johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
disinto/vault/AGENTS.md
openhands 149211c78d chore: gardener housekeeping 2026-03-23 
- dev/AGENTS.md: document two-tier priority queue (priority+backlog first,
  then plain backlog); note do_merge() HTTP 405 already-merged detection
- gardener/AGENTS.md: document merge-through protocol (stay alive through
  CI/review/merge); note session kill on PHASE:escalate
- lib/AGENTS.md: add ensure_priority_label() to ci-helpers.sh entry;
  document optional CALLBACK param in run_formula_and_monitor()
- predictor/AGENTS.md: update watermark (content already current from v2 PR)
- Update watermarks for action, planner, review, supervisor, vault, root

Grooming actions:
- #574: added ## Affected files section (lib/parse-deps.sh) to meet quality gate
- #568: escalated — needs human decision on guard/merge architecture
- #466: escalated — dep #393 closed; needs decision on external vs in-repo example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-23 00:23:02 +00:00

37 lines
2.1 KiB
Markdown
Raw Blame History

<!-- last-reviewed: c9bf9fe5281c4037fd3f2219fde093dcbb053e00 -->
# Vault Agent
**Role**: Dual-purpose gate — action safety classification and resource procurement.
**Pipeline A — Action Gating (*.json)**: Actions enter a pending queue and are
classified by Claude via `vault-agent.sh`, which can auto-approve (call
`vault-fire.sh` directly), auto-reject (call `vault-reject.sh`), or escalate
to a human by writing `PHASE:escalate` to a phase file and sending a Matrix
message — using the same unified escalation path as dev/action agents.
**Pipeline B — Procurement (*.md)**: The planner files resource requests as
markdown files in `vault/pending/`. `vault-poll.sh` notifies the human via
Matrix. The human fulfills the request (creates accounts, provisions infra,
adds secrets to `.env`) and moves the file to `vault/approved/`.
`vault-fire.sh` then extracts the proposed entry and appends it to
`RESOURCES.md`.
**Trigger**: `vault-poll.sh` runs every 30 min via cron.
**Key files**:
- `vault/vault-poll.sh` — Processes pending items: retry approved, auto-reject after 48h timeout, invoke vault-agent for JSON actions, notify human for procurement requests
- `vault/vault-agent.sh` — Classifies and routes pending JSON actions via `claude -p`: auto-approve, auto-reject, or escalate to human
- `vault/PROMPT.md` — System prompt for the vault agent's Claude invocation
- `vault/vault-fire.sh` — Executes an approved action (JSON) or writes RESOURCES.md entry (procurement MD)
- `vault/vault-reject.sh` — Marks a JSON action as rejected
**Procurement flow**:
1. Planner drops `vault/pending/<name>.md` with what/why/proposed RESOURCES.md entry
2. `vault-poll.sh` notifies human via Matrix
3. Human fulfills: creates account, adds secrets to `.env`, moves file to `vault/approved/`
4. `vault-fire.sh` extracts proposed entry, appends to RESOURCES.md, moves to `vault/fired/`
5. Next planner run reads RESOURCES.md → new capability available → unblocks prerequisite tree
**Environment variables consumed**:
- All from `lib/env.sh`
- `MATRIX_TOKEN`, `MATRIX_ROOM_ID`, `MATRIX_HOMESERVER` — Escalation channel
Reference in a new issue View git blame Copy permalink