120 commits

Author	SHA1	Message	Date
Claude	dae15410ab	fix: vision(#623): disinto-chat conversation history persistence (#710)	2026-04-12 03:38:46 +00:00
Claude	3b4238d17f	fix: vision(#623): disinto-chat cost caps + rate limiting (#711) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 03:06:06 +00:00
Claude	f8ac1d2ae2	fix: vision(#623): Caddy Remote-User forwarding + chat-side validation (defense-in-depth) (#709) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 02:21:02 +00:00
Claude	30e19f71e2	fix: vision(#623): Forgejo OAuth gate for disinto-chat (#708) ... Gate /chat/* behind Forgejo OAuth2 authorization-code flow. - Extract generic _create_forgejo_oauth_app() helper in lib/ci-setup.sh; Woodpecker OAuth becomes a thin wrapper, chat gets its own app. - bin/disinto init now creates TWO OAuth apps (woodpecker-ci + disinto-chat) and writes CHAT_OAUTH_CLIENT_ID / CHAT_OAUTH_CLIENT_SECRET to .env. - docker/chat/server.py: new routes /chat/login (→ Forgejo authorize), /chat/oauth/callback (code→token exchange, user allowlist check, session cookie). All other /chat/* routes require a valid session or redirect to /chat/login. Session store is in-memory with 24h TTL. - lib/generators.sh: pass FORGE_URL, CHAT_OAUTH_CLIENT_ID, CHAT_OAUTH_CLIENT_SECRET, EDGE_TUNNEL_FQDN, DISINTO_CHAT_ALLOWED_USERS to the chat container environment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 01:52:16 +00:00
Claude	0c5bb09e16	fix: address review — move LOGFILE to tmpfs, add CapDrop check (#706) ... LOGFILE=/var/chat/chat.log is unwritable on read-only rootfs; move to /tmp/chat.log (tmpfs-backed). Add CapDrop=ALL assertion to verify script so removing cap_drop from compose is caught. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 01:19:42 +00:00
Claude	e74fc29b82	fix: vision(#623): disinto-chat sandbox hardening (#706) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-12 01:08:23 +00:00
Claude	938cd319aa	fix: address AI review feedback for disinto-chat (#705)	2026-04-12 00:46:57 +00:00
Claude	eada673493	fix: vision(#623): disinto-chat container scaffold (no auth) (#705)	2026-04-12 00:46:57 +00:00
Claude	7dc03523d6	fix: bug: disinto-edge crashes on cold disinto up — clones from forgejo before forgejo HTTP is ready (#665) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 23:28:01 +00:00
Claude	16477e69b0	fix: update AD-002 docs and stale comments to reflect CLAUDE_CONFIG_DIR isolation (#647) ... - AGENTS.md AD-002: document per-session CLAUDE_CONFIG_DIR as primary OAuth concurrency guard, CLAUDE_EXTERNAL_LOCK as rollback flag - docker/agents/entrypoint.sh: update stale flock comment - lib/agent-sdk.sh: move mkdir inside CLAUDE_EXTERNAL_LOCK branch Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 21:38:52 +00:00
Claude	6d2e2e43f8	fix: config: gardener=1h, architect=9m, planner=11m for disinto factory (+ add PLANNER_INTERVAL env var) (#682)	2026-04-11 17:47:07 +00:00
Claude	5fcf3a6304	fix: bug: docker/agents/entrypoint.sh polling-loop log redirects use ${DISINTO_DIR}/../data/logs — broken after #605 moved DISINTO_DIR to /home/agent/repos/_factory (#675)	2026-04-11 17:16:29 +00:00
Claude	8fe985ea51	fix: bug: docker/agents/entrypoint.sh credential check looks for credentials.json but Claude writes .credentials.json — every boot logs a misleading WARNING (#673)	2026-04-11 16:59:42 +00:00
Claude	4347faf955	fix: feat: make gardener and architect schedules configurable via env vars (#558)	2026-04-11 15:57:11 +00:00
Claude	6589c761ba	fix: refactor: lib/env.sh — split into a defined-surface shared lib; entrypoints own context-specific paths (#674) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 13:21:30 +00:00
Claude	e933473848	fix: lib/git-creds.sh: repair_baked_cred_urls silently fails on agent-owned repos because it runs as root and trips dubious-ownership check (#671) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 08:27:42 +00:00
Claude	13b571c44c	fix: lib/git-creds.sh + docker/edge/entrypoint-edge.sh: read $FORGE_PASS from env at git-runtime instead of baking it into the credential helper file (#669) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 07:55:06 +00:00
