charles/claude-hooks

Fork

You've already forked claude-hooks

Code Issues 4 Pull requests Projects Releases Packages 1 Wiki Activity Actions

feat(foreman): multi-repo — read/write specs in any configured repo, not just cwd #254

New issue

Closed

opened 2026-04-21 18:02:36 +00:00 by claude-desktop · 1 comment

claude-desktop commented

2026-04-21 18:02:36 +00:00

Collaborator

Copy link

User story

As an operator of a multi-repo claude-hooks deployment, I want the foreman to be able to read specs, write specs, and @file-mention files from any repo in config.repos — not just the checkout it runs in — so I can draft and break down work for charles/proxmox-iac (or any other watched repo) from the same Planner UI.

Today process.cwd() scopes every file operation to the claude-hooks source tree. The service already watches multiple repos via the webhook layer; the foreman is the only surface still hardcoded to one.

Dependencies

Blocked by the Penpot mockup ticket (sibling). Ship against the approved visual for the repo picker + session chip.

Acceptance criteria

Session state

The foreman_sessions table (or wherever the SQLite schema lives — likely apps/server/src/foreman.ts) gains a repo TEXT NOT NULL column. Migration fills existing rows with the first entry from cfg.repos (or charles/claude-hooks as a sentinel).
New sessions default to cfg.repos[0] unless the POST /foreman/chat body overrides it. Overrides must be validated against cfg.repos — 400 on unknown repo.

Endpoints

GET /foreman/files?repo=owner/name — when repo equals the cwd repo, scan the local filesystem as today. Otherwise use the Forgejo content API (GET /repos/{owner}/{repo}/contents/specs) with the foreman's token. 403 when !cfg.repos.includes(repo).
GET /foreman/file-content?repo=owner/name&path=specs/foo.md — same split (local fs vs. Forgejo content API). Returns { path, content, sha }.
POST /foreman/save gains a repo field — when it's the cwd repo, write to disk + commit via git (current behavior). Otherwise go through Forgejo create_file / update_file with the foreman identity. Commit message convention: spec(foreman): update specs/<name>.md via Planner.
POST /foreman/chat — accepts repo in the body; stores on session. Each turn's prompt is augmented with a line like Active repo: <owner>/<name> so the foreman knows the context.

Tool allowlist / canUseTool rails

Extend foreman.ts::buildForemanSdkOptions canUseTool hook: block any mcp__forgejo__* call whose owner+repo args don't match the active session's repo. Keeps a compromised prompt from leaking into other repos the foreman's token can reach.

UI

Repo picker implemented per the mockup (session header + new-session empty state).
Sidebar session rows render the small repo chip.
@file autocomplete scopes to the active repo.
Switching the active repo mid-session posts a system line in the transcript.

Verification

Unit test in apps/server/src/foreman.test.ts — POST /foreman/chat with repo: "charles/proxmox-iac", assert the stored session row carries that repo, assert the Forgejo content API is called (mocked) rather than local fs.
Unit test for 403 on cfg.repos-mismatched repo.
Manual: start a session, pick charles/proxmox-iac, @ an existing spec from that repo, confirm it inlines. Save a new spec via the editor; verify the file landed in Forgejo (not on disk).

Out of scope

Checkout / git-level access to non-cwd repos — foreman doesn't clone, it uses the Forgejo content API. If future skills need real worktrees there, file a follow-up; the boss/dev/reviewer fleet already clones per-dispatch.
Multi-repo /breakdown dispatch — already works; /breakdown takes repo as a parameter and validates against cfg.repos.
Cross-repo dependency-graph view — covered by the dep-DAG tickets.

References

apps/server/src/foreman.ts — file endpoints + session handlers.
apps/server/src/main.ts::handleForemanConfig — already returns repos on /foreman/config; UI just needs to wire it.
apps/server/src/forgejo-api.ts — contains getFileContent, may need a createFile / updateFile wrapper if not already present.
apps/web/src/lib/foreman.ts — client-side fetch helpers to extend with the repo param.
Companion mockup ticket — blocker.

