fix(agent_loop): prevent infinite catch-up merge retry and wrong issue closure

Two bugs fixed: 1. Catch-up scan (section 2b) called _merge_pr and immediately returned, claiming success even when fgj exits 0 but the merge silently failed (e.g. branch-protection rules not satisfied). PR #163 was retried 30+ times in a row because the PR stayed open after each attempt. Fix: verify the PR is no longer open after the merge call; if it is still open, set the issue to State/Question instead of looping forever. 2. ci-fix agents wrote "Closes #198" in commit messages, causing Forgejo to auto-close issue #198 ("Unable to load asset: assets/changelog.txt") even though the commit only fixed the unrelated Play Store upload. Fix: both ci-fix prompts now explicitly forbid issue-number references in commit messages and close operations. Also save ci_run_id_at_start in the ci-fix state (was only done for issue agents) so future guard logic can compare run IDs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: merge orphaned issue PRs whose CI passed but state was cleared (#200 )
2026-05-24 10:48:00 +02:00 · 2026-05-24 08:49:33 +02:00 · 2026-05-24 08:46:29 +02:00 · 2026-05-24 08:24:50 +02:00 · 2026-05-24 08:04:54 +02:00
6 changed files with 67 additions and 71 deletions
@@ -156,7 +156,6 @@ jobs:
        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
@@ -198,7 +197,6 @@ jobs:
        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          DAGGER_NO_NAG: "1"
@@ -240,7 +238,6 @@ jobs:
        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          DAGGER_NO_NAG: "1"
@@ -202,8 +202,6 @@ jobs:
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
-          printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
-          chmod 644 ~/.ssh/known_hosts

      - name: Build Linux release
        run: |
@@ -217,20 +215,20 @@ jobs:
          REMOTE_DIR="public_html/builds/$DATE_PATH"
          TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
          tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-          ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-          scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+          ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+          scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
          DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
-          EXISTING=$(ssh "$SSH_USER@$SSH_HOST" \
+          EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" \
            "cat public_html/latest.json 2>/dev/null || echo '{}'")
          WINDOWS_URL=$(echo "$EXISTING" | \
            python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" \
            2>/dev/null || true)
          if [ -n "$WINDOWS_URL" ]; then
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          else
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          fi

      - name: Generate build history pages
@@ -246,5 +244,6 @@ jobs:
          rsync -avz --delete \
            --exclude='*.apk' \
            --exclude='*.tar.gz' \
+            -e "ssh -o StrictHostKeyChecking=no" \
            website/public/ \
            "$SSH_USER@$SSH_HOST:public_html/"
@@ -215,10 +215,8 @@ tasks:
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"

  build-android-bundle:
    desc: Build AAB via Dagger (cached, versionCode=1 placeholder) and export locally
@@ -253,24 +251,17 @@ tasks:
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
      - sh: test -n "$ANDROID_KEYSTORE_BASE64"
        msg: "ANDROID_KEYSTORE_BASE64 is not set"
      - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
        msg: "ANDROID_KEYSTORE_PASSWORD is not set"
    cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"

  publish-website:
    desc: Build and publish website via Dagger
-    preconditions:
-      - sh: test -n "$SSH_PRIVATE_KEY"
-        msg: "SSH_PRIVATE_KEY is not set"
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
-      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
+      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key file:$HOME/.ssh/id_ed25519 --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"

  check-dagger:
    desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
@@ -382,29 +373,25 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
-        mkdir -p ~/.ssh
-        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
        tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
        # Merge with any existing latest.json so we don't overwrite the windows key
-        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        WINDOWS_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" 2>/dev/null || true)
        if [ -n "$WINDOWS_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $TARBALL and updated latest.json"

