[ci skip] add Forgejo task pipeline for OpenClaw AI agent

Forgejo issues as a task queue for OpenClaw: - Forgejo OAuth2 with Authentik SSO, self-registration disabled - Webhook-triggered task processing (instant) + CronJob backup (5min poll) - Tasks processed via Mistral Large 3 (NVIDIA NIM API) - Results posted as issue comments, auto-labeled and closed - Comment follow-ups and reopened issues supported - n8n RBAC for OpenClaw pod exec (future workflow integration)
2026-03-07 21:09:31 +00:00 · 2026-03-07 21:09:31 +00:00 · efe0cdefc8
commit efe0cdefc8
parent 0d03037393
5 changed files with 842 additions and 0 deletions
--- a/scripts/setup-task-pipeline.sh
+++ b/scripts/setup-task-pipeline.sh
@ -0,0 +1,231 @@
+#!/usr/bin/env bash
+#
+# Setup script for the Forgejo task ingestion pipeline.
+# Creates Authentik OAuth2 provider/application, configures Forgejo OAuth2 auth source,
+# creates "tasks" repo, and sets up webhook to n8n.
+#
+# Prerequisites:
+#   - Authentik admin API token
+#   - Forgejo admin API token (create at https://forgejo.viktorbarzin.me/user/settings/applications)
+#
+# Usage:
+#   AUTHENTIK_TOKEN="..." FORGEJO_TOKEN="..." bash scripts/setup-task-pipeline.sh
+
+set -euo pipefail
+
+AUTHENTIK_URL="${AUTHENTIK_URL:-https://authentik.viktorbarzin.me}"
+FORGEJO_URL="${FORGEJO_URL:-https://forgejo.viktorbarzin.me}"
+N8N_WEBHOOK_URL="${N8N_WEBHOOK_URL:-https://n8n.viktorbarzin.me/webhook/forgejo-tasks}"
+FORGEJO_ADMIN_USER="${FORGEJO_ADMIN_USER:-viktor}"
+
+: "${AUTHENTIK_TOKEN:?Set AUTHENTIK_TOKEN (Authentik admin API token)}"
+: "${FORGEJO_TOKEN:?Set FORGEJO_TOKEN (Forgejo admin API token)}"
+
+ak_api() { curl -sf -H "Authorization: Bearer $AUTHENTIK_TOKEN" -H "Content-Type: application/json" "$@"; }
+fg_api() { curl -sf -H "Authorization: token $FORGEJO_TOKEN" -H "Content-Type: application/json" "$@"; }
+
+echo "=== Step 1: Create Authentik group 'Task Submitters' ==="
+GROUP_RESP=$(ak_api "$AUTHENTIK_URL/api/v3/core/groups/" -d '{
+  "name": "Task Submitters",
+  "is_superuser": false,
+  "parent": null
+}' 2>/dev/null) || {
+  echo "  Group may already exist, checking..."
+  GROUP_RESP=$(ak_api "$AUTHENTIK_URL/api/v3/core/groups/?name=Task+Submitters" | python3 -c "import sys,json; r=json.load(sys.stdin)['results']; print(json.dumps(r[0]) if r else '')")
+  if [ -z "$GROUP_RESP" ]; then echo "ERROR: Failed to create or find group"; exit 1; fi
+}
+GROUP_PK=$(echo "$GROUP_RESP" | python3 -c "import sys,json; print(json.load(sys.stdin)['pk'])")
+echo "  Group PK: $GROUP_PK"
+
+echo ""
+echo "=== Step 2: Create Authentik OAuth2 Provider for Forgejo ==="
+# Find the explicit consent authorization flow
+AUTH_FLOW=$(ak_api "$AUTHENTIK_URL/api/v3/flows/instances/?designation=authorization&search=explicit" | \
+  python3 -c "import sys,json; r=json.load(sys.stdin)['results']; print(r[0]['pk'] if r else '')")
+if [ -z "$AUTH_FLOW" ]; then
+  echo "  WARNING: Could not find explicit consent flow, using implicit"
+  AUTH_FLOW=$(ak_api "$AUTHENTIK_URL/api/v3/flows/instances/?designation=authorization" | \
+    python3 -c "import sys,json; r=json.load(sys.stdin)['results']; print(r[0]['pk'] if r else '')")
+fi
+echo "  Authorization flow: $AUTH_FLOW"
+
+PROVIDER_RESP=$(ak_api "$AUTHENTIK_URL/api/v3/providers/oauth2/" -d "{
+  \"name\": \"Forgejo\",
+  \"authorization_flow\": \"$AUTH_FLOW\",
+  \"client_type\": \"confidential\",
+  \"redirect_uris\": \"$FORGEJO_URL/user/oauth2/Authentik/callback\",
+  \"property_mappings\": [],
+  \"sub_mode\": \"hashed_user_id\",
+  \"include_claims_in_id_token\": true,
+  \"access_code_validity\": \"minutes=1\",
+  \"access_token_validity\": \"minutes=5\",
+  \"refresh_token_validity\": \"days=30\"
+}" 2>/dev/null) || {
+  echo "  Provider may already exist, checking..."
