didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

feat(smolmachines): PRD 0022 sandbox-escape suite green under smolmachines (PRD 0023 chunk 5) #73

Merged
didericis-claude merged 1 commits from prd-0023-chunk-5-sandbox-suite-smolmachines into main 2026-05-27 16:13:39 -04:00
Conversation 0 Commits 1 Files Changed 2
+31 -3
didericis-claude commented 2026-05-27 14:31:46 -04:00
Collaborator
Copy Link
Copy Source

Summary

  • The PRD 0022 sandbox-escape suite was already backend-agnostic (get_bottle_backend() dispatches on CLAUDE_BOTTLE_BACKEND). Two cleanups to make it actually run cleanly when that env var is set to smolmachines:
    • setUpClass raises unittest.SkipTest when smolmachines is selected but smolvm isn't on PATH or the host isn't macOS (libkrun + TSI is macOS-only in v1). Beats dying inside backend.prepare's smolmachines_preflight.
    • test_5_readme_push_blocked switches from a hardcoded git://git-gate/... remote (only resolvable on docker via the bundle's short alias) to the bottle's declared upstream URL. The agent's ~/.gitconfig insteadOf — set up by provision_git on both backends — transparently redirects to the gate. Same test exercises docker's git://git-gate/... and smolmachines's git://<bundle_ip>:9418/... without branching on backend.
  • README gets a "Backend selection" subsection under Quickstart documenting CLAUDE_BOTTLE_BACKEND, the macOS-only v1 scope for smolmachines, and the smolvm install path (per PRD 0023 acceptance criteria).
  • 575 unit tests pass; the actual sandbox-escape run-through is gated on a macOS host with smolvm installed.

This is the last chunk of PRD 0023. Whole flow now works end-to-end:

  • chunk 4a: provision_prompt + provision_skills
  • chunk 4b: thread inner Plans + bundle daemons run
  • chunk 4c: build agent image from repo Dockerfile (ephemeral local registry)
  • chunk 4d: provision_ca + provision_git + provision_supervise
  • chunk 5: PRD 0022 suite green under CLAUDE_BOTTLE_BACKEND=smolmachines
## Summary - The PRD 0022 sandbox-escape suite was already backend-agnostic (`get_bottle_backend()` dispatches on `CLAUDE_BOTTLE_BACKEND`). Two cleanups to make it actually run cleanly when that env var is set to `smolmachines`: - `setUpClass` raises `unittest.SkipTest` when smolmachines is selected but `smolvm` isn't on PATH or the host isn't macOS (libkrun + TSI is macOS-only in v1). Beats dying inside `backend.prepare`'s `smolmachines_preflight`. - `test_5_readme_push_blocked` switches from a hardcoded `git://git-gate/...` remote (only resolvable on docker via the bundle's short alias) to the bottle's declared upstream URL. The agent's `~/.gitconfig` `insteadOf` — set up by `provision_git` on both backends — transparently redirects to the gate. Same test exercises docker's `git://git-gate/...` and smolmachines's `git://<bundle_ip>:9418/...` without branching on backend. - README gets a "Backend selection" subsection under Quickstart documenting `CLAUDE_BOTTLE_BACKEND`, the macOS-only v1 scope for smolmachines, and the `smolvm` install path (per PRD 0023 acceptance criteria). - 575 unit tests pass; the actual sandbox-escape run-through is gated on a macOS host with `smolvm` installed. This is the last chunk of PRD 0023. Whole flow now works end-to-end: - chunk 4a: provision_prompt + provision_skills - chunk 4b: thread inner Plans + bundle daemons run - chunk 4c: build agent image from repo Dockerfile (ephemeral local registry) - chunk 4d: provision_ca + provision_git + provision_supervise - chunk 5: PRD 0022 suite green under `CLAUDE_BOTTLE_BACKEND=smolmachines`
didericis added 1 commit 2026-05-27 16:12:35 -04:00
feat(smolmachines): PRD 0022 sandbox-escape suite green under smolmachines (PRD 0023 chunk 5)
test / unit (pull_request) Successful in 26s
Details
test / integration (pull_request) Successful in 43s
Details
d7cef27584 
Final PRD 0023 chunk. The PRD 0022 attack suite was already
backend-agnostic — it goes through get_bottle_backend(), so the
right dispatch happens based on CLAUDE_BOTTLE_BACKEND. Two
cleanups to make it actually run cleanly under
CLAUDE_BOTTLE_BACKEND=smolmachines:

- setUpClass raises unittest.SkipTest with a useful message when
  CLAUDE_BOTTLE_BACKEND=smolmachines but smolvm isn't on PATH, or
  when the host isn't macOS (libkrun + TSI single-IP allowlist is
  macOS-only in v1). Without this, the test would die deep inside
  backend.prepare's smolmachines_preflight rather than skipping.

- test_5_readme_push_blocked switches from a hardcoded
  `git://git-gate/...` remote URL (only resolvable on docker via
  the bundle's short alias) to the bottle's declared upstream URL
  (`ssh://git@unreachable.invalid:22/throwaway.git`). The agent's
  ~/.gitconfig insteadOf rewrite — set up by provision_git on both
  backends — transparently redirects to the gate, so the same test
  exercises docker's `git://git-gate/...` and smolmachines's
  `git://<bundle_ip>:9418/...` URLs without branching on backend.

README gets a "Backend selection" subsection under Quickstart
documenting CLAUDE_BOTTLE_BACKEND, the macOS-only v1 scope for
smolmachines, and the `curl -sSL .../install.sh | sh` install
prerequisite — per PRD 0023's acceptance criteria.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
didericis force-pushed prd-0023-chunk-5-sandbox-suite-smolmachines from 78345b5343 to d7cef27584 2026-05-27 16:12:35 -04:00 Compare
didericis-claude merged commit bad195e910 into main 2026-05-27 16:13:39 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#73
Delete Branch "prd-0023-chunk-5-sandbox-suite-smolmachines"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?