@@ -429,28 +416,24 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
-        mkdir -p ~/.ssh
-        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        ZIPFILE="sharedinbox-windows-x64-$HASH.zip"
        cd build/windows/x64/runner && zip -r /tmp/$ZIPFILE Release/ && cd -
-        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
+        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp -o StrictHostKeyChecking=no /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$ZIPFILE"
-        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        LINUX_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('linux',''))" 2>/dev/null || true)
        if [ -n "$LINUX_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$LINUX_URL\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $ZIPFILE and updated latest.json"

@@ -600,18 +583,14 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
-        mkdir -p ~/.ssh
-        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        APK_NAME="sharedinbox-mua-$HASH.apk"
-        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp \
+        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp -o StrictHostKeyChecking=no \
          build/app/outputs/flutter-apk/app-release.apk \
          "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$APK_NAME"
        echo "Uploaded $APK_NAME to $REMOTE_DIR"
@@ -640,16 +619,12 @@ tasks:
  website-deploy:
    desc: Deploy the website via rsync to public_html
    deps: [website-build]
-    preconditions:
-      - sh: test -n "$SSH_KNOWN_HOSTS"
-        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
-        mkdir -p ~/.ssh
-        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        rsync -avz --delete \
          --exclude='*.apk' \
          --exclude='*.tar.gz' \
+          -e "ssh -o StrictHostKeyChecking=no" \
          website/public/ \
          ${SSH_USER}@${SSH_HOST}:public_html/

@@ -318,13 +318,12 @@ func (m *Ci) Hugo() *dagger.Container {
 }

 // Deploy container for rsync/ssh
-func (m *Ci) Deployer(sshKey *dagger.Secret, knownHosts *dagger.Secret) *dagger.Container {
+func (m *Ci) Deployer(sshKey *dagger.Secret) *dagger.Container {
 	return dag.Container().
 		From("alpine:3.21").
 		WithExec([]string{"apk", "--no-cache", "add", "rsync", "openssh-client", "python3", "tar"}).
 		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
-		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
-		WithEnvVariable("RSYNC_RSH", "ssh -i /root/.ssh/id_ed25519")
+		WithEnvVariable("RSYNC_RSH", "ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519")
 }

 // Stalwart mail server service for backend and integration tests.
@@ -515,7 +514,6 @@ func (m *Ci) Check(ctx context.Context) (string, error) {
 func (m *Ci) GenerateBuildHistory(
 	ctx context.Context,
 	sshKey *dagger.Secret,
-	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) *dagger.Directory {
@@ -527,7 +525,7 @@ func (m *Ci) GenerateBuildHistory(
 		From("python:3.12-alpine").
 		WithExec([]string{"apk", "add", "--no-cache", "openssh-client"}).
 		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
-		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
+		WithExec([]string{"chmod", "700", "/root/.ssh"}).
 		WithEnvVariable("SSH_USER", sshUser).
 		WithEnvVariable("SSH_HOST", sshHost).
 		WithDirectory("/src", scriptSource).
@@ -540,11 +538,10 @@ func (m *Ci) GenerateBuildHistory(
 func (m *Ci) BuildWebsite(
 	ctx context.Context,
 	sshKey *dagger.Secret,
-	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) *dagger.Directory {
-	buildHistory := m.GenerateBuildHistory(ctx, sshKey, knownHosts, sshUser, sshHost)
+	buildHistory := m.GenerateBuildHistory(ctx, sshKey, sshUser, sshHost)

 	websiteSource := m.Source.Filter(dagger.DirectoryFilterOpts{
 		Include: []string{"website/"},
@@ -561,13 +558,12 @@ func (m *Ci) BuildWebsite(
 func (m *Ci) PublishWebsite(
 	ctx context.Context,
 	sshKey *dagger.Secret,
-	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) (string, error) {
-	public := m.BuildWebsite(ctx, sshKey, knownHosts, sshUser, sshHost)
+	public := m.BuildWebsite(ctx, sshKey, sshUser, sshHost)

