didericis 58acdcac87 docs(prd-0012): explain why the MCP server is a sidecar, not in-container ...

Captures the rationale for placing the MCP server outside the agent
container. The bottle wall doesn't strictly require it (the operator
TUI is the actual gate), but pattern consistency, audit metadata
trust, connection lifecycle, future enforcement headroom, and
pipelock cleanliness all argue for sidecar placement.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-25 04:19:50 -04:00

..

.gitkeep

Initial commit

2026-05-07 22:45:36 -04:00

0001-per-agent-egress-proxy-via-pipelock.md

docs: replace stale .sh paths with claude_bottle/*.py equivalents

2026-05-10 00:27:25 -04:00

0002-test-pipeline-on-gitea-actions.md

PRD 0002: Test pipeline on Gitea Actions (#3)

2026-05-09 02:48:03 -04:00

0003-bottle-backend-abstraction.md

docs(prd): update PRD 0003 to reflect the shipped design

2026-05-11 14:47:17 -04:00

0004-split-out-provisioners.md

docs(prd): add 0004 split out provisioners

2026-05-11 19:36:39 -04:00

0006-pipelock-tls-interception.md

docs(prd): fold 0006 walkthrough resolutions into the design

2026-05-12 14:22:59 -04:00

0007-ssh-egress-gate.md

docs: drop ssh from README/example, supersede PRD 0007 (PRD 0009)

2026-05-12 23:57:50 -04:00

0008-git-gate.md

docs(git-gate): document ExtraHosts on bottle.git entries

2026-05-12 23:18:46 -04:00

0009-remove-ssh-gate.md

docs(prds): add PRD 0009 to remove ssh-gate and bottle.ssh

2026-05-12 23:34:11 -04:00

0010-cred-proxy.md

feat(cred_proxy)!: cred-proxy is the only Anthropic auth path

2026-05-24 12:56:09 -04:00

0011-per-file-md-manifest.md

docs(prd-0011): drop the migration command requirement

2026-05-24 21:46:22 -04:00

0012-stuck-agent-recovery-flow.md

docs(prd-0012): explain why the MCP server is a sidecar, not in-container

2026-05-25 04:19:50 -04:00