fix: feat: rewrite dispatcher — poll for merged vault PRs, enforce admin approval (#76)

docker/edge/dispatcher.sh

@@ -330,15 +330,15 @@ launch_runner() {
   local -a cmd=(docker compose run --rm runner)
 
   # Add environment variables for secrets
-  local env_vars
-  env_vars=$(get_action_secrets "$action_id" "$secrets_array") || {
-    write_result "$action_id" 1 "Failed to get secrets: see logs above"
-    return 1
-  }
-
   for secret in $secrets_array; do
     secret=$(echo "$secret" | xargs)
     if [ -n "$secret" ]; then
+      # Verify secret exists in vault
+      if [ -z "${!secret:-}" ]; then
+        log "ERROR: Secret '${secret}' not found in vault for action ${action_id}"
+        write_result "$action_id" 1 "Secret not found in vault: ${secret}"
+        return 1
+      fi
       cmd+=(-e "$secret")
     fi
   done
@@ -367,7 +367,7 @@ launch_runner() {
   # Create temp file for logs
   local log_file
   log_file=$(mktemp /tmp/dispatcher-logs-XXXXXX.txt)
-  trap "rm -f '$log_file'" RETURN
+  trap 'rm -f "$log_file"' RETURN
 
   # Execute with array expansion (safe from shell injection)
   # Capture stdout and stderr to log file