- Use FORGE_URL/FORGE_OPS_REPO for clonable URL
- Pass -e SECRET_NAME without value (Docker inherits from env)
- Simplify logging to hide all -e flags entirely
- Redact secrets in logs (=***)
- Fix -e flags before service name in docker compose run
- Use FORGE_OPS_REPO for cloning ops repo
- Refresh ops repo in each poll loop iteration
- Use array-based command execution to prevent shell injection
- Load vault secrets after env.sh for dispatcher access
- Create docker/edge/Dockerfile with bash, jq, curl, git, docker-cli
- Create docker/edge/dispatcher.sh as placeholder no-op loop
- Update edge service to build from ./docker/edge instead of caddy:alpine image
- Mount Docker socket into edge container for dispatcher access
- Mount dispatcher.sh as read-only volume
Local llama does not support claude --resume (no server-side session
storage). Stale .sid files from failed runs cause agent_run to exit
instantly on every retry, creating an infinite 1-second failure loop.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
FORGE_TOKEN_OVERRIDE in compose env sets a per-agent token.
PRs, issue claims, and comments from the llama agent now show
dev-qwen instead of dev-bot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simple while-true loop that runs dev-poll with llama backend env vars.
No cron, no guard files, no activation state — just polls and spawns.
Repo auto-cloned on first start.
To be used with a separate agents-llama compose service that sets
ANTHROPIC_BASE_URL to the llama-server address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron does not inherit compose env vars. Without these, dev-poll fails
with cd: /home/johba/disinto: No such file or directory (host path
instead of container path).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
env.sh references $USER which is not set in cron environment.
With set -u (pipefail), this causes env.sh to exit before setting
DISINTO_LOG_DIR, resulting in log writes to the read-only mount.
Root cause of silent cron failures since containerized setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron jobs run with minimal environment — no Docker compose env vars.
Without DISINTO_CONTAINER=1, env.sh falls back to FACTORY_ROOT for
log paths, which is the read-only disinto mount. Polls silently fail.
Fix: set DISINTO_CONTAINER=1 as crontab environment variable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Cron poll errors were silently swallowed, making it impossible to
diagnose why agents stopped picking up issues. Now logs to
/home/agent/data/logs/cron.log.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove all Matrix/Dendrite infrastructure:
- Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service
(systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook)
- Remove matrix_send() and matrix_send_ctx() from lib/env.sh
- Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh
- Remove [matrix] section parsing from lib/load-project.sh
- Remove Matrix hook installation from lib/agent-session.sh
- Remove notify/notify_ctx helpers and Matrix thread tracking from
dev/dev-agent.sh and action/action-agent.sh
- Remove all matrix_send calls from dev-poll.sh, phase-handler.sh,
action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh,
review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh
- Remove Matrix listener startup from docker/agents/entrypoint.sh
- Remove append_dendrite_compose() and setup_matrix() from bin/disinto
- Remove --matrix flag from disinto init
- Clean Matrix references from .env.example, projects/*.toml.example,
formulas/*.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md,
PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files
Status visibility now via Codeberg PR/issue activity. Human interaction
via vault items through forge. Proactive alerts via OpenClaw heartbeats.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make ~/.claude volume mount read-write (was :ro) so containers can
write back refreshed OAuth tokens
- Wrap Claude CLI in flock(1) inside tmux sessions using
~/.claude/session.lock — prevents concurrent token refresh races
across agents sharing the same credentials
- Add ANTHROPIC_API_KEY detection in entrypoint.sh: when set, skips
OAuth entirely (no rotation issues, metered billing)
- Log active auth method (API key vs OAuth vs missing) at container
startup for easier 401 debugging
- Document 'claude auth login' requirement in disinto init output
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- tea_relabel: use `tea issues edit` instead of `tea issues labels`
(the latter is the list subcommand and ignores --labels)
- Dockerfile: verify tea binary sha256 after download
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add lib/tea-helpers.sh with tea_file_issue, tea_relabel, tea_comment,
tea_close — thin wrappers preserving secret scanning on write ops
- Add tea 0.9.2 binary to docker/agents/Dockerfile
- Configure tea login in docker/agents/entrypoint.sh from FORGE_TOKEN/FORGE_URL
- Derive TEA_LOGIN in lib/env.sh (codeberg vs local forgejo)
- Source tea-helpers.sh conditionally when tea binary is available
- Migrate predictor formula from inline curl to tea CLI commands
- Register tea-helpers.sh in smoke test function resolution
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove curl|sh Claude CLI download from Dockerfile (no internet needed)
- Mount host Claude CLI binary into container via docker-compose volume
- generate_compose() resolves host claude path at init time
- entrypoint.sh fails fast with clear error if claude CLI is missing
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add EXIT trap in disinto_up() so the plaintext .env is removed even if
docker compose up fails. Previously set -euo pipefail would abort
before the cleanup block, leaving secrets on disk.
Replace the silent || true in the Dockerfile with an explicit
claude --version check so the build fails visibly if the CLI cannot
be installed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The entrypoint installed a crontab but never started a cron daemon,
leaving the container idle. Fix by running as root in the entrypoint
(cron requires it), installing the crontab for the agent user via
`crontab -u agent`, and starting cron in the foreground with `cron -f`.
Remove `USER agent` from the Dockerfile and `user: "1000:1000"` from
the compose template accordingly — cron jobs still execute as UID 1000.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add docker-compose.yml generation, agent Dockerfile, and new CLI
commands (up/down/logs/shell) so the full stack runs containerized.
The --bare flag preserves the current bare-metal setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