-	return m.Deployer(sshKey, knownHosts).
+	return m.Deployer(sshKey).
 		WithDirectory("/public", public).
 		WithExec([]string{"rsync", "-avz", "--delete",
 			"--exclude=*.apk", "--exclude=*.tar.gz",
@@ -593,7 +589,6 @@ func (m *Ci) BuildLinuxRelease() *dagger.Directory {
 func (m *Ci) DeployLinux(
 	ctx context.Context,
 	sshKey *dagger.Secret,
-	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 	commitHash string,
@@ -604,11 +599,11 @@ func (m *Ci) DeployLinux(
 	remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
 	tarball := fmt.Sprintf("sharedinbox-linux-amd64-%s.tar.gz", commitHash)

-	return m.Deployer(sshKey, knownHosts).
+	return m.Deployer(sshKey).
 		WithDirectory("/bundle", bundle).
 		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("tar -czf /tmp/%s -C /bundle .", tarball)}).
-		WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
-		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
+		WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
+		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
 		Stdout(ctx)
 }

@@ -631,7 +626,6 @@ func (m *Ci) BuildAndroidApk(keystoreBase64 *dagger.Secret, keystorePassword *da
 func (m *Ci) DeployApk(
 	ctx context.Context,
 	sshKey *dagger.Secret,
-	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 	commitHash string,
@@ -645,10 +639,10 @@ func (m *Ci) DeployApk(
 	remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
 	apkName := fmt.Sprintf("sharedinbox-mua-%s.apk", commitHash)

-	return m.Deployer(sshKey, knownHosts).
+	return m.Deployer(sshKey).
 		WithFile("/tmp/app.apk", apk).
-		WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
-		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
+		WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
+		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
 		Stdout(ctx)
 }

@@ -509,6 +509,9 @@ def _run_loop() -> int:
                    "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
                    "Identify the failure, fix it, commit, and push to the same branch. "
                    "Do NOT push to main, do NOT close the issue, do NOT merge the PR. "
+                    "Do NOT reference any issue numbers in commit messages "
+                    "(no 'closes #N', 'fixes #N', or similar) — auto-closing the wrong "
+                    "issue via a commit message would be a bug. "
                    "Verify locally with 'task check' before pushing. "
                    "When done, stop."
                )
@@ -597,7 +600,26 @@ def _run_loop() -> int:

        if pr_run and pr_run.get("status") == "success":
            print(f"Catch-up: CI passed on PR #{pr_number} ({pr_url}) — merging.")
-            _merge_pr(pr_number)
+            try:
+                _merge_pr(pr_number)
+            except RuntimeError as e:
+                print(f"Catch-up: merge of PR #{pr_number} failed: {e} — skipping.")
+                continue
+            # Verify the merge actually happened; fgj can exit 0 without merging
+            # (e.g. branch-protection rules not satisfied).
+            if _find_pr_for_branch(branch):
+                print(
+                    f"Catch-up: PR #{pr_number} is still open after merge attempt "
+                    "— skipping to avoid infinite retry."
+                )
+                if issue_num:
+                    _set_labels(issue_num, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
+                    _comment_issue(
+                        issue_num,
+                        f"Automatic merge of PR #{pr_number} failed (PR is still open "
+                        "after the merge command). Please merge manually.",
+                    )
+                continue
            if issue_num:
                _close_issue(issue_num)
                print(f"Merged PR #{pr_number} and closed issue #{issue_num}.")
@@ -622,10 +644,16 @@ def _run_loop() -> int:
            "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
            "Identify the failure, fix it, commit, and push. "
            "Verify locally with 'task check' before pushing. "
+            "Do NOT push to main. "
+            "Do NOT reference any issue numbers in commit messages "
+            "(no 'closes #N', 'fixes #N', or similar) — this is a CI fix, "
+            "not an issue fix, and auto-closing the wrong issue would be a bug. "
+            "Do NOT close any issues. "
            "When done, stop."
        )
        pid = _start_agent(prompt, "ci-fix")
-        _write_state(pid, pending_issue, "ci-fix", session_name="ci-fix")
+        _write_state(pid, pending_issue, "ci-fix", session_name="ci-fix",
+                     ci_run_id=run["id"] if run else None)
        return 0