+  PROVIDER_RESP=$(ak_api "$AUTHENTIK_URL/api/v3/providers/oauth2/?name=Forgejo" | \
+    python3 -c "import sys,json; r=json.load(sys.stdin)['results']; print(json.dumps(r[0]) if r else '')")
+  if [ -z "$PROVIDER_RESP" ]; then echo "ERROR: Failed to create or find provider"; exit 1; fi
+}
+PROVIDER_PK=$(echo "$PROVIDER_RESP" | python3 -c "import sys,json; print(json.load(sys.stdin)['pk'])")
+CLIENT_ID=$(echo "$PROVIDER_RESP" | python3 -c "import sys,json; print(json.load(sys.stdin)['client_id'])")
+CLIENT_SECRET=$(echo "$PROVIDER_RESP" | python3 -c "import sys,json; print(json.load(sys.stdin).get('client_secret','<already-created>'))")
+echo "  Provider PK: $PROVIDER_PK"
+echo "  Client ID: $CLIENT_ID"
+echo "  Client Secret: $CLIENT_SECRET"
+
+echo ""
+echo "=== Step 3: Create Authentik Application for Forgejo ==="
+APP_RESP=$(ak_api "$AUTHENTIK_URL/api/v3/core/applications/" -d "{
+  \"name\": \"Forgejo\",
+  \"slug\": \"forgejo\",
+  \"provider\": $PROVIDER_PK,
+  \"meta_launch_url\": \"$FORGEJO_URL\",
+  \"policy_engine_mode\": \"any\"
+}" 2>/dev/null) || {
+  echo "  Application may already exist, checking..."
+  APP_RESP=$(ak_api "$AUTHENTIK_URL/api/v3/core/applications/?slug=forgejo" | \
+    python3 -c "import sys,json; r=json.load(sys.stdin)['results']; print(json.dumps(r[0]) if r else '')")
+}
+APP_SLUG=$(echo "$APP_RESP" | python3 -c "import sys,json; print(json.load(sys.stdin)['slug'])")
+echo "  Application slug: $APP_SLUG"
+
+echo ""
+echo "=== Step 4: Bind 'Task Submitters' group to Forgejo application ==="
+# Create a policy binding that restricts access to the Task Submitters group
+ak_api "$AUTHENTIK_URL/api/v3/policies/bindings/" -d "{
+  \"target\": \"$(echo "$APP_RESP" | python3 -c "import sys,json; print(json.load(sys.stdin)['pk'])")\",
+  \"group\": \"$GROUP_PK\",
+  \"enabled\": true,
+  \"order\": 0,
+  \"negate\": false,
+  \"timeout\": 30
+}" > /dev/null 2>&1 || echo "  Binding may already exist (OK)"
+echo "  Group binding created"
+
+echo ""
+echo "=== Step 5: Add users to 'Task Submitters' group ==="
+echo "  Adding Viktor Barzin..."
