refactor: drop redundant single-parent fast path in _resolve_one_bottle

_fold_parents with one name returns after the first resolve; the single-element branch was a verbatim copy of the general path.
fix: resolve pyright reportUnnecessaryIsInstance in _resolve_one_bottle
2026-06-25 04:33:11 -04:00 · 2026-06-25 04:33:11 -04:00 · 2026-06-25 04:33:11 -04:00 · 2026-06-25 04:23:13 -04:00 · 2026-06-25 04:12:43 -04:00 · 2026-06-25 04:12:43 -04:00
30 changed files with 586 additions and 132 deletions
@@ -61,7 +61,6 @@ class AgentProviderRuntime:
    prompt_mode: PromptMode
    bypass_args: tuple[str, ...]
    resume_args: tuple[str, ...]
    remote_control_args: tuple[str, ...]
@dataclass(frozen=True)
@@ -391,7 +390,7 @@ def prompt_args(
    if prompt_mode == "append_file":
        return ["--append-system-prompt-file", prompt_path]
    if prompt_mode == "read_prompt_file":
-        if argv and "resume" in argv:
+        if argv and ("resume" in argv or "remote-control" in argv):
            return []
        return [f"Read and follow the instructions in {prompt_path}."]
    if prompt_mode == "print_read_prompt_file":
@@ -109,9 +109,8 @@ class BottlePlan(ABC):
    def workspace_plan(self) -> WorkspacePlan:
        return workspace_plan(self.spec, guest_home=self.guest_home)
-    def print(self, *, remote_control: bool) -> None:
+    def print(self) -> None:
        """Render the y/N preflight summary to stderr."""
        del remote_control
        spec = self.spec
        manifest = self.manifest
        agent = manifest.agent
@@ -11,7 +11,7 @@ from pathlib import Path
 from ..bottle_state import egress_state_dir
 from ..egress import EGRESS_ROUTES_FILENAME
-from ..egress_addon_core import load_routes
+from ..egress_addon_core import LOG_OFF, load_config
 class EgressApplyError(RuntimeError):
@@ -33,11 +33,15 @@ class EgressApplicator(ABC):
    @staticmethod
    def validate_routes_content(content: str) -> None:
        try:
-            load_routes(content)
+            config = load_config(content)
        except ValueError as e:
            raise EgressApplyError(
                f"proposed routes.yaml is not valid: {e}"
            ) from e
        if config.log != LOG_OFF:
            raise EgressApplyError(
                "proposed routes.yaml must not change egress logging"
            )
    @staticmethod
    def _routes_path(slug: str) -> Path:
@@ -68,6 +68,11 @@ def build_image(ref: str, context: str, *, dockerfile: str = "") -> None:
    _ensure_builder_dns()
    args = [_CONTAINER, "build", "-t", ref, "--dns", dns_server()]
    if dockerfile:
        # `container build` resolves -f relative to the current working
        # directory, not the build context. Anchor a relative Dockerfile to
        # the context so builds work from any cwd.
        if not os.path.isabs(dockerfile):
            dockerfile = os.path.join(context, dockerfile)
        args.extend(["-f", dockerfile])
    args.append(context)
    subprocess.run(args, check=True)
@@ -28,7 +28,6 @@ from .start import _launch_bottle
 def cmd_resume(argv: list[str]) -> int:
    parser = argparse.ArgumentParser(prog=f"{PROG} resume", add_help=True)
    parser.add_argument("--dry-run", action="store_true")
    parser.add_argument("--remote-control", action="store_true")
    parser.add_argument(
        "identity",
        help="bottle identity from a prior `start` (see its session-end output)",
@@ -56,6 +55,5 @@ def cmd_resume(argv: list[str]) -> int:
    return _launch_bottle(
        spec,
        dry_run=args.dry_run,
        remote_control=args.remote_control,
        backend_name=backend_name,
    )
@@ -42,7 +42,6 @@ def cmd_start(argv: list[str]) -> int:
    parser = argparse.ArgumentParser(prog=f"{PROG} start", add_help=True)
    parser.add_argument("--dry-run", action="store_true")
    parser.add_argument("--cwd", action="store_true", help="copy host cwd into the running bottle")
    parser.add_argument("--remote-control", action="store_true")
    parser.add_argument(
        "--backend",
        choices=known_backend_names(),
@@ -89,7 +88,6 @@ def cmd_start(argv: list[str]) -> int:
    return _launch_bottle(
        spec,
        dry_run=dry_run,
        remote_control=args.remote_control,
        backend_name=backend_name,
    )
@@ -134,7 +132,7 @@ def prepare_with_preflight(
 def attach_agent(
-    bottle: Bottle, *, remote_control: bool = False, resume: bool = False,
+    bottle: Bottle, *, resume: bool = False,
    agent_provider_template: str = "claude",
    startup_args: tuple[str, ...] = (),
 ) -> int:
@@ -153,8 +151,6 @@ def attach_agent(
        "(Ctrl-D or 'exit' to leave; container will be removed)"
    )
    agent_args = list(runtime.bypass_args)
    if remote_control:
        agent_args.extend(runtime.remote_control_args)
    agent_args.extend(startup_args)
    if resume:
        agent_args.extend(runtime.resume_args)
@@ -218,9 +214,9 @@ def _text_prompt_yes() -> bool:
    return reply in ("y", "Y", "yes", "YES")
-def _text_render_preflight(*, remote_control: bool):
+def _text_render_preflight():
    def _render(plan: DockerBottlePlan) -> None:
-        plan.print(remote_control=remote_control)
+        plan.print()
    return _render
@@ -228,7 +224,6 @@ def _launch_bottle(
    spec: BottleSpec,
    *,
    dry_run: bool,
    remote_control: bool,
    backend_name: str | None = None,
 ) -> int:
    """Shared launch core for `start` and `resume`. Builds the plan,
@@ -240,7 +235,7 @@ def _launch_bottle(
        plan, identity = prepare_with_preflight(
            spec,
            stage_dir=stage_dir,
-            render_preflight=_text_render_preflight(remote_control=remote_control),
+            render_preflight=_text_render_preflight(),
            prompt_yes=_text_prompt_yes,
            dry_run=dry_run,
            backend_name=backend_name,
@@ -253,7 +248,6 @@ def _launch_bottle(
            agent_provider_template = getattr(plan, "agent_provider_template", "claude")
            exit_code = attach_agent(
                bottle,
                remote_control=remote_control,
                agent_provider_template=agent_provider_template,
                startup_args=plan.agent_provision.startup_args,
            )
@@ -91,7 +91,6 @@ _RUNTIME = AgentProviderRuntime(
    prompt_mode="append_file",
    bypass_args=("--dangerously-skip-permissions",),
    resume_args=("--continue",),
    remote_control_args=("--remote-control",),
 )
@@ -1,12 +1,12 @@
 # bot-bottle Codex provider image.
 #
 # Mirrors the default Claude image shape: Node LTS, git/network tooling,
-# non-root node user, and the provider CLI installed globally.
+# non-root node user, and the provider CLI installed for that user.
 FROM node:22-slim
 RUN apt-get update \
-  && apt-get install -y --no-install-recommends git ca-certificates curl \
+  && apt-get install -y --no-install-recommends git ca-certificates curl procps \
  && rm -rf /var/lib/apt/lists/*
 # App-specific deps. Python isn't required by codex itself
@@ -17,12 +17,15 @@ RUN apt-get update \
  && apt-get install -y --no-install-recommends python3 python3-pip python3-venv \
  && rm -rf /var/lib/apt/lists/*
 RUN npm install -g --no-fund --no-audit @openai/codex@0.136.0 \
  && npm cache clean --force
 USER node
 WORKDIR /home/node
-RUN mkdir -p /home/node/.codex
+ENV PATH="/home/node/.local/bin:${PATH}"
 # Remote-control support requires the standalone Codex install layout
 # under ~/.codex/packages/standalone/current. The npm package can run
 # the TUI, but remote-control commands expect this installer-owned path.
 RUN mkdir -p /home/node/.codex \
  && curl -fsSL https://chatgpt.com/codex/install.sh | sh
 CMD ["codex"]
@@ -55,7 +55,6 @@ _RUNTIME = AgentProviderRuntime(
    prompt_mode="read_prompt_file",
    bypass_args=("--dangerously-bypass-approvals-and-sandbox",),
    resume_args=("resume", "--last"),
    remote_control_args=(),
 )
@@ -21,6 +21,11 @@ from pathlib import Path
 from ...deploy_key_provisioner import DeployKeyCollisionError, DeployKeyProvisioner
 # Timeout for ssh-keygen and Gitea API HTTP calls. A hung Gitea instance at
 # prepare time would stall bottle launch indefinitely without this bound.
 _API_TIMEOUT_SECS = 30
 _KEYGEN_TIMEOUT_SECS = 10
 class GiteaDeployKeyProvisioner(DeployKeyProvisioner):
    """Manages deploy keys on a Gitea instance."""
