- Add jq error fallback to TOP_PAGES pipeline (matches TOP_REFERRERS guard)
- Add referred_visitors and response_time to empty-period report schema
- Switch Caddy log parsing to jq -R with try/fromjson for line-level recovery
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Recommend against building an MCP server at this time. The SKILL.md skill
already exposes the same factory operations, and an MCP server would add a
new language dependency (TypeScript/Python) to an all-bash codebase for
marginal benefit. Document conditions under which to revisit.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Published disinto@0.1.1 to ClawHub with env_vars and tools declared
in SKILL.md frontmatter. Added ClawHub badge to README.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove stale Matrix escalation-reply routing text (supervisor-run.sh no
longer calls consume_escalation_reply)
- Fix preflight description: PHASE:escalate (matches actual code), not
PHASE:failed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restructure session.lock from command-wrapper flock to fd-based flock so
the lock can be released when Claude is idle and re-acquired before
injecting the next prompt.
- agent-session.sh: add session_lock_acquire/release helpers, open fd in
create_agent_session instead of wrapping claude with flock, auto-acquire
in agent_inject_into_session before injecting
- phase-handler.sh: call session_lock_release at start of awaiting_ci and
awaiting_review handlers (Claude is idle during CI polling / review wait)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## What
Removes the exec agent (PR #697). Its functionality is replaced by:
1. **OpenClaw skill** — teaches any OpenClaw instance to be the factory's face
2. **Vault API** — structured interface for proposals, approvals, rejections
The exec agent was rebuilding OpenClaw in bash. Every piece has a native OpenClaw equivalent:
- CHARACTER.md → SOUL.md
- exec/MEMORY.md → MEMORY.md
- exec-session.sh → session management
- exec-briefing.sh → heartbeats/cron
- Matrix dispatch → channel plugins
## Why
Prudence isn't a separate agent. She's what OpenClaw becomes when it has the disinto skill. One LLM, one vault API, no LLM-to-LLM.
## Related
- #721 — remove escalation, route through vault
- #709 — skill registry research
- #466 — example project (vault should have handled this, not escalation)
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/722
Remove ESCALATED signal and escalation handling from planner, supervisor,
and gardener. When blocked on external resources or human decisions, these
agents now file vault procurement items (vault/pending/*.md) instead of
escalating directly to the human.
Changes:
- Planner formula: ESCALATED signal replaced with HUMAN_BLOCKED; files
vault items and marks prerequisites as blocked-on-vault
- Supervisor formula/prompt: escalation sections replaced with vault item
filing; preflight now reports pending vault items instead of escalation
replies
- Gardener formula: ESCALATE action replaced with VAULT action; files
vault/pending/*.md for human decisions
- Groom-backlog formula: same ESCALATE→VAULT replacement
- Gardener shell: PHASE:escalate replaced with PHASE:failed for merge
blocks and CI exhaustion; escalation reply consumption removed
- Supervisor shell: escalation reply consumption removed from both
supervisor-run.sh and legacy supervisor-poll.sh
- Prerequisite tree: #466 updated from "escalated" to "blocked-on-vault"
The vault is the factory's only interface to the human for resources and
approvals. Dev/action agents retain PHASE:escalate for operational session
issues (CI timeouts, merge blocks) which are a different mechanism.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Deduplicate the three 5-line windows flagged by CI duplicate-detection:
- read-journal.sh: replace sed-based usage() with inline heredoc
- file-issue.sh: use printf with script name prefix for unknown options
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add skill/ directory implementing the Agent Skills open standard (SKILL.md
format) for the disinto factory. Includes:
- SKILL.md with YAML frontmatter, 9-agent architecture overview, env var
documentation, 6 common workflows, and gotchas section (170 lines)
- scripts/factory-status.sh — query agent status, open issues, CI pipelines
- scripts/file-issue.sh — create forge issues with label resolution and
secret scanning
- scripts/read-journal.sh — read planner/supervisor/exec journals by date
- templates/issue-template.md — standard issue body format
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## What
Rewrites the factory lifecycle model in VISION.md around three primitives:
- **Resources** — what the factory can use
- **Addressables** — artifacts reachable by users (the outbound path)
- **Observables** — addressables with signal flowing back (the return path)
## The lifecycle
```
Resources → build → Addressable → promote → Observable → experiment → learn → build
```
## Key ideas
- **Three folds** (Build, Ship, Learn) as concurrent capabilities, not sequential phases
- **Vault-gated fold transitions** — dormant infrastructure activates on human approval
- **"It's not shipped until it's measured"** — observable-by-default principle
- **Assumptions register** over variation surfaces — track beliefs, challenge them with data
- **Signal detection** — follow the energy, not the hypothesis
- **Maximum contact with reality** — vary the audience, instrument everything, notice surprises
## Milestone updates
- Added Ship (Fold 2) and Learn (Fold 3) milestones
- Updated Adoption milestone to reflect containerization
- Added knowledge graph to Foundation
- Added observable-by-default to design principles
Co-designed in conversation, 2026-03-25.
