test: fix cli selector typing

Three UX improvements requested in #270 review:

- filter_multiselect: Space toggles selection, Enter confirms (was both)
- bottle picker: bottles with extends chains show ancestry labels
  (e.g. 'claude-dev <- bot-bottle-dev <- dev') for at-a-glance lineage
- preflight: replaces key-value summary with YAML of the resolved manifest

.coveragerc

@@ -1,9 +0,0 @@
-[run]
-branch = True
-source = .
-
-[report]
-omit =
-    bot_bottle/egress_addon.py
-    bot_bottle/cli/tui.py
-    tests/*

.gitea/workflows/test.yml

@@ -39,14 +39,8 @@ jobs:
         with:
           python-version: "3.12"
 
-      - name: Install dev requirements
-        run: python3 -m pip install -r requirements-dev.txt
-
       - name: Run unit tests
-        run: python3 -m coverage run -m unittest discover -t . -s tests/unit -v
-
-      - name: Report unit coverage
-        run: python3 -m coverage report -m
+        run: python3 -m unittest discover -t . -s tests/unit -v
 
   integration:
     runs-on: ubuntu-latest

.gitea/workflows/update-badges.yml

@@ -8,7 +8,6 @@ on:
       - '**.py'
       - '.pylintrc'
       - 'pyrightconfig.json'
-      - '.coveragerc'
   workflow_dispatch:
 
 jobs:
@@ -46,19 +45,10 @@ jobs:
           echo "errors=$ERRORS" >> $GITHUB_OUTPUT
           echo "Pyright errors: $ERRORS"
 
-      - name: Run coverage and extract percentage
-        id: coverage
-        run: |
-          python -m coverage run -m unittest discover -t . -s tests/unit > /dev/null 2>&1 || true
-          PERCENT=$(python -m coverage report 2>/dev/null | grep '^TOTAL' | grep -oP '\d+(?=%)' | tail -1)
-          echo "percent=$PERCENT" >> $GITHUB_OUTPUT
-          echo "Coverage: $PERCENT%"
-
       - name: Update badges in README
         run: |
           PYLINT_SCORE="${{ steps.pylint.outputs.score }}"
           PYRIGHT_ERRORS="${{ steps.pyright.outputs.errors }}"
-          COVERAGE_PERCENT="${{ steps.coverage.outputs.percent }}"
 
           PYLINT_SCORE_ENCODED=$(echo "$PYLINT_SCORE" | sed 's|/|%2F|g')
 
@@ -68,12 +58,9 @@ jobs:
           if [ -n "$PYRIGHT_ERRORS" ]; then
             sed -i "s|/badge/pyright-[^)]*|/badge/pyright-${PYRIGHT_ERRORS}%20errors-brightgreen|" README.md
           fi
-          if [ -n "$COVERAGE_PERCENT" ]; then
-            sed -i "s|/badge/coverage-[^)]*|/badge/coverage-${COVERAGE_PERCENT}%25-brightgreen|" README.md
-          fi
 
           echo "Updated badges:"
-          grep -E "pylint|pyright|coverage" README.md | head -3
+          grep -E "pylint|pyright" README.md | head -2
 
       - name: Commit and push badge updates
         run: |
@@ -86,7 +73,7 @@ jobs:
           else
             echo "Badge changes detected, committing..."
             git add README.md
-            MSG="chore: update quality badges"$'\n\n'"- Pylint: ${{ steps.pylint.outputs.score }}"$'\n'"- Pyright: ${{ steps.pyright.outputs.errors }} errors"$'\n'"- Coverage: ${{ steps.coverage.outputs.percent }}%"$'\n\n'"[skip ci]"
+            MSG="chore: update quality badges"$'\n\n'"- Pylint: ${{ steps.pylint.outputs.score }}"$'\n'"- Pyright: ${{ steps.pyright.outputs.errors }} errors"$'\n\n'"[skip ci]"
             git commit -m "$MSG"
             git push
           fi