@@ -46,6 +51,7 @@ class GiteaDeployKeyProvisioner(DeployKeyProvisioner):
                check=True,
                stdout=subprocess.DEVNULL,
                stderr=subprocess.DEVNULL,
                timeout=_KEYGEN_TIMEOUT_SECS,
            )
            private_key = key_path.read_bytes()
            public_key = key_path.with_suffix(".pub").read_text().strip()
@@ -67,7 +73,7 @@ class GiteaDeployKeyProvisioner(DeployKeyProvisioner):
            method="POST",
        )
        try:
-            with urllib.request.urlopen(req) as resp:
+            with urllib.request.urlopen(req, timeout=_API_TIMEOUT_SECS) as resp:
                body = json.loads(resp.read())
        except urllib.error.HTTPError as exc:
            _body = _read_error_body(exc)
@@ -98,7 +104,7 @@ class GiteaDeployKeyProvisioner(DeployKeyProvisioner):
            method="DELETE",
        )
        try:
-            with urllib.request.urlopen(req):
+            with urllib.request.urlopen(req, timeout=_API_TIMEOUT_SECS):
                pass
        except urllib.error.HTTPError as exc:
            if exc.code == 404:
@@ -166,7 +166,6 @@ _RUNTIME = AgentProviderRuntime(
    prompt_mode="append_system_prompt",
    bypass_args=(),
    resume_args=(),
    remote_control_args=(),
 )
@@ -210,6 +210,17 @@ def egress_token_env_map(
    return out
 def _yaml_str_escape(s: str) -> str:
    """Escape a string for use inside a YAML double-quoted scalar."""
    return (
        s.replace("\\", "\\\\")
         .replace('"', '\\"')
         .replace("\n", "\\n")
         .replace("\r", "\\r")
         .replace("\t", "\\t")
    )
 def _route_to_yaml_fields(r: Route) -> dict[str, object]:
    fields: dict[str, object] = {"host": r.host}
    if r.auth_scheme and r.token_env:
@@ -272,12 +283,12 @@ def _render_match_entry(entry: dict[str, object]) -> list[str]:
        for pd in entry["paths"]:  # type: ignore[union-attr]
            pd_dict: dict[str, str] = pd  # type: ignore[assignment]
            if "type" in pd_dict:
-                lines.append(f'          - type: "{pd_dict["type"]}"')
+                lines.append(f'          - type: "{_yaml_str_escape(pd_dict["type"])}"')
-                lines.append(f'            value: "{pd_dict["value"]}"')
+                lines.append(f'            value: "{_yaml_str_escape(pd_dict["value"])}"')
            else:
-                lines.append(f'          - value: "{pd_dict["value"]}"')
+                lines.append(f'          - value: "{_yaml_str_escape(pd_dict["value"])}"')
    if "methods" in entry:
-        methods_str = ", ".join(f'"{m}"' for m in entry["methods"])  # type: ignore[union-attr]
+        methods_str = ", ".join(f'"{_yaml_str_escape(m)}"' for m in entry["methods"])  # type: ignore[union-attr]
        prefix = "      - " if first_key else "        "
        lines.append(f'{prefix}methods: [{methods_str}]')
        first_key = False
@@ -287,8 +298,8 @@ def _render_match_entry(entry: dict[str, object]) -> list[str]:
        first_key = False
        for hd in entry["headers"]:  # type: ignore[union-attr]
            hd_dict: dict[str, str] = hd  # type: ignore[assignment]
-            lines.append(f'          - name: "{hd_dict["name"]}"')
+            lines.append(f'          - name: "{_yaml_str_escape(hd_dict["name"])}"')
-            lines.append(f'            value: "{hd_dict["value"]}"')
+            lines.append(f'            value: "{_yaml_str_escape(hd_dict["value"])}"')
    if first_key:
        lines.append("      - {}")
    return lines
@@ -308,10 +319,10 @@ def egress_render_routes(
        return "\n".join(lines) + "\n"
    for r in routes:
        f = _route_to_yaml_fields(r)
-        lines.append(f'  - host: "{f["host"]}"')
+        lines.append(f'  - host: "{_yaml_str_escape(str(f["host"]))}"')
        if "auth_scheme" in f:
-            lines.append(f'    auth_scheme: "{f["auth_scheme"]}"')
+            lines.append(f'    auth_scheme: "{_yaml_str_escape(str(f["auth_scheme"]))}"')
-            lines.append(f'    token_env: "{f["token_env"]}"')
+            lines.append(f'    token_env: "{_yaml_str_escape(str(f["token_env"]))}"')
        if "matches" in f:
            lines.append("    matches:")
            for entry in f["matches"]:  # type: ignore[union-attr]
@@ -331,7 +342,7 @@ def egress_render_routes(
                    items_str = ", ".join(f'"{x}"' for x in dv)
                    lines.append(f"      {dk}: [{items_str}]")
                elif isinstance(dv, str):
-                    lines.append(f'      {dk}: "{dv}"')
+                    lines.append(f'      {dk}: "{_yaml_str_escape(dv)}"')
    return "\n".join(lines) + "\n"
@@ -439,15 +439,6 @@ def route_to_yaml_dict(r: Route) -> dict[str, object]:
    return d
 def load_routes(text: str) -> tuple[Route, ...]:
    """Parse YAML text → routes."""
    try:
        payload = parse_yaml_subset(text)
    except YamlSubsetError as e:
        raise ValueError(f"routes payload: invalid YAML: {e}") from e
    return parse_routes(payload)
 def parse_config(payload: object) -> "Config":
    """Parse a full egress config payload (top-level log level + routes)."""
    if not isinstance(payload, dict):
@@ -862,7 +853,6 @@ __all__ = [
    "is_git_push_request",
    "is_git_fetch_request",
    "load_config",
    "load_routes",
    "match_route",
    "outbound_scan_headers",
    "parse_config",
@@ -43,10 +43,10 @@ from .manifest import ManifestBottle, ManifestGitEntry
 # Short network alias for git-gate inside the sidecar bundle. The
 # agent's `.gitconfig` insteadOf rewrites resolve through this name.
 GIT_GATE_HOSTNAME = "git-gate"
-# Bound half-open git client sessions. If an agent/tool runner is
+# Shared timeout (seconds) for all git-gate subprocess and CGI calls:
-# interrupted during push, git daemon should reap the receive-pack
+# git daemon (--timeout/--init-timeout), the access-hook subprocess in
-# child instead of keeping the gate wedged indefinitely.
+# git_http_backend, and the git http-backend CGI subprocess.
