The App installation token lacks contents:write, so creating the
pocketbase-sync/<slug> branch failed with 403 "Resource not accessible by
integration". Mirror the slash bot: run the CT-defaults branch/commit/PR
operations with the built-in GITHUB_TOKEN (workflow now requests
contents:write + pull-requests:write), while the App token still posts the
user-facing comments/reactions. ensureBranch/upsertCtDefaultsPr shadow
ghRequest with a GITHUB_TOKEN-authenticated ghDefault.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Trigger and all user-facing text now use @pocketbase-bot (the bare
@pocketbase handle collides with an existing account)
- Confirm flow only trusts a pocketbase-pending marker found in a comment
authored by this bot app (performed_via_github_app.id == PB_BOT_APP_ID),
preventing a forged-marker spoof; decoded operations are re-validated
against the field/op allow-lists before applying (shared sanitizeOperations)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds an isolated workflow that lets maintainers manage PocketBase script
records in plain English by mentioning @pocketbase in an issue/PR comment
(e.g. "@pocketbase change RAM to 4096 on zigbee2mqtt").
- Interprets the request with GitHub Models (built-in GITHUB_TOKEN + models:read)
- Posts under a dedicated GitHub App identity (PB_BOT_APP_ID/PB_BOT_APP_PRIVATE_KEY)
- Propose-then-confirm: replies with the parsed change set and a hidden marker;
applies only after "@pocketbase confirm"
- Reuses the slash bot's field/note/method allow-lists, validation, revalidate,
and CT-defaults sync PR logic; self-author guard prevents trigger loops
- Existing /pocketbase slash bot is untouched (triggers do not overlap)
Inert until the GitHub App is created and its two secrets are added.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Job gate uses contains() instead of startsWith() so comments with leading
text still trigger the bot
- Script scans all lines for the first one starting with /pocketbase, instead
of only reading line 0
- Command-line detection moved above the permission check so mid-sentence
mentions exit silently without a "not authorized" reply
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- close-new-script-prs: trigger on added script file OR label, exempt by
author_association (OWNER/MEMBER/COLLABORATOR) instead of team API
- close_issue_in_dev: match VED issues by derived slug, close all matches
- lock-issue: lock closed issues after 7 days instead of 3
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Update the node version drift check to count drift only when our script version is lower than upstream, so newer local versions no longer create false-positive drift issues.
Co-authored-by: Michel Roegl-Brunner <michel.roegl-brunner@example.com>
CLEAN_INSTALL wipes /opt/glance without restoring user config; back up and restore glance.yml around the prebuild deploy.
Co-authored-by: Cursor <cursoragent@cursor.com>
