didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

docs: document egress route fields #211

Merged
didericis merged 3 commits from docs/egress-manifest-shape into main 2026-06-23 17:55:57 -04:00
Conversation 0 Commits 3 Files Changed 2
+34 -10
didericis-claude commented 2026-06-06 16:10:42 -04:00
Collaborator
Copy Link
Copy Source

Summary

Documents the egress route fields added in PRDs 0052/0053 that were not reflected in the public-facing docs, and corrects stale provider-auth documentation.

  • Feature bullet: adds per-route matches filtering and both-direction DLP scanning to the description.
  • Bottle example: expands the egress.routes entry to show matches (paths/methods) and dlp (outbound/inbound detector overrides).
  • New Egress route fields reference table covering all accepted keys, types, and defaults (host, role, auth, matches, dlp, git.fetch).
  • role row corrected: PRD 0029 removed the claude_code_oauth role and the parser now rejects any role value as reserved-for-future-use. Provider auth routes are injected from agent_provider.auth_token.
  • examples/bottles/claude.md: replaced the manual api.anthropic.com route (which used the rejected role key, and would otherwise be silently dropped in favour of the provider-injected route) with the canonical agent_provider.auth_token shape.
## Summary Documents the egress route fields added in PRDs 0052/0053 that were not reflected in the public-facing docs, and corrects stale provider-auth documentation. - Feature bullet: adds per-route `matches` filtering and both-direction DLP scanning to the description. - Bottle example: expands the `egress.routes` entry to show `matches` (paths/methods) and `dlp` (outbound/inbound detector overrides). - New **Egress route fields** reference table covering all accepted keys, types, and defaults (`host`, `role`, `auth`, `matches`, `dlp`, `git.fetch`). - `role` row corrected: PRD 0029 removed the `claude_code_oauth` role and the parser now rejects any `role` value as reserved-for-future-use. Provider auth routes are injected from `agent_provider.auth_token`. - `examples/bottles/claude.md`: replaced the manual `api.anthropic.com` route (which used the rejected `role` key, and would otherwise be silently dropped in favour of the provider-injected route) with the canonical `agent_provider.auth_token` shape.
didericis force-pushed docs/egress-manifest-shape from 7c0fa9d55a to d1d9e7a105 2026-06-19 21:58:24 -04:00 Compare
didericis added 3 commits 2026-06-23 17:53:29 -04:00
docs: document egress matches, dlp fields, and detector defaults e2422c20a0
docs: add role and git.fetch to egress route fields table c41751f3b9 
Both fields were missing from the reference table added in the preceding
commit — `role` is visible in examples/bottles/claude.md and `git.fetch`
is documented in PRD 0052 but neither appeared in the README table.
docs: correct stale role field and claude provider auth example
lint / lint (push) Successful in 1m53s
Details
31cde11b0d 
The egress route fields table described `role` as a functional field
that wires built-in auth flows. PRD 0029 removed the
`claude_code_oauth` role; the manifest parser now rejects any `role`
value as reserved-for-future-use. Provider auth routes are injected
from `agent_provider.auth_token`.

- README: fix the `role` row to state it is reserved and any value is
  rejected at load.
- examples/bottles/claude.md: the manual `api.anthropic.com` route used
  the rejected `role` key and, even without it, would be silently
  dropped (provider-injected routes win for a provisioned host) — so its
  auth never took effect and the dlp comments described a route that
  never exists in the plan. Replace it with the canonical
  `agent_provider.auth_token` shape.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01YcU7nerbg8cVj9R4EkpfLJ
didericis force-pushed docs/egress-manifest-shape from df469b2f47 to 31cde11b0d 2026-06-23 17:53:29 -04:00 Compare
didericis-claude changed title from docs: document egress matches, dlp fields, and detector defaults to docs: document egress route fields 2026-06-23 17:53:41 -04:00
didericis merged commit 31cde11b0d into main 2026-06-23 17:55:57 -04:00
didericis deleted branch docs/egress-manifest-shape 2026-06-23 17:55:57 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#211
Delete Branch "docs/egress-manifest-shape"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?