-GIT_GATE_DAEMON_TIMEOUT_SECS = 15
+GIT_GATE_TIMEOUT_SECS = 15
@dataclass(frozen=True)
@@ -112,6 +112,15 @@ def git_gate_upstreams_for_bottle(bottle: ManifestBottle) -> tuple[GitGateUpstre
    )
 def _gitconfig_validate_value(field: str, value: str) -> None:
    """Raise ValueError if value contains characters that break gitconfig line syntax."""
    if "\n" in value or "\r" in value:
        raise ValueError(
            f"git-gate: {field} contains a newline, which would inject "
            f"arbitrary gitconfig keys; rejecting manifest entry"
        )
 def git_gate_render_gitconfig(
    entries: tuple[ManifestGitEntry, ...], gate_host: str, *, scheme: str = "git",
 ) -> str:
@@ -136,6 +145,7 @@ def git_gate_render_gitconfig(
        "# fetch-from-upstream-before-every-upload-pack via access-hook).\n",
    ]
    for entry in entries:
        _gitconfig_validate_value(f"repos[{entry.Name!r}].url", entry.Upstream)
        out.append(f'[url "{scheme}://{gate_host}/{entry.Name}.git"]\n')
        out.append(f"\tinsteadOf = {entry.Upstream}\n")
        if entry.RemoteKey and entry.RemoteKey != entry.UpstreamHost:
@@ -148,6 +158,7 @@ def git_gate_render_gitconfig(
                f"ssh://{entry.UpstreamUser}@{entry.RemoteKey}{port}/"
                f"{entry.UpstreamPath}"
            )
            _gitconfig_validate_value(f"repos[{entry.Name!r}].url (resolved alias)", alias)
            out.append(f"\tinsteadOf = {alias}\n")
    return "".join(out)
@@ -217,8 +228,8 @@ def git_gate_render_entrypoint(upstreams: tuple[GitGateUpstream, ...]) -> str:
        "",
        "exec git daemon \\",
        "  --reuseaddr \\",
-        f"  --timeout={GIT_GATE_DAEMON_TIMEOUT_SECS} \\",
+        f"  --timeout={GIT_GATE_TIMEOUT_SECS} \\",
-        f"  --init-timeout={GIT_GATE_DAEMON_TIMEOUT_SECS} \\",
+        f"  --init-timeout={GIT_GATE_TIMEOUT_SECS} \\",
        "  --base-path=/git \\",
        "  --export-all \\",
        "  --enable=receive-pack \\",
@@ -16,6 +16,8 @@ from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
 from pathlib import Path
 from urllib.parse import urlsplit
 from .git_gate import GIT_GATE_TIMEOUT_SECS
 DEFAULT_PORT = 9420
@@ -47,6 +49,7 @@ class GitHttpHandler(BaseHTTPRequestHandler):
                [hook_path, "upload-pack", str(repo_dir), peer, peer],
                capture_output=True,
                check=False,
                timeout=GIT_GATE_TIMEOUT_SECS,
            )
            if hook.returncode != 0:
                detail = (hook.stderr or hook.stdout).decode(
@@ -110,6 +113,7 @@ class GitHttpHandler(BaseHTTPRequestHandler):
            env=env,
            capture_output=True,
            check=False,
            timeout=GIT_GATE_TIMEOUT_SECS,
        )
        self._write_cgi_response(proc.stdout)
@@ -148,7 +152,13 @@ class GitHttpHandler(BaseHTTPRequestHandler):
            key, _, value = line.decode("latin1").partition(":")
            value = value.strip()
            if key.lower() == "status":
-                status = int(value.split()[0])
+                try:
                    status = int(value.split()[0])
                except (ValueError, IndexError):
                    self.log_message(
                        "malformed CGI Status header %r; using 500", value,
                    )
                    status = 500
            else:
                headers.append((key, value))
        self.send_response(status)
@@ -47,11 +47,11 @@ from pathlib import Path
 try:
    # Same-directory imports inside the bundle container; these files are
    # COPYed flat under /app by Dockerfile.sidecars.
-    from egress_addon_core import load_routes
+    from egress_addon_core import LOG_OFF, load_config
    import supervise as _sv
 except ModuleNotFoundError:
    # Package imports for host-side tests and tooling.
-    from .egress_addon_core import load_routes
+    from .egress_addon_core import LOG_OFF, load_config
    from . import supervise as _sv
@@ -90,19 +90,19 @@ def parse_jsonrpc(body: bytes) -> JsonRpcRequest:
    try:
        raw = json.loads(body)
    except json.JSONDecodeError as e:
-        raise _RpcError(ERR_PARSE, f"parse error: {e}") from e
+        raise _RpcClientError(ERR_PARSE, f"parse error: {e}") from e
    if not isinstance(raw, dict):
-        raise _RpcError(ERR_INVALID_REQUEST, "request must be a JSON object")
+        raise _RpcClientError(ERR_INVALID_REQUEST, "request must be a JSON object")
    if raw.get("jsonrpc") != JSONRPC_VERSION:
-        raise _RpcError(ERR_INVALID_REQUEST, "jsonrpc field must be '2.0'")
+        raise _RpcClientError(ERR_INVALID_REQUEST, "jsonrpc field must be '2.0'")
    method = raw.get("method")
    if not isinstance(method, str):
-        raise _RpcError(ERR_INVALID_REQUEST, "method must be a string")
+        raise _RpcClientError(ERR_INVALID_REQUEST, "method must be a string")
    params = raw.get("params", {})
    if params is None:
        params = {}
    if not isinstance(params, dict):
-        raise _RpcError(ERR_INVALID_PARAMS, "params must be an object")
+        raise _RpcClientError(ERR_INVALID_PARAMS, "params must be an object")
    rpc_id = raw.get("id", _NO_ID)
    is_notification = rpc_id is _NO_ID
    return JsonRpcRequest(
@@ -117,12 +117,23 @@ _NO_ID = object()
 class _RpcError(Exception):
    """Base class for all typed RPC errors that surface as JSON-RPC error responses."""
    def __init__(self, code: int, message: str):
        super().__init__(message)
        self.code = code
        self.message = message
 class _RpcClientError(_RpcError):
    """Caller sent a bad request; returned verbatim, no server-side logging."""
 class _RpcInternalError(_RpcError):
    """Server-side fault; logged at ERROR with cause, always returns ERR_INTERNAL."""
    def __init__(self, message: str) -> None:
        super().__init__(ERR_INTERNAL, message)
 def jsonrpc_result(request_id: object, result: object) -> bytes:
    payload = {"jsonrpc": JSONRPC_VERSION, "id": request_id, "result": result}
    return (json.dumps(payload) + "\n").encode("utf-8")
@@ -290,21 +301,26 @@ def validate_proposed_file(tool: str, content: str) -> None:
    catches obvious paste-errors / wrong-tool selections before they
    enter the queue."""
    if not content.strip():
-        raise _RpcError(ERR_INVALID_PARAMS, f"{tool}: proposed file is empty")
+        raise _RpcClientError(ERR_INVALID_PARAMS, f"{tool}: proposed file is empty")
    if tool == _sv.TOOL_CAPABILITY_BLOCK:
        # Dockerfiles are too varied to validate syntactically beyond
        # non-empty. The operator reads the diff in the TUI.
        pass
    elif tool in (_sv.TOOL_EGRESS_ALLOW, _sv.TOOL_EGRESS_BLOCK):
        try:
-            load_routes(content)
+            config = load_config(content)
        except ValueError as e:
-            raise _RpcError(
+            raise _RpcClientError(
                ERR_INVALID_PARAMS,
                f"{tool}: proposed routes.yaml is not valid: {e}",
            ) from e
        if config.log != LOG_OFF:
            raise _RpcClientError(
                ERR_INVALID_PARAMS,
                f"{tool}: proposed routes.yaml must not change egress logging",
            )
    else:
-        raise _RpcError(ERR_INVALID_PARAMS, f"unknown tool {tool!r}")
+        raise _RpcClientError(ERR_INVALID_PARAMS, f"unknown tool {tool!r}")
 # --- MCP handlers ----------------------------------------------------------
@@ -377,17 +393,17 @@ def handle_tools_call(
    doesn't need operator approval."""