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/708
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
Non-blocking flock (-n) silently drops work items when concurrent agents
race for the lock. Switch to -w 300 so sessions queue up to 5 minutes,
and single-quote the lock path to handle spaces in $HOME.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make ~/.claude volume mount read-write (was :ro) so containers can
write back refreshed OAuth tokens
- Wrap Claude CLI in flock(1) inside tmux sessions using
~/.claude/session.lock — prevents concurrent token refresh races
across agents sharing the same credentials
- Add ANTHROPIC_API_KEY detection in entrypoint.sh: when set, skips
OAuth entirely (no rotation issues, metered billing)
- Log active auth method (API key vs OAuth vs missing) at container
startup for easier 401 debugging
- Document 'claude auth login' requirement in disinto init output
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Rename step 1 from "Clone and start the stack" to "Clone disinto"
- Remove bin/disinto up from step 2 snippet (init already starts the stack)
- Clarify that disinto init handles the full bootstrap including stack start
- Note disinto up/down as available for subsequent restarts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merge main into feat/exec-agent to pick up ba1ab6e which added
matrix_send_ctx to lib/env.sh and action/action-agent.sh. Without
this merge, CI smoke test fails on the PR merge commit.
Re-applied exec changes on top of main:
- .env.example, AGENTS.md, bin/disinto, lib/matrix_listener.sh
- .woodpecker/agent-smoke.sh: exec scripts added to checks
Two wins from the dev-agent's implementation:
1. exec-briefing.sh: rewritten to just call exec-inject.sh with a
briefing prompt (57 lines, down from 154). No more duplicated
compass/character/context loading.
2. exec-inject.sh: response capture now uses agent_wait_for_claude_ready
+ pane line diff instead of custom EXEC-RESPONSE-START/END markers.
Claude just responds naturally — no special output format needed.
Also: matrix listener uses nohup for robustness and validates TOML
path before passing to exec-inject.sh.
disinto init now silently downloads the compass from
https://disinto.ai/compass.md to ~/.disinto/compass.md, sets
EXEC_COMPASS in .env, and activates the exec agent. No prompts,
no friction — the compass is public philosophy, not a secret.
Once on disk, the factory cannot modify it. Only the executive
can edit ~/.disinto/compass.md directly.
- site/compass.md: compass hosted on disinto.ai (Codeberg Pages)
- bin/disinto: init downloads compass, sets env var, activates exec
- exec-session.sh, exec-briefing.sh: fallback to ~/.disinto/compass.md
- .env.example: updated comment to reflect auto-provisioning
The compass (identity, moral core) now lives outside the repo at a path
specified by EXEC_COMPASS in .env or .env.enc. The agent hard-fails if
the compass file is missing — it refuses to start without its soul.
This means the factory (dev agent, gardener, planner) can evolve the
exec's voice and relationships via PRs to CHARACTER.md, but cannot
touch the compass. Only the executive controls it directly.
- exec-session.sh: loads compass from $EXEC_COMPASS, merges with CHARACTER.md
- exec-briefing.sh: same compass loading, hard fail without it
- CHARACTER.md: compass sections replaced with runtime-load comments
- COMPASS.md.example: template for the compass file
- .env.example: added EXEC_COMPASS variable
- exec/AGENTS.md: documented compass separation and EXEC_COMPASS requirement
