chore(bots): per-role launcher scripts + bot pipeline on forgejo MCP #687

Merged
lekss361 merged 1 commit from chore/bots-forgejo-mcp into main 2026-05-30 07:59:15 +00:00
Collaborator

Summary

Закрывает два follow-up'а после установки goern/forgejo-mcp.

(a) Launcher-скрипты — не экспортировать токен руками:

  • scripts/start-bot.ps1 <role> — выставляет per-bot identity + токены (FORGEJO_ACCESS_TOKEN для forgejo MCP + FORGEJO_TOKEN для curl-fallback), git-identity, forgejo-bot remote, verify → запускает claude.
  • scripts/start-{analyst,backend,frontend,reviewer,qa}.ps1 — тонкие врапперы.

(b) Боты на forgejo MCP вместо curl:

  • _autonomous_pickup.md: новая секция «Forgejo операции — mcp__forgejo__* (PRIMARY)» с полным curl→MCP mapping (list_repo_issues / create_pull_request / merge_pull_request / get_pull_request_diff / create_pull_review / add+remove_issue_labels / update_issue / issue_state_change / create_issue_comment). curl_forgejo → FALLBACK.
  • 5 auto-*.md + 5 work-as-*.md: директива «Forgejo API → mcp__forgejo__*; curl только fallback» + указатель на start-bot.ps1.

Gotcha задокументирован: include_org_labels:false на user-репо (lekss361 не org).

Test plan

  • scripts/start-bot.ps1 reviewer → выставляет env, verify OK, открывает claude
  • После рестарта Claude Code в bot-окне mcp__forgejo__* tools доступны, token_configured:true
  • Reviewer-bot: get_pull_request_diffcreate_pull_reviewmerge_pull_request на тестовом PR

Зависит от

  • Рестарт Claude Code (forgejo MCP eager из .mcp.json, уже сконфигурирован локально)

NB: PR трогает auto-code-reviewer.md + (косвенно) pipeline-правила → self-extending guard: merge человеком, не авто.

## Summary Закрывает два follow-up'а после установки goern/forgejo-mcp. **(a) Launcher-скрипты** — не экспортировать токен руками: - `scripts/start-bot.ps1 <role>` — выставляет per-bot identity + токены (`FORGEJO_ACCESS_TOKEN` для forgejo MCP + `FORGEJO_TOKEN` для curl-fallback), git-identity, `forgejo-bot` remote, verify → запускает `claude`. - `scripts/start-{analyst,backend,frontend,reviewer,qa}.ps1` — тонкие врапперы. **(b) Боты на forgejo MCP вместо curl**: - `_autonomous_pickup.md`: новая секция «Forgejo операции — `mcp__forgejo__*` (PRIMARY)» с полным curl→MCP mapping (list_repo_issues / create_pull_request / merge_pull_request / get_pull_request_diff / create_pull_review / add+remove_issue_labels / update_issue / issue_state_change / create_issue_comment). `curl_forgejo` → FALLBACK. - 5 `auto-*.md` + 5 `work-as-*.md`: директива «Forgejo API → `mcp__forgejo__*`; curl только fallback» + указатель на `start-bot.ps1`. Gotcha задокументирован: `include_org_labels:false` на user-репо (lekss361 не org). ## Test plan - [ ] `scripts/start-bot.ps1 reviewer` → выставляет env, verify OK, открывает claude - [ ] После рестарта Claude Code в bot-окне `mcp__forgejo__*` tools доступны, `token_configured:true` - [ ] Reviewer-bot: `get_pull_request_diff` → `create_pull_review` → `merge_pull_request` на тестовом PR ## Зависит от - Рестарт Claude Code (forgejo MCP eager из `.mcp.json`, уже сконфигурирован локально) _NB: PR трогает `auto-code-reviewer.md` + (косвенно) pipeline-правила → self-extending guard: merge человеком, не авто._
bot-backend added 1 commit 2026-05-30 07:38:31 +00:00
(a) Launcher scripts — больше не экспортировать токен руками:
- scripts/start-bot.ps1 <role> — выставляет per-bot identity + токены (FORGEJO_ACCESS_TOKEN
  для forgejo MCP + FORGEJO_TOKEN для curl-fallback), git-identity, forgejo-bot remote,
  verify, затем запускает claude.
- scripts/start-{analyst,backend,frontend,reviewer,qa}.ps1 — тонкие врапперы.

(b) Bots on forgejo MCP (goern) вместо curl:
- _autonomous_pickup.md: новая секция «Forgejo операции — mcp__forgejo__* (PRIMARY)» с полным
  curl→MCP mapping (list_repo_issues / create_pull_request / merge_pull_request /
  get_pull_request_diff / create_pull_review / add+remove_issue_labels / update_issue /
  issue_state_change / create_issue_comment). curl_forgejo помечен FALLBACK.
- 5 auto-*.md + 5 work-as-*.md: директива «Forgejo API → mcp__forgejo__* tools (mapping в
  _autonomous_pickup); curl только fallback» + указатель на start-bot.ps1.