    name = params.get("name")
    if not isinstance(name, str):
-        raise _RpcError(ERR_INVALID_PARAMS, "tools/call missing 'name'")
+        raise _RpcClientError(ERR_INVALID_PARAMS, "tools/call missing 'name'")
    if name == _sv.TOOL_LIST_EGRESS_ROUTES:
        return handle_list_egress_routes(typing.cast(dict[str, object], params.get("arguments", {})), config)
    args_raw = params.get("arguments", {})
    if not isinstance(args_raw, dict):
-        raise _RpcError(ERR_INVALID_PARAMS, "tools/call 'arguments' must be an object")
+        raise _RpcClientError(ERR_INVALID_PARAMS, "tools/call 'arguments' must be an object")
    justification = args_raw.get("justification")
    if not isinstance(justification, str) or not justification.strip():
-        raise _RpcError(
+        raise _RpcClientError(
            ERR_INVALID_PARAMS,
            f"{name}: 'justification' is required and must be a non-empty string",
        )
@@ -396,13 +412,13 @@ def handle_tools_call(
        file_field = PROPOSED_FILE_FIELD[name]
        proposed_file = args_raw.get(file_field)
        if not isinstance(proposed_file, str):
-            raise _RpcError(
+            raise _RpcClientError(
                ERR_INVALID_PARAMS,
                f"{name}: '{file_field}' is required and must be a string",
            )
        validate_proposed_file(name, proposed_file)
    else:
-        raise _RpcError(ERR_INVALID_PARAMS, f"unknown tool {name!r}")
+        raise _RpcClientError(ERR_INVALID_PARAMS, f"unknown tool {name!r}")
    proposal = _sv.Proposal.new(
        bottle_slug=config.bottle_slug,
@@ -411,7 +427,10 @@ def handle_tools_call(
        justification=justification,
        current_file_hash=_sv.sha256_hex(proposed_file),
    )
-    _sv.write_proposal(config.queue_dir, proposal)
+    try:
        _sv.write_proposal(config.queue_dir, proposal)
    except OSError as e:
        raise _RpcInternalError(f"failed to write proposal to queue: {e}") from e
    sys.stderr.write(
        f"supervise: queued proposal {proposal.id} ({name}) "
        f"for bottle {config.bottle_slug}; waiting for operator...\n"
@@ -431,7 +450,10 @@ def handle_tools_call(
            "content": [{"type": "text", "text": text}],
            "isError": False,
        }
-    _sv.archive_proposal(config.queue_dir, proposal.id)
+    try:
        _sv.archive_proposal(config.queue_dir, proposal.id)
    except OSError as e:
        raise _RpcInternalError(f"failed to archive proposal: {e}") from e
    text = format_response_text(response)
    return {
@@ -507,7 +529,7 @@ class MCPHandler(http.server.BaseHTTPRequestHandler):
        try:
            req = parse_jsonrpc(body)
-        except _RpcError as e:
+        except _RpcClientError as e:
            self._write_jsonrpc(jsonrpc_error(None, e.code, e.message))
            return
@@ -515,11 +537,19 @@ class MCPHandler(http.server.BaseHTTPRequestHandler):
        try:
            result = self._dispatch(req, config)
-        except _RpcError as e:
+        except _RpcClientError as e:
            self._write_jsonrpc(jsonrpc_error(req.id, e.code, e.message))
            return
-        except Exception as e:  # noqa: W0718 — catch-all for RPC dispatch errors
+        except _RpcInternalError as e:
-            sys.stderr.write(f"supervise: internal error: {e}\n")
+            cause = e.__cause__
            detail = f": {cause}" if cause else ""
            sys.stderr.write(f"supervise: internal error: {e.message}{detail}\n")
            sys.stderr.flush()
            self._write_jsonrpc(jsonrpc_error(req.id, ERR_INTERNAL, "internal error"))
            return
        except Exception as e:  # noqa: W0718 — unexpected errors
            sys.stderr.write(f"supervise: unexpected error: {type(e).__name__}: {e}\n")
            sys.stderr.flush()
            self._write_jsonrpc(jsonrpc_error(req.id, ERR_INTERNAL, "internal error"))
            return
@@ -538,7 +568,7 @@ class MCPHandler(http.server.BaseHTTPRequestHandler):
            return handle_tools_list(req.params)
        if method == "tools/call":
            return handle_tools_call(req.params, config)
-        raise _RpcError(ERR_METHOD_NOT_FOUND, f"method not found: {method}")
+        raise _RpcClientError(ERR_METHOD_NOT_FOUND, f"method not found: {method}")
    def _write_jsonrpc(self, body: bytes) -> None:
        self.send_response(200)
@@ -102,6 +102,27 @@ class TestAttachAgent(unittest.TestCase):
            bottle.argv,
        )
    def test_remote_control_is_provider_startup_arg(self):
        class Bottle:
            argv: list[str] = []
            def exec_agent(self, argv: list[str], *, tty: bool = True) -> int:
                self.argv = list(argv)
                return 0
        bottle = Bottle()
        exit_code = start_mod.attach_agent(
            bottle,  # type: ignore[arg-type]
            agent_provider_template="codex",
            startup_args=("remote-control",),
        )
        self.assertEqual(0, exit_code)
        self.assertEqual(
            ["--dangerously-bypass-approvals-and-sandbox", "remote-control"],
            bottle.argv,
        )
 if __name__ == "__main__":
    unittest.main()
@@ -29,6 +29,9 @@ from bot_bottle.supervise import SupervisePlan
 _URL = "http://supervise:9100/"
 _CODEX_DOCKERFILE = (
    Path(__file__).resolve().parents[2] / "bot_bottle/contrib/codex/Dockerfile"
 )
 def _make_bottle(exec_result: ExecResult | None = None) -> MagicMock:
@@ -276,6 +279,12 @@ class TestCodexProvision(unittest.TestCase):
            )
 class TestCodexDockerfile(unittest.TestCase):
    def test_installs_procps_for_remote_control_pid_management(self):
        dockerfile = _CODEX_DOCKERFILE.read_text()
        self.assertIn("procps", dockerfile)
 class TestCodexSuperviseMcp(unittest.TestCase):
    def test_noop_when_supervise_disabled(self):
        bottle = _make_bottle()
@@ -10,6 +10,8 @@ from unittest.mock import MagicMock, patch
 from bot_bottle.contrib.gitea.deploy_key_provisioner import (
    GiteaDeployKeyProvisioner,
    _API_TIMEOUT_SECS,
    _KEYGEN_TIMEOUT_SECS,
    _split_owner_repo,
 )
 from bot_bottle.deploy_key_provisioner import DeployKeyCollisionError
@@ -83,6 +85,25 @@ class TestCreate(unittest.TestCase):
        self.assertEqual(str(fake_key_id), key_id)
        self.assertEqual(fake_private, private_bytes)
    def test_create_passes_timeout_to_ssh_keygen_and_urlopen(self):
        provisioner = _provisioner()
        with patch(
            "bot_bottle.contrib.gitea.deploy_key_provisioner.subprocess.run"
        ) as mock_run, patch(
            "bot_bottle.contrib.gitea.deploy_key_provisioner.urllib.request.urlopen"
        ) as mock_urlopen, patch(
            "bot_bottle.contrib.gitea.deploy_key_provisioner.Path.read_bytes",
