didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

PRD 0029: provision egress routes via AgentProvisionPlan #115

Merged
didericis merged 9 commits from prd-0029-egress-routes-via-agent-provision-plan into codex/prd-codex-host-credentials 2026-06-01 22:04:33 -04:00
Conversation 14 Commits 9 Files Changed 15
+16 -8
2 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 962f8144fc - Show all commits
bot_bottle/agent_provider.py
+7 -6
View File
2
 @@ -193,17 +193,18 @@ def agent_provision_plan(
"codex host credentials: dummy auth was copied into the "
"guest, but Codex did not accept it"
)))
if template == PROVIDER_CLAUDE and auth_token:
if template == PROVIDER_CLAUDE:
egress_routes.append(EgressRoute(
didericis marked this conversation as resolved Outdated
didericis commented 2026-06-01 21:32:10 -04:00
Outdated
Review
Copy Link
Copy Source

Similarly to codex, we should always include these in egress routes (whether or not auth_token is present), but we only have the egress add the auth token when it's present

Similarly to codex, we should always include these in egress routes (whether or not auth_token is present), but we only have the egress add the auth token when it's present
host="api.anthropic.com",
auth_scheme="Bearer",
auth_scheme="Bearer" if auth_token else "",
token_ref=auth_token,
tls_passthrough=True,
))
env_vars["CLAUDE_CODE_OAUTH_TOKEN"] = "egress-placeholder"
env_vars["CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC"] = "1"
env_vars["DISABLE_ERROR_REPORTING"] = "1"
hidden_env_names = frozenset({"CLAUDE_CODE_OAUTH_TOKEN"})
if auth_token:
env_vars["CLAUDE_CODE_OAUTH_TOKEN"] = "egress-placeholder"
env_vars["CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC"] = "1"
env_vars["DISABLE_ERROR_REPORTING"] = "1"
hidden_env_names = frozenset({"CLAUDE_CODE_OAUTH_TOKEN"})
return AgentProvisionPlan(
template=template,
tests/unit/test_agent_provider.py
+9 -2
View File
1
 @@ -129,14 +129,21 @@ class TestAgentProviderRuntime(unittest.TestCase):
self.assertEqual("", r.token_ref)
self.assertTrue(r.tls_passthrough)
def test_claude_plan_has_no_egress_routes(self):
def test_claude_without_auth_token_has_passthrough_egress_route(self):
with tempfile.TemporaryDirectory(prefix="bb-provider.") as tmp:
plan = agent_provision_plan(
template="claude",
dockerfile="",
state_dir=Path(tmp),
)
self.assertEqual((), plan.egress_routes)
self.assertEqual(1, len(plan.egress_routes))
route = plan.egress_routes[0]
self.assertEqual("api.anthropic.com", route.host)
self.assertEqual("", route.auth_scheme)
self.assertEqual("", route.token_ref)
self.assertTrue(route.tls_passthrough)
self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", plan.env_vars)
self.assertEqual(frozenset(), plan.hidden_env_names)
if __name__ == "__main__":