+VIKTOR_PK=$(ak_api "$AUTHENTIK_URL/api/v3/core/users/?search=vbarzin" | \
+  python3 -c "import sys,json; r=json.load(sys.stdin)['results']; print(r[0]['pk'] if r else '')")
+if [ -n "$VIKTOR_PK" ]; then
+  ak_api "$AUTHENTIK_URL/api/v3/core/groups/$GROUP_PK/" -X PATCH -d "{}" > /dev/null 2>&1 || true
+  ak_api -X POST "$AUTHENTIK_URL/api/v3/core/groups/$GROUP_PK/add_user/" -d "{\"pk\": $VIKTOR_PK}" > /dev/null 2>&1 || true
+  echo "  Added Viktor (PK: $VIKTOR_PK)"
+fi
+
+echo ""
+echo "=== Step 6: Configure Forgejo OAuth2 authentication source ==="
+fg_api "$FORGEJO_URL/api/v1/admin/identity-sources" -d "{
+  \"authentication_source\": {
+    \"name\": \"Authentik\",
+    \"type\": \"oauth2\",
+    \"is_active\": true,
+    \"is_sync_enabled\": false,
+    \"oauth2\": {
+      \"provider\": \"openidConnect\",
+      \"client_id\": \"$CLIENT_ID\",
+      \"client_secret\": \"$CLIENT_SECRET\",
+      \"open_id_connect_auto_discovery_url\": \"$AUTHENTIK_URL/application/o/forgejo/.well-known/openid-configuration\",
+      \"scopes\": [\"openid\", \"profile\", \"email\"],
+      \"required_claim_name\": \"\",
+      \"required_claim_value\": \"\",
+      \"group_claim_name\": \"\",
+      \"admin_group\": \"\",
+      \"restricted_group\": \"\",
+      \"icon_url\": \"\",
+      \"skip_local_2fa\": true,
+      \"attribute_ssn\": \"\"
+    }
+  }
+}" > /dev/null 2>&1 && echo "  OAuth2 source created" || {
+  echo "  Forgejo identity-sources API may not be available."
+  echo "  Falling back to legacy authentication-source API..."
+  fg_api "$FORGEJO_URL/api/v1/admin/auths" -d "{
+    \"name\": \"Authentik\",
+    \"type\": 6,
+    \"is_active\": true,
+    \"is_sync_enabled\": false,
+    \"cfg\": {
+      \"Provider\": \"openidConnect\",
+      \"ClientID\": \"$CLIENT_ID\",
+      \"ClientSecret\": \"$CLIENT_SECRET\",
+      \"OpenIDConnectAutoDiscoveryURL\": \"$AUTHENTIK_URL/application/o/forgejo/.well-known/openid-configuration\",
+      \"Scopes\": [\"openid\", \"profile\", \"email\"],
+      \"SkipLocalTwoFA\": true
+    }
+  }" > /dev/null 2>&1 && echo "  OAuth2 source created (legacy API)" || {
+    echo "  ERROR: Could not create OAuth2 source via API."
+    echo "  Please create it manually in Forgejo admin panel:"
+    echo "    1. Go to $FORGEJO_URL/-/admin/auths/new"
+    echo "    2. Auth Type: OAuth2"
+    echo "    3. Name: Authentik"
+    echo "    4. OAuth2 Provider: OpenID Connect"
+    echo "    5. Client ID: $CLIENT_ID"
+    echo "    6. Client Secret: $CLIENT_SECRET"
+    echo "    7. Discovery URL: $AUTHENTIK_URL/application/o/forgejo/.well-known/openid-configuration"
+    echo "    8. Scopes: openid profile email"
+  }
+}
+
+echo ""
+echo "=== Step 7: Create 'tasks' repository in Forgejo ==="
+REPO_RESP=$(fg_api "$FORGEJO_URL/api/v1/user/repos" -d '{
+  "name": "tasks",
+  "description": "Task queue for OpenClaw AI agent. Create an issue to submit a task.",
+  "private": false,
+  "auto_init": true,
+  "default_branch": "main"
+}' 2>/dev/null) && echo "  Repository created" || {
+  echo "  Repository may already exist (OK)"
+  REPO_RESP=$(fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_ADMIN_USER/tasks")
+}
+echo "  Repo: $FORGEJO_URL/$FORGEJO_ADMIN_USER/tasks"
+
+echo ""
+echo "=== Step 8: Disable non-issue features on tasks repo ==="
+fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_ADMIN_USER/tasks" -X PATCH -d '{
+  "has_pull_requests": false,
+  "has_wiki": false,
+  "has_projects": false,
+  "has_releases": false,
+  "has_packages": false,
+  "has_actions": false