            return_value=b"PRIVATE",
        ), patch(
            "bot_bottle.contrib.gitea.deploy_key_provisioner.Path.read_text",
            return_value="ssh-ed25519 AAAA\n",
        ):
            mock_urlopen.return_value = _urlopen_response({"id": 1})
            provisioner.create("owner/repo", "title")
        self.assertEqual(_KEYGEN_TIMEOUT_SECS, mock_run.call_args.kwargs.get("timeout"))
        self.assertEqual(_API_TIMEOUT_SECS, mock_urlopen.call_args.kwargs.get("timeout"))
    def test_create_raises_on_http_error(self):
        provisioner = _provisioner()
        with patch(
@@ -139,6 +160,16 @@ class TestDelete(unittest.TestCase):
        self.assertIn("/api/v1/repos/didericis/bot-bottle/keys/99", req.full_url)
        self.assertEqual("DELETE", req.get_method())
    def test_delete_passes_timeout_to_urlopen(self):
        provisioner = _provisioner()
        with patch(
            "bot_bottle.contrib.gitea.deploy_key_provisioner.urllib.request.urlopen"
        ) as mock_urlopen:
            mock_urlopen.return_value = _urlopen_response({})
            provisioner.delete("owner/repo", "7")
        self.assertEqual(_API_TIMEOUT_SECS, mock_urlopen.call_args.kwargs.get("timeout"))
    def test_delete_tolerates_404(self):
        provisioner = _provisioner()
        with patch(
@@ -136,6 +136,16 @@ class TestClaudeArgv(unittest.TestCase):
            argv,
        )
    def test_codex_remote_control_startup_arg_does_not_receive_initial_prompt(self):
        argv = _codex_bottle("/home/node/.bot-bottle-prompt.txt").agent_argv(
            ["--dangerously-bypass-approvals-and-sandbox", "remote-control"],
        )
        self.assertEqual(
            ["docker", "exec", "-it", "bot-bottle-dev-abc", "codex",
             "--dangerously-bypass-approvals-and-sandbox", "remote-control"],
            argv,
        )
    def test_codex_resume_does_not_append_initial_prompt(self):
        argv = _codex_bottle("/home/node/.bot-bottle-prompt.txt").agent_argv(
            ["--dangerously-bypass-approvals-and-sandbox", "resume", "--last"],
@@ -31,7 +31,6 @@ class _Provider(AgentProvider):
        return AgentProviderRuntime(
            template="test", command="test", image="",
            prompt_mode="append_file", bypass_args=(), resume_args=(),
            remote_control_args=(),
        )
    def provision_plan(self, **kwargs):  # type: ignore[override]
        raise NotImplementedError
@@ -10,6 +10,7 @@ from bot_bottle.egress import (
    Egress,
    EgressPlan,
    EgressRoute,
    _yaml_str_escape,
    egress_agent_env_entries,
    egress_manifest_routes,
    egress_render_routes,
@@ -322,7 +323,7 @@ class TestRenderRoutes(unittest.TestCase):
        self.assertEqual([], parse_yaml_subset(rendered)["routes"])
    def test_round_trip_through_addon_core(self):
-        from bot_bottle.egress_addon_core import load_routes
+        from bot_bottle.egress_addon_core import load_config
        b = _bottle([
            {"host": "api.github.com",
             "auth": {"scheme": "Bearer", "token_ref": "GH_PAT"},
@@ -333,7 +334,7 @@ class TestRenderRoutes(unittest.TestCase):
            {"host": "api.anthropic.com"},
        ])
        routes = egress_routes_for_bottle(b)
-        addon_routes = load_routes(egress_render_routes(routes))
+        addon_routes = load_config(egress_render_routes(routes)).routes
        self.assertEqual(3, len(addon_routes))
        self.assertEqual("Bearer", addon_routes[0].auth_scheme)
        self.assertEqual("EGRESS_TOKEN_0", addon_routes[0].token_env)
@@ -341,26 +342,26 @@ class TestRenderRoutes(unittest.TestCase):
        self.assertEqual("", addon_routes[2].auth_scheme)
    def test_dlp_round_trips(self):
-        from bot_bottle.egress_addon_core import load_routes
+        from bot_bottle.egress_addon_core import load_config
        b = _bottle([{"host": "x.example", "dlp": {
            "outbound_detectors": ["token_patterns"],
            "inbound_detectors": False,
        }}])
        routes = egress_routes_for_bottle(b)
        rendered = egress_render_routes(routes)
-        addon_routes = load_routes(rendered)
+        addon_routes = load_config(rendered).routes
        self.assertEqual(("token_patterns",), addon_routes[0].outbound_detectors)
        self.assertEqual((), addon_routes[0].inbound_detectors)
    def test_outbound_on_match_round_trips(self):
-        from bot_bottle.egress_addon_core import load_routes
+        from bot_bottle.egress_addon_core import load_config
        b = _bottle([{"host": "logs.example", "dlp": {
            "outbound_on_match": "redact",
        }}])
        routes = egress_routes_for_bottle(b)
        rendered = egress_render_routes(routes)
        self.assertIn('outbound_on_match: "redact"', rendered)
-        addon_routes = load_routes(rendered)
+        addon_routes = load_config(rendered).routes
        self.assertEqual("redact", addon_routes[0].outbound_on_match)
    def test_outbound_on_match_default_omitted_from_render(self):
@@ -370,12 +371,12 @@ class TestRenderRoutes(unittest.TestCase):
        self.assertNotIn("outbound_on_match", rendered)
    def test_git_fetch_policy_round_trips(self):
-        from bot_bottle.egress_addon_core import load_routes
+        from bot_bottle.egress_addon_core import load_config
        b = _bottle([{"host": "github.com", "git": {"fetch": True}}])
        routes = egress_routes_for_bottle(b)
        rendered = egress_render_routes(routes)
        self.assertEqual({"fetch": True}, self._parsed(routes)[0]["git"])
-        addon_routes = load_routes(rendered)
+        addon_routes = load_config(rendered).routes
        self.assertTrue(addon_routes[0].git_fetch)
    def test_log_zero_omitted_from_render(self):
@@ -419,6 +420,76 @@ class TestRenderRoutes(unittest.TestCase):
        self.assertEqual(LOG_BLOCKS, cfg.log)
 class TestYamlStrEscape(unittest.TestCase):
    """_yaml_str_escape produces safe YAML double-quoted scalar content."""
    def test_plain_string_unchanged(self):
        self.assertEqual("api.example.com", _yaml_str_escape("api.example.com"))
    def test_double_quote_escaped(self):
        self.assertEqual('\\"', _yaml_str_escape('"'))
    def test_backslash_escaped(self):
        self.assertEqual("\\\\", _yaml_str_escape("\\"))
    def test_newline_escaped(self):
        self.assertEqual("\\n", _yaml_str_escape("\n"))
    def test_carriage_return_escaped(self):
        self.assertEqual("\\r", _yaml_str_escape("\r"))
    def test_tab_escaped(self):
        self.assertEqual("\\t", _yaml_str_escape("\t"))
    def test_combined(self):
        self.assertEqual('\\"\\n\\\\', _yaml_str_escape('"\n\\'))
 class TestRenderRoutesEscaping(unittest.TestCase):
    """Stray quotes/newlines in manifest strings do not corrupt routes.yaml."""