## User story As an operator of a multi-repo claude-hooks deployment, I want the **foreman** to be able to read specs, write specs, and `@file`-mention files from **any** repo in `config.repos` — not just the checkout it runs in — so I can draft and break down work for `charles/proxmox-iac` (or any other watched repo) from the same Planner UI. Today `process.cwd()` scopes every file operation to the claude-hooks source tree. The service already watches multiple repos via the webhook layer; the foreman is the only surface still hardcoded to one. ## Dependencies - **Blocked by the Penpot mockup ticket** (sibling). Ship against the approved visual for the repo picker + session chip. ## Acceptance criteria ### Session state - [ ] The `foreman_sessions` table (or wherever the SQLite schema lives — likely `apps/server/src/foreman.ts`) gains a `repo TEXT NOT NULL` column. Migration fills existing rows with the first entry from `cfg.repos` (or `charles/claude-hooks` as a sentinel). - [ ] New sessions default to `cfg.repos[0]` unless the POST /foreman/chat body overrides it. Overrides must be validated against `cfg.repos` — 400 on unknown repo. ### Endpoints - [ ] `GET /foreman/files?repo=owner/name` — when `repo` equals the cwd repo, scan the local filesystem as today. Otherwise use the Forgejo content API (`GET /repos/{owner}/{repo}/contents/specs`) with the foreman's token. 403 when `!cfg.repos.includes(repo)`. - [ ] `GET /foreman/file-content?repo=owner/name&path=specs/foo.md` — same split (local fs vs. Forgejo content API). Returns `{ path, content, sha }`. - [ ] `POST /foreman/save` gains a `repo` field — when it's the cwd repo, write to disk + commit via git (current behavior). Otherwise go through Forgejo `create_file` / `update_file` with the foreman identity. Commit message convention: `spec(foreman): update specs/<name>.md via Planner`. - [ ] `POST /foreman/chat` — accepts `repo` in the body; stores on session. Each turn's prompt is augmented with a line like `Active repo: <owner>/<name>` so the foreman knows the context. ### Tool allowlist / canUseTool rails - [ ] Extend `foreman.ts::buildForemanSdkOptions` `canUseTool` hook: block any `mcp__forgejo__*` call whose `owner`+`repo` args don't match the active session's repo. Keeps a compromised prompt from leaking into other repos the foreman's token can reach. ### UI - [ ] Repo picker implemented per the mockup (session header + new-session empty state). - [ ] Sidebar session rows render the small repo chip. - [ ] `@file` autocomplete scopes to the active repo. - [ ] Switching the active repo mid-session posts a system line in the transcript. ### Verification - [ ] Unit test in `apps/server/src/foreman.test.ts` — POST /foreman/chat with `repo: "charles/proxmox-iac"`, assert the stored session row carries that repo, assert the Forgejo content API is called (mocked) rather than local fs. - [ ] Unit test for 403 on `cfg.repos`-mismatched `repo`. - [ ] Manual: start a session, pick `charles/proxmox-iac`, `@` an existing spec from that repo, confirm it inlines. Save a new spec via the editor; verify the file landed in Forgejo (not on disk). ## Out of scope - Checkout / git-level access to non-cwd repos — foreman doesn't clone, it uses the Forgejo content API. If future skills need real worktrees there, file a follow-up; the boss/dev/reviewer fleet already clones per-dispatch. - Multi-repo `/breakdown` dispatch — already works; `/breakdown` takes `repo` as a parameter and validates against `cfg.repos`. - Cross-repo dependency-graph view — covered by the dep-DAG tickets. ## References - `apps/server/src/foreman.ts` — file endpoints + session handlers. - `apps/server/src/main.ts::handleForemanConfig` — already returns `repos` on /foreman/config; UI just needs to wire it. - `apps/server/src/forgejo-api.ts` — contains `getFileContent`, may need a `createFile` / `updateFile` wrapper if not already present. - `apps/web/src/lib/foreman.ts` — client-side fetch helpers to extend with the `repo` param. - Companion mockup ticket — blocker.

claude-desktop added the

area:agents

type:user-story

labels

2026-04-21 18:02:42 +00:00

code-lead added a new dependency

2026-04-21 18:02:45 +00:00

#253 design(planner): Penpot mockup — foreman multi-repo repo picker

code-lead self-assigned this

2026-04-21 21:49:11 +00:00

code-lead commented

2026-04-21 21:49:11 +00:00

Collaborator

Copy link

🤖 Auto-assigned to boss (heuristic: area:agents → boss (architecture-touching)). Reply /unassign to reroute.

🤖 Auto-assigned to **boss** (heuristic: area:agents → boss (architecture-touching)). Reply `/unassign` to reroute.

charles referenced this issue from a commit

2026-04-22 15:53:54 +00:00

feat(foreman): multi-repo — read/write specs in any configured repo (#254)

charles referenced this issue from a commit

2026-04-22 20:50:25 +00:00

fix(foreman): multi-repo spec reading and repo validation (#254)

charles referenced this issue from a pull request that will close it,

2026-04-22 20:50:34 +00:00

fix(foreman): multi-repo spec reading and repo validation (#254) #272

charles closed this issue

2026-04-22 20:58:20 +00:00

charles referenced this issue from a commit

2026-04-22 20:58:22 +00:00

fix(foreman): multi-repo spec reading and repo validation (#254) (#272)

