didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD 0027: Agent-level git user identity #95

Merged
didericis merged 3 commits from feat/agent-git-user-identity into main 2026-05-28 21:32:38 -04:00
Conversation 0 Commits 3 Files Changed 8
+577 -8
didericis commented 2026-05-28 20:58:21 -04:00
Owner
Copy Link
Copy Source

Closes #94.

Tracking PR for PRD 0027.

Summary

Let an agent file declare git.user (name/email). At launch it overlays the referenced bottle's git.user per-field (agent wins on non-empty), mirroring the PRD 0025 extends: merge. git.remotes stays bottle-only — it carries credentials and host trust. Solves the coupling where varying a commit identity meant authoring a whole separate bottle.

Git authorship is not a credential (push auth is the bottle's remote key/token) and is already forgeable from inside the bottle, so a repo-shipped agent setting its own identity grants no access; an agent identity is claimed, not vouched.

Schema

---
bottle: claude-dev
git:
  user:
    name: claude-implementer
    email: eric+claude-implementer@dideric.is
---
  • git.user accepts name and/or email (string-or-die; at least one non-empty), validated by the existing GitUser parser.
  • Any agent git key other than user — notably remotes — dies at parse with a bottle-only pointer.

Merge rule

Field Merge
git_user.name agent's if non-empty, else the bottle's
git_user.email agent's if non-empty, else the bottle's

Same per-field overlay _merge_bottles applies for extends:. Empty string = "not set". All other bottle fields pass through untouched.

Changes (3 commits)

  1. docs(prd) — PRD 0027: design + trust analysis.
  2. feat(manifest)Agent.git_user; parse + reject non-user git keys; per-field overlay at Manifest.bottle_for() (the single chokepoint both backends use, so provisioners are untouched); Manifest.git_identity_summary() with (agent)/(bottle) provenance, printed in both preflights and cli.py info. 17 unit tests in test_manifest_agent_git_user.py.
  3. docs(manifest) — README manifest section; collapses the example so implementer carries its own identity against the shared dev bottle instead of an identity-only bottle.

Full unit suite green (738 tests).

Closes #94. Tracking PR for [PRD 0027](https://gitea.dideric.is/didericis/bot-bottle/src/commit/dcd90cd45e17ef65a862b8f710878db70a61d09c/docs/prds/0027-agent-git-user-identity.md). ## Summary Let an **agent** file declare `git.user` (name/email). At launch it overlays the referenced bottle's `git.user` per-field (agent wins on non-empty), mirroring the [PRD 0025](https://gitea.dideric.is/didericis/bot-bottle/src/commit/dcd90cd45e17ef65a862b8f710878db70a61d09c/docs/prds/0025-bottle-extends.md) `extends:` merge. `git.remotes` stays bottle-only — it carries credentials and host trust. Solves the coupling where varying a commit identity meant authoring a whole separate bottle. Git authorship is not a credential (push auth is the bottle's remote key/token) and is already forgeable from inside the bottle, so a repo-shipped agent setting its own identity grants no access; an agent identity is *claimed, not vouched*. ## Schema ```yaml --- bottle: claude-dev git: user: name: claude-implementer email: eric+claude-implementer@dideric.is --- ``` - `git.user` accepts `name` and/or `email` (string-or-die; at least one non-empty), validated by the existing `GitUser` parser. - Any agent `git` key other than `user` — notably `remotes` — dies at parse with a bottle-only pointer. ## Merge rule | Field | Merge | |-------------------|----------------------------------------------| | `git_user.name` | agent's if non-empty, else the bottle's | | `git_user.email` | agent's if non-empty, else the bottle's | Same per-field overlay `_merge_bottles` applies for `extends:`. Empty string = "not set". All other bottle fields pass through untouched. ## Changes (3 commits) 1. **`docs(prd)`** — PRD 0027: design + trust analysis. 2. **`feat(manifest)`** — `Agent.git_user`; parse + reject non-`user` git keys; per-field overlay at `Manifest.bottle_for()` (the single chokepoint both backends use, so provisioners are untouched); `Manifest.git_identity_summary()` with `(agent)`/`(bottle)` provenance, printed in both preflights and `cli.py info`. 17 unit tests in `test_manifest_agent_git_user.py`. 3. **`docs(manifest)`** — README manifest section; collapses the example so `implementer` carries its own identity against the shared `dev` bottle instead of an identity-only bottle. Full unit suite green (738 tests).
didericis added 1 commit 2026-05-28 20:58:22 -04:00
docs(prd): add PRD 0027 agent-level git user identity
test / unit (pull_request) Successful in 27s
Details
test / integration (pull_request) Successful in 43s
Details
f9e3b6adda 
Lift git.user (name/email) to the agent layer with a per-field
overlay onto the referenced bottle, mirroring the extends: merge.
git.remotes stays bottle-only. Includes identity provenance in
preflight/info and an example collapse.

Refs #94

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
didericis added 2 commits 2026-05-28 21:10:58 -04:00
feat(manifest): lift git.user to the agent layer 0708e99e4e 
Agents may declare git.user (name/email); it overlays the referenced
bottle's git.user per-field at Manifest.bottle_for (agent wins on
non-empty), mirroring the extends: merge. git.remotes is rejected on
agents — it carries credentials and host trust and stays bottle-only.

The overlay lives at bottle_for, the single chokepoint both backends
use, so the docker/smolmachines git provisioners are unchanged. Adds
Manifest.git_identity_summary with per-field (agent)/(bottle)
provenance, printed in both preflights and `info`.

Refs #94

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
docs(manifest): document + demo agent-level git.user
test / unit (pull_request) Successful in 35s
Details
test / integration (pull_request) Successful in 57s
Details
test / unit (push) Successful in 32s
Details
test / integration (push) Successful in 44s
Details
dcd90cd45e 
README manifest section documents the agent git.user overlay, the
bottle-only git.remotes boundary, and the claimed-not-vouched trust
note. Collapses the example: implementer carries its own identity
against the shared dev bottle instead of an identity-only bottle.

Refs #94

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
didericis changed title from feat(manifest): agent-level git user identity to feat(manifest): agent-level git user identity (PRD 0027, issue #94) 2026-05-28 21:27:17 -04:00
didericis changed title from feat(manifest): agent-level git user identity (PRD 0027, issue #94) to PRD 0027: Agent-level git user identity 2026-05-28 21:27:51 -04:00
didericis merged commit dcd90cd45e into main 2026-05-28 21:32:38 -04:00
didericis deleted branch feat/agent-git-user-identity 2026-05-28 21:32:38 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#95
Delete Branch "feat/agent-git-user-identity"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?