tinker-agent 1.0.55 → 1.0.57

package/agents.rb

@@ -91,6 +91,29 @@ If blocked (e.g., missing tools, auth errors, ambiguous requirements):
 3.  **Priority:** High or Critical.
 4.  **Context:** Include action attempted, error details, related Ticket ID, and suggested fix.
 
+### BUG HANDLING PRIORITY (CRITICAL)
+
+When you discover a bug during implementation:
+
+**MANDATORY WORKFLOW:**
+1. **FIX IT NOW** - Write code to resolve the issue immediately
+2. **TEST IT** - Add tests to prevent regression and verify the fix
+3. **ESCALATE ONLY** - If you absolutely cannot fix it, create a ticket explaining WHY
+
+**FORBIDDEN (ANTI-PATTERNS):**
+*   ❌ Writing PR comments or tests that describe bugs without fixing them
+*   ❌ Creating documentation for unfixed bugs
+*   ❌ Adding TODO comments for bugs you could fix yourself
+*   ❌ Marking tests as "KNOWN BUG" or "xfail" to document issues
+
+**WHY THIS MATTERS:**
+*   **User Trust:** "Documenting bugs" looks like laziness or incompetence
+*   **Code Quality:** Production code should not have known bugs
+*   **Team Value:** Agentic team should reduce bug count, not catalog it
+*   **Reference:** Knowledge Article #36 defines this standard
+
+**USER TRUST DEPENDS ON FIXING BUGS, NOT CATALOGING THEM.**
+
 ### UNIVERSAL TECHNICAL CONSTRAINTS
 1.  **Tool Formatting:** Do NOT use a colon before tool calls (e.g., write "Let me search" NOT "Let me search:").
 2.  **URL Safety:** NEVER guess or hallucinate URLs. Use only known valid URLs.
@@ -122,10 +145,15 @@ You are the **TINKER REVIEWER** agent operating in **FULLY AUTONOMOUS MODE**.
 2.  **MANDATORY:** Run test suite (`bundle exec rspec`) **BEFORE** any approval decision.
 3.  **Detect missing specs:** Ensure file changes have corresponding tests.
 4.  **Reject (Fail):** If tests fail or specs are missing, you MUST reject.
-5.  **Feedback:** Add `code_review` comments with findings.
-6.  **Transition:** Use `pass_audit` or `fail_audit`.
-7.  **Knowledge:** Search memory for project standards.
-8.  **Completion:** Mark idle after completing the review.
+5.  **CRITICAL:** Reject PRs that document bugs without fixing them.
+    *   Watch for: Tests marked "KNOWN BUG", "xfail", or similar that intentionally fail
+    *   Watch for: PR comments describing unfixed issues instead of fixing them
+    *   Watch for: TODO comments for bugs the worker could have fixed
+    *   **Standard:** Workers MUST FIX bugs they discover, not catalog them (KB #36)
+6.  **Feedback:** Add `code_review` comments with findings.
+7.  **Transition:** Use `pass_audit` or `fail_audit`.
+8.  **Knowledge:** Search memory for project standards.
+9.  **Completion:** Mark idle after completing the review.
 
 ### FORBIDDEN ACTIONS (STRICT)
 *   Do NOT implement new features or functionality.
@@ -198,7 +226,7 @@ You must use `create_proposal` to suggest actions.
 2. **Analysis & Memory**
    - Analyze patterns across tickets and code.
    - Store observations using `store_memory`.
-   - Identify stale or incorrect memories and create `memory_cleanup` proposals.
+   - Identify stale or incorrect memories and delete them using `delete_memory` tool (autonomous cleanup).
 
 3. **Knowledge Base Maintenance**
    - **Consult First:** Always search for human instructions (`tags: instruction`) and architectural patterns before proposing changes.
@@ -218,7 +246,7 @@ You must use `create_proposal` to suggest actions.
 **Structure:**
 Every proposal must include:
 - `title`: Clear and concise.
-- `proposal_type`: One of [new_ticket, memory_cleanup, refactor, test_gap, feature].
+- `proposal_type`: One of [new_ticket, refactor, test_gap, feature].
 - `reasoning`: Why this matters.
 - `confidence`: high/medium/low.
 - `priority`: high/medium/low.
@@ -226,7 +254,6 @@ Every proposal must include:
 
 **Types:**
 - `new_ticket`: Suggest a new task to be created.
-- `memory_cleanup`: Request deletion of stale/incorrect memories.
 - `refactor`: Identify code requiring refactoring.
 - `test_gap`: Find missing test coverage.
 - `feature`: Suggest new features or improvements.
@@ -237,7 +264,6 @@ Every proposal must include:
 
 **ABSOLUTELY FORBIDDEN:**
 - Modifying code, tickets, or files directly.
-- Deleting or modifying memories directly (use `memory_cleanup` proposal).
 - Writing, editing, or refactoring code.
 - Making git commits or pull requests.
 - Sending messages to other agents.

package/bin/install-agent.sh

@@ -7,7 +7,7 @@ export DEBIAN_FRONTEND=noninteractive
 echo 'Acquire::Check-Date "false";' > /etc/apt/apt.conf.d/99no-check-date
 
 apt-get update && apt-get install -y \
-    git curl tmux sudo unzip wget
+    git curl tmux sudo unzip wget jq nano
 
 # Install Node.js (required for Claude CLI)
 # Check for existing Node installation

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tinker-agent",
-  "version": "1.0.55",
+  "version": "1.0.57",
   "description": "Tinker Agent Runner",
   "bin": {
     "tinker-agent": "./run-tinker-agent.rb"

package/setup-agent.rb

@@ -260,8 +260,6 @@ def setup_claude_settings!
     end
   end
   
-  session_hook_to_add = {
-  
   session_hook_to_add = {
     "hooks" => [{ "type" => "command", "command" => "ruby \"#{dest_path}\"" }]
   }
@@ -286,7 +284,7 @@ def setup_skills!
   skills = ENV["SKILLS"].to_s.split(",")
   return if skills.empty?
 
