workstation: per-user code_layout — workspace puts project repos under ~/code (ancamilea + tripit)
Viktor asked to restructure Anca's setup: her ~/code WAS the infra clone itself; he wants ~/code to be the directory where all her project repos (tripit etc.) live side by side, with infra moved to a subdirectory. - roster.yaml gains per-user 'code_layout: single|workspace' + 'repos', validated + derived by roster_engine.py (12 new tests, 40 total). - t3-provision-users reconcile: auto-migrates a single-layout ~/code to ~/code/infra (running processes follow the moved inode), hoists nested project clones to the workspace root, clones roster repos from Forgejo AS the user (their PAT makes private repos work), and wires the documented forgejo remote + forgejo/master upstream into clones that predate that contract. - Fixed a latent TSV bug: empty jq @tsv fields collapse under tab-IFS read, shifting later fields left (groups was only safe by being the last field) — emit '-' sentinels instead. - start-claude.sh session freshen is layout-aware (freshens each repo under ~/code for workspace users). - managed claudeMd + AGENTS.md non-admin recipe + multi-tenancy.md updated in the same change. Applied live: ancamilea = workspace (infra at ~/code/infra, her existing tripit clone hoisted to ~/code/tripit, master upstream switched to forgejo/master); emo stays single layout, untouched. [ci skip]
This commit is contained in:
parent
3b6a5c6737
commit
2825cb1703
8 changed files with 306 additions and 44 deletions
10
AGENTS.md
10
AGENTS.md
|
|
@ -231,10 +231,18 @@ Per-workload opt-out: add the label `keel.sh/policy: never` on the Deployment me
|
|||
Non-admin devvm users (power-user / namespace-owner tiers) may not know git at
|
||||
all. Their agent handles every version-control step silently — never ask them
|
||||
to commit, push, pull, or open a PR, and never surface git jargon at them.
|
||||
Their `~/code` clone arrives preconfigured: git identity, a `forgejo` remote
|
||||
Their infra clone arrives preconfigured: git identity, a `forgejo` remote
|
||||
authenticated via `~/.git-credentials`, and `master` tracking `forgejo/master`
|
||||
(auto-freshened hourly and at session launch, fast-forward only).
|
||||
|
||||
Two per-user layouts exist (`code_layout` in
|
||||
`scripts/workstation/roster.yaml`): `single` (the default) — `~/code` IS the
|
||||
locked infra clone — and `workspace` — `~/code` is a plain directory of
|
||||
per-project clones: the infra clone at `~/code/infra`, plus each roster
|
||||
`repos` entry (e.g. `~/code/tripit`) cloned from Forgejo `viktor/<name>` with
|
||||
the user's own PAT. The reconcile auto-migrates a single-layout `~/code` when
|
||||
a user is flipped to `workspace`, and keeps every clone fresh either way.
|
||||
|
||||
The model is **allow-then-audit** (Viktor, 2026-06-10): whitelisted users (emo)
|
||||
push straight to `master` — no PR gate — and the record of *what changed and
|
||||
why* is what matters. Force-push is disabled for everyone, so master history
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue