Two blockers from the #844 review:
1. Rename nomad/jobs/forgejo.hcl → nomad/jobs/forgejo.nomad.hcl to match
the convention documented in nomad/AGENTS.md:38 (*.nomad.hcl suffix).
First jobspec sets the pattern for all future ones; keeps any glob-
based tooling over nomad/jobs/*.nomad.hcl working.
2. Add a dedicated `nomad-job-validate` step to .woodpecker/nomad-validate.yml.
`nomad config validate` (step 1) parses agent configs only — it rejects
jobspec HCL as "unknown block 'job'". `nomad job validate` is the
correct offline validator for jobspec HCL. Per the Hashicorp docs it
does not require a running agent (exit 0 clean, 1 on syntax/semantic
error). New jobspecs will add an explicit line alongside forgejo's,
matching step 1's enumeration pattern and this file's "no-ad-hoc-steps"
principle.
Also updated the file header comment and the pipeline's top-of-file step
index to reflect the new step ordering (2. nomad-job-validate inserted;
old 2-4 renumbered to 3-5).
Refs: #840 (S1.1), PR #844
Pipeline #911 on PR #833 failed because `vault operator diagnose -config=
nomad/vault.hcl -skip=storage -skip=listener` returns exit code 2 — not
on a hard failure, but because our factory dev-box vault.hcl deliberately
runs TLS-disabled on a localhost-only listener (documented in the file
header), which triggers an advisory "Check Listener TLS" warning.
The -skip flag disables runtime sub-checks (storage access, listener
bind) but does NOT suppress the advisory checks on the parsed config, so
a valid dev-box config with documented-and-intentional warnings still
exits non-zero under strict CI.
Fix: wrap the command in a case on exit code. Treat rc=0 (all green)
and rc=2 (advisory warnings only — config still parses) as success, and
fail hard on rc=1 (real HCL/schema/storage failure) or any other rc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Locks in static validation for every Nomad+Vault artifact before it can
merge. Four fail-closed steps in .woodpecker/nomad-validate.yml, gated
to PRs touching nomad/, lib/init/nomad/, or bin/disinto:
1. nomad config validate nomad/server.hcl nomad/client.hcl
2. vault operator diagnose -config=nomad/vault.hcl -skip=storage -skip=listener
3. shellcheck --severity=warning lib/init/nomad/*.sh bin/disinto
4. bats tests/disinto-init-nomad.bats — dispatcher smoke tests
bin/disinto picks up pre-existing SC2120 warnings on three passthrough
wrappers (generate_agent_docker, generate_caddyfile, generate_staging_index);
annotated with shellcheck disable=SC2120 so the new pipeline is clean
without narrowing the warning for future code.
Pinned image versions (hashicorp/nomad:1.9.5, hashicorp/vault:1.18.5)
match lib/init/nomad/install.sh — bump both or neither.
nomad/AGENTS.md documents the stack layout, how to add a jobspec in
Step 1, how CI validates it, and the two-place version pinning rule.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Part 1: Add WOODPECKER_PLUGINS_PRIVILEGED to woodpecker service environment
in lib/generators.sh, defaulting to plugins/docker, overridable via .env.
Document the new key in .env.example.
Part 2: Delete .woodpecker/ops-filer.yml from project repo — it belongs in
the ops repo and references secrets that don't exist here. Full ops-side
filer setup deferred until sprint PRs need it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Generated compose now uses `image: ghcr.io/disinto/{agents,edge}` instead
of `build:` directives; `disinto init --build` restores local-build mode
- Add VOLUME declarations to agents, reproduce, and edge Dockerfiles
- Add CI pipeline (.woodpecker/publish-images.yml) to build and push images
to ghcr.io/disinto on tag events
- Mount projects/, .env, and state/ into agents container for runtime config
- Skip pre-build binary download when compose uses registry images
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shift the guardrail from prose prompt constraints into Forgejo's permission
layer. architect-bot loses all write access on the project repo (now read-only
for context gathering). Sub-issues are produced by a new filer-bot identity
that runs only after a human merges a sprint PR on the ops repo.
Changes:
- architect-run.sh: remove all project-repo writes (add_inprogress_label,
close_vision_issue, check_and_close_completed_visions); add ## Sub-issues
block to pitch format with filer:begin/end markers
- formulas/run-architect.toml: add Sub-issues schema to pitch format; strip
issue-creation API refs; document read-only constraint on project repo
- lib/formula-session.sh: remove Create issue curl template from
build_prompt_footer (architect cannot create issues)
- lib/sprint-filer.sh (new): parser + idempotent filer using FORGE_FILER_TOKEN;
parses filer:begin/end blocks, creates issues with decomposed-from markers,
adds in-progress label, handles vision lifecycle closure
- .woodpecker/ops-filer.yml (new): CI pipeline on ops repo main-branch push
that invokes sprint-filer.sh after sprint PR merge
- lib/env.sh, .env.example, docker-compose.yml: add FORGE_FILER_TOKEN for
filer-bot identity; add filer-bot to FORGE_BOT_USERNAMES
- AGENTS.md: add Filer agent entry; update in-progress label docs
- .woodpecker/agent-smoke.sh: register sprint-filer.sh for smoke test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The FORGE_TOKEN_OVERRIDE fix shifted line numbers in agent run scripts,
causing the shared source block (env.sh, formula-session.sh, worktree.sh,
guard.sh, agent-sdk.sh) to register as a new duplicate. This is
intentional boilerplate shared across all formula-driven agents.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two bugs in agent-smoke.sh caused non-deterministic CI failures:
1. SIGPIPE race with pipefail: `printf | grep -q` fails when grep closes
the pipe early after finding a match, causing printf to get SIGPIPE
(exit 141). With pipefail, the pipeline returns non-zero even though
grep succeeded — producing false "undef" failures. Fixed by using
here-strings (<<<) instead of pipes for all grep checks.
