npm - bosun - Versions diffs - 0.31.7 → 0.32.0 - Mend

bosun 0.31.7 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/.env.example CHANGED Viewed

@@ -345,31 +345,42 @@ TELEGRAM_MINIAPP_ENABLED=false
 # OAuth Client Secret (only needed for callback-based OAuth, not for Device Flow):
 # BOSUN_GITHUB_CLIENT_SECRET=
 #
-# Webhook secret (set this in App settings → Webhook, and keep in sync):
+# Webhook secret (VirtEngine relay signs forwarded events with this — leave blank
+# until VirtEngine’s relay server is live; Bosun polls GitHub API in the meantime):
 # BOSUN_GITHUB_WEBHOOK_SECRET=
 #
 # Path to the PEM private key downloaded from App settings → Generate a private key:
 # BOSUN_GITHUB_PRIVATE_KEY_PATH=/path/to/bosun-botswain.pem
 #
+# ─── GitHub App Settings (enable all three in https://github.com/settings/apps/bosun-botswain) ────
+# ✅ Callback URL  →  http://127.0.0.1:54317/github/callback  (set this FIRST, then Save)
+# ✅ "Request user authorization (OAuth) during installation"  →  ON
+#      GitHub does OAuth at install time, redirecting to the Callback URL with
+#      installation_id + setup_action=install. Setup URL is DISABLED — that's fine.
+# ✅ "Enable Device Flow"  →  ON  (only available AFTER Callback URL is saved)
+#      Allows CLI/terminal auth without a public URL (like VS Code / Roo Code)
+# ✕ Setup URL  →  leave BLANK (GitHub disables this field when OAuth-at-install is ON)
+# ✕ "Redirect on update"  →  leave OFF (disabled alongside Setup URL)
+#
 # ─── Authentication Method ───────────────────────────────────────────────
 # RECOMMENDED: Device Flow (like VS Code / Roo Code — no public URL needed!)
 #   1. Set BOSUN_GITHUB_CLIENT_ID above
-#   2. Enable "Device Flow" in GitHub App settings (Settings → Optional features)
-#   3. Go to Settings → GitHub in the Bosun UI and click "Sign in with GitHub"
-#   4. That's it — no callback URL, no tunnel URL, no client secret needed
+#   2. Enable “Device Flow” in GitHub App settings (only clickable after Callback URL is saved)
+#   3. Go to Settings → GitHub in the Bosun UI and click “Sign in with GitHub”
+#   4. That’s it — no webhook URL, no tunnel, no public server needed
 #
-# ALTERNATIVE: OAuth Callback (requires a stable public URL)
+# ALTERNATIVE: OAuth Callback
 #   Set BOSUN_GITHUB_CLIENT_ID + BOSUN_GITHUB_CLIENT_SECRET
-#   Register callback URL in App settings:
-#     https://<your-bosun-public-url>/api/github/callback
+#   Register callback URL: http://127.0.0.1:54317/github/callback
 #
-# WEBHOOKS (optional — for real-time PR/issue sync):
-#   Register webhook URL in App settings:
-#     https://<your-bosun-public-url>/api/webhooks/github/app
-#   Webhooks require a stable public URL. Without them, Bosun polls instead.
+# NOTE on webhooks:
+#   Real-time GitHub events (PR comments, issue mentions) are received via
+#   VirtEngine’s relay server and forwarded to your Bosun instance.
+#   Until the relay is live, Bosun polls the GitHub API every few minutes instead.
+#   Users do NOT need to configure a webhook URL or run any tunnel.
 #
 # Leave BOSUN_GITHUB_APP_ID unset to disable co-author trailer injection.
-# BOSUN_GITHUB_APP_ID=
+# (App ID and Client ID are already filled in above — no need to set them again.)
 # ─── Kanban Backend ──────────────────────────────────────────────────────────
 # Task-board backend:

package/agent-prompts.mjs CHANGED Viewed

@@ -150,6 +150,19 @@ You are an autonomous task orchestrator agent. You receive implementation tasks
 - Existing functionality is preserved.
 - Relevant checks pass.
 - Branch is pushed and ready for PR/review flow.
+## Skills & Knowledge Base
+Before starting any task, load relevant skills to avoid known pitfalls and
+apply patterns discovered by previous agents:
+1. Check if \`.bosun/skills/index.json\` exists in the workspace or bosun home.
+2. Read the index to find skills whose tags match your task's module or domain.
+3. Load and apply any matching skill files from \`.bosun/skills/\`.
+After completing a task, if you discovered a non-obvious pattern, workaround, or
+domain-specific fact, write or update a skill file at \`.bosun/skills/<module>.md\`
+so the next agent benefits from your investigation.
 `,
   planner: `# Codex-Task-Planner Agent
@@ -227,12 +240,23 @@ You are the always-on reliability guardian for bosun in devmode.
 - Branch: {{BRANCH}}
 - Repository: {{REPO_SLUG}}
+## Skills — Load Before Starting
+Check for relevant skills before implementing:
+1. Look for \`.bosun/skills/index.json\` (in workspace root or BOSUN_HOME).
+2. Read the index; load skills whose tags match this task's module/domain.
+3. Apply the patterns — especially \`background-task-execution\`, \`error-recovery\`,
+   and \`pr-workflow\` which apply to almost every task.
 ## Instructions
-1. Read task requirements carefully.
-2. Implement required code changes.
-3. Run relevant tests/lint/build checks.
-4. Commit with conventional commit format.
-5. Push branch updates.
+1. Load relevant skills as described above.
+2. Read task requirements carefully.
+3. Implement required code changes.
+4. Run relevant tests/lint/build checks.
+5. Commit with conventional commit format.
+6. Push branch updates.
+7. After completing: if you discovered non-obvious patterns, write a skill file
+   at \`.bosun/skills/<module>.md\` for future agents.
 ## Critical Rules
 - Do not ask for manual confirmation.