didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 27b2d78b11 fix(cred_proxy): close git-push bypass + route through pipelock (PRD 0010) didericis 2026-05-13 21:09:33 -04:00
  • c8ab90d01d fix(manifest): allow token + git on the same host (PRD 0010) didericis 2026-05-13 16:38:36 -04:00
  • 431e7481ef docs: README + example.json for cred-proxy (PRD 0010) didericis 2026-05-13 16:32:46 -04:00
  • 07da4366ad test(cred_proxy): integration tests for header inject + strip (PRD 0010) didericis 2026-05-13 16:29:10 -04:00
  • 051896ba4c feat(pipelock): auto-allowlist cred-proxy upstream hosts (PRD 0010) didericis 2026-05-13 16:22:44 -04:00
  • 8334f51268 feat(cred_proxy): wire DockerCredProxy through backend (PRD 0010) didericis 2026-05-13 16:20:42 -04:00
  • b3529b27a5 feat(cred_proxy): add agent-side provisioner (PRD 0010) didericis 2026-05-13 16:11:04 -04:00
  • 61e334c1b8 feat(cred_proxy): add DockerCredProxy concrete lifecycle (PRD 0010) didericis 2026-05-13 16:07:52 -04:00
  • 3436d8a68a feat(cred_proxy): add HTTP server + sidecar image (PRD 0010) didericis 2026-05-13 16:05:56 -04:00
  • 3165fbeafe feat(cred_proxy): add abstract CredProxy + plan (PRD 0010) didericis 2026-05-13 16:01:18 -04:00
  • 930997d0a7 feat(manifest): add bottle.tokens with TokenEntry (PRD 0010) didericis 2026-05-13 15:59:00 -04:00
  • 9fa9717135 docs: switch cred-proxy to sidecar shape didericis 2026-05-13 00:40:16 -04:00
  • 3747927b9e docs: align cred-proxy architecture diagram didericis 2026-05-13 00:23:09 -04:00
  • 1411719973 docs: add PRD 0010 for credential proxy didericis 2026-05-13 00:18:55 -04:00
  • 3f4708f970 docs(demo): add end-to-end demo with recorded GIF didericis 2026-05-13 15:33:28 -04:00
  • 3d9103d5b5 Merge pull request 'PRD 0009: Remove ssh-gate and bottle.ssh' (#13) from deprecate-ssh-gate into main didericis 2026-05-13 00:00:59 -04:00
  • 30d92bef48 docs: drop ssh from README/example, supersede PRD 0007 (PRD 0009) didericis 2026-05-12 23:57:50 -04:00
  • 249e8cc15e test: drop ssh-gate suites and shadow-route assertions (PRD 0009) didericis 2026-05-12 23:54:22 -04:00
  • 3d66ad2a86 feat(ssh-gate)!: remove ssh-gate sidecar and provisioner (PRD 0009) didericis 2026-05-12 23:49:58 -04:00
  • c403d137b6 feat(manifest)!: remove SshEntry and bottle.ssh (PRD 0009) didericis 2026-05-12 23:41:09 -04:00
  • efcafae810 docs(prds): add PRD 0009 to remove ssh-gate and bottle.ssh didericis 2026-05-12 23:34:11 -04:00
  • 00649d27e9 docs(research): add credential-proxy landscape and DLP-minimization framing didericis 2026-05-12 23:25:12 -04:00
  • 86637453c4 Merge pull request 'git-gate: ExtraHosts on bottle.git entries' (#12) from git-gate-extra-hosts into main didericis 2026-05-12 23:22:26 -04:00
  • 9b7bcc0149 docs(git-gate): document ExtraHosts on bottle.git entries didericis 2026-05-12 23:07:32 -04:00
  • 102e29ee77 feat(git-gate): plumb ExtraHosts through to docker --add-host didericis 2026-05-12 23:06:08 -04:00
  • 4c6610e222 feat(manifest): add ExtraHosts to bottle.git entries didericis 2026-05-12 23:05:58 -04:00
  • a37441961d Merge pull request 'PRD 0008: Git gate' (#11) from git-gate into main didericis 2026-05-12 23:16:45 -04:00
  • 76a56c0700 docs(readme): git-gate is now a bidirectional mirror didericis 2026-05-12 22:36:16 -04:00
  • f9d9e9cf33 test(git-gate): bidirectional mirror round-trip didericis 2026-05-12 22:34:38 -04:00
  • 824527497c feat(git-gate): rewrite both fetch and push via insteadOf didericis 2026-05-12 21:38:44 -04:00
  • fdd06c54d2 feat(git-gate): mirror fetch through access-hook (bidirectional) didericis 2026-05-12 21:37:04 -04:00
  • ae7e22065f docs(prds): expand PRD 0008 to bidirectional mirror scope didericis 2026-05-12 21:26:19 -04:00
  • bea433015f docs(readme): add git-gate to architecture diagram didericis 2026-05-12 21:19:20 -04:00
