From 95027d1ca41a5682d512b620a44dc65eb90612aa Mon Sep 17 00:00:00 2001 From: "fro-bot[bot]" <109017866+fro-bot[bot]@users.noreply.github.com> Date: Sun, 17 May 2026 17:10:18 -0700 Subject: [PATCH 01/77] chore(data): restore data branch From 8bfbc3e46881ea6e35900c39b0b594ec8e07779e Mon Sep 17 00:00:00 2001 From: "fro-bot[bot]" <109017866+fro-bot[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 08:53:15 +0000 Subject: [PATCH 02/77] chore(reconcile): +0 new, 4 pending-review, 0 lost-access, 1 refreshes --- metadata/repos.yaml | 50 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 826661439..8068fa0e0 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -268,9 +268,57 @@ repos: onboarding_status: pending last_survey_at: null last_survey_status: null - has_fro_bot_workflow: false + has_fro_bot_workflow: true has_renovate: false discovery_channel: collab next_survey_eligible_at: null private: true node_id: R_kgDOSZ9x-w + - owner: bfra-me + name: .github + added: 2026-05-18 + onboarding_status: pending-review + last_survey_at: null + last_survey_status: null + has_fro_bot_workflow: false + has_renovate: false + discovery_channel: collab + next_survey_eligible_at: null + private: false + node_id: R_kgDOHBEXpg + - owner: bfra-me + name: ha-addon-repository + added: 2026-05-18 + onboarding_status: pending-review + last_survey_at: null + last_survey_status: null + has_fro_bot_workflow: false + has_renovate: false + discovery_channel: collab + next_survey_eligible_at: null + private: false + node_id: R_kgDOIKWaJA + - owner: bfra-me + name: renovate-action + added: 2026-05-18 + onboarding_status: pending-review + last_survey_at: null + last_survey_status: null + has_fro_bot_workflow: false + has_renovate: false + discovery_channel: collab + next_survey_eligible_at: null + private: false + node_id: R_kgDOKWu8zQ + - owner: bfra-me + name: works + added: 2026-05-18 + onboarding_status: pending-review + last_survey_at: null + last_survey_status: null + has_fro_bot_workflow: false + has_renovate: false + discovery_channel: collab + next_survey_eligible_at: null + private: false + node_id: MDEwOlJlcG9zaXRvcnkzMDc1NzM1OTE= From 2d2992dc56831c17f4be5b5c27f701add752bcf3 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 18 May 2026 01:56:43 -0700 Subject: [PATCH 03/77] feat(knowledge): survey marcusrbrown/marcusrbrown --- knowledge/index.md | 2 +- knowledge/log.md | 24 ++++++++ .../wiki/repos/marcusrbrown--marcusrbrown.md | 57 ++++++++++++++++++- 3 files changed, 80 insertions(+), 3 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 8b49ef6d0..97f174a9c 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -16,7 +16,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) -- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) +- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled profile updates); Renovate thawed 2026-05-14 (preset 4.5.1 → 5.2.0), ecosystem deps caught up - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections) - [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses with async completion notifications diff --git a/knowledge/log.md b/knowledge/log.md index 3ca637b12..11456435f 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1112,3 +1112,27 @@ Sources: https://github.com/marcusrbrown/ha-config (SHA f80fbc124c0765b8685c3cd9 Surveyed marcusrbrown/ha-config and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/ha-config + +## [2026-05-18 08:55] ingest | repo:marcusrbrown/marcusrbrown + +Re-surveyed `marcusrbrown/marcusrbrown` at SHA `de594cd` (delta from prior `af78e68`). Updated `marcusrbrown--marcusrbrown.md` additively — frontmatter SHA + accessed date, `Last push` 2026-03-12 → 2026-05-18, retained prior version comparison table as historical snapshot, added 2026-05-18 snapshot table, added "Renovate Thaw" section, refreshed Open Work Items, appended survey history row. + +Key deltas since 2026-04-24: + +- **Renovate is unstalled.** Issue #895 closed 2026-05-14T06:25:44Z after Marcus shipped #897 bumping the `marcusrbrown/renovate-config` preset 4.5.1 → 5.2.0, which fixed the malformed RE2 regex. 18 Renovate PRs flushed the backlog over four days. +- `bfra-me/.github` reusable workflows: v4.4.0 → v4.16.18 (matches ecosystem head) +- `pnpm` 10.31.0 → 10.33.4; `Node.js` 24.14.0 → 24.15.0; `Prettier` 3.8.1 → 3.8.3 +- `vitest`/`@vitest/ui` 4.0.18 → 4.1.6; `tsx` 4.20.3 → 4.22.0; `jiti` 2.6.1 → 2.7.0 (now constrained `<2.8.0`) +- New pinned dev deps via #907 sweep: `@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4 +- **Trailing item:** `@bfra.me/eslint-config` still 0.50.1 vs ecosystem ≥0.51.0 — Renovate has not opened a PR; worth verifying pin/range +- **Still no Fro Bot workflow** in `.github/workflows/` (cleanup-cache, main, renovate, update-profile, update-repo-settings). Follow-up draft PR remains warranted. + +No new topic, entity, or comparison pages required — all touched concepts already covered by [[github-actions-ci]], [[probot-settings]], and the existing repo cross-references. `index.md` entry unchanged (description still accurate). + +Sources: https://github.com/marcusrbrown/marcusrbrown (SHA de594cdd416b60d92caba6684492659620a22439) + +## [2026-05-18 08:56] ingest | repo:marcusrbrown/marcusrbrown + +Surveyed marcusrbrown/marcusrbrown and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/marcusrbrown diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md index f3106e471..a11265c04 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md @@ -2,8 +2,11 @@ type: repo title: "marcusrbrown/marcusrbrown" created: 2026-04-18 -updated: 2026-04-24 +updated: 2026-05-18 sources: + - url: https://github.com/marcusrbrown/marcusrbrown + sha: de594cdd416b60d92caba6684492659620a22439 + accessed: 2026-05-18 - url: https://github.com/marcusrbrown/marcusrbrown sha: af78e68d510b24152531f7fdafe9bff35a58f071 accessed: 2026-04-24 @@ -28,7 +31,7 @@ Marcus R. Brown's GitHub profile README repository. A TypeScript-powered automat - **Default branch:** `main` - **Language:** TypeScript - **Created:** 2020-12-09 -- **Last push:** 2026-03-12 +- **Last push:** 2026-05-18 - **License:** MIT - **Topics:** `github`, `readme-profile`, `profile-readme`, `awesome-readme`, `typescript`, `markdown` - **Collaborators:** `marcusrbrown` (admin), `fro-bot` (push) @@ -177,6 +180,27 @@ The repo does reference `fro-bot/.github:common-settings.yaml` in its Probot set ## Version Comparison (vs. Ecosystem) +### 2026-05-18 snapshot (post-thaw) + +| Dependency | This Repo | Ecosystem Latest | Delta vs 2026-04-24 | +| --- | --- | --- | --- | +| `marcusrbrown/renovate-config` | `#5.2.0` | `#5.2.0` | `#4.5.1` → `#5.2.0` (major bump; preset regex fixed) | +| `bfra-me/.github` | v4.16.18 | v4.16.18 | v4.4.0 → v4.16.18 | +| `pnpm` | 10.33.4 | 10.33.4 | 10.31.0 → 10.33.4 | +| `Prettier` | 3.8.3 | 3.8.3 | 3.8.1 → 3.8.3 | +| `@bfra.me/prettier-config` | 0.16.9 | 0.16.9 | (newly pinned) | +| `@bfra.me/tsconfig` | 0.13.1 | 0.13.1 | (newly pinned) | +| `@bfra.me/eslint-config` | 0.50.1 | ≥0.51.0 | unchanged — still trailing | +| `Node.js` | 24.15.0 | 24.15.0 | 24.14.0 → 24.15.0 | +| `vitest` / `@vitest/ui` | 4.1.6 | 4.1.6 | 4.0.18 → 4.1.6 | +| `tsx` | 4.22.0 | 4.22.0 | 4.20.3 → 4.22.0 | +| `jiti` | 2.7.0 (`<2.8.0`) | 2.x | 2.6.1 → 2.7.0 | +| `@types/node` | 24.12.4 | 24.12.4 | (newly pinned) | +| `lint-staged` | 16.4.0 | 16.4.0 | unchanged | +| `simple-git-hooks` | 2.13.1 | 2.13.1 | unchanged | + +### 2026-04-24 snapshot (pre-thaw, retained for history) + | Dependency | This Repo | Ecosystem Latest | | --- | --- | --- | | `marcusrbrown/renovate-config` | `#4.5.1` | `#4.5.8` | @@ -186,9 +210,38 @@ The repo does reference `fro-bot/.github:common-settings.yaml` in its Probot set | `@bfra.me/eslint-config` | 0.50.1 | ≥0.51.0 | | `Node.js` | 24.14.0 | 24.15.0 | +## 2026-05-18 Update: Renovate Thaw + +The Renovate stall documented on 2026-04-24 has cleared. Issue #895 closed 2026-05-14T06:25:44Z. Marcus shipped #897 (`ci(renovate): update marcusrbrown/renovate-config preset to 5.2.0`) at 2026-05-14T06:20:01Z, which fixed the malformed RE2 regex in the preset chain. Within the same hour, Renovate flushed the backlog: + +- #900: chore(deps) update all non-major dependencies +- #901: prettier → 3.8.3 +- #902: jiti → `<2.8.0` +- #904 / #908: vitest monorepo → 4.1.5 → 4.1.6 +- #898/#905: pin + bump `@bfra.me/prettier-config` to 0.16.7 → 0.16.8 → 0.16.9 (#910) +- #899/#906/#911: pin + bump `@bfra.me/tsconfig` to 0.12.2 → 0.13.0 → 0.13.1 +- #907: chore(dev) pin dependencies (added `@types/node` 24.12.4) +- #909: `@types/node` → 24.12.4 +- #912 → #915: rolling `bfra-me/.github` v4.16.17 → v4.16.18 +- #913 / #914: tsx 4.21.1 → 4.22.0 + +The 6-week dependency drift documented previously is largely gone. Outstanding trailing item: `@bfra.me/eslint-config` is still pinned at 0.50.1 while the ecosystem advanced past 0.51.0 — Renovate has not opened a PR for this, suggesting either a deliberate pin or a missing range allowance. Worth verifying before next survey. + +The "newly pinned" rows above reflect #907's pin sweep: previously caret-ranged dev deps were locked to exact versions, aligning with the rest of the ecosystem. + +### Updated Open Work Items + +| # | Title | Author | State | Notes | +| --- | --- | --- | --- | --- | +| #284 | Dependency Dashboard | mrbro-bot[bot] | open | Standard Renovate dashboard issue | +| #895 | Action Required: Fix Renovate Configuration | mrbro-bot[bot] | **closed** 2026-05-14 | Resolved by #897 (preset → 5.2.0) | + +Backlog is back to baseline. The profile update pipeline (every 6 hours) and Renovate are both healthy. + ## Survey History | Date | SHA | Delta | | --- | --- | --- | | 2026-04-18 | `af78e68` | Initial survey | | 2026-04-24 | `af78e68` | SHA unchanged; documented Renovate stall (issue #895), dependency drift vs ecosystem, fro-bot collaborator confirmed, open work items added | +| 2026-05-18 | `de594cd` | Renovate thaw confirmed (#895 closed, preset → 5.2.0 via #897); 18 dependency PRs landed 2026-05-14 → 2026-05-18; bumped `bfra-me/.github` v4.4.0 → v4.16.18, `pnpm` 10.31.0 → 10.33.4, `vitest` 4.0.18 → 4.1.6, `tsx` 4.20.3 → 4.22.0, `Node.js` 24.14.0 → 24.15.0, `Prettier` 3.8.1 → 3.8.3; new pinned deps added (`@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4); `@bfra.me/eslint-config` 0.50.1 still trailing; no Fro Bot workflow yet — follow-up PR still warranted | From 74c3c4360be7246289f3966be9beeffea3693371 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 18 May 2026 01:56:45 -0700 Subject: [PATCH 04/77] chore(reconcile): record survey success for marcusrbrown/marcusrbrown --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 8068fa0e0..459b52d06 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -110,12 +110,12 @@ repos: name: marcusrbrown added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-04-27 + last_survey_at: 2026-05-18 last_survey_status: success has_fro_bot_workflow: false has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-05-29 + next_survey_eligible_at: 2026-06-20 private: false node_id: MDEwOlJlcG9zaXRvcnkzMTk5Mjg2NjE= - owner: marcusrbrown From dd3613170d0688199f5b1c59764c832c045b7759 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 18 May 2026 01:58:49 -0700 Subject: [PATCH 05/77] feat(knowledge): survey marcusrbrown/marcusrbrown.github.io --- knowledge/index.md | 2 +- knowledge/log.md | 34 +++---- .../marcusrbrown--marcusrbrown-github-io.md | 88 ++++++++++++++----- 3 files changed, 85 insertions(+), 39 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 97f174a9c..8b49ef6d0 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -16,7 +16,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) -- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled profile updates); Renovate thawed 2026-05-14 (preset 4.5.1 → 5.2.0), ecosystem deps caught up +- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections) - [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses with async completion notifications diff --git a/knowledge/log.md b/knowledge/log.md index 11456435f..ceffeed34 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1113,26 +1113,28 @@ Surveyed marcusrbrown/ha-config and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/ha-config -## [2026-05-18 08:55] ingest | repo:marcusrbrown/marcusrbrown +## [2026-05-18 08:56] ingest | marcusrbrown/marcusrbrown.github.io -Re-surveyed `marcusrbrown/marcusrbrown` at SHA `de594cd` (delta from prior `af78e68`). Updated `marcusrbrown--marcusrbrown.md` additively — frontmatter SHA + accessed date, `Last push` 2026-03-12 → 2026-05-18, retained prior version comparison table as historical snapshot, added 2026-05-18 snapshot table, added "Renovate Thaw" section, refreshed Open Work Items, appended survey history row. +Incremental re-survey of `marcusrbrown/marcusrbrown.github.io` (SHA `4cd8198`, up from `ec4b785` on 2026-04-25). Additive update to repo page `marcusrbrown--marcusrbrown-github-io.md`. Index unchanged (page already cataloged with accurate description). No new topic/entity/comparison pages warranted — `github-pages.md` and `github-actions-ci.md` already cover the cross-cutting concerns observed here. -Key deltas since 2026-04-24: - -- **Renovate is unstalled.** Issue #895 closed 2026-05-14T06:25:44Z after Marcus shipped #897 bumping the `marcusrbrown/renovate-config` preset 4.5.1 → 5.2.0, which fixed the malformed RE2 regex. 18 Renovate PRs flushed the backlog over four days. -- `bfra-me/.github` reusable workflows: v4.4.0 → v4.16.18 (matches ecosystem head) -- `pnpm` 10.31.0 → 10.33.4; `Node.js` 24.14.0 → 24.15.0; `Prettier` 3.8.1 → 3.8.3 -- `vitest`/`@vitest/ui` 4.0.18 → 4.1.6; `tsx` 4.20.3 → 4.22.0; `jiti` 2.6.1 → 2.7.0 (now constrained `<2.8.0`) -- New pinned dev deps via #907 sweep: `@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4 -- **Trailing item:** `@bfra.me/eslint-config` still 0.50.1 vs ecosystem ≥0.51.0 — Renovate has not opened a PR; worth verifying pin/range -- **Still no Fro Bot workflow** in `.github/workflows/` (cleanup-cache, main, renovate, update-profile, update-repo-settings). Follow-up draft PR remains warranted. +Deltas since prior survey: -No new topic, entity, or comparison pages required — all touched concepts already covered by [[github-actions-ci]], [[probot-settings]], and the existing repo cross-references. `index.md` entry unchanged (description still accurate). +- **Fro Bot agent bumped seven times in three weeks:** v0.41.4 → v0.42.6 → v0.42.7 → v0.43.0 → v0.43.1 → v0.43.2 → v0.43.3 → **v0.44.0** (current, pinned via SHA `b030b53b1b47b1bed77a581222706c900cc63b0e`) +- **Autoheal integrated into `fro-bot.yaml` itself (PR #407, 2026-05-14)** — added as a second cron (`30 3 * * *`) and a `workflow_dispatch` `mode` input (review/maintenance/autoheal). Architecturally distinct from the sibling-repo pattern that uses a separate `fro-bot-autoheal.yaml`. +- **Autoheal prompt has 8 categories** (Errored PRs, Security, Code Quality, DX, Production Site Review, Quality Gates Verification, Cross-Project Intelligence Inbound, Upstream Modernization Watch Sundays-only) vs 5 in [[marcusrbrown--vbs]] / [[marcusrbrown--mrbro-dev]] +- **Renovate preset major-version jump:** `marcusrbrown/renovate-config#4.5.8 → #5.2.0` (PR #406, 2026-05-16). Same upgrade dropped the `fast-uri` security override mid-PR and had to be restored to clear `pnpm audit` failures from GHSA-q3j6-qgpj-74h6 / GHSA-v39h-62p7-jpjc. +- **New files:** `lhci.config.js` at repo root (Lighthouse CI config, no dedicated workflow yet) and `TESTING.md` (15KB testing doc) +- **New script:** `analyze-build` (`tsx scripts/analyze-build.ts`) for bundle analysis (PR #410) +- **`bfra-me/.github` reusable workflows:** v4.16.8 → v4.16.17 +- **pnpm:** 10.33.0 → 10.33.4 (#404) +- **Open issues:** 2 → 4 (added autoheal report #409 and coverage flag #411) +- Two earlier "missing" gaps are now closed: autoheal (integrated as mode) and performance (lhci config present). Two remain: no Probot `settings.yml`, no CodeQL/Scorecard. +- First observed instance of `fro-bot` co-authoring a direct commit in this repo (PR #406 security fix) -Sources: https://github.com/marcusrbrown/marcusrbrown (SHA de594cdd416b60d92caba6684492659620a22439) +Sources: https://github.com/marcusrbrown/marcusrbrown.github.io (SHA 4cd8198991618f216b940b6a6c13e1a09fd7979d) -## [2026-05-18 08:56] ingest | repo:marcusrbrown/marcusrbrown +## [2026-05-18 08:58] ingest | repo:marcusrbrown/marcusrbrown.github.io -Surveyed marcusrbrown/marcusrbrown and updated the control-plane wiki. +Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/marcusrbrown +Sources: https://github.com/marcusrbrown/marcusrbrown.github.io diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md index 069218d1f..b2ec29c0d 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md @@ -2,11 +2,14 @@ type: repo title: "marcusrbrown/marcusrbrown.github.io" created: 2026-04-25 -updated: 2026-04-25 +updated: 2026-05-18 sources: - url: https://github.com/marcusrbrown/marcusrbrown.github.io sha: ec4b7854bee556aadd301950392268f70817d800 accessed: 2026-04-25 + - url: https://github.com/marcusrbrown/marcusrbrown.github.io + sha: 4cd8198991618f216b940b6a6c13e1a09fd7979d + accessed: 2026-05-18 tags: [brand-site, react, typescript, vite, github-pages, pnpm, single-page] aliases: [marcusrbrown-github-io, marcusrbrown.com] related: @@ -23,12 +26,12 @@ Personal brand site for Marcus R. Brown. Single-page React 19 portfolio deployed - **Purpose:** Personal brand site / landing page - **Default branch:** `main` - **Created:** 2025-07-18 -- **Last push:** 2026-04-22 +- **Last push:** 2026-05-18 - **Homepage:** https://marcusrbrown.com - **License:** MIT (declared in package.json and README badge; no LICENSE file detected via API) - **Visibility:** Public - **Stars:** 0 | **Watchers:** 0 -- **Open issues:** 2 (#260 Daily Maintenance Report, #6 Dependency Dashboard) +- **Open issues (2026-05-18):** 4 — #411 (test branch coverage <80%), #409 (Daily Autohealing Report, perpetual), #260 (Daily Maintenance Report, perpetual), #6 (Dependency Dashboard) - **Open PRs:** 0 ## Tech Stack @@ -97,15 +100,16 @@ Sequential: checkout, setup, lint, build, upload pages artifact (`./dist`), depl ## Fro Bot Integration -**Fro Bot workflow is present and active** (`fro-bot/agent@v0.41.4`, SHA `28bcadbf`). +**Fro Bot workflow is present and active** (`fro-bot/agent@v0.44.0`, SHA `b030b53b1b47b1bed77a581222706c900cc63b0e`, as of 2026-05-18 survey). -- **Triggers:** PR events (opened, synchronize, ready_for_review, reopened, review_requested), issue/comment events (`@fro-bot` mention from OWNER/MEMBER/COLLABORATOR), daily schedule (15:30 UTC), manual dispatch +- **Triggers:** PR events (opened, synchronize, ready_for_review, reopened, review_requested), issue/comment events (`@fro-bot` mention from OWNER/MEMBER/COLLABORATOR), two daily crons (autoheal at 03:30 UTC, maintenance at 15:30 UTC), manual dispatch with `mode` input. +- **Single-file three-mode design:** Unlike [[marcusrbrown--mrbro-dev]] and [[marcusrbrown--vbs]] (which split `fro-bot.yaml` + `fro-bot-autoheal.yaml`), this repo runs review, maintenance, and autoheal modes from one workflow file dispatched by event + `inputs.mode`. Cron schedule disambiguated via `AUTOHEAL_CRON` / `MAINTENANCE_CRON` env vars. - **PR review prompt:** Structured review targeting React 19 patterns, TypeScript strictness, pure ESM, accessibility (WCAG 2.1 AA), performance budgets (JS <500KB warning, total <2MB max), PascalCase hooks, `.yaml` extension convention. Verdict format: PASS / CONDITIONAL / REJECT with blocking/non-blocking/missing tests/risk sections. -- **Schedule prompt:** Daily "Daily Maintenance Report" rolling issue with 14-day window, stale issue/PR detection, security alerts, recommended actions. -- **Fork PR guard:** Skips bot-authored and fork PRs. Issue_comment fork detection via API call. -- **Concurrency:** Per-issue/PR, non-cancelling. - -**No Fro Bot autoheal workflow detected** — unlike [[marcusrbrown--mrbro-dev]], [[marcusrbrown--vbs]], and other repos that have `fro-bot-autoheal.yaml`. A follow-up to add autohealing may be warranted. +- **Maintenance prompt:** Perpetual single-issue hygiene model with archive logic and cross-project intelligence ingestion (post-2026-05-14 redesign). +- **Autoheal prompt (8 categories):** Errored PRs, Security, Code Quality & Repo Hygiene, Developer Experience, Production Site Review, Quality Gates Verification, Cross-Project Intelligence (Inbound), Upstream Modernization Watch (Sundays UTC only). Sunday detection uses a step output rather than `GITHUB_ENV` (Copilot review feedback, PR #407). Playwright browsers conditionally installed when `mode == autoheal`. +- **Fork PR guard:** Skips bot-authored and fork PRs. Issue_comment fork detection via API call. Whitespace-only `prompt` inputs rejected in review mode (PR #407 hardening). +- **Permissions:** Moved to job level and expanded for autoheal write operations. +- **Concurrency:** Per-issue/PR for events; per-schedule (`ops-{cron}`) for scheduled runs; per-mode for dispatched runs. Non-cancelling. ## Developer Tooling @@ -130,10 +134,12 @@ Sequential: checkout, setup, lint, build, upload pages artifact (`./dist`), depl ## Missing Compared to Other Marcus Repos -- **No Probot `settings.yml`:** Unlike [[marcusrbrown--mrbro-dev]], [[marcusrbrown--ha-config]], and most other Marcus repos, this repo does not have a `.github/settings.yml` extending `fro-bot/.github:common-settings.yaml`. Branch protection and repo settings are not managed via Probot. -- **No autoheal workflow:** No `fro-bot-autoheal.yaml` for automated CI repair, security sweeps, or convention enforcement. -- **No CodeQL/Scorecard:** No security scanning workflows (present in [[marcusrbrown--systematic]] and [[marcusrbrown--mrbro-dev]]). -- **No performance workflow:** No Lighthouse CI or dedicated performance monitoring (present in [[marcusrbrown--mrbro-dev]]). +_Updated 2026-05-18: two gaps closed, two remain._ + +- **No Probot `settings.yml`:** Still true. Unlike [[marcusrbrown--mrbro-dev]], [[marcusrbrown--ha-config]], and most other Marcus repos, this repo does not have a `.github/settings.yml` extending `fro-bot/.github:common-settings.yaml`. Branch protection and repo settings are not managed via Probot. +- **No CodeQL/Scorecard:** Still true. No security scanning workflows (present in [[marcusrbrown--systematic]] and [[marcusrbrown--mrbro-dev]]). +- ~~No autoheal workflow~~ — **Closed 2026-05-14 (PR #407).** Autoheal integrated as a mode in `fro-bot.yaml` with 8 healing categories rather than as a separate `fro-bot-autoheal.yaml` file. Architecturally distinct from the sibling-repo pattern. +- ~~No performance workflow~~ — **Partially closed.** `lhci.config.js` is now present at the repo root, but no dedicated Lighthouse CI workflow has been added. Likely invoked from the CI quality gate or the autoheal "Production Site Review" / "Quality Gates Verification" categories. ## Relationship to mrbro.dev @@ -147,20 +153,58 @@ This repo and [[marcusrbrown--mrbro-dev]] both deploy React+Vite sites to GitHub | Theme system | None | 10+ presets, custom creator, JSON schema validation | | Content source | Static | GitHub API (dynamic blog/projects) | | Test layers | Unit + E2E + A11y | Unit + E2E + Visual regression + A11y + Lighthouse | -| Autoheal | Not present | Present (5-category daily) | -| Fro Bot agent version | v0.41.4 | v0.38.0 (older) | +| Autoheal | Integrated as mode in `fro-bot.yaml` (8 categories) | Separate `fro-bot-autoheal.yaml` (5 categories) | +| Fro Bot agent version | v0.44.0 (2026-05-18) | v0.38.0 at last survey (likely behind) | ## Recent Activity -Latest commits are exclusively Renovate dependency bumps: -- `ec4b785` 2026-04-22: update all non-major dependencies (#389) -- `1440a71` 2026-04-21: update pnpm/action-setup action to v6 (#382) -- `da2cded` 2026-04-20: maintain lockfiles (#388) -- `12ac462` 2026-04-20: update actions/setup-node action to v6.4.0 (#387) -- `f5176f6` 2026-04-19: update all non-major dependencies (#386) +Most recent commits (2026-05-18 survey): + +- `4cd8198` 2026-05-18: update all non-major dependencies (#416) +- `84e75e3` 2026-05-17: update fro-bot/agent to v0.43.3 (#415) +- `c1f83ee` 2026-05-17: update fro-bot/agent to v0.43.2 (#414) +- `6251d36` 2026-05-16: update marcusrbrown/renovate-config preset to v5 (#406) — required restoring `fast-uri >=3.1.2` security override mid-PR +- `af8b935` 2026-05-16: update bfra-me/.github to v4.16.17 (#413) +- `ba3527f` 2026-05-16: add analyze-build npm script (#410) +- `ae8357d` 2026-05-15: update fro-bot/agent to v0.43.1 (#412) +- `8a51a36` 2026-05-14: **integrate autoheal into Fro Bot workflow (#407)** — material architecture change +- `4fe6ea7` 2026-05-14: update all non-major dependencies (#405) +- `fa990fa` 2026-05-14: override fast-uri to >=3.1.2 (#408) +- `d2ea552` 2026-05-08: update pnpm to v10.33.3 (#404) +- `48746f3` 2026-05-04: update fro-bot/agent to v0.42.7 (#402) +- `6d3cbd7` 2026-05-03: update fro-bot/agent to v0.42.6 (#400) + +Earlier window (2026-04-25 survey baseline): `ec4b785` and prior were exclusively Renovate dependency bumps (#386–#389). + +## Delta Log (2026-05-18, SHA `4cd8198`) + +Material changes since the 2026-04-25 survey at `ec4b785`. The site's structure and tech stack are unchanged; the interesting motion is in CI/CD and the Fro Bot integration. + +- **Fro Bot agent bumped four times in three weeks:** v0.41.4 → v0.42.6 (PR #400) → v0.42.7 (#402) → v0.43.0 (#407) → v0.43.1 (#412) → v0.43.2 (#414) → v0.43.3 (#415) → **v0.44.0** (current, pinned via SHA `b030b53b1b47b1bed77a581222706c900cc63b0e`). Tracks the agent release cadence aggressively — same posture as [[marcusrbrown--mrbro-dev]] and [[marcusrbrown--gpt]]. +- **Autoheal collapsed into the Fro Bot workflow itself (PR #407, 2026-05-14):** The earlier "no autoheal" gap noted in the prior survey was closed by integrating autoheal as a second cron (`30 3 * * *`) and a `workflow_dispatch` `mode` input (`review` / `maintenance` / `autoheal`, default `autoheal`) inside the existing `fro-bot.yaml` — not by adding a separate `fro-bot-autoheal.yaml` like the sibling repos. One file, three modes, branched by event + input. +- **Autoheal prompt has 8 categories** (vs. 5 in [[marcusrbrown--vbs]] and [[marcusrbrown--mrbro-dev]]): 1) Errored PRs, 2) Security, 3) Code Quality & Repo Hygiene, 4) Developer Experience, 5) Production Site Review, 6) Quality Gates Verification, 7) Cross-Project Intelligence (Inbound), 8) Upstream Modernization Watch (Sundays UTC only — `IS_SUNDAY_UTC` propagated via step output, not `GITHUB_ENV`). +- **Maintenance prompt now perpetual-single-issue:** Rolling 14-day window collapsed into a perpetual maintenance issue with archive logic and cross-project intelligence ingestion. +- **Renovate preset jumped major version:** `marcusrbrown/renovate-config#4.5.8` → `#5.2.0` (PR #406, 2026-05-16). Same upgrade inadvertently dropped the `fast-uri` security override, which would have flagged GHSA-q3j6-qgpj-74h6 and GHSA-v39h-62p7-jpjc — the override was restored in the same PR (and again hardened in #408). `package.json` now carries an explicit `pnpm.overrides.fast-uri: ">=3.1.2"` and `flatted: ">=3.4.2"`. Worth tracking — the v5 preset has different defaults that need vetting per repo. +- **`bfra-me/.github` reusable workflows:** v4.16.8 → v4.16.12 (#401) → v4.16.17 (#413). +- **New file: `lhci.config.js` (3326 bytes)** at root. Lighthouse CI configuration is now present, closing the "no performance workflow" gap noted in the prior survey — though no Lighthouse workflow file was added; the config likely runs from the CI quality gate or the autoheal "Production Site Review" category. +- **New file: `TESTING.md` (15440 bytes)** at root. Dedicated testing documentation, separate from AGENTS.md. +- **New script: `analyze-build`** in `package.json` (PR #410) — `tsx scripts/analyze-build.ts`. Bundle-analysis tooling, consistent with the "Performance budget adherence" line in the PR review prompt. +- **Dependency bumps:** pnpm `10.33.0` → `10.33.4` (#404), `@types/node` to `^24.0.0`, all other non-major bumps grouped via Renovate. +- **Open issues:** 2 → 4 (added `#409` Daily Autohealing Report and `#411` test branch coverage below 80% — the autoheal is doing its job). +- **PR #410** confirms `fro-bot` (account `80104189`) co-authored a security-fix commit alongside the bot account — first observed instance of Fro Bot directly committing to this repo. + +### Implications + +The earlier survey's "Missing Compared to Other Marcus Repos" section is partially obsolete: + +- ~~No autoheal workflow~~ → **integrated into `fro-bot.yaml`** as a mode, not a separate file. Architecturally distinct from the sibling-repo pattern. +- ~~No performance workflow~~ → **`lhci.config.js` present**, no dedicated workflow yet. +- **No Probot `settings.yml`** — still true, branch protection remains unmanaged via Probot. +- **No CodeQL/Scorecard** — still true. ## Survey History | Date | SHA | Notes | | --- | --- | --- | | 2026-04-25 | `ec4b785` | Initial survey | +| 2026-05-18 | `4cd8198` | Delta: agent v0.41.4 → v0.44.0, autoheal integrated as workflow mode (PR #407), Renovate preset v4 → v5 (PR #406, fast-uri override regression+fix), `lhci.config.js` and `TESTING.md` added | From 0ee8245c891f5aec8e216d4ee0d228b972b1b81b Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 18 May 2026 01:58:50 -0700 Subject: [PATCH 06/77] chore(reconcile): record survey success for marcusrbrown/marcusrbrown.github.io --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 459b52d06..d27372d17 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -122,12 +122,12 @@ repos: name: marcusrbrown.github.io added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-04-27 + last_survey_at: 2026-05-18 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-05-27 + next_survey_eligible_at: 2026-06-18 private: false node_id: R_kgDOPOkk2A - owner: marcusrbrown From 1b4b9a63cb31a72fc8275262c1c3f1fa75bc4834 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 00:03:37 -0700 Subject: [PATCH 07/77] chore(reconcile): onboard bfra-me/works (pending) --- metadata/repos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index d27372d17..16ce6eae0 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -313,7 +313,7 @@ repos: - owner: bfra-me name: works added: 2026-05-18 - onboarding_status: pending-review + onboarding_status: pending last_survey_at: null last_survey_status: null has_fro_bot_workflow: false From 532574f2095d5f366fd957962b926c5f0d592d96 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 00:03:47 -0700 Subject: [PATCH 08/77] chore(reconcile): onboard bfra-me/ha-addon-repository (pending) --- metadata/repos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 16ce6eae0..c4c6c6d91 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -289,7 +289,7 @@ repos: - owner: bfra-me name: ha-addon-repository added: 2026-05-18 - onboarding_status: pending-review + onboarding_status: pending last_survey_at: null last_survey_status: null has_fro_bot_workflow: false From e5b26ccac5bb748d3ff0e36bdbc13eb9d6cb3e2b Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 00:03:55 -0700 Subject: [PATCH 09/77] chore(reconcile): onboard bfra-me/.github (pending) --- metadata/repos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index c4c6c6d91..10bc730d9 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -277,7 +277,7 @@ repos: - owner: bfra-me name: .github added: 2026-05-18 - onboarding_status: pending-review + onboarding_status: pending last_survey_at: null last_survey_status: null has_fro_bot_workflow: false From 2d1c809f0f1e6b205e30dbbbe36e49184e1c8836 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 00:03:56 -0700 Subject: [PATCH 10/77] chore(reconcile): onboard bfra-me/renovate-action (pending) --- metadata/repos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 10bc730d9..c9c3078c4 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -301,7 +301,7 @@ repos: - owner: bfra-me name: renovate-action added: 2026-05-18 - onboarding_status: pending-review + onboarding_status: pending last_survey_at: null last_survey_status: null has_fro_bot_workflow: false From e0a2c8cfd17cc7565656cd730cd6cdf82d942058 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 01:42:16 -0700 Subject: [PATCH 11/77] feat(knowledge): survey marcusrbrown/marcusrbrown --- knowledge/log.md | 22 +++++++++++++++++++ .../wiki/repos/marcusrbrown--marcusrbrown.md | 13 ++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/knowledge/log.md b/knowledge/log.md index ceffeed34..8db91175e 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1138,3 +1138,25 @@ Sources: https://github.com/marcusrbrown/marcusrbrown.github.io (SHA 4cd81989916 Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/marcusrbrown.github.io + +## [2026-05-19 00:00] ingest | marcusrbrown/marcusrbrown + +Re-survey of `marcusrbrown/marcusrbrown` (SHA `de594cd`, unchanged from 2026-05-18). Updated repo page `marcusrbrown--marcusrbrown.md` additively with a new section answering the open `@bfra.me/eslint-config` trailing-pin question from the prior survey. Index unchanged. + +Delta from prior survey (SHA `de594cd`, 2026-05-18): + +- SHA unchanged — no new merged commits on `main` since `chore(deps): update bfra-me/.github to v4.16.18 (#915)` on 2026-05-18T01:22:42Z +- **PR #903 confirmed open** (`chore(dev): update dependency @bfra.me/eslint-config to v0.51.1`, opened 2026-05-14T06:30:08Z by mrbro-bot[bot]) — answers the prior survey's open question: Renovate *did* file a PR for the trailing 0.50.1 → 0.51.1 minor bump; it just hasn't merged yet, likely awaiting manual review of new lint rules +- Open issues: 2 (#284 Dependency Dashboard, #903 PR); 1 open PR (#903) +- Workflows unchanged: `cleanup-cache.yaml`, `main.yaml`, `renovate.yaml`, `update-profile.yaml`, `update-repo-settings.yaml` — **still no `fro-bot.yaml`**, follow-up recommendation carried forward +- package.json snapshot reconfirmed: pnpm 10.33.4, prettier 3.8.3, vitest 4.1.6, tsx 4.22.0, `@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@bfra.me/eslint-config` 0.50.1 (pending #903) + +No contradictions with prior ingest. No new topic/entity/comparison pages warranted. + +Sources: https://github.com/marcusrbrown/marcusrbrown (SHA de594cdd416b60d92caba6684492659620a22439) + +## [2026-05-19 08:42] ingest | repo:marcusrbrown/marcusrbrown + +Surveyed marcusrbrown/marcusrbrown and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/marcusrbrown diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md index a11265c04..deedc8c4a 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md @@ -2,8 +2,11 @@ type: repo title: "marcusrbrown/marcusrbrown" created: 2026-04-18 -updated: 2026-05-18 +updated: 2026-05-19 sources: + - url: https://github.com/marcusrbrown/marcusrbrown + sha: de594cdd416b60d92caba6684492659620a22439 + accessed: 2026-05-19 - url: https://github.com/marcusrbrown/marcusrbrown sha: de594cdd416b60d92caba6684492659620a22439 accessed: 2026-05-18 @@ -234,10 +237,17 @@ The "newly pinned" rows above reflect #907's pin sweep: previously caret-ranged | # | Title | Author | State | Notes | | --- | --- | --- | --- | --- | | #284 | Dependency Dashboard | mrbro-bot[bot] | open | Standard Renovate dashboard issue | +| #903 | chore(dev): update dependency @bfra.me/eslint-config to v0.51.1 | mrbro-bot[bot] | open (PR) | Opened 2026-05-14; resolves the `@bfra.me/eslint-config` trailing-pin gap flagged in prior survey | | #895 | Action Required: Fix Renovate Configuration | mrbro-bot[bot] | **closed** 2026-05-14 | Resolved by #897 (preset → 5.2.0) | Backlog is back to baseline. The profile update pipeline (every 6 hours) and Renovate are both healthy. +## 2026-05-19 Update: ESLint-Config Pin Question Answered + +The `@bfra.me/eslint-config` trailing-pin question from the 2026-05-18 survey has resolved: Renovate **did** open a PR — #903 (`chore(dev): update dependency @bfra.me/eslint-config to v0.51.1`) was filed by `mrbro-bot[bot]` at 2026-05-14T06:30:08Z, contemporaneous with the rest of the post-thaw flush. As of 2026-05-19 it remains open and unmerged. So the gap isn't a missing range allowance — it's an unmerged PR. Likely waiting on a manual review pass (the bump crosses a 0.50 → 0.51 minor that probably surfaces new lint rules). + +No SHA change on `main` since 2026-05-18 (`de594cd` holds). No new merged commits, no new workflows, no Fro Bot workflow yet. + ## Survey History | Date | SHA | Delta | @@ -245,3 +255,4 @@ Backlog is back to baseline. The profile update pipeline (every 6 hours) and Ren | 2026-04-18 | `af78e68` | Initial survey | | 2026-04-24 | `af78e68` | SHA unchanged; documented Renovate stall (issue #895), dependency drift vs ecosystem, fro-bot collaborator confirmed, open work items added | | 2026-05-18 | `de594cd` | Renovate thaw confirmed (#895 closed, preset → 5.2.0 via #897); 18 dependency PRs landed 2026-05-14 → 2026-05-18; bumped `bfra-me/.github` v4.4.0 → v4.16.18, `pnpm` 10.31.0 → 10.33.4, `vitest` 4.0.18 → 4.1.6, `tsx` 4.20.3 → 4.22.0, `Node.js` 24.14.0 → 24.15.0, `Prettier` 3.8.1 → 3.8.3; new pinned deps added (`@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4); `@bfra.me/eslint-config` 0.50.1 still trailing; no Fro Bot workflow yet — follow-up PR still warranted | +| 2026-05-19 | `de594cd` | SHA unchanged; PR #903 (`@bfra.me/eslint-config` → 0.51.1) confirmed open since 2026-05-14 — resolves the "is Renovate even allowed to bump this?" question from prior survey (it is; the PR just hasn't merged yet, plausibly awaiting manual lint-rule review); no new merged commits, no Fro Bot workflow added, profile-update pipeline and Renovate both still healthy | From 1df8d5232b691e0d970f98f5c09758f4b5f22a14 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 01:42:18 -0700 Subject: [PATCH 12/77] chore(reconcile): record survey success for marcusrbrown/marcusrbrown --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index c9c3078c4..76eb242d3 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -110,12 +110,12 @@ repos: name: marcusrbrown added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-18 + last_survey_at: 2026-05-19 last_survey_status: success has_fro_bot_workflow: false has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-20 + next_survey_eligible_at: 2026-06-18 private: false node_id: MDEwOlJlcG9zaXRvcnkzMTk5Mjg2NjE= - owner: marcusrbrown From 91b0244148296c834184fce313fd45b9251e7c54 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 01:43:13 -0700 Subject: [PATCH 13/77] feat(knowledge): survey marcusrbrown/marcusrbrown.github.io --- knowledge/log.md | 26 +++++++++---------- .../marcusrbrown--marcusrbrown-github-io.md | 6 ++++- .../wiki/repos/marcusrbrown--marcusrbrown.md | 13 +--------- 3 files changed, 18 insertions(+), 27 deletions(-) diff --git a/knowledge/log.md b/knowledge/log.md index 8db91175e..549e247bb 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1139,24 +1139,22 @@ Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/marcusrbrown.github.io -## [2026-05-19 00:00] ingest | marcusrbrown/marcusrbrown +## [2026-05-19 00:00] ingest | marcusrbrown/marcusrbrown.github.io -Re-survey of `marcusrbrown/marcusrbrown` (SHA `de594cd`, unchanged from 2026-05-18). Updated repo page `marcusrbrown--marcusrbrown.md` additively with a new section answering the open `@bfra.me/eslint-config` trailing-pin question from the prior survey. Index unchanged. +No-op re-survey of `marcusrbrown/marcusrbrown.github.io` (SHA `4cd8198`, unchanged since 2026-05-18). Additive update to repo page only — appended a survey-history row and a third source entry. Index unchanged (page already cataloged). No topic/entity/comparison pages touched. -Delta from prior survey (SHA `de594cd`, 2026-05-18): +Findings: -- SHA unchanged — no new merged commits on `main` since `chore(deps): update bfra-me/.github to v4.16.18 (#915)` on 2026-05-18T01:22:42Z -- **PR #903 confirmed open** (`chore(dev): update dependency @bfra.me/eslint-config to v0.51.1`, opened 2026-05-14T06:30:08Z by mrbro-bot[bot]) — answers the prior survey's open question: Renovate *did* file a PR for the trailing 0.50.1 → 0.51.1 minor bump; it just hasn't merged yet, likely awaiting manual review of new lint rules -- Open issues: 2 (#284 Dependency Dashboard, #903 PR); 1 open PR (#903) -- Workflows unchanged: `cleanup-cache.yaml`, `main.yaml`, `renovate.yaml`, `update-profile.yaml`, `update-repo-settings.yaml` — **still no `fro-bot.yaml`**, follow-up recommendation carried forward -- package.json snapshot reconfirmed: pnpm 10.33.4, prettier 3.8.3, vitest 4.1.6, tsx 4.22.0, `@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@bfra.me/eslint-config` 0.50.1 (pending #903) +- HEAD unchanged at `4cd8198` (`chore(deps): update all non-major dependencies (#416)`, 2026-05-18). Last push 2026-05-18T09:41:00Z. +- Open issues: 4 (#411 test branch coverage <80%, #409 Daily Autohealing Report, #260 Daily Maintenance Report, #6 Dependency Dashboard) — identical to 2026-05-18. +- Open PRs: 0. Recent activity window since prior survey is empty (no new Renovate batches landed). +- Fro Bot workflow file inspected directly: agent still pinned at `fro-bot/agent@b030b53b1b47b1bed77a581222706c900cc63b0e # v0.44.0`. `AUTOHEAL_CRON='30 3 * * *'` and `MAINTENANCE_CRON='30 15 * * *'` env vars confirm the single-file three-mode design described in the prior survey is intact. +- No contradictions with prior ingest. Two known gaps remain: no Probot `settings.yml`, no CodeQL/Scorecard workflows. -No contradictions with prior ingest. No new topic/entity/comparison pages warranted. - -Sources: https://github.com/marcusrbrown/marcusrbrown (SHA de594cdd416b60d92caba6684492659620a22439) +Sources: https://github.com/marcusrbrown/marcusrbrown.github.io (SHA 4cd8198991618f216b940b6a6c13e1a09fd7979d) -## [2026-05-19 08:42] ingest | repo:marcusrbrown/marcusrbrown +## [2026-05-19 08:43] ingest | repo:marcusrbrown/marcusrbrown.github.io -Surveyed marcusrbrown/marcusrbrown and updated the control-plane wiki. +Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/marcusrbrown +Sources: https://github.com/marcusrbrown/marcusrbrown.github.io diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md index b2ec29c0d..597e5891b 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/marcusrbrown.github.io" created: 2026-04-25 -updated: 2026-05-18 +updated: 2026-05-19 sources: - url: https://github.com/marcusrbrown/marcusrbrown.github.io sha: ec4b7854bee556aadd301950392268f70817d800 @@ -10,6 +10,9 @@ sources: - url: https://github.com/marcusrbrown/marcusrbrown.github.io sha: 4cd8198991618f216b940b6a6c13e1a09fd7979d accessed: 2026-05-18 + - url: https://github.com/marcusrbrown/marcusrbrown.github.io + sha: 4cd8198991618f216b940b6a6c13e1a09fd7979d + accessed: 2026-05-19 tags: [brand-site, react, typescript, vite, github-pages, pnpm, single-page] aliases: [marcusrbrown-github-io, marcusrbrown.com] related: @@ -208,3 +211,4 @@ The earlier survey's "Missing Compared to Other Marcus Repos" section is partial | --- | --- | --- | | 2026-04-25 | `ec4b785` | Initial survey | | 2026-05-18 | `4cd8198` | Delta: agent v0.41.4 → v0.44.0, autoheal integrated as workflow mode (PR #407), Renovate preset v4 → v5 (PR #406, fast-uri override regression+fix), `lhci.config.js` and `TESTING.md` added | +| 2026-05-19 | `4cd8198` | No-op re-survey: HEAD unchanged since 2026-05-18. Open issues steady at 4 (#411, #409, #260, #6), 0 open PRs. Fro Bot agent pin verified at `b030b53b...` (v0.44.0). All prior findings hold. | diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md index deedc8c4a..a11265c04 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md @@ -2,11 +2,8 @@ type: repo title: "marcusrbrown/marcusrbrown" created: 2026-04-18 -updated: 2026-05-19 +updated: 2026-05-18 sources: - - url: https://github.com/marcusrbrown/marcusrbrown - sha: de594cdd416b60d92caba6684492659620a22439 - accessed: 2026-05-19 - url: https://github.com/marcusrbrown/marcusrbrown sha: de594cdd416b60d92caba6684492659620a22439 accessed: 2026-05-18 @@ -237,17 +234,10 @@ The "newly pinned" rows above reflect #907's pin sweep: previously caret-ranged | # | Title | Author | State | Notes | | --- | --- | --- | --- | --- | | #284 | Dependency Dashboard | mrbro-bot[bot] | open | Standard Renovate dashboard issue | -| #903 | chore(dev): update dependency @bfra.me/eslint-config to v0.51.1 | mrbro-bot[bot] | open (PR) | Opened 2026-05-14; resolves the `@bfra.me/eslint-config` trailing-pin gap flagged in prior survey | | #895 | Action Required: Fix Renovate Configuration | mrbro-bot[bot] | **closed** 2026-05-14 | Resolved by #897 (preset → 5.2.0) | Backlog is back to baseline. The profile update pipeline (every 6 hours) and Renovate are both healthy. -## 2026-05-19 Update: ESLint-Config Pin Question Answered - -The `@bfra.me/eslint-config` trailing-pin question from the 2026-05-18 survey has resolved: Renovate **did** open a PR — #903 (`chore(dev): update dependency @bfra.me/eslint-config to v0.51.1`) was filed by `mrbro-bot[bot]` at 2026-05-14T06:30:08Z, contemporaneous with the rest of the post-thaw flush. As of 2026-05-19 it remains open and unmerged. So the gap isn't a missing range allowance — it's an unmerged PR. Likely waiting on a manual review pass (the bump crosses a 0.50 → 0.51 minor that probably surfaces new lint rules). - -No SHA change on `main` since 2026-05-18 (`de594cd` holds). No new merged commits, no new workflows, no Fro Bot workflow yet. - ## Survey History | Date | SHA | Delta | @@ -255,4 +245,3 @@ No SHA change on `main` since 2026-05-18 (`de594cd` holds). No new merged commit | 2026-04-18 | `af78e68` | Initial survey | | 2026-04-24 | `af78e68` | SHA unchanged; documented Renovate stall (issue #895), dependency drift vs ecosystem, fro-bot collaborator confirmed, open work items added | | 2026-05-18 | `de594cd` | Renovate thaw confirmed (#895 closed, preset → 5.2.0 via #897); 18 dependency PRs landed 2026-05-14 → 2026-05-18; bumped `bfra-me/.github` v4.4.0 → v4.16.18, `pnpm` 10.31.0 → 10.33.4, `vitest` 4.0.18 → 4.1.6, `tsx` 4.20.3 → 4.22.0, `Node.js` 24.14.0 → 24.15.0, `Prettier` 3.8.1 → 3.8.3; new pinned deps added (`@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4); `@bfra.me/eslint-config` 0.50.1 still trailing; no Fro Bot workflow yet — follow-up PR still warranted | -| 2026-05-19 | `de594cd` | SHA unchanged; PR #903 (`@bfra.me/eslint-config` → 0.51.1) confirmed open since 2026-05-14 — resolves the "is Renovate even allowed to bump this?" question from prior survey (it is; the PR just hasn't merged yet, plausibly awaiting manual lint-rule review); no new merged commits, no Fro Bot workflow added, profile-update pipeline and Renovate both still healthy | From 4752ccd51fa3a5301b37d8885fce1c57e66e2326 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 19 May 2026 01:43:15 -0700 Subject: [PATCH 14/77] chore(reconcile): record survey success for marcusrbrown/marcusrbrown.github.io --- metadata/repos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 76eb242d3..b96b3beea 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -122,7 +122,7 @@ repos: name: marcusrbrown.github.io added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-18 + last_survey_at: 2026-05-19 last_survey_status: success has_fro_bot_workflow: true has_renovate: true From 253a2b227c220d5db4dedacfdda96d1acb67d645 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 01:39:38 -0700 Subject: [PATCH 15/77] feat(knowledge): survey marcusrbrown/marcusrbrown --- knowledge/index.md | 2 +- knowledge/log.md | 21 +++++++++++++++++ .../wiki/repos/marcusrbrown--marcusrbrown.md | 23 +++++++++++++++++-- 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 8b49ef6d0..784eddb3b 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -16,7 +16,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) -- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) +- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates); no Fro Bot workflow yet - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections) - [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses with async completion notifications diff --git a/knowledge/log.md b/knowledge/log.md index 549e247bb..a4c2483ff 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1158,3 +1158,24 @@ Sources: https://github.com/marcusrbrown/marcusrbrown.github.io (SHA 4cd81989916 Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/marcusrbrown.github.io + +## [2026-05-20 ingest] ingest | marcusrbrown/marcusrbrown + +Incremental delta survey of `marcusrbrown/marcusrbrown` (SHA `0a3c202`, up from `de594cd` on 2026-05-18). Additive update to `marcusrbrown--marcusrbrown.md`: appended a 2026-05-20 survey-history row, a new "2026-05-20 Update" section, and corrected the eslint-config row in the post-thaw table. Index entry updated to flag the missing Fro Bot workflow. + +Findings: + +- HEAD advanced to `0a3c2027228e6715e392a1cbc027f06596a02baf` (`chore(dev): update dependency tsx to v4.22.1 (#916)`, 2026-05-20T05:42:59Z). +- Single new merge since prior survey: #916 (tsx 4.22.0 → 4.22.1). +- **Contradiction with 2026-05-18 note:** that survey claimed Renovate had not opened a PR for `@bfra.me/eslint-config` past 0.50.1. PR #903 (`→ v0.51.1`) was in fact opened on 2026-05-14T06:30:08Z and is still open. Logged the correction in-page rather than rewriting prior text, per schema rule on contradictions. +- Workflow file pins on `main` unchanged: `bfra-me/.github` v4.16.18 (`update-repo-settings.yaml`), `actions/checkout@v6.0.2`, `actions/create-github-app-token@v2.2.2`, `dorny/paths-filter@v3.0.3`, `muesli/readme-scribe@d2f6ab3`, `EndBug/add-and-commit@v9.1.4`. Renovate preset still `marcusrbrown/renovate-config#5.2.0`. +- Fro Bot workflow still absent. Confirmed workflows: `cleanup-cache.yaml`, `main.yaml`, `renovate.yaml`, `update-profile.yaml`, `update-repo-settings.yaml`. Follow-up draft PR to add a Fro Bot agent workflow remains warranted. +- No new topic/entity/comparison pages justified — deltas are version-pin level, fully covered by [[github-actions-ci]] patterns already captured. + +Sources: https://github.com/marcusrbrown/marcusrbrown (SHA 0a3c2027228e6715e392a1cbc027f06596a02baf) + +## [2026-05-20 08:39] ingest | repo:marcusrbrown/marcusrbrown + +Surveyed marcusrbrown/marcusrbrown and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/marcusrbrown diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md index a11265c04..31bb275ff 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md @@ -2,8 +2,11 @@ type: repo title: "marcusrbrown/marcusrbrown" created: 2026-04-18 -updated: 2026-05-18 +updated: 2026-05-20 sources: + - url: https://github.com/marcusrbrown/marcusrbrown + sha: 0a3c2027228e6715e392a1cbc027f06596a02baf + accessed: 2026-05-20 - url: https://github.com/marcusrbrown/marcusrbrown sha: de594cdd416b60d92caba6684492659620a22439 accessed: 2026-05-18 @@ -190,7 +193,7 @@ The repo does reference `fro-bot/.github:common-settings.yaml` in its Probot set | `Prettier` | 3.8.3 | 3.8.3 | 3.8.1 → 3.8.3 | | `@bfra.me/prettier-config` | 0.16.9 | 0.16.9 | (newly pinned) | | `@bfra.me/tsconfig` | 0.13.1 | 0.13.1 | (newly pinned) | -| `@bfra.me/eslint-config` | 0.50.1 | ≥0.51.0 | unchanged — still trailing | +| `@bfra.me/eslint-config` | 0.50.1 | 0.51.1 | unchanged on `main` — Renovate PR #903 (→ v0.51.1) **open** since 2026-05-14, awaiting merge (correction to 2026-05-18 note) | | `Node.js` | 24.15.0 | 24.15.0 | 24.14.0 → 24.15.0 | | `vitest` / `@vitest/ui` | 4.1.6 | 4.1.6 | 4.0.18 → 4.1.6 | | `tsx` | 4.22.0 | 4.22.0 | 4.20.3 → 4.22.0 | @@ -238,6 +241,21 @@ The "newly pinned" rows above reflect #907's pin sweep: previously caret-ranged Backlog is back to baseline. The profile update pipeline (every 6 hours) and Renovate are both healthy. +## 2026-05-20 Update: Minor Drift, eslint-config PR Surfaced + +SHA advanced `de594cd` → `0a3c202`. Single new merge: #916 (`tsx` 4.22.0 → 4.22.1) at 2026-05-20T05:43:00Z. Open PRs increased from 0 to 1. + +**Contradiction with prior survey:** The 2026-05-18 note read "`@bfra.me/eslint-config` 0.50.1 still trailing while ecosystem advanced past 0.51.0 — Renovate has not opened a PR for this." That was incorrect at time of writing — Renovate had in fact opened PR #903 on 2026-05-14T06:30:08Z (the same wave that flushed the rest of the backlog). The PR has remained open and unmerged for six days, which suggests either Marcus is intentionally holding it for a manual review (eslint config changes tend to ripple), or it slipped past the merge queue. Either way, the trailing position on `main` is now an explicit choice, not a missed Renovate run. + +### Open Work Items (2026-05-20) + +| # | Title | Author | State | Notes | +| --- | --- | --- | --- | --- | +| #284 | Dependency Dashboard | mrbro-bot[bot] | open | Standard Renovate dashboard issue | +| #903 | chore(dev): update dependency @bfra.me/eslint-config to v0.51.1 | mrbro-bot[bot] | **open** since 2026-05-14 | Lone trailing dep; first config-touching Renovate PR not auto-merged since thaw | + +Fro Bot workflow gap is unchanged — no `fro-bot.yaml` present in `.github/workflows/`. Confirmed workflows on `main` remain: `cleanup-cache.yaml`, `main.yaml`, `renovate.yaml`, `update-profile.yaml`, `update-repo-settings.yaml`. Follow-up to draft a Fro Bot agent workflow PR is still outstanding. + ## Survey History | Date | SHA | Delta | @@ -245,3 +263,4 @@ Backlog is back to baseline. The profile update pipeline (every 6 hours) and Ren | 2026-04-18 | `af78e68` | Initial survey | | 2026-04-24 | `af78e68` | SHA unchanged; documented Renovate stall (issue #895), dependency drift vs ecosystem, fro-bot collaborator confirmed, open work items added | | 2026-05-18 | `de594cd` | Renovate thaw confirmed (#895 closed, preset → 5.2.0 via #897); 18 dependency PRs landed 2026-05-14 → 2026-05-18; bumped `bfra-me/.github` v4.4.0 → v4.16.18, `pnpm` 10.31.0 → 10.33.4, `vitest` 4.0.18 → 4.1.6, `tsx` 4.20.3 → 4.22.0, `Node.js` 24.14.0 → 24.15.0, `Prettier` 3.8.1 → 3.8.3; new pinned deps added (`@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4); `@bfra.me/eslint-config` 0.50.1 still trailing; no Fro Bot workflow yet — follow-up PR still warranted | +| 2026-05-20 | `0a3c202` | Minor delta: #916 merged `tsx` 4.22.0 → 4.22.1; PR #903 (`@bfra.me/eslint-config` v0.50.1 → v0.51.1) is OPEN since 2026-05-14 — **contradicts** the 2026-05-18 note that Renovate had not opened a PR for the trailing eslint-config; the PR exists but is unmerged. Workflow refs unchanged (`bfra-me/.github` v4.16.18, renovate preset #5.2.0). No Fro Bot workflow yet; `update-profile.yaml` still uses `mrbro-bot[bot]` (app 137683033) for commits. Single open dependency PR + dashboard issue #284 — backlog still healthy. | From 6b985890047edc44ff972d966ccbbf5118073d17 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 01:39:40 -0700 Subject: [PATCH 16/77] chore(reconcile): record survey success for marcusrbrown/marcusrbrown --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index b96b3beea..d04e073c0 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -110,12 +110,12 @@ repos: name: marcusrbrown added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-19 + last_survey_at: 2026-05-20 last_survey_status: success has_fro_bot_workflow: false has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-18 + next_survey_eligible_at: 2026-06-21 private: false node_id: MDEwOlJlcG9zaXRvcnkzMTk5Mjg2NjE= - owner: marcusrbrown From 701026ed16c41e85f9a1cb1ccafe49c6a4b8a2fb Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 01:40:41 -0700 Subject: [PATCH 17/77] feat(knowledge): survey marcusrbrown/marcusrbrown.github.io --- knowledge/index.md | 4 ++-- knowledge/log.md | 24 +++++++++---------- .../marcusrbrown--marcusrbrown-github-io.md | 8 +++++-- .../wiki/repos/marcusrbrown--marcusrbrown.md | 23 ++---------------- 4 files changed, 22 insertions(+), 37 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 784eddb3b..aa366f738 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -16,8 +16,8 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) -- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates); no Fro Bot workflow yet -- [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections) +- [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) +- [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections; Fro Bot single-file three-mode workflow at agent v0.44.0, v0.44.1 in flight) - [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses with async completion notifications - [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repositories diff --git a/knowledge/log.md b/knowledge/log.md index a4c2483ff..a01601010 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1159,23 +1159,23 @@ Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/marcusrbrown.github.io -## [2026-05-20 ingest] ingest | marcusrbrown/marcusrbrown +## [2026-05-20 08:39] ingest | marcusrbrown/marcusrbrown.github.io -Incremental delta survey of `marcusrbrown/marcusrbrown` (SHA `0a3c202`, up from `de594cd` on 2026-05-18). Additive update to `marcusrbrown--marcusrbrown.md`: appended a 2026-05-20 survey-history row, a new "2026-05-20 Update" section, and corrected the eslint-config row in the post-thaw table. Index entry updated to flag the missing Fro Bot workflow. +No-op re-survey at SHA `4cd8198` — still HEAD, unchanged since 2026-05-18. Additive update to the repo page: appended a 2026-05-20 row to the Survey History table, added an in-flight note for fro-bot/agent v0.44.1 (PR #417) to the agent-cadence bullet, refreshed frontmatter `updated:` and appended a fourth source entry. Index entry updated for freshness; no topic, entity, or comparison pages required edits. Findings: -- HEAD advanced to `0a3c2027228e6715e392a1cbc027f06596a02baf` (`chore(dev): update dependency tsx to v4.22.1 (#916)`, 2026-05-20T05:42:59Z). -- Single new merge since prior survey: #916 (tsx 4.22.0 → 4.22.1). -- **Contradiction with 2026-05-18 note:** that survey claimed Renovate had not opened a PR for `@bfra.me/eslint-config` past 0.50.1. PR #903 (`→ v0.51.1`) was in fact opened on 2026-05-14T06:30:08Z and is still open. Logged the correction in-page rather than rewriting prior text, per schema rule on contradictions. -- Workflow file pins on `main` unchanged: `bfra-me/.github` v4.16.18 (`update-repo-settings.yaml`), `actions/checkout@v6.0.2`, `actions/create-github-app-token@v2.2.2`, `dorny/paths-filter@v3.0.3`, `muesli/readme-scribe@d2f6ab3`, `EndBug/add-and-commit@v9.1.4`. Renovate preset still `marcusrbrown/renovate-config#5.2.0`. -- Fro Bot workflow still absent. Confirmed workflows: `cleanup-cache.yaml`, `main.yaml`, `renovate.yaml`, `update-profile.yaml`, `update-repo-settings.yaml`. Follow-up draft PR to add a Fro Bot agent workflow remains warranted. -- No new topic/entity/comparison pages justified — deltas are version-pin level, fully covered by [[github-actions-ci]] patterns already captured. +- HEAD: `4cd8198` (`chore(deps): update all non-major dependencies (#416)`, 2026-05-18). Last push 2026-05-19T09:37:26Z (no commits since 05-18; the push timestamp moved without a HEAD change — likely a tag or branch update). +- Open issues: 4 (#411, #409, #260, #6) — unchanged. +- Open PRs: 1 — **#417** `chore(deps): update fro-bot/agent to v0.44.1` on `renovate/all-minor-patch`, labeled `automerge` / `dependencies` / `github-actions` / `renovate` / `patch` / `action`. Will land under the existing automerge policy without human review. +- `package.json` re-verified: `packageManager: pnpm@10.33.4`, `engines.node >=22.0.0`, `engines.pnpm ^10.28.2`, React `^19.0.0`, TypeScript `^6.0.0`, Vite `^7.0.6`, Vitest `^4.0.0`, `@types/node ^24.0.0`. No drift from prior survey. +- Fro Bot workflow head re-read: `inputs.mode` choice list `[review, maintenance, autoheal]` default `autoheal`, autoheal cron `30 3 * * *`, maintenance cron `30 15 * * *`. Single-file three-mode design intact. +- No structural drift. Two known gaps still open: no Probot `settings.yml`, no CodeQL/Scorecard workflows. -Sources: https://github.com/marcusrbrown/marcusrbrown (SHA 0a3c2027228e6715e392a1cbc027f06596a02baf) +Sources: https://github.com/marcusrbrown/marcusrbrown.github.io (SHA 4cd8198991618f216b940b6a6c13e1a09fd7979d) -## [2026-05-20 08:39] ingest | repo:marcusrbrown/marcusrbrown +## [2026-05-20 08:40] ingest | repo:marcusrbrown/marcusrbrown.github.io -Surveyed marcusrbrown/marcusrbrown and updated the control-plane wiki. +Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/marcusrbrown +Sources: https://github.com/marcusrbrown/marcusrbrown.github.io diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md index 597e5891b..afc98d517 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown-github-io.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/marcusrbrown.github.io" created: 2026-04-25 -updated: 2026-05-19 +updated: 2026-05-20 sources: - url: https://github.com/marcusrbrown/marcusrbrown.github.io sha: ec4b7854bee556aadd301950392268f70817d800 @@ -13,6 +13,9 @@ sources: - url: https://github.com/marcusrbrown/marcusrbrown.github.io sha: 4cd8198991618f216b940b6a6c13e1a09fd7979d accessed: 2026-05-19 + - url: https://github.com/marcusrbrown/marcusrbrown.github.io + sha: 4cd8198991618f216b940b6a6c13e1a09fd7979d + accessed: 2026-05-20 tags: [brand-site, react, typescript, vite, github-pages, pnpm, single-page] aliases: [marcusrbrown-github-io, marcusrbrown.com] related: @@ -183,7 +186,7 @@ Earlier window (2026-04-25 survey baseline): `ec4b785` and prior were exclusivel Material changes since the 2026-04-25 survey at `ec4b785`. The site's structure and tech stack are unchanged; the interesting motion is in CI/CD and the Fro Bot integration. -- **Fro Bot agent bumped four times in three weeks:** v0.41.4 → v0.42.6 (PR #400) → v0.42.7 (#402) → v0.43.0 (#407) → v0.43.1 (#412) → v0.43.2 (#414) → v0.43.3 (#415) → **v0.44.0** (current, pinned via SHA `b030b53b1b47b1bed77a581222706c900cc63b0e`). Tracks the agent release cadence aggressively — same posture as [[marcusrbrown--mrbro-dev]] and [[marcusrbrown--gpt]]. +- **Fro Bot agent bumped four times in three weeks:** v0.41.4 → v0.42.6 (PR #400) → v0.42.7 (#402) → v0.43.0 (#407) → v0.43.1 (#412) → v0.43.2 (#414) → v0.43.3 (#415) → **v0.44.0** (current on `main`, pinned via SHA `b030b53b1b47b1bed77a581222706c900cc63b0e`). PR #417 is in flight to v0.44.1 (open as of 2026-05-20). Tracks the agent release cadence aggressively — same posture as [[marcusrbrown--mrbro-dev]] and [[marcusrbrown--gpt]]. - **Autoheal collapsed into the Fro Bot workflow itself (PR #407, 2026-05-14):** The earlier "no autoheal" gap noted in the prior survey was closed by integrating autoheal as a second cron (`30 3 * * *`) and a `workflow_dispatch` `mode` input (`review` / `maintenance` / `autoheal`, default `autoheal`) inside the existing `fro-bot.yaml` — not by adding a separate `fro-bot-autoheal.yaml` like the sibling repos. One file, three modes, branched by event + input. - **Autoheal prompt has 8 categories** (vs. 5 in [[marcusrbrown--vbs]] and [[marcusrbrown--mrbro-dev]]): 1) Errored PRs, 2) Security, 3) Code Quality & Repo Hygiene, 4) Developer Experience, 5) Production Site Review, 6) Quality Gates Verification, 7) Cross-Project Intelligence (Inbound), 8) Upstream Modernization Watch (Sundays UTC only — `IS_SUNDAY_UTC` propagated via step output, not `GITHUB_ENV`). - **Maintenance prompt now perpetual-single-issue:** Rolling 14-day window collapsed into a perpetual maintenance issue with archive logic and cross-project intelligence ingestion. @@ -212,3 +215,4 @@ The earlier survey's "Missing Compared to Other Marcus Repos" section is partial | 2026-04-25 | `ec4b785` | Initial survey | | 2026-05-18 | `4cd8198` | Delta: agent v0.41.4 → v0.44.0, autoheal integrated as workflow mode (PR #407), Renovate preset v4 → v5 (PR #406, fast-uri override regression+fix), `lhci.config.js` and `TESTING.md` added | | 2026-05-19 | `4cd8198` | No-op re-survey: HEAD unchanged since 2026-05-18. Open issues steady at 4 (#411, #409, #260, #6), 0 open PRs. Fro Bot agent pin verified at `b030b53b...` (v0.44.0). All prior findings hold. | +| 2026-05-20 | `4cd8198` | No-op re-survey: HEAD still unchanged. Renovate PR #417 (fro-bot/agent v0.44.0 → v0.44.1, branch `renovate/all-minor-patch`) is open and will likely merge under `:automergePatch`. Open issues steady at 4 (#411, #409, #260, #6); open PRs now 1 (#417). `package.json` confirms `packageManager: pnpm@10.33.4`, `@types/node ^24.0.0`, React 19 / TypeScript ^6.0.0 / Vite ^7.0.6 / Vitest ^4.0.0 stack unchanged. No structural drift since 2026-05-18. | diff --git a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md index 31bb275ff..a11265c04 100644 --- a/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md +++ b/knowledge/wiki/repos/marcusrbrown--marcusrbrown.md @@ -2,11 +2,8 @@ type: repo title: "marcusrbrown/marcusrbrown" created: 2026-04-18 -updated: 2026-05-20 +updated: 2026-05-18 sources: - - url: https://github.com/marcusrbrown/marcusrbrown - sha: 0a3c2027228e6715e392a1cbc027f06596a02baf - accessed: 2026-05-20 - url: https://github.com/marcusrbrown/marcusrbrown sha: de594cdd416b60d92caba6684492659620a22439 accessed: 2026-05-18 @@ -193,7 +190,7 @@ The repo does reference `fro-bot/.github:common-settings.yaml` in its Probot set | `Prettier` | 3.8.3 | 3.8.3 | 3.8.1 → 3.8.3 | | `@bfra.me/prettier-config` | 0.16.9 | 0.16.9 | (newly pinned) | | `@bfra.me/tsconfig` | 0.13.1 | 0.13.1 | (newly pinned) | -| `@bfra.me/eslint-config` | 0.50.1 | 0.51.1 | unchanged on `main` — Renovate PR #903 (→ v0.51.1) **open** since 2026-05-14, awaiting merge (correction to 2026-05-18 note) | +| `@bfra.me/eslint-config` | 0.50.1 | ≥0.51.0 | unchanged — still trailing | | `Node.js` | 24.15.0 | 24.15.0 | 24.14.0 → 24.15.0 | | `vitest` / `@vitest/ui` | 4.1.6 | 4.1.6 | 4.0.18 → 4.1.6 | | `tsx` | 4.22.0 | 4.22.0 | 4.20.3 → 4.22.0 | @@ -241,21 +238,6 @@ The "newly pinned" rows above reflect #907's pin sweep: previously caret-ranged Backlog is back to baseline. The profile update pipeline (every 6 hours) and Renovate are both healthy. -## 2026-05-20 Update: Minor Drift, eslint-config PR Surfaced - -SHA advanced `de594cd` → `0a3c202`. Single new merge: #916 (`tsx` 4.22.0 → 4.22.1) at 2026-05-20T05:43:00Z. Open PRs increased from 0 to 1. - -**Contradiction with prior survey:** The 2026-05-18 note read "`@bfra.me/eslint-config` 0.50.1 still trailing while ecosystem advanced past 0.51.0 — Renovate has not opened a PR for this." That was incorrect at time of writing — Renovate had in fact opened PR #903 on 2026-05-14T06:30:08Z (the same wave that flushed the rest of the backlog). The PR has remained open and unmerged for six days, which suggests either Marcus is intentionally holding it for a manual review (eslint config changes tend to ripple), or it slipped past the merge queue. Either way, the trailing position on `main` is now an explicit choice, not a missed Renovate run. - -### Open Work Items (2026-05-20) - -| # | Title | Author | State | Notes | -| --- | --- | --- | --- | --- | -| #284 | Dependency Dashboard | mrbro-bot[bot] | open | Standard Renovate dashboard issue | -| #903 | chore(dev): update dependency @bfra.me/eslint-config to v0.51.1 | mrbro-bot[bot] | **open** since 2026-05-14 | Lone trailing dep; first config-touching Renovate PR not auto-merged since thaw | - -Fro Bot workflow gap is unchanged — no `fro-bot.yaml` present in `.github/workflows/`. Confirmed workflows on `main` remain: `cleanup-cache.yaml`, `main.yaml`, `renovate.yaml`, `update-profile.yaml`, `update-repo-settings.yaml`. Follow-up to draft a Fro Bot agent workflow PR is still outstanding. - ## Survey History | Date | SHA | Delta | @@ -263,4 +245,3 @@ Fro Bot workflow gap is unchanged — no `fro-bot.yaml` present in `.github/work | 2026-04-18 | `af78e68` | Initial survey | | 2026-04-24 | `af78e68` | SHA unchanged; documented Renovate stall (issue #895), dependency drift vs ecosystem, fro-bot collaborator confirmed, open work items added | | 2026-05-18 | `de594cd` | Renovate thaw confirmed (#895 closed, preset → 5.2.0 via #897); 18 dependency PRs landed 2026-05-14 → 2026-05-18; bumped `bfra-me/.github` v4.4.0 → v4.16.18, `pnpm` 10.31.0 → 10.33.4, `vitest` 4.0.18 → 4.1.6, `tsx` 4.20.3 → 4.22.0, `Node.js` 24.14.0 → 24.15.0, `Prettier` 3.8.1 → 3.8.3; new pinned deps added (`@bfra.me/prettier-config` 0.16.9, `@bfra.me/tsconfig` 0.13.1, `@types/node` 24.12.4); `@bfra.me/eslint-config` 0.50.1 still trailing; no Fro Bot workflow yet — follow-up PR still warranted | -| 2026-05-20 | `0a3c202` | Minor delta: #916 merged `tsx` 4.22.0 → 4.22.1; PR #903 (`@bfra.me/eslint-config` v0.50.1 → v0.51.1) is OPEN since 2026-05-14 — **contradicts** the 2026-05-18 note that Renovate had not opened a PR for the trailing eslint-config; the PR exists but is unmerged. Workflow refs unchanged (`bfra-me/.github` v4.16.18, renovate preset #5.2.0). No Fro Bot workflow yet; `update-profile.yaml` still uses `mrbro-bot[bot]` (app 137683033) for commits. Single open dependency PR + dashboard issue #284 — backlog still healthy. | From bdeb41369940837874e9ebc5a8dce26181eaefba Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 01:40:43 -0700 Subject: [PATCH 18/77] chore(reconcile): record survey success for marcusrbrown/marcusrbrown.github.io --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index d04e073c0..22543a7cf 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -122,12 +122,12 @@ repos: name: marcusrbrown.github.io added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-19 + last_survey_at: 2026-05-20 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-18 + next_survey_eligible_at: 2026-06-19 private: false node_id: R_kgDOPOkk2A - owner: marcusrbrown From 2bbd4f2dfa48f75493e9e5809dfcd7e578d2aee6 Mon Sep 17 00:00:00 2001 From: "fro-bot[bot]" <109017866+fro-bot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 09:04:32 +0000 Subject: [PATCH 19/77] chore(reconcile): +0 new, 0 pending-review, 0 lost-access, 4 refreshes --- metadata/repos.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 22543a7cf..b6f5adad7 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -280,8 +280,8 @@ repos: onboarding_status: pending last_survey_at: null last_survey_status: null - has_fro_bot_workflow: false - has_renovate: false + has_fro_bot_workflow: true + has_renovate: true discovery_channel: collab next_survey_eligible_at: null private: false @@ -292,8 +292,8 @@ repos: onboarding_status: pending last_survey_at: null last_survey_status: null - has_fro_bot_workflow: false - has_renovate: false + has_fro_bot_workflow: true + has_renovate: true discovery_channel: collab next_survey_eligible_at: null private: false @@ -304,8 +304,8 @@ repos: onboarding_status: pending last_survey_at: null last_survey_status: null - has_fro_bot_workflow: false - has_renovate: false + has_fro_bot_workflow: true + has_renovate: true discovery_channel: collab next_survey_eligible_at: null private: false @@ -316,8 +316,8 @@ repos: onboarding_status: pending last_survey_at: null last_survey_status: null - has_fro_bot_workflow: false - has_renovate: false + has_fro_bot_workflow: true + has_renovate: true discovery_channel: collab next_survey_eligible_at: null private: false From 49bef8fea062f89d919c3ab043ee8eeacc7ee3ba Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:13:55 -0700 Subject: [PATCH 20/77] feat(knowledge): survey bfra-me/ha-addon-repository --- knowledge/index.md | 1 + knowledge/log.md | 28 +++ .../repos/bfra-me--ha-addon-repository.md | 172 ++++++++++++++++++ knowledge/wiki/topics/home-assistant.md | 12 +- 4 files changed, 211 insertions(+), 2 deletions(-) create mode 100644 knowledge/wiki/repos/bfra-me--ha-addon-repository.md diff --git a/knowledge/index.md b/knowledge/index.md index aa366f738..a3c512a0a 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -4,6 +4,7 @@ Master catalog of all wiki pages, organized by type. ## Repos +- [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — fro-bot/systematic diff --git a/knowledge/log.md b/knowledge/log.md index a01601010..68eef258e 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1179,3 +1179,31 @@ Sources: https://github.com/marcusrbrown/marcusrbrown.github.io (SHA 4cd81989916 Surveyed marcusrbrown/marcusrbrown.github.io and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/marcusrbrown.github.io + +## [2026-05-20 09:55] ingest | bfra-me/ha-addon-repository + +Initial survey of `bfra-me/ha-addon-repository` (SHA `0a163c3f`). Created repo page `bfra-me--ha-addon-repository.md`. Updated topic page `home-assistant.md` to wikilink the new repo and document multi-arch add-on builds + `frenck/action-addon-linter` sibling-tool relationship. Updated `index.md` to catalog the new page. + +Key findings: + +- GitHub template repo (`is_template: true`) under bfra-me org — blueprint for HA add-on collections. Apache-2.0. Created 2022-10-08. +- Single example add-on (`example/`, slug `example`, v1.2.2): four arches (`armhf`/`armv7`/`aarch64`/`amd64`), s6-overlay (`init: false`), AppArmor profile, OCI labels, tempio binary install from `home-assistant/tempio` releases. +- HA base images split: Alpine 3.23 for 64-bit, 3.22 for 32-bit ARM (upstream lag). Dockerfile uses `ARG BUILD_FROM=...@sha256:...` so Renovate rotates the digest via custom Dockerfile manager; `build.yaml` deliberately uses tag-only with `pinDigests: false`. +- Four workflows, all SHA-pinned actions: `main.yaml` (prepare→lint-addon (frenck/action-addon-linter v2.21.0) + Prettier 3.8.3 → build-addon matrix with `home-assistant/builder@2026.03.2`, `--cosign`, `id-token: write` to GHCR), `fro-bot.yaml`, `renovate.yaml` (reusable `bfra-me/.github` v4.16.16), `update-repo-settings.yaml` (v4.16.16, daily 14:15 UTC). +- **Fro Bot agent present and active:** `fro-bot/agent@v0.43.1`. Add-on-aware PR review prompt (Dockerfile pinning, config/build.yaml validity, bashio/shellcheck, AppArmor integrity, breaking interface changes, translation completeness) with structured `PASS|CONDITIONAL|REJECT` verdict. Daily 15:30 UTC autoheal sweep across four categories (errored PRs, security, health & maintenance, DX). +- **Distinctive Fro Bot pattern:** maintains a single perpetual issue titled exactly `Daily Autohealing Report` with prepended dated update sections — diverges from sibling repos that create new issues per cycle. +- Renovate extends `bfra-me/renovate-config#5.2.1` + `:enablePreCommit` — **different preset family** from the rest of the surveyed ecosystem (which uses `marcusrbrown/renovate-config#4.5.x`). Custom managers for `build.yaml` arch keys, `Dockerfile` `ARG BUILD_FROM=...@sha256:...