- Remove hardcoded `disinto.toml` as default TOML search path; scan
projects/ directory for any .toml instead
- Fix load-project.sh path: use FACTORY_ROOT (consistent with the rest
of the block) instead of SCRIPT_ROOT/BASH_SOURCE which resolves to
/usr/local/bin in the container — wrong for /opt/disinto/lib/
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- formulas/release.sh: cd to $FACTORY_ROOT (not parent) for docker compose build
- docker-compose.yml: mount docker-compose.yml into edge container, pass HOST_PROJECT_DIR
- dispatcher.sh: use -f and --project-directory so compose resolves volume paths
against the host filesystem when invoked from inside the edge container
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Runner entrypoint now exports VAULT_ACTION_TOML for formula scripts,
avoiding duplicated argument parsing that triggered CI duplicate detection.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dockerfile: caddy:latest is Alpine, needs apk not apt-get. Add python3
which dispatcher.sh requires for JSON filtering since Apr 6.
dispatcher.sh: BusyBox mktemp does not support suffixes after XXXXXX
template. Remove .txt suffix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Run fast agents (review-poll, dev-poll) in background with stagger.
Run slow agents (gardener, architect, planner, predictor) in background
with pgrep guards so only one instance of each runs at a time.
The flock on session.lock still serializes claude -p calls.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The verification helpers (_is_parent_issue, _are_all_sub_issues_closed,
_get_sub_issue_list) and label/comment helpers (_label_id, _add_label,
_remove_label, _post_comment) were defined after the code that calls
them. Under set -euo pipefail, this causes a runtime crash.
Move all helper function definitions to right after the Claude session
completes, before the triage post-processing and verification blocks
that use them.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Forgejo 11.x rejects API tokens for git HTTP push while accepting them
for all other operations. Store bot passwords alongside tokens during
init and use password auth for git operations consistently.
- forge-setup.sh: persist bot passwords to .env (FORGE_PASS, etc.)
- forge-push.sh: use FORGE_PASS instead of FORGE_TOKEN for git remote URL
- entrypoint.sh: configure git credential helper with password auth
- entrypoint-llama.sh: use FORGE_PASS for git clone (fallback to FORGE_TOKEN)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add an EXIT trap in entrypoint-reproduce.sh that:
- Switches back to the primary branch
- Deletes the triage-debug-${ISSUE_NUMBER} branch
This ensures the throwaway branch used for debug instrumentation
(console.log, verbose logging) is cleaned up if the agent crashes
or times out, preventing repository pollution.
The trap is combined with existing cleanup (heartbeat kill, stack
lock release) into a single EXIT handler.
Remove install_project_crons() function and cron daemon startup from
entrypoint-llama.sh. The llama container runs dev-poll via its while
loop only — cron is not suitable as it doesn't inherit Docker compose
env vars (ANTHROPIC_API_KEY, ANTHROPIC_BASE_URL, CLAUDE_CONFIG_DIR).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The dispatcher verifies vault actions by checking whether the merger
of the PR is an admin. With the auto-merge workflow, the merger is
always the bot that requested auto-merge (e.g. dev-bot), not the
human who approved the PR.
This change:
1. Adds get_pr_reviews() to fetch reviews from Forgejo API
2. Adds verify_admin_approver() to check for admin APPROVED reviews
3. Updates verify_admin_merged() to check approver first, then fallback
to merger check for backwards compatibility
This ensures auto-merged vault PRs approved by an admin pass verification,
while still rejecting vault PRs without any admin approval.
