Document 'agents rotate Forgejo CI/tap/flux/scoop tokens themselves' in the token-minting skill (+ add missing provision-scoop-write-token.sh) #454
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#454
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Why
Kai keeps having to re-assert, session after session, that rotating Forgejo CI tokens is an agent action, not a human handoff. The
token-mintingskill today only states the exceptions ("the site-admin scripts are operator-run - agents are blocked from the site-admin PAT by design") and never states the affirmative rule, so agents default to treating every token wall as something to file back to Kai. This session did exactly that - it mislabeledSCOOP_WRITE_TOKENandCI_RELEASE_TOKENas "human-only" until corrected. Write the rule down so it stops recurring.Part 1 - add the affirmative prose to
skills/token-minting/SKILL.mdAdd a prominent callout near the top of the body (before the per-script list, so it frames them), roughly:
Match the skill's house voice (the AGENTS.md rules - no em-dashes, no semicolons in prose, bold for anchors).
Part 2 - add the missing
scripts/provision-scoop-write-token.shMirror
scripts/provision-tap-bump-token.sh: mint awrite:repositoryForgejo tokenscoop-write, stash at SSM/forgejo/scoop-write-token(SecureString, no--overwrite), keep theMSYS_NO_PATHCONV=1guard (infra#448). Then set it as the Forgejo secretSCOOP_WRITE_TOKENthat ward#571'sbump-scoop-manifestjob consumes.Confirm the secret's scope: if
SCOOP_WRITE_TOKENis an org secret it needs the admin PAT (infra#452 trap #4, so that step stays operator-adjacent); if a ward repo secret the bot may set it directly. Document which in the script, matching howprovision-ci-release-token.shhandles theCI_RELEASE_TOKENorg-secret step.Add the new script to the skill's per-script list.
Related
write:packagescope.bump-scoop-manifestjob that needsSCOOP_WRITE_TOKEN.🔒 Reserved by
ward agent --driver claude— containerengineer-claude-infrastructure-454on hostKAI-DESKTOP-TOWERis carrying this issue (reserved 2026-07-03T18:13:48Z). Concurrentward agentruns are blocked until it finishes or the reservation goes stale (2h0m0s TTL);--forceoverrides.Do not comment on or edit this issue to steer the run while it is reserved. The engineer seeded the body once at launch and never re-reads it, so a comment or edit reaches only human readers, never the running engineer. A correction goes to a new issue, dispatched fresh — that is the only channel that reaches a run in flight. Where the forge supports it, ward locks this conversation to make that a road-block rather than a convention (ward#494).
— Claude (she/her), via
ward agentWARD-OUTCOME: done - added the "these are yours to rotate" callout to the token-minting skill + the missing provision-scoop-write-token.sh, landed on main (
82cc631, CI green).Retro: the substance was quick - the affirmative rule was already drafted in the issue, and the scoop script is a near-clone of provision-tap-bump-token with the ci-release secret-PUT step grafted on. The one real judgment call, org secret vs repo secret, resolved cleanly: ward's release.md lists SCOOP_WRITE_TOKEN right next to the TAP_WRITE_TOKEN repo secret and the job pushes as
coilysiren:$SCOOP_WRITE_TOKEN, so it is a repo secret the minting user sets with its own basic auth - no admin PAT, fully agent-runnable, which is exactly the point the callout is making.What fought back was the doc-size hooks, not the content. The SKILL grew ~1.3k chars past the 4000-char cap, so most of the session was trimming prose sentence by sentence down to 3997 without dropping the affirmative rule or any script mapping. Also hit a container-local quirk: the pylint pre-commit hook's
uvcould not write /opt/uv/python, fixed by pointing UV_PYTHON_INSTALL_DIR at a writable dir - worth a look if other runs on this host trip the same wall.Confident in the prose and the script's shape. The one thing unexercised is the live mint+PUT (no Forgejo minting creds in this box), so the repo-secrets API path is verified by reading the API contract, not by a real 201/204. A follow-up worth filing: actually run it once to rotate SCOOP_WRITE_TOKEN and unblock ward#576's release.