542ed0afe3
Persistent agent memories now live in memory/ in this repo; the Claude auto-memory path is symlinked here so future memories land in the repo and get committed like any other change.
1.8 KiB
name, description, metadata
| name | description | metadata | ||||||
|---|---|---|---|---|---|---|---|---|
| recipe-mirrors-public-org-blocker | Recipe mirrors are public repos but the recipe-maintainers ORG is private-visibility, so anon reads 404; bot can't flip the org |
|
As of 2026-06-09 all 21 recipe mirrors under recipe-maintainers were flipped private=false
(secret-scanned first), to power the Recipe Report's live PR-STATUS column via the tokenless
same-origin proxy report.ci.commoninternet.net/pr/<recipe>/<n> (shipped in cc-ci
nix/modules/reports.nix). BUT the org itself is visibility: private, which makes Gitea 404
all its repos for anonymous users — so the live STATUS column shows a muted "?" instead of open/✓.
Blocker: autonomic-bot cannot flip the org (PATCH /orgs/recipe-maintainers → 403 "Must be an
organization owner"; is_admin=false; the basic-auth credential lacks write:organization scope,
even though the bot is in the Owners team). Confirmed model: autonomic-cooperative is a public org
and its repos ARE anonymously visible; recipe-maintainers is private and they are not.
Why: the whole live-status feature is dark until this is resolved. Private repos stay hidden even
in a public org, so flipping the org public does NOT expose the four locked-private repos (cc-ci,
cc-ci-secrets, cc-ci-orchestrator, archived-cc-ci-orchestrator).
How to apply: operator (an org owner) must set recipe-maintainers org visibility to public
in the Gitea UI (Settings → make org public), OR provision a token with write:organization scope.
The instant that happens, the proxy returns 200 PR JSON and the column lights up — no redeploy needed.
Verify: curl https://report.ci.commoninternet.net/pr/cryptpad/5 should return PR JSON, not a 404.
Related: push-commits-to-remote.