No Branch/Tag specified

main

code-lead/1139

code-lead/1138

code-lead/1137

code-lead/1136

code-lead/1131

code-lead/1122

code-lead/1121

code-lead/1120

code-lead/1119

code-lead/1117

chore/sync-pre-push-from-forge-base

fix/flows-yaml-dispatch-identity

feat/board-tap-to-assign

dev/1107

code-lead/1106

code-lead/1108

dev/1104

code-lead/1103

code-lead/1080

dev/1087

feat/flows-yaml-ci-events

chore/board-drop-stalled-and-density-controls

fix/flows-yaml-routes-always-register

flows-yaml/api-defaults

dev/1023

fix/event-log-history-bleed

fix/janitor-fix-ci-logs-and-cap

dev/1022

fix/board-card-provider

code-lead/1036

dev/1025

code-lead/1020

dev/1017

code-lead/1026

feat/web-shortcut-registry-1018

dev/1015

code-lead/1009

code-lead/1008

dev/975

dev/969

dev/973

dev/967

code-lead/968

code-lead/953

dev/970

dev/976

code-lead/966

code-lead/956

code-lead/951

dev/962

dev/963

dev/977

dev/955

dev/983

dev/961

dev/974

code-lead/950

code-lead/939

dev/941

dev/940

dev/937

dev/938

dev/936

dev/935

feat/web-i18n-fr-locale

feat/spec-editor-ui-polish

chore/drop-legacy-compat

fix/skills-drop-preview-pane

fix/882-skills-safety-rail

dev/911

dev/909

dev/923

dev/917

dev/915

feat/879-sr11-m2-drop-legacy-skill

code-lead/873

dev/881

code-lead/869

dev/867

code-lead/845

code-lead/843

code-lead/844

dev/837

dev/861

dev/849

code-lead/837

code-lead/842

fix/dedup-rebase-inflight

dev/838

code-lead/847

dev/833

code-lead/848

pr/838

code-lead/841

feat/settings-save-bar/836

code-lead/840

dev/846

code-lead/839

dev/832

fix/board-sse-stale-cache

dev/834

dev/835

feat/settings-breadcrumbs

feat/forge-oauth-credentials

refactor/service-config-consolidation

feat/agent-tokens-to-secrets

feat/gitlab-oauth-to-db

feat/authelia-rip-and-voice-fixes

fix/rebase-storm-and-dead-letter

code-lead/797

code-lead/796

dev/811

code-lead/798

dev/810

code-lead/795

dev/808

code-lead/794

dev/805

dev/802

dev/803

feat/avatar-menu-settings-entry

feat/per-agent-token-tracking

dev/793

dev/747

dev/752

code-lead/790

code-lead/759

dev/756

dev/760

dev/741

dev/767

dev/740

dev/709

dev/644

dev/637

boss/614

dev/600

dev/611

dev/585

fix/login-bonus-fixes

boss/544

dev/542

refactor/api-prefix-and-session-gate

dev/489

boss/531

boss/518

dev/499

boss/516

dev/530

dev/517

dev/519

dev/515

dev/522

dev/503

dev/471

boss/329

dev/417

dev/418

dev/402

boss/327

dev/334

dev/332

boss/326

boss/325

dev/331

boss/324

boss/323

boss/322

dev/294

test/s11-task-analytics

dev/262

boss/270

dev/268

foreman/ui-consolidation-spec

dev/234

boss/196

boss/176

boss/164

fix/124-session-persist-bind

boss/52

dev/87

boss/73

dev/77

dev/81

dev/82

boss/79

dev/42

dev/35

boss/7

No results found.

Labels

Clear labels

area:agents

Agent types, pool scheduling, per-instance config

area:dashboard

Dashboard UI and observability surfaces

area:database

DB layer — schema, migrations, ORM, raw SQL

area:design

UI/UX mockup work — routes to designer agent

area:design-review

Design review dispatch — routes to design-reviewer agent

area:flows

Flow runner — YAML loader, executor, op registry, expression eval

area:infra

Deployment, isolation, containers, systemd units

area:meta

Tracking, scaffolding, project setup

area:security

Security — routes to reviewer-security (opus)

area:sessions

Session-id store, Claude SDK resume logic

area:webhook

Forgejo webhook routing and handlers

area:workdir

Clone cache, worktrees, git identity

security

Security-sensitive issue

Tracking or decisions, not implementation work

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

code-lead

2 participants

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Depends on

#253 design(planner): Penpot mockup — foreman multi-repo repo picker

charles/claude-hooks

Reference

charles/claude-hooks#254

Reference in a new issue

Repository

charles/claude-hooks

Title

Body

No description provided.

Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?

Rows
Columns