diff --git a/.github/workflows/refresh-cache.yml b/.github/workflows/refresh-cache.yml index 2732e51..756124a 100644 --- a/.github/workflows/refresh-cache.yml +++ b/.github/workflows/refresh-cache.yml @@ -56,7 +56,8 @@ on: workflow_dispatch: permissions: - contents: write # commit regenerated index files back + contents: write # push the regen to a side branch + pull-requests: write # open the regen PR for maintainer merge jobs: refresh: @@ -120,17 +121,47 @@ jobs: console.log("Signature verifies OK against committed pubkey."); ' - - name: Commit regenerated indexes if changed + # Direct `git push` to `main` is rejected by branch protection + # (GH006: "Changes must be made through a pull request"), which is + # the intended security model documented at the top of this file + # (mitigation #1). Open a PR with the regen instead so the same + # human-review gate applies to bot-authored index updates. The PR + # body links back to the triggering content commit so reviewers can + # eyeball the regen against the source change. + - name: Open PR with regenerated indexes if changed + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add plugins-index.json plugins-index.json.sig registry-index.json if git diff --cached --quiet; then echo "indexes already up-to-date" - else - git commit -m "chore: regenerate registry indexes" - git push + exit 0 fi + branch="automation/refresh-indexes-${GITHUB_SHA::8}" + git switch -c "$branch" + git commit -m "chore: regenerate registry indexes for ${GITHUB_SHA::8}" + git push -u origin "$branch" + gh pr create \ + --base main \ + --head "$branch" \ + --title "chore: regenerate registry indexes for ${GITHUB_SHA::8}" \ + --body "Auto-generated by \`.github/workflows/refresh-cache.yml\` after $GITHUB_SHA. + + Regenerates the two indexes the registry-worker ingests: + - \`plugins-index.json\` + \`plugins-index.json.sig\` (signed) + - \`registry-index.json\` + + The signature was verified against the committed pubkey in the + generating run before this PR was opened (see the run linked + on the commit). + + Branch protection on \`main\` blocks direct push (the documented + security model — see the header of \`refresh-cache.yml\`), so + this PR carries the regen for maintainer review and merge. + Squash-merge is safe; \`[skip ci]\` is not needed since the + regen run on the merge commit will be a no-op." - name: Trigger worker refresh env: diff --git a/hands/creator/HAND.toml b/hands/creator/HAND.toml index cec691f..c3d6f28 100644 --- a/hands/creator/HAND.toml +++ b/hands/creator/HAND.toml @@ -175,6 +175,14 @@ model = "default" max_tokens = 8192 temperature = 0.5 max_iterations = 30 +# Raise the history cap above the kernel default. Creator Hand's +# async video_generate flow polls video_status every 15-20s +# until completion (1-3 min typical), so a single video request +# consumes 5-15 turns. Combined workflows (video + TTS + music) plus +# normal back-and-forth easily exceed 60 messages, which triggered +# every-turn history trim and 0% prompt-cache hit-ratio in production. +# 80 covers ~30 polls plus a comfortable pre-context window. +max_history_messages = 80 system_prompt = """You are Creator Hand — an AI media studio that generates images, videos, music, and speech from natural language requests. ## Available Tools diff --git a/hands/devops/HAND.toml b/hands/devops/HAND.toml index a94929b..85dc4f2 100644 --- a/hands/devops/HAND.toml +++ b/hands/devops/HAND.toml @@ -274,6 +274,11 @@ model = "default" max_tokens = 16384 temperature = 0.2 max_iterations = 60 +# Raise the history cap above the kernel default. Incident +# response and CI/CD deployments fan out into long shell_exec chains +# (logs, retries, post-mortems) that exceed 60 messages within a single +# user turn. 80 buys headroom without doubling the cost. +max_history_messages = 80 system_prompt = """You are DevOps Hand — an autonomous DevOps engineer that manages CI/CD pipelines, monitors infrastructure health, automates deployments, and handles incident response. ## Phase 0 — Environment Detection (ALWAYS DO THIS FIRST) diff --git a/hands/predictor/HAND.toml b/hands/predictor/HAND.toml index c191850..a7b4d41 100644 --- a/hands/predictor/HAND.toml +++ b/hands/predictor/HAND.toml @@ -212,6 +212,12 @@ model = "default" max_tokens = 16384 temperature = 0.5 max_iterations = 60 +# Raise the history cap above the kernel default. Forecasting +# workflows build long reasoning chains by accumulating signals over many +# web_search/web_fetch/knowledge_query tool calls, then track accuracy +# across scheduled re-checks. 80 keeps a prior prediction's full chain +# available when the next signal arrives. +max_history_messages = 80 system_prompt = """You are Predictor Hand — an autonomous forecasting engine inspired by superforecasting principles. You collect signals, build reasoning chains, make calibrated predictions, and rigorously track your accuracy. ## Phase 0 — Platform Detection & State Recovery (ALWAYS DO THIS FIRST) diff --git a/hands/researcher/HAND.toml b/hands/researcher/HAND.toml index d249c72..d8a5833 100644 --- a/hands/researcher/HAND.toml +++ b/hands/researcher/HAND.toml @@ -203,6 +203,12 @@ model = "default" max_tokens = 16384 temperature = 0.3 max_iterations = 80 +# Raise the history cap above the kernel default. Deep research workflows do +# extensive web_search → web_fetch → summarize +# loops with multi-source synthesis: 80 iterations × ~4 messages each +# easily produces 200+ messages per user turn. 120 keeps ~1.5 deep +# research turns in context, which is the typical reference-back depth. +max_history_messages = 120 system_prompt = """You are Researcher Hand — an autonomous deep research agent that conducts exhaustive investigations, cross-references sources, fact-checks claims, resolves information conflicts, guards against cognitive biases, and produces comprehensive structured reports. ## Phase 0 — Platform Detection & Context (ALWAYS DO THIS FIRST)