bin/hire-profiles.sh

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+# bin/hire-profiles.sh — Create .profile repos for all existing bot agents
+#
+# This script runs hire-an-agent for each bot to create their .profile repos.
+# It should be run from the disinto repository root with a running Forgejo instance.
+#
+# Usage:
+#   cd ~/disinto
+#   ./bin/hire-profiles.sh
+#
+# Acceptance criteria:
+#   - All bot users have a .profile repo on Forgejo
+#   - Each .profile contains formula.toml, journal/.gitkeep, knowledge/.gitkeep
+#   - architect-bot user exists with a token in .env
+#   - Agents can clone their .profile and write journals on next run
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+DISINTO_ROOT="${SCRIPT_DIR}/.."
+
+# Ensure we're in the disinto root
+cd "$DISINTO_ROOT"
+
+echo "──────────────────────────────────────────────────────────────────────"
+echo "Creating .profile repos for all bot agents"
+echo "──────────────────────────────────────────────────────────────────────"
+echo ""
+
+# Step 1: architect-bot (full hire — needs user + token + .profile)
+echo "1. Hiring architect-bot (full hire — needs user + token + .profile)..."
+echo "   Command: ./bin/disinto hire-an-agent architect-bot architect"
+echo ""
+./bin/disinto hire-an-agent architect-bot architect
+echo ""
+
+# Step 2: dev-bot
+echo "2. Hiring dev-bot..."
+echo "   Command: ./bin/disinto hire-an-agent dev-bot dev"
+echo ""
+./bin/disinto hire-an-agent dev-bot dev
+echo ""
+
+# Step 3: review-bot
+echo "3. Hiring review-bot..."
+echo "   Command: ./bin/disinto hire-an-agent review-bot review --formula formulas/review-pr.toml"
+echo ""
+./bin/disinto hire-an-agent review-bot review --formula formulas/review-pr.toml
+echo ""
+
+# Step 4: planner-bot
+echo "4. Hiring planner-bot..."
+echo "   Command: ./bin/disinto hire-an-agent planner-bot planner"
+echo ""
+./bin/disinto hire-an-agent planner-bot planner
+echo ""
+
+# Step 5: gardener-bot
+echo "5. Hiring gardener-bot..."
+echo "   Command: ./bin/disinto hire-an-agent gardener-bot gardener"
+echo ""
+./bin/disinto hire-an-agent gardener-bot gardener
+echo ""
+
+# Step 6: supervisor-bot
+echo "6. Hiring supervisor-bot..."
+echo "   Command: ./bin/disinto hire-an-agent supervisor-bot supervisor"
+echo ""
+./bin/disinto hire-an-agent supervisor-bot supervisor
+echo ""
+
+# Step 7: predictor-bot
+echo "7. Hiring predictor-bot..."
+echo "   Command: ./bin/disinto hire-an-agent predictor-bot predictor"
+echo ""
+./bin/disinto hire-an-agent predictor-bot predictor
+echo ""
+
+# Step 8: vault-bot (no formula — skip or use a placeholder)
+echo "8. Hiring vault-bot (no formula — using vault formula)..."
+echo "   Command: ./bin/disinto hire-an-agent vault-bot vault"
+echo ""
+./bin/disinto hire-an-agent vault-bot vault
+echo ""
+
+# Step 9: dev-qwen
+echo "9. Hiring dev-qwen..."
+echo "   Command: ./bin/disinto hire-an-agent dev-qwen dev"
+echo ""
+./bin/disinto hire-an-agent dev-qwen dev
+echo ""
+
+echo "──────────────────────────────────────────────────────────────────────"
+echo "All .profile repos created!"
+echo "──────────────────────────────────────────────────────────────────────"
+echo ""
+echo "Next steps:"
+echo "  1. Add FORGE_ARCHITECT_TOKEN=<token> to .env.enc"
+echo "  2. Run 'disinto secrets encrypt' to encrypt .env"
+echo "  3. Agents can now clone their .profile repos and write journals"
+echo ""

formulas/vault.toml

@@ -0,0 +1,89 @@
+# formulas/vault.toml — Vault formula (external action dispatch)
+#
+# This formula is used for vault-bot's .profile repo. It defines the vault
+# action dispatch workflow where vault items are filed and executed by the
+# vault runner container with injected secrets.
+#
+# The vault redesign (#73-#77) implements PR-based approval workflow:
+# - Agents file vault items via PR to ops repo
+# - Humans approve via PR review
+# - Vault runner executes with injected secrets
+
+name        = "vault"
+description = "Vault action dispatch: file approval requests for external actions"
+version     = 1
+model       = "sonnet"
+
+[context]
+files = ["AGENTS.md", "docs/VAULT.md", "vault/vault-env.sh"]
+
+[[steps]]
+id    = "preflight"
+title = "Review vault item request"
+description = """
+Read the vault item request and validate it follows the vault protocol.
+
+1. Check the vault item has all required sections:
+   - What — what is needed
+   - Why — what this unblocks and why it matters now
+   - Unblocks — specific issue numbers
+   - Human Action — specific steps the human should take
+   - Factory Will Then — what happens after approval
+
+2. Verify the human action is specific and actionable (not a decision to be made)
+
+3. Check for duplicates in vault/pending/, vault/approved/, vault/fired/
+
+4. Validate the formula referenced exists in $PROJECT_REPO_ROOT/formulas/
+
+5. Check that external actions go through vault dispatch (not direct)
+"""
+needs = []
+
+[[steps]]
+id    = "create-pr"
+title = "Create PR to ops repo"
+description = """
+Create a PR to the ops repo to file the vault item.
+
+1. Build vault item TOML:
+   cat > "$OPS_REPO_ROOT/vault/pending/vault-<id>.toml" <<EOF
+id = "<id>"
+formula = "<formula-name>"
+context = "<description>"
+secrets = []
+EOF
+
+2. Create branch and PR:
+   git checkout -b "vault/<id>"
+   git add vault/pending/vault-<id>.toml
+   git commit -m "vault: file <id>"
+   git push -u origin "vault/<id>"
+   # Create PR via API
+
+3. Add PR description explaining the request and expected outcome
+"""
+needs = ["preflight"]
+
+[[steps]]
+id    = "journal"
+title = "Write vault journal entry"
+description = """
+Append a timestamped entry to the vault journal.
+
+File path:
+  $OPS_REPO_ROOT/journal/vault/$(date -u +%Y-%m-%d).md
+
+Format:
+  ## Vault run — HH:MM UTC
+
+  ### Items filed
+  - <id> — <description>
+
+  ### Status
+  - PR #<number> filed, awaiting approval
+
+After writing the journal, write the phase signal:
+  echo 'PHASE:done' > "$PHASE_FILE"
+"""
+needs = ["create-pr"]