← Back to Skills Marketplace
johba37

Disinto Factory

by johba37 · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
113
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install disinto
Description
Operate the disinto autonomous code factory. Use when managing factory agents, filing issues on the forge, reading agent journals, querying CI pipelines, che...
README (SKILL.md)

Disinto Factory Skill

Disinto is an autonomous code factory with nine agents that implement issues, review PRs, plan from a vision, predict risks, groom the backlog, gate actions, and assist the founder — all driven by cron and Claude.

Required environment

Variable Purpose
FORGE_TOKEN Forgejo/Gitea API token with repo scope
FORGE_API Base API URL, e.g. https://forge.example/api/v1/repos/owner/repo
PROJECT_REPO_ROOT Absolute path to the checked-out disinto repository

Optional:

Variable Purpose
WOODPECKER_SERVER Woodpecker CI base URL (for pipeline queries)
WOODPECKER_TOKEN Woodpecker API bearer token
WOODPECKER_REPO_ID Numeric repo ID in Woodpecker

The nine agents

Agent Role Runs via
Dev Picks backlog issues, implements in worktrees, opens PRs dev/dev-poll.sh (cron)
Review Reviews PRs against conventions, approves or requests changes review/review-poll.sh (cron)
Gardener Grooms backlog: dedup, quality gates, dust bundling, stale cleanup gardener/gardener-run.sh (cron 0,6,12,18 UTC)
Planner Tracks vision progress, maintains prerequisite tree, files constraint issues planner/planner-run.sh (cron daily 07:00 UTC)
Predictor Challenges claims, detects structural risks, files predictions predictor/predictor-run.sh (cron daily 06:00 UTC)
Supervisor Monitors health (RAM, disk, CI, agents), auto-fixes, escalates supervisor/supervisor-run.sh (cron */20)
Action Executes operational tasks dispatched by planner via formulas action/action-poll.sh (cron)
Vault Gates dangerous actions, manages resource procurement vault/vault-poll.sh (cron)
Exec Interactive executive assistant reachable via Matrix exec/exec-session.sh

How agents interact

Planner ──creates-issues──▶ Backlog ◀──grooms── Gardener
   │                           │
   │                           ▼
   │                     Dev (implements)
   │                           │
   │                           ▼
   │                     Review (approves/rejects)
   │                           │
   │                           ▼
   ▼                        Merged
Predictor ──challenges──▶ Planner (triages predictions)
Supervisor ──monitors──▶ All agents (health, escalation)
Vault ──gates──▶ Action, Dev (dangerous operations)
Exec ──delegates──▶ Issues (never writes code directly)

Issue lifecycle

backlogin-progress → PR → CI → review → merge → closed.

Key labels: backlog, priority, in-progress, blocked, underspecified, tech-debt, vision, action, prediction/unreviewed.

Issues declare dependencies in a ## Dependencies section listing #N references. Dev-poll only picks issues whose dependencies are all closed.

Available scripts

  • scripts/factory-status.sh — Show agent status, open issues, and CI pipeline state. Pass --agents, --issues, or --ci for specific sections.
  • scripts/file-issue.sh — Create an issue on the forge with proper labels and formatting. Pass --title, --body, and optionally --labels.
  • scripts/read-journal.sh — Read agent journal entries. Pass agent name (planner, supervisor, exec) and optional --date YYYY-MM-DD.

Common workflows

1. Check factory health

bash scripts/factory-status.sh

This shows: which agents are active, recent open issues, and CI pipeline status. Use --agents for just the agent status section.

2. Read what the planner decided today

bash scripts/read-journal.sh planner

Returns today's planner journal: predictions triaged, prerequisite tree updates, top constraints, issues created, and observations.

3. File a new issue

bash scripts/file-issue.sh --title "fix: broken auth flow" \
  --body "$(cat scripts/../templates/issue-template.md)" \
  --labels backlog

Or generate the body inline — the template shows the expected format with acceptance criteria and affected files sections.

4. Check the dependency graph

python3 "${PROJECT_REPO_ROOT}/lib/build-graph.py" \
  --project-root "${PROJECT_REPO_ROOT}" \
  --output /tmp/graph-report.json
cat /tmp/graph-report.json | jq '.analyses'

The graph builder parses VISION.md, the prerequisite tree, formulas, and open issues. It detects: orphan issues (not referenced), dependency cycles, disconnected clusters, bottleneck nodes, and thin objectives.

5. Query a specific CI pipeline

bash scripts/factory-status.sh --ci

Or query Woodpecker directly:

curl -s -H "Authorization: Bearer ${WOODPECKER_TOKEN}" \
  "${WOODPECKER_SERVER}/api/repos/${WOODPECKER_REPO_ID}/pipelines?per_page=5" \
  | jq '.[] | {number, status, commit: .commit[:8], branch}'

6. Read and interpret VISION.md progress

Read VISION.md at the repo root for the full vision. Then cross-reference with the prerequisite tree:

cat "${PROJECT_REPO_ROOT}/planner/prerequisite-tree.md"

The prerequisite tree maps vision objectives to concrete issues. Items marked [x] are complete; items marked [ ] show what blocks progress. The planner updates this daily.

