Fixes#779
## Changes
Auto-generate WOODPECKER_TOKEN during disinto init by automating the Forgejo OAuth2 login flow after the compose stack starts. Adds generate_woodpecker_token() function that: logs into Forgejo web UI, drives the OAuth2 authorize/consent flow, completes the Woodpecker callback to get a session token, then creates a persistent personal access token via Woodpecker API. Saves to .env so activate_woodpecker_repo() can use it immediately. Failures are non-fatal (guarded with || true).
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/790
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Push events test the raw branch which may be behind main.
PR events test the merge result, which is what matters.
This eliminates false CI failures that block the dev-agent.
Fixes#778
## Changes
Add git identity warning to preflight_check() (warns if user.name/user.email missing) and auto-configure repo-local identity in setup_ops_repo() before the seed commit. This prevents init from failing late when git identity is not configured globally.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/780
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Fixes#770
The dev agent was pushing fixes without rebasing. If main moved since the branch was created, the PR becomes unmergeable.
This adds a rebase step before every git push in the dev agent workflow:
- Initial push after implementing
- Push after CI fix
- Push after review feedback
Rebasing ensures PRs stay up-to-date with the target branch and avoids merge conflicts.
Co-authored-by: johba <johba@users.codeberg.org>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/775
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Add "(" to the get_candidates skip list so that function definition
lines (e.g. memory_guard() {) are not extracted as call candidates.
Previously this was masked by get_fns also being broken on BusyBox
awk, but fixing get_fns exposed the get_candidates gap.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set is_empty="skipped" before breaking out of the retry loop when
the API is unreachable, so the post-loop guard does not misfire
with a false "still reports empty" failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the single-shot Forgejo API emptiness check in push_to_forge()
with a retry loop (up to 5 attempts, 2s apart). Forgejo needs a brief
delay to index pushed refs, so the immediate check could see stale
metadata reporting empty=true even though the push succeeded.
Also fix agent-smoke.sh get_fns() to use POSIX character classes and
bracket-escaped parens for BusyBox awk compatibility in Alpine CI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the single-shot Forgejo API emptiness check in push_to_forge()
with a retry loop (up to 5 attempts, 2s apart). Forgejo needs a brief
delay to index pushed refs, so the immediate check could see stale
metadata reporting empty=true even though the push succeeded.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a dev-agent tmux session is alive, dev-poll and review-poll
previously skipped it entirely — leaving the agent deaf to CI results
and review feedback if the orchestrator (dev-agent.sh) had died.
Changes in dev-poll.sh:
- Add handle_active_session() helper that checks running sessions for
injectable events instead of blindly skipping
- Detect externally merged/closed PRs and clean up stale sessions
- Inject CI success/failure into sessions in PHASE:awaiting_ci
- Inject review feedback into sessions in PHASE:awaiting_review
- SHA-based sentinel prevents duplicate injections across poll cycles
- Replace all 7 tmux skip blocks with handle_active_session calls
Changes in review-poll.sh:
- inject_review_into_dev_session() now falls back to formal forge
reviews when no bot review comment is found
- Call injection when skipping already-reviewed PRs (previously only
called after performing new reviews)
Evidence: PR #767 (#757) — CI failed twice with agent stuck in
awaiting_ci; PR merged manually with session blocking new backlog.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#757
## Changes
Separate operations from code into {project}-ops repo pattern. Added OPS_REPO_ROOT infrastructure (env.sh, load-project.sh, formula-session.sh with ensure_ops_repo helper). Updated all 8 agent scripts and 7 formulas to read/write vault items, journals, evidence, prerequisites, RESOURCES.md, and knowledge from the ops repo. Added setup_ops_repo() to disinto init for automatic ops repo creation and seeding. Removed migrated data from code repo (vault data dirs, planner journal/memory/prerequisites, supervisor journal/best-practices, evidence, RESOURCES.md). Updated all documentation. 55 files changed, ShellCheck clean, all 38 phase tests pass.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/767
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Split secrets into two SOPS-encrypted files:
- .env.enc for agent secrets (FORGE_TOKEN, CLAUDE_API_KEY, etc.)
- .env.vault.enc for vault secrets (GITHUB_TOKEN, deploy keys, etc.)
Add ephemeral vault-runner container (profiles: ["vault"]) that receives
only vault secrets at runtime. Agents never see vault secrets; vault-runner
never sees agent secrets.