+}' > /dev/null 2>&1 && echo "  Disabled PRs, wiki, projects, releases, packages, actions" || echo "  Some features may not be disableable (OK)"
+
+echo ""
+echo "=== Step 9: Create issue labels ==="
+for label_data in \
+  '{"name":"pending","color":"#0075ca","description":"Task waiting to be processed"}' \
+  '{"name":"processing","color":"#e4e669","description":"Task currently being processed by OpenClaw"}' \
+  '{"name":"completed","color":"#0e8a16","description":"Task completed successfully"}' \
+  '{"name":"failed","color":"#d73a4a","description":"Task failed during processing"}'; do
+  fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_ADMIN_USER/tasks/labels" -d "$label_data" > /dev/null 2>&1 || true
+done
+echo "  Labels created: pending, processing, completed, failed"
+
+echo ""
+echo "=== Step 10: Create webhook on tasks repo → n8n ==="
+fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_ADMIN_USER/tasks/hooks" -d "{
+  \"type\": \"gitea\",
+  \"config\": {
+    \"url\": \"$N8N_WEBHOOK_URL\",
+    \"content_type\": \"json\",
+    \"secret\": \"\"
+  },
+  \"events\": [\"issues\"],
+  \"active\": true
+}" > /dev/null 2>&1 && echo "  Webhook created → $N8N_WEBHOOK_URL" || echo "  Webhook may already exist (OK)"
+
+echo ""
+echo "=========================================="
+echo "Setup complete!"
+echo ""
+echo "Next steps:"
+echo "  1. Add SOPS secrets:"
+echo "     forgejo_authentik_client_id = \"$CLIENT_ID\""
+echo "     forgejo_authentik_client_secret = \"$CLIENT_SECRET\""
+echo "  2. Run: scripts/tg apply -target=module.forgejo"
+echo "  3. Create n8n workflow (webhook trigger → OpenClaw exec → Forgejo comment)"
+echo "  4. Add more users to 'Task Submitters' group in Authentik"
+echo "  5. Test: Create an issue at $FORGEJO_URL/$FORGEJO_ADMIN_USER/tasks/issues/new"
+echo "=========================================="
--- a/scripts/task-processor.sh
+++ b/scripts/task-processor.sh
@ -0,0 +1,261 @@
+#!/usr/bin/env bash
+#
+# Task processor for the Forgejo → OpenClaw pipeline.
+# Polls Forgejo for new issues in the tasks repo, sends them to OpenClaw
+# for processing, and posts results back as comments.
+#
+# Runs inside the OpenClaw pod via kubectl exec from a CronJob.
+#
+# Environment:
+#   FORGEJO_TOKEN   — Forgejo API token with repo access
+#   FORGEJO_URL     — Forgejo base URL (default: https://forgejo.viktorbarzin.me)
+#   FORGEJO_REPO    — Repo in format "owner/repo" (default: vbarzin/tasks)
+#   OPENCLAW_URL    — OpenClaw gateway URL (default: http://127.0.0.1:18789)
+#   OPENCLAW_TOKEN  — OpenClaw gateway token
+#   SLACK_WEBHOOK_URL — Optional Slack webhook for notifications
+
+set -euo pipefail
+
+FORGEJO_URL="${FORGEJO_URL:-https://forgejo.viktorbarzin.me}"
+FORGEJO_REPO="${FORGEJO_REPO:-viktor/tasks}"
+OPENCLAW_URL="${OPENCLAW_URL:-https://integrate.api.nvidia.com}"
+SLACK_WEBHOOK_URL="${SLACK_WEBHOOK_URL:-}"
+
+: "${FORGEJO_TOKEN:?FORGEJO_TOKEN is required}"
+: "${OPENCLAW_TOKEN:?OPENCLAW_TOKEN is required}"
+FORGEJO_BOT_USER="${FORGEJO_BOT_USER:-viktor}"
+
+fg_api() {
+  curl -sf -H "Authorization: token $FORGEJO_TOKEN" -H "Content-Type: application/json" "$@"
+}
+
+get_label_id() {
+  local label_name="$1"
+  fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/labels?limit=50" | \
+    python3 -c "
+import sys, json
+labels = json.load(sys.stdin)
+name = sys.argv[1]
+for l in labels:
+    if l['name'] == name:
+        print(l['id'])
+        break
+else:
+    print(0)
+" "$label_name"
+}
+
+add_label() {
+  local issue_id="$1" label_name="$2"
+  local label_id
+  label_id=$(get_label_id "$label_name")
+  if [ "$label_id" != "0" ]; then
