PRD 0003: Bottle Backend abstraction #5

Merged

didericis merged 44 commits from add-bottle-factory-abstraction into main 2026-05-11 14:49:43 -04:00

Conversation 0 Commits 44 Files Changed 33

+1833 -1004

didericis commented 2026-05-10 21:56:32 -04:00

Owner

Copy Link

Copy Source

Summary

Implements PRD 0003. BottleBackend is the abstraction; DockerBottleBackend is the only concrete impl. Selected via CLAUDE_BOTTLE_BACKEND (default docker).

All Docker-specific behavior — container/network lifecycle, pipelock sidecar, env-file / argv serialization, runsc detection — lives under claude_bottle/backend/docker/. The top level (manifest.py, env.py, pipelock.py yaml + allowlist, util.py, cli.py) is backend-agnostic.

bottles[].runtime is removed from the manifest; gVisor (runsc) is auto-detected by the backend.

## Summary Implements PRD 0003. `BottleBackend` is the abstraction; `DockerBottleBackend` is the only concrete impl. Selected via `CLAUDE_BOTTLE_BACKEND` (default `docker`). All Docker-specific behavior — container/network lifecycle, pipelock sidecar, env-file / argv serialization, runsc detection — lives under `claude_bottle/backend/docker/`. The top level (`manifest.py`, `env.py`, `pipelock.py` yaml + allowlist, `util.py`, `cli.py`) is backend-agnostic. `bottles[].runtime` is removed from the manifest; gVisor (runsc) is auto-detected by the backend.

didericis added 1 commit 2026-05-10 21:56:33 -04:00

docs(prd): add 0003 bottle factory abstraction d5c056f36e

didericis changed title from docs(prd): add 0003 bottle factory abstraction to PRD 0003: Bottle factory abstraction 2026-05-10 21:57:31 -04:00

didericis added 1 commit 2026-05-10 22:15:19 -04:00

feat(bottles): implement bottle factory abstraction per PRD 0003 ... d75cc9325f

Introduce claude_bottle/bottles/ with a Bottle Protocol and a
get_bottle_factory() that dispatches on CLAUDE_BOTTLE_PLATFORM
(default "docker"). Move every Docker-specific subprocess.run call
from cli/start.py, plus the orchestration of build, networks, the
pipelock sidecar, container launch, and per-container provisioning
(prompt, skills, ssh, .git), into create_docker_bottle.

Drop bottles[].runtime from the manifest schema. Auto-detect whether
gVisor is registered with the daemon and pass --runtime=runsc when it
is; the preflight shows the resolved runtime so the choice is visible.
Manifests still carrying 'runtime' get a clear error pointing at the
auto-detect behavior, rather than silent ignore.

Out of scope: cli/cleanup.py and cli/list.py still call docker
directly. They enumerate active bottles across the host, which is a
separate concern from "create a bottle" and is left for a follow-up
that introduces a list_active/cleanup primitive on the factory.

didericis added 1 commit 2026-05-10 22:20:40 -04:00

refactor(start): extract show_plan from cmd_start 7500ba230c

didericis added 1 commit 2026-05-10 22:23:43 -04:00

refactor(start): show_plan now takes DockerBottleSpec a284d85296

didericis added 1 commit 2026-05-10 22:36:30 -04:00

refactor(bottles): split factory into prepare + launch phases ... 4f16b3a9e1

The Docker factory had absorbed live container ops but left the
host-side prep (image-name resolution, container-name collision
retry, pipelock yaml generation, env_resolve writes, host
validation) in cli/start.py. That kept ~half the Docker-specific
logic outside the abstraction.

Split the factory into two phases:

  prepare_docker_bottle(spec, stage_dir=...) -> DockerBottlePlan
      Resolves names, validates skills/SSH, writes scratch files.
      No Docker resources created yet.

  launch_docker_bottle(plan) -> ContextManager[Bottle]
      Builds image, creates networks, boots pipelock, runs the
      agent container, provisions files. Teardown on exit.

DockerBottleSpec shrinks to intent-only inputs (manifest, agent
name, --cwd flag, user_cwd, forward_oauth_token). The CLI no longer
references docker_mod, pipelock, skills, ssh, or env_resolve.

get_bottle_factory becomes get_bottle_platform returning a
BottlePlatform with .prepare and .launch — one selectable thing per
platform.

The Bottle handle now remembers the in-container prompt path and
adds --append-system-prompt-file to claude's argv when present, so
the CLI no longer needs to know the path.

cmd_start: ~148 lines down from 229. Tests pass; dry-run output
byte-identical.

didericis added 1 commit 2026-05-10 22:40:22 -04:00

refactor(bottles): rename DockerBottleSpec to BottleSpec ... 236c4fa50c

The spec is intent-only and platform-agnostic — only the plan carries
Docker-specific fields. Drop the 'Docker' prefix and re-export from
claude_bottle.bottles so callers see it as cross-platform.

didericis added 1 commit 2026-05-10 22:50:02 -04:00

refactor(bottles): introduce BottlePlan base + move print onto plan ... 2827d9b899

- Add BottlePlan (frozen dataclass + ABC) with spec, stage_dir, and an
  abstract `print(*, remote_control)` method.
- DockerBottlePlan now inherits from BottlePlan; spec/stage_dir come
  from the base, Docker-specific fields stay on the subclass.
- Move BottleSpec from bottles/docker.py to bottles/__init__.py so the
  cross-platform types live together. docker.py pulls them via
  `from . import ...`.
- Move show_plan from cli/start.py to `DockerBottlePlan.print`. Caller
  becomes `plan.print(remote_control=...)`. The CLI no longer reads
  any Docker-specific fields.
- BottlePlatform.prepare is now typed `Callable[..., BottlePlan]`.

cmd_start drops ~46 more lines.

didericis added 1 commit 2026-05-10 22:56:51 -04:00

refactor(bottles): BottlePlatform becomes ABC; DockerBottlePlatform in docker.py ... e22a96e511

Mirror the BottlePlan -> DockerBottlePlan hierarchy at the platform
layer. BottlePlatform is now an abstract base with abstract `prepare`
and `launch` methods; DockerBottlePlatform lives alongside the rest of
the Docker code in bottles/docker.py and supplies the concrete impls.

The registry in bottles/__init__.py now holds an instance of each
concrete platform class. Future per-platform state (region, api
token, cleanup primitives) has a natural home on the subclass rather
than being stitched onto a dataclass struct.

No behavior change. Tests pass; dry-run output unchanged.

didericis added 1 commit 2026-05-10 23:00:10 -04:00

refactor(bottles): absorb prepare/launch fns into DockerBottlePlatform ... 7ab35a5e2a

The module-level prepare_docker_bottle and launch_docker_bottle were
trivial delegations from the platform class. Move their bodies onto
DockerBottlePlatform.prepare and .launch directly. The launch method
keeps the @contextmanager decorator; isinstance narrows BottlePlan
to DockerBottlePlan at the entry point.

Internal helpers (_run_agent_container, _provision_container,
runsc_available) stay at module scope — they're stateless and don't
benefit from self.

No behavior change. Tests pass; dry-run output unchanged.

didericis added 1 commit 2026-05-10 23:02:25 -04:00

refactor(bottles): move _run_agent_container and _provision_container onto the platform class ... 5f82044403

They were the only remaining module-level helpers in docker.py besides
runsc_available(); promote them to private methods on DockerBottlePlatform
so all the Docker orchestration logic lives in one place.

didericis added 1 commit 2026-05-10 23:05:28 -04:00

refactor(cli): remove redundant 'build' command ... 4a45c267f3

DockerBottlePlatform.launch already runs 'docker build' on every
start, and the layer cache makes no-change rebuilds nearly free.
Anything 'cli.py build' did, 'cli.py start' does for you.

didericis added 1 commit 2026-05-10 23:14:57 -04:00

refactor(bottles): two-phase cleanup parallel to prepare/launch ... 18d29fc23f

cmd_cleanup used to only sweep running containers via `docker ps`,
missing stopped pipelock sidecars and orphaned networks entirely. On
my host the new version surfaced ~10 stranded networks left behind by
SIGKILLed sessions — the kind of thing the old command implied it was
handling.

New shape, symmetric with start:
- BottleCleanupPlan (abstract, in bottles/__init__.py) with `print` +
  `empty` abstract members.
- DockerBottleCleanupPlan (concrete, in bottles/docker.py) carrying
  the resolved tuples of containers and networks.
- BottlePlatform gains abstract prepare_cleanup() + cleanup(plan).
  DockerBottlePlatform implements both:
    - prepare_cleanup: docker ps -a + docker network ls, both
      filtered to ^claude-bottle-, sorted for stable output.
    - cleanup: docker rm -f containers first (they hold the network
      attachment), then docker network rm.
- cmd_cleanup is now ~25 lines: prepare → print → y/N → cleanup.

didericis added 1 commit 2026-05-10 23:19:24 -04:00

refactor(bottles): move 'list active' onto DockerBottlePlatform ... 47b882f634

Add list_active() abstract method on BottlePlatform; DockerBottlePlatform
implements it with the existing docker ps logic. cli/list.py no longer
calls docker directly — it just dispatches the active branch to the
platform.

didericis added 1 commit 2026-05-10 23:25:46 -04:00

refactor(bottles): make docker a package; absorb top-level docker.py ... e20f8af05a

- claude_bottle/bottles/docker.py -> claude_bottle/bottles/docker/__init__.py
- claude_bottle/docker.py        -> claude_bottle/bottles/docker/util.py

The host-side Docker primitives (require_docker, slugify, image_exists,
container_exists, build_image, build_image_with_cwd) lived at the top
of the package as if cross-cutting, but they are Docker-specific.
Moving them into bottles/docker/util.py colocates them with the
platform that uses them and clears the top-level namespace.

Imports in bottles/docker/__init__.py shift to `from . import util as
docker_mod` so the existing call sites (`docker_mod.require_docker()`,
etc.) keep working unchanged.

didericis added 1 commit 2026-05-10 23:29:41 -04:00

refactor(docker): split bottles/docker/__init__.py into sibling modules ... d28f0e6d9b

The single docker/__init__.py grew to ~555 lines holding the platform,
its plan classes, the bottle handle, and the runsc probe. Split into:

  - util.py                : Docker subprocess primitives + runsc_available
  - bottle_plan.py         : DockerBottlePlan (+ its print method)
  - bottle_cleanup_plan.py : DockerBottleCleanupPlan
  - bottle.py              : _DockerBottle handle class
  - platform.py            : DockerBottlePlatform (the bulk)

docker/__init__.py becomes a thin re-export shim so existing imports
(claude_bottle.bottles.docker.DockerBottlePlatform, etc.) keep working.

didericis added 1 commit 2026-05-10 23:32:36 -04:00

refactor(bottles): Bottle becomes an ABC; DockerBottle inherits ... aaed390953

Bottle was the only Protocol in an otherwise-ABC family
(BottlePlan, BottleCleanupPlan, BottlePlatform are all ABCs).
Convert to an ABC with abstract exec_claude / cp_in / close,
matching the rest of the hierarchy.

Rename _DockerBottle -> DockerBottle: the underscore was a
default-Python-private instinct that doesn't match the sibling
plan classes (DockerBottlePlan, DockerBottleCleanupPlan), all of
which are equally "only constructed by the platform" and yet
public-by-name.

Re-export DockerBottle from claude_bottle.bottles.docker.

didericis added 1 commit 2026-05-10 23:37:31 -04:00

refactor(platform): rename claude_bottle/bottles -> claude_bottle/platform ... 1d2c18eaae

'bottles' was the package name when it held a single Bottle Protocol;
since we added BottlePlatform / BottlePlan / BottleCleanupPlan and
made it the home of platform dispatch, 'platform' describes the
package better. The 'bottle' concept (and the manifest field) stays.

CLI imports update from ..bottles to ..platform; internal relative
imports inside the package survive the rename unchanged. Git
detected all 7 file renames.

didericis added 1 commit 2026-05-10 23:41:01 -04:00

refactor(docker): move network.py into platform/docker/ ... c79966731c

The Docker bridge / internal network primitives are Docker-specific;
they belong inside the Docker platform package alongside util.py and
the rest. Same logic the earlier top-level docker.py move followed.

Imports:
  - platform.py: `from ... import network as network_mod`
                 -> `from . import network as network_mod`
  - network.py: `from .log import ...` -> `from ...log import ...`
  - tests/test_orphan_cleanup.py: from claude_bottle.network
                 -> from claude_bottle.platform.docker.network

didericis added 1 commit 2026-05-10 23:59:41 -04:00

refactor: rename platform abstraction to backend ... 70a22fa210

Across the package:
  - claude_bottle/platform/         -> claude_bottle/backend/
  - platform/docker/platform.py     -> backend/docker/backend.py
  - class BottlePlatform            -> BottleBackend
  - class DockerBottlePlatform      -> DockerBottleBackend
  - get_bottle_platform()           -> get_bottle_backend()
  - env var CLAUDE_BOTTLE_PLATFORM  -> CLAUDE_BOTTLE_BACKEND
  - dict _PLATFORMS                 -> _BACKENDS

"Backend" is shorter and more established as the term for a
pluggable strategy-pattern implementation. "Platform" was vague
(could mean OS, hardware, cloud) and mildly redundant — Docker is
itself a platform.

The previous PRD section claiming "the Backend protocol was
rejected" referred to a low-level run/exec/cp/network_connect
protocol; the name was never the reason. The PRD is updated to
describe that rejected design by shape rather than by name.

The bottle/agent concepts and the manifest schema are unchanged.

didericis added 1 commit 2026-05-11 00:04:16 -04:00

refactor(backend): introduce BottleProvisioner ABC + DockerBottleProvisioner ... 7b5a798186

Lift the file-copying-into-the-running-container step out of
DockerBottleBackend._provision_container into its own class. The
backend now holds a DockerBottleProvisioner instance and delegates
the post-launch provisioning to it.

  - BottleProvisioner (abstract) in backend/__init__.py with a
    `provision(plan, target) -> str | None` method.
  - DockerBottleProvisioner (concrete) in backend/docker/provisioner.py
    inheriting from the base, narrowing plan to DockerBottlePlan via
    isinstance, and carrying the prompt/skills/SSH/.git copy logic
    unchanged.
  - DockerBottleBackend keeps a class-level DockerBottleProvisioner()
    and calls self._provisioner.provision(plan, container) from launch.
    _provision_container method removed.

No behavior change.

didericis added 1 commit 2026-05-11 00:13:40 -04:00

refactor(backend): fold BottleProvisioner back into BottleBackend ... 133a7a39e7

BottleProvisioner had no independent identity — no state, only one
caller, never selected, never crossed a method boundary as data. It
was a method dressed up as a class. Reverting that turn:

  - BottleBackend gains an abstract provision(plan, target).
  - DockerBottleBackend.provision absorbs the body that lived on
    DockerBottleProvisioner.
  - backend/docker/provisioner.py deleted.
  - BottleProvisioner ABC removed from backend/__init__.py.
  - launch now calls self.provision(plan, container) directly.

Net: -1 file, -1 class, -1 ABC. Same behavior; tests pass.

didericis added 1 commit 2026-05-11 00:20:24 -04:00

refactor(docker): split provision into provision_prompt / _ssh / _git ... 5a024259a6

provision now orchestrates three focused sub-methods. Each sub-method
self-gates: provision_ssh is a no-op when the bottle has no SSH
entries; provision_git is a no-op when --cwd was not set. The prompt
copy + chown always runs (so the path always exists in-container);
the return is gated on whether the agent has a non-empty prompt.

didericis added 1 commit 2026-05-11 00:26:13 -04:00

refactor(docker): extract provision_skills to mirror the others ... 5d46d1bea4

Four symmetric provision sub-methods now: provision_prompt,
provision_skills, provision_ssh, provision_git. Each self-gates with
an early return; provision is pure orchestration.

didericis added 1 commit 2026-05-11 00:31:39 -04:00

refactor(backend): make provision_* abstract; provision lives on the base ... 054dc09b38

Template Method pattern. BottleBackend.provision is now concrete and
orchestrates four abstract sub-methods:

  provision_prompt  -> str | None    (only one with a meaningful return)
  provision_skills  -> None
  provision_ssh     -> None
  provision_git     -> None

Each is self-gating: skills/ssh/git short-circuit on empty inputs;
prompt always copies (the path must exist) and returns None when the
agent has no prompt content.

DockerBottleBackend drops its own `provision` (inherited from the
base) and now just implements the four sub-methods. Each sub-method
takes `plan: BottlePlan` (matching the abstract) and asserts
isinstance to narrow to DockerBottlePlan internally, same pattern as
`launch`.

A future fly.io backend implements the four sub-methods; provision
works for it unchanged.

didericis added 1 commit 2026-05-11 00:38:28 -04:00

refactor(docker): inline skills_copy_into into provision_skills ... d45d4fec8a

The copy logic was Docker-specific (docker exec mkdir / rm -rf,
docker cp); it had no reason to live in a top-level skills module.
Pull the body into DockerBottleBackend.provision_skills.

skills.py keeps the host-side discovery + validation
(host_skill_dir, host_skill_exists, require_host_skill,
skills_validate_all). The orphaned CONTAINER_HOME /
CONTAINER_SKILLS_DIR constants and the now-unused subprocess + info
imports are removed.

didericis added 1 commit 2026-05-11 00:44:37 -04:00

refactor(docker): absorb claude_bottle/skills.py into DockerBottleBackend ... c9fe23a043

The whole module folds into two methods on the backend:

  validate_skills(skills)  — called from prepare; fails loudly when
                              a named skill is missing on the host so
                              the user doesn't get a y/N for a plan
                              that's already known to break.
  _host_skill_dir(name)    — private helper used by both
                              validate_skills and provision_skills.

skills.py is deleted; the four prior functions (host_skill_dir,
host_skill_exists, require_host_skill, skills_validate_all) collapse
into the two above without losing the pre-y/N validation.

didericis added 1 commit 2026-05-11 00:49:09 -04:00

refactor(docker): absorb claude_bottle/ssh.py into DockerBottleBackend ... 6298d33c31

Mirrors the skills.py absorb. ssh_validate_entries -> validate_ssh_entries
(called from prepare); ssh_setup body -> provision_ssh; the
_docker_exec_root and _expand_tilde helpers become private methods on
the backend.

The detailed isolation-model docstring from the old module moves to
provision_ssh, where the code lives now. ssh.py deleted.

didericis added 1 commit 2026-05-11 00:52:37 -04:00

refactor(util): move expand_tilde to top-level claude_bottle/util.py ... 8457869dcd

_expand_tilde was a path-string helper on DockerBottleBackend but
nothing about it was Docker-specific — any future backend reading
host paths from manifest entries would want it. Lift to
claude_bottle/util.py (sibling of log.py / manifest.py) as a public
expand_tilde() function. Docker-specific primitives stay in
claude_bottle/backend/docker/util.py.

didericis added 1 commit 2026-05-11 01:04:50 -04:00

refactor(docker): inline pipelock_write_yaml body into prepare_proxy ... 11f17d7927

The yaml generation logic moves wholesale onto DockerBottleBackend
where it's used. pipelock_write_yaml is deleted; pipelock.py keeps
the allowlist resolution helpers (still called by prepare_proxy and
by pipelock_allowlist_summary).

The pipelock_start error message that referenced "pipelock_write_yaml
must run first" now says "backend.prepare_proxy must run first."

tests/test_pipelock_yaml.py rewritten to drive DockerBottleBackend().
prepare_proxy(spec, yaml_path); test_pipelock_sidecar_smoke.py call
site updated similarly. Same coverage at the new location.

didericis added 1 commit 2026-05-11 01:12:03 -04:00

test(pipelock): cut low-value tests (naming + entrypoint/cmd inspection) ... f344c8cd9d

Drops 6 tests with no real coverage loss:

- tests/test_pipelock_naming.py — 4 tests asserting that f-string
  format helpers return their f-string. Shape locks, not behavior
  gates.
- tests/test_pipelock_image.py:test_entrypoint_contains_pipelock and
  :test_cmd_contains_run — Docker image metadata inspection. The
  remaining test_binary_runs already covers 'does the pinned image
  actually work,' which is the only scenario these were really
  guarding against.

31 tests -> 25.

didericis added 1 commit 2026-05-11 01:18:56 -04:00

refactor(pipelock): introduce PipelockProxy class housing the yaml body ... 30ead9102a

The YAML generation now lives on PipelockProxy.prepare(manifest,
bottle_name, yaml_path) in claude_bottle/pipelock.py. The class is the
natural home for any future proxy-level state.

DockerBottleBackend keeps an instance as a class attribute
(_proxy = PipelockProxy()) and its prepare_proxy becomes a thin
delegation. A future backend that wants a different egress proxy
(or none) plugs in its own strategy.

Tests retarget at the new home — PipelockProxy.prepare gets the
content-shape assertions; the sidecar smoke test uses the class
directly too. Same coverage.

didericis added 1 commit 2026-05-11 01:22:29 -04:00

refactor(docker): prepare_proxy takes stage_dir and owns the yaml path ... 1b8d3bbb94

prepare_proxy(spec, stage_dir) -> Path now decides where the
pipelock yaml lives inside stage_dir (currently 'pipelock.yaml'),
writes it via PipelockProxy.prepare, and returns the resolved path.
The caller (prepare) drops its 'pipelock_yaml_filename' /
'pipelock_yaml = stage_dir / filename' setup and just consumes the
returned Path; the plan's pipelock_yaml_filename is derived from
.name on the path.

didericis added 2 commits 2026-05-11 10:57:49 -04:00

refactor(pipelock): prepare_proxy returns a ProxyPlan ... c2cdb7777d

Add a frozen ProxyPlan dataclass to pipelock.py (currently one field:
yaml_path; kept as a class so future proxy-level state has a home).

  - prepare_proxy(spec, stage_dir) now returns pipelock.ProxyPlan
    instead of a raw Path.
  - DockerBottlePlan replaces pipelock_yaml_path + pipelock_yaml_filename
    with a single proxy: ProxyPlan field.
  - launch reads plan.proxy.yaml_path.parent / .name when calling
    pipelock_start. Eventually pipelock_start should just take a Path
    but that's a separate change.

refactor(pipelock): start/stop become methods on PipelockProxy ... ff962d2893

ProxyPlan -> PipelockProxyPlan, with two additional fields populated
in launch: internal_network, egress_network (default ""). prepare
fills yaml_path + slug; launch uses dataclasses.replace to populate
the networks before calling start.

pipelock_start -> PipelockProxy.start(plan). Reads yaml_path, slug,
internal_network, egress_network off the plan. Returns the resolved
container name.

pipelock_stop -> PipelockProxy.stop(proxy_target). Takes the resolved
container name directly (the value that start returned); no longer
needs to know about slugs or naming conventions.

Backend launch passes the running container name (state["pipelock"])
to stop. Test for stop's idempotency uses pipelock_container_name to
construct the proxy_target.

didericis force-pushed add-bottle-factory-abstraction from 1f3169e453 to ff962d2893 2026-05-11 10:57:49 -04:00 Compare

didericis added 1 commit 2026-05-11 13:37:37 -04:00

refactor(util): move is_ipv4_literal out of pipelock.py into util.py ... c62b3204a8

The classifier is a pure dotted-quad regex check — nothing
pipelock-specific about it. Pipelock now imports it from util.
test_pipelock_classify.py retargets at the new location.

Two manifest-accessor functions in pipelock.py
(pipelock_bottle_allowlist, pipelock_bottle_ssh_hostnames) look
generic but are 1-line wrappers used only internally; they stay
for now.

didericis added 1 commit 2026-05-11 13:45:03 -04:00

refactor(pipelock): allowlist-resolution helpers take a Bottle, not (manifest, name) ... 25e67137f2

Every function in the 'Allowlist resolution' section was doing
`manifest.bottles[bottle_name].X` as its first move. Push the lookup
to the caller and have each helper take a resolved Bottle:

  pipelock_bottle_allowlist
  pipelock_bottle_ssh_hostnames
  pipelock_bottle_ssh_trusted_domains
  pipelock_bottle_ssh_ip_cidrs
  pipelock_effective_allowlist
  pipelock_allowlist_summary

PipelockProxy._build_pipelock_yaml resolves bottle once at the top
and passes it through; DockerBottleBackend.prepare already had the
bottle in scope and now uses it directly. Tests pass the resolved
bottle from each fixture.

didericis added 1 commit 2026-05-11 13:53:49 -04:00

refactor(pipelock): split sidecar lifecycle into DockerPipelockProxy ... edd8b444a6

PipelockProxy becomes an ABC with the platform-agnostic
prepare/_build_pipelock_yaml as concrete methods and start/stop as
abstract. Docker-specific sidecar lifecycle moves to a new sibling
file:

  claude_bottle/backend/docker/pipelock.py
    DockerPipelockProxy(PipelockProxy) — implements start (docker
    create/cp/network connect/start) and stop (docker inspect/rm -f).

