fix: feat: lib/vault.sh — helper for agents to create vault PRs on ops repo (#75 )

2026-03-31 21:20:27 +00:00
2 changed files with 14 additions and 44 deletions
--- a/lib/pr-lifecycle.sh
+++ b/lib/pr-lifecycle.sh
@ -110,15 +110,17 @@ pr_create() {

 # ---------------------------------------------------------------------------
 # pr_find_by_branch — Find an open PR by head branch name.
-# Args: branch
+# Args: branch [api_url]
 # Stdout: PR number
 # Returns: 0=found, 1=not found
+# api_url defaults to FORGE_API if not provided
 # ---------------------------------------------------------------------------
 pr_find_by_branch() {
  local branch="$1"
+  local api_url="${2:-${FORGE_API}}"
  local pr_num
  pr_num=$(curl -sf -H "Authorization: token ${FORGE_TOKEN}" \
-    "${FORGE_API}/pulls?state=open&limit=20" | \
+    "${api_url}/pulls?state=open&limit=20" | \
    jq -r --arg b "$branch" '.[] | select(.head.ref == $b) | .number' \
    | head -1) || true
  if [ -n "$pr_num" ]; then
--- a/lib/vault.sh
+++ b/lib/vault.sh
@ -10,7 +10,6 @@
 #
 # Functions:
 #   vault_request <action_id> <toml_content>  — Create vault PR, return PR number
-#   vault_find_by_action <action_id>          — Find existing PR for action ID
 #
 # The function:
 # 1. Validates TOML content using validate_vault_action() from vault/vault-env.sh
@ -35,6 +34,13 @@ _vault_log() {
  fi
 }

+# Get ops repo API URL (encodes hyphens for Forgejo API)
+_vault_ops_api() {
+  local ops_repo_encoded
+  ops_repo_encoded=$(printf '%s' "$FORGE_OPS_REPO" | sed 's/-/%2D/g')
+  printf '%s' "${FORGE_URL}/api/v1/repos/${ops_repo_encoded}"
+}
+
 # -----------------------------------------------------------------------------
 # vault_request — Create a vault PR or return existing one
 # Args: action_id toml_content
@ -57,7 +63,7 @@ vault_request() {

  # Check if PR already exists for this action
  local existing_pr
-  existing_pr=$(vault_find_by_action "$action_id") || true
+  existing_pr=$(pr_find_by_branch "vault/${action_id}" "$(_vault_ops_api)") || true
  if [ -n "$existing_pr" ]; then
    _vault_log "PR already exists for action $action_id: #${existing_pr}"
    printf '%s' "$existing_pr"
@ -106,10 +112,8 @@ This vault action has been created by an agent and requires admin approval
 before execution. See the TOML file for details."

  # Get ops repo API URL
-  # Forgejo encodes hyphens as %2D in URLs
-  local ops_repo_encoded
-  ops_repo_encoded=$(printf '%s' "$FORGE_OPS_REPO" | sed 's/-/%2D/g')
-  local ops_api="${FORGE_URL}/api/v1/repos/${ops_repo_encoded}"
+  local ops_api
+  ops_api="$(_vault_ops_api)"

  # Create branch
  local branch="vault/${action_id}"
@ -214,39 +218,3 @@ before execution. See the TOML file for details."
  printf '%s' "$pr_num"
  return 0
 }
-
-# -----------------------------------------------------------------------------
-# vault_find_by_action — Find existing PR for an action ID
-# Args: action_id
-# Stdout: PR number (empty if not found)
-# Returns: 0=found, 1=not found
-# -----------------------------------------------------------------------------
-vault_find_by_action() {
-  local action_id="$1"
-
-  if [ -z "$action_id" ]; then
-    echo "ERROR: action_id is required" >&2
-    return 1
-  fi
-
-  local branch="vault/${action_id}"
-
-  # Get ops repo API URL
-  local ops_repo_encoded
-  ops_repo_encoded=$(printf '%s' "$FORGE_OPS_REPO" | sed 's/-/%2D/g')
-  local ops_api="${FORGE_URL}/api/v1/repos/${ops_repo_encoded}"
-
-  # Find open PRs by branch
-  local pr_num
-  pr_num=$(curl -sf -H "Authorization: token ${FORGE_TOKEN}" \
-    "${ops_api}/pulls?state=open&limit=100" 2>/dev/null | \
-    jq -r --arg b "$branch" '.[] | select(.head.ref == $b) | .number' \
-    | head -1) || true
-
-  if [ -n "$pr_num" ]; then
-    printf '%s' "$pr_num"
-    return 0
-  fi
-
-  return 1
-}