Rewrite action-agent from tmux session + phase-handler pattern to
synchronous SDK pattern (agent_run via claude -p). Uses shared libraries:
- agent-sdk.sh for one-shot Claude invocation
- issue-lifecycle.sh for issue_check_deps/issue_close/issue_block
- pr-lifecycle.sh for pr_create/pr_walk_to_merge
- worktree.sh for worktree_create/worktree_cleanup
Add default callback stubs to phase-handler.sh (cleanup_worktree,
cleanup_labels) so it is self-contained now that action-agent.sh
no longer sources it. Update agent-smoke.sh accordingly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#770
The dev agent was pushing fixes without rebasing. If main moved since the branch was created, the PR becomes unmergeable.
This adds a rebase step before every git push in the dev agent workflow:
- Initial push after implementing
- Push after CI fix
- Push after review feedback
Rebasing ensures PRs stay up-to-date with the target branch and avoids merge conflicts.
Co-authored-by: johba <johba@users.codeberg.org>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/775
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Critical fixes:
- vault/vault-agent.sh: Update comment and prompt to use PHASE:escalate
instead of "send a Matrix message"
- dev/dev-agent.sh: Update escalation instruction from "reply via Matrix"
to "respond via the forge"
- dev/phase-handler.sh: Update build_phase_protocol_prompt() escalation
text from "reply via Matrix" to "respond via the forge"
Minor fixes:
- bin/disinto: Remove duplicate comment line in docker-compose header
- README.md: Update vault table row from "via Matrix" to "via vault/forge"
- BOOTSTRAP.md: Remove "Matrix credentials" from TOML description
- lib/AGENTS.md: Remove "callers may follow up via Matrix" from
formula_phase_callback description
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove all Matrix/Dendrite infrastructure:
- Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service
(systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook)
- Remove matrix_send() and matrix_send_ctx() from lib/env.sh
- Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh
- Remove [matrix] section parsing from lib/load-project.sh
- Remove Matrix hook installation from lib/agent-session.sh
- Remove notify/notify_ctx helpers and Matrix thread tracking from
dev/dev-agent.sh and action/action-agent.sh
- Remove all matrix_send calls from dev-poll.sh, phase-handler.sh,
action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh,
review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh
- Remove Matrix listener startup from docker/agents/entrypoint.sh
- Remove append_dendrite_compose() and setup_matrix() from bin/disinto
- Remove --matrix flag from disinto init
- Clean Matrix references from .env.example, projects/*.toml.example,
formulas/*.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md,
PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files
Status visibility now via Codeberg PR/issue activity. Human interaction
via vault items through forge. Proactive alerts via OpenClaw heartbeats.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
On crash (PHASE:crashed or non-zero exit), preserve the worktree and log
its location instead of destroying it unconditionally. Successful sessions
still clean up normally. Supervisor runs housekeeping to remove stale
crashed worktrees older than 24h.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restructure session.lock from command-wrapper flock to fd-based flock so
the lock can be released when Claude is idle and re-acquired before
injecting the next prompt.
- agent-session.sh: add session_lock_acquire/release helpers, open fd in
create_agent_session instead of wrapping claude with flock, auto-acquire
in agent_inject_into_session before injecting
- phase-handler.sh: call session_lock_release at start of awaiting_ci and
awaiting_review handlers (Claude is idle during CI polling / review wait)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Detect which git remote matches FORGE_URL by comparing the host portion
of FORGE_URL against remote push URLs. Store the result in FORGE_REMOTE
(defaults to "origin" when no match — preserving existing behavior for
Codeberg-direct setups).
Replace every hardcoded "origin" in fetch, push, worktree-add, and
prompt-injection commands across:
- dev/dev-agent.sh (worktree setup, phase protocol prompt)
- dev/phase-handler.sh (CI retrigger, review feedback, rebase instructions)
- review/review-poll.sh (review feedback injection)
- action/action-agent.sh (worktree setup, push instructions)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add MATRIX_MENTION_USER config to project TOML and include a Matrix
mention pill in escalation notify_ctx calls so humans get notified
even in muted rooms.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fire-and-forget mirror push support so merges to the primary branch
are automatically pushed to configured public mirrors (GitHub, Codeberg,
etc.). Mirror failures are logged but never block the pipeline.