    # CI is ok (or no run).
@@ -33,6 +33,9 @@ def list_remote_files(ssh_user: str, ssh_host: str, pattern: str) -> list[str]:
    result = subprocess.run(
        [
            "ssh",
+            "-v",
+            "-o", "StrictHostKeyChecking=no",
+            "-i", "/root/.ssh/id_ed25519",
            f"{ssh_user}@{ssh_host}",
            f"find {REMOTE_BUILDS_DIR} -name '{pattern}' -type f | sort",
        ],
Author	SHA1	Message	Date
Thomas SharedInboxandClaude Sonnet 4.6	d0973fafbf	fix(agent_loop): prevent infinite catch-up merge retry and wrong issue closure Two bugs fixed: 1. Catch-up scan (section 2b) called _merge_pr and immediately returned, claiming success even when fgj exits 0 but the merge silently failed (e.g. branch-protection rules not satisfied). PR #163 was retried 30+ times in a row because the PR stayed open after each attempt. Fix: verify the PR is no longer open after the merge call; if it is still open, set the issue to State/Question instead of looping forever. 2. ci-fix agents wrote "Closes #198" in commit messages, causing Forgejo to auto-close issue #198 ("Unable to load asset: assets/changelog.txt") even though the commit only fixed the unrelated Play Store upload. Fix: both ci-fix prompts now explicitly forbid issue-number references in commit messages and close operations. Also save ci_run_id_at_start in the ci-fix state (was only done for issue agents) so future guard logic can compare run IDs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 10:48:00 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	7310568157	fix: merge orphaned issue PRs whose CI passed but state was cleared (#200 ) Add catch-up scan in agent_loop that finds all open issue-N-fix PRs and merges those with passed CI, using event-filtered API query (limit=50) to cover weeks of history instead of the previous ~1.5 h window. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 08:49:33 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	a569177637	fix: treat MissingPluginException from secure storage as permanent sync error (#200 ) When flutter_secure_storage's platform channel is unavailable (e.g. on certain Android devices), getPassword() throws MissingPluginException. Previously this was not recognised as a permanent error, so the IMAP and JMAP sync loops retried indefinitely with exponential back-off, filling the sync log with repeated failures (as shown in the screenshot). Treat MissingPluginException as a permanent error in both _AccountSync and _JmapAccountSync so the loop stops immediately instead of retrying. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 08:46:29 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	375fd5d914	ci: skip jobs when unrelated files change, skip Android/Linux when paths unchanged (#144 ) - ci.yml: add paths filters to push and pull_request triggers so the full Dagger check only runs when source-relevant files change (lib/, test/, android/, linux/, scripts/, ci/, Taskfile.yml, etc.). Pure website, docs, and assets/changelog.txt commits no longer trigger ci.yml. - deploy.yml: add check-changes job that diffs HEAD~1..HEAD and outputs android/linux booleans. On workflow_dispatch both are always true. test-android-firebase, deploy-playstore, and deploy-apk are now conditional on android==true; build-linux is conditional on linux==true. label-deploy-health only fires when at least one build job actually ran (not all skipped) and treats 'skipped' as acceptable in ALL_SUCCEEDED. - ci/main.go Graph(): update Mermaid diagram to reflect the new two- workflow structure (ci.yml fast-check + deploy.yml with change-gated jobs). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 08:24:50 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	7ece6f09e5	feat: make sharedinbox.de heading a link and add git commit row to about table (#199 ) - Wrap the '## sharedinbox.de' heading in a markdown hyperlink to https://sharedinbox.de - Add a dedicated 'Git Commit' table row with a clickable link to the commit on Codeberg when GIT_HASH is set - Update clipboard test to assert the heading link is present in copied markdown Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 08:04:54 +02:00