Planner phase 5 pushed ops repo changes directly to main, which branch
protection blocks. Replace with the same PR-based flow architect uses:
- planner-run.sh: create branch planner/run-YYYY-MM-DD in ops repo before
agent_run, then pr_create + pr_walk_to_merge after agent completes
- run-planner.toml: formula now pushes HEAD (the branch) instead of
PRIMARY_BRANCH directly
- planner/AGENTS.md: update phase 5 description to reflect PR flow
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shift the guardrail from prose prompt constraints into Forgejo's permission
layer. architect-bot loses all write access on the project repo (now read-only
for context gathering). Sub-issues are produced by a new filer-bot identity
that runs only after a human merges a sprint PR on the ops repo.
Changes:
- architect-run.sh: remove all project-repo writes (add_inprogress_label,
close_vision_issue, check_and_close_completed_visions); add ## Sub-issues
block to pitch format with filer:begin/end markers
- formulas/run-architect.toml: add Sub-issues schema to pitch format; strip
issue-creation API refs; document read-only constraint on project repo
- lib/formula-session.sh: remove Create issue curl template from
build_prompt_footer (architect cannot create issues)
- lib/sprint-filer.sh (new): parser + idempotent filer using FORGE_FILER_TOKEN;
parses filer:begin/end blocks, creates issues with decomposed-from markers,
adds in-progress label, handles vision lifecycle closure
- .woodpecker/ops-filer.yml (new): CI pipeline on ops repo main-branch push
that invokes sprint-filer.sh after sprint PR merge
- lib/env.sh, .env.example, docker-compose.yml: add FORGE_FILER_TOKEN for
filer-bot identity; add filer-bot to FORGE_BOT_USERNAMES
- AGENTS.md: add Filer agent entry; update in-progress label docs
- .woodpecker/agent-smoke.sh: register sprint-filer.sh for smoke test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: review formula had no infrastructure-file-specific checklist and
no scope discipline check. The reviewer treated a docker-compose.yml rewrite
the same as any code change, and lessons-learned biased toward approval.
Changes:
- Add step 3c (infrastructure file review) to formulas/review-pr.toml:
compose-specific checklist for volumes, bind mounts, env vars, restart
policy, security options
- Add step 3d (scope discipline) to formulas/review-pr.toml: compare
actual diff size against issue scope, block on infra-file scope violations
- Add investigation writeup in docs/
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implementation:
- Added detect_approved_pending_questions() function to identify approved PRs
that have no ## Design forks section and no Q1:, Q2: comments yet.
- Modified response processing block to handle three session modes:
1. questions_phase: Resume session for processing Q&A answers
2. start_questions: Fresh session to post initial design questions
3. pitch: Original behavior for new pitch generation
- Added build_architect_prompt_for_mode() function to generate appropriate
prompts for each session mode.
- When an approved PR is detected, the agent posts initial design questions
(Q1:, Q2:, etc.) and adds the ## Design forks section, transitioning the
PR into the existing questions phase.
This fixes the issue where approved architect PRs would sit indefinitely
because the agent had no path to start the design conversation.
Add OPS repo presence detection in supervisor-run.sh with degraded mode support:
- Detect if OPS_REPO_ROOT is missing and log WARNING message
- Set OPS_REPO_DEGRADED=1 flag and configure fallback paths
- Bundle minimal knowledge files as fallback for degraded mode
- Update formula to use OPS_KNOWLEDGE_ROOT, OPS_JOURNAL_ROOT, OPS_VAULT_ROOT
- Support local vault destination and journal fallback when ops repo absent
Knowledge files bundled: disk.md, memory.md, ci.md, git.md, dev-agent.md,
review-agent.md, forge.md
The supervisor now runs with full functionality when ops repo is available,
or gracefully degrades to local paths when absent, making the failure mode
explicit rather than silent.
- formulas/release.sh: cd to $FACTORY_ROOT (not parent) for docker compose build
- docker-compose.yml: mount docker-compose.yml into edge container, pass HOST_PROJECT_DIR
- dispatcher.sh: use -f and --project-directory so compose resolves volume paths
against the host filesystem when invoked from inside the edge container
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Runner entrypoint now exports VAULT_ACTION_TOML for formula scripts,
avoiding duplicated argument parsing that triggered CI duplicate detection.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When the architect processes human answers to design questions (answer_parsing step),
it now resumes the session from the research/questions run instead of starting fresh.
This preserves Claude's deep codebase understanding from the research phase, ensuring
sub-issues include specific file references and implementation details.
Changes:
- architect-run.sh: Added detect_questions_phase() to check if PR is in questions phase
(has `## Design forks` section and question comments). If so, resume the session
from SID_FILE to preserve context.
- formulas/run-architect.toml: Documented session resumption behavior in answer_parsing step.
Session is only preserved when PR is in questions-awaiting-answers phase. Fresh sessions
are started for new pitches (no stale context from old sprints).
Avoid raw shell interpolation of multiline SUB_ISSUES into JSONL —
titles with quotes/backslashes would produce invalid JSON.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