Gotchas

  • Single-threaded pipeline: only one issue is in-progress per project at a time. Don't file issues expecting parallel work.
  • Secrets via env vars only: never embed secrets in issue bodies, PR descriptions, or comments. Use $VAR_NAME references.
  • Formulas are not skills: formulas in formulas/ are TOML issue templates for multi-step agent tasks. Skills teach assistants; formulas drive agents.
  • Predictor journals: the predictor does not write journal files. Its memory lives in prediction/unreviewed and prediction/actioned issues.
  • State files: agent activity is tracked via state/.{agent}-active files. These are presence files, not logs.
  • ShellCheck required: all .sh files must pass ShellCheck. CI enforces this.
Usage Guidance
This skill appears to do what it says: it reads journal files in the checked-out repo, queries the forge (requires FORGE_TOKEN and FORGE_API), and optionally queries Woodpecker CI. Before installing: (1) confirm the FORGE_API URL points to the expected forge and supply a least-privilege repo-scoped FORGE_TOKEN; (2) ensure PROJECT_REPO_ROOT points to a clone you control (the scripts read state and journal files there); (3) if you plan to use the graph workflow, ensure python3 and ${PROJECT_REPO_ROOT}/lib/build-graph.py exist (the SKILL.md uses python3 but 'python3' is not listed in the tools header); (4) optionally provide WOODPECKER_* values only if you trust the CI server; (5) run the scripts in a sandbox or with a throwaway token first to verify behavior. Note the package metadata omitted required env vars (they are present in SKILL.md and in the scripts) — treat the SKILL.md as the authoritative runtime spec.
Capability Analysis
Type: OpenClaw Skill Name: disinto Version: 0.1.1 The 'disinto' skill bundle is classified as suspicious due to a path traversal vulnerability in `scripts/read-journal.sh`, where the `--date` argument is used to construct file paths without sanitization, potentially allowing the agent to read files outside the intended directory (mitigated by a forced `.md` extension). The skill also requires high-privilege credentials (`FORGE_TOKEN`, `WOODPECKER_TOKEN`) and performs network requests to external APIs in `scripts/factory-status.sh` and `scripts/file-issue.sh`. While the inclusion of a secret scanner in `scripts/file-issue.sh` suggests benign intent, the lack of input validation in file handling and the broad access to repository secrets represent a security risk.
Capability Assessment
Purpose & Capability
The skill's name/description match the included scripts and SKILL.md: it manages agents, files issues, reads journals, and queries CI. The required env vars declared in SKILL.md (FORGE_TOKEN, FORGE_API, PROJECT_REPO_ROOT, optional Woodpecker vars) are appropriate for these tasks. Minor packaging inconsistency: the registry metadata at the top of the submission claimed 'Required env vars: none' while the embedded SKILL.md and scripts do require FORGE_TOKEN/FORGE_API/PROJECT_REPO_ROOT — the runtime requirements are in the SKILL.md and the scripts, not in the registry summary.
Instruction Scope
Runtime instructions and scripts operate on the project repo (PROJECT_REPO_ROOT/state, planner/supervisor/exec journals), call the Forge API and optionally Woodpecker, and read local files like VISION.md and planner/prerequisite-tree.md. They do not attempt to read unrelated system paths, nor do they transmit data to unexpected third-party endpoints. The SKILL.md shows a python3 call for the dependency-graph step, but python3 is not listed in the SKILL.md 'tools' header — a small omission. Scripts include a secret-scan that refuses to post obvious secrets when filing issues.
Install Mechanism
There is no install spec (instruction-only + included scripts). Nothing downloads arbitrary code or writes installers to disk as part of the skill package, which keeps installation risk low.
Credentials
The requested environment variables (FORGE_TOKEN, FORGE_API, PROJECT_REPO_ROOT; optional WOODPECKER_* vars) are directly relevant to the skill's scope. There are no unrelated credential requests. Note again the submission-level metadata incorrectly claimed no required env vars — the SKILL.md and scripts do require credentials. The user should supply a least-privilege forge token (repo-scoped) and avoid providing broader credentials than necessary.
Persistence & Privilege
The skill is not marked always:true and uses normal, user-invocable/autonomous invocation semantics. It does not attempt to modify other skills or system-wide agent settings. It reads and writes only to the project repo (and Forge/Woodpecker via their APIs) consistent with its purpose.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install disinto
  3. After installation, invoke the skill by name or use /disinto
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Bumped version to 0.1.1 in metadata - No functional or documentation changes beyond version update in SKILL.md
v0.1.0
Initial release of Disinto, an autonomous code factory skill. - Introduces nine coordinated agents for issue management, code implementation, review, backlog grooming, planning, risk prediction, operations, and health monitoring. - Requires specific environment variables for repository, CI, and API integration. - Provides scripts for checking factory status, filing issues, reading agent journals, and analyzing the dependency graph. - Documents key workflows including filing issues, checking agent and CI health, reading planner decisions, and querying dependencies. - Enforces sequential issue processing and secure practices for secret handling. - Defines agent roles, interactions, and state-tracking conventions.
Metadata
Slug disinto
Version 0.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Disinto Factory?

Operate the disinto autonomous code factory. Use when managing factory agents, filing issues on the forge, reading agent journals, querying CI pipelines, che... It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.

How do I install Disinto Factory?

Run "/install disinto" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Disinto Factory free?

Yes, Disinto Factory is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Disinto Factory support?

Disinto Factory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Disinto Factory?

It is built and maintained by johba37 (@johba37); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments