2 changed files with 190 additions and 0 deletions
--- a/bin/hire-profiles.sh
+++ b/bin/hire-profiles.sh
@ -0,0 +1,101 @@
 #!/usr/bin/env bash
 # bin/hire-profiles.sh — Create .profile repos for all existing bot agents
 #
 # This script runs hire-an-agent for each bot to create their .profile repos.
 # It should be run from the disinto repository root with a running Forgejo instance.
 #
 # Usage:
 #   cd ~/disinto
 #   ./bin/hire-profiles.sh
 #
 # Acceptance criteria:
 #   - All bot users have a .profile repo on Forgejo
 #   - Each .profile contains formula.toml, journal/.gitkeep, knowledge/.gitkeep
 #   - architect-bot user exists with a token in .env
 #   - Agents can clone their .profile and write journals on next run
 set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 DISINTO_ROOT="${SCRIPT_DIR}/.."
 # Ensure we're in the disinto root
 cd "$DISINTO_ROOT"
 echo "──────────────────────────────────────────────────────────────────────"
 echo "Creating .profile repos for all bot agents"
 echo "──────────────────────────────────────────────────────────────────────"
 echo ""
 # Step 1: architect-bot (full hire — needs user + token + .profile)
 echo "1. Hiring architect-bot (full hire — needs user + token + .profile)..."
 echo "   Command: ./bin/disinto hire-an-agent architect-bot architect"
 echo ""
 ./bin/disinto hire-an-agent architect-bot architect
 echo ""
 # Step 2: dev-bot
 echo "2. Hiring dev-bot..."
 echo "   Command: ./bin/disinto hire-an-agent dev-bot dev"
 echo ""
 ./bin/disinto hire-an-agent dev-bot dev
 echo ""
 # Step 3: review-bot
 echo "3. Hiring review-bot..."
 echo "   Command: ./bin/disinto hire-an-agent review-bot review --formula formulas/review-pr.toml"
 echo ""
 ./bin/disinto hire-an-agent review-bot review --formula formulas/review-pr.toml
 echo ""
 # Step 4: planner-bot
 echo "4. Hiring planner-bot..."
 echo "   Command: ./bin/disinto hire-an-agent planner-bot planner"
 echo ""
 ./bin/disinto hire-an-agent planner-bot planner
 echo ""
 # Step 5: gardener-bot
 echo "5. Hiring gardener-bot..."
 echo "   Command: ./bin/disinto hire-an-agent gardener-bot gardener"
 echo ""
 ./bin/disinto hire-an-agent gardener-bot gardener
 echo ""
 # Step 6: supervisor-bot
 echo "6. Hiring supervisor-bot..."
 echo "   Command: ./bin/disinto hire-an-agent supervisor-bot supervisor"
 echo ""
 ./bin/disinto hire-an-agent supervisor-bot supervisor
 echo ""
 # Step 7: predictor-bot
 echo "7. Hiring predictor-bot..."
 echo "   Command: ./bin/disinto hire-an-agent predictor-bot predictor"
 echo ""
 ./bin/disinto hire-an-agent predictor-bot predictor
 echo ""
 # Step 8: vault-bot (no formula — skip or use a placeholder)
 echo "8. Hiring vault-bot (no formula — using vault formula)..."
 echo "   Command: ./bin/disinto hire-an-agent vault-bot vault"
 echo ""
 ./bin/disinto hire-an-agent vault-bot vault
 echo ""
 # Step 9: dev-qwen
 echo "9. Hiring dev-qwen..."
 echo "   Command: ./bin/disinto hire-an-agent dev-qwen dev"
 echo ""
 ./bin/disinto hire-an-agent dev-qwen dev
 echo ""
 echo "──────────────────────────────────────────────────────────────────────"
 echo "All .profile repos created!"
 echo "──────────────────────────────────────────────────────────────────────"
 echo ""
 echo "Next steps:"
 echo "  1. Add FORGE_ARCHITECT_TOKEN=<token> to .env.enc"
 echo "  2. Run 'disinto secrets encrypt' to encrypt .env"
 echo "  3. Agents can now clone their .profile repos and write journals"
 echo ""
--- a/formulas/vault.toml
+++ b/formulas/vault.toml
@ -0,0 +1,89 @@
 # formulas/vault.toml — Vault formula (external action dispatch)
 #
 # This formula is used for vault-bot's .profile repo. It defines the vault
 # action dispatch workflow where vault items are filed and executed by the
 # vault runner container with injected secrets.
 #
 # The vault redesign (#73-#77) implements PR-based approval workflow:
 # - Agents file vault items via PR to ops repo
 # - Humans approve via PR review
 # - Vault runner executes with injected secrets
 name        = "vault"
 description = "Vault action dispatch: file approval requests for external actions"
 version     = 1
 model       = "sonnet"
 [context]
 files = ["AGENTS.md", "docs/VAULT.md", "vault/vault-env.sh"]
 [[steps]]
 id    = "preflight"
 title = "Review vault item request"
 description = """
 Read the vault item request and validate it follows the vault protocol.
 1. Check the vault item has all required sections:
   - What — what is needed
   - Why — what this unblocks and why it matters now
   - Unblocks — specific issue numbers
   - Human Action — specific steps the human should take
   - Factory Will Then — what happens after approval
 2. Verify the human action is specific and actionable (not a decision to be made)
 3. Check for duplicates in vault/pending/, vault/approved/, vault/fired/
 4. Validate the formula referenced exists in $PROJECT_REPO_ROOT/formulas/
 5. Check that external actions go through vault dispatch (not direct)
 """
 needs = []
 [[steps]]
 id    = "create-pr"
 title = "Create PR to ops repo"
 description = """
 Create a PR to the ops repo to file the vault item.
 1. Build vault item TOML:
   cat > "$OPS_REPO_ROOT/vault/pending/vault-<id>.toml" <<EOF
 id = "<id>"
 formula = "<formula-name>"
 context = "<description>"
 secrets = []
 EOF
 2. Create branch and PR:
   git checkout -b "vault/<id>"
   git add vault/pending/vault-<id>.toml
   git commit -m "vault: file <id>"
   git push -u origin "vault/<id>"
   # Create PR via API
 3. Add PR description explaining the request and expected outcome
 """
 needs = ["preflight"]
 [[steps]]
 id    = "journal"
 title = "Write vault journal entry"
 description = """
 Append a timestamped entry to the vault journal.
 File path:
  $OPS_REPO_ROOT/journal/vault/$(date -u +%Y-%m-%d).md
 Format:
  ## Vault run — HH:MM UTC
  ### Items filed
  - <id> — <description>
  ### Status
  - PR #<number> filed, awaiting approval
 After writing the journal, write the phase signal:
  echo 'PHASE:done' > "$PHASE_FILE"
 """
 needs = ["create-pr"]