.gitignore

@@ -22,4 +22,3 @@ venv/
 .pytest_cache/
 .mypy_cache/
 .ruff_cache/
-.coverage

README.md

@@ -6,8 +6,7 @@
 
 [![test](https://gitea.dideric.is/didericis/bot-bottle/actions/workflows/test.yml/badge.svg?branch=main)](https://gitea.dideric.is/didericis/bot-bottle/actions?workflow=test.yml)
 [![pylint](https://img.shields.io/badge/pylint-9.93%2F10-brightgreen)](https://github.com/PyCQA/pylint)
-[![pyright](https://img.shields.io/badge/pyright-0%20errors-brightgreen)](https://github.com/microsoft/pyright)
-[![coverage](https://img.shields.io/badge/coverage-79%25-brightgreen)](https://coverage.readthedocs.io/)
+[![pyright](https://img.shields.io/badge/pyright-1%20errors-brightgreen)](https://github.com/microsoft/pyright)
 
 **Problem:** Developer wants to run a coding agent without supervision, but they don't want a prompt injected or misbehaving agent wrecking their environment or exfiltrating sensitive data.
 

bot_bottle/cli/start.py

@@ -274,7 +274,7 @@ def _bottle_lineage(manifest: ManifestIndex) -> dict[str, str]:
     """Return {bottle_name: lineage_label} for bottles that have an extends chain.
 
     Bottles without a parent are omitted (the caller falls back to the bare name).
-    Labels show the chain root-first: e.g. 'dev -> bot-bottle-dev -> claude-dev'."""
+    Labels show the chain root-first: e.g. 'claude-dev <- bot-bottle-dev <- dev'."""
     if manifest.home_md is None:
         return {}
     bottles_dir = manifest.home_md / "bottles"
@@ -305,7 +305,7 @@ def _bottle_lineage(manifest: ManifestIndex) -> dict[str, str]:
             chain.append(par)
             seen.add(par)
             cur = par
-        labels[name] = " -> ".join(reversed(chain))
+        labels[name] = " <- ".join(reversed(chain))
 
     return labels
 

bot_bottle/cli/supervise.py

@@ -319,7 +319,7 @@ def _list_once() -> int:
     return 0
 
 
-def _try_init_green() -> int:  # pragma: no cover
+def _try_init_green() -> int:
     """Initialise a green color pair and return its attr, or 0."""
     try:
         curses.start_color()
@@ -330,7 +330,7 @@ def _try_init_green() -> int:  # pragma: no cover
         return 0
 
 
-def _main_loop(stdscr: "curses._CursesWindow") -> None:  # type: ignore  # pragma: no cover
+def _main_loop(stdscr: "curses._CursesWindow") -> None:  # type: ignore
     curses.curs_set(0)
     stdscr.timeout(_REFRESH_INTERVAL_MS)
     green_attr = _try_init_green()
@@ -420,7 +420,7 @@ def _render(
     status_line: str,
     *,
     green_attr: int = 0,  # noqa: F841 — unused, but required by interface
-) -> None:  # pragma: no cover
+) -> None:
     stdscr.erase()
     h, w = stdscr.getmaxyx()
     header = f"bot-bottle supervise  ({len(pending)} pending)"
@@ -471,7 +471,7 @@ def _detail_view(
     qp: QueuedProposal,
     *,
     green_attr: int = 0,
-) -> None:  # pragma: no cover
+) -> None:
     """Render the full proposal. Scrollable. Press q to return."""
     lines = _detail_lines(qp, green_attr=green_attr)
     offset = 0
@@ -523,7 +523,7 @@ def _detail_view(
             return
 
 
-def _modify(stdscr: "curses._CursesWindow", qp: QueuedProposal) -> str | None:  # type: ignore  # pragma: no cover
+def _modify(stdscr: "curses._CursesWindow", qp: QueuedProposal) -> str | None:  # type: ignore
     """Suspend curses, open $EDITOR on the proposed file, return edited content."""
     suffix = _suffix_for_tool(qp.proposal.tool)
     curses.endwin()
@@ -534,7 +534,7 @@ def _modify(stdscr: "curses._CursesWindow", qp: QueuedProposal) -> str | None:
     return edited
 
 
-def _prompt(stdscr: "curses._CursesWindow", label: str) -> str:  # type: ignore  # pragma: no cover
+def _prompt(stdscr: "curses._CursesWindow", label: str) -> str:  # type: ignore
     """One-line input at the bottom of the screen."""
     curses.curs_set(1)
     h, _ = stdscr.getmaxyx()