DockerBottleBackend._proxy is now a DockerPipelockProxy instance.
Tests that previously instantiated PipelockProxy() directly switch to
DockerPipelockProxy() (the base is no longer constructable).

didericis added 1 commit 2026-05-11 13:57:21 -04:00

refactor(pipelock): move Docker-specific naming helpers to docker/pipelock.py ... b49281800a

The three slug-based naming helpers were nominally on pipelock.py but
each assumed a Docker container topology (the container name is
'claude-bottle-pipelock-<slug>', the proxy URL uses that container
name). Move them next to DockerPipelockProxy:

  pipelock_container_name  -> claude-bottle-pipelock-<slug>
  pipelock_proxy_url       -> http://<container>:<port>
  pipelock_proxy_host_port -> <container>:<port>

backend.py imports them directly from .pipelock; the orphan-cleanup
test imports container_name from the same place.

didericis added 1 commit 2026-05-11 13:59:47 -04:00

refactor(pipelock): move PIPELOCK_IMAGE and PIPELOCK_PORT to docker/pipelock.py ... 1b3254bf37

Both constants were already only used by Docker-specific code (the
sidecar boot, the proxy_url/host_port naming helpers, the image
contract test). Move them next to DockerPipelockProxy.

Top-level pipelock.py drops the 'os' import along with the constants;
the two test files that pulled PIPELOCK_IMAGE retarget at the new
location.

didericis added 1 commit 2026-05-11 14:05:52 -04:00

refactor(pipelock): PipelockProxy.prepare takes a Bottle, not (manifest, name) ... 1269edf311

Matches the allowlist-resolution helpers' shape: the caller resolves
the bottle once and passes it in. Signature drops from
(manifest, bottle_name, slug, yaml_path) to (bottle, slug, yaml_path).

DockerBottleBackend.prepare_proxy uses manifest.bottle_for(agent_name)
to get the bottle directly. Tests pass fixture.bottles[name].

prepare's docstring also explains what `slug` is: the lowercased,
hyphen-normalized agent identifier used as the suffix in every
per-agent resource name (agent container, pipelock container, the
internal/egress networks). It's stored on the plan so start can
derive the sidecar's container name.

Top-level pipelock.py drops the Manifest import — no longer used.

didericis added 1 commit 2026-05-11 14:09:57 -04:00

refactor(util): split private helpers off DockerBottleBackend ... a786ca3391

New file claude_bottle/backend/util.py for cross-backend host-side
helpers:
  host_skill_dir(name) — resolves $HOME/.claude/skills/<name>

docker/util.py gains:
  docker_exec_root(container, argv) — `docker exec -u 0` wrapper used
    by SSH provisioning

DockerBottleBackend drops the two methods that wrapped these
(`_host_skill_dir`, `_docker_exec_root`) — they had no instance state
and just lived on the class for organizational reasons. Call sites
now use the imported functions directly.

didericis added 1 commit 2026-05-11 14:17:52 -04:00

refactor(env): rename env_resolve.py -> env.py; env_resolve() -> resolve_env_into() ... 988c0bdad3

Module name aligns with the others (manifest, pipelock, network,
log) — nouns/noun-y, not verb phrases. The function name now reads
naturally at the call site: resolve_env_into(manifest, agent,
env_file, args_file).

didericis added 1 commit 2026-05-11 14:39:54 -04:00

refactor(env): make env resolution backend-agnostic ... 656dc88d76

resolve_env_into(...) becomes resolve_env(manifest, agent) -> ResolvedEnv
(forwarded names + literals). The docker backend now owns env-file /
argv serialization and the --env-file newline check. Also drops stray
Docker references from manifest.py, pipelock.py, util.py, and trims
the duplicated command list from cli.py's docstring (usage() in
claude_bottle/cli/__init__.py is now the only listing).

didericis changed title from PRD 0003: Bottle factory abstraction to PRD 0003: Bottle Backend abstraction 2026-05-11 14:41:54 -04:00

didericis added 1 commit 2026-05-11 14:47:32 -04:00

docs(prd): update PRD 0003 to reflect the shipped design ... f0b67a3e94

Renames the file and rewrites the body around what actually shipped:
class-based BottleBackend ABC (not a free create_docker_bottle
function), the two-phase prepare/launch split, the backend/docker/
subpackage layout, env.py reshaped into a backend-neutral ResolvedEnv,
and PipelockProxy split between top-level and backend/docker/.

didericis merged commit 26bebc1eec into main 2026-05-11 14:49:43 -04:00

didericis-claude referenced this pull request 2026-06-02 00:12:12 -04:00

Complexity hotspots in launch, egress, and auth paths #117

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#5