- Use `read -rs` to hide typed secret value from terminal
- Prompt for confirmation before overwriting an existing secret
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
smoke-init spins up a full Forgejo instance inside CI and never
finishes within the 5-minute timeout. It blocks all PRs.
Remove it entirely until it can be optimized to run fast enough.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simple while-true loop that runs dev-poll with llama backend env vars.
No cron, no guard files, no activation state — just polls and spawns.
Repo auto-cloned on first start.
To be used with a separate agents-llama compose service that sets
ANTHROPIC_BASE_URL to the llama-server address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete gardener/PROMPT.md (dust-vs-ore rules already in run-gardener.toml)
- Delete supervisor/PROMPT.md (content covered by run-supervisor.toml;
migrate unique "Learning" section into formula's journal step)
- Delete vault/PROMPT.md and create formulas/run-vault.toml as the
source-of-truth formula for vault action classification/routing
- Update supervisor/supervisor-poll.sh to read from formula instead of PROMPT.md
- Update vault/vault-agent.sh to read from formula instead of PROMPT.md
- Update supervisor/AGENTS.md, vault/AGENTS.md, README.md references
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron does not inherit compose env vars. Without these, dev-poll fails
with cd: /home/johba/disinto: No such file or directory (host path
instead of container path).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The old skill/ reflects tmux-based pre-containerization architecture.
disinto-factory/ is the current skill with Docker Compose setup.
Closes#16
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These 4 recipe files (cascade-rebase, chicken-egg-ci, flaky-test,
shellcheck-violations) are never referenced by any script.
The gardener uses formulas/run-gardener.toml.
Closes#23
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace tmux session discovery with .sid file globbing for stale session
cleanup and re-review triggering. Remove inject_review_into_dev_session
(dead code — both review and dev sessions now use SDK agent_run).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents smoke-init and other heavy CI steps from hanging for 40+ min.
Applied automatically during disinto init.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
env.sh changes don't need a full Forgejo init smoke test.
Prevents 40-minute CI hangs on env fixes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
source .env clobbers FORGE_URL from http://forgejo:3000 (Docker DNS)
to http://localhost:3000 (unreachable inside container). Save and
restore FORGE_URL around the source.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: env.sh skipped sourcing .env when DISINTO_CONTAINER=1,
assuming compose injects all env vars. But cron jobs do NOT inherit
compose env vars — they only get crontab-level variables.
Result: FORGE_TOKEN was empty in every cron poll. API calls returned
nothing, polls silently found "no open PRs" and exited.
Fix: always source .env regardless of DISINTO_CONTAINER. Compose env
vars (FORGE_URL) are set in the crontab env and take precedence.
Entrypoint also adds FORGE_URL to crontab env vars.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
env.sh references $USER which is not set in cron environment.
With set -u (pipefail), this causes env.sh to exit before setting
DISINTO_LOG_DIR, resulting in log writes to the read-only mount.
Root cause of silent cron failures since containerized setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron jobs run with minimal environment — no Docker compose env vars.
Without DISINTO_CONTAINER=1, env.sh falls back to FACTORY_ROOT for
log paths, which is the read-only disinto mount. Polls silently fail.
Fix: set DISINTO_CONTAINER=1 as crontab environment variable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron poll errors were silently swallowed, making it impossible to
diagnose why agents stopped picking up issues. Now logs to
/home/agent/data/logs/cron.log.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
LOGFILE pointed to SCRIPT_DIR (inside the ro disinto mount).
Use DISINTO_LOG_DIR which points to writable /home/agent/data/logs/.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rewrite action-agent from tmux session + phase-handler pattern to
synchronous SDK pattern (agent_run via claude -p). Uses shared libraries:
- agent-sdk.sh for one-shot Claude invocation
- issue-lifecycle.sh for issue_check_deps/issue_close/issue_block
- pr-lifecycle.sh for pr_create/pr_walk_to_merge
- worktree.sh for worktree_create/worktree_cleanup
Add default callback stubs to phase-handler.sh (cleanup_worktree,
cleanup_labels) so it is self-contained now that action-agent.sh
no longer sources it. Update agent-smoke.sh accordingly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
BOOTSTRAP.md is superseded by the disinto-factory skill (SKILL.md).
CLAUDE.md now just points to AGENTS.md and the skill.
Updated AGENTS.md reference accordingly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Comprehensive guide for AI coding agents (Claude Code, etc.) to:
- Set up a new factory instance in an LXD container
- Run disinto init and verify the stack
- Configure mirrors to GitHub/Codeberg
- Check on dev-agent, review-agent, and CI status
- Unstick blocked issues and trigger manual polls
- File issues for the factory to work on
- Known workarounds for LXD nested Docker
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip the heavyweight smoke-init test (spins up full Forgejo inside CI)
for PRs that do not touch init-related code. Saves ~25min of CPU per
unrelated PR.
Closes#8
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CI step containers spawned by the WP agent (running on host network)
cannot resolve Docker service names like forgejo. Setting
WOODPECKER_BACKEND_DOCKER_NETWORK puts CI containers on the compose
network so they can reach Forgejo for git clone.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Forgejo blocks outgoing webhooks to non-allowlisted hosts by default.
Woodpecker CI requires webhook delivery for pipeline triggering.
Setting ALLOWED_HOST_LIST=private allows webhooks to any RFC1918 address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Docker bridge networking inside LXD (and potentially other nested container
environments) breaks gRPC/HTTP2 between containers. The gRPC handshake
times out because HTTP/2 frames are not properly forwarded.
Fix: run the WP agent with network_mode: host + privileged, connecting
to the server via localhost:9000 (port mapped from the server container).
- Add port 9000 mapping to woodpecker server
- Switch agent to network_mode: host with privileged: true
- Connect agent to localhost:9000 instead of woodpecker:9000
- Add WOODPECKER_GRPC_SECURE=false
- Move healthcheck to port 3333 (avoid clash with Forgejo on 3000)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add ~/.ssh mount to agents container (needed for mirror pushes)
- Add PROJECT_REPO_ROOT env to agents and vault-runner containers
- Revert WOODPECKER_HOST to http://woodpecker:8000 (localhost breaks gRPC)
- Remove WOODPECKER_GRPC_ADDR (did not fix gRPC issue)
- Keep WOODPECKER_OPEN for OAuth2 first-user registration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Rewrite URL-encoded Docker-internal hostnames in OAuth2 redirect
- Submit all Forgejo grant form fields (client_id, state, redirect_uri, granted)
- Add WOODPECKER_OPEN to compose template for first user OAuth registration
- Add WOODPECKER_GRPC_ADDR to compose template
- Fix WP repo activation: use query param with numeric Forgejo repo ID
- WP v3 PAT creation via session cookie + CSRF header
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reuse build_prompt_footer() from formula-session.sh instead of
hand-rolling the API reference and environment sections. Replace
the phase protocol section with SDK completion protocol.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
