refactor(sidecars): bundle is the only shape (PRD 0024 chunk 5) #59

2026-05-27T01:37:42-04:00

didericis commented

2026-05-27 01:37:42 -04:00

Summary

PRD 0024 chunk 5: flip the bundle on as the only sidecar shape. The CLAUDE_BOTTLE_SIDECAR_BUNDLE feature flag and the legacy four-container compose path are gone — every bottle now ships exactly two containers (agent + sidecars).

Net: −626 lines.

What's deleted

Dockerfile.egress, Dockerfile.git-gate, Dockerfile.supervise (replaced by Dockerfile.sidecars).
The legacy _pipelock_service / _egress_service / _git_gate_service / _supervise_service renderer helpers.
sidecar_bundle_enabled() (the flag parser).
*_IMAGE / *_DOCKERFILE constants and build_*_image helpers in the three sidecar modules.
5 legacy-shape test classes (TestPipelockAlwaysPresent, TestConditionalGitGate, TestConditionalEgress, TestConditionalSupervise, TestFullMatrix) and TestSidecarBundleFlag.
The patch.dict flag-wrapping in TestSidecarBundleShape — bundle is unconditional now.

What changed

pipelock_apply.py now targets sidecar_bundle_container_name(slug) for the docker cp + docker restart calls. A restart bounces all four daemons together; per-daemon reload is the eventual feature (PRD 0024 open question 1), not v1.
_agent_service.depends_on collapses to ["sidecars"].
test_pipelock_apply.py brings up its standalone pipelock container under the bundle's name so the apply path's restart hits the right target.
README.md Architecture section rewritten to describe the agent + bundle pair (the rest of the README still has older references that predate this PRD — separate cleanup pass).

Test status

Unit: 498 passing (down from 533: 35 legacy-shape tests deleted).
Integration: 27 passing (1 skipped — test_pipelock_apply no longer needs the skip since chunk 5 made the bundle-named target real).
Verified end-to-end locally: launching an agent produces exactly two containers, claude-bottle-<slug> + claude-bottle-sidecars-<slug>. PRD 0022's 5-attack sandbox-escape suite green.

What chunk-5 explicitly does NOT do

The README still has pre-PRD-0017 references to "cred-proxy" and a four-sidecar ASCII diagram. Those are stale across multiple prior PRDs, not just this one — out of scope for chunk 5. A separate doc cleanup pass would re-write the Architecture section's per-image bullets and the ASCII diagram.

## Summary PRD 0024 chunk 5: flip the bundle on as the only sidecar shape. The `CLAUDE_BOTTLE_SIDECAR_BUNDLE` feature flag and the legacy four-container compose path are gone — every bottle now ships exactly two containers (agent + sidecars). **Net: −626 lines.** ## What's deleted - `Dockerfile.egress`, `Dockerfile.git-gate`, `Dockerfile.supervise` (replaced by `Dockerfile.sidecars`). - The legacy `_pipelock_service` / `_egress_service` / `_git_gate_service` / `_supervise_service` renderer helpers. - `sidecar_bundle_enabled()` (the flag parser). - `*_IMAGE` / `*_DOCKERFILE` constants and `build_*_image` helpers in the three sidecar modules. - 5 legacy-shape test classes (`TestPipelockAlwaysPresent`, `TestConditionalGitGate`, `TestConditionalEgress`, `TestConditionalSupervise`, `TestFullMatrix`) and `TestSidecarBundleFlag`. - The `patch.dict` flag-wrapping in `TestSidecarBundleShape` — bundle is unconditional now. ## What changed - `pipelock_apply.py` now targets `sidecar_bundle_container_name(slug)` for the `docker cp` + `docker restart` calls. A restart bounces all four daemons together; per-daemon reload is the eventual feature (PRD 0024 open question 1), not v1. - `_agent_service.depends_on` collapses to `["sidecars"]`. - `test_pipelock_apply.py` brings up its standalone pipelock container under the bundle's name so the apply path's restart hits the right target. - `README.md` Architecture section rewritten to describe the agent + bundle pair (the rest of the README still has older references that predate this PRD — separate cleanup pass). ## Test status - **Unit:** 498 passing (down from 533: 35 legacy-shape tests deleted). - **Integration:** 27 passing (1 skipped — `test_pipelock_apply` no longer needs the skip since chunk 5 made the bundle-named target real). - **Verified end-to-end locally:** launching an agent produces exactly two containers, `claude-bottle-<slug>` + `claude-bottle-sidecars-<slug>`. PRD 0022's 5-attack sandbox-escape suite green. ## What chunk-5 explicitly does NOT do The README still has pre-PRD-0017 references to "cred-proxy" and a four-sidecar ASCII diagram. Those are stale across multiple prior PRDs, not just this one — out of scope for chunk 5. A separate doc cleanup pass would re-write the Architecture section's per-image bullets and the ASCII diagram.

