Compare commits

..

14 Commits

Author SHA1 Message Date
didericis-claude a4d82e5ff2 refactor: extract TableMigrations and DbStore base class
lint / lint (push) Successful in 2m0s
test / unit (pull_request) Successful in 1m4s
test / integration (pull_request) Successful in 23s
test / coverage (pull_request) Successful in 1m9s
Adds bot_bottle/migrations.py (TableMigrations) and bot_bottle/db_store.py
(DbStore) per PR review. Both stores now inherit from DbStore and hold a
TableMigrations instance instead of duplicating schema-version logic inline.
2026-07-02 21:04:34 +00:00
didericis-claude e8e4f6f7c7 refactor: address PR review — rename, move helpers, add migration runner
lint / lint (push) Successful in 2m4s
test / unit (pull_request) Successful in 59s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 1m5s
Per review #320 comments:

- Rename _sv() → get_supervise_mod() in both store files (review 206/211)
- Move _audit_entry_from_row onto AuditStore as _row_to_entry static method
  (review 208); move _proposal/_response_from_row onto QueueStore (review 211)
- Remove _host_db_path() free function; inline into __init__ (review 209/211)
- Add stdlib migration runner using a shared schema_versions table; each store
  tracks its own version under a module key so they can coexist in the same DB
  without clobbering a shared PRAGMA user_version (reviews 210/212/213)
- PRD: add goal 6 (migration runner), narrow non-goal to third-party ORM only
2026-07-02 03:27:02 +00:00
didericis-claude 5f0fc0d540 test: cover QueueStore/AuditStore guard branches and supervise bundle spec
lint / lint (push) Successful in 1m57s
test / unit (pull_request) Successful in 52s
test / integration (pull_request) Successful in 19s
test / coverage (pull_request) Successful in 1m2s
Add 8 tests covering the branches that were keeping diff-coverage below
90%: explicit db_path constructor arg, early-return guards when the DB
file is absent, _chmod OSError swallowing in both store classes, and the
supervise volume/env/daemon path in _bundle_launch_spec.

Diff-coverage rises from 89.2% to 94.6% (176/186 changed lines).
2026-07-02 02:59:26 +00:00
didericis-claude 244ad6a914 refactor: extract QueueStore and AuditStore to their own modules
lint / lint (push) Successful in 2m2s
test / unit (pull_request) Successful in 56s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Failing after 59s
Moves _QueueStore → bot_bottle/queue_store.py (public QueueStore) and
_AuditStore → bot_bottle/audit_store.py (public AuditStore). Removes
the public queue_db_path() function; QueueStore resolves the DB path
via host_db_path() on the host, or via the SUPERVISE_DB_PATH env var
in the sidecar container (internal mechanism, not public API).

Adds queue_store.py and audit_store.py to Dockerfile.sidecars so the
sidecar bundle picks them up. Updates __all__ in supervise.py.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-01 21:45:08 +00:00
didericis-codex 29904609da fix(supervise): remove queue directory from db-backed flow
lint / lint (push) Successful in 2m4s
test / unit (pull_request) Successful in 59s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m10s
2026-07-01 19:50:38 +00:00
didericis-codex 3067b067d2 fix(supervise): store queue rows in host sqlite db
lint / lint (push) Successful in 2m5s
test / unit (pull_request) Successful in 58s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m2s
2026-07-01 19:33:43 +00:00
didericis-codex 212551df9a docs(prd): activate sqlite local storage
test / unit (pull_request) Successful in 55s
test / integration (pull_request) Successful in 18s
test / coverage (pull_request) Successful in 1m6s
2026-07-01 16:57:54 +00:00
didericis-codex f1b8bbdfa1 test(supervise): update edge cases for sqlite storage
lint / lint (push) Successful in 1m55s
test / unit (pull_request) Successful in 53s
test / integration (pull_request) Successful in 20s
test / coverage (pull_request) Successful in 1m10s
2026-07-01 16:57:45 +00:00
didericis-codex 08918f9a8a feat(supervise): store queue and audit data in sqlite
lint / lint (push) Failing after 1m53s
test / unit (pull_request) Failing after 45s
test / integration (pull_request) Successful in 17s
test / coverage (pull_request) Failing after 50s
2026-07-01 16:56:23 +00:00
didericis-codex 9af02831ea docs(prd): add sqlite local storage plan 2026-07-01 16:53:23 +00:00
Quality Badge Bot 5970b785aa chore: update quality badges
- Coverage: 83%
- Core coverage: 95%

[skip ci]
2026-07-01 16:51:08 +00:00
didericis 2f5cf81cf5 fix(git-gate): defer dynamic key provisioning
lint / lint (push) Successful in 1m59s
test / unit (push) Successful in 49s
test / integration (push) Successful in 23s
test / coverage (push) Successful in 1m0s
Update Quality Badges / update-badges (push) Successful in 53s
2026-07-01 12:45:46 -04:00
didericis 4a1e667306 fix(git-gate): inline GIT_GATE_TIMEOUT_SECS to fix git-http ImportError
lint / lint (push) Successful in 1m56s
test / unit (push) Successful in 48s
test / integration (push) Successful in 20s
test / coverage (push) Successful in 1m2s
Update Quality Badges / update-badges (push) Successful in 52s
git_http_backend.py is copied flat into the sidecar bundle image as a
standalone script, not as part of the bot_bottle package, and
git_gate.py/git_gate_render.py are never copied in. Its relative
import of GIT_GATE_TIMEOUT_SECS crashed the git-http daemon (port
9420) on every startup, silently leaving the smart-HTTP git-gate
transport down while the other sidecar daemons stayed up.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-01 11:53:26 -04:00
didericis b93fe58523 feat(cli): add headless launch mode for orchestrators
test / unit (pull_request) Successful in 47s
test / integration (pull_request) Successful in 16s
test / coverage (pull_request) Successful in 1m4s
lint / lint (push) Successful in 2m0s
test / unit (push) Successful in 48s
test / integration (push) Successful in 18s
test / coverage (push) Successful in 57s
Update Quality Badges / update-badges (push) Successful in 57s
`--headless` is a non-interactive launch path for `cli.py start`:
agent, bottles, label, and color come from flags + manifest defaults
with no TUI selectors and no y/N preflight (auto-confirmed via a new
`assume_yes` param threaded into the shared `_launch_bottle` core).

- `--bottle` (repeatable) defaults to the agent's own `bottle:`;
  `--label` defaults to the agent name and auto-uniquifies on slug
  collision; `--color` defaults to none.
- `--prompt TEXT` is required in headless mode and is delivered to the
  agent via a new `headless_prompt(prompt)` method on `AgentProvider`,
  implemented for claude (`-p`), codex (positional), and pi (`-p`).
- The agent still execs on inherited stdio/PTY, so whatever allocates
  the PTY drives the live session; only the launch chrome is headless.
- `--headless --dry-run` previews the resolved plan without launching.

Adds unit coverage in tests/unit/test_cli_start_headless.py and
headless_prompt tests for each provider. Also stubs headless_prompt on
the in-test AgentProvider subclasses so the unit suite collects cleanly.

Closes #315.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01WL77TgFxKbs3cidGMG9dz7
2026-06-30 15:08:14 -04:00
41 changed files with 1444 additions and 975 deletions
+6 -2
View File
@@ -18,7 +18,7 @@
# /git-gate-entrypoint.sh docker-cp'd at start time # /git-gate-entrypoint.sh docker-cp'd at start time
# /git-gate/creds/* docker-cp'd at start time # /git-gate/creds/* docker-cp'd at start time
# /git/* bare repos, populated at runtime # /git/* bare repos, populated at runtime
# /run/supervise/queue/ bind-mounted at run time # /run/supervise/bot-bottle.db bind-mounted at run time
# /home/mitmproxy/.mitmproxy/ mitmproxy CA dir # /home/mitmproxy/.mitmproxy/ mitmproxy CA dir
# #
# Exposed ports inside the container: # Exposed ports inside the container:
@@ -66,6 +66,10 @@ COPY bot_bottle/egress_dlp_config.py /app/egress_dlp_config.py
COPY bot_bottle/egress_addon.py /app/egress_addon.py COPY bot_bottle/egress_addon.py /app/egress_addon.py
COPY bot_bottle/dlp_detectors.py /app/dlp_detectors.py COPY bot_bottle/dlp_detectors.py /app/dlp_detectors.py
COPY bot_bottle/yaml_subset.py /app/yaml_subset.py COPY bot_bottle/yaml_subset.py /app/yaml_subset.py
COPY bot_bottle/migrations.py /app/migrations.py
COPY bot_bottle/db_store.py /app/db_store.py
COPY bot_bottle/queue_store.py /app/queue_store.py
COPY bot_bottle/audit_store.py /app/audit_store.py
COPY bot_bottle/supervise.py /app/supervise.py COPY bot_bottle/supervise.py /app/supervise.py
COPY bot_bottle/supervise_server.py /app/supervise_server.py COPY bot_bottle/supervise_server.py /app/supervise_server.py
COPY bot_bottle/sidecar_init.py /app/sidecar_init.py COPY bot_bottle/sidecar_init.py /app/sidecar_init.py
@@ -81,7 +85,7 @@ RUN mkdir -p \
/etc/git-gate \ /etc/git-gate \
/git-gate/creds \ /git-gate/creds \
/git \ /git \
/run/supervise/queue \ /run/supervise \
/home/mitmproxy/.mitmproxy /home/mitmproxy/.mitmproxy
# Documentation only — the compose renderer publishes whichever # Documentation only — the compose renderer publishes whichever
+2 -2
View File
@@ -5,8 +5,8 @@
# bot-bottle # bot-bottle
[![test](https://gitea.dideric.is/didericis/bot-bottle/actions/workflows/test.yml/badge.svg?branch=main)](https://gitea.dideric.is/didericis/bot-bottle/actions?workflow=test.yml) [![test](https://gitea.dideric.is/didericis/bot-bottle/actions/workflows/test.yml/badge.svg?branch=main)](https://gitea.dideric.is/didericis/bot-bottle/actions?workflow=test.yml)
[![coverage](https://img.shields.io/badge/coverage-84%25-brightgreen)](https://coverage.readthedocs.io/) [![coverage](https://img.shields.io/badge/coverage-83%25-brightgreen)](https://coverage.readthedocs.io/)
[![core coverage](https://img.shields.io/badge/core%20coverage-96%25-brightgreen)](https://gitea.dideric.is/didericis/bot-bottle/src/branch/main/docs/decisions/0004-coverage-policy.md) [![core coverage](https://img.shields.io/badge/core%20coverage-95%25-brightgreen)](https://gitea.dideric.is/didericis/bot-bottle/src/branch/main/docs/decisions/0004-coverage-policy.md)
**Problem:** Developer wants to run a coding agent without supervision, but they don't want a prompt injected or misbehaving agent wrecking their environment or exfiltrating sensitive data. **Problem:** Developer wants to run a coding agent without supervision, but they don't want a prompt injected or misbehaving agent wrecking their environment or exfiltrating sensitive data.
+9
View File
@@ -209,6 +209,15 @@ class AgentProvider(ABC):
the supervise sidecar is reachable. No-op when the supervise sidecar is reachable. No-op when
`plan.supervise_plan is None`.""" `plan.supervise_plan is None`."""
@abstractmethod
def headless_prompt(self, prompt: str) -> list[str]:
"""Return the agent CLI args that deliver `prompt` as the
initial task in a non-interactive (headless) session.
Called only when ``--prompt`` is passed to
``./cli.py start --headless``; the returned args are appended
after the provider's ``bypass_args`` and ``startup_args``."""
def provision_ca(self, bottle: "Bottle", plan: "BottlePlan") -> None: def provision_ca(self, bottle: "Bottle", plan: "BottlePlan") -> None:
"""Install the egress MITM CA into the agent's trust store. """Install the egress MITM CA into the agent's trust store.
+113
View File
@@ -0,0 +1,113 @@
"""SQLite-backed audit store for supervise (PRD 0013)."""
from __future__ import annotations
import sqlite3
from pathlib import Path
from typing import TYPE_CHECKING
if TYPE_CHECKING:
from .supervise import AuditEntry
try:
from .db_store import DbStore
from .migrations import TableMigrations
except ImportError:
from db_store import DbStore # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
from migrations import TableMigrations # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
def get_supervise_mod() -> object:
"""Lazy import of supervise to avoid a circular-import at module init time.
Mirrors our own module identity so patches on supervise.bot_bottle_root
propagate correctly in both flat (sidecar / sys.path-injection tests) and
package contexts."""
import sys
sv_name = "supervise" if __name__ == "audit_store" else "bot_bottle.supervise"
if sv_name in sys.modules:
return sys.modules[sv_name]
try:
import bot_bottle.supervise as _m
except ImportError:
import supervise as _m # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
return _m
# One entry per schema version: _MIGRATIONS.migrations[0] brings a fresh DB
# to version 1, [1] to version 2, and so on. Add new migrations at the end;
# never edit existing ones.
_MIGRATIONS = TableMigrations("audit_store", [
# v1 — initial schema
"""
CREATE TABLE IF NOT EXISTS supervise_audit_entries (
id INTEGER PRIMARY KEY AUTOINCREMENT,
timestamp TEXT NOT NULL,
bottle_slug TEXT NOT NULL,
component TEXT NOT NULL,
operator_action TEXT NOT NULL,
operator_notes TEXT NOT NULL,
justification TEXT NOT NULL,
diff TEXT NOT NULL
)
""",
])
class AuditStore(DbStore):
"""SQLite-backed persistent store for supervise audit entries."""
def __init__(self, db_path: Path | None = None) -> None:
resolved = db_path or get_supervise_mod().host_db_path() # type: ignore[attr-defined]
super().__init__(resolved, _MIGRATIONS)
def write_audit_entry(self, entry: AuditEntry) -> Path:
with self._connect() as conn:
conn.execute(
"""
INSERT INTO supervise_audit_entries (
timestamp, bottle_slug, component, operator_action,
operator_notes, justification, diff
) VALUES (?, ?, ?, ?, ?, ?, ?)
""",
(
entry.timestamp,
entry.bottle_slug,
entry.component,
entry.operator_action,
entry.operator_notes,
entry.justification,
entry.diff,
),
)
self._chmod()
return self.db_path
def read_audit_entries(self, component: str, slug: str) -> list[AuditEntry]:
if not self.db_path.is_file():
return []
with self._connect() as conn:
rows = conn.execute(
"""
SELECT * FROM supervise_audit_entries
WHERE component = ? AND bottle_slug = ?
ORDER BY id
""",
(component, slug),
).fetchall()
return [self._row_to_entry(row) for row in rows]
@staticmethod
def _row_to_entry(row: sqlite3.Row) -> AuditEntry:
m = get_supervise_mod()
return m.AuditEntry( # type: ignore[attr-defined]
timestamp=row["timestamp"],
bottle_slug=row["bottle_slug"],
component=row["component"],
operator_action=row["operator_action"],
operator_notes=row["operator_notes"],
justification=row["justification"],
diff=row["diff"],
)
__all__ = ["AuditStore"]
+4 -5
View File
@@ -34,7 +34,7 @@ from ...egress import (
from ...git_gate import GIT_GATE_HOSTNAME from ...git_gate import GIT_GATE_HOSTNAME
from ...log import die, warn from ...log import die, warn
from ...supervise import ( from ...supervise import (
QUEUE_DIR_IN_CONTAINER, DB_PATH_IN_CONTAINER,
SUPERVISE_HOSTNAME, SUPERVISE_HOSTNAME,
SUPERVISE_PORT, SUPERVISE_PORT,
) )
@@ -163,16 +163,15 @@ def _sidecar_bundle_service(plan: DockerBottlePlan) -> dict[str, Any]:
if sp is not None: if sp is not None:
env += [ env += [
f"SUPERVISE_BOTTLE_SLUG={plan.slug}", f"SUPERVISE_BOTTLE_SLUG={plan.slug}",
f"SUPERVISE_QUEUE_DIR={QUEUE_DIR_IN_CONTAINER}", f"SUPERVISE_DB_PATH={DB_PATH_IN_CONTAINER}",
f"SUPERVISE_PORT={SUPERVISE_PORT}", f"SUPERVISE_PORT={SUPERVISE_PORT}",
] ]
volumes.append({ volumes.append({
"type": "bind", "type": "bind",
"source": str(sp.queue_dir), "source": str(sp.db_path),
"target": QUEUE_DIR_IN_CONTAINER, "target": DB_PATH_IN_CONTAINER,
"read_only": False, "read_only": False,
}) })
internal_aliases = [EGRESS_HOSTNAME] internal_aliases = [EGRESS_HOSTNAME]
if gp.upstreams: if gp.upstreams:
internal_aliases.append(GIT_GATE_HOSTNAME) internal_aliases.append(GIT_GATE_HOSTNAME)
+9 -1
View File
@@ -37,7 +37,10 @@ from pathlib import Path
from typing import Callable, Generator from typing import Callable, Generator
from ...egress import egress_resolve_token_values from ...egress import egress_resolve_token_values
from ...git_gate import revoke_git_gate_provisioned_keys from ...git_gate import (
provision_git_gate_dynamic_keys,
revoke_git_gate_provisioned_keys,
)
from ...log import info, warn from ...log import info, warn
from . import network as network_mod from . import network as network_mod
from . import util as docker_mod from . import util as docker_mod
@@ -118,6 +121,11 @@ def launch(
git_gate_plan = plan.git_gate_plan git_gate_plan = plan.git_gate_plan
if git_gate_plan.upstreams: if git_gate_plan.upstreams:
git_gate_plan = provision_git_gate_dynamic_keys(
plan.manifest.bottle,
git_gate_plan,
git_gate_state_dir(plan.slug),
)
git_gate_plan = dataclasses.replace( git_gate_plan = dataclasses.replace(
git_gate_plan, git_gate_plan,
internal_network=internal_network, internal_network=internal_network,
+22 -4
View File
@@ -28,9 +28,12 @@ from ...egress import (
egress_resolve_token_values, egress_resolve_token_values,
egress_sidecar_env_entries, egress_sidecar_env_entries,
) )
from ...git_gate import revoke_git_gate_provisioned_keys from ...git_gate import (
provision_git_gate_dynamic_keys,
revoke_git_gate_provisioned_keys,
)
from ...log import die, info, warn from ...log import die, info, warn
from ...supervise import QUEUE_DIR_IN_CONTAINER, SUPERVISE_PORT from ...supervise import DB_PATH_IN_CONTAINER, SUPERVISE_PORT
from ...util import expand_tilde from ...util import expand_tilde
from ..docker.egress import EGRESS_CA_IN_CONTAINER, EGRESS_PORT from ..docker.egress import EGRESS_CA_IN_CONTAINER, EGRESS_PORT
from ..docker.git_gate import ( from ..docker.git_gate import (
@@ -98,6 +101,8 @@ def launch(
egress_network = egress_network_name(plan.slug) egress_network = egress_network_name(plan.slug)
_create_networks(internal_network, egress_network, stack) _create_networks(internal_network, egress_network, stack)
plan = _provision_git_gate_keys(plan)
sidecar_name = sidecar_container_name(plan.slug) sidecar_name = sidecar_container_name(plan.slug)
container_mod.force_remove_container(sidecar_name) container_mod.force_remove_container(sidecar_name)
_start_sidecar_bundle(plan, sidecar_name, internal_network, egress_network) _start_sidecar_bundle(plan, sidecar_name, internal_network, egress_network)
@@ -241,6 +246,19 @@ def _stamp_agent_urls(
) )
def _provision_git_gate_keys(
plan: MacosContainerBottlePlan,
) -> MacosContainerBottlePlan:
if not plan.git_gate_plan.upstreams:
return plan
git_gate_plan = provision_git_gate_dynamic_keys(
plan.manifest.bottle,
plan.git_gate_plan,
git_gate_state_dir(plan.slug),
)
return dataclasses.replace(plan, git_gate_plan=git_gate_plan)
def _stage_git_gate(plan: MacosContainerBottlePlan, sidecar_name: str) -> None: def _stage_git_gate(plan: MacosContainerBottlePlan, sidecar_name: str) -> None:
gp = plan.git_gate_plan gp = plan.git_gate_plan
if not gp.upstreams: if not gp.upstreams:
@@ -361,7 +379,7 @@ def _sidecar_env_entries(plan: MacosContainerBottlePlan) -> tuple[str, ...]:
if plan.supervise_plan is not None: if plan.supervise_plan is not None:
env += [ env += [
f"SUPERVISE_BOTTLE_SLUG={plan.slug}", f"SUPERVISE_BOTTLE_SLUG={plan.slug}",
f"SUPERVISE_QUEUE_DIR={QUEUE_DIR_IN_CONTAINER}", f"SUPERVISE_DB_PATH={DB_PATH_IN_CONTAINER}",
f"SUPERVISE_PORT={SUPERVISE_PORT}", f"SUPERVISE_PORT={SUPERVISE_PORT}",
] ]
return tuple(env) return tuple(env)
@@ -387,7 +405,7 @@ def _sidecar_mounts(
sp = plan.supervise_plan sp = plan.supervise_plan
if sp is not None: if sp is not None:
mounts.append((str(sp.queue_dir), QUEUE_DIR_IN_CONTAINER, False)) mounts.append((str(sp.db_path), DB_PATH_IN_CONTAINER, False))
return tuple(mounts) return tuple(mounts)
+21 -4
View File
@@ -27,7 +27,7 @@ from ...egress import (
egress_resolve_token_values, egress_resolve_token_values,
egress_sidecar_env_entries, egress_sidecar_env_entries,
) )
from ...supervise import QUEUE_DIR_IN_CONTAINER, SUPERVISE_PORT from ...supervise import DB_PATH_IN_CONTAINER, SUPERVISE_PORT
from ...util import expand_tilde from ...util import expand_tilde
from ..docker import util as docker_mod from ..docker import util as docker_mod
from ..docker.egress import ( from ..docker.egress import (
@@ -41,7 +41,10 @@ from ..docker.git_gate import (
GIT_GATE_ENTRYPOINT_IN_CONTAINER, GIT_GATE_ENTRYPOINT_IN_CONTAINER,
GIT_GATE_HOOK_IN_CONTAINER, GIT_GATE_HOOK_IN_CONTAINER,
) )
from ...git_gate import revoke_git_gate_provisioned_keys from ...git_gate import (
provision_git_gate_dynamic_keys,
revoke_git_gate_provisioned_keys,
)
from ...log import info, warn from ...log import info, warn
from ...bottle_state import ( from ...bottle_state import (
egress_state_dir, egress_state_dir,
@@ -174,6 +177,7 @@ def _start_bundle(
) -> SmolmachinesBottlePlan: ) -> SmolmachinesBottlePlan:
"""Build the BundleLaunchSpec, resolve token env, start the """Build the BundleLaunchSpec, resolve token env, start the
sidecar bundle container, and register teardown.""" sidecar bundle container, and register teardown."""