Claude	9682ef0b2b	fix: dev agents: distinct git author identity per bot container so commits are visibly attributable (#648)	2026-04-10 21:43:26 +00:00
Claude	de0d82a2d9	fix: docker/agents/entrypoint.sh + edge/reproduce entrypoints: honor CLAUDE_CONFIG_DIR (#644) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 20:55:02 +00:00
Claude	677c05ca10	fix: docker/edge/dispatcher.sh: switch dynamic .claude mounts to shared CLAUDE_CONFIG_DIR (#643) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 20:43:56 +00:00
Claude	4757a9de7a	fix: feat: move reverse tunnel into disinto-edge container with single-port forward (#622) ... - Dockerfile: add openssh-client + autossh to edge image - entrypoint-edge.sh: start autossh reverse tunnel before Caddy when EDGE_TUNNEL_HOST is set; no-op when unset (local-only dev works unchanged) - generators.sh: pass EDGE_TUNNEL_{HOST,USER,PORT,FQDN} env vars and bind-mount secrets/tunnel_key into the edge service Decommission steps for old host-level reverse-tunnel.service: sudo systemctl disable --now reverse-tunnel.service sudo rm /etc/systemd/system/reverse-tunnel.service sudo systemctl daemon-reload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 19:51:03 +00:00
Claude	c3074e83fc	fix: fix: agents container should clone project repo on first startup; treat init's host clone as operator-side only (#605)	2026-04-10 17:19:33 +00:00
Claude	5c4ea7373a	fix: fix: stop baking credentials into git remote URLs — use clean URLs + existing credential helper everywhere (#604) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 17:04:10 +00:00
Claude	7fa0b564df	fix: fix: edge entrypoint should fail with clear error + throttle restart loop when /opt/disinto clone fails (#602)	2026-04-10 16:17:08 +00:00
Claude	dedd29045b	fix: bug: agents container has two diverging copies of disinto code — entrypoint runs baked-in stale version while dev-agent works in fresh git checkout (#593) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 16:03:29 +00:00
Claude	d190296af1	fix: consolidate TOML parsing in bootstrap_ops_repos into single python3 call (#586) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 14:55:33 +00:00
Claude	d60a3da1b1	fix: bug: migrate_ops_repo seeds canonical structure in host path but agents container uses a Docker named volume — migration is orphaned (#586) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 14:48:47 +00:00
Claude	af74eedad9	fix: bug: agents entrypoint creates log dir as root, then gosu agent can't mkdir subdirs (#576)	2026-04-10 13:05:30 +00:00
dev-bot	56f21b0362	Merge pull request 'fix: bug: dispatcher reproduce/triage/verify dispatch fails — no project TOML at /opt/disinto/projects/ in edge container (#554)' (#579) from fix/issue-554 into main	2026-04-10 10:13:33 +00:00
Claude	fde7d1170e	fix: bug: dispatcher reproduce/triage/verify dispatch fails — no project TOML at /opt/disinto/projects/ in edge container (#554)	2026-04-10 09:35:50 +00:00
Claude	098c19cb3a	fix: bug: edge container supervisor loop never runs (and /opt/disinto-logs not created) (#555) ... Two fixes: - Create /opt/disinto-logs before supervisor loop starts (tee was failing) - Replace exec caddy with background caddy + wait -n pattern so the supervisor loop subshell isn't orphaned when the parent shell exec's away Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 09:32:47 +00:00
Claude	f38e3e0d0d	fix: bug: edge container missing claude binary and OAuth credentials mount (#553) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 09:13:11 +00:00
Claude	58fd3cbde1	fix: remove disinto-specific TOML fallback and fix load-project.sh path in edge entrypoint ... - Remove hardcoded `disinto.toml` as default TOML search path; scan projects/ directory for any .toml instead - Fix load-project.sh path: use FACTORY_ROOT (consistent with the rest of the block) instead of SCRIPT_ROOT/BASH_SOURCE which resolves to /usr/local/bin in the container — wrong for /opt/disinto/lib/ Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 08:03:55 +00:00
