dfb1a45295
Merge pull request 'chore: gardener housekeeping' ( #1003 ) from chore/gardener-20260418-0955 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 10:02:15 +00:00
Claude
832d6bb851
chore: gardener housekeeping 2026-04-18
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-18 09:55:21 +00:00
8fc3ba5b59
Merge pull request 'fix: [nomad-step-5] S5.5 — wire --with edge,staging,chat + vault-runner + full deploy ordering ( #992 )' ( #1002 ) from fix/issue-992-2 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 09:38:28 +00:00
Claude
3b82f8e3a1
fix: handle _hvault_seed_key rc=2 API error explicitly in vault-seed-chat.sh ( #992 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 09:26:20 +00:00
Claude
8381f88491
fix: deduplicate vault-seed-chat.sh preconditions + help text for CI ( #992 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 09:09:16 +00:00
Claude
0c85339285
fix: update bats test to include edge in known services list ( #992 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline failed
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline failed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 09:05:10 +00:00
Claude
acd6240ec4
fix: [nomad-step-5] S5.5 — wire --with edge,staging,chat + vault-runner + full deploy ordering ( #992 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline failed
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline failed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 09:01:54 +00:00
16474a1800
Merge pull request 'fix: [nomad-step-5] S5.2 — nomad/jobs/staging.hcl + chat.hcl ( #989 )' ( #999 ) from fix/issue-989-2 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 08:28:40 +00:00
Claude
8b1857e83f
fix: add site-content to HOST_VOLUME_DIRS + update AGENTS.md jobspec table ( #989 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
Add /srv/disinto/docker to HOST_VOLUME_DIRS in cluster-up.sh so the
staging host volume directory exists before Nomad starts (prevents
client fingerprinting failure on fresh-box init).
Also add staging.hcl and chat.hcl entries to the nomad/AGENTS.md
jobspec documentation table.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 08:20:10 +00:00
Claude
da93748fee
fix: [nomad-step-5] S5.2 — nomad/jobs/staging.hcl + chat.hcl ( #989 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
Add lightweight Nomad service jobs for the staging file server and
Claude chat UI. Key changes:
- nomad/jobs/staging.hcl: caddy:alpine file-server mounting docker/
as /srv/site (read-only), no Vault integration needed
- nomad/jobs/chat.hcl: custom disinto/chat:local image with sandbox
hardening (cap_drop ALL, tmpfs, pids_limit 128, security_opt),
Vault-templated OAuth secrets from kv/disinto/shared/chat
- nomad/client.hcl: add site-content host volume for staging
- vault/policies/service-chat.hcl + vault/roles.yaml: read-only
access to chat secrets via workload identity
- bin/disinto: wire staging+chat into build, deploy order, seed
mapping, summary, and service validation
- tests/disinto-init-nomad.bats: update known-services assertion
Fixes prior art issue where security_opt and pids_limit were placed
at task level instead of inside docker driver config block.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 08:01:48 +00:00
30bc21c650
Merge pull request 'fix: [nomad-step-5] S5.4 — dispatcher.sh DISPATCHER_BACKEND=nomad branch (nomad job dispatch) ( #991 )' ( #997 ) from fix/issue-991 into main
ci/woodpecker/push/ci Pipeline was successful
2026-04-18 07:43:29 +00:00
Agent
9806ed40df
fix: [nomad-step-5] S5.4 — dispatcher.sh nomad exit code extraction (dead != failure) ( #991 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-18 07:41:05 +00:00
Agent
9f94b818a3
fix: [nomad-step-5] S5.4 — dispatcher.sh DISPATCHER_BACKEND=nomad branch (nomad job dispatch) ( #991 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-18 07:28:54 +00:00
