disinto/supervisor/supervisor-run.sh

#!/usr/bin/env bash
# =============================================================================
# supervisor-run.sh — Cron wrapper: supervisor execution via Claude + formula
#
# Runs every 20 minutes (or on-demand). Guards against concurrent runs and
# low memory. Collects metrics via preflight.sh, then creates a tmux session
# with Claude (sonnet) reading formulas/run-supervisor.toml.
#
# Replaces supervisor-poll.sh (bash orchestrator + claude -p one-shot) with
# formula-driven interactive Claude session matching the planner/predictor
# pattern.
#
# Usage:
#   supervisor-run.sh [projects/disinto.toml]   # project config (default: disinto)
#
# Cron: */20 * * * * cd /path/to/dark-factory && bash supervisor/supervisor-run.sh
# =============================================================================
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
FACTORY_ROOT="$(dirname "$SCRIPT_DIR")"

# Accept project config from argument; default to disinto
export PROJECT_TOML="${1:-$FACTORY_ROOT/projects/disinto.toml}"
# shellcheck source=../lib/env.sh
source "$FACTORY_ROOT/lib/env.sh"
# Use supervisor-bot's own Forgejo identity (#747)
FORGE_TOKEN="${FORGE_SUPERVISOR_TOKEN:-${FORGE_TOKEN}}"
# shellcheck source=../lib/agent-session.sh
source "$FACTORY_ROOT/lib/agent-session.sh"
# shellcheck source=../lib/formula-session.sh
source "$FACTORY_ROOT/lib/formula-session.sh"
# shellcheck source=../lib/worktree.sh
source "$FACTORY_ROOT/lib/worktree.sh"
# shellcheck source=../lib/guard.sh
source "$FACTORY_ROOT/lib/guard.sh"

LOG_FILE="$SCRIPT_DIR/supervisor.log"
# shellcheck disable=SC2034  # consumed by run_formula_and_monitor
SESSION_NAME="supervisor-${PROJECT_NAME}"
PHASE_FILE="/tmp/supervisor-session-${PROJECT_NAME}.phase"

# shellcheck disable=SC2034  # read by monitor_phase_loop in lib/agent-session.sh
PHASE_POLL_INTERVAL=15

SCRATCH_FILE="/tmp/supervisor-${PROJECT_NAME}-scratch.md"

log() { echo "[$(date -u +%Y-%m-%dT%H:%M:%S)Z] $*" >> "$LOG_FILE"; }

# ── Guards ────────────────────────────────────────────────────────────────
check_active supervisor
acquire_cron_lock "/tmp/supervisor-run.lock"
check_memory 2000

log "--- Supervisor run start ---"

# ── Housekeeping: clean up stale crashed worktrees (>24h) ────────────────
cleanup_stale_crashed_worktrees 24

# ── Collect pre-flight metrics ────────────────────────────────────────────
log "Running preflight.sh"
PREFLIGHT_OUTPUT=""
if PREFLIGHT_OUTPUT=$(bash "$SCRIPT_DIR/preflight.sh" "$PROJECT_TOML" 2>&1); then
  log "Preflight collected ($(echo "$PREFLIGHT_OUTPUT" | wc -l) lines)"
else
  log "WARNING: preflight.sh failed, continuing with partial data"
fi

# ── Load formula + context ───────────────────────────────────────────────
load_formula "$FACTORY_ROOT/formulas/run-supervisor.toml"
build_context_block AGENTS.md

# ── Read scratch file (compaction survival) ───────────────────────────────
SCRATCH_CONTEXT=$(read_scratch_context "$SCRATCH_FILE")
SCRATCH_INSTRUCTION=$(build_scratch_instruction "$SCRATCH_FILE")

# ── Build prompt ─────────────────────────────────────────────────────────
build_prompt_footer

# shellcheck disable=SC2034  # consumed by run_formula_and_monitor
PROMPT="You are the supervisor agent for ${FORGE_REPO}. Work through the formula below. You MUST write PHASE:done to '${PHASE_FILE}' when finished — the orchestrator will time you out if you return to the prompt without signalling.