-  skills_dir = ".claude/skills"
+  skills_dir = File.expand_path("~/.claude/skills")
   puts "🧠 Installing #{skills.size} skills to #{skills_dir}..."
   FileUtils.mkdir_p(skills_dir)
   
@@ -426,34 +424,70 @@ def setup_github_auth!
 
     # Configure git
     system("git config --global credential.helper '!f() { test \"$1\" = get && echo \"protocol=https\" && echo \"host=github.com\" && echo \"username=x-access-token\" && echo \"password=$(#{helper_path})\"; }; f'")
-    
-    # Configure gh CLI wrapper for auto-refresh
-    real_gh_path = "/usr/bin/gh"
-    if File.exist?(real_gh_path)
-      wrapper_path = "/usr/local/bin/gh"
-      wrapper_content = <<~BASH
-        #!/bin/bash
-        # Auto-refresh GitHub token using git-auth-helper
-        export GH_TOKEN=$(#{helper_path})
-        exec #{real_gh_path} "$@"
-      BASH
-      
-      File.write("/tmp/gh-wrapper", wrapper_content)
-      system("sudo mv /tmp/gh-wrapper #{wrapper_path}")
-      system("sudo chmod +x #{wrapper_path}")
-      puts "✅ GitHub App authentication configured (with auto-refresh)"
-    else
-      puts "⚠️  Could not find 'gh' at #{real_gh_path}, skipping wrapper"
+
+    # Configure gh CLI wrapper for auto-refresh and permission controls
+    if install_gh_wrapper!(real_gh_path: "/usr/bin/gh", with_token_refresh: true, token_helper_path: helper_path)
+      puts "✅ GitHub App authentication configured (with auto-refresh + permission controls)"
     end
 
   elsif ENV["GH_TOKEN"] && !ENV["GH_TOKEN"].empty?
     system("echo '#{ENV['GH_TOKEN']}' | gh auth login --with-token 2>/dev/null")
-    puts "🔐 GitHub authentication configured"
+
+    # Install wrapper for permission controls even with GH_TOKEN
+    if install_gh_wrapper!(real_gh_path: "/usr/bin/gh")
+      puts "🔐 GitHub authentication configured (with permission controls)"
+    else
+      puts "🔐 GitHub authentication configured"
+    end
   else
     puts "⚠️  No GH_TOKEN or GitHub App config - GitHub operations may fail"
   end
 end
 
+def install_gh_wrapper!(real_gh_path:, with_token_refresh: false, token_helper_path: nil)
+  unless File.exist?(real_gh_path)
+    puts "⚠️  Could not find 'gh' at #{real_gh_path}, skipping wrapper"
+    return false
+  end
+
+  # Move real gh to gh.real if not already done
+  unless File.exist?("#{real_gh_path}.real")
+    system("sudo mv #{real_gh_path} #{real_gh_path}.real")
+  end
+
+  wrapper_path = "/usr/local/bin/gh"
+
+  # Build token export line if auto-refresh is enabled
+  token_export = with_token_refresh ? "export GH_TOKEN=$(#{token_helper_path})\n\n" : ""
+
+  wrapper_content = <<~BASH
+    #!/bin/bash
+    # GitHub CLI wrapper with permission controls for agents
+    #{token_export}# Check if caller is an agent (read AGENT_TYPE at runtime)
+    if [ -n "$AGENT_TYPE" ] && [[ "$AGENT_TYPE" =~ ^(worker|planner|reviewer|researcher)$ ]]; then
+      # Block comment-related commands for agents
+      if [[ "$1" == "comment" ]] || ([[ "$1" == "pr" ]] && [[ "$2" == "comment" ]]); then
+        echo "❌ You cannot use 'gh $*' commands as an agent." >&2
+        echo "" >&2
+        echo "Tinker has its own comment system via the add_comment MCP tool." >&2
+        echo "Please use the add_comment tool instead of gh commands." >&2
+        echo "" >&2
+        echo "Example:" >&2
+        echo "  add_comment(ticket_id: 123, content: \\"Your comment here\\", comment_type: \\"note\\")" >&2
+        exit 1
+      fi
+    fi
+
+    # Execute real gh binary with all arguments
+    exec #{real_gh_path}.real "$@"
+  BASH
+
+  File.write("/tmp/gh-wrapper", wrapper_content)
+  system("sudo mv /tmp/gh-wrapper #{wrapper_path}")
+  system("sudo chmod +x #{wrapper_path}")
+  true
+end
+
 def setup_git_config!
   # Configure identity if provided
   if ENV["GIT_USER_NAME"] && !ENV["GIT_USER_NAME"].empty?