  • 89981f9048 test(git-gate): integration smoke + secret-blocking push didericis 2026-05-12 21:17:42 -04:00
  • f787edb861 feat(git-gate): wire DockerGitGate through prepare/launch/plan didericis 2026-05-12 21:06:08 -04:00
  • 509b1b61e2 feat(git-gate): provision ~/.gitconfig pushInsteadOf in the bottle didericis 2026-05-12 21:01:00 -04:00
  • 2d955a5512 feat(git-gate): add DockerGitGate sidecar lifecycle + image didericis 2026-05-12 20:58:51 -04:00
  • 2fb90f2087 feat(git-gate): add platform-agnostic GitGate abstraction didericis 2026-05-12 20:54:38 -04:00
  • 5c5e9f817e feat(manifest): add bottle.git field for git-gate upstreams didericis 2026-05-12 18:48:14 -04:00
  • c91395425c docs(prds): add PRD 0008 git gate didericis 2026-05-12 18:24:33 -04:00
  • 4790f8bcc1 docs(readme): add architecture diagram for agent/pipelock/ssh-gate didericis 2026-05-12 18:01:43 -04:00
  • 4f0cd0f782 fix(pipelock): passthrough api.anthropic.com so Claude auth/chat works didericis 2026-05-12 17:55:05 -04:00
  • 96d2c7b7a1 docs(research): add note on git secret-scanning as defense-in-depth didericis 2026-05-12 16:24:06 -04:00
  • 9827b86063 Merge pull request 'PRD 0007: SSH egress gate' (#10) from ssh-egress-gate into main didericis 2026-05-12 16:21:11 -04:00
  • a3d77cd015 fix(ssh-gate): listen on the upstream port so URL-supplied ports work didericis 2026-05-12 16:19:07 -04:00
  • a7633977de test(ssh-gate): assert SSHGate.stop is no-op on missing sidecar didericis 2026-05-12 16:09:53 -04:00
  • 6130ea385f refactor(pipelock): drop bottle.ssh carve-outs didericis 2026-05-12 16:08:26 -04:00
  • ce948db0b7 feat(ssh-gate): retarget ssh provisioner at the new gate didericis 2026-05-12 16:05:22 -04:00
  • 2533f8a00b feat(ssh-gate): wire gate into DockerBottlePlan, prepare, launch didericis 2026-05-12 16:03:55 -04:00
  • c05d1ddcdb feat(ssh-gate): add DockerSSHGate sidecar lifecycle didericis 2026-05-12 15:57:56 -04:00
  • f7fb691626 feat(ssh-gate): add abstract SSHGate + plan dataclass didericis 2026-05-12 15:56:52 -04:00
  • b2927b1483 docs(prd): note gate image must be self-sufficient at boot on 0007 didericis 2026-05-12 15:50:34 -04:00
  • cb0f0f133d docs(prd): resolve gate-DNS open question on 0007 didericis 2026-05-12 15:48:55 -04:00
  • 02a0fe679d docs(prd): 0007 SSH egress gate didericis 2026-05-12 15:41:26 -04:00
  • 6eb898ffca chore(git): ignore .claude/ local state didericis 2026-05-12 15:13:43 -04:00
  • 235e9ff4ea Merge pull request 'PRD 0006: pipelock native TLS interception' (#9) from pipelock-tls-interception into main didericis 2026-05-12 15:03:23 -04:00
  • d3115ae5fd test(pipelock): HTTPS integration tests for the bumped path didericis 2026-05-12 15:01:17 -04:00
  • fb10c8dd8a feat(bottle-plan): render TLS interception in the dry-run preflight didericis 2026-05-12 14:52:53 -04:00
  • 86a9b499bc feat(provision): install pipelock CA into the agent + add curl didericis 2026-05-12 14:50:20 -04:00
  • 3755e66abe feat(pipelock): enable tls_interception with per-bottle ephemeral CA didericis 2026-05-12 14:45:36 -04:00
  • f44e884d8a docs(prd): fold 0006 walkthrough resolutions into the design didericis 2026-05-12 14:22:59 -04:00
  • 6716f091c1 docs(prd): add 0006, enable pipelock's native TLS interception didericis 2026-05-12 14:15:44 -04:00
  • e45cd2fb07 test(dry-run): skip docker-state guard under act_runner didericis 2026-05-12 11:50:48 -04:00
  • 8e261563dc docs(research): TLS interception topologies for pipelock content scanning didericis 2026-05-12 11:41:34 -04:00
  • 427ef96e3f feat(pipelock): enforce DLP body-scan hits by default didericis 2026-05-12 11:39:25 -04:00
  • 4864516b33 feat(bottle): add exec method to the bottle abstraction didericis 2026-05-12 11:18:43 -04:00
  • 5da2b47f72 refactor(docker): move force_remove_container into the docker util module didericis 2026-05-12 10:58:05 -04:00
