Timmy_Foundation/timmy-config
15
0
Fork 0
Code Issues 186 Pull Requests 30 Actions Packages Projects Releases Wiki Activity

Harden dispatch credential handling

Browse Source
This commit is contained in:
Alexander Whitestone
2026-04-04 18:25:02 -04:00
parent 7f097f2ef7
commit 9943d3c6d8
1 changed files with 47 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
bin/agent-dispatch.sh
View File

@@ -16,7 +16,31 @@ REPO="${3:?Usage: agent-dispatch.sh <agent> <issue_num> <owner/repo>}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LANES_FILE="${SCRIPT_DIR%/bin}/playbooks/agent-lanes.json" LANES_FILE="${SCRIPT_DIR%/bin}/playbooks/agent-lanes.json"
GITEA_URL="${GITEA_URL:-http://143.198.27.163:3000}"
resolve_gitea_url() {
if [ -n "${GITEA_URL:-}" ]; then
printf '%s\n' "${GITEA_URL%/}"
return 0
fi
if [ -f "$HOME/.hermes/gitea_api" ]; then
python3 - "$HOME/.hermes/gitea_api" <<'PY'
from pathlib import Path
import sys
raw = Path(sys.argv[1]).read_text().strip().rstrip("/")
print(raw[:-7] if raw.endswith("/api/v1") else raw)
PY
return 0
fi
if [ -f "$HOME/.config/gitea/base-url" ]; then
tr -d '[:space:]' < "$HOME/.config/gitea/base-url"
return 0
fi
echo "ERROR: set GITEA_URL or create ~/.hermes/gitea_api" >&2
return 1
}
GITEA_URL="$(resolve_gitea_url)"
resolve_token_file() { resolve_token_file() {
local agent="$1" local agent="$1"
@@ -26,8 +50,16 @@ resolve_token_file() {
"$HOME/.hermes/${agent}_token" \ "$HOME/.hermes/${agent}_token" \
"$HOME/.hermes/${normalized}_token" \ "$HOME/.hermes/${normalized}_token" \
"$HOME/.config/gitea/${agent}-token" \ "$HOME/.config/gitea/${agent}-token" \
"$HOME/.config/gitea/${normalized}-token" \ "$HOME/.config/gitea/${normalized}-token"; do
"$HOME/.config/gitea/token"; do if [ -f "$candidate" ]; then
printf '%s\n' "$candidate"
return 0
fi
done
for candidate in \
"$HOME/.config/gitea/timmy-token" \
"$HOME/.hermes/gitea_token_vps" \
"$HOME/.hermes/gitea_token_timmy"; do
if [ -f "$candidate" ]; then if [ -f "$candidate" ]; then
printf '%s\n' "$candidate" printf '%s\n' "$candidate"
return 0 return 0
@@ -48,14 +80,14 @@ REPO_OWNER="${REPO%%/*}"
REPO_NAME="${REPO##*/}" REPO_NAME="${REPO##*/}"
BRANCH="${AGENT_NAME}/issue-${ISSUE_NUM}" BRANCH="${AGENT_NAME}/issue-${ISSUE_NUM}"
python3 - "$LANES_FILE" "$AGENT_NAME" "$ISSUE_NUM" "$REPO" "$REPO_OWNER" "$REPO_NAME" "$BRANCH" "$GITEA_URL" "$GITEA_TOKEN" <<'PY' python3 - "$LANES_FILE" "$AGENT_NAME" "$ISSUE_NUM" "$REPO" "$REPO_OWNER" "$REPO_NAME" "$BRANCH" "$GITEA_URL" "$GITEA_TOKEN" "$TOKEN_FILE" <<'PY'
import json import json
import sys import sys
import textwrap import textwrap
import urllib.error import urllib.error
import urllib.request import urllib.request
lanes_path, agent, issue_num, repo, repo_owner, repo_name, branch, gitea_url, token = sys.argv[1:] lanes_path, agent, issue_num, repo, repo_owner, repo_name, branch, gitea_url, token, token_file = sys.argv[1:]
with open(lanes_path) as f: with open(lanes_path) as f:
lanes = json.load(f) lanes = json.load(f)