docs/prds/prd-new-egress-control-plane.md

@@ -1,247 +0,0 @@
-# PRD prd-new: Egress control plane — metering, budgets, and forced cutoff
-
-- **Status:** Draft
-- **Author:** didericis
-- **Created:** 2026-06-25
-- **Issue:** #251
-
-## Summary
-
-Add an **out-of-band egress enforcement & observability plane**: meter every
-agent's token usage at the egress proxy, decrement budgets without the agent's
-cooperation, and forcibly cut a bottle's egress when a budget is exhausted —
-either automatically or on command from a host-level dashboard. The trigger
-(usage threshold) and the action (route-drop / freeze / kill) both live in the
-egress plane and run with no agent in the loop. This is distinct from the
-supervise sidecar (PRD 0013), which is agent-initiated and therefore cannot
-enforce a cost cutoff on a runaway agent. State (usage ledger, budgets, audit)
-moves into a host-level SQLite database behind a thin repository API, the first
-SQL store in an otherwise flat-file repo.
-
-## Problem
-
-bot-bottle can't currently do two things the cost-overrun case demands:
-
-1. **Forced egress shutdown on limit.** When an agent crosses a token
-   threshold, kill its egress automatically — no human in the loop.
-2. **Remote (host-level) management.** Drive agents from a single surface:
-   see usage, cut egress, stop bottles, to prevent cost overruns.
-
-The existing supervise sidecar (PRD 0013) is **entirely agent-initiated**: every
-action begins with the agent voluntarily calling an MCP tool and an operator
-approving it. A runaway or expensive agent — exactly the cost-overrun case —
-will never call `egress-block` on itself. Supervision is therefore a
-**collaborative recovery** mechanism, not an **enforcement** mechanism; making
-it mandatory (#249) would not deliver forced cost-cutoff.
-
-The requirement forces a distinction the current design blurs:
-
-- **Plane A — enforcement / observability (this PRD).** System → infrastructure.
-  Meter usage, cut egress on threshold or command, account for cost.
-  Out-of-band; independent of the agent. **Unconditional** — an enforcement
-  plane you can opt out of isn't enforcement.
-- **Plane B — agent-facing recovery (the existing supervise sidecar).**
-  Agent → operator, approval-gated. Useful interactively; meaningless for a
-  headless agent with no operator watching its queue. Remains optional.
-
-This PRD builds Plane A. It reframes the "always-on control" invariant of #249
-as "the egress control plane is always present" — a more defensible property
-than "every agent runs the agent-facing supervisor." Unsupervised
-(headless/CI/ephemeral) agents stay first-class: still subject to the mandatory
-meter + kill switch, they simply lack the agent-facing proposal tools they
-couldn't use anyway.
-
-## Goals / Success Criteria
-
-- The egress proxy meters every request to a metered API host (e.g.
-  `api.anthropic.com`) and records authoritative token usage per bottle and per
-  agent provider, with no agent cooperation.
-- A budget can be set at four scopes with deterministic precedence
-  (**agent → bottle → parent bottle → global host budget**); the
-  most-specific applicable budget governs.
-- When usage crosses a budget, the bottle's configured **cutoff policy**
-  (`cutoff` | `freeze` | `kill`) fires automatically, executed host-side on the
-  egress plane — never via the supervise queue.
-- An operator can, from a single **host-level TUI dashboard**, see live per-bottle
-  usage against budget and command a cutoff/stop on demand.
-- Host budgets, default cutoff policy, and per-provider limits are declared in a
-  new host-level `~/.bot-bottle/settings.yml`, parseable by `yaml_subset.py`.
-- All usage, budget state, and enforcement actions persist in a host-level
-  SQLite DB behind a thin repository API, so the store can later be swapped for
-  a cross-host cloud service.
-
-## Non-goals
-
-- **Remote control / cross-host control plane.** Web + mobile remote control,
-  cross-host budgets, and the authn/transport they require are explicitly
-  deferred. v1 is a **host-only TUI** with no remote surface.
-- **Dollar-denominated budgets.** Budgets are token counts keyed by agent
-  provider, not currency. Price tables are out of scope.
-- **Migrating existing flat-file state into SQLite.** Resume `metadata.json`,