Agent
9f9abdee82
fix: [nomad-step-5] S5.4 — dispatcher.sh DISPATCHER_BACKEND=nomad branch (nomad job dispatch) ( #991 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-18 07:20:16 +00:00
90831d3347
Merge pull request 'fix: [nomad-step-5] S5.1 — nomad/jobs/edge.hcl (Caddy + dispatcher sidecar) ( #988 )' ( #994 ) from fix/issue-988 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 07:16:45 +00:00
dev-qwen2
72aecff8d8
fix: [nomad-step-5] S5.1 — nomad/jobs/edge.hcl (Caddy + dispatcher sidecar) ( #988 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-18 07:08:20 +00:00
84d63d49b5
Merge pull request 'fix: [nomad-step-5] S5.3 — nomad/jobs/vault-runner.hcl (parameterized batch dispatch) ( #990 )' ( #993 ) from fix/issue-990 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 06:58:33 +00:00
Claude
e17e9604c1
fix: [nomad-step-5] S5.3 — nomad/jobs/vault-runner.hcl (parameterized batch dispatch) ( #990 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 06:45:40 +00:00
daaaf70d34
Merge pull request 'fix: [nomad-step-4] S4-fix-7 — agents.hcl must use :local tag not :latest (Nomad always pulls :latest) ( #986 )' ( #987 ) from fix/issue-986 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 06:23:16 +00:00
dev-qwen2
4a07049383
fix: [nomad-step-4] S4-fix-7 — agents.hcl must use :local tag not :latest (Nomad always pulls :latest) ( #986 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
2026-04-18 06:11:33 +00:00
8c7b26f916
Merge pull request 'fix: [nomad-step-4] S4-fix-6 — bake Claude CLI into agents Docker image (remove host bind-mount) ( #984 )' ( #985 ) from fix/issue-984 into main
ci/woodpecker/push/ci Pipeline was successful
2026-04-18 05:56:41 +00:00
dev-qwen2
deda192d60
fix: [nomad-step-4] S4-fix-6 — bake Claude CLI into agents Docker image (remove host bind-mount) ( #984 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
2026-04-18 05:44:35 +00:00
dev-qwen2
4a3c8e16db
fix: [nomad-step-4] S4-fix-6 — bake Claude CLI into agents Docker image (remove host bind-mount) ( #984 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-18 05:34:46 +00:00
450e2a09c8
Merge pull request 'chore: gardener housekeeping' ( #983 ) from chore/gardener-20260418-0313 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-18 03:19:50 +00:00
Claude
f2b175e49b
chore: gardener housekeeping 2026-04-18
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-18 03:13:46 +00:00
c872f28242
Merge pull request 'chore: gardener housekeeping' ( #980 ) from chore/gardener-20260417-2106 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 21:13:47 +00:00
Claude
386f9a1bc0
chore: gardener housekeeping 2026-04-17
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-17 21:06:33 +00:00
71e770b8ae
Merge pull request 'fix: [nomad-step-4] S4-fix-5 — agents.hcl needs force_pull=false for locally-built image ( #978 )' ( #979 ) from fix/issue-978 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 17:02:18 +00:00
Agent
ffd1f41b33
fix: [nomad-step-4] S4-fix-5 — agents.hcl needs force_pull=false for locally-built image ( #978 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-17 16:57:19 +00:00
05e57478ad
Merge pull request 'fix: [nomad-step-4] S4-fix-4 — Dockerfile COPY tea fails on fresh clone (download instead) ( #976 )' ( #977 ) from fix/issue-976 into main
ci/woodpecker/push/ci Pipeline was successful
2026-04-17 16:30:53 +00:00
dev-qwen2
5185cc720a
fix: [nomad-step-4] S4-fix-4 — Dockerfile COPY tea fails on fresh clone (download instead) ( #976 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-17 16:28:43 +00:00
93c26ef037
Merge pull request 'fix: [nomad-step-4] S4-fix-3 — Dockerfile COPY sops fails on fresh clone (download instead) ( #974 )' ( #975 ) from fix/issue-974 into main