Gotcha задокументирован: include_org_labels:false на user-репо (lekss361 не org).
Требует: рестарт Claude Code (forgejo MCP eager из .mcp.json) + FORGEJO_ACCESS_TOKEN per-window
(делает start-bot.ps1).
bot-reviewer reviewed 2026-05-30 07:47:38 +00:00
bot-reviewer left a comment
Collaborator

Verdict: BLOCKED — self-extending change, requires human review/merge (auto-reviewer hard exception).

This PR modifies the autonomous-pipeline contract files that the review bot is forbidden from auto-merging, per the self-extending guard in .claude/rules/git-pr.md (Auto-merge policy) and .claude/agents/auto-code-reviewer.md (Hard rules):

  • .claude/agents/auto-code-reviewer.md — the review bot's own definition
  • .claude/agents/_autonomous_pickup.md — the shared pickup/claim/merge contract
  • .claude/commands/work-as-*.md (all five roles)

The rule is independent of how benign the diff is: a bot must not be the actor that approves changes to its own operating rules / merge authority. A human must review and merge.

For the human reviewer — what this PR actually does (looks sound, just needs your eyes):

  • Documents switching Forgejo operations from curl to mcp__forgejo__* tools (PRIMARY), with curl kept as documented fallback. Adds an operation→MCP-tool mapping table in _autonomous_pickup.md.
  • Adds scripts/start-bot.ps1 <role> per-role launcher (+ thin start-<role>.ps1 wrappers) that sets git identity, resolves FORGEJO_TOKEN_<ROLE> from User env, exports FORGEJO_ACCESS_TOKEN for the forgejo MCP, configures the bot-remote, verifies identity, then launches claude.
  • No literal secrets (token read from User env, not hardcoded). No change to the merge policy, severity rubric, or the bot's merge authority/scope.

One thing to verify before merging: this makes mcp__forgejo__* the PRIMARY path for all bot windows, but the forgejo MCP is NOT connected in at least some current bot windows (this reviewer window has been operating entirely on curl — the MCP is absent). Confirm the start-bot.ps1 flow (exporting FORGEJO_ACCESS_TOKEN before launching claude) actually makes the goern forgejo MCP connect+eager in the bot windows, otherwise the bots will silently fall back to curl and the "PRIMARY" docs will be misleading.

No code defect found. Re-label off status/blocked/needs-human and merge manually once you've reviewed.

<!-- gendesign-review-bot: sha=edc5823 verdict=changes --> **Verdict: BLOCKED — self-extending change, requires human review/merge (auto-reviewer hard exception).** This PR modifies the autonomous-pipeline contract files that the review bot is **forbidden from auto-merging**, per the self-extending guard in `.claude/rules/git-pr.md` (Auto-merge policy) and `.claude/agents/auto-code-reviewer.md` (Hard rules): - `.claude/agents/auto-code-reviewer.md` — the review bot's own definition - `.claude/agents/_autonomous_pickup.md` — the shared pickup/claim/merge contract - `.claude/commands/work-as-*.md` (all five roles) The rule is independent of how benign the diff is: a bot must not be the actor that approves changes to its own operating rules / merge authority. A human must review and merge. **For the human reviewer — what this PR actually does (looks sound, just needs your eyes):** - Documents switching Forgejo operations from `curl` to `mcp__forgejo__*` tools (PRIMARY), with curl kept as documented fallback. Adds an operation→MCP-tool mapping table in `_autonomous_pickup.md`. - Adds `scripts/start-bot.ps1 <role>` per-role launcher (+ thin `start-<role>.ps1` wrappers) that sets git identity, resolves `FORGEJO_TOKEN_<ROLE>` from User env, exports `FORGEJO_ACCESS_TOKEN` for the forgejo MCP, configures the bot-remote, verifies identity, then launches claude. - No literal secrets (token read from User env, not hardcoded). No change to the merge policy, severity rubric, or the bot's merge authority/scope. **One thing to verify before merging:** this makes `mcp__forgejo__*` the PRIMARY path for all bot windows, but the forgejo MCP is NOT connected in at least some current bot windows (this reviewer window has been operating entirely on curl — the MCP is absent). Confirm the `start-bot.ps1` flow (exporting `FORGEJO_ACCESS_TOKEN` before launching claude) actually makes the goern forgejo MCP connect+eager in the bot windows, otherwise the bots will silently fall back to curl and the "PRIMARY" docs will be misleading. No code defect found. Re-label off `status/blocked`/`needs-human` and merge manually once you've reviewed.
bot-reviewer added the
needs-human
status/blocked
labels 2026-05-30 07:47:39 +00:00
lekss361 merged commit f2adc7417a into main 2026-05-30 07:59:15 +00:00
lekss361 deleted branch chore/bots-forgejo-mcp 2026-05-30 07:59:15 +00:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lekss361/gendesign#687
No description provided.