plan = _provision_git_gate_keys(plan)
bundle_spec = _bundle_launch_spec(plan, network, loopback_ip) bundle_spec = _bundle_launch_spec(plan, network, loopback_ip)
token_env = _resolve_token_env(plan, dict(os.environ)) token_env = _resolve_token_env(plan, dict(os.environ))
_bundle.ensure_bundle_image(bundle_spec.image) _bundle.ensure_bundle_image(bundle_spec.image)
@@ -182,6 +186,19 @@ def _start_bundle(
return plan return plan
def _provision_git_gate_keys(
plan: SmolmachinesBottlePlan,
) -> SmolmachinesBottlePlan:
if not plan.git_gate_plan.upstreams:
return plan
git_gate_plan = provision_git_gate_dynamic_keys(
plan.manifest.bottle,
plan.git_gate_plan,
git_gate_state_dir(plan.slug),
)
return dataclasses.replace(plan, git_gate_plan=git_gate_plan)
def _discover_urls( def _discover_urls(
plan: SmolmachinesBottlePlan, plan: SmolmachinesBottlePlan,
loopback_ip: str, loopback_ip: str,
@@ -352,10 +369,10 @@ def _bundle_launch_spec(
daemons.append("supervise") daemons.append("supervise")
env += [ env += [
f"SUPERVISE_BOTTLE_SLUG={plan.slug}", f"SUPERVISE_BOTTLE_SLUG={plan.slug}",
f"SUPERVISE_QUEUE_DIR={QUEUE_DIR_IN_CONTAINER}", f"SUPERVISE_DB_PATH={DB_PATH_IN_CONTAINER}",
f"SUPERVISE_PORT={SUPERVISE_PORT}", f"SUPERVISE_PORT={SUPERVISE_PORT}",
] ]
volumes.append((str(sp.queue_dir), QUEUE_DIR_IN_CONTAINER, False)) volumes.append((str(sp.db_path), DB_PATH_IN_CONTAINER, False))
# Container ports the agent reaches from the smolvm guest — # Container ports the agent reaches from the smolvm guest —
# published on host loopback so the guest can dial via TSI + # published on host loopback so the guest can dial via TSI +
+2 -3
View File
@@ -284,9 +284,8 @@ def git_gate_state_dir(identity: str) -> Path:
def supervise_state_dir(identity: str) -> Path: def supervise_state_dir(identity: str) -> Path:
"""State subdir reserved for supervise sidecar bind-mount sources. """State subdir reserved for supervise sidecar bind-mount sources.
The queue dir is intentionally NOT under here — it lives at Runtime queue/audit rows live in the host-level bot-bottle SQLite
~/.bot-bottle/queue/<slug>/ alongside the audit logs, so it database, so they survive state-dir cleanup."""
survives state-dir cleanup."""
return bottle_state_dir(identity) / _SUPERVISE_SUBDIR return bottle_state_dir(identity) / _SUPERVISE_SUBDIR
+142 -7
View File
@@ -2,6 +2,11 @@
interactive claude-code session. The container is torn down when the interactive claude-code session. The container is torn down when the
session ends. session ends.
`--headless` selects a non-interactive launch (agent/bottles/label from
flags, no TUI selectors, no y/N prompt) for orchestrators,
CI, and webhook dispatch. The agent still execs on the inherited
stdio/PTY, so an orchestrator that allocates the PTY drives the session.
The launch core is shared with `cli.py resume <identity>` through The launch core is shared with `cli.py resume <identity>` through
the private orchestrator `_launch_bottle`. the private orchestrator `_launch_bottle`.
""" """
@@ -16,7 +21,7 @@ import tempfile
from pathlib import Path from pathlib import Path
from typing import Callable from typing import Callable
from ..agent_provider import runtime_for from ..agent_provider import get_provider, runtime_for
from ..backend import ( from ..backend import (
Bottle, Bottle,
BottleSpec, BottleSpec,
@@ -31,7 +36,7 @@ from ..bottle_state import (
is_preserved, is_preserved,
mark_preserved, mark_preserved,
) )
from ..log import info from ..log import info, die
from ..manifest import Manifest, ManifestIndex from ..manifest import Manifest, ManifestIndex
from ._common import PROG, USER_CWD, read_tty_line from ._common import PROG, USER_CWD, read_tty_line
from . import tui from . import tui
@@ -50,6 +55,39 @@ def cmd_start(argv: list[str]) -> int:
"or host auto-selection). Overrides the env var when set." "or host auto-selection). Overrides the env var when set."
), ),
) )
parser.add_argument(
"--headless",
action="store_true",
help=(
"non-interactive launch: take agent/bottles/label from flags, "
"skip all prompts. For orchestrators, CI, and webhooks."
),
)
parser.add_argument(
"--bottle",
action="append",
default=None,
metavar="NAME",
help=(
"bottle to compose, repeatable (order = merge order). In "
"--headless, defaults to the agent's own bottle when omitted."
),
)
parser.add_argument(
"--label",
default=None,
help="bottle label / terminal title (--headless default: agent name)",
)
parser.add_argument(
"--color",
default=None,
help="bottle color, one of the 16 ANSI color names (--headless default: none)",
)
parser.add_argument(
"--prompt",
default=None,
help="initial task prompt delivered to the agent (required with --headless)",
)
parser.add_argument( parser.add_argument(
"name", "name",
nargs="?", nargs="?",
@@ -61,6 +99,12 @@ def cmd_start(argv: list[str]) -> int:
dry_run = args.dry_run or os.environ.get("BOT_BOTTLE_DRY_RUN") == "1" dry_run = args.dry_run or os.environ.get("BOT_BOTTLE_DRY_RUN") == "1"
manifest = ManifestIndex.resolve(USER_CWD) manifest = ManifestIndex.resolve(USER_CWD)
backend_name: str | None = args.backend
if args.headless:
return _start_headless(
manifest, args, dry_run=dry_run, backend_name=backend_name
)
agent_name: str | None = args.name agent_name: str | None = args.name
if agent_name is None: if agent_name is None:
@@ -71,8 +115,6 @@ def cmd_start(argv: list[str]) -> int:
if agent_name is None: if agent_name is None:
return 0 return 0
backend_name: str | None = args.backend
# Bottle multiselect: always show after agent selection so operators # Bottle multiselect: always show after agent selection so operators
# can compose bottles at launch time without editing agent manifests. # can compose bottles at launch time without editing agent manifests.
available_bottles = manifest.all_bottle_names available_bottles = manifest.all_bottle_names
@@ -109,6 +151,83 @@ def cmd_start(argv: list[str]) -> int:
) )
# --- Headless launch -----------------------------------------------------
def _start_headless(
manifest: ManifestIndex,
args: argparse.Namespace,
*,
dry_run: bool,
backend_name: str | None,
) -> int:
"""Non-interactive launch path for orchestrators / CI / webhooks.
Resolves agent, bottles, label, and color from flags + manifest
defaults instead of the TUI selectors, and auto-confirms the
preflight. Otherwise runs the same launch core as the interactive
path, so the agent still execs on the inherited stdio/PTY an
orchestrator allocates that PTY and relays it to its
desktop/mobile clients."""
agent_name = args.name
if not agent_name:
die("--headless requires an agent name: ./cli.py start <agent> --headless")
manifest.require_agent(agent_name) # raises ManifestError if unknown
prompt = args.prompt
if not prompt:
die(
"--headless requires --prompt: "
"./cli.py start <agent> --headless --prompt 'Do the thing'"
)
if args.bottle:
bottle_names: tuple[str, ...] = tuple(args.bottle)
else:
default_bottle = _peek_agent_bottle(manifest, agent_name)
if not default_bottle:
die(
f"--headless: agent '{agent_name}' has no default bottle; "
f"pass one or more --bottle NAME"
)
bottle_names = (default_bottle,)
label = _uniquify_label_headless(args.label or agent_name)
spec = BottleSpec(
manifest=manifest,
agent_name=agent_name,
copy_cwd=args.cwd,
user_cwd=USER_CWD,
label=label,
color=args.color or "",
bottle_names=bottle_names,
)
return _launch_bottle(
spec,
dry_run=dry_run,
backend_name=backend_name,
assume_yes=True,
headless_prompt_text=prompt,
)
def _uniquify_label_headless(label: str) -> str:
"""Non-interactive analog of `_resolve_unique_label`: if the label's
slug collides with a running bottle, append -2, -3, until free,
logging the chosen label. Orchestrators fire-and-forget many bottles,
so silently picking a free name beats erroring on every collision."""
active_slugs = {a.slug for a in enumerate_active_agents()}
if docker_mod.slugify(label) not in active_slugs:
return label
n = 2
while docker_mod.slugify(f"{label}-{n}") in active_slugs:
n += 1
chosen = f"{label}-{n}"
info(f"label '{label}' already in use; using '{chosen}'")
return chosen
# --- Launch helpers ------------------------------------------------------ # --- Launch helpers ------------------------------------------------------
@@ -376,10 +495,19 @@ def _launch_bottle(
*, *,
dry_run: bool, dry_run: bool,
backend_name: str | None = None, backend_name: str | None = None,
assume_yes: bool = False,
headless_prompt_text: str = "",
) -> int: ) -> int:
"""Shared launch core for `start` and `resume`. Builds the plan, """Shared launch core for `start` and `resume`. Builds the plan,
prints / dry-runs / prompts as appropriate, brings the bottle up, prints / dry-runs / prompts as appropriate, brings the bottle up,
attaches claude, and prints the resume hint on session end.""" attaches claude, and prints the resume hint on session end.
`assume_yes` skips the interactive y/N confirmation (headless /
orchestrator launches), where there is no human at the prompt.
`headless_prompt_text` is passed to the provider's `headless_prompt`
method and the resulting args are appended to startup_args so the
agent receives the initial task without interactive input."""
stage_dir = Path(tempfile.mkdtemp(prefix="bot-bottle-stage.")) stage_dir = Path(tempfile.mkdtemp(prefix="bot-bottle-stage."))
identity = "" identity = ""
try: try:
@@ -387,7 +515,7 @@ def _launch_bottle(
spec, spec,
stage_dir=stage_dir, stage_dir=stage_dir,
render_preflight=_text_render_preflight(), render_preflight=_text_render_preflight(),
prompt_yes=_text_prompt_yes, prompt_yes=(lambda: True) if assume_yes else _text_prompt_yes,
dry_run=dry_run, dry_run=dry_run,
backend_name=backend_name, backend_name=backend_name,
) )
@@ -397,10 +525,17 @@ def _launch_bottle(
backend = get_bottle_backend(backend_name) backend = get_bottle_backend(backend_name)
with backend.launch(plan) as bottle: with backend.launch(plan) as bottle:
agent_provider_template = getattr(plan, "agent_provider_template", "claude") agent_provider_template = getattr(plan, "agent_provider_template", "claude")
extra_args: tuple[str, ...] = ()
if headless_prompt_text:
extra_args = tuple(
get_provider(agent_provider_template).headless_prompt(
headless_prompt_text
)
)
exit_code = attach_agent( exit_code = attach_agent(
bottle, bottle,
agent_provider_template=agent_provider_template, agent_provider_template=agent_provider_template,
startup_args=plan.agent_provision.startup_args, startup_args=plan.agent_provision.startup_args + extra_args,
) )
info( info(
f"session ended (exit {exit_code}); " f"session ended (exit {exit_code}); "
+9 -16
View File
@@ -45,7 +45,7 @@ from ..supervise import (
TOOL_EGRESS_BLOCK, TOOL_EGRESS_BLOCK,
TOOL_GITLEAKS_ALLOW, TOOL_GITLEAKS_ALLOW,
TOOL_EGRESS_TOKEN_ALLOW, TOOL_EGRESS_TOKEN_ALLOW,
list_pending_proposals, list_all_pending_proposals,
render_diff, render_diff,
write_audit_entry, write_audit_entry,
write_response, write_response,
@@ -63,10 +63,9 @@ _REPORT_ONLY_TOOLS: tuple[str, ...] = (TOOL_GITLEAKS_ALLOW, TOOL_EGRESS_TOKEN_AL
@dataclass(frozen=True) @dataclass(frozen=True)
class QueuedProposal: class QueuedProposal:
"""A pending proposal plus the queue dir it was found in.""" """A pending proposal from the supervise queue."""
proposal: Proposal proposal: Proposal
queue_dir: Path
# Errors any remediation engine may raise. Caught by the TUI key # Errors any remediation engine may raise. Caught by the TUI key
@@ -86,16 +85,11 @@ def apply_routes_change(slug: str, content: str) -> tuple[str, str]:
def discover_pending() -> list[QueuedProposal]: def discover_pending() -> list[QueuedProposal]:
"""Walk ~/.bot-bottle/queue/* and collect pending proposals.""" """Collect pending proposals across bottles."""
queue_root = _supervise.bot_bottle_root() / "queue" out = [
if not queue_root.is_dir(): QueuedProposal(proposal=proposal)
return [] for proposal in list_all_pending_proposals()
out: list[QueuedProposal] = [] ]
for slug_dir in sorted(queue_root.iterdir()):
if not slug_dir.is_dir():
continue
for proposal in list_pending_proposals(slug_dir):
out.append(QueuedProposal(proposal=proposal, queue_dir=slug_dir))
out.sort(key=lambda q: q.proposal.arrival_timestamp) out.sort(key=lambda q: q.proposal.arrival_timestamp)
return out return out
@@ -118,7 +112,6 @@ def _detail_lines(
(f"tool: {p.tool}", 0), (f"tool: {p.tool}", 0),
(f"id: {p.id}", 0), (f"id: {p.id}", 0),
(f"arrived: {p.arrival_timestamp}", 0), (f"arrived: {p.arrival_timestamp}", 0),
(f"queue: {qp.queue_dir}", 0),
("", 0), ("", 0),
("justification:", 0), ("justification:", 0),
] ]
@@ -165,7 +158,7 @@ def approve(
notes=notes, notes=notes,
final_file=final_file, final_file=final_file,
) )
write_response(qp.queue_dir, response) write_response(qp.proposal.bottle_slug, response)
_write_audit( _write_audit(
qp, action=status, notes=notes, qp, action=status, notes=notes,
diff_before=diff_before, diff_after=diff_after, diff_before=diff_before, diff_after=diff_after,
@@ -179,7 +172,7 @@ def reject(qp: QueuedProposal, *, reason: str) -> None:
notes=reason, notes=reason,
final_file=None, final_file=None,
) )
write_response(qp.queue_dir, response) write_response(qp.proposal.bottle_slug, response)
_write_audit(qp, action=STATUS_REJECTED, notes=reason, diff_before="", diff_after="") _write_audit(qp, action=STATUS_REJECTED, notes=reason, diff_before="", diff_after="")
@@ -313,6 +313,9 @@ class ClaudeAgentProvider(AgentProvider):
f"claude mcp add --scope user --transport http supervise {supervise_url}" f"claude mcp add --scope user --transport http supervise {supervise_url}"
) )
def headless_prompt(self, prompt: str) -> list[str]:
return ["-p", prompt]
def _exec(bottle: "Bottle", script: str, error: str) -> None: def _exec(bottle: "Bottle", script: str, error: str) -> None:
result = bottle.exec(script, user="root") result = bottle.exec(script, user="root")
@@ -279,6 +279,9 @@ class CodexAgentProvider(AgentProvider):
f"codex mcp add supervise --url {shlex.quote(supervise_url)}" f"codex mcp add supervise --url {shlex.quote(supervise_url)}"
) )
def headless_prompt(self, prompt: str) -> list[str]:
return [prompt]
def _exec(bottle: "Bottle", script: str, error: str) -> None: def _exec(bottle: "Bottle", script: str, error: str) -> None:
result = bottle.exec(script, user="root") result = bottle.exec(script, user="root")
+3
View File
@@ -315,6 +315,9 @@ class PiAgentProvider(AgentProvider):
) -> None: ) -> None:
del plan, bottle, supervise_url del plan, bottle, supervise_url
def headless_prompt(self, prompt: str) -> list[str]:
return ["-p", prompt]
def _exec(bottle: "Bottle", script: str, error: str) -> None: def _exec(bottle: "Bottle", script: str, error: str) -> None:
result = bottle.exec(script, user="root") result = bottle.exec(script, user="root")
+40
View File
@@ -0,0 +1,40 @@
"""Shared SQLite-backed store base class for bot-bottle (PRD 0013)."""
from __future__ import annotations
import sqlite3
from pathlib import Path
try:
from .migrations import TableMigrations
except ImportError:
from migrations import TableMigrations # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
class DbStore:
"""Base for SQLite-backed stores. Subclasses resolve db_path then call super().__init__."""
def __init__(self, db_path: Path, migrations: TableMigrations) -> None:
self.db_path = db_path
self._migrations = migrations
self.db_path.parent.mkdir(parents=True, exist_ok=True)
self._init()
def _connect(self) -> sqlite3.Connection:
conn = sqlite3.connect(self.db_path)
conn.row_factory = sqlite3.Row
return conn
def _init(self) -> None:
with self._connect() as conn:
self._migrations.apply(conn)
self._chmod()
def _chmod(self) -> None:
try:
self.db_path.chmod(0o600)
except OSError:
pass
__all__ = ["DbStore"]
+6 -9
View File
@@ -79,14 +79,13 @@ class EgressAddon:
# only — a restart re-prompts. Mutated only from the asyncio loop that # only — a restart re-prompts. Mutated only from the asyncio loop that
# runs the addon hooks, so no lock is needed. # runs the addon hooks, so no lock is needed.
self.safe_tokens: set[str] = set() self.safe_tokens: set[str] = set()
self._supervise_queue_dir = os.environ.get("SUPERVISE_QUEUE_DIR", "").strip()
self._supervise_slug = os.environ.get("SUPERVISE_BOTTLE_SLUG", "").strip() self._supervise_slug = os.environ.get("SUPERVISE_BOTTLE_SLUG", "").strip()
self._token_allow_timeout = _token_allow_timeout_from_env(os.environ) self._token_allow_timeout = _token_allow_timeout_from_env(os.environ)
self._reload(initial=True) self._reload(initial=True)
self._install_sighup() self._install_sighup()
def _supervise_available(self) -> bool: def _supervise_available(self) -> bool:
return bool(self._supervise_queue_dir and self._supervise_slug) return bool(self._supervise_slug)
def _reload(self, *, initial: bool = False) -> None: def _reload(self, *, initial: bool = False) -> None:
try: try:
@@ -393,9 +392,8 @@ class EgressAddon:
justification=_TOKEN_ALLOW_JUSTIFICATION, justification=_TOKEN_ALLOW_JUSTIFICATION,
current_file_hash=_sv.sha256_hex(payload), current_file_hash=_sv.sha256_hex(payload),
) )
queue_dir = Path(self._supervise_queue_dir)
try: try:
_sv.write_proposal(queue_dir, proposal) _sv.write_proposal(proposal)
except OSError as e: except OSError as e:
sys.stderr.write( sys.stderr.write(
f"egress: could not queue token-allow proposal: {e}; " f"egress: could not queue token-allow proposal: {e}; "
@@ -411,8 +409,8 @@ class EgressAddon:
**self._req_ctx(flow), **self._req_ctx(flow),
}) + "\n") }) + "\n")
response = await self._await_token_response(queue_dir, proposal.id) response = await self._await_token_response(proposal.id)
_sv.archive_proposal(queue_dir, proposal.id) _sv.archive_proposal(self._supervise_slug, proposal.id)
if response is not None and response.status in ( if response is not None and response.status in (
_sv.STATUS_APPROVED, _sv.STATUS_MODIFIED, _sv.STATUS_APPROVED, _sv.STATUS_MODIFIED,
@@ -439,16 +437,15 @@ class EgressAddon:
async def _await_token_response( async def _await_token_response(
self, self,
queue_dir: Path,
proposal_id: str, proposal_id: str,
) -> "_sv.Response | None": ) -> "_sv.Response | None":
"""Poll the queue dir for the operator's response without blocking the """Poll the DB for the operator's response without blocking the
proxy event loop. Returns the Response, or None on timeout.""" proxy event loop. Returns the Response, or None on timeout."""
loop = asyncio.get_running_loop() loop = asyncio.get_running_loop()
deadline = loop.time() + self._token_allow_timeout deadline = loop.time() + self._token_allow_timeout
while True: while True:
try: try:
return _sv.read_response(queue_dir, proposal_id) return _sv.read_response(self._supervise_slug, proposal_id)
except (OSError, ValueError, KeyError): except (OSError, ValueError, KeyError):
# Not written yet, or a partial/malformed write — retry until # Not written yet, or a partial/malformed write — retry until
# the deadline, then fail closed. # the deadline, then fail closed.
+6 -11
View File
@@ -30,7 +30,6 @@ backend-specific and lives on concrete subclasses (see
from __future__ import annotations from __future__ import annotations
import dataclasses
from abc import ABC from abc import ABC
from dataclasses import dataclass from dataclasses import dataclass
from pathlib import Path from pathlib import Path
@@ -53,6 +52,7 @@ from .git_gate_render import (
_gitconfig_validate_value, _gitconfig_validate_value,
) )
from .git_gate_provision import ( from .git_gate_provision import (
provision_git_gate_dynamic_keys,
revoke_git_gate_provisioned_keys, revoke_git_gate_provisioned_keys,
_provision_dynamic_key, _provision_dynamic_key,
_resolve_identity_file, _resolve_identity_file,
@@ -93,20 +93,14 @@ class GitGate(ABC):
entrypoint, pre-receive hook, and access-hook scripts (mode entrypoint, pre-receive hook, and access-hook scripts (mode
600) under `stage_dir`. Pure host-side, no docker subprocess. 600) under `stage_dir`. Pure host-side, no docker subprocess.