+    fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/issues/$issue_id/labels" \
+      -d "{\"labels\":[$label_id]}" > /dev/null 2>&1 || true
+  fi
+}
+
+remove_label() {
+  local issue_id="$1" label_name="$2"
+  local label_id
+  label_id=$(get_label_id "$label_name")
+  if [ "$label_id" != "0" ]; then
+    fg_api -X DELETE "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/issues/$issue_id/labels/$label_id" > /dev/null 2>&1 || true
+  fi
+}
+
+post_comment() {
+  local issue_id="$1"
+  # Read comment body from stdin to avoid quoting issues
+  python3 -c "
+import sys, json
+body = sys.stdin.read()
+print(json.dumps({'body': body}))
+" | fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/issues/$issue_id/comments" -d @- > /dev/null 2>&1
+}
+
+close_issue() {
+  local issue_id="$1"
+  fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/issues/$issue_id" \
+    -X PATCH -d '{"state": "closed"}' > /dev/null 2>&1
+}
+
+get_comment_history() {
+  local issue_id="$1"
+  fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/issues/$issue_id/comments?limit=20" 2>/dev/null | \
+    python3 -c "
+import sys, json
+bot_user = sys.argv[1]
+comments = json.load(sys.stdin)
+history = []
+for c in comments:
+    user = c.get('user', {}).get('login', 'unknown')
+    body = c.get('body', '')
+    # Skip bot's own comments to keep context clean
+    if user == bot_user:
+        # Include a short summary of previous responses
+        if '## OpenClaw Task Result' in body:
+            # Extract just the result content (skip header/footer)
+            lines = body.split('\n')
+            content = [l for l in lines if not l.startswith('## ') and not l.startswith('---') and not l.startswith('*Processed')]
+            summary = '\n'.join(content).strip()[:500]
+            if summary:
+                history.append(f'[Previous AI response]: {summary}')
+    else:
+        history.append(f'[{user}]: {body}')
+print('\n\n'.join(history))
+" "$FORGEJO_BOT_USER" 2>/dev/null
+}
+
+notify_slack() {
+  if [ -n "$SLACK_WEBHOOK_URL" ]; then
+    python3 -c "
+import json, sys
+print(json.dumps({'text': sys.argv[1]}))
+" "$1" | curl -sf -X POST "$SLACK_WEBHOOK_URL" \
+      -H "Content-Type: application/json" -d @- > /dev/null 2>&1 || true
+  fi
+}
+
+process_issue() {
+  local issue_id="$1" title="$2" body="$3" author="$4"
+
+  echo "Processing issue #$issue_id: $title (by $author)"
+
+  # Mark as processing
+  add_label "$issue_id" "processing"
+  remove_label "$issue_id" "pending"
+  remove_label "$issue_id" "completed"
+
+  # Fetch comment history for context
+  local comment_history
+  comment_history=$(get_comment_history "$issue_id")
+
+  # Call OpenClaw gateway API (OpenAI-compatible chat completions)
+  # Use python to safely build the JSON payload
+  local response
+  response=$(python3 -c "
+import json, sys
+title = sys.argv[1]
+body = sys.argv[2]
+author = sys.argv[3]
+comment_history = sys.argv[4]
+
+prompt = f'''You are processing a task submitted by {author} via the Forgejo task queue.
+
+Task title: {title}
+
+Task description:
+{body}'''
+
+if comment_history.strip():
+    prompt += f'''
+
+Conversation history (follow-up comments):
+{comment_history}
+
+The latest comment is the most recent request. Address it in context of the original task and prior conversation.'''
+
+prompt += '''
+
+Please execute this task. When done, provide a clear summary of what was done and any results.
+If the task requires infrastructure changes, describe what changes would be needed but do NOT apply them automatically — list the commands/changes for review.'''
