Add an EXIT trap in entrypoint-reproduce.sh that:
- Switches back to the primary branch
- Deletes the triage-debug-${ISSUE_NUMBER} branch
This ensures the throwaway branch used for debug instrumentation
(console.log, verbose logging) is cleaned up if the agent crashes
or times out, preventing repository pollution.
The trap is combined with existing cleanup (heartbeat kill, stack
lock release) into a single EXIT handler.
Remove install_project_crons() function and cron daemon startup from
entrypoint-llama.sh. The llama container runs dev-poll via its while
loop only — cron is not suitable as it doesn't inherit Docker compose
env vars (ANTHROPIC_API_KEY, ANTHROPIC_BASE_URL, CLAUDE_CONFIG_DIR).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The dispatcher verifies vault actions by checking whether the merger
of the PR is an admin. With the auto-merge workflow, the merger is
always the bot that requested auto-merge (e.g. dev-bot), not the
human who approved the PR.
This change:
1. Adds get_pr_reviews() to fetch reviews from Forgejo API
2. Adds verify_admin_approver() to check for admin APPROVED reviews
3. Updates verify_admin_merged() to check approver first, then fallback
to merger check for backwards compatibility
This ensures auto-merged vault PRs approved by an admin pass verification,
while still rejecting vault PRs without any admin approval.
- Use FORGE_URL/FORGE_OPS_REPO for clonable URL
- Pass -e SECRET_NAME without value (Docker inherits from env)
- Simplify logging to hide all -e flags entirely
- Redact secrets in logs (=***)
- Fix -e flags before service name in docker compose run
- Use FORGE_OPS_REPO for cloning ops repo
- Refresh ops repo in each poll loop iteration
- Use array-based command execution to prevent shell injection
- Load vault secrets after env.sh for dispatcher access
- Create docker/edge/Dockerfile with bash, jq, curl, git, docker-cli
- Create docker/edge/dispatcher.sh as placeholder no-op loop
- Update edge service to build from ./docker/edge instead of caddy:alpine image
- Mount Docker socket into edge container for dispatcher access
- Mount dispatcher.sh as read-only volume
Local llama does not support claude --resume (no server-side session
storage). Stale .sid files from failed runs cause agent_run to exit
instantly on every retry, creating an infinite 1-second failure loop.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
FORGE_TOKEN_OVERRIDE in compose env sets a per-agent token.
PRs, issue claims, and comments from the llama agent now show
dev-qwen instead of dev-bot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simple while-true loop that runs dev-poll with llama backend env vars.
No cron, no guard files, no activation state — just polls and spawns.
Repo auto-cloned on first start.
To be used with a separate agents-llama compose service that sets
ANTHROPIC_BASE_URL to the llama-server address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron does not inherit compose env vars. Without these, dev-poll fails
with cd: /home/johba/disinto: No such file or directory (host path
instead of container path).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
env.sh references $USER which is not set in cron environment.
With set -u (pipefail), this causes env.sh to exit before setting
DISINTO_LOG_DIR, resulting in log writes to the read-only mount.
Root cause of silent cron failures since containerized setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron jobs run with minimal environment — no Docker compose env vars.
Without DISINTO_CONTAINER=1, env.sh falls back to FACTORY_ROOT for
log paths, which is the read-only disinto mount. Polls silently fail.
Fix: set DISINTO_CONTAINER=1 as crontab environment variable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron poll errors were silently swallowed, making it impossible to
diagnose why agents stopped picking up issues. Now logs to
/home/agent/data/logs/cron.log.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove all Matrix/Dendrite infrastructure:
- Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service
(systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook)
- Remove matrix_send() and matrix_send_ctx() from lib/env.sh
- Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh
- Remove [matrix] section parsing from lib/load-project.sh
- Remove Matrix hook installation from lib/agent-session.sh
- Remove notify/notify_ctx helpers and Matrix thread tracking from
dev/dev-agent.sh and action/action-agent.sh
- Remove all matrix_send calls from dev-poll.sh, phase-handler.sh,
action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh,
review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh
- Remove Matrix listener startup from docker/agents/entrypoint.sh
- Remove append_dendrite_compose() and setup_matrix() from bin/disinto
- Remove --matrix flag from disinto init
- Clean Matrix references from .env.example, projects/*.toml.example,
formulas/*.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md,
PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files
Status visibility now via Codeberg PR/issue activity. Human interaction
via vault items through forge. Proactive alerts via OpenClaw heartbeats.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make ~/.claude volume mount read-write (was :ro) so containers can
write back refreshed OAuth tokens
- Wrap Claude CLI in flock(1) inside tmux sessions using
~/.claude/session.lock — prevents concurrent token refresh races
across agents sharing the same credentials
- Add ANTHROPIC_API_KEY detection in entrypoint.sh: when set, skips
OAuth entirely (no rotation issues, metered billing)
- Log active auth method (API key vs OAuth vs missing) at container
startup for easier 401 debugging
- Document 'claude auth login' requirement in disinto init output
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- tea_relabel: use `tea issues edit` instead of `tea issues labels`
(the latter is the list subcommand and ignores --labels)
- Dockerfile: verify tea binary sha256 after download
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