For `gitea` key entries, also generates and registers For `gitea` key entries, the returned upstream intentionally
a fresh deploy key via the forge API and writes the private key has an empty identity file. Backend launch fills that in after
+ key ID to `stage_dir`. the operator confirms the preflight.
Returned plan is incomplete: the launch step must fill Returned plan is incomplete: the launch step must fill
`internal_network` / `egress_network` via `dataclasses.replace` `internal_network` / `egress_network` via `dataclasses.replace`
before passing the plan to `.start`.""" before passing the plan to `.start`."""
upstreams_list = list(git_gate_upstreams_for_bottle(bottle)) upstreams = git_gate_upstreams_for_bottle(bottle)
for i, entry in enumerate(bottle.git):
upstreams_list[i] = dataclasses.replace(
upstreams_list[i],
identity_file=_resolve_identity_file(entry, slug, stage_dir),
)
upstreams = tuple(upstreams_list)
entrypoint = stage_dir / "git_gate_entrypoint.sh" entrypoint = stage_dir / "git_gate_entrypoint.sh"
entrypoint.write_text(git_gate_render_entrypoint(upstreams)) entrypoint.write_text(git_gate_render_entrypoint(upstreams))
entrypoint.chmod(0o600) entrypoint.chmod(0o600)
@@ -162,6 +156,7 @@ __all__ = [
"git_gate_render_entrypoint", "git_gate_render_entrypoint",
"git_gate_render_hook", "git_gate_render_hook",
"git_gate_render_access_hook", "git_gate_render_access_hook",
"provision_git_gate_dynamic_keys",
"revoke_git_gate_provisioned_keys", "revoke_git_gate_provisioned_keys",
"_gitconfig_validate_value", "_gitconfig_validate_value",
"_provision_dynamic_key", "_provision_dynamic_key",
+43
View File
@@ -9,10 +9,16 @@ imported (`deploy_key_provisioner`) to keep its cost off the host path.
from __future__ import annotations from __future__ import annotations
import os import os
import dataclasses
from pathlib import Path from pathlib import Path
from typing import TYPE_CHECKING
from .log import info from .log import info
from .manifest import ManifestBottle, ManifestGitEntry from .manifest import ManifestBottle, ManifestGitEntry
from .git_gate_render import GitGateUpstream
if TYPE_CHECKING:
from .git_gate import GitGatePlan
def _provision_dynamic_key( def _provision_dynamic_key(
entry: ManifestGitEntry, entry: ManifestGitEntry,
@@ -95,8 +101,45 @@ def _resolve_identity_file(entry: ManifestGitEntry, slug: str, stage_dir: Path)
return entry.IdentityFile return entry.IdentityFile
def provision_git_gate_dynamic_keys(
bottle: ManifestBottle,
plan: "GitGatePlan",
stage_dir: Path,
) -> "GitGatePlan":
"""Provision dynamic git-gate keys and return an updated plan.
This runs during backend launch, after the operator confirms the
preflight. Plan preparation intentionally stays side-effect-light:
dry-runs and aborted launches must not create remote deploy keys.
"""
if not plan.upstreams:
return plan
upstreams_by_name: dict[str, GitGateUpstream] = {
upstream.name: upstream for upstream in plan.upstreams
}
updated: list[GitGateUpstream] = []
for entry in bottle.git:
upstream = upstreams_by_name.get(entry.Name)
if upstream is None:
continue
if entry.Key.provider == "gitea":
identity_file = _provision_dynamic_key(entry, plan.slug, stage_dir)
upstream = dataclasses.replace(upstream, identity_file=identity_file)
updated.append(upstream)
if len(updated) != len(plan.upstreams):
updated_names = {u.name for u in updated}
for upstream in plan.upstreams:
if upstream.name not in updated_names:
updated.append(upstream)
return dataclasses.replace(plan, upstreams=tuple(updated))
__all__ = [ __all__ = [
"revoke_git_gate_provisioned_keys", "revoke_git_gate_provisioned_keys",
"provision_git_gate_dynamic_keys",
"_provision_dynamic_key", "_provision_dynamic_key",
"_resolve_identity_file", "_resolve_identity_file",
] ]
+38 -43
View File
@@ -234,13 +234,13 @@ import hashlib
import json import json
import os import os
import sys import sys
import uuid
from pathlib import Path from pathlib import Path
from bot_bottle import supervise as _sv
report_path = Path(sys.argv[1]) report_path = Path(sys.argv[1])
queue_dir = os.environ.get("SUPERVISE_QUEUE_DIR", "")
slug = os.environ.get("SUPERVISE_BOTTLE_SLUG", "") slug = os.environ.get("SUPERVISE_BOTTLE_SLUG", "")
if not queue_dir or not slug: if not slug:
sys.exit(2) sys.exit(2)
try: try:
@@ -277,31 +277,19 @@ for i, finding in enumerate(raw, 1):
]) ])
payload = "\n".join(lines).rstrip() + "\n" payload = "\n".join(lines).rstrip() + "\n"
proposal_id = str(uuid.uuid4()) proposal = _sv.Proposal.new(
proposal = { bottle_slug=slug,
"id": proposal_id, tool=_sv.TOOL_GITLEAKS_ALLOW,
"bottle_slug": slug, proposed_file=payload,
"tool": "gitleaks-allow", justification=(
"proposed_file": payload,
"justification": (
"git-gate found gitleaks findings hidden by # gitleaks:allow; " "git-gate found gitleaks findings hidden by # gitleaks:allow; "
"approve only for dummy test fixtures or confirmed false positives" "approve only for dummy test fixtures or confirmed false positives"
), ),
"arrival_timestamp": datetime.datetime.now( current_file_hash=hashlib.sha256(payload.encode("utf-8")).hexdigest(),
datetime.timezone.utc now=datetime.datetime.now(datetime.timezone.utc),
).isoformat(), )
"current_file_hash": hashlib.sha256(payload.encode("utf-8")).hexdigest(), _sv.write_proposal(proposal)
} print(proposal.id)
queue = Path(queue_dir)
queue.mkdir(parents=True, exist_ok=True)
path = queue / f"{proposal_id}.proposal.json"
tmp = path.with_suffix(path.suffix + ".tmp")
with tmp.open("w", encoding="utf-8") as f:
json.dump(proposal, f, indent=2)
f.write("\n")
os.chmod(tmp, 0o600)
os.replace(tmp, path)
print(proposal_id)
PY PY
) )
rc=$? rc=$?
@@ -314,8 +302,7 @@ PY
return 1 return 1
fi fi
queue_dir=${SUPERVISE_QUEUE_DIR:-} slug=${SUPERVISE_BOTTLE_SLUG:-}
response_file="$queue_dir/${proposal_id}.response.json"
timeout=${SUPERVISE_GITLEAKS_ALLOW_TIMEOUT_SECONDS:-300} timeout=${SUPERVISE_GITLEAKS_ALLOW_TIMEOUT_SECONDS:-300}
case "$timeout" in case "$timeout" in
''|*[!0-9]*) ''|*[!0-9]*)
@@ -327,26 +314,35 @@ PY
echo "git-gate: approve with './cli.py supervise' to continue this push" >&2 echo "git-gate: approve with './cli.py supervise' to continue this push" >&2
waited=0 waited=0
while [ "$waited" -lt "$timeout" ]; do while [ "$waited" -lt "$timeout" ]; do
if [ -f "$response_file" ]; then status=$(python3 - "$slug" "$proposal_id" <<'PY'
status=$(python3 - "$response_file" <<'PY'
import json
import sys import sys
from bot_bottle import supervise as _sv
slug = sys.argv[1]
try: try:
with open(sys.argv[1], encoding="utf-8") as f: response = _sv.read_response(slug, sys.argv[2])
raw = json.load(f) except FileNotFoundError:
except (OSError, json.JSONDecodeError): sys.exit(2)
sys.exit(1) print(response.status)
status = raw.get("status")
if not isinstance(status, str):
sys.exit(1)
print(status)
PY PY
) || status="" )
rc=$?
if [ "$rc" -eq 2 ]; then
status=""
elif [ "$rc" -ne 0 ]; then
status="invalid"
fi
if [ -n "$status" ]; then
case "$status" in case "$status" in
approved|modified) approved|modified)
mkdir -p "$queue_dir/processed" python3 - "$slug" "$proposal_id" <<'PY' || true
mv -f "$queue_dir/${proposal_id}.proposal.json" "$queue_dir/processed/" 2>/dev/null || true import sys
mv -f "$queue_dir/${proposal_id}.response.json" "$queue_dir/processed/" 2>/dev/null || true
from bot_bottle import supervise as _sv
_sv.archive_proposal(sys.argv[1], sys.argv[2])
PY
echo "git-gate: supervisor approved # gitleaks:allow for $ref" >&2 echo "git-gate: supervisor approved # gitleaks:allow for $ref" >&2
return 0 return 0
;; ;;
@@ -499,4 +495,3 @@ if ! git -C "$repo_dir" rev-parse --verify HEAD >/dev/null 2>&1; then
fi fi
exit 0 exit 0
""" """
+7 -2
View File
@@ -16,11 +16,16 @@ from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
from pathlib import Path from pathlib import Path
from urllib.parse import urlsplit from urllib.parse import urlsplit
from .git_gate import GIT_GATE_TIMEOUT_SECS
DEFAULT_PORT = 9420 DEFAULT_PORT = 9420
# Mirrors git_gate_render.GIT_GATE_TIMEOUT_SECS. Duplicated rather than
# imported: this module ships as a flat top-level sibling in the sidecar
# bundle image (see Dockerfile.sidecars), not as part of the bot_bottle
# package, so `bot_bottle.git_gate` and its dependency chain aren't
# available at runtime.
GIT_GATE_TIMEOUT_SECS = 15
# Bound memory use while still allowing ordinary git push packfiles. # Bound memory use while still allowing ordinary git push packfiles.
MAX_BODY_BYTES = 100 * 1024 * 1024 MAX_BODY_BYTES = 100 * 1024 * 1024
+37
View File
@@ -0,0 +1,37 @@
"""SQLite migration runner for bot-bottle stores."""
from __future__ import annotations
import sqlite3
class TableMigrations:
"""Runs a sequential list of DDL migrations tracked by schema_key in schema_versions."""
def __init__(self, schema_key: str, migrations: list[str]) -> None:
self.schema_key = schema_key
self.migrations = migrations
def apply(self, conn: sqlite3.Connection) -> None:
conn.execute(
"""
CREATE TABLE IF NOT EXISTS schema_versions (
module TEXT PRIMARY KEY,
version INTEGER NOT NULL DEFAULT 0
)
"""
)
row = conn.execute(
"SELECT version FROM schema_versions WHERE module = ?",
(self.schema_key,),
).fetchone()
version = row[0] if row else 0
for i, sql in enumerate(self.migrations[version:], start=version + 1):
conn.execute(sql)
conn.execute(
"INSERT OR REPLACE INTO schema_versions (module, version) VALUES (?, ?)",
(self.schema_key, i),
)
__all__ = ["TableMigrations"]
+240
View File
@@ -0,0 +1,240 @@
"""SQLite-backed queue store for supervise proposals and responses (PRD 0013)."""
from __future__ import annotations
import os
import sqlite3
from pathlib import Path
from typing import TYPE_CHECKING
if TYPE_CHECKING:
from .supervise import Proposal, Response
try:
from .db_store import DbStore
from .migrations import TableMigrations
except ImportError:
from db_store import DbStore # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
from migrations import TableMigrations # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
def get_supervise_mod() -> object:
"""Lazy import of supervise to avoid a circular-import at module init time.
By the time any QueueStore method is called, both modules are fully loaded.
Mirrors our own module identity: when we are 'queue_store' (sidecar flat
context or tests that inject bot_bottle/ into sys.path) we use the flat
'supervise' module so that patches on supervise.bot_bottle_root propagate
correctly. When we are 'bot_bottle.queue_store' we use 'bot_bottle.supervise'."""
import sys
sv_name = "supervise" if __name__ == "queue_store" else "bot_bottle.supervise"
if sv_name in sys.modules:
return sys.modules[sv_name]
try:
import bot_bottle.supervise as _m
except ImportError:
import supervise as _m # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
return _m
# One entry per schema version: _MIGRATIONS.migrations[0] brings a fresh DB
# to version 1, [1] to version 2, and so on. Add new migrations at the end;
# never edit existing ones.
_MIGRATIONS = TableMigrations("queue_store", [
# v1 — proposals table
"""
CREATE TABLE IF NOT EXISTS supervise_proposals (
queue_key TEXT NOT NULL,
id TEXT NOT NULL,
bottle_slug TEXT NOT NULL,
tool TEXT NOT NULL,
proposed_file TEXT NOT NULL,
justification TEXT NOT NULL,
arrival_timestamp TEXT NOT NULL,
current_file_hash TEXT NOT NULL,
archived INTEGER NOT NULL DEFAULT 0,
PRIMARY KEY (queue_key, id)
)
""",
# v2 — responses table
"""
CREATE TABLE IF NOT EXISTS supervise_responses (
queue_key TEXT NOT NULL,
proposal_id TEXT NOT NULL,
status TEXT NOT NULL,
notes TEXT NOT NULL,
final_file TEXT,
archived INTEGER NOT NULL DEFAULT 0,
PRIMARY KEY (queue_key, proposal_id)
)
""",
])
class QueueStore(DbStore):
"""SQLite-backed persistent store for supervise proposals and responses."""
def __init__(self, queue_key: str, db_path: Path | None = None) -> None:
self.queue_key = queue_key
if db_path is not None:
resolved = db_path
else:
# In the sidecar container SUPERVISE_DB_PATH points at the
# bind-mounted host DB. On the host this env var is never set,
# so we always fall through to host_db_path().
env_path = os.environ.get("SUPERVISE_DB_PATH", "").strip()
resolved = Path(env_path) if env_path else get_supervise_mod().host_db_path() # type: ignore[attr-defined]
super().__init__(resolved, _MIGRATIONS)
def write_proposal(self, proposal: Proposal) -> Path:
with self._connect() as conn:
conn.execute(
"""
INSERT OR REPLACE INTO supervise_proposals (
queue_key, id, bottle_slug, tool, proposed_file, justification,
arrival_timestamp, current_file_hash, archived
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, 0)
""",
(
self.queue_key,
proposal.id,
proposal.bottle_slug,
proposal.tool,
proposal.proposed_file,
proposal.justification,
proposal.arrival_timestamp,
proposal.current_file_hash,
),
)
self._chmod()
return self.db_path
def read_proposal(self, proposal_id: str) -> Proposal:
with self._connect() as conn:
row = conn.execute(
"""
SELECT * FROM supervise_proposals
WHERE queue_key = ? AND id = ? AND archived = 0
""",
(self.queue_key, proposal_id),
).fetchone()
if row is None:
raise FileNotFoundError(proposal_id)
return self._row_to_proposal(row)
def list_pending_proposals(self) -> list[Proposal]:
if not self.db_path.is_file():
return []
with self._connect() as conn:
rows = conn.execute(
"""
SELECT p.* FROM supervise_proposals p
WHERE p.archived = 0
AND p.queue_key = ?
AND NOT EXISTS (
SELECT 1 FROM supervise_responses r
WHERE r.queue_key = p.queue_key
AND r.proposal_id = p.id
AND r.archived = 0
)
ORDER BY p.arrival_timestamp, p.id
""",
(self.queue_key,),
).fetchall()
return [self._row_to_proposal(row) for row in rows]
def list_all_pending_proposals(self) -> list[Proposal]:
if not self.db_path.is_file():
return []
with self._connect() as conn:
rows = conn.execute(
"""
SELECT p.* FROM supervise_proposals p
WHERE p.archived = 0
AND NOT EXISTS (
SELECT 1 FROM supervise_responses r
WHERE r.queue_key = p.queue_key
AND r.proposal_id = p.id
AND r.archived = 0
)
ORDER BY p.arrival_timestamp, p.id
"""
).fetchall()
return [self._row_to_proposal(row) for row in rows]
def write_response(self, response: Response) -> Path:
with self._connect() as conn:
conn.execute(
"""
INSERT OR REPLACE INTO supervise_responses (
queue_key, proposal_id, status, notes, final_file, archived
) VALUES (?, ?, ?, ?, ?, 0)
""",
(
self.queue_key,
response.proposal_id,
response.status,
response.notes,
response.final_file,
),
)
self._chmod()
return self.db_path
def read_response(self, proposal_id: str) -> Response:
with self._connect() as conn:
row = conn.execute(
"""
SELECT * FROM supervise_responses
WHERE queue_key = ? AND proposal_id = ? AND archived = 0
""",
(self.queue_key, proposal_id),
).fetchone()
if row is None:
raise FileNotFoundError(proposal_id)
return self._row_to_response(row)
def archive_proposal(self, proposal_id: str) -> None:
if not self.db_path.is_file():
return
with self._connect() as conn:
conn.execute(
"""
UPDATE supervise_proposals SET archived = 1
WHERE queue_key = ? AND id = ?
""",
(self.queue_key, proposal_id),
)
conn.execute(
"""
UPDATE supervise_responses SET archived = 1
WHERE queue_key = ? AND proposal_id = ?
""",
(self.queue_key, proposal_id),
)
@staticmethod
def _row_to_proposal(row: sqlite3.Row) -> Proposal:
m = get_supervise_mod()
return m.Proposal( # type: ignore[attr-defined]
id=row["id"],
bottle_slug=row["bottle_slug"],
tool=row["tool"],
proposed_file=row["proposed_file"],
justification=row["justification"],
arrival_timestamp=row["arrival_timestamp"],
current_file_hash=row["current_file_hash"],
)
@staticmethod
def _row_to_response(row: sqlite3.Row) -> Response:
m = get_supervise_mod()
return m.Response( # type: ignore[attr-defined]
proposal_id=row["proposal_id"],
status=row["status"],
notes=row["notes"],
final_file=row["final_file"],
)
__all__ = ["QueueStore"]
+70 -201
View File
@@ -9,15 +9,14 @@ calls when it needs an operator-reviewed egress change:
Each tool call: the agent passes the full proposed file plus a Each tool call: the agent passes the full proposed file plus a
justification text. The sidecar validates the proposal syntactically, justification text. The sidecar validates the proposal syntactically,
writes it to the host's per-bottle queue dir, and holds the tool-call writes it to the host SQLite queue table, and holds the tool-call
connection open. The operator's supervise TUI connection open. The operator's supervise TUI
(bot_bottle.cli.supervise) sees the proposal, accepts (bot_bottle.cli.supervise) sees the proposal, accepts
approve / modify / reject, and writes a response file alongside the approve / modify / reject, and writes a response row. The sidecar sees
proposal. The sidecar sees the response and returns `{status, notes}` the response and returns `{status, notes}` to the agent.
to the agent.
This module defines the host-side library: dataclasses for the queue This module defines the host-side library: dataclasses for the queue
file shapes, queue read/write helpers, the audit log writer, and the record shapes, queue read/write helpers, the audit log writer, and the
diff renderer. The in-container sidecar lives in diff renderer. The in-container sidecar lives in
bot_bottle/supervise_server.py; the supervise daemon's container bot_bottle/supervise_server.py; the supervise daemon's container
lifecycle is owned by the sidecar bundle (PRD 0024). lifecycle is owned by the sidecar bundle (PRD 0024).
@@ -34,8 +33,6 @@ from __future__ import annotations
import dataclasses import dataclasses
import difflib import difflib
import hashlib import hashlib
import json
import os
import time import time
import uuid import uuid
from abc import ABC from abc import ABC
@@ -86,8 +83,9 @@ STATUSES: tuple[str, ...] = (STATUS_APPROVED, STATUS_MODIFIED, STATUS_REJECTED)
# `routes edit <bottle>` verb writes entries with this action. # `routes edit <bottle>` verb writes entries with this action.