+
+payload = {
+    'model': 'mistralai/mistral-large-3-675b-instruct-2512',
+    'messages': [
+        {'role': 'system', 'content': 'You are an infrastructure AI assistant. Process the task and provide actionable results. Be concise.'},
+        {'role': 'user', 'content': prompt}
+    ],
+    'max_tokens': 8192,
+    'temperature': 0.3
+}
+print(json.dumps(payload))
+" "$title" "$body" "$author" "$comment_history" | \
+    curl -sf --max-time 300 \
+      -H "Authorization: Bearer $OPENCLAW_TOKEN" \
+      -H "Content-Type: application/json" \
+      "$OPENCLAW_URL/v1/chat/completions" \
+      -d @- 2>&1) || {
+    echo "  ERROR: OpenClaw API call failed"
+    echo "Failed to process this task. OpenClaw API returned an error. Please check the CronJob logs or process manually." | \
+      post_comment "$issue_id"
+    add_label "$issue_id" "failed"
+    remove_label "$issue_id" "processing"
+    notify_slack ":x: Task #$issue_id failed: $title"
+    return 1
+  }
+
+  # Extract the response content and post as comment
+  python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    msg = data['choices'][0]['message']
+    # Some models put content in reasoning_content instead of content
+    result = msg.get('content') or msg.get('reasoning_content') or msg.get('reasoning') or 'No response generated.'
+except Exception as e:
+    result = f'Error parsing OpenClaw response: {e}'
+
+body = f'## OpenClaw Task Result\n\n{result}\n\n---\n*Processed automatically by the OpenClaw task pipeline.*'
+print(body)
+" <<< "$response" | post_comment "$issue_id"
+
+  # Update labels and close
+  add_label "$issue_id" "completed"
+  remove_label "$issue_id" "processing"
+  close_issue "$issue_id"
+
+  echo "  Issue #$issue_id processed and closed"
+  notify_slack ":white_check_mark: Task #$issue_id completed: $title"
+}
+
+# --- Main ---
+
+echo "=== Task Processor $(date -u +%Y-%m-%dT%H:%M:%SZ) ==="
+
+# List open issues
+ISSUES=$(fg_api "$FORGEJO_URL/api/v1/repos/$FORGEJO_REPO/issues?state=open&type=issues&limit=10&sort=created&direction=asc" 2>/dev/null) || {
+  echo "ERROR: Could not fetch issues from Forgejo"
+  exit 1
+}
+
+# Parse pending issues into a temp file (avoids delimiter issues)
+PENDING_FILE=$(mktemp)
+trap 'rm -f "$PENDING_FILE"' EXIT
+
+python3 -c "
+import sys, json
+issues = json.load(sys.stdin)
+for issue in issues:
+    labels = [l['name'] for l in issue.get('labels', [])]
+    # Process if: no processing label AND (no completed label OR issue was reopened)
+    if 'processing' not in labels:
+        # Write each issue as a JSON line
+        print(json.dumps({
+            'id': issue['number'],
+            'title': issue['title'],
+            'body': (issue.get('body') or '')[:4000],
+            'author': issue['user']['login']
+        }))
+" <<< "$ISSUES" > "$PENDING_FILE"
+
+ISSUE_COUNT=$(wc -l < "$PENDING_FILE" | tr -d ' ')
+
+if [ "$ISSUE_COUNT" = "0" ]; then
+  echo "No pending issues to process"
+  exit 0
+fi
+
+echo "Found $ISSUE_COUNT pending issue(s)"
+
+# Process each pending issue (one JSON object per line)
+while IFS= read -r line; do
+  issue_id=$(python3 -c "import json,sys; print(json.loads(sys.argv[1])['id'])" "$line")
+  title=$(python3 -c "import json,sys; print(json.loads(sys.argv[1])['title'])" "$line")
+  body=$(python3 -c "import json,sys; print(json.loads(sys.argv[1])['body'])" "$line")
+  author=$(python3 -c "import json,sys; print(json.loads(sys.argv[1])['author'])" "$line")
+  process_issue "$issue_id" "$title" "$body" "$author" || true
+done < "$PENDING_FILE"
+
+echo "=== Task processing complete ==="