- Dockerfile: add openssh-client + autossh to edge image
- entrypoint-edge.sh: start autossh reverse tunnel before Caddy when
EDGE_TUNNEL_HOST is set; no-op when unset (local-only dev works unchanged)
- generators.sh: pass EDGE_TUNNEL_{HOST,USER,PORT,FQDN} env vars and
bind-mount secrets/tunnel_key into the edge service
Decommission steps for old host-level reverse-tunnel.service:
sudo systemctl disable --now reverse-tunnel.service
sudo rm /etc/systemd/system/reverse-tunnel.service
sudo systemctl daemon-reload
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This fixes the issue where agents-llama containers were using the main
FORGE_TOKEN (dev-bot) instead of dedicated credentials for the llama bot user.
Changes:
- forge-setup.sh: Added generation of FORGE_TOKEN_LLAMA and FORGE_PASS_LLAMA
for local-model bot users (dev-qwen, dev-qwen-nightly). These are created
as Forgejo users with their own API tokens and passwords for git push.
- generators.sh: Updated agents-llama service to use FORGE_TOKEN_LLAMA and
FORGE_PASS_LLAMA instead of falling back to dev-bot's credentials.
Fixed escaping to defer variable resolution to docker-compose runtime.
- docker-compose.yml: Updated to use FORGE_TOKEN_LLAMA and FORGE_PASS_LLAMA
(renamed from FORGE_TOKEN_DEVQWEN for consistency).
- .env.example: Added documentation for all per-bot tokens and passwords.
- projects/disinto.toml.example: Documented the auto-credential generation.
When a project TOML configures [agents.llama] with forge_user = dev-qwen:
1. disinto init creates the dev-qwen Forgejo user
2. Generates FORGE_TOKEN_LLAMA and FORGE_PASS_LLAMA
3. Adds dev-qwen as write collaborator on the project repo
4. The agents-llama container uses these credentials for all Forgejo API calls
This ensures issues and PRs created by the llama agent are correctly
attributed to dev-qwen instead of dev-bot.
The placeholder substitution ran before local-model services were appended,
leaving a literal CLAUDE_BIN_PLACEHOLDER in the compose file. Reorder so
the sed pass runs after all services (including local-model) are in place.
Also adds the `g` flag to the sed substitution so it replaces all occurrences,
and aligns the .ssh volume mount escaping with the other ${HOME} references.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--poll-interval was incorrectly written as compact_pct in the project TOML,
misconfiguring CLAUDE_AUTOCOMPACT_PCT_OVERRIDE instead of polling behavior.
Now compact_pct is hardcoded to 60 (the correct default) and poll_interval
is a separate TOML field emitted as POLL_INTERVAL in the compose service.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
