On crash (PHASE:crashed or non-zero exit), preserve the worktree and log
its location instead of destroying it unconditionally. Successful sessions
still clean up normally. Supervisor runs housekeeping to remove stale
crashed worktrees older than 24h.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restructure session.lock from command-wrapper flock to fd-based flock so
the lock can be released when Claude is idle and re-acquired before
injecting the next prompt.
- agent-session.sh: add session_lock_acquire/release helpers, open fd in
create_agent_session instead of wrapping claude with flock, auto-acquire
in agent_inject_into_session before injecting
- phase-handler.sh: call session_lock_release at start of awaiting_ci and
awaiting_review handlers (Claude is idle during CI polling / review wait)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## What
Removes the exec agent (PR #697). Its functionality is replaced by:
1. **OpenClaw skill** — teaches any OpenClaw instance to be the factory's face
2. **Vault API** — structured interface for proposals, approvals, rejections
The exec agent was rebuilding OpenClaw in bash. Every piece has a native OpenClaw equivalent:
- CHARACTER.md → SOUL.md
- exec/MEMORY.md → MEMORY.md
- exec-session.sh → session management
- exec-briefing.sh → heartbeats/cron
- Matrix dispatch → channel plugins
## Why
Prudence isn't a separate agent. She's what OpenClaw becomes when it has the disinto skill. One LLM, one vault API, no LLM-to-LLM.
## Related
- #721 — remove escalation, route through vault
- #709 — skill registry research
- #466 — example project (vault should have handled this, not escalation)
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/disinto/pulls/722
Non-blocking flock (-n) silently drops work items when concurrent agents
race for the lock. Switch to -w 300 so sessions queue up to 5 minutes,
and single-quote the lock path to handle spaces in $HOME.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make ~/.claude volume mount read-write (was :ro) so containers can
write back refreshed OAuth tokens
- Wrap Claude CLI in flock(1) inside tmux sessions using
~/.claude/session.lock — prevents concurrent token refresh races
across agents sharing the same credentials
- Add ANTHROPIC_API_KEY detection in entrypoint.sh: when set, skips
OAuth entirely (no rotation issues, metered billing)
- Log active auth method (API key vs OAuth vs missing) at container
startup for easier 401 debugging
- Document 'claude auth login' requirement in disinto init output
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two wins from the dev-agent's implementation:
1. exec-briefing.sh: rewritten to just call exec-inject.sh with a
briefing prompt (57 lines, down from 154). No more duplicated
compass/character/context loading.
2. exec-inject.sh: response capture now uses agent_wait_for_claude_ready
+ pane line diff instead of custom EXEC-RESPONSE-START/END markers.
Claude just responds naturally — no special output format needed.
Also: matrix listener uses nohup for robustness and validates TOML
path before passing to exec-inject.sh.
New agent: exec — message-driven executive assistant reachable via Matrix.
Unlike cron-driven agents, the exec activates on demand when the executive
sends a message, maintains persistent conversation context, and has a
distinct character defined in CHARACTER.md.
The CHARACTER.md defines the exec as an animal of light — born from data,
dedicated to bringing more light into the world. But it deliberately
refuses to define what light and darkness are, forcing deliberation
from first principles every time (cat questions | grep knowledge).
Components:
- exec-session.sh: spawn/reattach persistent Claude tmux session
- exec-inject.sh: message injection + response capture + Matrix posting
- exec-briefing.sh: optional daily morning briefing (cron)
- CHARACTER.md: personality and moral compass
- PROMPT.md: system prompt template reference
- MEMORY.md: persistent memory across sessions (seed)
Integration:
- Matrix listener: new exec dispatch case (spawn on demand)
- Root AGENTS.md: updated agent count (8→9), table, directory layout
- Graph analysis available on demand (not injected by default)
Move graph report generation into build_graph_section() in
lib/formula-session.sh. Both planner-run.sh and predictor-run.sh
now call the shared helper instead of duplicating the same 11 lines.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- tea_relabel: use `tea issues edit` instead of `tea issues labels`
(the latter is the list subcommand and ignores --labels)
- Dockerfile: verify tea binary sha256 after download
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add lib/tea-helpers.sh with tea_file_issue, tea_relabel, tea_comment,
tea_close — thin wrappers preserving secret scanning on write ops
- Add tea 0.9.2 binary to docker/agents/Dockerfile
- Configure tea login in docker/agents/entrypoint.sh from FORGE_TOKEN/FORGE_URL
- Derive TEA_LOGIN in lib/env.sh (codeberg vs local forgejo)
- Source tea-helpers.sh conditionally when tea binary is available
- Migrate predictor formula from inline curl to tea CLI commands
- Register tea-helpers.sh in smoke test function resolution
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip sourcing .env/.env.enc when DISINTO_CONTAINER=1 since compose
already injects the correct env vars via env_file + environment
overrides. Re-sourcing .env was clobbering compose-level values
like FORGE_URL=http://forgejo:3000 with the localhost default.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Critical: setup_matrix now runs after docker compose up -d so Dendrite
is actually running when provisioning is attempted
- Minor: replace sed with Python for .env credential writes to avoid
delimiter collisions with opaque Matrix access tokens
- Info: update matrix_listener.sh header to mention container mode
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The directed graph has mixed edge directions along the path from
agent/formula to objective (agent→formula→label←issue→objective),
so descendants() never reaches objectives. Use undirected connected
components for reachability instead. Also fix closed-issues query
to use forge_get (bounded at 50) instead of forge_get_all (unbounded).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add lib/build-graph.py that builds a NetworkX DiGraph from project docs
and forge API, runs structural analyses (orphans, cycles, disconnected
clusters, thin objectives, bottlenecks), and outputs a JSON report.
