create-openthrottle 1.0.0

package/templates/docker/task-adapter.sh

@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+# =============================================================================
+# task-adapter.sh — Thin abstraction over task management APIs
+#
+# Wraps issue/task lifecycle operations so the runner scripts don't call
+# `gh issue ...` directly. Currently GitHub-only; designed so a Linear (or
+# other) backend can be swapped in later by adding a case branch.
+#
+# PR/code-hosting operations (gh pr ...) are NOT abstracted here — those are
+# always GitHub regardless of task provider.
+#
+# Usage:
+#   source /opt/openthrottle/task-adapter.sh   # (in snapshot)
+#   source ./scripts/task-adapter.sh          # (local dev)
+#
+# Requires:
+#   GITHUB_REPO  — owner/repo
+#   GITHUB_TOKEN — auth token (used implicitly by gh)
+#
+# Optional:
+#   TASK_PROVIDER — "github" (default). Future: "linear".
+# =============================================================================
+
+TASK_PROVIDER="${TASK_PROVIDER:-github}"
+
+# ---------------------------------------------------------------------------
+# task_transition ID OLD_STATUS NEW_STATUS
+#   Atomically moves a task from one state to another.
+#   Removes the old label, adds the new one.
+# ---------------------------------------------------------------------------
+task_transition() {
+  local ID="$1" OLD_STATUS="$2" NEW_STATUS="$3"
+
+  case "$TASK_PROVIDER" in
+    github)
+      gh issue edit "$ID" --repo "$GITHUB_REPO" \
+        --remove-label "$OLD_STATUS" --add-label "$NEW_STATUS" 2>/dev/null || true
+      ;;
+    *)
+      echo "[task-adapter] Unknown provider: ${TASK_PROVIDER}" >&2
+      return 1
+      ;;
+  esac
+}
+
+# ---------------------------------------------------------------------------
+# task_close ID
+#   Closes a task/issue.
+# ---------------------------------------------------------------------------
+task_close() {
+  local ID="$1"
+
+  case "$TASK_PROVIDER" in
+    github)
+      gh issue close "$ID" --repo "$GITHUB_REPO" 2>/dev/null || true
+      ;;
+    *)
+      echo "[task-adapter] Unknown provider: ${TASK_PROVIDER}" >&2
+      return 1
+      ;;
+  esac
+}
+
+# ---------------------------------------------------------------------------
+# task_comment ID BODY
+#   Posts a comment on a task/issue.
+# ---------------------------------------------------------------------------
+task_comment() {
+  local ID="$1" BODY="$2"
+
+  case "$TASK_PROVIDER" in
+    github)
+      gh issue comment "$ID" --repo "$GITHUB_REPO" --body "$BODY" 2>/dev/null || true
+      ;;
+    *)
+      echo "[task-adapter] Unknown provider: ${TASK_PROVIDER}" >&2
+      return 1
+      ;;
+  esac
+}
+
+# ---------------------------------------------------------------------------
+# task_view ID [--json FIELDS] [--jq EXPR]
+#   Read task/issue details. Passes through --json and --jq to gh.
+# ---------------------------------------------------------------------------
+task_view() {
+  local ID="$1"; shift
+
+  case "$TASK_PROVIDER" in
+    github)
+      gh issue view "$ID" --repo "$GITHUB_REPO" "$@"
+      ;;
+    *)
+      echo "[task-adapter] Unknown provider: ${TASK_PROVIDER}" >&2
+      return 1
+      ;;
+  esac
+}
+
+# ---------------------------------------------------------------------------
+# task_read_comments ID FILTER_PATTERN
+#   Read comments from a task, optionally filtered by a grep pattern.
+#   Returns the matching comment bodies.
+# ---------------------------------------------------------------------------
+task_read_comments() {
+  local ID="$1" FILTER="${2:-}"
+
+  case "$TASK_PROVIDER" in
+    github)
+      if [[ -n "$FILTER" ]]; then
+        gh issue view "$ID" --repo "$GITHUB_REPO" --json comments \
+          --jq "[.comments[] | select(.body | contains(\"${FILTER}\"))] | last | .body" 2>/dev/null || echo ""
+      else
+        gh issue view "$ID" --repo "$GITHUB_REPO" --json comments \
+          --jq '[.comments[].body] | join("\n\n---\n\n")' 2>/dev/null || echo ""
+      fi
+      ;;
+    *)
+      echo "[task-adapter] Unknown provider: ${TASK_PROVIDER}" >&2
+      return 1
+      ;;
+  esac
+}