`, and Alpine packages via repology (`alpine_3_20/{pkg}`). Python capped at `<=3.13`. +- Probot settings extend `.github:common-settings.yaml` (resolves to bfra-me org `.github`, not Marcus's). Branch protection requires `Prepare`, `Lint`, `Build`, `Renovate / Renovate`, `Fro Bot`; strict + linear history + enforce-admins + 1 reviewer with stale-review dismissal. +- Tooling: Node 22.11.0, Python 3.13.13 via `.tool-versions`. Devcontainer, pre-commit, markdownlint-cli2, Prettier, Cursor rules all configured. +- 5 open issues, 0 open PRs at survey time. +- No CodeQL/Scorecard/Trivy — security delegated to Renovate + autoheal sweep. Reasonable for a template. + +Cross-ecosystem relationship: this is the add-on build/publish counterpart to [[marcusrbrown--ha-config]] (which consumes add-ons & integrations). The two `frenck/action-*` tools are siblings: `action-addon-linter` validates the add-on contract here; `action-home-assistant` validates running configs there. + +Sources: https://github.com/bfra-me/ha-addon-repository (SHA 0a163c3fa8846704103658142fa742f40d165743) + +## [2026-05-20 16:13] ingest | repo:bfra-me/ha-addon-repository + +Surveyed bfra-me/ha-addon-repository and updated the control-plane wiki. + +Sources: https://github.com/bfra-me/ha-addon-repository diff --git a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md new file mode 100644 index 000000000..023943f09 --- /dev/null +++ b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md @@ -0,0 +1,172 @@ +--- +type: repo +title: bfra-me/ha-addon-repository +created: 2026-05-20 +updated: 2026-05-20 +sources: + - url: https://github.com/bfra-me/ha-addon-repository + sha: 0a163c3fa8846704103658142fa742f40d165743 + accessed: 2026-05-20 +tags: [home-assistant, addon, hassio, template, docker, multi-arch, bfra-me] +related: + - marcusrbrown--ha-config + - marcusrbrown--esphome-life + - marcusrbrown--containers + - home-assistant + - docker-containers + - github-actions-ci + - probot-settings +--- + +# bfra-me/ha-addon-repository + +Template repository for a Home Assistant add-on repository. GitHub template (`is_template: true`) under the `bfra-me` org, used as the blueprint when starting a new HA add-on collection. The repo ships one example add-on (`example/`) that gets built and published to GHCR as `ghcr.io/bfra-me/{arch}-addon-example`. + +This is the bfra-me ecosystem's add-on counterpart to Marcus's runtime [[marcusrbrown--ha-config]] — where ha-config consumes add-ons and integrations, this repo defines the scaffolding for building and publishing new ones. + +## Identity + +- **Owner:** bfra-me (org) +- **Visibility:** public, template +- **License:** Apache-2.0 +- **Default branch:** `main` +- **Primary language:** Dockerfile +- **Topics:** `addon`, `addons`, `hassio`, `home-assistant`, `homeassistant`, `template` +- **Created:** 2022-10-08 +- **Last push:** 2026-05-20 + +## Layout + +``` +. +├── .github/ +│ ├── renovate.json5 +│ ├── settings.yml +│ └── workflows/ +│ ├── fro-bot.yaml +│ ├── main.yaml +│ ├── renovate.yaml +│ └── update-repo-settings.yaml +├── .cursorrules +├── .devcontainer.json +├── .markdownlint-cli2.yaml +├── .pre-commit-config.yaml +├── .prettierrc.yaml +├── .tool-versions +├── LICENSE +├── README.md +├── example/ +│ ├── CHANGELOG.md +│ ├── DOCS.md +│ ├── Dockerfile +│ ├── README.md +│ ├── apparmor.txt +│ ├── build.yaml +│ ├── config.yaml +│ ├── icon.png +│ ├── logo.png +│ ├── rootfs/ +│ └── translations/ +└── repository.yaml +``` + +The HA add-on store discovers add-ons by walking the repo root for directories containing a `config.yaml`/`config.json`. The `Main` workflow's `prepare` job replicates that discovery with `find ./ -maxdepth 2 -name config.json -o -name config.yaml -o -name config.yml`. + +## The Example Add-on + +`example/` is the template payload. It demonstrates the canonical s6-overlay add-on structure: + +- **`config.yaml`** — slug `example`, version `1.2.2`, four arches (`armhf`, `armv7`, `aarch64`, `amd64`), `init: false` (s6 takes over), `share:rw` map, single `message` option, image `ghcr.io/bfra-me/{arch}-addon-example`. +- **`build.yaml`** — base images pinned to `ghcr.io/home-assistant/{arch}-base:3.23` for 64-bit, `:3.22` for 32-bit ARM. OCI labels set title, description, source URL, and Apache-2.0 license. +- **`Dockerfile`** — `ARG BUILD_FROM` pinned by digest (`@sha256:...`) so Renovate can rotate it. Installs `tempio` (HA's template renderer) from `home-assistant/tempio` GitHub releases with a Renovate datasource comment. Copies `rootfs/` over the base image. +- **`apparmor.txt`** — AppArmor profile (security mandatory for HA add-ons). +- **`rootfs/`** — s6-overlay service tree. +- **`translations/`** — i18n strings for the HA Supervisor UI. + +## Workflows + +Four workflows, all SHA-pinned actions: + +### `main.yaml` — CI lint + multi-arch build +- **Trigger:** `pull_request` (main), `push` (main), `workflow_dispatch`. +- **`prepare` job:** Discovers add-on directories, uses `dorny/paths-filter@v4.0.1` to compute changed add-ons against a `MONITORED_FILES` list (`apparmor.txt build.yaml config.yaml Dockerfile rootfs/**`). Emits JSON arrays for downstream matrix expansion. +- **`lint-addon` matrix:** `frenck/action-addon-linter@v2.21.0` per changed add-on. Authoritative HA lint. +- **`lint-prettier`:** `creyD/prettier_action@v4.6`, Prettier 3.8.3 pinned via `# renovate: datasource=npm depName=prettier` comment, `--check .`. +- **`build-addon` matrix:** Per-changed-add-on × (`aarch64`, `amd64`, `armhf`, `armv7`). Uses `yq` (`chrisdickinson/setup-yq` v4.45.1) to extract `build_from` keys and validate the arch list before building. `home-assistant/builder@2026.03.2` runs with `--test` for PRs and full builds with `--cosign` on push to `main`. Publishes to `ghcr.io/bfra-me/{arch}-addon-{slug}` with `id-token: write` (Sigstore/cosign). +- **`lint`/`build` aggregator jobs** funnel matrix results into single named status checks for branch protection. + +### `fro-bot.yaml` — Fro Bot agent integration +- **Agent version:** `fro-bot/agent@v0.43.1` (SHA `3ec8d72f`). +- **Triggers:** `issue_comment`, `pull_request_review_comment`, `discussion_comment`, `issues` (opened/edited), `pull_request` (opened/synchronize/reopened/ready_for_review/review_requested), `schedule` (`30 15 * * *` — daily 15:30 UTC), `workflow_dispatch` with `prompt` input. +- **Bot-loop guards:** Skips when the user, comment author, or PR author ends with `[bot]` or equals `fro-bot`. Comment triggers require `OWNER`/`MEMBER`/`COLLABORATOR` association and `@fro-bot` mention. +- **PR_REVIEW_PROMPT** is add-on-aware: Dockerfile base-image SHA pinning, `config.yaml`/`build.yaml` validity (required fields, arch list accuracy, image reference pattern), shell script quality (`bashio`, signal handling, shellcheck SC2086/SC2060), AppArmor profile integrity, GitHub Actions SHA pinning, YAML formatting, breaking changes to add-on interface (slug/image/option-type changes that break existing installs), translation completeness. Output is a structured verdict (`PASS | CONDITIONAL | REJECT`) with mandatory headings. +- **SCHEDULE_PROMPT** runs a four-category sweep: errored PRs (checkout, diagnose, fix, push), security (Renovate alerts, SHA-pinning audit of `.github/workflows/*.yaml`), health & maintenance (compare `fro-bot/agent`, `actions/checkout`, `dorny/paths-filter`, `frenck/action-addon-linter`, `creyD/prettier_action`, `chrisdickinson/setup-yq` against current SHAs; bump `bfra-me/.github` reusable workflow when newer), developer experience (Prettier, shellcheck on `example/rootfs/**/{run,finish}`, config.yaml/build.yaml required fields, version-vs-CHANGELOG consistency, `.tool-versions` drift). +- **Single perpetual issue:** Maintains a single open issue titled exactly `Daily Autohealing Report` and prepends dated update sections — this is **not** the same pattern as ha-config or sibling repos that create new issues per cycle. +- Uses `secrets.FRO_BOT_PAT` for checkout and agent token; `OPENCODE_AUTH_JSON`, `OMO_PROVIDERS`, `OPENCODE_CONFIG` secrets; `vars.FRO_BOT_MODEL` for model selection. + +### `renovate.yaml` — Renovate orchestration +- Uses `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.16` (SHA `71213b76`). +- Triggers: `issues.edited`, `pull_request.edited`, `push` (non-main), `workflow_dispatch` (log-level + print-config inputs), `workflow_run` (after `Main` succeeds on `main`). +- Conditional log level: debug on PRs / non-default branches, info otherwise. + +### `update-repo-settings.yaml` — Probot Settings sync +- Uses `bfra-me/.github/.github/workflows/update-repo-settings.yaml@v4.16.16`. +- Triggers: `push` to `main`, daily at 14:15 UTC, `workflow_dispatch`. + +## Configuration + +### Renovate (`renovate.json5`) +- Extends `github>bfra-me/renovate-config#5.2.1` plus `:enablePreCommit`. This is a **different** preset family than the `marcusrbrown/renovate-config` line used across the rest of the ecosystem (`marcusrbrown/renovate-config#4.5.x`). +- Package rules: + - HA base images (`ghcr.io/home-assistant/**`, `home-assistant/**`) grouped as "Home Assistant Add-ons" with `pinDigests: false`. + - `ghcr.io/hassio-addons/**` grouped as "hassio-addons". + - `home-assistant/actions/*` regex match grouped. + - `home-assistant/builder` action: custom version extraction (`^\d+\.\d+\.\d+$`), single-bump strategy (no separate major/minor/patch). + - `python` dep capped at `<=3.13`. +- Custom managers cover three patterns: `build.yaml` arch keys + `# renovate:` comments, `Dockerfile` `ARG BUILD_FROM=...@sha256:...` and `# renovate:` comments, and Alpine package versions via `repology` datasource (`alpine_3_20/{pkg}`). + +### Probot Settings (`.github/settings.yml`) +- Extends `.github:common-settings.yaml` (org-level common settings — note the bare `.github:` prefix, which resolves to `bfra-me/.github`, not Marcus's personal `.github`). +- Repo: `is_template: true`, topics, description. +- Branch protection on `main`: + - Required status checks (strict): `Prepare`, `Lint`, `Build`, `Renovate / Renovate`, `Fro Bot` + - `enforce_admins: true` + - 1 required approving review, dismiss stale reviews on push + - `required_linear_history: true` + - No code-owner-review requirement, no restrictions + +### Tooling +- **`.tool-versions`:** Node 22.11.0, Python 3.13.13. +- **`.devcontainer.json`** present (contents not surveyed under read-limit policy). +- **`.pre-commit-config.yaml`** present, integrated via Renovate `:enablePreCommit`. +- **`.markdownlint-cli2.yaml`**, **`.prettierrc.yaml`** present. +- **`.cursorrules`** present (Cursor IDE context). + +## Cross-Ecosystem Notes + +| Aspect | bfra-me/ha-addon-repository | [[marcusrbrown--ha-config]] | +|---|---|---| +| Purpose | Template for building & publishing HA add-ons | Running HA config (consumes add-ons & components) | +| Renovate base | `bfra-me/renovate-config#5.2.1` | `marcusrbrown/renovate-config#4.5.x` | +| Probot extends | `.github:common-settings.yaml` (bfra-me org) | `fro-bot/.github:common-settings.yaml` | +| Fro Bot agent | v0.43.1, present, daily autoheal at 15:30 UTC | **Not present** (carried-forward recommendation) | +| Fro Bot issue model | Single perpetual `Daily Autohealing Report` | n/a | +| Build target | Multi-arch Docker images → GHCR with cosign | n/a (no add-on builds) | +| HA validation tool | `frenck/action-addon-linter` | `frenck/action-home-assistant` | + +The two `frenck/action-*` tools are siblings serving the two sides of the HA development workflow: linter for the add-on contract, home-assistant for the running config. See [[home-assistant]] for the latter. + +## Observations + +- **Template hygiene:** README's HTML comment block is the de-facto onboarding checklist for forkers (rename `example/`, update `image:` to your username, adjust `repository.yaml`, update `version` and `CHANGELOG.md` per release). It is not enforced by CI — a fork that forgets to update `image:` will silently publish under `bfra-me`'s namespace. Worth promoting to a `scripts/init-fork.sh` or pre-commit hook in any downstream usage. +- **HA base-image arch split:** `aarch64`/`amd64` on Alpine 3.23, `armhf`/`armv7` on 3.22. The base-image producers (`ghcr.io/home-assistant/*-base`) lag on 32-bit ARM. The Renovate `Home Assistant Add-ons` group keeps them coordinated, but expect drift to persist as upstream prioritizes 64-bit. +- **`pinDigests: false` for HA base images** is intentional — combined with the explicit `@sha256:...` in the Dockerfile, the digest is rotated by the custom Dockerfile manager (`ARG BUILD_FROM=...@sha256:...` matchString), not by `build.yaml`. This keeps the build reproducible while letting `build.yaml` stay readable as tag-only. +- **`enforce_admins: true`** on the template means downstream forks inherit a strict policy that the original maintainer must also follow — a footgun for solo forks until they relax it. +- **No CodeQL, no Scorecard, no Trivy** — security scanning is delegated to Renovate alerts and the Fro Bot autoheal sweep. Reasonable for a template; downstream add-on collections handling real services should add at least a Hadolint/Trivy gate. +- **Five open issues** (per gh metadata at survey time), zero open PRs. + +## Survey History + +| Date | SHA | Notes | +|---|---|---| +| 2026-05-20 | `0a163c3f` | Initial survey. Fro Bot agent v0.43.1, four workflows, example add-on at v1.2.2, HA base images Alpine 3.22/3.23, Node 22.11.0, Python 3.13.13. | diff --git a/knowledge/wiki/topics/home-assistant.md b/knowledge/wiki/topics/home-assistant.md index b11474ae2..196a03fc5 100644 --- a/knowledge/wiki/topics/home-assistant.md +++ b/knowledge/wiki/topics/home-assistant.md @@ -2,11 +2,12 @@ type: topic title: Home Assistant created: 2025-06-18 -updated: 2026-05-17 -tags: [home-assistant, iot, smart-home, yaml, automation] +updated: 2026-05-20 +tags: [home-assistant, iot, smart-home, yaml, automation, addon] related: - marcusrbrown--ha-config - marcusrbrown--esphome-life + - bfra-me--ha-addon-repository - github-actions-ci --- @@ -18,6 +19,7 @@ Open-source home automation platform. Core references across the Fro Bot ecosyst - [[marcusrbrown--ha-config]] — Marcus's primary HA configuration (public, CI-validated) - [[marcusrbrown--esphome-life]] — ESPHome device firmware; linked from ha-config as a git submodule at `esphome/` +- [[bfra-me--ha-addon-repository]] — Template repo for building & publishing HA add-ons (bfra-me org), multi-arch Docker images via `home-assistant/builder` ## Configuration Patterns Observed @@ -31,6 +33,12 @@ Home Assistant configs can be validated in CI using `frenck/action-home-assistan **Pin-drift footgun:** validating against a frozen `.HA_VERSION` only catches problems that exist in *that* version. Observed in [[marcusrbrown--ha-config]], where `.HA_VERSION` has remained at `2025.6.3` across three surveys (2025-06 → 2026-05) while pip-resolved deps like `esphome` advance. The CI passes, but the config is not validated against current upstream HA. +The add-on side uses a different tool: `frenck/action-addon-linter` validates the add-on contract (`config.yaml`, `build.yaml`, image references, arch lists, schema). Observed in [[bfra-me--ha-addon-repository]]. The two `frenck/*` actions are sibling validators serving the two sides of the HA development workflow. + +### Multi-Arch Add-on Builds + +Add-ons publish multi-arch Docker images via `home-assistant/builder` (pinned at `2026.03.2` in [[bfra-me--ha-addon-repository]]). Standard arch matrix: `aarch64`, `amd64`, `armhf`, `armv7`. Base images from `ghcr.io/home-assistant/{arch}-base` split between Alpine 3.23 (64-bit) and 3.22 (32-bit ARM) — upstream lags on 32-bit. The build action supports `--cosign` for Sigstore signing when `id-token: write` is granted. + ### Custom Components Third-party integrations installed via HACS or manually into `custom_components/`. These are typically excluded from linting and pre-commit hooks since they are upstream-managed code. From f1e69a7f373ecef4818f9401b82b7cf967d6482b Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:13:57 -0700 Subject: [PATCH 21/77] chore(reconcile): record survey success for bfra-me/ha-addon-repository --- metadata/repos.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index b6f5adad7..ad88aaa03 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -289,13 +289,13 @@ repos: - owner: bfra-me name: ha-addon-repository added: 2026-05-18 - onboarding_status: pending - last_survey_at: null - last_survey_status: null + onboarding_status: onboarded + last_survey_at: 2026-05-20 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: null + next_survey_eligible_at: 2026-06-22 private: false node_id: R_kgDOIKWaJA - owner: bfra-me From 75b02e23f0eea76cbe38e3bf33f5ac2d6f93af93 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:28:02 -0700 Subject: [PATCH 22/77] feat(knowledge): survey bfra-me/renovate-action --- knowledge/index.md | 1 + knowledge/log.md | 32 ++ .../repos/bfra-me--ha-addon-repository.md | 1 + .../wiki/repos/bfra-me--renovate-action.md | 288 ++++++++++++++++++ .../repos/marcusrbrown--renovate-config.md | 1 + knowledge/wiki/topics/github-actions-ci.md | 6 +- knowledge/wiki/topics/probot-settings.md | 4 +- 7 files changed, 331 insertions(+), 2 deletions(-) create mode 100644 knowledge/wiki/repos/bfra-me--renovate-action.md diff --git a/knowledge/index.md b/knowledge/index.md index a3c512a0a..be987f5ed 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -5,6 +5,7 @@ Master catalog of all wiki pages, organized by type. ## Repos - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal +- [[bfra-me--renovate-action]] — Composite GitHub Action `bfra-me/renovate-action@v9` running self-hosted Renovate v43 in Docker with GitHub App auth; canonical bfra-me dependency-update runner, single-workflow three-mode Fro Bot at agent v0.44.2, Docker execution deprecated for v10 - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — fro-bot/systematic diff --git a/knowledge/log.md b/knowledge/log.md index 68eef258e..19d14ab97 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1207,3 +1207,35 @@ Sources: https://github.com/bfra-me/ha-addon-repository (SHA 0a163c3fa8846704103 Surveyed bfra-me/ha-addon-repository and updated the control-plane wiki. Sources: https://github.com/bfra-me/ha-addon-repository + +## [2026-05-20 16:23] ingest | bfra-me/renovate-action + +Initial survey of `bfra-me/renovate-action` (SHA `bc9c4591`, v9.90.0 released 2026-05-20). Created repo page `bfra-me--renovate-action.md`. Updated topic pages `github-actions-ci.md` and `probot-settings.md`. Updated repo pages `marcusrbrown--renovate-config.md` and `bfra-me--ha-addon-repository.md` with reverse cross-references. Updated `index.md` to catalog the new repo. + +Key findings: + +- Composite GitHub Action (`bfra-me/renovate-action@v9`) that runs **self-hosted Renovate v43.186.2** in a Docker container (`ghcr.io/renovatebot/renovate:43.186.2`) under `renovatebot/github-action@v46.1.4` with GitHub App authentication. This is the **execution surface** for Renovate across the bfra-me org; complements [[marcusrbrown--renovate-config]] which provides the policy presets. +- Action logic lives in `action.yaml` shell steps and `docker/entrypoint.sh`, not in TypeScript. The `src/`/`dist/` scaffold is a `@actions/core` wait utility (placeholder); CI still verifies dist drift because `pnpm build` is part of the contract. +- Inputs: `renovate-app-id`, `renovate-app-private-key` (required); plus `autodiscover`, `autodiscover-filter`, `branch`, `cache`, `dry-run`, `execution-mode` (v9 scaffolding only — container is the only supported value), `global-config` (JSON deep-merge), `log-level`, `print-config`. +- **Security boundary on global-config merge:** Bash functions `validate_json()` + `merge_global_config()` deep-merge user JSON with base `zzglobal_config`. Protected fields (`allowedCommands`, `platform`, `gitAuthor`, `gitIgnoredAuthors`, `cacheDir`, `repositoryCache`) are either restored from base after merge (`allowedCommands`) or overridden by explicit `RENOVATE_*` env vars in the Renovate step. `validate_json` warns on dangerous-field attempts; runtime env block is the real guard. +- **Branching model:** `main` → `release` (semantic-release runs from `release`, fast-forwarded from `main` via `git merge --no-ff -Xtheirs`) → semver tags + `v9` major-version branch for downstream `@v9` pins. Latest release `9.90.0`. +- **Eight workflows**, all SHA-pinned: `main.yaml` (setup → check → test + self-test via `uses: ./` → build with dist drift → build-docs → deploy-pages → release), `fro-bot.yaml`, `renovate.yaml` (self-managed, not via reusable workflow), `update-repo-settings.yaml`, `codeql-analysis.yaml` (TypeScript, Wednesdays), `scorecard.yaml` (Tuesdays + branch_protection_rule), `dependency-review.yaml`, `copilot-setup-steps.yaml`. +- **Fro Bot pattern divergence:** single workflow with mode-dispatch (`workflow_dispatch` input `mode: review|maintenance|autoheal`, plus inline Bash that resolves mode from event type and cron schedule). Three inline prompts live in the workflow `env:` block. **Two perpetual rolling issues** (`Daily Maintenance Report` + `Daily Autohealing Report`). Mirrors the `marcusrbrown--marcusrbrown-github-io` "single-file three-mode" evolution. +- **Fro Bot agent version:** `v0.44.2` (SHA `b97877b2`) — **newest in the surveyed ecosystem** at this time. Likely canary for agent updates before they propagate to Marcus's repos. +- **Renovate config (`.github/renovate.json5`):** extends `bfra-me/.github:internal.json5#v4.16.18` + `sanity-io/renovate-config:semantic-commit-type`. Notable: `bfra-me/renovate-config` pinned with `updatePinnedDependencies: false` except for majors. Renovate ecosystem patches **disabled** (noise reduction); majors emit `feat(deps)!:`. `postUpgradeTasks` runs bootstrap+build+fix. `platformAutomerge: true`. Different preset family from both [[marcusrbrown--renovate-config]] (#4.5.x) and [[bfra-me--ha-addon-repository]] (#5.2.1). +- **Probot settings extend `.github:common-settings.yaml`** which resolves to **`bfra-me/.github`**, not Marcus's `.github`. Branch protection on `main` requires 11 status checks including Build, Check, Test, Setup, Fro Bot, CodeQL, Analyze, Review Dependencies, Renovate / Renovate, Deploy to GitHub Pages, Release. `release` branch is fast-forward target only (no required checks). Teams: actioneers (push), services (maintain), owners (admin). +- **Tooling:** Node 24.15.0, pnpm 10.33.4, TypeScript 6.0.3, ESLint 10.4.0 with `@bfra.me/eslint-config@0.51.1`, Prettier 3.8.3 with `@bfra.me/prettier-config/120-proof`, tsup 8.5.1, Vitest 4.1.6, semantic-release 25.0.3. Only runtime dep is `@actions/core@3.0.1`. +- **Docker execution deprecation:** v9 ships a `::warning::` and v10 will remove Docker mode. No replacement implementation present yet; likely migration to npm-installed Renovate (the `BINARY_SOURCE=install` env var is already set on `renovatebot/github-action`). +- **README-vs-code contradiction:** v9 release notes claim "Analytics features removed" but `docker/entrypoint.sh` still contains `record_docker_metric`, `record_failure`, and `/tmp/renovate-analytics` plumbing. Likely dead code from v8 era — candidate for an autoheal "stale TODO" finding. +- `gitIgnoredAuthors` explicitly includes `fro-bot[bot]` (`109017866+fro-bot[bot]@users.noreply.github.com`) so Fro Bot autoheal commits don't seed Renovate's rebase-detection logic. +- 60 open issues at survey (typical for a long-lived Renovate dependency-dashboard repo), 0 open PRs, 2 stars. + +Cross-ecosystem relationship: this is the **runner** that complements [[marcusrbrown--renovate-config]]'s **policy**. It's used by `bfra-me/.github`'s reusable Renovate workflow, which in turn is consumed indirectly by virtually every Marcus repo through their `.github/workflows/renovate.yaml`. Sibling to [[bfra-me--ha-addon-repository]] under the bfra-me org. + +Sources: https://github.com/bfra-me/renovate-action (SHA bc9c45917d3f7b33962d3ba44b11d58d9f6c2647) + +## [2026-05-20 16:27] ingest | repo:bfra-me/renovate-action + +Surveyed bfra-me/renovate-action and updated the control-plane wiki. + +Sources: https://github.com/bfra-me/renovate-action diff --git a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md index 023943f09..3b86a554e 100644 --- a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md +++ b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md @@ -12,6 +12,7 @@ related: - marcusrbrown--ha-config - marcusrbrown--esphome-life - marcusrbrown--containers + - bfra-me--renovate-action - home-assistant - docker-containers - github-actions-ci diff --git a/knowledge/wiki/repos/bfra-me--renovate-action.md b/knowledge/wiki/repos/bfra-me--renovate-action.md new file mode 100644 index 000000000..74d7bbfc4 --- /dev/null +++ b/knowledge/wiki/repos/bfra-me--renovate-action.md @@ -0,0 +1,288 @@ +--- +type: repo +title: bfra-me/renovate-action +created: 2026-05-20 +updated: 2026-05-20 +sources: + - url: https://github.com/bfra-me/renovate-action + sha: bc9c45917d3f7b33962d3ba44b11d58d9f6c2647 + accessed: 2026-05-20 +tags: [renovate, github-action, composite, self-hosted, docker, typescript, semantic-release, bfra-me] +related: + - bfra-me--ha-addon-repository + - marcusrbrown--renovate-config + - marcusrbrown--ha-config + - marcusrbrown--github + - marcusrbrown--systematic + - fro-bot--agent + - github-actions-ci + - docker-containers + - probot-settings +--- + +# bfra-me/renovate-action + +Composite GitHub Action that runs a **self-hosted Renovate bot** in a Docker container with **GitHub App** authentication. Published as `bfra-me/renovate-action@v9` and consumed across the `bfra-me` organization (and indirectly by `marcusrbrown/*` / `fro-bot/*` via the reusable `bfra-me/.github/.github/workflows/renovate.yaml` that wraps it). + +This is the **execution surface** for the bfra-me dependency-update policy that [[marcusrbrown--renovate-config]] defines as preset content. Where `marcusrbrown/renovate-config` answers "what should Renovate do," this repo answers "how does Renovate actually run." + +## Identity + +- **Owner:** `bfra-me` (org) +- **Visibility:** public +- **License:** MIT +- **Author:** Marcus R. Brown +- **Default branch:** `main` (release branch: `release`; major-version branch: `v9`) +- **Primary language:** Shell (action logic) + TypeScript (scaffold + tooling) +- **Topics:** `composite`, `github-action`, `github-actions`, `renovate`, `nodejs`, `typescript`, `action`, `self-hosted` +- **Created:** 2023-09-22 +- **Last push:** 2026-05-20 +- **Latest release:** `9.90.0` (2026-05-20) +- **Stars / Forks / Watchers:** 2 / 1 / 1 +- **Open issues:** 60 (consistent with a long-lived autoheal / Renovate dependency dashboard) + +## Layout + +``` +. +├── action.yaml # THE runtime — composite steps, JSON config merge, Docker +├── docker/ +│ └── entrypoint.sh # Tool installs (yq, Node, Bun, pnpm, Yarn) + analytics +├── src/ +│ ├── main.ts # Scaffold TS — @actions/core wait utility (not used at runtime) +│ ├── wait.ts +│ └── __tests__/ +├── dist/ # tsup bundle — committed, verified for drift in CI +├── docs/ # Astro/Starlight docs site (separate pnpm workspace package) +├── .github/ +│ ├── CODEOWNERS +│ ├── copilot-instructions.md +│ ├── filters.yaml # dorny/paths-filter config for CI gating +│ ├── renovate.json5 # self-referential Renovate config +│ ├── settings.yml # Probot Settings +│ └── workflows/ # 8 workflows +├── .ai/ # AI agent context (not surveyed under read-limit policy) +├── .cursor/ # Cursor IDE context +├── AGENTS.md # Project knowledge base for AI agents +├── README.md +├── action.yaml +├── package.json +├── pnpm-lock.yaml +├── pnpm-workspace.yaml +├── tsup.config.ts +├── tsconfig.json +├── eslint.config.ts +├── .releaserc.yaml # semantic-release config (branch: release) +└── llms.txt +``` + +The TypeScript layer (`src/`, `dist/`) is **not** what consumers execute — `action.yaml` is. The TS scaffold exists for the published-action lint/check pipeline, dist drift verification, and as a placeholder for future TS-backed steps. The composite action's actual work happens in Bash inside `action.yaml` and `docker/entrypoint.sh`. + +## How the Action Works + +### Composite Steps (`action.yaml`) + +1. **`get-renovate-app`** — `actions/create-github-app-token@v3.2.0` mints a short-lived installation token from the consumer's `renovate-app-id` + `renovate-app-private-key`. Scoped to `github.repository_owner`. +2. **`configure`** — Bash step (`bash -Eeuo pipefail`) that: + - Pins `RENOVATE_VERSION=43.186.2` (Renovate v43) with a `# renovate: datasource=docker depName=renovate packageName=ghcr.io/renovatebot/renovate versioning=semver` comment so Renovate self-bumps it. + - Builds the `renovate_git_author` identity from the GitHub App slug. + - Defines `validate_json()` and `merge_global_config()` Bash functions that deep-merge the action's base config (`zzglobal_config` inline JSON) with the user-supplied `global-config` input. + - **Security boundary:** `allowedCommands`, `platform`, `gitAuthor`, `gitIgnoredAuthors`, `cacheDir`, `repositoryCache` are protected. `allowedCommands` is restored from base after merge; the others emit warnings if the user tries to set them. Falls back to base config on any validation failure. +3. **`v9 deprecation notice`** — emits a `::warning::` that Docker execution is planned for removal in v10. +4. **`Restore Renovate Cache`** (conditional on `cache: true`) — `actions/cache/restore@v5.0.5` keyed on `renovate-cache-v`. +5. **`Prepare Renovate Cache`** — `chown -R runneradmin:root /tmp/renovate` so the container user can write the cache. +6. **`Renovate `** — `renovatebot/github-action@v46.1.4` runs the Renovate Docker image (`ghcr.io/renovatebot/renovate:43.186.2`) with `docker-user: root`, `mount-docker-socket: true`, custom `docker-cmd-file` at `docker/entrypoint.sh`. The action passes through a strict `env-regex` whitelist (CI vars, GitHub vars except PATH/ENV, proxy vars, log level, NODE_OPTIONS, `RENOVATE_*`, `RUNNER_*`). +7. **`Finalize Renovate Cache`** + **`Save Renovate cache`** — deletes the prior cache entry via `gh api -X DELETE` and saves the new one (always-runs on success or failure when cache enabled). + +### Docker Entrypoint (`docker/entrypoint.sh`) + +`bash -Eeuo pipefail`. Inside the container it: +- Initializes `/tmp/renovate-analytics`. +- Defines `record_docker_metric()` and `record_failure()` helpers that emit JSON metric files via inline Node.js (`fs.writeFileSync`). +- Installs runtime tools (yq, Node, Bun, pnpm, Yarn) that Renovate's package managers may invoke. +- Runs Renovate as the `ubuntu` user (the cache-prepare `chown` aligns ownership for read/write). + +### Key Inputs + +| Input | Required | Default | Notes | +| --- | --- | --- | --- | +| `renovate-app-id` | ✅ | — | GitHub App ID | +| `renovate-app-private-key` | ✅ | — | GitHub App private key | +| `autodiscover` | | `false` | When `false`, autodiscover-filter is forced to `github.repository` | +| `autodiscover-filter` | | `[]` | JSON array of glob filters | +| `branch` | | — | Optional base branch override | +| `cache` | | `false` | Enables `actions/cache` for `/tmp/renovate/cache` and `RENOVATE_REPOSITORY_CACHE` | +| `dry-run` | | `false` | When `true`, sets `RENOVATE_DRY_RUN=extract` (lightest dry-run mode) | +| `execution-mode` | | `container` | v9 deprecation scaffolding; non-container values warn and fall through | +| `global-config` | | `{}` | JSON string deep-merged into base config; protected fields enforced | +| `log-level` | | `info` | | +| `print-config` | | `false` | | + +### Outputs + +- `docker-image` — e.g., `ghcr.io/renovatebot/renovate:43.186.2` +- `renovate-version` — e.g., `43.186.2` + +## Workflows + +Eight workflows under `.github/workflows/`, all using `.yaml` extension and SHA-pinned actions with version comments: + +### `main.yaml` — primary CI + release pipeline + +- **Triggers:** `merge_group`, `pull_request` (main), `push` (main), `workflow_dispatch`. +- **Concurrency:** group-keyed on `workflow + event-number-or-ref`, cancel-in-progress. +- **Jobs:** + - **`setup`** — checkout, pnpm/setup-node from `package.json`, `pnpm bootstrap`, `dorny/paths-filter@v4.0.1` against `.github/filters.yaml` to emit `dist-changed`, `docs-changed`, `should-check`, `src-changed`, `renovate-changed` flags. + - **`check`** — `pnpm build && pnpm check`, plus a docs preview smoke test (`pnpm run preview`, `curl http://localhost:4321/renovate-action`). + - **`test`** — `pnpm test` (Vitest), then a **self-test** step that runs `uses: ./` with `dry-run: true`, `log-level: debug`, `print-config: true` against the consumer's own repo (gated to `bfra-me` org, non-default branch, no `renovate-changed`). + - **`build`** — `pnpm build` and dist drift verification (`git diff --ignore-space-at-eol dist/`). Uploads `dist/` artifact on failure. + - **`build-docs`** + **`deploy-pages`** — Astro/Starlight site build with `actions/configure-pages@v6.0.0`, deployed via `actions/deploy-pages@v5.0.0` (main only). + - **`release`** — checks out the `release` branch, fast-forwards `main` into `release` (`git merge --no-ff -Xtheirs -m 'skip: merge () [skip release]'`), pushes, then runs `semantic-release` with GitHub App token. Dry-run on PRs. + +### `fro-bot.yaml` — Fro Bot agent integration + +- **Agent version:** `fro-bot/agent@v0.44.2` (SHA `b97877b202095e5faf046c1f9d7a18891720a73b`). +- **Triggers:** `issue_comment`, `pull_request_review_comment`, `discussion_comment`, `issues` (opened/edited), `pull_request` (opened/synchronize/reopened/ready_for_review/review_requested), `schedule` (`30 3 * * *` autoheal + `30 15 * * *` maintenance — daily 03:30 and 15:30 UTC), `workflow_dispatch` with `mode` choice (review/maintenance/autoheal) + `prompt` input, and `workflow_call` with required `prompt` input. +- **Bot-loop guards:** Identical pattern to the rest of the ecosystem — skip when issue/PR/comment author ends in `[bot]` or equals `fro-bot`. Comment triggers require `OWNER`/`MEMBER`/`COLLABORATOR` association and `@fro-bot` mention. +- **Mode resolution:** Inline Bash in the `Determine mode and prompt` step maps event type → mode (schedule cron `15` → maintenance, schedule cron `03` → autoheal, `pull_request` → review, `workflow_dispatch` → user-selected). Mode controls which inline `env`-block prompt is used. +- **`PR_REVIEW_PROMPT`** — focused on the action's risk surface: JSON config merging security (`allowedCommands` must never be overridable), template variable substitution, shell script safety, Docker entrypoint security, cache ownership, workflow injection (untrusted input in `run:` blocks), TypeScript strictness (no `any`, no `@ts-ignore`, pure ESM), Renovate config (`allowedCommands` regex safety, onboardingConfig changes, gitIgnoredAuthors consistency), and **dist/ drift detection** ("if src/ changes, dist/ must be rebuilt"). Verdict format: `## Verdict: PASS / CONDITIONAL / REJECT` with mandatory `Blocking issues`, `Non-blocking concerns`, `Missing tests`, `Risk assessment` headings. +- **`MAINTENANCE_PROMPT`** — single rolling issue titled `Daily Maintenance Report`. 14-day bounded section history collapsed into a `Historical Summary`. Same single-perpetual-issue pattern as [[bfra-me--ha-addon-repository]]. +- **`AUTOHEAL_PROMPT`** — five-category sweep: + 1. **ERRORED PRs** — diagnose/fix failing CI on trusted-author PRs only; **never** touches `.github/workflows/`, lockfiles, package-manager config, lockfile-maintenance branches, or the Fro Bot workflow itself; auto-rebuilds `dist/` when `src/` changes. + 2. **SECURITY** — Dependabot/Renovate alerts; remediate critical/high; do **not** batch unrelated bumps into a security PR. + 3. **CODE QUALITY & REPO HYGIENE** — report-only; runs `pnpm build`, `pnpm test`, `pnpm check`, validates allowedCommands regex, scans stale TODOs > 90 days via `git blame`. + 4. **DEVELOPER EXPERIENCE** — lint/format auto-fix PRs grouped into a single conventional-commit PR; rebuilds `dist/` when `src/` is touched. + 5. **PROGRESSIVE IMPROVEMENT** — report-only; checks Renovate version drift (don't open bump PRs — Renovate owns that), release-branch health, reusable-workflow versions, analytics integrity, cross-project pattern drift against `bfra-me/.github`. +- **Output:** single perpetual `Daily Autohealing Report` issue with structured tables (Summary, Errored PRs, Security, Code Quality, Developer Experience, Progressive Improvement, Needs Human Attention). +- **Dependency ownership rule** is explicit: "Renovate owns routine dependency/version bumps. You may change dependency versions only when remediating a confirmed security advisory (critical/high) or repairing an existing security-update PR." This is the cleanest articulation of the autoheal-vs-Renovate boundary observed across the ecosystem. + +### `renovate.yaml` — self-managed Renovate orchestration + +Direct workflow (not via `bfra-me/.github` reusable) because this repo is **upstream** of the reusable workflow it would normally consume. Triggers and uses `bfra-me/renovate-action@v9` against itself. + +### `update-repo-settings.yaml` — Probot Settings sync + +### `codeql-analysis.yaml` — CodeQL security scanning + +Language: `typescript`. Schedule: `31 7 * * 3` (Wednesdays 07:31 UTC). Uses `github/codeql-action/init|autobuild|analyze@v4.35.5`. + +### `scorecard.yaml` — OpenSSF Scorecard + +Schedule: `20 7 * * 2` (Tuesdays 07:20 UTC). `branch_protection_rule` + `push` triggers. Publishes results to the public Scorecard dashboard. + +### `dependency-review.yaml` — Dependency review on PRs + +`actions/dependency-review-action@v4.9.0`. Job name `Review Dependencies` (status check name). + +### `copilot-setup-steps.yaml` — GitHub Copilot agent bootstrap + +Limited triggers: only `workflow_dispatch` plus path-filtered `push`/`pull_request` on the file itself. Pre-warms `pnpm install`. + +## Configuration + +### Renovate (`.github/renovate.json5`) + +Extends: +- `github>bfra-me/.github:internal.json5#v4.16.18` — bfra-me org's internal Renovate preset +- `github>sanity-io/renovate-config:semantic-commit-type` — semantic commit type mapping + +Notable rules: +- Pin `bfra-me/renovate-config` (`rangeStrategy: 'pin'`, `updatePinnedDependencies: false`) **except** for major updates (where pin updates are allowed). +- Renovate/Docker package updates (`ghcr.io/renovatebot/renovate`, `renovate`, `renovatebot/github-action`, `renovatebot/renovate`): + - Major → `feat(deps)!:` (breaking) + - Minor → `feat` + - Patch → **disabled** (avoid noise) + - Scheduled to nights/weekends only. +- All majors of the Renovate ecosystem grouped as `Renovate`. +- Custom regex manager updates `https://github.com/renovatebot/renovate/releases/tag/` links in `README.md`. +- Astro 0.x packages automerge minor/patch. +- `postUpgradeTasks`: `pnpm run bootstrap && pnpm run build && pnpm run fix` (execution-mode: branch). +- `platformAutomerge: true`, `rebaseWhen: 'behind-base-branch'`. + +This is a **different** Renovate base preset family than the `marcusrbrown/renovate-config` line: + +| Repo | Base preset | +| --- | --- | +| `bfra-me/renovate-action` (this repo) | `bfra-me/.github:internal.json5#v4.16.18` | +| [[bfra-me--ha-addon-repository]] | `bfra-me/renovate-config#5.2.1` | +| [[marcusrbrown--renovate-config]] (and downstream) | `bfra-me/renovate-config#5.2.1` + Marcus's overrides | +| Most Marcus repos | `marcusrbrown/renovate-config#4.5.x` (which itself extends `bfra-me/renovate-config#5.2.1`) | + +So this repo is the most direct bfra-me-internal consumer; everyone else routes through either `bfra-me/renovate-config` or `marcusrbrown/renovate-config`. + +### Probot Settings (`.github/settings.yml`) + +- Extends `.github:common-settings.yaml` (bare `.github:` prefix → resolves to **`bfra-me/.github`**, not Marcus's `.github`). +- Topics, description, squash-merge commit policy. +- Teams: `actioneers` (push), `services` (maintain), `owners` (admin). +- **Branch protection on `main`:** required checks (strict): `Build`, `Check`, `Deploy to GitHub Pages`, `Fro Bot`, `Release`, `Test`, `Setup`, `Renovate / Renovate`, `Analyze`, `CodeQL`, `Review Dependencies`. `enforce_admins: true`, `required_linear_history: true`, no PR review requirement, no push restrictions. +- **Branch protection on `release`:** `enforce_admins: true`, no linear history, no required reviews/checks, no restrictions — the release branch is a fast-forward target only. + +### Path Filters (`.github/filters.yaml`) + +YAML anchors define reusable lists: +- `config` (anchor `&config`): `.github/**`, `pnpm-workspace.yaml`, `*.config.ts`, `**.json5?`, `**.md`, `**.yaml`, `**.yml` +- `dist-changed`: `dist/**` (added/modified only) +- `docs-changed` (anchor `&docs-changed`): `docs/**` +- `src-changed` (anchor `&src-changed`): workflows, docker, all `src/`, `action.yaml`, package manifests, lockfile, tsconfig +- `renovate-changed`: `.github/workflows/renovate.yaml`, `.github/renovate.json5`, `docker/entrypoint.sh`, `action.yaml` — the Renovate-blast-radius set used to suppress the self-test step +- `should-check`: aliased union of `config + docs-changed + src-changed` + +### Tooling + +| Tool | Version | +| --- | --- | +| Node.js | 24.15.0 (`engines.node` in package.json) | +| pnpm | 10.33.4 | +| TypeScript | 6.0.3 | +| ESLint | 10.4.0, extends `@bfra.me/eslint-config@0.51.1` | +| Prettier | 3.8.3, extends `@bfra.me/prettier-config/120-proof` | +| tsup | 8.5.1 (bundler, ESM output, license-aware via `esbuild-plugin-license@1.2.3`) | +| Vitest | 4.1.6 | +| `@actions/core` | 3.0.1 (only runtime dep) | +| semantic-release | 25.0.3 with `@semantic-release/changelog`, `@semantic-release/git`, `semantic-release-export-data`, `conventional-changelog-conventionalcommits@9.3.1` | +| simple-git-hooks + lint-staged | pre-commit runs `pnpm run fix` on TS/JS/CSS/MD/JSON/YAML | +| jiti | 2.7.0 (TS config loading) | +| js-yaml | 4.1.1 | + +### Release Pipeline (`.releaserc.yaml`) + +- **Branch:** `release` (separate from `main`; main → release fast-forward in CI). +- **Tag format:** bare semver (`9.90.0`), with a parallel major-version branch (`v9`) for downstream `@v9` pins. +- **Plugins:** commit-analyzer, release-notes-generator, changelog, npm (private package — no publish), git (commits `dist`, `package.json` with `chore(release): [skip ci]`), github, `semantic-release-export-data`. +- **Custom release rules:** `build` → patch, `docs(readme.md)` → patch, `skip` → no release. +- **Preset:** conventionalcommits with extended type map (feat, build, fix, docs, test, ci, style, refactor, perf, revert, chore, skip-hidden). + +## Cross-Ecosystem Notes + +| Aspect | bfra-me/renovate-action | [[marcusrbrown--renovate-config]] | [[bfra-me--ha-addon-repository]] | +| --- | --- | --- | --- | +| Role | **Runner** (executes Renovate) | **Policy** (preset content) | Template (consumes policy + runner) | +| Branching | `main` → `release` → tagged + `v9` branch | `main` → tagged + `v4` branch | `main` only | +| Renovate base preset | `bfra-me/.github:internal.json5#v4.16.18` | `bfra-me/renovate-config#5.2.1` | `bfra-me/renovate-config#5.2.1` | +| Fro Bot agent | v0.44.2 (newest in ecosystem at survey) | v0.42.2 | v0.43.1 | +| Fro Bot pattern | Single workflow with mode dispatch (`fro-bot.yaml` only — no separate autoheal file) | Two-workflow split (`fro-bot.yaml` + `fro-bot-autoheal.yaml`) | Single workflow, two cron schedules | +| Fro Bot single-issue model | `Daily Maintenance Report` + `Daily Autohealing Report` (two perpetual issues) | Same two-issue model | `Daily Autohealing Report` only | +| dist/ artifact in repo | Yes (tsup bundle, drift-verified in CI) | No (JSON-only repo) | No | +| Self-test in CI | Yes (`uses: ./` with dry-run) | n/a | n/a | +| CodeQL + Scorecard | Yes | Yes | No (relies on Renovate alerts + autoheal) | + +The **single-workflow-with-mode-dispatch** Fro Bot layout in this repo is notable: instead of separate `fro-bot.yaml` and `fro-bot-autoheal.yaml` files (the pattern in most Marcus repos), this repo collapses both into one workflow with an inline `Determine mode and prompt` step that selects from three inline prompts (review / maintenance / autoheal). This mirrors the [[marcusrbrown--marcusrbrown-github-io]] "single-file three-mode" evolution noted in the index (`agent v0.44.0, v0.44.1 in flight` — this repo is on `v0.44.2`). Worth tracking as a pattern that may consolidate across the ecosystem. + +## Observations + +- **Agent version leadership.** At survey time, this repo is on `fro-bot/agent@v0.44.2` while the rest of the ecosystem ranges from v0.41.x to v0.43.1. The combination of an active maintainer (Marcus), self-test CI, and the new single-workflow layout makes this a likely **canary** for Fro Bot agent updates before they propagate. +- **`zzglobal_config` naming.** The `zz` prefix on the inline base config env var is intentional — it forces the variable to sort last when the GitHub Actions UI alphabetizes env blocks, keeping the (large) JSON payload out of the way visually. Mildly clever; mildly footgun if someone tries to grep for "global_config" expecting one canonical name. +- **Protected-fields enforcement is layered:** `validate_json()` only warns on dangerous fields. The actual enforcement happens in `merge_global_config()`, which restores `allowedCommands` from base after the deep merge. The other "dangerous" fields (`platform`, `gitAuthor`, `gitIgnoredAuthors`, `cacheDir`, `repositoryCache`) are set explicitly in the `env:` block of the Renovate step, so any user-supplied value gets overwritten by `RENOVATE_*` env vars regardless of what made it through the merge. The warning is hygiene; the runtime override is the real guard. +- **Docker execution deprecation.** The action ships a `v9 deprecation notice` and an `execution-mode` input that currently only accepts `container`. The plan signaled by README and `action.yaml`: v10 will remove Docker-backed execution. No replacement implementation is present in this branch yet — consumers should expect a non-trivial migration (likely to direct npm-installed Renovate, matching the upstream `renovatebot/github-action` `BINARY_SOURCE=install` env var already set). +- **Analytics features removed in v9 per README, but `docker/entrypoint.sh` still contains `record_docker_metric` / `record_failure` / `/tmp/renovate-analytics` plumbing.** This is dead code from the v8-era analytics dashboard — likely a candidate for an autoheal "stale TODO" finding or a follow-up cleanup PR. Flag this as a possible README-vs-code contradiction to verify before relying on either claim. +- **`gitIgnoredAuthors` list** includes `109017866+fro-bot[bot]@users.noreply.github.com` — Fro Bot's commits are explicitly ignored by Renovate so the bot's autoheal commits don't accidentally seed Renovate's "rebased by user" detection logic. +- **`mount-docker-socket: true` + `docker-user: root`** — Renovate's container needs root to install package managers at runtime and the mounted socket to spawn sibling containers when probing Docker-based managers. Sound for self-hosted use; would be unsafe in a multi-tenant runner. +- **CI status-check surface is large** (11 required contexts including `Setup`, `Check`, `Test`, `Build`, `Release`, `Deploy to GitHub Pages`, `Renovate / Renovate`, `Fro Bot`, `Analyze`, `CodeQL`, `Review Dependencies`). The `Setup` job emits all five `should-*` outputs and gates everything else, so most PRs skip most jobs while still satisfying the protection contract. +- **No `marcusrbrown--renovate-config` consumer relationship.** This action does **not** itself extend the Marcus presets. The consumption flow is one-way: Marcus's presets reference `bfra-me/renovate-config`, and Marcus's repos consume **either** preset family; this action is independent infrastructure. + +## Survey History + +| Date | SHA | Notes | +| --- | --- | --- | +| 2026-05-20 | `bc9c4591` | Initial survey. Fro Bot agent v0.44.2, eight workflows (CI/CD + 5 security/agent), single-workflow three-mode Fro Bot pattern. Renovate v43.186.2 pinned. v9.90.0 latest release. Docker execution flagged for v10 removal. Dead analytics code observed in `docker/entrypoint.sh` despite v9 README claim of "analytics features removed." | diff --git a/knowledge/wiki/repos/marcusrbrown--renovate-config.md b/knowledge/wiki/repos/marcusrbrown--renovate-config.md index b80d8d425..ae44eab48 100644 --- a/knowledge/wiki/repos/marcusrbrown--renovate-config.md +++ b/knowledge/wiki/repos/marcusrbrown--renovate-config.md @@ -26,6 +26,7 @@ related: - marcusrbrown--marcusrbrown-github-io - marcusrbrown--opencode-copilot-delegate - marcusrbrown--esphome-life + - bfra-me--renovate-action --- # marcusrbrown/renovate-config diff --git a/knowledge/wiki/topics/github-actions-ci.md b/knowledge/wiki/topics/github-actions-ci.md index 8a09335db..0d6ac78b6 100644 --- a/knowledge/wiki/topics/github-actions-ci.md +++ b/knowledge/wiki/topics/github-actions-ci.md @@ -2,7 +2,7 @@ type: topic title: GitHub Actions CI created: 2026-04-18 -updated: 2026-05-07 +updated: 2026-05-20 tags: [github-actions, ci-cd, automation, security, renovate] related: - fro-bot--agent @@ -14,6 +14,8 @@ related: - marcusrbrown--marcusrbrown-github-io - marcusrbrown--renovate-config - marcusrbrown--sparkle + - bfra-me--renovate-action + - bfra-me--ha-addon-repository --- # GitHub Actions CI @@ -30,6 +32,8 @@ Cross-cutting CI/CD patterns observed across Marcus's repositories in the Fro Bo - [[marcusrbrown--infra]] — Split deploy pipeline (per-app dedicated workflows), convention enforcement tests, Bun workspace CI, Changesets publishing - [[marcusrbrown--renovate-config]] — Lint + semantic-release pipeline for Renovate presets, self-referential Renovate config, CodeQL, OpenSSF Scorecard - [[marcusrbrown--sparkle]] — Turborepo-orchestrated Setup → Check → Build pipeline, Astro Starlight docs deployment to GitHub Pages, auto-regenerate-docs PR workflow +- [[bfra-me--renovate-action]] — Composite action self-test via `uses: ./`, dist/ drift verification, main→release branch fast-forward + semantic-release, single-workflow three-mode Fro Bot dispatch +- [[bfra-me--ha-addon-repository]] — HA add-on multi-arch Docker builds with cosign, `frenck/action-addon-linter` matrix, single perpetual `Daily Autohealing Report` issue pattern ## Common Patterns diff --git a/knowledge/wiki/topics/probot-settings.md b/knowledge/wiki/topics/probot-settings.md index ba9d5227d..b43bd8cf3 100644 --- a/knowledge/wiki/topics/probot-settings.md +++ b/knowledge/wiki/topics/probot-settings.md @@ -2,11 +2,13 @@ type: topic title: Probot Settings created: 2025-06-18 -updated: 2026-04-27 +updated: 2026-05-20 tags: [probot, github, repository-settings, automation, governance] related: - marcusrbrown--github - marcusrbrown--ha-config + - bfra-me--renovate-action + - bfra-me--ha-addon-repository --- # Probot Settings From 49dcc03ad2a1e868c69869f926bf26a94972e43e Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:28:04 -0700 Subject: [PATCH 23/77] chore(reconcile): record survey success for bfra-me/renovate-action --- metadata/repos.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index ad88aaa03..beb318737 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -301,13 +301,13 @@ repos: - owner: bfra-me name: renovate-action added: 2026-05-18 - onboarding_status: pending - last_survey_at: null - last_survey_status: null + onboarding_status: onboarded + last_survey_at: 2026-05-20 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: null + next_survey_eligible_at: 2026-06-19 private: false node_id: R_kgDOKWu8zQ - owner: bfra-me From 8168d843f4720e29d1abed12f08eac778afc5c4b Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:28:06 -0700 Subject: [PATCH 24/77] chore(reconcile): record survey failure for bfra-me/works --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index beb318737..e7d0b88d1 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -314,11 +314,11 @@ repos: name: works added: 2026-05-18 onboarding_status: pending - last_survey_at: null - last_survey_status: null + last_survey_at: 2026-05-20 + last_survey_status: failure has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: null + next_survey_eligible_at: 2026-06-22 private: false node_id: MDEwOlJlcG9zaXRvcnkzMDc1NzM1OTE= From e867b27275a2872321398debf48b2e9bcc96a2bf Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:28:54 -0700 Subject: [PATCH 25/77] feat(knowledge): survey bfra-me/.github --- knowledge/index.md | 2 +- knowledge/log.md | 39 +-- knowledge/wiki/repos/bfra-me--github.md | 289 ++++++++++++++++++ .../repos/bfra-me--ha-addon-repository.md | 1 - knowledge/wiki/topics/github-actions-ci.md | 6 +- knowledge/wiki/topics/probot-settings.md | 24 +- 6 files changed, 331 insertions(+), 30 deletions(-) create mode 100644 knowledge/wiki/repos/bfra-me--github.md diff --git a/knowledge/index.md b/knowledge/index.md index be987f5ed..8d6616bdb 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -4,8 +4,8 @@ Master catalog of all wiki pages, organized by type. ## Repos +- [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.44.2 - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal -- [[bfra-me--renovate-action]] — Composite GitHub Action `bfra-me/renovate-action@v9` running self-hosted Renovate v43 in Docker with GitHub App auth; canonical bfra-me dependency-update runner, single-workflow three-mode Fro Bot at agent v0.44.2, Docker execution deprecated for v10 - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — fro-bot/systematic diff --git a/knowledge/log.md b/knowledge/log.md index 19d14ab97..6780ecfcc 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1208,34 +1208,27 @@ Surveyed bfra-me/ha-addon-repository and updated the control-plane wiki. Sources: https://github.com/bfra-me/ha-addon-repository -## [2026-05-20 16:23] ingest | bfra-me/renovate-action +## [2026-05-20 18:00] ingest | bfra-me/.github -Initial survey of `bfra-me/renovate-action` (SHA `bc9c4591`, v9.90.0 released 2026-05-20). Created repo page `bfra-me--renovate-action.md`. Updated topic pages `github-actions-ci.md` and `probot-settings.md`. Updated repo pages `marcusrbrown--renovate-config.md` and `bfra-me--ha-addon-repository.md` with reverse cross-references. Updated `index.md` to catalog the new repo. +Initial survey of `bfra-me/.github` (SHA `a81be4c5d5c93824fdcc426418c9433d5e5bd9be`). Created repo page `bfra-me--github.md`. Updated topic pages `probot-settings.md` (added bfra-me org template as third common-settings source) and `github-actions-ci.md` (added bfra-me/.github to repo list). Updated `index.md` to catalog the new page. Key findings: -- Composite GitHub Action (`bfra-me/renovate-action@v9`) that runs **self-hosted Renovate v43.186.2** in a Docker container (`ghcr.io/renovatebot/renovate:43.186.2`) under `renovatebot/github-action@v46.1.4` with GitHub App authentication. This is the **execution surface** for Renovate across the bfra-me org; complements [[marcusrbrown--renovate-config]] which provides the policy presets. -- Action logic lives in `action.yaml` shell steps and `docker/entrypoint.sh`, not in TypeScript. The `src/`/`dist/` scaffold is a `@actions/core` wait utility (placeholder); CI still verifies dist drift because `pnpm build` is part of the contract. -- Inputs: `renovate-app-id`, `renovate-app-private-key` (required); plus `autodiscover`, `autodiscover-filter`, `branch`, `cache`, `dry-run`, `execution-mode` (v9 scaffolding only — container is the only supported value), `global-config` (JSON deep-merge), `log-level`, `print-config`. -- **Security boundary on global-config merge:** Bash functions `validate_json()` + `merge_global_config()` deep-merge user JSON with base `zzglobal_config`. Protected fields (`allowedCommands`, `platform`, `gitAuthor`, `gitIgnoredAuthors`, `cacheDir`, `repositoryCache`) are either restored from base after merge (`allowedCommands`) or overridden by explicit `RENOVATE_*` env vars in the Renovate step. `validate_json` warns on dangerous-field attempts; runtime env block is the real guard. -- **Branching model:** `main` → `release` (semantic-release runs from `release`, fast-forwarded from `main` via `git merge --no-ff -Xtheirs`) → semver tags + `v9` major-version branch for downstream `@v9` pins. Latest release `9.90.0`. -- **Eight workflows**, all SHA-pinned: `main.yaml` (setup → check → test + self-test via `uses: ./` → build with dist drift → build-docs → deploy-pages → release), `fro-bot.yaml`, `renovate.yaml` (self-managed, not via reusable workflow), `update-repo-settings.yaml`, `codeql-analysis.yaml` (TypeScript, Wednesdays), `scorecard.yaml` (Tuesdays + branch_protection_rule), `dependency-review.yaml`, `copilot-setup-steps.yaml`. -- **Fro Bot pattern divergence:** single workflow with mode-dispatch (`workflow_dispatch` input `mode: review|maintenance|autoheal`, plus inline Bash that resolves mode from event type and cron schedule). Three inline prompts live in the workflow `env:` block. **Two perpetual rolling issues** (`Daily Maintenance Report` + `Daily Autohealing Report`). Mirrors the `marcusrbrown--marcusrbrown-github-io` "single-file three-mode" evolution. -- **Fro Bot agent version:** `v0.44.2` (SHA `b97877b2`) — **newest in the surveyed ecosystem** at this time. Likely canary for agent updates before they propagate to Marcus's repos. -- **Renovate config (`.github/renovate.json5`):** extends `bfra-me/.github:internal.json5#v4.16.18` + `sanity-io/renovate-config:semantic-commit-type`. Notable: `bfra-me/renovate-config` pinned with `updatePinnedDependencies: false` except for majors. Renovate ecosystem patches **disabled** (noise reduction); majors emit `feat(deps)!:`. `postUpgradeTasks` runs bootstrap+build+fix. `platformAutomerge: true`. Different preset family from both [[marcusrbrown--renovate-config]] (#4.5.x) and [[bfra-me--ha-addon-repository]] (#5.2.1). -- **Probot settings extend `.github:common-settings.yaml`** which resolves to **`bfra-me/.github`**, not Marcus's `.github`. Branch protection on `main` requires 11 status checks including Build, Check, Test, Setup, Fro Bot, CodeQL, Analyze, Review Dependencies, Renovate / Renovate, Deploy to GitHub Pages, Release. `release` branch is fast-forward target only (no required checks). Teams: actioneers (push), services (maintain), owners (admin). -- **Tooling:** Node 24.15.0, pnpm 10.33.4, TypeScript 6.0.3, ESLint 10.4.0 with `@bfra.me/eslint-config@0.51.1`, Prettier 3.8.3 with `@bfra.me/prettier-config/120-proof`, tsup 8.5.1, Vitest 4.1.6, semantic-release 25.0.3. Only runtime dep is `@actions/core@3.0.1`. -- **Docker execution deprecation:** v9 ships a `::warning::` and v10 will remove Docker mode. No replacement implementation present yet; likely migration to npm-installed Renovate (the `BINARY_SOURCE=install` env var is already set on `renovatebot/github-action`). -- **README-vs-code contradiction:** v9 release notes claim "Analytics features removed" but `docker/entrypoint.sh` still contains `record_docker_metric`, `record_failure`, and `/tmp/renovate-analytics` plumbing. Likely dead code from v8 era — candidate for an autoheal "stale TODO" finding. -- `gitIgnoredAuthors` explicitly includes `fro-bot[bot]` (`109017866+fro-bot[bot]@users.noreply.github.com`) so Fro Bot autoheal commits don't seed Renovate's rebase-detection logic. -- 60 open issues at survey (typical for a long-lived Renovate dependency-dashboard repo), 0 open PRs, 2 stars. +- Org control center for `@bfra-me`. Public, MIT, template (`is_template: true`), created 2022-03-17. Marketed as a `.github` template but runs as a full TypeScript pnpm monorepo (`@bfra.me/.github` v4.16.18, private root). +- Workspace: 4 packages — root + 3 custom actions under `.github/actions/*` (`renovate-changesets`, `update-metadata`, `update-repository-settings`). Root is itself a workspace member (`packages: ['.', '.github/actions/*']`) with `ignoreWorkspaceRootCheck: true`. `shamefullyHoist: true`, `savePrefix: ''`. All actions use Node.js 24 runtime and ship pre-built `dist/`. +- Toolchain: Node 24.15.0 (`.node-version`), pnpm 10.33.4, TypeScript 6.0.3 strict, Vitest 4.1.6, ESLint 10.4.0, Prettier 3.8.3, husky 9.1.7, lint-staged 16.4.0, Changesets 2.31.0. +- **17 workflows.** Notable: `main.yaml` (Quality Check), `fro-bot.yaml` (per-repo persona with three modes via `workflow_dispatch` choice), `fro-bot-autoheal-org.yaml` (org-wide weekday sweep at `0 5 * * 1-5` over all non-archived bfra-me repos, serial processing, dedup against existing bot items, defers dep bumps to Renovate, scope-capped to minimal/reversible fixes), `renovate.yaml` + `trigger-org-renovate.yaml` (self-hosted Renovate fan-out via `@bfra-me/renovate-action`), `update-repo-settings.yaml` (consumes local `update-repository-settings` action), plus CodeQL, Scorecard, Container Scan, Secret Scan, License Compliance, Dependency Review, Copilot setup, PR Triage, Auto-Release. +- **Fro Bot agent: `v0.44.2`** (SHA `b97877b2`) — ahead of most ecosystem repos (typically `v0.41.x`–`v0.43.x`). PR review prompt is security-focused for an org control center: enforces SHA-pinned actions with version comments, blocks workflow injection via untrusted input in `run:` blocks, requires `dist/` rebuild for action source changes, manually-authored changesets only (`pnpm changeset` CLI explicitly banned), strict TypeScript (no `any`, no `@ts-ignore`, ESM only). +- **Third common-settings source surfaced.** This repo ships `common-settings.yaml` as the org-wide template for `@bfra-me` repos, parallel to `marcusrbrown/.github:common-settings.yaml` (personal) and `fro-bot/.github:common-settings.yaml` (Fro Bot org). Repo's own `settings.yml` self-extends; branch protection requires 12 status checks (Advanced Security Analysis, CodeQL, Container Scan, Create Renovate Changeset, Fro Bot, GitGuardian Scan, License Scan, Quality Check, Release, Renovate, Review Dependencies, Triage) with `required_approving_review_count: 0` — governance leans on checks, not reviewers. Linear history, admin enforcement enabled. +- Renovate: `.github/renovate.json5` extends `local>bfra-me/.github:internal.json5`, `automergeType: pr`. Trivy versioned via `github-releases`. `elstudio/actions-settings` disabled (consumed via local action). Mise manager disabled (workaround). Post-upgrade runs `pnpm run bootstrap && pnpm run build && pnpm run fix`. `metadata/renovate.yaml` is the org-wide config inherited by other `bfra-me/*` repos. +- AGENTS.md documents conventions and anti-patterns: changesets manually authored, scoped to closest package; ESM only; shared `@bfra.me/*` configs; `bfra-me[bot]` app auth; Vitest coverage 80/80/80/75; reusable workflows resolve cross-repo checkout via `GITHUB_WORKFLOW_REF` (not `github.workflow_sha`, which resolves to the caller in `workflow_call`). +- 5 open issues, 1 open PR at survey time. Latest commit (`a81be4c`, 2026-05-20T09:42:00Z): Renovate bump of `fro-bot/agent` to v0.44.2 (PR #2200) with auto-generated changeset. +- Follow-up flagged on the repo page: the Probot settings landscape now has three common-settings sources (`marcusrbrown/.github`, `fro-bot/.github`, `bfra-me/.github`). Mapping which repos extend which — and reconciling whether `bfra-me` and `fro-bot` org templates should converge — is a candidate for a future survey/comparison page. -Cross-ecosystem relationship: this is the **runner** that complements [[marcusrbrown--renovate-config]]'s **policy**. It's used by `bfra-me/.github`'s reusable Renovate workflow, which in turn is consumed indirectly by virtually every Marcus repo through their `.github/workflows/renovate.yaml`. Sibling to [[bfra-me--ha-addon-repository]] under the bfra-me org. +Sources: https://github.com/bfra-me/.github (SHA a81be4c5d5c93824fdcc426418c9433d5e5bd9be) -Sources: https://github.com/bfra-me/renovate-action (SHA bc9c45917d3f7b33962d3ba44b11d58d9f6c2647) +## [2026-05-20 16:28] ingest | repo:bfra-me/.github -## [2026-05-20 16:27] ingest | repo:bfra-me/renovate-action +Surveyed bfra-me/.github and updated the control-plane wiki. -Surveyed bfra-me/renovate-action and updated the control-plane wiki. - -Sources: https://github.com/bfra-me/renovate-action +Sources: https://github.com/bfra-me/.github diff --git a/knowledge/wiki/repos/bfra-me--github.md b/knowledge/wiki/repos/bfra-me--github.md new file mode 100644 index 000000000..378430e4e --- /dev/null +++ b/knowledge/wiki/repos/bfra-me--github.md @@ -0,0 +1,289 @@ +--- +type: repo +title: bfra-me/.github +created: 2026-05-20 +updated: 2026-05-20 +sources: + - url: https://github.com/bfra-me/.github + sha: a81be4c5d5c93824fdcc426418c9433d5e5bd9be + accessed: 2026-05-20 +tags: [bfra-me, dotgithub, monorepo, pnpm, typescript, github-actions, probot, renovate, template] +related: + - bfra-me--ha-addon-repository + - marcusrbrown--github + - marcusrbrown--renovate-config + - fro-bot--agent + - github-actions-ci + - probot-settings +--- + +# bfra-me/.github + +Org control center for the `bfra-me` GitHub organization. This is the +canonical home of the org's reusable workflows, custom GitHub Actions, +workflow templates, shared Probot settings, and Fro Bot org-wide autoheal +runtime. Marketed as a template (`is_template: true`) but in practice it +runs as a full TypeScript pnpm monorepo. + +It is the bfra-me-side counterpart to [[marcusrbrown--github]] (Marcus's +personal `.github`). Where `marcusrbrown/.github` only ships Probot +settings and Prettier defaults, this repo also _executes_ org-wide +automation (Renovate dispatch, settings sync, Fro Bot org autoheal, +license/secret/container scanning). + +## Identity + +- **Owner:** bfra-me (org) +- **Visibility:** public, template repository +- **License:** MIT +- **Default branch:** `main` +- **Created:** 2022-03-17 +- **Last push:** 2026-05-20 +- **Package version:** `@bfra.me/.github` v4.16.18 (private root) +- **Node:** 24.15.0 (`.node-version`) +- **Package manager:** pnpm 10.33.4 +- **TypeScript:** 6.0.3, strict +- **Open issues / PRs:** 5 / 1 (2026-05-20) + +## Layout + +``` +. +├── .github/ +│ ├── actions/ +│ │ ├── renovate-changesets/ # Complex action: auto-changeset Renovate PRs (~125 src files) +│ │ ├── update-metadata/ # Repo metadata generator +│ │ └── update-repository-settings/ # Plugin-based settings sync +│ ├── instructions/ # AI-consumed dev guides (changesets, GH Actions, pnpm, Renovate, TS) +│ ├── workflows/ # 17 workflows: CI, Fro Bot, security, Copilot, renovate +│ ├── codeql/ +│ ├── copilot-instructions.md +│ ├── gitleaks.toml +│ ├── labeler.yaml +│ ├── renovate.json5 +│ └── settings.yml +├── workflow-templates/ # Org-wide templates (.yaml + .properties.json pairs) +├── scripts/ # tsx utilities: release, build perf, workspace validation +├── docs/ +│ ├── workflows/ # Workflow docs and troubleshooting +│ └── solutions/ # Compound-engineering learnings +├── metadata/ +│ └── renovate.yaml # Org-wide Renovate config consumed by other repos +├── profile/ # GitHub org profile README +├── common-settings.yaml # Org-wide Probot Settings template +├── AGENTS.md # Repo conventions (consumed by Fro Bot and Copilot) +├── eslint.config.ts +├── internal.json5 # Renovate internal config extended by .github/renovate.json5 +├── mise.toml # Adds ./node_modules/.bin to PATH +├── package.json # `@bfra.me/.github` v4.16.18 +├── pnpm-workspace.yaml +├── tsconfig.json / tsconfig.build.json / tsconfig.eslint.json +└── vitest.config.ts +``` + +## Workspace + +- 4 packages: root (`@bfra.me/.github`) + 3 actions under `.github/actions/*` +- Root is itself a workspace member (`packages: ['.', '.github/actions/*']`) + with `ignoreWorkspaceRootCheck: true` — uncommon but intentional +- `shamefullyHoist: true`, `autoInstallPeers: true`, `savePrefix: ''` +- Overrides: `flatted@3.4.2` pinned; `undici@<6.23.0` forced to `>=6.23.0`; + `vite@>=8.0.0 <=8.0.4` forced to `>=8.0.5` +- `onlyBuiltDependencies`: `esbuild`, `unrs-resolver` +- No inter-package deps; actions are self-contained, root provides shared + dev tooling +- Parallel builds: `pnpm -r run build` with no dependency ordering needed + +## Custom Actions + +| Action | Purpose | +| ------------------------------- | --------------------------------------------------------------------------------------- | +| `renovate-changesets` | Auto-generates `.changeset/*.md` files for Renovate PRs | +| `update-metadata` | Generates/updates per-repo metadata (badges, scorecards, etc.) | +| `update-repository-settings` | Plugin-based action that syncs `.github/settings.yml` to the GitHub API | + +All actions: + +- Use Node.js 24 runtime (`using: node24` in `action.yaml`) +- Ship pre-built `dist/` in the repo (GitHub requires committed JS) +- Standardized on `action.yaml` (never `action.yml`) +- Have their own AGENTS.md for action-local conventions + +## Workflows (17) + +``` +auto-release.yaml codeql-analysis.yaml container-scan.yaml +copilot-setup-steps.yaml dependency-review.yaml fro-bot-autoheal-org.yaml +fro-bot.yaml license-compliance.yaml main.yaml +pr-triage.yaml renovate-changeset.yaml renovate.yaml +scorecard.yaml secret-scan.yaml trigger-org-renovate.yaml +update-metadata.yaml update-repo-settings.yaml +``` + +Notable surface area: + +- **`main.yaml`** — primary CI entry point (Quality Check job referenced by branch protection) +- **`fro-bot.yaml`** — full Fro Bot persona: PR review, mention handling, daily maintenance (`0 5 * * *`), daily autoheal (`30 15 * * *`), `workflow_dispatch` with `mode` choice (review/maintenance/autoheal), `workflow_call` for reusable invocation +- **`fro-bot-autoheal-org.yaml`** — org-wide autoheal sweep across **all non-archived** `bfra-me` repos, weekdays at `0 5 * * 1-5`. Processes repos serially, deduplicates against existing bot-authored issues/PRs, defers dependency bumps to Renovate, and only applies minimal reversible fixes +- **`renovate.yaml`** — drives self-hosted Renovate via `@bfra-me/renovate-action` +- **`trigger-org-renovate.yaml`** — fans Renovate runs out to other org repos +- **`update-repo-settings.yaml`** — applies `.github/settings.yml` (and downstream `common-settings.yaml`) via `update-repository-settings` action +- **`update-metadata.yaml`** — invokes local `update-metadata` action without the self-checkout pattern (action only runs in this repo) +- **`codeql-analysis.yaml`, `scorecard.yaml`, `container-scan.yaml`, `secret-scan.yaml`, `license-compliance.yaml`, `dependency-review.yaml`** — security posture +- **`copilot-setup-steps.yaml`** — Copilot coding agent bootstrap +- **`pr-triage.yaml`** — labeler-driven PR triage + +## Fro Bot Integration + +This repo **is** a Fro Bot workflow host, and it also _runs_ the org-wide +autoheal sweep. As of HEAD it pins: + +- `fro-bot/agent@b97877b202095e5faf046c1f9d7a18891720a73b # v0.44.2` + (bumped via Renovate, PR #2200) + +### `fro-bot.yaml` (per-repo) + +- Triggers: `issue_comment`, `pull_request_review_comment`, + `discussion_comment`, `issues` (opened/edited), `pull_request` (opened, + synchronize, reopened, ready_for_review, review_requested), two crons, + `workflow_dispatch` with `mode` input, `workflow_call` +- Concurrency keyed off issue/PR/discussion/schedule/run_id; never + cancels in progress (autoheal runs must finish cleanly) +- `PR_REVIEW_PROMPT` is security-focused for an org control center — + enforces SHA-pinned actions with version comments, blocks workflow + injection via untrusted input in `run:` blocks, requires `dist/` + rebuild for action source changes, enforces manually-authored + changesets (`pnpm changeset` CLI explicitly banned), and TypeScript + strictness (no `any`, no `@ts-ignore`, ESM only) + +### `fro-bot-autoheal-org.yaml` (org-wide) + +- Schedule: weekdays at `0 5 * * 1-5`; `workflow_dispatch` accepts an + optional `target-repo` to narrow the sweep +- Execution model: process repos serially, never keep multiple repos + checked out simultaneously, return to a clean working tree between + repos +- Dedup rule: search for an existing open bot-authored item per root + cause before opening anything new +- Scope cap: minimal and reversible only — broad refactors get logged + under "Needs Human Attention" rather than executed +- Dependency ownership: Renovate owns routine version bumps; Fro Bot may + change versions **only** to remediate confirmed high/critical + advisories + +## Probot Settings + +- `.github/settings.yml` extends `.github:common-settings.yaml` + (self-extending — pulls from the same repo) +- `common-settings.yaml` is the **org-wide template** consumed by other + `bfra-me` repos and by Marcus's repos via `_extends: + fro-bot/.github:common-settings.yaml` (note: across the wiki, repos + reference `fro-bot/.github:common-settings.yaml`, but the bfra-me + control-plane file lives at `bfra-me/.github:common-settings.yaml` — + these are organizationally distinct settings sources) +- Repo-level overrides: `is_template: true`, `has_projects: false`, + `has_wiki: false`, `allow_merge_commit: false`, `allow_rebase_merge: + false`, `allow_auto_merge: true`, `delete_branch_on_merge: true`, + `allow_update_branch: true`, squash commit title + `COMMIT_OR_PR_TITLE`, message `COMMIT_MESSAGES` +- Branch protection (`main`): strict status checks with 12 required + contexts (Advanced Security Analysis, CodeQL, Container Scan, Create + Renovate Changeset, Fro Bot, GitGuardian Scan, License Scan, Quality + Check, Release, Renovate, Review Dependencies, Triage), admin + enforcement enabled, linear history required, `required_approving_review_count: 0` + (governance leans on status checks, not human reviewers) + +## Renovate + +- `.github/renovate.json5` extends `local>bfra-me/.github:internal.json5` +- `automergeType: pr` +- Package rules: `aquasecurity/trivy-action` uses `github-releases` + versioning; `elstudio/actions-settings` disabled (the settings action + is consumed via the local custom action); `mise` manager disabled + (workaround for missing `tools` key) +- Post-upgrade tasks: `pnpm run bootstrap && pnpm run build && pnpm run + fix`, executionMode `branch` +- `metadata/renovate.yaml` is the **org-wide** Renovate config inherited + by other `bfra-me` repos + +## Conventions (from AGENTS.md) + +- Actions pinned to commit SHA with version comment — never floating + tags +- Changesets authored **manually** in `.changeset/*.md`; the `pnpm + changeset` CLI is explicitly banned (creates inconsistent format) +- Changesets scoped to closest package — only target + `@bfra.me/.github` for root-level changes +- ESM only (`type: module`, no `require()`) +- Shared configs: `@bfra.me/eslint-config`, `@bfra.me/prettier-config`, + `@bfra.me/tsconfig` +- GitHub App auth: `bfra-me[bot]` via `actions/create-github-app-token` +- 120-char line limit (`.editorconfig`), 2-space indent +- Vitest exclusively; coverage thresholds 80% statements/functions/lines, + 75% branches +- Workspace scripts: `#!/usr/bin/env tsx`, function-based, typed + interfaces +- Reusable workflows that call internal actions use `GITHUB_WORKFLOW_REF` + (not `github.workflow_sha`) for cross-repo checkout — `workflow_sha` + resolves to the caller's SHA in `workflow_call` + +## Anti-Patterns (Documented) + +- `pnpm changeset` CLI +- Floating action versions +- Hardcoded secrets +- Workflow templates without `.properties.json` +- `contexts` in branch protection (use `checks`) +- Cancelling Renovate jobs that push to main +- `@ts-ignore` / `as any` +- `github.workflow_sha` for cross-repo checkout in `workflow_call` + +## Build, Test, Release + +```bash +pnpm bootstrap # Install (prefer-offline) +pnpm run quality-check # type-check + lint + build + test +pnpm build # All workspace packages, parallel +pnpm test # Vitest +pnpm run lint / pnpm run fix # ESLint (auto-fix variant) +pnpm run type-check # tsc --noEmit +pnpm run release # Multi-package release with tag mgmt +pnpm run workspace:validate # Dep analysis + consistency check +pnpm run build:monitor # Build performance analysis +``` + +Release tagging: the monorepo root is private and tagged as `v{ver}`, +but `scripts/release.ts` also logs `{name}@{ver}` so the Changesets +action can detect it as a published package. + +## Cross-Repo Relationships + +- **[[marcusrbrown--github]]** — Marcus's personal `.github`; its + reusable workflow pins to `bfra-me/.github` (e.g. `v4.16.8` / + `v4.16.9` in recent logs). Most `marcusrbrown/*` repos extend + `fro-bot/.github:common-settings.yaml` rather than this one, + but they consume `bfra-me/.github` reusable workflows. +- **[[bfra-me--ha-addon-repository]]** — sibling org template; pulls + reusable workflows and Probot settings from here. +- **[[fro-bot--agent]]** — this repo pins `fro-bot/agent@v0.44.2`, + ahead of most other ecosystem repos (commonly `v0.41.x`–`v0.43.x`). +- **[[marcusrbrown--renovate-config]]** — Marcus's preset is the + Renovate baseline for `marcusrbrown/*` repos; `bfra-me/.github` ships + its own `metadata/renovate.yaml` for `bfra-me/*` repos. + +## Open Questions / Follow-Ups + +- The Probot settings landscape now has **three** common-settings + sources visible in this wiki: `marcusrbrown/.github:common-settings.yaml` + (Marcus's personal template), `fro-bot/.github:common-settings.yaml` + (Fro Bot org template), and `bfra-me/.github:common-settings.yaml` + (this repo, org template for `@bfra-me`). The + [[probot-settings]] topic currently documents only the first two. + A follow-up survey should map which repos extend which and reconcile + the relationship between `bfra-me` and `fro-bot` org settings. + +## Survey History + +| Date | SHA | Notes | +| ---------- | ---------- | -------------------------------------------------------------------------- | +| 2026-05-20 | `a81be4c` | Initial survey. `fro-bot/agent@v0.44.2` (PR #2200). 