Predictor and reviewer agents now call build-graph.py before launching
their Claude sessions and inject the report as context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add MATRIX_MENTION_USER config to project TOML and include a Matrix
mention pill in escalation notify_ctx calls so humans get notified
even in muted rooms.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add docker-compose.yml generation, agent Dockerfile, and new CLI
commands (up/down/logs/shell) so the full stack runs containerized.
The --bare flag preserves the current bare-metal setup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fire-and-forget mirror push support so merges to the primary branch
are automatically pushed to configured public mirrors (GitHub, Codeberg,
etc.). Mirror failures are logged but never block the pipeline.
- lib/mirrors.sh: new shared mirror_push() helper
- lib/load-project.sh: parse [mirrors] TOML section into MIRROR_* env vars
- dev/phase-handler.sh: call mirror_push after do_merge() success
- dev/dev-poll.sh: call mirror_push after try_direct_merge() success
- gardener/gardener-run.sh: call mirror_push after _gardener_merge() success
- bin/disinto: set up mirror remotes during init, add commented mirrors to
generated TOML
- projects/*.toml.example: show [mirrors] section (commented out)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Warn on stderr when .env.enc decryption fails instead of silent || true
- Guard ensure_age_key() against empty age-keygen -y output
- Fix stale comment on write_secrets_encrypted()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add ci_commit_status() and ci_pipeline_number() helpers to
lib/ci-helpers.sh that query Woodpecker directly with a forge API
fallback. Replace all 12 inline forge commit status calls across 6
files with the new helpers.
Add setup_woodpecker() to bin/disinto init that creates a Forgejo
OAuth2 app for Woodpecker and activates the repo.
Document manual Woodpecker+Forgejo setup in BOOTSTRAP.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When Claude finishes a response but hasn't written to the PHASE file,
the stop hook now injects a nudge into the tmux session instead of just
marking idle. This gives Claude another chance to complete the phase
protocol before the monitor loop times out.
Key changes:
- on-idle-stop.sh: check phase file emptiness, nudge via tmux (max 2)
- agent-session.sh: pass phase_file + session to stop hook, clean up
nudge counter on session teardown
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update AGENTS.md watermarks to current HEAD (9ec0c02)
- lib/AGENTS.md: document parse-deps.sh inline scan now skips fenced
code blocks to prevent false positives from code examples in issue bodies
- No blocked issues to review
- Pending actions: none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The agent-smoke function resolution check flags underscore-containing
identifiers as potential undefined bash functions. Rename in_code to
incode to match the convention used by the existing capture variable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update AGENTS.md watermarks to current HEAD (e8df73e)
- No code changes since last gardener run — watermark-only refresh
- No blocked issues to review
- Pending actions: none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add two-tier backlog pickup in dev-poll.sh:
1. in-progress issues (existing)
2. priority + backlog issues (FIFO within tier)
3. plain backlog issues (FIFO within tier)
The priority label coexists with backlog (not a replacement).
ensure_priority_label() auto-creates the label if missing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update all AGENTS.md watermarks to current HEAD (251d160)
- dev/AGENTS.md: document dev-poll's early direct-merge scan (before lock
check) — approved PRs now merge without waiting for active dev sessions;
chore/gardener PRs merge without issue numbers in branch name
- planner/AGENTS.md: document dispatch-idle-formulas phase (step 4); note
that planner reads both factory and project-specific formulas; clarify
that all planner artifacts use $PROJECT_REPO_ROOT, not $FACTORY_ROOT
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add missing `set -euo pipefail` to three scripts per AGENTS.md conventions:
- lib/ci-helpers.sh
- lib/parse-deps.sh
- supervisor/supervisor-poll.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
