Replace tmux-based run_formula_and_monitor architecture with synchronous
agent_run() from agent-sdk.sh. Replace custom CI/review/merge phase
callbacks (~350 lines) with pr_walk_to_merge() from pr-lifecycle.sh.
Key changes:
- Source agent-sdk.sh + pr-lifecycle.sh instead of agent-session.sh
- One-shot claude -p invocation replaces tmux session management
- Bash script IS the state machine (no phase files needed)
- Keep _gardener_execute_manifest() for post-merge manifest execution
- Keep all guards, formula loading, context building unchanged
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Each agent now gets its own Forgejo account (dev-bot, review-bot,
planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot,
action-bot) with a dedicated API token. This enables:
- Audit trail: every forge action attributable to a specific agent
- Permission boundaries: agents act under their own identity
- Vault authorization model: vault-bot comments = proof of approval
Changes:
- bin/disinto: setup_forge() creates all 8 bot accounts during init,
stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as
repo collaborators
- lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN
for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots
- Agent scripts: each agent overrides FORGE_TOKEN with its per-agent
token after sourcing env.sh (gardener, planner, supervisor, predictor,
vault, action)
- .env.example: documents all per-agent token fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove all Matrix/Dendrite infrastructure:
- Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service
(systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook)
- Remove matrix_send() and matrix_send_ctx() from lib/env.sh
- Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh
- Remove [matrix] section parsing from lib/load-project.sh
- Remove Matrix hook installation from lib/agent-session.sh
- Remove notify/notify_ctx helpers and Matrix thread tracking from
dev/dev-agent.sh and action/action-agent.sh
- Remove all matrix_send calls from dev-poll.sh, phase-handler.sh,
action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh,
review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh
- Remove Matrix listener startup from docker/agents/entrypoint.sh
- Remove append_dendrite_compose() and setup_matrix() from bin/disinto
- Remove --matrix flag from disinto init
- Clean Matrix references from .env.example, projects/*.toml.example,
formulas/*.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md,
PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files
Status visibility now via Codeberg PR/issue activity. Human interaction
via vault items through forge. Proactive alerts via OpenClaw heartbeats.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove ESCALATED signal and escalation handling from planner, supervisor,
and gardener. When blocked on external resources or human decisions, these
agents now file vault procurement items (vault/pending/*.md) instead of
escalating directly to the human.
Changes:
- Planner formula: ESCALATED signal replaced with HUMAN_BLOCKED; files
vault items and marks prerequisites as blocked-on-vault
- Supervisor formula/prompt: escalation sections replaced with vault item
filing; preflight now reports pending vault items instead of escalation
replies
- Gardener formula: ESCALATE action replaced with VAULT action; files
vault/pending/*.md for human decisions
- Groom-backlog formula: same ESCALATE→VAULT replacement
- Gardener shell: PHASE:escalate replaced with PHASE:failed for merge
blocks and CI exhaustion; escalation reply consumption removed
- Supervisor shell: escalation reply consumption removed from both
supervisor-run.sh and legacy supervisor-poll.sh
- Prerequisite tree: #466 updated from "escalated" to "blocked-on-vault"
The vault is the factory's only interface to the human for resources and
approvals. Dev/action agents retain PHASE:escalate for operational session
issues (CI timeouts, merge blocks) which are a different mechanism.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add stale-pr-recycle step to the gardener formula that detects open PRs
with failed CI older than 24 hours and no active tmux session. Stale PRs
are closed with a comment, and the linked issue is relabeled from
in-progress to backlog so dev-poll picks it up for a fresh attempt.
Also adds close_pr manifest action to the gardener executor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fire-and-forget mirror push support so merges to the primary branch
are automatically pushed to configured public mirrors (GitHub, Codeberg,
etc.). Mirror failures are logged but never block the pipeline.
- lib/mirrors.sh: new shared mirror_push() helper
- lib/load-project.sh: parse [mirrors] TOML section into MIRROR_* env vars
- dev/phase-handler.sh: call mirror_push after do_merge() success
- dev/dev-poll.sh: call mirror_push after try_direct_merge() success
- gardener/gardener-run.sh: call mirror_push after _gardener_merge() success
- bin/disinto: set up mirror remotes during init, add commented mirrors to
generated TOML
- projects/*.toml.example: show [mirrors] section (commented out)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_commit_status() and ci_pipeline_number() helpers to
lib/ci-helpers.sh that query Woodpecker directly with a forge API
fallback. Replace all 12 inline forge commit status calls across 6
files with the new helpers.
Add setup_woodpecker() to bin/disinto init that creates a Forgejo
OAuth2 app for Woodpecker and activates the repo.
Document manual Woodpecker+Forgejo setup in BOOTSTRAP.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The sed watermark-update pattern stripped the closing --> from 9 of 10
AGENTS.md files, making entire file bodies invisible in rendered markdown.
