- Create docker/edge/Dockerfile with bash, jq, curl, git, docker-cli
- Create docker/edge/dispatcher.sh as placeholder no-op loop
- Update edge service to build from ./docker/edge instead of caddy:alpine image
- Mount Docker socket into edge container for dispatcher access
- Mount dispatcher.sh as read-only volume
- Use `read -rs` to hide typed secret value from terminal
- Prompt for confirmation before overwriting an existing secret
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents smoke-init and other heavy CI steps from hanging for 40+ min.
Applied automatically during disinto init.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CI step containers spawned by the WP agent (running on host network)
cannot resolve Docker service names like forgejo. Setting
WOODPECKER_BACKEND_DOCKER_NETWORK puts CI containers on the compose
network so they can reach Forgejo for git clone.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Forgejo blocks outgoing webhooks to non-allowlisted hosts by default.
Woodpecker CI requires webhook delivery for pipeline triggering.
Setting ALLOWED_HOST_LIST=private allows webhooks to any RFC1918 address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Docker bridge networking inside LXD (and potentially other nested container
environments) breaks gRPC/HTTP2 between containers. The gRPC handshake
times out because HTTP/2 frames are not properly forwarded.
Fix: run the WP agent with network_mode: host + privileged, connecting
to the server via localhost:9000 (port mapped from the server container).
- Add port 9000 mapping to woodpecker server
- Switch agent to network_mode: host with privileged: true
- Connect agent to localhost:9000 instead of woodpecker:9000
- Add WOODPECKER_GRPC_SECURE=false
- Move healthcheck to port 3333 (avoid clash with Forgejo on 3000)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add ~/.ssh mount to agents container (needed for mirror pushes)
- Add PROJECT_REPO_ROOT env to agents and vault-runner containers
- Revert WOODPECKER_HOST to http://woodpecker:8000 (localhost breaks gRPC)
- Remove WOODPECKER_GRPC_ADDR (did not fix gRPC issue)
- Keep WOODPECKER_OPEN for OAuth2 first-user registration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Rewrite URL-encoded Docker-internal hostnames in OAuth2 redirect
- Submit all Forgejo grant form fields (client_id, state, redirect_uri, granted)
- Add WOODPECKER_OPEN to compose template for first user OAuth registration
- Add WOODPECKER_GRPC_ADDR to compose template
- Fix WP repo activation: use query param with numeric Forgejo repo ID
- WP v3 PAT creation via session cookie + CSRF header
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#779
## Changes
Auto-generate WOODPECKER_TOKEN during disinto init by automating the Forgejo OAuth2 login flow after the compose stack starts. Adds generate_woodpecker_token() function that: logs into Forgejo web UI, drives the OAuth2 authorize/consent flow, completes the Woodpecker callback to get a session token, then creates a persistent personal access token via Woodpecker API. Saves to .env so activate_woodpecker_repo() can use it immediately. Failures are non-fatal (guarded with || true).
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/790
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Fixes#778
## Changes
Add git identity warning to preflight_check() (warns if user.name/user.email missing) and auto-configure repo-local identity in setup_ops_repo() before the seed commit. This prevents init from failing late when git identity is not configured globally.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/780
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Set is_empty="skipped" before breaking out of the retry loop when
the API is unreachable, so the post-loop guard does not misfire
with a false "still reports empty" failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the single-shot Forgejo API emptiness check in push_to_forge()
with a retry loop (up to 5 attempts, 2s apart). Forgejo needs a brief
delay to index pushed refs, so the immediate check could see stale
metadata reporting empty=true even though the push succeeded.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#757
## Changes
Separate operations from code into {project}-ops repo pattern. Added OPS_REPO_ROOT infrastructure (env.sh, load-project.sh, formula-session.sh with ensure_ops_repo helper). Updated all 8 agent scripts and 7 formulas to read/write vault items, journals, evidence, prerequisites, RESOURCES.md, and knowledge from the ops repo. Added setup_ops_repo() to disinto init for automatic ops repo creation and seeding. Removed migrated data from code repo (vault data dirs, planner journal/memory/prerequisites, supervisor journal/best-practices, evidence, RESOURCES.md). Updated all documentation. 55 files changed, ShellCheck clean, all 38 phase tests pass.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/767
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
