recipe-maintainers/project-orchestrator
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

memory: Tangled bot creds location + programmatic repo-creation recipe

Browse Source 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01ALPo5Y86fzQjsALNZRSSG5
This commit is contained in:
mfowler
2026-06-23 19:55:01 +00:00
parent c18ac83daf
commit 7cd0ab2170
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
memory/MEMORY.md
View File

@ -2,3 +2,4 @@
- [Git identity / push creds](git-identity-local.md) — git.autonomic.zone push info lives in the active cc-ci project (/srv/cc-ci/.testenv); local git identity set on PO repo
- [Memory lives in repo](memory-in-repo.md) — memory/ is in the PO repo and git-tracked; ~/.claude memory path is a symlink to it
- [Tangled mirrors](tangled-mirrors.md) — agent-orchestrator + project-orchestrator mirrored to tangled.org (notplants DID); push via `tangled` remote + ~/.ssh/tangled-ed25519
- [Tangled bot + repo creation](tangled-bot-and-repo-creation.md) — notplants-bot bsky creds in gitignored .secrets/; recipe to create a Tangled repo via XRPC (SSH-to-knot blocked, use HTTPS + git@tangled.org proxy)

34
memory/tangled-bot-and-repo-creation.md Normal file
View File

@ -0,0 +1,34 @@
---
name: tangled-bot-and-repo-creation
description: notplants-bot bsky creds location + how to create a Tangled repo programmatically
metadata:
node_type: memory
type: reference
originSessionId: 5c93c441-4896-4a82-9dc4-0f7f39db24f0
---
The Tangled bot account `notplants-bot.bsky.social` (DID `did:plc:qfngkejlw4ghji2myc73hbdh`,
PDS `https://auriporia.us-west.host.bsky.network`). Its bsky password is in
`.secrets/notplants-bot.bsky.social.env` in the PO repo — **gitignored via `/.secrets/`**, perms 600,
never committed. (Consider rotating to an atproto app-password; the stored one looks like the main pw.)
**Tangled networking gotcha:** knots like `knot1.tangled.sh` are Cloudflare-fronted, so **SSH (port 22)
to a knot host is unreachable** from this box, but **HTTPS (443) works**. Git push goes through the
reachable SSH proxy `git@tangled.org:<handle>/<repo>` (which routes to the knot internally) — NOT
directly to the knot. The tangled SSH proxy addresses repos by the **owner's atproto identity/handle**,
not the knot-storage DID shown in clone URLs; "repo not found" over SSH means no access OR wrong owner
identity, not necessarily nonexistent.
**Create a repo programmatically as the bot** (no CLI exists; this is what the web "+ new repo" does):
1. `com.atproto.server.createSession` on the PDS → `accessJwt`, `did`.
2. `com.atproto.server.getServiceAuth?aud=did:web:knot1.tangled.sh&lxm=sh.tangled.repo.create&exp=<now+300>`
with `Authorization: Bearer <accessJwt>` → service-auth `token`.
3. `POST https://knot1.tangled.sh/xrpc/sh.tangled.repo.create` (Bearer = service token, JSON
`{rkey,name,defaultBranch:"main"}`) → `{repoDid}`. (Needs `server:member` on the knot; the bot
already has it since it pushes existing repos there.)
4. `POST <PDS>/xrpc/com.atproto.repo.createRecord` (Bearer = accessJwt) collection `sh.tangled.repo`,
record `{$type:"sh.tangled.repo", knot:"knot1.tangled.sh", name, description, createdAt, repoDid}`.
5. `git push git@tangled.org:<bot-handle>/<rkey> main`. (rkey = lowercased name.)
Repo created this way: `https://tangled.org/notplants-bot.bsky.social/apertus-70b-instruct-2509-experiments`
(holds the opencode/Apertus-70B config). Related: [[tangled-mirrors]].