- redact_secrets now covers AWS AKIA keys and 0x-prefixed private keys,
matching all patterns that scan_for_secrets detects
- file-action-issue.sh no longer suppresses stderr from scan_for_secrets,
so blocked-issue diagnostics reach the caller's log
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Filter stale escalation entries in gardener-poll.sh before passing them
to the agent session. For each escalation reply line, extract referenced
issue numbers (#NNN) and check their current state via the API. Discard
entries where all referenced issues are already closed, preventing the
gardener from creating investigation issues for resolved problems.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The action-agent now creates an isolated git worktree before each run
and destroys it unconditionally on exit. The formula must push results
before signaling done — unpushed work is lost when the worktree is nuked.
Changes:
- WORKTREE now points to /tmp/action-{issue}-{timestamp} instead of
PROJECT_REPO_ROOT
- cleanup_worktree() properly removes the worktree + Claude session history
- cleanup() kills child processes, stops docker, then destroys the worktree
- Claude session runs inside the worktree (not FACTORY_ROOT)
- Prompt warns about push-before-done in both Path A and Path B
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add check_script calls for all inline-sourced lib files (agent-session.sh,
ci-helpers.sh, file-action-issue.sh, formula-session.sh, load-project.sh)
so their internal function calls are verified
- Add check_script calls for standalone lib scripts (ci-debug.sh,
matrix_listener.sh, parse-deps.sh) and legacy prediction scripts
- Add documentation comment on LIB_FUNS listing included/excluded lib files
with rationale for each
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_failed() helper to lib/ci-helpers.sh and replace three compound
`! ci_passed && CI_STATE != "" && != "pending" && != "unknown"` patterns
in dev/dev-poll.sh with the cleaner ci_failed() call.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore executable bit on gardener/gardener-poll.sh (cron invokes it directly)
- Add _BLOCKED_POSTED guard to prevent duplicate diagnostic comments when
both _on_phase_change(PHASE:crashed) and the belt-and-suspenders exit
handler both call post_blocked_diagnostic()
- Update stale documentation:
- gardener-run.sh: remove "CI escalation recipes" from issue body
- AGENTS.md: update directory layout comment for gardener-poll.sh
- gardener-poll.sh: remove recipe engine description from header
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move ensure_blocked_label_id() from dev/phase-handler.sh into
lib/ci-helpers.sh to eliminate the duplicate blocked-label creation
curl block that existed in both phase-handler.sh and dev-poll.sh.
Both dev-agent.sh and action-agent.sh now source lib/ci-helpers.sh
so the function is available when phase-handler.sh calls it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the unreliable escalation JSONL system (supervisor/escalations-*.jsonl
consumed by gardener) with direct blocked label + diagnostic comment on the
original issue.
When a dev-agent or action-agent session fails (PHASE:failed, idle timeout,
crash, CI exhausted):
- Capture last 50 lines from tmux pane via tmux capture-pane
- Post a structured diagnostic comment on the issue (exit reason, timestamp,
PR number, tmux output)
- Label the issue "blocked" (instead of restoring "backlog")
- Remove in-progress label
Removed:
- Escalation JSONL write paths in dev-agent.sh, phase-handler.sh, dev-poll.sh,
action-agent.sh
- is_escalated() helper in dev-poll.sh
- Escalation triage (P2f section) in supervisor-poll.sh
- Escalation processing + recipe engine in gardener-poll.sh
- ci-escalation-recipes step from run-gardener.toml formula
- escalations*.jsonl from .gitignore
Added:
- post_blocked_diagnostic() shared helper in phase-handler.sh
- ensure_blocked_label_id() helper (creates label via API if not exists)
- is_blocked() helper in dev-poll.sh (replaces is_escalated)
- Blocked issues listing in supervisor/preflight.sh
Kept:
- Matrix notifications on failure (unchanged)
- CI fix counter logic (still tracks attempts)
- needs_human injection in supervisor/gardener (not escalation-related)
- Gardener grooming (gardener-agent.sh still invoked)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use single-line conditionals for worktree check in PHASE:crashed handler
(phase-handler.sh) to break 5-line window match with idle_timeout case.
Slim dev-agent.sh crashed case to just restore_to_backlog since the
_on_phase_change callback handles full cleanup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The cleanup_labels + curl POST + CLAIMED=false pattern was duplicated
across dev-agent.sh (idle_timeout and crashed cases) and phase-handler.sh
(PHASE:crashed handler), triggering duplicate-detection CI failure.
Extract restore_to_backlog() shared helper; call it from all three sites.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add explicit PHASE:crashed case to _on_phase_change in phase-handler.sh:
logs crash, notifies Matrix, escalates to supervisor, restores backlog
label, preserves worktree if PR exists, cleans up temp files.
Add crashed case to dev-agent.sh post-loop case statement for
belt-and-suspenders cleanup matching the callback behavior.
Replaces the dead crash_recovery_failed case that was never triggered.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add exit_marker file check to the CI wait loop and review wait loop in
phase-handler.sh, matching the pattern already used in monitor_phase_loop
(agent-session.sh). This makes crash detection consistent across all
polling paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix critical: use double quotes for $PHASE_FILE in formula phase signal
- Fix low: use limit=50 for backlog/in-progress/blocked issue counts
- Fix nit: correct misleading comment about escalation reply timing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The duplicate detector skips lines starting with # (treats as comments
even inside quoted strings). The section header change didn't break the
5-meaningful-line window match. Adding a non-comment content line does.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
