← All docs changelog/2026-05-29.md

May 29, 2026

Commits

15d23c4 — automation: Modal-hosted headless Claude runner for /improve and /document

New dev/automation/ package: a separate Modal app (grizzlebear-claude-runner) that runs the /improve and /document skills headless via the Claude Code CLI. Isolated from the main grizzlebear-api blast radius (its own image + secrets). hardening.py holds safety guards — per-skill allowed-path enforcement, a pre-push hook blocking force/delete pushes and non-dev branches, env scrubbing, and gitleaks scanning.

Added:

  • dev/automation/__init__.py
  • dev/automation/claude_runner.py — Modal app, image (Node + Claude CLI + gitleaks), run_improve/run_document (+421)
  • dev/automation/hardening.py — path allowlist, pre-push hook, settings deny, env scrub, commit/diff validation (+167)

Changed:

  • CLAUDE.md — document the runner + reserved IMPROVE:/DOCUMENT: commit prefixes (+9)

e28541b — runner: source secrets from env=main (was failing in jh)

Sources all Modal Secrets from environment_name="main" regardless of which env the runner app is deployed in — mirrors the ci/*_in_modal.py pattern. Fixes failures when running under jh.

Changed:

  • dev/automation/claude_runner.py — source secrets from main (+7/-4)

066dc0e — runner: reuse existing TradeSpark + GitlabPushToken secrets, proxy GitLab

Reuses existing TradeSpark and GitlabPushToken Modal Secrets instead of provisioning new ones, and proxies git operations through GitLab.

Changed:

  • dev/automation/claude_runner.py — secret reuse + GitLab proxy (+46/-13)

46666a8 — runner: fix end-to-end bring-up — chown ordering, safe.directory, gitleaks scope

Fixes for the runner's first clean end-to-end run: corrects chown ordering, marks the repo as a git safe.directory, and narrows the gitleaks scan scope.

Changed:

  • dev/automation/claude_runner.py — bring-up fixes (+45/-3)

97185d7 — runner: enable weekly crons — Mon 03:00 (improve) + 04:00 UTC (document)

Enables the cron schedules that were previously commented out: /improve runs Monday 03:00 UTC and /document runs Monday 04:00 UTC.

Changed:

  • dev/automation/claude_runner.py — enable weekly crons (+13/-6)

f29c5b3 — bruno tests: stream per-request progress + split big folders for finer fan-out

The Bruno test runner now streams per-request progress and the large API collections were split into sub-folders for finer parallel fan-out: Geocoding API (address/health/image/session/tile), ML API (chat/data-files/eval/gateway/generation/health), Users API (_bootstrap/anonymous/invite/profile/security-probes/sharing).

Changed:

  • ci/bruno_in_modal.py — per-request progress streaming (+220 net)
  • dev/test_app.sh — finer fan-out (+47)
  • bruno/Grizzlebear API Collection/** — 54 .bru files reorganized into sub-folders

31b2632 — Justfile: add review-* recipes for scheduled code audits

Adds review-* recipes that collapse multi-pipe audit commands into single allow-listable invocations (e.g. review-prints counts raw print() calls per file). Used by the scheduled IMPROVE.md code review.

Changed:

  • Justfile — review-* audit recipes (+82)