    @staticmethod
    def _parsed(routes) -> list[dict]:  # type: ignore
        return parse_yaml_subset(egress_render_routes(routes))["routes"]  # type: ignore
    def test_host_with_double_quote_round_trips(self):
        routes = (EgressRoute(host='bad"host.example'),)
        parsed = self._parsed(routes)
        self.assertEqual('bad"host.example', parsed[0]["host"])
    def test_host_with_newline_round_trips(self):
        routes = (EgressRoute(host="host\nextra.example"),)
        parsed = self._parsed(routes)
        self.assertEqual("host\nextra.example", parsed[0]["host"])
    def test_auth_scheme_with_double_quote_round_trips(self):
        routes = (EgressRoute(
            host="api.example",
            auth_scheme='Bear"er',
            token_env="EGRESS_TOKEN_0",
        ),)
        parsed = self._parsed(routes)
        self.assertEqual('Bear"er', parsed[0]["auth_scheme"])
    def test_path_value_with_double_quote_round_trips(self):
        from bot_bottle.egress_addon_core import PathMatch, MatchEntry
        routes = (EgressRoute(
            host="api.example",
            matches=(MatchEntry(paths=(PathMatch(type="prefix", value='/v1/"quoted"/'),)),),
        ),)
        parsed = self._parsed(routes)
        self.assertEqual('/v1/"quoted"/', parsed[0]["matches"][0]["paths"][0]["value"])
    def test_header_value_with_double_quote_round_trips(self):
        from bot_bottle.egress_addon_core import HeaderMatch, MatchEntry
        routes = (EgressRoute(
            host="api.example",
            matches=(MatchEntry(headers=(HeaderMatch(name="x-h", value='val"ue'),)),),
        ),)
        parsed = self._parsed(routes)
        self.assertEqual('val"ue', parsed[0]["matches"][0]["headers"][0]["value"])
 class TestResolveTokenValues(unittest.TestCase):
    def test_reads_host_env(self):
        out = egress_resolve_token_values(
@@ -32,7 +32,6 @@ from bot_bottle.egress_addon_core import (
    is_git_fetch_request,
    is_git_push_request,
    load_config,
    load_routes,
    match_route,
    outbound_scan_headers,
    parse_config,
@@ -289,47 +288,6 @@ class TestParseDlp(unittest.TestCase):
            }]})
 # --- load_routes ---------------------------------------------------------
 class TestLoadRoutes(unittest.TestCase):
    def test_yaml_text_round_trip(self):
        routes = load_routes(
            'routes:\n'
            '  - host: "api.example"\n'
        )
        self.assertEqual(1, len(routes))
        self.assertEqual("api.example", routes[0].host)
    def test_full_route_shape_parses(self):
        routes = load_routes(
            'routes:\n'
            '  - host: "api.example"\n'
            '    auth_scheme: "Bearer"\n'
            '    token_env: "EGRESS_TOKEN_0"\n'
            '    matches:\n'
            '      - paths:\n'
            '          - value: "/v1/"\n'
            '          - type: "exact"\n'
            '            value: "/messages"\n'
        )
        self.assertEqual(1, len(routes))
        r = routes[0]
        self.assertEqual("api.example", r.host)
        self.assertEqual("Bearer", r.auth_scheme)
        self.assertEqual("EGRESS_TOKEN_0", r.token_env)
        self.assertEqual(1, len(r.matches))
        self.assertEqual(2, len(r.matches[0].paths))
    def test_empty_routes_list(self):
        routes = load_routes("routes: []\n")
        self.assertEqual((), routes)
    def test_invalid_yaml_raises_value_error(self):
        with self.assertRaises(ValueError):
            load_routes("routes:\n\t- host: x\n")
 # --- load_config / parse_config ------------------------------------------
@@ -378,6 +336,33 @@ class TestLoadConfig(unittest.TestCase):
        with self.assertRaises(ValueError):
            parse_config("not a dict")
    def test_empty_routes_list(self):
        cfg = load_config("routes: []\n")
        self.assertEqual((), cfg.routes)
    def test_full_route_shape_parses(self):
        cfg = load_config(
            'routes:\n'
            '  - host: "api.example"\n'
            '    auth_scheme: "Bearer"\n'
            '    token_env: "EGRESS_TOKEN_0"\n'
            '    matches:\n'
            '      - paths:\n'
            '          - value: "/v1/"\n'
            '          - type: "exact"\n'
            '            value: "/messages"\n'
        )
        r = cfg.routes[0]
        self.assertEqual("api.example", r.host)
        self.assertEqual("Bearer", r.auth_scheme)
        self.assertEqual("EGRESS_TOKEN_0", r.token_env)
        self.assertEqual(1, len(r.matches))
        self.assertEqual(2, len(r.matches[0].paths))
    def test_invalid_yaml_raises_value_error(self):
        with self.assertRaises(ValueError):
            load_config("routes:\n\t- host: x\n")
 # --- evaluate_matches ---------------------------------------------------
@@ -54,6 +54,15 @@ class TestValidateRoutesContent(unittest.TestCase):
                '    auth_scheme: "Bearer"\n'
            )
    def test_rejects_log_full(self):
        with self.assertRaises(EgressApplyError) as cm:
            applicator.validate_routes_content(
                'log: 2\n'
                'routes:\n'
                '  - host: "x.example"\n'
            )
        self.assertIn("must not change egress logging", str(cm.exception))
 class TestApplyRoutesChange(unittest.TestCase):
    def setUp(self):
@@ -9,6 +9,7 @@ import urllib.request
 from pathlib import Path
 from unittest import mock
 from bot_bottle.git_gate import GIT_GATE_TIMEOUT_SECS
 from bot_bottle.git_http_backend import GitHttpHandler, MAX_BODY_BYTES
@@ -150,6 +151,61 @@ class TestGitHttpBackend(unittest.TestCase):
            )
            self.assertEqual("git/test", env["HTTP_USER_AGENT"])
    def test_subprocess_calls_include_timeout(self):
        """Both subprocess.run calls (access-hook and git http-backend) must
        pass timeout= so a hung upstream cannot wedge the sidecar."""
        from http.server import ThreadingHTTPServer
        with tempfile.TemporaryDirectory() as tmp:
            root = Path(tmp)
            (root / "repo.git").mkdir()
            old_root = os.environ.get("GIT_PROJECT_ROOT")
            os.environ["GIT_PROJECT_ROOT"] = str(root)
            self.addCleanup(self._restore_env, old_root)
            old_hook = os.environ.get("GIT_GATE_ACCESS_HOOK")
            hook = root / "access-hook"
            hook.write_text("#!/bin/sh\nexit 0\n")
            hook.chmod(0o700)
            os.environ["GIT_GATE_ACCESS_HOOK"] = str(hook)
            self.addCleanup(self._restore_hook, old_hook)
            server = ThreadingHTTPServer(("127.0.0.1", 0), GitHttpHandler)
            thread = threading.Thread(target=server.serve_forever, daemon=True)
            thread.start()
            self.addCleanup(server.shutdown)
            self.addCleanup(server.server_close)
            backend_response = (
                b"Status: 200 OK\r\n"
                b"Content-Type: application/x-git-upload-pack-result\r\n"
                b"\r\n"
                b"0000"
            )
            calls = [
                subprocess.CompletedProcess(["hook"], 0, b"", b""),
                subprocess.CompletedProcess(["git"], 0, backend_response, b""),
            ]
            with mock.patch(
                "bot_bottle.git_http_backend.subprocess.run",
                side_effect=calls,
            ) as run:
                req = urllib.request.Request(
                    f"http://127.0.0.1:{server.server_port}"
                    "/repo.git/git-upload-pack",
                    data=b"",
                    method="POST",
                )
                with urllib.request.urlopen(req, timeout=5):
                    pass
            for call in run.call_args_list:
                self.assertEqual(
                    GIT_GATE_TIMEOUT_SECS,
                    call.kwargs.get("timeout"),
                    f"subprocess.run call missing timeout: {call}",
                )
    def test_access_hook_denial_is_logged_to_stdout(self):
        """When the access-hook exits non-zero we still return 403 to the
        client, but the hook's stderr must also appear on the handler's
@@ -256,6 +312,57 @@ class TestGitHttpBackend(unittest.TestCase):
            os.environ["GIT_GATE_ACCESS_HOOK"] = value
 class TestMalformedStatusHeader(unittest.TestCase):
    """Malformed CGI Status: headers must not propagate as unhandled exceptions;
    the handler should fall back to HTTP 500."""
    def setUp(self):
        from http.server import ThreadingHTTPServer
        import tempfile
        self._tmp = tempfile.mkdtemp()
        os.environ["GIT_PROJECT_ROOT"] = self._tmp
        self._server = ThreadingHTTPServer(("127.0.0.1", 0), GitHttpHandler)
        self._thread = threading.Thread(
            target=self._server.serve_forever, daemon=True,
        )
        self._thread.start()
        self._port = self._server.server_port
    def tearDown(self):
        self._server.shutdown()
        self._server.server_close()
        os.environ.pop("GIT_PROJECT_ROOT", None)
        import shutil
        shutil.rmtree(self._tmp, ignore_errors=True)
    def _get_with_backend_response(self, cgi_response: bytes) -> int:
        with mock.patch(
            "bot_bottle.git_http_backend.subprocess.run",
            return_value=mock.Mock(returncode=0, stdout=cgi_response),
        ):
            req = urllib.request.Request(
                f"http://127.0.0.1:{self._port}/repo.git/info/refs",
                method="GET",
            )
            try:
                with urllib.request.urlopen(req, timeout=3) as resp:
                    return resp.status
            except urllib.error.HTTPError as e:  # type: ignore
                return e.code
    def test_empty_status_value_returns_500(self):
        status = self._get_with_backend_response(
            b"Status: \r\nContent-Type: text/plain\r\n\r\n"
        )
        self.assertEqual(500, status)
    def test_non_numeric_status_returns_500(self):
        status = self._get_with_backend_response(
            b"Status: bad\r\nContent-Type: text/plain\r\n\r\n"
        )
        self.assertEqual(500, status)
 class TestContentLengthBounds(unittest.TestCase):
    """PRD 0041: malformed or oversized Content-Length is rejected before
    git http-backend is invoked."""
