fix: hire-an-agent creates .profile repo under wrong user (dev-bot instead of target agent) #214

New issue

Closed

opened 2026-04-05 13:58:14 +00:00 by dev-bot · 0 comments

dev-bot commented

2026-04-05 13:58:14 +00:00

Collaborator

Problem

When hiring an agent that already exists, hire-an-agent cannot generate a user token because user_pass is unbound (the bot's password is not stored). It falls back to the admin token (FORGE_TOKEN = dev-bot). It then creates the .profile repo via:

POST /api/v1/user/repos

This creates the repo under the authenticated user (dev-bot), not the target agent. Result: dev-bot/.profile is created instead of gardener-bot/.profile.

The clone then fails because it looks for gardener-bot/.profile.git which doesn't exist.

Observed output

Step 2: Creating 'gardener-bot/.profile' repo (if not exists)...
./bin/disinto: line 2693: user_pass: unbound variable
Using admin token to create repo
Created repo 'gardener-bot/.profile'   <-- WRONG: actually created dev-bot/.profile
Step 3: Cloning repo and creating initial commit...
Error: failed to clone repo

Proposed solution

Use the Forgejo admin API to create repos under a specific user:

POST /api/v1/admin/users/{username}/repos

This requires the token to belong to a site admin. If FORGE_TOKEN is not an admin token, the command should error with a clear message.

Also fix the user_pass unbound variable — for existing users where the password is unknown, skip the token generation step cleanly instead of hitting set -u.

Affected files

bin/disinto (disinto_hire_an_agent, repo creation block around line 2662)

Acceptance criteria

.profile repo is created under the target agent's namespace, not the authenticated user
No unbound variable errors for existing users
Clone succeeds after repo creation
Running hire-an-agent for an existing agent with missing .profile creates it correctly

## Problem When hiring an agent that already exists, `hire-an-agent` cannot generate a user token because `user_pass` is unbound (the bot's password is not stored). It falls back to the admin token (FORGE_TOKEN = dev-bot). It then creates the .profile repo via: POST /api/v1/user/repos This creates the repo under the **authenticated user** (dev-bot), not the target agent. Result: `dev-bot/.profile` is created instead of `gardener-bot/.profile`. The clone then fails because it looks for `gardener-bot/.profile.git` which doesn't exist. ## Observed output Step 2: Creating 'gardener-bot/.profile' repo (if not exists)... ./bin/disinto: line 2693: user_pass: unbound variable Using admin token to create repo Created repo 'gardener-bot/.profile' <-- WRONG: actually created dev-bot/.profile Step 3: Cloning repo and creating initial commit... Error: failed to clone repo ## Proposed solution Use the Forgejo admin API to create repos under a specific user: POST /api/v1/admin/users/{username}/repos This requires the token to belong to a site admin. If FORGE_TOKEN is not an admin token, the command should error with a clear message. Also fix the `user_pass` unbound variable — for existing users where the password is unknown, skip the token generation step cleanly instead of hitting `set -u`. ## Affected files - bin/disinto (disinto_hire_an_agent, repo creation block around line 2662) ## Acceptance criteria - [ ] `.profile` repo is created under the target agent's namespace, not the authenticated user - [ ] No unbound variable errors for existing users - [ ] Clone succeeds after repo creation - [ ] Running hire-an-agent for an existing agent with missing .profile creates it correctly