  • 1546acad00 refactor(docker): split backend.py into prepare / launch / cleanup didericis 2026-05-12 10:56:22 -04:00
  • 339d40f8c9 refactor(backend): lift host-side validation onto the base class didericis 2026-05-12 10:51:19 -04:00
  • a23e89ef48 refactor(docker): make pipelock proxy a per-instance attribute didericis 2026-05-12 10:46:38 -04:00
  • 3e7b81e7e7 test(dry-run): pin DOCKER_HOST so HOME override works on Desktop didericis 2026-05-12 10:40:41 -04:00
  • 5f29fd10e2 refactor(env): stop mutating os.environ in resolve_env didericis 2026-05-12 10:37:01 -04:00
  • 95a14bb8d2 style: pass explicit check= to every subprocess.run call didericis 2026-05-12 10:13:56 -04:00
  • 64a31a382b chore(types): add pyright strict config and fix resulting errors didericis 2026-05-12 10:03:48 -04:00
  • ac634edcb6 refactor(docker): keep prepare side-effect-free, rename token in child env didericis 2026-05-12 09:48:38 -04:00
  • 250954c17d refactor(docker): share derive step between print and to_dict didericis 2026-05-11 20:09:42 -04:00
  • 62d2e36e5c refactor(docker): hand forwarded env names through the plan, not a file didericis 2026-05-11 20:08:02 -04:00
  • 42c2e8108e refactor(docker): share container-name candidate iterator didericis 2026-05-11 20:06:09 -04:00
  • c63d8e0f9d refactor(docker): forward OAuth token through resolved env didericis 2026-05-11 20:04:28 -04:00
  • cbafbbec5a refactor(backend): make BottleBackend generic over its plan types didericis 2026-05-11 20:02:56 -04:00
  • 4fc0707760 refactor(docker): use ExitStack for launch teardown didericis 2026-05-11 19:58:57 -04:00
  • 3424888c02 Merge pull request 'Split out provisioners' (#7) from split-out-provisioners into main didericis 2026-05-11 19:47:26 -04:00
  • d12efc8ccf refactor(docker): move provision_git into provision/git.py didericis 2026-05-11 19:44:11 -04:00
  • 52bb007b9e refactor(docker): move provision_ssh into provision/ssh.py didericis 2026-05-11 19:43:12 -04:00
  • 36d3e7f739 refactor(docker): move provision_skills into provision/skills.py didericis 2026-05-11 19:41:32 -04:00
  • 1b17b36988 refactor(docker): move provision_prompt into provision/prompt.py didericis 2026-05-11 19:40:51 -04:00
  • 45203e2cd6 docs(prd): add 0004 split out provisioners didericis 2026-05-11 19:36:39 -04:00
  • b1001ba1b8 Merge pull request 'Refactor tests' (#6) from refactor-tests into main didericis 2026-05-11 19:26:27 -04:00
  • 7fb0b8488b test(pipelock): skip sidecar smoke under act_runner didericis 2026-05-11 19:24:34 -04:00
  • f943e14891 refactor(pipelock): take stage_dir, derive yaml_path internally didericis 2026-05-11 16:50:22 -04:00
  • 479adc625a test(pipelock): collapse over-decomposed allowlist helper tests didericis 2026-05-11 16:36:04 -04:00
  • 757e76add7 test(cli): tighten and relocate --format=json validation test didericis 2026-05-11 16:35:55 -04:00
  • b97807ac71 docs(research): evaluate smolmachines as VM backend didericis 2026-05-11 16:32:04 -04:00
  • aba9a823ba docs(research): document macOS agent VM isolation approach didericis 2026-05-11 16:31:40 -04:00
  • 8f5e07af7f test(pipelock): drive sidecar smoke through production prepare/start didericis 2026-05-11 16:23:43 -04:00
  • beb0c9d58f feat(cli): add --format=json to start --dry-run for machine-readable plan didericis 2026-05-11 16:23:24 -04:00
  • 30b4f12288 refactor(pipelock): expose structured config; assert on dict in tests didericis 2026-05-11 16:23:12 -04:00
  • 4462863d56 test: reorganize suite into unit/integration/canaries directories didericis 2026-05-11 16:23:02 -04:00
  • 83fe5741f5 chore(test): open refactor-tests branch didericis 2026-05-11 16:01:54 -04:00
  • 08159e1031 docs(research): survey AI-agent sandbox tools didericis 2026-05-11 15:56:23 -04:00