didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

docs: drop "forge" jargon for concrete wording #99

Merged
didericis merged 1 commits from docs/drop-forge-jargon into main 2026-05-28 23:01:50 -04:00
Conversation 0 Commits 1 Files Changed 3
+6 -6
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/prds/0012-stuck-agent-recovery-flow.md
+1 -1
View File
@@ -22,7 +22,7 @@ A real stuck agent recovers end-to-end in each of the three categories: a **cred
- Live attach or in-place mutation of running containers. The whole design exists to avoid this.
- Agent-to-agent communication. Re-stated from the project's existing non-goals; the recovery flow is human→agent only.
- Auditing or forensic replay of agent runs. Git/forge history is the audit log; this PRD does not add a separate run log.
- Auditing or forensic replay of agent runs. Git/Gitea history is the audit log; this PRD does not add a separate run log.
- Reducing time-to-unstuck below some target. Faster than kill-and-restart is implicit, but no specific SLO is in scope.
## Stuck categories
docs/research/agent-credential-proxy-landscape.md
+2 -2
View File
@@ -314,9 +314,9 @@ In priority order:
npm even if it captures something. Also disable Sentry error
reporting via `DISABLE_ERROR_REPORTING=1`.
3. **Generalize the same proxy to forge tokens.** Add a manifest
3. **Generalize the same proxy to Git-host tokens.** Add a manifest
field along the lines of
`forge: { kind: "gitea", url, tokenRef }` so a per-bottle token
`git_host: { kind: "gitea", url, tokenRef }` so a per-bottle token
reference resolves at launch, the proxy starts as root before
`node` is exec'd, and `tea` plus git HTTPS remotes are
pre-configured to point at the proxy. Use
docs/research/secret-minimization-over-dlp.md
+3 -3
View File
@@ -148,7 +148,7 @@ telemetry to `statsig.anthropic.com` — are documented in
[`agent-credential-proxy-landscape.md`](agent-credential-proxy-landscape.md)
§Anthropic / Claude Code.
**Forge-API gate (Gitea / GitHub / GitLab).** Holds the PAT;
**Git-host-API gate (Gitea / GitHub / GitLab).** Holds the PAT;
exposes a narrow REST surface. Token auth on all three is
stateless `Authorization`-header injection — no CSRF, no request
signing, no per-request nonce — so one proxy generalizes by
@@ -221,7 +221,7 @@ Add a `secret: true` flag (or a `secrets:` sibling of `env:`) that:
AWS_SECRET_ACCESS_KEY").
- Refuses to launch if `egress.allowlist` contains any host that
is not source-controlled by the user (heuristic: not on a
built-in `KNOWN_FORGE_HOSTS` list).
built-in `KNOWN_GIT_HOSTS` list).
- Forces an explicit acknowledgement that a credential is being
placed into the bottle rather than behind a gate.
@@ -280,7 +280,7 @@ In priority order:
([`agent-credential-proxy-landscape.md`](agent-credential-proxy-landscape.md)
§Recommended). Removes the highest-value secret and closes the
passthrough hole as a side effect.
2. **Forge-API gate** (same doc, same section — one proxy
2. **Git-host-API gate** (same doc, same section — one proxy
generalizes across Gitea / GitHub / GitLab by config).
3. **Egress data budget** in pipelock — small lift, large damage
bound.