ACTION_OPERATOR_EDIT = "operator-edit" ACTION_OPERATOR_EDIT = "operator-edit"
QUEUE_DIR_IN_CONTAINER = "/run/supervise/queue" DB_PATH_IN_CONTAINER = "/run/supervise/bot-bottle.db"
DEFAULT_POLL_INTERVAL_SEC = 0.5 DEFAULT_POLL_INTERVAL_SEC = 0.5
HOST_DB_FILENAME = "bot-bottle.db"
# --- Paths ----------------------------------------------------------------- # --- Paths -----------------------------------------------------------------
@@ -97,10 +95,6 @@ def bot_bottle_root() -> Path:
return Path.home() / ".bot-bottle" return Path.home() / ".bot-bottle"
def queue_dir_for_slug(slug: str) -> Path:
return bot_bottle_root() / "queue" / slug
def audit_dir() -> Path: def audit_dir() -> Path:
return bot_bottle_root() / "audit" return bot_bottle_root() / "audit"
@@ -109,14 +103,16 @@ def audit_log_path(component: str, slug: str) -> Path:
return audit_dir() / f"{component}-{slug}.log" return audit_dir() / f"{component}-{slug}.log"
def host_db_path() -> Path:
return bot_bottle_root() / HOST_DB_FILENAME
# --- Dataclasses ----------------------------------------------------------- # --- Dataclasses -----------------------------------------------------------
@dataclass(frozen=True) @dataclass(frozen=True)
class Proposal: class Proposal:
"""One pending tool-call from the agent. The sidecar writes one """One pending tool-call from the agent."""
of these to the queue dir on a tool call; the operator's TUI
reads them; the sidecar polls for a matching Response."""
id: str id: str
bottle_slug: str bottle_slug: str
@@ -170,7 +166,7 @@ class Proposal:
@dataclass(frozen=True) @dataclass(frozen=True)
class Response: class Response:
"""The operator's decision on a proposal. The TUI writes one of """The operator's decision on a proposal. The TUI writes one of
these to the queue dir; the sidecar reads it and returns the these to the queue table; the sidecar reads it and returns the
`{status, notes}` pair to the agent's tool call. `{status, notes}` pair to the agent's tool call.
`final_file` carries the file content the supervisor will `final_file` carries the file content the supervisor will
@@ -223,90 +219,50 @@ class AuditEntry:
return dataclasses.asdict(self) return dataclasses.asdict(self)
try:
from .queue_store import QueueStore
from .audit_store import AuditStore
except ImportError:
# Sidecar bundle: files are flat-copied under /app, not a package.
from queue_store import QueueStore # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
from audit_store import AuditStore # type: ignore[import-not-found] # pylint: disable=import-error,no-name-in-module
# --- Queue I/O ------------------------------------------------------------- # --- Queue I/O -------------------------------------------------------------
def _proposal_filename(proposal_id: str) -> str: def write_proposal(proposal: Proposal) -> Path:
return f"{proposal_id}.proposal.json" """Persist `proposal` in the queue database, mode 0o600.
def _response_filename(proposal_id: str) -> str:
return f"{proposal_id}.response.json"
def _id_from_proposal_filename(path: Path) -> str | None:
name = path.name
if not name.endswith(".proposal.json"):
return None
return name[: -len(".proposal.json")]
def write_proposal(queue_dir: Path, proposal: Proposal) -> Path:
"""Persist `proposal` as JSON in the queue dir, mode 0o600.
Directory is created if missing.""" Directory is created if missing."""
queue_dir.mkdir(parents=True, exist_ok=True) return QueueStore(proposal.bottle_slug).write_proposal(proposal)
path = queue_dir / _proposal_filename(proposal.id)
payload = json.dumps(proposal.to_dict(), indent=2) + "\n"
_atomic_write(path, payload, mode=0o600)
return path
def read_proposal(queue_dir: Path, proposal_id: str) -> Proposal: def read_proposal(bottle_slug: str, proposal_id: str) -> Proposal:
path = queue_dir / _proposal_filename(proposal_id) return QueueStore(bottle_slug).read_proposal(proposal_id)
with path.open() as f:
raw = json.load(f)
if not isinstance(raw, dict):
raise ValueError(f"{path}: top-level must be an object")
return Proposal.from_dict(raw)
def list_pending_proposals(queue_dir: Path) -> list[Proposal]: def list_pending_proposals(bottle_slug: str) -> list[Proposal]:
"""All proposals in `queue_dir` that do not yet have a matching """All proposals for `bottle_slug` that do not yet have a matching
response file. Sorted by `arrival_timestamp` so the operator response. Sorted by `arrival_timestamp` so the operator
sees the queue FIFO.""" sees the queue FIFO."""
if not queue_dir.is_dir(): return QueueStore(bottle_slug).list_pending_proposals()
return []
out: list[Proposal] = []
for path in sorted(queue_dir.glob("*.proposal.json")):
proposal_id = _id_from_proposal_filename(path)
if proposal_id is None:
continue
if (queue_dir / _response_filename(proposal_id)).exists():
continue
try:
with path.open() as f:
raw = json.load(f)
except (OSError, json.JSONDecodeError):
continue
if not isinstance(raw, dict):
continue
try:
out.append(Proposal.from_dict(raw))
except (KeyError, ValueError):
continue
out.sort(key=lambda p: p.arrival_timestamp)
return out
def write_response(queue_dir: Path, response: Response) -> Path: def list_all_pending_proposals() -> list[Proposal]:
queue_dir.mkdir(parents=True, exist_ok=True) """All pending proposals across bottles, sorted FIFO."""
path = queue_dir / _response_filename(response.proposal_id) return QueueStore("").list_all_pending_proposals()
payload = json.dumps(response.to_dict(), indent=2) + "\n"
_atomic_write(path, payload, mode=0o600)
return path
def read_response(queue_dir: Path, proposal_id: str) -> Response: def write_response(bottle_slug: str, response: Response) -> Path:
path = queue_dir / _response_filename(proposal_id) return QueueStore(bottle_slug).write_response(response)
with path.open() as f:
raw = json.load(f)
if not isinstance(raw, dict): def read_response(bottle_slug: str, proposal_id: str) -> Response:
raise ValueError(f"{path}: top-level must be an object") return QueueStore(bottle_slug).read_response(proposal_id)
return Response.from_dict(raw)
def wait_for_response( def wait_for_response(
queue_dir: Path, bottle_slug: str,
proposal_id: str, proposal_id: str,
*, *,
poll_interval: float = DEFAULT_POLL_INTERVAL_SEC, poll_interval: float = DEFAULT_POLL_INTERVAL_SEC,
@@ -317,90 +273,35 @@ def wait_for_response(
which the wait raises TimeoutError. None waits forever the which the wait raises TimeoutError. None waits forever the
natural shape, since the operator's response time is unbounded. natural shape, since the operator's response time is unbounded.
Polls the filesystem so the implementation stays portable and Polls SQLite so the implementation stays portable and stdlib-only."""
stdlib-only.""" store = QueueStore(bottle_slug)
path = queue_dir / _response_filename(proposal_id)
while True: while True:
if path.exists():
try: try:
with path.open() as f: return store.read_response(proposal_id)
raw = json.load(f) except FileNotFoundError:
except (OSError, json.JSONDecodeError):
raw = None
if isinstance(raw, dict):
try:
return Response.from_dict(raw)
except (KeyError, ValueError):
pass pass
if deadline is not None and time.monotonic() >= deadline: if deadline is not None and time.monotonic() >= deadline:
raise TimeoutError(f"no response for proposal {proposal_id!r}") raise TimeoutError(f"no response for proposal {proposal_id!r}")
time.sleep(poll_interval) time.sleep(poll_interval)
def archive_proposal(queue_dir: Path, proposal_id: str) -> None: def archive_proposal(bottle_slug: str, proposal_id: str) -> None:
"""Move both proposal and response files to `<queue_dir>/processed/`. """Mark both proposal and response rows processed.
Idempotent missing files are silently skipped.""" Idempotent missing rows are silently skipped."""
processed = queue_dir / "processed" QueueStore(bottle_slug).archive_proposal(proposal_id)
processed.mkdir(parents=True, exist_ok=True)
for name in (_proposal_filename(proposal_id), _response_filename(proposal_id)):
src = queue_dir / name
if src.exists():
src.rename(processed / name)
# --- Audit log ------------------------------------------------------------- # --- Audit log -------------------------------------------------------------
def write_audit_entry(entry: AuditEntry) -> Path: def write_audit_entry(entry: AuditEntry) -> Path:
"""Append `entry` as one JSON-Lines record to the per-bottle """Append `entry` to the host supervise audit table."""
audit log. Acquires an advisory exclusive lock so concurrent return AuditStore().write_audit_entry(entry)
writers don't interleave bytes."""
path = audit_log_path(entry.component, entry.bottle_slug)
path.parent.mkdir(parents=True, exist_ok=True)
line = json.dumps(entry.to_dict(), sort_keys=False) + "\n"
fd = os.open(path, os.O_WRONLY | os.O_APPEND | os.O_CREAT, 0o600)
try:
_try_flock(fd)
try:
os.write(fd, line.encode("utf-8"))
finally:
_try_funlock(fd)
finally:
os.close(fd)
return path
def read_audit_entries(component: str, slug: str) -> list[AuditEntry]: def read_audit_entries(component: str, slug: str) -> list[AuditEntry]:
"""Load all audit entries for the given component+slug. Empty """Load all audit entries for the given component+slug."""
list if the log doesn't exist.""" return AuditStore().read_audit_entries(component, slug)
path = audit_log_path(component, slug)
if not path.is_file():
return []
out: list[AuditEntry] = []
with path.open() as f:
for raw_line in f:
raw_line = raw_line.strip()
if not raw_line:
continue
try:
raw = json.loads(raw_line)
except json.JSONDecodeError:
continue
if not isinstance(raw, dict):
continue
try:
out.append(AuditEntry(
timestamp=_require_str(raw, "timestamp"),
bottle_slug=_require_str(raw, "bottle_slug"),
component=_require_str(raw, "component"),
operator_action=_require_str(raw, "operator_action"),
operator_notes=_require_str(raw, "operator_notes"),
justification=_require_str(raw, "justification"),
diff=_require_str(raw, "diff"),
))
except ValueError:
continue
return out
# --- Diff rendering -------------------------------------------------------- # --- Diff rendering --------------------------------------------------------
@@ -433,35 +334,34 @@ def sha256_hex(content: str) -> str:
class SupervisePlan: class SupervisePlan:
"""Output of Supervise.prepare; consumed by .start. """Output of Supervise.prepare; consumed by .start.
`queue_dir` is the host directory bind-mounted into the sidecar `db_path` is the host database bind-mounted into the sidecar at
at /run/supervise/queue. `internal_network` is empty at prepare /run/supervise/bot-bottle.db. `internal_network` is empty at
time; the backend's launch step fills it via dataclasses.replace prepare time; the backend's launch step fills it via
before calling .start.""" dataclasses.replace before calling .start."""
slug: str slug: str
queue_dir: Path db_path: Path
internal_network: str = "" internal_network: str = ""
class Supervise(ABC): class Supervise(ABC):
"""Per-bottle supervise sidecar. Encapsulates the host-side """Per-bottle supervise sidecar. Encapsulates host-side database
prepare (queue dir staging); the sidecar's start/stop lifecycle staging; the sidecar's start/stop lifecycle is backend-specific."""
is backend-specific."""
def prepare( def prepare(
self, self,
slug: str, slug: str,
stage_dir: Path, stage_dir: Path,
) -> SupervisePlan: ) -> SupervisePlan:
"""Stage the per-bottle queue dir on the host. Returns the """Stage the host database. Returns the plan; `internal_network`
plan; `internal_network` must be set by the launch step before must be set by the launch step before .start runs."""
.start runs."""
del stage_dir del stage_dir
queue_dir = queue_dir_for_slug(slug) db_path = host_db_path()
queue_dir.mkdir(parents=True, exist_ok=True) QueueStore(slug)
AuditStore(db_path)
return SupervisePlan( return SupervisePlan(
slug=slug, slug=slug,
queue_dir=queue_dir, db_path=db_path,
) )
# --- Helpers --------------------------------------------------------------- # --- Helpers ---------------------------------------------------------------
@@ -474,47 +374,15 @@ def _require_str(raw: dict[str, object], key: str) -> str:
return value return value
def _atomic_write(path: Path, content: str, *, mode: int) -> None:
"""Atomic: write to a sibling tmp file, fsync, rename."""
tmp = path.with_suffix(path.suffix + ".tmp")
fd = os.open(tmp, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, mode)
try:
os.write(fd, content.encode("utf-8"))
os.fsync(fd)
finally:
os.close(fd)
os.replace(tmp, path)
try:
import fcntl as _fcntl
def _try_flock(fd: int) -> None: # type: ignore[reportRedeclaration]
try:
_fcntl.flock(fd, _fcntl.LOCK_EX)
except OSError:
pass
def _try_funlock(fd: int) -> None: # type: ignore[reportRedeclaration]
try:
_fcntl.flock(fd, _fcntl.LOCK_UN)
except OSError:
pass
except ImportError: # pragma: no cover — Windows path
def _try_flock(fd: int) -> None: # noqa: F841 — Windows fallback
return None
def _try_funlock(fd: int) -> None: # noqa: F841 — Windows fallback
return None
__all__ = [ __all__ = [
"ACTION_OPERATOR_EDIT", "ACTION_OPERATOR_EDIT",
"AuditEntry", "AuditEntry",
"AuditStore",
"COMPONENT_FOR_TOOL", "COMPONENT_FOR_TOOL",
"DEFAULT_POLL_INTERVAL_SEC", "DEFAULT_POLL_INTERVAL_SEC",
"DB_PATH_IN_CONTAINER",
"Proposal", "Proposal",
"QUEUE_DIR_IN_CONTAINER", "QueueStore",
"Response", "Response",
"STATUSES", "STATUSES",
"STATUS_APPROVED", "STATUS_APPROVED",
@@ -536,8 +404,9 @@ __all__ = [
"audit_dir", "audit_dir",
"audit_log_path", "audit_log_path",
"bot_bottle_root", "bot_bottle_root",
"host_db_path",
"list_pending_proposals", "list_pending_proposals",
"queue_dir_for_slug", "list_all_pending_proposals",
"read_audit_entries", "read_audit_entries",
"read_proposal", "read_proposal",
"read_response", "read_response",
+9 -17
View File
@@ -7,14 +7,13 @@ config changes when stuck. The tools are `egress-allow`,
Each queued tool call: Each queued tool call:
1. Validates the proposed file syntactically. 1. Validates the proposed file syntactically.
2. Writes a Proposal to /run/supervise/queue/ (bind-mounted from 2. Writes a Proposal to the host SQLite database.
the host's ~/.bot-bottle/queue/<slug>/). 3. Blocks polling for a matching Response row.
3. Blocks polling for a matching Response file.
4. Returns the operator's `{status, notes}` to the agent. 4. Returns the operator's `{status, notes}` to the agent.
The bottle slug arrives via SUPERVISE_BOTTLE_SLUG env (stamped at The bottle slug arrives via SUPERVISE_BOTTLE_SLUG env (stamped at
container creation by the backend's start step). The queue dir comes container creation by the backend's start step). SUPERVISE_DB_PATH
from SUPERVISE_QUEUE_DIR (default `/run/supervise/queue`). points at the bind-mounted host database.
Speaks MCP over HTTP+JSON-RPC. Methods handled: Speaks MCP over HTTP+JSON-RPC. Methods handled:
@@ -42,7 +41,6 @@ import typing
import urllib.error import urllib.error
import urllib.request import urllib.request
from dataclasses import dataclass from dataclasses import dataclass
from pathlib import Path
try: try:
# Same-directory imports inside the bundle container; these files are # Same-directory imports inside the bundle container; these files are
@@ -277,7 +275,6 @@ def validate_proposed_file(tool: str, content: str) -> None:
@dataclass(frozen=True) @dataclass(frozen=True)
class ServerConfig: class ServerConfig:
bottle_slug: str bottle_slug: str
queue_dir: Path
response_timeout_seconds: float = DEFAULT_RESPONSE_TIMEOUT_SECONDS response_timeout_seconds: float = DEFAULT_RESPONSE_TIMEOUT_SECONDS
@@ -376,7 +373,7 @@ def handle_tools_call(
current_file_hash=_sv.sha256_hex(proposed_file), current_file_hash=_sv.sha256_hex(proposed_file),
) )
try: try:
_sv.write_proposal(config.queue_dir, proposal) _sv.write_proposal(proposal)
except OSError as e: except OSError as e:
raise _RpcInternalError(f"failed to write proposal to queue: {e}") from e raise _RpcInternalError(f"failed to write proposal to queue: {e}") from e
sys.stderr.write( sys.stderr.write(
@@ -387,7 +384,7 @@ def handle_tools_call(
deadline = time.monotonic() + config.response_timeout_seconds deadline = time.monotonic() + config.response_timeout_seconds
try: try:
response = _sv.wait_for_response( response = _sv.wait_for_response(
config.queue_dir, config.bottle_slug,
proposal.id, proposal.id,
poll_interval=MIN_RESPONSE_POLL_INTERVAL_SECONDS, poll_interval=MIN_RESPONSE_POLL_INTERVAL_SECONDS,
deadline=deadline, deadline=deadline,
@@ -399,7 +396,7 @@ def handle_tools_call(
"isError": False, "isError": False,
} }
try: try:
_sv.archive_proposal(config.queue_dir, proposal.id) _sv.archive_proposal(config.bottle_slug, proposal.id)
except OSError as e: except OSError as e:
raise _RpcInternalError(f"failed to archive proposal: {e}") from e raise _RpcInternalError(f"failed to archive proposal: {e}") from e
@@ -539,7 +536,7 @@ class MCPHandler(http.server.BaseHTTPRequestHandler):
class MCPServer(socketserver.ThreadingMixIn, http.server.HTTPServer): class MCPServer(socketserver.ThreadingMixIn, http.server.HTTPServer):
allow_reuse_address = True allow_reuse_address = True
daemon_threads = True daemon_threads = True
config: ServerConfig = ServerConfig(bottle_slug="", queue_dir=Path()) config: ServerConfig = ServerConfig(bottle_slug="")
# --- Entry point ----------------------------------------------------------- # --- Entry point -----------------------------------------------------------
@@ -548,21 +545,18 @@ class MCPServer(socketserver.ThreadingMixIn, http.server.HTTPServer):
def serve( def serve(
*, *,
bottle_slug: str, bottle_slug: str,
queue_dir: Path,
port: int = _sv.SUPERVISE_PORT, port: int = _sv.SUPERVISE_PORT,
bind: str = "0.0.0.0", bind: str = "0.0.0.0",
response_timeout_seconds: float = DEFAULT_RESPONSE_TIMEOUT_SECONDS, response_timeout_seconds: float = DEFAULT_RESPONSE_TIMEOUT_SECONDS,
) -> typing.NoReturn: ) -> typing.NoReturn:
queue_dir.mkdir(parents=True, exist_ok=True)
server = MCPServer((bind, port), MCPHandler) server = MCPServer((bind, port), MCPHandler)
server.config = ServerConfig( server.config = ServerConfig(
bottle_slug=bottle_slug, bottle_slug=bottle_slug,
queue_dir=queue_dir,
response_timeout_seconds=response_timeout_seconds, response_timeout_seconds=response_timeout_seconds,
) )
sys.stderr.write( sys.stderr.write(
f"supervise listening on {bind}:{port}; " f"supervise listening on {bind}:{port}; "
f"slug={bottle_slug!r}; queue={queue_dir}; " f"slug={bottle_slug!r}; "
f"tools: {', '.join(t['name'] for t in TOOL_DEFINITIONS)}\n" # type: ignore[arg-type] f"tools: {', '.join(t['name'] for t in TOOL_DEFINITIONS)}\n" # type: ignore[arg-type]
) )
sys.stderr.flush() sys.stderr.flush()
@@ -581,7 +575,6 @@ def main(argv: list[str]) -> int:
if not bottle_slug: if not bottle_slug:
sys.stderr.write("supervise: SUPERVISE_BOTTLE_SLUG env is unset\n") sys.stderr.write("supervise: SUPERVISE_BOTTLE_SLUG env is unset\n")
return 2 return 2
queue_dir = Path(os.environ.get("SUPERVISE_QUEUE_DIR", _sv.QUEUE_DIR_IN_CONTAINER))
port = int(os.environ.get("SUPERVISE_PORT", str(_sv.SUPERVISE_PORT))) port = int(os.environ.get("SUPERVISE_PORT", str(_sv.SUPERVISE_PORT)))
bind = os.environ.get("SUPERVISE_BIND", "0.0.0.0") bind = os.environ.get("SUPERVISE_BIND", "0.0.0.0")
try: try:
@@ -591,7 +584,6 @@ def main(argv: list[str]) -> int:
return 2 return 2
serve( serve(
bottle_slug=bottle_slug, bottle_slug=bottle_slug,
queue_dir=queue_dir,
port=port, port=port,
bind=bind, bind=bind,
response_timeout_seconds=response_timeout_seconds, response_timeout_seconds=response_timeout_seconds,
+135
View File
@@ -0,0 +1,135 @@
# PRD prd-new: SQLite local storage
- **Status:** Active
- **Author:** codex
- **Created:** 2026-07-01
- **Issue:** #319
## Summary
Add a small stdlib SQLite storage layer for bot-bottle host runtime state,
starting with the supervise queue and audit log. This replaces scattered JSON
queue files and JSONL audit logs with structured tables while preserving the
existing public supervise helper functions and sidecar queue mount contract.
## Problem
Bot-bottle currently stores supervise proposals and responses as individual JSON
files under `~/.bot-bottle/queue/<slug>/`, and audit entries as JSONL files
under `~/.bot-bottle/audit/`. That worked for the original interactive TUI, but
new forge-native orchestration needs durable, queryable local state for queues,
audit trails, watchdogs, and lifecycle records. PR #318 started introducing
SQLite-shaped boilerplate for forge state; the storage foundation should live in
its own PR so forge work can build on the shared runtime store instead of adding
one-off persistence.
