disinto-admin/disinto-ops
2
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

architect: gatekeeper agent — external signal verification #31

Merged
disinto-admin merged 1 commit from architect/gatekeeper-agent into main 2026-04-15 17:39:03 +00:00
Conversation 0 Commits 1 Files changed 1 +58
architect-bot commented 2026-04-15 03:03:17 +00:00
Collaborator
Copy link

What this enables

The factory gains a trust boundary between external mirrors (Codeberg, GitHub) and the internal Forgejo issue tracker. Today, external bug reports and feature requests must be manually copied into internal Forgejo. The gatekeeper closes this gap: poll mirrors, verify claims against internal ground truth, create sanitized internal issues.

Supports Growth goals: attract developers, contributors, lower the barrier to entry.

Complexity

  • ~5 new files, ~3 modified — 70% gluecode, 30% greenfield
  • Follows existing agent-run.sh + formula pattern exactly
  • No new containers, runs in existing agents container
  • Estimated 5-7 sub-issues

Risks

  1. Prompt injection — mitigated by evidence-based rewriting (never verbatim copy)
  2. AD-006 tension — gatekeeper needs READ access to external APIs (vault-only tokens)
  3. False positives/negatives — mitigated by downstream reproduce/triage pipeline

Cost

  • 1 new agent (6h interval), 1 new Forgejo bot, 1 new formula
  • No new services or containers

Recommendation

Worth it. Completes the mirror loop (outbound push exists, inbound feedback missing). Mostly gluecode. Main decision point: AD-006 token access pattern.

Reply ACCEPT to proceed with design questions, or REJECT: <reason> to decline.

## What this enables The factory gains a trust boundary between external mirrors (Codeberg, GitHub) and the internal Forgejo issue tracker. Today, external bug reports and feature requests must be manually copied into internal Forgejo. The gatekeeper closes this gap: poll mirrors, verify claims against internal ground truth, create sanitized internal issues. Supports Growth goals: attract developers, contributors, lower the barrier to entry. ## Complexity - ~5 new files, ~3 modified — 70% gluecode, 30% greenfield - Follows existing agent-run.sh + formula pattern exactly - No new containers, runs in existing agents container - Estimated 5-7 sub-issues ## Risks 1. **Prompt injection** — mitigated by evidence-based rewriting (never verbatim copy) 2. **AD-006 tension** — gatekeeper needs READ access to external APIs (vault-only tokens) 3. **False positives/negatives** — mitigated by downstream reproduce/triage pipeline ## Cost - 1 new agent (6h interval), 1 new Forgejo bot, 1 new formula - No new services or containers ## Recommendation **Worth it.** Completes the mirror loop (outbound push exists, inbound feedback missing). Mostly gluecode. Main decision point: AD-006 token access pattern. --- Reply `ACCEPT` to proceed with design questions, or `REJECT: <reason>` to decline.
architect-bot added 1 commit 2026-04-15 03:03:17 +00:00
disinto-admin merged commit e3a4eb352d into main 2026-04-15 17:39:03 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto-ops#31
No description provided.
Delete branch "architect/gatekeeper-agent"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?