disinto/vault/vault-reject.sh

#!/usr/bin/env bash
# vault-reject.sh — Move a vault action to rejected/ with reason
#
# Usage: bash vault-reject.sh <action-id> "<reason>"

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
source "${SCRIPT_DIR}/../lib/env.sh"
# Use vault-bot's own Forgejo identity (#747)
FORGE_TOKEN="${FORGE_VAULT_TOKEN:-${FORGE_TOKEN}}"

VAULT_DIR="${FACTORY_ROOT}/vault"
LOGFILE="${VAULT_DIR}/vault.log"

log() {
  printf '[%s] vault-reject: %s\n' "$(date -u '+%Y-%m-%d %H:%M:%S UTC')" "$*" >> "$LOGFILE"
}

ACTION_ID="${1:?Usage: vault-reject.sh <action-id> \"<reason>\"}"
REASON="${2:-unspecified}"

# Find the action file
ACTION_FILE=""
if [ -f "${VAULT_DIR}/pending/${ACTION_ID}.json" ]; then
  ACTION_FILE="${VAULT_DIR}/pending/${ACTION_ID}.json"
elif [ -f "${VAULT_DIR}/approved/${ACTION_ID}.json" ]; then
  ACTION_FILE="${VAULT_DIR}/approved/${ACTION_ID}.json"
else
  log "ERROR: action $ACTION_ID not found in pending/ or approved/"
  exit 1
fi

# Update with rejection metadata and move to rejected/
TMP=$(mktemp)
jq --arg reason "$REASON" --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
  '.status = "rejected" | .rejected_at = $ts | .reject_reason = $reason' \
  "$ACTION_FILE" > "$TMP" && mv "$TMP" "${VAULT_DIR}/rejected/${ACTION_ID}.json"
rm -f "$ACTION_FILE"

# Clean up lock if present
rm -f "${VAULT_DIR}/.locks/${ACTION_ID}.lock"

log "$ACTION_ID: rejected — $REASON"
feat: vault — publishing gate for external-facing agent actions (#19) Implements the vault subsystem: a JSONL queue and gate agent that sits between agent output and irreversible external actions (emails, posts, API calls, charges). New files: - vault/vault-poll.sh: cron entry (*/30), three phases: retry approved, timeout escalations (48h), invoke vault-agent for new pending actions - vault/vault-agent.sh: claude -p wrapper that classifies and routes actions based on risk × reversibility routing table - vault/vault-fire.sh: two-phase dispatcher (pending→approved→fired) with per-action locking and webhook-call handler - vault/vault-reject.sh: moves actions to rejected/ with reason + timestamp - vault/PROMPT.md: vault-agent system prompt with routing table Modified: - lib/matrix_listener.sh: new vault dispatch branch for APPROVE/REJECT replies to escalation threads Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-16 22:35:13 +01:00			`#!/usr/bin/env bash`
			`# vault-reject.sh — Move a vault action to rejected/ with reason`
			`#`
			`# Usage: bash vault-reject.sh <action-id> "<reason>"`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"`
			`source "${SCRIPT_DIR}/../lib/env.sh"`
fix: Per-agent Forgejo accounts — identity and permissions via authorship (#747) Each agent now gets its own Forgejo account (dev-bot, review-bot, planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot, action-bot) with a dedicated API token. This enables: - Audit trail: every forge action attributable to a specific agent - Permission boundaries: agents act under their own identity - Vault authorization model: vault-bot comments = proof of approval Changes: - bin/disinto: setup_forge() creates all 8 bot accounts during init, stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as repo collaborators - lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots - Agent scripts: each agent overrides FORGE_TOKEN with its per-agent token after sourcing env.sh (gardener, planner, supervisor, predictor, vault, action) - .env.example: documents all per-agent token fields Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 16:16:13 +00:00			`# Use vault-bot's own Forgejo identity (#747)`
			`FORGE_TOKEN="${FORGE_VAULT_TOKEN:-${FORGE_TOKEN}}"`
feat: vault — publishing gate for external-facing agent actions (#19) Implements the vault subsystem: a JSONL queue and gate agent that sits between agent output and irreversible external actions (emails, posts, API calls, charges). New files: - vault/vault-poll.sh: cron entry (*/30), three phases: retry approved, timeout escalations (48h), invoke vault-agent for new pending actions - vault/vault-agent.sh: claude -p wrapper that classifies and routes actions based on risk × reversibility routing table - vault/vault-fire.sh: two-phase dispatcher (pending→approved→fired) with per-action locking and webhook-call handler - vault/vault-reject.sh: moves actions to rejected/ with reason + timestamp - vault/PROMPT.md: vault-agent system prompt with routing table Modified: - lib/matrix_listener.sh: new vault dispatch branch for APPROVE/REJECT replies to escalation threads Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-16 22:35:13 +01:00
			`VAULT_DIR="${FACTORY_ROOT}/vault"`
			`LOGFILE="${VAULT_DIR}/vault.log"`

			`log() {`
			`printf '[%s] vault-reject: %s\n' "$(date -u '+%Y-%m-%d %H:%M:%S UTC')" "$*" >> "$LOGFILE"`
			`}`

			`ACTION_ID="${1:?Usage: vault-reject.sh <action-id> \"<reason>\"}"`
			`REASON="${2:-unspecified}"`

			`# Find the action file`
			`ACTION_FILE=""`
			`if [ -f "${VAULT_DIR}/pending/${ACTION_ID}.json" ]; then`
			`ACTION_FILE="${VAULT_DIR}/pending/${ACTION_ID}.json"`
			`elif [ -f "${VAULT_DIR}/approved/${ACTION_ID}.json" ]; then`
			`ACTION_FILE="${VAULT_DIR}/approved/${ACTION_ID}.json"`
			`else`
			`log "ERROR: action $ACTION_ID not found in pending/ or approved/"`
			`exit 1`
			`fi`

			`# Update with rejection metadata and move to rejected/`
			`TMP=$(mktemp)`
			`jq --arg reason "$REASON" --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \`
			`'.status = "rejected" \| .rejected_at = $ts \| .reject_reason = $reason' \`
			`"$ACTION_FILE" > "$TMP" && mv "$TMP" "${VAULT_DIR}/rejected/${ACTION_ID}.json"`
			`rm -f "$ACTION_FILE"`

			`# Clean up lock if present`
			`rm -f "${VAULT_DIR}/.locks/${ACTION_ID}.lock"`

			`log "$ACTION_ID: rejected — $REASON"`