-  transcripts, Dockerfile overrides, the supervise queue, and audit logs stay on
-  the filesystem. Only the *new* metering/budget/enforcement ledger is SQL.
-- **Making the supervise sidecar (Plane B) mandatory.** Out of scope here; this
-  PRD is the answer to "what should be unconditional" (Plane A), leaving #249's
-  Plane-B question open.
-- **Per-request hard pre-send blocking as the primary mechanism.** The gate is
-  budget-crossing detected at/after metering; a pre-flight estimator (below) is a
-  refinement, not the core enforcement path.
-
-## Design
-
-### Two measurements: gate vs. account
-
-There are two distinct needs, and they want different signals:
-
-- **Account (authoritative).** Decrement the real budget from the API
-  **response**, which already carries authoritative usage (Anthropic
-  `input_tokens` / `output_tokens`, OpenAI `usage`). The egress addon already
-  has a `response(flow)` hook (`bot_bottle/egress_addon.py:460`), so the real
-  number is available with no extra network call. **Caveat:** agent traffic is
-  mostly streaming SSE, so the response path must tail the stream for the final
-  usage event rather than parse a single JSON body — scoped explicitly as work.
-- **Gate (estimate).** To block *before* sending, only the request is available,
-  so an estimator / provider `count_tokens` endpoint is the only option.
-
-Calling `count_tokens` for accounting would be both less accurate *and* an extra
-metered egress call per request, so accounting uses response `usage` and the
-estimator is reserved for the optional pre-flight gate.
-
-### `count_tokens` on agent providers
-
-Add an abstract `count_tokens(request) -> int` to the `AgentProvider`
-abstraction (`bot_bottle/agent_provider.py`):
-
-- **Default** is a good-enough stdlib estimator. Prefer stdlib only; a small
-  pip dependency *for the sidecar* is acceptable for the fallback if stdlib
-  proves too inaccurate (this does not relax the package's stdlib-first stance —
-  it would be a sidecar-only dep, like the bundle already carries).
-- **Built-in `claude`** uses Anthropic's token-counting endpoint;
-  **built-in `codex`** uses OpenAI's. These are exact for the gate but cost a
-  metered call, so they are gate-only; accounting still comes from the response.
-
-### Budgets and precedence
-
-Budgets are token counts keyed by **agent provider name** (the same names
-bottles already use). Four scopes, most-specific wins:
-
-```
-agent  →  bottle  →  parent bottle  →  global (host)
-```
-
-The global host budget is the highest-priority feature to ship (the cross-host
-control plane will eventually consume it); per-agent and per-bottle budgets
-override it for finer control. A budget can also be supplied **at bottle
-launch** (`--budget` or equivalent), overriding the settings.yml defaults for
-that run. Enforcement evaluates the effective budget as the
-nearest-defined scope at decrement time.
-
-### `~/.bot-bottle/settings.yml`
-
-New **host-level** settings file (the `~/.bot-bottle/` root, *not* the per-repo
-`.bot-bottle/` — host budgets must not be committed per-repo). Parsed by
-`yaml_subset.py`, so it must stay within that bounded subset (flat mappings,
-scalars; no anchors, no multi-line block scalars). Shape:
-
-```yaml
-budget:
-  claude: 5000000      # token budget keyed by agent provider
-  codex: 2000000
-shutdown: cutoff       # default cutoff policy: cutoff | freeze | kill
-```
-
-### Forced cutoff and cutoff policy
-
-On budget exhaustion (or an operator command), the configured per-bottle cutoff
-policy fires. The three policies map onto primitives that already exist:
-
-- **`cutoff`** (default) — drop the bottle's `routes.yaml` to empty and reload
-  (or isolate the bottle from the egress network); the agent/bottle keeps
-  running but can no longer reach metered hosts. This is the route-drop already
-  available on the egress plane (`bot_bottle/backend/egress_apply.py`).
-- **`freeze`** — commit/snapshot state, then kill the agent/bottle; resumable
-  later via `bot_bottle/backend/freeze.py`.
-- **`kill`** — tear the bottle down without saving state (backend teardown).
-
-The trigger lives in the metering path and the action in the egress/backend
-plane; **neither touches the supervise proposal queue** (design constraint from
-#251).
-
-### Host-level SQLite store
-
-**Decision: introduce SQLite now, narrowly.**
-
