The list-egress-routes and capability-block tools
are unaffected. Tests updated throughout.

Closes #198

Dockerfile.claude

@@ -16,20 +16,14 @@ FROM node:22-slim
 # features (status checks, commits, PR creation) — without git in the
 # image, those features fail in surprising ways once the user does any
 # real work. ca-certificates is already in the slim base; listed for
-# clarity in case the base ever drops it. curl is here so any
+# clarity in case the base ever drops it. socat is the privileged
-# HTTPS_PROXY-aware tool (curl itself, plus anything that shells out
+# forwarder for the in-container ssh-agent (see bot_bottle/ssh.py): the agent
-# to it) works against egress's bumped TLS without the agent needing
+# runs as root and rejects non-root connections, so socat sits between
-# local DNS.
+# node and the agent socket. curl is here so any HTTPS_PROXY-aware
+# tool (curl itself, plus anything that shells out to it) works
+# against egress's bumped TLS without the agent needing local DNS.
 RUN apt-get update \
-  && apt-get install -y --no-install-recommends git ca-certificates curl \
+  && apt-get install -y --no-install-recommends git ca-certificates openssh-client socat curl dnsutils python3 python3-pip python3-venv \
-  && rm -rf /var/lib/apt/lists/*
-
-# App-specific deps. Python isn't required by claude-code itself
-# (claude-code is a Node CLI), but is convenient for the agent to
-# shell out to for ad-hoc scripts. Kept on its own layer so it can
-# be moved to a downstream image if the base ever needs to shrink.
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends python3 python3-pip python3-venv \
   && rm -rf /var/lib/apt/lists/*
 
 # Install claude-code globally. Pinned to the version verified in the v1

Dockerfile.codex

@@ -6,15 +6,7 @@
 FROM node:22-slim
 
 RUN apt-get update \
-  && apt-get install -y --no-install-recommends git ca-certificates curl \
+  && apt-get install -y --no-install-recommends git ca-certificates openssh-client socat curl dnsutils python3 python3-pip python3-venv \
-  && rm -rf /var/lib/apt/lists/*
-
-# App-specific deps. Python isn't required by codex itself
-# (codex is a Node CLI), but is convenient for the agent to shell
-# out to for ad-hoc scripts. Kept on its own layer so it can be
-# moved to a downstream image if the base ever needs to shrink.
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends python3 python3-pip python3-venv \
   && rm -rf /var/lib/apt/lists/*
 
 RUN npm install -g --no-fund --no-audit @openai/codex@0.136.0 \