@@ -73,6 +73,33 @@ resolver #2
        )
        self.assertTrue(run.call_args_list[-1].kwargs["check"])
    def test_build_image_anchors_relative_dockerfile_to_context(self):
        status = util.subprocess.CompletedProcess(
            args=[],
            returncode=0,
            stdout=(
                '[{"status":{"state":"running"},'
                '"configuration":{"dns":{"nameservers":["9.9.9.9"]}}}]'
            ),
            stderr="",
        )
        with patch.object(util.subprocess, "run", return_value=status) as run, \
             patch.object(util.os, "environ", {
                 "BOT_BOTTLE_MACOS_CONTAINER_DNS": "9.9.9.9",
             }):
            util.build_image(
                "bot-bottle-sidecars:latest",
                "/repo",
                dockerfile="Dockerfile.sidecars",
            )
        self.assertEqual(
            [
                "container", "build", "-t", "bot-bottle-sidecars:latest",
                "--dns", "9.9.9.9", "-f", "/repo/Dockerfile.sidecars", "/repo",
            ],
            run.call_args_list[-1].args[0],
        )
    def test_commit_container_execs_tar_and_builds_image(self):
        # stderr is bytes because subprocess.run uses stderr=PIPE without text=True
        completed = util.subprocess.CompletedProcess(
@@ -130,7 +130,7 @@ def _capture_print(plan: DockerBottlePlan | SmolmachinesBottlePlan) -> list[str]
    orig = sys.stderr
    sys.stderr = buf
    try:
-        plan.print(remote_control=False)
+        plan.print()
    finally:
        sys.stderr = orig
    return buf.getvalue().splitlines()
@@ -8,6 +8,7 @@ import unittest
 from bot_bottle.git_gate import (
    GIT_GATE_HOSTNAME,
    _gitconfig_validate_value,
    git_gate_render_gitconfig,
 )
 from bot_bottle.manifest import ManifestIndex
@@ -90,5 +91,42 @@ class TestGitGateGitconfigRender(unittest.TestCase):
        self.assertNotIn("gitea.dideric.is", out)
 class TestGitconfigValidateValue(unittest.TestCase):
    """_gitconfig_validate_value rejects values that would inject gitconfig keys."""
    def test_normal_url_passes(self):
        _gitconfig_validate_value("url", "ssh://git@github.com/owner/repo.git")
    def test_newline_in_url_raises(self):
        with self.assertRaises(ValueError):
            _gitconfig_validate_value("url", "ssh://git@github.com/owner/\nrepo.git")
    def test_carriage_return_in_url_raises(self):
        with self.assertRaises(ValueError):
            _gitconfig_validate_value("url", "ssh://git@github.com/\rrepo.git")
    def test_error_message_names_field(self):
        with self.assertRaises(ValueError, msg="error should name the field") as ctx:
            _gitconfig_validate_value("repos['bad'].url", "ssh://host/\npath")
        self.assertIn("repos['bad'].url", str(ctx.exception))
 class TestGitconfigRenderRejectsNewlineInUpstream(unittest.TestCase):
    """git_gate_render_gitconfig raises on Upstream values with newlines."""
    def test_newline_in_upstream_raises(self):
        m = ManifestIndex.from_json_obj({
            "bottles": {"dev": {"git-gate": {"repos": {
                "evil": {
                    "url": "ssh://git@github.com/owner/\nfake-key = injected\nrepo.git",
                    "key": {"provider": "static", "path": "/dev/null"},
                },
            }}}},
            "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
        })
        with self.assertRaises(ValueError):
            git_gate_render_gitconfig(m.bottles["dev"].git, GIT_GATE_HOSTNAME)
 if __name__ == "__main__":
    unittest.main()
@@ -42,7 +42,6 @@ class _Provider(AgentProvider):
        return AgentProviderRuntime(
            template="test", command="test", image="",
            prompt_mode="append_file", bypass_args=(), resume_args=(),
            remote_control_args=(),
        )
    def provision_plan(self, **kwargs):  # type: ignore[override]
        raise NotImplementedError
@@ -20,6 +20,7 @@ import supervise as _sv  # noqa: E402  # type: ignore
 from bot_bottle import supervise_server  # noqa: E402
 from bot_bottle.supervise_server import (
    ERR_INTERNAL,
    ERR_INVALID_PARAMS,
    ERR_INVALID_REQUEST,
    ERR_METHOD_NOT_FOUND,
@@ -29,7 +30,9 @@ from bot_bottle.supervise_server import (
    PROPOSED_FILE_FIELD,
    ServerConfig,
    TOOL_DEFINITIONS,
    _RpcClientError,
    _RpcError,
    _RpcInternalError,
    _response_timeout_from_env,
    format_response_text,
    handle_initialize,
@@ -67,6 +70,74 @@ class TestValidation(unittest.TestCase):
        with self.assertRaises(_RpcError):
            validate_proposed_file(_sv.TOOL_EGRESS_BLOCK, "routes: nope\n")
    def test_egress_routes_yaml_rejects_log_full(self):
        with self.assertRaises(_RpcError) as cm:
            validate_proposed_file(
                _sv.TOOL_EGRESS_ALLOW,
                "log: 2\nroutes:\n  - host: example.com\n",
            )
        self.assertEqual(ERR_INVALID_PARAMS, cm.exception.code)
        self.assertIn("must not change egress logging", cm.exception.message)
 # --- Error taxonomy --------------------------------------------------------
 class TestRpcErrorTaxonomy(unittest.TestCase):
    def test_rpc_client_error_is_rpc_error(self):
        e = _RpcClientError(ERR_INVALID_PARAMS, "bad param")
        self.assertIsInstance(e, _RpcError)
        self.assertEqual(ERR_INVALID_PARAMS, e.code)
        self.assertEqual("bad param", e.message)
    def test_rpc_internal_error_is_rpc_error(self):
        e = _RpcInternalError("disk full")
        self.assertIsInstance(e, _RpcError)
        self.assertEqual(ERR_INTERNAL, e.code)
        self.assertEqual("disk full", e.message)
    def test_rpc_internal_error_preserves_cause(self):
        cause = OSError("no space left on device")
        try:
            raise _RpcInternalError("failed to write") from cause
        except _RpcInternalError as e:
            self.assertIs(cause, e.__cause__)
    def test_parse_error_is_client_error(self):
        with self.assertRaises(_RpcClientError):
            parse_jsonrpc(b"{bad json")
    def test_validation_error_is_client_error(self):
        with self.assertRaises(_RpcClientError):
            validate_proposed_file(_sv.TOOL_EGRESS_ALLOW, "routes: nope\n")
    def test_unknown_tool_in_tools_call_is_client_error(self):
        config = ServerConfig(bottle_slug="dev", queue_dir=Path("/unused"))
        with self.assertRaises(_RpcClientError) as cm:
            handle_tools_call({"name": "no-such-tool", "arguments": {}}, config)
        self.assertEqual(ERR_INVALID_PARAMS, cm.exception.code)
 class TestRpcInternalErrorOnIoFailure(unittest.TestCase):
    def test_write_proposal_os_error_raises_internal(self):
        config = ServerConfig(
            bottle_slug="dev",
            queue_dir=Path("/dev/null/cannot-exist"),
        )
        with self.assertRaises(_RpcInternalError) as cm:
            handle_tools_call(
                {
                    "name": _sv.TOOL_CAPABILITY_BLOCK,
                    "arguments": {
                        "dockerfile": "FROM python:3.13\n",
                        "justification": "x",
                    },
                },
                config,
            )
        self.assertEqual(ERR_INTERNAL, cm.exception.code)
        self.assertIsNotNone(cm.exception.__cause__)
 # --- JSON-RPC parsing ------------------------------------------------------
@@ -460,6 +531,26 @@ class TestHttpEndToEnd(unittest.TestCase):
        )
        self.assertEqual(ERR_METHOD_NOT_FOUND, result["error"]["code"])  # type: ignore[index]
    def test_internal_error_returns_err_internal_over_http(self):
        with patch.object(
            supervise_server._sv, "write_proposal",
            side_effect=OSError("disk full"),
        ):
            result = self._post_jsonrpc({
                "jsonrpc": "2.0",
                "id": 99,
                "method": "tools/call",
                "params": {
                    "name": _sv.TOOL_CAPABILITY_BLOCK,
                    "arguments": {