2. Incomplete LIB_FUNS: hand-maintained REQUIRED_LIBS list (11 files)
didn't cover all 26 lib/*.sh files, silently producing a partial
function list. Fixed by enumerating all lib/*.sh in stable
lexicographic order (LC_ALL=C sort), excluding only standalone
scripts (ci-debug.sh, parse-deps.sh).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add hard precondition check: fail fast if any required lib file is missing
- Add diagnostic dump on FAIL [undef] errors (all_fns count, LIB_FUNS match, defining lib)
- Add CI-side ls -la lib/ snapshot at start of smoke test
- Remove reference to deleted lib/file-action-issue.sh
The smoke test's function resolution check for supervisor/supervisor-run.sh
did not include lib/formula-session.sh as an extra definition source, causing
acquire_cron_lock to be flagged as undefined.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace grep+sed pipeline in get_fns with pure awk — eliminates
remaining BusyBox grep/sed cross-platform issues causing ci_fix_reset
to be missed from function name extraction on Alpine CI.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix get_fns in agent-smoke.sh: use separate -e flags instead of ;
as sed command separator — BusyBox sed (Alpine CI) does not support
semicolons as separators within a single expression, causing function
names to retain their () suffix and never match in LIB_FUNS lookups.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add structural end-of-while-loop+case hash to ALLOWED_HASHES in
detect-duplicates.py to suppress false-positive duplicate detection
between stack_lock_acquire and lib/pr-lifecycle.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add cleanup trap to smoke-init.sh that kills all mock-forgejo.py processes
on exit (success or failure). Also ensure cleanup at test start removes
any leftover processes from prior runs.
In .woodpecker/smoke-init.yml:
- Store the PID of the mock-forgejo.py background process
- Kill the process after smoke test completes
This prevents accumulation of orphaned Python processes that caused
OOM issues (2881 processes consuming 7.45GB RAM).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove action-agent card from site/docs/architecture.html
- Remove action/ directory line from architecture.html
- Update formula comments to reference dispatcher instead of action-agent
- Remove action/action.log from log scan loops in preflight.sh and collect-metrics.sh
- Remove action from find command in agent-smoke.sh
This keeps getting re-added by agents. It spins up a full Forgejo
inside CI and never finishes within the timeout.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The smoke-init pipeline tests `disinto init` against a Forgejo
instance — it does not build or use the agents Docker image.
Changes under docker/ should not trigger this workflow.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
smoke-init spins up a full Forgejo instance inside CI and never
finishes within the 5-minute timeout. It blocks all PRs.
Remove it entirely until it can be optimized to run fast enough.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
env.sh changes don't need a full Forgejo init smoke test.
Prevents 40-minute CI hangs on env fixes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rewrite action-agent from tmux session + phase-handler pattern to
synchronous SDK pattern (agent_run via claude -p). Uses shared libraries:
- agent-sdk.sh for one-shot Claude invocation
- issue-lifecycle.sh for issue_check_deps/issue_close/issue_block
- pr-lifecycle.sh for pr_create/pr_walk_to_merge
- worktree.sh for worktree_create/worktree_cleanup
Add default callback stubs to phase-handler.sh (cleanup_worktree,
cleanup_labels) so it is self-contained now that action-agent.sh
no longer sources it. Update agent-smoke.sh accordingly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip the heavyweight smoke-init test (spins up full Forgejo inside CI)
for PRs that do not touch init-related code. Saves ~25min of CPU per
unrelated PR.
Closes#8
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Register lib/agent-sdk.sh in the CI smoke test so agent_recover_session
resolves for dev-agent.sh and review-pr.sh.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dev-agent.sh no longer sources phase-handler.sh. Update the smoke test
to resolve phase-handler.sh callbacks against action-agent.sh (which
still sources it and defines cleanup_labels/cleanup_worktree).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New reusable library with clean function boundaries for the PR lifecycle:
- pr_create, pr_find_by_branch — PR creation and lookup
- pr_poll_ci — poll CI with infra vs code failure classification
- pr_poll_review — poll for review verdict (bot comments + formal reviews)
- pr_merge, pr_is_merged — merge with 405 handling and race detection
- pr_walk_to_merge — full orchestration loop (CI → review → merge)
- build_phase_protocol_prompt — git push instructions for agent prompts
The pr_walk_to_merge function uses agent_run() which callers must define
(guarded stub provided). This bridges to the synchronous SDK architecture
where the orchestrator bash loop IS the state machine — no phase files.
Extracted from: dev/phase-handler.sh, dev/dev-poll.sh, lib/ci-helpers.sh
Smoke test updated to include the new library.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
