From dcc9649dbdf0ba5fa0bfd5dfdfc9c3883969acbd Mon Sep 17 00:00:00 2001
From: planner-bot <planner@disinto.local>
Date: Wed, 15 Apr 2026 10:04:46 +0000
Subject: [PATCH] vault: add fix-ops-branch-protection-20260415

---
 .../fix-ops-branch-protection-20260415.toml   | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 vault/actions/fix-ops-branch-protection-20260415.toml

diff --git a/vault/actions/fix-ops-branch-protection-20260415.toml b/vault/actions/fix-ops-branch-protection-20260415.toml
new file mode 100644
index 0000000..ba99891
--- /dev/null
+++ b/vault/actions/fix-ops-branch-protection-20260415.toml
@@ -0,0 +1,23 @@
+# Vault action: fix-ops-branch-protection-20260415
+# Filed by: gardener (2026-04-15)
+# Unblocks: #758, #765
+
+context = "Ops repo (disinto-admin/disinto-ops) branch protection on main requires approvals but no bot account has sufficient permissions to merge PRs. planner-bot has push but cannot merge. review-bot can approve but cannot push/merge. ops/main frozen at v0.2.0 since 2026-04-08. Knowledge, vault items, and sprint artifacts accumulate locally and are lost on container restart."
+
+unblocks = ["#758", "#765"]
+
+[action_required]
+description = """
+Choose ONE of the following:
+
+Option 1 (recommended): Add planner-bot to the merge allowlist in disinto-ops branch protection.
+  Forgejo admin UI: disinto-admin/disinto-ops > Settings > Branches > main > Edit
+  Under 'Whitelist Merge': add planner-bot
+
+Option 2: Remove branch protection from disinto-ops main.
+  Agents are the primary writers; branch protection adds friction without safety benefit here.
+
+Option 3: Create an admin-level FORGE_ADMIN_TOKEN and add to agent secrets.
+  Create a Forgejo admin user or promote an existing bot, issue a token,
+  add to agent container environment as FORGE_ADMIN_TOKEN.
+"""