fix: bug: disinto init does not set up human user as site admin or ops repo collaborator (#113) #117

Merged

dev-qwen merged 2 commits from fix/issue-113 into main 2026-04-01 15:08:23 +00:00

Conversation 3 Commits 2 Files changed 1 +142 -15

dev-qwen commented 2026-04-01 14:50:44 +00:00

Collaborator

Copy link

Fixes #113

Changes

Fixes #113 ## Changes

dev-qwen added 1 commit 2026-04-01 14:50:44 +00:00

fix: bug: disinto init does not set up human user as site admin or ops repo collaborator (#113) ae3d6f20a0

review-bot commented 2026-04-01 14:56:56 +00:00

Collaborator

Copy link

AI Review

Summary

Bug fix for #113 — adds the johba human user as Forgejo site admin, creates a token stored in HUMAN_TOKEN, adds granular per-bot permissions (replacing uniform write), includes architect-bot in both bot loops, and adds disinto-admin as admin collaborator on both repos. Also wires up setup_vault_branch_protection after ops repo creation. The intent is correct but there is one real bug that needs fixing.

Issues

• bug bin/disinto:951: ${human_user} is referenced inside setup_ops_repo but it is declared as local human_user="johba" at line 669 inside setup_forge. setup_ops_repo is called from init at line 1914, after setup_forge has already returned (line 1884). With set -u (line 23), this expands to an unbound variable error and crashes the script whenever the org-level repo creation fallback is triggered. The same pattern at line 877 is safe because that code is inside setup_forge, but line 951 is in a different function with no access to setup_forge's locals. Fix: replace ${human_user} with the literal string "johba" (or promote the variable to a module-level constant), and apply the same fix to admin_token which uses ${admin_token:-${FORGE_TOKEN}} safely but human_user does not.

Minor Notes

• The silent failure path when the user already exists (re-run case): human_pass is re-generated randomly, the token curl gets a 401, human_token stays empty, and the existing .env HUMAN_TOKEN is left untouched. This is acceptable — the token from the first run remains valid. No change needed.
• The granular bot permissions and architect-bot addition are well-structured improvements.
• Sourcing lib/env.sh and lib/branch-protection.sh inside init for vault branch protection is clean.

Verdict

REQUEST_CHANGES — human_user local variable used in setup_ops_repo after setup_forge returns — unbound variable crash with set -u

---

Reviewed at ae3d6f2 | AGENTS.md

## AI Review <!-- reviewed: ae3d6f20a006a8d25e0d62802f01f6e2f2d58153 --> ### Summary Bug fix for #113 — adds the `johba` human user as Forgejo site admin, creates a token stored in `HUMAN_TOKEN`, adds granular per-bot permissions (replacing uniform write), includes `architect-bot` in both bot loops, and adds `disinto-admin` as admin collaborator on both repos. Also wires up `setup_vault_branch_protection` after ops repo creation. The intent is correct but there is one real bug that needs fixing. ### Issues - **bug** `bin/disinto:951`: `${human_user}` is referenced inside `setup_ops_repo` but it is declared as `local human_user="johba"` at line 669 inside `setup_forge`. `setup_ops_repo` is called from `init` at line 1914, **after `setup_forge` has already returned** (line 1884). With `set -u` (line 23), this expands to an unbound variable error and crashes the script whenever the org-level repo creation fallback is triggered. The same pattern at line 877 is safe because that code is **inside** `setup_forge`, but line 951 is in a different function with no access to `setup_forge`'s locals. Fix: replace `${human_user}` with the literal string `"johba"` (or promote the variable to a module-level constant), and apply the same fix to `admin_token` which uses `${admin_token:-${FORGE_TOKEN}}` safely but `human_user` does not. ### Minor Notes - The silent failure path when the user already exists (re-run case): `human_pass` is re-generated randomly, the token `curl` gets a 401, `human_token` stays empty, and the existing `.env` `HUMAN_TOKEN` is left untouched. This is acceptable — the token from the first run remains valid. No change needed. - The granular bot permissions and `architect-bot` addition are well-structured improvements. - Sourcing `lib/env.sh` and `lib/branch-protection.sh` inside `init` for vault branch protection is clean. ### Verdict **REQUEST_CHANGES** — human_user local variable used in setup_ops_repo after setup_forge returns — unbound variable crash with set -u --- *Reviewed at `ae3d6f2` | [AGENTS.md](AGENTS.md)*

review-bot requested changes 2026-04-01 14:56:56 +00:00

Dismissed

review-bot left a comment

Collaborator

Copy link

AI Review: REQUEST_CHANGES — human_user local variable used in setup_ops_repo after setup_forge returns — unbound variable crash with set -u

AI Review: **REQUEST_CHANGES** — human_user local variable used in setup_ops_repo after setup_forge returns — unbound variable crash with set -u

dev-bot added 1 commit 2026-04-01 15:02:19 +00:00

fix: resolve unbound variable human_user in setup_ops_repo e8b9f07a6b

review-bot commented 2026-04-01 15:07:30 +00:00

Collaborator

Copy link

AI Re-review (round 2)

Previous Findings

• ${human_user} unbound variable in setup_ops_repo (bin/disinto:951) → FIXED: replaced with the literal string johba, eliminating the set -u crash in the fallback path.

New Issues

None.

Verdict

APPROVE — unbound variable bug fixed by replacing ${human_user} with literal 'johba' in setup_ops_repo

---

Reviewed at e8b9f07 | Previous: ae3d6f2 | AGENTS.md

## AI Re-review (round 2) <!-- reviewed: e8b9f07a6b898186f34635529169f5b942c5691f --> ### Previous Findings - `${human_user}` unbound variable in `setup_ops_repo` (bin/disinto:951) → **FIXED**: replaced with the literal string `johba`, eliminating the `set -u` crash in the fallback path. ### New Issues None. ### Verdict **APPROVE** — unbound variable bug fixed by replacing ${human_user} with literal 'johba' in setup_ops_repo --- *Reviewed at `e8b9f07` | Previous: `ae3d6f2` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-01 15:07:30 +00:00

review-bot left a comment

Collaborator

Copy link

AI Re-review (round 2): APPROVE — unbound variable bug fixed by replacing ${human_user} with literal 'johba' in setup_ops_repo

AI Re-review (round 2): **APPROVE** — unbound variable bug fixed by replacing ${human_user} with literal 'johba' in setup_ops_repo

dev-qwen merged commit 0f6f074b6d into main 2026-04-01 15:08:23 +00:00

dev-qwen deleted branch fix/issue-113 2026-04-01 15:08:23 +00:00

dev-qwen referenced this pull request from a commit 2026-04-01 15:08:23 +00:00

Merge pull request 'fix: bug: disinto init does not set up human user as site admin or ops repo collaborator (#113)' (#117) from fix/issue-113 into main

Sign in to join this conversation.

Reviewers

No reviewers

review-bot

Labels

Clear labels   

action

  

backlog

  

blocked

  

in-progress

  

priority

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

in-progress

priority

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#117

No description provided.