ci/woodpecker/push/ci Pipeline was successful
2026-04-17 16:14:54 +00:00
dev-qwen2
98bb5a3fee
fix: [nomad-step-4] S4-fix-3 — Dockerfile COPY sops fails on fresh clone (download instead) ( #974 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-17 16:08:41 +00:00
3cb76d571b
Merge pull request 'fix: [nomad-step-4] S4-fix-2 — build disinto/agents:latest locally before deploy (no registry) ( #972 )' ( #973 ) from fix/issue-972 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 16:03:16 +00:00
dev-qwen2
0c767d9fee
fix: [nomad-step-4] S4-fix-2 — build disinto/agents:latest locally before deploy (no registry) ( #972 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
2026-04-17 15:47:52 +00:00
243b598374
Merge pull request 'fix: tech-debt: init --dry-run shows batch seed→deploy but real run is interleaved ( #950 )' ( #970 ) from fix/issue-950 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 15:31:29 +00:00
dev-qwen2
b9588073ad
fix: tech-debt: init --dry-run shows batch seed→deploy but real run is interleaved ( #950 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
2026-04-17 15:21:47 +00:00
9bb9be450a
Merge pull request 'chore: gardener housekeeping' ( #969 ) from chore/gardener-20260417-1445 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 15:07:58 +00:00
3b5498bc30
Merge pull request 'fix: [nomad-step-3] S3-fix-6 — woodpecker-agent can't reach server gRPC at localhost:9000 (port bound to LXC IP) ( #964 )' ( #966 ) from fix/issue-964 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 15:01:59 +00:00
Claude
7f5234bd71
fix: woodpecker jobspecs deployed via deploy.sh, not Nomad API directly
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-17 14:59:14 +00:00
Claude
8bbd7e8ac8
chore: gardener housekeeping 2026-04-17
2026-04-17 14:59:14 +00:00
Agent
ab0a6be41f
fix: use Nomad interpolation syntax for WOODPECKER_SERVER
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-17 14:58:13 +00:00
Agent
3d62b52e36
fix: [nomad-step-3] S3-fix-6 — woodpecker-agent can't reach server gRPC at localhost:9000 (port bound to LXC IP) ( #964 )
2026-04-17 14:58:13 +00:00
82a712bac3
Merge pull request 'fix: [nomad-step-4] S4-fix-1 — vault-seed-agents.sh must seed kv/disinto/bots/dev (missing from .env import) ( #963 )' ( #965 ) from fix/issue-963 into main
ci/woodpecker/push/ci Pipeline was successful
2026-04-17 14:46:52 +00:00
dev-qwen2
1a637fdc27
fix: [nomad-step-4] S4-fix-1 — vault-seed-agents.sh must seed kv/disinto/bots/dev (missing from .env import) ( #963 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-17 14:43:06 +00:00
edf7a28bd3
Merge pull request 'fix: [nomad-step-3] S3-fix-5 — nomad/client.hcl must allow_privileged for woodpecker-agent ( #961 )' ( #962 ) from fix/issue-961 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 12:53:42 +00:00
dev-qwen2
fbcc6c5e43
fix: [nomad-step-3] S3-fix-5 — nomad/client.hcl must allow_privileged for woodpecker-agent ( #961 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/secret-scan Pipeline was successful
2026-04-17 12:48:08 +00:00
9c4c5f1ac8
Merge pull request 'fix: [nomad-step-4] S4.2 — wire --with agents + deploy ordering ( #956 )' ( #960 ) from fix/issue-956 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 11:06:39 +00:00
dev-qwen2
155ec85a3e
fix: [nomad-step-4] S4.2 — wire --with agents + deploy ordering ( #956 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/pr/nomad-validate Pipeline was successful
ci/woodpecker/pr/smoke-init Pipeline was successful
2026-04-17 10:55:13 +00:00
a51f543005
Merge pull request 'fix: [nomad-step-4] S4.1 — nomad/jobs/agents.hcl (7 roles, llama, vault-templated bot tokens) ( #955 )' ( #959 ) from fix/issue-955 into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/nomad-validate Pipeline was successful
2026-04-17 10:49:36 +00:00
