Merge pull request #2 from sepo-agent/agent/install-agent-infra

Install Sepo agent infrastructure

Author: ryanyen2

.agent/CHANGELOG.md

@@ -0,0 +1,55 @@
+# Changelog
+
+## 0.3.0 - 2026-05-24
+
+### Added
+
+- First-class `/install` support with issue-backed install requests, target fork/branch helpers, source issue links, and guarded publish behavior.
+- Repository goal issue templates and orchestrator guidance for goal-backed parent work.
+- Read-only secondary GitHub token plumbing for explicit external repository inspection.
+- Direct `ANTHROPIC_API_KEY` support for Claude-backed runs, configurable agent model policy, and display-model controls.
+- Global `AGENT_ENABLED=false` pause guards across packaged Sepo agent workflows.
+
+### Changed
+
+- Sepo documentation now uses reader-oriented section roots, `_meta.json` navigation metadata, and the `setup/`, `usage/`, `customization/`, and `technical-details/` structure.
+- Provider resolution now uses the JavaScript resolver action and clearer precedence across route, model-policy, default-provider, and auto-detected settings.
+- Full self-governance approval flows can rely on trusted current-head status evidence when self-approval and self-merge are enabled together.
+- Onboarding and install guidance now link directly to target repository workflows, secrets, App setup, and setup guides.
+
+### Fixed
+
+- Closed or merged PRs inferred from `/implement` context are kept as context instead of becoming invalid stacked bases.
+- Self-approval PR inspection works with read-scoped GitHub tokens while preserving reviewed-head provenance checks.
+- Generated docs index links and docs validation coverage now match the reorganized docs tree.
+- Provider/model handling now preserves Anthropic Claude credential support and route provider precedence.
+
+## 0.2.0 - 2026-05-19
+
+### Added
+
+- Opt-in self-approval and self-merge workflows with reviewed-head provenance, PR-author blocks, status comments, and orchestrator handoffs.
+- Repository skill setup hooks through `setup.sh` and a shared skill setup action.
+- Upload-only track-only session bundles for debugging one-shot runs without treating them as resumable continuity state.
+
+### Changed
+
+- Dispatch and orchestration now recognize orchestrate starts from triage, derive implement tracking metadata from issue context, and carry stacked `base_pr` metadata through router dispatch.
+- Onboarding and installation docs now emphasize hosted App prerequisites, reused setup issue status, and simpler first-run guidance.
+- Daily summary scheduling and orchestration defaults are more conservative; the packaged daily summary cron remains disabled by default.
+- GitHub memory artifacts are namespaced by owner and repo, with legacy artifact cleanup kept explicit.
+- Sepo release notes now live in `.agent/CHANGELOG.md` alongside the canonical runtime version in `.agent/package.json`.
+
+### Fixed
+
+- Normalized weak GitHub mention associations across triggers and added regression coverage for weak association handling.
+- Hardened auto-merge eligibility, self-approval status upserts, and review handoff behavior for current reviewed heads.
+
+## 0.1.0 - 2026-05-11
+
+### Added
+
+Initial public pre-release of Sepo, a GitHub-native agent harness for orchestrating long-running coding tasks with repository memory through GitHub Actions. It features the following:
+- Git-native memory and rubrics layout: code-related memory and induced user/team rubrics live alongside the repository on the `agent/memory` and `agent/rubrics` branches.
+- GitHub Actions workflows that can propose code changes, run verification, and execute computational experiments without requiring a separate always-on server.
+- Agent orchestration for long-horizon tasks — including task breakdown, review/fix loops, and iterative self-improvement workflows.