You have full shell access and --dangerously-skip-permissions.
Fix what you can. File vault items for what you cannot. Do NOT ask permission — act first, report after.

## Pre-flight metrics (collected $(date -u +%H:%M) UTC)
${PREFLIGHT_OUTPUT}

## Project context
${CONTEXT_BLOCK}
${SCRATCH_CONTEXT:+${SCRATCH_CONTEXT}
}
Priority order: P0 memory > P1 disk > P2 stopped > P3 degraded > P4 housekeeping

${FORMULA_CONTENT}

${SCRATCH_INSTRUCTION}
${PROMPT_FOOTER}"

# ── Run session ──────────────────────────────────────────────────────────
export CLAUDE_MODEL="sonnet"
run_formula_and_monitor "supervisor" 1200

# ── Cleanup scratch file on normal exit ──────────────────────────────────
# FINAL_PHASE already set by run_formula_and_monitor
if [ "${FINAL_PHASE:-}" = "PHASE:done" ]; then
  rm -f "$SCRATCH_FILE"
fi
fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00			`#!/usr/bin/env bash`
			`# =============================================================================`
			`# supervisor-run.sh — Cron wrapper: supervisor execution via Claude + formula`
			`#`
			`# Runs every 20 minutes (or on-demand). Guards against concurrent runs and`
			`# low memory. Collects metrics via preflight.sh, then creates a tmux session`
			`# with Claude (sonnet) reading formulas/run-supervisor.toml.`
			`#`
			`# Replaces supervisor-poll.sh (bash orchestrator + claude -p one-shot) with`
			`# formula-driven interactive Claude session matching the planner/predictor`
			`# pattern.`
			`#`
			`# Usage:`
			`# supervisor-run.sh [projects/disinto.toml] # project config (default: disinto)`
			`#`
			`# Cron: /20 * * * cd /path/to/dark-factory && bash supervisor/supervisor-run.sh`
			`# =============================================================================`
			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"`
			`FACTORY_ROOT="$(dirname "$SCRIPT_DIR")"`

			`# Accept project config from argument; default to disinto`
			`export PROJECT_TOML="${1:-$FACTORY_ROOT/projects/disinto.toml}"`
			`# shellcheck source=../lib/env.sh`
			`source "$FACTORY_ROOT/lib/env.sh"`
fix: Per-agent Forgejo accounts — identity and permissions via authorship (#747) Each agent now gets its own Forgejo account (dev-bot, review-bot, planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot, action-bot) with a dedicated API token. This enables: - Audit trail: every forge action attributable to a specific agent - Permission boundaries: agents act under their own identity - Vault authorization model: vault-bot comments = proof of approval Changes: - bin/disinto: setup_forge() creates all 8 bot accounts during init, stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as repo collaborators - lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots - Agent scripts: each agent overrides FORGE_TOKEN with its per-agent token after sourcing env.sh (gardener, planner, supervisor, predictor, vault, action) - .env.example: documents all per-agent token fields Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 16:16:13 +00:00			`# Use supervisor-bot's own Forgejo identity (#747)`
			`FORGE_TOKEN="${FORGE_SUPERVISOR_TOKEN:-${FORGE_TOKEN}}"`
fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00			`# shellcheck source=../lib/agent-session.sh`
			`source "$FACTORY_ROOT/lib/agent-session.sh"`
			`# shellcheck source=../lib/formula-session.sh`
			`source "$FACTORY_ROOT/lib/formula-session.sh"`
fix: Extract lib/worktree.sh — create, recover, cleanup (#797) Extract reusable worktree management into lib/worktree.sh: - worktree_create: git worktree add + checkout + submodules - worktree_recover: detect existing worktree, reuse or recreate - worktree_cleanup: remove worktree + clear Claude Code project cache - worktree_cleanup_stale: scan /tmp for orphaned worktrees, skip preserved - worktree_preserve: mark worktree for debugging (skip stale cleanup) Update callers: - dev-agent.sh: use worktree_create/worktree_recover/worktree_cleanup - action-agent.sh: use worktree_cleanup/worktree_preserve - formula-session.sh: delegate cleanup_stale_crashed_worktrees, use worktree_preserve - All formula agents source lib/worktree.sh Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-27 19:06:31 +00:00			`# shellcheck source=../lib/worktree.sh`
			`source "$FACTORY_ROOT/lib/worktree.sh"`
fix: feat: active-state files — per-cron guard with self-off semantics (#622) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-23 21:46:59 +00:00			`# shellcheck source=../lib/guard.sh`
			`source "$FACTORY_ROOT/lib/guard.sh"`
fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00
			`LOG_FILE="$SCRIPT_DIR/supervisor.log"`
			`# shellcheck disable=SC2034 # consumed by run_formula_and_monitor`
			`SESSION_NAME="supervisor-${PROJECT_NAME}"`
			`PHASE_FILE="/tmp/supervisor-session-${PROJECT_NAME}.phase"`

			`# shellcheck disable=SC2034 # read by monitor_phase_loop in lib/agent-session.sh`
			`PHASE_POLL_INTERVAL=15`

			`SCRATCH_FILE="/tmp/supervisor-${PROJECT_NAME}-scratch.md"`

			`log() { echo "[$(date -u +%Y-%m-%dT%H:%M:%S)Z] $*" >> "$LOG_FILE"; }`

			`# ── Guards ────────────────────────────────────────────────────────────────`
fix: feat: active-state files — per-cron guard with self-off semantics (#622) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-23 21:46:59 +00:00			`check_active supervisor`
fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00			`acquire_cron_lock "/tmp/supervisor-run.lock"`
			`check_memory 2000`

			`log "--- Supervisor run start ---"`

fix: Preserve worktrees on crash for debugging (#726) On crash (PHASE:crashed or non-zero exit), preserve the worktree and log its location instead of destroying it unconditionally. Successful sessions still clean up normally. Supervisor runs housekeeping to remove stale crashed worktrees older than 24h. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 13:41:33 +00:00			`# ── Housekeeping: clean up stale crashed worktrees (>24h) ────────────────`
			`cleanup_stale_crashed_worktrees 24`

fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00			`# ── Collect pre-flight metrics ────────────────────────────────────────────`
			`log "Running preflight.sh"`
			`PREFLIGHT_OUTPUT=""`
			`if PREFLIGHT_OUTPUT=$(bash "$SCRIPT_DIR/preflight.sh" "$PROJECT_TOML" 2>&1); then`
			`log "Preflight collected ($(echo "$PREFLIGHT_OUTPUT" \| wc -l) lines)"`
			`else`
			`log "WARNING: preflight.sh failed, continuing with partial data"`
			`fi`

			`# ── Load formula + context ───────────────────────────────────────────────`
			`load_formula "$FACTORY_ROOT/formulas/run-supervisor.toml"`
			`build_context_block AGENTS.md`

			`# ── Read scratch file (compaction survival) ───────────────────────────────`
			`SCRATCH_CONTEXT=$(read_scratch_context "$SCRATCH_FILE")`
			`SCRATCH_INSTRUCTION=$(build_scratch_instruction "$SCRATCH_FILE")`

			`# ── Build prompt ─────────────────────────────────────────────────────────`
			`build_prompt_footer`