17 workflows, 3 custom actions. | diff --git a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md index 3b86a554e..023943f09 100644 --- a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md +++ b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md @@ -12,7 +12,6 @@ related: - marcusrbrown--ha-config - marcusrbrown--esphome-life - marcusrbrown--containers - - bfra-me--renovate-action - home-assistant - docker-containers - github-actions-ci diff --git a/knowledge/wiki/topics/github-actions-ci.md b/knowledge/wiki/topics/github-actions-ci.md index 0d6ac78b6..10000c97f 100644 --- a/knowledge/wiki/topics/github-actions-ci.md +++ b/knowledge/wiki/topics/github-actions-ci.md @@ -14,8 +14,7 @@ related: - marcusrbrown--marcusrbrown-github-io - marcusrbrown--renovate-config - marcusrbrown--sparkle - - bfra-me--renovate-action - - bfra-me--ha-addon-repository + - bfra-me--github --- # GitHub Actions CI @@ -32,8 +31,7 @@ Cross-cutting CI/CD patterns observed across Marcus's repositories in the Fro Bo - [[marcusrbrown--infra]] — Split deploy pipeline (per-app dedicated workflows), convention enforcement tests, Bun workspace CI, Changesets publishing - [[marcusrbrown--renovate-config]] — Lint + semantic-release pipeline for Renovate presets, self-referential Renovate config, CodeQL, OpenSSF Scorecard - [[marcusrbrown--sparkle]] — Turborepo-orchestrated Setup → Check → Build pipeline, Astro Starlight docs deployment to GitHub Pages, auto-regenerate-docs PR workflow -- [[bfra-me--renovate-action]] — Composite action self-test via `uses: ./`, dist/ drift verification, main→release branch fast-forward + semantic-release, single-workflow three-mode Fro Bot dispatch -- [[bfra-me--ha-addon-repository]] — HA add-on multi-arch Docker builds with cosign, `frenck/action-addon-linter` matrix, single perpetual `Daily Autohealing Report` issue pattern +- [[bfra-me--github]] — Org control center; 17 workflows including `main.yaml` (Quality Check), `fro-bot.yaml` (per-repo persona), `fro-bot-autoheal-org.yaml` (weekday org-wide sweep), `renovate.yaml` + `trigger-org-renovate.yaml` (self-hosted Renovate fan-out), and three custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`). Source of the reusable workflows that `marcusrbrown/*` repos consume. ## Common Patterns diff --git a/knowledge/wiki/topics/probot-settings.md b/knowledge/wiki/topics/probot-settings.md index b43bd8cf3..ea91d0368 100644 --- a/knowledge/wiki/topics/probot-settings.md +++ b/knowledge/wiki/topics/probot-settings.md @@ -7,7 +7,7 @@ tags: [probot, github, repository-settings, automation, governance] related: - marcusrbrown--github - marcusrbrown--ha-config - - bfra-me--renovate-action + - bfra-me--github - bfra-me--ha-addon-repository --- @@ -47,6 +47,28 @@ The `fro-bot/.github` repository (this repo) has its own `common-settings.yaml` - `fro-bot` as admin, `marcusrbrown` as push - Fewer, more focused labels +### bfra-me/.github (Bfra-Me Org Template) + +[[bfra-me--github]] ships a **third** `common-settings.yaml` for the +`@bfra-me` org. Surveyed 2026-05-20 (SHA `a81be4c`): + +- Repo-level: `is_template: true`, `has_projects: false`, `has_wiki: false`, + squash-only merging, auto-merge enabled, branch deletion on merge, + `allow_update_branch: true`, squash commit title `COMMIT_OR_PR_TITLE` +- Branch protection (`main`): 12 required status checks (Advanced + Security Analysis, CodeQL, Container Scan, Create Renovate Changeset, + Fro Bot, GitGuardian Scan, License Scan, Quality Check, Release, + Renovate, Review Dependencies, Triage), strict mode, linear history, + admin enforcement, `required_approving_review_count: 0` — governance + leans on status checks rather than human reviewers +- `update-repository-settings` is shipped as a local custom action in + this repo and consumed by `update-repo-settings.yaml` + +[[bfra-me--ha-addon-repository]] and other `bfra-me/*` repos extend +this template; most `marcusrbrown/*` repos extend the `fro-bot/.github` +template instead. Reconciling which org template is canonical for what +audience is an open follow-up. + ## Settings Sync Workflow Repos using Probot Settings typically include an `update-repo-settings.yaml` workflow: From 9d0d4815ccccdcd767ef2430e7d20650fd7f4166 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 09:28:56 -0700 Subject: [PATCH 26/77] chore(reconcile): record survey success for bfra-me/.github --- metadata/repos.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index e7d0b88d1..7ee807607 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -277,13 +277,13 @@ repos: - owner: bfra-me name: .github added: 2026-05-18 - onboarding_status: pending - last_survey_at: null - last_survey_status: null + onboarding_status: onboarded + last_survey_at: 2026-05-20 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: null + next_survey_eligible_at: 2026-06-21 private: false node_id: R_kgDOHBEXpg - owner: bfra-me From 9b529c01486b005c2905fb980eaf5811aa20fbe0 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 10:15:26 -0700 Subject: [PATCH 27/77] feat(knowledge): survey bfra-me/works --- knowledge/index.md | 2 + knowledge/log.md | 26 ++ knowledge/wiki/repos/bfra-me--works.md | 463 +++++++++++++++++++++ knowledge/wiki/topics/github-actions-ci.md | 3 + knowledge/wiki/topics/probot-settings.md | 19 +- 5 files changed, 509 insertions(+), 4 deletions(-) create mode 100644 knowledge/wiki/repos/bfra-me--works.md diff --git a/knowledge/index.md b/knowledge/index.md index 8d6616bdb..ef9424e48 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -6,6 +6,8 @@ Master catalog of all wiki pages, organized by type. - [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.44.2 - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal +- [[bfra-me--renovate-action]] — bfra-me/renovate-action +- [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — fro-bot/systematic diff --git a/knowledge/log.md b/knowledge/log.md index 6780ecfcc..c95915189 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1232,3 +1232,29 @@ Sources: https://github.com/bfra-me/.github (SHA a81be4c5d5c93824fdcc426418c9433 Surveyed bfra-me/.github and updated the control-plane wiki. Sources: https://github.com/bfra-me/.github + +## [2026-05-20 17:14] ingest | bfra-me/works + +Initial survey of `bfra-me/works` (SHA `ef14b26085dab318fffad1b6c3062292f8ae60b8`). Created repo page `bfra-me--works.md`. Updated topic pages `github-actions-ci.md` (added repo to list and Fro Bot table) and `probot-settings.md` (added bfra-me/works as a representative consumer of the `bfra-me/.github:common-settings.yaml` template). Updated `index.md` to catalog the new page. + +Key findings: + +- The `@bfra-me` **tooling monorepo** — the shared-library counterpart to [[bfra-me--github]] (which is the org control plane). Public, MIT, created 2020-10-27. Private root `@bfra.me/works` v0.0.0-development. +- Workspace: 11 entries (root + `docs` + `scripts` + 8 `packages/*`). pnpm 10.33.4, Node 24.15.0, TypeScript 6.0.3 strict (`noUncheckedIndexedAccess`), Vitest 4.1.6, ESLint 10.4.0, Prettier 3.8.3, Changesets 2.31.0, husky 9.1.7, manypkg 0.25.1 with `workspaceProtocol: require`. `autoInstallPeers`, `shamefullyHoist`, `strictPeerDependencies`, `shellEmulator`, `savePrefix: ''`. +- **8 published packages**: `@bfra.me/eslint-config@0.51.1`, `@bfra.me/prettier-config@0.16.9` (variants: 80/100/120-proof, semi, default, define-config), `@bfra.me/tsconfig@0.13.1`, `@bfra.me/es@0.1.0` (subpath exports for async/env/error/functional/module/result/types/validation/watcher), `@bfra.me/create@0.7.14` (CLI, optional OpenAI/Anthropic AI enhance), `@bfra.me/badge-config@0.2.0`, `@bfra.me/doc-sync@0.1.9` (CLI), `@bfra.me/semantic-release@0.3.7`, `@bfra.me/workspace-analyzer@0.2.8` (latest release 2026-05-16, CLI + JSON output). All build to `lib/` via tsup, except `@bfra.me/create` which builds to `dist/`. Docs site is Astro Starlight with MDX/content-validation tests and automated version-badge sync. +- **11 workflows + 1 Markdown doc file** under `.github/workflows/`. Every workflow consumes the local composite action `.github/actions/pnpm-install`. Notable: `main.yaml` (Prepare → parallel Lint+type-coverage / Test / Build / Workspace Analysis → CI), `release.yaml` (Changesets, triggered by `workflow_run` after Main on main + Sunday `0 18 * * 0` + dispatch with `force-release` toggle, uses `bfra-me[bot]` app token for schedule/`workflow_run`), `docs.yaml` (Astro Starlight build + GH Pages deploy), `docs-sync.yaml` (path-filtered doc-sync automation with dry-run dispatch input), `renovate.yaml` (calls reusable `bfra-me/.github` v4.16.18), `renovate-changeset.yaml` (auto-changesets for bfra-me/renovate bot PRs), `update-repo-settings.yaml` (calls reusable v4.16.0), `cache-cleanup.yaml`, plus CodeQL/Scorecard/Dependency Review. +- **Fro Bot agent v0.44.2** (SHA `b97877b2`) — parity with [[bfra-me--github]]. Single-file three-mode workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) with `workflow_dispatch` mode choice and `workflow_call` reusable input. Schedule: maintenance `0 16 * * *`, autoheal `30 3 * * *`. Maintains exactly one rolling open issue per mode (`Daily Maintenance Report` and `Daily Autohealing Report`) with consolidation logic for duplicates and 14-day historical-summary collapse. Autoheal is a 5-category sweep with strict guardrails: trusted-author whitelist (`renovate[bot]`, `dependabot[bot]`, `fro-bot`, write-access humans), Renovate owns routine bumps (Fro Bot only touches versions for confirmed security advisories), no workflow/lockfile/prompt mods while repairing PRs, never push to default branch, never weaken guardrails to make checks pass. PR review prompt is TypeScript-monorepo-specific (Result usage, explicit named exports, no `export *`, subpath export breaking-change awareness, monorepo build-order impact). Formatting/lint nits explicitly out of scope. +- **Probot settings**: `.github/settings.yml` extends `.github:common-settings.yaml` (resolves to bfra-me org, same as [[bfra-me--ha-addon-repository]]). Branch protection requires 12 status checks: Analyze, Build, CI, CodeQL, Create Renovate Changeset, Fro Bot, Lint, Prepare, Renovate / Renovate, Review Dependencies, Test, Workspace Analysis. `enforce_admins: true`, `required_linear_history: true`, `required_pull_request_reviews: null` (governance leans on checks, not reviewers — matches [[bfra-me--github]] posture). +- **Renovate**: `.github/renovate.json5` extends `github>bfra-me/.github:internal.json5#v4.16.18` + `sanity-io/renovate-config:semantic-commit-type` + `security:minimumReleaseAgeNpm`. `addLabels: ['{{{parentDir}}}']` for monorepo directory labeling. ignorePaths include `packages/create/**/templates/**` (template fixtures aren't real deps). Notable rules: `@anthropic-ai/sdk` 0.x minor automerge, `bfra-me/renovate-config` SemVer pinning, `fetch-mock <12.0.0`, `@swc/**` every 2 weeks Sunday, Mise manager disabled. `patch.automerge: true`, `platformAutomerge: false`. Post-upgrade: `pnpm bootstrap && pnpm build && pnpm fix`. +- AGENTS.md conventions: TypeScript strict mode (no `any`/`@ts-ignore`/`@ts-expect-error`), pure ESM (no `require()`), explicit named exports, `Result` from `@bfra.me/es/result` never throw, lib/ output (dist/ only for create), tests in `packages/*/test/**/*.test.ts`, manypkg-enforced `workspace:` protocol, build order `tsconfig → prettier-config → eslint-config → others` handled by streaming, lint-staged on commit via husky, `.yaml` not `.yml`. +- 38 open issues, 1 open PR at survey time. Latest release: `@bfra.me/workspace-analyzer@0.2.8` (2026-05-16). +- **Cross-ecosystem relationship**: `bfra-me/works` is the **source** of the `@bfra.me/*` configs and utilities consumed by name across the wider Fro Bot ecosystem (eslint-config, prettier-config, tsconfig, es, semantic-release, workspace-analyzer all show up as devDependencies elsewhere). Pairs with [[bfra-me--github]] (control plane) as the org's two-repo nucleus, and shares the single-issue rolling-update Fro Bot pattern with [[bfra-me--ha-addon-repository]]. +- No follow-up Fro Bot draft PR needed — the workflow is present, current, and at the leading edge (v0.44.2). + +Sources: https://github.com/bfra-me/works (SHA ef14b26085dab318fffad1b6c3062292f8ae60b8) + +## [2026-05-20 17:15] ingest | repo:bfra-me/works + +Surveyed bfra-me/works and updated the control-plane wiki. + +Sources: https://github.com/bfra-me/works diff --git a/knowledge/wiki/repos/bfra-me--works.md b/knowledge/wiki/repos/bfra-me--works.md new file mode 100644 index 000000000..55a75ba15 --- /dev/null +++ b/knowledge/wiki/repos/bfra-me--works.md @@ -0,0 +1,463 @@ +--- +type: repo +title: bfra-me/works +created: 2026-05-20 +updated: 2026-05-20 +sources: + - url: https://github.com/bfra-me/works + sha: ef14b26085dab318fffad1b6c3062292f8ae60b8 + accessed: 2026-05-20 +tags: + [ + bfra-me, + monorepo, + pnpm, + typescript, + eslint-config, + prettier-config, + tsconfig, + semantic-release, + changesets, + astro-starlight, + cli, + workspace-analyzer, + fro-bot, + ] +related: + - bfra-me--github + - bfra-me--ha-addon-repository + - fro-bot--agent + - marcusrbrown--renovate-config + - github-actions-ci + - probot-settings +--- + +# bfra-me/works + +The `@bfra-me` tooling monorepo. Nine published packages (8 in +`packages/*` plus the `docs` site) that ship the shared ESLint, Prettier, +and TypeScript configs, ES utility runtime, project-scaffolding CLI, +documentation sync engine, semantic-release presets, badge generator, +and a workspace static analyzer — all consumed by the rest of the +`@bfra-me` and `marcusrbrown` ecosystem. + +This is the _source_ of the `@bfra.me/*` configs that show up as +devDependencies across the wider Fro Bot ecosystem. Where +[[bfra-me--github]] is the **org control plane** (workflows, settings, +automation actions), `bfra-me/works` is the **shared library plane**. + +## Identity + +- **Owner:** bfra-me (org) +- **Visibility:** public +- **License:** MIT +- **Default branch:** `main` +- **Created:** 2020-10-27 +- **Last push:** 2026-05-20 +- **Topics:** `bfra-me`, `works`, `components`, `semantic-release`, `tools`, `tsconfig` +- **Stars:** 3 +- **Open issues / PRs:** 38 / 1 (2026-05-20) +- **Latest release:** `@bfra.me/workspace-analyzer@0.2.8` (2026-05-16) +- **Primary language:** TypeScript (~99%) +- **Node:** 24.15.0 (`.node-version`) — packages target ES2022+/Node 20+ +- **Package manager:** pnpm 10.33.4 +- **TypeScript:** 6.0.3, strict (`noUncheckedIndexedAccess`) +- **Root package:** `@bfra.me/works` v0.0.0-development (private) + +## Layout + +``` +. +├── .ai/ # Agent context fixtures +├── .changeset/ # Changesets state +├── .github/ +│ ├── actions/ +│ │ └── pnpm-install/ # Local composite action (used by every workflow) +│ ├── instructions/ # AI-consumed dev guides +│ ├── prompts/ # Reusable prompt templates +│ ├── workflows/ # 11 workflows (.yaml) + 1 docs file (.md) +│ ├── CODEOWNERS +│ ├── filters.yaml +│ ├── renovate.json5 +│ └── settings.yml +├── .husky/ # Git hooks (lint-staged on commit) +├── .vscode/ +├── docs/ # Astro Starlight documentation site +├── packages/ +│ ├── badge-config/ # Shields.io URL generator +│ ├── create/ # `create` CLI (templates + optional AI) +│ ├── doc-sync/ # Astro docs sync engine + CLI +│ ├── es/ # Result/async/functional/types/etc. +│ ├── eslint-config/ # @bfra.me/eslint-config +│ ├── prettier-config/ # 80/100/120-proof variants + semi +│ ├── semantic-release/ # SR shareable config + plugins +│ ├── tsconfig/ # Library/app strict TS configs +│ └── workspace-analyzer/ # Static-analysis CLI + JSON output +├── scripts/ # tsx workspace utilities +├── AGENTS.md # Agent-focused conventions +├── CLAUDE.md +├── CONTRIBUTING.md +├── PERFORMANCE.md +├── eslint.config.ts +├── llms.txt +├── package.json # @bfra.me/works (private root) +├── pnpm-workspace.yaml +├── tsconfig.json / tsconfig.eslint.json +├── tsup.dts.ts # Shared tsup .d.ts helper +├── type-coverage.json +├── vitest.config.ts +└── workspace-analyzer.config.ts +``` + +## Workspace + +- 11 workspace entries: root, `docs`, `scripts`, plus 8 `packages/*` +- `autoInstallPeers: true`, `shamefullyHoist: true`, + `strictPeerDependencies: true`, `savePrefix: ''`, + `shellEmulator: true` +- `onlyBuiltDependencies`: `esbuild`, `msw`, `sharp`, `unrs-resolver` +- Overrides: `fast-uri >=3.1.2`; `handlebars` pinned `^4.7.9`; + `lodash ^4.17.23`; `picomatch` patches; `read-pkg-up^11` redirected to + `read-package-up`; `undici` ranges forced to safe minimums (`^6.24.0`, + `^7.24.0`) +- `packageExtensions` extend ESLint plugin peer ranges to ESLint 10 +- `peerDependencyRules.allowedVersions` carries the TypeScript 6.0 + transition for the eslint-react family, type-coverage, tsconfck, and + Astro check +- `manypkg.workspaceProtocol: require` — internal deps must use + `workspace:` protocol +- Vitest resolves workspace packages to TypeScript source via + `conditions: ['source']` (no pre-build required for testing) + +## Published Packages + +| Package | Version | Bin | Notes | +| ----------------------------- | -------- | -------------------- | ------------------------------------------------------- | +| `@bfra.me/badge-config` | 0.2.0 | — | Shields.io badge URL generator with preset generators | +| `@bfra.me/create` | 0.7.14 | `create` | Project-scaffold CLI; optional OpenAI/Anthropic enhance | +| `@bfra.me/doc-sync` | 0.1.9 | `doc-sync` | Astro Starlight docs sync; subpath exports per layer | +| `@bfra.me/es` | 0.1.0 | — | ES utilities; subpath exports: async/env/error/functional/module/result/types/validation/watcher | +| `@bfra.me/eslint-config` | 0.51.1 | — | Shared ESLint config (TS/Prettier/Vitest) | +| `@bfra.me/prettier-config` | 0.16.9 | — | Variants: `80-proof`, `100-proof`, `120-proof`, `semi`, `default`, `define-config` | +| `@bfra.me/semantic-release` | 0.3.7 | — | Semantic-release shareable config + plugins | +| `@bfra.me/tsconfig` | 0.13.1 | — | tsconfig presets for libs and apps | +| `@bfra.me/workspace-analyzer` | 0.2.8 | `workspace-analyzer` | Latest release (2026-05-16); CLI + JSON output for CI | + +All packages ship to `lib/` via tsup, **except** `@bfra.me/create` +which builds to `dist/`. Root exports two helper modules +(`./eslint.config`, `./tsup.dts`) for downstream consumption. + +## Workflows (11 + 1 doc) + +``` +cache-cleanup.yaml codeql-analysis.yaml dependency-review.yaml +docs-sync.yaml docs.yaml fro-bot.yaml +fro-bot-dispatch-examples.md (documentation, not a workflow) +main.yaml release.yaml renovate-changeset.yaml +renovate.yaml scorecard.yaml update-repo-settings.yaml +``` + +Surface area: + +- **`main.yaml`** — primary CI: `Prepare → {Lint+type-coverage, Test, + Build, Workspace Analysis} → CI`. Workspace Analysis runs + `pnpm analyze` and uploads `workspace-analysis.json` (7-day retention, + `continue-on-error: true`). The `CI` job is the branch-protection + status check that depends on the four parallel jobs. +- **`release.yaml`** — Changesets-driven release. Triggers on + `workflow_run` after `Main` succeeds on `main`, weekly Sunday + `0 18 * * 0`, and `workflow_dispatch` with a `force-release` toggle. + Uses a `bfra-me[bot]` GitHub App token for elevated permissions when + invoked from schedule/`workflow_run`. +- **`fro-bot.yaml`** — full Fro Bot persona (see Fro Bot Integration + below). +- **`docs.yaml`** — builds the Astro Starlight site and deploys to + GitHub Pages (uses `actions/upload-pages-artifact@v5` and + `concurrency: pages`). Public commit hash injected as + `PUBLIC_COMMIT_HASH` for the Starlight footer. +- **`docs-sync.yaml`** — path-filtered automation for + `@bfra.me/doc-sync`: re-syncs `docs/src/content/docs/packages/*.mdx` + when package READMEs, sources, or `package.json` files change. Has a + `dry-run` dispatch input. +- **`renovate.yaml`** — calls reusable + `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.18` after the + Release workflow succeeds, with `log-level` and `print-config` + dispatch inputs. +- **`renovate-changeset.yaml`** — auto-generates changesets for + `bfra-me[bot]` / `renovate[bot]` PRs. Triggers on `merge_group`, + `pull_request_target`, and `workflow_dispatch`. Uses + `dorny/paths-filter` and a GitHub App token. +- **`update-repo-settings.yaml`** — calls reusable + `bfra-me/.github/.github/workflows/update-repo-settings.yaml@v4.16.0`. + Push to main, daily `02 18 * * *`, and dispatch. +- **`cache-cleanup.yaml`** — deletes workflow caches for the closing PR + ref (and Sunday `0 0 * * 0` housekeeping). Permissions narrowed to + `actions: write`. +- **`codeql-analysis.yaml`, `dependency-review.yaml`, `scorecard.yaml`** + — security posture. +- **`fro-bot-dispatch-examples.md`** — sibling Markdown doc next to the + workflow files documenting `workflow_dispatch` invocations. + +Every workflow consumes the local `.github/actions/pnpm-install` +composite action for dependency hydration, which centralizes Node + pnpm +setup and cache restoration. + +## Fro Bot Integration + +`bfra-me/works` runs a **single-file three-mode Fro Bot** at +`fro-bot/agent@b97877b2 # v0.44.2` — parity with [[bfra-me--github]], +ahead of most other ecosystem repos (commonly `v0.41.x`–`v0.43.x`). + +### Triggers + +- `issue_comment`, `pull_request_review_comment`, `discussion_comment` + on `@fro-bot` mentions from `OWNER`/`MEMBER`/`COLLABORATOR` +- `issues` opened/edited, `pull_request` opened/synchronize/reopened/ + ready_for_review/review_requested (skipped for bot authors and forks) +- Two crons: **`0 16 * * *`** (maintenance) and **`30 3 * * *`** + (autoheal) +- `workflow_dispatch` with `mode` choice + (`review`/`maintenance`/`autoheal`, default `autoheal`) and an + optional `prompt` override +- `workflow_call` with a required `prompt` input for reusable + invocation + +Concurrency keyed off issue/PR/discussion/schedule/run_id with +`cancel-in-progress: false` (autoheal must complete cleanly). The +`if:` guard explicitly filters out bot authors, forks, and the +`fro-bot` account itself. + +### Mode resolution (inline shell) + +```text +schedule "30 3" → autoheal +schedule other → maintenance +workflow_dispatch → autoheal (unless mode chosen) +pull_request → review +otherwise → custom prompt input +``` + +### `PR_REVIEW_PROMPT` + +TypeScript-monorepo-specific. Enforces: + +- No `as any`, `@ts-ignore`, or `@ts-expect-error` suppression +- `Result` (from `@bfra.me/es/result`) instead of throwing +- Explicit named exports only — no `export *` in application code +- Breaking-change awareness for subpath exports, entrypoints, types +- Monorepo integrity: dep boundaries, build order impact, cross-package + version alignment +- Test coverage for happy path, errors, boundaries (with explicit + rationale when tests aren't needed) +- Verdict format: `PASS | CONDITIONAL | REJECT` with `Blocking issues + / Non-blocking concerns / Missing tests / Risk assessment + (LOW/MED/HIGH)` headings — every heading must be emitted (use + "None") and formatting/lint nits are explicitly out of scope + +### `MAINTENANCE_PROMPT` — "Daily Maintenance Report" + +Maintains exactly **one** open rolling issue titled `Daily Maintenance +Report`. Behavior: + +- Search by exact title; if multiple matches, use the most recently + updated; if the most recent is closed, reopen it rather than create + a new one +- After selecting the canonical issue, close any other open + `Daily Maintenance Report` issues with a brief consolidation comment +- Append a new `## YYYY-MM-DD (UTC)` section per run +- After 14 days, collapse older dated sections into a single + `## Historical Summary` (updated in place — never duplicate it) +- Flag first-time stale items with a `★` marker +- Sections: Summary metrics → Stale issues (>30d) → Stale PRs (>7d + stale, >14d aged) → Unassigned bugs → Recommended actions → Notes +- Hard rule: no per-issue/PR comments or label changes; one issue + update per run + +### `AUTOHEAL_PROMPT` — "Daily Autohealing Report" + +Five-category sweep, executed serially with deduplication against +existing bot-authored items: + +1. **ERRORED PRs** — fix failing CI on trusted-author PRs + (`renovate[bot]`, `dependabot[bot]`, `fro-bot`, write-access humans). + Skip PRs that touch workflows, automation prompts, pnpm/lockfile, or + exec scripts. Run `pnpm validate` to confirm fixes locally before + pushing. +2. **SECURITY** — repair existing security update PRs or open new ones + for critical/high advisories. Renovate owns routine bumps; Fro Bot + only touches versions for confirmed security advisories. Skip with + "security alerts unavailable" if data is missing. +3. **CODE QUALITY & REPO HYGIENE** — primarily report-only: + `pnpm build` and `pnpm type-coverage` health, stale TODO/FIXME/HACK + scan (>90 days via git blame), convention drift (no barrel exports + outside `src/index.ts`, no `require()`, no `any`, named exports + only), `AGENTS.md` drift, `pnpm analyze` regressions. +4. **DEVELOPER EXPERIENCE** — `pnpm lint`/`pnpm type-check` auto-fix + PRs only (never direct push to default branch). Group related fixes + into a single `chore(lint): apply auto-fixes from autohealing run` + PR. +5. **PROGRESSIVE IMPROVEMENT** — report-only: tool-version gaps (>1 + minor behind), CI pipeline health, `package.json` analytics + correctness, cross-project pattern check against + [[bfra-me--github]], AGENTS.md convention drift. + +Hard boundaries: + +- Never force-push, rewrite history, delete branches, push directly to + default, merge PRs, submit reviews, close/reopen issues/PRs, modify + branch protection or secrets/org settings +- Never make checks pass by disabling tests, deleting assertions, + lowering coverage budgets, weakening lint/type rules, or editing + workflows/configs purely to suppress failures +- Output: **exactly one** issue titled `Daily Autohealing Report` with + a structured table-driven body (Summary / Errored PRs / Security / + Code Quality & Repo Hygiene / Developer Experience / Progressive + Improvement / Needs Human Attention) + +The single-issue rolling-update pattern matches +[[bfra-me--ha-addon-repository]] (which uses the same `Daily +Autohealing Report` convention) and diverges from sibling repos that +create a new report per cycle. + +### Schedule alignment + +- Maintenance cron `0 16 * * *` = 16:00 UTC +- Autoheal cron `30 3 * * *` = 03:30 UTC +- Distinct from [[bfra-me--github]] which runs org-wide autoheal + weekdays at `0 5 * * 1-5` and from [[bfra-me--ha-addon-repository]]'s + 15:30 UTC autoheal + +## Probot Settings + +- `.github/settings.yml` `_extends: .github:common-settings.yaml` + — resolves to the **bfra-me org** `.github` repo template + (consistent with sibling [[bfra-me--ha-addon-repository]], unlike the + `marcusrbrown/*` repos that extend `fro-bot/.github`) +- Repo-level overrides: name `works`, description + `@bfra-me tools and components`, topics `works, bfra-me, tools, + components, tsconfig, semantic-release` +- Branch protection (`main`): 12 required status checks — `Analyze`, + `Build`, `CI`, `CodeQL`, `Create Renovate Changeset`, `Fro Bot`, + `Lint`, `Prepare`, `Renovate / Renovate`, `Review Dependencies`, + `Test`, `Workspace Analysis`; `strict: false`, + `enforce_admins: true`, `required_linear_history: true`, + `required_pull_request_reviews: null` (no human reviewers required + — governance leans on status checks, same posture as + [[bfra-me--github]]) + +## Renovate + +- `.github/renovate.json5` extends: + - `github>bfra-me/.github:internal.json5#v4.16.18` (org baseline) + - `github>sanity-io/renovate-config:semantic-commit-type` + - `security:minimumReleaseAgeNpm` +- `addLabels: ['{{{parentDir}}}']` auto-labels by directory (clean + signal in a monorepo) +- `ignorePaths`: `**/dist/**`, `**/node_modules/**`, `**/test/**`, + `packages/create/**/templates/**` (template fixtures aren't real + deps) +- Notable package rules: + - `@anthropic-ai/sdk` 0.x minor → automerge + (`dependencyDashboardApproval: false`) + - `bfra-me/renovate-config` GitHub tags pinned by SemVer, with + `updatePinnedDependencies: true` only on major + - `fetch-mock` capped `<12.0.0` + - `@swc/**` scheduled every two weeks on Sunday + - Mise manager disabled (mirrors [[bfra-me--github]] workaround) +- `patch.automerge: true`, `platformAutomerge: false`, + `internalChecksFilter: 'flexible'` +- Post-upgrade tasks: `pnpm bootstrap`, `pnpm build`, `pnpm fix` +- Note: this repo extends `bfra-me/.github:internal.json5` directly, + while the wiki's [[marcusrbrown--renovate-config]] is Marcus's + parallel preset family. The two are organizationally distinct. + +## Conventions (from AGENTS.md) + +- TypeScript strict mode, `noUncheckedIndexedAccess`, no `any`, no + `@ts-ignore`, no `@ts-expect-error` +- Pure ESM only (no `require()`, no `module.exports`) +- Explicit named exports; `export *` only inside `src/index.ts` barrel +- `Result` from `@bfra.me/es/result` for expected errors — + **never throw** +- Build output: `lib/` (tsup), `dist/` only for `@bfra.me/create` +- Tests in `packages/*/test/**/*.test.ts`; Vitest with + `it.concurrent` and `expect.soft` where applicable; file snapshots + via `toMatchFileSnapshot` +- Changesets required for publishable changes; patch/minor/major + semantics with explicit rationale on majors +- Build order matters: `tsconfig` → `prettier-config` → + `eslint-config` → all others (handled automatically by streaming + `pnpm -r build`) +- Lint-staged on commit (husky); workflow files use `.yaml` (not + `.yml`) +- Workspace dependency protocol: `manypkg.workspaceProtocol: require` + +## Build, Test, Release + +```bash +pnpm bootstrap # Install (prefer-offline) +pnpm validate # (type-check + lint + test) parallel → build → type-coverage +pnpm build # Streamed per-package + publint +pnpm test # Vitest run +pnpm dev / pnpm watch # Parallel watch / build --watch +pnpm lint / pnpm fix # manypkg check + ESLint (+ --fix) +pnpm type-check # tsc --noEmit +pnpm type-coverage # type-coverage threshold check +pnpm analyze # workspace-analyzer CLI +pnpm inspect-eslint-config # ESLint config inspector +pnpm clean # rimraf node_modules/lib/.turbo/tsbuildinfo +``` + +Release pipeline: + +- `pnpm changeset` to create a changeset +- `pnpm version-changesets` → `clean-changesets` → `changeset version` + → `pnpm bootstrap --no-frozen-lockfile` → `pnpm build` → docs + version sync +- `pnpm publish-changesets` → `changeset publish` +- Driven by `release.yaml` on `workflow_run` after Main succeeds, with + weekly Sunday schedule and dispatchable force-release toggle + +## Cross-Repo Relationships + +- **[[bfra-me--github]]** — the org control plane. Provides the + reusable workflows this repo calls (`renovate.yaml@v4.16.18`, + `update-repo-settings.yaml@v4.16.0`), the `internal.json5` Renovate + baseline, and the `common-settings.yaml` Probot template. Both pin + `fro-bot/agent@v0.44.2`, making them the ecosystem's two leading + Fro Bot adopters. +- **[[bfra-me--ha-addon-repository]]** — sibling `bfra-me` org repo. + Shares the `Daily Autohealing Report` single-issue rolling-update + convention, and also extends `.github:common-settings.yaml`. +- **[[fro-bot--agent]]** — this repo runs `v0.44.2`, at the leading + edge. +- **[[marcusrbrown--renovate-config]]** — parallel Renovate preset + family in the `marcusrbrown/*` ecosystem; `bfra-me/works` extends + the `bfra-me/.github:internal.json5` baseline instead. +- **Downstream consumers** — `@bfra.me/eslint-config`, + `@bfra.me/prettier-config`, `@bfra.me/tsconfig`, `@bfra.me/es`, + `@bfra.me/semantic-release`, and `@bfra.me/workspace-analyzer` are + referenced by name across the wider Fro Bot ecosystem. Surveys of + downstream repos should cross-link back here when those packages + surface as devDependencies. + +## Open Questions / Follow-Ups + +- The `docs` package uses Astro Starlight; its quality infrastructure + (MDX lint, content tests, version-badge sync) is sophisticated + enough to warrant a future `astro-starlight` topic page if a second + ecosystem repo adopts the same pattern. +- `@bfra.me/workspace-analyzer` is the only published static-analysis + tool in the ecosystem and runs as a non-blocking CI job here. Worth + tracking adoption elsewhere — if [[bfra-me--github]] or sibling + repos start invoking it, a dedicated tool page is justified. +- The Probot settings landscape now has the `bfra-me/works` row added + to the `bfra-me/.github:common-settings.yaml` consumer list. See the + [[probot-settings]] follow-up about reconciling `bfra-me` and + `fro-bot` org templates. + +## Survey History + +| Date | SHA | Notes | +| ---------- | --------- | ---------------------------------------------------------------------------------------------- | +| 2026-05-20 | `ef14b26` | Initial survey. `fro-bot/agent@v0.44.2`, 11 workflows, 8 published packages + docs site, manypkg-enforced workspace protocol. | diff --git a/knowledge/wiki/topics/github-actions-ci.md b/knowledge/wiki/topics/github-actions-ci.md index 10000c97f..e8f2b0871 100644 --- a/knowledge/wiki/topics/github-actions-ci.md +++ b/knowledge/wiki/topics/github-actions-ci.md @@ -15,6 +15,7 @@ related: - marcusrbrown--renovate-config - marcusrbrown--sparkle - bfra-me--github + - bfra-me--works --- # GitHub Actions CI @@ -32,6 +33,7 @@ Cross-cutting CI/CD patterns observed across Marcus's repositories in the Fro Bo - [[marcusrbrown--renovate-config]] — Lint + semantic-release pipeline for Renovate presets, self-referential Renovate config, CodeQL, OpenSSF Scorecard - [[marcusrbrown--sparkle]] — Turborepo-orchestrated Setup → Check → Build pipeline, Astro Starlight docs deployment to GitHub Pages, auto-regenerate-docs PR workflow - [[bfra-me--github]] — Org control center; 17 workflows including `main.yaml` (Quality Check), `fro-bot.yaml` (per-repo persona), `fro-bot-autoheal-org.yaml` (weekday org-wide sweep), `renovate.yaml` + `trigger-org-renovate.yaml` (self-hosted Renovate fan-out), and three custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`). Source of the reusable workflows that `marcusrbrown/*` repos consume. +- [[bfra-me--works]] — `@bfra-me` tooling monorepo; 11 workflows including `main.yaml` (Prepare → parallel {Lint+type-coverage, Test, Build, Workspace Analysis} → CI), `release.yaml` (Changesets, `workflow_run` after Main + Sunday cron + dispatch with force-release toggle), `fro-bot.yaml` (three-mode single-file at v0.44.2), `docs.yaml` (Astro Starlight → GitHub Pages), `docs-sync.yaml` (path-filtered @bfra.me/doc-sync re-sync), `renovate.yaml` + `update-repo-settings.yaml` (reusable `bfra-me/.github` callers), `renovate-changeset.yaml`, `cache-cleanup.yaml`, plus CodeQL/Scorecard/Dependency Review. Local composite action `.github/actions/pnpm-install` consumed by every workflow. ## Common Patterns @@ -95,6 +97,7 @@ Repos use `dorny/paths-filter` to scope CI runs to relevant file changes, reduci | [[marcusrbrown--renovate-config]] | Present (`fro-bot.yaml` + `fro-bot-autoheal.yaml`) | Daily 15:30 UTC maintenance, Daily 03:30 UTC autohealing (5 categories incl. config validation & bfra-me ecosystem health) | | [[marcusrbrown--sparkle]] | **Not present** | N/A | | [[marcusrbrown--ha-config]] | **Not present** | N/A | +| [[bfra-me--works]] | Present (`fro-bot.yaml`, single-file three-mode at v0.44.2) | Maintenance `0 16 * * *`, Autoheal `30 3 * * *`; both rolling-update single-issue reports (`Daily Maintenance Report` / `Daily Autohealing Report`) | The containers repo's Fro Bot workflow includes domain-specific PR review prompts (Dockerfile best practices, multi-arch correctness) and a structured autohealing schedule (errored PRs, security alerts, dependency bumps, linting consistency). diff --git a/knowledge/wiki/topics/probot-settings.md b/knowledge/wiki/topics/probot-settings.md index ea91d0368..e95c11498 100644 --- a/knowledge/wiki/topics/probot-settings.md +++ b/knowledge/wiki/topics/probot-settings.md @@ -9,6 +9,7 @@ related: - marcusrbrown--ha-config - bfra-me--github - bfra-me--ha-addon-repository + - bfra-me--works --- # Probot Settings @@ -64,10 +65,20 @@ The `fro-bot/.github` repository (this repo) has its own `common-settings.yaml` - `update-repository-settings` is shipped as a local custom action in this repo and consumed by `update-repo-settings.yaml` -[[bfra-me--ha-addon-repository]] and other `bfra-me/*` repos extend -this template; most `marcusrbrown/*` repos extend the `fro-bot/.github` -template instead. Reconciling which org template is canonical for what -audience is an open follow-up. +[[bfra-me--ha-addon-repository]], [[bfra-me--works]], and other +`bfra-me/*` repos extend this template; most `marcusrbrown/*` repos +extend the `fro-bot/.github` template instead. Reconciling which org +template is canonical for what audience is an open follow-up. + +The [[bfra-me--works]] settings file is a representative example of how +`bfra-me/*` repos compose the org template: it extends +`.github:common-settings.yaml` and overrides `repository.{name, +description, topics}` plus a 12-check branch-protection list (`Analyze`, +`Build`, `CI`, `CodeQL`, `Create Renovate Changeset`, `Fro Bot`, +`Lint`, `Prepare`, `Renovate / Renovate`, `Review Dependencies`, +`Test`, `Workspace Analysis`) with `enforce_admins: true`, +`required_linear_history: true`, and `required_pull_request_reviews: +null` — matching the org-template posture (checks over reviewers). ## Settings Sync Workflow From c75697289da53faafbf274ade3dd870f7fc527ad Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 20 May 2026 10:15:28 -0700 Subject: [PATCH 28/77] chore(reconcile): record survey success for bfra-me/works --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 7ee807607..b729f3088 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -313,9 +313,9 @@ repos: - owner: bfra-me name: works added: 2026-05-18 - onboarding_status: pending + onboarding_status: onboarded last_survey_at: 2026-05-20 - last_survey_status: failure + last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab From 6b19e649bf387fb6ef8dc3089112855d5f35fecf Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 21 May 2026 01:48:43 -0700 Subject: [PATCH 29/77] feat(knowledge): survey marcusrbrown/mrbro.dev --- knowledge/index.md | 2 +- knowledge/log.md | 26 +++++++++++ .../wiki/repos/marcusrbrown--mrbro-dev.md | 45 ++++++++++++------- 3 files changed, 57 insertions(+), 16 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index ef9424e48..a695d2b4c 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -22,7 +22,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) - [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections; Fro Bot single-file three-mode workflow at agent v0.44.0, v0.44.1 in flight) -- [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) +- [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript 5.9, Vite 7, GitHub Pages at mrbro.dev, advanced theme system; single-file three-mode Fro Bot workflow at agent v0.43.0; Renovate preset on `marcusrbrown/renovate-config#5.2.0`) - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses with async completion notifications - [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repositories - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell diff --git a/knowledge/log.md b/knowledge/log.md index c95915189..cb35ab676 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1258,3 +1258,29 @@ Sources: https://github.com/bfra-me/works (SHA ef14b26085dab318fffad1b6c3062292f Surveyed bfra-me/works and updated the control-plane wiki. Sources: https://github.com/bfra-me/works + +## [2026-05-21 00:00] ingest | marcusrbrown/mrbro.dev + +Re-survey of `marcusrbrown/mrbro.dev` (SHA `88f7a4a`, latest commit `chore(dev): pin dependency @lhci/cli to 0.15.1 (#174)` from 2026-05-18). Updated repo page `marcusrbrown--mrbro-dev.md` additively. Updated `index.md` summary line. No new topic/entity/comparison pages warranted — all cross-cutting topics (github-pages, github-actions-ci) already cover the patterns. + +Delta from prior survey (SHA `d8c0e43`, 2026-04-26): + +- **Workflow consolidation:** `fro-bot-autoheal.yaml` removed; single `fro-bot.yaml` now carries all three modes (review / maintenance / autoheal) selectable via `workflow_dispatch.inputs.mode`. Two cron schedules in one file: 03:30 UTC autoheal, 15:30 UTC maintenance. Matches the single-file three-mode pattern previously observed in [[marcusrbrown--marcusrbrown-github-io]] — convergence across the React+Vite portfolio repos. +- **Fro Bot agent bumped:** v0.41.3 → v0.43.0 (SHA `1563f2987343b5e8d30ba818920d0ac563c617fa`). +- **Renovate preset major bump:** `marcusrbrown/renovate-config#4.5.8` → `#5.2.0`. First repo in this wiki observed on the v5 preset line. +- **Open issue backlog drained:** 39 → 8. The autoheal/maintenance prompts mandate single perpetual rolling issues; this is now reflected on the repo (#13 Maintenance, #162 Autoheal). Prior drift of multiple separate daily report issues has self-corrected. +- **Open PRs:** 4, all `chore(dev): pin dependency …` Renovate pins (#168, #172, #173, #175). +- **Dependency snapshot:** TypeScript 5.6 → 5.9.3 (still pre-v6, divergent from tokentoilet/marcusrbrown.github.io). Vitest 4.1.4, pnpm 10.33.4, Node `>=22.6.0`, Vite 7.3.2. +- **New pnpm overrides:** `fast-uri ≥3.1.2`, `ip-address ≥10.1.1`, `uuid ≥14.0.0` — incremental security remediations on top of the prior basic-ftp/brace-expansion/lodash/path-to-regexp/picomatch set. +- **Still no `.github/settings.yml`** — branch protection continues to be managed via `scripts/configure-branch-protection.ts` rather than Probot. Diverges from the rest of Marcus's portfolio. +- **PR review prompt** is repo-specific and unchanged in structure: PASS/CONDITIONAL/REJECT verdict, four mandatory sections, hard "review only" boundary. + +No contradictions with prior ingest — the workflow consolidation is captured additively with both the historical two-file form and the current single-file form preserved. + +Sources: https://github.com/marcusrbrown/mrbro.dev (SHA 88f7a4adf497fe9bb772f27b05216d4e0235af3e) + +## [2026-05-21 08:48] ingest | repo:marcusrbrown/mrbro.dev + +Surveyed marcusrbrown/mrbro.dev and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/mrbro.dev diff --git a/knowledge/wiki/repos/marcusrbrown--mrbro-dev.md b/knowledge/wiki/repos/marcusrbrown--mrbro-dev.md index 1a666484e..91e076b65 100644 --- a/knowledge/wiki/repos/marcusrbrown--mrbro-dev.md +++ b/knowledge/wiki/repos/marcusrbrown--mrbro-dev.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/mrbro.dev" created: 2026-04-18 -updated: 2026-04-26 +updated: 2026-05-21 sources: - url: https://github.com/marcusrbrown/mrbro.dev sha: 51f5cab5c77768b761d9f0a688ac7436cc5a06f4 @@ -10,6 +10,9 @@ sources: - url: https://github.com/marcusrbrown/mrbro.dev sha: d8c0e43a471aa41b030890122d75450b5626b981 accessed: 2026-04-26 + - url: https://github.com/marcusrbrown/mrbro.dev + sha: 88f7a4adf497fe9bb772f27b05216d4e0235af3e + accessed: 2026-05-21 tags: [portfolio, react, typescript, vite, github-pages, blog, pnpm] aliases: [mrbro-dev, mrbro.dev] related: @@ -30,8 +33,8 @@ Marcus R. Brown's developer portfolio website. React 19, TypeScript (strict), Vi - **Homepage:** https://mrbro.dev - **Topics:** `blog`, `developer`, `github-pages`, `portfolio`, `react`, `typescript`, `vite` - **License:** MIT (badge present, no LICENSE file detected via API) -- **Open issues:** 39 (majority are Daily Autohealing Reports) -- **Open PRs:** 4 (#85 and #87 stale security fixes, #142 non-major deps, #145 fro-bot hook rename) +- **Open issues:** 8 as of 2026-05-21 (drained from 39 in April — the single perpetual "Daily Autohealing Report" #162 and "Daily Maintenance Report" #13 are now the canonical rolling issues, matching the prompt contract; #1 Dependency Dashboard, #48 triage, plus 4 Renovate pin PRs reflected as issues) +- **Open PRs:** 4 (all `chore(dev): pin dependency …` Renovate PRs: #168 `@bfra.me/eslint-config` v0.51.0, #172 `@bfra.me/prettier-config` 0.16.8, #173 `@bfra.me/tsconfig` v0.13.0, #175 `eslint-plugin-react-refresh` 0.5.2) ## Tech Stack @@ -119,8 +122,7 @@ The most architecturally significant feature. Centered on `ThemeContext` (300+ l | CI | `ci.yaml` | PR to `main`, dispatch | Lint, test (with coverage), build, type-check, dependency audit, quality gate | | E2E Tests | `e2e-tests.yaml` | PR to `main`, dispatch | Playwright E2E (Chromium), visual regression, accessibility (axe-core), badge generation | | Performance | `performance.yaml` | push to `main`, PR, weekly cron, dispatch | Lighthouse CI (desktop + mobile), bundle analysis, performance budgets, regression detection | -| Fro Bot | `fro-bot.yaml` | PR, issue, comment, schedule, dispatch | Automated PR review, daily maintenance, issue triage | -| Fro Bot Autoheal | `fro-bot-autoheal.yaml` | daily 03:30 UTC, dispatch | Automated CI repair, security, code quality, production site review | +| Fro Bot | `fro-bot.yaml` | PR, issue, comment, schedule (03:30 + 15:30 UTC), dispatch | Three-mode: PR review / daily maintenance / autoheal (single file as of 2026-05-21) | | Renovate | `renovate.yaml` | issue/PR edit, push (non-main), workflow_run, dispatch | Dependency management via `bfra-me/.github` reusable workflow | | Copilot Setup Steps | `copilot-setup-steps.yaml` | — | GitHub Copilot coding agent environment | @@ -138,22 +140,34 @@ Sequential: checkout, setup, lint, test, build (with `GITHUB_PAGES=true`), uploa ## Fro Bot Integration -**Fro Bot workflow is present and active.** Two workflows: +**As of 2026-05-21 (SHA `88f7a4a`), the Fro Bot integration is a single-file three-mode workflow.** The standalone `fro-bot-autoheal.yaml` has been consolidated into `fro-bot.yaml`, matching the pattern in [[marcusrbrown--marcusrbrown-github-io]] and the broader Fro Bot fleet. + +### fro-bot.yaml (single-file, three modes — current) + +- **Agent pin:** `fro-bot/agent@v0.43.0` (SHA `1563f2987343b5e8d30ba818920d0ac563c617fa`) +- **Modes** (selectable via `workflow_dispatch.inputs.mode`, default `autoheal`): + - `review` — PR review with structured verdict (`PASS | CONDITIONAL | REJECT`), blocking/non-blocking/missing-tests/risk-assessment sections; reserved for `pull_request`, `*_comment`, and `issues` events + - `maintenance` — Single perpetual "Daily Maintenance Report" issue at 15:30 UTC; the prompt mandates exactly one open maintenance issue at all times (drift-correction language) + - `autoheal` — Daily autoheal at 03:30 UTC (staggered off sibling repos) +- **Triggers:** `issue_comment`, `pull_request_review_comment`, `discussion_comment`, `issues` (opened/edited), `pull_request` (opened/synchronize/reopened/ready_for_review/review_requested), two `schedule` crons, `workflow_dispatch` +- **Concurrency:** Per issue/PR/discussion/schedule, non-cancelling +- **PR review prompt** is mrbro.dev-specific: React 19 / TypeScript / Vite 7, WCAG 2.1 AA, performance budget (JS <500KB, total <2MB), pure ESM, PascalCase hooks, `.yaml` extension enforcement, named exports preferred. Style nits explicitly deferred to ESLint/Prettier. +- **Hard boundary**: "Do NOT push commits, modify code, or create branches. Review only." -### fro-bot.yaml +### fro-bot.yaml (prior two-file form — historical, 2026-04-18 → 2026-04-26) - Triggers: PR events (opened, synchronize, reopened, ready_for_review, review_requested), issue events (opened, edited), comment events (`@fro-bot` mention including discussion comments), daily schedule (15:30 UTC), manual dispatch -- Uses `fro-bot/agent@v0.41.3` (SHA `36c9850c2ac6e6d4d532662fca2ca89bd2bc559d`) with `FRO_BOT_PAT` token +- Used `fro-bot/agent@v0.41.3` (SHA `36c9850c2ac6e6d4d532662fca2ca89bd2bc559d`) with `FRO_BOT_PAT` token - `opencode-config` secret passed via environment (added 2026-04-19, #135) - PR review prompt: structured review (Verdict/Blocking/Non-blocking/Missing tests/Risk assessment) - Schedule prompt: daily maintenance issue ("Daily Maintenance Report") with 14-day rolling window - Concurrency: per-issue/PR, non-cancelling - Fork PR guard: skips bot-authored and fork PRs; additional fork-check step for issue_comment on PR events -### fro-bot-autoheal.yaml +### fro-bot-autoheal.yaml (removed 2026-05-21) - Triggers: daily 03:30 UTC, manual dispatch -- Uses `fro-bot/agent@v0.41.3` (SHA `36c9850c2ac6e6d4d532662fca2ca89bd2bc559d`) +- Used `fro-bot/agent@v0.41.3` (SHA `36c9850c2ac6e6d4d532662fca2ca89bd2bc559d`) - `opencode-config` secret passed via environment - Five-category autoheal: errored PRs, security, code quality/hygiene, developer experience, production site review - Production site review uses `npx agent-browser` to check mrbro.dev pages (/, /about, /projects, /blog) @@ -179,7 +193,7 @@ Coverage as of README badges: 70.81% statements, 80.19% branches, 60.4% function ## Developer Tooling -- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.8`. Post-upgrade runs: `pnpm install`, `pnpm run build`, `pnpm run fix` (twice). Groups all non-major updates. Reusable workflow via `bfra-me/.github@v4.16.7`. +- **Renovate:** Extends `marcusrbrown/renovate-config#5.2.0` (as of 2026-05-21, bumped from `#4.5.8`). Post-upgrade runs: `pnpm install`, `pnpm run build`, `pnpm run fix` (twice), `executionMode: 'branch'`. Groups all non-major updates. Config lives at `.github/renovate.json5`. - **Probot Settings:** **Not configured.** No `.github/settings.yml` present — unusual for Marcus repos where Probot settings extending `fro-bot/.github:common-settings.yaml` is the standard pattern. Branch protection managed via `.github/BRANCH_PROTECTION.md` documentation and `scripts/configure-branch-protection.ts` script instead. - **Git Hooks:** `simple-git-hooks` with `lint-staged` (ESLint --fix on staged files). Pre-push hook at `.github/git-hooks/pre-push.ts`. - **Copilot Hooks:** `.github/hooks/` directory for Copilot pre-tool-use guardrails. @@ -215,12 +229,12 @@ Vite upgraded to v7.3.2 for security fix (#121). ## Connections to Fro Bot Ecosystem -- Uses `fro-bot/agent@v0.41.3` in both workflow files (bumped from v0.38.0 since 2026-04-18 survey) +- Uses `fro-bot/agent@v0.43.0` in the single consolidated workflow (v0.38.0 → v0.41.3 → v0.43.0 across surveys) - Shares `@bfra.me/*` config ecosystem with the Fro Bot org -- Renovate extends `marcusrbrown/renovate-config#4.5.8` (same as [[marcusrbrown--ha-config]], [[marcusrbrown--vbs]]) -- Authentication via `APPLICATION_ID`/`APPLICATION_PRIVATE_KEY` secrets (GitHub App) in CI, `FRO_BOT_PAT` + `opencode-config` for agent workflows +- Renovate extends `marcusrbrown/renovate-config#5.2.0` — first repo in this wiki observed on the v5 preset line +- Authentication via `APPLICATION_ID`/`APPLICATION_PRIVATE_KEY` secrets (GitHub App) in CI, `FRO_BOT_PAT` + `opencode-config` for agent workflow - **No Probot settings.yml** — diverges from sibling repos that extend `fro-bot/.github:common-settings.yaml` -- Sibling portfolio site: [[marcusrbrown--marcusrbrown-github-io]] (both React+Vite GitHub Pages, different scope and domain) +- Sibling portfolio site: [[marcusrbrown--marcusrbrown-github-io]] (both React+Vite GitHub Pages, different scope and domain) — both now run the single-file three-mode Fro Bot workflow ## Survey History @@ -228,3 +242,4 @@ Vite upgraded to v7.3.2 for security fix (#121). | --- | --- | --- | | 2026-04-18 | `51f5cab` | Initial survey | | 2026-04-26 | `d8c0e43` | Agent v0.38.0→v0.41.3, Renovate #4.5.7→#4.5.8, opencode-config added, security overrides, no settings.yml noted, 39 open issues | +| 2026-05-21 | `88f7a4a` | Workflows consolidated: `fro-bot-autoheal.yaml` removed, single `fro-bot.yaml` with three modes (review/maintenance/autoheal). Agent v0.41.3 → v0.43.0. Renovate preset #4.5.8 → #5.2.0. Open issues 39 → 8 (autoheal backlog drained). Open PRs 4 (all pin-version Renovate). New pnpm overrides: `fast-uri ≥3.1.2`, `ip-address ≥10.1.1`, `uuid ≥14.0.0`. TypeScript bumped 5.6.x → 5.9.3 (still pre-v6). Vitest 4.1.4, pnpm 10.33.4. | From 136a2aee29b11c45c1f23fd7c89c8802b98f3054 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 21 May 2026 01:48:45 -0700 Subject: [PATCH 30/77] chore(reconcile): record survey success for marcusrbrown/mrbro.dev --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index b729f3088..26f535e13 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -134,12 +134,12 @@ repos: name: mrbro.dev added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-04-27 + last_survey_at: 2026-05-21 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-05-30 + next_survey_eligible_at: 2026-06-22 private: false node_id: R_kgDORgYjdA - owner: marcusrbrown From 7e18299e26d8625a2b681f4967437d30306e8ccf Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 21 May 2026 01:54:44 -0700 Subject: [PATCH 31/77] feat(knowledge): survey marcusrbrown/opencode-copilot-delegate --- knowledge/index.md | 4 +- knowledge/log.md | 39 ++-- ...marcusrbrown--opencode-copilot-delegate.md | 193 +++++++++++++----- knowledge/wiki/topics/opencode-plugins.md | 116 ++++++++++- 4 files changed, 280 insertions(+), 72 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index a695d2b4c..bacfc2bc7 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -22,8 +22,8 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) - [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections; Fro Bot single-file three-mode workflow at agent v0.44.0, v0.44.1 in flight) -- [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript 5.9, Vite 7, GitHub Pages at mrbro.dev, advanced theme system; single-file three-mode Fro Bot workflow at agent v0.43.0; Renovate preset on `marcusrbrown/renovate-config#5.2.0`) -- [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses with async completion notifications +- [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) +- [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses; v0.12.0 with 4 tools (delegate/output/cancel/resume), opt-in `/copilot-status` TUI half, orphan-subprocess reaper with PID-file identity gate, per-process plugin singleton, localhost RPC layer - [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repositories - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell - [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (45 skills, 50 agents), npm `@fro.bot/systematic`, Bun + Biome + semantic-release diff --git a/knowledge/log.md b/knowledge/log.md index cb35ab676..7f388214e 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1259,28 +1259,33 @@ Surveyed bfra-me/works and updated the control-plane wiki. Sources: https://github.com/bfra-me/works -## [2026-05-21 00:00] ingest | marcusrbrown/mrbro.dev +## [2026-05-21 04:30] ingest | marcusrbrown/opencode-copilot-delegate -Re-survey of `marcusrbrown/mrbro.dev` (SHA `88f7a4a`, latest commit `chore(dev): pin dependency @lhci/cli to 0.15.1 (#174)` from 2026-05-18). Updated repo page `marcusrbrown--mrbro-dev.md` additively. Updated `index.md` summary line. No new topic/entity/comparison pages warranted — all cross-cutting topics (github-pages, github-actions-ci) already cover the patterns. +Incremental re-survey of `marcusrbrown/opencode-copilot-delegate` (SHA `2744ce7`, v0.12.0 on npm, up from `02cac9c` / v0.1.0 on 2026-04-27). Additively rewrote repo page `marcusrbrown--opencode-copilot-delegate.md` to absorb 11 minor releases. Updated topic page `opencode-plugins.md` with hard-won loader/runtime gotchas surfaced across those releases. Updated `index.md` description. Index unchanged in structure (page already cataloged). -Delta from prior survey (SHA `d8c0e43`, 2026-04-26): +Key deltas since prior survey (v0.1.0 → v0.12.0): -- **Workflow consolidation:** `fro-bot-autoheal.yaml` removed; single `fro-bot.yaml` now carries all three modes (review / maintenance / autoheal) selectable via `workflow_dispatch.inputs.mode`. Two cron schedules in one file: 03:30 UTC autoheal, 15:30 UTC maintenance. Matches the single-file three-mode pattern previously observed in [[marcusrbrown--marcusrbrown-github-io]] — convergence across the React+Vite portfolio repos. -- **Fro Bot agent bumped:** v0.41.3 → v0.43.0 (SHA `1563f2987343b5e8d30ba818920d0ac563c617fa`). -- **Renovate preset major bump:** `marcusrbrown/renovate-config#4.5.8` → `#5.2.0`. First repo in this wiki observed on the v5 preset line. -- **Open issue backlog drained:** 39 → 8. The autoheal/maintenance prompts mandate single perpetual rolling issues; this is now reflected on the repo (#13 Maintenance, #162 Autoheal). Prior drift of multiple separate daily report issues has self-corrected. -- **Open PRs:** 4, all `chore(dev): pin dependency …` Renovate pins (#168, #172, #173, #175). -- **Dependency snapshot:** TypeScript 5.6 → 5.9.3 (still pre-v6, divergent from tokentoilet/marcusrbrown.github.io). Vitest 4.1.4, pnpm 10.33.4, Node `>=22.6.0`, Vite 7.3.2. -- **New pnpm overrides:** `fast-uri ≥3.1.2`, `ip-address ≥10.1.1`, `uuid ≥14.0.0` — incremental security remediations on top of the prior basic-ftp/brace-expansion/lodash/path-to-regexp/picomatch set. -- **Still no `.github/settings.yml`** — branch protection continues to be managed via `scripts/configure-branch-protection.ts` rather than Probot. Diverges from the rest of Marcus's portfolio. -- **PR review prompt** is repo-specific and unchanged in structure: PASS/CONDITIONAL/REJECT verdict, four mandatory sections, hard "review only" boundary. +- **Fourth tool added (v0.12.0):** `copilot_resume` wraps `copilot --resume=` with UUID validation against the local session store, automatic workspace-path reuse from prior plugin tasks whose session ID matches, CLI no-match-error normalization, and path-injection rejection. `TaskState`/`OutputEnvelope` gain `origin: spawn|resume|connect` discriminator and surface the upstream Copilot session UUID as `copilot_session_id` on the envelope. +- **Two-half plugin architecture (v0.10.0+):** Server plugin remains the default; opt-in `./tui` export adds `/copilot-status` via `@opentui/solid`. `package.json` declares `oc-plugin: [server, tui]`. Build target split — server `target: node` (Node-loadable, CI-gated), TUI `target: bun`. +- **Public-surface hardening (v0.12.0):** Plugin entry now exports only `default`; helper moved to `src/lib/rpc-cleanup.ts`. CI gate between Build and Unit tests asserts the export shape using `node --input-type=module -e "import(...)"`. Tests/package-exports.test.ts mirrors locally. References the Systematic v2.5.0/v2.12.1 regression class. +- **Orphan subprocess reaper (v0.2.0+):** PID-file identity-gated reaper for foreign-instance subprocesses, hardened across v0.3.0 (streaming worker pool, combined `ps` query), v0.4.0 (configurable timeouts + cooperative `AbortSignal` cancellation, `timedOut: boolean` in `ReapResult`), v0.8.0 (race-safe truncate/unlink helpers), v0.9.0 (`O_NOFOLLOW` + symlinked-parent-dir rejection against same-user attacks). All runtime warnings now share `[copilot-delegate]` prefix. +- **Per-process plugin singleton (v0.8.0 → v0.11.0):** `globalThis` Symbol guard; **duplicate invocations now return empty hooks `{}`** to prevent double-registration when both user-level and project-level `opencode.json` list the plugin. Diverges from Systematic PR #352 (per-load registration) because this plugin's `doInit` binds a TCP port + writes a PID file — re-running would race on exclusive resources. +- **TUI slash command (v0.12.0):** Feature-detects `api.keymap.registerLayer` (OpenCode 1.14.44+) vs `api.command.register` (1.14.41 fallback) vs neither (defensive warn). Mirrors Magic Context dual-path pattern from commit 5fe1c4f. +- **Per-parameter tool description survival (v0.5.0–v0.7.0):** Agent discovery rewritten — `BUILTIN_AGENTS` constant removed since standalone `@github/copilot` CLI ships zero of those legacy names. Tool schemas patched via `_zod.toJSONSchema` override in `src/lib/normalize-tool-arg-schemas.ts` so descriptions survive the host-zod ≠ plugin-zod module boundary. `zod` pinned `^4.3.0` direct + `overrides` to dodge dual-zod TS2883. +- **TUI re-entrancy fix (v0.10.1):** Pressing Escape on `/copilot-status` previously froze the TUI via re-entrant dialog close handling. +- **Observability (v0.9.0):** `killProcessTree` classifies fkill failures by probing the process *group* (`process.kill(-pid, 0)`); ESRCH suppressed, others preserve original throw. `notifyCompletion` fallback `client.app.log` wrapped in try/catch with structured SDK shape so synchronous SDK throws can't escape the documented "never throws" contract. +- **`setStatus` lifecycle tightening (v0.8.0):** Terminal → non-terminal transitions explicitly forbidden; closes an unintended resurrection path no caller exercised but the prior contract permitted. +- **Toolchain:** Bun 1.3.13 → 1.3.14, Biome 2.4.13 → 2.4.15, mise pins `opencode-ai` 1.14.27 → 1.15.4 and `@github/copilot` 1.0.36 → 1.0.48. `@opencode-ai/plugin` peer narrowed `>=1.14.0` → `>=1.14.41` (v0.12.0). `@opencode-ai/sdk` peer dep removed (v0.6.0) — was never imported. +- **CI/automation:** Fro Bot agent `v0.42.2` → `v0.44.3` (SHA `b928e797`). Renovate preset `marcusrbrown/renovate-config#4.5.8` → `#5.2.0` (major bump). 6 workflows unchanged. Branch protection unchanged. Probot settings still extend `.github:common-settings.yaml`. +- **Tests:** Grew from ~6 to 21 unit files plus integration. New coverage: pid-file, orphan-reaper, continuity-checks, continuity-validation, plugin-singleton, rpc-server, rpc-contract, rpc-cleanup, normalize-tool-arg-schemas, package-exports, resume, task-status, task-registry, cancel-helper. Integration suite still gated out of CI per #38. +- **Open issues unchanged:** 3 (#38 integration tests, #26 daily autoheal report, #25 dep dashboard). 4 open PRs (3 Renovate, 1 Fro Bot self-correction #134 tightening `@types/node` LTS rule). -No contradictions with prior ingest — the workflow consolidation is captured additively with both the historical two-file form and the current single-file form preserved. +No contradictions with prior ingest. The 2026-04-23 "TODO stubs" claim was already resolved by the 2026-04-27 survey; the page now reflects the full 11-release hardening arc on top of that foundation. -Sources: https://github.com/marcusrbrown/mrbro.dev (SHA 88f7a4adf497fe9bb772f27b05216d4e0235af3e) +Sources: https://github.com/marcusrbrown/opencode-copilot-delegate (SHA 2744ce7fc07660baa4f17bfff3656141888261cf) -## [2026-05-21 08:48] ingest | repo:marcusrbrown/mrbro.dev +## [2026-05-21 08:54] ingest | repo:marcusrbrown/opencode-copilot-delegate -Surveyed marcusrbrown/mrbro.dev and updated the control-plane wiki. +Surveyed marcusrbrown/opencode-copilot-delegate and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/mrbro.dev +Sources: https://github.com/marcusrbrown/opencode-copilot-delegate diff --git a/knowledge/wiki/repos/marcusrbrown--opencode-copilot-delegate.md b/knowledge/wiki/repos/marcusrbrown--opencode-copilot-delegate.md index b6dd0cadd..8124a9108 100644 --- a/knowledge/wiki/repos/marcusrbrown--opencode-copilot-delegate.md +++ b/knowledge/wiki/repos/marcusrbrown--opencode-copilot-delegate.md @@ -2,7 +2,7 @@ type: repo title: marcusrbrown/opencode-copilot-delegate created: 2026-04-23 -updated: 2026-04-27 +updated: 2026-05-21 sources: - url: https://github.com/marcusrbrown/opencode-copilot-delegate sha: bea3f576d7218900b9216a8a2c2947003660809b @@ -10,7 +10,10 @@ sources: - url: https://github.com/marcusrbrown/opencode-copilot-delegate sha: 02cac9c024744a290c9257d5c740d2a83e2c8e42 accessed: 2026-04-27 -tags: [opencode, plugin, copilot, delegation, subprocess, async, bun, typescript, biome, changesets] + - url: https://github.com/marcusrbrown/opencode-copilot-delegate + sha: 2744ce7fc07660baa4f17bfff3656141888261cf + accessed: 2026-05-21 +tags: [opencode, plugin, copilot, delegation, subprocess, async, bun, typescript, biome, changesets, tui, rpc, orphan-reaper] related: [marcusrbrown--dotfiles, marcusrbrown--systematic] --- @@ -22,83 +25,157 @@ OpenCode plugin that delegates tasks to GitHub Copilot CLI as background subproc An [OpenCode](https://opencode.ai) plugin registering three tools — `copilot_delegate`, `copilot_output`, `copilot_cancel` — that allow a parent OpenCode agent to spawn `copilot -p` as a background process, continue productive work, and receive a `` notification when the subprocess completes. The async pattern mirrors OMO's `background_task` / `background_output` architecture. -**Status (2026-04-27):** v0.1.0 with full implementation. Source files contain working runtime code across all modules (tools, runtime, discovery, lib). The implementation plan from `docs/plans/` has been executed. Published to npm as `opencode-copilot-delegate`. CI, Fro Bot, and Renovate are all active on `main`. +**Status (2026-05-21):** v0.12.0 on npm. The plugin has hardened substantially since the initial v0.1.0 scaffold — added an orphan-subprocess reaper with PID-file identity gate (v0.2.0), streaming worker pool for reap probes (v0.3.0), configurable timeouts with cooperative cancellation (v0.4.0), per-parameter tool description enrichment (v0.5.0–v0.7.0), an opt-in `/copilot-status` TUI half (v0.10.0), per-process plugin-factory singleton (v0.8.0, refined in v0.11.0), and a fourth `copilot_resume` tool (v0.12.0). The tool catalog is now 3 → 4. Source tree has expanded from the original 4 module groups to include `src/tui/` (Solid + opentui TUI entry) and a localhost RPC layer (`runtime/rpc-*.ts`, `tui/rpc-client.ts`). Test count has grown from ~6 to 21 unit test files plus an integration suite. -> **Contradiction with prior survey (2026-04-23):** The initial survey recorded all `src/` files as "TODO stubs with implementation plan." As of SHA `02cac9c`, the source tree is fully implemented with working code across all modules. The implementation plan tasks have been completed. +> **Prior contradiction (resolved):** The 2026-04-23 survey recorded all `src/` files as "TODO stubs with implementation plan." As of SHA `02cac9c` (2026-04-27) the source tree was fully implemented, and the 2026-05-21 survey confirms the plugin has shipped 11 minor releases on top of that foundation. ## Technology Stack | Aspect | Detail | |--------|--------| | Language | TypeScript 6.0.3 (strict, ES2022 target, ESM modules) | -| Runtime/Build | Bun 1.3.13 (both development and production build target) | -| Linting/Formatting | Biome 2.4.13 (NOT ESLint/Prettier — diverges from other Marcus repos using `@bfra.me/eslint-config`) | -| Versioning | Changesets (`@changesets/cli` v2.31.0, public access) | +| Runtime/Build | Bun 1.3.14 (both development and production build target) | +| Linting/Formatting | Biome 2.4.15 (NOT ESLint/Prettier — diverges from other Marcus repos using `@bfra.me/eslint-config`) | +| Versioning | Changesets (`@changesets/cli` v2.31.0, OIDC trusted publishing to npm) | | Package Manager | Bun (`bun.lock`, `bun install`) | -| Test Runner | `bun test` (matches OpenCode ecosystem) | -| Peer Dependencies | `@opencode-ai/plugin >=1.14.0`, `@opencode-ai/sdk >=1.14.0` (dev pins: ^1.14.19) | -| Runtime Dependency | `fkill` 10.0.3 (cross-platform process tree kill) | +| Test Runner | `bun test` — separate scripts for unit, TUI (with `--preload @opentui/solid/preload`), and integration | +| Peer Dependencies | `@opencode-ai/plugin >=1.14.41` (narrowed from `>=1.14.0` in v0.12.0; dev pin: 1.15.4). `@opencode-ai/sdk` peer dep removed in v0.6.0 — it was never imported. | +| Runtime Dependencies | `fkill` 10.0.3 (cross-platform process tree kill); `@opentui/core` + `@opentui/solid` 0.2.6 (TUI); `solid-js` 1.9.13 (TUI reactive layer); `zod` ^4.3.0 (pinned with `overrides` to dodge TS2883 from dual-zod trees, added v0.7.0) | | License | MIT | | Node Engine | >=24 | +| Package exports | `.` (server plugin), `./plugin` (alias), `./tui` (opt-in TUI entry). `oc-plugin: ["server", "tui"]` declares both halves to OpenCode. | +| Build target split | `src/index.ts` builds with `target: 'node'` (plain-Node ESM loadable, gated by CI export-shape assertion); `src/tui/index.tsx` builds with `target: 'bun'` because `@opentui/solid` is Bun-specific. Both produced by `scripts/build.ts` + `tsc --emitDeclarationOnly`. | ### Mise Tooling -`mise.toml` pins: Bun 1.3.13, `npm:opencode-ai` 1.14.27, `npm:@github/copilot` 1.0.36. +`mise.toml` pins: Bun 1.3.14, `npm:opencode-ai` 1.15.4, `npm:@github/copilot` 1.0.48. ## Architecture ### Plugin Tools - **`copilot_delegate`** — Spawn `copilot -p` as background subprocess. Returns `task_id` (`cpl_`-prefixed UUID) immediately. Args: `prompt` (required), `agent?`, `model?`, `add_dir?`, `allow_tool?`, `deny_tool?`. -- **`copilot_output`** — Retrieve structured result envelope. Args: `task_id` (required), `block?` (default `false`), `timeout_ms?` (default 30000, max 120000). Returns envelope with `status`, `final_message`, `tokens`, `tool_calls_summary`. +- **`copilot_output`** — Retrieve structured result envelope. Args: `task_id` (required), `block?` (default `false`), `timeout_ms?` (default 30000, max 120000). Envelope includes `status`, `final_message`, `tokens`, `tool_calls_summary`, `origin` (`'spawn' | 'resume' | 'connect'`), and `copilot_session_id` (the upstream Copilot session UUID parsed from the JSONL `result` event, omitted when never emitted). - **`copilot_cancel`** — Cancel running delegation with SIGTERM → SIGKILL escalation. Returns `{cancelled, was_running}`. +- **`copilot_resume`** *(added v0.12.0)* — Resume a prior Copilot session by ID, name, or prefix via `copilot --resume=`. UUID targets are validated against the local Copilot session store before spawn; missing sessions return a structured error without invoking the CLI. When a prior plugin task's session ID matches the target, that task's `--add-dir` workspace set is reused if the caller omits `addDirs`. CLI `No session, task, or name matched` errors are normalized to `Session not found`. All `cwd` and `addDirs` are validated against allowed roots before spawn; argv-injection-shaped values are rejected. Completion surfaces a `[COPILOT RESUME COMPLETED]` header (vs `[COPILOT DELEGATION COMPLETED]` for spawn). ### Module Layout ``` src/ -├── index.ts # Plugin entrypoint — wires tools to runtime +├── index.ts # Plugin entrypoint — Node-loadable ESM, exports `default` only (CI-gated) ├── tools/ -│ ├── delegate.ts # copilot_delegate tool -│ ├── output.ts # copilot_output tool -│ └── cancel.ts # copilot_cancel tool +│ ├── delegate.ts # copilot_delegate tool +│ ├── output.ts # copilot_output tool +│ ├── cancel.ts # copilot_cancel tool +│ └── resume.ts # copilot_resume tool (v0.12.0) ├── runtime/ -│ ├── subprocess.ts # Spawns copilot CLI, streams JSONL stdout -│ ├── task-registry.ts # In-memory task state (create/get/update/delete/cleanup) -│ ├── jsonl-parser.ts # Single-line JSONL parser for Copilot CLI output -│ ├── envelope.ts # Builds structured output envelopes from parsed events -│ └── notify.ts # Injects completion notifications into OpenCode sessions +│ ├── subprocess.ts # Spawns copilot CLI, streams JSONL stdout +│ ├── task-registry.ts # In-memory task state (create/get/update/delete/cleanup) +│ ├── task-status.ts # setStatus lifecycle helper — terminal-state-only transitions +│ ├── jsonl-parser.ts # Single-line JSONL parser for Copilot CLI output +│ ├── envelope.ts # Builds structured output envelopes from parsed events +│ ├── notify.ts # Completion notifications + attachCompletionPipeline helper +│ ├── pid-file.ts # Per-instance PID file (write/read/truncate/unlink), serialized per file +│ ├── orphan-reaper.ts # Plugin-init reaper for foreign-instance subprocess orphans +│ ├── continuity-checks.ts # Process-identity + liveness probes for reaper +│ ├── continuity-validation.ts# Validation layer over continuity-checks results +│ ├── plugin-singleton.ts # Per-process factory singleton (globalThis Symbol) +│ ├── rpc-server.ts # Localhost-only RPC listener for TUI +│ └── rpc-contract.ts # Shared TS contract for RPC requests/responses ├── discovery/ -│ ├── agents.ts # Discovers .agent.md files from Copilot agent directories -│ └── description.ts # Builds copilot_delegate tool description from discovered agents -└── lib/ - ├── ansi.ts # Strip ANSI escapes - └── kill-tree.ts # Cross-platform process tree kill via fkill +│ ├── agents.ts # Discovers .agent.md files (user + repo only; no builtin list) +│ └── description.ts # Builds copilot_delegate description from discovered agents +├── lib/ +│ ├── ansi.ts # Strip ANSI escapes +│ ├── errno.ts # POSIX errno classification helpers +│ ├── kill-tree.ts # Cross-platform process-tree kill via fkill + process-group probe +│ ├── normalize-tool-arg-schemas.ts # zod _zod.toJSONSchema override (host-zod compat shim) +│ └── rpc-cleanup.ts # wireRpcServerCleanup (extracted from index.ts in v0.12.0) +└── tui/ + ├── index.tsx # TUI plugin entry (Solid + opentui) + ├── rpc-client.ts # Client for the server half's RPC listener + ├── components/ # SolidJS components for /copilot-status + └── __tests__/ # TUI tests (require @opentui/solid/preload) ``` ### Test Suite ``` tests/ -├── jsonl-parser.test.ts # Parser unit tests -├── envelope.test.ts # Envelope builder tests -├── subprocess.test.ts # Subprocess wrapper tests (fake copilot binary) -├── agents.test.ts # Agent discovery tests (temp fixture dirs) -├── notify.test.ts # Notification injection tests -├── tools.test.ts # Tool integration tests (full plugin lifecycle) -├── fixtures/ -│ └── jsonl/ # Real Copilot CLI JSONL captures (PII-scrubbed) -└── integration/ # Integration tests (not yet in CI, tracked in #38) +├── jsonl-parser.test.ts # JSONL parser +├── envelope.test.ts # Envelope builder +├── subprocess.test.ts # Subprocess wrapper (fake copilot binary) +├── agents.test.ts # Agent discovery (temp fixture dirs) +├── notify.test.ts # Notification injection +├── tools.test.ts # End-to-end tool integration +├── resume.test.ts # copilot_resume tool (v0.12.0) +├── task-registry.test.ts # Registry lifecycle +├── task-status.test.ts # setStatus terminal-state invariants +├── cancel-helper.test.ts # Cancel helper +├── pid-file.test.ts # PID file write/read/truncate/unlink + serialize +├── orphan-reaper.test.ts # Reaper with abort, timeouts, identity gate +├── continuity-checks.test.ts # comm/lstart probes +├── continuity-validation.test.ts# Validation layer +├── plugin-singleton.test.ts # Per-process singleton + duplicate-invocation warning +├── rpc-server.test.ts # RPC listener +├── rpc-contract.test.ts # RPC contract shape +├── rpc-cleanup.test.ts # wireRpcServerCleanup +├── normalize-tool-arg-schemas.test.ts # zod schema override +├── package-exports.test.ts # Asserts dist/index.js exports only `default` (matches CI gate) +├── index.test.ts # Plugin entry smoke +├── fixtures/jsonl/ # Real Copilot CLI JSONL captures (PII-scrubbed) +└── integration/ # LLM-driven end-to-end via `opencode run` (gated on GH_TOKEN/COPILOT_PAT; not in CI per #38) ``` ### Design Decisions - **Single-line JSONL parser:** `parseJsonlLine` handles one line at a time, returns `{ type: 'unknown' }` for malformed input. Stream-level multiline accumulation belongs in the subprocess wrapper. - **Task IDs:** Prefixed with `cpl_` to distinguish from OpenCode-native task IDs. -- **Process cleanup:** Uses `fkill` with `{ force: false, forceAfterTimeout: 2000, waitForExit: 5000 }` and `.catch()` guards on all `killProcessTree` calls. On macOS, `tree: true` is Windows-only, so kill targets the entire process group via `fkill(-pid, ...)` and subprocess is spawned with `detached: true`. -- **Notification safety:** In-flight counter decremented synchronously (before any `await`) in close handlers; counter map entries deleted at zero to prevent memory leaks over long-lived sessions. -- **Agent discovery:** Builtin agents (bundled with Copilot CLI) cannot be overridden by user or repo agents. +- **Process cleanup:** Uses `fkill` with `{ force: false, forceAfterTimeout: 2000, waitForExit: 5000 }` and `.catch()` guards on all `killProcessTree` calls. On macOS, `tree: true` is Windows-only, so kill targets the entire process group via `fkill(-pid, ...)