Add fire-and-forget mirror push support so merges to the primary branch
are automatically pushed to configured public mirrors (GitHub, Codeberg,
etc.). Mirror failures are logged but never block the pipeline.
- lib/mirrors.sh: new shared mirror_push() helper
- lib/load-project.sh: parse [mirrors] TOML section into MIRROR_* env vars
- dev/phase-handler.sh: call mirror_push after do_merge() success
- dev/dev-poll.sh: call mirror_push after try_direct_merge() success
- gardener/gardener-run.sh: call mirror_push after _gardener_merge() success
- bin/disinto: set up mirror remotes during init, add commented mirrors to
generated TOML
- projects/*.toml.example: show [mirrors] section (commented out)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Warn on stderr when .env.enc decryption fails instead of silent || true
- Guard ensure_age_key() against empty age-keygen -y output
- Fix stale comment on write_secrets_encrypted()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_commit_status() and ci_pipeline_number() helpers to
lib/ci-helpers.sh that query Woodpecker directly with a forge API
fallback. Replace all 12 inline forge commit status calls across 6
files with the new helpers.
Add setup_woodpecker() to bin/disinto init that creates a Forgejo
OAuth2 app for Woodpecker and activates the repo.
Document manual Woodpecker+Forgejo setup in BOOTSTRAP.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When Claude finishes a response but hasn't written to the PHASE file,
the stop hook now injects a nudge into the tmux session instead of just
marking idle. This gives Claude another chance to complete the phase
protocol before the monitor loop times out.
Key changes:
- on-idle-stop.sh: check phase file emptiness, nudge via tmux (max 2)
- agent-session.sh: pass phase_file + session to stop hook, clean up
nudge counter on session teardown
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update AGENTS.md watermarks to current HEAD (9ec0c02)
- lib/AGENTS.md: document parse-deps.sh inline scan now skips fenced
code blocks to prevent false positives from code examples in issue bodies
- No blocked issues to review
- Pending actions: none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The agent-smoke function resolution check flags underscore-containing
identifiers as potential undefined bash functions. Rename in_code to
incode to match the convention used by the existing capture variable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update AGENTS.md watermarks to current HEAD (e8df73e)
- No code changes since last gardener run — watermark-only refresh
- No blocked issues to review
- Pending actions: none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add two-tier backlog pickup in dev-poll.sh:
1. in-progress issues (existing)
2. priority + backlog issues (FIFO within tier)
3. plain backlog issues (FIFO within tier)
The priority label coexists with backlog (not a replacement).
ensure_priority_label() auto-creates the label if missing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update all AGENTS.md watermarks to current HEAD (251d160)
- dev/AGENTS.md: document dev-poll's early direct-merge scan (before lock
check) — approved PRs now merge without waiting for active dev sessions;
chore/gardener PRs merge without issue numbers in branch name
- planner/AGENTS.md: document dispatch-idle-formulas phase (step 4); note
that planner reads both factory and project-specific formulas; clarify
that all planner artifacts use $PROJECT_REPO_ROOT, not $FACTORY_ROOT
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add missing `set -euo pipefail` to three scripts per AGENTS.md conventions:
- lib/ci-helpers.sh
- lib/parse-deps.sh
- supervisor/supervisor-poll.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Project-level .claude/settings.json overrides global ~/.claude/settings.json.
When agent-session.sh creates settings with hooks but without the skip flag,
Claude shows an interactive bypass-permissions confirmation dialog that blocks
all non-interactive tmux agent sessions.
Fixes#514.
- Add session name as third arg to guard hook (passed from agent-session.sh)
- Detect formula sessions (supervisor-*, gardener-*, planner-*, predictor-*)
- Guard 6: block filesystem access to factory root from worktrees, exempt formulas
- Guard 7: restrict system commands (kill, docker, tmux) to supervisor only
- Guard 2: allow formula agents rm -rf within factory root
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a phase change is detected (mtime changes), idle_elapsed was reset
but idle_pane_count was not. This meant idle counts accumulated before a
phase write carried into subsequent polls, so N consecutive idle polls
could be reached with fewer than N actual consecutive idle polls.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update AGENTS.md watermarks (all 10 files) to HEAD 038581e5
- Content already current from recent gardener migration and setup PRs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Progressive disclosure split of AGENTS.md (487→152 lines):
- Extracted per-directory AGENTS.md files for all 8 agents + lib/
- Root AGENTS.md now serves as a table of contents with summary table
- All watermarks updated to 16e430e
Grooming results:
- Promoted #469 (WATCH flow missing curl) and #436 (idle_pane_count bug) to backlog
- 12 dust items classified, no groups ripe for bundling yet
- No blocked issues, no AD violations
Replace codeberg_api GET with codeberg_api_all for the dedup fetch,
which paginates through all open action issues instead of capping at 50.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move TOML frontmatter construction into a shared helper in
lib/file-action-issue.sh, used by both gardener-poll.sh and
gardener-run.sh. Fixes CI duplicate-detection failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- redact_secrets now covers AWS AKIA keys and 0x-prefixed private keys,
matching all patterns that scan_for_secrets detects
- file-action-issue.sh no longer suppresses stderr from scan_for_secrets,
so blocked-issue diagnostics reach the caller's log
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_failed() helper to lib/ci-helpers.sh and replace three compound
`! ci_passed && CI_STATE != "" && != "pending" && != "unknown"` patterns
in dev/dev-poll.sh with the cleaner ci_failed() call.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move ensure_blocked_label_id() from dev/phase-handler.sh into
lib/ci-helpers.sh to eliminate the duplicate blocked-label creation
curl block that existed in both phase-handler.sh and dev-poll.sh.
Both dev-agent.sh and action-agent.sh now source lib/ci-helpers.sh
so the function is available when phase-handler.sh calls it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove dead ROOM_ENCODED and EVENT_ID variables from matrix_listener.sh
(were suppressed with SC2034 instead of removed)
- Remove dead REPO variable from dev-poll.sh and review-poll.sh
- Update header comment in matrix_listener.sh to list all 5 reply-routing
cases (supervisor, gardener, dev, review, vault, action)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove SCRATCH_FILE from action-agent cleanup() trap so it survives crashes
- Change instruction to note contents already injected (avoid wasted tool call)
- Cap scratch file read at 8KB via head -c 8192
- Move predictor scratch instruction after formula (consistent placement)
- Remove redundant FINAL_PHASE re-reads in planner/predictor
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
