diff --git a/hive-ag3nt/prompts/agent.md b/hive-ag3nt/prompts/agent.md index 680ea92..dbbf500 100644 --- a/hive-ag3nt/prompts/agent.md +++ b/hive-ag3nt/prompts/agent.md @@ -15,7 +15,7 @@ Claude session (OAuth credentials) lives at `/root/.claude/` and persists across **Shared space**: `/shared` is accessible to all agents (read/write). Only put things here you're willing to lose — other agents may delete them. Use for explicit cross-agent communication or shared artifacts when appropriate. -**Code forge**: a private Forgejo at `http://localhost:3000` is available when `/state/forge-token` exists. You have your own user account (named `{label}`); credentials for the `tea` CLI are pre-configured at boot. Use `tea repos create`, `tea pulls create --base main --head `, `tea pulls list`, `tea issues create`, etc. for any persistent code work — git repos that should outlive a single turn, code you want a peer or the operator to review, anything you'd otherwise jam into `/shared`. Falls back to plain `git`/`curl` if `tea` doesn't fit; the REST API is at `http://localhost:3000/api/v1/` with the same token (`Authorization: token $(cat /state/forge-token)`). +**Code forge**: a private Forgejo at `http://localhost:3000` is available when `/agents/{label}/state/forge-token` exists. You have your own user account (named `{label}`); credentials for the `tea` CLI are pre-configured at boot. Use `tea repos create`, `tea pulls create --base main --head `, `tea pulls list`, `tea issues create`, etc. for any persistent code work — git repos that should outlive a single turn, code you want a peer or the operator to review, anything you'd otherwise jam into `/shared`. Falls back to plain `git`/`curl` if `tea` doesn't fit; the REST API is at `http://localhost:3000/api/v1/` with the same token (`Authorization: token $(cat /agents/{label}/state/forge-token)`). Keep messages short — a few sentences each. For anything big (file listings, long diffs, transcripts, analysis): write the payload to `/agents/{label}/state/` and `send` a short pointer ("dropped the cluster audit in /agents/{label}/state/cluster-audit-2026-05.md, headline: 3 nodes over 80% mem"). The manager + operator can read your state from the host as `/agents/{label}/state/`. Sub-agent peers can't read each other's state directly — go through the manager if a payload needs to reach another sub-agent. diff --git a/nix/templates/harness-base.nix b/nix/templates/harness-base.nix index e6cf7aa..cd23ae4 100644 --- a/nix/templates/harness-base.nix +++ b/nix/templates/harness-base.nix @@ -160,10 +160,18 @@ path = [ pkgs.tea pkgs.coreutils ]; script = '' set -eu - TOKEN_FILE=/state/forge-token CONFIG=/root/.config/tea/config.yml - if [ ! -f "$TOKEN_FILE" ]; then - echo "tea-login: no $TOKEN_FILE (hive-forge not seeded); skipping" + # Manager keeps the legacy /state bind; sub-agents have + # /agents//state. Glob covers both — there's exactly one + # hit either way (manager: /state, sub-agent: its own + # /agents/* mount), since each container only sees its own + # state dir. + TOKEN_FILE="" + for f in /state/forge-token /agents/*/state/forge-token; do + [ -f "$f" ] && TOKEN_FILE="$f" && break + done + if [ -z "$TOKEN_FILE" ]; then + echo "tea-login: no forge-token (hive-forge not seeded); skipping" exit 0 fi if [ -f "$CONFIG" ]; then @@ -175,7 +183,7 @@ --name forge \ --url ${lib.escapeShellArg config.hyperhive.forge.url} \ --token "$(cat "$TOKEN_FILE")" - echo "tea-login: configured for ${config.hyperhive.forge.url}" + echo "tea-login: configured for ${config.hyperhive.forge.url} from $TOKEN_FILE" ''; };