- Redact secrets in logs (=***)
- Fix -e flags before service name in docker compose run
- Use FORGE_OPS_REPO for cloning ops repo
- Refresh ops repo in each poll loop iteration
- Use array-based command execution to prevent shell injection
- Load vault secrets after env.sh for dispatcher access
- Create docker/edge/Dockerfile with bash, jq, curl, git, docker-cli
- Create docker/edge/dispatcher.sh as placeholder no-op loop
- Update edge service to build from ./docker/edge instead of caddy:alpine image
- Mount Docker socket into edge container for dispatcher access
- Mount dispatcher.sh as read-only volume