-- **The dependency objection doesn't apply.** `sqlite3` is in the Python stdlib,
-  so it does not break the AGENTS.md stdlib-first / no-runtime-pip stance — same
-  category as the hand-rolled `yaml_subset.py`, except the stdlib already ships
-  the whole engine.
-- **It fits the problem.** A *global* token budget decremented concurrently by N
-  egress sidecars (today `~/.bot-bottle/` already has `state/`, `audit/`,
-  `queue/` written by parallel bottles) is a read-modify-write race. Over JSON
-  that means hand-rolled file locking; SQLite gives atomic transactions + WAL for
-  free. The per-agent/per-bottle precedence rollup plus "sum across all bottles"
-  is a `GROUP BY`, not an N-directory rescan.
-- **It rehearses the cloud swap.** "Wrap operations in an API so we can swap to a
-  cloud service" maps directly onto a thin repository/DAO over SQLite → Postgres
-  later. A JSON-file store is a worse rehearsal than SQL.
-
-**Costs (real but bounded):** a new paradigm in a flat-file repo needs a
-`schema_version` table + idempotent startup migrations; SQLite serializes
-writers, so WAL mode + `busy_timeout` are required (a non-issue at a handful of
-bottles); test fixtures need temp DBs.
-
-**Scope of the store:** one DB at `~/.bot-bottle/bot-bottle.db` behind a thin
-repository API. Only the **new** metering/budget/enforcement-audit ledger lives
-there. Existing per-bottle blobs (resume `metadata.json`, transcripts,
-Dockerfile overrides, supervise queue) stay on the filesystem — migrating them
-now is churn for no benefit and they lack the concurrency/aggregation problem.
-
-### Host-level controller + dashboard
-
-A single **host-level controller** owns the meter, budget evaluation, and the
-cutoff actions across all bottles (cf. `bot_bottle/cli/supervise.py`'s
-cross-bottle view), rather than a per-bottle daemon. v1 ships one host-level
-**TUI dashboard** that reads live usage-vs-budget from the SQLite store and
-offers on-demand cutoff/stop. The existing supervisor UI should eventually fold
-into this same dashboard; this PRD lays the host-level surface it will move to.
-
-## Implementation chunks
-
-Ordered, individually mergeable:
-
-1. **SQLite repository foundation.** `~/.bot-bottle/bot-bottle.db`, schema +
-   `schema_version` migrations, WAL + `busy_timeout`, thin repository API,
-   temp-DB test fixtures. No behavior wired yet.
-2. **Metering at the egress proxy.** Parse authoritative response `usage`
-   (including SSE final-usage tailing) in the egress addon `response` hook;
-   write per-bottle / per-provider usage rows to the ledger.
-3. **`settings.yml` + budget model.** Host-level `~/.bot-bottle/settings.yml`
-   parsed by `yaml_subset.py`; budget precedence (agent → bottle → parent →
-   global) and the `--budget` launch flag.
-4. **Forced cutoff + cutoff policy.** Wire the threshold trigger to the
-   `cutoff` / `freeze` / `kill` primitives on the egress/backend plane; record
-   enforcement actions to the audit ledger.
-5. **Host-level TUI dashboard.** Live usage-vs-budget view + on-demand
-   cutoff/stop, reading the store.
-6. **`count_tokens` pre-flight gate (optional refinement).** Abstract method +
-   stdlib estimator default; Anthropic/OpenAI endpoints for built-in
-   claude/codex; optional pre-send block.
-
-## Open questions
-
-- **SSE usage tailing robustness.** Buffering streamed responses to extract the
-  final usage event without breaking the agent's own stream consumption — how
-  much of the body must the addon hold, and what's the failure mode if the
-  stream is interrupted mid-flight?
-- **Crossing mid-request.** A single response can push usage past budget only
-  *after* it's already been delivered. Is post-hoc cutoff (next request blocked)
-  sufficient, or is a pre-flight estimator gate (chunk 6) required for v1?
-- **Provider name ↔ metered host mapping.** How does the proxy attribute a
-  flow to an agent-provider budget key — by destination host, by bottle
-  identity, or both?
-- **Parent-bottle budget semantics.** For `bottle extends` (PRD 0025 / 0065)
-  chains, does "parent bottle" mean the manifest parent, the launching bottle,
-  or the full ancestry summed?
-- **Dashboard ↔ controller transport (even host-only).** In-process, a local
-  socket, or polling the SQLite store directly? Picks the seam the future remote
-  control plane will extend.

