didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

refactor(manifest): drop bottle.egress field #32

Merged
didericis merged 3 commits from drop-egress-field into main 2026-05-25 22:02:16 -04:00
Conversation 0 Commits 3 Files Changed 32
+674 -831
didericis commented 2026-05-25 21:13:21 -04:00
Owner
Copy Link
Copy Source

Summary

One allowlist surface — `egress_proxy.routes` — instead of two parallel ones. Anything that was in `bottle.egress.allowlist` now goes in `egress_proxy.routes` as a bare-pass entry (`- host: `).

Per the user (only consumer of the manifest today): no migration error needed, no shim, just remove. The generic unknown-key validation gives a "did you mean" hint if someone passes the legacy shape.

What's gone

  • `BottleEgress` dataclass + `DLP_ACTIONS` constant + `bottle.egress` field on `Bottle`.
  • `pipelock_bottle_allowlist` and `pipelock_allowlist_summary` helpers.
  • `allowlist_summary` field on `DockerBottlePlan` (compact preflight from #31 didn't use it anyway).
  • The egress-proxy / no-egress-proxy branch in `pipelock_effective_allowlist` — now just mirrors `egress_proxy_routes_for_bottle` unconditionally.
  • `request_body_scanning.action` is hard-coded to `"block"` (was `bottle.egress.dlp_action`; default was already block and the warn-mode foot-gun isn't useful in a sandboxed agent context).

Test churn

  • `test_pipelock_allowlist.py` rewritten to assert the mirror semantics directly.
  • `test_manifest_md_load.py`, `test_pipelock_yaml.py`, `test_egress_proxy.py` fixtures migrated to put hosts in `egress_proxy.routes` instead of `egress.allowlist`.

409 unit + integration tests pass.

Local bottle migrated

`~/.claude-bottle/bottles/dev.md` drops the `egress: { allowlist: [example.com] }` block in favor of `- host: example.com` under `egress_proxy.routes`.

## Summary One allowlist surface — \`egress_proxy.routes\` — instead of two parallel ones. Anything that was in \`bottle.egress.allowlist\` now goes in \`egress_proxy.routes\` as a bare-pass entry (\`- host: <name>\`). Per the user (only consumer of the manifest today): no migration error needed, no shim, just remove. The generic unknown-key validation gives a "did you mean" hint if someone passes the legacy shape. ## What's gone - \`BottleEgress\` dataclass + \`DLP_ACTIONS\` constant + \`bottle.egress\` field on \`Bottle\`. - \`pipelock_bottle_allowlist\` and \`pipelock_allowlist_summary\` helpers. - \`allowlist_summary\` field on \`DockerBottlePlan\` (compact preflight from #31 didn't use it anyway). - The egress-proxy / no-egress-proxy branch in \`pipelock_effective_allowlist\` — now just mirrors \`egress_proxy_routes_for_bottle\` unconditionally. - \`request_body_scanning.action\` is hard-coded to \`"block"\` (was \`bottle.egress.dlp_action\`; default was already block and the warn-mode foot-gun isn't useful in a sandboxed agent context). ## Test churn - \`test_pipelock_allowlist.py\` rewritten to assert the mirror semantics directly. - \`test_manifest_md_load.py\`, \`test_pipelock_yaml.py\`, \`test_egress_proxy.py\` fixtures migrated to put hosts in \`egress_proxy.routes\` instead of \`egress.allowlist\`. 409 unit + integration tests pass. ## Local bottle migrated \`~/.claude-bottle/bottles/dev.md\` drops the \`egress: { allowlist: [example.com] }\` block in favor of \`- host: example.com\` under \`egress_proxy.routes\`.
didericis added 1 commit 2026-05-25 21:13:22 -04:00
refactor(manifest): drop bottle.egress field, egress_proxy is the only allowlist
test / unit (pull_request) Successful in 17s
Details
test / integration (pull_request) Successful in 1m4s
Details
6456904763 
Goal: one allowlist surface (egress_proxy.routes), no second
free-form `egress:` knob. Anything that used to live there now
goes in `egress_proxy.routes` as a bare-pass entry
(`- host: <name>`).

