Add tests/smoke-init.sh — an end-to-end smoke test that runs
disinto init --bare --yes against a real Forgejo instance
(started as a Woodpecker service container).
The test validates:
- Forgejo API responds after init
- Admin and bot users created with tokens
- Repo created with labels on Forgejo
- Project TOML generated correctly
- .env written with FORGE_TOKEN and FORGE_REVIEW_TOKEN
- Cron entries installed (dev-poll, review-poll, gardener)
Uses mock binaries for docker (routes user creation to Forgejo
admin API), claude, tmux, and crontab to run in CI without
Docker-in-Docker.
Wired into CI via .woodpecker/smoke-init.yml (separate pipeline
with Forgejo service, runs on push and pull_request).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rename _cleaned_any to _found_stale and set it on any match (not just
deletion), so "None" only prints when no stale files exist. Prevents
contradictory output when grace-period entries are present.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add auto-cleanup to supervisor/preflight.sh: PHASE:escalate files whose
parent issue/PR is confirmed closed (via Forge API) are deleted after a
24h grace period. Cleanup results appear in the preflight output for
journal logging by the supervisor formula.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split setup_woodpecker() into create_woodpecker_oauth() (pre-compose) and
activate_woodpecker_repo() (post-compose) so OAuth2 creds are in .env before
Woodpecker starts, and repo activation happens after the stack is up.
- Add ports: ["8000:8000"] to Woodpecker service in generate_compose()
- Fix .env var names: WP_FORGEJO_CLIENT/SECRET to match compose references
- Reorder disinto_init(): OAuth2 creation before compose up, repo activation after
- activate_woodpecker_repo() polls Woodpecker readiness with retry loop
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip sourcing .env/.env.enc when DISINTO_CONTAINER=1 since compose
already injects the correct env vars via env_file + environment
overrides. Re-sourcing .env was clobbering compose-level values
like FORGE_URL=http://forgejo:3000 with the localhost default.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add database readiness check (retry loop on `forgejo admin user list`) after
API becomes reachable to avoid the race where HTTP is up but SQLite isn't
accepting writes yet.
Remove `2>/dev/null || true` from user creation commands so failures are
logged with the actual error message. Verify each user exists via API after
creation. Fail init with a clear error if admin token, bot user creation,
or bot token creation fails — instead of silently writing an incomplete .env.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Detect which git remote matches FORGE_URL by comparing the host portion
of FORGE_URL against remote push URLs. Store the result in FORGE_REMOTE
(defaults to "origin" when no match — preserving existing behavior for
Codeberg-direct setups).
Replace every hardcoded "origin" in fetch, push, worktree-add, and
prompt-injection commands across:
- dev/dev-agent.sh (worktree setup, phase protocol prompt)
- dev/phase-handler.sh (CI retrigger, review feedback, rebase instructions)
- review/review-poll.sh (review feedback injection)
- action/action-agent.sh (worktree setup, push instructions)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the claude-auth named Docker volume with bind mounts to the host
user's ~/.claude/ and ~/.claude.json. The named volume creates an empty
directory, so the agents container cannot authenticate with Claude CLI.
Bind-mounting from ${HOME} ensures the container picks up existing
credentials without manual intervention.
Closes codeberg.org/johba/disinto/issues/633
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Critical: setup_matrix now runs after docker compose up -d so Dendrite
is actually running when provisioning is attempted
- Minor: replace sed with Python for .env credential writes to avoid
delimiter collisions with opaque Matrix access tokens
- Info: update matrix_listener.sh header to mention container mode
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
In compose mode, skip host cron installation entirely since the agents
container runs cron internally via entrypoint.sh. In bare mode, check
for crontab before attempting to install entries and produce a clear
error with install instructions if missing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove curl|sh Claude CLI download from Dockerfile (no internet needed)
- Mount host Claude CLI binary into container via docker-compose volume
- generate_compose() resolves host claude path at init time
- entrypoint.sh fails fast with clear error if claude CLI is missing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add -u git to docker exec and docker compose exec calls in _forgejo_exec()
so Forgejo admin commands run as the git user instead of root.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add security_opt: [apparmor=unconfined] to all three compose services
(forgejo, woodpecker, agents) in generate_compose(). This prevents
su-exec from entering an infinite CPU loop when Docker runs inside an
LXD container whose default AppArmor profile blocks setuid/execve.
Harmless on bare-metal Docker hosts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add FORGEJO__security__INSTALL_LOCK: "true" to the forgejo service
environment in generate_compose(). Without this, Forgejo starts in
install-wizard mode and the API returns 404 for all endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The directed graph has mixed edge directions along the path from
agent/formula to objective (agent→formula→label←issue→objective),
so descendants() never reaches objectives. Use undirected connected
components for reachability instead. Also fix closed-issues query
to use forge_get (bounded at 50) instead of forge_get_all (unbounded).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add lib/build-graph.py that builds a NetworkX DiGraph from project docs
and forge API, runs structural analyses (orphans, cycles, disconnected
clusters, thin objectives, bottlenecks), and outputs a JSON report.
Predictor and reviewer agents now call build-graph.py before launching
their Claude sessions and inject the report as context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Clear phase file after reading it in recovery mode so new sessions
start clean instead of inheriting stale state
- When last phase was escalate, tell Claude "previous session escalated —
starting fresh" instead of "resume from escalate" to prevent re-escalation
- Add explicit "PR already exists — do NOT create a new PR" instructions
to recovery prompt to prevent Claude from calling forge API directly
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add stale-pr-recycle step to the gardener formula that detects open PRs
with failed CI older than 24 hours and no active tmux session. Stale PRs
are closed with a comment, and the linked issue is relabeled from
in-progress to backlog so dev-poll picks it up for a fresh attempt.
Also adds close_pr manifest action to the gardener executor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