docs/prds/prd-new-separate-agent-bottle-selection.md

@@ -1,4 +1,4 @@
-# PRD 0066: Separate agent and bottle selection
+# PRD prd-new: Separate agent and bottle selection
 
 - **Status:** Active
 - **Author:** claude

requirements-dev.txt

@@ -4,4 +4,3 @@
 
 pylint>=3.0.0
 pyright>=1.1.300
-coverage>=7.0.0

tests/integration/test_sandbox_escape.py

@@ -92,9 +92,9 @@ class TestSandboxEscape(unittest.TestCase):
                     "on PATH: curl -sSL https://smolmachines.com/install.sh | sh"
                 )
 
-        # Throwaway static key for the git-gate fixture. It need not
-        # be a real SSH key: test 5 reaches gitleaks before any SSH
-        # attempt anyway.
+        # Throwaway "identity file" for the git-gate's `identity` field.
+        # It need not be a real SSH key: test 5 reaches gitleaks before
+        # any SSH attempt anyway.
         fd, kp = tempfile.mkstemp(prefix="sandbox-test-key.")
         os.close(fd)
         cls._key_path = Path(kp)
@@ -123,10 +123,7 @@ class TestSandboxEscape(unittest.TestCase):
                     "git-gate": {"repos": {
                         "throwaway": {
                             "url": "ssh://git@unreachable.invalid:22/throwaway.git",
-                            "key": {
-                                "provider": "static",
-                                "path": str(cls._key_path),
-                            },
+                            "identity": str(cls._key_path),
                         },
                     }},
                 },

tests/integration/test_smolmachines_launch.py

@@ -198,7 +198,6 @@ class TestSmolmachinesLaunch(unittest.TestCase):
         # connect fails, which is the property chunk 3 will
         # preserve once egress is actually running.
         r = self.bottle.exec(
-            "env -u HTTPS_PROXY -u HTTP_PROXY -u https_proxy -u http_proxy "
             f"curl -s --show-error --max-time 3 http://{self.plan.bundle_ip}:9099 "
             "2>&1 || true"
         )

tests/unit/test_cli_start_selector.py

@@ -280,8 +280,8 @@ class TestBottleLineage(unittest.TestCase):
             result = start_mod._bottle_lineage(manifest)
 
         self.assertNotIn("base", result)          # no parent → not in map
-        self.assertEqual("base -> mid", result["mid"])
-        self.assertEqual("base -> mid -> leaf", result["leaf"])
+        self.assertEqual("base <- mid", result["mid"])
+        self.assertEqual("base <- mid <- leaf", result["leaf"])
 
     def test_cycle_protection(self):
         import tempfile
@@ -301,7 +301,7 @@ class TestBottleLineage(unittest.TestCase):
         # Cycle must not hang; each should get a two-element chain.
         for name in ("a", "b"):
             self.assertIn(name, result)
-            self.assertIn("->", result[name])
+            self.assertIn("<-", result[name])
 
 
 class TestManifestToYaml(unittest.TestCase):

tests/unit/test_git_gate.py

@@ -4,7 +4,6 @@ import os
 import tempfile
 import unittest
 from pathlib import Path
-from unittest.mock import patch
 
 from bot_bottle.git_gate import (
     GitGate,
@@ -14,8 +13,6 @@ from bot_bottle.git_gate import (
     git_gate_render_access_hook,
     git_gate_render_entrypoint,
     git_gate_render_hook,
-    revoke_git_gate_provisioned_keys,
-    _resolve_identity_file,
     git_gate_upstreams_for_bottle,
 )
 from bot_bottle.manifest import ManifestIndex
@@ -331,68 +328,6 @@ class TestPrepare(unittest.TestCase):
         self.assertIn("exec git daemon", content)
 