Fix by appending --> to the affected lines.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update AGENTS.md watermarks to current HEAD (9ec0c02)
- lib/AGENTS.md: document parse-deps.sh inline scan now skips fenced
code blocks to prevent false positives from code examples in issue bodies
- No blocked issues to review
- Pending actions: none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update AGENTS.md watermarks to current HEAD (e8df73e)
- No code changes since last gardener run — watermark-only refresh
- No blocked issues to review
- Pending actions: none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update all AGENTS.md watermarks to current HEAD (251d160)
- dev/AGENTS.md: document dev-poll's early direct-merge scan (before lock
check) — approved PRs now merge without waiting for active dev sessions;
chore/gardener PRs merge without issue numbers in branch name
- planner/AGENTS.md: document dispatch-idle-formulas phase (step 4); note
that planner reads both factory and project-specific formulas; clarify
that all planner artifacts use $PROJECT_REPO_ROOT, not $FACTORY_ROOT
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update AGENTS.md watermarks (all 10 files) to HEAD 038581e5
- Content already current from recent gardener migration and setup PRs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Progressive disclosure split of AGENTS.md (487→152 lines):
- Extracted per-directory AGENTS.md files for all 8 agents + lib/
- Root AGENTS.md now serves as a table of contents with summary table
- All watermarks updated to 16e430e
Grooming results:
- Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog
- 12 dust items classified, no groups ripe for bundling yet
- No blocked issues, no AD violations
Remove the orphaned post-session dust accumulator from gardener-agent.sh
(no longer reached after #367 moved gardener-poll.sh to action issues).
Add a dedicated dust-bundling formula step to run-gardener.toml that
handles the full lifecycle: dedup, timestamps, 30-day TTL expiry, and
bundling groups with 3+ items into backlog issues.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move TOML frontmatter construction into a shared helper in
lib/file-action-issue.sh, used by both gardener-poll.sh and
gardener-run.sh. Fixes CI duplicate-detection failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Filter stale escalation entries in gardener-poll.sh before passing them
to the agent session. For each escalation reply line, extract referenced
issue numbers (#NNN) and check their current state via the API. Discard
entries where all referenced issues are already closed, preventing the
gardener from creating investigation issues for resolved problems.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore executable bit on gardener/gardener-poll.sh (cron invokes it directly)
- Add _BLOCKED_POSTED guard to prevent duplicate diagnostic comments when
both _on_phase_change(PHASE:crashed) and the belt-and-suspenders exit
handler both call post_blocked_diagnostic()
- Update stale documentation:
- gardener-run.sh: remove "CI escalation recipes" from issue body
- AGENTS.md: update directory layout comment for gardener-poll.sh
- gardener-poll.sh: remove recipe engine description from header
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the unreliable escalation JSONL system (supervisor/escalations-*.jsonl
consumed by gardener) with direct blocked label + diagnostic comment on the
original issue.
When a dev-agent or action-agent session fails (PHASE:failed, idle timeout,
crash, CI exhausted):
- Capture last 50 lines from tmux pane via tmux capture-pane
- Post a structured diagnostic comment on the issue (exit reason, timestamp,
PR number, tmux output)
- Label the issue "blocked" (instead of restoring "backlog")
- Remove in-progress label
Removed:
- Escalation JSONL write paths in dev-agent.sh, phase-handler.sh, dev-poll.sh,
action-agent.sh
- is_escalated() helper in dev-poll.sh
- Escalation triage (P2f section) in supervisor-poll.sh
- Escalation processing + recipe engine in gardener-poll.sh
- ci-escalation-recipes step from run-gardener.toml formula
- escalations*.jsonl from .gitignore
Added:
- post_blocked_diagnostic() shared helper in phase-handler.sh
- ensure_blocked_label_id() helper (creates label via API if not exists)
- is_blocked() helper in dev-poll.sh (replaces is_escalated)
- Blocked issues listing in supervisor/preflight.sh
Kept:
- Matrix notifications on failure (unchanged)
- CI fix counter logic (still tracks attempts)
- needs_human injection in supervisor/gardener (not escalation-related)
- Gardener grooming (gardener-agent.sh still invoked)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The context file was written before the reset block that deleted it,
making compaction re-injection a no-op for gardener sessions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add --recipes-only flag to gardener-poll.sh to skip grooming call when
invoked by the formula's ci-escalation-recipes step (prevents double-run)
- Update formula step to pass --recipes-only
- Add lib/file-action-issue.sh to AGENTS.md shared helpers table
- Clarify TOML arg scope in gardener trigger description
- Fix log prefixes in gardener-run.sh (poll: → run:)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CI duplicate-detection flagged shared action-issue filing pattern between
gardener-run.sh and planner-poll.sh. Extract into lib/file-action-issue.sh
and refactor both scripts to use it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add gardener-run.sh as a thin cron wrapper that files an action issue
referencing formulas/run-gardener.toml, following the same pattern as
planner-poll.sh. The action-agent picks up the issue and executes the
gardener formula steps in an interactive Claude session.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Widen the escalation dispatch pattern from `idle_timeout*` to also match
`idle_prompt*`. When an idle_prompt escalation arrives, the gardener now
creates an investigation sub-issue with a tailored description (session
returned to prompt without writing a phase signal) instead of silently
falling through to the recipe engine.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