## Goals / Success Criteria
1. Supervise proposals and responses are persisted through SQLite.
2. Audit entries are persisted through SQLite.
3. Supervise queue helpers use the bottle slug / queue key instead of a queue
directory path.
4. The sidecar receives the host database mount across docker, smolmachines,
and macOS-container backends.
5. The implementation stays stdlib-only.
6. Schema migrations use a `PRAGMA user_version` runner — no third-party deps.
7. Unit tests cover queue round-trips, pending discovery, response waits,
archive semantics, audit round-trips, and path creation.
## Non-goals
- Migrating old JSON queue files or JSONL audit logs.
- Adding forge orchestration state tables.
- Adding egress metering or budget tables.
- Changing the supervise TUI workflow or remediation behavior.
- Introducing a third-party ORM or migration library.
## Design
### Database locations
Queue and audit state use the host-level local database:
```text
~/.bot-bottle/bot-bottle.db
```
The supervise sidecar receives that database as a writable bind mount at
`/run/supervise/bot-bottle.db` and gets the path through `SUPERVISE_DB_PATH`.
No per-slug queue directory is mounted into the sidecar. This creates the shared
host database that later forge/native lifecycle work can extend in separate
PRDs.
### Tables
`supervise_proposals` lives in the host database:
```sql
CREATE TABLE supervise_proposals (
queue_key TEXT NOT NULL,
id TEXT NOT NULL,
bottle_slug TEXT NOT NULL,
tool TEXT NOT NULL,
proposed_file TEXT NOT NULL,
justification TEXT NOT NULL,
arrival_timestamp TEXT NOT NULL,
current_file_hash TEXT NOT NULL,
archived INTEGER NOT NULL DEFAULT 0,
PRIMARY KEY (queue_key, id)
);
```
`supervise_responses` lives in the host database:
```sql
CREATE TABLE supervise_responses (
queue_key TEXT NOT NULL,
proposal_id TEXT NOT NULL,
status TEXT NOT NULL,
notes TEXT NOT NULL,
final_file TEXT,
archived INTEGER NOT NULL DEFAULT 0,
PRIMARY KEY (queue_key, proposal_id)
);
```
`supervise_audit_entries` lives in the host database:
```sql
CREATE TABLE supervise_audit_entries (
id INTEGER PRIMARY KEY AUTOINCREMENT,
timestamp TEXT NOT NULL,
bottle_slug TEXT NOT NULL,
component TEXT NOT NULL,
operator_action TEXT NOT NULL,
operator_notes TEXT NOT NULL,
justification TEXT NOT NULL,
diff TEXT NOT NULL
);
```
### Compatibility
The queue helpers take a bottle slug / queue key and perform equivalent
operations against `~/.bot-bottle/bot-bottle.db`:
- `list_pending_proposals` returns non-archived proposals without a non-archived
response, sorted by arrival time.
- `archive_proposal` marks matching proposal/response rows archived instead of
moving files into `processed/`.
- `wait_for_response` keeps the current polling behavior but polls SQLite.
The old audit path helpers (`audit_dir`, `audit_log_path`) stay available for
compatibility. `audit_log_path` no longer describes the active storage location;
callers should use `read_audit_entries`.
## Implementation chunks
1. Add SQLite store helpers for supervise queue and audit state.
2. Rewire `bot_bottle.supervise` queue/audit functions to the store.
3. Update supervise CLI discovery tests and queue/audit unit tests.
4. Run unit tests, pyright, and pylint for touched modules.
## Open questions
None.
-490
View File
@@ -1,490 +0,0 @@
# Monetization & competitive positioning
Where, if anywhere, bot-bottle has a paid wedge — given a 2026
competitive field that has largely commoditized "sandbox a coding
agent." Folds together the agent-provider-agnostic framing, the Fly
remote-backend idea, the supervisor/egress-audit play, and the
solo-dev/Linux brand instinct, then asks the only question that
matters: is there a viable path to revenue that the competition does
not already foreclose?
Companion to
[`agent-sandbox-landscape.md`](agent-sandbox-landscape.md) (the
isolation-tech survey),
[`built-in-supervisor-design.md`](built-in-supervisor-design.md) (the
supervise surface this would extend), and
[`secret-minimization-over-dlp.md`](secret-minimization-over-dlp.md)
(why custody, not detection, is the real moat).
Market data current as of June 2026.
## Summary
**Verdict: a path exists, but it is narrow, and it is not the path the
project is currently shaped for.** Every individual property bot-bottle
leans on — isolation, BYO-image, egress filtering, OSS, self-hosting —
is matched by some competitor, and several are now *free* from the agent
vendors themselves. There is exactly one defensible position left: the
**bundle** that no single competitor occupies —
> uniform egress audit + secret custody + policy, across *heterogeneous
> coding agents you don't trust*, on your infra or a managed pool.
Monetization is viable **only** if the product is sold as cross-vendor
**fleet governance + egress audit for teams**, not as solo-dev agent
safety (which the labs give away free). The solo-dev/Linux/anti-corporate
energy is real and worth using — but as a *distribution and trust*
engine that drives bottom-up adoption into teams, never as the revenue
positioning itself. Get those two wires crossed and the business dies:
you'd be courting the lowest-willingness-to-pay audience on earth while
repelling the only buyer who pays.
Net: **viable, conditional, and unforgiving of positioning error.** Do
Phase 1 (self-hostable egress-audit dashboard) regardless — it's
low-risk and it's the demo that makes everything else legible. Gate the
go/no-go on whether 510 teams confirm they'd pay for cross-vendor
egress audit *before* building the hosted tier.
## The two axes of "agnostic"
bot-bottle differentiates on two orthogonal axes, and conflating them
muddies the pitch:
1. **Agent-provider agnostic** — run Claude Code, Codex, Aider, a local
model, behind one control layer. Already real in the code
(`agent_provider.py`, Claude/Codex templates, BYO Dockerfile). This
is the axis the labs *structurally cannot* match — Anthropic only
runs Claude, OpenAI only their models. Durable.
2. **Compute backend** — local (docker / Apple Container / smolmachines)
today; a remote **Fly** backend would add a managed pool. This is the
axis that makes "fleet" literal for orgs and opens metered billing.
Fly is a strong first remote backend because it also subsumes remote
spin-up (Machines API) and the tunnel problem (6PN/WireGuard) — but
"provider-agnostic compute" should be *earned* after backend #2, not
designed up front (premature generalization trap).
## Competitive field, by capability
The field doesn't have one competitor; it has a different set on each
capability bot-bottle touches. Five dimensions:
| Capability | Who has it | bot-bottle's standing |
| :-- | :-- | :-- |
| **Isolation / sandbox** | Anthropic & OpenAI **native, free**; OSS devcontainer wrappers; E2B/Modal/Daytona/Northflank | Commoditized. Not a wedge. |
| **Arbitrary BYO Docker image** | Sandbox PaaS (E2B/Modal/Daytona/Northflank) yes; **managed agents: ~none** (Codex = fixed `codex-universal` + setup scripts; Copilot "not supported"; Devin/Jules constrained) | Wedge **vs. managed agents** (structural: it's their infra). Table stakes vs. PaaS. |
| **Egress audit + alerts** | LLM-observability tools (Braintrust/Langfuse/Phoenix/Helicone/Datadog) — but on *model calls*, wrong layer. Network-egress security (DeepInspect, AI gateways) — right layer, but decoupled from the agent, not cross-vendor. Sandbox PaaS = gateway/filter, not an audit surface. | **~Nobody in bot-bottle's exact shape** (per-agent egress, tied to the sandbox, with DLP context, cross-vendor). This is the wedge. |
| **OSS / self-hosting** | Managed agents: ~none. Sandbox PaaS: ~half (E2B OSS+self-host; Northflank BYOC; Modal closed; **Daytona leaving OSS**). Devcontainer wrappers: ~all. Observability: several. | Real wedge **vs. managed agents only**. Table stakes vs. PaaS, zero differentiation vs. wrappers. |
| **Cross-vendor uniformity** | Nobody — the labs won't, PaaS is agent-neutral infra not agent-aware control, wrappers are single-tool | Wedge. The connective tissue of the whole position. |
The pattern: **isolation and OSS/self-host are commodity; BYO-image and
cross-vendor are wedges only against the managed agents; egress-audit in
the integrated form is the one thing genuinely unoccupied.**
## Where bot-bottle is alone vs. where it's table stakes
- **Alone (the moat):** egress audit + secret custody + policy, *tied to
the agent sandbox*, *with DLP context* (which secret, which host,
which agent/task), *uniform across vendors*. No competitor bundles
these. An enterprise *could* bolt DeepInspect-style egress monitoring
onto a sandbox, so the defensibility is the **integration and
per-agent context**, not "we can see egress."
- **Table stakes (do not lead with these):** "we sandbox agents" (free
from the labs), "we're open source" (E2B is; the wrapper crowd all
is), "we self-host" (Northflank BYOC, E2B, every wrapper).
## The two existential competitive facts
1. **The agent vendors ship good-enough sandboxing for free.** Claude
Code now has Seatbelt/bubblewrap + a network proxy natively; Codex
has its own sandbox + approvals. This compresses the *single-vendor,
single-dev* market to ~zero willingness-to-pay. It is *why* the
product must be cross-vendor fleet governance, not local agent
safety.
2. **Northflank is converging from the infra side.** It already ships
dedicated egress gateways + proxy-based secret injection + BYOC.
It is the nearest thing to bot-bottle's differentiator as a managed
platform — but infra-first and agent-neutral, not agent-aware,
cross-vendor, or audit-first. Watch it.
## Monetization path (sequenced)
Open-core: **give away the sandbox, charge for the control plane.**
- **Phase 0 — validate (12 wks, parallel).** Ask 510 teams running 2+
agents: would you pay for one egress-audit + policy plane across
Claude *and* Codex? Gate the rest on a yes.
- **Phase 1 — the wedge (self-hostable, OSS).** Multi-bottle egress
dashboard + web approval queue + exportable audit log, built over the
existing `supervise_server.py` JSON-RPC and the egress event levels
(`LOG_BLOCKS` / `LOG_FULL`). Low risk, half-built, and the 30-second
demo that sells everything. The compliance hook (75% of enterprises
rank auditability #1) lives here.
- **Phase 2 — the paywall (hosted team tier).** Multi-tenant supervisor:
SSO/RBAC, audit retention, alerting, **centralized policy push**
(define egress allowlist + DLP once, enforce across all agents —
the moat made concrete). Gate on team/compliance features, *never* on
the core security.
- **Phase 3 — Fly remote backend.** Managed agent pool → "fleet" becomes
literal; metered (agent-hours) billing; subsumes remote spin-up +
tunnel.
- **Phase 4 — deepen.** Second agent provider done deeply (lean
open-source/open-weight for rug-pull resistance); egress anomaly
detection (the DLP stream becomes a product); SOC2/audit-export for
larger buyers.
**Do not build first:** the p2p mobile app (least monetizable, 6PN
gives the tunnel free), a generic multi-cloud abstraction (premature),
or the hosted SaaS before Phase 0.
## Brand vs. revenue: the solo-dev / Linux instinct
The instinct to court Linux/hacker/solo-dev users and stay "not too
corporate" is **right for distribution, dangerous as strategy.**
- **Right:** it's how OSS infra gets discovered and trusted (HN, stars,
word-of-mouth, security-circle vouching); authenticity is a real moat
vs. the corporate players *because the architecture sincerely embodies
it* (local-first, `$HOME` trust boundary, no phone-home); and it fits
the founder.
- **Dangerous:** that audience is the lowest-WTP cohort that exists
(self-hosts the free thing, forks rather than pays), and "not too
corporate" reads to a VP of Eng as "not enterprise-ready." Building an
anti-SaaS brand and then shipping a paid tier invites the sell-out /
rug-pull backlash — which **Daytona just triggered** going closed.
**Resolution — be Tailscale, not a manifesto.** Use the developer-first,
respects-you energy as the *funnel*; sell *through* the solo advocate,
bottom-up, into the team that pays. Two guardrails:
1. "Anti-corporate" must not mean "anti-team-features." SSO/RBAC/audit
retention *are* the monetization; build them in a developer-respecting
way (Tailscale has SSO and is still beloved). Tone is the brand; team
features are the product.
2. Set the open-core social contract publicly **on day one** — core
sandbox open and self-hostable forever; hosted control plane is how
the lights stay on. The communities that don't revolt are the ones
told the deal upfront.
Concrete: the README frames the Docker/**Linux** backend as "legacy."
If courting the Linux crowd, make the Linux path (Docker+gVisor,
libkrun/smolmachines) first-class in the docs, not the fallback.
## Individuals, mobile, and the Pi-ecosystem reality check
"Individual devs won't pay" (above) is too blunt and needs refining.
The accurate claim: individuals won't pay for **safety-as-insurance**
(abstract risk reduction the labs give away free), but they *do* pay for
**capability/convenience felt daily** — Claude Pro, Cursor, Tailscale
Personal. "Drive my self-hosted agent from my phone" is capability, not
insurance, so it has a real (low-priced, high-churn) WTP profile. The
self-hoster/Linux crowd specifically pays for **sovereignty/control**,
just not for enterprise insurance. So an individual "sovereign remote
agent access" tier is *not* unreasonable in principle.
**But the market has already run that experiment, in public, for free.**
The Pi ecosystem (pi.dev) has commoditized every convenience layer an
individual product would charge for:
| Capability | Already free/OSS | bot-bottle differentiates? |
| :-- | :-- | :-- |
| Remote control from mobile | remote-pi, Paseo, TelePi | ❌ commoditized |
| Multi-agent orchestration from mobile | Paseo, pi-agent-dashboard | ❌ commoditized |
| **Launch** new agents from mobile | Paseo (`paseo run`) | ❌ commoditized |
| Launch into a **sandboxed, egress-audited** env | nobody | ✅ the moat |
Paseo (`getpaseo/paseo`, on the App Store) does the full thing an
individual remote-control tier would charge for — launch *and* attach
agents on a laptop/VM/dev-server, driven from mobile over an E2E relay —
free and open source. It *orchestrates* agents; it does **not** sandbox them, run
an egress chokepoint, DLP-scan, or audit. None of the Pi-ecosystem tools
do. So the residue, yet again, is **isolation + governance**, not
remote/launch convenience.
Two takeaways:
1. **Don't compete on orchestration/launch/remote UX** — it's a solved,
free, fast-moving, App-Store-shipping space around Pi. You won't win
it and it isn't the moat.
2. **Be the safe runtime orchestrators launch *into*.** Launch-from-mobile
is table stakes; *launch-into-a-sealed-egress-audited-bottle* is the
differentiator. bot-bottle is the sandbox an orchestrator like Paseo
would target, or that you wrap thin orchestration around — never the
orchestrator itself.
Capability layers commoditize fast: every individual/mobile angle
probed in this analysis collapsed back to the same cross-vendor +
sandbox + egress-audit + custody bundle. Mobile remote belongs as a
*funnel delighter* on top of the team product, not a standalone paid
line.
## Forge-native orchestration as the delivery vehicle
The strongest concrete *product shape* for the moat is not a bespoke
dashboard and not a Paseo competitor — it is **the git forge as the
orchestrator, with bot-bottle as the safe runtime it launches into.**
The forge already provides, for free, everything an orchestrator would
otherwise have to build: identity (agent/bot users, signed commits),
state (issues, labels, PRs/MRs, comments), triggers (webhooks, CI,
comment commands), review (diffs, approvals, status checks), audit
(commits/comments/reviews), and permissions (repo access, protected
branches, token scopes). bot-bottle supplies the one thing the forge
doesn't: **least-privilege, secret-isolated, audited execution of
untrusted agents.** Same moat (custody + audit + policy), better
vehicle — and it lands the product where teams already live, so it
avoids building an agent dashboard before one is needed.
The flow is essentially free to assemble:
```
issue/PR/MR event → webhook → policy/router → assign agent user +
branch/worktree → run agent in an isolated bottle (no ambient secrets)
→ commit as agent identity → open PR/MR → CI + human review + merge
```
**Crowding (why this is less saturated than it looks):**
| Layer | How crowded |
| :-- | :-- |
| Generic multi-agent orchestrators (worktree/TUI/dashboard) | very — 50100+ |
| Forge-native issue/PR/MR orchestration | moderate — ~1030 serious |
| Self-hostable, least-privilege, audited, forge-portable | **single digits** |
The deeper you go toward *untrusted-agent safety + auditability +
self-hostable + forge-portable*, the emptier it gets.
**The GitHub/GitLab first-party trap → lead Gitea + sovereignty.**
GitHub (Agentic Workflows, Copilot coding agent) and GitLab (Duo Agent
Platform) are the forge *vendors* building native issue-to-PR agent
orchestration with native identity/permissions/audit. On their turf you
lose the integration-depth battle the same way single-vendor agent
safety loses to Anthropic/OpenAI — the same "incumbent ships it free,
deeper" dynamic, one layer up. So the durable opening is **Gitea +
self-hosted** (no first-party agent platform exists — the open Gitea
feature request for an AI code agent confirms the vacuum) plus
**cross-forge *untrusted-agent* safety**, which no forge vendor will
build because they want you running *their* agent, not arbitrary ones
under uniform least-privilege across competitors' forges. Cross-vendor
neutrality, applied to forges.
**Buyer reconciliation.** The least-crowded opening (self-hosted Gitea)
overlaps the lowest-WTP crowd (indie self-hosters), while the paying
teams sit on GitHub/GitLab where first-party competition is fiercest.
The intersection that resolves it: **orgs running self-hosted forges for
sovereignty/compliance reasons** (regulated, air-gapped, security-
conscious, on-prem). They have budget, they run self-hosted GitLab/Gitea,
*and* shipping code to a cloud agent vendor is a non-starter — so "run
untrusted agents sandboxed, least-privilege, fully audited, inside our
forge, on our infra" is a procurement checkbox, not a nicety. That is
where "least-crowded" finally meets "has money."
**Separate moat-hard-parts from cost-hard-parts.** The orchestration
"hard parts" are two different things, and conflating them oversells the
fit:
| Moat (your differentiated strength) | Undifferentiated cost (everyone faces) |
| :-- | :-- |
| permission isolation | idempotency / dedupe / run ledger |
| secret handling under malicious prompts | concurrency, locks, cancellation |
| run provenance | queueing / scheduling / cleanup |
| policy language | merge-conflict handling (~27% agent-PR conflict rate) |
The right column is generic distributed-systems plumbing that wins you
nothing and that merge-conflict resolution especially is a *different
competency* from sandbox/custody. Keep it thin in the MVP; do not build a
policy DSL + durable ledger + conflict resolver before one org pays.
**The killer feature: run provenance on every agent PR.** A check/comment
answering — which agent, which model, which prompt, which base commit,
which policy, which tools, which network egress, which test results —
attached at the moment a human reviews. It renders the (invisible)
custody + egress-audit work as a PR artifact the buyer sees at the exact
trust-decision point. No forge vendor's first-party agent will show you
"here is everything the untrusted agent could reach." Build this first.
**MVP** (`@bot-bottle fix this`): create an isolated worktree/bottle →
check out the issue branch → run the selected harness as a named agent
user → deny ambient secrets by default → record prompt/model/tools/policy
→ commit with bot identity → open PR/MR → attach the run-provenance
footer (log + tests + permission/egress summary) → require human merge.
The security model *is* the product. This rides the headless launch
primitive directly: webhook → `start --headless` into an isolated bottle
→ commit as agent identity → PR with provenance.
Open-core line, refined in the next section: the trigger *convention*
(label/assignee) stays open so anyone can adopt it, but the
**orchestrator that receives webhooks and governs lifecycle is the paid
control plane**; the runtime — and a signed-provenance emission API —
stay free.
## The open/paid boundary, refined: orchestrator as the paid control plane
The forge-native shape sharpens the open-core line past the rough
"trigger free, execution paid" cut above. Working it through four
constraints — value capture, provenance integrity, the sovereignty
buyer, and what the forge *structurally cannot do* — yields a precise
boundary.
**The orchestrator is the control plane, and the control plane is the
paid product.** With the forge supplying identity / state / triggers /
review, bot-bottle's orchestrator (`bot-bottle-orchestrator`, already
specced as a separate binary in the forge-native PRD) is where webhooks
land and bottle lifecycle + governance live. That binary can stay
**closed/private from day one** without breaking the open-core contract:
the runtime stays OSS; the control plane is how the lights stay on. This
is "give away the sandbox, charge for the control plane" made literal —
the orchestrator *is* the control plane.
**Charge for the moat, not the webhook.** Holding webhooks and managing
bottle lifecycle is commodity — the forge vendors build it first-party,
and it's the "undifferentiated cost" column above (idempotency, queueing,
dispatch). If the pitch is "we catch the webhook," they out-build it
free. The paid value is the two things the forge *cannot* do:
1. **See inside the run** — which model / prompt / policy / tools / egress
produced the diff, whether a secret nearly left. Runtime-level data
only the bottle holds.
2. **Aggregate and enforce across runs** — retain / search / export every
run across every repo; push one egress/DLP/capability policy
fleet-wide and detect drift.
The explainable heuristic: **anything legible within a single run on a
single node is free; anything requiring cross-run aggregation, central
enforcement, or identity/fleet management is paid.** That is also the
individual-vs-team line — individuals live in single runs, teams need the
aggregate.