.agent/action-templates/agent-action-template.yml

@@ -0,0 +1,123 @@
+# Template for generated scheduled agent-action workflows.
+# Copy this file to .github/workflows/agent-action-<short-slug>.yml and
+# replace the placeholder name, cron, expiration, lane, request text, and
+# optional issue-report target.
+
+name: Agent Action / Example
+
+on:
+  schedule:
+    - cron: "17 * * * *"
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  # If enabling REPORT_ISSUE_NUMBER below, add issue write permission.
+  id-token: write
+
+concurrency:
+  group: agent-action-example-${{ github.repository }}
+  cancel-in-progress: false
+
+env:
+  ACTION_EXPIRES_AT: "YYYY-MM-DD"
+  REPORT_ISSUE_NUMBER: ""
+
+jobs:
+  run:
+    if: vars.AGENT_ENABLED != 'false'
+    runs-on: ${{ fromJson(vars.AGENT_RUNS_ON || '["ubuntu-latest"]') }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+          token: ${{ github.token }}
+
+      - name: Check expiration
+        id: expiration
+        uses: ./.github/actions/check-agent-action-expiration
+        with:
+          expires_at: ${{ env.ACTION_EXPIRES_AT }}
+
+      - name: Resolve GitHub auth
+        if: steps.expiration.outputs.expired != 'true'
+        id: auth
+        uses: ./.github/actions/resolve-github-auth
+        with:
+          app_id: ${{ secrets.AGENT_APP_ID }}
+          app_private_key: ${{ secrets.AGENT_APP_PRIVATE_KEY }}
+          pat: ${{ secrets.AGENT_PAT }}
+          fallback_token: ${{ github.token }}
+
+      - name: Resolve provider
+        if: steps.expiration.outputs.expired != 'true'
+        id: provider
+        uses: ./.github/actions/resolve-agent-provider
+        with:
+          route: answer
+          default_provider: ${{ vars.AGENT_DEFAULT_PROVIDER || 'auto' }}
+          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+          claude_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          model_policy: ${{ vars.AGENT_MODEL_POLICY || '' }}
+
+      - name: Setup agent runtime
+        if: steps.expiration.outputs.expired != 'true'
+        uses: ./.github/actions/setup-agent-runtime
+        with:
+          install_codex: ${{ steps.provider.outputs.install_codex }}
+          install_claude: ${{ steps.provider.outputs.install_claude }}
+
+      - name: Resolve task timeout
+        if: steps.expiration.outputs.expired != 'true'
+        id: task_timeout
+        env:
+          AGENT_TASK_TIMEOUT_POLICY: ${{ vars.AGENT_TASK_TIMEOUT_POLICY || '' }}
+          ROUTE: answer
+        run: node .agent/dist/cli/resolve-task-timeout.js
+
+      - name: Run scheduled agent task
+        if: steps.expiration.outputs.expired != 'true'
+        id: agent
+        timeout-minutes: ${{ fromJson(steps.task_timeout.outputs.minutes || '30') }}
+        uses: ./.github/actions/run-agent-task
+        with:
+          agent: ${{ steps.provider.outputs.provider }}
+          github_token: ${{ steps.auth.outputs.token }}
+          secondary_github_token: ${{ secrets.AGENT_SECONDARY_GITHUB_TOKEN }}
+          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+          claude_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          model: ${{ steps.provider.outputs.model }}
+          display_model: ${{ vars.AGENT_DISPLAY_MODEL || '' }}
+          reasoning_effort: ${{ steps.provider.outputs.reasoning_effort || 'xhigh' }}
+          permission_mode: approve-all
+          prompt: answer
+          route: answer
+          lane: agent-action-example
+          memory_mode_override: read-only
+          session_policy: track-only
+          request_text: |
+            Describe the bounded recurring task here.
+          requested_by: ${{ github.actor }}
+          source_kind: workflow_dispatch
+          target_kind: repository
+          target_number: "0"
+          target_url: ${{ github.server_url }}/${{ github.repository }}
+          workflow: agent-action-example.yml
+
+      # Optional: set REPORT_ISSUE_NUMBER and add issue write permission only when the workflow should report to an issue.
+      - name: Post report to issue
+        if: >-
+          steps.expiration.outputs.expired != 'true' &&
+          steps.agent.outcome == 'success' &&
+          env.REPORT_ISSUE_NUMBER != ''
+        env:
+          BODY_FILE: ${{ steps.agent.outputs.response_file }}
+          MODEL_DISPLAY: ${{ steps.agent.outputs.model_display }}
+          GH_TOKEN: ${{ steps.auth.outputs.token }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          RESPONSE_KIND: issue_comment
+          TARGET_NUMBER: ${{ env.REPORT_ISSUE_NUMBER }}
+        run: node .agent/dist/cli/post-response.js

.agent/docs/_meta.json

@@ -0,0 +1,11 @@
+{
+  "label": "self-evolving/repo",
+  "pages": [
+    "overview",
+    "setup",
+    "usage",
+    "architecture",
+    "technical-details",
+    "customization"
+  ]
+}

.agent/docs/architecture/_meta.json

@@ -0,0 +1,11 @@
+{
+  "label": "Architecture",
+  "pages": [
+    "overall-design",
+    "goals",
+    "memory",
+    "rubrics",
+    "request-lifecycle",
+    "agent-orchestrator"
+  ]
+}