                        "dockerfile": "FROM python:3.13\n",
                        "justification": "x",
                    },
                },
            })
        self.assertIn("error", result)
        self.assertEqual(ERR_INTERNAL, result["error"]["code"])  # type: ignore[index]
    def test_health_endpoint(self):
        conn = http.client.HTTPConnection("127.0.0.1", self.port, timeout=5)
        try:
Author	SHA1	Message	Date
didericis-claude	bffd5043dc	refactor: drop redundant single-parent fast path in _resolve_one_bottle lint / lint (push) Successful in 1m46s Details test / unit (pull_request) Successful in 35s Details test / integration (pull_request) Successful in 17s Details _fold_parents with one name returns after the first resolve; the single-element branch was a verbatim copy of the general path.	2026-06-25 04:33:11 -04:00
didericis-claude	76a4d9142f	fix: resolve pyright reportUnnecessaryIsInstance in _resolve_one_bottle Validate list entries against object-typed raw_list before narrowing to list[str], so the isinstance(pname, str) check is not redundant.	2026-06-25 04:33:11 -04:00
didericis-claude	a7fb92acd8	feat: support multiple parents in bottle extends: Allow extends: to accept a list of bottle names in addition to a plain string. Parents are resolved independently and folded left-to-right into a single combined parent before the child is merged on top, so orthogonal concerns (base env, networking, agent provider) can live in separate bottles without forcing a linear chain. Merge rules for the parent fold: env dict-merge with later winning on collision; git-gate.user per-field overlay; git-gate.repos union by name with later winning per-field on same name; egress.routes concatenated; all scalar fields (supervise, agent_provider, egress.log) use last-wins. The existing child-wins-over-all-parents rule is unchanged. Cycle detection, diamond deduplication, and missing/invalid parent errors all work across multi-parent graphs. Closes #268	2026-06-25 04:33:11 -04:00
didericis-claude	515a95a79d	fix: escape quotes/newlines in YAML and gitconfig emitters test / unit (pull_request) Successful in 35s Details test / integration (pull_request) Successful in 17s Details lint / lint (push) Successful in 1m48s Details test / unit (push) Successful in 32s Details test / integration (push) Successful in 16s Details Update Quality Badges / update-badges (push) Successful in 1m18s Details Closes #258. `egress_render_routes` and `_render_match_entry` now pass all manifest strings (host, auth_scheme, token_env, path/header values) through `_yaml_str_escape` before interpolating into double-quoted YAML scalars, preventing stray `"` or newlines from corrupting routes.yaml. `git_gate_render_gitconfig` now calls `_gitconfig_validate_value` on each Upstream value (and the derived alias) before writing the `insteadOf` line, rejecting any value containing a newline that would inject arbitrary gitconfig keys.	2026-06-25 04:23:13 -04:00
didericis-claude	0bace7615a	refactor: rename GIT_GATE_DAEMON_TIMEOUT_SECS to GIT_GATE_TIMEOUT_SECS test / unit (pull_request) Successful in 33s Details test / integration (pull_request) Successful in 17s Details lint / lint (push) Successful in 1m48s Details test / unit (push) Successful in 35s Details test / integration (push) Successful in 17s Details Update Quality Badges / update-badges (push) Successful in 1m20s Details The constant now covers the daemon path, the HTTP backend access-hook, and the git http-backend CGI subprocess, so 'daemon' in the name was too narrow. Updated the comment to list all three current uses.	2026-06-25 04:12:43 -04:00
didericis-claude	c0d3f16519	refactor: import GIT_GATE_DAEMON_TIMEOUT_SECS instead of duplicating the value	2026-06-25 04:12:43 -04:00
didericis-claude	508c537deb	fix: add explicit timeouts to subprocess and HTTP calls in git-gate paths Closes #255. Without timeouts, a hung upstream during the access-hook or git http-backend CGI call (git_http_backend.py) and a stalled Gitea API during deploy-key provisioning (contrib/gitea/deploy_key_provisioner.py) could wedge a sidecar indefinitely. Adds GIT_HTTP_BACKEND_TIMEOUT_SECS (30s) to both subprocess.run calls in the HTTP backend, mirroring the existing GIT_GATE_DAEMON_TIMEOUT_SECS on the daemon path. Adds _API_TIMEOUT_SECS (30s) and _KEYGEN_TIMEOUT_SECS (10s) to the Gitea provisioner's urlopen and ssh-keygen calls. Tests verify the timeout values are forwarded in all four call sites.	2026-06-25 04:12:43 -04:00
didericis-claude	d99dba037c	feat(supervise): typed RPC error taxonomy for dispatch test / unit (pull_request) Successful in 31s Details test / integration (pull_request) Successful in 17s Details lint / lint (push) Successful in 1m48s Details test / unit (push) Successful in 32s Details test / integration (push) Successful in 18s Details Update Quality Badges / update-badges (push) Successful in 1m20s Details Introduce _RpcClientError and _RpcInternalError as distinct subclasses of _RpcError so the dispatcher can handle bad requests and server-side faults differently — returning client errors verbatim and logging internal faults with their cause before replying ERR_INTERNAL. Wrap write_proposal and archive_proposal IO with _RpcInternalError so OS failures surface through the typed path instead of the bare Exception fallback. All existing raise _RpcError(...) call sites converted to _RpcClientError. Closes #253	2026-06-25 04:02:39 -04:00
didericis-claude	9a878bd885	fix: guard CGI Status-line parse in _write_cgi_response test / unit (pull_request) Successful in 32s Details test / integration (pull_request) Successful in 16s Details lint / lint (push) Successful in 1m47s Details test / unit (push) Successful in 32s Details test / integration (push) Successful in 16s Details Update Quality Badges / update-badges (push) Successful in 1m19s Details An empty or non-numeric Status: header from git http-backend raised ValueError/IndexError that escaped the handler thread. Wrap the parse in a try/except and fall back to HTTP 500 instead. Closes #254	2026-06-25 03:47:05 -04:00
didericis	0f72843150	fix(macos-container): anchor relative Dockerfile path to build context test / unit (pull_request) Successful in 33s Details test / integration (pull_request) Successful in 17s Details lint / lint (push) Successful in 1m49s Details test / unit (push) Successful in 33s Details test / integration (push) Successful in 18s Details Update Quality Badges / update-badges (push) Successful in 1m19s Details `container build` resolves -f relative to the current working directory, not the build context, so builds failed from any cwd other than the repo root. Anchor a relative Dockerfile to the context before passing it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-25 03:27:46 -04:00
didericis	fd6b14fb32	fix: route remote control through provider startup args test / unit (pull_request) Successful in 32s Details test / integration (pull_request) Successful in 18s Details lint / lint (push) Successful in 1m46s Details test / unit (push) Successful in 30s Details test / integration (push) Successful in 17s Details Update Quality Badges / update-badges (push) Successful in 1m23s Details	2026-06-25 03:08:47 -04:00
didericis-claude	9f9aa2e762	refactor: remove load_routes, use load_config(...).routes in tests test / unit (pull_request) Successful in 48s Details test / integration (pull_request) Successful in 26s Details lint / lint (push) Successful in 1m45s Details test / unit (push) Successful in 32s Details test / integration (push) Successful in 17s Details Update Quality Badges / update-badges (push) Successful in 1m21s Details Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-25 06:07:47 +00:00
didericis-codex	454baaf3a1	fix(egress): validate proposed full config lint / lint (push) Successful in 2m23s Details test / unit (pull_request) Successful in 47s Details test / integration (pull_request) Successful in 28s Details	2026-06-25 05:25:42 +00:00