Key changes:
- bin/disinto: vault-run subcommand, dual-file secrets management,
vault-runner service in compose template
- vault/vault-fire.sh: delegates action execution to vault-runner
container via disinto vault-run (bare-metal fallback preserved)
- vault/vault-poll.sh: new phase 5 detects vault-bot authorized
comments on issues with action label
- vault/vault-run-action.sh: entrypoint for ephemeral container,
dispatches to action handlers
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Moves shared env.sh sourcing + vault-bot token override into
vault/vault-env.sh so the three vault sub-scripts no longer share
a duplicate 5-line block.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Each agent now gets its own Forgejo account (dev-bot, review-bot,
planner-bot, gardener-bot, vault-bot, supervisor-bot, predictor-bot,
action-bot) with a dedicated API token. This enables:
- Audit trail: every forge action attributable to a specific agent
- Permission boundaries: agents act under their own identity
- Vault authorization model: vault-bot comments = proof of approval
Changes:
- bin/disinto: setup_forge() creates all 8 bot accounts during init,
stores per-agent tokens (FORGE_*_TOKEN) in .env, adds all bots as
repo collaborators
- lib/env.sh: exports per-agent token vars with fallback to FORGE_TOKEN
for backwards compat; sets FORGE_BOT_USERNAMES default to all 8 bots
- Agent scripts: each agent overrides FORGE_TOKEN with its per-agent
token after sourcing env.sh (gardener, planner, supervisor, predictor,
vault, action)
- .env.example: documents all per-agent token fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add mandatory Addressables and Observables sections to AGENTS.md so all
agents have a concrete inventory of what the factory has produced.
- AGENTS.md: add Addressables table (website, repo, skill, GitHub org)
and empty Observables section
- run-gardener.toml: add portfolio lifecycle duties (add, promote,
remove, flag) to the grooming step
- run-planner.toml: reference portfolio as planning input
- run-predictor.toml: reference portfolio for weakness detection
Critical fixes:
- vault/vault-agent.sh: Update comment and prompt to use PHASE:escalate
instead of "send a Matrix message"
- dev/dev-agent.sh: Update escalation instruction from "reply via Matrix"
to "respond via the forge"
- dev/phase-handler.sh: Update build_phase_protocol_prompt() escalation
text from "reply via Matrix" to "respond via the forge"
Minor fixes:
- bin/disinto: Remove duplicate comment line in docker-compose header
- README.md: Update vault table row from "via Matrix" to "via vault/forge"
- BOOTSTRAP.md: Remove "Matrix credentials" from TOML description
- lib/AGENTS.md: Remove "callers may follow up via Matrix" from
formula_phase_callback description
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The memory guard block in action-poll.sh and dev-poll.sh became
identical after removing matrix_send calls, triggering the
duplicate-detection CI check. Extract to a shared function in
lib/env.sh (already sourced by both scripts).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These variables were only used by the matrix_send call removed in the
prior commit. ShellCheck SC2034 flagged them as unused.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove all Matrix/Dendrite infrastructure:
- Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service
(systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook)
- Remove matrix_send() and matrix_send_ctx() from lib/env.sh
- Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh
- Remove [matrix] section parsing from lib/load-project.sh
- Remove Matrix hook installation from lib/agent-session.sh
- Remove notify/notify_ctx helpers and Matrix thread tracking from
dev/dev-agent.sh and action/action-agent.sh
- Remove all matrix_send calls from dev-poll.sh, phase-handler.sh,
action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh,
review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh
- Remove Matrix listener startup from docker/agents/entrypoint.sh
- Remove append_dendrite_compose() and setup_matrix() from bin/disinto
- Remove --matrix flag from disinto init
- Clean Matrix references from .env.example, projects/*.toml.example,
formulas/*.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md,
PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files
Status visibility now via Codeberg PR/issue activity. Human interaction
via vault items through forge. Proactive alerts via OpenClaw heartbeats.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
On crash (PHASE:crashed or non-zero exit), preserve the worktree and log
its location instead of destroying it unconditionally. Successful sessions
still clean up normally. Supervisor runs housekeeping to remove stale
crashed worktrees older than 24h.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add jq error fallback to TOP_PAGES pipeline (matches TOP_REFERRERS guard)
- Add referred_visitors and response_time to empty-period report schema
- Switch Caddy log parsing to jq -R with try/fromjson for line-level recovery
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Recommend against building an MCP server at this time. The SKILL.md skill
already exposes the same factory operations, and an MCP server would add a
new language dependency (TypeScript/Python) to an all-bash codebase for
marginal benefit. Document conditions under which to revisit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Published disinto@0.1.1 to ClawHub with env_vars and tools declared
in SKILL.md frontmatter. Added ClawHub badge to README.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