- lib/mirrors.sh: new shared mirror_push() helper
- lib/load-project.sh: parse [mirrors] TOML section into MIRROR_* env vars
- dev/phase-handler.sh: call mirror_push after do_merge() success
- dev/dev-poll.sh: call mirror_push after try_direct_merge() success
- gardener/gardener-run.sh: call mirror_push after _gardener_merge() success
- bin/disinto: set up mirror remotes during init, add commented mirrors to
generated TOML
- projects/*.toml.example: show [mirrors] section (commented out)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_commit_status() and ci_pipeline_number() helpers to
lib/ci-helpers.sh that query Woodpecker directly with a forge API
fallback. Replace all 12 inline forge commit status calls across 6
files with the new helpers.
Add setup_woodpecker() to bin/disinto init that creates a Forgejo
OAuth2 app for Woodpecker and activates the repo.
Document manual Woodpecker+Forgejo setup in BOOTSTRAP.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace inline case git*/128/137 heuristics in phase-handler.sh with a
call to the shared is_infra_step() helper from lib/ci-helpers.sh.
This eliminates the divergence between phase-handler.sh and
classify_pipeline_failure(), ensuring a single source of truth for
CI infra failure classification.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The sed pipeline `sed -n 2p "$PHASE_FILE" 2>/dev/null | sed "s/^Reason: //"` exits 0
even when $PHASE_FILE does not exist because the second sed reads empty stdin and
succeeds, leaving FAILURE_REASON as "" instead of "unspecified".
Replace with an explicit file-existence check and use ${FAILURE_REASON:-unspecified}
as the default assignment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore executable bit on gardener/gardener-poll.sh (cron invokes it directly)
- Add _BLOCKED_POSTED guard to prevent duplicate diagnostic comments when
both _on_phase_change(PHASE:crashed) and the belt-and-suspenders exit
handler both call post_blocked_diagnostic()
- Update stale documentation:
- gardener-run.sh: remove "CI escalation recipes" from issue body
- AGENTS.md: update directory layout comment for gardener-poll.sh
- gardener-poll.sh: remove recipe engine description from header
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move ensure_blocked_label_id() from dev/phase-handler.sh into
lib/ci-helpers.sh to eliminate the duplicate blocked-label creation
curl block that existed in both phase-handler.sh and dev-poll.sh.
Both dev-agent.sh and action-agent.sh now source lib/ci-helpers.sh
so the function is available when phase-handler.sh calls it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the unreliable escalation JSONL system (supervisor/escalations-*.jsonl
consumed by gardener) with direct blocked label + diagnostic comment on the
original issue.
When a dev-agent or action-agent session fails (PHASE:failed, idle timeout,
crash, CI exhausted):
- Capture last 50 lines from tmux pane via tmux capture-pane
- Post a structured diagnostic comment on the issue (exit reason, timestamp,
PR number, tmux output)
- Label the issue "blocked" (instead of restoring "backlog")
- Remove in-progress label
Removed:
- Escalation JSONL write paths in dev-agent.sh, phase-handler.sh, dev-poll.sh,
action-agent.sh
- is_escalated() helper in dev-poll.sh
- Escalation triage (P2f section) in supervisor-poll.sh
- Escalation processing + recipe engine in gardener-poll.sh
- ci-escalation-recipes step from run-gardener.toml formula
- escalations*.jsonl from .gitignore
Added:
- post_blocked_diagnostic() shared helper in phase-handler.sh
- ensure_blocked_label_id() helper (creates label via API if not exists)
- is_blocked() helper in dev-poll.sh (replaces is_escalated)
- Blocked issues listing in supervisor/preflight.sh
Kept:
- Matrix notifications on failure (unchanged)
- CI fix counter logic (still tracks attempts)
- needs_human injection in supervisor/gardener (not escalation-related)
- Gardener grooming (gardener-agent.sh still invoked)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use single-line conditionals for worktree check in PHASE:crashed handler
(phase-handler.sh) to break 5-line window match with idle_timeout case.
Slim dev-agent.sh crashed case to just restore_to_backlog since the
_on_phase_change callback handles full cleanup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The cleanup_labels + curl POST + CLAIMED=false pattern was duplicated
across dev-agent.sh (idle_timeout and crashed cases) and phase-handler.sh
(PHASE:crashed handler), triggering duplicate-detection CI failure.
Extract restore_to_backlog() shared helper; call it from all three sites.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add explicit PHASE:crashed case to _on_phase_change in phase-handler.sh:
logs crash, notifies Matrix, escalates to supervisor, restores backlog
label, preserves worktree if PR exists, cleans up temp files.
Add crashed case to dev-agent.sh post-loop case statement for
belt-and-suspenders cleanup matching the callback behavior.