@@ -108,7 +140,7 @@ YOUR ISSUE: #{issue_num} — "{issue.get('title', f'Issue #{issue_num}')}"
REPO: {repo} REPO: {repo}
GITEA API: {gitea_url}/api/v1 GITEA API: {gitea_url}/api/v1
GITEA TOKEN: {token} GITEA TOKEN FILE: {token_file}
WORK BRANCH: {branch} WORK BRANCH: {branch}
LANE: LANE:
@@ -143,23 +175,27 @@ WORKFLOW:
8. Comment on the issue with the PR link and the same concise summary. 8. Comment on the issue with the PR link and the same concise summary.
GIT / API SETUP: GIT / API SETUP:
git clone http://{agent}:{token}@143.198.27.163:3000/{repo}.git /tmp/{agent}-work-{issue_num} export GITEA_URL="{gitea_url}"
export GITEA_TOKEN_FILE="{token_file}"
export GITEA_TOKEN="$(tr -d '[:space:]' < "$GITEA_TOKEN_FILE")"
git config --global http."$GITEA_URL/".extraHeader "Authorization: token $GITEA_TOKEN"
git clone "$GITEA_URL/{repo}.git" /tmp/{agent}-work-{issue_num}
cd /tmp/{agent}-work-{issue_num} cd /tmp/{agent}-work-{issue_num}
git ls-remote --exit-code origin {branch} >/dev/null 2>&1 && git fetch origin {branch} && git checkout {branch} || git checkout -b {branch} git ls-remote --exit-code origin {branch} >/dev/null 2>&1 && git fetch origin {branch} && git checkout {branch} || git checkout -b {branch}
ISSUE FETCH COMMANDS: ISSUE FETCH COMMANDS:
curl -s -H "Authorization: token {token}" "{gitea_url}/api/v1/repos/{repo}/issues/{issue_num}" curl -s -H "Authorization: token $GITEA_TOKEN" "{gitea_url}/api/v1/repos/{repo}/issues/{issue_num}"
curl -s -H "Authorization: token {token}" "{gitea_url}/api/v1/repos/{repo}/issues/{issue_num}/comments" curl -s -H "Authorization: token $GITEA_TOKEN" "{gitea_url}/api/v1/repos/{repo}/issues/{issue_num}/comments"
PR CREATION TEMPLATE: PR CREATION TEMPLATE:
curl -s -X POST "{gitea_url}/api/v1/repos/{repo}/pulls" \\ curl -s -X POST "{gitea_url}/api/v1/repos/{repo}/pulls" \\
-H "Authorization: token {token}" \\ -H "Authorization: token $GITEA_TOKEN" \\
-H "Content-Type: application/json" \\ -H "Content-Type: application/json" \\
-d '{{"title":"[{agent}] <description> (#{issue_num})","body":"Fixes #{issue_num}\\n\\n## Summary\\n- <change>\\n\\n## Verification\\n- <command/output>\\n\\n## Risks\\n- <if any>","head":"{branch}","base":"main"}}' -d '{{"title":"[{agent}] <description> (#{issue_num})","body":"Fixes #{issue_num}\\n\\n## Summary\\n- <change>\\n\\n## Verification\\n- <command/output>\\n\\n## Risks\\n- <if any>","head":"{branch}","base":"main"}}'
ISSUE COMMENT TEMPLATE: ISSUE COMMENT TEMPLATE:
curl -s -X POST "{gitea_url}/api/v1/repos/{repo}/issues/{issue_num}/comments" \\ curl -s -X POST "{gitea_url}/api/v1/repos/{repo}/issues/{issue_num}/comments" \\
-H "Authorization: token {token}" \\ -H "Authorization: token $GITEA_TOKEN" \\
-H "Content-Type: application/json" \\ -H "Content-Type: application/json" \\
-d '{{"body":"PR submitted.\\n\\nSummary:\\n- <change>\\n\\nVerification:\\n- <command/output>\\n\\nRisks:\\n- <if any>"}}' -d '{{"body":"PR submitted.\\n\\nSummary:\\n- <change>\\n\\nVerification:\\n- <command/output>\\n\\nRisks:\\n- <if any>"}}'