Removed:
  - `BottleEgress` dataclass + DLP_ACTIONS constant + bottle.egress
    field on `Bottle`.
  - `pipelock_bottle_allowlist` helper.
  - `pipelock_allowlist_summary` helper (the compact preflight
    summary stopped using it after PR #31).
  - `allowlist_summary` field on `DockerBottlePlan`.
  - `bottle.egress.allowlist` folding in
    `egress_proxy_routes_for_bottle` — only DEFAULT_ALLOWLIST
    auto-folds now.
  - The two-branch logic in `pipelock_effective_allowlist`
    (egress-proxy-present vs not) — pipelock now just mirrors
    `egress_proxy_routes_for_bottle` unconditionally.

Hard-coded:
  - `request_body_scanning.action = "block"` in
    `pipelock_build_config` (was driven by
    `bottle.egress.dlp_action`). The previous default was already
    "block" — the knob to switch to "warn" was a foot-gun in a
    sandboxed agent context, so it's gone.

Tests:
  - `test_pipelock_allowlist.py` rewritten to assert the
    mirrored-from-egress-proxy semantics directly.
  - `test_manifest_md_load.py`, `test_pipelock_yaml.py`,
    `test_egress_proxy.py` fixtures migrated to put hosts in
    `egress_proxy.routes` instead of `egress.allowlist`.

Local bottle migrated too: `~/.claude-bottle/bottles/dev.md`
loses the `egress: { allowlist: [example.com] }` block, picks up
a bare-pass `- host: example.com` route.

409 unit + integration tests pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
didericis added 1 commit 2026-05-25 21:25:53 -04:00
refactor(manifest): rename egress_proxy key to egress
test / unit (pull_request) Successful in 16s
Details
test / integration (pull_request) Successful in 1m4s
Details
14c8a51c16 
Now that `bottle.egress` (the old allowlist/dlp_action block) is
gone, the longer `egress_proxy:` disambiguator isn't needed. The
manifest field reads more naturally as just `egress:` with the
same nested `routes: [...]` shape.

Renamed:
  - Manifest YAML key:    `egress_proxy:` → `egress:`
  - Bottle dataclass attr: `bottle.egress_proxy` → `bottle.egress`
  - `_BOTTLE_KEYS` entry, schema docstring, and all
    user-facing error message labels (`egress.routes[N]`,
    `egress has unknown key …`, etc.).

Kept (these refer to the egress-proxy SIDECAR, not the manifest
field):
  - File names: `egress_proxy.py`, `egress_proxy_apply.py`,
    `egress_proxy_addon.py`, `egress_proxy_addon_core.py`.
  - Class names: `EgressProxyConfig`, `EgressProxyRoute`,
    `EgressProxyPlan`, `EgressProxy`, `DockerEgressProxy`.
  - Helper names: `egress_proxy_manifest_routes`,
    `egress_proxy_routes_for_bottle`,
    `egress_proxy_token_env_map`, etc.
  - Constants: `EGRESS_PROXY_HOSTNAME`, `EGRESS_PROXY_ROLES`,
    `EGRESS_PROXY_AUTH_SCHEMES`, `EGRESS_PROXY_FORWARD_PROXY`,
    `EGRESS_PROXY_INTROSPECT_URL`, `EGRESS_PROXY_PORT`, etc.
  - Container name prefix `claude-bottle-egress-proxy-*`, the
    `egress-proxy` docker network alias, the
    `egress-proxy-block` + `list-egress-proxy-routes` MCP tool
    IDs, the `egress-proxy` audit-log component label.

Local bottle migrated (`~/.claude-bottle/bottles/dev.md` already
updated). The legacy `egress_proxy` key isn't surfaced anywhere
anymore; the generic unknown-key validator catches typos with a
"did you mean: egress, env, git, supervise" hint.

409 unit + integration tests pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
didericis added 1 commit 2026-05-25 21:59:55 -04:00
refactor: rename egress-proxy → egress everywhere
test / unit (pull_request) Successful in 17s
Details
test / integration (pull_request) Successful in 1m10s
Details
1e5b0dcfca 
The manifest key is `egress:` now; finish the rename so the rest of
the codebase matches. Files (Dockerfile.egress, claude_bottle/egress.py
etc.), classes (Egress, EgressConfig, EgressRoute, EgressPlan,
DockerEgress), constants (EGRESS_HOSTNAME, EGRESS_ROUTES, ...),
container name prefix (claude-bottle-egress-*), docker network alias
(egress), the introspection host (_egress.local), the MCP tool IDs
(egress-block, list-egress-routes), and the preflight label all drop
the `-proxy` suffix.
didericis merged commit a77545dc91 into main 2026-05-25 22:02:16 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#32
Delete Branch "drop-egress-field"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?