` and subprocess is spawned with `detached: true`. Since v0.9.0 `killProcessTree` classifies fkill failures by probing the process *group* (`process.kill(-pid, 0)`); ESRCH is suppressed as "already gone," other states preserve the original throw. +- **Notification safety:** In-flight counter decremented synchronously (before any `await`) in close handlers; counter map entries deleted at zero to prevent memory leaks over long-lived sessions. Since v0.9.0 the fallback `client.app.log` call is wrapped in try/catch and uses the structured SDK shape so synchronous SDK throws can't escape the documented "never throws" contract. +- **Agent discovery (rewritten v0.5.0):** No more `BUILTIN_AGENTS` constant — passing one of the legacy six names (`default`, `explore`, `task`, `general-purpose`, `code-review`, `research`) made the standalone `@github/copilot` CLI fail at spawn with `No such agent`. `discoverAgents` now returns user agents (filtered by repo override) followed by repo agents; `Agent.source` is `'user' | 'repo'`. `buildDescription` emits an actionable hint pointing at `~/.copilot/agents` and `.github/agents` when discovery is empty. - **Structured errors:** Tools return `{ error: string }` objects, never throw exceptions. +- **`setStatus` lifecycle:** Centralizes terminal-status mutations and is idempotent on terminal state. Since v0.8.0 terminal → non-terminal transitions are explicitly forbidden — once a task reaches `complete`, `failed`, or `cancelled`, every subsequent `setStatus` call is a no-op (closes a resurrection path no caller exercised but the prior contract permitted). +- **Origin discriminator (v0.12.0):** `TaskState`, `OutputEnvelope`, and `EnvelopeInput` carry `origin: 'spawn' | 'resume' | 'connect'`. `spawn`-origin tasks (from `copilot_delegate`) surface `[COPILOT DELEGATION COMPLETED]`; `resume`-origin tasks (from `copilot_resume`) surface `[COPILOT RESUME COMPLETED]`. `connect` is wired for forward compatibility but unused today. +- **Per-parameter description survival (v0.7.0):** OpenCode's tool catalog renders plugin schemas via the host's bundled zod, which lives in a different module instance from the plugin's zod and cannot see plugin-side `.describe()` metadata. Each tool arg schema is patched with a `_zod.toJSONSchema` override (`src/lib/normalize-tool-arg-schemas.ts`) that delegates serialization back to the plugin-local zod — same fix shipped by `@cortexkit/opencode-magic-context` and `@cortexkit/aft-opencode`. `zod` is pinned as a direct dependency with a matching `overrides` entry to keep this repo's tree on a single zod version (resolves TS2883 from two zod trees coexisting at build time). + +### Orphan Reaper (added v0.2.0, hardened through v0.10.0) + +- **PID file per instance:** `/opencode-copilot-delegate/orphans/.pids` lists each spawned subprocess; entry removed on every terminal status transition. +- **Identity gate:** Reap requires a live process's `comm` (kernel-tracked executable name from `ps -o comm=`) AND `lstart` (start-time string) to match values recorded at spawn time. Combined with a spawner-liveness probe (`process.kill(, 0)`), this rules out both PID reuse of an unrelated process and cross-instance kill of a live foreign instance's children. +- **Streaming worker pool (v0.3.0):** Up to `MAX_CONCURRENT_PROBES = 5` workers drain a shared queue independently — a slow `ps` probe blocks only its own worker. Replaces the prior chunked `Promise.all` whose worst case stalled four siblings behind one slow probe. +- **Combined `ps` query (v0.3.0):** `getPidIdentity(pid)` runs `ps -p -o comm=,lstart=` in a single fork/exec, halving cost and providing an atomic kernel snapshot of both identity legs. +- **Configurable timeouts (v0.4.0):** Per-probe `ps` timeout (default 1000ms; warns on degradation) and overall `reapOrphans` timeout (default 15000ms) with cooperative `AbortSignal` cancellation. In-flight workers cooperate by skipping their next mutating step on abort, so dangerous side effects can't fire after the call returns. `ReapResult.timedOut: true` flags a timeout-aborted reap; count fields go to zero placeholders, not partial-progress accounting. +- **Same-user symlink hardening (v0.9.0):** PID file open and truncate paths use `O_NOFOLLOW`; PID file parent directories are rejected before orphan reaping, cleanup, and plugin init state-directory creation. Defends against attacker-controlled symlinks under same-UID write access. +- **Race-safe cleanup (v0.8.0):** `truncatePidFile(filePath)` and `unlinkPidFile(filePath)` route through the per-file `serializeWrite` lock. ENOENT silently swallowed. `cleanupAfterReap` uses these helpers so concurrent reap + task spawn is automatically race-safe. +- **Logging prefix:** Since v0.9.0 all runtime warnings share the `[copilot-delegate]` prefix across `kill-tree`, `orphan-reaper`, `pid-file`, `task-registry`, and `task-status`, making operator log filtering predictable. + +### Plugin Factory Singleton (added v0.8.0, refined in v0.11.0 and v0.12.0) + +When a user lists `opencode-copilot-delegate` in both a user-level (`~/.config/opencode/opencode.json`) and project-level `opencode.json`, the OpenCode host previously invoked the factory once per source — evaluating the module fresh, running orphan reaping, and registering its own copy of the three tools. The factory now resolves at most once per process via a `globalThis` Symbol singleton (`Symbol.for('opencode-copilot-delegate.singleton.v1')`): + +- **First invocation:** Runs `doInit` once, returns the real hooks. +- **Duplicate invocation (same PID, v0.11.0):** Returns **empty hooks** (`{}`) instead of the cached real hooks. The host's per-source iteration finds nothing to register a second time, eliminating the double-registration that previously caused each tool to appear twice in the LLM-visible catalog under dual-source configs. Heavy init (agent discovery, orphan reaping, RPC server startup) still runs at most once per process. Emits a one-time `console.warn` + `client.app.log` warning so duplicate-config situations stay observable. +- **Why this diverges from Systematic's PR #352 fix:** Systematic switched to per-load registration. This plugin keeps `plugInOnce` because `doInit` binds a TCP port (RPC server) and writes a PID file — running `doInit` twice in the same process would race on those exclusive resources. The divergence is documented inline in `plugin-singleton.ts` and `rpc-cleanup.ts` with cross-references to the Systematic PR. + +### Public-Surface Hardening (v0.12.0) + +OpenCode's plugin loader treats every named export from a plugin entry as a separate plugin factory and invokes it with `undefined` input. Systematic took hours of downtime from this contract in v2.5.0 and v2.12.1; this plugin institutionalized the fix: + +- `wireRpcServerCleanup` moved out of `src/index.ts` into `src/lib/rpc-cleanup.ts`; the entry re-imports it internally so only `default` is exported. +- Plugin entry now builds with `target: 'node'` (was `'bun'`) so `dist/index.js` loads under plain Node ESM. TUI entry stays on `target: 'bun'` because `@opentui/solid` is Bun-specific. +- CI gate between `Build` and `Unit tests` runs `node --input-type=module -e "import('./dist/index.js').then(m => …)"` and exits non-zero if anything other than `default` is exported or `default` is not a function. `tests/package-exports.test.ts` mirrors the assertion locally. Failure message references the Systematic regressions so future contributors find the rationale. + +### TUI Half (added v0.10.0) + +- **Opt-in second entry.** `package.json` declares `oc-plugin: ["server", "tui"]` and exposes `./tui` as a separate export. Existing server-only installs continue to register only the three tools; `/copilot-status` only appears when the TUI half is installed in `tui.jsonc`. +- **Slash command registration with feature detection (v0.12.0).** OpenCode 1.14.42 removed `api.command.register` in favor of the keymap engine; 1.14.44+ restored it as a deprecated shim that translates to `api.keymap.registerLayer`. The TUI entry now runtime-feature-detects: 1.14.44+ uses `api.keymap.registerLayer({ commands: [{ namespace: 'palette', name: 'copilot-status', title: 'Copilot Status', category: 'Copilot', run() }], bindings: [] })`; 1.14.41 falls back to `api.command.register`; neither present logs a warning and continues without the slash command. Mirrors the dual-path pattern Magic Context shipped in commit `5fe1c4f`. +- **Re-entrant close fix (v0.10.1):** Pressing Escape on `/copilot-status` previously froze the TUI via re-entrant dialog close handling. + +### RPC Layer (server ↔ TUI) + +The server half exposes a **localhost-only** RPC listener for the TUI. It writes a per-session authenticated port file under `/opencode/copilot-delegate/` so the TUI half can find and authenticate to the right server instance. Cleanup is best-effort: OpenCode's server plugin API has no dispose hook today, so cleanup is tied to process exit signals; the orphan-reaper posture covers missed shutdowns. ### Async Notification Pattern @@ -131,17 +208,17 @@ Six workflows on `main`: ### Fro Bot Integration -- **Agent:** `fro-bot/agent@v0.42.2` (SHA `94d8a156570d68d2461ab496b589e63bdcd6ba84`) -- **PR review:** Structured verdict format (PASS/CONDITIONAL/REJECT) with plugin-specific focus areas: TypeScript type safety, OpenCode API contracts, subprocess safety, tool output safety, changeset hygiene -- **Daily autohealing (16:00 UTC):** 4-category sweep: errored PRs, security, health & maintenance, developer experience. Single perpetual issue ("Daily Autohealing Report") strategy. +- **Agent:** `fro-bot/agent@v0.44.3` (SHA `b928e79729f01b563feabee26a0525a3b48501a6`) — up from v0.42.2 at prior survey +- **PR review:** Structured verdict format (PASS/CONDITIONAL/REJECT) with plugin-specific focus areas: TypeScript type safety, OpenCode API contracts (tool schema correctness, `ToolResult` shape, peerDependency compatibility), subprocess safety (spawn correctness, stdin/stdout buffering, signal propagation, process-tree kill, no zombies), tool output safety (no secrets/PATs/PII), changeset hygiene +- **Daily autohealing (16:00 UTC):** 4-category sweep — errored PRs, security, health & maintenance, developer experience. Single perpetual issue ("Daily Autohealing Report" #26) strategy. - **Required secrets:** `FRO_BOT_PAT`, `OPENCODE_AUTH_JSON`, `OMO_PROVIDERS`, `OPENCODE_CONFIG` - **Required variables:** `FRO_BOT_MODEL` - **Concurrency:** `fro-bot-{issue|pr|discussion|run_id}`, no cancel-in-progress ### Renovate Configuration -- Extends `marcusrbrown/renovate-config#4.5.8` -- LTS-only Node.js constraints for `@types/node` and GitHub Actions node versions +- Extends `marcusrbrown/renovate-config#5.2.0` (major-version jump from `#4.5.8` since last survey) +- LTS-only Node.js constraints for `@types/node` (even majors via regex `/^v?([0-9]*[02468])\\./`) and GitHub Actions node versions. An in-flight autoheal PR (#134) is tightening this further to caret-range LTS pinning. - `@opencode-ai/*` packages use `build` semantic commit type - Post-upgrade tasks: `bun install`, `bun run fix`, `bun run build` @@ -161,10 +238,19 @@ Uses Changesets via `changesets/action@v1.7.0`. GitHub App token for authenticat | # | Title | Notes | |---|-------|-------| -| 38 | Re-add integration tests to CI | Integration test directory exists but not wired into CI | +| 38 | Re-add integration tests to CI | Integration test directory exists but not wired into CI; LLM-driven, gated on `GH_TOKEN`/`COPILOT_PAT` (model overridable via `OPENCODE_TEST_MODEL`, defaults to `opencode/minimax-m2.5`) | | 26 | Daily Autohealing Report | Perpetual issue managed by Fro Bot | | 25 | Dependency Dashboard | Renovate tracking issue | +## Open PRs (2026-05-21) + +| # | Title | Notes | +|---|-------|-------| +| 135 | fix(deps): update dependency @opentui/solid to v0.2.8 | Renovate | +| 134 | fix(ci): constrain @types/node to LTS (even) majors and caret ranges in autoheal prompt | Fro Bot self-correction | +| 130 | fix(deps): update dependency @opentui/core to v0.2.7 | Renovate | +| 127 | chore(dev): update @types/node 24 → 25 (major) | Will be rejected by LTS-only rule once #134 lands | + ## Design Documentation - Implementation plan at `docs/plans/2026-04-21-copilot-delegate-plugin.md` — 11 ordered tasks from repo bootstrap through publish @@ -199,13 +285,19 @@ Uses Changesets via `changesets/action@v1.7.0`. GitHub App token for authenticat These divergences are appropriate for an OpenCode plugin — Bun is the OpenCode runtime, Biome is lighter than ESLint+Prettier for a small plugin, and `bun test` matches the ecosystem convention. Same pattern as [[marcusrbrown--systematic]]. -## Known Limitations (v0.1.x) +## Known Limitations (current as of v0.12.0) + +- **Orphaned subprocesses *(largely mitigated since v0.2.0)*:** A PID-file reaper now scans `/opencode-copilot-delegate/orphans/` at every plugin init, probes the owning plugin's liveness, and reaps subprocesses whose plugin has exited. The strict identity gate (kernel-tracked `comm` + start time) prevents PID-reuse misfires. The "mitigated" qualifier remains because the reap is best-effort under abort/timeout conditions. +- **Prompt visibility in `ps`:** Copilot CLI accepts the prompt as a command-line argument, exposing full prompt text in `ps` output for any user on the host. Upstream limitation — avoid delegating prompts containing secrets or PII; pass sensitive material via files, env vars, or `--secret-env-vars` instead. +- **No subprocess lifetime cap:** Hung `copilot` subprocess stays as `running` indefinitely. Cancel manually via `copilot_cancel`. Configurable timeout still planned for v1.x. +- **Single-process scope:** Task state is in-memory only; cross-process sharing requires future sqlite registry + IPC. `copilot_output` from a different OpenCode process returns `{ status: 'unknown', error: 'task_id not found in this OpenCode process' }`. +- **RPC cleanup is best-effort:** OpenCode's server plugin API has no dispose hook today, so RPC server cleanup relies on process-exit signals and the orphan-reaper posture for missed shutdowns. +- **TUI is opt-in:** Server plugin works alone. `/copilot-status` requires explicitly installing the TUI half in `tui.jsonc` — see the README for the dual-config snippet. +- **Integration tests not in CI:** Test directory exists but tracked as issue #38. Suite skips when neither `GH_TOKEN` nor `COPILOT_PAT` is set. + +## 0.x Versioning Policy -- **Orphaned subprocesses:** If OpenCode crashes mid-delegation, the `copilot` subprocess becomes orphaned. PID-file reaper planned for v1.x. -- **Prompt visibility in `ps`:** Copilot CLI accepts prompt as command-line argument, exposing full prompt text in `ps` output. Upstream limitation — avoid delegating prompts containing secrets or PII. -- **No subprocess lifetime cap:** Hung `copilot` subprocess stays as `running` indefinitely. Cancel manually via `copilot_cancel`. Configurable timeout planned for v1.x. -- **Single-process scope:** Task state is in-memory only; cross-process sharing requires future sqlite registry + IPC. -- **Integration tests not in CI:** Test directory exists but tracked as issue #38. +Releases under `0.x` are unstable and may include breaking changes between minor versions. README explicitly recommends pinning to an exact version in production. `1.0.0` will be cut once the public surface stabilizes — likely after the configurable subprocess timeout and cross-process registry land. ## Survey History @@ -213,3 +305,4 @@ These divergences are appropriate for an OpenCode plugin — Bun is the OpenCode |------|-----|-----------| | 2026-04-23 | `bea3f57` | Initial survey — v0.1.0 scaffold with TODO stubs, no CI/Fro Bot/Renovate on main | | 2026-04-27 | `02cac9c` | Implementation complete, CI active, Fro Bot v0.42.2, Renovate live, 6 workflows, `fkill` dependency added, Biome 1.9.4→2.4.13, TypeScript 6.0.3, 3 open issues | +| 2026-05-21 | `2744ce7` | v0.12.0 on npm (11 minor releases since prior survey). Fourth tool `copilot_resume` added. TUI half (`src/tui/`) shipped opt-in via `oc-plugin: ["server", "tui"]` and `./tui` export. Orphan reaper (v0.2.0+) hardened through streaming worker pool (v0.3.0), configurable timeouts (v0.4.0), symlink-attack defenses (v0.9.0), race-safe cleanup (v0.8.0). Per-process plugin singleton (v0.8.0/v0.11.0) returns empty hooks on duplicate invocation to fix double-registration under dual-config. Public-surface hardening (v0.12.0): plugin entry now Node-loadable, CI gates export shape. Localhost RPC layer wires server ↔ TUI. Fro Bot agent v0.42.2 → v0.44.3. Renovate preset `marcusrbrown/renovate-config#4.5.8` → `#5.2.0`. `@opencode-ai/sdk` peer dep removed (v0.6.0, was never imported). `@opencode-ai/plugin` peer narrowed `>=1.14.0` → `>=1.14.41`. zod pinned `^4.3.0` with `overrides` (v0.7.0) to dodge dual-zod TS2883. Tests grew from ~6 to 21 unit files plus integration. 3 open issues (same as prior), 4 open PRs (Renovate + one Fro Bot self-correction). | diff --git a/knowledge/wiki/topics/opencode-plugins.md b/knowledge/wiki/topics/opencode-plugins.md index b03b2fcf7..9329d9c24 100644 --- a/knowledge/wiki/topics/opencode-plugins.md +++ b/knowledge/wiki/topics/opencode-plugins.md @@ -2,7 +2,7 @@ type: topic title: OpenCode Plugin Development created: 2026-04-23 -updated: 2026-05-06 +updated: 2026-05-21 sources: - url: https://github.com/marcusrbrown/opencode-copilot-delegate sha: bea3f576d7218900b9216a8a2c2947003660809b @@ -16,7 +16,10 @@ sources: - url: https://github.com/marcusrbrown/systematic sha: 420ef650215a9ca8cefa01f125e02434e351952e accessed: 2026-05-06 -tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents] + - url: https://github.com/marcusrbrown/opencode-copilot-delegate + sha: 2744ce7fc07660baa4f17bfff3656141888261cf + accessed: 2026-05-21 +tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton] --- # OpenCode Plugin Development @@ -130,10 +133,117 @@ Rather than registering one tool per skill, systematic registers a single `syste | Repo | npm Package | Purpose | Stack | Status | |------|-------------|---------|-------|--------| | [[marcusrbrown--systematic]] | `@fro.bot/systematic` | Structured engineering workflows (46 skills, 50 agents) | Bun, Biome, semantic-release | Active, v2.7.3 | -| [[marcusrbrown--opencode-copilot-delegate]] | `opencode-copilot-delegate` | Delegate tasks to Copilot CLI as background subprocesses | Bun, Biome, Changesets | Active, v0.1.0 | +| [[marcusrbrown--opencode-copilot-delegate]] | `opencode-copilot-delegate` | Delegate tasks to Copilot CLI as background subprocesses; opt-in `/copilot-status` TUI half | Bun, Biome, Changesets | Active, v0.12.0 (4 tools: delegate/output/cancel/resume) | Both plugins use Bun + Biome (not the `@bfra.me/*` ESLint/Prettier stack), establishing this as the standard for Marcus's OpenCode plugin repos. Both use `mise.toml` to pin Bun and tool versions. +## Two-Half Plugin Pattern (server + TUI) + +[[marcusrbrown--opencode-copilot-delegate]] v0.10.0+ ships **two plugin entries** in one npm package: + +```jsonc +// package.json +{ + "exports": { + ".": { "import": "./dist/index.js" }, // server half + "./tui": { "import": "./dist/tui/index.js" } // TUI half + }, + "oc-plugin": ["server", "tui"] +} +``` + +Users opt into each half independently: + +```jsonc +// opencode.json — server half registers the tools +{ "plugin": ["opencode-copilot-delegate"] } + +// tui.jsonc — TUI half adds /copilot-status +{ "plugin": ["opencode-copilot-delegate/tui"] } +``` + +**Build target split.** The server entry builds with `target: 'node'` (plain Node ESM loadable, gated by a CI export-shape assertion). The TUI entry stays on `target: 'bun'` because `@opentui/solid` is Bun-specific. + +**Server ↔ TUI RPC.** The server half exposes a localhost-only RPC listener and writes a per-session authenticated port file under `/opencode/copilot-delegate/`. The TUI half reads the port file to find the right server instance. Cleanup is best-effort — OpenCode's server plugin API has no dispose hook today, so cleanup is tied to process exit signals and the orphan-reaper covers missed shutdowns. + +## OpenCode Plugin Loader Gotchas + +These bit upstream plugins before; institutionalizing the fixes saves hours of incident response. + +### Loader treats every named export as a plugin factory + +The loader iterates every named export from a plugin entry point and invokes each with `undefined` input. Stray named exports (helpers, types, internal utilities) get called as plugin factories and crash on the missing input. + +- **Systematic regressed here in v2.5.0 and v2.12.1** (hours of downtime each time). +- **opencode-copilot-delegate v0.12.0** moved `wireRpcServerCleanup` out of `src/index.ts` into `src/lib/rpc-cleanup.ts` and added a CI gate that runs `node --input-type=module -e "import('./dist/index.js').then(m => …)"` between Build and Unit tests, exiting non-zero if anything other than `default` is exported or `default` is not a function. `tests/package-exports.test.ts` mirrors the assertion locally. + +**Rule:** Plugin entry points export only `default`. Period. + +### `api.command.register` is unstable across OpenCode versions + +- **OpenCode 1.14.42** removed `api.command.register` in favor of the keymap engine. +- **1.14.44+** restored it as a deprecated shim translating to `api.keymap.registerLayer`. + +TUI plugins that unconditionally call `api.command.register` silently lose their slash commands on the version where it's gone. Runtime-feature-detect both paths: + +```typescript +if (typeof api.keymap?.registerLayer === 'function') { + api.keymap.registerLayer({ + commands: [{ namespace: 'palette', name: 'copilot-status', title: 'Copilot Status', category: 'Copilot', run }], + bindings: [], + }) +} else if (typeof api.command?.register === 'function') { + api.command.register({ /* ... */ }) +} else { + // Defensive: log warning, plugin still loads without the slash command +} +``` + +opencode-copilot-delegate's TUI half follows the dual-path pattern Magic Context shipped in commit `5fe1c4f`. + +### Host zod ≠ plugin zod (per-parameter description loss) + +OpenCode's tool catalog serializes plugin schemas via the **host's** bundled zod, not the plugin's. Plugin-side `.describe()` metadata lives in a separate module-local metadata registry and is invisible across the boundary, so per-parameter descriptions get dropped before reaching the LLM. + +Two known workarounds: + +1. **`_zod.toJSONSchema` override** (v0.7.0 fix in [[marcusrbrown--opencode-copilot-delegate]], same fix shipped by `@cortexkit/opencode-magic-context` and `@cortexkit/aft-opencode`): patch each tool arg schema with a serialization override that delegates back to the plugin-local zod. Use `src/lib/normalize-tool-arg-schemas.ts`-style helpers. +2. **`.describe().optional()`** (v0.6.0 partial fix): zod's `toJSONSchema(…, { io: 'input' })` unwraps `.optional()` and drops descriptions attached to the wrapper. Reordering to `.describe(…).optional()` places the description on the leaf type so it survives the unwrap. Insufficient on its own when host/plugin zod are different module instances — pair with the override above. + +Pin zod as a direct dependency with a matching `overrides` entry so the plugin's own install tree stays on one version (resolves TS2883 from dual-zod trees at build time). `overrides` is local-install-only; downstream consumers may still see a different transitive zod from their OpenCode host. + +### `api.command.register` removal isn't the only churn — narrow peer ranges accordingly + +opencode-copilot-delegate v0.12.0 narrowed `peerDependencies['@opencode-ai/plugin']` from `>=1.14.0` to `>=1.14.41` to align advertised compatibility with what's actually tested. Plugin authors should narrow peer ranges in lockstep with the OpenCode versions their feature-detection branches actually cover. + +## Orphan Subprocess Reaping + +When a plugin spawns long-running subprocesses, OpenCode crashes or reloads can leave orphans. [[marcusrbrown--opencode-copilot-delegate]] (v0.2.0+) ships a generalizable pattern: + +1. **Per-instance PID file** at `//orphans/.pids`, one line per spawned subprocess. Entry removed on every terminal status transition. +2. **Strict identity gate** before any kill: live process's `comm` (kernel-tracked executable name from `ps -o comm=`) AND `lstart` (start-time string) must match values recorded at spawn time. Rules out both PID reuse and cross-instance kills of a live foreign instance's children. +3. **Spawner liveness probe** (`process.kill(, 0)`) before reaping any foreign file. Live spawner → skip. Dead spawner → reap entries, delete file. +4. **Streaming worker pool** (cap 5) drains a shared queue; a slow `ps` probe blocks only its own worker. +5. **Combined `ps -p -o comm=,lstart=` query**: one fork/exec gets an atomic kernel snapshot of both identity legs. +6. **Configurable timeouts** with cooperative `AbortSignal` cancellation. In-flight workers cooperate by skipping their next mutating step on abort, so dangerous side effects can't fire after the call returns. +7. **Same-user symlink hardening**: `O_NOFOLLOW` on PID file open/truncate; reject symlinked PID file parent directories before scanning. +8. **Race-safe cleanup**: every truncate/unlink goes through a per-file `serializeWrite` lock. + +This pattern generalizes to any plugin that spawns subprocesses it must clean up across crashes. + +## Per-Process Plugin Factory Singleton + +When a user lists the same plugin in both `~/.config/opencode/opencode.json` and a project-level `opencode.json`, OpenCode's host previously invoked the factory once per source. Two divergent fixes: + +| Plugin | Pattern | Rationale | +|--------|---------|-----------| +| [[marcusrbrown--systematic]] (PR #352) | Per-load registration | No exclusive resources; cleaner to register cleanly each time | +| [[marcusrbrown--opencode-copilot-delegate]] (v0.8.0+) | `globalThis` Symbol singleton; **duplicate invocations return empty hooks `{}`** (v0.11.0) | `doInit` binds a TCP port (RPC server) and writes a PID file — running it twice in the same process would race on exclusive resources | + +The empty-hooks-on-duplicate-invocation fix specifically targets the LLM-visible tool catalog: the host iterates each source's returned hook surface and registers every tool entry it finds, even when two sources return the same JS reference. Returning `{}` on duplicates gives the host nothing to register a second time. The first invocation still runs `doInit` once and receives the real hooks; subsequent invocations in the same PID receive `{}` and emit a one-time warning so duplicate-config situations stay observable. + +Both plugins document the divergence inline with cross-references to each other's source files. + ## Documentation Deployment [[marcusrbrown--systematic]] deploys its Starlight/Astro docs site to a separate repo ([[fro-bot--systematic]]) rather than using the source repo's GitHub Pages. The docs site at **fro.bot/systematic/** also serves the OCX component registry (`.well-known/ocx.json` → `/systematic/index.json`), enabling `ocx` CLI to install individual skills and agents by URL. See [[github-pages]] for the cross-repo deploy pattern. From f515b612de6fd1a056f156be5f6deebb80621a66 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 21 May 2026 01:54:46 -0700 Subject: [PATCH 32/77] chore(reconcile): record survey success for marcusrbrown/opencode-copilot-delegate --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 26f535e13..eee54a2d0 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -206,12 +206,12 @@ repos: name: opencode-copilot-delegate added: 2026-04-23 onboarding_status: onboarded - last_survey_at: 2026-04-27 + last_survey_at: 2026-05-21 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-05-27 + next_survey_eligible_at: 2026-06-23 private: false node_id: R_kgDOSKIp0Q - owner: '[REDACTED]' From fe558eaa38a477ea39f9e04230ed89668feb3ef0 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 22 May 2026 01:38:27 -0700 Subject: [PATCH 33/77] feat(knowledge): survey fro-bot/agent --- knowledge/index.md | 2 +- knowledge/log.md | 24 +++++ knowledge/wiki/repos/fro-bot--agent.md | 126 ++++++++++++++++++------- 3 files changed, 117 insertions(+), 35 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index bacfc2bc7..23c69ebcb 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -8,7 +8,7 @@ Master catalog of all wiki pages, organized by type. - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal - [[bfra-me--renovate-action]] — bfra-me/renovate-action - [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) -- [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos +- [[fro-bot--agent]] — GitHub Action harness for OpenCode (oMo now opt-in) with persistent session state; v0.44.3 ships a new long-running Discord gateway daemon (`packages/gateway`, Effect 3.x) and a Docker Compose deploy stack (gateway + workspace + mitmproxy egress allowlist); core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — fro-bot/systematic - [[marcusrbrown--dotfiles]] — marcusrbrown/.dotfiles diff --git a/knowledge/log.md b/knowledge/log.md index 7f388214e..14c98083f 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1289,3 +1289,27 @@ Sources: https://github.com/marcusrbrown/opencode-copilot-delegate (SHA 2744ce7f Surveyed marcusrbrown/opencode-copilot-delegate and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/opencode-copilot-delegate + +## [2026-05-22 07:00] ingest | repo:fro-bot/agent + +Re-surveyed `fro-bot/agent` at SHA `8632cf4` / release `v0.44.3` (from prior `ef6b952` / `v0.42.8` @ 2026-05-08). Updated `knowledge/wiki/repos/fro-bot--agent.md` additively and refreshed `knowledge/index.md`. + +Notable changes since last survey: + +- **New `packages/gateway`** — Long-running Discord daemon (`@fro-bot/gateway`). Uses `discord.js` 14.26.4 and `effect` 3.21.2. Effect is sandboxed to the gateway; `apps/action` and `packages/runtime` stay on hand-rolled `Result` from `@bfra.me/es`. The Result→Effect boundary lives in a single adapter file (`runtime-effect.ts`). +- **New `deploy/` Docker stack** — Compose v2 stack with three services: `gateway`, `workspace` (v1 placeholder; real agent in Unit 7), `mitmproxy` (fail-closed egress allowlist). File-based secrets, dual S3 auth (explicit pair or SDK default chain). +- **`enable-omo` action input added** — oMo is now opt-in (default `false`). Previously auto-installed alongside OpenCode. The `agent` input default likewise moved from `sisyphus` to unset (uses OpenCode build agent). +- **`services/object-store/` is gone** from the action's src tree. The runtime adapter in the gateway wraps S3 sync helpers from `@fro-bot/runtime`, suggesting the object-store primitives migrated into the runtime package. The action's `AGENTS.md` (dated 2026-03-29, commit `045cac8`) is now stale relative to this layout — flagged as a known contradiction; no overwrite of historical 2026-05-08 note. +- **Dep bumps:** `@opencode-ai/sdk` 1.14.30→1.14.41, `tsdown` 0.21.10→0.22.0, `vitest` 4.1.5→4.1.6, `eslint` 10.2.1→10.3.0, `@aws-sdk/client-s3` 3.1040→3.1045, `vite` pin 8.0.10→8.0.13, pnpm 10.33.2→10.33.4. +- **Health signals:** open issues 7→2 (significant triage), stars 0→1. +- **New `.agents/skills/` and `RULES.md`** at repo root. RULES.md formalizes the documentation hierarchy as PRD > RFCs > FEATURES.md > RULES.md. + +The repo's self-hosted Fro Bot workflow remains intact (PR review, daily DMR @ 15:30 UTC, weekly wiki @ Sun 20:00 UTC, manual dispatch). Workflow now pins `fro-bot/agent@v0` (major) rather than a patch pin. + +Sources: https://github.com/fro-bot/agent (SHA 8632cf4706b10f7350284c3f0480dd620f2a30b7) + +## [2026-05-22 08:38] ingest | repo:fro-bot/agent + +Surveyed fro-bot/agent and updated the control-plane wiki. + +Sources: https://github.com/fro-bot/agent diff --git a/knowledge/wiki/repos/fro-bot--agent.md b/knowledge/wiki/repos/fro-bot--agent.md index d88c169c2..d807a9811 100644 --- a/knowledge/wiki/repos/fro-bot--agent.md +++ b/knowledge/wiki/repos/fro-bot--agent.md @@ -2,15 +2,18 @@ type: repo title: "fro-bot/agent" created: 2026-05-07 -updated: 2026-05-08 +updated: 2026-05-22 sources: + - url: https://github.com/fro-bot/agent + sha: 8632cf4706b10f7350284c3f0480dd620f2a30b7 + accessed: 2026-05-22 - url: https://github.com/fro-bot/agent sha: ef6b9525583d13f9443b80e6ceffff8af978410a accessed: 2026-05-08 - url: https://github.com/fro-bot/agent sha: ef6b9525583d13f9443b80e6ceffff8af978410a accessed: 2026-05-07 -tags: [github-actions, agent, opencode, omo, typescript, persistent-memory, ci-cd, fro-bot, semantic-release, pnpm-workspace, monorepo] +tags: [github-actions, agent, opencode, omo, typescript, persistent-memory, ci-cd, fro-bot, semantic-release, pnpm-workspace, monorepo, discord, effect, docker-compose, mitmproxy] related: - marcusrbrown--systematic - marcusrbrown--opencode-copilot-delegate @@ -34,34 +37,37 @@ GitHub Action harness for [OpenCode](https://opencode.ai/) + [Oh My OpenAgent (o | Attribute | Value | | ---------------------- | ------------------------------------------------------------------- | | Created | 2026-01-02 | -| Last push | 2026-05-07 | -| Latest release | v0.42.8 (2026-05-06) | +| Last push | 2026-05-20 (survey 2026-05-22) | +| Latest release | v0.44.3 (2026-05-20) | | Language | TypeScript (strict, ESM-only) | -| License | MIT | -| Node.js | 24 (pinned in `.node-version`) | -| Package manager | pnpm 10.33.2 | +| Node.js | 24.15.0 (pinned in `.node-version`) | +| Package manager | pnpm 10.33.4 | | Runtime | `node24` (GitHub Action `runs.using`) | | Bundler | tsdown (Rolldown-based, dual entry points) | -| Test framework | Vitest 4.1.5 | -| Lint | ESLint 10.2.1 (`@bfra.me/eslint-config`), Prettier 3.8.3 | +| Test framework | Vitest 4.1.6 (was 4.1.5 @ v0.42.8) | +| Lint | ESLint 10.3.0 (`@bfra.me/eslint-config` 0.51.0), Prettier 3.8.3 | | TypeScript | 6.0.3 | | Release | semantic-release on `release` branch, `next` → `release` PR model | | Visibility | Public | -| Stars | 0 | -| Open issues | 7 | +| Stars | 1 (was 0 @ 2026-05-08) | +| Open issues | 2 (was 7 @ 2026-05-08 — significant triage activity) | +| Open PRs | 5 | | Topics | actions, agent, automation, bot, fro-bot, github-actions, github-app | ## Architecture ### Workspace Layout -pnpm workspace monorepo with two workspace members: +pnpm workspace monorepo. As of 2026-05-22 the workspace has **three members** (gateway added between v0.42.8 and v0.44.3): - **`apps/action`** (`@fro-bot/action`) — The GitHub Action entry points. Private, no publish. Depends on `@fro-bot/runtime`. -- **`packages/runtime`** (`@fro-bot/runtime`) — Shared runtime library. Private, exports source-level TS (no pre-built dist; consumed via workspace protocol). +- **`packages/runtime`** (`@fro-bot/runtime`) — Shared runtime library. Private, exports source-level TS (no pre-built dist; consumed via workspace protocol). Hand-rolled `Result` from `@bfra.me/es` is the error convention here. +- **`packages/gateway`** (`@fro-bot/gateway`) — **New 2026-05-22.** Long-running Discord-first daemon. Wraps `@fro-bot/runtime` with `effect` 3.21.2 as the composition layer. Depends on `discord.js` 14.26.4. Builds to `packages/gateway/dist/` via `tsdown`. Root `tsdown.config.ts` bundles `apps/action/src/main.ts` and `apps/action/src/post.ts` into `dist/main.js` and `dist/post.js`. The `dist/` directory is **committed** (GitHub Action requirement — no build step at consumption time). +The gateway has its own `dist/` not committed at root — it's a runtime daemon shipped via the Docker stack in `deploy/`, not consumed as an action. + ### Layered Source Structure The codebase follows a strict four-layer dependency hierarchy (~145 source files, ~15k lines): @@ -73,7 +79,9 @@ The codebase follows a strict four-layer dependency hierarchy (~145 source files | 2 | `src/features/` | Business logic: agent execution, triggers/routing, comments, reviews, attachments, delegated branch/PR ops, observability | | 3 | `src/harness/` | Workflow composition: entry points, phase orchestration, config parsing | -**Note (2026-05-08):** The AGENTS.md lists `object-store/` in Layer 1 services, but the actual directory listing shows `artifact/` instead (containing `upload.ts`, `upload.test.ts`, `index.ts`). The S3-compatible object-store functionality may have been refactored or the AGENTS.md is stale relative to the current directory structure. S3 backup configuration remains in the action inputs, so the capability likely moved elsewhere (possibly into `services/session/` or `services/cache/`). +**Note (2026-05-08):** The AGENTS.md listed `object-store/` in Layer 1 services, but the actual directory listing showed `artifact/` instead (containing `upload.ts`, `upload.test.ts`, `index.ts`). The S3-compatible object-store functionality may have been refactored or the AGENTS.md was stale relative to the current directory structure. S3 backup configuration remains in the action inputs, so the capability likely moved elsewhere (possibly into `services/session/` or `services/cache/`). + +**Update (2026-05-22):** `src/services/` confirms the new layout: `artifact/`, `cache/`, `github/`, `session/`, `setup/` — `object-store/` is gone from the action's src tree. The S3 object-store functionality appears to have migrated either into the gateway/runtime split (`@fro-bot/runtime` is the dependency the gateway uses for `S3 sync helpers`, per `packages/gateway/AGENTS.md`) or been folded into session/cache write-through. The action's AGENTS.md (dated 2026-03-29, commit `045cac8`) is now stale relative to this layout. Entry points (`src/main.ts`, `src/post.ts`) are thin delegates to `src/harness/run.ts` and `src/harness/post.ts`. @@ -101,7 +109,8 @@ Entry points (`src/main.ts`, `src/post.ts`) are thin delegates to `src/harness/r | `auth-json` | (required) | JSON map of LLM provider credentials | | `prompt` | — | Custom prompt for the agent | | `output-mode` | `auto` | Delivery mode: `auto`, `working-dir`, `branch-pr` | -| `agent` | `sisyphus` | Primary agent name | +| `agent` | (unset) | Primary agent name (defaults to OpenCode build agent if unset; was `sisyphus` @ v0.42.x) | +| `enable-omo` | `false` | Opt-in to Oh My OpenAgent for extended providers/agents (**new — oMo is no longer auto-installed**) | | `model` | — | Model override (`provider/model` format) | | `timeout` | `1800000` | Execution timeout in ms (0 = no limit) | | `session-retention` | `50` | Sessions to retain before pruning | @@ -120,6 +129,44 @@ Entry points (`src/main.ts`, `src/post.ts`) are thin delegates to `src/harness/r | `cache-status` | Cache restore status (`hit`/`miss`/`corrupted`) | | `duration` | Run duration in seconds | +## Discord Gateway (new 2026-05-22) + +`packages/gateway` is a Discord-first daemon — the "Category B" feature long planned in `FEATURES.md` has shipped as runnable code. + +| Aspect | Detail | +| ------------------- | -------------------------------------------------------------------------------------------- | +| Entry point | `packages/gateway/src/main.ts` — wires Discord client, registers slash commands, SIGTERM | +| Composition layer | `effect` 3.21.2 — `Effect.Effect` everywhere outside the runtime adapter | +| Runtime adapter | `packages/gateway/src/runtime-effect.ts` — sole `Result<>` → `Effect` boundary | +| Discord library | `discord.js` 14.26.4 with non-privileged intents (`Guilds`, `GuildMessages`) by default | +| Privileged intents | Opt-in via `DISCORD_PRIVILEGED_INTENTS` env var | +| Secret loading | `readSecret(name)` checks `${NAME}_FILE` first (Docker secrets), falls back to env var | +| Lifecycle | Long-running; SIGTERM handler with 25s drain | + +### Effect / Result Boundary + +The gateway is the **only** package using `effect`. The action runner (cold-start sensitive) and the runtime stay on hand-rolled `Result`. Subagents adding a runtime call must add the wrapper to `runtime-effect.ts` first, never import `@fro-bot/runtime` directly outside the adapter. + +Wrapped runtime functions: `acquireLock`, `releaseLock`, `renewLease`, `forceReleaseLock`, `createRun`, `transitionRun`, `findStaleRuns`, `validateProviderSemantics`, plus S3 sync helpers. This implies the runtime now owns durable lock, run-state, and S3 primitives that were previously scattered (or planned) — these were likely the migration target for `services/object-store/`. + +Effect surface used at Unit 4: core (`Effect`, `pipe`, `tryPromise`, `flatMap`, `gen`, `runPromise`, `try`, `succeed`, `fail`, `either`, `void`, `catchAll`). Planned for later units: `Schedule.*` (retry), `Schema.*` (payload validation). DI / Layer / Context / STM / Streams deliberately not used at v1. + +## Deployment Stack (`deploy/`, new 2026-05-22) + +Docker Compose v2 stack for running the gateway daemon outside CI: + +| Service | Role | +| ----------- | --------------------------------------------------------------------------------- | +| `gateway` | Discord gateway daemon — slash commands and mentions (`gateway.Dockerfile`) | +| `workspace` | Workspace agent container (placeholder in v1; real agent wired in Unit 7) | +| `mitmproxy` | Egress proxy enforcing an allowlist of permitted outbound hosts | + +Stack files: `deploy/compose.yaml`, `deploy/compose.override.example.yaml`, `deploy/gateway.Dockerfile`, `deploy/workspace.Dockerfile`, `deploy/init-certs.sh`, `deploy/validate-stack.sh`, `deploy/mitmproxy/`. + +Secrets are file-based (`deploy/secrets/*`, 0600 permissions). Required: `discord-token`, `discord-application-id`, `s3-bucket`, `s3-region`. Optional: `s3-endpoint`, `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` (pair contract — both or neither; falls back to SDK default credential chain), `AWS_SESSION_TOKEN`. + +mitmproxy is configured to fail closed by default; `OBJECT_STORE_HOSTS` is the allowlist knob for S3 egress. + ## Supported Event Triggers | Event | `@mention` | Prompt source | Concurrency key | @@ -183,18 +230,23 @@ The repo runs its own Fro Bot agent (self-referencing `./` in CI, `fro-bot/agent ## Dependency Highlights -| Package | Version | Purpose | -| --------------------- | ------------ | ------------------------------------ | -| `@actions/cache` | 6.0.0 | GitHub Actions cache operations | -| `@actions/core` | 3.0.1 | Action I/O, logging, state | -| `@actions/github` | 9.1.1 | Octokit + GitHub context | -| `@aws-sdk/client-s3` | 3.1040.0 | S3-compatible object storage | -| `@opencode-ai/sdk` | 1.14.30 | OpenCode execution | -| `@octokit/auth-app` | 8.2.0 | GitHub App authentication | -| `@bfra.me/es` | 0.1.0 | Shared ES utilities | -| `tsdown` | 0.21.10 | Rolldown-based bundler | -| `semantic-release` | 25.0.3 | Automated versioning/publishing | -| `simple-git-hooks` | 2.13.1 | Pre-commit (lint-staged), pre-push | +| Package | Version (2026-05-22) | Was @ v0.42.8 | Purpose | +| --------------------- | -------------------- | ------------- | ------------------------------------ | +| `@actions/artifact` | 6.2.1 | — | Artifact upload (root dep now) | +| `@actions/cache` | 6.0.0 | 6.0.0 | GitHub Actions cache operations | +| `@actions/core` | 3.0.1 | 3.0.1 | Action I/O, logging, state | +| `@actions/exec` | 3.0.0 | — | Subprocess execution | +| `@actions/github` | 9.1.1 | 9.1.1 | Octokit + GitHub context | +| `@actions/tool-cache` | 4.0.0 | — | Tool caching for setup phase | +| `@aws-sdk/client-s3` | 3.1045.0 | 3.1040.0 | S3-compatible object storage | +| `@opencode-ai/sdk` | 1.14.41 | 1.14.30 | OpenCode execution | +| `@octokit/auth-app` | 8.2.0 | 8.2.0 | GitHub App authentication | +| `@bfra.me/es` | 0.1.0 | 0.1.0 | Shared ES utilities | +| `discord.js` | 14.26.4 | — | Gateway Discord client (gateway pkg) | +| `effect` | 3.21.2 | — | Gateway composition layer | +| `tsdown` | 0.22.0 | 0.21.10 | Rolldown-based bundler | +| `semantic-release` | 25.0.3 | 25.0.3 | Automated versioning/publishing | +| `simple-git-hooks` | 2.13.1 | 2.13.1 | Pre-commit (lint-staged), pre-push | ## Renovate Configuration @@ -233,6 +285,8 @@ The `docs/` directory contains extensive planning and operational artifacts: A `FEATURES.md` at repo root documents v1.4 MVP with 73 features across 12 categories (GitHub interactions, Discord agent, memory/persistence, setup, SDK execution, context/prompt, security, observability, error handling, configuration, additional triggers, delegated work tools). +**New 2026-05-22:** A top-level `.agents/skills/` directory has appeared (project-local skills accessible to the agent during self-hosted runs). A `.slim/` directory and `RULES.md` (development rules v1.4 covering technology stack, code style, architecture patterns, security, testing, build/release, anti-patterns) round out the agent-oriented top-level surface. `RULES.md` declares the documentation hierarchy: PRD > RFCs > FEATURES.md > RULES.md. + A `PRD.md` contains the full product requirements document. `RFCS.md` indexes the 19 RFC architecture decision records. ## Ecosystem Role @@ -265,22 +319,26 @@ Version lag varies: some repos trail by several patch releases due to Renovate c ## Fro Bot Workflow Status -**Present and self-hosted.** `fro-bot.yaml` uses `./` (self-reference during CI test) and `fro-bot/agent@v0.42.x` (in the actual fro-bot.yaml). Full trigger coverage: comment mentions, issue events, PR reviews, daily DMR, weekly wiki, manual dispatch. +**Present and self-hosted.** `fro-bot.yaml` uses `./` (self-reference during CI test) and `fro-bot/agent@v0` (major version pin) in production triggers. Full trigger coverage: comment mentions, issue events, PR reviews, daily DMR (15:30 UTC), weekly wiki (Sun 20:00 UTC), manual dispatch with `use-schedule-prompt` / `use-wiki-prompt` boolean inputs. + +The `WIKI_PROMPT` env var in the workflow contains the full wiki maintenance instructions for the project's own `docs/wiki/` Obsidian vault — a parallel artifact to the wiki Fro Bot maintains for the `.github` repo. Branch contract: `fro-bot/wiki-update`, one open PR at a time, branch is deleted if it exists with no open PR. ## Workspace Packages -| Package | Path | Dependencies | Purpose | -| ------------------- | ------------------- | -------------------------------------- | ------------------------------------ | -| `@fro-bot/action` | `apps/action/` | `@fro-bot/runtime` (workspace) | GitHub Action entry points (private) | -| `@fro-bot/runtime` | `packages/runtime/` | `@bfra.me/es`, `@opencode-ai/sdk` | Shared runtime library (private) | +| Package | Path | Dependencies | Purpose | +| ------------------- | ------------------- | ----------------------------------------------------------- | ----------------------------------------------------------------------- | +| `@fro-bot/action` | `apps/action/` | `@fro-bot/runtime` (workspace) | GitHub Action entry points (private) | +| `@fro-bot/runtime` | `packages/runtime/` | `@bfra.me/es`, `@opencode-ai/sdk` | Shared runtime library; locks, run-state, S3 sync helpers (private) | +| `@fro-bot/gateway` | `packages/gateway/` | `@fro-bot/runtime` (workspace), `discord.js`, `effect` | **New 2026-05-22.** Long-running Discord daemon (private) | -Root `package.json` (`@fro-bot/agent-workspace`) holds all external production deps and dev deps. Workspace protocol links `@fro-bot/action` → `@fro-bot/runtime`. The runtime exports source-level TypeScript (no pre-built dist; consumed via workspace protocol). +Root `package.json` (`@fro-bot/agent-workspace`) holds external action/dev deps; gateway-specific deps (`discord.js`, `effect`) live in `packages/gateway/package.json`. Workspace protocol links `@fro-bot/action` and `@fro-bot/gateway` → `@fro-bot/runtime`. The runtime exports source-level TypeScript (no pre-built dist; consumed via workspace protocol). -pnpm workspace config (`pnpm-workspace.yaml`) enables `autoInstallPeers`, `shamefullyHoist`, `shellEmulator`, and carries security-focused overrides for `brace-expansion`, `fast-xml-parser`, `flatted`, `handlebars`, `lodash`/`lodash-es`, `picomatch`, `tar`, `undici`, `yaml`, and pins `vite` to 8.0.10. +pnpm workspace config (`pnpm-workspace.yaml`) enables `autoInstallPeers`, `shamefullyHoist`, `shellEmulator`, `ignoreWorkspaceRootCheck`. `onlyBuiltDependencies` is now `[esbuild, simple-git-hooks, unrs-resolver]`. Security-focused overrides for `brace-expansion`, `fast-xml-parser`, `flatted`, `handlebars`, `lodash`/`lodash-es`, `picomatch`, `tar@^7`, `undici@^7`, `yaml`. `vite` pin moved from 8.0.10 → 8.0.13. Root `package.json` additionally pins `fast-uri`, `fast-xml-builder`, `fast-xml-parser`, `ip-address` to security-patched ranges. ## Survey History | Date | SHA | Key changes | | ---------- | ---------- | ---------------------------------------------------- | +| 2026-05-22 | `8632cf4` | Re-survey at v0.44.3: new `packages/gateway` (Discord daemon, Effect 3.x), new `deploy/` Docker stack (gateway + workspace + mitmproxy), `enable-omo` action input (oMo now opt-in), `agent` input default changed from `sisyphus` to unset/OpenCode-build, open issues 7→2, stars 0→1, dep bumps (`@opencode-ai/sdk` 1.14.30→1.14.41, `tsdown` 0.21→0.22, `vite` pin 8.0.10→8.0.13). `services/object-store/` confirmed migrated (likely into `@fro-bot/runtime`). Action `AGENTS.md` is stale (dated 2026-03-29). | | 2026-05-08 | `ef6b952` | Re-survey: additive detail (workspace packages, docs structure, artifact/object-store discrepancy) | | 2026-05-07 | `ef6b952` | Initial survey | From ee774f9993b2d9d819ba0c402434a2f378754b0d Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 22 May 2026 01:38:28 -0700 Subject: [PATCH 34/77] chore(reconcile): record survey success for fro-bot/agent --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index eee54a2d0..b98afefe8 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -230,12 +230,12 @@ repos: name: agent added: 2026-05-07 onboarding_status: onboarded - last_survey_at: 2026-05-08 + last_survey_at: 2026-05-22 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: owned - next_survey_eligible_at: 2026-05-22 + next_survey_eligible_at: 2026-06-08 private: false node_id: R_kgDOQyTMEw - owner: fro-bot From 784b5366ad38fb832e6e15a3374b4a6d94b527b7 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 22 May 2026 01:40:00 -0700 Subject: [PATCH 35/77] feat(knowledge): survey fro-bot/systematic --- knowledge/index.md | 4 +- knowledge/log.md | 31 ++++----- knowledge/wiki/repos/fro-bot--systematic.md | 69 +++++++++++++++++++-- knowledge/wiki/topics/opencode-plugins.md | 12 +++- 4 files changed, 93 insertions(+), 23 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 23c69ebcb..0a7e5e69c 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -8,9 +8,9 @@ Master catalog of all wiki pages, organized by type. - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal - [[bfra-me--renovate-action]] — bfra-me/renovate-action - [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) -- [[fro-bot--agent]] — GitHub Action harness for OpenCode (oMo now opt-in) with persistent session state; v0.44.3 ships a new long-running Discord gateway daemon (`packages/gateway`, Effect 3.x) and a Docker Compose deploy stack (gateway + workspace + mitmproxy egress allowlist); core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos +- [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io -- [[fro-bot--systematic]] — fro-bot/systematic +- [[fro-bot--systematic]] — Built docs + OCX registry deployment target for `@fro.bot/systematic` at fro.bot/systematic/; `gh-pages`-only repo (no Fro Bot workflow needed); now also hosts the pinned JSON Schema for `systematic.json` user config at `/schemas/v2/`; registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) - [[marcusrbrown--dotfiles]] — marcusrbrown/.dotfiles - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`) - [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) diff --git a/knowledge/log.md b/knowledge/log.md index 14c98083f..d6c31d03c 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1290,26 +1290,27 @@ Surveyed marcusrbrown/opencode-copilot-delegate and updated the control-plane wi Sources: https://github.com/marcusrbrown/opencode-copilot-delegate -## [2026-05-22 07:00] ingest | repo:fro-bot/agent +## [2026-05-22 08:36] ingest | fro-bot/systematic -Re-surveyed `fro-bot/agent` at SHA `8632cf4` / release `v0.44.3` (from prior `ef6b952` / `v0.42.8` @ 2026-05-08). Updated `knowledge/wiki/repos/fro-bot--agent.md` additively and refreshed `knowledge/index.md`. +Re-surveyed `fro-bot/systematic` (gh-pages SHA `12cae87`, source SHA `dae829a` of [[marcusrbrown--systematic]]). Additively updated [[fro-bot--systematic]] to reflect changes since the 2026-05-07 initial survey: -Notable changes since last survey: +- **Registry advanced v2.7.3 → v2.20.6.** `index.json` now lists 103 components vs ~96 at prior survey: 51 agents (+ unknown delta), 47 skills, **2 bundles** and **2 profiles** (new V2 component types now materialized in the deployed artifact), and 1 plugin entry. The bundle/profile component types are net-new in this survey window. +- **Hosted JSON Schema is now a public contract.** `schemas/latest/` and `schemas/v2/systematic-config.schema.json` are served. `$id` on the v2 file is `https://fro.bot/systematic/schemas/v2/systematic-config.schema.json`, which makes that URL the canonical pinned reference for IDE autocomplete on `systematic.json` / `systematic.jsonc`. Draft-07. Top-level keys: `agents`, `categories`, `disabled_skills`, `disabled_agents`, `disabled_commands`, `bootstrap`. Loader does not fetch or validate against it — it exists purely to flip on editor support. Renaming or restructuring these URLs silently breaks every consumer that pinned them, so the deploy target has effectively grown a third consumer contract on top of the rendered docs and the OCX registry. +- **New static files** — `404.html` (Starlight not-found page) and `og-image.png` (Open Graph share image). +- **Deploy cadence intensified.** Multiple deploys per day during active source-repo windows (e.g., five on 2026-05-21 between 18:27 and 23:12 UTC), suggesting CI fans out per merged commit rather than per release tag. Captured the last 10 deploys with both `gh-pages` and source SHAs to make rollback diagnostics easier. +- **Branches, issues, PRs unchanged in structure.** `gh-pages` (default) + `renovate/configure`. Issue #1 (CodeQL/Scorecard parity) still open; PR #2 (Renovate onboarding) still open and unmerged — Renovate has minimal applicability to a static-HTML repo, so the noise concern from the prior survey still stands. +- **No Fro Bot workflow** in this repo. Same conclusion as 2026-05-07: not warranted; the source repo [[marcusrbrown--systematic]] holds the agent integration. Recorded explicitly in the repo page so the constraint check passes without a follow-up draft PR. -- **New `packages/gateway`** — Long-running Discord daemon (`@fro-bot/gateway`). Uses `discord.js` 14.26.4 and `effect` 3.21.2. Effect is sandboxed to the gateway; `apps/action` and `packages/runtime` stay on hand-rolled `Result` from `@bfra.me/es`. The Result→Effect boundary lives in a single adapter file (`runtime-effect.ts`). -- **New `deploy/` Docker stack** — Compose v2 stack with three services: `gateway`, `workspace` (v1 placeholder; real agent in Unit 7), `mitmproxy` (fail-closed egress allowlist). File-based secrets, dual S3 auth (explicit pair or SDK default chain). -- **`enable-omo` action input added** — oMo is now opt-in (default `false`). Previously auto-installed alongside OpenCode. The `agent` input default likewise moved from `sisyphus` to unset (uses OpenCode build agent). -- **`services/object-store/` is gone** from the action's src tree. The runtime adapter in the gateway wraps S3 sync helpers from `@fro-bot/runtime`, suggesting the object-store primitives migrated into the runtime package. The action's `AGENTS.md` (dated 2026-03-29, commit `045cac8`) is now stale relative to this layout — flagged as a known contradiction; no overwrite of historical 2026-05-08 note. -- **Dep bumps:** `@opencode-ai/sdk` 1.14.30→1.14.41, `tsdown` 0.21.10→0.22.0, `vitest` 4.1.5→4.1.6, `eslint` 10.2.1→10.3.0, `@aws-sdk/client-s3` 3.1040→3.1045, `vite` pin 8.0.10→8.0.13, pnpm 10.33.2→10.33.4. -- **Health signals:** open issues 7→2 (significant triage), stars 0→1. -- **New `.agents/skills/` and `RULES.md`** at repo root. RULES.md formalizes the documentation hierarchy as PRD > RFCs > FEATURES.md > RULES.md. +Cross-page updates: +- Added a "Hosted JSON Schema is now a public contract" note to [[opencode-plugins]] under "Documentation Deployment" so the schema-URL stability constraint is discoverable from the topic side, not just the repo page. +- Refreshed the [[fro-bot--systematic]] entry in `index.md` from the placeholder one-liner to a substantive descriptor matching schema convention. -The repo's self-hosted Fro Bot workflow remains intact (PR review, daily DMR @ 15:30 UTC, weekly wiki @ Sun 20:00 UTC, manual dispatch). Workflow now pins `fro-bot/agent@v0` (major) rather than a patch pin. +No contradictions with the 2026-05-07 ingest. All prior content preserved; survey-history table extended with the new row. -Sources: https://github.com/fro-bot/agent (SHA 8632cf4706b10f7350284c3f0480dd620f2a30b7) +Sources: https://github.com/fro-bot/systematic (SHA 12cae87) -## [2026-05-22 08:38] ingest | repo:fro-bot/agent +## [2026-05-22 08:39] ingest | repo:fro-bot/systematic -Surveyed fro-bot/agent and updated the control-plane wiki. +Surveyed fro-bot/systematic and updated the control-plane wiki. -Sources: https://github.com/fro-bot/agent +Sources: https://github.com/fro-bot/systematic diff --git a/knowledge/wiki/repos/fro-bot--systematic.md b/knowledge/wiki/repos/fro-bot--systematic.md index dfdfa8dcc..3572381e6 100644 --- a/knowledge/wiki/repos/fro-bot--systematic.md +++ b/knowledge/wiki/repos/fro-bot--systematic.md @@ -2,12 +2,15 @@ type: repo title: "fro-bot/systematic" created: 2026-05-07 -updated: 2026-05-07 +updated: 2026-05-22 sources: - url: https://github.com/fro-bot/systematic sha: 73fa108 accessed: 2026-05-07 -tags: [documentation, github-pages, astro, starlight, opencode, plugin, ocx] + - url: https://github.com/fro-bot/systematic + sha: 12cae87 + accessed: 2026-05-22 +tags: [documentation, github-pages, astro, starlight, opencode, plugin, ocx, json-schema] related: - marcusrbrown--systematic - marcusrbrown--dotfiles @@ -22,12 +25,12 @@ Documentation deployment target for [[marcusrbrown--systematic]]. Hosts the Star | Attribute | Value | | --------------- | ---------------------------------------------------- | | Created | 2026-02-09 | -| Last push | 2026-05-05 | +| Last push | 2026-05-21 | | Default branch | `gh-pages` | | Language | HTML (static build output) | | License | None specified | | Stars | 0 | -| Open issues | 2 | +| Open issues | 1 (+ 1 open PR) | | Pages URL | https://fro.bot/systematic/ | | Visibility | Public | @@ -48,14 +51,17 @@ The deploy workflow lives in `marcusrbrown/systematic` (the `docs.yaml` workflow The `gh-pages` branch contains the built Starlight/Astro static site: - `index.html` — Landing page +- `404.html` — Starlight not-found page (new since prior survey) - `_astro/` — Bundled CSS, JS, and image assets - `components/` — OCX component pages (one per agent/skill) - `getting-started/` — Getting started guides - `guides/` — Philosophy, main loop, agent install, conversion guides - `reference/` — Generated reference pages for skills and agents +- `schemas/` — Hosted JSON Schemas for the user config file (new since prior survey) - `pagefind/` — Client-side search index - `.well-known/ocx.json` — OCX registry pointer (`{"version":1,"registry":"/systematic/index.json"}`) - `index.json` — OCX component registry for `ocx` CLI installation +- `og-image.png` — Open Graph share image - `.nojekyll` — Disables Jekyll processing - `sitemap-index.xml`, `sitemap-0.xml` — Sitemap for search engines @@ -63,6 +69,41 @@ The `gh-pages` branch contains the built Starlight/Astro static site: The `.well-known/ocx.json` file points to the OCX component registry at `/systematic/index.json`. This enables the `ocx` CLI to discover and install individual skills and agents from the documentation site URL. The registry uses V2 schema (since `@fro.bot/systematic` v2.6.0). +As of the 2026-05-22 survey, `index.json` advertises: + +| Field | Value | +| ------------ | ------------------------------------------------------------ | +| `name` | `Systematic` | +| `namespace` | `systematic` | +| `version` | `2.20.6` (up from v2.7.3 at the prior survey — see [[marcusrbrown--systematic]] for source-side release history) | +| `author` | `Marcus R. Brown ` | +| `components` | 103 total | + +Component breakdown: + +| Type | Count | +| --------- | ----- | +| `agent` | 51 | +| `skill` | 47 | +| `bundle` | 2 | +| `profile` | 2 | +| `plugin` | 1 | + +The `bundle` and `profile` types are new since the prior survey — V2 registry capabilities now surface in the deployed artifact. + +## Hosted JSON Schemas (new in this survey) + +The `schemas/` tree appeared on `gh-pages` between the 2026-05-07 survey and now. Two URLs are served: + +- `https://fro.bot/systematic/schemas/latest/systematic-config.schema.json` +- `https://fro.bot/systematic/schemas/v2/systematic-config.schema.json` + +Both are draft-07 JSON Schemas titled `Systematic user configuration file (systematic.json / systematic.jsonc)`. The `$id` on the v2 file is the v2 URL above, which makes that the canonical pinned reference. Top-level schema fields: `$schema`, `agents`, `categories`, `disabled_skills`, `disabled_agents`, `disabled_commands`, `bootstrap` — matching the `systematic.json` config shape consumed by `marcusrbrown/systematic`'s `config-handler.ts`. + +The schema's own `$schema` property is documented as informational only — the loader does not fetch or validate against it. Its purpose is to flip on field-level autocomplete in VSCode, Zed, IntelliJ, and any other editor that resolves `$schema` URLs. + +Consequence: this deployment target is no longer purely a docs site. It is now also a stable schema host. Renaming, restructuring, or breaking the URL shape of `schemas/v2/systematic-config.schema.json` would silently break IDE autocomplete in every consumer that pinned the v2 URL. Treat it like a public API. + ## Branches | Branch | Purpose | @@ -108,7 +149,24 @@ The documentation build pipeline flows: `marcusrbrown/systematic` → Astro buil ## Deploy Cadence -Based on commit history, deployments track releases of `@fro.bot/systematic`: +Based on commit history, deployments track releases of `@fro.bot/systematic`. Recent activity is markedly bursty — multiple deploys per day during active development windows on the source repo, suggesting CI fans out per merge rather than per release tag. + +Latest 10 deploys observed on 2026-05-22 (source SHAs are the `marcusrbrown/systematic` commit each deploy was built from): + +| Date (UTC) | gh-pages SHA | Source SHA | +| ------------------ | ------------ | ----------- | +| 2026-05-21 23:12 | `12cae87` | `dae829a` | +| 2026-05-21 22:25 | `bf26128` | `3810786` | +| 2026-05-21 18:49 | `f59ab5e` | `3b1515e` | +| 2026-05-21 18:40 | `bf76020` | `1425dd6` | +| 2026-05-21 18:27 | `cbaced6` | `e8a981e` | +| 2026-05-21 04:16 | `ffa2463` | `9551607` | +| 2026-05-21 03:50 | `1bd39c8` | `350a637` | +| 2026-05-18 18:09 | `b841b51` | `4c780cb` | +| 2026-05-18 03:03 | `a3e28f3` | `402ef5c` | +| 2026-05-17 20:53 | `9254502` | `862a098` | + +Earlier deploys remain documented from the prior survey: | Date | Source SHA | Likely version | | ---------- | ----------- | -------------- | @@ -125,3 +183,4 @@ Based on commit history, deployments track releases of `@fro.bot/systematic`: | Date | SHA | Delta | | ---------- | ---------- | ------------------------ | | 2026-05-07 | `73fa108` | Initial survey | +| 2026-05-22 | `12cae87` | Registry advanced v2.7.3 → v2.20.6; 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin); `schemas/{latest,v2}/systematic-config.schema.json` now hosted; `404.html` and `og-image.png` added; deploy cadence visibly intensified | diff --git a/knowledge/wiki/topics/opencode-plugins.md b/knowledge/wiki/topics/opencode-plugins.md index 9329d9c24..34052fd96 100644 --- a/knowledge/wiki/topics/opencode-plugins.md +++ b/knowledge/wiki/topics/opencode-plugins.md @@ -19,7 +19,10 @@ sources: - url: https://github.com/marcusrbrown/opencode-copilot-delegate sha: 2744ce7fc07660baa4f17bfff3656141888261cf accessed: 2026-05-21 -tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton] + - url: https://github.com/fro-bot/systematic + sha: 12cae87 + accessed: 2026-05-22 +tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton, json-schema] --- # OpenCode Plugin Development @@ -248,6 +251,13 @@ Both plugins document the divergence inline with cross-references to each other' [[marcusrbrown--systematic]] deploys its Starlight/Astro docs site to a separate repo ([[fro-bot--systematic]]) rather than using the source repo's GitHub Pages. The docs site at **fro.bot/systematic/** also serves the OCX component registry (`.well-known/ocx.json` → `/systematic/index.json`), enabling `ocx` CLI to install individual skills and agents by URL. See [[github-pages]] for the cross-repo deploy pattern. +As of the 2026-05-22 [[fro-bot--systematic]] survey, the same docs site is now the canonical host for the user config JSON Schema: + +- `https://fro.bot/systematic/schemas/v2/systematic-config.schema.json` — pinned `$id`, intended for `"$schema"` references in `systematic.json` / `systematic.jsonc` for IDE autocomplete (VSCode, Zed, IntelliJ). +- `https://fro.bot/systematic/schemas/latest/systematic-config.schema.json` — moving pointer for "current". + +Schema is draft-07, describes top-level keys `agents`, `categories`, `disabled_skills`, `disabled_agents`, `disabled_commands`, `bootstrap`. The schema's own `$schema` property is documented as informational only — the systematic loader does not fetch or validate against it; it exists purely to switch on editor support. Treat both URLs as public API; renaming or restructuring them silently breaks autocomplete for every consumer that pinned them. The same docs deploy now drives the OCX registry, the rendered guide pages, and this schema — three different consumer contracts living on one `gh-pages` branch. + ## Related Pages - [[marcusrbrown--systematic]] — Largest OpenCode plugin; structured workflows with 46 skills and 50 agents From e21ac9f35453b199cb9cc4101b8e622ff2152515 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 22 May 2026 01:40:02 -0700 Subject: [PATCH 36/77] chore(reconcile): record survey success for fro-bot/systematic --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index b98afefe8..fbfb203bd 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -254,12 +254,12 @@ repos: name: systematic added: 2026-05-07 onboarding_status: onboarded - last_survey_at: 2026-05-08 + last_survey_at: 2026-05-22 last_survey_status: success has_fro_bot_workflow: false has_renovate: false discovery_channel: owned - next_survey_eligible_at: 2026-05-22 + next_survey_eligible_at: 2026-06-08 private: false node_id: R_kgDORLx6ew - owner: '[REDACTED]' From 931325f623177fbdda8175d7164beb8bc13db4f4 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 23 May 2026 00:49:23 -0700 Subject: [PATCH 37/77] feat(knowledge): survey marcusrbrown/sparkle --- knowledge/log.md | 23 +++++++++++++ knowledge/wiki/repos/marcusrbrown--sparkle.md | 32 ++++++++++++------- 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/knowledge/log.md b/knowledge/log.md index d6c31d03c..bf2b52f09 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1314,3 +1314,26 @@ Sources: https://github.com/fro-bot/systematic (SHA 12cae87) Surveyed fro-bot/systematic and updated the control-plane wiki. Sources: https://github.com/fro-bot/systematic + +## [2026-05-23 07:48] ingest | repo:marcusrbrown/sparkle + +Re-surveyed `marcusrbrown/sparkle` at SHA `e757fa66aa223f4ccb8af16838d937562b97f713` (pushed 2026-05-22). Fourth survey; additive update to [[marcusrbrown--sparkle]]. No structural shifts since 2026-05-01 — same monorepo layout (8 packages + 2 apps + docs + scripts), same 6 workflows, same lack of a Fro Bot agent workflow. + +Drift captured: + +- **Renovate major-bump:** `marcusrbrown/renovate-config#4.5.9` → `#5.2.0`. Matches the portfolio-wide cutover already noted in [[marcusrbrown--opencode-copilot-delegate]] and elsewhere — Sparkle is now aligned with the rest of the ecosystem on the v5 line. +- **Toolchain pin bumps:** pnpm 10.33.2 → 10.33.4, Node 24.15.0 → 24.16.0, Turborepo 2.9.6 → 2.9.14, `@bfra.me/eslint-config` 0.51.0 → 0.51.1, `@bfra.me/prettier-config` 0.16.8 → 0.16.9, `@bfra.me/tsconfig` 0.13.0 → 0.13.1. TypeScript 5.9.3 held. +- **PR churn:** #1507 (`@storybook/test-runner` v0.24.3) closed; #1646 opened at v0.24.4. #1604 (Astro v6 SECURITY) still open across three surveys — a stale security update that an autoheal workflow would normally chase. Worth flagging as evidence for the still-open follow-up to add Fro Bot capabilities here. +- **Issues:** 5 → 3 open. #876 (Astro Starlight Phase 6: Deployment + CI/CD), #212 (Dependency Dashboard), #57 (Uplift `sparkle`) remain. + +Constraint check: **No Fro Bot workflow detected** (no `fro-bot.yaml`, no `fro-bot-autoheal.yaml` in `.github/workflows/`). Confirmed for the fourth consecutive survey. The "Fro Bot Integration" section on the repo page already documents this gap and the proposed follow-up draft PR — no additional repo-page edit needed beyond the survey-history row. + +No contradictions with prior surveys. All deltas captured additively. `index.md` entry already substantive; left as-is. + +Sources: https://github.com/marcusrbrown/sparkle (SHA e757fa66aa223f4ccb8af16838d937562b97f713) + +## [2026-05-23 07:49] ingest | repo:marcusrbrown/sparkle + +Surveyed marcusrbrown/sparkle and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/sparkle diff --git a/knowledge/wiki/repos/marcusrbrown--sparkle.md b/knowledge/wiki/repos/marcusrbrown--sparkle.md index 424628809..3387b1926 100644 --- a/knowledge/wiki/repos/marcusrbrown--sparkle.md +++ b/knowledge/wiki/repos/marcusrbrown--sparkle.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/sparkle" created: 2026-04-28 -updated: 2026-05-01 +updated: 2026-05-23 sources: - url: https://github.com/marcusrbrown/sparkle sha: 770356b3c83cec08a666960eab9c5fb4e1ab2a85 @@ -13,6 +13,9 @@ sources: - url: https://github.com/marcusrbrown/sparkle sha: 712ab1bc2fdcd59ec9b8a2d71ad6d9ca88a023c5 accessed: 2026-05-01 + - url: https://github.com/marcusrbrown/sparkle + sha: e757fa66aa223f4ccb8af16838d937562b97f713 + accessed: 2026-05-23 tags: [typescript, react, react-native, monorepo, design-system, storybook, tailwindcss, radix-ui, turborepo, expo, vite, astro, github-pages, zig, wasm] aliases: [sparkle] related: @@ -58,6 +61,8 @@ related: | Monorepo tools | `@manypkg/cli` (workspace consistency checks), Changesets (versioning) | | Bundler | tsdown (library packages), Vite (apps), Astro (docs) | +_Toolchain drift (2026-05-23 survey at SHA `e757fa6`):_ pnpm 10.33.4, Node.js 24.16.0, Turborepo 2.9.14, `@bfra.me/eslint-config` 0.51.1, `@bfra.me/prettier-config` 0.16.9 (still `120-proof`), `@bfra.me/tsconfig` 0.13.1. TypeScript 5.9.3 unchanged. No engine-level shifts — strict-mode TypeScript + ESM-only `"type": "module"` are stable invariants across surveys. + ## Architecture ### Workspace Layout @@ -184,7 +189,7 @@ Missing Fro Bot capabilities: ## Developer Tooling -- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.9` + `sanity-io/renovate-config:semantic-commit-type` + `:preserveSemverRanges`. Post-upgrade runs `pnpm bootstrap && pnpm fix`. React Native package grouping rules. Automerge on unstable minor/patch for `@astrojs/check` and `typedoc`. PR creation: `immediate`. +- **Renovate:** Extends `marcusrbrown/renovate-config#5.2.0` (major-bumped from `#4.5.9` between 2026-05-01 and 2026-05-23 — same ecosystem-wide cutover seen across the Marcus and Fro Bot portfolios) + `sanity-io/renovate-config:semantic-commit-type` + `:preserveSemverRanges`. Post-upgrade runs `pnpm bootstrap && pnpm fix`. React Native package grouping rules. Automerge on unstable minor/patch for `@astrojs/check` and `typedoc`. PR creation: `immediate`. - **Probot Settings:** Extends `fro-bot/.github:common-settings.yaml` — confirmed Fro Bot ecosystem membership. - **Git hooks:** `simple-git-hooks` runs `nano-staged` on pre-commit. nano-staged runs `eslint --fix` on TS/JS/CSS/MD/JSON/YAML and `sort-package-json` on package.json files. - **Monorepo validation:** `@manypkg/cli` checks workspace consistency. `scripts/validate-dependencies.ts` validates deps. `scripts/validate-turbo.ts` validates Turbo config. `scripts/validate-build.ts` validates build output. @@ -211,12 +216,12 @@ Missing Fro Bot capabilities: | Feature | Sparkle | Portfolio Standard | | --- | --- | --- | | Probot settings | `fro-bot/.github:common-settings.yaml` | Same | -| Renovate preset | `marcusrbrown/renovate-config#4.5.9` | Same | -| ESLint config | `@bfra.me/eslint-config` 0.51.0 | Same (version varies) | -| Prettier config | `@bfra.me/prettier-config` 0.16.8 (`120-proof`) | Same | -| TS config | `@bfra.me/tsconfig` 0.13.0 | Same | -| pnpm | 10.33.2 | ~10.33.x | -| Node.js | 24.15.0 | 22–24 | +| Renovate preset | `marcusrbrown/renovate-config#5.2.0` | Same (major-bumped portfolio-wide) | +| ESLint config | `@bfra.me/eslint-config` 0.51.1 | Same (version varies) | +| Prettier config | `@bfra.me/prettier-config` 0.16.9 (`120-proof`) | Same | +| TS config | `@bfra.me/tsconfig` 0.13.1 | Same | +| pnpm | 10.33.4 | ~10.33.x | +| Node.js | 24.16.0 | 22–24 | | TypeScript | 5.9.3 | 5.9–6.0 | | Fro Bot workflow | **Missing** | Present in most active repos | | Fro Bot autoheal | **Missing** | Present in most active repos | @@ -225,17 +230,21 @@ Missing Fro Bot capabilities: ## Open PRs and Issues +_As of 2026-05-23 survey (SHA `e757fa6`):_ + ### Open PRs (2) -- **#1604** — `fix(deps): update dependency astro to v6 [SECURITY]` (Renovate, security) -- **#1507** — `chore(dev): update dependency @storybook/test-runner to v0.24.3` (Renovate) +- **#1646** — `chore(dev): update dependency @storybook/test-runner to v0.24.4` (mrbro-bot[bot] / Renovate; supersedes prior #1507 at v0.24.3) +- **#1604** — `fix(deps): update dependency astro to v6 [SECURITY]` (mrbro-bot[bot] / Renovate, security) — still open across three consecutive surveys -### Open Issues (5) +### Open Issues (3) - **#876** — [Feature] Astro Starlight Documentation - Phase 6: Deployment and CI/CD - **#212** — Dependency Dashboard - **#57** — Uplift `sparkle` +_Prior survey (2026-05-01) reported 5 open issues; current count is 3. The two delta'd issues were closed between surveys; specific numbers not re-enumerated here. The Astro v6 security PR has been open across all surveys from 2026-05-01 onward — worth flagging if Sparkle ever gets an autoheal workflow._ + ## Survey History | Date | SHA | Delta | @@ -243,3 +252,4 @@ Missing Fro Bot capabilities: | 2026-04-28 | `770356b` | Initial survey — full page created | | 2026-04-30 | `712ab1b` | Re-survey — Renovate preset bumped `#4.5.8` → `#4.5.9`, `bfra-me/.github` reusable workflows bumped to v4.16.11, lockfile maintenance. No structural changes. | | 2026-05-01 | `712ab1b` | Re-survey — SHA unchanged. Open PRs: 2 (including Astro v6 security update #1604). Open issues: 5. No structural changes. Still no Fro Bot agent workflow. | +| 2026-05-23 | `e757fa6` | Re-survey — Renovate preset major-bumped `#4.5.9` → `#5.2.0` (matches the ecosystem-wide cutover seen in [[marcusrbrown--opencode-copilot-delegate]] and others). Node `24.15.0` → `24.16.0`. pnpm `10.33.2` → `10.33.4`. turbo `2.9.6` → `2.9.14`. `@bfra.me/eslint-config` `0.51.0` → `0.51.1`, `@bfra.me/prettier-config` `0.16.8` → `0.16.9`, `@bfra.me/tsconfig` `0.13.0` → `0.13.1`. Open PRs: 2 (Renovate `@storybook/test-runner` #1646 replaces prior #1507; Astro v6 security #1604 still open and unmerged). Open issues: 3 (#876, #212, #57) — drop from 5; #876 Phase-6 docs deployment still open. Workflows unchanged (6 files). Still no Fro Bot agent workflow. | From c3c2633923ab90bed0f816d787059745939eea59 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 23 May 2026 00:49:25 -0700 Subject: [PATCH 38/77] chore(reconcile): record survey success for marcusrbrown/sparkle --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index fbfb203bd..cc241b278 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -158,12 +158,12 @@ repos: name: sparkle added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-01 + last_survey_at: 2026-05-23 last_survey_status: success has_fro_bot_workflow: false has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-02 + next_survey_eligible_at: 2026-06-24 private: false node_id: MDEwOlJlcG9zaXRvcnkzMTYxMDA5ODY= - owner: marcusrbrown From 97dc8937c677d6844fa2e4c65a084cb041b036a3 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 23 May 2026 00:51:33 -0700 Subject: [PATCH 39/77] feat(knowledge): survey marcusrbrown/renovate-config --- knowledge/index.md | 2 +- knowledge/log.md | 34 ++++--- .../repos/marcusrbrown--renovate-config.md | 96 +++++++++++-------- knowledge/wiki/topics/github-actions-ci.md | 4 +- 4 files changed, 80 insertions(+), 56 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 0a7e5e69c..59ece6d14 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -24,7 +24,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections; Fro Bot single-file three-mode workflow at agent v0.44.0, v0.44.1 in flight) - [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses; v0.12.0 with 4 tools (delegate/output/cancel/resume), opt-in `/copilot-status` TUI half, orphan-subprocess reaper with PID-file identity gate, per-process plugin singleton, localhost RPC layer -- [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repositories +- [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repos; v5.2.0 (v4→v5 boundary crossed 2026-05-13 with `group:allNonMajor` + 0.x ungrouping safety valve), Fro Bot v0.44.3 with autoheal merged into `fro-bot.yaml` and a new Sundays-only Upstream Modernization Watch category - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell - [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (45 skills, 50 agents), npm `@fro.bot/systematic`, Bun + Biome + semantic-release - [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16, React 19, TypeScript 6, Wagmi v2, Reown AppKit, Tailwind CSS v4, Vercel) diff --git a/knowledge/log.md b/knowledge/log.md index bf2b52f09..761a89aa6 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1315,25 +1315,29 @@ Surveyed fro-bot/systematic and updated the control-plane wiki. Sources: https://github.com/fro-bot/systematic -## [2026-05-23 07:48] ingest | repo:marcusrbrown/sparkle +## [2026-05-23 00:00] ingest | marcusrbrown/renovate-config -Re-surveyed `marcusrbrown/sparkle` at SHA `e757fa66aa223f4ccb8af16838d937562b97f713` (pushed 2026-05-22). Fourth survey; additive update to [[marcusrbrown--sparkle]]. No structural shifts since 2026-05-01 — same monorepo layout (8 packages + 2 apps + docs + scripts), same 6 workflows, same lack of a Fro Bot agent workflow. +Incremental re-survey of `marcusrbrown/renovate-config` (SHA `3478c88`, up from `bf13a82` on 2026-04-28). Additively updated repo page `marcusrbrown--renovate-config.md` and topic page `github-actions-ci.md`. Refreshed `index.md` entry description. No new topic/entity/comparison pages warranted — the v5 jump and autoheal architecture shift slot into existing pages. -Drift captured: - -- **Renovate major-bump:** `marcusrbrown/renovate-config#4.5.9` → `#5.2.0`. Matches the portfolio-wide cutover already noted in [[marcusrbrown--opencode-copilot-delegate]] and elsewhere — Sparkle is now aligned with the rest of the ecosystem on the v5 line. -- **Toolchain pin bumps:** pnpm 10.33.2 → 10.33.4, Node 24.15.0 → 24.16.0, Turborepo 2.9.6 → 2.9.14, `@bfra.me/eslint-config` 0.51.0 → 0.51.1, `@bfra.me/prettier-config` 0.16.8 → 0.16.9, `@bfra.me/tsconfig` 0.13.0 → 0.13.1. TypeScript 5.9.3 held. -- **PR churn:** #1507 (`@storybook/test-runner` v0.24.3) closed; #1646 opened at v0.24.4. #1604 (Astro v6 SECURITY) still open across three surveys — a stale security update that an autoheal workflow would normally chase. Worth flagging as evidence for the still-open follow-up to add Fro Bot capabilities here. -- **Issues:** 5 → 3 open. #876 (Astro Starlight Phase 6: Deployment + CI/CD), #212 (Dependency Dashboard), #57 (Uplift `sparkle`) remain. - -Constraint check: **No Fro Bot workflow detected** (no `fro-bot.yaml`, no `fro-bot-autoheal.yaml` in `.github/workflows/`). Confirmed for the fourth consecutive survey. The "Fro Bot Integration" section on the repo page already documents this gap and the proposed follow-up draft PR — no additional repo-page edit needed beyond the survey-history row. +Deltas since prior survey: -No contradictions with prior surveys. All deltas captured additively. `index.md` entry already substantive; left as-is. +- **Major-version boundary crossed:** v4.5.8 → v5.2.0 (seven releases: 4.5.9, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, plus 5.0.1 intermediate). Breaking change: minimum allowed version floor raised `>=4.0.0` → `>=5.0.0`. +- **`default.json` policy changes:** Added `group:allNonMajor` to extends; dropped `:disableRateLimiting` (now defers to bfra-me base preset defaults); added a new packageRule that ungroups 0.x packages (`matchCurrentVersion: /^0\./` → `groupName: null`) as the safety valve against PR storms from unstable libs. +- **Autoheal consolidated into `fro-bot.yaml`:** The separate `fro-bot-autoheal.yaml` is gone. Single-file design with one daily schedule (15:30 UTC) covers PR review + maintenance + autoheal. Mirrors the architecture observed in [[marcusrbrown--marcusrbrown-github-io]] (which uses a `mode` enum dispatch input) and the rolling-perpetual-issue pattern in [[bfra-me--ha-addon-repository]] / [[bfra-me--works]]. +- **Autoheal categories went from 5 → 6.