didericis added 1 commit 2026-05-27 01:37:43 -04:00

refactor(sidecars): bundle is the only shape (PRD 0024 chunk 5)

test / unit (pull_request) Successful in 21s

Details

test / integration (pull_request) Successful in 43s

Details

62f6f8db34

The CLAUDE_BOTTLE_SIDECAR_BUNDLE feature flag is gone. Every
bottle ships with the agent + bundle pair — no opt-in, no legacy
four-sidecar fallback.

Changes:

- Renderer (compose.py): bottle_plan_to_compose unconditionally
  emits {agent, sidecars}. Deleted _pipelock_service,
  _git_gate_service, _egress_service, _supervise_service helpers.
  _agent_service.depends_on collapses to ["sidecars"].

- sidecar_bundle.py: deleted sidecar_bundle_enabled (the flag
  parser). SIDECAR_BUNDLE_IMAGE + container-name helper stay.

- pipelock_apply.py: docker cp + docker restart now target
  sidecar_bundle_container_name(slug). Bundle restart bounces
  all four daemons together (per-daemon reload is the eventual
  feature, not v1).

- Per-sidecar modules trimmed:
  - egress.py: dropped EGRESS_IMAGE, EGRESS_DOCKERFILE,
    build_egress_image, egress_url. Kept EGRESS_PORT, CA paths,
    egress_container_name (still used by the renderer's network
    aliases).
  - git_gate.py: dropped GIT_GATE_IMAGE, GIT_GATE_DOCKERFILE,
    build_git_gate_image. Kept git_gate_host + GIT_GATE_PORT.
  - supervise.py: dropped SUPERVISE_IMAGE, SUPERVISE_DOCKERFILE,
    build_supervise_image, supervise_url.

- Deleted Dockerfile.{egress,git-gate,supervise}. The bundle's
  Dockerfile.sidecars is the only sidecar image now.

- test_compose.py: deleted TestPipelockAlwaysPresent,
  TestConditionalGitGate, TestConditionalEgress,
  TestConditionalSupervise, TestFullMatrix (legacy-shape only),
  TestSidecarBundleFlag (flag is gone). TestSidecarBundleShape
  drops its patch.dict wrapper. TestAgentAlwaysPresent's
  depends_on cases collapse to one.

- test_pipelock_apply.py: bringup container name uses
  sidecar_bundle_container_name(slug) to match the production
  target.

- README.md Architecture section rewritten to describe the
  agent + bundle pair.

Net: -626 lines.

Test status: 498 unit + 27 integration + 1 skipped (chunk-4
pending — superseded by this chunk's rewrite). Locally verified
end-to-end bottle launch produces exactly 2 containers
(claude-bottle-<slug> + claude-bottle-sidecars-<slug>).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

didericis merged commit 853d28bc89 into main

2026-05-27 01:39:26 -04:00

didericis referenced this pull request

2026-05-27 02:12:52 -04:00

fix(sidecars): per-daemon pipelock restart keeps supervise socket alive #61

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#59