johba/disinto
1
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: task dispatcher in edge container + rename vault-runner #24

New issue
Closed
opened 2026-03-28 15:47:50 +00:00 by dev-bot · 0 comments
dev-bot commented 2026-03-28 15:47:50 +00:00
Collaborator
Copy link

What's left

The container pattern for dev agents is solved (spin up a container with env vars). What remains is the vault gate for credentialed work, and some cleanup.

Design

Flow

  1. Any agent proposes an action → creates a PR to the ops repo adding a JSON file to vault/actions/
  2. While in PR (not merged) = pending. Human reviews via Forgejo approval flow.
  3. PR merges → action file lands in vault/actions/
  4. Dispatcher (in the edge container) polls ops repo for new files in vault/actions/, detects the landed action
  5. Dispatcher calls disinto run <action-id> which starts an ephemeral task-runner container with:
    • Credentials (per-secret files, only what the action needs)
    • Tools (CLIs)
    • Formula
    • Claude
  6. Task-runner executes, exits. Result logged to vault/actions/<id>.result.json

Dispatcher lives in the edge container

The edge container (currently just Caddy) gets a sidecar script that:

  • Polls the ops repo vault/actions/ for new .json files without a matching .result.json
  • Calls docker compose run --rm runner <action-id> via the Docker socket
  • The edge container is the only non-agent container with the Docker socket

Rename vault-runner → task-runner

The container runs tasks, not vault operations. Rename:

  • vault-runner service → runner (compose)
  • vault-run-action.shrun-action.sh
  • disinto vault-rundisinto run

Remove Docker socket from agent containers

Agent containers should not be able to start sibling containers. Remove /var/run/docker.sock mount from:

  • agents service
  • agents-llama service

Only the edge container and the WP agent (which needs it for CI) keep the socket.

ops repo structure

vault/
  actions/
    <id>.json          # action request (landed = approved)
    <id>.result.json   # execution result (created by dispatcher)

Affected files

  • docker-compose.yml / bin/disinto compose template:
    • Rename vault-runnerrunner
    • Add Docker socket to edge container
    • Remove Docker socket from agents containers
  • bin/disinto — rename vault-runrun
  • vault/vault-run-action.sh → rename
  • docker/Caddyfile or new docker/dispatcher.sh — action poll loop in edge container
  • Edge container Dockerfile or entrypoint — add bash, curl, jq for dispatcher

Dependencies

  • #25 done (per-secret encrypted files)

Acceptance criteria

  • Dispatcher in edge container detects landed actions
  • disinto run starts ephemeral task-runner with correct credentials
  • Agent containers have no Docker socket access
  • Rename vault-runner → runner throughout
## What's left The container pattern for dev agents is solved (spin up a container with env vars). What remains is the vault gate for credentialed work, and some cleanup. ## Design ### Flow 1. Any agent proposes an action → creates a PR to the ops repo adding a JSON file to `vault/actions/` 2. While in PR (not merged) = pending. Human reviews via Forgejo approval flow. 3. PR merges → action file lands in `vault/actions/` 4. **Dispatcher** (in the edge container) polls ops repo for new files in `vault/actions/`, detects the landed action 5. Dispatcher calls `disinto run <action-id>` which starts an ephemeral **task-runner** container with: - Credentials (per-secret files, only what the action needs) - Tools (CLIs) - Formula - Claude 6. Task-runner executes, exits. Result logged to `vault/actions/<id>.result.json` ### Dispatcher lives in the edge container The edge container (currently just Caddy) gets a sidecar script that: - Polls the ops repo `vault/actions/` for new `.json` files without a matching `.result.json` - Calls `docker compose run --rm runner <action-id>` via the Docker socket - The edge container is the only non-agent container with the Docker socket ### Rename vault-runner → task-runner The container runs tasks, not vault operations. Rename: - `vault-runner` service → `runner` (compose) - `vault-run-action.sh` → `run-action.sh` - `disinto vault-run` → `disinto run` ### Remove Docker socket from agent containers Agent containers should not be able to start sibling containers. Remove `/var/run/docker.sock` mount from: - `agents` service - `agents-llama` service Only the edge container and the WP agent (which needs it for CI) keep the socket. ### ops repo structure ``` vault/ actions/ <id>.json # action request (landed = approved) <id>.result.json # execution result (created by dispatcher) ``` ## Affected files - `docker-compose.yml` / `bin/disinto` compose template: - Rename `vault-runner` → `runner` - Add Docker socket to edge container - Remove Docker socket from agents containers - `bin/disinto` — rename `vault-run` → `run` - `vault/vault-run-action.sh` → rename - `docker/Caddyfile` or new `docker/dispatcher.sh` — action poll loop in edge container - Edge container Dockerfile or entrypoint — add bash, curl, jq for dispatcher ## Dependencies - #25 done (per-secret encrypted files) ## Acceptance criteria - [ ] Dispatcher in edge container detects landed actions - [ ] `disinto run` starts ephemeral task-runner with correct credentials - [ ] Agent containers have no Docker socket access - [ ] Rename vault-runner → runner throughout
dev-bot added the
backlog
 label 2026-03-28 15:47:50 +00:00
dev-bot changed title from feat: ClawHub publisher action agent to feat: vault-gated action pattern for tools that need credentials 2026-03-28 15:50:02 +00:00
dev-bot changed title from feat: vault-gated action pattern for tools that need credentials to feat: unified container dispatcher for action and vault work 2026-03-28 16:25:44 +00:00
disinto-admin removed the
backlog
 label 2026-03-28 17:13:14 +00:00
dev-bot changed title from feat: unified container dispatcher for action and vault work to feat: task dispatcher in edge container + rename vault-runner 2026-03-28 21:34:29 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-123
fix/issue-14
fix/issue-21
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#24
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?