**Provenance: emit free (signed), sell the product.** The forge is the
wrong system of record for provenance — a markdown footer is mutable by
any maintainer, unsigned, per-PR, with no aggregation, so a maintainer
could simply edit it. The authoritative record therefore lives in the
(paid) control plane. The *runtime* emits **signed** provenance through a
**free API** — tamper-evident offline (edit it and the signature breaks;
verify with no server), so on-prem teams can route it into their own
SIEM. What's paid is the *product* over that stream: retention, search,
cross-run, export, policy. Whether a copy also lands in the PR footer is
an optional, off-by-default marketing dial — one consumer of the free
API, not a free provenance surface, and never the audit record. The
mutability "bug" becomes a paid feature: the control plane flags *"PR
footer edited / doesn't match the signed run."* (Prometheus model:
`/metrics` is free to scrape; managed retention + dashboards are the
business.)
**On-prem priority: self-hosted runners over self-hosted provenance.**
The sovereignty buyer's *hard structural constraint* is where the agent
**executes** against private code, secrets, and network — that's the
runner, and it cannot leave the perimeter. Audit metadata is softer; many
regulated orgs ship logs to SaaS while keeping the workload inside. So:
- Self-hosted **runner** = baseline, always, for that buyer.
- Self-hosted **provenance store** = premium tier of the strictest subset
(air-gapped, hard data-residency) — and largely covered by the free
emission API → their own SIEM, so it may never need to be a product you
build.
- Precision so you don't trip your own free tier: a single self-hosted
runner *is the OSS runtime on their box* — free. What's paid is the
**fleet control plane**: enrolling/managing many runners, central
policy push, dispatch/identity/quota, health/scaling. You don't sell
"a runner," you sell **running a governed fleet**.
**Resulting tiers:**
| Layer | What it is | Open/Paid | Deployment |
| :-- | :-- | :-- | :-- |
| **Runtime** | isolation + ephemeral bottles, cred-proxy, supervise, `start --headless`, signed-provenance emission API | Free / OSS | Always self-host |
| **Single runner** | the OSS runtime on a box | Free / OSS | Self-host |
| **Control plane** | cross-run audit retention/search/export, central policy push, SSO/RBAC dispatch, fleet management of runners, alerting | **Paid** | Hosted *or* self-host-licensed — same code |
| **Capacity** | managed Fly runner pool, metered (agent-hours) | **Paid add-on** | Hosted only |
Fly stays a **capacity/convenience line, not the moat** — it monetizes
even solo hackers (capability, not insurance), but a managed runner pool
is reselling compute against Fly/E2B/Northflank on price. It's a bundle
attached to the governance, never the thing defended. Self-host is *not*
a separate product: on-prem buyers get the same closed control plane,
licensed, pointed at their own runners.
## Risks to the thesis
- **Lab encroachment.** If Anthropic/OpenAI add cross-agent governance
or open their managed egress logs, the wedge narrows. Mitigate by
going deep on cross-vendor + custody + audit *now*, while they're
single-vendor.
- **Rug-pull dependency.** You run the labs' agents; they can restrict
their agent to their own sandbox via ToS/tech. Hedge toward
open-source/open-weight agents for durability.
- **Northflank (or E2B) ships agent-aware audit.** Plausible from the
infra side. Your defense is agent-awareness + the supervise approval
loop + cross-vendor, not raw egress visibility.
- **WTP may simply not be there.** The honest failure mode: teams like
the audit but won't pay because "we already sandbox in CI." Phase 0
exists to find this out cheaply before building Phase 2/3.
- **Forge-vendor encroachment (forge-native path).** GitHub Agentic
Workflows / Copilot and GitLab Duo are first-party and deepening.
Defense: aim at self-hosted Gitea + sovereignty buyers where no
first-party agent platform exists, and at cross-forge untrusted-agent
neutrality the vendors won't build. Don't fight them GitHub-native.
- **Orchestration-reliability scope creep.** The forge-native build
drags in idempotency, queueing, concurrency, and merge-conflict
handling — undifferentiated plumbing that isn't the moat. Keep it thin
until a paying org forces it.
## Recommendation
Build Phase 1 now — it's low-risk, half-built, and the proof artifact.
Run Phase 0 in parallel. Treat a clear yes from 510 teams as the
green light for the hosted tier; treat a soft maybe as a signal to stay
an excellent OSS tool with a tip-jar/support model rather than a
venture-shaped SaaS. The technology is not the risk — the codebase is
exemplary and the architecture already supports the pivot. The risk is
**positioning discipline**: sell cross-vendor fleet governance to teams,
use the indie brand as the funnel, and never let the anti-corporate
aesthetic veto the features that pay.
## Sources
- Anthropic — Claude Code sandboxing:
https://www.anthropic.com/engineering/claude-code-sandboxing
- OpenAI Codex — cloud environments:
https://developers.openai.com/codex/cloud/environments ;
custom-image feature request:
https://community.openai.com/t/feature-request-custom-docker-images/1265333
- GitHub Copilot — custom container image (not supported), discussion
#194105: https://github.com/orgs/community/discussions/194105
- DeepInspect — AI egress monitoring:
https://www.deepinspect.ai/blog/ai-egress-monitoring
- Braintrust — AI agent observability/alerting:
https://www.braintrust.dev/articles/best-ai-agent-observability-tools-2026
- E2B (OSS, Apache-2.0): https://github.com/e2b-dev/e2b ;
infra/self-host: https://github.com/e2b-dev/infra
- Daytona going closed source:
https://www.daytona.io/dotfiles/updates/daytona-is-going-closed-source
- Northflank — BYOC / egress gateways:
https://northflank.com/blog/what-is-byoc-in-cloud-computing ;
https://northflank.com/blog/self-hostable-alternatives-to-e2b-for-ai-agents
- Modal Sandboxes: https://modal.com/products/sandboxes
- AI agent orchestration / enterprise governance (75% cite
auditability):
https://viston.tech/ai-agent-orchestration-in-2026-moving-from-pilots-to-enterprise-wide-execution/
- Pi harness (provider-agnostic CLI): https://pi.dev/packages/remote-pi ;
https://github.com/earendil-works/pi
- Paseo (launch + attach agents from desktop/mobile, OSS):
https://github.com/getpaseo/paseo ;
https://apps.apple.com/us/app/paseo-remote-coding-agents/id6758887924
- pi-agent-dashboard (mobile-first remote control via mDNS/zrok):
https://github.com/BlackBeltTechnology/pi-agent-dashboard
- TelePi (Telegram remote control for Pi):
https://futurelab.studio/blog/telepi-telegram-remote-control-for-pi/
- Forge-native landscape (provided via conversation, not independently
re-verified):
- awesome-agent-orchestrators (50+ generic orchestrators):
https://github.com/andyrewlee/awesome-agent-orchestrators
- GitHub Agentic Workflows (first-party repo automation):
https://github.blog/ai-and-ml/automate-repository-tasks-with-github-agentic-workflows/
- GitLab Duo Agent Platform GA:
https://ir.gitlab.com/news/news-details/2026/GitLab-Announces-the-General-Availability-of-GitLab-Duo-Agent-Platform/default.aspx
- ai-review (cross-forge review incl. Gitea):
https://github.com/Nikita-Filonov/ai-review
- Gitea feature request — AI code agent (the vacuum):
https://github.com/go-gitea/gitea/issues/34527
- Phoenix — safe GitHub issue resolution (label-based webhook state
machine): https://arxiv.org/abs/2606.20243
- AgenticFlict — ~27% merge-conflict rate in agent PRs:
https://arxiv.org/abs/2604.03551
+188
View File
@@ -0,0 +1,188 @@
"""Unit: `cli.py start --headless` non-interactive launch path.
Headless is the keystone for orchestrators, CI, and webhook
dispatch: agent/bottles/label come from flags + manifest defaults, no
TUI selectors fire, and the preflight y/N is auto-confirmed
(`assume_yes=True`). All actual launch work is stubbed so no container
is created.
"""
from __future__ import annotations
import os
import unittest
from unittest.mock import MagicMock, patch
import bot_bottle.cli.start as start_mod
import bot_bottle.cli.tui as tui_mod
from bot_bottle.backend import ActiveAgent
from bot_bottle.log import Die
from bot_bottle.manifest import ManifestError
def _make_manifest(
agent_names: list[str],
bottle_names: list[str] | None = None,
agent_bottle: str = "",
):
manifest = MagicMock()
manifest.agents = {name: MagicMock(bottle=agent_bottle) for name in agent_names}
manifest.all_agent_names = sorted(agent_names)
manifest.all_bottle_names = sorted(bottle_names or [])
manifest.home_md = None # eager mode so _peek_agent_bottle uses agents dict
manifest.require_agent = MagicMock(return_value=None)
return manifest
def _active_agent(slug: str) -> ActiveAgent:
return ActiveAgent(
backend_name="docker",
slug=slug,
agent_name="demo",
started_at="2026-01-01T00:00:00+00:00",
services=(),
)
class TestCmdStartHeadless(unittest.TestCase):
"""Drive `cmd_start --headless` with launch + TUI stubbed out."""
def setUp(self):
self._manifest = _make_manifest(
["researcher", "implementer"], ["claude", "dev"], agent_bottle="claude"
)
patch(
"bot_bottle.cli.start.ManifestIndex.resolve",
return_value=self._manifest,
).start()
self._launch_mock = patch(
"bot_bottle.cli.start._launch_bottle", return_value=0
).start()
# No bottles running by default → no label collision.
patch(
"bot_bottle.cli.start.enumerate_active_agents", return_value=[]
).start()
# If any TUI picker fires in headless mode, that's a bug.
self._agent_picker = patch.object(tui_mod, "filter_select").start()
self._bottle_picker = patch.object(tui_mod, "filter_multiselect").start()
self._modal = patch.object(tui_mod, "name_color_modal").start()
patch.dict(os.environ, {}, clear=False).start()
os.environ.pop("BOT_BOTTLE_BACKEND", None)
self.addCleanup(patch.stopall)
def _spec(self):
self._launch_mock.assert_called_once()
return self._launch_mock.call_args[0][0]
# -- no TUI in headless --------------------------------------------
def test_headless_fires_no_pickers(self):
rc = start_mod.cmd_start(
["--headless", "researcher", "--bottle", "claude", "--prompt", "Do it"]
)
self.assertEqual(0, rc)
self._agent_picker.assert_not_called()
self._bottle_picker.assert_not_called()
self._modal.assert_not_called()
def test_headless_assume_yes_forwarded(self):
start_mod.cmd_start(
["--headless", "researcher", "--bottle", "claude", "--prompt", "Do it"]
)
self.assertTrue(self._launch_mock.call_args[1]["assume_yes"])
# -- prompt --------------------------------------------------------
def test_headless_without_prompt_dies(self):
with self.assertRaises(Die):
start_mod.cmd_start(["--headless", "researcher", "--bottle", "claude"])
self._launch_mock.assert_not_called()
def test_headless_prompt_forwarded_to_launch(self):
start_mod.cmd_start(
["--headless", "researcher", "--bottle", "claude",
"--prompt", "Implement issue #42"]
)
self.assertEqual(
"Implement issue #42",
self._launch_mock.call_args[1]["headless_prompt_text"],
)
# -- bottle resolution ---------------------------------------------
def test_explicit_bottles_forwarded_in_order(self):
start_mod.cmd_start(
["--headless", "researcher", "--bottle", "dev", "--bottle", "claude",
"--prompt", "Do it"]
)
self.assertEqual(("dev", "claude"), self._spec().bottle_names)
def test_omitted_bottle_falls_back_to_agent_default(self):
start_mod.cmd_start(["--headless", "implementer", "--prompt", "Do it"])
self.assertEqual(("claude",), self._spec().bottle_names)
def test_no_bottle_and_no_default_dies(self):
manifest = _make_manifest(["researcher"], ["claude"], agent_bottle="")
with patch(
"bot_bottle.cli.start.ManifestIndex.resolve", return_value=manifest
):
with self.assertRaises(Die):
start_mod.cmd_start(
["--headless", "researcher", "--prompt", "Do it"]
)
self._launch_mock.assert_not_called()
# -- agent resolution ----------------------------------------------
def test_missing_agent_name_dies(self):
with self.assertRaises(Die):
start_mod.cmd_start(["--headless"])
self._launch_mock.assert_not_called()
def test_unknown_agent_raises_manifest_error(self):
self._manifest.require_agent.side_effect = ManifestError("agent 'x' not defined")
with self.assertRaises(ManifestError):
start_mod.cmd_start(
["--headless", "x", "--bottle", "claude", "--prompt", "Do it"]
)
self._launch_mock.assert_not_called()
# -- label / color -------------------------------------------------
def test_label_defaults_to_agent_name(self):
start_mod.cmd_start(
["--headless", "researcher", "--bottle", "claude", "--prompt", "Do it"]
)
self.assertEqual("researcher", self._spec().label)
def test_explicit_label_and_color_forwarded(self):
start_mod.cmd_start(
["--headless", "researcher", "--bottle", "claude",
"--label", "nightly", "--color", "green", "--prompt", "Do it"]
)
spec = self._spec()
self.assertEqual("nightly", spec.label)
self.assertEqual("green", spec.color)
def test_label_collision_uniquifies(self):
with patch(
"bot_bottle.cli.start.enumerate_active_agents",
return_value=[_active_agent("researcher")],
):
start_mod.cmd_start(
["--headless", "researcher", "--bottle", "claude", "--prompt", "Do it"]
)
self.assertEqual("researcher-2", self._spec().label)
# -- backend wiring ------------------------------------------------
def test_backend_flag_forwarded(self):
start_mod.cmd_start(
["--headless", "--backend=docker", "researcher", "--bottle", "claude",
"--prompt", "Do it"]
)
self.assertEqual("docker", self._launch_mock.call_args[1]["backend_name"])
if __name__ == "__main__":
unittest.main()
+3 -4
View File
@@ -107,7 +107,7 @@ def _egress_plan(
def _supervise_plan() -> SupervisePlan: def _supervise_plan() -> SupervisePlan:
return SupervisePlan( return SupervisePlan(
slug=SLUG, slug=SLUG,
queue_dir=STATE / "supervise" / "queue", db_path=STATE / "bot-bottle.db",
internal_network=f"bot-bottle-net-{SLUG}", internal_network=f"bot-bottle-net-{SLUG}",
) )
@@ -392,7 +392,7 @@ class TestSidecarBundleShape(unittest.TestCase):
sc = self._render(supervise=True)["services"]["sidecars"] sc = self._render(supervise=True)["services"]["sidecars"]
env_strings = sc["environment"] env_strings = sc["environment"]
self.assertIn(f"SUPERVISE_BOTTLE_SLUG={SLUG}", env_strings) self.assertIn(f"SUPERVISE_BOTTLE_SLUG={SLUG}", env_strings)
self.assertTrue(any(e.startswith("SUPERVISE_QUEUE_DIR=") for e in env_strings)) self.assertIn("SUPERVISE_DB_PATH=/run/supervise/bot-bottle.db", env_strings)
self.assertTrue(any(e.startswith("SUPERVISE_PORT=") for e in env_strings)) self.assertTrue(any(e.startswith("SUPERVISE_PORT=") for e in env_strings))
def test_volumes_always_includes_egress_ca(self): def test_volumes_always_includes_egress_ca(self):
@@ -408,8 +408,7 @@ class TestSidecarBundleShape(unittest.TestCase):
self.assertIn("/etc/egress", targets) self.assertIn("/etc/egress", targets)
self.assertIn("/git-gate-entrypoint.sh", targets) self.assertIn("/git-gate-entrypoint.sh", targets)
self.assertIn("/git-gate/creds/upstream-known_hosts", targets) self.assertIn("/git-gate/creds/upstream-known_hosts", targets)
self.assertTrue(any("supervise/queue" in t or t.startswith("/run/supervise") self.assertIn("/run/supervise/bot-bottle.db", targets)
for t in targets))
def test_extra_hosts_omitted_for_git_upstreams(self): def test_extra_hosts_omitted_for_git_upstreams(self):
sc = self._render(with_git=True)["services"]["sidecars"] sc = self._render(with_git=True)["services"]["sidecars"]
+10 -1
View File
@@ -74,7 +74,7 @@ def _plan(
if supervise: if supervise:
supervise_plan = SupervisePlan( supervise_plan = SupervisePlan(
slug="demo-abc12", slug="demo-abc12",
queue_dir=Path("/tmp/queue"), db_path=Path("/tmp/bot-bottle.db"),
) )
return DockerBottlePlan( return DockerBottlePlan(
spec=spec, spec=spec,
@@ -343,5 +343,14 @@ class TestClaudeSuperviseMcp(unittest.TestCase):
) )
class TestClaudeHeadlessPrompt(unittest.TestCase):
def test_returns_p_flag_and_prompt(self):
self.assertEqual(["-p", "Do the task"], ClaudeAgentProvider().headless_prompt("Do the task"))
def test_preserves_prompt_text_verbatim(self):
text = "Fix issue #42: the widget breaks on empty input"
self.assertEqual(["-p", text], ClaudeAgentProvider().headless_prompt(text))
if __name__ == "__main__": if __name__ == "__main__":
unittest.main() unittest.main()
+10 -1
View File
@@ -77,7 +77,7 @@ def _plan(
if supervise: if supervise:
supervise_plan = SupervisePlan( supervise_plan = SupervisePlan(
slug="demo-abc12", slug="demo-abc12",
queue_dir=Path("/tmp/queue"), db_path=Path("/tmp/bot-bottle.db"),
) )
return DockerBottlePlan( return DockerBottlePlan(
spec=spec, spec=spec,
@@ -314,5 +314,14 @@ class TestCodexSuperviseMcp(unittest.TestCase):
) )
class TestCodexHeadlessPrompt(unittest.TestCase):
def test_returns_prompt_as_positional_arg(self):
self.assertEqual(["Do the task"], CodexAgentProvider().headless_prompt("Do the task"))
def test_preserves_prompt_text_verbatim(self):
text = "Fix issue #42: the widget breaks on empty input"
self.assertEqual([text], CodexAgentProvider().headless_prompt(text))
if __name__ == "__main__": if __name__ == "__main__":
unittest.main() unittest.main()
+9
View File
@@ -223,5 +223,14 @@ class TestPiDockerfile(unittest.TestCase):
self.assertIn("chmod 1777 /tmp /var/tmp", dockerfile) self.assertIn("chmod 1777 /tmp /var/tmp", dockerfile)
class TestPiHeadlessPrompt(unittest.TestCase):
def test_returns_p_flag_and_prompt(self):
self.assertEqual(["-p", "Do the task"], PiAgentProvider().headless_prompt("Do the task"))
def test_preserves_prompt_text_verbatim(self):
text = "Fix issue #42: the widget breaks on empty input"
self.assertEqual(["-p", text], PiAgentProvider().headless_prompt(text))
if __name__ == "__main__": if __name__ == "__main__":
unittest.main() unittest.main()
@@ -38,6 +38,7 @@ class _Provider(AgentProvider):
def provision_prompt(self, plan, bottle): ... # type: ignore[override] def provision_prompt(self, plan, bottle): ... # type: ignore[override]
def provision(self, plan, bottle): ... # type: ignore[override] def provision(self, plan, bottle): ... # type: ignore[override]
def provision_supervise_mcp(self, plan, bottle, supervise_url): ... # type: ignore[override] def provision_supervise_mcp(self, plan, bottle, supervise_url): ... # type: ignore[override]
def headless_prompt(self, prompt): return [] # type: ignore[override]
_PROVIDER = _Provider() _PROVIDER = _Provider()
@@ -47,7 +47,6 @@ def _addon() -> EgressAddon:
a: EgressAddon = EgressAddon.__new__(EgressAddon) a: EgressAddon = EgressAddon.__new__(EgressAddon)
a.config = Config(routes=(), log=LOG_FULL) a.config = Config(routes=(), log=LOG_FULL)
a.safe_tokens = set() a.safe_tokens = set()
a._supervise_queue_dir = ""
a._supervise_slug = "" a._supervise_slug = ""
a._token_allow_timeout = 300.0 a._token_allow_timeout = 300.0
return a return a
+3 -6
View File
@@ -212,7 +212,6 @@ def _addon(config: Config) -> EgressAddon:
a: EgressAddon = EgressAddon.__new__(EgressAddon) a: EgressAddon = EgressAddon.__new__(EgressAddon)
a.config = config a.config = config
a.safe_tokens = set() a.safe_tokens = set()
a._supervise_queue_dir = ""
a._supervise_slug = "" a._supervise_slug = ""
a._token_allow_timeout = 300.0 a._token_allow_timeout = 300.0
a.routes_path = "/nonexistent/routes.yaml" a.routes_path = "/nonexistent/routes.yaml"
@@ -386,10 +385,10 @@ def _fake_sv(response_status: str | None) -> types.SimpleNamespace:
def _sha256_hex(_payload: Any) -> str: def _sha256_hex(_payload: Any) -> str:
return "hash" return "hash"
def _noop(_a: Any, _b: Any) -> None: def _noop(*_args: Any) -> None:
return None return None
def _read_response(_qd: Any, _pid: Any) -> Any: def _read_response(_slug: Any, _pid: Any) -> Any:
if response_status is None: if response_status is None:
raise OSError("not written yet") # forces poll -> timeout raise OSError("not written yet") # forces poll -> timeout
return types.SimpleNamespace(status=response_status) return types.SimpleNamespace(status=response_status)
@@ -409,7 +408,6 @@ def _fake_sv(response_status: str | None) -> types.SimpleNamespace:
class TestSuperviseBranch(unittest.TestCase): class TestSuperviseBranch(unittest.TestCase):
def _supervised_addon(self) -> EgressAddon: def _supervised_addon(self) -> EgressAddon:
addon = _addon(Config(routes=(Route(host="api.example.com"),))) addon = _addon(Config(routes=(Route(host="api.example.com"),)))
addon._supervise_queue_dir = "/tmp/egress-queue"
addon._supervise_slug = "test-bottle" addon._supervise_slug = "test-bottle"
addon._token_allow_timeout = 0.05 addon._token_allow_timeout = 0.05
return addon return addon
@@ -632,14 +630,13 @@ class TestRedactSurfaces(unittest.TestCase):
class TestSuperviseWriteFailure(unittest.TestCase): class TestSuperviseWriteFailure(unittest.TestCase):
def test_write_proposal_oserror_blocks(self) -> None: def test_write_proposal_oserror_blocks(self) -> None:
addon = _addon(Config(routes=(Route(host="api.example.com"),))) addon = _addon(Config(routes=(Route(host="api.example.com"),)))
addon._supervise_queue_dir = "/tmp/egress-queue"
addon._supervise_slug = "test-bottle" addon._supervise_slug = "test-bottle"
addon._token_allow_timeout = 0.05 addon._token_allow_timeout = 0.05
flow = _Flow(_Request(host="api.example.com", method="POST", body=f"k={_OPENAI_KEY}")) flow = _Flow(_Request(host="api.example.com", method="POST", body=f"k={_OPENAI_KEY}"))
fake = _fake_sv("approved") fake = _fake_sv("approved")
def _raise(_qd: Any, _p: Any) -> None: def _raise(_p: Any) -> None:
raise OSError("disk full") raise OSError("disk full")
fake.write_proposal = _raise fake.write_proposal = _raise
+25 -2
View File
@@ -14,6 +14,7 @@ from bot_bottle.git_gate import (
git_gate_render_access_hook, git_gate_render_access_hook,
git_gate_render_entrypoint, git_gate_render_entrypoint,
git_gate_render_hook, git_gate_render_hook,
provision_git_gate_dynamic_keys,
revoke_git_gate_provisioned_keys, revoke_git_gate_provisioned_keys,
_resolve_identity_file, _resolve_identity_file,
git_gate_upstreams_for_bottle, git_gate_upstreams_for_bottle,
@@ -209,8 +210,9 @@ class TestHookRender(unittest.TestCase):
