recipe-maintainers/project-orchestrator
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7cd0ab21706f48b7d0d87ecc8e634fe19b4cb429
project-orchestrator/memory/tangled-bot-and-repo-creation.md

2.2 KiB
Raw Blame History

name, description, metadata
name description metadata
tangled-bot-and-repo-creation notplants-bot bsky creds location + how to create a Tangled repo programmatically
node_type type originSessionId
memory reference 5c93c441-4896-4a82-9dc4-0f7f39db24f0

The Tangled bot account notplants-bot.bsky.social (DID did:plc:qfngkejlw4ghji2myc73hbdh, PDS https://auriporia.us-west.host.bsky.network). Its bsky password is in .secrets/notplants-bot.bsky.social.env in the PO repo — gitignored via /.secrets/, perms 600, never committed. (Consider rotating to an atproto app-password; the stored one looks like the main pw.)

Tangled networking gotcha: knots like knot1.tangled.sh are Cloudflare-fronted, so SSH (port 22) to a knot host is unreachable from this box, but HTTPS (443) works. Git push goes through the reachable SSH proxy git@tangled.org:<handle>/<repo> (which routes to the knot internally) — NOT directly to the knot. The tangled SSH proxy addresses repos by the owner's atproto identity/handle, not the knot-storage DID shown in clone URLs; "repo not found" over SSH means no access OR wrong owner identity, not necessarily nonexistent.

Create a repo programmatically as the bot (no CLI exists; this is what the web "+ new repo" does):

  1. com.atproto.server.createSession on the PDS → accessJwt, did.
  2. com.atproto.server.getServiceAuth?aud=did:web:knot1.tangled.sh&lxm=sh.tangled.repo.create&exp=<now+300> with Authorization: Bearer <accessJwt> → service-auth token.
  3. POST https://knot1.tangled.sh/xrpc/sh.tangled.repo.create (Bearer = service token, JSON {rkey,name,defaultBranch:"main"}) → {repoDid}. (Needs server:member on the knot; the bot already has it since it pushes existing repos there.)
  4. POST <PDS>/xrpc/com.atproto.repo.createRecord (Bearer = accessJwt) collection sh.tangled.repo, record {$type:"sh.tangled.repo", knot:"knot1.tangled.sh", name, description, createdAt, repoDid}.
  5. git push git@tangled.org:<bot-handle>/<rkey> main. (rkey = lowercased name.)

Repo created this way: https://tangled.org/notplants-bot.bsky.social/apertus-70b-instruct-2509-experiments (holds the opencode/Apertus-70B config). Related: tangled-mirrors.