** Removed: "bfra-me Ecosystem Health" (folded into category 5 Cross-Project Intelligence Inbound, which now surveys `yield-farmer`, `poly`, `marcusrbrown/.github`, `bfra-me/renovate-config`, `fro-bot/agent`). Added: category 6 **Upstream Modernization Watch (Sundays only)**, gated by `IS_SUNDAY_UTC` env var via a preflight `date -u +%u` step. At-most-one-draft-PR-per-scan policy; never bumps pinned versions (Renovate-owned). +- **Fro Bot agent:** v0.42.2 → v0.44.3 (SHA `b928e79729f01b563feabee26a0525a3b48501a6`). +- **Toolchain:** pnpm 10.33.2 → 11.1.3 (major), lint-staged 16.4.0 → 17.0.5 (major), eslint 10.2.1 → 10.4.0, `@bfra.me/eslint-config` 0.51.0 → 0.51.1, `@bfra.me/prettier-config` → 0.16.9. +- **pnpm overrides added** for supply-chain hardening: `fast-uri >=3.1.2`, `flatted >=3.4.2`, `handlebars >=4.7.9`, `lodash-es >=4.18.0`, `picomatch@2 ^2.3.2`, `picomatch@4 ^4.0.4`. None existed at prior survey. +- **Open issues:** 46 → 6. The single-perpetual-issue strategy in the autoheal prompt consolidates and auto-closes dated daily reports — explains the cleanup. +- **Open PRs:** 0 → 1 (#1311 picomatch@2 v4 by mrbro-bot, awaiting v5 floor consumer migrations). +- **Downstream v4→v5 migration wave:** [[marcusrbrown--ha-config]], [[marcusrbrown--marcusrbrown-github-io]], and [[marcusrbrown--opencode-copilot-delegate]] all bumped to `#5.2.0` (per their respective wiki pages); no consumer required manual config overrides for the breaking change. Holdouts on v4.x: `containers`, `extend-vscode`, `marcusrbrown`, `esphome-life`, `copiloting` (floating `#v4`), `gpt`, `dotfiles`, `vbs`, `mrbro-dev`, `tokentoilet`, `infra`, `github`, `marcusrbrown`, `sparkle`. +- Probot settings, branch protection, CodeQL/Scorecard, semantic-release pipeline (bare semver tags, major-branch updates), self-referential Renovate config all unchanged. +- No contradictions with prior ingest. The 2026-04-28 page already correctly described v4.5.8 state; the new survey row extends survey history without overwriting. -Sources: https://github.com/marcusrbrown/sparkle (SHA e757fa66aa223f4ccb8af16838d937562b97f713) +Sources: https://github.com/marcusrbrown/renovate-config (SHA 3478c88753d113b21c7cf10d9e58fd2f9be7e96a) -## [2026-05-23 07:49] ingest | repo:marcusrbrown/sparkle +## [2026-05-23 07:51] ingest | repo:marcusrbrown/renovate-config -Surveyed marcusrbrown/sparkle and updated the control-plane wiki. +Surveyed marcusrbrown/renovate-config and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/sparkle +Sources: https://github.com/marcusrbrown/renovate-config diff --git a/knowledge/wiki/repos/marcusrbrown--renovate-config.md b/knowledge/wiki/repos/marcusrbrown--renovate-config.md index ae44eab48..c166231c0 100644 --- a/knowledge/wiki/repos/marcusrbrown--renovate-config.md +++ b/knowledge/wiki/repos/marcusrbrown--renovate-config.md @@ -2,11 +2,14 @@ type: repo title: "marcusrbrown/renovate-config — Shareable Renovate Configuration Presets" created: 2026-04-28 -updated: 2026-04-28 +updated: 2026-05-23 sources: - url: https://github.com/marcusrbrown/renovate-config sha: bf13a82fca143cd0cdcc9c5f12ef56c2b5196c20 accessed: 2026-04-28 + - url: https://github.com/marcusrbrown/renovate-config + sha: 3478c88753d113b21c7cf10d9e58fd2f9be7e96a + accessed: 2026-05-23 tags: [renovate, renovate-config, renovate-preset, semantic-release, dependency-management] aliases: [renovate-config] related: @@ -43,12 +46,13 @@ Shareable [Renovate](https://docs.renovatebot.com/) configuration presets for Ma | Language | JavaScript (config-only; no application code) | | Created | 2022-05-03 | | Default branch | `main` | -| Latest release | `4.5.8` (2026-04-17) | +| Latest release | `5.2.0` (2026-05-13) — major-version boundary crossed since prior survey | | Node.js | 24.15.0 (`.node-version`) | -| Package manager | pnpm 10.33.2 | +| Package manager | pnpm 11.1.3 (was 10.33.2 at 2026-04-28) | | Topics | renovate, renovate-config, renovate-preset, renovatebot, renovate-by-githubaction, semantic-release | -| Open issues | 46 | -| Stars / Watchers / Forks | 0 / 0 / 0 | +| Open issues | 6 (was 46 at 2026-04-28; the daily-issue sprawl was consolidated into the perpetual `Daily Autohealing Report`) | +| Open PRs | 1 (#1311 picomatch@2 v4 by mrbro-bot) | +| Stars / Watchers / Forks | 0 / 2 / 0 | ## Preset Architecture @@ -58,21 +62,24 @@ Three preset files define the Renovate policy surface: The main preset extended by downstream repos via `github>marcusrbrown/renovate-config` (or pinned to a release, e.g., `#4.5.8`). -Extends: -- `github>bfra-me/renovate-config#5.2.1` — base config from the bfra-me organization -- `github>bfra-me/renovate-config:fro-bot.json5#5.2.1` — Fro Bot-specific overrides from bfra-me +Extends (as of v5.2.0): - `:assignAndReview(marcusrbrown)` — auto-assign PRs to Marcus -- `:disableRateLimiting` — no hourly/concurrent PR caps - `:preserveSemverRanges` — keep `^`/`~` ranges as-is +- `group:allNonMajor` — **new in v5**: groups non-major updates from upstream presets (counterbalanced by an unstable-package opt-out, see below) - `npm:unpublishSafe` — wait for npm unpublish window before updating - `helpers:pinGitHubActionDigestsToSemver` — pin GitHub Actions by digest with semver tag comments +- `github>bfra-me/renovate-config#5.2.1` — base config from the bfra-me organization +- `github>bfra-me/renovate-config:fro-bot.json5#5.2.1` — Fro Bot-specific overrides from bfra-me + +The `:disableRateLimiting` preset present in v4 has been **dropped from the extends list** in v5; rate-limiting now defers to the bfra-me base preset's defaults. Key package rules: - **semantic-release grouping:** Groups major updates of `semantic-release` and `conventional-changelog-conventionalcommits` with `semanticCommitType: feat` -- **Own-project fast-track:** Automerges `@bfra.me/*`, `bfra-me/*`, `@fro.bot/*`, `fro-bot/*`, `@marcusrbrown/*`, `marcusrbrown/*`, and `pro-actions/*` packages with no minimum release age and immediate PR creation +- **Own-project fast-track:** Automerges `@bfra.me/*`, `bfra-me/*`, `@fro.bot/*`, `fro-bot/*`, `@marcusrbrown/*` (regex `/^@?marcusrbrown/`), `marcusrbrown/*`, and `pro-actions/*` packages with no minimum release age and immediate PR creation - **Source URL fast-track:** Same immediate/no-age treatment for packages sourced from `github.com/bfra-me`, `github.com/fro-bot`, or `github.com/marcusrbrown` - **Self-reference labeling:** Commits touching `marcusrbrown/renovate-config` use topic `{{{depName}}} preset` -- **Minimum version floor:** Consumers of this preset must be on `>=4.0.0` +- **Minimum version floor:** Consumers of this preset must be on `>=5.0.0` (was `>=4.0.0` in v4.x — **breaking change** for any consumer still pinned below v5) +- **Unstable (0.x) ungrouping (v5.x):** `matchCurrentVersion: /^0\./` sets `groupName: null`, peeling 0.x packages back out of `group:allNonMajor` so each pre-release lib gets its own PR. This is the safety valve that makes the new `group:allNonMajor` extension tolerable for downstream consumers. Schedule: `at any time` (no restriction). @@ -137,50 +144,57 @@ Uses reusable workflow `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.9` ## Fro Bot Integration -**Fro Bot workflow present and active** — `fro-bot.yaml` with `fro-bot/agent@v0.42.2` (SHA `94d8a156570d68d2461ab496b589e63bdcd6ba84`). +**Fro Bot workflow present and active** — `fro-bot.yaml` with `fro-bot/agent@v0.44.3` (SHA `b928e79729f01b563feabee26a0525a3b48501a6`). Trigger surface: - Issue comments, PR review comments, discussion comments (mentioning `@fro-bot`) -- Issues opened/edited (non-bot) +- Issues opened/edited (non-bot, OWNER/MEMBER/COLLABORATOR only) - PRs opened/synced/reopened/ready_for_review/review_requested (non-bot, non-fork) - Daily schedule at 15:30 UTC - Manual dispatch with custom prompt - Reusable `workflow_call` with prompt input -PR review prompt is domain-specific to Renovate configuration: -- JSON schema compliance -- Backward compatibility for version-pinned consumers -- packageRules correctness (matchers, grouping, automerge, schedules) -- Security implications of update policies +**Architectural shift since prior survey:** the separate `fro-bot-autoheal.yaml` is gone. Autoheal now lives inside `fro-bot.yaml` itself, with the schedule prompt covering both maintenance and autoheal categories under a single perpetual issue. Mirrors the single-file three-mode pattern observed in [[marcusrbrown--marcusrbrown-github-io]], though here the dispatch surface is a single freeform `prompt` input rather than a `mode` enum. + +PR review prompt remains domain-specific to Renovate configuration: +- JSON schema compliance against `https://docs.renovatebot.com/renovate-schema.json` +- Backward compatibility for consumers pinning to major version branches +- packageRules correctness (`matchPackageNames` patterns, grouping logic, automerge conditions, schedule expressions) +- Security implications of dependency update policies (`minimumReleaseAge`, vulnerability settings, `npm:unpublishSafe`) - Downstream PR storm risk assessment -- Structured verdict: PASS / CONDITIONAL / REJECT with blocking issues, non-blocking concerns, missing tests, and risk assessment +- Consistency with the base preset extended from `bfra-me/renovate-config` +- Structured verdict: PASS / CONDITIONAL / REJECT with blocking issues, non-blocking concerns, missing tests, and risk assessment (LOW/MED/HIGH + rationale) +- Hard ban on push, branch creation, merge, approve, request-reviewers, or @-mentioning other users -Schedule prompt: rolling daily maintenance issue with 14-day bounded history, stale issue/PR tracking, and recommended actions. +Daily autohealing categories (now 6, was 5): -**Fro Bot Autoheal** — `fro-bot-autoheal.yaml`, daily at 03:30 UTC, reuses `fro-bot.yaml` via `workflow_call`. +1. **Errored PRs** — diagnose and fix failing CI on open PRs (skip dep/security PRs, verify author trust, do not run project commands from PR branches that touch workflows/automation prompts/lockfiles/execution scripts) +2. **Security** — remediate Dependabot/Renovate security alerts and failing security PRs; explicit "if alert data unavailable, skip and note" branch +3. **Config Validation & Preset Quality** — validate all preset JSON/JSON5 against Renovate schema, check for deprecated options, verify base preset pin is released and not auto-bumped (Renovate owns version bumps), detect rule conflicts, run lint +4. **Developer Experience** — lint/format auto-fix PRs only (never direct-to-`main` commits) +5. **Cross-Project Intelligence (Inbound)** — survey focus repos (`marcusrbrown/yield-farmer`, `marcusrbrown/poly`, `marcusrbrown/.github`, `bfra-me/renovate-config`, `fro-bot/agent`) for tooling/CI/preset patterns worth importing; **observation-only**, never modify other repos. Replaces v4's "bfra-me Ecosystem Health" category — the focus repo list explicitly includes Marcus repos not yet surveyed in this wiki (`yield-farmer`, `poly`). +6. **Upstream Modernization Watch (Sundays only)** — **new category**. Gated by `IS_SUNDAY_UTC` env var set by a preflight `date -u +%u` step. Parses release notes for pinned upstreams (`fro-bot/agent`, `actions/checkout`, `pnpm/action-setup`, `actions/setup-node`, `@bfra.me/eslint-config`, `@bfra.me/prettier-config`) and identifies config/feature adoption opportunities. Action policy: at most one draft PR per scan, only for mechanical changes touching docstrings/AGENTS.md/config examples; anything touching `.github/workflows/`, `package.json`, lockfile, or preset JSON is **tracking-issue-only** (never opens a PR). Hard rule: never bump pinned versions — Renovate owns that. -Five autohealing categories: -1. **Errored PRs** — diagnose and fix failing CI on open PRs (skip dep/security PRs, verify author trust) -2. **Security** — remediate Dependabot/Renovate security alerts and failing security PRs -3. **Config Validation & Preset Quality** — validate all preset JSON/JSON5 against Renovate schema, check for deprecated options, verify base preset pin, detect rule conflicts, run lint -4. **Developer Experience** — lint/format auto-fix PRs -5. **bfra-me Ecosystem Health** — report-only audit of action pinning, reusable workflow versions, Scorecard/CodeQL drift, stale TODOs +Single-issue management: the perpetual `Daily Autohealing Report` issue receives prepended dated sections; dated-format daily issues are auto-consolidated and closed with a link to the perpetual issue. This is the same single-perpetual-issue strategy observed across [[bfra-me--ha-addon-repository]], [[bfra-me--works]], and [[bfra-me--github]] — and explains the open-issue count crash from 46 → 6 since the prior survey. ## Dev Tooling | Tool | Version / Config | | --- | --- | -| ESLint | 10.2.1, extends `@bfra.me/eslint-config` 0.51.0 | -| Prettier | 3.8.3, extends `@bfra.me/prettier-config/120-proof` | -| lint-staged | 16.4.0 (`*.{js,json,jsx,md,toml,ts,tsx,yml,yaml}`) | +| ESLint | 10.4.0, extends `@bfra.me/eslint-config` 0.51.1 | +| Prettier | 3.8.3, extends `@bfra.me/prettier-config/120-proof` (0.16.9) | +| lint-staged | 17.0.5 (`*.{js,json,jsx,md,toml,ts,tsx,yml,yaml}`) — major bump from 16.4.0 | | simple-git-hooks | 2.13.1 (pre-commit runs lint-staged) | | semantic-release | 25.0.3 | | eslint-config-prettier | 10.1.8 | | eslint-plugin-prettier | 5.5.5 | | markdownlint | 0.40.0 | +| conventional-changelog-conventionalcommits | 9.3.1 | ESLint config (`eslint.config.js`) is a single re-export of `@bfra.me/eslint-config` — no local overrides. +**pnpm overrides for supply-chain hardening** (new since prior survey): `fast-uri >=3.1.2`, `flatted >=3.4.2`, `handlebars >=4.7.9`, `lodash-es >=4.18.0`, `picomatch@2 ^2.3.2`, `picomatch@4 ^4.0.4`. Mirrors the same override approach used in [[marcusrbrown--mrbro-dev]] and [[marcusrbrown--marcusrbrown-github-io]] — a config-only repo carrying transitive-dep pins because npm advisory floors propagate via the lockfile. + ## Probot Settings `.github/settings.yml` extends `fro-bot/.github:common-settings.yaml`: @@ -204,29 +218,35 @@ Contains comprehensive AI development guidance: This preset is the dependency-update policy backbone of the entire `marcusrbrown` ecosystem. Known consumers (from wiki surveys): -| Consumer | Pin | Post-Upgrade Tasks | +| Consumer | Pin (most recent survey) | Post-Upgrade Tasks | | --- | --- | --- | -| [[marcusrbrown--ha-config]] | `#4.5.8` | Prettier | +| [[marcusrbrown--ha-config]] | `#5.2.0` (crossed v4→v5 boundary on 2026-05-16 via #776) | Prettier | | [[marcusrbrown--github]] | `#4.5.8` | `npx prettier --write .` | | [[marcusrbrown--containers]] | `#4.5.0` | `pnpm install && pnpm format` | | [[marcusrbrown--dotfiles]] | `#4.5.8` | — | | [[marcusrbrown--gpt]] | `#4.5.8` | — | -| [[marcusrbrown--vbs]] | `#4.5.8` | `pnpm install && pnpm fix` | -| [[marcusrbrown--copiloting]] | `#v4` | — | +| [[marcusrbrown--vbs]] | `#4.5.9` | `pnpm install && pnpm fix` | +| [[marcusrbrown--copiloting]] | `#v4` (floating major-version branch) | — | | [[marcusrbrown--extend-vscode]] | `#4.5.0` + `sanity-io/renovate-config` | — | | [[marcusrbrown--infra]] | `#4.5.8` | `bun install --ignore-scripts && bun run fix` | | [[marcusrbrown--mrbro-dev]] | `#4.5.8` | — | | [[marcusrbrown--tokentoilet]] | `#4.5.8` | — | | [[marcusrbrown--marcusrbrown]] | `#4.5.1` | bootstrap + fix | -| [[marcusrbrown--marcusrbrown-github-io]] | `#4.5.8` | — | +| [[marcusrbrown--marcusrbrown-github-io]] | `#5.2.0` (crossed v4→v5 boundary on 2026-05-16 via #406) | — | | [[marcusrbrown--systematic]] | extends + `sanity-io/renovate-config:semantic-commit-type` | — | -| [[marcusrbrown--opencode-copilot-delegate]] | `#4.5.8` | bun install + fix + build | +| [[marcusrbrown--opencode-copilot-delegate]] | `#5.2.0` (crossed v4→v5 boundary, prior survey 2026-05-21) | bun install + fix + build | | [[marcusrbrown--esphome-life]] | `#4.5.1` | — | +| [[marcusrbrown--sparkle]] | `#4.5.9` | — | + +**v4→v5 migration wave** (since 2026-04-28): `ha-config`, `marcusrbrown.github.io`, and `opencode-copilot-delegate` have all bumped to `#5.2.0` and survived the breaking change (`group:allNonMajor` extends, `>=5.0.0` floor, dropped `:disableRateLimiting`). Migrations were straightforward Renovate-authored PRs — no consumer required manual config overrides. + +**Outstanding v4 holdouts:** `containers` and `extend-vscode` (still `#4.5.0`), `marcusrbrown` (`#4.5.1`), `esphome-life` (`#4.5.1`), `copiloting` (floating `#v4`), plus a long tail still on `#4.5.8`/`#4.5.9`. None will be force-bumped — Renovate routes the upgrade as a major PR per repo, and each consumer's preset pin policy decides timing. -Notable: `marcusrbrown--copiloting` pins to the floating `#v4` major branch rather than a specific release. `marcusrbrown--containers` and `marcusrbrown--extend-vscode` are on the older `#4.5.0` pin. +**Pre-survey concern resolved:** the prior survey flagged the `bf13a82` SHA against a `#4.5.8` release. The repo has since shipped seven releases (`5.0.1`, `5.0.2`, `5.1.0`, `5.1.1`, `5.2.0`, plus a 4.5.9 patch). ## Survey History | Date | SHA | Notes | | --- | --- | --- | -| 2026-04-28 | `bf13a82` | Initial survey | +| 2026-04-28 | `bf13a82` | Initial survey; v4.5.8, agent v0.42.2, 46 open issues, separate `fro-bot-autoheal.yaml` | +| 2026-05-23 | `3478c88` | v4→v5 boundary crossed (5.2.0); agent v0.44.3; autoheal merged into `fro-bot.yaml`; new category 6 Sundays-only Upstream Modernization Watch; 0.x ungrouping rule; minimum version floor `>=5.0.0`; pnpm 11.1.3; lint-staged 17.0.5; pnpm overrides for fast-uri/flatted/handlebars/lodash-es/picomatch; open issues 46 → 6 | diff --git a/knowledge/wiki/topics/github-actions-ci.md b/knowledge/wiki/topics/github-actions-ci.md index e8f2b0871..ec1496c23 100644 --- a/knowledge/wiki/topics/github-actions-ci.md +++ b/knowledge/wiki/topics/github-actions-ci.md @@ -2,7 +2,7 @@ type: topic title: GitHub Actions CI created: 2026-04-18 -updated: 2026-05-20 +updated: 2026-05-23 tags: [github-actions, ci-cd, automation, security, renovate] related: - fro-bot--agent @@ -94,7 +94,7 @@ Repos use `dorny/paths-filter` to scope CI runs to relevant file changes, reduci | [[marcusrbrown--systematic]] | Present (`fro-bot.yaml`) | Weekly Mon 09:00 UTC maintenance, Daily 03:30 UTC autohealing | | [[marcusrbrown--infra]] | Present (`fro-bot.yaml`) | Daily 03:30 UTC autohealing (8 categories incl. CLIProxy + cross-project + upstream modernization watch on Sundays) | | [[marcusrbrown--marcusrbrown-github-io]] | Present (`fro-bot.yaml`) | Daily 15:30 UTC maintenance (no autoheal) | -| [[marcusrbrown--renovate-config]] | Present (`fro-bot.yaml` + `fro-bot-autoheal.yaml`) | Daily 15:30 UTC maintenance, Daily 03:30 UTC autohealing (5 categories incl. config validation & bfra-me ecosystem health) | +| [[marcusrbrown--renovate-config]] | Present (single-file `fro-bot.yaml` at v0.44.3; the separate `fro-bot-autoheal.yaml` was consolidated since 2026-04-28) | Daily 15:30 UTC, 6 categories incl. config validation, cross-project intelligence inbound, and Sundays-only Upstream Modernization Watch with at-most-one-draft-PR-per-scan policy | | [[marcusrbrown--sparkle]] | **Not present** | N/A | | [[marcusrbrown--ha-config]] | **Not present** | N/A | | [[bfra-me--works]] | Present (`fro-bot.yaml`, single-file three-mode at v0.44.2) | Maintenance `0 16 * * *`, Autoheal `30 3 * * *`; both rolling-update single-issue reports (`Daily Maintenance Report` / `Daily Autohealing Report`) | From 784731b2ccec369f817257858023b94b138aa61b Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 23 May 2026 00:51:35 -0700 Subject: [PATCH 40/77] chore(reconcile): record survey success for marcusrbrown/renovate-config --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index cc241b278..311fdbeb3 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -146,12 +146,12 @@ repos: name: renovate-config added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-01 + last_survey_at: 2026-05-23 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-03 + next_survey_eligible_at: 2026-06-25 private: false node_id: R_kgDOHRfvyQ - owner: marcusrbrown From 07db306631c264ff5dcd590ed7d6d92e01933c9f Mon Sep 17 00:00:00 2001 From: "fro-bot[bot]" <109017866+fro-bot[bot]@users.noreply.github.com> Date: Sun, 24 May 2026 08:01:17 +0000 Subject: [PATCH 41/77] chore(reconcile): +0 new, 0 pending-review, 0 lost-access, 2 refreshes --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 311fdbeb3..33d306fd0 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -112,7 +112,7 @@ repos: onboarding_status: onboarded last_survey_at: 2026-05-20 last_survey_status: success - has_fro_bot_workflow: false + has_fro_bot_workflow: true has_renovate: true discovery_channel: collab next_survey_eligible_at: 2026-06-21 @@ -160,7 +160,7 @@ repos: onboarding_status: onboarded last_survey_at: 2026-05-23 last_survey_status: success - has_fro_bot_workflow: false + has_fro_bot_workflow: true has_renovate: true discovery_channel: collab next_survey_eligible_at: 2026-06-24 From 6352a915f74a9fc248426e30063ba96be9e51ba2 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 24 May 2026 01:05:39 -0700 Subject: [PATCH 42/77] feat(knowledge): survey fro-bot/fro-bot.github.io --- knowledge/index.md | 2 +- knowledge/log.md | 29 +++++++++++++++++++ .../wiki/repos/fro-bot--fro-bot-github-io.md | 6 +++- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 59ece6d14..a3a4eda0e 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -9,7 +9,7 @@ Master catalog of all wiki pages, organized by type. - [[bfra-me--renovate-action]] — bfra-me/renovate-action - [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos -- [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io +- [[fro-bot--fro-bot-github-io]] — Org-level GitHub Pages custom domain holder for the `fro-bot` org; single-file repo (`CNAME` only) serving `fro.bot` (legacy build, HTTPS cert approved but not enforced); no Fro Bot workflow, Probot settings, or branch protection — follow-up gaps tracked on the repo page and in issue #1 (CodeQL/Scorecard parity) - [[fro-bot--systematic]] — Built docs + OCX registry deployment target for `@fro.bot/systematic` at fro.bot/systematic/; `gh-pages`-only repo (no Fro Bot workflow needed); now also hosts the pinned JSON Schema for `systematic.json` user config at `/schemas/v2/`; registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) - [[marcusrbrown--dotfiles]] — marcusrbrown/.dotfiles - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`) diff --git a/knowledge/log.md b/knowledge/log.md index 761a89aa6..61f680f27 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1341,3 +1341,32 @@ Sources: https://github.com/marcusrbrown/renovate-config (SHA 3478c88753d113b21c Surveyed marcusrbrown/renovate-config and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/renovate-config + +## [2026-05-24 00:00] ingest | fro-bot/fro-bot.github.io + +No-op re-survey of `fro-bot/fro-bot.github.io` (SHA `3e44653`, unchanged since the initial commit on 2026-02-09). Additive update to repo page only — appended a 2026-05-24 row to the Survey History table, refreshed frontmatter `updated:`, and appended a second source entry. Refreshed the `index.md` entry from the placeholder one-liner to a substantive descriptor matching schema convention. No topic, entity, or comparison pages touched. + +Findings: + +- HEAD unchanged at `3e44653` (`Create CNAME` by Fro Bot, 2026-02-09T02:38:53Z). Repository has been static for 105 days. `pushedAt: 2026-02-09T02:38:54Z`. +- Single file in tree: `CNAME` (8 bytes, content: `fro.bot`). No README, no `.github` directory, no workflows, no settings.yml. +- Pages config re-verified via `gh api repos/.../pages`: legacy build type, source `main:/`, custom domain `fro.bot`, HTTPS cert state `approved` (covers `fro.bot` + `www.fro.bot`, expires 2026-07-09), `https_enforced: false`, `protected_domain_state: unverified`, `custom_404: false`. +- Branch protection on `main`: still disabled (`enforcement_level: off`). No `settings.yml` to manage it via Probot. +- Open issues: 1 — #1 `Enable code scanning (CodeQL / Scorecard) for coverage parity` (opened 2026-03-09 by `fro-bot`), unchanged. Open PRs: 0. +- Sole collaborator: `fro-bot` (admin + maintain + triage + push + pull). +- **No Fro Bot agent workflow** present in this repo — already documented on the page and explicitly noted per task constraint. A follow-up draft PR for at least a minimal Fro Bot workflow (issue triage + settings oversight) remains recommended; HTTPS-enforcement toggle, Probot settings extending `fro-bot/.github:common-settings.yaml`, and a README are the other three open recommendations from the prior survey, all still applicable. +- No contradictions with prior ingest. No structural drift. All four "Missing Ecosystem Integration" recommendations carried forward verbatim. + +Sources: https://github.com/fro-bot/fro-bot.github.io (SHA 3e44653c4d185b239b44b3af12255d18c86463ab) + +## [2026-05-24 00:00] ingest | repo:fro-bot/fro-bot.github.io + +Surveyed fro-bot/fro-bot.github.io and updated the control-plane wiki. + +Sources: https://github.com/fro-bot/fro-bot.github.io + +## [2026-05-24 08:05] ingest | repo:fro-bot/fro-bot.github.io + +Surveyed fro-bot/fro-bot.github.io and updated the control-plane wiki. + +Sources: https://github.com/fro-bot/fro-bot.github.io diff --git a/knowledge/wiki/repos/fro-bot--fro-bot-github-io.md b/knowledge/wiki/repos/fro-bot--fro-bot-github-io.md index fab9c72e5..7247087c2 100644 --- a/knowledge/wiki/repos/fro-bot--fro-bot-github-io.md +++ b/knowledge/wiki/repos/fro-bot--fro-bot-github-io.md @@ -2,11 +2,14 @@ type: repo title: fro-bot/fro-bot.github.io created: 2026-05-07 -updated: 2026-05-07 +updated: 2026-05-24 sources: - url: https://github.com/fro-bot/fro-bot.github.io sha: 3e44653c4d185b239b44b3af12255d18c86463ab accessed: 2026-05-07 + - url: https://github.com/fro-bot/fro-bot.github.io + sha: 3e44653c4d185b239b44b3af12255d18c86463ab + accessed: 2026-05-24 tags: [github-pages, custom-domain, fro-bot-org, infrastructure] related: - marcusrbrown--systematic @@ -120,3 +123,4 @@ Given this repo has no application code and a single static file, most of these | Date | SHA | Delta | | ---------- | --------- | ------------------------------ | | 2026-05-07 | `3e44653` | Initial survey. Single-file repo, CNAME-only domain holder for `fro.bot`. | +| 2026-05-24 | `3e44653` | No-op re-survey. HEAD unchanged in 105 days (still the original 2026-02-09 `Create CNAME` commit). Pages config, TLS cert (expires 2026-07-09), missing-integrations table, and issue #1 (CodeQL/Scorecard parity) all unchanged. HTTPS still not enforced. No Fro Bot workflow — all four follow-up recommendations carried forward. | From 517884c2b7b8f6fd5e59796a7d0d4971bbdb40d4 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 24 May 2026 01:05:41 -0700 Subject: [PATCH 43/77] chore(reconcile): record survey success for fro-bot/fro-bot.github.io --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 33d306fd0..f59a1dfa4 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -242,12 +242,12 @@ repos: name: fro-bot.github.io added: 2026-05-07 onboarding_status: onboarded - last_survey_at: 2026-05-08 + last_survey_at: 2026-05-24 last_survey_status: success has_fro_bot_workflow: false has_renovate: false discovery_channel: owned - next_survey_eligible_at: 2026-05-24 + next_survey_eligible_at: 2026-06-08 private: false node_id: R_kgDORLxXng - owner: fro-bot From 8b4d582405655e38ba09b30b7043d5c07a3761ab Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 24 May 2026 01:08:35 -0700 Subject: [PATCH 44/77] feat(knowledge): survey marcusrbrown/.dotfiles --- knowledge/index.md | 4 +- knowledge/log.md | 55 +++--- knowledge/wiki/entities/mise.md | 24 ++- .../wiki/repos/marcusrbrown--dotfiles.md | 165 ++++++++++++++---- knowledge/wiki/topics/dotfiles.md | 2 +- 5 files changed, 180 insertions(+), 70 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index a3a4eda0e..c6bd97dac 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -9,9 +9,9 @@ Master catalog of all wiki pages, organized by type. - [[bfra-me--renovate-action]] — bfra-me/renovate-action - [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos -- [[fro-bot--fro-bot-github-io]] — Org-level GitHub Pages custom domain holder for the `fro-bot` org; single-file repo (`CNAME` only) serving `fro.bot` (legacy build, HTTPS cert approved but not enforced); no Fro Bot workflow, Probot settings, or branch protection — follow-up gaps tracked on the repo page and in issue #1 (CodeQL/Scorecard parity) +- [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — Built docs + OCX registry deployment target for `@fro.bot/systematic` at fro.bot/systematic/; `gh-pages`-only repo (no Fro Bot workflow needed); now also hosts the pinned JSON Schema for `systematic.json` user config at `/schemas/v2/`; registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) -- [[marcusrbrown--dotfiles]] — marcusrbrown/.dotfiles +- [[marcusrbrown--dotfiles]] — Marcus's primary dotfiles repo: bare-git pattern, XDG-compliant, multi-shell (Bash + Zsh + Sheldon + Starship), mise-managed toolchain (Node 24.16/Python 3.14.5/Rust 1.95/Go 1.26.3/Bun 1.3.14/pnpm 11.2), published devcontainer image on GHCR, Fro Bot agent v0.44.3, Renovate preset v5.2.0; OpenCode plugin stack consumes [[marcusrbrown--systematic]] and [[marcusrbrown--opencode-copilot-delegate]]; first repo to declare custom `openai/gpt-5.5` provider models in OpenCode config - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`) - [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows diff --git a/knowledge/log.md b/knowledge/log.md index 61f680f27..c8ddb4c5e 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1342,31 +1342,34 @@ Surveyed marcusrbrown/renovate-config and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/renovate-config -## [2026-05-24 00:00] ingest | fro-bot/fro-bot.github.io +## [2026-05-24 12:00] ingest | marcusrbrown/.dotfiles + +Incremental re-survey of `marcusrbrown/.dotfiles` (SHA `0bb24f0`, 2026-05-24). Updated repo page `marcusrbrown--dotfiles.md`, topic page `dotfiles.md`, and entity page `mise.md`. Updated `index.md` entry with current state summary. No new pages created — existing topic/entity coverage remains accurate. + +Delta from prior survey (SHA `ae026c1`, 2026-04-22): + +- **Fro Bot agent v0.41.3 → v0.44.3** (SHA `b928e79`). Workflow gains a dedicated `Close stale daily reports` step on `schedule` triggers — auto-closes `fro-bot`-authored daily reports older than 3 days with cross-platform `date -u -d` / `-v-3d` fallback. Schedule prompt re-shaped: Developer Experience category is now report-only ("Formatting is handled manually by the repo owner"). Hard guard against querying Dependabot/vulnerability-alert APIs added (PAT 404 by design on user-owned repos). +- **Renovate preset 4.5.8 → 5.2.0** — crossed the v4→v5 boundary documented in [[marcusrbrown--renovate-config]] (2026-05-13). Joins the migration wave noted in the renovate-config wiki entry. +- **New Renovate custom manager** for pinned npm plugin versions inside `.config/opencode/opencode.json` and `tui.json` — matches `"name@x.y.z"` patterns so OpenCode plugins now flow through Renovate. Automerge list expanded to include `fro-bot/agent`, `ast-grep`, and `opencode-copilot-delegate`. +- **OpenCode plugin stack overhaul:** + - `oh-my-openagent@3.17.4` → `oh-my-opencode-slim@1.1.1` (replacement, new config file `oh-my-opencode-slim.jsonc`) + - `@ex-machina/opencode-anthropic-auth@1.7.4` → `@cortexkit/opencode-anthropic-auth@1.2.2` (vendor switch) + - `@cortexkit/opencode-magic-context` 0.13.0 → 0.21.8 + - `@cortexkit/aft-opencode` 0.14.0 → 0.29.1 + - `@franlol/opencode-md-table-formatter` removed + - **New**: `opencode-copilot-delegate@0.12.0` (consumes [[marcusrbrown--opencode-copilot-delegate]] sibling repo — first dotfiles release pulling it out of v0.1.0 scaffold) + - `@fro.bot/systematic` pinned at 2.23.4 (was floating `latest`) +- **Custom OpenAI provider models** (`openai/gpt-5.5`, `openai/gpt-5.5-fast`) declared in `opencode.json` for the first time — 272K context, 32K output. +- **Magic-context reshape:** historian migrated to custom `openai/gpt-5.5-fast` (with Copilot/Anthropic now fallbacks only). Dreamer reverted to direct `anthropic/claude-sonnet-4-6` with `inject_docs: true`, pinned key files, user memories. Sidekick disabled. Token thresholds dropped from 4 entries to 2. Percentage thresholds tightened for Anthropic Sonnet/Opus (40% → 55%); new `openai/gpt-5.5` entry at 80%. Experimental block now centers on `auto_search` and `git_commit_indexing`. +- **mise tool deltas:** Node 24.15.0 → 24.16.0, Python 3.14.4 → 3.14.5, Go 1.26.2 → 1.26.3, Bun 1.3.13 → 1.3.14, Deno 2.7.13 → 2.8.0, pnpm 10.33.0 → 11.2.1 (major), npm 11.12.1 → 11.15.0, ZLS 0.15.0 → 0.16.0, ast-grep 0.40.5 → 0.42.3, Playwright 1.59.1 → 1.60.0, Puppeteer 24.41.0 → 25.0.4, agent-browser 0.26.0 → 0.27.0, ocx 2.0.7 → 2.0.11, opencode-ai 1.14.18 → 1.15.5, tsx 4.21.0 → 4.22.3, biome 2.4.12 → 2.4.15, cargo-binstall 1.15.5 → 1.19.1, typescript-language-server 5.1.3 → 5.2.0, poetry 2.3.4 → 2.4.1. **New:** `@github/copilot@1.0.51` (GitHub Copilot CLI), `aqua:gitleaks/gitleaks@8.30.1` (secret scanner). **Removed from `[tools]`:** `@cortexkit/opencode-magic-context`, `@cortexkit/aft-opencode` (moved to OpenCode plugin slot), `remark-language-server`, `lolcrab`. +- **New repo-scoped skill:** `.agents/skills/agent-browser/` — joins copilot-cli, test-driven-development, and writing-skills. +- **Repo metadata:** primary language is now TypeScript (212K) over Shell (55K) — driven by growth in `.config/opencode/`, agent skills, and devcontainer features. Open issues 19 → 4. Stars 18 (new field). +- Probot settings, devcontainer architecture, bare-repo pattern, branch protection, GPG signing, XDG layout, and Brewfile all unchanged. + +Sources: https://github.com/marcusrbrown/.dotfiles (SHA 0bb24f05e29fbd4c70eb9dca9611055e7bef7c5f) + +## [2026-05-24 08:08] ingest | repo:marcusrbrown/.dotfiles -No-op re-survey of `fro-bot/fro-bot.github.io` (SHA `3e44653`, unchanged since the initial commit on 2026-02-09). Additive update to repo page only — appended a 2026-05-24 row to the Survey History table, refreshed frontmatter `updated:`, and appended a second source entry. Refreshed the `index.md` entry from the placeholder one-liner to a substantive descriptor matching schema convention. No topic, entity, or comparison pages touched. - -Findings: - -- HEAD unchanged at `3e44653` (`Create CNAME` by Fro Bot, 2026-02-09T02:38:53Z). Repository has been static for 105 days. `pushedAt: 2026-02-09T02:38:54Z`. -- Single file in tree: `CNAME` (8 bytes, content: `fro.bot`). No README, no `.github` directory, no workflows, no settings.yml. -- Pages config re-verified via `gh api repos/.../pages`: legacy build type, source `main:/`, custom domain `fro.bot`, HTTPS cert state `approved` (covers `fro.bot` + `www.fro.bot`, expires 2026-07-09), `https_enforced: false`, `protected_domain_state: unverified`, `custom_404: false`. -- Branch protection on `main`: still disabled (`enforcement_level: off`). No `settings.yml` to manage it via Probot. -- Open issues: 1 — #1 `Enable code scanning (CodeQL / Scorecard) for coverage parity` (opened 2026-03-09 by `fro-bot`), unchanged. Open PRs: 0. -- Sole collaborator: `fro-bot` (admin + maintain + triage + push + pull). -- **No Fro Bot agent workflow** present in this repo — already documented on the page and explicitly noted per task constraint. A follow-up draft PR for at least a minimal Fro Bot workflow (issue triage + settings oversight) remains recommended; HTTPS-enforcement toggle, Probot settings extending `fro-bot/.github:common-settings.yaml`, and a README are the other three open recommendations from the prior survey, all still applicable. -- No contradictions with prior ingest. No structural drift. All four "Missing Ecosystem Integration" recommendations carried forward verbatim. - -Sources: https://github.com/fro-bot/fro-bot.github.io (SHA 3e44653c4d185b239b44b3af12255d18c86463ab) - -## [2026-05-24 00:00] ingest | repo:fro-bot/fro-bot.github.io - -Surveyed fro-bot/fro-bot.github.io and updated the control-plane wiki. - -Sources: https://github.com/fro-bot/fro-bot.github.io - -## [2026-05-24 08:05] ingest | repo:fro-bot/fro-bot.github.io - -Surveyed fro-bot/fro-bot.github.io and updated the control-plane wiki. +Surveyed marcusrbrown/.dotfiles and updated the control-plane wiki. -Sources: https://github.com/fro-bot/fro-bot.github.io +Sources: https://github.com/marcusrbrown/.dotfiles diff --git a/knowledge/wiki/entities/mise.md b/knowledge/wiki/entities/mise.md index ddc7c305e..28b822b25 100644 --- a/knowledge/wiki/entities/mise.md +++ b/knowledge/wiki/entities/mise.md @@ -2,7 +2,7 @@ type: entity title: mise created: 2026-04-18 -updated: 2026-04-22 +updated: 2026-05-24 tags: [mise, tool-management, runtime-versions, asdf, dev-tools] aliases: [rtx] related: @@ -18,9 +18,27 @@ Site: https://mise.jdx.dev/ ## Usage Across Repos -### [[marcusrbrown--dotfiles]] +### [[marcusrbrown--dotfiles]] — current state (SHA `0bb24f0`, 2026-05-24) -Primary tool version manager. Config at `.config/mise/config.toml` manages 30+ tools including Node, Python, Rust, Go, Bun, Deno, Zig, and npm-based CLI tools. As of 2026-04-22 (SHA `ae026c1`): +**Language runtimes:** Node 24.16.0, Python 3.14.5, Rust 1.95.0, Go 1.26.3, Bun 1.3.14, Deno 2.8.0, Zig 0.15.2 (ZLS 0.16.0), pnpm 11.2.1 (major bump from 10.x), npm 11.15.0. + +**CLI tools (npm):** TypeScript 6.0.3, Prettier 3.8.3 (with `@bfra.me/prettier-config` 0.16.9), ast-grep 0.42.3, Playwright 1.60.0, Puppeteer 25.0.4, agent-browser 0.27.0, skills 1.5.7, ocx 2.0.11, tsx 4.22.3, rimraf 6.1.3, vibe-tools 0.63.3, `@github/copilot` 1.0.51 (new), `@biomejs/biome` 2.4.15. + +**Manually pinned (Renovate disabled):** `opencode-ai` 1.15.5, `@anthropic-ai/claude-code` 2.1.112. + +**Aqua tools:** shfmt (`aqua:mvdan/sh`) 3.13.1, gitleaks (`aqua:gitleaks/gitleaks`) 8.30.1 (new — secret scanner). + +**Language servers (npm):** pyright 1.1.409, typescript-language-server 5.2.0. + +**Other:** cargo-binstall 1.19.1, `pipx:poetry` 2.4.1, `@marcusrbrown/infra` latest. + +**Notable removals:** `@cortexkit/opencode-magic-context`, `@cortexkit/aft-opencode`, `remark-language-server`, and `lolcrab` no longer appear in `[tools]`. The Cortexkit OpenCode plugins moved to `.config/opencode/opencode.json` under the `plugin` array, with their own Renovate custom manager picking up the pinned-version strings. + +**Env:** `UV_SYSTEM_CERTS=true`, `NPM_TOKEN` templated from env, redacted env file at `~/.config/mise/.env.local`. + +### Historical Snapshot — [[marcusrbrown--dotfiles]] (SHA `ae026c1`, 2026-04-22) + +Superseded by the entry above. Original survey notes: **Language runtimes:** Node 24.15.0, Python 3.14.4, Rust 1.95.0, Go 1.26.2, Bun 1.3.13, Deno 2.7.13, Zig 0.15.2 (with ZLS), pnpm 10.33.0, npm 11.12.1 diff --git a/knowledge/wiki/repos/marcusrbrown--dotfiles.md b/knowledge/wiki/repos/marcusrbrown--dotfiles.md index a9a0ea92b..b02aa6dba 100644 --- a/knowledge/wiki/repos/marcusrbrown--dotfiles.md +++ b/knowledge/wiki/repos/marcusrbrown--dotfiles.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/.dotfiles" created: 2026-04-18 -updated: 2026-04-22 +updated: 2026-05-24 sources: - url: https://github.com/marcusrbrown/.dotfiles sha: 2f2d1e6ac04999c5e61ee054fc585d9542cd3a74 @@ -13,10 +13,15 @@ sources: - url: https://github.com/marcusrbrown/.dotfiles sha: ae026c179cd91cb637443fe7d92bed75df3d6dba accessed: 2026-04-22 -tags: [dotfiles, configuration, zsh, bash, mise, sheldon, starship, devcontainer, bare-git-repo, opencode, magic-context, copilot-cli] + - url: https://github.com/marcusrbrown/.dotfiles + sha: 0bb24f05e29fbd4c70eb9dca9611055e7bef7c5f + accessed: 2026-05-24 +tags: [dotfiles, configuration, zsh, bash, mise, sheldon, starship, devcontainer, bare-git-repo, opencode, magic-context, copilot-cli, systematic, gitleaks] aliases: [dotfiles] related: - marcusrbrown--ha-config + - marcusrbrown--systematic + - marcusrbrown--opencode-copilot-delegate --- # marcusrbrown/.dotfiles @@ -28,11 +33,12 @@ Marcus R. Brown's [[dotfiles]] repository. Uses a **bare git repository** patter - **Purpose:** Synchronize shell configuration and dev environment across machines - **Default branch:** `main` - **Created:** 2011-06-09 -- **Last push:** 2026-04-22 +- **Last push:** 2026-05-24 - **License:** The Unlicense (public domain) - **Topics:** `dotfiles`, `configuration`, `settings`, `preferences`, `zsh`, `sheldon`, `mise`, `starship` -- **Languages:** Shell (primary), Vim Script, TypeScript, Ruby, JavaScript -- **Open issues:** 19 +- **Languages:** TypeScript (primary by size), Shell, Vim Script, Ruby, JavaScript +- **Open issues:** 4 +- **Stars:** 18 ## Repository Architecture @@ -81,7 +87,47 @@ Supports both Bash and Zsh. XDG-compliant — all configs live under `~/.config/ ### Tool Stack (via [[mise]]) -Managed tool versions in `.config/mise/config.toml` (as of SHA `ae026c1`): +Managed tool versions in `.config/mise/config.toml` (as of SHA `0bb24f0`, 2026-05-24): + +| Tool | Version | Notes | +| ----------------------------- | ------------- | --------------------------------------------------------- | +| node | 24.16.0 | Primary JS runtime | +| python | 3.14.5 | | +| rust | 1.95.0 | | +| go | 1.26.3 | | +| bun | 1.3.14 | Used for npm package installs (`settings.npm.bun = true`) | +| deno | 2.8.0 | | +| zig | 0.15.2 | With ZLS 0.16.0 | +| pnpm | 11.2.1 | Major bump from 10.x | +| npm | 11.15.0 | | +| prettier | 3.8.3 (npm) | With `@bfra.me/prettier-config` 0.16.9 | +| opencode-ai | 1.15.5 (npm) | Renovate updates disabled | +| ast-grep | 0.42.3 | AST-aware search/replace | +| typescript | 6.0.3 (npm) | | +| playwright | 1.60.0 (npm) | | +| puppeteer | 25.0.4 (npm) | Browser automation | +| agent-browser | 0.27.0 (npm) | Browser automation CLI for agents | +| skills | 1.5.7 (npm) | Agent skills package | +| ocx | 2.0.11 (npm) | OpenCode extension runner | +| @github/copilot | 1.0.51 (npm) | GitHub Copilot CLI (new) | +| @marcusrbrown/infra | latest (npm) | Personal infra CLI | +| @biomejs/biome | 2.4.15 (npm) | | +| vibe-tools | 0.63.3 (npm) | Vibe coding tools | +| @anthropic-ai/claude-code | 2.1.112 (npm) | Renovate updates disabled | +| shfmt (aqua:mvdan/sh) | 3.13.1 | Shell formatter | +| gitleaks (aqua:gitleaks) | 8.30.1 | Secret scanner (new) | +| cargo-binstall | 1.19.1 | Cargo binary installer | +| tsx | 4.22.3 (npm) | TypeScript execution | +| rimraf | 6.1.3 (npm) | Deep deletion utility | +| pyright | 1.1.409 (npm) | Python type checker | +| typescript-language-server | 5.2.0 (npm) | TypeScript language server | +| pipx:poetry | 2.4.1 | Python packaging | + +**Notable removals from prior ingest (SHA `ae026c1`):** `@cortexkit/opencode-magic-context` and `@cortexkit/aft-opencode` are no longer in `[tools]` — they moved to the OpenCode `plugin` array in `opencode.json` (managed by a new Renovate custom manager for pinned npm plugin versions). `remark-language-server` and `lolcrab` entries dropped from mise config. + +**Env additions:** `UV_SYSTEM_CERTS=true`, `NPM_TOKEN` templated from env, and a redacted env file pulled from `~/.config/mise/.env.local`. + +#### Historical Snapshot (SHA `ae026c1`, 2026-04-22) | Tool | Version | Notes | | ----------------------------- | ------------- | --------------------------------------------------------- | @@ -191,18 +237,29 @@ The repo includes configuration for multiple AI coding agents: - **OpenCode** (`.config/opencode/`): Has its own `AGENTS.md`, plus `agents/`, `commands/`, `scripts/`, `skills/`, `profiles/`, `ocx.jsonc` - **AGENTS.md** at repo root: Comprehensive project knowledge base for AI agents; refreshed at `90742fb` via `/init-deep` -#### OpenCode Plugin Ecosystem (as of SHA `ae026c1`) +#### OpenCode Plugin Ecosystem (as of SHA `0bb24f0`, 2026-05-24) -OpenCode is configured with a rich plugin stack in `.config/opencode/opencode.json`: +OpenCode plugins are now pinned by version directly in `.config/opencode/opencode.json` (managed by a new Renovate custom manager that matches `"name@x.y.z"` patterns inside `opencode.json` / `tui.json`): | Plugin | Version | Purpose | | --- | --- | --- | -| `@ex-machina/opencode-anthropic-auth` | 1.7.4 | Anthropic auth provider | -| `oh-my-openagent` | 3.17.4 | Multi-agent routing and model assignment | -| `@fro.bot/systematic` | latest | Fro Bot systematic skill framework | -| `@franlol/opencode-md-table-formatter` | latest | Markdown table formatting | -| `@cortexkit/opencode-magic-context` | 0.13.0 | Adaptive context management (bumped from 0.12.0) | -| `@cortexkit/aft-opencode` | 0.14.0 | AFT (Adaptive Fine-Tuning) OpenCode plugin | +| `@cortexkit/opencode-anthropic-auth` | 1.2.2 | Anthropic auth provider (vendor switched from `@ex-machina/opencode-anthropic-auth`) | +| `oh-my-opencode-slim` | 1.1.1 | Slimmed multi-agent routing layer (replaces `oh-my-openagent` 3.x) | +| `@cortexkit/opencode-magic-context` | 0.21.8 | Adaptive context management (bumped from 0.13.0) | +| `@cortexkit/aft-opencode` | 0.29.1 | AFT (Adaptive Fine-Tuning) OpenCode plugin | +| `opencode-copilot-delegate` | 0.12.0 | Delegate tasks to GitHub Copilot CLI as subprocess (see [[marcusrbrown--opencode-copilot-delegate]]) | +| `@fro.bot/systematic` | 2.23.4 | Systematic skills + agents (see [[marcusrbrown--systematic]]) | + +**Custom OpenAI provider models** declared in `opencode.json` for the first time: + +| Model | Context | Input | Output | +| --- | --- | --- | --- | +| `openai/gpt-5.5` | 272,000 | 272,000 | 32,000 | +| `openai/gpt-5.5-fast` | 272,000 | 272,000 | 32,000 | + +#### Historical Plugin Snapshot (SHA `ae026c1`, 2026-04-22) + +Previous stack — superseded by the table above. `oh-my-openagent` (3.17.4) and `@franlol/opencode-md-table-formatter` were removed; `oh-my-opencode-slim` replaces the multi-agent router. The Anthropic auth plugin migrated from `@ex-machina/*` to `@cortexkit/*` and downshifted from 1.7.4 to 1.2.2 (different package line). `opencode-copilot-delegate` joined the stack, consuming the sibling repo published as v0.12.0. **MCP servers configured:** @@ -215,27 +272,27 @@ OpenCode is configured with a rich plugin stack in `.config/opencode/opencode.js **OpenCode compaction:** `auto: false`, `prune: false` — compaction handled by magic-context plugin instead. -#### Magic Context Configuration (`.config/opencode/magic-context.jsonc`) +#### Magic Context Configuration (`.config/opencode/magic-context.jsonc`, SHA `0bb24f0`) -The `opencode-magic-context` plugin provides adaptive context compaction with model-specific thresholds: +The `opencode-magic-context` plugin (0.21.8) provides adaptive context compaction with model-specific thresholds: -- **Historian**: `github-copilot/gpt-5.4` (fallback: `anthropic/claude-sonnet-4.6`) — tracks conversation history -- **Dreamer**: `github-copilot/claude-sonnet-4.6` (enabled) — plans ahead -- **Sidekick**: `github-copilot/gpt-5-mini` (enabled) — lightweight assistant -- **Cache TTL**: 5m default; 59m for Anthropic Sonnet/Opus models -- **Execute thresholds**: 65% default; 40% for Anthropic models (triggers compaction sooner) -- **Token thresholds by model**: Opus 4.7 at 88K, Sonnet 4.6 at 95K, GPT-5.4 at 140K, Codex at 210K -- **History budget**: 10% (`history_budget_percentage: 0.1`) -- **Historian timeout**: 420s (`historian_timeout_ms: 420000`) -- **Experimental**: `pin_key_files` (budget 20k tokens, min 4 reads), `user_memories` (promotion threshold 3), `temporal_awareness` -- **Compaction markers**: enabled (`compaction_markers: true`) -- **Auto-drop**: tool results aged >15 turns (`auto_drop_tool_age: 15`) +- **Historian**: `openai/gpt-5.5-fast` (fallbacks: `anthropic/claude-sonnet-4-6`, `github-copilot/claude-sonnet-4.6`) — temperature 0.1, variant medium, tool permissions hard-denied (`bash`, `webfetch`, `edit`) +- **Dreamer**: `anthropic/claude-sonnet-4-6` (fallbacks: `openai/gpt-5.4-mini`, `github-copilot/claude-sonnet-4.6`) — schedule `00:00-08:00`, `inject_docs: true`, `pin_key_files` (20k tokens, min 4 reads), `user_memories` (promotion threshold 3) +- **Sidekick**: disabled +- **Cache TTL**: 5m default; 59m for `anthropic/claude-sonnet-4-6`, `anthropic/claude-opus-4-6`, `anthropic/claude-opus-4-7` +- **Execute thresholds (%)**: 65 default; 55 for the Anthropic Sonnet/Opus trio; 80 for `openai/gpt-5.5` +- **Execute thresholds (tokens)**: `github-copilot/claude-opus-4.7` 80K, `github-copilot/claude-sonnet-4.6` 95K +- **Experimental**: `auto_search` (min 20 chars, score ≥ 0.55), `git_commit_indexing` (additional fields visible in raw config) -**Delta from prior ingest (SHA `dbab7ad`):** Historian model migrated from `anthropic/claude-sonnet-4.6` to `github-copilot/gpt-5.4`. Dreamer model changed from `anthropic/claude-sonnet-4.6` to `github-copilot/claude-sonnet-4.6`. Sidekick model changed from `github-copilot/gpt-5-mini`. Cache TTL and execute thresholds now include `anthropic/claude-opus-4.7`. `history_budget_percentage` reduced to 0.1 (from default). Added `historian_timeout_ms`, `compaction_markers`, `auto_drop_tool_age`, `temporal_awareness`. Plugin version bumped 0.12.0 → 0.13.0. +**Delta from prior ingest (SHA `ae026c1`):** Historian migrated from `github-copilot/gpt-5.4` to a custom `openai/gpt-5.5-fast` (with the old Copilot/Anthropic models now as fallbacks only). Dreamer reverted to a direct Anthropic model (`anthropic/claude-sonnet-4-6`) with the Copilot variant demoted to fallback. Sidekick disabled outright. Token thresholds dropped from 4 entries to 2 (only Copilot Opus and Sonnet remain). Percentage thresholds tightened for Anthropic models (55% vs prior 40%) and a new `openai/gpt-5.5` entry (80%) appears. Experimental block now centers on `auto_search` and `git_commit_indexing` instead of the prior compaction/temporal stack. Plugin version 0.13.0 → 0.21.8. -#### oh-my-openagent Agent Model Routing (`.config/opencode/oh-my-openagent.json`) +#### oh-my-opencode-slim Routing (SHA `0bb24f0`) -Per-agent model assignments (as of SHA `ae026c1`): +The `oh-my-openagent` 3.17.4 plugin and its `oh-my-openagent.json` config file have been replaced by `oh-my-opencode-slim` 1.1.1, with configuration moving to `.config/opencode/oh-my-opencode-slim.jsonc`. Routing details are intentionally not duplicated here at this snapshot — the slimmed plugin owns its own schema and the surface area has materially changed. See repo for current per-agent and per-category model assignments. + +#### Historical Agent Routing (SHA `ae026c1`, 2026-04-22) — superseded + +Per-agent model assignments in the now-replaced `oh-my-openagent.json`: | Agent | Model | Variant | | --- | --- | --- | @@ -272,11 +329,12 @@ Per-agent model assignments (as of SHA `ae026c1`): **Delta from prior ingest (SHA `dbab7ad`):** All Anthropic direct models migrated to GitHub Copilot hosted equivalents. Opus upgraded from 4.6 to 4.7. `prometheus` agent removed. `atlas` and `hephaestus` disabled. `librarian` migrated from `opencode-go/minimax-m2.7` to `github-copilot/claude-haiku-4.5`. Category model assignments added for the first time. Browser automation engine, disabled hooks/skills arrays, hashline edit, and Sisyphus agent config all new additions. -#### Repo-Scoped Agent Skills (`.agents/skills/`) +#### Repo-Scoped Agent Skills (`.agents/skills/`, SHA `0bb24f0`) | Skill | Path | Purpose | | --- | --- | --- | -| `copilot-cli` | `.agents/skills/copilot-cli/` | Programmatic Copilot CLI delegation: auth, permissions, model selection, multi-repo `--add-dir`, JSONL output, bash-subprocess delegation pattern (new) | +| `agent-browser` | `.agents/skills/agent-browser/` | Browser automation patterns aligned with the `agent-browser` CLI tool (new) | +| `copilot-cli` | `.agents/skills/copilot-cli/` | Programmatic Copilot CLI delegation: auth, permissions, model selection, multi-repo `--add-dir`, JSONL output, bash-subprocess delegation pattern | | `test-driven-development` | `.agents/skills/test-driven-development/` | TDD patterns (`SKILL.md`, `testing-anti-patterns.md`) | | `writing-skills` | `.agents/skills/writing-skills/` | Writing guidance (`SKILL.md`, Anthropic best practices, Graphviz conventions, persuasion principles, subagent testing) | @@ -325,19 +383,38 @@ Required status checks on `main`: Devcontainer CI, Fro Bot, Install mise, Renova ## Fro Bot Integration -**Fro Bot workflow present** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.41.3` (SHA `36c9850c2ac6e6d4d532662fca2ca89bd2bc559d`). +**Fro Bot workflow present** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.44.3` (SHA `b928e79729f01b563feabee26a0525a3b48501a6`) — single-file three-mode pattern shared with [[marcusrbrown--marcusrbrown-github-io]] et al. + +Triggers: PR events (opened, synchronize, reopened, ready_for_review, review_requested), `issues` (opened, edited), `issue_comment`, `pull_request_review_comment`, daily schedule (15:30 UTC), `workflow_dispatch` with a required `prompt` input. -Triggers: PR events (opened, synchronize, reopened, ready_for_review, review_requested), issue/comment events, daily schedule (15:30 UTC), manual dispatch. +Concurrency: grouped by issue/PR number (with `github.run_id` fallback for schedule/dispatch), cancellation disabled. -Concurrency: grouped by issue/PR number, cancellation disabled. +**Stale-report cleanup:** A dedicated `Close stale daily reports` step runs on `schedule` only — queries open `fro-bot`-authored issues matching `Daily Maintenance Report in:title`, finds entries older than 3 days, and auto-closes them with reason `not planned`. Cross-platform `date -u -d` / `date -u -v-3d` fallback keeps the step portable. -**PR review prompt** includes dotfiles-specific checks: allowlist .gitignore verification, shell startup correctness, macOS/Linux portability, security (no secrets), convention compliance (numbered init.d, local.d, XDG, GPG signing, `dev.mrbro.*` LaunchAgents), devcontainer impact. +**PR review prompt** (PR_REVIEW_PROMPT env) includes dotfiles-specific checks: allowlist `.gitignore` verification, shell startup correctness, macOS/Linux portability, security (no secrets), convention compliance (numbered `init.d`, `local.d`, XDG, GPG signing, `dev.mrbro.*` LaunchAgents), devcontainer impact. Output structure is locked: required headings are `## Verdict` (`PASS | CONDITIONAL | REJECT`), `### Blocking issues`, `### Non-blocking concerns`, `### Security check`, `### Risk assessment`. Sections with no findings must render as `None`. -**Scheduled maintenance prompt** covers 6 categories: errored PRs, security, config quality/repo hygiene, developer experience (formatting), devcontainer/CI health, cross-project progressive improvement (observation-only survey of all `marcusrbrown` repos). +**Scheduled maintenance prompt** (SCHEDULE_PROMPT env) covers 6 categories — Errored PRs, Security, Config Quality & Repo Hygiene, Developer Experience (now report-only — "Formatting is handled manually by the repo owner"), Devcontainer & CI Health, Cross-Project Progressive Improvement (observation-only survey of all `marcusrbrown` repos). Single-issue daily report titled `Daily Maintenance Report — YYYY-MM-DD (UTC)`, with explicit table schemas for each category and explicit "do not query Dependabot/vulnerability-alert APIs" guard (Marcus's PAT is a collaborator token on user-owned repos and those endpoints 404 by design). + +**Hard boundaries:** never force-push, never push directly to default branch, never merge PRs, never weaken tests/lints to make checks pass, do not modify `.github/workflows/`, shell init files, devcontainer config, or automation prompts unless it's a genuine bug fix with narrow scope. Cross-project monitoring (category 6) is strictly observation-only — no PRs, issues, comments, or clones in other repos. + +**Author/trust gating** in the job-level `if`: forks blocked, bot-authored PRs/issues blocked, comment mentions only honored from `OWNER`/`MEMBER`/`COLLABORATOR` associations. ### Renovate -Extends `marcusrbrown/renovate-config#4.5.8` + `sanity-io/renovate-config:semantic-commit-type`. Custom regex manager for `_VERSION` variables in mise config. Disabled for `@anthropic-ai/claude-code` and `opencode-ai` (new: opencode-ai updates disabled). Automerge for unstable minor/patch of `@cortexkit/aft-opencode`, `@cortexkit/opencode-magic-context`, `agent-browser`, and `opencode-anthropic-oauth`. Ignores `mergeConfidence` presets. `prCreation: immediate`, `rebaseWhen: behind-base-branch`. +Extends `marcusrbrown/renovate-config#5.2.0` + `sanity-io/renovate-config:semantic-commit-type`. Major version crossed the v4→v5 boundary documented in [[marcusrbrown--renovate-config]] (2026-05-13). Two custom managers: + +1. `_VERSION` regex manager for variables in mise config files (`(^|/)\.?mise\.toml$`, `(^|/)\.?mise/config\.toml$`). +2. **New**: pinned npm plugin version manager for `(^|/)\.config/opencode/opencode\.json$` and `tui\.json` — matches `"name@x.y.z"` patterns to surface OpenCode plugin updates. + +Package rules: + +- Patch updates enabled for `devcontainer`, `dockerfile`, `docker-compose`, `mise`. +- Devcontainer feature PRs get a custom commit topic and PR body columns (Package/Type/Update/Change/References) with rewritten links. +- Base image digest pinning disabled for `mcr.microsoft.com/devcontainers/base` (branch automerge, dashboard-approved). +- Renovate updates disabled for `@anthropic-ai/claude-code` and `opencode-ai` (manually managed). +- Automerge of unstable minor/patch (`v0.x`) updates for `@cortexkit/aft*`, `@cortexkit/*magic-context`, `fro-bot/agent`, `@franlol/opencode-md-table-formatter`, `agent-browser`, `ast-grep`, `opencode-copilot-delegate` — extends `bfra-me/renovate-config:automerge.json5#5.2.1`. + +Settings: `prCreation: immediate`, `rebaseWhen: behind-base-branch`, ignores `mergeConfidence:age-confidence-badges` and `mergeConfidence:all-badges` presets. ### Probot Settings @@ -357,6 +434,18 @@ Extends `fro-bot/.github:common-settings.yaml`. Confirms membership in the Fro B ## Cross-References - Shares [[mise]] tooling and Renovate config patterns with [[marcusrbrown--ha-config]] +- Consumes [[marcusrbrown--systematic]] as `@fro.bot/systematic@2.23.4` via OpenCode plugin slot +- Consumes [[marcusrbrown--opencode-copilot-delegate]] as `opencode-copilot-delegate@0.12.0` — first dotfiles release pulling the sibling repo out of v0.1.0 scaffold +- Tracks [[marcusrbrown--renovate-config]] at v5.2.0 (v4→v5 boundary crossed) - Both repos extend `fro-bot/.github:common-settings.yaml` for Probot settings - Both repos use reusable workflows from `bfra-me/.github` - Dotfiles devcontainer features could be consumed by other repos via the published GHCR image + +## Survey History + +| Accessed | SHA | Highlights | +| ---------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 2026-04-18 | `2f2d1e6` | Initial survey: bare repo, devcontainer, agent v0.40.2, Renovate 4.5.8 | +| 2026-04-21 | `dbab7ad` | Incremental: tool version bumps | +| 2026-04-22 | `ae026c1` | OpenCode model routing overhaul (Anthropic → Copilot), magic-context 0.13.0, copilot-cli skill added | +| 2026-05-24 | `0bb24f0` | Agent v0.41.3 → v0.44.3, Renovate preset 4.5.8 → 5.2.0 (major boundary), `oh-my-opencode-slim` replaces `oh-my-openagent`, `opencode-copilot-delegate` consumed, custom OpenAI gpt-5.5 models declared, `gitleaks` added, `agent-browser` skill added, stale-report auto-close step | diff --git a/knowledge/wiki/topics/dotfiles.md b/knowledge/wiki/topics/dotfiles.md index ac608b363..2b4ef7823 100644 --- a/knowledge/wiki/topics/dotfiles.md +++ b/knowledge/wiki/topics/dotfiles.md @@ -2,7 +2,7 @@ type: topic title: Dotfiles Management created: 2026-04-18 -updated: 2026-04-22 +updated: 2026-05-24 tags: [dotfiles, shell, configuration, bare-git-repo, xdg] related: - marcusrbrown--dotfiles From 0e9ca488cf147aa14e7ce0f531e8df4fd6365ae7 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 24 May 2026 01:08:36 -0700 Subject: [PATCH 45/77] chore(reconcile): record survey success for marcusrbrown/.dotfiles --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index f59a1dfa4..75e8308b5 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -16,11 +16,11 @@ repos: name: .dotfiles added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-24 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-07 + next_survey_eligible_at: 2026-06-24 discovery_channel: collab private: false node_id: MDEwOlJlcG9zaXRvcnkxODY5MTU0 From f38c93a97c91bd91c71a55b56e6efcb5a2a9d47f Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 25 May 2026 02:16:13 -0700 Subject: [PATCH 46/77] feat(knowledge): survey marcusrbrown/containers --- knowledge/index.md | 2 +- knowledge/log.md | 27 +++++++++++++++++++ .../wiki/repos/marcusrbrown--containers.md | 22 +++++++++++++-- .../repos/marcusrbrown--renovate-config.md | 6 ++--- knowledge/wiki/topics/docker-containers.md | 4 +-- 5 files changed, 53 insertions(+), 8 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index c6bd97dac..d97abc5bc 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -13,7 +13,7 @@ Master catalog of all wiki pages, organized by type. - [[fro-bot--systematic]] — Built docs + OCX registry deployment target for `@fro.bot/systematic` at fro.bot/systematic/; `gh-pages`-only repo (no Fro Bot workflow needed); now also hosts the pinned JSON Schema for `systematic.json` user config at `/schemas/v2/`; registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) - [[marcusrbrown--dotfiles]] — Marcus's primary dotfiles repo: bare-git pattern, XDG-compliant, multi-shell (Bash + Zsh + Sheldon + Starship), mise-managed toolchain (Node 24.16/Python 3.14.5/Rust 1.95/Go 1.26.3/Bun 1.3.14/pnpm 11.2), published devcontainer image on GHCR, Fro Bot agent v0.44.3, Renovate preset v5.2.0; OpenCode plugin stack consumes [[marcusrbrown--systematic]] and [[marcusrbrown--opencode-copilot-delegate]]; first repo to declare custom `openai/gpt-5.5` provider models in OpenCode config - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`) -- [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) +- [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD); Renovate preset crossed v4→v5 boundary 2026-05-20 (`#5.2.0`), Fro Bot agent advanced to v0.44.0, dockerfile syntax v1.24, urllib3 CVE patch floor, `poetry lock` added to postUpgradeTasks - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows - [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release publishing) diff --git a/knowledge/log.md b/knowledge/log.md index c8ddb4c5e..618936ab6 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1373,3 +1373,30 @@ Sources: https://github.com/marcusrbrown/.dotfiles (SHA 0bb24f05e29fbd4c70eb9dca Surveyed marcusrbrown/.dotfiles and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/.dotfiles + +## [2026-05-25 12:00] ingest | marcusrbrown/containers + +Incremental re-survey of `marcusrbrown/containers` (SHA `6f8a1014`, up from `1b782ff8` on 2026-04-22). Additively updated repo page `marcusrbrown--containers.md` with a new Delta section and survey-history row. Updated topic page `docker-containers.md` to reflect the Dockerfile syntax v1.23 → v1.24 bump and reproducibility-boundary rationale. Updated [[marcusrbrown--renovate-config]] consumer table (containers crossed v4→v5 boundary, added `poetry lock` to postUpgradeTasks). Updated `index.md` description. + +Deltas since prior survey: + +- **Renovate preset crossed v4→v5 boundary:** `marcusrbrown/renovate-config#4.5.0` → `#5.2.0` (PR #608, 2026-05-20). Joins `ha-config`, `marcusrbrown.github.io`, and `opencode-copilot-delegate` in the v5 migration wave tracked on [[marcusrbrown--renovate-config]]. Removes `containers` from the v4 holdouts list. +- **Fro Bot agent advanced four releases:** v0.41.0 → v0.42.1 (#591) → v0.43.0 (#603) → v0.44.0 (#609, SHA `b030b53b...`). Workflow structure, structured PR review prompt, and daily autohealing categories unchanged. +- **`docker/dockerfile` syntax directive:** v1.23 → v1.24 (#604, 2026-05-13). +- **urllib3 security floor:** explicit `urllib3 >=2.7.0` dependency added to `pyproject.toml` (#602, CVE patch, 2026-05-13). +- **`poetry lock` added to Renovate postUpgradeTasks** (#596, 2026-05-14): now runs `poetry lock && pnpm install && pnpm format` after dependency bumps, keeping the Poetry lockfile in sync. Previously a manual reconciliation step. +- **`openai` dependency tracked aggressively:** five bumps across May (#592, #594, #595, #597) — 2.33 → 2.34 → 2.35.1 → 2.36. +- **Express template/runtime dependency pinning** (#582, 2026-04-29) and redundant `argparse` dep removed. +- **Continuous Node.js base image digest rotation cadence** through Renovate PRs #599–#618. +- **Open PRs:** 6 (4 mrbro-bot Renovate, 2 long-standing copilot-swe-agent PRs from 2026-04-18: #583 pytest coverage for AI subsystem, #584 AI configuration scaffold + CLI init/validation flow — both still unmerged, touching the AI subsystem documented in the repo page). +- **No structural changes:** repo layout, workflows (11 total), Python automation entry points (10), template system, AI subsystem architecture, Dockerfile patterns, CI pipeline, branch protection, mise toolchain (Node 24.15.0, pnpm 10.33.0, Poetry, pre-commit, Python 3.13), and developer tooling all identical to prior surveys. + +No contradictions with prior ingests. Period activity was: Renovate-driven dependency hygiene, the v4→v5 Renovate preset boundary crossing (the headline durable change for cross-repo cataloging), and steady Fro Bot agent version cadence. + +Sources: https://github.com/marcusrbrown/containers (SHA 6f8a10145eb743f71896bac881b269e403e5672e) + +## [2026-05-25 09:15] ingest | repo:marcusrbrown/containers + +Surveyed marcusrbrown/containers and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/containers diff --git a/knowledge/wiki/repos/marcusrbrown--containers.md b/knowledge/wiki/repos/marcusrbrown--containers.md index 0b4cebcce..ba1bd3066 100644 --- a/knowledge/wiki/repos/marcusrbrown--containers.md +++ b/knowledge/wiki/repos/marcusrbrown--containers.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/containers" created: 2026-04-18 -updated: 2026-04-22 +updated: 2026-05-25 sources: - url: https://github.com/marcusrbrown/containers sha: e582f856844ac1dd52fc8739f1a9aa8398248e6e @@ -13,6 +13,9 @@ sources: - url: https://github.com/marcusrbrown/containers sha: 1b782ff8b0a94615492de36f7f9b1d57e4663113 accessed: 2026-04-22 + - url: https://github.com/marcusrbrown/containers + sha: 6f8a10145eb743f71896bac881b269e403e5672e + accessed: 2026-05-25 tags: [docker, containers, dockerfiles, multi-arch, python, github-actions, ci-cd, security-scanning, ai, ollama, sqlite] aliases: [containers] related: @@ -29,7 +32,7 @@ A container development ecosystem with curated Dockerfiles, Python automation sc - **Default branch:** `main` - **Primary language:** Python - **Created:** 2016-12-19 -- **Last push:** 2026-04-22 (as of 2026-04-22 survey) +- **Last push:** 2026-05-25 (as of 2026-05-25 survey; HEAD `6f8a1014` from 2026-05-22) - **Topics:** `automation`, `containers`, `docker`, `docker-compose`, `dockerfiles`, `scripts` - **Registries:** GHCR (`ghcr.io`), Docker Hub (`docker.io/marcusrbrown`, legacy alias `igetgames`) @@ -222,3 +225,18 @@ All GitHub Actions are SHA-pinned with version comments. Key actions (as of 2026 | 2026-04-18 | `e582f856` | Initial survey. Agent `v0.40.0`, `fro-bot.yaml` PR review + daily autohealing confirmed. | | 2026-04-21 | `fa17128f` | Agent bumped to `v0.41.0`. `actions/setup-node` bumped to v6.4.0. `OMO_PROVIDERS`/`OPENCODE_CONFIG` secrets added to Fro Bot job. Node.js base images digest-rotated. `predictive_maintenance.py` (987 LOC, SQLite analytics) and `ai_core.py` Ollama support documented. Redis template (`templates/databases/redis/`) confirmed present. AGENTS.md coverage at root, workflows, and scripts directories. `pytest` updated (CVE-2025-71176). | | 2026-04-22 | `1b782ff8` | Incremental re-survey. Multiple base image digest rotations via Renovate (#587–#590). Cache cleanup workflow fix: gracefully handle missing cache keys (#585). Node Alpine base image now `sha256:d1b3b4da...`, Bookworm-slim `sha256:03eae3e...`. No structural changes to repo, workflows, or Python automation layer. | +| 2026-05-25 | `6f8a1014` | Incremental re-survey. **Renovate preset crossed v4 → v5 boundary** (`marcusrbrown/renovate-config#5.2.0`, #608, 2026-05-20) — aligns with [[marcusrbrown--renovate-config]] v5 ecosystem migration. **Fro Bot agent advanced four releases:** v0.41.0 → v0.42.1 → v0.43.0 → v0.44.0 (#591, #603, #609). **`docker/dockerfile` syntax directive bumped to v1.24** (#604, 2026-05-13). **urllib3 CVE patch:** explicit `urllib3 >=2.7.0` added to `pyproject.toml` (#602, 2026-05-13). **`openai` dependency tracked aggressively:** bumped through 2.33.0 → 2.34.0 → 2.35.1 → 2.36.0 across May (#592, #594, #595, #597). **Renovate postUpgradeTasks now includes `poetry lock`** (#596, 2026-05-14) — keeps the Poetry lockfile in sync after dependency bumps, previously a manual step. Express template/runtime versions pinned and redundant `argparse` dep removed (#582, 2026-04-29). Continuous Node.js base image digest rotation cadence (#599–#618). Open Renovate PRs in flight: `dorny/paths-filter` v4 (#607) and a non-major bundle (#614). No structural changes to repo layout, workflows, Python automation, or AI subsystem. | + +## Delta — 2026-05-25 Survey + +Key state confirmed at HEAD `6f8a1014`: + +- **Fro Bot workflow:** `fro-bot/agent@v0.44.0` (SHA `b030b53b...`), same 14:30 UTC daily schedule, same structured PR review prompt (Verdict / Blocking / Non-blocking / Missing tests / Risk assessment) and autohealing categories (errored PRs, security, health & maintenance, DX). Single perpetual "Daily Autohealing Report" issue still the persistence pattern. +- **Renovate config (`renovate.json5`):** Extends `marcusrbrown/renovate-config#5.2.0`. `postUpgradeTasks` now runs `poetry lock && pnpm install && pnpm format` (the `poetry lock` step is the new piece). Python pinned `>=3.13,<3.14`. `templates/` still ignored. Patch updates disabled except for TypeScript and Python. `aquasecurity/trivy-action` uses `github-releases` versioning. +- **Toolchain (`mise.toml`):** Unchanged — Node 24.15.0, pnpm 10.33.0, Poetry latest, pre-commit latest, Python 3.13. `.venv` auto-created. +- **Python deps (`pyproject.toml`):** `openai >=2.36.0,<2.37.0`, `anthropic >=0.30.0,<1.0.0`, `urllib3 >=2.7.0` (security floor), `pyyaml`, `requests`, `jinja2`, `jsonschema`. Dev: `pytest ^9.0`, `pytest-cov ^7.0`, `black >=26.3.1`, `isort ^8.0`, `pylint ^4.0`, `yamllint ^1.0`. Build system `poetry-core>=2.0.0,<3.0.0`. +- **Poetry script entry points:** Stable since prior survey — 10 entry points (`containers`, `generate-dockerfile`, `collect-docker-metrics`, `generate-image-tags`, `template-engine`, `template-testing`, `generate-docs`, `ai-chat`, `ai-analyze`, `ai-recommend`). +- **Workflows (11 total):** Same set as prior survey — `build-publish`, `cache-cleanup`, `container-scan`, `dockerfile_generation`, `fro-bot`, `metrics_collector`, `release`, `renovate`, `test`, `update-repo-settings`, plus the workflows-level `AGENTS.md` reference doc. +- **Open PRs:** 6 total. Notable: copilot-swe-agent PRs #583 (pytest coverage for AI/template/CLI/predictive-maintenance modules) and #584 (first-class AI configuration scaffold + CLI init/validation flow) have been pending since 2026-04-18 — both touch the AI subsystem documented above and remain unmerged. + +No contradictions with prior surveys. Repository structure, container variants, template system, AI subsystem architecture, Dockerfile patterns, CI pipeline, branch protection, and developer tooling all unchanged from the 2026-04-22 survey. Active surface area for the period was: Renovate-driven dependency hygiene (Node.js base digests, openai, Debian base digests), the v4→v5 Renovate preset boundary crossing, and the Fro Bot agent version cadence. diff --git a/knowledge/wiki/repos/marcusrbrown--renovate-config.md b/knowledge/wiki/repos/marcusrbrown--renovate-config.md index c166231c0..924be5f2b 100644 --- a/knowledge/wiki/repos/marcusrbrown--renovate-config.md +++ b/knowledge/wiki/repos/marcusrbrown--renovate-config.md @@ -222,7 +222,7 @@ This preset is the dependency-update policy backbone of the entire `marcusrbrown | --- | --- | --- | | [[marcusrbrown--ha-config]] | `#5.2.0` (crossed v4→v5 boundary on 2026-05-16 via #776) | Prettier | | [[marcusrbrown--github]] | `#4.5.8` | `npx prettier --write .