# the suppressed findings for human approval. # the suppressed findings for human approval.
self.assertIn("--ignore-gitleaks-allow", hook) self.assertIn("--ignore-gitleaks-allow", hook)
self.assertIn("--report-format=json", hook) self.assertIn("--report-format=json", hook)
self.assertIn('"tool": "gitleaks-allow"', hook) self.assertIn("tool=_sv.TOOL_GITLEAKS_ALLOW", hook)
self.assertIn("SUPERVISE_QUEUE_DIR", hook) self.assertIn("_sv.write_proposal", hook)
self.assertIn("_sv.read_response", hook)
self.assertIn("SUPERVISE_BOTTLE_SLUG", hook) self.assertIn("SUPERVISE_BOTTLE_SLUG", hook)
self.assertIn("supervisor approved # gitleaks:allow", hook) self.assertIn("supervisor approved # gitleaks:allow", hook)
self.assertIn("supervisor rejected # gitleaks:allow", hook) self.assertIn("supervisor rejected # gitleaks:allow", hook)
@@ -371,6 +373,27 @@ class TestDynamicKeyProvisioning(unittest.TestCase):
self.assertEqual("/tmp/provisioned-key", _resolve_identity_file(entry, "demo", self.stage)) self.assertEqual("/tmp/provisioned-key", _resolve_identity_file(entry, "demo", self.stage))
mock_provision.assert_called_once() mock_provision.assert_called_once()
def test_prepare_defers_gitea_key_provisioning(self):
bottle = self._gitea_manifest().bottles["dev"]
with patch("bot_bottle.git_gate_provision._provision_dynamic_key") as mock_provision:
plan = _StubGate().prepare(bottle, "demo", self.stage)
mock_provision.assert_not_called()
self.assertEqual("", plan.upstreams[0].identity_file)
def test_launch_time_helper_provisions_gitea_keys(self):
bottle = self._gitea_manifest().bottles["dev"]
plan = _StubGate().prepare(bottle, "demo", self.stage)
with patch(
"bot_bottle.git_gate_provision._provision_dynamic_key",
return_value="/tmp/provisioned-key",
) as mock_provision:
updated = provision_git_gate_dynamic_keys(bottle, plan, self.stage)
mock_provision.assert_called_once_with(bottle.git[0], "demo", self.stage)
self.assertEqual("/tmp/provisioned-key", updated.upstreams[0].identity_file)
def test_revoke_skips_non_gitea_and_missing_id_file(self): def test_revoke_skips_non_gitea_and_missing_id_file(self):
revoke_git_gate_provisioned_keys(fixture_with_git().bottles["dev"], self.stage) revoke_git_gate_provisioned_keys(fixture_with_git().bottles["dev"], self.stage)
+4 -2
View File
@@ -71,7 +71,9 @@ def _plan(
else: else:
git_gate_plan = SimpleNamespace(upstreams=()) git_gate_plan = SimpleNamespace(upstreams=())
supervise_plan = ( supervise_plan = (
SimpleNamespace(queue_dir=Path("/state/supervise/queue")) SimpleNamespace(
db_path=Path("/state/bot-bottle.db"),
)
if supervise else None if supervise else None
) )
agent_provision = SimpleNamespace( agent_provision = SimpleNamespace(
@@ -137,7 +139,7 @@ class TestMacosContainerLaunchArgv(unittest.TestCase):
argv, argv,
) )
self.assertIn( self.assertIn(
"type=bind,source=/state/supervise/queue,target=/run/supervise/queue", "type=bind,source=/state/bot-bottle.db,target=/run/supervise/bot-bottle.db",
argv, argv,
) )
+10 -1
View File
@@ -49,6 +49,7 @@ class _Provider(AgentProvider):
def provision_prompt(self, plan, bottle): ... # type: ignore[override] def provision_prompt(self, plan, bottle): ... # type: ignore[override]
def provision(self, plan, bottle): ... # type: ignore[override] def provision(self, plan, bottle): ... # type: ignore[override]
def provision_supervise_mcp(self, plan, bottle, supervise_url): ... # type: ignore[override] def provision_supervise_mcp(self, plan, bottle, supervise_url): ... # type: ignore[override]
def headless_prompt(self, prompt): return [] # type: ignore[override]
_PROVIDER = _Provider() _PROVIDER = _Provider()
@@ -129,7 +130,7 @@ def _plan(
if supervise: if supervise:
supervise_plan = SupervisePlan( supervise_plan = SupervisePlan(
slug="demo-abc12", slug="demo-abc12",
queue_dir=Path("/tmp/queue"), db_path=Path("/tmp/bot-bottle.db"),
) )
return SmolmachinesBottlePlan( return SmolmachinesBottlePlan(
spec=spec, spec=spec,
@@ -421,6 +422,14 @@ class TestBundleLaunchSpec(unittest.TestCase):
spec.environment, spec.environment,
) )
def test_supervise_adds_daemon_volume_and_env(self):
from bot_bottle.supervise import DB_PATH_IN_CONTAINER
plan = _plan(supervise=True)
spec = _bundle_launch_spec(plan, "net", "127.0.0.16")
self.assertIn("supervise", spec.daemons_csv)
self.assertIn(f"SUPERVISE_DB_PATH={DB_PATH_IN_CONTAINER}", spec.environment)
self.assertIn(("/tmp/bot-bottle.db", DB_PATH_IN_CONTAINER, False), spec.volumes)
def test_canary_env_visible_to_smolvm_guest(self): def test_canary_env_visible_to_smolvm_guest(self):
plan = _plan(canary=True) plan = _plan(canary=True)
with patch.object( with patch.object(
+48 -36
View File
@@ -1,6 +1,5 @@
"""Unit: supervise queue + audit log + diff helpers (PRD 0013).""" """Unit: supervise queue + audit log + diff helpers (PRD 0013)."""
import json
import tempfile import tempfile
import threading import threading
import time import time
@@ -19,7 +18,7 @@ from bot_bottle.supervise import (
TOOL_EGRESS_ALLOW, TOOL_EGRESS_ALLOW,
TOOL_GITLEAKS_ALLOW, TOOL_GITLEAKS_ALLOW,
archive_proposal, archive_proposal,
audit_log_path, host_db_path,
list_pending_proposals, list_pending_proposals,
read_audit_entries, read_audit_entries,
read_proposal, read_proposal,
@@ -112,32 +111,44 @@ class TestResponseRoundtrip(unittest.TestCase):
class TestQueueIO(unittest.TestCase): class TestQueueIO(unittest.TestCase):
def setUp(self): def setUp(self):
self._tmp = tempfile.TemporaryDirectory(prefix="bot-bottle-supervise-test.") self._tmp = tempfile.TemporaryDirectory(prefix="bot-bottle-supervise-test.")
self.queue_dir = Path(self._tmp.name) self._home_patch = self._patch_home(Path(self._tmp.name))
self.slug = "dev"
def tearDown(self): def tearDown(self):
self._home_patch()
self._tmp.cleanup() self._tmp.cleanup()
def _patch_home(self, fake_home: Path):
original = supervise.bot_bottle_root
def fake_root() -> Path:
return fake_home / ".bot-bottle"
supervise.bot_bottle_root = fake_root # type: ignore[assignment]
return lambda: setattr(supervise, "bot_bottle_root", original)
def test_write_and_read_proposal(self): def test_write_and_read_proposal(self):
p = _proposal() p = _proposal()
path = write_proposal(self.queue_dir, p) path = write_proposal(p)
self.assertTrue(path.exists()) self.assertTrue(path.exists())
self.assertEqual(host_db_path(), path)
self.assertEqual(0o600, path.stat().st_mode & 0o777) self.assertEqual(0o600, path.stat().st_mode & 0o777)
loaded = read_proposal(self.queue_dir, p.id) loaded = read_proposal(self.slug, p.id)
self.assertEqual(p, loaded) self.assertEqual(p, loaded)
def test_list_pending_excludes_responded(self): def test_list_pending_excludes_responded(self):
a = _proposal(justification="first") a = _proposal(justification="first")
b = _proposal(justification="second") b = _proposal(justification="second")
write_proposal(self.queue_dir, a) write_proposal(a)
write_proposal(self.queue_dir, b) write_proposal(b)
write_response(self.queue_dir, Response( write_response(self.slug, Response(
proposal_id=a.id, status=STATUS_APPROVED, notes="", proposal_id=a.id, status=STATUS_APPROVED, notes="",
)) ))
pending = list_pending_proposals(self.queue_dir) pending = list_pending_proposals(self.slug)
self.assertEqual([b.id], [p.id for p in pending]) self.assertEqual([b.id], [p.id for p in pending])
def test_list_pending_returns_empty_for_missing_dir(self): def test_list_pending_returns_empty_for_missing_slug(self):
self.assertEqual([], list_pending_proposals(self.queue_dir / "nope")) self.assertEqual([], list_pending_proposals("nope"))
def test_list_pending_sorted_by_arrival(self): def test_list_pending_sorted_by_arrival(self):
# Fabricate two with explicit timestamps. # Fabricate two with explicit timestamps.
@@ -154,30 +165,30 @@ class TestQueueIO(unittest.TestCase):
now=datetime(2026, 5, 25, 14, 0, 0, tzinfo=timezone.utc), now=datetime(2026, 5, 25, 14, 0, 0, tzinfo=timezone.utc),
) )
# Write in reverse order. # Write in reverse order.
write_proposal(self.queue_dir, b) write_proposal(b)
write_proposal(self.queue_dir, a) write_proposal(a)
ordered = list_pending_proposals(self.queue_dir) ordered = list_pending_proposals(self.slug)
self.assertEqual([a.id, b.id], [p.id for p in ordered]) self.assertEqual([a.id, b.id], [p.id for p in ordered])
def test_write_and_read_response(self): def test_write_and_read_response(self):
r = Response(proposal_id="xyz", status=STATUS_REJECTED, notes="no") r = Response(proposal_id="xyz", status=STATUS_REJECTED, notes="no")
write_response(self.queue_dir, r) write_response(self.slug, r)
self.assertEqual(r, read_response(self.queue_dir, "xyz")) self.assertEqual(r, read_response(self.slug, "xyz"))
def test_wait_for_response_returns_when_file_appears(self): def test_wait_for_response_returns_when_file_appears(self):
p = _proposal() p = _proposal()
write_proposal(self.queue_dir, p) write_proposal(p)
def write_after_delay(): def write_after_delay():
time.sleep(0.05) time.sleep(0.05)
write_response(self.queue_dir, Response( write_response(self.slug, Response(
proposal_id=p.id, status=STATUS_APPROVED, notes="ok", proposal_id=p.id, status=STATUS_APPROVED, notes="ok",
)) ))
t = threading.Thread(target=write_after_delay) t = threading.Thread(target=write_after_delay)
t.start() t.start()
try: try:
r = wait_for_response(self.queue_dir, p.id, poll_interval=0.01) r = wait_for_response(self.slug, p.id, poll_interval=0.01)
finally: finally:
t.join() t.join()
self.assertEqual(STATUS_APPROVED, r.status) self.assertEqual(STATUS_APPROVED, r.status)
@@ -187,25 +198,24 @@ class TestQueueIO(unittest.TestCase):
deadline = time.monotonic() + 0.05 deadline = time.monotonic() + 0.05
with self.assertRaises(TimeoutError): with self.assertRaises(TimeoutError):
wait_for_response( wait_for_response(
self.queue_dir, "never", self.slug, "never",
poll_interval=0.01, deadline=deadline, poll_interval=0.01, deadline=deadline,
) )
def test_archive_proposal_moves_both_files(self): def test_archive_proposal_hides_rows(self):
p = _proposal() p = _proposal()
write_proposal(self.queue_dir, p) write_proposal(p)
write_response(self.queue_dir, Response( write_response(self.slug, Response(
proposal_id=p.id, status=STATUS_APPROVED, notes="", proposal_id=p.id, status=STATUS_APPROVED, notes="",
)) ))
archive_proposal(self.queue_dir, p.id) archive_proposal(self.slug, p.id)
self.assertFalse((self.queue_dir / f"{p.id}.proposal.json").exists()) self.assertEqual([], list_pending_proposals(self.slug))
self.assertFalse((self.queue_dir / f"{p.id}.response.json").exists()) with self.assertRaises(FileNotFoundError):
self.assertTrue((self.queue_dir / "processed" / f"{p.id}.proposal.json").exists()) read_response(self.slug, p.id)
self.assertTrue((self.queue_dir / "processed" / f"{p.id}.response.json").exists())
def test_archive_is_idempotent_on_missing_files(self): def test_archive_is_idempotent_on_missing_files(self):
# Should not raise. # Should not raise.
archive_proposal(self.queue_dir, "nope") archive_proposal(self.slug, "nope")
class TestAuditLog(unittest.TestCase): class TestAuditLog(unittest.TestCase):
@@ -237,6 +247,7 @@ class TestAuditLog(unittest.TestCase):
diff="--- before\n+++ after\n", diff="--- before\n+++ after\n",
) )
path = write_audit_entry(e) path = write_audit_entry(e)
self.assertEqual(host_db_path(), path)
self.assertEqual(0o600, path.stat().st_mode & 0o777) self.assertEqual(0o600, path.stat().st_mode & 0o777)
loaded = read_audit_entries("cred-proxy", "dev") loaded = read_audit_entries("cred-proxy", "dev")
self.assertEqual([e], loaded) self.assertEqual([e], loaded)
@@ -252,12 +263,13 @@ class TestAuditLog(unittest.TestCase):
justification="", justification="",
diff="", diff="",
)) ))
path = audit_log_path("egress", "dev") entries = read_audit_entries("egress", "dev")
with path.open() as f: self.assertEqual(3, len(entries))
lines = [line for line in f if line.strip()] self.assertEqual(
self.assertEqual(3, len(lines)) ["2026-05-25T12:00:00+00:00", "2026-05-25T12:00:01+00:00",
for line in lines: "2026-05-25T12:00:02+00:00"],
self.assertTrue(json.loads(line)) # each line is valid JSON [entry.timestamp for entry in entries],
)
def test_separate_logs_per_component_slug(self): def test_separate_logs_per_component_slug(self):
write_audit_entry(AuditEntry( write_audit_entry(AuditEntry(
@@ -379,7 +391,7 @@ class TestSupervisePrepare(unittest.TestCase):
def test_prepare_creates_queue(self): def test_prepare_creates_queue(self):
plan = _StubSupervise().prepare("dev", self.stage_dir) plan = _StubSupervise().prepare("dev", self.stage_dir)
self.assertTrue(plan.queue_dir.is_dir()) self.assertTrue(plan.db_path.is_file())
self.assertEqual("dev", plan.slug) self.assertEqual("dev", plan.slug)
self.assertEqual("", plan.internal_network) self.assertEqual("", plan.internal_network)
+15 -27
View File
@@ -77,9 +77,7 @@ class TestDiscoverPending(_FakeHomeMixin, unittest.TestCase):
def test_walks_all_slug_subdirs(self): def test_walks_all_slug_subdirs(self):
for slug in ("dev", "api"): for slug in ("dev", "api"):
qdir = supervise.queue_dir_for_slug(slug) supervise.write_proposal(_proposal(slug=slug))
qdir.mkdir(parents=True)
supervise.write_proposal(qdir, _proposal(slug=slug))
pending = supervise_cli.discover_pending() pending = supervise_cli.discover_pending()
self.assertEqual({"dev", "api"}, {qp.proposal.bottle_slug for qp in pending}) self.assertEqual({"dev", "api"}, {qp.proposal.bottle_slug for qp in pending})
@@ -97,18 +95,14 @@ class TestDiscoverPending(_FakeHomeMixin, unittest.TestCase):
now=datetime(2026, 5, 25, 14, 0, 0, tzinfo=timezone.utc), now=datetime(2026, 5, 25, 14, 0, 0, tzinfo=timezone.utc),
) )
for p in (late, early): for p in (late, early):
qdir = supervise.queue_dir_for_slug(p.bottle_slug) supervise.write_proposal(p)
qdir.mkdir(parents=True, exist_ok=True)
supervise.write_proposal(qdir, p)
pending = supervise_cli.discover_pending() pending = supervise_cli.discover_pending()
self.assertEqual([early.id, late.id], [qp.proposal.id for qp in pending]) self.assertEqual([early.id, late.id], [qp.proposal.id for qp in pending])
def test_excludes_already_responded(self): def test_excludes_already_responded(self):
p = _proposal() p = _proposal()
qdir = supervise.queue_dir_for_slug("dev") supervise.write_proposal(p)
qdir.mkdir(parents=True) supervise.write_response("dev", supervise.Response(
supervise.write_proposal(qdir, p)
supervise.write_response(qdir, supervise.Response(
proposal_id=p.id, status=STATUS_APPROVED, notes="", proposal_id=p.id, status=STATUS_APPROVED, notes="",
)) ))
self.assertEqual([], supervise_cli.discover_pending()) self.assertEqual([], supervise_cli.discover_pending())
@@ -123,10 +117,8 @@ class TestApproveReject(_FakeHomeMixin, unittest.TestCase):
def _enqueue(self, tool: str = TOOL_EGRESS_ALLOW): def _enqueue(self, tool: str = TOOL_EGRESS_ALLOW):
p = _proposal(tool=tool) p = _proposal(tool=tool)
qdir = supervise.queue_dir_for_slug("dev") supervise.write_proposal(p)
qdir.mkdir(parents=True, exist_ok=True) return supervise_cli.QueuedProposal(proposal=p)
supervise.write_proposal(qdir, p)
return supervise_cli.QueuedProposal(proposal=p, queue_dir=qdir)
def test_approve_writes_response(self): def test_approve_writes_response(self):
qp = self._enqueue() qp = self._enqueue()
@@ -135,7 +127,7 @@ class TestApproveReject(_FakeHomeMixin, unittest.TestCase):
return_value=("routes: []\n", "routes:\n - host: example.com\n"), return_value=("routes: []\n", "routes:\n - host: example.com\n"),
): ):
supervise_cli.approve(qp) supervise_cli.approve(qp)
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual(STATUS_APPROVED, resp.status) self.assertEqual(STATUS_APPROVED, resp.status)
self.assertIsNone(resp.final_file) self.assertIsNone(resp.final_file)
@@ -150,7 +142,7 @@ class TestApproveReject(_FakeHomeMixin, unittest.TestCase):
final_file="routes:\n - host: edited.example.com\n", final_file="routes:\n - host: edited.example.com\n",
notes="tweaked", notes="tweaked",
) )
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual(STATUS_MODIFIED, resp.status) self.assertEqual(STATUS_MODIFIED, resp.status)
self.assertEqual("routes:\n - host: edited.example.com\n", resp.final_file) self.assertEqual("routes:\n - host: edited.example.com\n", resp.final_file)
self.assertEqual("tweaked", resp.notes) self.assertEqual("tweaked", resp.notes)
@@ -158,7 +150,7 @@ class TestApproveReject(_FakeHomeMixin, unittest.TestCase):
def test_reject_writes_rejection(self): def test_reject_writes_rejection(self):
qp = self._enqueue() qp = self._enqueue()
supervise_cli.reject(qp, reason="nope") supervise_cli.reject(qp, reason="nope")
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual(STATUS_REJECTED, resp.status) self.assertEqual(STATUS_REJECTED, resp.status)
self.assertEqual("nope", resp.notes) self.assertEqual("nope", resp.notes)
@@ -181,36 +173,33 @@ class TestApproveReject(_FakeHomeMixin, unittest.TestCase):
def test_approve_gitleaks_allow_leaves_response_for_gate(self): def test_approve_gitleaks_allow_leaves_response_for_gate(self):
qp = self._enqueue(tool=TOOL_GITLEAKS_ALLOW) qp = self._enqueue(tool=TOOL_GITLEAKS_ALLOW)
supervise_cli.approve(qp, notes="dummy fixture") supervise_cli.approve(qp, notes="dummy fixture")
# Gate polls the queue dir for the response; TUI must not archive it. # Gate polls the DB for the response; TUI must not archive it.