			`# shellcheck disable=SC2034 # consumed by run_formula_and_monitor`
fix: Replace Codeberg dependency with local Forgejo instance (#611) - Add setup_forge() to bin/disinto: provisions Forgejo via Docker, creates admin + bot users (dev-bot, review-bot), generates API tokens, creates repo, and pushes code — all automated - Rename env vars: CODEBERG_TOKEN→FORGE_TOKEN, REVIEW_BOT_TOKEN→ FORGE_REVIEW_TOKEN, CODEBERG_REPO→FORGE_REPO, CODEBERG_API→ FORGE_API, CODEBERG_WEB→FORGE_WEB, CODEBERG_BOT_USERNAMES→ FORGE_BOT_USERNAMES (with backwards-compat fallbacks) - Rename API helpers: codeberg_api()→forge_api(), codeberg_api_all() →forge_api_all() (with compat aliases) - Add forge_url field to project TOML; load-project.sh derives FORGE_API/FORGE_WEB from forge_url + repo - Update parse_repo_slug() to accept any host URL, not just codeberg - Forgejo data stored under ~/.disinto/forgejo/ (not in factory repo) - Update all 58 files: agent scripts, formulas, docs, site HTML Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-23 16:57:12 +00:00			`PROMPT="You are the supervisor agent for ${FORGE_REPO}. Work through the formula below. You MUST write PHASE:done to '${PHASE_FILE}' when finished — the orchestrator will time you out if you return to the prompt without signalling.`
fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00
			`You have full shell access and --dangerously-skip-permissions.`
fix: Remove escalation — planner routes through vault instead (#721) Remove ESCALATED signal and escalation handling from planner, supervisor, and gardener. When blocked on external resources or human decisions, these agents now file vault procurement items (vault/pending/.md) instead of escalating directly to the human. Changes: - Planner formula: ESCALATED signal replaced with HUMAN_BLOCKED; files vault items and marks prerequisites as blocked-on-vault - Supervisor formula/prompt: escalation sections replaced with vault item filing; preflight now reports pending vault items instead of escalation replies - Gardener formula: ESCALATE action replaced with VAULT action; files vault/pending/.md for human decisions - Groom-backlog formula: same ESCALATE→VAULT replacement - Gardener shell: PHASE:escalate replaced with PHASE:failed for merge blocks and CI exhaustion; escalation reply consumption removed - Supervisor shell: escalation reply consumption removed from both supervisor-run.sh and legacy supervisor-poll.sh - Prerequisite tree: #466 updated from "escalated" to "blocked-on-vault" The vault is the factory's only interface to the human for resources and approvals. Dev/action agents retain PHASE:escalate for operational session issues (CI timeouts, merge blocks) which are a different mechanism. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 09:09:58 +00:00			`Fix what you can. File vault items for what you cannot. Do NOT ask permission — act first, report after.`
fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00
			`## Pre-flight metrics (collected $(date -u +%H:%M) UTC)`
			`${PREFLIGHT_OUTPUT}`

			`## Project context`
			`${CONTEXT_BLOCK}`
			`${SCRATCH_CONTEXT:+${SCRATCH_CONTEXT}`
			`}`
fix: break duplicate window — add priority order line to supervisor prompt The duplicate detector skips lines starting with # (treats as comments even inside quoted strings). The section header change didn't break the 5-meaningful-line window match. Adding a non-comment content line does. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:32:54 +00:00			`Priority order: P0 memory > P1 disk > P2 stopped > P3 degraded > P4 housekeeping`

fix: feat: supervisor as formula-driven agent — cron + Matrix escalation (#245) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 00:22:37 +00:00			`${FORMULA_CONTENT}`

			`${SCRATCH_INSTRUCTION}`
			`${PROMPT_FOOTER}"`

			`# ── Run session ──────────────────────────────────────────────────────────`
			`export CLAUDE_MODEL="sonnet"`
			`run_formula_and_monitor "supervisor" 1200`

			`# ── Cleanup scratch file on normal exit ──────────────────────────────────`
			`# FINAL_PHASE already set by run_formula_and_monitor`
			`if [ "${FINAL_PHASE:-}" = "PHASE:done" ]; then`
			`rm -f "$SCRATCH_FILE"`
			`fi`