- Add docker/Caddyfile to .gitignore (generated artifact, not tracked)
- Document generate_caddyfile as canonical source in lib/generators.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Part 1: Add WOODPECKER_PLUGINS_PRIVILEGED to woodpecker service environment
in lib/generators.sh, defaulting to plugins/docker, overridable via .env.
Document the new key in .env.example.
Part 2: Delete .woodpecker/ops-filer.yml from project repo — it belongs in
the ops repo and references secrets that don't exist here. Full ops-side
filer setup deferred until sprint PRs need it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Generated compose now uses `image: ghcr.io/disinto/{agents,edge}` instead
of `build:` directives; `disinto init --build` restores local-build mode
- Add VOLUME declarations to agents, reproduce, and edge Dockerfiles
- Add CI pipeline (.woodpecker/publish-images.yml) to build and push images
to ghcr.io/disinto on tag events
- Mount projects/, .env, and state/ into agents container for runtime config
- Skip pre-build binary download when compose uses registry images
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The duplicate-detection CI step (baseline mode) flags new code blocks that
match existing patterns. filer_api_all reimplemented the same pagination
logic as forge_api_all in env.sh. Replace with a one-liner wrapper that
delegates to forge_api_all with FORGE_FILER_TOKEN.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- architect/AGENTS.md: update responsibilities, state transitions, vision
lifecycle, and execution sections to reflect read-only role and filer-bot
architecture (#764)
- lib/sprint-filer.sh: add filer_api_all() paginated fetch helper; fix
subissue_exists() and check_and_close_completed_visions() to paginate
instead of using fixed limits that miss issues on large trackers
- lib/sprint-filer.sh: fix extract_vision_issue() to look specifically in
the "## Vision issues" section before falling back to first #N in file
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The agent-smoke.sh function resolution checker matches lowercase_underscore
identifiers as potential bash function calls. The awk variable `in_body`
inside sprint-filer.sh's heredoc triggered a false [undef] failure.
Also fixes SC2155 (declare and assign separately) in the same file.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shift the guardrail from prose prompt constraints into Forgejo's permission
layer. architect-bot loses all write access on the project repo (now read-only
for context gathering). Sub-issues are produced by a new filer-bot identity
that runs only after a human merges a sprint PR on the ops repo.
Changes:
- architect-run.sh: remove all project-repo writes (add_inprogress_label,
close_vision_issue, check_and_close_completed_visions); add ## Sub-issues
block to pitch format with filer:begin/end markers
- formulas/run-architect.toml: add Sub-issues schema to pitch format; strip
issue-creation API refs; document read-only constraint on project repo
- lib/formula-session.sh: remove Create issue curl template from
build_prompt_footer (architect cannot create issues)
- lib/sprint-filer.sh (new): parser + idempotent filer using FORGE_FILER_TOKEN;
parses filer:begin/end blocks, creates issues with decomposed-from markers,
adds in-progress label, handles vision lifecycle closure
- .woodpecker/ops-filer.yml (new): CI pipeline on ops repo main-branch push
that invokes sprint-filer.sh after sprint PR merge
- lib/env.sh, .env.example, docker-compose.yml: add FORGE_FILER_TOKEN for
filer-bot identity; add filer-bot to FORGE_BOT_USERNAMES
- AGENTS.md: add Filer agent entry; update in-progress label docs
- .woodpecker/agent-smoke.sh: register sprint-filer.sh for smoke test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Caddy forward_auth on /chat/* blocked unauthenticated users from
reaching the OAuth login/callback routes (401 instead of redirect).
Add explicit handle blocks for these public routes before the
forward_auth catch-all.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gate /chat/* behind Forgejo OAuth2 authorization-code flow.
- Extract generic _create_forgejo_oauth_app() helper in lib/ci-setup.sh;
Woodpecker OAuth becomes a thin wrapper, chat gets its own app.
- bin/disinto init now creates TWO OAuth apps (woodpecker-ci + disinto-chat)
and writes CHAT_OAUTH_CLIENT_ID / CHAT_OAUTH_CLIENT_SECRET to .env.
- docker/chat/server.py: new routes /chat/login (→ Forgejo authorize),
/chat/oauth/callback (code→token exchange, user allowlist check, session
cookie). All other /chat/* routes require a valid session or redirect to
/chat/login. Session store is in-memory with 24h TTL.
- lib/generators.sh: pass FORGE_URL, CHAT_OAUTH_CLIENT_ID,
CHAT_OAUTH_CLIENT_SECRET, EDGE_TUNNEL_FQDN, DISINTO_CHAT_ALLOWED_USERS
to the chat container environment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduce FORGE_API_BASE (bare API root without repo path) in lib/env.sh
and lib/load-project.sh. Replace all cross-repo curl calls in
architect-run.sh that incorrectly used ${FORGE_API}/repos/${FORGE_OPS_REPO}
(which expanded to .../repos/owner/repo/repos/owner/ops-repo) with
${FORGE_API_BASE}/repos/${FORGE_OPS_REPO}.
Also fix a same-repo label URL that duplicated the repos segment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three fixes:
1. architect-run.sh:722 — extract `.result` not `.content` from claude JSON
output. All other callers (dev-agent, formula-session) use `.result`;
this was the direct cause of every pitch being empty.
2. lib/agent-sdk.sh — reset `_AGENT_LAST_OUTPUT=""` at the top of each
`agent_run` call so stale data from a prior invocation can't bleed
into the next caller when claude crashes or returns empty.
3. lib/agent-sdk.sh — scope the diagnostics file by `$LOG_AGENT` instead
of hardcoding `dev/`. Concurrent agents (architect, gardener, planner,
predictor) no longer clobber each other's diag output.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The CI smoke test's get_candidates awk pattern falsely matches
underscore-containing variable names (like digested_files+=) as
unresolved function calls. Rename to batchfiles to avoid the match.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add digest-specific timeout (PROFILE_DIGEST_TIMEOUT, default 300s) instead
of relying on the global 2h CLAUDE_TIMEOUT
- Cap journals per digest run (PROFILE_DIGEST_MAX_BATCH, default 5) to bound
prompt size and let remaining journals drain over subsequent runs
- Only archive the journals that were actually included in the batch, not all
- On timeout/failure, preserve previous lessons-learned.md instead of leaving
a near-empty file — journals stay unarchived for retry on next run
- Detect suspiciously small output (<=16 bytes) as failed digestion
- Add PROFILE_DIGEST_THRESHOLD env var (default 10) for digest trigger
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