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual(STATUS_APPROVED, resp.status) self.assertEqual(STATUS_APPROVED, resp.status)
self.assertEqual("dummy fixture", resp.notes) self.assertEqual("dummy fixture", resp.notes)
self.assertFalse((qp.queue_dir / "processed").exists())
def test_tui_gitleaks_allow_requires_reason(self): def test_tui_gitleaks_allow_requires_reason(self):
qp = self._enqueue(tool=TOOL_GITLEAKS_ALLOW) qp = self._enqueue(tool=TOOL_GITLEAKS_ALLOW)
with patch.object(supervise_cli, "_prompt", return_value=""): with patch.object(supervise_cli, "_prompt", return_value=""):
status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type] status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type]
self.assertEqual("approve aborted (empty reason)", status) self.assertEqual("approve aborted (empty reason)", status)
self.assertFalse((qp.queue_dir / "processed").exists())
def test_tui_gitleaks_allow_writes_reason(self): def test_tui_gitleaks_allow_writes_reason(self):
qp = self._enqueue(tool=TOOL_GITLEAKS_ALLOW) qp = self._enqueue(tool=TOOL_GITLEAKS_ALLOW)
with patch.object(supervise_cli, "_prompt", return_value="test fixture"): with patch.object(supervise_cli, "_prompt", return_value="test fixture"):
status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type] status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type]
self.assertIn("approved gitleaks-allow", status) self.assertIn("approved gitleaks-allow", status)
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual("test fixture", resp.notes) self.assertEqual("test fixture", resp.notes)
def test_approve_token_allow_leaves_response_for_egress(self): def test_approve_token_allow_leaves_response_for_egress(self):
qp = self._enqueue(tool=TOOL_EGRESS_TOKEN_ALLOW) qp = self._enqueue(tool=TOOL_EGRESS_TOKEN_ALLOW)
supervise_cli.approve(qp, notes="false positive") supervise_cli.approve(qp, notes="false positive")
# The egress addon polls the queue dir for the response; the TUI must # The egress addon polls the DB for the response; the TUI must
# not archive it (the addon archives after reading). # not archive it (the addon archives after reading).
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual(STATUS_APPROVED, resp.status) self.assertEqual(STATUS_APPROVED, resp.status)
self.assertEqual("false positive", resp.notes) self.assertEqual("false positive", resp.notes)
self.assertFalse((qp.queue_dir / "processed").exists())
def test_token_allow_writes_no_audit_log(self): def test_token_allow_writes_no_audit_log(self):
qp = self._enqueue(tool=TOOL_EGRESS_TOKEN_ALLOW) qp = self._enqueue(tool=TOOL_EGRESS_TOKEN_ALLOW)
@@ -222,14 +211,13 @@ class TestApproveReject(_FakeHomeMixin, unittest.TestCase):
with patch.object(supervise_cli, "_prompt", return_value=""): with patch.object(supervise_cli, "_prompt", return_value=""):
status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type] status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type]
self.assertEqual("approve aborted (empty reason)", status) self.assertEqual("approve aborted (empty reason)", status)
self.assertFalse((qp.queue_dir / "processed").exists())
def test_tui_token_allow_writes_reason(self): def test_tui_token_allow_writes_reason(self):
qp = self._enqueue(tool=TOOL_EGRESS_TOKEN_ALLOW) qp = self._enqueue(tool=TOOL_EGRESS_TOKEN_ALLOW)
with patch.object(supervise_cli, "_prompt", return_value="legit"): with patch.object(supervise_cli, "_prompt", return_value="legit"):
status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type] status = supervise_cli._approve_from_tui(None, qp) # type: ignore[arg-type]
self.assertIn("approved egress-token-allow", status) self.assertIn("approved egress-token-allow", status)
resp = read_response(qp.queue_dir, qp.proposal.id) resp = read_response(qp.proposal.bottle_slug, qp.proposal.id)
self.assertEqual("legit", resp.notes) self.assertEqual("legit", resp.notes)
def test_suffix_for_token_allow_is_txt(self): def test_suffix_for_token_allow_is_txt(self):
+114 -56
View File
@@ -4,7 +4,6 @@ fallback paths."""
from __future__ import annotations from __future__ import annotations
import os
import tempfile import tempfile
import time import time
import unittest import unittest
@@ -12,14 +11,19 @@ from pathlib import Path
from unittest.mock import patch from unittest.mock import patch
from bot_bottle import supervise from bot_bottle import supervise
from bot_bottle.audit_store import AuditStore
from bot_bottle.queue_store import QueueStore
from bot_bottle.supervise import ( from bot_bottle.supervise import (
AuditEntry,
Proposal, Proposal,
STATUS_APPROVED,
TOOL_EGRESS_ALLOW, TOOL_EGRESS_ALLOW,
list_pending_proposals, list_pending_proposals,
read_audit_entries, read_audit_entries,
read_proposal, read_proposal,
read_response, read_response,
wait_for_response, wait_for_response,
write_audit_entry,
) )
@@ -37,58 +41,53 @@ class TestPathHelpers(unittest.TestCase):
def test_bot_bottle_root(self) -> None: def test_bot_bottle_root(self) -> None:
self.assertTrue(str(supervise.bot_bottle_root()).endswith(".bot-bottle")) self.assertTrue(str(supervise.bot_bottle_root()).endswith(".bot-bottle"))
def test_queue_dir_for_slug(self) -> None:
self.assertIn("slug", str(supervise.queue_dir_for_slug("slug")))
def test_id_from_non_proposal_filename(self) -> None:
self.assertIsNone(supervise._id_from_proposal_filename(Path("x.response.json")))
class TestReadMalformed(unittest.TestCase): class TestReadMalformed(unittest.TestCase):
def test_read_proposal_non_dict(self) -> None: def test_read_proposal_missing_row(self) -> None:
with tempfile.TemporaryDirectory() as d: with tempfile.TemporaryDirectory() as d:
(Path(d) / "p.proposal.json").write_text("[]") with patch.dict("os.environ", {"HOME": d}), \
with self.assertRaises(ValueError): self.assertRaises(FileNotFoundError):
read_proposal(Path(d), "p") read_proposal("slug", "p")
def test_read_response_non_dict(self) -> None: def test_read_response_missing_row(self) -> None:
with tempfile.TemporaryDirectory() as d: with tempfile.TemporaryDirectory() as d:
(Path(d) / "p.response.json").write_text("[]") with patch.dict("os.environ", {"HOME": d}), \
with self.assertRaises(ValueError): self.assertRaises(FileNotFoundError):
read_response(Path(d), "p") read_response("slug", "p")
def test_list_pending_skips_malformed(self) -> None: def test_list_pending_reads_db_only(self) -> None:
with tempfile.TemporaryDirectory() as d: with tempfile.TemporaryDirectory() as d:
qd = Path(d) with patch.dict("os.environ", {"HOME": d}):
(qd / "bad.proposal.json").write_text("{ not json") supervise.write_proposal(_proposal())
(qd / "arr.proposal.json").write_text("[]") pending = list_pending_proposals("slug")
(qd / "incomplete.proposal.json").write_text("{}") # from_dict raises
supervise.write_proposal(qd, _proposal()) # one valid
pending = list_pending_proposals(qd)
self.assertEqual(1, len(pending)) self.assertEqual(1, len(pending))
self.assertEqual("slug", pending[0].bottle_slug) self.assertEqual("slug", pending[0].bottle_slug)
def test_list_pending_skips_when_response_present(self) -> None: def test_list_pending_skips_when_response_present(self) -> None:
with tempfile.TemporaryDirectory() as d: with tempfile.TemporaryDirectory() as d:
qd = Path(d) with patch.dict("os.environ", {"HOME": d}):
p = _proposal() p = _proposal()
supervise.write_proposal(qd, p) supervise.write_proposal(p)
(qd / f"{p.id}.response.json").write_text("{}") # response exists -> skipped supervise.write_response("slug", supervise.Response(
self.assertEqual([], list_pending_proposals(qd)) proposal_id=p.id,
status=STATUS_APPROVED,
notes="",
))
self.assertEqual([], list_pending_proposals("slug"))
class TestWaitForResponse(unittest.TestCase): class TestWaitForResponse(unittest.TestCase):
def test_malformed_response_then_timeout(self) -> None: def test_missing_response_times_out(self) -> None:
with tempfile.TemporaryDirectory() as d: with tempfile.TemporaryDirectory() as d:
(Path(d) / "p.response.json").write_text("{ not json") with patch.dict("os.environ", {"HOME": d}), \
with self.assertRaises(TimeoutError): self.assertRaises(TimeoutError):
wait_for_response(Path(d), "p", deadline=time.monotonic()) wait_for_response("slug", "p", deadline=time.monotonic())
def test_incomplete_response_then_timeout(self) -> None: def test_empty_db_response_does_not_count(self) -> None:
with tempfile.TemporaryDirectory() as d: with tempfile.TemporaryDirectory() as d:
(Path(d) / "p.response.json").write_text("{}") # dict but from_dict raises with patch.dict("os.environ", {"HOME": d}), \
with self.assertRaises(TimeoutError): self.assertRaises(TimeoutError):
wait_for_response(Path(d), "p", deadline=time.monotonic()) wait_for_response("slug", "p", deadline=time.monotonic())
class TestReadAuditEntries(unittest.TestCase): class TestReadAuditEntries(unittest.TestCase):
@@ -97,35 +96,94 @@ class TestReadAuditEntries(unittest.TestCase):
patch.dict("os.environ", {"HOME": home}): patch.dict("os.environ", {"HOME": home}):
self.assertEqual([], read_audit_entries("egress", "nope")) self.assertEqual([], read_audit_entries("egress", "nope"))
def test_skips_malformed_lines(self) -> None: def test_reads_entries_from_db(self) -> None:
with tempfile.TemporaryDirectory() as home, \ with tempfile.TemporaryDirectory() as home, \
patch.dict("os.environ", {"HOME": home}): patch.dict("os.environ", {"HOME": home}):
path = supervise.audit_log_path("egress", "slug") write_audit_entry(AuditEntry(
path.parent.mkdir(parents=True, exist_ok=True) timestamp="t",
valid = ( bottle_slug="slug",
'{"timestamp": "t", "bottle_slug": "slug", "component": "egress",' component="egress",
' "operator_action": "approve", "operator_notes": "",' operator_action="approve",
' "justification": "", "diff": ""}' operator_notes="",
) justification="",
path.write_text( diff="",
"\n" # blank line skipped ))
"{ not json\n" # JSONDecodeError skipped write_audit_entry(AuditEntry(
"[]\n" # not a dict skipped timestamp="t",
"{}\n" # missing fields -> ValueError skipped bottle_slug="other",
+ valid + "\n" component="egress",
) operator_action="reject",
operator_notes="",
justification="",
diff="",
))
entries = read_audit_entries("egress", "slug") entries = read_audit_entries("egress", "slug")
self.assertEqual(1, len(entries)) self.assertEqual(1, len(entries))
self.assertEqual("approve", entries[0].operator_action) self.assertEqual("approve", entries[0].operator_action)
def test_legacy_audit_log_file_does_not_count(self) -> None:
with tempfile.TemporaryDirectory() as home, \
patch.dict("os.environ", {"HOME": home}):
path = supervise.audit_log_path("egress", "slug")
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(
'{"timestamp": "t", "bottle_slug": "slug", "component": "egress",'
' "operator_action": "approve", "operator_notes": "",'
' "justification": "", "diff": ""}\n'
)
entries = read_audit_entries("egress", "slug")
self.assertEqual([], entries)
class TestFlockFallback(unittest.TestCase):
def test_flock_on_closed_fd_is_swallowed(self) -> None: class TestStoreGuardBranches(unittest.TestCase):
# flock on a closed fd raises OSError(EBADF), which the helpers swallow. """Direct QueueStore / AuditStore construction and early-return guard branches."""
fd = os.open(os.devnull, os.O_RDONLY)
os.close(fd) def test_queue_store_explicit_db_path(self):
supervise._try_flock(fd) with tempfile.TemporaryDirectory() as d:
supervise._try_funlock(fd) db = Path(d) / "q.db"
store = QueueStore("key", db_path=db)
self.assertTrue(db.is_file())
self.assertEqual(db, store.db_path)
def test_queue_store_missing_db_list_pending_returns_empty(self):
with tempfile.TemporaryDirectory() as d:
db = Path(d) / "q.db"
store = QueueStore("key", db_path=db)
db.unlink()
self.assertEqual([], store.list_pending_proposals())
def test_queue_store_missing_db_list_all_returns_empty(self):
with tempfile.TemporaryDirectory() as d:
db = Path(d) / "q.db"
store = QueueStore("key", db_path=db)
db.unlink()
self.assertEqual([], store.list_all_pending_proposals())
def test_queue_store_missing_db_archive_is_noop(self):
with tempfile.TemporaryDirectory() as d:
db = Path(d) / "q.db"
store = QueueStore("key", db_path=db)
db.unlink()
store.archive_proposal("anything") # must not raise
def test_queue_store_chmod_oserror_is_swallowed(self):
with tempfile.TemporaryDirectory() as d:
db = Path(d) / "q.db"
with patch("pathlib.Path.chmod", side_effect=OSError("ro")):
QueueStore("key", db_path=db) # must not raise
def test_audit_store_missing_db_read_returns_empty(self):
with tempfile.TemporaryDirectory() as d:
db = Path(d) / "a.db"
store = AuditStore(db_path=db)
db.unlink()
self.assertEqual([], store.read_audit_entries("egress", "slug"))
def test_audit_store_chmod_oserror_is_swallowed(self):
with tempfile.TemporaryDirectory() as d:
db = Path(d) / "a.db"
with patch("pathlib.Path.chmod", side_effect=OSError("ro")):
AuditStore(db_path=db) # must not raise
if __name__ == "__main__": if __name__ == "__main__":
+22 -18
View File
@@ -112,7 +112,7 @@ class TestRpcErrorTaxonomy(unittest.TestCase):
validate_proposed_file(_sv.TOOL_EGRESS_ALLOW, "routes: nope\n") validate_proposed_file(_sv.TOOL_EGRESS_ALLOW, "routes: nope\n")
def test_unknown_tool_in_tools_call_is_client_error(self): def test_unknown_tool_in_tools_call_is_client_error(self):
config = ServerConfig(bottle_slug="dev", queue_dir=Path("/unused")) config = ServerConfig(bottle_slug="dev")
with self.assertRaises(_RpcClientError) as cm: with self.assertRaises(_RpcClientError) as cm:
handle_tools_call({"name": "no-such-tool", "arguments": {}}, config) handle_tools_call({"name": "no-such-tool", "arguments": {}}, config)
self.assertEqual(ERR_INVALID_PARAMS, cm.exception.code) self.assertEqual(ERR_INVALID_PARAMS, cm.exception.code)
@@ -122,9 +122,9 @@ class TestRpcInternalErrorOnIoFailure(unittest.TestCase):
def test_write_proposal_os_error_raises_internal(self): def test_write_proposal_os_error_raises_internal(self):
config = ServerConfig( config = ServerConfig(
bottle_slug="dev", bottle_slug="dev",
queue_dir=Path("/dev/null/cannot-exist"),
) )
with self.assertRaises(_RpcInternalError) as cm: with patch.object(_sv, "write_proposal", side_effect=OSError("disk full")), \
self.assertRaises(_RpcInternalError) as cm:
handle_tools_call( handle_tools_call(
{ {
"name": _sv.TOOL_EGRESS_ALLOW, "name": _sv.TOOL_EGRESS_ALLOW,
@@ -265,21 +265,31 @@ class TestHandleToolsList(unittest.TestCase):
class TestHandleToolsCall(unittest.TestCase): class TestHandleToolsCall(unittest.TestCase):
def setUp(self): def setUp(self):
self._tmp = tempfile.TemporaryDirectory(prefix="supervise-server-test.") self._tmp = tempfile.TemporaryDirectory(prefix="supervise-server-test.")
self.queue_dir = Path(self._tmp.name) self._home_patch = self._patch_home(Path(self._tmp.name))
self.config = ServerConfig(bottle_slug="dev", queue_dir=self.queue_dir) self.config = ServerConfig(bottle_slug="dev")
def tearDown(self): def tearDown(self):
self._home_patch()
self._tmp.cleanup() self._tmp.cleanup()
def _patch_home(self, fake_home: Path):
original = _sv.bot_bottle_root
def fake_root() -> Path:
return fake_home / ".bot-bottle"
_sv.bot_bottle_root = fake_root # type: ignore[assignment]
return lambda: setattr(_sv, "bot_bottle_root", original)
def _respond_when_proposal_appears(self, status: str, notes: str = "") -> threading.Thread: def _respond_when_proposal_appears(self, status: str, notes: str = "") -> threading.Thread:
"""Background thread: poll the queue for a fresh proposal, write a """Background thread: poll the queue for a fresh proposal, write a
matching response. Returns the thread so the test can join it.""" matching response. Returns the thread so the test can join it."""
def runner(): def runner():
for _ in range(200): for _ in range(200):
pending = _sv.list_pending_proposals(self.queue_dir) pending = _sv.list_pending_proposals("dev")
if pending: if pending:
p = pending[0] p = pending[0]
_sv.write_response(self.queue_dir, _sv.Response( _sv.write_response("dev", _sv.Response(
proposal_id=p.id, status=status, notes=notes, proposal_id=p.id, status=status, notes=notes,
)) ))
return return
@@ -412,15 +422,11 @@ class TestHandleToolsCall(unittest.TestCase):
finally: finally:
responder.join() responder.join()
# No pending proposals left after archive. # No pending proposals left after archive.
self.assertEqual([], _sv.list_pending_proposals(self.queue_dir)) self.assertEqual([], _sv.list_pending_proposals("dev"))
# Both files moved to processed/.
processed = list((self.queue_dir / "processed").glob("*.json"))
self.assertEqual(2, len(processed))
def test_pending_response_times_out_without_archive(self): def test_pending_response_times_out_without_archive(self):
config = ServerConfig( config = ServerConfig(
bottle_slug="dev", bottle_slug="dev",
queue_dir=self.queue_dir,
response_timeout_seconds=0.05, response_timeout_seconds=0.05,
) )
result = handle_tools_call( result = handle_tools_call(
@@ -438,8 +444,7 @@ class TestHandleToolsCall(unittest.TestCase):
text = result["content"][0]["text"] # type: ignore[index] text = result["content"][0]["text"] # type: ignore[index]
self.assertIn("status: pending", text) self.assertIn("status: pending", text)
self.assertIn("proposal remains queued", text) self.assertIn("proposal remains queued", text)
self.assertEqual(1, len(_sv.list_pending_proposals(self.queue_dir))) self.assertEqual(1, len(_sv.list_pending_proposals("dev")))
self.assertFalse((self.queue_dir / "processed").exists())
class TestHandleListEgressRoutes(unittest.TestCase): class TestHandleListEgressRoutes(unittest.TestCase):
@@ -461,7 +466,7 @@ class TestHandleListEgressRoutes(unittest.TestCase):
with patch.object(supervise_server.urllib.request, "build_opener", return_value=_Opener()): with patch.object(supervise_server.urllib.request, "build_opener", return_value=_Opener()):
result = handle_list_egress_routes( result = handle_list_egress_routes(
{}, {},
ServerConfig(bottle_slug="dev", queue_dir=Path("/unused")), ServerConfig(bottle_slug="dev"),
) )
self.assertFalse(result["isError"]) # type: ignore[index] self.assertFalse(result["isError"]) # type: ignore[index]
@@ -476,7 +481,7 @@ class TestHandleListEgressRoutes(unittest.TestCase):
with patch.object(supervise_server.urllib.request, "build_opener", return_value=_Opener()): with patch.object(supervise_server.urllib.request, "build_opener", return_value=_Opener()):
result = handle_list_egress_routes( result = handle_list_egress_routes(
{}, {},
ServerConfig(bottle_slug="dev", queue_dir=Path("/unused")), ServerConfig(bottle_slug="dev"),
) )
self.assertTrue(result["isError"]) # type: ignore[index] self.assertTrue(result["isError"]) # type: ignore[index]
@@ -544,7 +549,6 @@ class TestHttpEndToEnd(unittest.TestCase):
def setUp(self): def setUp(self):
self._tmp = tempfile.TemporaryDirectory(prefix="supervise-http-test.") self._tmp = tempfile.TemporaryDirectory(prefix="supervise-http-test.")
self.queue_dir = Path(self._tmp.name)
# Pick a random port by binding to :0 first. # Pick a random port by binding to :0 first.
import socket import socket
s = socket.socket() s = socket.socket()
@@ -552,7 +556,7 @@ class TestHttpEndToEnd(unittest.TestCase):
self.port = s.getsockname()[1] self.port = s.getsockname()[1]
s.close() s.close()
self.server = MCPServer(("127.0.0.1", self.port), MCPHandler) self.server = MCPServer(("127.0.0.1", self.port), MCPHandler)
self.server.config = ServerConfig(bottle_slug="dev", queue_dir=self.queue_dir) self.server.config = ServerConfig(bottle_slug="dev")
self.thread = threading.Thread( self.thread = threading.Thread(
target=self.server.serve_forever, daemon=True, target=self.server.serve_forever, daemon=True,
) )