diff --git a/bin/disinto b/bin/disinto
index 323dce7..3c7507d 100755
--- a/bin/disinto
+++ b/bin/disinto
@@ -285,12 +285,6 @@ services:
     environment:
       - DISINTO_VERSION=${DISINTO_VERSION:-main}
       - FORGE_URL=http://forgejo:3000
-      - FORGE_REPO=johba/disinto
-      - FORGE_OPS_REPO=johba/disinto-ops
-      - FORGE_TOKEN=${FORGE_TOKEN:-}
-      - OPS_REPO_ROOT=/opt/disinto-ops
-      - PROJECT_REPO_ROOT=/opt/disinto
-      - PRIMARY_BRANCH=main
     volumes:
       - ./docker/Caddyfile:/etc/caddy/Caddyfile
       - caddy_data:/data
diff --git a/docker/edge/dispatcher.sh b/docker/edge/dispatcher.sh
index 84cfed8..109978a 100755
--- a/docker/edge/dispatcher.sh
+++ b/docker/edge/dispatcher.sh
@@ -109,34 +109,33 @@ get_pr_for_file() {
   local file_name
   file_name=$(basename "$file_path")
 
-  # Step 1: find the commit that added the file
-  local add_commit
-  add_commit=$(git -C "$OPS_REPO_ROOT" log --diff-filter=A --format="%H" \
-    -- "vault/actions/${file_name}" 2>/dev/null | head -1)
+  # Get recent commits that added this specific file
+  local commits
+  commits=$(git -C "$OPS_REPO_ROOT" log --oneline --diff-filter=A -- "vault/actions/${file_name}" 2>/dev/null | head -20) || true
 
-  if [ -z "$add_commit" ]; then
+  if [ -z "$commits" ]; then
     return 1
   fi
 
-  # Step 2: find the merge commit that contains it via ancestry path
-  local merge_line
-  # Use --reverse to get the oldest (direct PR merge) first, not the newest
-  merge_line=$(git -C "$OPS_REPO_ROOT" log --merges --ancestry-path \
-    --reverse "${add_commit}..HEAD" --oneline 2>/dev/null | head -1)
+  # For each commit, check if it's a merge commit from a PR
+  while IFS= read -r commit; do
+    local commit_sha commit_msg
 
-  if [ -z "$merge_line" ]; then
-    return 1
-  fi
+    commit_sha=$(echo "$commit" | awk '{print $1}')
+    commit_msg=$(git -C "$OPS_REPO_ROOT" log -1 --format="%B" "$commit_sha" 2>/dev/null) || continue
 
-  # Step 3: extract PR number from merge commit message
-  # Forgejo format: "Merge pull request 'title' (#N) from branch into main"
-  local pr_num
-  pr_num=$(echo "$merge_line" | grep -oP '#\d+' | head -1 | tr -d '#')
+    # Check if this is a merge commit (has "Merge pull request" in message)
+    if [[ "$commit_msg" =~ "Merge pull request" ]]; then
+      # Extract PR number from merge message (e.g., "Merge pull request #123")
+      local pr_num
+      pr_num=$(echo "$commit_msg" | grep -oP '#\d+' | head -1 | tr -d '#') || true
 
-  if [ -n "$pr_num" ]; then
-    echo "$pr_num"
-    return 0
-  fi
+      if [ -n "$pr_num" ]; then
+        echo "$pr_num"
+        return 0
+      fi
+    fi
+  done <<< "$commits"
 
   return 1
 }
@@ -147,11 +146,8 @@ get_pr_for_file() {
 get_pr_merger() {
   local pr_number="$1"
 
-  # Use ops repo API URL for PR lookups (not disinto repo)
-  local ops_api="${FORGE_URL}/api/v1/repos/${FORGE_OPS_REPO}"
-
   curl -sf -H "Authorization: token ${FORGE_TOKEN}" \
-    "${ops_api}/pulls/${pr_number}" 2>/dev/null | jq -r '{
+    "${FORGE_API}/pulls/${pr_number}" 2>/dev/null | jq -r '{
       username: .merge_user?.login // .user?.login,
       merged: .merged,
       merged_at: .merged_at // empty
@@ -294,26 +290,28 @@ launch_runner() {
   local secrets_array
   secrets_array="${VAULT_ACTION_SECRETS:-}"
 
+  if [ -z "$secrets_array" ]; then
+    log "ERROR: Action ${action_id} has no secrets declared"
+    write_result "$action_id" 1 "No secrets declared in TOML"
+    return 1
+  fi
+
   # Build command array (safe from shell injection)
   local -a cmd=(docker compose run --rm runner)
 
-  # Add environment variables for secrets (if any declared)
-  if [ -n "$secrets_array" ]; then
-    for secret in $secrets_array; do
-      secret=$(echo "$secret" | xargs)
-      if [ -n "$secret" ]; then
-        # Verify secret exists in vault
-        if [ -z "${!secret:-}" ]; then
-          log "ERROR: Secret '${secret}' not found in vault for action ${action_id}"
-          write_result "$action_id" 1 "Secret not found in vault: ${secret}"
-          return 1
-        fi
-        cmd+=(-e "$secret")
+  # Add environment variables for secrets
+  for secret in $secrets_array; do
+    secret=$(echo "$secret" | xargs)
+    if [ -n "$secret" ]; then
+      # Verify secret exists in vault
+      if [ -z "${!secret:-}" ]; then
+        log "ERROR: Secret '${secret}' not found in vault for action ${action_id}"
+        write_result "$action_id" 1 "Secret not found in vault: ${secret}"
+        return 1
       fi
-    done
-  else
-    log "Action ${action_id} has no secrets declared — runner will execute without extra env vars"
-  fi
+      cmd+=(-e "$secret")
+    fi
+  done
 
   # Add formula and action id as arguments (after service name)
   local formula="${VAULT_ACTION_FORMULA:-}"
diff --git a/docker/edge/entrypoint-edge.sh b/docker/edge/entrypoint-edge.sh
index 506d569..b070b61 100755
--- a/docker/edge/entrypoint-edge.sh
+++ b/docker/edge/entrypoint-edge.sh
@@ -1,9 +1,6 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Set USER before sourcing env.sh (Alpine doesn't set USER)
-export USER="${USER:-root}"
-
 DISINTO_VERSION="${DISINTO_VERSION:-main}"
 DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/johba/disinto.git"