|
| 1 | +# Every Code Local Poller |
| 2 | + |
| 3 | +`scripts/every-code-poller.sh` watches GitHub issues from this host and opens |
| 4 | +visible local Code sessions for issues that are ready for automation. |
| 5 | + |
| 6 | +The trigger contract has two parts: |
| 7 | + |
| 8 | +- Repository topic `every-code`: this repo is part of the local work queue. |
| 9 | +- Issue label `every-code`: this issue may be picked up by the local poller. |
| 10 | + |
| 11 | +The label must be applied by a trusted user. By default, trusted means the label |
| 12 | +actor has `write`, `maintain`, or `admin` permission on the repo. This keeps |
| 13 | +arbitrary issue authors from triggering local automation just by adding a label. |
| 14 | +If the poller cannot verify the label actor's permission, it marks the issue |
| 15 | +blocked and comments with the lookup error instead of silently skipping it. |
| 16 | +Users listed in `EVERY_CODE_TRUSTED_USERS` bypass the repo-permission check, so |
| 17 | +only put fully trusted automation or maintainer accounts there. |
| 18 | + |
| 19 | +The poller uses a `tmux` session named `every-code`. The `poller` window scans |
| 20 | +GitHub on an interval, and every claimed issue gets its own window named like |
| 21 | +`ec-owner-repo-123-...`. Job windows stay open after `code exec` finishes so the |
| 22 | +run can be inspected. |
| 23 | + |
| 24 | +## Commands |
| 25 | + |
| 26 | +```sh |
| 27 | +scripts/every-code-poller.sh start |
| 28 | +scripts/every-code-poller.sh attach |
| 29 | +scripts/every-code-poller.sh stop |
| 30 | +scripts/every-code-poller.sh once |
| 31 | +``` |
| 32 | + |
| 33 | +`start` creates the session if needed and attaches to it. `once` is useful for a |
| 34 | +manual scan without starting the loop. |
| 35 | + |
| 36 | +## Labels |
| 37 | + |
| 38 | +The script creates and maintains these labels in watched repos: |
| 39 | + |
| 40 | +- `every-code`: ready for local automation. |
| 41 | +- `every-code/working`: a local tmux window has claimed the issue. |
| 42 | +- `every-code/done`: `code exec` completed successfully. |
| 43 | +- `every-code/blocked`: local automation could not complete the issue. |
| 44 | + |
| 45 | +If this host has no checkout for a watched repo, the issue is marked blocked and |
| 46 | +a comment explains the missing checkout. By default, the checkout root is the |
| 47 | +parent directory of the repo where the script is run. The poller checks both |
| 48 | +`<root>/<repo-name>` and `<root>/<owner>/<repo-name>`. |
| 49 | + |
| 50 | +## Configuration |
| 51 | + |
| 52 | +Common environment overrides: |
| 53 | + |
| 54 | +```sh |
| 55 | +EVERY_CODE_OWNER=cbusillo # defaults to gh api user.login |
| 56 | +EVERY_CODE_CHECKOUT_ROOT=/path/to/checkouts # defaults to parent of current repo |
| 57 | +EVERY_CODE_POLL_INTERVAL_SECONDS=60 |
| 58 | +EVERY_CODE_MODEL=gpt-5.5 |
| 59 | +EVERY_CODE_SANDBOX=workspace-write |
| 60 | +EVERY_CODE_MAX_SECONDS=7200 |
| 61 | +EVERY_CODE_TRUSTED_PERMISSIONS=admin,maintain,write |
| 62 | +EVERY_CODE_TRUSTED_USERS=cbusillo,some-bot |
| 63 | +EVERY_CODE_LOCK_STALE_SECONDS=900 |
| 64 | +``` |
| 65 | + |
| 66 | +Use a maintainer-applied label as the approval step. Issue text is untrusted |
| 67 | +input, and the poller should not be run against arbitrary unlabeled issues. |
0 commit comments