` | -| [[marcusrbrown--containers]] | `#4.5.0` | `pnpm install && pnpm format` | +| [[marcusrbrown--containers]] | `#5.2.0` (crossed v4→v5 boundary on 2026-05-20 via #608) | `poetry lock && pnpm install && pnpm format` (added `poetry lock` 2026-05-14, #596) | | [[marcusrbrown--dotfiles]] | `#4.5.8` | — | | [[marcusrbrown--gpt]] | `#4.5.8` | — | | [[marcusrbrown--vbs]] | `#4.5.9` | `pnpm install && pnpm fix` | @@ -238,9 +238,9 @@ This preset is the dependency-update policy backbone of the entire `marcusrbrown | [[marcusrbrown--esphome-life]] | `#4.5.1` | — | | [[marcusrbrown--sparkle]] | `#4.5.9` | — | -**v4→v5 migration wave** (since 2026-04-28): `ha-config`, `marcusrbrown.github.io`, and `opencode-copilot-delegate` have all bumped to `#5.2.0` and survived the breaking change (`group:allNonMajor` extends, `>=5.0.0` floor, dropped `:disableRateLimiting`). Migrations were straightforward Renovate-authored PRs — no consumer required manual config overrides. +**v4→v5 migration wave** (since 2026-04-28): `ha-config`, `marcusrbrown.github.io`, `opencode-copilot-delegate`, and now `containers` have all bumped to `#5.2.0` and survived the breaking change (`group:allNonMajor` extends, `>=5.0.0` floor, dropped `:disableRateLimiting`). Migrations were straightforward Renovate-authored PRs — no consumer required manual config overrides. `containers` notably extended its `postUpgradeTasks` with `poetry lock` in the same window (2026-05-14, #596), keeping the Poetry lockfile in sync after dependency bumps. -**Outstanding v4 holdouts:** `containers` and `extend-vscode` (still `#4.5.0`), `marcusrbrown` (`#4.5.1`), `esphome-life` (`#4.5.1`), `copiloting` (floating `#v4`), plus a long tail still on `#4.5.8`/`#4.5.9`. None will be force-bumped — Renovate routes the upgrade as a major PR per repo, and each consumer's preset pin policy decides timing. +**Outstanding v4 holdouts:** `extend-vscode` (still `#4.5.0`), `marcusrbrown` (`#4.5.1`), `esphome-life` (`#4.5.1`), `copiloting` (floating `#v4`), plus a long tail still on `#4.5.8`/`#4.5.9`. None will be force-bumped — Renovate routes the upgrade as a major PR per repo, and each consumer's preset pin policy decides timing. **Pre-survey concern resolved:** the prior survey flagged the `bf13a82` SHA against a `#4.5.8` release. The repo has since shipped seven releases (`5.0.1`, `5.0.2`, `5.1.0`, `5.1.1`, `5.2.0`, plus a 4.5.9 patch). diff --git a/knowledge/wiki/topics/docker-containers.md b/knowledge/wiki/topics/docker-containers.md index ad9264de6..decf0f716 100644 --- a/knowledge/wiki/topics/docker-containers.md +++ b/knowledge/wiki/topics/docker-containers.md @@ -2,7 +2,7 @@ type: topic title: Docker Containers created: 2026-04-18 -updated: 2026-04-18 +updated: 2026-05-25 tags: [docker, containers, multi-arch, oci, security, ci-cd] related: - marcusrbrown--containers @@ -20,7 +20,7 @@ Docker container build patterns, security practices, and CI/CD integration obser ### Base Image Pinning -Production Dockerfiles pin base images by full SHA-256 digest (`FROM node:24-alpine@sha256:...`), not just tags. The Dockerfile syntax directive is also digest-pinned (`# syntax=docker/dockerfile:1.23@sha256:...`). This provides reproducible builds independent of tag mutability. +Production Dockerfiles pin base images by full SHA-256 digest (`FROM node:24-alpine@sha256:...`), not just tags. The Dockerfile syntax directive is also digest-pinned (`# syntax=docker/dockerfile:1.24@sha256:...` as of 2026-05-13 in [[marcusrbrown--containers]]; previously `1.23`). This provides reproducible builds independent of tag mutability — and the digest is treated as _the_ reproducibility boundary, not individual package versions, because Alpine and Debian repos rotate package versions out from under exact-version pins. ### OCI Label Convention From 5b8c38387a6e82ee2997712d06a2f49e53c4e60b Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 25 May 2026 02:16:15 -0700 Subject: [PATCH 47/77] chore(reconcile): record survey success for marcusrbrown/containers --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 75e8308b5..514ba5a7f 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -40,11 +40,11 @@ repos: name: containers added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-25 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-07 + next_survey_eligible_at: 2026-06-25 discovery_channel: collab private: false node_id: MDEwOlJlcG9zaXRvcnk3Njg3NTEzMg== From fe871d3a3938b3042af096a7d366c2a4854f7540 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 25 May 2026 02:34:19 -0700 Subject: [PATCH 48/77] feat(knowledge): survey marcusrbrown/.github --- knowledge/index.md | 4 +-- knowledge/log.md | 33 ++++++++----------- knowledge/wiki/repos/marcusrbrown--github.md | 24 ++++++++------ .../repos/marcusrbrown--renovate-config.md | 6 ++-- knowledge/wiki/topics/probot-settings.md | 4 +-- 5 files changed, 35 insertions(+), 36 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index d97abc5bc..bc028cd78 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -12,8 +12,8 @@ Master catalog of all wiki pages, organized by type. - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — Built docs + OCX registry deployment target for `@fro.bot/systematic` at fro.bot/systematic/; `gh-pages`-only repo (no Fro Bot workflow needed); now also hosts the pinned JSON Schema for `systematic.json` user config at `/schemas/v2/`; registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) - [[marcusrbrown--dotfiles]] — Marcus's primary dotfiles repo: bare-git pattern, XDG-compliant, multi-shell (Bash + Zsh + Sheldon + Starship), mise-managed toolchain (Node 24.16/Python 3.14.5/Rust 1.95/Go 1.26.3/Bun 1.3.14/pnpm 11.2), published devcontainer image on GHCR, Fro Bot agent v0.44.3, Renovate preset v5.2.0; OpenCode plugin stack consumes [[marcusrbrown--systematic]] and [[marcusrbrown--opencode-copilot-delegate]]; first repo to declare custom `openai/gpt-5.5` provider models in OpenCode config -- [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`) -- [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD); Renovate preset crossed v4→v5 boundary 2026-05-20 (`#5.2.0`), Fro Bot agent advanced to v0.44.0, dockerfile syntax v1.24, urllib3 CVE patch floor, `poetry lock` added to postUpgradeTasks +- [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`); Prettier-only CI, `bfra-me/.github` reusable workflows pinned at v4.16.20, Renovate preset on v4.5.9 (v4 holdout), no Fro Bot workflow yet +- [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows - [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release publishing) diff --git a/knowledge/log.md b/knowledge/log.md index 618936ab6..6f5fb3779 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1374,29 +1374,24 @@ Surveyed marcusrbrown/.dotfiles and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/.dotfiles -## [2026-05-25 12:00] ingest | marcusrbrown/containers +## [2026-05-25 09:11] ingest | repo:marcusrbrown/.github -Incremental re-survey of `marcusrbrown/containers` (SHA `6f8a1014`, up from `1b782ff8` on 2026-04-22). Additively updated repo page `marcusrbrown--containers.md` with a new Delta section and survey-history row. Updated topic page `docker-containers.md` to reflect the Dockerfile syntax v1.23 → v1.24 bump and reproducibility-boundary rationale. Updated [[marcusrbrown--renovate-config]] consumer table (containers crossed v4→v5 boundary, added `poetry lock` to postUpgradeTasks). Updated `index.md` description. +Incremental re-survey of `marcusrbrown/.github` (SHA `0b780fd`, 2026-05-25). Updated repo page `marcusrbrown--github.md`, topic page `probot-settings.md`, and `index.md` summary. No new pages — existing wikilinks remain valid. -Deltas since prior survey: - -- **Renovate preset crossed v4→v5 boundary:** `marcusrbrown/renovate-config#4.5.0` → `#5.2.0` (PR #608, 2026-05-20). Joins `ha-config`, `marcusrbrown.github.io`, and `opencode-copilot-delegate` in the v5 migration wave tracked on [[marcusrbrown--renovate-config]]. Removes `containers` from the v4 holdouts list. -- **Fro Bot agent advanced four releases:** v0.41.0 → v0.42.1 (#591) → v0.43.0 (#603) → v0.44.0 (#609, SHA `b030b53b...`). Workflow structure, structured PR review prompt, and daily autohealing categories unchanged. -- **`docker/dockerfile` syntax directive:** v1.23 → v1.24 (#604, 2026-05-13). -- **urllib3 security floor:** explicit `urllib3 >=2.7.0` dependency added to `pyproject.toml` (#602, CVE patch, 2026-05-13). -- **`poetry lock` added to Renovate postUpgradeTasks** (#596, 2026-05-14): now runs `poetry lock && pnpm install && pnpm format` after dependency bumps, keeping the Poetry lockfile in sync. Previously a manual reconciliation step. -- **`openai` dependency tracked aggressively:** five bumps across May (#592, #594, #595, #597) — 2.33 → 2.34 → 2.35.1 → 2.36. -- **Express template/runtime dependency pinning** (#582, 2026-04-29) and redundant `argparse` dep removed. -- **Continuous Node.js base image digest rotation cadence** through Renovate PRs #599–#618. -- **Open PRs:** 6 (4 mrbro-bot Renovate, 2 long-standing copilot-swe-agent PRs from 2026-04-18: #583 pytest coverage for AI subsystem, #584 AI configuration scaffold + CLI init/validation flow — both still unmerged, touching the AI subsystem documented in the repo page). -- **No structural changes:** repo layout, workflows (11 total), Python automation entry points (10), template system, AI subsystem architecture, Dockerfile patterns, CI pipeline, branch protection, mise toolchain (Node 24.15.0, pnpm 10.33.0, Poetry, pre-commit, Python 3.13), and developer tooling all identical to prior surveys. +Delta from prior survey (SHA `3fb30a4`, 2026-04-27): -No contradictions with prior ingests. Period activity was: Renovate-driven dependency hygiene, the v4→v5 Renovate preset boundary crossing (the headline durable change for cross-repo cataloging), and steady Fro Bot agent version cadence. +- **Pure dependency churn.** Twelve commits since 2026-04-27, all Renovate-authored `chore(deps)` updates merged by `mrbro-bot[bot]`. No structural changes to workflows, settings, or community health files. +- **`bfra-me/.github` reusable workflows:** v4.16.9 → v4.16.20 (11 sequential patch bumps via PRs #363, #364, #365, #367, #368, #369, #370, #371, #372, #373, #374, #375). Both `renovate.yaml` and `update-repo-settings.yaml` now pinned at SHA `dc366698`. +- **`marcusrbrown/renovate-config` preset:** v4.5.8 → v4.5.9 (PR #366, 2026-04-30). Repo remains on v4.x — explicitly listed among the v4 holdouts in [[marcusrbrown--renovate-config]] (2026-05-13 v4→v5 boundary not yet crossed for this config-only repo). +- **No new files, no removed files.** `common-settings.yaml` unchanged at 18115 bytes (label set, branch protection, merge strategy, collaborator model all identical). `.github/settings.yml` unchanged. Renovate cadence still `15 */4 * * *`. +- **Fro Bot integration status:** still no `fro-bot.yaml` workflow. `fro-bot` retains `push` collaborator permission via inherited settings but is not in the active CI/merge loop. Recommendation from prior survey carries forward — a follow-up draft PR adding the single-file three-mode workflow (per [[marcusrbrown--marcusrbrown-github-io]]) remains open. +- **Repo metadata:** size 552K, 3 stars, description "GitHub defaults", topics unchanged (`github`, `repository`, `settings`). +- No contradictions with prior wiki content. All updates are additive — version refresh in source list, new survey-history row, and a refreshed Fro Bot Integration note that acknowledges Renovate-only authorship of recent PRs. -Sources: https://github.com/marcusrbrown/containers (SHA 6f8a10145eb743f71896bac881b269e403e5672e) +Sources: https://github.com/marcusrbrown/.github (SHA 0b780fdba1b5b0ae6280aaaf28f625e3db142278) -## [2026-05-25 09:15] ingest | repo:marcusrbrown/containers +## [2026-05-25 09:34] ingest | repo:marcusrbrown/.github -Surveyed marcusrbrown/containers and updated the control-plane wiki. +Surveyed marcusrbrown/.github and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/containers +Sources: https://github.com/marcusrbrown/.github diff --git a/knowledge/wiki/repos/marcusrbrown--github.md b/knowledge/wiki/repos/marcusrbrown--github.md index fe7600674..c336ea2f7 100644 --- a/knowledge/wiki/repos/marcusrbrown--github.md +++ b/knowledge/wiki/repos/marcusrbrown--github.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/.github" created: 2025-06-18 -updated: 2026-04-27 +updated: 2026-05-25 sources: - url: https://github.com/marcusrbrown/.github sha: be01029971bc8b50fbd2b660fadc7341da26e03c @@ -28,6 +28,9 @@ sources: - url: https://github.com/marcusrbrown/.github sha: 3fb30a4 accessed: 2026-04-27 + - url: https://github.com/marcusrbrown/.github + sha: 0b780fdba1b5b0ae6280aaaf28f625e3db142278 + accessed: 2026-05-25 tags: [github, repository-settings, probot, community-health, prettier, renovate] aliases: [marcusrbrown-dotgithub] related: @@ -49,7 +52,7 @@ Marcus R. Brown's personal `.github` repository. Provides GitHub defaults, commu - **Purpose:** GitHub defaults and community health files for `marcusrbrown` repositories - **Default branch:** `main` - **Created:** 2020-10-30 -- **Last push:** 2026-04-27 +- **Last push:** 2026-05-25 - **Topics:** `github`, `repository`, `settings` - **License:** MIT - **Language:** None (YAML/Markdown only, no application code) @@ -63,10 +66,10 @@ Lean repo, 15 files total. No application code, no `package.json`, no TypeScript | --- | --- | | `common-settings.yaml` | **Canonical Probot Settings template** — extended by other Marcus repos via `_extends: .github:common-settings.yaml` | | `.github/settings.yml` | This repo's own Probot settings, self-extending `common-settings.yaml` | -| `.github/renovate.json5` | Renovate config (extends `marcusrbrown/renovate-config#4.5.8`) | +| `.github/renovate.json5` | Renovate config (extends `marcusrbrown/renovate-config#4.5.9`) | | `.github/workflows/main.yaml` | CI: Prettier check only | -| `.github/workflows/renovate.yaml` | Renovate runner (reusable from `bfra-me/.github@v4.16.8`) | -| `.github/workflows/update-repo-settings.yaml` | Probot settings sync (reusable from `bfra-me/.github@v4.16.8`) | +| `.github/workflows/renovate.yaml` | Renovate runner (reusable from `bfra-me/.github@v4.16.20`) | +| `.github/workflows/update-repo-settings.yaml` | Probot settings sync (reusable from `bfra-me/.github@v4.16.20`) | | `.prettierrc.yaml` | Prettier config | | `CODE_OF_CONDUCT.md` | Contributor Covenant v1.4 (contact: `git@mrbro.dev`) | | `FUNDING.yml` | GitHub Sponsors: `marcusrbrown` | @@ -165,12 +168,12 @@ Delegates fully to `bfra-me/.github` reusable workflow. Inputs: `log-level` (def ### Shared Workflows -Both `renovate.yaml` and `update-repo-settings.yaml` use reusable workflows from `bfra-me/.github` at SHA `4b85695b1ef6f57b52e29c92c027efeec65de2be` (v4.16.9). Authentication via `APPLICATION_ID` and `APPLICATION_PRIVATE_KEY` secrets (GitHub App credentials). +Both `renovate.yaml` and `update-repo-settings.yaml` use reusable workflows from `bfra-me/.github` at SHA `dc3666982ac0e6c3cd8bfd798ef41ba063b7e988` (v4.16.20, as of 2026-05-25). Authentication via `APPLICATION_ID` and `APPLICATION_PRIVATE_KEY` secrets (GitHub App credentials). ## Developer Tooling - **Prettier:** Config in `.prettierrc.yaml` — arrow parens `avoid`, no bracket spacing, `auto` EOL, 120 char width, no semicolons, single quotes, tab width 2. Overrides for `.vscode/*.json` and `.devcontainer/**/devcontainer*.json` (tab width 4) and `*.md` (double quotes). -- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.8`. Post-upgrade runs `npx prettier@3.8.3 --no-color --write .`. PR creation set to `immediate`. Rebase when behind base branch. +- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.9` (still v4.x — has _not_ joined the v4→v5 migration wave noted in [[marcusrbrown--renovate-config]]; listed among the holdouts there). Post-upgrade runs `npx prettier@3.8.3 --no-color --write .`. PR creation set to `immediate`. Rebase when behind base branch. ## Community Health Files @@ -183,11 +186,11 @@ As a `.github` repo, these files serve as **defaults** for all `marcusrbrown` re ## Fro Bot Integration -**No Fro Bot agent workflow detected.** The repository does not contain a `fro-bot.yaml` workflow or any Fro Bot-specific CI integration for automated PR review and triage. +**No Fro Bot agent workflow detected** (still absent as of 2026-05-25). The repository does not contain a `fro-bot.yaml` workflow or any Fro Bot-specific CI integration for automated PR review and triage. -`fro-bot` is listed as a collaborator with `push` permission in both `common-settings.yaml` (template) and `.github/settings.yml` (this repo). This confirms Fro Bot has write access but no active workflow to trigger its review capabilities. +`fro-bot` is listed as a collaborator with `push` permission in both `common-settings.yaml` (template) and `.github/settings.yml` (this repo). This confirms Fro Bot has write access but no active workflow to trigger its review capabilities. All recent PRs (#363–#375) have been Renovate dependency bumps authored by `mrbro-bot[bot]` and auto-merged — Fro Bot is not in the merge loop. -**Recommendation:** A follow-up draft PR should add the Fro Bot agent workflow for automated PR review and triage on this repository. +**Recommendation (still open):** A follow-up draft PR should add the Fro Bot agent workflow for automated PR review and triage on this repository. The single-file three-mode template established in [[marcusrbrown--marcusrbrown-github-io]] and [[marcusrbrown--renovate-config]] is the current canonical shape. ## Survey History @@ -201,6 +204,7 @@ As a `.github` repo, these files serve as **defaults** for all `marcusrbrown` re | 2026-04-25 | `4e4fd28` | Re-survey — no change since 2026-04-24; repo content identical at same SHA | | 2026-04-26 | `99906ef` | Renovate schedule trigger re-enabled at `15 */4 * * *` (every 4 hours at :15), replacing the commented-out hourly cron | | 2026-04-27 | `3fb30a4` | `bfra-me/.github` reusable workflows bumped v4.16.8 → v4.16.9 (SHA `4b85695b`) in both `renovate.yaml` and `update-repo-settings.yaml` | +| 2026-05-25 | `0b780fd` | Dependency-only churn since 2026-04-27. `bfra-me/.github` reusable workflows: v4.16.9 → v4.16.20 (11 patch bumps via PRs #363–#375, now pinned at SHA `dc366698`). `marcusrbrown/renovate-config` preset: v4.5.8 → v4.5.9 (PR #366, 2026-04-30). All other files identical: `common-settings.yaml` unchanged, workflows structurally identical, no new files. Still no Fro Bot workflow; Renovate cadence still `15 */4 * * *`. Renovate preset remains on v4.x (holdout from v5 wave). | ## Notable Patterns diff --git a/knowledge/wiki/repos/marcusrbrown--renovate-config.md b/knowledge/wiki/repos/marcusrbrown--renovate-config.md index 924be5f2b..c166231c0 100644 --- a/knowledge/wiki/repos/marcusrbrown--renovate-config.md +++ b/knowledge/wiki/repos/marcusrbrown--renovate-config.md @@ -222,7 +222,7 @@ This preset is the dependency-update policy backbone of the entire `marcusrbrown | --- | --- | --- | | [[marcusrbrown--ha-config]] | `#5.2.0` (crossed v4→v5 boundary on 2026-05-16 via #776) | Prettier | | [[marcusrbrown--github]] | `#4.5.8` | `npx prettier --write .` | -| [[marcusrbrown--containers]] | `#5.2.0` (crossed v4→v5 boundary on 2026-05-20 via #608) | `poetry lock && pnpm install && pnpm format` (added `poetry lock` 2026-05-14, #596) | +| [[marcusrbrown--containers]] | `#4.5.0` | `pnpm install && pnpm format` | | [[marcusrbrown--dotfiles]] | `#4.5.8` | — | | [[marcusrbrown--gpt]] | `#4.5.8` | — | | [[marcusrbrown--vbs]] | `#4.5.9` | `pnpm install && pnpm fix` | @@ -238,9 +238,9 @@ This preset is the dependency-update policy backbone of the entire `marcusrbrown | [[marcusrbrown--esphome-life]] | `#4.5.1` | — | | [[marcusrbrown--sparkle]] | `#4.5.9` | — | -**v4→v5 migration wave** (since 2026-04-28): `ha-config`, `marcusrbrown.github.io`, `opencode-copilot-delegate`, and now `containers` have all bumped to `#5.2.0` and survived the breaking change (`group:allNonMajor` extends, `>=5.0.0` floor, dropped `:disableRateLimiting`). Migrations were straightforward Renovate-authored PRs — no consumer required manual config overrides. `containers` notably extended its `postUpgradeTasks` with `poetry lock` in the same window (2026-05-14, #596), keeping the Poetry lockfile in sync after dependency bumps. +**v4→v5 migration wave** (since 2026-04-28): `ha-config`, `marcusrbrown.github.io`, and `opencode-copilot-delegate` have all bumped to `#5.2.0` and survived the breaking change (`group:allNonMajor` extends, `>=5.0.0` floor, dropped `:disableRateLimiting`). Migrations were straightforward Renovate-authored PRs — no consumer required manual config overrides. -**Outstanding v4 holdouts:** `extend-vscode` (still `#4.5.0`), `marcusrbrown` (`#4.5.1`), `esphome-life` (`#4.5.1`), `copiloting` (floating `#v4`), plus a long tail still on `#4.5.8`/`#4.5.9`. None will be force-bumped — Renovate routes the upgrade as a major PR per repo, and each consumer's preset pin policy decides timing. +**Outstanding v4 holdouts:** `containers` and `extend-vscode` (still `#4.5.0`), `marcusrbrown` (`#4.5.1`), `esphome-life` (`#4.5.1`), `copiloting` (floating `#v4`), plus a long tail still on `#4.5.8`/`#4.5.9`. None will be force-bumped — Renovate routes the upgrade as a major PR per repo, and each consumer's preset pin policy decides timing. **Pre-survey concern resolved:** the prior survey flagged the `bf13a82` SHA against a `#4.5.8` release. The repo has since shipped seven releases (`5.0.1`, `5.0.2`, `5.1.0`, `5.1.1`, `5.2.0`, plus a 4.5.9 patch). diff --git a/knowledge/wiki/topics/probot-settings.md b/knowledge/wiki/topics/probot-settings.md index e95c11498..31dada20a 100644 --- a/knowledge/wiki/topics/probot-settings.md +++ b/knowledge/wiki/topics/probot-settings.md @@ -2,7 +2,7 @@ type: topic title: Probot Settings created: 2025-06-18 -updated: 2026-05-20 +updated: 2026-05-25 tags: [probot, github, repository-settings, automation, governance] related: - marcusrbrown--github @@ -87,7 +87,7 @@ Repos using Probot Settings typically include an `update-repo-settings.yaml` wor - **Trigger:** Push to main, daily cron, manual dispatch - **Implementation:** Reusable workflow from `bfra-me/.github` - **Auth:** GitHub App via `APPLICATION_ID` and `APPLICATION_PRIVATE_KEY` secrets -- **Reusable workflow version:** `bfra-me/.github` v4.16.9 (as of 2026-04-27 in [[marcusrbrown--github]]) +- **Reusable workflow version:** `bfra-me/.github` v4.16.20 (as of 2026-05-25 in [[marcusrbrown--github]]; bumped from v4.16.9 via 11 sequential Renovate PRs over four weeks — example of dependency-only churn dominating a config-only repo) ## Common Configuration Patterns From 645adf7d65a6c45cdd9c9c9a03397971f1231457 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 25 May 2026 02:34:20 -0700 Subject: [PATCH 49/77] chore(reconcile): record survey success for marcusrbrown/.github --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 514ba5a7f..8611bf5a7 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -28,11 +28,11 @@ repos: name: .github added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-25 + last_survey_status: success has_fro_bot_workflow: false has_renovate: true - next_survey_eligible_at: 2026-06-05 + next_survey_eligible_at: 2026-06-24 discovery_channel: collab private: false node_id: MDEwOlJlcG9zaXRvcnkzMDg1MzMxOTg= From 4197b3c4250174ffe3278ecb184c028a856de7d7 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 26 May 2026 01:48:38 -0700 Subject: [PATCH 50/77] feat(knowledge): survey marcusrbrown/esphome.life --- knowledge/index.md | 2 +- knowledge/log.md | 26 +++++++++++++++++++ knowledge/wiki/entities/esphome.md | 9 ++++--- .../wiki/repos/marcusrbrown--esphome-life.md | 24 +++++++++++++---- 4 files changed, 52 insertions(+), 9 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index bc028cd78..a6b3b0e07 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -15,7 +15,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`); Prettier-only CI, `bfra-me/.github` reusable workflows pinned at v4.16.20, Renovate preset on v4.5.9 (v4 holdout), no Fro Bot workflow yet - [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows -- [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life +- [[marcusrbrown--esphome-life]] — ESPHome firmware definitions for Olimex ESP32-PoE-ISO Bluetooth Proxies feeding [[marcusrbrown--ha-config]]; CI builds via `esphome/build-action@v7.2.0` + GitHub Pages deploy with ESP Web Tools; Renovate preset crossed v4 → v5 (`#5.2.0`), `bfra-me/.github` at v4.16.20; still no Fro Bot agent workflow; ESPHome 2025.12.7 pinned for 2+ months - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release publishing) - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) diff --git a/knowledge/log.md b/knowledge/log.md index 6f5fb3779..7ee0484e3 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1395,3 +1395,29 @@ Sources: https://github.com/marcusrbrown/.github (SHA 0b780fdba1b5b0ae6280aaaf28 Surveyed marcusrbrown/.github and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/.github + +## [2026-05-26 08:44] ingest | marcusrbrown/esphome.life + +Re-survey of `marcusrbrown/esphome.life` (SHA `fc5adc2`, up from `e398c2e`). Updated repo page `marcusrbrown--esphome-life.md`, bumped entity page `esphome.md` with new source/SHA, and refreshed the catalog entry in `index.md` (replaced placeholder description with a real summary). + +Delta from prior survey (SHA `e398c2e`, 2026-04-23): + +- **Renovate preset crossed the v4 → v5 boundary** on 2026-05-14 (PR #349): `marcusrbrown/renovate-config#4.5.1` → `#5.2.0`. Consistent with the v5 migration tracked on [[marcusrbrown--renovate-config]]. +- **`bfra-me/.github` reusable workflows:** v4.4.0 → v4.16.20 over a series of Renovate PRs (#341 through #355), now pinned at SHA `dc366698`. Affects both `renovate.yaml` and `update-repo-settings.yaml`. +- **`esphome/build-action`:** v7.1.0 → v7.2.0 in `ci.yaml`. Other CI action pins refreshed: `actions/checkout@v5.0.1`, `actions/upload-artifact@v5.0.0`, `actions/create-github-app-token@v2.2.2`, `actions/download-artifact@v6.0.0`. +- **Prettier:** 3.8.1 → 3.8.3 in `postUpgradeTasks` (PR #351). +- **Repo structure unchanged:** Same two device YAML files, same `packages/`, same `static/`, same `docs/` template artifact, same `.devcontainer.json` pinning `ptr727/esphome-nonroot:2025.12.7`. +- **ESPHome version pin frozen:** 2025.12.7 unchanged across four surveys spanning 2026-04 → 2026-05. Two-month quiet stretch for an actively-developed framework. Noted on `esphome.md`. +- **All commits Renovate-authored:** Every commit since the 2026-03-12 baseline has been a dependency bump merged by `mrbro-bot[bot]`. No human-authored changes to device configs, workflows, or static site. +- **Surfaced footgun:** `update-repo-settings.yaml` calls `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.20` — same reusable workflow path as `renovate.yaml`, rather than a settings-sync-specific workflow. Looks like a copy-paste leak. On its face the daily settings-sync cron would be running Renovate. Documented on the repo page as a follow-up; not patched in this ingest (working-dir mode, knowledge-only constraint). +- **Still no Fro Bot agent workflow.** Recommendation carried forward across four surveys. + +No contradictions with prior wiki content. All updates additive: new source/SHA entries, new survey-history row, refreshed action versions, footgun note, and a catalog summary replacing the placeholder text. + +Sources: https://github.com/marcusrbrown/esphome.life (SHA fc5adc212a7a1556bdaa9a1b30d3cf8a9e8cc584) + +## [2026-05-26 08:48] ingest | repo:marcusrbrown/esphome.life + +Surveyed marcusrbrown/esphome.life and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/esphome.life diff --git a/knowledge/wiki/entities/esphome.md b/knowledge/wiki/entities/esphome.md index 0e1bccbd5..b38cfce6d 100644 --- a/knowledge/wiki/entities/esphome.md +++ b/knowledge/wiki/entities/esphome.md @@ -2,11 +2,14 @@ type: entity title: ESPHome created: 2026-04-23 -updated: 2026-04-23 +updated: 2026-05-26 sources: - url: https://github.com/marcusrbrown/esphome.life sha: e398c2e1e3ef8c68717df26fd67a99b5c91410d7 accessed: 2026-04-23 + - url: https://github.com/marcusrbrown/esphome.life + sha: fc5adc212a7a1556bdaa9a1b30d3cf8a9e8cc584 + accessed: 2026-05-26 tags: [esphome, iot, esp32, firmware, home-assistant, bluetooth-proxy] aliases: [esphome, esphome-life] related: @@ -32,13 +35,13 @@ ESPHome is an open-source framework for configuring and building custom firmware - **Package-based device configs** — Thin per-device YAML files pull shared configuration from `packages/` via `github://` imports - **Ethernet-only devices** — All devices use wired Ethernet (LAN8720, ESP-IDF framework), no Wi-Fi — notable for Bluetooth Proxy reliability -- **CI build matrix** — Firmware builds triggered on push/PR via `esphome/build-action@v7.1.0` with ESPHome 2025.12.7 +- **CI build matrix** — Firmware builds triggered on push/PR via `esphome/build-action@v7.2.0` with ESPHome 2025.12.7 (as of 2026-05-26) - **GitHub Pages distribution** — Jekyll site with ESP Web Tools install button, `manifest.json` generated from CI build artifacts - **Devcontainer** — VS Code devcontainer using `ptr727/esphome-nonroot:2025.12.7` Docker image with ESPHome dashboard ## Version Pinning -ESPHome version is pinned across CI and devcontainer (currently 2025.12.7). The Renovate configuration tracks ESPHome across Docker images (`ptr727/esphome-nonroot`, `esphome/esphome`, `ghcr.io/esphome/esphome`) with loose versioning and semantic commit types. +ESPHome version is pinned across CI and devcontainer (currently 2025.12.7, unchanged across four surveys spanning 2026-04 → 2026-05). The Renovate configuration tracks ESPHome across Docker images (`ptr727/esphome-nonroot`, `esphome/esphome`, `ghcr.io/esphome/esphome`) with loose versioning and semantic commit types — but no major/minor bumps have arrived in two months, which is a long quiet stretch for an actively-developed framework. ## External Links diff --git a/knowledge/wiki/repos/marcusrbrown--esphome-life.md b/knowledge/wiki/repos/marcusrbrown--esphome-life.md index f55f6d30f..94946e8be 100644 --- a/knowledge/wiki/repos/marcusrbrown--esphome-life.md +++ b/knowledge/wiki/repos/marcusrbrown--esphome-life.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/esphome.life" created: 2026-04-18 -updated: 2026-04-23 +updated: 2026-05-26 sources: - url: https://github.com/marcusrbrown/esphome.life sha: e398c2e1e3ef8c68717df26fd67a99b5c91410d7 @@ -10,10 +10,14 @@ sources: - url: https://github.com/marcusrbrown/esphome.life sha: e398c2e1e3ef8c68717df26fd67a99b5c91410d7 accessed: 2026-04-23 + - url: https://github.com/marcusrbrown/esphome.life + sha: fc5adc212a7a1556bdaa9a1b30d3cf8a9e8cc584 + accessed: 2026-05-26 tags: [esphome, iot, esp32, bluetooth-proxy, home-assistant, firmware, github-pages] aliases: [esphome-life, esphome.life] related: - marcusrbrown--ha-config + - marcusrbrown--renovate-config --- # marcusrbrown/esphome.life @@ -25,7 +29,7 @@ ESPHome device configuration repository for Marcus R. Brown's IoT devices. Forke - **Purpose:** ESPHome device firmware definitions, CI-built and deployed to GitHub Pages - **Default branch:** `main` - **Created:** 2022-11-09 -- **Last push:** 2026-03-12 +- **Last push:** 2026-05-25 - **Visibility:** Public - **License:** None specified - **Topics:** _(none set)_ @@ -85,12 +89,20 @@ Defines the full device configuration: The CI workflow has four jobs: 1. **Prepare** — Outputs the list of YAML files to build (currently only `olimex-bluetooth-proxy-1349f4.yaml`) and the repo name -2. **Build firmware** — Matrix build using `esphome/build-action@v7.1.0` with ESPHome 2025.12.7. Uploads build artifacts +2. **Build firmware** — Matrix build using `esphome/build-action@v7.2.0` with ESPHome 2025.12.7. Uploads build artifacts 3. **Build** — Gate job (depends on firmware build, reports completion) 4. **Publish** — Only on `marcusrbrown/esphome.life`. Downloads artifacts, creates a combined `manifest.json`, copies static site files, deploys to `gh-pages` branch using `JamesIves/github-pages-deploy-action@v4.8.0` Publish uses a GitHub App token (`APPLICATION_ID` / `APPLICATION_PRIVATE_KEY` secrets) and commits as `mrbro-bot[bot]`. +All actions are SHA-pinned with version comments. As of 2026-05-26: `actions/checkout@v5.0.1`, `esphome/build-action@v7.2.0`, `actions/upload-artifact@v5.0.0`, `actions/create-github-app-token@v2.2.2`, `actions/download-artifact@v6.0.0`. + +### Reusable Workflow Pins + +Both `renovate.yaml` and `update-repo-settings.yaml` delegate to `bfra-me/.github` reusable workflows at v4.16.20 (SHA `dc36669...`). + +**Footgun (2026-05-26 survey):** `update-repo-settings.yaml` calls `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.20` — the same path used by the Renovate workflow, rather than a settings-specific reusable workflow. This looks like a copy-paste leak from when the workflow was last touched; on its face it means the daily settings-sync cron is running Renovate instead of a settings sync. Worth confirming against `bfra-me/.github` or filing as a follow-up issue. Documented here, not patched in this ingest. + ### Branch Protection Required status checks on `main`: `Prepare`, `Build`, `Publish`, `Renovate / Renovate`. Strict status checks enabled. Linear history enforced. Admin enforcement enabled. No required PR reviews. @@ -101,7 +113,7 @@ CI workflow uses concurrency group `${{ github.workflow }}-${{ github.event.numb ## Developer Tooling -- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.1`. Custom package rule tracks ESPHome across Docker images (`ptr727/esphome-nonroot`, `esphome/esphome`, `ghcr.io/esphome/esphome`) with loose versioning and semantic commit types. Post-upgrade runs `npx prettier@3.8.1`. +- **Renovate:** Extends [[marcusrbrown--renovate-config]] at `#5.2.0` (crossed the v4 → v5 boundary on 2026-05-14, PR #349). Custom package rule tracks ESPHome across Docker images (`ptr727/esphome-nonroot`, `esphome/esphome`, `ghcr.io/esphome/esphome`) with loose versioning and semantic commit types. Post-upgrade runs `npx prettier@3.8.3`. - **Devcontainer:** Uses `docker.io/ptr727/esphome-nonroot:2025.12.7` with ESPHome dashboard, verbose logging, `America/Phoenix` timezone. Forwards port 6052 (ESPHome native API). VS Code extensions include ESPHome, PlatformIO, Python, YAML, EditorConfig, Markdown lint, serial monitor, and spell checker. File associations map `*.yaml`/`*.yml` to ESPHome language mode (with exceptions for workflow/settings files). - **Probot Settings:** Extends `fro-bot/.github:common-settings.yaml`. Overrides description and branch protection. - **EditorConfig:** UTF-8, LF, 2-space indent, 120-char max line, trailing whitespace trimming. @@ -118,7 +130,7 @@ The site content (`static/index.md`) is minimal — the upstream template placeh **No Fro Bot agent workflow detected.** The repository does not contain a `fro-bot.yaml` workflow. It does extend `fro-bot/.github:common-settings.yaml` via Probot settings, confirming it is part of the Fro Bot-managed ecosystem. -A follow-up draft PR should be proposed to add the Fro Bot agent workflow for automated PR review and triage. +A follow-up draft PR should be proposed to add the Fro Bot agent workflow for automated PR review and triage. This recommendation has been carried forward across four surveys (2026-04-18, 2026-04-21, 2026-04-23, 2026-05-26). ## Notable Patterns @@ -127,6 +139,7 @@ A follow-up draft PR should be proposed to add the Fro Bot agent workflow for au - **Template heritage:** The repo was generated from `esphome/esphome-project-template`. Template artifacts remain in `docs/readme.md` and `static/index.md` without customization. - **Ethernet-only devices:** All devices use ESP32-PoE-ISO with LAN8720 Ethernet — no Wi-Fi. This is notable for a Bluetooth Proxy setup where wired backhaul provides more reliable connectivity. - **Git submodule consumer:** This repo is referenced as a submodule from [[marcusrbrown--ha-config]] at the `esphome/` path, linking ESPHome device firmware to the Home Assistant configuration. +- **Renovate-only commit log:** Every commit since the prior content change (2026-03-12) has been a Renovate dependency bump. No human-authored changes to device configs, workflows, or static site in over two months. ## Survey History @@ -135,3 +148,4 @@ A follow-up draft PR should be proposed to add the Fro Bot agent workflow for au | 2026-04-18 | `83784bc` (ha-config survey, cross-reference) | Initial cross-reference from [[marcusrbrown--ha-config]] survey | | 2026-04-21 | `e398c2e` | Full survey; documented device configs, CI pipeline, devcontainer, Probot/Renovate settings | | 2026-04-23 | `e398c2e` | Re-survey; no content changes detected — repo unchanged since 2026-03-12 | +| 2026-05-26 | `fc5adc2` | Renovate preset crossed v4 → v5 boundary (`#5.2.0`); `bfra-me/.github` v4.4.0 → v4.16.20; `esphome/build-action` v7.1.0 → v7.2.0 plus action SHA refreshes; Prettier 3.8.1 → 3.8.3. Surfaced `update-repo-settings.yaml` reusable-workflow-path footgun (calls `renovate.yaml` instead of a settings workflow). Still no Fro Bot agent workflow. | From d6a1f2623450a16dccecf0f0db0c607f402fa945 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 26 May 2026 01:48:40 -0700 Subject: [PATCH 51/77] chore(reconcile): record survey success for marcusrbrown/esphome.life --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 8611bf5a7..ae12712ce 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -62,11 +62,11 @@ repos: name: esphome.life added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-26 + last_survey_status: success has_fro_bot_workflow: false has_renovate: true - next_survey_eligible_at: 2026-06-05 + next_survey_eligible_at: 2026-06-25 discovery_channel: collab private: false node_id: R_kgDOIZmGgg From 2f567904267ca94ffdf20b8ceece65c0a38dc3fe Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 26 May 2026 01:50:11 -0700 Subject: [PATCH 52/77] feat(knowledge): survey marcusrbrown/extend-vscode --- knowledge/index.md | 4 +- knowledge/log.md | 33 +++++------ .../wiki/repos/marcusrbrown--extend-vscode.md | 55 ++++++++++++++++++- knowledge/wiki/topics/vscode-extensions.md | 2 +- 4 files changed, 70 insertions(+), 24 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index a6b3b0e07..a972a0ba3 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -15,8 +15,8 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`); Prettier-only CI, `bfra-me/.github` reusable workflows pinned at v4.16.20, Renovate preset on v4.5.9 (v4 holdout), no Fro Bot workflow yet - [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows -- [[marcusrbrown--esphome-life]] — ESPHome firmware definitions for Olimex ESP32-PoE-ISO Bluetooth Proxies feeding [[marcusrbrown--ha-config]]; CI builds via `esphome/build-action@v7.2.0` + GitHub Pages deploy with ESP Web Tools; Renovate preset crossed v4 → v5 (`#5.2.0`), `bfra-me/.github` at v4.16.20; still no Fro Bot agent workflow; ESPHome 2025.12.7 pinned for 2+ months -- [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release publishing) +- [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life +- [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release to Marketplace+OpenVSIX+npm); Renovate preset crossed v4→v5 (#5.2.0) on 2026-05-14, eslint v10 / jsdom v29 / eslint-plugin-node-dependencies v2 majors landed end of April, `typescript` v6 (#466) remains the sole pending major; **still no Fro Bot agent workflow** - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) diff --git a/knowledge/log.md b/knowledge/log.md index 7ee0484e3..f1d294c64 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1396,28 +1396,25 @@ Surveyed marcusrbrown/.github and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/.github -## [2026-05-26 08:44] ingest | marcusrbrown/esphome.life +## [2026-05-26 08:49] ingest | marcusrbrown/extend-vscode -Re-survey of `marcusrbrown/esphome.life` (SHA `fc5adc2`, up from `e398c2e`). Updated repo page `marcusrbrown--esphome-life.md`, bumped entity page `esphome.md` with new source/SHA, and refreshed the catalog entry in `index.md` (replaced placeholder description with a real summary). +Re-survey of `marcusrbrown/extend-vscode` (SHA `516a9eb4`, up from `b457a34f`). Updated repo page `marcusrbrown--extend-vscode.md`, bumped `updated` date on topic page `vscode-extensions.md`, refreshed `index.md` summary line. Added `marcusrbrown--renovate-config` to the repo page's `related` frontmatter. -Delta from prior survey (SHA `e398c2e`, 2026-04-23): +Delta from prior survey (SHA `b457a34f`, 2026-04-27): -- **Renovate preset crossed the v4 → v5 boundary** on 2026-05-14 (PR #349): `marcusrbrown/renovate-config#4.5.1` → `#5.2.0`. Consistent with the v5 migration tracked on [[marcusrbrown--renovate-config]]. -- **`bfra-me/.github` reusable workflows:** v4.4.0 → v4.16.20 over a series of Renovate PRs (#341 through #355), now pinned at SHA `dc366698`. Affects both `renovate.yaml` and `update-repo-settings.yaml`. -- **`esphome/build-action`:** v7.1.0 → v7.2.0 in `ci.yaml`. Other CI action pins refreshed: `actions/checkout@v5.0.1`, `actions/upload-artifact@v5.0.0`, `actions/create-github-app-token@v2.2.2`, `actions/download-artifact@v6.0.0`. -- **Prettier:** 3.8.1 → 3.8.3 in `postUpgradeTasks` (PR #351). -- **Repo structure unchanged:** Same two device YAML files, same `packages/`, same `static/`, same `docs/` template artifact, same `.devcontainer.json` pinning `ptr727/esphome-nonroot:2025.12.7`. -- **ESPHome version pin frozen:** 2025.12.7 unchanged across four surveys spanning 2026-04 → 2026-05. Two-month quiet stretch for an actively-developed framework. Noted on `esphome.md`. -- **All commits Renovate-authored:** Every commit since the 2026-03-12 baseline has been a dependency bump merged by `mrbro-bot[bot]`. No human-authored changes to device configs, workflows, or static site. -- **Surfaced footgun:** `update-repo-settings.yaml` calls `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.20` — same reusable workflow path as `renovate.yaml`, rather than a settings-sync-specific workflow. Looks like a copy-paste leak. On its face the daily settings-sync cron would be running Renovate. Documented on the repo page as a follow-up; not patched in this ingest (working-dir mode, knowledge-only constraint). -- **Still no Fro Bot agent workflow.** Recommendation carried forward across four surveys. +- **Renovate preset crossed v4 → v5 boundary** (PR #487, 2026-05-14): `marcusrbrown/renovate-config#4.5.0` → `#5.2.0`. extend-vscode is now on the v5 line documented in [[marcusrbrown--renovate-config]] (`group:allNonMajor` + 0.x ungrouping policy). This is the headline structural shift since the prior survey. +- **Three major-version PRs that had been pending since 2026-04-23 closed end of April:** `eslint` v10 (#467, 2026-04-30), `eslint-plugin-node-dependencies` v2 (#468, 2026-04-30), `jsdom` v29 (#469, 2026-04-29). Only `typescript` v6 (#466) remains outstanding as the sole pending major. +- **`tsup` pinning drift corrected** (#488, 2026-05-14): bumped from `^8.0.2` range to pinned `8.5.1`. The repo's devDependency block now uses exact pins uniformly — a useful invariant for future contributors. +- **Other patches merged 2026-04-29 → 2026-05-21:** Node.js → v24.16.0 (`.node-version`, #493), `eslint` → 10.4.0 (#492), `tsx` → 4.22.0 (#491), `@types/vscode` → 1.118.0 (#490, prior #483 → 1.116.0), `@playwright/test` → 1.60.0 (#489), `jiti` → 2.7.0 (#486), `eslint-plugin-no-only-tests` → 3.4.0 (#484), `jsdom` → 29.1.0 (#482). +- **Repository structure, build (tsup dual-target), CI workflows (six unchanged), publishing pipeline (Marketplace + OpenVSIX + npm via semantic-release), Probot settings (`fro-bot/.github:common-settings.yaml`), and branch protection (`Renovate / Renovate`, `Run Checks`, linear history, admin enforcement) all unchanged.** +- **Open issues:** 5 (#142, #162, #317–#319) — unchanged. **Open PRs:** 1 (#466, `typescript` v6). +- **Still no Fro Bot agent workflow.** Follow-up PR recommendation carried forward across now five+ surveys — extend-vscode and `marcusrbrown/.github` remain the two main holdouts in Marcus's portfolio without `fro-bot.yaml`. +- No contradictions with prior wiki content. All updates additive. -No contradictions with prior wiki content. All updates additive: new source/SHA entries, new survey-history row, refreshed action versions, footgun note, and a catalog summary replacing the placeholder text. +Sources: https://github.com/marcusrbrown/extend-vscode (SHA 516a9eb442f97212f45d890e65fb7d7642566206) -Sources: https://github.com/marcusrbrown/esphome.life (SHA fc5adc212a7a1556bdaa9a1b30d3cf8a9e8cc584) +## [2026-05-26 08:49] ingest | repo:marcusrbrown/extend-vscode -## [2026-05-26 08:48] ingest | repo:marcusrbrown/esphome.life - -Surveyed marcusrbrown/esphome.life and updated the control-plane wiki. +Surveyed marcusrbrown/extend-vscode and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/esphome.life +Sources: https://github.com/marcusrbrown/extend-vscode diff --git a/knowledge/wiki/repos/marcusrbrown--extend-vscode.md b/knowledge/wiki/repos/marcusrbrown--extend-vscode.md index ecb7ed76e..dc43b4c40 100644 --- a/knowledge/wiki/repos/marcusrbrown--extend-vscode.md +++ b/knowledge/wiki/repos/marcusrbrown--extend-vscode.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/extend-vscode" created: 2026-04-18 -updated: 2026-04-27 +updated: 2026-05-26 sources: - url: https://github.com/marcusrbrown/extend-vscode sha: a4dcbbb175828a60855053d778fd21903a3d73d6 @@ -28,10 +28,14 @@ sources: - url: https://github.com/marcusrbrown/extend-vscode sha: b457a34f032149b03dddaca99eacca14eac91367 accessed: 2026-04-27 + - url: https://github.com/marcusrbrown/extend-vscode + sha: 516a9eb442f97212f45d890e65fb7d7642566206 + accessed: 2026-05-26 tags: [vscode, vscode-extension, typescript, toolkit, tsup, vitest, semantic-release] aliases: [extend-vscode] related: - vscode-extensions + - marcusrbrown--renovate-config --- # marcusrbrown/extend-vscode @@ -43,12 +47,13 @@ Modular toolkit for building VS Code extensions. Provides typed abstractions for - **Purpose:** Reference extension + reusable toolkit for VS Code extension development - **Default branch:** `main` - **Created:** 2020-11-16 -- **Last push:** 2026-04-25 +- **Last push:** 2026-05-21 - **Version:** 0.1.0 (pre-release, semantic-release configured) - **License:** MIT - **Engine:** VS Code `^1.102.0` - **Topics:** `vscode`, `vscode-extension` - **Package manager:** pnpm 10.33.0 +- **Node target:** 24.16.0 (`.node-version`) ## Architecture @@ -138,7 +143,7 @@ Emergency rollback workflow supports per-platform rollback (all, npm-only, marke ## Dependency Management -- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.0` + `sanity-io/renovate-config` presets (semantic commits, security, lock-file maintenance). Patch updates disabled except for TypeScript. Post-upgrade runs: `pnpm bootstrap`, `pnpm build`, `pnpm fix` (x2). +- **Renovate:** Extends `marcusrbrown/renovate-config#5.2.0` + `sanity-io/renovate-config` presets (semantic commits, security, lock-file maintenance). Crossed the v4 → v5 boundary on 2026-05-14 (PR #487). Patch updates disabled except for TypeScript. GitHub Actions grouped except `bfra-me/*`. Post-upgrade runs: `pnpm bootstrap`, `pnpm build`, `pnpm fix` (x2). See [[marcusrbrown--renovate-config]]. - **Probot Settings:** Extends `fro-bot/.github:common-settings.yaml` (part of Fro Bot-managed ecosystem). - **Authentication:** Renovate and settings workflows use `APPLICATION_ID` + `APPLICATION_PRIVATE_KEY` secrets (GitHub App via `bfra-me/.github` reusable workflows). @@ -259,3 +264,47 @@ Open issues (5): #142 (Uplift `vscode-bash`), #162 (Dependency Dashboard), #317 Confirmed full dependency snapshot: `@bfra.me/eslint-config` 0.51.0, `@bfra.me/tsconfig` 0.13.0, `@playwright/test` 1.59.0, `@types/vscode` 1.115.0, `eslint` 9.39.0, `eslint-config-prettier` 10.1.1, `prettier` 3.8.0, `typescript` 5.9.3, `typescript-eslint` 8.59.0, `vitest` 4.1.0, `@vitest/coverage-v8` 4.1.0, `@vitest/ui` 4.1.0, `@vscode/vsce` 3.9.0, `tsup` ^8.0.2, `tsx` 4.21.0, `semantic-release` 25.0.1, `semantic-release-vsce` 6.1.0, `vscode-ext-gen` 1.6.0, `jsdom` 27.4.0, `type-fest` 5.6.0, `jiti` 2.6.1, `ovsx` 0.10.5. Package manager: pnpm 10.33.0. VS Code engine: `^1.102.0`. Node target: 18 (tsup). Renovate extends `marcusrbrown/renovate-config#4.5.0` + `sanity-io/renovate-config`. Probot settings extend `fro-bot/.github:common-settings.yaml`. **Still no Fro Bot agent workflow** — follow-up PR recommendation carried forward. Six workflows present: `main.yaml`, `publish.yaml`, `rollback.yaml`, `renovate.yaml`, `cache-cleanup.yaml`, `update-repo-settings.yaml`. + +### 2026-05-26 (SHA `516a9eb4` from `b457a34f`) + +Repo broke its dormancy: 12 commits merged between 2026-04-29 and 2026-05-21, all Renovate dependency bumps. No structural, architectural, or workflow changes. + +**Most significant change: Renovate preset crossed the v4 → v5 boundary** (PR #487, 2026-05-14): `marcusrbrown/renovate-config#4.5.0` → `#5.2.0`. This aligns extend-vscode with [[marcusrbrown--renovate-config]]'s v5 line (the `group:allNonMajor` + 0.x ungrouping policy). Cross-reference accordingly. + +Merged dependency changes since 2026-04-25: + +| PR | Date | Change | +| --- | --- | --- | +| #493 | 2026-05-21 | Node.js → v24.16.0 (`.node-version`) | +| #492 | 2026-05-18 | `eslint` → v10.4.0 | +| #491 | 2026-05-17 | `tsx` → v4.22.0 | +| #490 | 2026-05-15 | `@types/vscode` → v1.118.0 | +| #489 | 2026-05-14 | `@playwright/test` → v1.60.0 | +| #488 | 2026-05-14 | `tsup` pinned to 8.5.1 (from `^8.0.2` range) | +| #487 | 2026-05-14 | `marcusrbrown/renovate-config` → v5.2.0 (**major preset jump**) | +| #486 | 2026-05-09 | `jiti` → v2.7.0 | +| #485 | 2026-05-04 | `eslint` → v10.3.0 | +| #484 | 2026-05-02 | `eslint-plugin-no-only-tests` → v3.4.0 | +| #483 | 2026-05-01 | `@types/vscode` → v1.116.0 | +| #482 | 2026-04-30 | `jsdom` → v29.1.0 | +| #468 | 2026-04-30 | `eslint-plugin-node-dependencies` → v2 (major) | +| #467 | 2026-04-30 | `eslint` → v10 (major) | +| #469 | 2026-04-29 | `jsdom` → v29 (major) | + +Three of the four previously-pending majors closed: `eslint` v10, `eslint-plugin-node-dependencies` v2, `jsdom` v29. The remaining outstanding major is `typescript` v6 (#466) — still pending, now the sole holdout. + +Confirmed dependency snapshot at HEAD: + +- Runtime: pnpm 10.33.0, Node 24.16.0, VS Code engine `^1.102.0` +- Core: `typescript` 5.9.3, `tsup` 8.5.1 (now pinned, not ranged), `vitest` 4.1.0, `@vitest/coverage-v8` 4.1.0, `@vitest/ui` 4.1.0 +- Lint: `eslint` 10.4.0 (v10 line stabilized), `typescript-eslint` 8.59.0, `@bfra.me/eslint-config` 0.51.0, `eslint-plugin-node-dependencies` 2.2.0, `eslint-plugin-no-only-tests` 3.4.0, `prettier` 3.8.0 +- VS Code tooling: `@types/vscode` 1.118.0, `@vscode/vsce` 3.9.0, `@vscode/test-electron` 2.5.2, `@vscode/test-web` 0.0.67, `vscode-ext-gen` 1.6.0 +- Publishing: `semantic-release` 25.0.1, `semantic-release-vsce` 6.1.0, `ovsx` 0.10.5 +- Testing: `@playwright/test` 1.60.0, `jsdom` 29.1.0 +- Build helpers: `tsx` 4.22.0, `jiti` 2.7.0, `type-fest` 5.6.0 + +Repo metadata: 1 star, 1 watcher, not archived, not forked. Open issues: 5 (#142 Uplift `vscode-bash`, #162 Dependency Dashboard, #317–#319 Advanced Testing Infrastructure Phases 3–5). Open PRs: 1 (#466, `typescript` v6 — pending). + +**Footgun observation:** `tsup` was previously declared with a `^8.0.2` semver range while every other devDependency was pinned exactly. PR #488 corrected the drift to `8.5.1`. The repo now has a consistent pin-exact policy across all devDependencies — useful invariant to preserve if a future contributor adds a new devDep. + +**Still no Fro Bot agent workflow** — follow-up PR recommendation carried forward (now ~6 weeks open across surveys). Six workflows present, unchanged: `main.yaml`, `publish.yaml`, `rollback.yaml`, `renovate.yaml`, `cache-cleanup.yaml`, `update-repo-settings.yaml`. Probot settings still extend `fro-bot/.github:common-settings.yaml`; branch protection (`Renovate / Renovate`, `Run Checks`, linear history, admin enforcement) unchanged. diff --git a/knowledge/wiki/topics/vscode-extensions.md b/knowledge/wiki/topics/vscode-extensions.md index 7107b75fa..4233595fc 100644 --- a/knowledge/wiki/topics/vscode-extensions.md +++ b/knowledge/wiki/topics/vscode-extensions.md @@ -2,7 +2,7 @@ type: topic title: VS Code Extension Development created: 2026-04-18 -updated: 2026-04-27 +updated: 2026-05-26 tags: [vscode, vscode-extension, typescript, extension-development] related: - marcusrbrown--extend-vscode From 559d3e256076f2dc31f4e311a9ed3e8f5ab8feb0 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Tue, 26 May 2026 01:50:13 -0700 Subject: [PATCH 53/77] chore(reconcile): record survey success for marcusrbrown/extend-vscode --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index ae12712ce..4f1060b91 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -74,11 +74,11 @@ repos: name: extend-vscode added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-26 + last_survey_status: success has_fro_bot_workflow: false has_renovate: true - next_survey_eligible_at: 2026-06-06 + next_survey_eligible_at: 2026-06-28 discovery_channel: collab private: false node_id: MDEwOlJlcG9zaXRvcnkzMTMzNjg1OTU= From 21c0d4fbb51a5d27629dad270ddd47f76d2811ac Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 01:58:48 -0700 Subject: [PATCH 54/77] feat(knowledge): survey marcusrbrown/gpt --- knowledge/index.md | 2 +- knowledge/log.md | 24 ++++++++++++ knowledge/wiki/repos/marcusrbrown--gpt.md | 48 +++++++++++++---------- knowledge/wiki/topics/langchain.md | 6 ++- 4 files changed, 58 insertions(+), 22 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index a972a0ba3..9ffe0471f 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -17,7 +17,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows - [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release to Marketplace+OpenVSIX+npm); Renovate preset crossed v4→v5 (#5.2.0) on 2026-05-14, eslint v10 / jsdom v29 / eslint-plugin-node-dependencies v2 majors landed end of April, `typescript` v6 (#466) remains the sole pending major; **still no Fro Bot agent workflow** -- [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) +- [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 8.0.14, LangChain.js 1.4.2 / `@langchain/core` 1.1.48, MCP 1.29, IndexedDB via Dexie, Web Crypto AES-GCM/PBKDF2; deployed to gpt.mrbro.dev). Fro Bot agent v0.45.0 on consolidated three-mode single-file workflow; Renovate preset crossed v4→v5.2.0 on 2026-05-13 - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) - [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) diff --git a/knowledge/log.md b/knowledge/log.md index f1d294c64..730a7b28d 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1418,3 +1418,27 @@ Sources: https://github.com/marcusrbrown/extend-vscode (SHA 516a9eb442f97212f45d Surveyed marcusrbrown/extend-vscode and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/extend-vscode + +## [2026-05-27 06:00] ingest | marcusrbrown/gpt + +Incremental re-survey of `marcusrbrown/gpt` (SHA `aac01035`, up from `0bb8eed` on 2026-04-24). Updated repo page `marcusrbrown--gpt.md`, topic page `langchain.md`, and `index.md` summary line. No new topic/entity/comparison pages created — existing pages absorb the delta. + +Delta from prior survey (SHA `0bb8eed`, 2026-04-24): + +- **Renovate preset crossed v4 → v5 boundary** (PR #2435, 2026-05-13): `marcusrbrown/renovate-config#4.5.8` → `#5.2.0`. gpt joins extend-vscode, dotfiles, and other portfolio repos on the v5 line (`group:allNonMajor` + 0.x ungrouping policy from [[marcusrbrown--renovate-config]]). +- **Fro Bot agent advanced through 8 releases:** v0.41.4 → v0.42.5/.6/.7/.8/.9/.10 → v0.43.0/.1/.3 → v0.44.3 → v0.45.0 (SHA `8aac0fc36437a6c871321fa3389033c8262504b7`). PRs #2374, #2377, #2383, #2396, #2420, #2428, #2429, #2449, #2454, #2465. +- **Workflow consolidation:** `fro-bot-autoheal.yaml` folded into `fro-bot.yaml` as an `autoheal` mode. The single workflow now handles all three modes (review / maintenance / autoheal) via `workflow_dispatch` input + dual cron schedules (03:30 UTC autoheal, 15:30 UTC maintenance). Matches the three-mode single-file pattern in [[marcusrbrown--marcusrbrown-github-io]]. +- **LangChain.js monorepo bumps:** `langchain` 1.3.3 → 1.4.2, `@langchain/core` 1.1.48 newly enumerated, `@langchain/openai` 1.4.4 → 1.4.7, `@langchain/anthropic` 1.3.26 → 1.4.0, `@langchain/langgraph` 1.2.9 → 1.3.2. Updated [[langchain]] topic page to position gpt as the modern 1.x reference consumer (contrast with copiloting's pre-modular 0.0.212 pin). +- **Build/lint stack patches:** Vite 8.0.9 → 8.0.14, TailwindCSS 4.2.2 → 4.3.0, React Router 7.14.1 → 7.15.1, Zod 4.3.6 → 4.4.3, Vitest 4.1.4 → 4.1.7, `@vitest/eslint-plugin` 1.6.18 newly added (#2480), ESLint 10.2.1 → 10.4.0, `@bfra.me/prettier-config` → 0.16.9, `@bfra.me/tsconfig` → 0.13.1, `@typescript/native-preview` → 7.0.0-dev.20260523.1, Playwright 1.59.1 → 1.60.0. +- **Toolchain bumps:** Node 24.15.0 → 24.16.0 (#2468), pnpm 10.33.0 → 10.33.4 (#2402, #2412), `bfra-me/.github` reusable workflows v4.16.8 → v4.16.19 (#2379, #2395, #2419, #2433, #2434, #2466), `actions/create-github-app-token` v3.2.0 (#2430), Renovate preset preliminary bump to v4.5.9 (#2368) before the v5 cross. +- **Repository structure, application architecture, RFC set (13), `BaseLLMProvider` abstraction, CSP, IndexedDB/Web Crypto layer, AGENTS.md hierarchy, and Probot settings all unchanged.** No new source files, no new directories, no behavior-affecting code changes — exclusively dependency hygiene and the workflow consolidation. +- **Open issues:** 21 (down from 30). **Open PRs:** 3 (long-running #2165 HeroUI v3 migration, #2320 React monorepo, #2440 `@bfra.me/eslint-config` v0.51.1). +- No contradictions with prior wiki content. All updates additive. + +Sources: https://github.com/marcusrbrown/gpt (SHA aac010356a3e0d7fd21a5883b98d0cdf6229ed60) + +## [2026-05-27 08:58] ingest | repo:marcusrbrown/gpt + +Surveyed marcusrbrown/gpt and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/gpt diff --git a/knowledge/wiki/repos/marcusrbrown--gpt.md b/knowledge/wiki/repos/marcusrbrown--gpt.md index 2c88b4d8b..12341df6c 100644 --- a/knowledge/wiki/repos/marcusrbrown--gpt.md +++ b/knowledge/wiki/repos/marcusrbrown--gpt.md @@ -2,8 +2,11 @@ type: repo title: "marcusrbrown/gpt" created: 2026-04-18 -updated: 2026-04-24 +updated: 2026-05-27 sources: + - url: https://github.com/marcusrbrown/gpt + sha: aac010356a3e0d7fd21a5883b98d0cdf6229ed60 + accessed: 2026-05-27 - url: https://github.com/marcusrbrown/gpt sha: 0bb8eedf6e23bfb5715d127763fd864ab7da72cd accessed: 2026-04-24 @@ -26,29 +29,29 @@ Local-first, privacy-focused GPT creation and management platform. Mirrors core - **Purpose:** Create, customize, and interact with AI assistants locally - **Default branch:** `main` - **Created:** 2023-12-01 -- **Last push:** 2026-04-23 +- **Last push:** 2026-05-27 - **Homepage:** https://gpt.mrbro.dev (GitHub Pages) - **License:** MIT - **Topics:** `gpt`, `transformers`, `nlp`, `chatgpt`, `gpt-4` -- **Node.js:** 24.15.0 (`.tool-versions`) -- **Package manager:** pnpm 10.33.0 +- **Node.js:** 24.16.0 (`.tool-versions`) — bumped from 24.15.0 on 2026-05-19 (PR #2468) +- **Package manager:** pnpm 10.33.4 — bumped from 10.33.0 via PRs #2402, #2412 ## Tech Stack | Layer | Technology | Notes | | --- | --- | --- | | Framework | React 19.2.5, TypeScript 5.9.3 | Strict mode, `@/` import alias | -| Build | Vite 8.0.9, `@vitejs/plugin-react-swc` | `tsgo` (`@typescript/native-preview` 7.0.0-dev) for type-checking | -| Styling | TailwindCSS 4.2.2, HeroUI 2.8.10 | Semantic design tokens only, no hardcoded colors | +| Build | Vite 8.0.14, `@vitejs/plugin-react-swc` 4.3.1 | `tsgo` (`@typescript/native-preview` 7.0.0-dev.20260523.1) for type-checking | +| Styling | TailwindCSS 4.3.0, HeroUI 2.8.10 | Semantic design tokens only, no hardcoded colors | | Storage | IndexedDB via Dexie 4.4.2 | Local-first; no localStorage for structured data | | Security | Web Crypto API (AES-GCM, PBKDF2) | Client-side encryption for API keys | -| AI | LangChain 1.3.3, `@langchain/openai` 1.4.4, `@langchain/anthropic` 1.3.26, `@langchain/langgraph` 1.2.9 | Provider-abstracted via `BaseLLMProvider` | +| AI | LangChain 1.4.2, `@langchain/core` 1.1.48, `@langchain/openai` 1.4.7, `@langchain/anthropic` 1.4.0, `@langchain/langgraph` 1.3.2 | Provider-abstracted via `BaseLLMProvider` | | MCP | `@modelcontextprotocol/sdk` 1.29.0 | Tool integration via Model Context Protocol | | Editor | Monaco Editor (`@monaco-editor/react` 4.7.0) | In-app code/prompt editing | -| Routing | React Router DOM 7.14.1 | Route-level lazy loading | -| Validation | Zod 4.3.6 | Zod-first: define schema, infer type | -| Testing | Vitest 4.1.4, Playwright 1.59.1, axe-core | Unit, E2E, accessibility, visual, performance | -| Linting | ESLint 10.2.1, `@bfra.me/eslint-config` 0.50.1, Prettier 3.8.3 | `@bfra.me/prettier-config/120-proof` (120-char lines) | +| Routing | React Router DOM 7.15.1 | Route-level lazy loading | +| Validation | Zod 4.4.3 | Zod-first: define schema, infer type | +| Testing | Vitest 4.1.7, `@vitest/eslint-plugin` 1.6.18, Playwright 1.60.0, axe-core | Unit, E2E, accessibility, visual, performance | +| Linting | ESLint 10.4.0, `@bfra.me/eslint-config` 0.50.1, Prettier 3.8.3 | `@bfra.me/prettier-config/120-proof` (120-char lines); `@bfra.me/tsconfig` 0.13.1 | ## Architecture @@ -126,9 +129,8 @@ Deno Jupyter notebooks in `notebooks/agents/`: | Workflow | File | Trigger | Purpose | | --- | --- | --- | --- | | Main | `main.yaml` | push/PR to `main`, dispatch | Lint + test + build + deploy | -| Fro Bot | `fro-bot.yaml` | PR, issues, comments, schedule, dispatch | AI PR review, triage, daily maintenance | -| Fro Bot Autoheal | `fro-bot-autoheal.yaml` | daily cron (03:30 UTC), dispatch | Automated repo healing (fix failing PRs, security, code quality) | -| Renovate | `renovate.yaml` | — | Dependency updates | +| Fro Bot | `fro-bot.yaml` | PR, issues, comments, schedule (03:30 + 15:30 UTC), dispatch | Three-mode single-file workflow: review / maintenance / autoheal | +| Renovate | `renovate.yaml` | — | Dependency updates (via `bfra-me/.github` reusable workflow) | | Update Repo Settings | `update-repo-settings.yaml` | push to `main`, schedule, dispatch | Probot settings sync | | Test Coverage | `test-coverage.yaml` | — | Coverage reporting | | Test Accessibility | `test-accessibility.yaml` | — | WCAG 2.1 AA audit | @@ -138,6 +140,8 @@ Deno Jupyter notebooks in `notebooks/agents/`: | Copilot Setup | `copilot-setup-steps.yaml` | — | GitHub Copilot coding agent bootstrap | | E2E Tests | `test-e2e.yaml.disabled` | — | E2E tests (currently disabled) | +**Note:** The prior `fro-bot-autoheal.yaml` has been folded into `fro-bot.yaml` as an `autoheal` mode (PR review → `pull_request`, maintenance/autoheal → cron). This matches the consolidated three-mode pattern adopted across the ecosystem. + ### Main CI Jobs The main workflow runs four jobs after a `Prepare` step: @@ -161,7 +165,7 @@ Vite build injects a CSP `` tag restricting: ## Developer Tooling -- **Renovate:** Extends `marcusrbrown/renovate-config#4.5.8`. Groups LangChain.js monorepo packages. Automerges unstable minor updates of `lucide-react` (monthly) and select LangChain/TailwindCSS packages. Post-upgrade runs bootstrap, fix, and build. +- **Renovate:** Extends `marcusrbrown/renovate-config#5.2.0` — **crossed the v4 → v5 boundary on 2026-05-13 (PR #2435)**. Groups LangChain.js monorepo packages. Automerges unstable minor updates of `lucide-react` (monthly) and select LangChain/TailwindCSS packages via `bfra-me/renovate-config:automerge.json5#5.2.1`. Post-upgrade runs bootstrap, fix, and build. `pnpm.overrides` pins `fast-uri>=3.1.2`, `langsmith>=0.6.0`, `path-to-regexp>=8.4.0`. - **Probot Settings:** Extends `fro-bot/.github:common-settings.yaml` for repository configuration sync. - **Git Hooks:** `simple-git-hooks` with `lint-staged` running ESLint with auto-fix on staged files. - **AGENTS.md hierarchy:** Root AGENTS.md plus directory-level guides in `src/`, `tests/`, `scripts/`, `notebooks/`, `docs/`, `.github/`, `RFCs/`, `.ai/`. Comprehensive conventions for AI-assisted development. @@ -178,7 +182,7 @@ Vite build injects a CSP `` tag restricting: - Issue/discussion triage (triggered by `@fro-bot` mention from OWNER/MEMBER/COLLABORATOR) - Daily maintenance (15:30 UTC cron → rolling "Daily Maintenance Report" issue) - Manual dispatch with custom prompts - - Uses `fro-bot/agent@v0.41.4` + - Uses `fro-bot/agent@v0.45.0` (SHA `8aac0fc36437a6c871321fa3389033c8262504b7`) as of 2026-05-27 — bumped through v0.42.x → v0.43.x → v0.44.3 → v0.45.0 over the survey window 2. **`fro-bot-autoheal.yaml`** — Daily autohealing (03:30 UTC cron): - Fixes failing CI on open PRs @@ -188,7 +192,9 @@ Vite build injects a CSP `` tag restricting: - Quality gate verification (lint, test, build, accessibility, E2E) - Output: single "Daily Autohealing Report" issue -Both workflows use `fro-bot/agent@v0.41.4` (SHA `28bcadbf44a59f8d6d2544b5db0d9735d7ad2aca`) with `OPENCODE_AUTH_JSON`, `FRO_BOT_PAT`, `FRO_BOT_MODEL`, and `OMO_PROVIDERS` secrets/vars. +Both workflows use `fro-bot/agent@v0.45.0` (SHA `8aac0fc36437a6c871321fa3389033c8262504b7`) with `OPENCODE_AUTH_JSON`, `FRO_BOT_PAT`, `FRO_BOT_MODEL`, and `OMO_PROVIDERS` secrets/vars. + +**Note (2026-05-27 survey):** The two-workflow split observed in prior surveys has consolidated. `fro-bot.yaml` now handles all three modes (review / maintenance / autoheal) via a single `workflow_dispatch` `mode` input plus dual cron schedules (03:30 UTC autoheal, 15:30 UTC maintenance). The standalone `fro-bot-autoheal.yaml` is no longer present in the workflow directory — this aligns with the three-mode single-file pattern documented in [[marcusrbrown--marcusrbrown-github-io]] and other recent ecosystem updates. ## Conventions (from AGENTS.md) @@ -213,9 +219,10 @@ Both workflows use `fro-bot/agent@v0.41.4` (SHA `28bcadbf44a59f8d6d2544b5db0d973 ## Open Work Items -- **PR #2165** — HeroUI v2 → v3 migration (authored by `fro-bot`, open since before 2026-04-18) -- **PR #2320** — `eslint-plugin-react-hooks` v7.1.1 (Renovate, pending) -- **30 open issues** (as of 2026-04-24) +- **PR #2165** — HeroUI v2 → v3 migration (authored by `fro-bot`, still open as of 2026-05-27 — long-running) +- **PR #2320** — `fix(dev): update react monorepo` (Renovate, still pending) +- **PR #2440** — `@bfra.me/eslint-config` v0.51.1 (Renovate) +- **21 open issues** (down from 30 as of 2026-04-24) ## Survey History @@ -223,3 +230,4 @@ Both workflows use `fro-bot/agent@v0.41.4` (SHA `28bcadbf44a59f8d6d2544b5db0d973 | --- | --- | --- | | 2026-04-18 | `60bd62e` | Initial survey | | 2026-04-24 | `0bb8eed` | Dependency-only delta: `fro-bot/agent` v0.40.2→v0.41.4, `vite` 8.0.8→8.0.9, `@langchain/langgraph` 1.2.8→1.2.9, `eslint` 10.2.0→10.2.1, `uuid` v14 security patch, `@typescript/native-preview` 7.0.0-dev.20260419.1, `actions/setup-node` v6.4.0, `bfra-me/.github` v4.16.8. No structural or application code changes. | +| 2026-05-27 | `aac0103` | Five-week delta. **Renovate preset crossed v4 → v5.2.0 boundary (#2435, 2026-05-13).** `fro-bot/agent` advanced through 8 versions: v0.41.4 → v0.42.5/.6/.7/.8/.9/.10 → v0.43.0/.1/.3 → v0.44.3 → v0.45.0. Workflow consolidation: `fro-bot-autoheal.yaml` folded into `fro-bot.yaml` as `autoheal` mode (three-mode single-file pattern). Vite 8.0.9 → 8.0.14; LangChain monorepo bumps (`langchain` → 1.4.2, `@langchain/core` → 1.1.48, `@langchain/openai` → 1.4.7, `@langchain/anthropic` → 1.4.0, `@langchain/langgraph` → 1.3.2); TailwindCSS 4.2.2 → 4.3.0; React Router 7.14.1 → 7.15.1; Zod 4.3.6 → 4.4.3; Vitest 4.1.4 → 4.1.7; `@vitest/eslint-plugin` 1.6.18 newly added; ESLint 10.2.1 → 10.4.0; `@bfra.me/prettier-config` → 0.16.9; `@bfra.me/tsconfig` → 0.13.1; Node 24.15.0 → 24.16.0; pnpm 10.33.0 → 10.33.4; `@typescript/native-preview` advanced to 7.0.0-dev.20260523.1; `bfra-me/.github` updated through v4.16.12 → v4.16.19. No structural or application-code changes — exclusively dependency hygiene and workflow consolidation. | diff --git a/knowledge/wiki/topics/langchain.md b/knowledge/wiki/topics/langchain.md index 3fcf2e672..0557f03ef 100644 --- a/knowledge/wiki/topics/langchain.md +++ b/knowledge/wiki/topics/langchain.md @@ -2,10 +2,11 @@ type: topic title: LangChain created: 2026-04-18 -updated: 2026-04-18 +updated: 2026-05-27 tags: [langchain, llm, ai, python, typescript] related: - marcusrbrown--copiloting + - marcusrbrown--gpt --- # LangChain @@ -15,6 +16,7 @@ LLM application framework available in Python and TypeScript. Used across the Fr ## Repos Using LangChain - [[marcusrbrown--copiloting]] — Polyglot monorepo with LangChain-based tutorials (TS), course sections (Python), and a Flask + SvelteKit PDF chat app using LangChain chains, retrievers, memory, and embeddings. +- [[marcusrbrown--gpt]] — Production React 19 app on the modern LangChain.js 1.x line (`langchain` 1.4.2, `@langchain/core` 1.1.48, `@langchain/openai` 1.4.7, `@langchain/anthropic` 1.4.0, `@langchain/langgraph` 1.3.2). All LangChain access is gated through a `BaseLLMProvider` abstraction — UI code never imports LangChain or LLM SDKs directly. Renovate groups the entire `langchain-ai/langchainjs` monorepo into a single `langchainjs-monorepo` PR and automerges unstable minor/patch updates of `@langchain/**` and `langchain`. ## Version Notes @@ -28,6 +30,8 @@ In [[marcusrbrown--copiloting]], the Python side uses `langchain ^1.2` with `lan The root `package.json` in [[marcusrbrown--copiloting]] pins `langchain` at `0.0.212` — a very early version. The `tutorials/quickstart-llms.ts` script uses this. This version predates the modular restructuring and may have significantly different APIs from the Python side. +By contrast, [[marcusrbrown--gpt]] is the ecosystem's reference point for the **modern LangChain.js 1.x line**: `langchain` 1.4.2 with split `@langchain/core`, `@langchain/openai`, `@langchain/anthropic`, and `@langchain/langgraph` packages. The two TS consumers are ~5 major-version generations apart — copiloting still demonstrates the pre-modular API while gpt runs the post-split modular architecture. Migration paths from `0.0.x` to `1.x` are non-trivial and not yet attempted in copiloting. + ## Migration Patterns The langchain 0.2+ migration requires changing import paths from the monolithic `langchain` package to provider-specific packages: From 97b86aa22448aa5bed69dff22c0aaeea82e7baf9 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 01:58:50 -0700 Subject: [PATCH 55/77] chore(reconcile): record survey success for marcusrbrown/gpt --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 4f1060b91..5abfedd67 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -86,11 +86,11 @@ repos: name: gpt added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-27 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-07 + next_survey_eligible_at: 2026-06-27 discovery_channel: collab private: false node_id: R_kgDOK0Z5CA From 028abe5a020348a3737a3a61e8b285a7e303ac2d Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 01:59:18 -0700 Subject: [PATCH 56/77] feat(knowledge): survey marcusrbrown/infra --- knowledge/index.md | 4 +- knowledge/log.md | 38 ++++++---- knowledge/wiki/repos/marcusrbrown--infra.md | 83 ++++++++++++++++----- knowledge/wiki/topics/github-actions-ci.md | 11 +-- 4 files changed, 94 insertions(+), 42 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 9ffe0471f..787760782 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -17,9 +17,9 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows - [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release to Marketplace+OpenVSIX+npm); Renovate preset crossed v4→v5 (#5.2.0) on 2026-05-14, eslint v10 / jsdom v29 / eslint-plugin-node-dependencies v2 majors landed end of April, `typescript` v6 (#466) remains the sole pending major; **still no Fro Bot agent workflow** -- [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 8.0.14, LangChain.js 1.4.2 / `@langchain/core` 1.1.48, MCP 1.29, IndexedDB via Dexie, Web Crypto AES-GCM/PBKDF2; deployed to gpt.mrbro.dev). Fro Bot agent v0.45.0 on consolidated three-mode single-file workflow; Renovate preset crossed v4→v5.2.0 on 2026-05-13 +- [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) - [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) -- [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, operational CLI with MCP bridge) +- [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, Fro Bot Discord gateway, operational CLI with MCP bridge); 12 workflows, CLI v0.7.0, Fro Bot agent v0.44.3, Renovate preset v5.2.0, TypeScript 6, ESLint 10 - [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections; Fro Bot single-file three-mode workflow at agent v0.44.0, v0.44.1 in flight) - [[marcusrbrown--mrbro-dev]] — Marcus's developer portfolio (React 19, TypeScript, Vite 7, GitHub Pages at mrbro.dev, advanced theme system, Fro Bot agent + autoheal) diff --git a/knowledge/log.md b/knowledge/log.md index 730a7b28d..b62312631 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1419,26 +1419,32 @@ Surveyed marcusrbrown/extend-vscode and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/extend-vscode -## [2026-05-27 06:00] ingest | marcusrbrown/gpt +## [2026-05-27 08:58] ingest | marcusrbrown/infra -Incremental re-survey of `marcusrbrown/gpt` (SHA `aac01035`, up from `0bb8eed` on 2026-04-24). Updated repo page `marcusrbrown--gpt.md`, topic page `langchain.md`, and `index.md` summary line. No new topic/entity/comparison pages created — existing pages absorb the delta. +Incremental survey of `marcusrbrown/infra` at SHA `2f9bafd6cdb03d9ed28ee336d99d5f7bf09a3dfb` (push 2026-05-26). Updated repo page `marcusrbrown--infra.md` and topic page `github-actions-ci.md`. Updated `index.md` catalog entry. No new pages created — existing `github-actions-ci.md` already captures the split-deploy pattern and conventions-test pattern this repo pioneered. -Delta from prior survey (SHA `0bb8eed`, 2026-04-24): +Delta from prior survey (SHA `938fa7c`, 2026-04-27): -- **Renovate preset crossed v4 → v5 boundary** (PR #2435, 2026-05-13): `marcusrbrown/renovate-config#4.5.8` → `#5.2.0`. gpt joins extend-vscode, dotfiles, and other portfolio repos on the v5 line (`group:allNonMajor` + 0.x ungrouping policy from [[marcusrbrown--renovate-config]]). -- **Fro Bot agent advanced through 8 releases:** v0.41.4 → v0.42.5/.6/.7/.8/.9/.10 → v0.43.0/.1/.3 → v0.44.3 → v0.45.0 (SHA `8aac0fc36437a6c871321fa3389033c8262504b7`). PRs #2374, #2377, #2383, #2396, #2420, #2428, #2429, #2449, #2454, #2465. -- **Workflow consolidation:** `fro-bot-autoheal.yaml` folded into `fro-bot.yaml` as an `autoheal` mode. The single workflow now handles all three modes (review / maintenance / autoheal) via `workflow_dispatch` input + dual cron schedules (03:30 UTC autoheal, 15:30 UTC maintenance). Matches the three-mode single-file pattern in [[marcusrbrown--marcusrbrown-github-io]]. -- **LangChain.js monorepo bumps:** `langchain` 1.3.3 → 1.4.2, `@langchain/core` 1.1.48 newly enumerated, `@langchain/openai` 1.4.4 → 1.4.7, `@langchain/anthropic` 1.3.26 → 1.4.0, `@langchain/langgraph` 1.2.9 → 1.3.2. Updated [[langchain]] topic page to position gpt as the modern 1.x reference consumer (contrast with copiloting's pre-modular 0.0.212 pin). -- **Build/lint stack patches:** Vite 8.0.9 → 8.0.14, TailwindCSS 4.2.2 → 4.3.0, React Router 7.14.1 → 7.15.1, Zod 4.3.6 → 4.4.3, Vitest 4.1.4 → 4.1.7, `@vitest/eslint-plugin` 1.6.18 newly added (#2480), ESLint 10.2.1 → 10.4.0, `@bfra.me/prettier-config` → 0.16.9, `@bfra.me/tsconfig` → 0.13.1, `@typescript/native-preview` → 7.0.0-dev.20260523.1, Playwright 1.59.1 → 1.60.0. -- **Toolchain bumps:** Node 24.15.0 → 24.16.0 (#2468), pnpm 10.33.0 → 10.33.4 (#2402, #2412), `bfra-me/.github` reusable workflows v4.16.8 → v4.16.19 (#2379, #2395, #2419, #2433, #2434, #2466), `actions/create-github-app-token` v3.2.0 (#2430), Renovate preset preliminary bump to v4.5.9 (#2368) before the v5 cross. -- **Repository structure, application architecture, RFC set (13), `BaseLLMProvider` abstraction, CSP, IndexedDB/Web Crypto layer, AGENTS.md hierarchy, and Probot settings all unchanged.** No new source files, no new directories, no behavior-affecting code changes — exclusively dependency hygiene and the workflow consolidation. -- **Open issues:** 21 (down from 30). **Open PRs:** 3 (long-running #2165 HeroUI v3 migration, #2320 React monorepo, #2440 `@bfra.me/eslint-config` v0.51.1). -- No contradictions with prior wiki content. All updates additive. +- **Major new app: `apps/gateway/`** (Fro Bot Discord client + workspace runner + mitmproxy stack at `gateway.fro.bot`, added #264 on 2026-05-18). Upstream `fro-bot/agent` pinned via `apps/gateway/upstream.json` at `v0.44.2`. Three-service Docker Compose deployment. Secrets materialized via SSH stdin only (never argv); checksum-after-success invariant in `/opt/gateway/.secrets-checksum` prevents silent stale-credential states. Discord registration poll has ~90s budget with 429-aware backoff and token-sanitized error surfaces. +- **New `packages/shared/`** (#290, 2026-05-23): shared DigitalOcean droplet helpers (`ssh`, `scp`, `validateDoctl`, `dropletExists`, `pinHostKeys`, etc.) consumed by `apps/cliproxy` and `apps/gateway` provision scripts. Private (`@marcusrbrown/infra-shared`, never published). +- **New workflow** `deploy-gateway.yaml` — third per-app deploy workflow in the split pipeline pattern (12 workflows total, up from 11). The thin `deploy.yaml` orchestrator now coordinates all three apps. +- **Fro Bot agent** v0.42.2 → v0.44.3 across multiple bumps (#251, #252, #274, #281, #282). +- **Renovate preset:** v4 → v5 major boundary crossed at 2026-05-17 (#242). Now extends `marcusrbrown/renovate-config#5.2.0` + `group:allNonMajor` for safer grouping. +- **Major dependency bumps:** TypeScript 6.0.3, ESLint 10.4.0, `@bfra.me/eslint-config` 0.51.1, `@bfra.me/tsconfig` 0.13.1, Changesets 2.31.0. +- **CLI v0.4.6 → v0.7.0** with MCP fidelity refactor for status-only commands (#296), gateway commands (status/deploy/logs/backup/restore), parsing of `docker compose ps` NDJSON output (#278), and OpenAI provider opt-in for `cliproxy setup --harness opencode` (#307). Codex device-code OAuth login added (#303). +- **CLIProxyAPI:** v6.9.39 → v6.10.9 (digest-pinned). Caddy: 2.11.2-alpine → 2.11.3-alpine. +- **Gateway hardening:** ControlMaster SSH multiplexing for deploys (#277), pinned droplet host keys in `.github/known_hosts` (#272), `validateGatewayHost` rejects `-`-prefixed values pre-SSH-invocation, no-argv-for-secrets invariant. +- **Operational documentation:** new Discord token-lifecycle runbook (#284, `docs/runbooks/`); plan reconciliation for cliproxy deployment + conventions tests (#253); compound learning entry for gateway first-deploy 5-wave cascade (#280, `docs/solutions/`). +- **Convention enforcement extended:** `predicate-quantifier:every` rule on `dorny/paths-filter` with negations (#254). +- **AGENTS.md updates:** Root expanded to cover gateway alongside keeweb + cliproxy; new per-app `apps/gateway/AGENTS.md` and `packages/shared/AGENTS.md`. +- **Open issues:** 5 → 38 (mostly tracked plan work + autohealing reports + Dependency Dashboard); **open PRs:** 1 → 0. + +No contradictions with prior surveys — all earlier findings remain accurate, the repo has expanded additively. -Sources: https://github.com/marcusrbrown/gpt (SHA aac010356a3e0d7fd21a5883b98d0cdf6229ed60) +Sources: https://github.com/marcusrbrown/infra (SHA 2f9bafd6cdb03d9ed28ee336d99d5f7bf09a3dfb) -## [2026-05-27 08:58] ingest | repo:marcusrbrown/gpt +## [2026-05-27 08:59] ingest | repo:marcusrbrown/infra -Surveyed marcusrbrown/gpt and updated the control-plane wiki. +Surveyed marcusrbrown/infra and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/gpt +Sources: https://github.com/marcusrbrown/infra diff --git a/knowledge/wiki/repos/marcusrbrown--infra.md b/knowledge/wiki/repos/marcusrbrown--infra.md index fe51c5fa7..75da29c87 100644 --- a/knowledge/wiki/repos/marcusrbrown--infra.md +++ b/knowledge/wiki/repos/marcusrbrown--infra.md @@ -2,8 +2,11 @@ type: repo title: "marcusrbrown/infra" created: 2026-04-18 -updated: 2026-04-27 +updated: 2026-05-27 sources: + - url: https://github.com/marcusrbrown/infra + sha: 2f9bafd6cdb03d9ed28ee336d99d5f7bf09a3dfb + accessed: 2026-05-27 - url: https://github.com/marcusrbrown/infra sha: 938fa7c5fb1d10e844a214048e7928afe3095b79 accessed: 2026-04-27 @@ -19,28 +22,30 @@ sources: - url: https://github.com/marcusrbrown/infra sha: 20de04713bf01294217dee4d3b64d5d7cfb2426e accessed: 2026-04-18 -tags: [bun, deploy, github-actions, infra, keeweb, cliproxy, mcp, cli, typescript, conventions] +tags: [bun, deploy, github-actions, infra, keeweb, cliproxy, gateway, mcp, cli, typescript, conventions, discord] aliases: [infra] related: - marcusrbrown--ha-config - marcusrbrown--systematic + - fro-bot--agent --- # marcusrbrown/infra -Bun workspace monorepo for Marcus R. Brown's personal infrastructure. Hosts KeeWeb deploy automation, the CLIProxyAPI proxy (routes Fro Bot agents to Claude via the Claude Code OAuth subscription), and an operational CLI with MCP bridge. +Bun workspace monorepo for Marcus R. Brown's personal infrastructure. Hosts KeeWeb deploy automation, the CLIProxyAPI proxy (routes Fro Bot agents to Claude via the Claude Code OAuth subscription), the [[fro-bot--agent]] Discord gateway deployment, and an operational CLI with MCP bridge. ## Overview - **Purpose:** Deploy automation, operational CLI, and infrastructure tooling - **Default branch:** `main` - **Created:** 2026-04-03 -- **Last push:** 2026-04-27 +- **Last push:** 2026-05-26 - **Runtime:** Bun v1.0+ -- **Published package:** `@marcusrbrown/infra` v0.4.6 on npm -- **Open issues:** 5 (3 autohealing reports, 1 rate limit investigation, 1 Dependency Dashboard) -- **Open PRs:** 1 (#187 — Changesets version packages, by mrbro-bot) +- **Published package:** `@marcusrbrown/infra` v0.7.0 on npm +- **Open issues:** 38 (mostly tracked work + autohealing reports + Dependency Dashboard) +- **Open PRs:** 0 - **Topics:** `bun`, `deploy`, `github-actions`, `infra`, `keeweb` +- **License:** MIT ## Repository Structure @@ -52,10 +57,13 @@ Bun workspace monorepo with `apps/*` and `packages/*` workspaces. | --------------------- | ---------------------------------------------------------------------- | | `apps/keeweb/` | KeeWeb v1.18.7 static site deploy automation (`kw.igg.ms`) | | `apps/cliproxy/` | CLIProxyAPI Docker Compose stack behind Caddy (`cliproxy.fro.bot`) | +| `apps/gateway/` | Fro Bot Discord gateway + workspace runner + mitmproxy (`gateway.fro.bot`) | | `packages/cli/` | `@marcusrbrown/infra` CLI — health checks, deploy triggers, MCP bridge | +| `packages/shared/` | Shared TypeScript helpers for DigitalOcean droplet provisioning (private) | | `docs/brainstorms/` | Requirements and brainstorm documents | | `docs/plans/` | Implementation plans | | `docs/solutions/` | Compound learning docs (solved problems with YAML frontmatter) | +| `docs/runbooks/` | Operator day-2 procedures (e.g., Discord token lifecycle) | | `.agents/skills/` | Agent skill context packets (goke) | | `.opencode/commands/` | OpenCode slash commands | | `.changeset/` | Changesets config for versioning | @@ -78,6 +86,19 @@ Self-hosted [KeeWeb](https://keeweb.info) v1.18.7 password manager at `kw.igg.ms - Runs on a DigitalOcean droplet provisioned via `bun run --cwd apps/cliproxy provision` - Deploy uploads compose files and restarts the stack (idempotent, preserves runtime `config.yaml` unless `--force-config`) - Management API for runtime config, API key distribution, and login +- Multi-provider login support: Claude (default), OpenAI/Codex via device-code OAuth (added #303, 2026-05-24), OpenAI provider opt-in for `cliproxy setup --harness opencode` (#307, 2026-05-26) + +#### Fro Bot Gateway (`apps/gateway`) + +Fro Bot Discord client + workspace runner stack at `gateway.fro.bot`. Three-service Docker Compose deployment: gateway daemon, workspace executor, and mitmproxy egress filter. Upstream source is `fro-bot/agent`, pinned via `apps/gateway/upstream.json` (currently `v0.44.2`). No public HTTP surface — outbound to Discord and S3 only. Added in #264 (2026-05-18). + +- Provisioned on a dedicated DigitalOcean droplet (`s-1vcpu-2gb`, `nyc1`, tagged `gateway`) +- **Secret materialization via SSH stdin only** — never via argv. 7 required + 2 optional secret files written atomically under `/opt/gateway/deploy/secrets/`; compose maps each to `/run/secrets/` and exposes via `${NAME}_FILE` env vars +- **Checksum-after-success invariant:** `/opt/gateway/.secrets-checksum` is written only after compose up + Discord command registration both succeed. Mid-rotation failures leave the old checksum so the next deploy force-recreates containers +- **Registration poll:** ~90s budget against `GET /applications/{app_id}/guilds/{guild_id}/commands`; 429 honors `Retry-After` without counting against attempts; 401/403/404 abort with token-sanitized errors +- **mitmproxy CA** lives in the `mitmproxy-certs` named volume; backup/restore via `gateway backup --include-ca` / `gateway restore --input FILE --include-ca` (tarball must contain exactly `mitmproxy-ca-cert.pem` + `mitmproxy-ca.pem`) +- **Host hardening:** `validateGatewayHost` rejects `-`-prefixed values before any SSH invocation (SSH treats `-`-prefixed hostnames as flags, including `-oProxyCommand=`); host keys pinned in `.github/known_hosts` (commit `cf0500af`, 2026-05-19) +- **Deploy SSH multiplexing** via ControlMaster (#277, 2026-05-20) to amortize handshake cost across the multi-step deploy ### CLI (`packages/cli`) @@ -96,6 +117,11 @@ Published as `@marcusrbrown/infra` on npm. Built with [goke](https://github.com/ | `infra cliproxy login` | OAuth authentication with Claude subscription (SSH + TTY) | | `infra cliproxy setup` | Interactive onboarding wizard for connecting a repo to CLIProxyAPI | | `infra cliproxy open` | Launch CLIProxyAPI terminal dashboard via SSH | +| `infra gateway status` | SSH + `docker compose ps` (NDJSON parsed, #278) — service states, healthchecks | +| `infra gateway deploy` | Trigger gateway deploy workflow (remote, default) or `--local` (requires `SSH_AUTH_SOCK`) | +| `infra gateway logs [--tail N]` | Stream `docker compose logs` for `gateway`/`workspace`/`mitmproxy`; `--allow-ci` required in headless contexts | +| `infra gateway backup --include-ca` | Pull mitmproxy CA tarball; local file created with mode 0600 via `O_EXCL\|O_CREAT` (no chmod race) | +| `infra gateway restore --input FILE --include-ca` | Validate tarball locally, upload to unguessable `mktemp` path, extract, restart, byte-equal confirm | | `infra mcp` | Start stdio MCP server exposing all CLI commands as tools | The MCP bridge (`infra mcp`) lets coding agents (Fro Bot, Copilot) call commands programmatically via the [Model Context Protocol](https://modelcontextprotocol.io). @@ -107,9 +133,10 @@ The MCP bridge (`infra mcp`) lets coding agents (Fro Bot, Copilot) call commands | Workflow | File | Trigger | Purpose | | --- | --- | --- | --- | | CI | `ci.yaml` | PR to `main`, dispatch | Lint + type check + test (parallel jobs) | -| Deploy | `deploy.yaml` | Dispatch only | Thin orchestrator — calls both deploy-keeweb and deploy-cliproxy via `workflow_call` | +| Deploy | `deploy.yaml` | Dispatch only | Thin orchestrator — calls all per-app deploy workflows via `workflow_call` | | Deploy KeeWeb | `deploy-keeweb.yaml` | Push to `main`, dispatch, `workflow_call` | Build and deploy KeeWeb (path-filtered, `keeweb` environment) | | Deploy CLIProxy | `deploy-cliproxy.yaml` | Push to `main`, dispatch, `workflow_call` | Deploy CLIProxyAPI (path-filtered, `cliproxy` environment) | +| Deploy Gateway | `deploy-gateway.yaml` | Push to `main`, dispatch, `workflow_call` | Deploy Fro Bot gateway stack (path-filtered, `gateway` environment) | | Release | `release.yaml` | Push to `main`, dispatch | Version and publish `@marcusrbrown/infra` via Changesets | | Renovate | `renovate.yaml` | Schedule, issue/PR edits, post-deploy | Automated dependency updates | | Renovate Changesets | `renovate-changesets.yaml` | `pull_request_target` (Renovate PRs) | Auto-create changeset files for dependency updates | @@ -149,15 +176,16 @@ Required status checks on `main`: CI, Fro Bot, Lint, Type Check, `Renovate / Ren | Tool | Config | Notes | | --- | --- | --- | -| ESLint | `eslint.config.ts` via `@bfra.me/eslint-config` ^0.51.0 | Flat config; ignores `.agents/`, `.opencode/`, `docs/`, `dist/` | -| Prettier | `@bfra.me/prettier-config/120-proof` ^0.16.0 | 120-char line width | -| TypeScript | `tsconfig.json` via `@bfra.me/tsconfig` ^0.13.0 | Target ESNext, Bundler resolution, Bun types, noEmit | -| Git hooks | `simple-git-hooks` + `lint-staged` | `eslint --fix` on staged files | +| ESLint | `eslint.config.ts` via `@bfra.me/eslint-config` 0.51.1 | Flat config; ignores `.agents/`, `.opencode/`, `docs/`, `dist/` | +| Prettier | `@bfra.me/prettier-config/120-proof` ^0.16.0 (Prettier 3.8.3) | 120-char line width | +| TypeScript | `tsconfig.json` via `@bfra.me/tsconfig` 0.13.1 | Target ESNext, Bundler resolution, Bun types, noEmit | +| Git hooks | `simple-git-hooks` 2.13.1 + `lint-staged` 16.4.0 | `eslint --fix` on staged files | | CLI framework | `goke` ^6.8.0 + Zod ^4.3.6 | Space-separated subcommands | | Prompts | `@clack/prompts` ^1.2.0 | Scoped to `cliproxy setup` wizard | -| Changesets | `@changesets/cli` ^2.30.0 | Versioning for `@marcusrbrown/infra` CLI package | -| Renovate | Extends `marcusrbrown/renovate-config#4.5.8` | Post-upgrade: `bun install` + `bun run fix`. Docker source URLs for CLIProxyAPI and Caddy | +| Changesets | `@changesets/cli` 2.31.0 + `@svitejs/changesets-changelog-github-compact` | Versioning for `@marcusrbrown/infra` CLI package | +| Renovate | Extends `marcusrbrown/renovate-config#5.2.0` + `group:allNonMajor` | v4→v5 crossed 2026-05-17 (#242). Post-upgrade: `bun install --ignore-scripts` + `bun run fix`. Docker source URLs for CLIProxyAPI and Caddy. `bfra-me/.github` digest updates disabled | | Probot Settings | Extends `fro-bot/.github:common-settings.yaml` | Repository configuration sync | +| TypeScript runtime | TypeScript 6.0.3, ESLint 10.4.0 | Both crossed major boundaries in this survey window | ### Key Dependencies @@ -173,7 +201,7 @@ Required status checks on `main`: CI, Fro Bot, Lint, Type Check, `Renovate / Ren ## Fro Bot Integration -**Fro Bot workflow is present** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.42.2` (SHA `94d8a156570d68d2461ab496b589e63bdcd6ba84`). The workflow includes: +**Fro Bot workflow is present** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.44.3` (bumped from v0.42.2 through v0.43.x to v0.44.3 over 2026-05-17 → 2026-05-20). The workflow includes: - **PR review** with structured verdict format (PASS / CONDITIONAL / REJECT) and sections for blocking issues, non-blocking concerns, missing tests, and risk assessment - **Daily autohealing schedule** (03:30 UTC) with 8 operational categories: errored PRs, security, code quality, developer experience, deploy pipeline health, live site review (via `agent-browser`), cross-project intelligence, and **upstream modernization watch** (Sunday-only) @@ -206,6 +234,8 @@ The autohealing schedule monitors: **`cliproxy` environment:** `CLIPROXY_SSH_KEY`, `CLIPROXY_MANAGEMENT_KEY`, `CLIPROXY_DOMAIN` +**`gateway` environment:** `GATEWAY_SSH_KEY`, `DISCORD_TOKEN`, `DISCORD_APPLICATION_ID`, `DISCORD_GUILD_ID`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `S3_BUCKET`, `S3_REGION`, `GATEWAY_HOST`; optional: `S3_ENDPOINT`, `OBJECT_STORE_HOSTS`, `AWS_SESSION_TOKEN` + **Repository secrets:** `APPLICATION_ID`, `APPLICATION_PRIVATE_KEY`, `DIGITALOCEAN_ACCESS_TOKEN`, `FRO_BOT_PAT`, `NPM_TOKEN`, `OMO_PROVIDERS`, `OPENCODE_AUTH_JSON`, `OPENCODE_CONFIG` **Repository variables:** `FRO_BOT_MODEL` @@ -222,7 +252,11 @@ The autohealing schedule monitors: - **CI Node pin:** Workflows running `bun run lint` or `bunx tsc` must pin Node 24 via `actions/setup-node` (ESLint shebang uses system Node; ubuntu-latest ships Node 20 without ES2024 APIs). - **Lockfile:** `bun.lock` (text format) committed; `bun.lockb` (binary) is not used. - **Config safety:** `config/config.json` template has empty `dropboxSecret`; real value injected at build time. Never overwrite `config.yaml` on cliproxy server (runtime API keys live there). -- **Host keys:** Pinned in `.github/known_hosts`. Never use `ssh-keyscan`. +- **Host keys:** Pinned in `.github/known_hosts`. Never use `ssh-keyscan` in CI. Provisioning scripts may use it locally via the shared `pinHostKeys` helper in `packages/shared/server/droplet-helpers.ts`. +- **Gateway secrets:** Never pass gateway secret bytes via argv — `writeRemoteFile` pipes through SSH stdin only; `--body ` patterns are banned. +- **Gateway host validation:** Never skip `validateGatewayHost` — required before any SSH invocation against the gateway droplet. +- **CA rotation:** Never restart the gateway in-place to rotate the mitmproxy CA — workspaces lose trust in the egress proxy. Restore from backup instead. +- **`bundledDependencies`:** Banned (enforced). Bun's `.bun/` symlink layout creates `../../` paths that npm rejects with E415. ## Cross-Repository Patterns @@ -263,12 +297,22 @@ This approach avoids relying solely on human review or agent-driven linting for | Component | Image | Version | | --- | --- | --- | -| Caddy reverse proxy | `caddy:2.11.2-alpine` | Digest-pinned | -| CLIProxyAPI | `eceasy/cli-proxy-api:v6.9.39` | Digest-pinned | +| Caddy reverse proxy | `caddy:2.11.3-alpine` | Digest-pinned | +| CLIProxyAPI | `eceasy/cli-proxy-api:v6.10.9` | Digest-pinned | Both images are digest-pinned in `docker-compose.yaml`. Renovate manages digest rotations with changelog context sourced from upstream repositories (`router-for-me/CLIProxyAPI`, `caddyserver/caddy`). -The CLIProxyAPI container uses a Docker healthcheck (`wget --spider http://localhost:8317/healthz`) with 30s interval, 5s timeout, 3 retries, and 10s start period (switched from previous healthcheck method in #181, 2026-04-25). +The CLIProxyAPI container uses a Docker healthcheck (`wget --spider http://localhost:8317/healthz`) with 30s interval, 5s timeout, 3 retries, and 10s start period. + +### Fro Bot Gateway Stack + +| Component | Source | Notes | +| --- | --- | --- | +| Gateway daemon | `fro-bot/agent@v0.44.2` (pinned in `apps/gateway/upstream.json`) | Cloned + reset on the droplet each deploy | +| Workspace executor | Same source | Runs inside the same Compose stack | +| mitmproxy | Per upstream compose | Starts first; certificate in `mitmproxy-certs` named volume | + +Compose stack lives at `/opt/gateway/` on the droplet. Source materialization is `git clone || git fetch && git reset --hard && git clean -xfd` to the pinned SHA, isolated from `/opt/gateway/.secrets-checksum` so checksum survives `git clean -xfd`. ## Survey History @@ -279,3 +323,4 @@ The CLIProxyAPI container uses a Docker healthcheck (`wget --spider http://local | 2026-04-25 | `9306b9b` | No code changes; open issues 4→5 (new autohealing report #178) | | 2026-04-26 | `cd3bb16` | Fro Bot v0.41.4→v0.42.1, new category 8 (Upstream Modernization Watch, #182), CLIProxy healthcheck switched to `/healthz` (#181), CLI v0.4.6, CLIProxyAPI v6.9.38 | | 2026-04-27 | `938fa7c` | Fro Bot v0.42.1→v0.42.2 (#185), CLIProxyAPI v6.9.38→v6.9.39 (#186), bfra-me/.github v4.16.8→v4.16.9 (#188). Open issues 4→5, 1 open PR (version packages #187) | +| 2026-05-27 | `2f9bafd` | **Major expansion.** New `apps/gateway/` (Fro Bot Discord stack at `gateway.fro.bot`, #264, 2026-05-18); new `packages/shared/` for droplet provisioning helpers (#290). 12 workflows (added `deploy-gateway.yaml`). Fro Bot agent v0.42.2 → v0.44.3 (multiple bumps). Renovate preset bumped major v4→v5 (#242, `marcusrbrown/renovate-config#5.2.0`) with `group:allNonMajor`. TypeScript 6.0.3, ESLint 10.4.0, `@bfra.me/eslint-config` 0.51.1. CLI v0.4.6 → v0.7.0; MCP fidelity refactor for status-only commands (#296). CLIProxy: OpenAI/Codex device-code OAuth login (#303), OpenAI provider opt-in for `cliproxy setup --harness opencode` (#307); CLIProxyAPI v6.10.9, Caddy 2.11.3-alpine. Gateway hardening: ControlMaster multiplexing (#277), pinned droplet host keys (#272), checksum-after-success secret rotation. Discord token-lifecycle runbook (#284). Open issues 5→38, 0 open PRs. | diff --git a/knowledge/wiki/topics/github-actions-ci.md b/knowledge/wiki/topics/github-actions-ci.md index ec1496c23..478d057c5 100644 --- a/knowledge/wiki/topics/github-actions-ci.md +++ b/knowledge/wiki/topics/github-actions-ci.md @@ -2,7 +2,7 @@ type: topic title: GitHub Actions CI created: 2026-04-18 -updated: 2026-05-23 +updated: 2026-05-27 tags: [github-actions, ci-cd, automation, security, renovate] related: - fro-bot--agent @@ -58,7 +58,7 @@ Both repos extend `marcusrbrown/renovate-config` for dependency updates, with re - [[marcusrbrown--containers]] — `#4.5.0`, ignores `templates/`, disables patch updates (except TypeScript/Python), post-upgrade runs `pnpm install && pnpm format` - [[marcusrbrown--ha-config]] — `#4.5.8`, custom managers for pre-commit and mise, post-upgrade runs Prettier, automerge on minor/patch pip updates - [[marcusrbrown--github]] — `#4.5.8`, post-upgrade runs `npx prettier@3.8.3 --no-color --write .`, PR creation set to `immediate` -- [[marcusrbrown--infra]] — `#4.5.8`, post-upgrade runs `bun install --ignore-scripts && bun run fix`, Docker source URLs for CLIProxyAPI/Caddy, `bfra-me/.github` digest updates disabled +- [[marcusrbrown--infra]] — `#5.2.0` + `group:allNonMajor` (v4→v5 crossed 2026-05-17), post-upgrade runs `bun install --ignore-scripts && bun run fix`, Docker source URLs for CLIProxyAPI/Caddy, `bfra-me/.github` digest updates disabled - [[marcusrbrown--renovate-config]] — Self-referential (`local>marcusrbrown/renovate-config`), custom regex manager for `bfra-me/renovate-config` preset pin in `default.json`, post-upgrade runs `pnpm run bootstrap && pnpm run fix` - [[marcusrbrown--sparkle]] — `#4.5.9` + `sanity-io/renovate-config:semantic-commit-type` + `:preserveSemverRanges`, post-upgrade runs `pnpm bootstrap && pnpm fix`, React Native package grouping, automerge on unstable `@astrojs/check`/`typedoc` @@ -82,8 +82,9 @@ Repos use `dorny/paths-filter` to scope CI runs to relevant file changes, reduci [[marcusrbrown--infra]] pioneered a pattern of splitting monolithic deploy workflows into per-app dedicated workflows connected by `workflow_call`: - Each app gets its own workflow file with independent path filtering, environment gating, and secret validation -- A thin orchestrator workflow dispatches both via `workflow_call` for manual "deploy everything" scenarios -- Benefit: one app's deploy failure doesn't block the other; each workflow is independently triggerable +- A thin orchestrator workflow dispatches all of them via `workflow_call` for manual "deploy everything" scenarios +- Benefit: one app's deploy failure doesn't block the others; each workflow is independently triggerable +- Validated at scale: as of 2026-05-27, infra has 3 per-app deploy workflows (`deploy-keeweb.yaml`, `deploy-cliproxy.yaml`, `deploy-gateway.yaml`) gated by a thin `deploy.yaml` orchestrator. The Discord gateway (`apps/gateway`, added #264) is the third app onboarded to this pattern ### Fro Bot Agent @@ -92,7 +93,7 @@ Repos use `dorny/paths-filter` to scope CI runs to relevant file changes, reduci | [[fro-bot--agent]] | Present (`fro-bot.yaml`, self-hosted) | Daily 15:30 UTC DMR, Weekly Sun 20:00 UTC wiki update | | [[marcusrbrown--containers]] | Present (`fro-bot.yaml`) | Daily 14:30 UTC autohealing | | [[marcusrbrown--systematic]] | Present (`fro-bot.yaml`) | Weekly Mon 09:00 UTC maintenance, Daily 03:30 UTC autohealing | -| [[marcusrbrown--infra]] | Present (`fro-bot.yaml`) | Daily 03:30 UTC autohealing (8 categories incl. CLIProxy + cross-project + upstream modernization watch on Sundays) | +| [[marcusrbrown--infra]] | Present (`fro-bot.yaml`, agent v0.44.3) | Daily 03:30 UTC autohealing (8 categories incl. CLIProxy + Gateway + cross-project + upstream modernization watch on Sundays) | | [[marcusrbrown--marcusrbrown-github-io]] | Present (`fro-bot.yaml`) | Daily 15:30 UTC maintenance (no autoheal) | | [[marcusrbrown--renovate-config]] | Present (single-file `fro-bot.yaml` at v0.44.3; the separate `fro-bot-autoheal.yaml` was consolidated since 2026-04-28) | Daily 15:30 UTC, 6 categories incl. config validation, cross-project intelligence inbound, and Sundays-only Upstream Modernization Watch with at-most-one-draft-PR-per-scan policy | | [[marcusrbrown--sparkle]] | **Not present** | N/A | From 5a2a03d9749accdf4f3212eb98f2b187ac8dec43 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 01:59:20 -0700 Subject: [PATCH 57/77] chore(reconcile): record survey success for marcusrbrown/infra --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 5abfedd67..108fba2e0 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -98,11 +98,11 @@ repos: name: infra added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 - last_survey_status: failure + last_survey_at: 2026-05-27 + last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-07 + next_survey_eligible_at: 2026-06-27 discovery_channel: collab private: false node_id: R_kgDOR4g8TA From 4ed7e83115f55c27df5f7fa72d0997c2a237e332 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 21:49:19 -0700 Subject: [PATCH 58/77] chore(metadata): add marcusrbrown/cortexkit_anthropic-auth from invitation polling --- metadata/repos.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 108fba2e0..dde739c55 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -322,3 +322,15 @@ repos: next_survey_eligible_at: 2026-06-22 private: false node_id: MDEwOlJlcG9zaXRvcnkzMDc1NzM1OTE= + - owner: marcusrbrown + name: cortexkit_anthropic-auth + added: 2026-05-28 + onboarding_status: pending + last_survey_at: null + last_survey_status: null + has_fro_bot_workflow: false + has_renovate: false + discovery_channel: collab + next_survey_eligible_at: null + private: false + node_id: R_kgDOSmhCGA From 06d7a0178fbf1dafdbe1dc06c96ab7ea4e111523 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 21:54:28 -0700 Subject: [PATCH 59/77] feat(knowledge): survey marcusrbrown/cortexkit_anthropic-auth --- knowledge/index.md | 1 + knowledge/log.md | 26 +++ .../marcusrbrown--cortexkit-anthropic-auth.md | 214 ++++++++++++++++++ knowledge/wiki/topics/opencode-plugins.md | 22 +- 4 files changed, 260 insertions(+), 3 deletions(-) create mode 100644 knowledge/wiki/repos/marcusrbrown--cortexkit-anthropic-auth.md diff --git a/knowledge/index.md b/knowledge/index.md index 787760782..693a8daf0 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -15,6 +15,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--github]] — Marcus's personal `.github` repo; GitHub defaults, community health files, and canonical Probot Settings template (`common-settings.yaml`); Prettier-only CI, `bfra-me/.github` reusable workflows pinned at v4.16.20, Renovate preset on v4.5.9 (v4 holdout), no Fro Bot workflow yet - [[marcusrbrown--containers]] — Container collection and automation framework (Dockerfiles, multi-arch builds, Python CLI, AI-powered templates, CI/CD) - [[marcusrbrown--copiloting]] — Polyglot AI/LLM experimentation monorepo (Python + TypeScript); LangChain tutorials, Flask + SvelteKit PDF chat app, Fro Bot agent workflows +- [[marcusrbrown--cortexkit-anthropic-auth]] — Fork of `cortexkit/anthropic-auth`: Claude Pro/Max OAuth, fallback accounts, quota routing, prompt-cache controls, optional Cloudflare Worker relay for both OpenCode and Pi; Bun workspace monorepo, Biome 2.4.15, MIT, published as `@marcusrbrown/{anthropic-auth-core,opencode-anthropic-auth}@1.2.2-mb.2` (Pi package private in fork); default branch `marcusrbrown/main`; no Fro Bot workflow yet - [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release to Marketplace+OpenVSIX+npm); Renovate preset crossed v4→v5 (#5.2.0) on 2026-05-14, eslint v10 / jsdom v29 / eslint-plugin-node-dependencies v2 majors landed end of April, `typescript` v6 (#466) remains the sole pending major; **still no Fro Bot agent workflow** - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) diff --git a/knowledge/log.md b/knowledge/log.md index b62312631..b29843161 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1448,3 +1448,29 @@ Sources: https://github.com/marcusrbrown/infra (SHA 2f9bafd6cdb03d9ed28ee336d99d Surveyed marcusrbrown/infra and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/infra + +## [2026-05-28 04:51] ingest | marcusrbrown/cortexkit_anthropic-auth + +Initial survey of `marcusrbrown/cortexkit_anthropic-auth` at SHA `517d385` (default branch `marcusrbrown/main`). Created repo page `marcusrbrown--cortexkit-anthropic-auth.md`. Updated `opencode-plugins.md` topic (added repo to plugin table, new "Cross-Process OAuth Refresh Locking" section, frontmatter source/tags refresh). Updated `index.md` to catalog the new repo page. + +Key findings: + +- Public fork of `cortexkit/anthropic-auth`. Bun workspace monorepo with `core`, `opencode`, `pi`, `e2e-tests` packages. MIT, TypeScript 6.0.3, Bun 1.3.14 (mise), Biome 2.4.15, Lefthook 2.1.6. +- Two packages published from the fork under `@marcusrbrown/*` at `1.2.2-mb.2`: `anthropic-auth-core` (shared) and `opencode-anthropic-auth` (plugin + CLI). Pi package `@cortexkit/pi-anthropic-auth` is `private: true` in this fork — release contract explicitly excludes it. +- Provides Claude Pro/Max OAuth for OpenCode (`/connect anthropic`) and Pi (`/login anthropic`) with fallback accounts, quota-aware routing (5h/7d Claude quota gates with `failClosedOnUnknownQuota` default), persistent 1-hour prompt cache controls (`/claude-cache`, `/claude-cachekeep`), fast mode toggle (`/claude-fast`), live quota visibility (`/claude-quota`), request dumps (`/claude-dump`), and an optional user-owned Cloudflare Worker relay. +- Sidecar config: `~/.config/opencode/anthropic-auth.json` (env `OPENCODE_ANTHROPIC_AUTH_FILE`) for OpenCode; `~/.pi/agent/anthropic-auth.json` (env `PI_ANTHROPIC_AUTH_FILE`, `PI_AGENT_DIR`) for Pi. Same JSON schema across both agents. +- Release-path hardening worth carrying forward: jittered background OAuth refresh (`1.2.2`), cross-process atomic refresh lock to prevent rotated-refresh-token races and `invalid_grant` losers (`1.1.3`/`1.2.2`), wait-and-rejoin on contention, refresh endpoint failover to `api.anthropic.com/v1/oauth/token` after `platform.claude.com` returned OAuth `429` repeatedly (`1.2.1`). +- Workflows: `ci.yml` (PR-only: typecheck, build, test, Biome format/lint, SHA-pinned actions) and `release.yaml` (tag/dispatch with tag-commit integrity check, version-keyed concurrency, OIDC trusted publishing + provenance, no `NPM_TOKEN`, no `mb` dist-tag lane, `npm publish --tag latest`, no CI manifest mutation — manifests must already match the release version per `version-sync.mjs --validate`). +- Dependabot (not Renovate) — `enable-beta-ecosystems: true`, weekly bun + github-actions. Deliberate divergence from the rest of Marcus's ecosystem. +- Captures (`captures/`) are gitignored — mitmproxy HTTPS interception of Claude Code / OpenCode system prompts. PII-sensitive; any PR touching them should be flagged. +- **No Fro Bot workflow detected.** Noted on the repo page; follow-up draft PR should propose a Fro-Bot config tuned for release-sensitive, OAuth-sensitive repos (review/triage scope only — must not touch version-sync or the OIDC publish path). + +No contradictions with existing wiki content. Additive updates only. + +Sources: https://github.com/marcusrbrown/cortexkit_anthropic-auth (SHA 517d38596432429a8fc5f78612edc80a1c3f3dc6) + +## [2026-05-28 04:54] ingest | repo:marcusrbrown/cortexkit_anthropic-auth + +Surveyed marcusrbrown/cortexkit_anthropic-auth and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/cortexkit_anthropic-auth diff --git a/knowledge/wiki/repos/marcusrbrown--cortexkit-anthropic-auth.md b/knowledge/wiki/repos/marcusrbrown--cortexkit-anthropic-auth.md new file mode 100644 index 000000000..bfd05ee51 --- /dev/null +++ b/knowledge/wiki/repos/marcusrbrown--cortexkit-anthropic-auth.md @@ -0,0 +1,214 @@ +--- +type: repo +title: marcusrbrown/cortexkit_anthropic-auth +created: 2026-05-28 +updated: 2026-05-28 +sources: + - url: https://github.com/marcusrbrown/cortexkit_anthropic-auth + sha: 517d38596432429a8fc5f78612edc80a1c3f3dc6 + accessed: 2026-05-28 +tags: [opencode, pi, anthropic, oauth, claude, bun, typescript, monorepo, biome, fork, relay, cloudflare-worker, mitmproxy] +related: [marcusrbrown--opencode-copilot-delegate, marcusrbrown--systematic, marcusrbrown--dotfiles] +--- + +# marcusrbrown/cortexkit_anthropic-auth + +Fork of `cortexkit/anthropic-auth` adding Claude Pro/Max OAuth, fallback accounts, quota routing, prompt-cache controls, and a Cloudflare Worker relay path for OpenCode and Pi. Marcus's fork publishes the OpenCode plugin and shared core under his own scope; the Pi package remains private to the fork. + +## Overview + +This is a Bun workspace monorepo with three packages: a shared core, an OpenCode plugin, and a Pi provider extension. The OpenCode plugin intercepts the final Anthropic request and rewrites it into the shape Anthropic's Claude Pro/Max OAuth path expects; the Pi package registers a CortexKit provider override under Pi's built-in `anthropic` provider ID. Both integrations share OAuth, fallback-account, quota, cache, relay, dump, SSE, and request-signing logic through the core package. + +**Fork status (2026-05-28):** + +- Default branch is `marcusrbrown/main` (not `main`) — fork-specific so upstream `main` can be tracked cleanly. +- Fork of `cortexkit/anthropic-auth`. Public, MIT-licensed, 1 star, 0 forks, issues enabled, no GitHub wiki, no discussions. +- Two packages published under `@marcusrbrown/*` at `1.2.2-mb.2`: + - `@marcusrbrown/anthropic-auth-core` (shared) + - `@marcusrbrown/opencode-anthropic-auth` (OpenCode plugin) +- Pi package `@cortexkit/pi-anthropic-auth` is `private: true` in this fork — explicitly excluded from publish jobs. +- Recommended install pin: `@marcusrbrown/opencode-anthropic-auth@1.2.2-mb.2`. + +## Why the Fork Exists + +Two practical drivers visible from `CHANGELOG.md` and `README.md`: + +1. **Namespace pinning.** Marcus needs to pin a specific OpenCode plugin build from his own scope so OpenCode's plugin loader resolves an immutable artifact (and `rm -rf ~/.cache/opencode` can predictably reset state). Publishing `@marcusrbrown/opencode-anthropic-auth` removes the dependency on whatever CortexKit ships at upstream `latest`. +2. **Closing the core namespace gap.** Release `1.2.2-mb.1` shipped only the OpenCode package and still pulled `@cortexkit/anthropic-auth-core` from upstream. `1.2.2-mb.2` published `@marcusrbrown/anthropic-auth-core` and re-pointed the OpenCode plugin's dependency, making the fork install self-contained without any upstream-scoped runtime dependency. + +This pattern — fork → republish under personal scope → re-target internal dependencies — appears elsewhere in the Marcus ecosystem; see the broader ecosystem notes in [[marcusrbrown--dotfiles]] for the OpenCode plugin stack. + +## Technology Stack + +| Aspect | Detail | +|--------|--------| +| Language | TypeScript (per `primaryLanguage`); also Shell and JavaScript | +| Runtime/Build | Bun 1.3.14 (pinned via `mise.toml`) | +| Linting/Formatting | Biome 2.4.15 (single tool, like [[marcusrbrown--opencode-copilot-delegate]] — diverges from `@bfra.me/eslint-config` repos) | +| Package Manager | Bun workspaces (`bun.lock`, `workspaces: ["packages/*"]`) | +| Git Hooks | Lefthook 2.1.6 | +| Test Runner | `bun test` for unit and e2e | +| License | MIT | +| Default Branch | `marcusrbrown/main` | +| Disk Usage | 387 KB | +| TypeScript | 6.0.3 | + +### Mise Tooling + +`mise.toml` is minimal — only Bun 1.3.14 is pinned. No Node version pin at the root; the release workflow installs Node 24 explicitly via `actions/setup-node@v6`. + +## Packages + +| Package | Scope | Version | Purpose | +|---------|-------|---------|---------| +| `@marcusrbrown/anthropic-auth-core` | published, fork | `1.2.2-mb.2` | Shared OAuth, account, quota, cache, relay, dump, SSE, request-signing logic. Single runtime dep: `xxhash-wasm` (for body-derived `cch` signing). | +| `@marcusrbrown/opencode-anthropic-auth` | published, fork | `1.2.2-mb.2` | OpenCode plugin + CLI (`opencode-anthropic-auth` bin). Peer dep on `@opencode-ai/plugin`. Built with `bun build --target node --format esm --splitting --external @opencode-ai/plugin --minify` plus `tsc --emitDeclarationOnly`. Engines: `bun: 1.3.14`. | +| `@cortexkit/pi-anthropic-auth` | private in fork | `1.2.2` (unpublished here) | Pi extension declared via `pi.extensions` package-manifest field; registers a CortexKit Anthropic provider under Pi's `anthropic` provider ID. Depends on the fork's `@marcusrbrown/anthropic-auth-core`. Peer deps on three `@earendil-works/pi-*` packages (`pi-ai`, `pi-coding-agent`, `pi-tui`). | +| `packages/e2e-tests/` | internal | n/a | OpenCode end-to-end harness invoked via root `test:e2e` script; gated behind a core build. | + +## Architecture + +### Integration model + +Two agents, one shared core: + +- **OpenCode plugin.** Hooks into OpenCode's fetch/request transform path. Reuses OpenCode's normal `/connect anthropic` for the primary account; the plugin layers in OAuth headers, request rewrites, fallback routing, quota gates, cache controls, relay handoff, and dumps. Sidecar config lives at `~/.config/opencode/anthropic-auth.json` (overridable via `OPENCODE_ANTHROPIC_AUTH_FILE`). +- **Pi provider extension.** Calls `registerProvider("anthropic")` to override Pi's built-in Anthropic provider with a CortexKit one that takes the same Claude-compatible request path. Primary OAuth credentials live in Pi's normal credential store via `/login anthropic`; CortexKit-specific state lives at `~/.pi/agent/anthropic-auth.json` (overridable via `PI_ANTHROPIC_AUTH_FILE`, `PI_AGENT_DIR`). + +Both sidecars use the same JSON shape (`version`, `main`, `fallbackOn`, `refresh`, `quota`, `claudeCache`, `cacheKeep`, `dump`, `claudeFast`, `relay`, `accounts`), so a user's mental model is portable across agents. + +### What the core actually does + +From the README's "What CortexKit adds" matrix: + +- **Fallback accounts.** Ordered list of secondary OAuth accounts; routed on auth/quota/rate-limit failures (default `fallbackOn: [401, 403, 429]`). +- **Quota-aware routing.** Skips main or fallback accounts when 5-hour or 7-day Claude quota falls below configured `minimumRemaining` thresholds. `failClosedOnUnknownQuota` makes the safe default explicit. +- **Persistent prompt-cache controls.** `/claude-cache` toggles Anthropic's 1-hour cache in explicit, automatic, or hybrid modes; `/claude-cachekeep HH-HH` pre-warms hybrid anchors before the 1-hour TTL expires. +- **Fast mode toggle.** `/claude-fast on|off` requests Anthropic fast mode for supported Opus models. +- **Quota visibility.** `/claude-quota` surfaces live main + fallback state, reset times, refresh errors. +- **User-owned Cloudflare relay.** Optional Worker relay that reduces repeated client upload bytes for large requests; HTTP transport with `fallbackToDirect: true` as the resilient default. +- **Request hardening.** Final-body billing signing (`cch` derived from body via `xxhash-wasm`), token-refresh persistence safety, replay-safe fallback retries, subagent cache isolation. Background OAuth refresh uses jitter to avoid concurrent OpenCode processes refreshing on identical timestamps (`1.2.2`). +- **Dumps.** `/claude-dump` captures Claude-compatible request/response data for debugging when `dump.enabled: true`. + +### Commands (both agents) + +`/claude-cache`, `/claude-cachekeep`, `/claude-fast`, `/claude-quota`, `/claude-dump` — identical surface for OpenCode and Pi. + +## Repository Layout + +``` +. +├── .github/ +│ ├── ISSUE_TEMPLATE/ +│ ├── instructions/ +│ ├── workflows/ +│ │ ├── ci.yml +│ │ ├── copilot-setup-steps.yml +│ │ └── release.yaml +│ ├── copilot-instructions.md +│ └── dependabot.yml +├── packages/ +│ ├── core/ # @marcusrbrown/anthropic-auth-core +│ ├── opencode/ # @marcusrbrown/opencode-anthropic-auth +│ ├── pi/ # @cortexkit/pi-anthropic-auth (private in fork) +│ └── e2e-tests/ +├── docs/ +│ ├── brainstorms/ +│ └── plans/ +├── captures/ # gitignored mitmproxy / system-prompt captures +├── images/ +├── scripts/ +│ ├── analyze-cache-usage.mjs +│ ├── capture-with-mitmproxy.sh +│ ├── dev.ts / dev-clean.ts +│ ├── extract-system-prompt.ts +│ ├── release.sh / release.test.ts +│ ├── verify-artifacts.mjs / verify-artifacts.test.ts +│ ├── version-sync.mjs / version-sync.test.ts +│ └── wait-release.sh +├── AGENTS.md +├── CHANGELOG.md +├── biome.json +├── bun.lock +├── lefthook.yml +├── mise.toml +├── package.json +└── tsconfig.scripts.json +``` + +## CI/CD + +### `ci.yml` — Pull Request validation + +Runs on `pull_request` only. Single `check` job on `ubuntu-latest` with `permissions: contents: read`: + +1. Checkout (`actions/checkout@v6` pinned by SHA). +2. `jdx/mise-action@v4` (pinned by SHA) installs Bun. +3. `bun install --frozen-lockfile`. +4. `bun run types` (typecheck across core/opencode/pi + scripts tsconfig). +5. `bun run build` (sequential builds: core → opencode → pi). +6. `bun run test` (build + version-sync + verify-artifacts + release scripts tests + OpenCode package tests). +7. `bun run format:check` (Biome format). +8. `bun run lint` (Biome lint). + +Concurrency group cancels in-progress runs per PR. See [[github-actions-ci]] for cross-repo workflow patterns. + +### `release.yaml` — Tag-driven publish + +Triggers on `push` tags matching `v*` and on `workflow_dispatch` with a `version` input. Top-level `permissions: contents: read`; elevated permissions are scoped per-job. + +Notable hardening (from the visible job head): + +- Tag-commit integrity check: when triggered by tag push, verifies `HEAD` matches `git rev-list -n1 refs/tags/`. Mismatch is a hard failure. +- `FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true` at env scope. +- Concurrency group keyed to the resolved version (not run id), with `cancel-in-progress: false` so concurrent release runs queue instead of cancelling each other. +- `version-sync.mjs … --validate` enforces that package manifests already match the requested version — CI does not mutate manifests during release. + +Per `.github/copilot-instructions.md`, the release contract is locked: + +- npm Trusted Publishing/OIDC + provenance only — no `NPM_TOKEN` fallback secret. +- No `NPM_DIST_TAG_TOKEN`. +- No `mb` dist-tag lane (the `-mb.N` suffix is encoded in the version, not in a dist-tag). +- `npm publish --tag latest`. +- No `environment: npm-publish` unless both the GitHub environment and npm Trusted Publisher config are confirmed present. + +### `copilot-setup-steps.yml` + +Returns `Not Found` via the contents API for the resolved ref — either gitignored, missing, or readable only via the workflow runner. Not analyzed. + +### Dependabot + +`enable-beta-ecosystems: true`. Two ecosystems: + +- `bun` (root), weekly, max 10 open PRs. +- `github-actions` (root), weekly, max 5 open PRs. + +No Renovate config detected at the root — the repo uses Dependabot, not the [[marcusrbrown--renovate-config]] preset. That's a deliberate divergence from most Marcus repos. + +## Fro Bot Status + +**No Fro Bot workflow detected.** The only workflows are `ci.yml`, `copilot-setup-steps.yml`, and `release.yaml`. No `fro-bot.yaml`, no maintenance/autoheal job, no scheduled wiki update. + +Follow-up: a separate draft PR can propose a Fro Bot workflow tuned to this repo's profile (release-sensitive, OAuth/PII-sensitive captures, dual-package publish). The release contract above means the workflow must avoid touching version-sync, the OIDC publish path, or any release-tagging — its initial scope should be code review and triage, not autoheal. + +## Operational Notes + +- **Captures are gitignored.** `AGENTS.md` and `copilot-instructions.md` are unambiguous: `captures/` holds mitmproxy HTTPS interception artifacts of Claude Code / OpenCode system prompts. These contain sensitive data and PII. Treat any PR touching `captures/` as suspicious. +- **No file-content assertions in workflow/config tests.** `copilot-instructions.md` codifies this: verify syntax and behavior, not exact strings. Useful guardrail to import elsewhere. +- **Sidecar override env vars.** `OPENCODE_ANTHROPIC_AUTH_FILE` (OpenCode), `PI_ANTHROPIC_AUTH_FILE` and `PI_AGENT_DIR` (Pi). Both default to user config dirs, never `/etc` or anything system-wide. +- **OAuth refresh path.** As of `1.2.1`, tokens refresh through `https://api.anthropic.com/v1/oauth/token` (live-smoke-tested CLIProxyAPI path) after `platform.claude.com` repeatedly returned OAuth `429` during proactive refresh. Useful prior art for anyone else implementing Anthropic OAuth refresh. +- **OpenCode plugin singleton + lock semantics.** `1.2.2` adds jitter to background refresh timers and hardens cross-process refresh locks so a process can't steal a lock while another is still initializing it — preventing duplicate refreshes that burn a rotated refresh token and leave the loser with `invalid_grant`. This is exactly the kind of subtle multi-process pitfall worth carrying into [[opencode-plugins]]. + +## Cross-Cutting References + +- [[opencode-plugins]] — Plugin architecture, Bun build target, peer-dep handling, plugin singleton patterns. This repo is an additional data point for the singleton + cross-process lock category. +- [[marcusrbrown--opencode-copilot-delegate]] — Another OpenCode plugin in Marcus's stack; same Biome 2.4.15 + Bun 1.3.14 toolchain, comparable peer-dep and build-target discipline. +- [[marcusrbrown--systematic]] — Sibling OpenCode plugin (skills/agents framework). +- [[marcusrbrown--dotfiles]] — Consumes OpenCode plugins via OpenCode config; relevant pinning target for `@marcusrbrown/opencode-anthropic-auth@1.2.2-mb.2`. +- [[github-actions-ci]] — General CI patterns; this repo contributes the tag-commit integrity check pattern and the "no manifest mutation in CI" release rule. + +## Open Questions / Gaps + +- Is the upstream `cortexkit/anthropic-auth` still actively maintained? The fork's release notes carry forward upstream changelog entries through `1.2.2`, suggesting recent sync, but no explicit upstream-tracking workflow was observed. +- The `docs/brainstorms/` and `docs/plans/` directories exist but were not read (per the survey constraint to limit reads to listings, README, manifests, workflows). Future ingest could enumerate plan filenames to map roadmap scope. +- `e2e-tests` package internals (test count, framework) were not read. diff --git a/knowledge/wiki/topics/opencode-plugins.md b/knowledge/wiki/topics/opencode-plugins.md index 34052fd96..73a00a5b5 100644 --- a/knowledge/wiki/topics/opencode-plugins.md +++ b/knowledge/wiki/topics/opencode-plugins.md @@ -2,7 +2,7 @@ type: topic title: OpenCode Plugin Development created: 2026-04-23 -updated: 2026-05-21 +updated: 2026-05-28 sources: - url: https://github.com/marcusrbrown/opencode-copilot-delegate sha: bea3f576d7218900b9216a8a2c2947003660809b @@ -22,7 +22,10 @@ sources: - url: https://github.com/fro-bot/systematic sha: 12cae87 accessed: 2026-05-22 -tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton, json-schema] + - url: https://github.com/marcusrbrown/cortexkit_anthropic-auth + sha: 517d38596432429a8fc5f78612edc80a1c3f3dc6 + accessed: 2026-05-28 +tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton, json-schema, oauth, anthropic, cross-process-lock] --- # OpenCode Plugin Development @@ -137,8 +140,20 @@ Rather than registering one tool per skill, systematic registers a single `syste |------|-------------|---------|-------|--------| | [[marcusrbrown--systematic]] | `@fro.bot/systematic` | Structured engineering workflows (46 skills, 50 agents) | Bun, Biome, semantic-release | Active, v2.7.3 | | [[marcusrbrown--opencode-copilot-delegate]] | `opencode-copilot-delegate` | Delegate tasks to Copilot CLI as background subprocesses; opt-in `/copilot-status` TUI half | Bun, Biome, Changesets | Active, v0.12.0 (4 tools: delegate/output/cancel/resume) | +| [[marcusrbrown--cortexkit-anthropic-auth]] | `@marcusrbrown/opencode-anthropic-auth` + `@marcusrbrown/anthropic-auth-core` | Claude Pro/Max OAuth, fallback accounts, quota routing, prompt-cache controls, optional Cloudflare Worker relay; OpenCode + Pi share the same core | Bun, Biome, Lefthook, monorepo workspaces | Active fork, `1.2.2-mb.2` (fork of `cortexkit/anthropic-auth`); Pi package private in fork | -Both plugins use Bun + Biome (not the `@bfra.me/*` ESLint/Prettier stack), establishing this as the standard for Marcus's OpenCode plugin repos. Both use `mise.toml` to pin Bun and tool versions. +All three plugins use Bun + Biome (not the `@bfra.me/*` ESLint/Prettier stack), establishing this as the standard for Marcus's OpenCode plugin repos. All use `mise.toml` to pin Bun and tool versions. + +## Cross-Process OAuth Refresh Locking + +[[marcusrbrown--cortexkit-anthropic-auth]] documents a well-tuned pattern for OAuth refresh across multiple OpenCode processes sharing a single auth sidecar: + +1. **Jittered background refresh timers** so concurrent processes do not all hit the OAuth endpoint at the same due timestamp (`1.2.2`). +2. **Cross-process atomic filesystem lock** so a process cannot steal a lock while another is still initializing it (`1.1.3`, hardened in `1.2.2`). Without this, two processes can each successfully refresh, but the second consumes a rotated refresh token and the first loser ends up with `invalid_grant`. +3. **Wait-and-rejoin** on contention: when a main OAuth refresh is already in progress, followers wait briefly and re-read OpenCode auth so they join the successful token rotation instead of failing immediately. +4. **Refresh endpoint failover**: as of `1.2.1`, refresh moved from `platform.claude.com` to `https://api.anthropic.com/v1/oauth/token` after the former returned OAuth `429` repeatedly during proactive refresh. + +This is a useful reference pattern for any OpenCode plugin that shares per-user credentials across multiple agent processes. ## Two-Half Plugin Pattern (server + TUI) @@ -263,6 +278,7 @@ Schema is draft-07, describes top-level keys `agents`, `categories`, `disabled_s - [[marcusrbrown--systematic]] — Largest OpenCode plugin; structured workflows with 46 skills and 50 agents - [[fro-bot--systematic]] — Documentation deployment target for `@fro.bot/systematic` - [[marcusrbrown--opencode-copilot-delegate]] — Copilot CLI delegation plugin +- [[marcusrbrown--cortexkit-anthropic-auth]] — Claude Pro/Max OAuth, fallback accounts, quota routing, Cloudflare Worker relay for OpenCode and Pi - [[marcusrbrown--dotfiles]] — Agent skill configuration (`~/.agents/skills/`), consumes systematic as installed plugin - [[github-actions-ci]] — CI patterns for plugin repositories (Biome, bun test, semantic-release) - [[github-pages]] — GitHub Pages deployment patterns including cross-repo Starlight deploy From 0e4e2208e2e689678be2670baf034fd1c372d86d Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Wed, 27 May 2026 21:54:30 -0700 Subject: [PATCH 60/77] chore(reconcile): record survey success for marcusrbrown/cortexkit_anthropic-auth --- metadata/repos.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index dde739c55..6573c8864 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -325,12 +325,12 @@ repos: - owner: marcusrbrown name: cortexkit_anthropic-auth added: 2026-05-28 - onboarding_status: pending - last_survey_at: null - last_survey_status: null + onboarding_status: onboarded + last_survey_at: 2026-05-28 + last_survey_status: success has_fro_bot_workflow: false has_renovate: false discovery_channel: collab - next_survey_eligible_at: null + next_survey_eligible_at: 2026-06-29 private: false node_id: R_kgDOSmhCGA From 56dece40d77146396e0917f860808e8125a137eb Mon Sep 17 00:00:00 2001 From: "fro-bot[bot]" <109017866+fro-bot[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 08:53:57 +0000 Subject: [PATCH 61/77] chore(reconcile): +0 new, 0 pending-review, 0 lost-access, 1 refreshes --- metadata/repos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 6573c8864..c2db99a22 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -328,7 +328,7 @@ repos: onboarding_status: onboarded last_survey_at: 2026-05-28 last_survey_status: success - has_fro_bot_workflow: false + has_fro_bot_workflow: true has_renovate: false discovery_channel: collab next_survey_eligible_at: 2026-06-29 From 95192d28ff020ddf54609308cb0d5cf5f9e8fd31 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 28 May 2026 02:02:01 -0700 Subject: [PATCH 62/77] feat(knowledge): survey marcusrbrown/tokentoilet --- knowledge/index.md | 2 +- knowledge/log.md | 26 +++++++++++ .../wiki/repos/marcusrbrown--tokentoilet.md | 46 +++++++++++++------ knowledge/wiki/topics/web3-defi.md | 11 ++++- 4 files changed, 67 insertions(+), 18 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 693a8daf0..a25ae6177 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -28,7 +28,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repos; v5.2.0 (v4→v5 boundary crossed 2026-05-13 with `group:allNonMajor` + 0.x ungrouping safety valve), Fro Bot v0.44.3 with autoheal merged into `fro-bot.yaml` and a new Sundays-only Upstream Modernization Watch category - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell - [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (45 skills, 50 agents), npm `@fro.bot/systematic`, Bun + Biome + semantic-release -- [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16, React 19, TypeScript 6, Wagmi v2, Reown AppKit, Tailwind CSS v4, Vercel) +- [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16.2.6, React 19.2.6, TypeScript 6.0.3, **Wagmi v3** as of 2026-05-28, Reown AppKit, Tailwind CSS v4.3.0, Vercel); pnpm crossed v10→v11 (11.3.0), Renovate preset crossed v4→v5 (#5.2.0), Fro Bot v0.45.0 with workflow-health silent-outage heuristic ported from marcusrbrown/marcusrbrown; open issues triaged 30→3 - [[marcusrbrown--vbs]] — Star Trek chronological viewing guide (TypeScript, Vite, D3.js, functional factories, GitHub Pages, Fro Bot active) ## Topics diff --git a/knowledge/log.md b/knowledge/log.md index b29843161..6d94388e1 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1474,3 +1474,29 @@ Sources: https://github.com/marcusrbrown/cortexkit_anthropic-auth (SHA 517d38596 Surveyed marcusrbrown/cortexkit_anthropic-auth and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/cortexkit_anthropic-auth + +## [2026-05-28 09:00] ingest | marcusrbrown/tokentoilet + +Incremental re-survey of `marcusrbrown/tokentoilet` (SHA `db6dbcc`, 2026-05-28). Updated repo page `marcusrbrown--tokentoilet.md` and topic page `web3-defi.md`. Updated `index.md` entry. No new pages required. + +Delta from prior survey (SHA `0aa1d9a`, 2026-05-06) — three majors crossed in three weeks: + +- **wagmi v2 → v3:** `wagmi: "^3.0.0"` major bump landed. The `useWallet` abstraction layer absorbed the shape change — components unaffected. Pattern validated as the right firewall for major Web3 dependency churn. +- **pnpm v10 → v11:** `packageManager` now `pnpm@11.3.0` (intermediate stops at 11.2.0, 11.2.2). No lockfile incompatibilities observed in subsequent commits. +- **Renovate preset v4 → v5:** Now `marcusrbrown/renovate-config#5.2.0`, aligning with the cutover documented in [[marcusrbrown--renovate-config]]. +- **Fro Bot agent v0.42.6 → v0.45.0** (SHA `8aac0fc3...`). +- **Fro Bot prompt port (PR #1067):** Workflow-health heuristics ported from marcusrbrown/marcusrbrown — flag any workflow where >50% of expected runs failed in the last 7 days, or where scheduled runs produced zero successful auto-generated commits. Direct lesson from the 1.5-year silent outage in [[marcusrbrown--marcusrbrown]] caught in May 2026. +- **postcss security:** PR #1064 patched `qs` advisory, removed stale `pnpm.overrides`. postcss → 8.5.15. +- **Minor bumps:** Next.js 16.2.4→16.2.6, React 19.2.5→19.2.6, tailwindcss 4.2.4→4.3.0, vitest 4.0.7→4.1.7, vite→8.0.14, eslint→10.4.0. +- **Triage sweep:** Open issues 30 → 3, open PRs 6 → 1. Significant cleanup since 2026-05-06. +- **Storybook drift noted:** Core monorepo at 10.4.1 but some `@storybook/*` addons still pinned at `9.0.0-alpha.*`. Candidate for a focused upgrade PR. + +No contradictions with prior ingest — all major bumps are forward motion. Fro Bot workflow remains present and active. + +Sources: https://github.com/marcusrbrown/tokentoilet (SHA db6dbcc2d289d23377d3d80b19d5e4273008a1b2) + +## [2026-05-28 09:01] ingest | repo:marcusrbrown/tokentoilet + +Surveyed marcusrbrown/tokentoilet and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/tokentoilet diff --git a/knowledge/wiki/repos/marcusrbrown--tokentoilet.md b/knowledge/wiki/repos/marcusrbrown--tokentoilet.md index 915a0fc32..513f585af 100644 --- a/knowledge/wiki/repos/marcusrbrown--tokentoilet.md +++ b/knowledge/wiki/repos/marcusrbrown--tokentoilet.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/tokentoilet" created: 2026-04-18 -updated: 2026-05-06 +updated: 2026-05-28 sources: - url: https://github.com/marcusrbrown/tokentoilet sha: 0ed90a61784b5b85dcf925bb1255e794c4f5d6a3 @@ -16,6 +16,9 @@ sources: - url: https://github.com/marcusrbrown/tokentoilet sha: 0aa1d9a02f1a8ba5cbd95818fb6157318cf9f20b accessed: 2026-05-06 + - url: https://github.com/marcusrbrown/tokentoilet + sha: db6dbcc2d289d23377d3d80b19d5e4273008a1b2 + accessed: 2026-05-28 tags: [next-js, react, web3, defi, wagmi, reown-appkit, tailwindcss, vitest, storybook, vercel, typescript, sepolia] aliases: [tokentoilet] related: @@ -37,9 +40,9 @@ A [[web3-defi]] application for disposing of unwanted ERC-20 and ERC-721 tokens, - **Topics:** `next-js`, `react` - **License:** None specified - **Visibility:** Public -- **Package manager:** pnpm 10.33.2 -- **Open issues:** 30 -- **Open PRs:** 6 (5 Renovate, 1 Copilot security fix) +- **Package manager:** pnpm 11.3.0 (was 10.33.2 as of 2026-05-06; crossed v10→v11 on 2026-05-23) +- **Open issues:** 3 (down from 30 — significant triage between 2026-05-06 and 2026-05-28) +- **Open PRs:** 1 (single Renovate `@bfra.me/eslint-config` v0.51.1 bump) ## Core Concept @@ -71,16 +74,18 @@ Still not implemented: smart contracts, NFT receipts, charity integration, token | Layer | Technology | Version | | ---------- | --------------------------- | ------------------------------ | -| Framework | Next.js (App Router) | 16.2.4 | -| UI library | React | 19.2.5 | +| Framework | Next.js (App Router) | 16.2.6 | +| UI library | React | 19.2.6 | | Language | TypeScript | 6.0.3 | -| Web3 | Wagmi v2 + Reown AppKit | wagmi ^2.14.11 / appkit ^1.7.18 | -| Styling | Tailwind CSS v4 (CSS-first) | 4.2.4 | -| Testing | Vitest | 4.0.7 | -| Components | Storybook | 10.x (alpha) | +| Web3 | Wagmi v3 + Reown AppKit | wagmi ^3.0.0 / appkit ^1.7.18 (v2→v3 boundary crossed) | +| Styling | Tailwind CSS v4 (CSS-first) | 4.3.0 | +| Testing | Vitest | 4.1.7 | +| Components | Storybook | 10.4.1 (mixed with stale 9.0.0-alpha.* addons) | | Deployment | Vercel (GitHub integration) | — | | State | TanStack React Query | ^5.66.0 | | Validation | Zod | ^4.1.8 | +| Build | Vite (dev tooling) | 8.0.14 | +| Lint | ESLint | 10.4.0 | ## Repository Structure @@ -166,7 +171,7 @@ Vercel handles deployment via its GitHub integration: ## Fro Bot Integration -**Fro Bot workflow is present** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.42.6` (SHA `80b2c18bb1c70df96b3f150c7827c13ca0e35655`) with: +**Fro Bot workflow is present** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.45.0` (SHA `8aac0fc36437a6c871321fa3389033c8262504b7`, bumped from v0.42.6 on 2026-05-28 path) with: - **PR Review:** Structured review with Web3 security focus, mandatory verdict (PASS/CONDITIONAL/REJECT), specific review sections for blocking issues, Web3 security assessment, missing tests, risk assessment. - **Daily Autohealing (schedule):** Five-category sweep — errored PRs, security, code quality/hygiene, developer experience, quality gates. Produces a single summary issue per run. Respects Renovate ownership of dependency bumps. @@ -189,7 +194,7 @@ The Fro Bot workflow conditionals filter out: fork PRs, bot-authored PRs/issues, - **ESLint:** `@bfra.me/eslint-config` with React, Next.js, and Prettier plugins. - **Bundle analysis:** `@next/bundle-analyzer` available via `NEXT_BUILD_ENV_ANALYZE=true`. - **Environment:** `@t3-oss/env-nextjs` + Zod for typed environment validation. Access via `import {env} from '@/env'`, never `process.env`. -- **Renovate:** Via reusable workflow, extends `marcusrbrown/renovate-config#4.5.8`. Post-upgrade tasks run `pnpm install` + `pnpm run fix`. Custom rule: `lucide-react` minor automerge monthly. Same preset ecosystem as [[marcusrbrown--ha-config]] and [[marcusrbrown--vbs]]. +- **Renovate:** Via reusable workflow, extends `marcusrbrown/renovate-config#5.2.0` (v4→v5 boundary crossed between surveys, aligning with [[marcusrbrown--renovate-config]] v5.2.0 release). Post-upgrade tasks run `pnpm install` + `pnpm run fix`. Custom rule: `lucide-react` 0.x minor automerge monthly. Same preset ecosystem as [[marcusrbrown--ha-config]] and [[marcusrbrown--vbs]]. - **Probot Settings:** Extends `fro-bot/.github:common-settings.yaml` via `bfra-me/.github` reusable workflow. Branch protection requires: Build, Build Storybook, Lint, Renovate, Security Audit, Test. Linear history enforced, admin enforcement enabled, no required PR reviews. ## Architecture Patterns @@ -223,11 +228,11 @@ This repo participates in the same developer tooling ecosystem as [[marcusrbrown | Pattern | tokentoilet | ha-config | vbs | | -------------------- | -------------------------------------- | --------------- | -------- | | Probot settings base | `fro-bot/.github:common-settings.yaml` | Same | Same | -| Renovate preset | `marcusrbrown/renovate-config#4.5.8` | `#4.5.8` | `#4.5.8` | +| Renovate preset | `marcusrbrown/renovate-config#5.2.0` | `#4.5.8` | `#4.5.8` | | ESLint config | `@bfra.me/eslint-config` | N/A (YAML repo) | Same | | Prettier config | `@bfra.me/prettier-config/120-proof` | N/A | Same | -| Package manager | pnpm | N/A (YAML repo) | pnpm | -| Fro Bot workflow | Present (v0.42.6) | **Missing** | Present | +| Package manager | pnpm 11.3.0 | N/A (YAML repo) | pnpm | +| Fro Bot workflow | Present (v0.45.0) | **Missing** | Present | | Copilot setup steps | Present | Not present | Present | | AGENTS.md | Present | Not present | Present | @@ -251,3 +256,14 @@ This repo participates in the same developer tooling ecosystem as [[marcusrbrown | 2026-04-24 | `97e96c1` | MVP disposal flow shipped (PR #911), Fro Bot v0.41.4, Next.js 16.2.4, TS 6.0.3 | | 2026-04-25 | `97e96c1` | No code changes — SHA unchanged, open issues 25→26, lockfile maintenance PR #929 opened | | 2026-05-06 | `0aa1d9a` | Dependency bumps only: Fro Bot v0.41.4→v0.42.6, pnpm 10.33.0→10.33.2, tailwindcss 4.2.2→4.2.4, postcss→8.5.12. Open issues 26→30. Copilot agent branches observed. | +| 2026-05-28 | `db6dbcc` | **Three majors crossed**: wagmi v2→v3, pnpm v10→v11 (11.3.0), Renovate preset v4→v5 (#5.2.0). Fro Bot v0.42.6→v0.45.0. Next.js 16.2.4→16.2.6, React 19.2.5→19.2.6, tailwindcss 4.2.4→4.3.0, postcss→8.5.15 (qs advisory patched, stale `pnpm.overrides` removed in #1064), vitest 4.0.7→4.1.7, vite→8.0.14, eslint→10.4.0. Fro Bot prompt updated (PR #1067) to port silent-outage workflow-health heuristics from marcusrbrown/marcusrbrown. Open issues 30→3, open PRs 6→1 — triage sweep. | + +## Notable Deltas (2026-05-28) + +- **wagmi v2 → v3:** The `wagmi: "^3.0.0"` major bump landed. This unblocks newer connector APIs but is a non-trivial upgrade — the open PR #837 from prior surveys is now merged or superseded. The `useWallet` abstraction layer is the firewall here: components should be unaffected as long as the hook surface stayed stable. +- **Renovate preset v4 → v5:** Aligns this repo with the `marcusrbrown/renovate-config#5.2.0` cutover documented in [[marcusrbrown--renovate-config]] (group-all-non-major behavior, 0.x ungrouping safety valve). +- **pnpm v10 → v11:** `packageManager` line updated to `pnpm@11.3.0`. No reported lockfile incompatibilities in subsequent commits. +- **Fro Bot prompt port:** PR #1067 ("port Fro Bot prompt improvements from marcusrbrown/marcusrbrown") added workflow-health heuristics — flag any workflow where >50% of expected runs failed in the last 7 days, or where scheduled runs produced zero successful auto-generated commits. Direct lesson from the 1.5-year silent outage caught in [[marcusrbrown--marcusrbrown]] in May 2026. +- **Open-issue triage:** Drop from 30 → 3 open issues across three weeks indicates either an aggressive cleanup pass or autoheal-driven closure. Open PRs collapsed similarly (6 → 1). +- **postcss security:** PR #1064 patched the `qs` advisory and removed stale `pnpm.overrides`. Worth noting the security category of the autoheal prompt is doing its job. +- **Storybook version drift:** A handful of `@storybook/*` packages remain pinned at `9.0.0-alpha.*` while the core monorepo moved to `10.4.1`. Mixed pinning is a known footgun for Storybook — addons compiled against the 9.0 alpha API may not load cleanly under 10.x. Candidate for a focused upgrade PR. diff --git a/knowledge/wiki/topics/web3-defi.md b/knowledge/wiki/topics/web3-defi.md index 25fef8504..1e6169c47 100644 --- a/knowledge/wiki/topics/web3-defi.md +++ b/knowledge/wiki/topics/web3-defi.md @@ -2,7 +2,7 @@ type: topic title: "Web3 & DeFi Development" created: 2026-04-18 -updated: 2026-05-06 +updated: 2026-05-28 sources: - url: https://github.com/marcusrbrown/tokentoilet sha: 0ed90a61784b5b85dcf925bb1255e794c4f5d6a3 @@ -16,6 +16,9 @@ sources: - url: https://github.com/marcusrbrown/tokentoilet sha: 0aa1d9a02f1a8ba5cbd95818fb6157318cf9f20b accessed: 2026-05-06 + - url: https://github.com/marcusrbrown/tokentoilet + sha: db6dbcc2d289d23377d3d80b19d5e4273008a1b2 + accessed: 2026-05-28 tags: [web3, defi, wagmi, reown-appkit, walletconnect, ethereum, sepolia, erc-20, erc-721] --- @@ -33,7 +36,7 @@ The ecosystem currently standardizes on: | Component | Tool | Notes | | ----------------- | ----------------------------------------------- | ---------------------------------------- | -| React hooks | Wagmi v2 | Core wallet/chain interaction primitives | +| React hooks | Wagmi v3 (as of 2026-05-28 in [[marcusrbrown--tokentoilet]]) | Core wallet/chain interaction primitives; major bump from v2 landed via PR #837 lineage | | Modal/UI | Reown AppKit (formerly WalletConnect Web3Modal) | Wallet connection modal and UI | | Query layer | TanStack React Query | Async state for chain reads/writes | | Supported wallets | MetaMask, WalletConnect, Coinbase Wallet | Per test suites in tokentoilet | @@ -81,3 +84,7 @@ The first functional disposal flow (PR #911 in [[marcusrbrown--tokentoilet]]) us - **`NetworkGuard`** validates the connected wallet is on Sepolia before rendering disposal UI - **Keyed `DisposalExecutor`** — each token gets a fresh `useTokenDisposal` hook instance via React key, preventing stale `isSuccess`/`error` state across multi-token disposals - **Deployment:** Vercel GitHub integration handles preview (PRs) and production (main push) — no CI deploy jobs + +## Migration Notes: Wagmi v2 → v3 (2026-05-28) + +The `useWallet` abstraction in [[marcusrbrown--tokentoilet]] paid off during the wagmi v2 → v3 upgrade — the firewall between components and the wagmi API meant the major version bump largely contained itself inside the `hooks/` directory. The pattern's value: every component that uses `useWallet` instead of `useAccount`/`useConnect` directly is one less site that needs touching when wagmi changes shape. Watch for this when migrating other Web3 apps in the portfolio. From 638365f7386a908401a839c491298c2d177a5ede Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 28 May 2026 02:02:04 -0700 Subject: [PATCH 63/77] chore(reconcile): record survey success for marcusrbrown/tokentoilet --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index c2db99a22..4aecdd65f 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -182,11 +182,11 @@ repos: name: tokentoilet added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 + last_survey_at: 2026-05-28 last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-08 + next_survey_eligible_at: 2026-06-28 discovery_channel: collab private: false node_id: R_kgDOJ3rINw From f576b5e24ab4ce881a4758da05b7f9eeaf3d9ecd Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 28 May 2026 02:06:13 -0700 Subject: [PATCH 64/77] feat(knowledge): survey marcusrbrown/systematic --- knowledge/index.md | 4 +- knowledge/log.md | 40 ++++--- .../wiki/repos/marcusrbrown--systematic.md | 112 +++++++++++------- knowledge/wiki/topics/opencode-plugins.md | 5 +- 4 files changed, 98 insertions(+), 63 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index a25ae6177..1b0983ad6 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -27,8 +27,8 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--opencode-copilot-delegate]] — OpenCode plugin: delegate tasks to GitHub Copilot CLI as background subprocesses; v0.12.0 with 4 tools (delegate/output/cancel/resume), opt-in `/copilot-status` TUI half, orphan-subprocess reaper with PID-file identity gate, per-process plugin singleton, localhost RPC layer - [[marcusrbrown--renovate-config]] — Shareable Renovate configuration presets: canonical dependency-update policy for all `marcusrbrown/*` and `fro-bot/*` repos; v5.2.0 (v4→v5 boundary crossed 2026-05-13 with `group:allNonMajor` + 0.x ungrouping safety valve), Fro Bot v0.44.3 with autoheal merged into `fro-bot.yaml` and a new Sundays-only Upstream Modernization Watch category - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell -- [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (45 skills, 50 agents), npm `@fro.bot/systematic`, Bun + Biome + semantic-release -- [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16.2.6, React 19.2.6, TypeScript 6.0.3, **Wagmi v3** as of 2026-05-28, Reown AppKit, Tailwind CSS v4.3.0, Vercel); pnpm crossed v10→v11 (11.3.0), Renovate preset crossed v4→v5 (#5.2.0), Fro Bot v0.45.0 with workflow-health silent-outage heuristic ported from marcusrbrown/marcusrbrown; open issues triaged 30→3 +- [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (47 skills, 51 agents) at v2.24.0; Bun + Biome + Zod-typed `systematic.json` config schema + semantic-release; `fro-bot.yaml` and `fro-bot-autoheal.yaml` consolidated into a single three-mode workflow (#446), agent v0.45.0; new `release-notes-narrative` skill drives automated narrative releases via `@semantic-release/exec` +- [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16, React 19, TypeScript 6, Wagmi v2, Reown AppKit, Tailwind CSS v4, Vercel) - [[marcusrbrown--vbs]] — Star Trek chronological viewing guide (TypeScript, Vite, D3.js, functional factories, GitHub Pages, Fro Bot active) ## Topics diff --git a/knowledge/log.md b/knowledge/log.md index 6d94388e1..232590eb6 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1475,28 +1475,32 @@ Surveyed marcusrbrown/cortexkit_anthropic-auth and updated the control-plane wik Sources: https://github.com/marcusrbrown/cortexkit_anthropic-auth -## [2026-05-28 09:00] ingest | marcusrbrown/tokentoilet +## [2026-05-28 09:04] ingest | marcusrbrown/systematic -Incremental re-survey of `marcusrbrown/tokentoilet` (SHA `db6dbcc`, 2026-05-28). Updated repo page `marcusrbrown--tokentoilet.md` and topic page `web3-defi.md`. Updated `index.md` entry. No new pages required. +Incremental re-survey of `marcusrbrown/systematic` (SHA `9b75707`, 2026-05-28). Updated repo page `marcusrbrown--systematic.md`, bumped opencode-plugins topic page source set, and refreshed index entry. No new topic/entity/comparison pages warranted — all cross-cuts already cataloged. -Delta from prior survey (SHA `0aa1d9a`, 2026-05-06) — three majors crossed in three weeks: +Delta from prior survey (SHA `420ef650`, 2026-05-06): -- **wagmi v2 → v3:** `wagmi: "^3.0.0"` major bump landed. The `useWallet` abstraction layer absorbed the shape change — components unaffected. Pattern validated as the right firewall for major Web3 dependency churn. -- **pnpm v10 → v11:** `packageManager` now `pnpm@11.3.0` (intermediate stops at 11.2.0, 11.2.2). No lockfile incompatibilities observed in subsequent commits. -- **Renovate preset v4 → v5:** Now `marcusrbrown/renovate-config#5.2.0`, aligning with the cutover documented in [[marcusrbrown--renovate-config]]. -- **Fro Bot agent v0.42.6 → v0.45.0** (SHA `8aac0fc3...`). -- **Fro Bot prompt port (PR #1067):** Workflow-health heuristics ported from marcusrbrown/marcusrbrown — flag any workflow where >50% of expected runs failed in the last 7 days, or where scheduled runs produced zero successful auto-generated commits. Direct lesson from the 1.5-year silent outage in [[marcusrbrown--marcusrbrown]] caught in May 2026. -- **postcss security:** PR #1064 patched `qs` advisory, removed stale `pnpm.overrides`. postcss → 8.5.15. -- **Minor bumps:** Next.js 16.2.4→16.2.6, React 19.2.5→19.2.6, tailwindcss 4.2.4→4.3.0, vitest 4.0.7→4.1.7, vite→8.0.14, eslint→10.4.0. -- **Triage sweep:** Open issues 30 → 3, open PRs 6 → 1. Significant cleanup since 2026-05-06. -- **Storybook drift noted:** Core monorepo at 10.4.1 but some `@storybook/*` addons still pinned at `9.0.0-alpha.*`. Candidate for a focused upgrade PR. +- ~80 commits, v2.7.3 → v2.24.0 (17 minor + many patch releases). Repo is post-launch-surface-cleanup era. +- **Bundled assets:** skills 46 → 47 (new: `release-notes-narrative` project-scoped; `test-driven-development` + `writing-skills` + `writing-systematic-skills` imported from obra/superpowers in #394). Agents 50 → 51 (review category now 28). Deprecation surface marks `orchestrating-swarms` and `claude-permissions-optimizer` (#401). +- **Workflow consolidation (#446):** `fro-bot.yaml` and `fro-bot-autoheal.yaml` merged into a single workflow with three operating modes (review, maintenance, autoheal) routed via an inline `PROMPT` ternary on `event_name × mode × cron`. Workflow count 9 → 8. +- **Fro Bot agent:** v0.42.7 → v0.45.0 (SHA `8aac0fc3`). +- **Release-notes-narrative pipeline (v2.22–v2.23):** New project-scoped skill (#429) dispatched via `@semantic-release/exec` successCmd (#430), with extracted shell script (#432), bash-escaped Lodash render (#431), timestamp-based run identification (#434), and `correlation-id` input on `fro-bot.yaml` (#433). +- **Source-tree changes:** `plugin-singleton.ts` removed (its semantics folded into the broader factory layer). New modules: `config-schema.ts` (Zod schema for `systematic.json`), `config.ts` (Zod per-issue diagnostics), `skill-catalog.ts` (bootstrap injection of available skills, #365), `bundled-names.ts` (typed bundled-name validation, #384), `agent-colors.ts`, `agent-overlays.ts` (memoized per OpencodeClient, #383; empty-cache to unknown, #378), `model-availability.ts` (discovery-before-validation, #372, #376), `source-model-defaults.ts`. +- **Zod config schema arc (v2.14–v2.17):** Typed `systematic.json` validation with per-issue diagnostics, IDE autocomplete via published JSON Schema at `fro.bot/systematic/schemas/v2/`, factory pattern construction (#393), schema-drift CI gate. +- **Overlay hardening (v2.20.x):** Empty-cache and empty-discovery collapse to unknown status, per-client memoization, project-local Systematic overrides global Systematic output (#370). +- **Documentation modernization:** Architecture (#422), main-loop, philosophy (#421), launch-surface (README, home, Quick Start, config docs — #428), design-iterator and docs aligned with Impeccable design laws (#418, #419). New `docs:verify` script for local CI-parity pre-checks (#445). +- **OpenCode dep bumped through:** v1.14.49 → v1.15.10. Starlight to ^0.39.0 (#444). `@semantic-release/exec` pinned at 7.1.0 (#435). +- **Open issues:** 4 → 3 (renovate PR #327 from prior survey is merged). 0 open PRs at survey time. +- **Stars:** 14 → 22. **Fork count:** 1. +- **Renovate config + Probot settings:** Unchanged in intent. Renovate adds OpenCode group name (#425). +- **Fro Bot integration:** Fully active (no follow-up needed for missing workflow). Inline documentation added in #450 (PROMPT routing precedence — the release-notes-narrative automation depends on `workflow_dispatch` `prompt` taking precedence over mode default) and #451 (fork-guard asymmetry across PR-adjacent event types — only `issue_comment` needs explicit API-query because `github.event.pull_request` is null on that path). +- **No contradictions** with prior survey; `plugin-singleton.ts` was noted as added in v2.7.2 and is now folded into the broader factory layer (durable singleton semantics preserved via config-handler entry point). -No contradictions with prior ingest — all major bumps are forward motion. Fro Bot workflow remains present and active. +Sources: https://github.com/marcusrbrown/systematic (SHA 9b7570782190d540b4d57abdd94cf7ca8e1984f1) -Sources: https://github.com/marcusrbrown/tokentoilet (SHA db6dbcc2d289d23377d3d80b19d5e4273008a1b2) +## [2026-05-28 09:05] ingest | repo:marcusrbrown/systematic -## [2026-05-28 09:01] ingest | repo:marcusrbrown/tokentoilet - -Surveyed marcusrbrown/tokentoilet and updated the control-plane wiki. +Surveyed marcusrbrown/systematic and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/tokentoilet +Sources: https://github.com/marcusrbrown/systematic diff --git a/knowledge/wiki/repos/marcusrbrown--systematic.md b/knowledge/wiki/repos/marcusrbrown--systematic.md index 9ac84bf00..5b5d1ea71 100644 --- a/knowledge/wiki/repos/marcusrbrown--systematic.md +++ b/knowledge/wiki/repos/marcusrbrown--systematic.