Add security_opt: [apparmor=unconfined] to all three compose services
(forgejo, woodpecker, agents) in generate_compose(). This prevents
su-exec from entering an infinite CPU loop when Docker runs inside an
LXD container whose default AppArmor profile blocks setuid/execve.
Harmless on bare-metal Docker hosts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add FORGEJO__security__INSTALL_LOCK: "true" to the forgejo service
environment in generate_compose(). Without this, Forgejo starts in
install-wizard mode and the API returns 404 for all endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add EXIT trap in disinto_up() so the plaintext .env is removed even if
docker compose up fails. Previously set -euo pipefail would abort
before the cleanup block, leaving secrets on disk.
Replace the silent || true in the Dockerfile with an explicit
claude --version check so the build fails visibly if the CLI cannot
be installed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The entrypoint installed a crontab but never started a cron daemon,
leaving the container idle. Fix by running as root in the entrypoint
(cron requires it), installing the crontab for the agent user via
`crontab -u agent`, and starting cron in the foreground with `cron -f`.
Remove `USER agent` from the Dockerfile and `user: "1000:1000"` from
the compose template accordingly — cron jobs still execute as UID 1000.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add docker-compose.yml generation, agent Dockerfile, and new CLI
commands (up/down/logs/shell) so the full stack runs containerized.
The --bare flag preserves the current bare-metal setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fire-and-forget mirror push support so merges to the primary branch
are automatically pushed to configured public mirrors (GitHub, Codeberg,
etc.). Mirror failures are logged but never block the pipeline.
- lib/mirrors.sh: new shared mirror_push() helper
- lib/load-project.sh: parse [mirrors] TOML section into MIRROR_* env vars
- dev/phase-handler.sh: call mirror_push after do_merge() success
- dev/dev-poll.sh: call mirror_push after try_direct_merge() success
- gardener/gardener-run.sh: call mirror_push after _gardener_merge() success
- bin/disinto: set up mirror remotes during init, add commented mirrors to
generated TOML
- projects/*.toml.example: show [mirrors] section (commented out)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Warn on stderr when .env.enc decryption fails instead of silent || true
- Guard ensure_age_key() against empty age-keygen -y output
- Fix stale comment on write_secrets_encrypted()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_commit_status() and ci_pipeline_number() helpers to
lib/ci-helpers.sh that query Woodpecker directly with a forge API
fallback. Replace all 12 inline forge commit status calls across 6
files with the new helpers.
Add setup_woodpecker() to bin/disinto init that creates a Forgejo
OAuth2 app for Woodpecker and activates the repo.
Document manual Woodpecker+Forgejo setup in BOOTSTRAP.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace /api/v1/user with /api/v1/repos/{owner}/{repo} in three places:
- preflight_check() auth verification
- setup_codeberg_auth() --token flag verification
- setup_codeberg_auth() interactive flow verification
The repo endpoint only requires repo-level access, which matches the
scopes disinto actually needs (write:issue, write:repository). Tokens
without read:user scope now pass verification correctly.
Also use generic "token" as netrc login since the username is no longer
retrieved from the API (git operations authenticate via the token, not
the login field).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add interactive Codeberg auth setup to `disinto init`:
- Guide user through token creation with URL and required scopes
- Save token to ~/.netrc with correct permissions (600)
- Verify token via API call before proceeding
- Support --token flag for non-interactive use
- Backwards compatible: existing CODEBERG_TOKEN / .netrc still work
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add --netrc flag to curl when CODEBERG_TOKEN is unset so ~/.netrc
auth users don't get false-positive API failures
- Check claude auth status exit code separately; only skip the check
when the subcommand is unrecognized (old claude version), otherwise
treat failures as auth errors
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace validate_env() with preflight_check() that verifies all factory
requirements before init proceeds:
- Required tools: claude, tmux, git, jq, python3, curl (hard errors)
- Claude Code authentication via claude auth status
- Codeberg auth: CODEBERG_TOKEN or ~/.netrc, verified with API call
- Codeberg SSH access: verified with ssh -T git@codeberg.org
- Optional: docker (warn only)
- Clear error messages with install hints for each missing tool
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- When --yes is passed with a differing --repo-root, auto-apply the TOML
update instead of silently skipping. Prevents stale repo_root in TOML.
- Replace sed with python3+re for updating repo_root to avoid delimiter
injection from user-supplied paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When projects/<name>.toml already exists (e.g. committed from another box),
skip TOML generation and continue with remaining setup steps (clone repo,
create labels, install cron). Reads repo_root and branch from the existing
TOML. If --repo-root flag differs from TOML value, prompts to update it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add bin/disinto CLI entry point with two subcommands:
- `disinto init <repo-url>`: bootstraps a new project by cloning the
repo, generating a projects/*.toml config, creating Codeberg labels
(backlog, in-progress, blocked, tech-debt, underspecified, vision,
action), generating a VISION.md template, and installing cron jobs
for dev-poll, review-poll, and gardener.
- `disinto status`: shows active sessions, backlog depth, and open PR
count for all configured projects.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
