didericis-claude 45c821a8f3 docs(smolmachines): note loopback-scope limitation + tracking issue ...

PR #74's Docker-Desktop pivot widened the smolmachines TSI
allowlist from `<bundle-ip>/32` to `127.0.0.1/32` (TSI can't
filter by port, and docker bridge IPs aren't reachable from
macOS networking). The agent VM can therefore reach any service
on macOS's loopback while the bottle is running — not just the
bundle's published ports.

README gets a "Smolmachines backend" subsection under Quickstart
spelling this out as a known v1 limitation. PRD 0023 grows a new
open question #8 with the proposed v2 fix (per-bottle loopback
alias + TSI allowlist scoped to that /32, via sudo
`ifconfig lo0 alias`).

Tracking issue: gitea.dideric.is/didericis/claude-bottle/issues/75.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-27 15:58:30 -04:00

..

.gitkeep

Initial commit

2026-05-07 22:45:36 -04:00

0001-per-agent-egress-proxy-via-pipelock.md

docs: replace stale .sh paths with claude_bottle/*.py equivalents

2026-05-10 00:27:25 -04:00

0002-test-pipeline-on-gitea-actions.md

PRD 0002: Test pipeline on Gitea Actions (#3)

2026-05-09 02:48:03 -04:00

0003-bottle-backend-abstraction.md

docs(prd): update PRD 0003 to reflect the shipped design

2026-05-11 14:47:17 -04:00

0004-split-out-provisioners.md

docs(prd): add 0004 split out provisioners

2026-05-11 19:36:39 -04:00

0006-pipelock-tls-interception.md

docs(prd): fold 0006 walkthrough resolutions into the design

2026-05-12 14:22:59 -04:00

0007-ssh-egress-gate.md

docs: drop ssh from README/example, supersede PRD 0007 (PRD 0009)

2026-05-12 23:57:50 -04:00

0008-git-gate.md

docs(git-gate): document ExtraHosts on bottle.git entries

2026-05-12 23:18:46 -04:00

0009-remove-ssh-gate.md

docs(prds): add PRD 0009 to remove ssh-gate and bottle.ssh

2026-05-12 23:34:11 -04:00

0010-cred-proxy.md

feat(egress-proxy): retarget remediation at egress-proxy (PRD 0017 chunk 3)

2026-05-25 15:13:44 -04:00

0011-per-file-md-manifest.md

docs(prd-0011): drop the migration command requirement

2026-05-24 21:46:22 -04:00

0012-stuck-agent-recovery-flow.md

docs(prd-0012): split into overview + 4 implementation PRDs

2026-05-25 04:19:50 -04:00

0013-supervise-plane-foundation.md

docs(prd-0013): supervise plane foundation

2026-05-25 04:20:57 -04:00

0014-cred-proxy-block-remediation.md

feat(egress-proxy): retarget remediation at egress-proxy (PRD 0017 chunk 3)

2026-05-25 15:13:44 -04:00

0015-pipelock-block-remediation.md

docs(prd-0015): pipelock block remediation

2026-05-25 04:54:25 -04:00

0016-capability-block-remediation.md

docs(prd-0016): capability block remediation

2026-05-25 05:15:32 -04:00

0017-egress-proxy-via-mitmproxy.md

docs(prd-0017): nest auth.scheme + auth.token_ref under optional auth

2026-05-25 13:35:47 -04:00

0018-compose-per-instance.md

docs(prd-0018): resolve TTY open question — keep exec -it

2026-05-25 22:34:26 -04:00

0019-active-agents-in-dashboard.md

docs(prd-0019): drop e/p fallback — selection-only, no-op otherwise

2026-05-26 01:03:23 -04:00

0020-start-and-attach-from-dashboard.md

docs(prd-0020): record answers to open questions, switch to no-teardown-on-quit

2026-05-26 03:10:26 -04:00

0021-dashboard-tmux-split-pane.md

docs(prd-0021): rewrite as standalone — no references to closed PR #48

2026-05-26 14:18:24 -04:00

0022-sandbox-escape-integration-test.md

docs(prd-0022): resolve remaining open Qs

2026-05-26 22:11:32 -04:00

0023-smolmachines-backend.md

docs(smolmachines): note loopback-scope limitation + tracking issue

2026-05-27 15:58:30 -04:00

0024-consolidate-sidecar-bundle.md

refactor(sidecars): drop vestigial start/stop methods (PRD 0024 chunk 3)

2026-05-27 01:01:10 -04:00