Replaces the dead crash_recovery_failed case that was never triggered.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add exit_marker file check to the CI wait loop and review wait loop in
phase-handler.sh, matching the pattern already used in monitor_phase_loop
(agent-session.sh). This makes crash detection consistent across all
polling paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#388
## Changes
Action-agent now sources dev/phase-handler.sh and enters monitor_phase_loop after prompt injection. Two paths: (A) git output triggers the same PR/CI/review lifecycle as dev-agent, (B) no-git output writes PHASE:done for cleanup. Adds docker compose down on terminal phases, escalation to supervisor on idle timeout, and proper temp file cleanup.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/403
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Fixes#370
## Changes
Re-fetch CI_CURRENT_SHA from worktree HEAD on each CI poll cycle inside the awaiting_ci handler. Previously the SHA was captured once before the loop, causing stale-SHA polling when Claude pushed new commits mid-wait.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/380
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Look up UNDERSPECIFIED_LABEL_ID via the Gitea labels API (with fallback)
and use the numeric ID in both phase-handler.sh (PHASE:failed/too_large)
and dev-poll.sh (preflight too_large), matching the pattern already used
for BACKLOG_LABEL_ID.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
review-pr.sh: After APPROVE verdict, kill tmux session, remove phase
file, review output, sentinel files, and review worktree. Same cleanup
for unknown verdicts. REQUEST_CHANGES keeps session alive per #300.
review-poll.sh: Add safety net in stale session cleanup loop — kill
sessions in terminal phase (PHASE:review_complete) even if review-pr.sh
cleanup was interrupted.
dev/phase-handler.sh: Add sentinel file cleanup (/tmp/ci-result-*,
/tmp/review-injected-*) to PHASE:done and PHASE:failed handlers.
dev-agent.sh: Add sentinel file cleanup to idle_timeout/idle_prompt
exit handler. Add belt-and-suspenders done) case to post-loop handler.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Look up backlog label ID via Codeberg API at the start of the PHASE:failed
branch and replace '{"labels":["backlog"]}' at lines 547 and 628 with
the numeric ID, matching the pattern already used in gardener.
- Fix set -e bug: use `_merge_rc=0; do_merge ... || _merge_rc=$?` so non-zero
returns don't kill the agent before _merge_rc is captured
- Fix sentinel path: skip sentinel break for APPROVE so do_merge() always runs,
even when review-poll.sh injected the verdict first
- Fix fragile grep: match HTTP 405 alone instead of `grep -qi "not enough"` —
any 405 from the merge endpoint is a structural block (approvals, branch
protection), not a transient error
- Fix stale comment/status in PHASE:done handler: "orchestrator or Claude"
instead of "agent"
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- phase-handler.sh: remove do_merge(); on APPROVAL inject exact API
commands for agent to merge+close directly; PHASE:done now only
does local cleanup (tmux, worktree, labels) — merge already done
- dev-agent.sh: update PHASE_PROTOCOL_INSTRUCTIONS — Approved means
merge via API, close issue, then write PHASE:done
- dev-poll.sh: remove try_merge_or_rebase(); for approved+CI-green
orphaned PRs, spawn dev-agent (recovery mode) to merge instead
- .env.example: document new token roles (CODEBERG_TOKEN = bot for
push/PR/merge; REVIEW_BOT_TOKEN = human account for approvals)
- AGENTS.md: update token descriptions to match new roles
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Library functions need explicit session name argument — they no longer
have closure over $SESSION_NAME from the parent script.
- agent_kill_session: add $SESSION_NAME to all 11 call sites
- agent_inject_into_session: add $SESSION_NAME to all call sites in
phase-handler.sh and gardener-agent.sh
- agent_kill_session: guard against missing arg (defensive)
kill_tmux_session → agent_kill_session
inject_into_session → agent_inject_into_session
wait_for_claude_ready → agent_wait_for_claude_ready
Also restore status() function lost during #160 refactor.
Fixes dev-agent and gardener-agent crash on startup:
line 149: status: command not found
line 280: kill_tmux_session: command not found
Fixes#160
## Changes
Extracted phase callback functions (post_refusal_comment, do_merge, _on_phase_change) from dev/dev-agent.sh into new dev/phase-handler.sh. dev-agent.sh now sources both lib/agent-session.sh and dev/phase-handler.sh. Replaced inline dependency extraction with lib/parse-deps.sh. dev-agent.sh reduced from 1516 to 684 lines (55% reduction). AGENTS.md shellcheck command updated to include the new files.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/173
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
