diff --git a/bin/hire-profiles.sh b/bin/hire-profiles.sh new file mode 100755 index 0000000..2143116 --- /dev/null +++ b/bin/hire-profiles.sh @@ -0,0 +1,101 @@ +#!/usr/bin/env bash +# bin/hire-profiles.sh — Create .profile repos for all existing bot agents +# +# This script runs hire-an-agent for each bot to create their .profile repos. +# It should be run from the disinto repository root with a running Forgejo instance. +# +# Usage: +# cd ~/disinto +# ./bin/hire-profiles.sh +# +# Acceptance criteria: +# - All bot users have a .profile repo on Forgejo +# - Each .profile contains formula.toml, journal/.gitkeep, knowledge/.gitkeep +# - architect-bot user exists with a token in .env +# - Agents can clone their .profile and write journals on next run + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +DISINTO_ROOT="${SCRIPT_DIR}/.." + +# Ensure we're in the disinto root +cd "$DISINTO_ROOT" + +echo "──────────────────────────────────────────────────────────────────────" +echo "Creating .profile repos for all bot agents" +echo "──────────────────────────────────────────────────────────────────────" +echo "" + +# Step 1: architect-bot (full hire — needs user + token + .profile) +echo "1. Hiring architect-bot (full hire — needs user + token + .profile)..." +echo " Command: ./bin/disinto hire-an-agent architect-bot architect" +echo "" +./bin/disinto hire-an-agent architect-bot architect +echo "" + +# Step 2: dev-bot +echo "2. Hiring dev-bot..." +echo " Command: ./bin/disinto hire-an-agent dev-bot dev" +echo "" +./bin/disinto hire-an-agent dev-bot dev +echo "" + +# Step 3: review-bot +echo "3. Hiring review-bot..." +echo " Command: ./bin/disinto hire-an-agent review-bot review --formula formulas/review-pr.toml" +echo "" +./bin/disinto hire-an-agent review-bot review --formula formulas/review-pr.toml +echo "" + +# Step 4: planner-bot +echo "4. Hiring planner-bot..." +echo " Command: ./bin/disinto hire-an-agent planner-bot planner" +echo "" +./bin/disinto hire-an-agent planner-bot planner +echo "" + +# Step 5: gardener-bot +echo "5. Hiring gardener-bot..." +echo " Command: ./bin/disinto hire-an-agent gardener-bot gardener" +echo "" +./bin/disinto hire-an-agent gardener-bot gardener +echo "" + +# Step 6: supervisor-bot +echo "6. Hiring supervisor-bot..." +echo " Command: ./bin/disinto hire-an-agent supervisor-bot supervisor" +echo "" +./bin/disinto hire-an-agent supervisor-bot supervisor +echo "" + +# Step 7: predictor-bot +echo "7. Hiring predictor-bot..." +echo " Command: ./bin/disinto hire-an-agent predictor-bot predictor" +echo "" +./bin/disinto hire-an-agent predictor-bot predictor +echo "" + +# Step 8: vault-bot (no formula — skip or use a placeholder) +echo "8. Hiring vault-bot (no formula — using vault formula)..." +echo " Command: ./bin/disinto hire-an-agent vault-bot vault" +echo "" +./bin/disinto hire-an-agent vault-bot vault +echo "" + +# Step 9: dev-qwen +echo "9. Hiring dev-qwen..." +echo " Command: ./bin/disinto hire-an-agent dev-qwen dev" +echo "" +./bin/disinto hire-an-agent dev-qwen dev +echo "" + +echo "──────────────────────────────────────────────────────────────────────" +echo "All .profile repos created!" +echo "──────────────────────────────────────────────────────────────────────" +echo "" +echo "Next steps:" +echo " 1. Add FORGE_ARCHITECT_TOKEN= to .env.enc" +echo " 2. Run 'disinto secrets encrypt' to encrypt .env" +echo " 3. Agents can now clone their .profile repos and write journals" +echo "" diff --git a/formulas/vault.toml b/formulas/vault.toml new file mode 100644 index 0000000..510eb3d --- /dev/null +++ b/formulas/vault.toml @@ -0,0 +1,89 @@ +# formulas/vault.toml — Vault formula (external action dispatch) +# +# This formula is used for vault-bot's .profile repo. It defines the vault +# action dispatch workflow where vault items are filed and executed by the +# vault runner container with injected secrets. +# +# The vault redesign (#73-#77) implements PR-based approval workflow: +# - Agents file vault items via PR to ops repo +# - Humans approve via PR review +# - Vault runner executes with injected secrets + +name = "vault" +description = "Vault action dispatch: file approval requests for external actions" +version = 1 +model = "sonnet" + +[context] +files = ["AGENTS.md", "docs/VAULT.md", "vault/vault-env.sh"] + +[[steps]] +id = "preflight" +title = "Review vault item request" +description = """ +Read the vault item request and validate it follows the vault protocol. + +1. Check the vault item has all required sections: + - What — what is needed + - Why — what this unblocks and why it matters now + - Unblocks — specific issue numbers + - Human Action — specific steps the human should take + - Factory Will Then — what happens after approval + +2. Verify the human action is specific and actionable (not a decision to be made) + +3. Check for duplicates in vault/pending/, vault/approved/, vault/fired/ + +4. Validate the formula referenced exists in $PROJECT_REPO_ROOT/formulas/ + +5. Check that external actions go through vault dispatch (not direct) +""" +needs = [] + +[[steps]] +id = "create-pr" +title = "Create PR to ops repo" +description = """ +Create a PR to the ops repo to file the vault item. + +1. Build vault item TOML: + cat > "$OPS_REPO_ROOT/vault/pending/vault-.toml" <" + git add vault/pending/vault-.toml + git commit -m "vault: file " + git push -u origin "vault/" + # Create PR via API + +3. Add PR description explaining the request and expected outcome +""" +needs = ["preflight"] + +[[steps]] +id = "journal" +title = "Write vault journal entry" +description = """ +Append a timestamped entry to the vault journal. + +File path: + $OPS_REPO_ROOT/journal/vault/$(date -u +%Y-%m-%d).md + +Format: + ## Vault run — HH:MM UTC + + ### Items filed + - + + ### Status + - PR # filed, awaiting approval + +After writing the journal, write the phase signal: + echo 'PHASE:done' > "$PHASE_FILE" +""" +needs = ["create-pr"]