 
-class TestDynamicKeyProvisioning(unittest.TestCase):
-    def setUp(self):
-        self.stage = Path(tempfile.mkdtemp())
-
-    def tearDown(self):
-        import shutil
-
-        shutil.rmtree(self.stage, ignore_errors=True)
-
-    def _gitea_manifest(self):
-        return ManifestIndex.from_json_obj({
-            "bottles": {
-                "dev": {
-                    "git-gate": {
-                        "repos": {
-                            "repo": {
-                                "url": "ssh://git@gitea.example.com/org/repo.git",
-                                "key": {
-                                    "provider": "gitea",
-                                    "forge_token_env": "GITEA_TOKEN",
-                                },
-                                "host_key": "ssh-ed25519 AAAA...",
-                            },
-                        },
-                    }
-                }
-            },
-            "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
-        })
-
-    def test_resolve_identity_file_static_uses_entry_path(self):
-        entry = fixture_with_git().bottles["dev"].git[0]
-        self.assertEqual(entry.IdentityFile, _resolve_identity_file(entry, "demo", self.stage))
-
-    def test_resolve_identity_file_gitea_provisions_key(self):
-        entry = self._gitea_manifest().bottles["dev"].git[0]
-        with patch("bot_bottle.git_gate._provision_dynamic_key", return_value="/tmp/provisioned-key") as mock_provision:
-            self.assertEqual("/tmp/provisioned-key", _resolve_identity_file(entry, "demo", self.stage))
-        mock_provision.assert_called_once()
-
-    def test_revoke_skips_non_gitea_and_missing_id_file(self):
-        revoke_git_gate_provisioned_keys(fixture_with_git().bottles["dev"], self.stage)
-
-    def test_revoke_calls_delete_for_gitea_entry(self):
-        bottle = self._gitea_manifest().bottles["dev"]
-        (self.stage / "repo-deploy-key-id").write_text("123\n")
-        with patch.dict("os.environ", {"GITEA_TOKEN": "token"}), patch(
-            "bot_bottle.deploy_key_provisioner.get_provisioner"
-        ) as mock_get_provisioner:
-            provisioner = mock_get_provisioner.return_value
-            revoke_git_gate_provisioned_keys(bottle, self.stage)
-        mock_get_provisioner.assert_called_once()
-        provisioner.delete.assert_called_once_with("org/repo", "123")
-
-    def test_revoke_missing_token_raises(self):
-        bottle = self._gitea_manifest().bottles["dev"]
-        (self.stage / "repo-deploy-key-id").write_text("123\n")
-        with patch.dict("os.environ", {}, clear=True), self.assertRaises(RuntimeError) as cm:
-            revoke_git_gate_provisioned_keys(bottle, self.stage)
-        self.assertIn("env var is not set", str(cm.exception))
-
-
 class TestShellEscaping(unittest.TestCase):
     """Regression tests: all three render functions must produce syntactically
     valid sh code even when names and upstream URLs contain shell-special

tests/unit/test_supervise_server.py

@@ -364,23 +364,6 @@ class TestHandleToolsCall(unittest.TestCase):
                 self.config,
             )
 
-    def test_missing_name_raises(self):
-        with self.assertRaises(_RpcError) as cm:
-            handle_tools_call({"arguments": {}}, self.config)
-        self.assertEqual(ERR_INVALID_PARAMS, cm.exception.code)
-
-    def test_arguments_must_be_object(self):
-        with self.assertRaises(_RpcError) as cm:
-            handle_tools_call(
-                {
-                    "name": _sv.TOOL_EGRESS_ALLOW,
-                    "arguments": [],
-                },
-                self.config,
-            )
-        self.assertEqual(ERR_INVALID_PARAMS, cm.exception.code)
-        self.assertIn("must be an object", cm.exception.message)
-
     def test_capability_block_call_raises_unknown_tool(self):
         with self.assertRaises(_RpcError) as cm:
             handle_tools_call(
@@ -443,31 +426,6 @@ class TestHandleToolsCall(unittest.TestCase):
 
 
 class TestHandleListEgressRoutes(unittest.TestCase):
-    def test_success_returns_body_text(self):
-        class _Resp:
-            def __enter__(self):
-                return self
-
-            def __exit__(self, exc_type: type[BaseException] | None, exc: BaseException | None, tb: object) -> bool:
-                return False
-
-            def read(self):
-                return b"[{\"host\": \"example.com\"}]"
-
-        class _Opener:
-            def open(self, *args, **kwargs):  # noqa: ANN001, ANN002, ANN003  # type: ignore
-                return _Resp()
-
-        with patch.object(supervise_server.urllib.request, "build_opener", return_value=_Opener()):
-            result = handle_list_egress_routes(
-                {},
-                ServerConfig(bottle_slug="dev", queue_dir=Path("/unused")),
-            )
-
-        self.assertFalse(result["isError"])  # type: ignore[index]
-        text = result["content"][0]["text"]  # type: ignore[index]
-        self.assertIn("example.com", text)
-
     def test_url_error_returns_tool_error(self):
         class _Opener:
             def open(self, *args, **kwargs):  # noqa: ANN001, ANN002, ANN003  # type: ignore
@@ -527,13 +485,6 @@ class TestFormatResponseText(unittest.TestCase):
         self.assertIn("the operator modified", text.lower())
 
 
-class TestFormatPendingResponseText(unittest.TestCase):
-    def test_formats_timeout_message(self):
-        text = supervise_server.format_pending_response_text(12.5)
-        self.assertIn("status: pending", text)
-        self.assertIn("12.5s", text)
-
-
 # --- End-to-end HTTP sanity ------------------------------------------------