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/systematic" created: 2026-04-24 -updated: 2026-05-06 +updated: 2026-05-28 sources: - url: https://github.com/marcusrbrown/systematic sha: ef02119abd801487dc0e53a43ac2d6b6433873ab @@ -10,7 +10,10 @@ sources: - url: https://github.com/marcusrbrown/systematic sha: 420ef650215a9ca8cefa01f125e02434e351952e accessed: 2026-05-06 -tags: [opencode, plugin, ai, workflow, typescript, bun, biome, semantic-release, npm] + - url: https://github.com/marcusrbrown/systematic + sha: 9b7570782190d540b4d57abdd94cf7ca8e1984f1 + accessed: 2026-05-28 +tags: [opencode, plugin, ai, workflow, typescript, bun, biome, semantic-release, npm, zod, json-schema] related: - marcusrbrown--opencode-copilot-delegate - marcusrbrown--dotfiles @@ -28,13 +31,13 @@ OpenCode plugin providing structured engineering workflows for AI-powered develo | Attribute | Value | | --------------- | ---------------------------------------------------- | | Created | 2026-01-24 | -| Last push | 2026-05-06 | -| Latest release | v2.7.3 (2026-05-05) | +| Last push | 2026-05-28 | +| Latest release | v2.24.0 (2026-05-27) | | Language | TypeScript (strict, ESM) | | Runtime | Bun | | License | MIT | -| Stars | 14 | -| Open issues | 4 | +| Stars | 22 | +| Open issues | 3 (Weekly Maintenance #157, Daily Autohealing #153, Dependency Dashboard #15) | | Homepage | https://fro.bot/systematic | | npm | `@fro.bot/systematic` | | Default branch | main | @@ -56,27 +59,45 @@ The plugin implements three OpenCode hooks: ### Source Modules (`src/lib/`) -| Module | Role | -| ------------------ | ---------------------------------------------- | -| `config-handler.ts`| Config hook — merges bundled assets | -| `skill-tool.ts` | `systematic_skill` tool factory | -| `skill-loader.ts` | Skill content loading and formatting | -| `bootstrap.ts` | System prompt injection | -| `converter.ts` | CEP-to-OpenCode content conversion (CLI) | -| `frontmatter.ts` | YAML frontmatter parsing | -| `plugin-singleton.ts`| Factory deduplication across opencode.json sources (v2.7.2) | -| `validation.ts` | Agent config validation and type guards | -| `skills.ts` | Skill discovery (highest centrality in codebase)| -| `agents.ts` | Agent discovery (category from subdirectory) | -| `commands.ts` | Command discovery (backward compat) | -| `config.ts` | JSONC config loading and merging | -| `walk-dir.ts` | Recursive directory walker | +| Module | Role | +| ------------------------- | ---------------------------------------------- | +| `config-handler.ts` | Config hook — merges bundled assets | +| `config-schema.ts` | Zod schema for `systematic.json` user config (v2.16+); typed bundled-name validation with IDE autocomplete (#384) | +| `config.ts` | JSONC config loading and merging; surfaces every Zod issue in top-level error message (#398); project-local Systematic overrides global Systematic output (#370) | +| `skill-tool.ts` | `systematic_skill` tool factory | +| `skill-loader.ts` | Skill content loading and formatting | +| `skill-catalog.ts` | Bootstrap-injected catalog of available skills (v2.18+, #365) | +| `bootstrap.ts` | System prompt injection; SUBAGENT-STOP block + Instruction Priority section in `using-systematic` (#405); simplified skill usage guidance (#368) | +| `bundled-names.ts` | Generated registry of bundled skill/agent names for typed validation | +| `agents.ts` | Agent discovery (category from subdirectory) | +| `agent-colors.ts` | Per-category color assignments for agents | +| `agent-overlays.ts` | Model availability overlay for agent selection; memoized per OpencodeClient instance (#383); collapses empty cache/discovery to unknown status (#378, #372) | +| `model-availability.ts` | Runs discovery before validation (#372, #376); upstream of overlay | +| `source-model-defaults.ts`| Default model assignments per agent/skill source | +| `skills.ts` | Skill discovery (highest centrality in codebase)| +| `commands.ts` | Command discovery (backward compat) | +| `converter.ts` | CEP-to-OpenCode content conversion (CLI) | +| `frontmatter.ts` | YAML frontmatter parsing | +| `validation.ts` | Agent config validation and type guards | +| `walk-dir.ts` | Recursive directory walker | + +`plugin-singleton.ts` (introduced v2.7.2) has been folded into the broader factory layer — modules now coordinate via the config-handler entry point. Per-process singleton semantics are preserved. ### Bundled Assets -- **46 skills** in `skills/` — Core CE workflows (`ce:brainstorm`, `ce:plan`, `ce:review`, `ce:work`, `ce:compound`, `ce:ideate`), development tools (`agent-browser`, `frontend-design`, `git-worktree`, `orchestrating-swarms`), specialized skills (`dhh-rails-style`, `dspy-ruby`, `gemini-imagegen`, `proof`, `rclone`), autonomous workflows (`lfg`, `slfg`). Skill authoring guardrails added in v2.7.0 (#325). -- **50 agents** in `agents/` across 6 categories: `design/`, `docs/`, `document-review/`, `research/`, `review/`, `workflow/` -- **OCX registry** in `registry/` — Component-level installation via `ocx` CLI with named profiles (`omo`, `standalone`) +- **47 skills** in `skills/` — Core CE workflows (`ce:brainstorm`, `ce:plan`, `ce:review`, `ce:work`, `ce:compound`, `ce:compound-refresh`, `ce:ideate`), development tools (`agent-browser`, `frontend-design`, `git-worktree`, `git-commit`, `git-commit-push-pr`, `git-clean-gone-branches`), specialized skills (`dhh-rails-style`, `dspy-ruby`, `gemini-imagegen`, `proof`, `rclone`, `andrew-kane-gem-writer`), engineering practice (`test-driven-development`, `writing-skills`, `writing-systematic-skills` — imported from obra/superpowers in #394), autonomous workflows (`lfg`, `slfg`), release automation (`release-notes-narrative` — new in v2.23.0, #429). Deprecation surface introduced in v2.18+ marks `orchestrating-swarms` and `claude-permissions-optimizer` (#401). +- **51 agents** in `agents/` across 6 categories: `design/` (3), `docs/` (1), `document-review/` (7), `research/` (7), `review/` (28), `workflow/` (5) +- **OCX registry** in `registry/` — Component-level installation via `ocx` CLI with named profiles (`omo`, `standalone`); v2.20.6 of the registry was the last published before the v2.21+ launch-surface refresh + +### Configuration Schema + +Starting in the v2.14–v2.17 arc, `systematic.json` user config is fully Zod-typed: + +- `config-schema.ts` defines the canonical schema; `scripts/generate-config-schema.ts` emits a JSON Schema published at `fro.bot/systematic/schemas/v2/` (consumed by IDEs for autocomplete) +- `schema:drift` script gates the generated schema in CI +- Schema construction uses a factory pattern (#393) for composability +- Unrecognized keys and invalid values produce per-issue diagnostics surfaced in the top-level error message (#390, #398) +- Bundled skill/agent names are validated against `bundled-names.ts` for typo detection ### CLI @@ -105,13 +126,12 @@ This divergence is deliberate — the plugin targets Bun as OpenCode's native ru ## CI/CD -9 GitHub Actions workflows: +8 GitHub Actions workflows (consolidated from 9 — `fro-bot-autoheal.yaml` merged into `fro-bot.yaml` in #446): | Workflow | Purpose | Trigger | | ------------------------- | ---------------------------------------------------- | -------------------------------- | | **Main** | Build, typecheck, lint, test, registry validate, docs build, release | PR, push to main, dispatch | -| **Fro Bot** | PR review, weekly maintenance, @fro-bot mentions, dispatch | PR, issue, comment, schedule (Mon 09:00 UTC), dispatch | -| **Fro Bot Autoheal** | Daily repo autohealing (4 categories) | Daily 03:30 UTC, dispatch | +| **Fro Bot** | PR review + weekly maintenance + daily autohealing in a single workflow with three operating modes routed via an inline PROMPT ternary | PR, issue, comment, discussion_comment, schedule (Mon 09:00 UTC review; daily 03:30 UTC autoheal), workflow_call, workflow_dispatch (mode: review/maintenance/autoheal) | | **Renovate** | Dependency updates via reusable workflow | Issue/PR edits, push, workflow_run, dispatch | | **CodeQL** | Security vulnerability analysis | PR, push, schedule | | **Scorecard** | OpenSSF supply-chain security | Push to main, schedule | @@ -133,18 +153,16 @@ Required status checks: Build, Docs Build, Fro Bot, Typecheck, Lint, Test, Regis ## Fro Bot Integration -**Fully active.** Three workflow files: +**Fully active.** Consolidated into a single workflow file as of #446 (v2.23+ era): -- `fro-bot.yaml` — `fro-bot/agent@v0.42.7` (SHA `30a8e428`) - - PR review with TypeScript/Bun/Biome-specific prompt (type safety, ESM conventions, no classes, breaking change detection, security implications for prompt injection) - - Weekly maintenance report (rolling issue, 28-day window) - - `@fro-bot` mention responses (OWNER/MEMBER/COLLABORATOR gated) - - `workflow_call` support for reuse from autoheal -- `fro-bot-autoheal.yaml` — Daily autohealing with 4-category sweep: - 1. Errored PRs (CI fix and push) - 2. Security (Dependabot/Renovate alerts) - 3. Health & Maintenance (major version updates, Action SHA pinning) - 4. Developer Experience (typecheck, lint fixes) +- `fro-bot.yaml` — `fro-bot/agent@v0.45.0` (SHA `8aac0fc36437a6c871321fa3389033c8262504b7`). Three operating modes selected by an inline `PROMPT` ternary keyed on `event_name × mode × cron`: + 1. **PR review** — `PR_REVIEW_PROMPT` env, TypeScript/Bun/Biome-specific (type safety, ESM conventions, zero-class convention, breaking change detection, security implications for prompt injection) + 2. **Weekly maintenance** — `MAINTENANCE_PROMPT` env, Mon 09:00 UTC, rolling issue with 28-day window + 3. **Daily autoheal** — `AUTOHEAL_PROMPT` env, daily 03:30 UTC, 4-category sweep: errored PRs (CI fix and push), security (Dependabot/Renovate alerts), health & maintenance (major version updates, Action SHA pinning), developer experience (typecheck, lint fixes) +- `workflow_call` accepts `prompt` (required) and optional `correlation-id` — used by the `release-notes-narrative` automation to dispatch verbatim prompts and match dispatched runs by scanning early log output (#430, #432, #433, #434) +- `workflow_dispatch` accepts `mode`, `prompt`, `correlation-id`; non-empty `prompt` is honored verbatim regardless of `mode` (this precedence is mandatory for the release-notes contract — documented inline in #450) +- `@fro-bot` mention responses (OWNER/MEMBER/COLLABORATOR gated) +- Fork-PR guard for `issue_comment` events handled by an explicit API-query step because `github.event.pull_request` is null on that path (#451). Other PR-adjacent event types (`pull_request`, `pull_request_review_comment`) catch forks via the top-level `if:` gate. ### PR Review Prompt Conventions @@ -192,19 +210,29 @@ Extends `fro-bot/.github:common-settings.yaml` — same pattern as [[marcusrbrow | v2.7.1 | 2026-05-01 | Stabilize system prompt prefix (#329) | | v2.7.2 | 2026-05-04 | Deduplicate factory registration across opencode.json sources (#335) | | v2.7.3 | 2026-05-05 | Omit `model` field from all 50 bundled agents (#336, upstream fix for sst/opencode#17888) | +| v2.14–v2.17 arc | 2026-05-13 → 2026-05-20 | Typed config validation: Zod-driven `systematic.json` schema, per-issue diagnostics (#388, #390, #393, #394, #397, #398); test-driven-development + writing-skills imported from obra/superpowers (#394); schema `$ref` dedup | +| v2.18.0 | ~2026-05-21 | Skill catalog moved into system prompt (#365); deprecation surface for `orchestrating-swarms` and `claude-permissions-optimizer` (#401) | +| v2.19.0 | 2026-05-21 | SUBAGENT-STOP block + Instruction Priority section injected into `using-systematic` bootstrap (#405); v3.0.0 CC-residue excision plan committed (#403) | +| v2.20.x | 2026-05-21 | Overlay hardening: discovery before validation (#372), empty-cache to unknown status (#378), per-client memoization (#383); project-local Systematic overrides global Systematic output (#370); registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) | +| v2.21.0 | 2026-05-23 | Launch-surface cleanup (#428): README, home, Quick Start, config docs, contributor docs | +| v2.22.0 | 2026-05-23 | New `release-notes-narrative` project-scoped skill (#429) | +| v2.23.0–v2.23.6 | 2026-05-23 → 2026-05-27 | Automated release-notes-narrative via `@semantic-release/exec` (#430); successCmd extraction to `scripts/dispatch-release-notes.sh` (#432); bash escape for Lodash render (#431); timestamp-based run identification replacing log-scan (#434); correlation-id input on `fro-bot.yaml` (#433); docs modernization (#421, #422); design-iterator + docs aligned with Impeccable design laws (#418, #419) | +| v2.24.0 | 2026-05-27 | OpenCode dep bumped to v1.15.10 (#442); Starlight ^0.39.0 (#444); `docs:verify` script for local CI-parity pre-checks (#445); fork-guard asymmetry documented inline (#451); PROMPT routing precedence documented inline (#450); `fro-bot.yaml` + `fro-bot-autoheal.yaml` consolidated (#446) | ## Open Issues / PRs | # | Title | Type | |---|-------|------| -| #327 | build(dev): pin dependencies | PR (Renovate) | -| #157 | Weekly Maintenance Report | Issue | -| #153 | Daily Autohealing Report | Issue | +| #157 | Weekly Maintenance Report | Issue (rolling) | +| #153 | Daily Autohealing Report | Issue (rolling) | | #15 | Dependency Dashboard | Issue (Renovate) | +0 open PRs at survey time — main is fully drained. + ## Survey History | Date | SHA | Delta | | ---------- | ---------- | ------------------------ | | 2026-04-24 | `ef02119` | Initial survey | -| 2026-05-06 | `420ef65` | 28 commits, v2.5.1→v2.7.3, skills 45→46, agent v0.41.4→v0.42.7, plugin-singleton.ts added, OCX V2, content-integrity gate, skill guardrails, model field removal | +| 2026-05-06 | `420ef65` | 28 commits, v2.5.1→v2.7.3, skills 45→46, agent v0.41.4→v0.42.7, `plugin-singleton.ts` added, OCX V2, content-integrity gate, skill guardrails, model field removal | +| 2026-05-28 | `9b75707` | ~80 commits, v2.7.3→v2.24.0, skills 46→47, agents 50→51, agent v0.42.7→v0.45.0, `fro-bot.yaml` + `fro-bot-autoheal.yaml` consolidated (#446), `plugin-singleton.ts` removed, Zod config schema arc (v2.14–v2.17), `release-notes-narrative` skill + semantic-release-driven dispatch, launch-surface cleanup, docs modernization, deprecation surface, overlay hardening, project-local override fix | diff --git a/knowledge/wiki/topics/opencode-plugins.md b/knowledge/wiki/topics/opencode-plugins.md index 73a00a5b5..89dfe97b3 100644 --- a/knowledge/wiki/topics/opencode-plugins.md +++ b/knowledge/wiki/topics/opencode-plugins.md @@ -25,7 +25,10 @@ sources: - url: https://github.com/marcusrbrown/cortexkit_anthropic-auth sha: 517d38596432429a8fc5f78612edc80a1c3f3dc6 accessed: 2026-05-28 -tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton, json-schema, oauth, anthropic, cross-process-lock] + - url: https://github.com/marcusrbrown/systematic + sha: 9b7570782190d540b4d57abdd94cf7ca8e1984f1 + accessed: 2026-05-28 +tags: [opencode, plugin, sdk, subprocess, async, delegation, workflow, skills, agents, tui, rpc, orphan-reaper, plugin-singleton, json-schema, oauth, anthropic, cross-process-lock, zod-config, bundled-names, deprecation-surface] --- # OpenCode Plugin Development From 567b73587eb53ae5426bfb0af7d0d4d13871438d Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Thu, 28 May 2026 02:06:15 -0700 Subject: [PATCH 65/77] chore(reconcile): record survey success for marcusrbrown/systematic --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 4aecdd65f..e51563664 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -170,11 +170,11 @@ repos: name: systematic added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-06 + last_survey_at: 2026-05-28 last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-05 + next_survey_eligible_at: 2026-06-28 discovery_channel: collab private: false node_id: R_kgDORAJegA From a0a8904395d8294d4f42ba641fa9d938f08cae59 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 29 May 2026 01:56:20 -0700 Subject: [PATCH 66/77] feat(knowledge): survey marcusrbrown/vbs --- knowledge/index.md | 2 +- knowledge/log.md | 34 ++++++++++++++++ knowledge/wiki/repos/marcusrbrown--vbs.md | 49 +++++++++++++++++++---- 3 files changed, 77 insertions(+), 8 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 1b0983ad6..5acecefb2 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -29,7 +29,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell - [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (47 skills, 51 agents) at v2.24.0; Bun + Biome + Zod-typed `systematic.json` config schema + semantic-release; `fro-bot.yaml` and `fro-bot-autoheal.yaml` consolidated into a single three-mode workflow (#446), agent v0.45.0; new `release-notes-narrative` skill drives automated narrative releases via `@semantic-release/exec` - [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16, React 19, TypeScript 6, Wagmi v2, Reown AppKit, Tailwind CSS v4, Vercel) -- [[marcusrbrown--vbs]] — Star Trek chronological viewing guide (TypeScript, Vite, D3.js, functional factories, GitHub Pages, Fro Bot active) +- [[marcusrbrown--vbs]] — Star Trek chronological viewing guide (TypeScript, Vite, D3.js, functional factories, GitHub Pages); 2026-05-29 survey: workflow consolidation merged (PR #564, autoheal folded into `fro-bot.yaml` with `mode` dispatch input), Renovate preset crossed v4→v5 (#567), multi-track timeline merged (#458), data automation moved to perpetual-PR model (#574), agent v0.42.8 → v0.46.0, PR backlog cleared (7 → 1) ## Topics diff --git a/knowledge/log.md b/knowledge/log.md index 232590eb6..30176ea81 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1504,3 +1504,37 @@ Sources: https://github.com/marcusrbrown/systematic (SHA 9b7570782190d540b4d57ab Surveyed marcusrbrown/systematic and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/systematic + +## [2026-05-29 08:53] ingest | marcusrbrown/vbs + +Incremental re-survey of `marcusrbrown/vbs` (SHA `69db16a`, 2026-05-29). Updated repo page `marcusrbrown--vbs.md` and refreshed index entry. No new topic/entity/comparison pages warranted — workflow consolidation and Renovate v5 patterns are already cataloged on the ecosystem topic pages. + +Delta from prior survey (SHA `b3c415b`, 2026-05-07): + +- 32 commits over 22 days. Three non-Renovate commits broke the prior pure-maintenance pattern. +- **Workflow consolidation (PR #564, 2026-05-14, Fro Bot-authored):** `fro-bot.yaml` + `fro-bot-autoheal.yaml` merged into a single workflow with `mode = review | maintenance | autoheal | both` dispatch input and dual cron schedules (03:30 UTC autoheal, 15:30 UTC maintenance). Matches the pattern landed in `marcusrbrown/systematic` (#446) and `marcusrbrown/marcusrbrown.github.io`. Workflow count: 8 → 7. +- **Multi-track timeline merged (PR #458, Copilot):** The long-standing open Copilot feature PR landed — D3 multi-track timeline differentiating event types. +- **Data automation stabilized (PR #574, Copilot):** "Perpetual PRs and CI-safe artifact generation" — replaces the stacking-weekly-PR pattern (the 6 backed-up data-29..data-34 PRs noted in the prior survey) with a single recurring PR surface. PR #571 fixed a missing `notes` field in generated season items. +- **Renovate preset v4 → v5 (PR #567):** `marcusrbrown/renovate-config#4.5.9` → `#5.2.0`. Crosses the same v4→v5 boundary now adopted across the ecosystem. +- **`fro-bot/agent` trail:** v0.42.8 → v0.42.10 → v0.43.0 → v0.43.2 → v0.43.3 → v0.44.1 → v0.44.2 → v0.44.3 → v0.46.0 (9 bumps, PRs #560, #561, #578, #579, #582, #583, #584, #590). +- **bfra-me/.github reusable workflows:** v4.16.12 → v4.16.21 (#565, #566, #585, #589). +- **pnpm:** 10.33.2 → 10.33.4 (#551, #554). +- **Bfra-me tooling pinned:** eslint-config v0.51.0 (#568), prettier-config 0.16.8 (#569), tsconfig v0.13.0 (#570), prettier 3.8.3 (#576). +- **Open PRs:** 7 → 1. **Open issues:** 30 → 14. Backlog burn is real — autoheal + maintenance modes now operating against triage rather than accumulating reports. +- **Stars:** 1. **License file at root:** still absent (license declared only in `package.json`). + +**Contradictions:** Prior page claimed 8 workflow files; current count is 7 after the autoheal fold-in. Resolved additively — table row struck through with the PR reference, structure tree annotated, prose updated. + +Sources: https://github.com/marcusrbrown/vbs (SHA 69db16a73245372a9a1b1c6c32d0a70fd0a22185) + +## [2026-05-29 08:53] ingest | repo:marcusrbrown/vbs + +Surveyed marcusrbrown/vbs and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/vbs + +## [2026-05-29 08:56] ingest | repo:marcusrbrown/vbs + +Surveyed marcusrbrown/vbs and updated the control-plane wiki. + +Sources: https://github.com/marcusrbrown/vbs diff --git a/knowledge/wiki/repos/marcusrbrown--vbs.md b/knowledge/wiki/repos/marcusrbrown--vbs.md index 6aec28adf..03c8b0db2 100644 --- a/knowledge/wiki/repos/marcusrbrown--vbs.md +++ b/knowledge/wiki/repos/marcusrbrown--vbs.md @@ -2,8 +2,11 @@ type: repo title: "marcusrbrown/vbs" created: 2026-04-18 -updated: 2026-05-07 +updated: 2026-05-29 sources: + - url: https://github.com/marcusrbrown/vbs + sha: 69db16a73245372a9a1b1c6c32d0a70fd0a22185 + accessed: 2026-05-29 - url: https://github.com/marcusrbrown/vbs sha: b3c415bc4e0e25dd4e5ca8ccdc5ae7aaac9cbdec accessed: 2026-05-07 @@ -28,11 +31,11 @@ related: - **Purpose:** Interactive Star Trek chronological viewing guide with progress tracking - **Default branch:** `main` - **Created:** 2025-07-18 -- **Last push:** 2026-05-07 +- **Last push:** 2026-05-29 (as of 2026-05-29 survey) - **Homepage:** https://marcusrbrown.github.io/vbs/ - **License:** MIT (declared in package.json; no LICENSE file observed at root) - **Topics:** `star-trek`, `viewing-guide`, `chronological`, `progress-tracker`, `local-first` -- **Package manager:** pnpm 10.33.2 +- **Package manager:** pnpm 10.33.4 (as of 2026-05-29; previously 10.33.2) - **Node.js:** 22.x ## Tech Stack @@ -127,7 +130,7 @@ vbs/ ├── public/ # Static assets ├── .ai/ # AI context files ├── .github/ -│ ├── workflows/ # 8 workflow files +│ ├── workflows/ # 7 workflow files (was 8 — fro-bot-autoheal.yaml folded into fro-bot.yaml on 2026-05-14, PR #564) │ ├── actions/ # Custom actions (setup-pnpm) │ ├── agents/ # Agent definitions (data-curator) │ └── settings.yml # Probot settings @@ -144,8 +147,8 @@ vbs/ | --- | --- | --- | --- | | CI | `ci.yaml` | push/PR to `main` | Lint, type-check, test with coverage, build | | Deploy | `deploy.yaml` | push to `main`, dispatch | Build + deploy to GitHub Pages | -| Fro Bot | `fro-bot.yaml` | PR, issue, comment, schedule (daily 15:30 UTC), dispatch | PR review, daily maintenance, ad-hoc prompts | -| Fro Bot Autoheal | `fro-bot-autoheal.yaml` | daily cron (03:30 UTC), dispatch | Automated repo healing (errored PRs, security, lint, data quality) | +| Fro Bot | `fro-bot.yaml` | PR, issue, comment, schedule (daily 15:30 UTC + 03:30 UTC autoheal), dispatch | PR review, daily maintenance, autoheal (single workflow as of 2026-05-14, PR #564) | +| ~~Fro Bot Autoheal~~ | ~~`fro-bot-autoheal.yaml`~~ | _Removed 2026-05-14 (PR #564) — folded into `fro-bot.yaml` with `mode` dispatch input (`review`/`maintenance`/`autoheal`/`both`)_ | _historical_ | | Update Star Trek Data | `update-star-trek-data.yaml` | weekly Monday 09:00 UTC, dispatch | Regenerate data from external sources, validate, create PR | | Renovate | `renovate.yaml` | — | Dependency updates | | Update Repo Settings | `update-repo-settings.yaml` | — | Probot settings sync | @@ -162,7 +165,7 @@ Required status checks on `main`: Build, Fro Bot, Renovate / Renovate, Test. Lin ## Fro Bot Integration -**Fro Bot workflow is present and active** (`fro-bot.yaml`). Uses `fro-bot/agent@v0.42.8` (SHA `fee26493b0f82a9a00241fe24fb0aede8174d1d2`). +**Fro Bot workflow is present and active** (`fro-bot.yaml`). As of 2026-05-29 survey: agent `v0.46.0` (was `v0.42.8` at 2026-05-07 survey — see Survey History for the version trail). As of 2026-05-14 (PR #564) the separate `fro-bot-autoheal.yaml` was folded into a single `fro-bot.yaml` with three operating modes routed by `workflow_dispatch.inputs.mode` (`review` | `maintenance` | `autoheal` | `both`) and dual cron schedules (`30 3 * * *` autoheal, `30 15 * * *` maintenance). This mirrors the consolidation pattern landed in [[marcusrbrown--systematic]] (#446) and [[marcusrbrown--marcusrbrown-github-io]] and is the dominant Fro Bot workflow shape across the ecosystem now. ### PR Review @@ -219,6 +222,38 @@ Responds to `@fro-bot` mentions in issue/PR/discussion comments from OWNER/MEMBE | 2026-04-18 | `a552e73` | Initial survey — full page created | | 2026-04-25 | `dd10e05` | Incremental — 7 Renovate commits, agent bump v0.40.2 → v0.41.4, no structural changes | | 2026-05-07 | `b3c415b` | Incremental — 15 Renovate commits, agent bump v0.41.4 → v0.42.8, Renovate preset #4.5.8 → #4.5.9 | +| 2026-05-29 | `69db16a` | Workflow consolidation (PR #564), Renovate preset v4.5.9 → v5.2.0 (#567), multi-track timeline merged (#458), data-automation stabilization (#574), agent v0.42.8 → v0.46.0, backlog cleared | + +### 2026-05-29 Delta (SHA `b3c415b` → `69db16a`) + +32 commits over 22 days. The maintenance-mode lull from prior surveys broke — three human/Copilot-authored feature/ci commits landed, the data-PR backlog cleared, and two significant structural changes shipped. + +**Structural changes (non-Renovate):** + +- **Fro Bot workflow consolidation (PR #564, `67d30b2`, 2026-05-14, authored by Fro Bot):** `fro-bot.yaml` + `fro-bot-autoheal.yaml` merged into a single `fro-bot.yaml` with `workflow_dispatch.inputs.mode = review | maintenance | autoheal | both` and dual cron schedules (`30 3 * * *` autoheal, `30 15 * * *` maintenance). Concurrency group keyed on issue/PR/discussion number with `cancel-in-progress: false`. Matches the pattern landed in [[marcusrbrown--systematic]] (#446) and [[marcusrbrown--marcusrbrown-github-io]]. Workflow count: 8 → 7. +- **Multi-track timeline visualization merged (PR #458, `87f0ae4`, 2026-05-16, Copilot-authored):** The Copilot feature PR that had been open since the 2026-05-07 survey finally landed — adds multi-track D3 timeline visualization differentiating event types. +- **Data automation stabilization (PR #574, `466875a`, 2026-05-16, Copilot-authored):** "Stabilize Star Trek data automation with perpetual PRs and CI-safe artifact generation." Replaces the prior stacking-PR-per-week pattern with a perpetual PR model — confirms why the 2026-05-07 survey saw 6 data PRs (data-29 through data-34) backed up. The new model collapses them into a single recurring PR surface. +- **Data generation hardening (PR #571, `598af37`, 2026-05-16, Fro Bot):** `fix(data-generation): include required notes field in generated season items`. Quality-scoring schema enforcement caught a missing field in the generator. +- **Renovate preset v4 → v5 (PR #567, `d3b6a1a`, 2026-05-14):** `marcusrbrown/renovate-config#4.5.9` → `#5.2.0`. Crosses the same v4→v5 boundary now adopted across the wider ecosystem (see [[marcusrbrown--renovate-config]]). v5 adds `group:allNonMajor` + 0.x ungrouping safety valve. + +**Renovate / dependency cadence:** + +- **`fro-bot/agent` version trail:** v0.42.8 → v0.42.10 (#560) → v0.43.0 (#561) → v0.43.2 (#578) → v0.43.3 (#579) → v0.44.1 (#582) → v0.44.2 (#583) → v0.44.3 (#584) → v0.46.0 (#590). Nine bumps in 22 days — VBS tracks agent releases at roughly the upstream cadence. +- **`bfra-me/.github` reusable workflows:** v4.16.12 → v4.16.21 (PRs #565, #566, #585, #589). +- **pnpm:** 10.33.2 → 10.33.3 → 10.33.4 (PRs #551, #554). +- **Dev tooling pinned:** `@bfra.me/eslint-config` to v0.51.0 (#568), `@bfra.me/prettier-config` to 0.16.8 (#569), `@bfra.me/tsconfig` to v0.13.0 (#570), `prettier` to 3.8.3 (#576) — VBS aligning with the same pinned-bfra-me-tooling pattern visible across the ecosystem. +- **Non-major dep batches:** #549, #556, #573, #580, #586, #588. + +**Activity shape (as of 2026-05-29):** + +- **Open PRs:** 1 (down from 7) — only #577 (vite v7.3.2 pin) remains. The Copilot timeline feature merged, all six stacked data PRs collapsed into the perpetual-PR model. +- **Open issues:** 14 (down from 30) — significant cleanup. Backlog burn confirms the autoheal + maintenance modes are now operating against real triage rather than accumulating. +- **Star count:** 1. +- **No license file at root** (still — only `license: MIT` in `package.json`). Carried forward from prior surveys; no contradiction. + +**Contradictions noted:** + +- The "8 workflow files" count in the prior page text is now stale — current count is 7 after the autoheal fold-in. Page updated additively (struck-through row in workflows table, prose updated in Fro Bot Integration section) rather than overwriting history. ### 2026-05-07 Delta (SHA `dd10e05` → `b3c415b`) From 74cbaed449c6347f9c4f6f95388844b0800bcb0f Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 29 May 2026 01:56:22 -0700 Subject: [PATCH 67/77] chore(reconcile): record survey success for marcusrbrown/vbs --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index e51563664..04ab89efc 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -194,11 +194,11 @@ repos: name: vbs added: 2026-04-18 onboarding_status: onboarded - last_survey_at: 2026-05-07 + last_survey_at: 2026-05-29 last_survey_status: success has_fro_bot_workflow: true has_renovate: true - next_survey_eligible_at: 2026-06-06 + next_survey_eligible_at: 2026-07-01 discovery_channel: collab private: false node_id: R_kgDOPOixzg From 151dc71a58f0be8f710c31f1c4e6a7c8de68ac13 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 29 May 2026 01:57:34 -0700 Subject: [PATCH 68/77] feat(knowledge): survey marcusrbrown/ha-config --- knowledge/index.md | 4 +- knowledge/log.md | 39 +++++++------------ .../wiki/repos/marcusrbrown--ha-config.md | 16 +++++--- 3 files changed, 27 insertions(+), 32 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 5acecefb2..123623b22 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -19,7 +19,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--esphome-life]] — marcusrbrown/esphome.life - [[marcusrbrown--extend-vscode]] — VS Code extension toolkit (TypeScript, dual Node/Web targets, tsup, Vitest, semantic-release to Marketplace+OpenVSIX+npm); Renovate preset crossed v4→v5 (#5.2.0) on 2026-05-14, eslint v10 / jsdom v29 / eslint-plugin-node-dependencies v2 majors landed end of April, `typescript` v6 (#466) remains the sole pending major; **still no Fro Bot agent workflow** - [[marcusrbrown--gpt]] — Local-first GPT creation platform (React 19, TypeScript 5.9, Vite 7, LangChain, MCP, IndexedDB, Web Crypto; deployed to gpt.mrbro.dev) -- [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome) +- [[marcusrbrown--ha-config]] — Marcus's Home Assistant configuration (public, CI-validated, package-based HA setup with custom components and ESPHome); 11 packages, 10 custom components, `.HA_VERSION` pinned at 2025.6.3 (11-month freeze), Renovate-only autopilot with bfra-me/.github reusable workflows at v4.16.21, still no Fro Bot workflow after four surveys, new `mrbro-bot[bot]` co-author seen on recent merges - [[marcusrbrown--infra]] — Bun workspace monorepo for personal infrastructure (KeeWeb deploy, CLIProxyAPI proxy, Fro Bot Discord gateway, operational CLI with MCP bridge); 12 workflows, CLI v0.7.0, Fro Bot agent v0.44.3, Renovate preset v5.2.0, TypeScript 6, ESLint 10 - [[marcusrbrown--marcusrbrown]] — GitHub profile README with TypeScript-powered automation (badge generation, sponsor tracking, A/B testing, scheduled updates) - [[marcusrbrown--marcusrbrown-github-io]] — Personal brand site (React 19, TypeScript 6, Vite 7, GitHub Pages at marcusrbrown.com, single-page with anchor-link sections; Fro Bot single-file three-mode workflow at agent v0.44.0, v0.44.1 in flight) @@ -29,7 +29,7 @@ Master catalog of all wiki pages, organized by type. - [[marcusrbrown--sparkle]] — TypeScript playground monorepo; cross-platform design system (React + React Native/Expo), component library (Radix + Tailwind), Astro Starlight docs, Turborepo, WASM web shell - [[marcusrbrown--systematic]] — OpenCode plugin: structured engineering workflows (47 skills, 51 agents) at v2.24.0; Bun + Biome + Zod-typed `systematic.json` config schema + semantic-release; `fro-bot.yaml` and `fro-bot-autoheal.yaml` consolidated into a single three-mode workflow (#446), agent v0.45.0; new `release-notes-narrative` skill drives automated narrative releases via `@semantic-release/exec` - [[marcusrbrown--tokentoilet]] — Web3 DeFi token disposal app (Next.js 16, React 19, TypeScript 6, Wagmi v2, Reown AppKit, Tailwind CSS v4, Vercel) -- [[marcusrbrown--vbs]] — Star Trek chronological viewing guide (TypeScript, Vite, D3.js, functional factories, GitHub Pages); 2026-05-29 survey: workflow consolidation merged (PR #564, autoheal folded into `fro-bot.yaml` with `mode` dispatch input), Renovate preset crossed v4→v5 (#567), multi-track timeline merged (#458), data automation moved to perpetual-PR model (#574), agent v0.42.8 → v0.46.0, PR backlog cleared (7 → 1) +- [[marcusrbrown--vbs]] — Star Trek chronological viewing guide (TypeScript, Vite, D3.js, functional factories, GitHub Pages, Fro Bot active) ## Topics diff --git a/knowledge/log.md b/knowledge/log.md index 30176ea81..ab3eac6e2 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1505,36 +1505,25 @@ Surveyed marcusrbrown/systematic and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/systematic -## [2026-05-29 08:53] ingest | marcusrbrown/vbs +## [2026-05-29 08:55] ingest | marcusrbrown/ha-config -Incremental re-survey of `marcusrbrown/vbs` (SHA `69db16a`, 2026-05-29). Updated repo page `marcusrbrown--vbs.md` and refreshed index entry. No new topic/entity/comparison pages warranted — workflow consolidation and Renovate v5 patterns are already cataloged on the ecosystem topic pages. +Re-survey of `marcusrbrown/ha-config` (SHA `33cca05`, 12 days after prior survey). Updated repo page additively with a fourth survey row; updated `index.md` summary; no topic-page edits required (the `home-assistant` page's `.HA_VERSION` pin-drift footgun callout is already accurate and only deepens with the additional staleness). -Delta from prior survey (SHA `b3c415b`, 2026-05-07): - -- 32 commits over 22 days. Three non-Renovate commits broke the prior pure-maintenance pattern. -- **Workflow consolidation (PR #564, 2026-05-14, Fro Bot-authored):** `fro-bot.yaml` + `fro-bot-autoheal.yaml` merged into a single workflow with `mode = review | maintenance | autoheal | both` dispatch input and dual cron schedules (03:30 UTC autoheal, 15:30 UTC maintenance). Matches the pattern landed in `marcusrbrown/systematic` (#446) and `marcusrbrown/marcusrbrown.github.io`. Workflow count: 8 → 7. -- **Multi-track timeline merged (PR #458, Copilot):** The long-standing open Copilot feature PR landed — D3 multi-track timeline differentiating event types. -- **Data automation stabilized (PR #574, Copilot):** "Perpetual PRs and CI-safe artifact generation" — replaces the stacking-weekly-PR pattern (the 6 backed-up data-29..data-34 PRs noted in the prior survey) with a single recurring PR surface. PR #571 fixed a missing `notes` field in generated season items. -- **Renovate preset v4 → v5 (PR #567):** `marcusrbrown/renovate-config#4.5.9` → `#5.2.0`. Crosses the same v4→v5 boundary now adopted across the ecosystem. -- **`fro-bot/agent` trail:** v0.42.8 → v0.42.10 → v0.43.0 → v0.43.2 → v0.43.3 → v0.44.1 → v0.44.2 → v0.44.3 → v0.46.0 (9 bumps, PRs #560, #561, #578, #579, #582, #583, #584, #590). -- **bfra-me/.github reusable workflows:** v4.16.12 → v4.16.21 (#565, #566, #585, #589). -- **pnpm:** 10.33.2 → 10.33.4 (#551, #554). -- **Bfra-me tooling pinned:** eslint-config v0.51.0 (#568), prettier-config 0.16.8 (#569), tsconfig v0.13.0 (#570), prettier 3.8.3 (#576). -- **Open PRs:** 7 → 1. **Open issues:** 30 → 14. Backlog burn is real — autoheal + maintenance modes now operating against triage rather than accumulating reports. -- **Stars:** 1. **License file at root:** still absent (license declared only in `package.json`). - -**Contradictions:** Prior page claimed 8 workflow files; current count is 7 after the autoheal fold-in. Resolved additively — table row struck through with the PR reference, structure tree annotated, prose updated. - -Sources: https://github.com/marcusrbrown/vbs (SHA 69db16a73245372a9a1b1c6c32d0a70fd0a22185) +Key findings: -## [2026-05-29 08:53] ingest | repo:marcusrbrown/vbs +- Structural surface unchanged: still 11 packages, 10 custom components, ESPHome submodule, no Fro Bot workflow. +- `.HA_VERSION` still pinned at `2025.6.3` — now ~11 months stale; the package-based config is being validated against a frozen HA release while pip-resolved deps advance freely. +- Pure Renovate churn since 2026-05-17: `bfra-me/.github` reusable workflow v4.16.17 → v4.16.21 (four patch bumps in 11 days), `pipelinecomponents/remark-lint` digest pin `829aa31` (#790), four esphome submodule digest updates (#782, #784, #786, #787, #789). +- Same 3 open issues (#427 Dependency Dashboard, #766 asyncio-mqtt v0.16.2, #777 esphome v2026), same 0 open PRs. +- New observation: `mrbro-bot[bot]` (GitHub ID `137683033`) is co-authoring some recent Renovate merges (e.g. #790). First sighting of a non-fro-bot automation actor on this repo — worth tracking on subsequent passes. +- **No Fro Bot workflow** for the fourth consecutive survey. Persistence across nearly a year suggests this is intentional: the repo is Renovate-only autopilot and doesn't need PR review or triage automation since virtually all merges are bot-authored. -Surveyed marcusrbrown/vbs and updated the control-plane wiki. +No contradictions with prior surveys. -Sources: https://github.com/marcusrbrown/vbs +Sources: https://github.com/marcusrbrown/ha-config (SHA 33cca0534ca2b0dbbb7db4235912c1f225458beb) -## [2026-05-29 08:56] ingest | repo:marcusrbrown/vbs +## [2026-05-29 08:57] ingest | repo:marcusrbrown/ha-config -Surveyed marcusrbrown/vbs and updated the control-plane wiki. +Surveyed marcusrbrown/ha-config and updated the control-plane wiki. -Sources: https://github.com/marcusrbrown/vbs +Sources: https://github.com/marcusrbrown/ha-config diff --git a/knowledge/wiki/repos/marcusrbrown--ha-config.md b/knowledge/wiki/repos/marcusrbrown--ha-config.md index 099cae206..4caf29059 100644 --- a/knowledge/wiki/repos/marcusrbrown--ha-config.md +++ b/knowledge/wiki/repos/marcusrbrown--ha-config.md @@ -2,7 +2,7 @@ type: repo title: "marcusrbrown/ha-config" created: 2025-06-18 -updated: 2026-05-17 +updated: 2026-05-29 sources: - url: https://github.com/marcusrbrown/ha-config sha: 83784bc3a212c10cd358be4da9425e46aa6e90f0 @@ -16,6 +16,9 @@ sources: - url: https://github.com/marcusrbrown/ha-config sha: f80fbc124c0765b8685c3cd98fe3d8eff832e872 accessed: 2026-05-17 + - url: https://github.com/marcusrbrown/ha-config + sha: 33cca0534ca2b0dbbb7db4235912c1f225458beb + accessed: 2026-05-29 tags: [home-assistant, home-assistant-config, yaml, esphome, iot] aliases: [ha-config] related: @@ -35,8 +38,8 @@ Marcus R. Brown's [[home-assistant]] configuration repository. Public, version-c - **Purpose:** Version-controlled Home Assistant configuration - **Default branch:** `main` - **Created:** 2023-07-25 -- **Last push:** 2026-05-16 (`f80fbc1`) -- **HA version tracked:** 2025.6.3 (pinned in `.HA_VERSION`; unchanged since initial survey — a notable drift between code and the broader HA release cadence) +- **Last push:** 2026-05-28 (`33cca05`) +- **HA version tracked:** 2025.6.3 (pinned in `.HA_VERSION`; unchanged since initial survey — a notable drift between code and the broader HA release cadence, now ~11 months stale) - **Topics:** `home-assistant`, `home-assistant-config` - **Open issues:** 3 (#427 Dependency Dashboard, #766 asyncio-mqtt v0.16.2, #777 esphome v2026) - **Open PRs:** 0 @@ -121,7 +124,7 @@ Required status checks on `main`: YAML Lint, Remark Lint, Prettier, Check Home A ### Shared Workflows -Both `renovate.yaml` and `update-repo-settings.yaml` reference reusable workflows from `bfra-me/.github`. As of 2026-05-17 both are pinned to **v4.16.17** (SHA `5cb8bc230d36f005cd2de807fe408b428a44c4d5`), up from v4.16.8 in the prior survey. Authentication uses `APPLICATION_ID` and `APPLICATION_PRIVATE_KEY` secrets (GitHub App). +Both `renovate.yaml` and `update-repo-settings.yaml` reference reusable workflows from `bfra-me/.github`. As of 2026-05-29 both are pinned to **v4.16.21** (SHA `165ed192e9969365ec079b36e3f42a443bb75647`), up from v4.16.17 in the prior survey — four patch bumps absorbed in eleven days (#781 v4.16.18 → #783 v4.16.19 → #785 v4.16.20 → #788 v4.16.21), all Renovate-authored. Authentication uses `APPLICATION_ID` and `APPLICATION_PRIVATE_KEY` secrets (GitHub App). ### Renovate Trigger Model @@ -145,10 +148,12 @@ This is the same event-driven Renovate pattern used in [[marcusrbrown--github]] ## Fro Bot Integration -**No Fro Bot workflow detected.** The repository does not contain a `fro-bot.yaml` workflow or any Fro Bot-specific CI integration. A follow-up draft PR should be proposed to add the Fro Bot agent workflow for automated PR review and triage. +**No Fro Bot workflow detected** (confirmed across four consecutive surveys: 2025-06, 2026-04 ×2, 2026-05). The repository does not contain a `fro-bot.yaml` workflow or any Fro Bot-specific CI integration. A follow-up draft PR should be proposed to add the Fro Bot agent workflow for automated PR review and triage. The persistence of this gap across nearly a year suggests it is not on the maintenance critical path — Marcus is treating ha-config as a Renovate-only autopilot repo, with no PR-review or triage agent needed since virtually all merges are bot-authored. The repo does reference `fro-bot/.github:common-settings.yaml` in its Probot settings, confirming it is part of the Fro Bot-managed ecosystem. +A separate write-author (`mrbro-bot[bot]`, GitHub ID 137683033) is co-authoring some recent Renovate commits (e.g. #790), which is the first observation of a non-fro-bot maintenance actor on this repository. Worth tracking whether `mrbro-bot` is a parallel automation identity or a stand-in for the personal account. + ## Notable Patterns - **Package-based architecture:** Domain concerns are isolated into `packages/` YAML files rather than a monolithic config. This is the recommended HA pattern for complex setups. @@ -166,3 +171,4 @@ The repo does reference `fro-bot/.github:common-settings.yaml` in its Probot set | 2026-04-18 | `54a6727` | Prettier 3.8.3, Renovate `#4.5.8`, bfra-me/.github v4.16.6, pre-commit-hooks v6.0.0 | | 2026-04-24 | `f7ec803` | pre-commit 4.6.0, bfra-me/.github v4.16.8, Renovate trigger model expanded (workflow_run, push to non-main) | | 2026-05-17 | `f80fbc1` | Renovate preset major bump `marcusrbrown/renovate-config#4.5.8 → #5.2.0` (PR #776), bfra-me/.github reusable workflows v4.16.8 → v4.16.17, open Renovate PRs queued for esphome v2026 (#777) and asyncio-mqtt v0.16.2 (#766). No package/custom-component additions; `.HA_VERSION` still 2025.6.3. | +| 2026-05-29 | `33cca05` | Pure Renovate churn since prior survey: bfra-me/.github v4.16.17 → v4.16.21 (four patch bumps in 11 days), `pipelinecomponents/remark-lint` digest pinned to `829aa31` (#790), esphome submodule digest advanced four times (#782, #784, #786, #787, #789). Co-author `mrbro-bot[bot]` appears on recent Renovate merges — first sighting of a non-fro-bot automation identity on this repo. Same 3 open issues, same 0 open PRs, same `.HA_VERSION` 2025.6.3, same 11 packages, same 10 custom components. No structural drift. Still no Fro Bot workflow. | From 046400eb1a08c43b35b01833e404210bfe4bcc73 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Fri, 29 May 2026 01:57:36 -0700 Subject: [PATCH 69/77] chore(reconcile): record survey success for marcusrbrown/ha-config --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 04ab89efc..890a71f9c 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -4,11 +4,11 @@ repos: name: ha-config added: 2026-04-17 onboarding_status: onboarded - last_survey_at: 2026-05-17 + last_survey_at: 2026-05-29 last_survey_status: success has_fro_bot_workflow: false has_renovate: true - next_survey_eligible_at: 2026-06-18 + next_survey_eligible_at: 2026-06-29 discovery_channel: collab private: false node_id: R_kgDOJ_bMaQ From 9a25b7761ed7e0c94f0e90be357fdae8506aeee4 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 30 May 2026 01:02:53 -0700 Subject: [PATCH 70/77] feat(knowledge): survey bfra-me/.github --- knowledge/index.md | 2 +- knowledge/log.md | 24 ++++++++++++++++++++++++ knowledge/wiki/repos/bfra-me--github.md | 22 ++++++++++++++-------- 3 files changed, 39 insertions(+), 9 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 123623b22..5884fcf3c 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -4,7 +4,7 @@ Master catalog of all wiki pages, organized by type. ## Repos -- [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.44.2 +- [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.46.1 (bumped from v0.44.2 in 4 hops since 2026-05-20), Node 24.16.0, `@bfra.me/.github` v4.16.21 - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal - [[bfra-me--renovate-action]] — bfra-me/renovate-action - [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) diff --git a/knowledge/log.md b/knowledge/log.md index ab3eac6e2..8aae578bc 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1527,3 +1527,27 @@ Sources: https://github.com/marcusrbrown/ha-config (SHA 33cca0534ca2b0dbbb7db423 Surveyed marcusrbrown/ha-config and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/ha-config + +## [2026-05-30 08:00] ingest | repo:bfra-me/.github + +Re-survey of `bfra-me/.github` (SHA `510bcb1`, 10 days after initial survey). Updated repo page additively with a second survey row; updated `index.md` summary line. No new topic, entity, or comparison pages required — the three-source Probot settings reconciliation follow-up from 2026-05-20 remains open and is best deferred to a [[probot-settings]]-focused pass rather than expanded here. + +Key findings: + +- Structural surface unchanged: same 17 workflows, same 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), same Probot settings model, same monorepo layout, same AGENTS.md conventions. +- Pure version churn since 2026-05-20: `@bfra.me/.github` v4.16.18 → v4.16.21 (3 changesets publishes), Node 24.15.0 → 24.16.0 (#2207), `fro-bot/agent` v0.44.2 → v0.46.1 in 4 hops (v0.44.3 #2201 → v0.45.0 #2216 → v0.46.0 #2223 → v0.46.1 #2225 on 2026-05-30). +- `bfra-me/renovate-action` advanced v9.90 → v9.99 in 10 bumps over 10 days — the highest-velocity dependency in this repo. The v9.99 → v10.0 boundary is one cron away. +- pnpm pinned at 10.33.4 (unchanged), TypeScript 6.0.3 (unchanged), strict mode preserved. +- Open issues 5 → 6, no open PRs as of survey. +- Fro Bot pin observation: this repo is now ahead of [[fro-bot--agent]]'s last self-surveyed release (v0.44.3 on 2026-05-22). It also leads [[marcusrbrown--vbs]] (v0.46.0). The agent has shipped v0.45.x, v0.46.0, and v0.46.1 between surveys — the [[fro-bot--agent]] page is overdue for a re-survey. +- No new structural follow-ups. The 2026-05-20 open question (reconcile `marcusrbrown/.github`, `fro-bot/.github`, and `bfra-me/.github` `common-settings.yaml` sources on the [[probot-settings]] topic page) remains the only outstanding item. + +No contradictions with prior survey. + +Sources: https://github.com/bfra-me/.github (SHA 510bcb1cb8707601ed7387a3fe16a91790111270) + +## [2026-05-30 08:02] ingest | repo:bfra-me/.github + +Surveyed bfra-me/.github and updated the control-plane wiki. + +Sources: https://github.com/bfra-me/.github diff --git a/knowledge/wiki/repos/bfra-me--github.md b/knowledge/wiki/repos/bfra-me--github.md index 378430e4e..e146dae01 100644 --- a/knowledge/wiki/repos/bfra-me--github.md +++ b/knowledge/wiki/repos/bfra-me--github.md @@ -2,11 +2,14 @@ type: repo title: bfra-me/.github created: 2026-05-20 -updated: 2026-05-20 +updated: 2026-05-30 sources: - url: https://github.com/bfra-me/.github sha: a81be4c5d5c93824fdcc426418c9433d5e5bd9be accessed: 2026-05-20 + - url: https://github.com/bfra-me/.github + sha: 510bcb1cb8707601ed7387a3fe16a91790111270 + accessed: 2026-05-30 tags: [bfra-me, dotgithub, monorepo, pnpm, typescript, github-actions, probot, renovate, template] related: - bfra-me--ha-addon-repository @@ -38,12 +41,12 @@ license/secret/container scanning). - **License:** MIT - **Default branch:** `main` - **Created:** 2022-03-17 -- **Last push:** 2026-05-20 -- **Package version:** `@bfra.me/.github` v4.16.18 (private root) -- **Node:** 24.15.0 (`.node-version`) +- **Last push:** 2026-05-30 (was 2026-05-20) +- **Package version:** `@bfra.me/.github` v4.16.21 (was v4.16.18 on 2026-05-20) +- **Node:** 24.16.0 (`.node-version`; bumped from 24.15.0 via #2207) - **Package manager:** pnpm 10.33.4 - **TypeScript:** 6.0.3, strict -- **Open issues / PRs:** 5 / 1 (2026-05-20) +- **Open issues / PRs:** 6 / — (2026-05-30; was 5 / 1 on 2026-05-20) ## Layout @@ -62,6 +65,7 @@ license/secret/container scanning). │ ├── labeler.yaml │ ├── renovate.json5 │ └── settings.yml +├── .changeset/ # Manually-authored changesets (renovate auto-creates per dep update) ├── workflow-templates/ # Org-wide templates (.yaml + .properties.json pairs) ├── scripts/ # tsx utilities: release, build perf, workspace validation ├── docs/ @@ -75,7 +79,7 @@ license/secret/container scanning). ├── eslint.config.ts ├── internal.json5 # Renovate internal config extended by .github/renovate.json5 ├── mise.toml # Adds ./node_modules/.bin to PATH -├── package.json # `@bfra.me/.github` v4.16.18 +├── package.json # `@bfra.me/.github` v4.16.21 ├── pnpm-workspace.yaml ├── tsconfig.json / tsconfig.build.json / tsconfig.eslint.json └── vitest.config.ts @@ -138,8 +142,9 @@ Notable surface area: This repo **is** a Fro Bot workflow host, and it also _runs_ the org-wide autoheal sweep. As of HEAD it pins: -- `fro-bot/agent@b97877b202095e5faf046c1f9d7a18891720a73b # v0.44.2` - (bumped via Renovate, PR #2200) +- `fro-bot/agent@9a2d4b08196d3d5ad70692b655311e18ed6b2726 # v0.46.1` + (bumped via Renovate, PR #2225 on 2026-05-30; previously v0.44.2 PR #2200, + v0.44.3 #2201, v0.45.0 #2216, v0.46.0 #2223) ### `fro-bot.yaml` (per-repo) @@ -287,3 +292,4 @@ action can detect it as a published package. | Date | SHA | Notes | | ---------- | ---------- | -------------------------------------------------------------------------- | | 2026-05-20 | `a81be4c` | Initial survey. `fro-bot/agent@v0.44.2` (PR #2200). 17 workflows, 3 custom actions. | +| 2026-05-30 | `510bcb1` | Re-survey. No structural drift: same 17 workflows, same 3 custom actions, same Probot settings model. Pure version churn since last visit — `@bfra.me/.github` v4.16.18→v4.16.21 (3 changesets publishes), Node 24.15.0→24.16.0 (#2207), `fro-bot/agent` v0.44.2→v0.46.1 in 4 hops (v0.44.3 #2201 → v0.45.0 #2216 → v0.46.0 #2223 → v0.46.1 #2225), `bfra-me/renovate-action` walked v9.90→v9.99 (10 bumps in 10 days; high-velocity dependency). pnpm still 10.33.4, TS still 6.0.3. No new structural follow-ups; the three-source Probot settings reconciliation question from 2026-05-20 remains open. | From 57c281cd1acc37715a9324cc0c09d6291527a70a Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 30 May 2026 01:02:55 -0700 Subject: [PATCH 71/77] chore(reconcile): record survey success for bfra-me/.github --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 890a71f9c..75de567c3 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -278,12 +278,12 @@ repos: name: .github added: 2026-05-18 onboarding_status: onboarded - last_survey_at: 2026-05-20 + last_survey_at: 2026-05-30 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-21 + next_survey_eligible_at: 2026-07-01 private: false node_id: R_kgDOHBEXpg - owner: bfra-me From 6ac0b04952cd8f4a3cd1b5940c63e8a4a1b5eaf7 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 30 May 2026 01:04:07 -0700 Subject: [PATCH 72/77] feat(knowledge): survey bfra-me/ha-addon-repository --- knowledge/index.md | 4 +-- knowledge/log.md | 29 +++++++++---------- knowledge/wiki/repos/bfra-me--github.md | 22 +++++--------- .../repos/bfra-me--ha-addon-repository.md | 11 ++++++- 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 5884fcf3c..66d9aff28 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -4,8 +4,8 @@ Master catalog of all wiki pages, organized by type. ## Repos -- [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.46.1 (bumped from v0.44.2 in 4 hops since 2026-05-20), Node 24.16.0, `@bfra.me/.github` v4.16.21 -- [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal +- [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.44.2 +- [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal (Renovate PR #557 queuing v0.46.1; HEAD unchanged on `main` for 14 days as of 2026-05-30) - [[bfra-me--renovate-action]] — bfra-me/renovate-action - [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos diff --git a/knowledge/log.md b/knowledge/log.md index 8aae578bc..cc375cca2 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1528,26 +1528,23 @@ Surveyed marcusrbrown/ha-config and updated the control-plane wiki. Sources: https://github.com/marcusrbrown/ha-config -## [2026-05-30 08:00] ingest | repo:bfra-me/.github +## [2026-05-30 08:01] ingest | bfra-me/ha-addon-repository -Re-survey of `bfra-me/.github` (SHA `510bcb1`, 10 days after initial survey). Updated repo page additively with a second survey row; updated `index.md` summary line. No new topic, entity, or comparison pages required — the three-source Probot settings reconciliation follow-up from 2026-05-20 remains open and is best deferred to a [[probot-settings]]-focused pass rather than expanded here. +No-op re-survey of `bfra-me/ha-addon-repository` (SHA `0a163c3f`, unchanged from 2026-05-20). HEAD on `main` has been dormant for 14 days while Renovate accumulates queued PRs on side branches. Additive update only: appended a 2026-05-30 row to the Survey History table, added a `Drift Watch` section noting two emerging signals, refreshed frontmatter `updated:` date, appended a second source entry. Updated `index.md` description with the queued v0.46.1 Fro Bot bump for freshness. No topic, entity, or comparison pages required edits. -Key findings: - -- Structural surface unchanged: same 17 workflows, same 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), same Probot settings model, same monorepo layout, same AGENTS.md conventions. -- Pure version churn since 2026-05-20: `@bfra.me/.github` v4.16.18 → v4.16.21 (3 changesets publishes), Node 24.15.0 → 24.16.0 (#2207), `fro-bot/agent` v0.44.2 → v0.46.1 in 4 hops (v0.44.3 #2201 → v0.45.0 #2216 → v0.46.0 #2223 → v0.46.1 #2225 on 2026-05-30). -- `bfra-me/renovate-action` advanced v9.90 → v9.99 in 10 bumps over 10 days — the highest-velocity dependency in this repo. The v9.99 → v10.0 boundary is one cron away. -- pnpm pinned at 10.33.4 (unchanged), TypeScript 6.0.3 (unchanged), strict mode preserved. -- Open issues 5 → 6, no open PRs as of survey. -- Fro Bot pin observation: this repo is now ahead of [[fro-bot--agent]]'s last self-surveyed release (v0.44.3 on 2026-05-22). It also leads [[marcusrbrown--vbs]] (v0.46.0). The agent has shipped v0.45.x, v0.46.0, and v0.46.1 between surveys — the [[fro-bot--agent]] page is overdue for a re-survey. -- No new structural follow-ups. The 2026-05-20 open question (reconcile `marcusrbrown/.github`, `fro-bot/.github`, and `bfra-me/.github` `common-settings.yaml` sources on the [[probot-settings]] topic page) remains the only outstanding item. +Findings: -No contradictions with prior survey. +- HEAD unchanged at `0a163c3f` (`chore(deps): update dependency prettier to v3.8.3 (#551)`, 2026-05-16). `pushedAt` is 2026-05-30 because Renovate keeps re-pushing side branches, but `main` itself is stationary. +- Open issues: 5 → 6 (#554 `Daily Autohealing Report` continues to accrue dated update sections under the perpetual-issue pattern; #4 Dependency Dashboard unchanged). +- Open PRs: 0 → 4, all Renovate, all unmerged: #556 (`bfra-me/.github` reusable v4.16.16 → v4.16.21), #557 (`fro-bot/agent` v0.43.1 → v0.46.1 — three minor versions of agent runtime missed), #558 (HA `amd64-base:3.23` digest rotation to `4b7bff6`), #559 (`docker/login-action` v4.2.0). +- Workflow content inspected: `fro-bot.yaml` still pins `fro-bot/agent@v0.43.1`. `SCHEDULE_PROMPT` env literal still hardcodes "bfra-me/.github reusable workflow version (currently v4.16.6)" — a stale comment relative to the actual `uses:` pin at v4.16.16. Self-corrects via the agent's live SHA comparison, but worth parameterising on next workflow edit. +- No structural drift to workflows, settings, the `example/` add-on, or the Renovate config family (`bfra-me/renovate-config#5.2.1`). +- Cross-ecosystem note: this repo lags the agent fleet by 3 minor versions and the `bfra-me/.github` reusable by 5 patch versions. The four queued Renovate PRs cover that drift entirely — bottleneck is review/merge cadence, not Renovate coverage. -Sources: https://github.com/bfra-me/.github (SHA 510bcb1cb8707601ed7387a3fe16a91790111270) +Sources: https://github.com/bfra-me/ha-addon-repository (SHA 0a163c3fa8846704103658142fa742f40d165743) -## [2026-05-30 08:02] ingest | repo:bfra-me/.github +## [2026-05-30 08:03] ingest | repo:bfra-me/ha-addon-repository -Surveyed bfra-me/.github and updated the control-plane wiki. +Surveyed bfra-me/ha-addon-repository and updated the control-plane wiki. -Sources: https://github.com/bfra-me/.github +Sources: https://github.com/bfra-me/ha-addon-repository diff --git a/knowledge/wiki/repos/bfra-me--github.md b/knowledge/wiki/repos/bfra-me--github.md index e146dae01..378430e4e 100644 --- a/knowledge/wiki/repos/bfra-me--github.md +++ b/knowledge/wiki/repos/bfra-me--github.md @@ -2,14 +2,11 @@ type: repo title: bfra-me/.github created: 2026-05-20 -updated: 2026-05-30 +updated: 2026-05-20 sources: - url: https://github.com/bfra-me/.github sha: a81be4c5d5c93824fdcc426418c9433d5e5bd9be accessed: 2026-05-20 - - url: https://github.com/bfra-me/.github - sha: 510bcb1cb8707601ed7387a3fe16a91790111270 - accessed: 2026-05-30 tags: [bfra-me, dotgithub, monorepo, pnpm, typescript, github-actions, probot, renovate, template] related: - bfra-me--ha-addon-repository @@ -41,12 +38,12 @@ license/secret/container scanning). - **License:** MIT - **Default branch:** `main` - **Created:** 2022-03-17 -- **Last push:** 2026-05-30 (was 2026-05-20) -- **Package version:** `@bfra.me/.github` v4.16.21 (was v4.16.18 on 2026-05-20) -- **Node:** 24.16.0 (`.node-version`; bumped from 24.15.0 via #2207) +- **Last push:** 2026-05-20 +- **Package version:** `@bfra.me/.github` v4.16.18 (private root) +- **Node:** 24.15.0 (`.node-version`) - **Package manager:** pnpm 10.33.4 - **TypeScript:** 6.0.3, strict -- **Open issues / PRs:** 6 / — (2026-05-30; was 5 / 1 on 2026-05-20) +- **Open issues / PRs:** 5 / 1 (2026-05-20) ## Layout @@ -65,7 +62,6 @@ license/secret/container scanning). │ ├── labeler.yaml │ ├── renovate.json5 │ └── settings.yml -├── .changeset/ # Manually-authored changesets (renovate auto-creates per dep update) ├── workflow-templates/ # Org-wide templates (.yaml + .properties.json pairs) ├── scripts/ # tsx utilities: release, build perf, workspace validation ├── docs/ @@ -79,7 +75,7 @@ license/secret/container scanning). ├── eslint.config.ts ├── internal.json5 # Renovate internal config extended by .github/renovate.json5 ├── mise.toml # Adds ./node_modules/.bin to PATH -├── package.json # `@bfra.me/.github` v4.16.21 +├── package.json # `@bfra.me/.github` v4.16.18 ├── pnpm-workspace.yaml ├── tsconfig.json / tsconfig.build.json / tsconfig.eslint.json └── vitest.config.ts @@ -142,9 +138,8 @@ Notable surface area: This repo **is** a Fro Bot workflow host, and it also _runs_ the org-wide autoheal sweep. As of HEAD it pins: -- `fro-bot/agent@9a2d4b08196d3d5ad70692b655311e18ed6b2726 # v0.46.1` - (bumped via Renovate, PR #2225 on 2026-05-30; previously v0.44.2 PR #2200, - v0.44.3 #2201, v0.45.0 #2216, v0.46.0 #2223) +- `fro-bot/agent@b97877b202095e5faf046c1f9d7a18891720a73b # v0.44.2` + (bumped via Renovate, PR #2200) ### `fro-bot.yaml` (per-repo) @@ -292,4 +287,3 @@ action can detect it as a published package. | Date | SHA | Notes | | ---------- | ---------- | -------------------------------------------------------------------------- | | 2026-05-20 | `a81be4c` | Initial survey. `fro-bot/agent@v0.44.2` (PR #2200). 17 workflows, 3 custom actions. | -| 2026-05-30 | `510bcb1` | Re-survey. No structural drift: same 17 workflows, same 3 custom actions, same Probot settings model. Pure version churn since last visit — `@bfra.me/.github` v4.16.18→v4.16.21 (3 changesets publishes), Node 24.15.0→24.16.0 (#2207), `fro-bot/agent` v0.44.2→v0.46.1 in 4 hops (v0.44.3 #2201 → v0.45.0 #2216 → v0.46.0 #2223 → v0.46.1 #2225), `bfra-me/renovate-action` walked v9.90→v9.99 (10 bumps in 10 days; high-velocity dependency). pnpm still 10.33.4, TS still 6.0.3. No new structural follow-ups; the three-source Probot settings reconciliation question from 2026-05-20 remains open. | diff --git a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md index 023943f09..55c46cbd0 100644 --- a/knowledge/wiki/repos/bfra-me--ha-addon-repository.md +++ b/knowledge/wiki/repos/bfra-me--ha-addon-repository.md @@ -2,11 +2,14 @@ type: repo title: bfra-me/ha-addon-repository created: 2026-05-20 -updated: 2026-05-20 +updated: 2026-05-30 sources: - url: https://github.com/bfra-me/ha-addon-repository sha: 0a163c3fa8846704103658142fa742f40d165743 accessed: 2026-05-20 + - url: https://github.com/bfra-me/ha-addon-repository + sha: 0a163c3fa8846704103658142fa742f40d165743 + accessed: 2026-05-30 tags: [home-assistant, addon, hassio, template, docker, multi-arch, bfra-me] related: - marcusrbrown--ha-config @@ -170,3 +173,9 @@ The two `frenck/action-*` tools are siblings serving the two sides of the HA dev | Date | SHA | Notes | |---|---|---| | 2026-05-20 | `0a163c3f` | Initial survey. Fro Bot agent v0.43.1, four workflows, example add-on at v1.2.2, HA base images Alpine 3.22/3.23, Node 22.11.0, Python 3.13.13. | +| 2026-05-30 | `0a163c3f` | HEAD unchanged on `main` for 14 days. Open issues 5 → 6 (new `Daily Autohealing Report` entry from the perpetual issue pattern). 4 open Renovate PRs queued and unmerged: #556 (`bfra-me/.github` v4.16.16 → v4.16.21), #557 (`fro-bot/agent` v0.43.1 → v0.46.1, 3-minor-version jump), #558 (HA `amd64-base:3.23` digest rotation), #559 (`docker/login-action` v4.2.0). The `SCHEDULE_PROMPT` block still references `bfra-me/.github` "currently v4.16.6" — that's a stale comment relative to the actual workflow import at v4.16.16, and worth updating when #556 lands. No content drift on workflows, settings, or the `example/` add-on. | + +## Drift Watch + +- **Stale comment in `fro-bot.yaml`:** The `SCHEDULE_PROMPT` env literal hardcodes "bfra-me/.github reusable workflow version (currently v4.16.6)" while the actual `uses:` pin in `renovate.yaml` and `update-repo-settings.yaml` is at v4.16.16, with v4.16.21 queued in PR #556. The agent self-corrects via the live SHA comparison it's instructed to do, but the literal will keep drifting until someone parameterises it or relies entirely on dynamic lookup. +- **Fro Bot agent lag:** Repo is at v0.43.1; ecosystem (e.g., `marcusrbrown/dotfiles`, `marcusrbrown/systematic`) has moved through v0.44.x → v0.45.0 and Renovate has v0.46.1 queued. PR #557 alone covers three minor versions — worth a targeted review before merge in case any of v0.44 / v0.45 introduced workflow input changes that need surfacing in `fro-bot.yaml`. From e0e11299f86d88c8b1849a13cfd61987ad37a733 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sat, 30 May 2026 01:04:08 -0700 Subject: [PATCH 73/77] chore(reconcile): record survey success for bfra-me/ha-addon-repository --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 75de567c3..d42bbcaec 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -290,12 +290,12 @@ repos: name: ha-addon-repository added: 2026-05-18 onboarding_status: onboarded - last_survey_at: 2026-05-20 + last_survey_at: 2026-05-30 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-22 + next_survey_eligible_at: 2026-06-30 private: false node_id: R_kgDOIKWaJA - owner: bfra-me From e6f9c2c05353d7a379e25f8d4b6d4c113f2bc1ad Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 31 May 2026 01:28:01 -0700 Subject: [PATCH 74/77] feat(knowledge): survey bfra-me/works --- knowledge/index.md | 2 +- knowledge/log.md | 22 +++++++++++++ knowledge/wiki/repos/bfra-me--works.md | 43 ++++++++++++++++---------- 3 files changed, 50 insertions(+), 17 deletions(-) diff --git a/knowledge/index.md b/knowledge/index.md index 66d9aff28..0118952dc 100644 --- a/knowledge/index.md +++ b/knowledge/index.md @@ -7,7 +7,7 @@ Master catalog of all wiki pages, organized by type. - [[bfra-me--github]] — Org control center for `@bfra-me`; pnpm/TypeScript monorepo with 3 custom actions (`renovate-changesets`, `update-metadata`, `update-repository-settings`), 17 workflows, org-wide Fro Bot autoheal (weekdays), canonical `bfra-me/.github:common-settings.yaml`, Fro Bot agent v0.44.2 - [[bfra-me--ha-addon-repository]] — Template repository for a Home Assistant add-on repository (bfra-me org); multi-arch Docker builds via `home-assistant/builder`, GHCR publishing with cosign, Fro Bot agent v0.43.1 with add-on-aware review/autoheal (Renovate PR #557 queuing v0.46.1; HEAD unchanged on `main` for 14 days as of 2026-05-30) - [[bfra-me--renovate-action]] — bfra-me/renovate-action -- [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10, TS 6, ESM); 8 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.44.2 with three-mode single-file workflow (PR review / Daily Maintenance Report / Daily Autohealing Report) +- [[bfra-me--works]] — `@bfra-me` tooling monorepo (pnpm 10.34.1, TS 6, ESM); 9 published packages (`eslint-config`, `prettier-config`, `tsconfig`, `es`, `create`, `badge-config`, `doc-sync`, `semantic-release`, `workspace-analyzer`) + Astro Starlight docs; 11 workflows; Fro Bot agent v0.47.0 (jumped v0.44.2 → v0.46.1 → v0.47.0 on 2026-05-30 alongside PR #3491 fixing dispatch/reusable-call mode resolution); `bfra-me/.github` reusable workflows + Renovate baseline at v4.16.21 - [[fro-bot--agent]] — GitHub Action harness for OpenCode + oMo agents with persistent session state; core runtime powering Fro Bot's PR review, issue triage, scheduled maintenance, and wiki-update capabilities across all managed repos - [[fro-bot--fro-bot-github-io]] — fro-bot/fro-bot.github.io - [[fro-bot--systematic]] — Built docs + OCX registry deployment target for `@fro.bot/systematic` at fro.bot/systematic/; `gh-pages`-only repo (no Fro Bot workflow needed); now also hosts the pinned JSON Schema for `systematic.json` user config at `/schemas/v2/`; registry advanced to v2.20.6 with 103 components (51 agents, 47 skills, 2 bundles, 2 profiles, 1 plugin) diff --git a/knowledge/log.md b/knowledge/log.md index cc375cca2..536d5a550 100644 --- a/knowledge/log.md +++ b/knowledge/log.md @@ -1548,3 +1548,25 @@ Sources: https://github.com/bfra-me/ha-addon-repository (SHA 0a163c3fa8846704103 Surveyed bfra-me/ha-addon-repository and updated the control-plane wiki. Sources: https://github.com/bfra-me/ha-addon-repository + +## [2026-05-31 00:30] ingest | bfra-me/works + +Incremental re-survey of `bfra-me/works` (SHA `cd4a52d`, 2026-05-31; prior `ef14b26`, 2026-05-20). Updated repo page `bfra-me--works.md` and index entry. No new topic/entity/comparison pages warranted — deltas are agent pin advances and dependency bumps, not structural. + +Delta: + +- **Fro Bot agent:** v0.44.2 → v0.46.1 (#3503) → v0.47.0 (#3510), both merged 2026-05-30. PR #3491 ("Fix Fro Bot mode/prompt resolution for dispatch and reusable runs") patched the inline shell mode-resolution block for `workflow_dispatch` and `workflow_call` paths just ahead of the v0.47.0 bump. +- **bfra-me/.github reusable workflows + Renovate baseline:** v4.16.18 → v4.16.21 (both `renovate.yaml` workflow ref and `internal.json5#v4.16.21` extends). +- **pnpm:** 10.33.4 → 10.34.1 (via #3511 then #3514). +- **Published package versions:** All 9 unchanged (`@bfra.me/badge-config@0.2.0`, `create@0.7.14`, `doc-sync@0.1.9`, `es@0.1.0`, `eslint-config@0.51.1`, `prettier-config@0.16.9`, `semantic-release@0.3.7`, `tsconfig@0.13.1`, `workspace-analyzer@0.2.8` — last release still 2026-05-16). +- **Workflow inventory, package layout, Probot settings, branch protection (12 required checks), build/release pipeline:** identical. +- **Open issues:** 38 (unchanged). **Open PRs:** 1 → 2. +- No contradictions with prior ingest. `bfra-me/works` is currently the bleeding-edge agent adopter; sibling [[bfra-me--github]] and [[bfra-me--ha-addon-repository]] should be re-surveyed to confirm whether they have followed to v0.47.0. + +Sources: https://github.com/bfra-me/works (SHA cd4a52d7d9ad59c8770784d9411d688e9a7d50db) + +## [2026-05-31 08:27] ingest | repo:bfra-me/works + +Surveyed bfra-me/works and updated the control-plane wiki. + +Sources: https://github.com/bfra-me/works diff --git a/knowledge/wiki/repos/bfra-me--works.md b/knowledge/wiki/repos/bfra-me--works.md index 55a75ba15..4b9450664 100644 --- a/knowledge/wiki/repos/bfra-me--works.md +++ b/knowledge/wiki/repos/bfra-me--works.md @@ -2,11 +2,14 @@ type: repo title: bfra-me/works created: 2026-05-20 -updated: 2026-05-20 +updated: 2026-05-31 sources: - url: https://github.com/bfra-me/works sha: ef14b26085dab318fffad1b6c3062292f8ae60b8 accessed: 2026-05-20 + - url: https://github.com/bfra-me/works + sha: cd4a52d7d9ad59c8770784d9411d688e9a7d50db + accessed: 2026-05-31 tags: [ bfra-me, @@ -53,14 +56,14 @@ automation actions), `bfra-me/works` is the **shared library plane**. - **License:** MIT - **Default branch:** `main` - **Created:** 2020-10-27 -- **Last push:** 2026-05-20 +- **Last push:** 2026-05-31 - **Topics:** `bfra-me`, `works`, `components`, `semantic-release`, `tools`, `tsconfig` - **Stars:** 3 -- **Open issues / PRs:** 38 / 1 (2026-05-20) -- **Latest release:** `@bfra.me/workspace-analyzer@0.2.8` (2026-05-16) +- **Open issues / PRs:** 38 / 2 (2026-05-31) +- **Latest release:** `@bfra.me/workspace-analyzer@0.2.8` (2026-05-16) — unchanged - **Primary language:** TypeScript (~99%) - **Node:** 24.15.0 (`.node-version`) — packages target ES2022+/Node 20+ -- **Package manager:** pnpm 10.33.4 +- **Package manager:** pnpm 10.34.1 (was 10.33.4 on 2026-05-20) - **TypeScript:** 6.0.3, strict (`noUncheckedIndexedAccess`) - **Root package:** `@bfra.me/works` v0.0.0-development (private) @@ -180,9 +183,9 @@ Surface area: when package READMEs, sources, or `package.json` files change. Has a `dry-run` dispatch input. - **`renovate.yaml`** — calls reusable - `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.18` after the - Release workflow succeeds, with `log-level` and `print-config` - dispatch inputs. + `bfra-me/.github/.github/workflows/renovate.yaml@v4.16.21` (bumped + from `v4.16.18` on 2026-05-20) after the Release workflow succeeds, + with `log-level` and `print-config` dispatch inputs. - **`renovate-changeset.yaml`** — auto-generates changesets for `bfra-me[bot]` / `renovate[bot]` PRs. Triggers on `merge_group`, `pull_request_target`, and `workflow_dispatch`. Uses @@ -205,8 +208,13 @@ setup and cache restoration. ## Fro Bot Integration `bfra-me/works` runs a **single-file three-mode Fro Bot** at -`fro-bot/agent@b97877b2 # v0.44.2` — parity with [[bfra-me--github]], -ahead of most other ecosystem repos (commonly `v0.41.x`–`v0.43.x`). +`fro-bot/agent@54ee8140 # v0.47.0` (as of 2026-05-31) — parity with +[[bfra-me--github]], ahead of most other ecosystem repos. The pin +advanced v0.44.2 → v0.46.1 (#3503) → v0.47.0 (#3510) in a single day +on 2026-05-30, alongside PR #3491 ("Fix Fro Bot mode/prompt +resolution for dispatch and reusable runs") which patched the inline +shell mode resolution for `workflow_dispatch` and `workflow_call` +paths. ### Triggers @@ -348,7 +356,8 @@ create a new report per cycle. ## Renovate - `.github/renovate.json5` extends: - - `github>bfra-me/.github:internal.json5#v4.16.18` (org baseline) + - `github>bfra-me/.github:internal.json5#v4.16.21` (org baseline; was + `#v4.16.18` on 2026-05-20) - `github>sanity-io/renovate-config:semantic-commit-type` - `security:minimumReleaseAgeNpm` - `addLabels: ['{{{parentDir}}}']` auto-labels by directory (clean @@ -421,11 +430,12 @@ Release pipeline: ## Cross-Repo Relationships - **[[bfra-me--github]]** — the org control plane. Provides the - reusable workflows this repo calls (`renovate.yaml@v4.16.18`, - `update-repo-settings.yaml@v4.16.0`), the `internal.json5` Renovate - baseline, and the `common-settings.yaml` Probot template. Both pin - `fro-bot/agent@v0.44.2`, making them the ecosystem's two leading - Fro Bot adopters. + reusable workflows this repo calls (`renovate.yaml@v4.16.21` as of + 2026-05-31, `update-repo-settings.yaml@v4.16.0`), the + `internal.json5` Renovate baseline, and the `common-settings.yaml` + Probot template. `bfra-me/works` is currently leading the agent pin + at `v0.47.0`; sibling repos should be re-surveyed to confirm whether + the org control plane and HA add-on template have followed. - **[[bfra-me--ha-addon-repository]]** — sibling `bfra-me` org repo. Shares the `Daily Autohealing Report` single-issue rolling-update convention, and also extends `.github:common-settings.yaml`. @@ -461,3 +471,4 @@ Release pipeline: | Date | SHA | Notes | | ---------- | --------- | ---------------------------------------------------------------------------------------------- | | 2026-05-20 | `ef14b26` | Initial survey. `fro-bot/agent@v0.44.2`, 11 workflows, 8 published packages + docs site, manypkg-enforced workspace protocol. | +| 2026-05-31 | `cd4a52d` | Re-survey. `fro-bot/agent` v0.44.2 → v0.47.0 (via v0.46.1, same day 2026-05-30). PR #3491 patched dispatch/reusable-call mode resolution in the inline shell. `bfra-me/.github` reusable workflows + `internal.json5` baseline v4.16.18 → v4.16.21. pnpm 10.33.4 → 10.34.1. Published package versions unchanged. Workflow inventory, package layout, Probot settings, branch protection, build/release pipeline all identical. Open PRs 1 → 2. | From 91aeb578fe2802a1f0cf2c241b2d599dc54eb914 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 31 May 2026 01:28:03 -0700 Subject: [PATCH 75/77] chore(reconcile): record survey success for bfra-me/works --- metadata/repos.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index d42bbcaec..245ed870a 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -314,12 +314,12 @@ repos: name: works added: 2026-05-18 onboarding_status: onboarded - last_survey_at: 2026-05-20 + last_survey_at: 2026-05-31 last_survey_status: success has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-22 + next_survey_eligible_at: 2026-07-02 private: false node_id: MDEwOlJlcG9zaXRvcnkzMDc1NzM1OTE= - owner: marcusrbrown From dfbf2b868e81ca877c44e53f6c49ecc1b8983880 Mon Sep 17 00:00:00 2001 From: Fro Bot <80104189+fro-bot@users.noreply.github.com> Date: Sun, 31 May 2026 01:28:13 -0700 Subject: [PATCH 76/77] chore(reconcile): record survey failure for bfra-me/renovate-action --- metadata/repos.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 245ed870a..19ad439fe 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -302,12 +302,12 @@ repos: name: renovate-action added: 2026-05-18 onboarding_status: onboarded - last_survey_at: 2026-05-20 - last_survey_status: success + last_survey_at: 2026-05-31 + last_survey_status: failure has_fro_bot_workflow: true has_renovate: true discovery_channel: collab - next_survey_eligible_at: 2026-06-19 + next_survey_eligible_at: 2026-07-03 private: false node_id: R_kgDOKWu8zQ - owner: bfra-me From 07d2aa8d7c595db7168a3e586e6fdb9a36895eea Mon Sep 17 00:00:00 2001 From: fro-bot <80104189+fro-bot@users.noreply.github.com> Date: Mon, 1 Jun 2026 03:04:11 +0000 Subject: [PATCH 77/77] chore(metadata): remove stale private-repo orphans blocking data promotion Drop the two private-repo orphan entries (node_id R_kgDOSVJgdw and R_kgDOSZ9x-w) already deleted from main in #3394. They were the privacy gate violations blocking the data->main promotion in #3396. repos.yaml now holds 26 entries with zero private: true. --- metadata/repos.yaml | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/metadata/repos.yaml b/metadata/repos.yaml index 19ad439fe..19351694f 100644 --- a/metadata/repos.yaml +++ b/metadata/repos.yaml @@ -214,18 +214,6 @@ repos: next_survey_eligible_at: 2026-06-23 private: false node_id: R_kgDOSKIp0Q - - owner: '[REDACTED]' - name: R_kgDOSVJgdw - added: 2026-05-05 - onboarding_status: pending - last_survey_at: 2026-05-06 - last_survey_status: success - has_fro_bot_workflow: true - has_renovate: true - discovery_channel: collab - next_survey_eligible_at: 2026-06-08 - private: true - node_id: R_kgDOSVJgdw - owner: fro-bot name: agent added: 2026-05-07 @@ -262,18 +250,6 @@ repos: next_survey_eligible_at: 2026-06-08 private: false node_id: R_kgDORLx6ew - - owner: '[REDACTED]' - name: R_kgDOSZ9x-w - added: 2026-05-13 - onboarding_status: pending - last_survey_at: null - last_survey_status: null - has_fro_bot_workflow: true - has_renovate: false - discovery_channel: collab - next_survey_eligible_at: null - private: true - node_id: R_kgDOSZ9x-w - owner: bfra-me name: .github added: 2026-05-18