Claude	fe043f4368	fix: bug: edge entrypoint defaults FORGE_REPO to disinto-admin/disinto — footgun for non-disinto deployments (#543)	2026-04-10 07:58:10 +00:00
Claude	dba3adf1bb	fix: bug: edge entrypoint hardcodes projects/disinto.toml as supervisor argument (#542) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 07:48:58 +00:00
Claude	a0280aa454	fix: bug: agents-llama entrypoint writes to dev-poll log path before creating parent directory (#533) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 07:07:24 +00:00
Claude	ff25e5a084	fix: bug: dispatcher should use docker run, not docker compose run — compose context unavailable in edge container (#529) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 06:49:09 +00:00
Claude	43af38046c	fix: feat: vault actions should support mount declarations for credentials like SSH keys (#528) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-10 06:30:08 +00:00
Claude	c7ca745233	fix: bug: agents entrypoint does not set git safe.directory — worktrees fail after container restart (#517)	2026-04-09 19:40:49 +00:00
Claude	fbf1a6dcc2	fix: review feedback — cd path in release.sh, compose file access in edge container ... - formulas/release.sh: cd to $FACTORY_ROOT (not parent) for docker compose build - docker-compose.yml: mount docker-compose.yml into edge container, pass HOST_PROJECT_DIR - dispatcher.sh: use -f and --project-directory so compose resolves volume paths against the host filesystem when invoked from inside the edge container Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 19:23:08 +00:00
Claude	3c8b61168d	fix: eliminate duplicate action-TOML parsing between runner entrypoint and release formula ... Runner entrypoint now exports VAULT_ACTION_TOML for formula scripts, avoiding duplicated argument parsing that triggered CI duplicate detection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 19:07:51 +00:00
Claude	77de5ef4c5	fix: bug: dispatcher runner invokes formulas as bash scripts but formulas are TOML (#516) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 19:02:52 +00:00
Smoke Test	e70da015db	fix: edge container — add python3, fix mktemp BusyBox compat ... Dockerfile: caddy:latest is Alpine, needs apk not apt-get. Add python3 which dispatcher.sh requires for JSON filtering since Apr 6. dispatcher.sh: BusyBox mktemp does not support suffixes after XXXXXX template. Remove .txt suffix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 18:07:21 +00:00
Claude	f3f6b22b0d	fix: fix: while-true entrypoint runs agents sequentially — slow agents block the entire pipeline (#509) ... Run fast agents (review-poll, dev-poll) in background with stagger. Run slow agents (gardener, architect, planner, predictor) in background with pgrep guards so only one instance of each runs at a time. The flock on session.lock still serializes claude -p calls. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 14:05:14 +00:00
Agent	cfb4ba5fb3	fix: refactor: remove entrypoint.sh PROJECT_REPO_ROOT workaround (#503)	2026-04-09 12:11:28 +00:00
Agent	0987b9ed2f	fix: fix: entrypoint polling loop missing predictor and planner agents (#478)	2026-04-09 07:51:47 +00:00
Agent	605fc136ae	fix: dispatcher.sh: handle direct-commit low-tier vault actions (#439)	2026-04-08 20:15:26 +00:00
Claude	0697f7537b	fix: move helper functions before their first call site ... The verification helpers (_is_parent_issue, _are_all_sub_issues_closed, _get_sub_issue_list) and label/comment helpers (_label_id, _add_label, _remove_label, _post_comment) were defined after the code that calls them. Under set -euo pipefail, this causes a runtime crash. Move all helper function definitions to right after the Claude session completes, before the triage post-processing and verification blocks that use them. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 09:17:05 +00:00
Agent	083c734390	fix: feat: reproduce agent re-verifies bug-report issues after all dependency fixes merge (#400)	2026-04-08 07:55:17 +00:00
Claude	b633ce66df	fix: fix: entrypoint state file creation and AGENT_ROLES default should include all agents (#403) ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-08 07:40:01 +00:00