package/templates/wake-sandbox.yml

@@ -0,0 +1,146 @@
+# Wake Daytona sandbox when work arrives on GitHub.
+#
+# Triggers:
+#   - Issue labeled prd-queued or bug-queued → builder sandbox
+#   - PR labeled needs-review               → reviewer sandbox
+#   - PR review with changes_requested      → review-fix sandbox
+#
+# Each trigger creates a fresh ephemeral sandbox — no polling, no long-lived state.
+# Multiple triggers fire in parallel (one sandbox per task).
+#
+# Required repository secrets:
+#   DAYTONA_API_KEY          — API key from daytona.io
+#   ANTHROPIC_API_KEY        — (option a) or
+#   CLAUDE_CODE_OAUTH_TOKEN  — (option b) for Claude Code auth
+#   TELEGRAM_BOT_TOKEN       — optional, for notifications
+#   TELEGRAM_CHAT_ID         — optional, for notifications
+#   SUPABASE_ACCESS_TOKEN    — optional, for Supabase MCP
+
+name: Wake Sandbox
+
+on:
+  issues:
+    types: [labeled]
+  pull_request:
+    types: [labeled]
+  pull_request_review:
+    types: [submitted]
+
+concurrency:
+  group: openthrottle-${{ github.event.issue.number || github.event.pull_request.number }}
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  run-task:
+    if: >-
+      contains(fromJSON('["prd-queued", "bug-queued", "needs-review", "needs-investigation"]'), github.event.label.name) ||
+      (github.event.review.state == 'changes_requested')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Resolve work item
+        id: work
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          EVENT_LABEL: ${{ github.event.label.name }}
+          EVENT_REVIEW_STATE: ${{ github.event.review.state }}
+          EVENT_ISSUE_NUM: ${{ github.event.issue.number }}
+          EVENT_PR_NUM: ${{ github.event.pull_request.number }}
+        run: |
+          # Determine work item number
+          WORK_ITEM="${EVENT_ISSUE_NUM}"
+          if [[ -z "$WORK_ITEM" ]]; then
+            WORK_ITEM="${EVENT_PR_NUM}"
+          fi
+          if [[ -z "$WORK_ITEM" ]]; then
+            echo "::error::Could not determine work item number from event payload"
+            exit 1
+          fi
+          echo "item=$WORK_ITEM" >> "$GITHUB_OUTPUT"
+
+          # Determine task type (using env vars, not inline ${{ }} expressions)
+          TASK_TYPE="prd"
+          if [[ "$EVENT_LABEL" == "bug-queued" ]]; then
+            TASK_TYPE="bug"
+          elif [[ "$EVENT_LABEL" == "needs-review" ]]; then
+            TASK_TYPE="review"
+          elif [[ "$EVENT_LABEL" == "needs-investigation" ]]; then
+            TASK_TYPE="investigation"
+          elif [[ "$EVENT_REVIEW_STATE" == "changes_requested" ]]; then
+            TASK_TYPE="review-fix"
+          fi
+          echo "task_type=$TASK_TYPE" >> "$GITHUB_OUTPUT"
+
+          # Extract session ID for review fixes (portable — no grep -oP)
+          RESUME_SESSION=""
+          if [[ "$TASK_TYPE" == "review-fix" ]]; then
+            RESUME_SESSION=$(gh pr view "$EVENT_PR_NUM" --json comments \
+              --jq '.comments[] | select(.body | contains("session-id:")) | .body' \
+              | sed -n 's/.*session-id: \([^ ]*\).*/\1/p' | tail -1) || true
+          fi
+          echo "resume_session=$RESUME_SESSION" >> "$GITHUB_OUTPUT"
+
+      - name: Validate config
+        run: |
+          SNAPSHOT=$(yq '.snapshot // ""' .openthrottle.yml)
+          if [[ -z "$SNAPSHOT" || "$SNAPSHOT" == "null" ]]; then
+            echo "::error::Missing 'snapshot' key in .openthrottle.yml — cannot create sandbox"
+            exit 1
+          fi
+          echo "snapshot=$SNAPSHOT" >> "$GITHUB_OUTPUT"
+        id: config
+
+      - name: Activate snapshot (reactivates if idle >2 weeks)
+        env:
+          DAYTONA_API_KEY: ${{ secrets.DAYTONA_API_KEY }}
+        run: |
+          daytona snapshot activate "${{ steps.config.outputs.snapshot }}" 2>/dev/null || true
+
+      - name: Create and run sandbox
+        env:
+          DAYTONA_API_KEY: ${{ secrets.DAYTONA_API_KEY }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+        run: |
+          # Create ephemeral sandbox (capture both stdout and stderr for error reporting)
+          OUTPUT=$(daytona create \
+            --snapshot "${{ steps.config.outputs.snapshot }}" \
+            --auto-delete 0 \
+            --auto-stop 60 \
+            --cpu 2 --memory 4096 --disk 10 \
+            --label project=${{ github.event.repository.name }} \
+            --label task_type="${{ steps.work.outputs.task_type }}" \
+            --label issue="${{ steps.work.outputs.item }}" \
+            --volume openthrottle-${{ github.repository_id }}:/home/daytona/.claude \
+            --env GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
+            --env GITHUB_REPO=${{ github.repository }} \
+            --env ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} \
+            --env CLAUDE_CODE_OAUTH_TOKEN=${CLAUDE_CODE_OAUTH_TOKEN} \
+            --env SUPABASE_ACCESS_TOKEN=${SUPABASE_ACCESS_TOKEN} \
+            --env TELEGRAM_BOT_TOKEN=${{ secrets.TELEGRAM_BOT_TOKEN }} \
+            --env TELEGRAM_CHAT_ID=${{ secrets.TELEGRAM_CHAT_ID }} \
+            --env WORK_ITEM="${{ steps.work.outputs.item }}" \
+            --env TASK_TYPE="${{ steps.work.outputs.task_type }}" \
+            --env RESUME_SESSION="${{ steps.work.outputs.resume_session }}" \
+            2>&1) || {
+              # Redact secrets from error output
+              SAFE_OUTPUT=$(echo "$OUTPUT" | sed \
+                -e "s/${ANTHROPIC_API_KEY:-___}/[REDACTED]/g" \
+                -e "s/${CLAUDE_CODE_OAUTH_TOKEN:-___}/[REDACTED]/g" \
+                -e "s/${SUPABASE_ACCESS_TOKEN:-___}/[REDACTED]/g" \
+                -e "s/${GH_TOKEN:-___}/[REDACTED]/g")
+              echo "::error::Sandbox creation failed: $SAFE_OUTPUT"
+              exit 1
+            }
+          SANDBOX_ID="$OUTPUT"
+
+          echo "Sandbox created: $SANDBOX_ID"
+          echo "Task: ${{ steps.work.outputs.task_type }} #${{ steps.work.outputs.item }}"