@aion0/forge 0.10.23 → 0.10.26

package/lib/connectors/test-runner.ts

@@ -0,0 +1,239 @@
+/**
+ * Connector test runner — extracted from the /api/connectors/:id/test
+ * route so both that HTTP endpoint AND server-side callers (e.g. the
+ * Login Status panel) can run probes without a self-fetch dance.
+ *
+ * Self-fetching the route from inside the server hits the auth
+ * middleware (no session cookie → 401), making every probe look
+ * "unauthorized" regardless of the real connector state. Direct
+ * function calls bypass that.
+ */
+
+import {
+  getConnector,
+  getConnectorEntries,
+  getInstalledConnector,
+} from './registry';
+import { expandSettingsTokens, expandAllTokens } from '../plugins/templates';
+import { bridgeRpc } from '../chat/bridge-client';
+import { applyAuth } from '../chat/protocols/http';
+import type { ConnectorDefinition, ConnectorTest, HttpRequestSpec } from './types';
+
+const DEFAULT_TIMEOUT_MS = 15_000;
+const MAX_BODY_PREVIEW = 1024;
+
+export interface TestResult {
+  ok: boolean;
+  status?: number;
+  message?: string;
+  error?: string;
+  duration_ms?: number;
+  body_preview?: string;
+  /** Final landed URL for browser probes — helps diagnose redirects. */
+  url?: string;
+}
+
+function expandString(s: string, settings: Record<string, unknown>): string {
+  return expandAllTokens(s, settings as Record<string, any>, {});
+}
+
+function buildUrl(spec: HttpRequestSpec, settings: Record<string, unknown>): string {
+  let url = expandString(spec.url, settings);
+  if (spec.query) {
+    const u = new URL(url);
+    for (const [k, raw] of Object.entries(spec.query)) {
+      u.searchParams.set(k, expandString(String(raw), settings));
+    }
+    url = u.toString();
+  }
+  return url;
+}
+
+function buildHeaders(spec: HttpRequestSpec, settings: Record<string, unknown>): Headers {
+  const h = new Headers();
+  if (spec.headers) {
+    for (const [k, raw] of Object.entries(spec.headers)) {
+      h.set(k, expandString(String(raw), settings));
+    }
+  }
+  return h;
+}
+
+function buildBody(
+  spec: HttpRequestSpec,
+  settings: Record<string, unknown>,
+): { body?: string; contentType?: string } {
+  if (spec.body == null) return {};
+  if (typeof spec.body === 'string') {
+    return { body: expandString(spec.body, settings) };
+  }
+  const out: Record<string, unknown> = {};
+  for (const [k, v] of Object.entries(spec.body)) {
+    out[k] = typeof v === 'string' ? expandString(v, settings) : v;
+  }
+  return { body: JSON.stringify(out), contentType: 'application/json' };
+}
+
+function renderTemplate(template: string, body: unknown): string {
+  return template.replace(/\{\{([^{}]+)\}\}/g, (_match, expr) => {
+    const path = String(expr).trim().split('.').filter(Boolean);
+    let cur: any = body;
+    for (const p of path) {
+      if (cur && typeof cur === 'object' && p in cur) cur = cur[p];
+      else return '?';
+    }
+    if (cur == null) return '?';
+    return typeof cur === 'string' ? cur : JSON.stringify(cur);
+  });
+}
+
+async function runHttpProbe(
+  test: ConnectorTest,
+  settings: Record<string, unknown>,
+  def: ConnectorDefinition,
+): Promise<TestResult> {
+  const spec = test.request;
+  if (!spec?.url) return { ok: false, error: 'test.request.url is required for http probe' };
+
+  // Multi-instance overlay: first instance only (matches tool-dispatcher).
+  let effectiveSettings = settings as Record<string, any>;
+  let instances = effectiveSettings?.instances;
+  if (typeof instances === 'string') {
+    try { instances = JSON.parse(instances); } catch { instances = null; }
+  }
+  if (
+    Array.isArray(instances) &&
+    instances.length > 0 &&
+    instances.every((i: any) => i && typeof i === 'object' && typeof i.name === 'string')
+  ) {
+    effectiveSettings = { ...effectiveSettings, ...instances[0] };
+  }
+
+  const method = (spec.method || 'GET').toUpperCase();
+  let url = buildUrl(spec, effectiveSettings);
+  const headers = buildHeaders(spec, effectiveSettings);
+  const { body, contentType } = buildBody(spec, effectiveSettings);
+  if (body != null && contentType && !headers.has('content-type')) {
+    headers.set('content-type', contentType);
+  }
+  url = await applyAuth(url, headers, def.auth, effectiveSettings);
+
+  const timeoutMs = test.timeout_ms || DEFAULT_TIMEOUT_MS;
+  const okStatus = test.ok_status?.length ? test.ok_status : [200];
+
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), timeoutMs);
+  const t0 = Date.now();
+  let res: Response;
+  try {
+    res = await fetch(url, { method, headers, body, signal: ctrl.signal });
+  } catch (e) {
+    clearTimeout(timer);
+    const err = e as Error & { cause?: unknown };
+    const cause = err.cause instanceof Error ? `: ${err.cause.message}` : '';
+    return {
+      ok: false,
+      error: `request failed: ${err.message}${cause}`,
+      duration_ms: Date.now() - t0,
+    };
+  }
+  clearTimeout(timer);
+
+  const duration = Date.now() - t0;
+  const text = await res.text().catch(() => '');
+  const preview = text.length > MAX_BODY_PREVIEW ? text.slice(0, MAX_BODY_PREVIEW) + '…' : text;
+
+  if (!okStatus.includes(res.status)) {
+    let errMsg = `HTTP ${res.status} ${res.statusText}`;
+    try {
+      const j = JSON.parse(text);
+      if (typeof j?.error === 'string') errMsg += `: ${j.error}`;
+      else if (typeof j?.message === 'string') errMsg += `: ${j.message}`;
+      else if (typeof j?.error_description === 'string') errMsg += `: ${j.error_description}`;
+    } catch {}
+    return {
+      ok: false,
+      status: res.status,
+      error: errMsg,
+      duration_ms: duration,
+      body_preview: preview,
+    };
+  }
+
+  let parsedBody: unknown = null;
+  try { parsedBody = JSON.parse(text); } catch {}
+  const message = test.ok_template
+    ? renderTemplate(test.ok_template, parsedBody)
+    : `OK (HTTP ${res.status})`;
+  return { ok: true, status: res.status, message, duration_ms: duration };
+}
+
+async function runBrowserProbe(
+  def: ConnectorDefinition,
+  settings: Record<string, unknown>,
+): Promise<TestResult> {
+  const entries = getConnectorEntries(def);
+  const entry = entries[0];
+  const hostMatch = def.host_match || entry?.host_match;
+  const loginRedirect = def.login_redirect || entry?.login_redirect;
+  if (!hostMatch) {
+    return { ok: false, error: 'browser probe requires host_match on the manifest' };
+  }
+  const expandedHost = expandSettingsTokens(hostMatch, settings as any);
+  const expandedLoginRedirect = loginRedirect
+    ? expandSettingsTokens(loginRedirect, settings as any)
+    : undefined;
+
+  const t0 = Date.now();
+  let value: unknown;
+  try {
+    value = await bridgeRpc('connector.probe', {
+      pluginId: def.id,
+      host_match: expandedHost,
+      login_redirect: expandedLoginRedirect,
+      runner: def.runner || entry?.runner || 'main',
+      timeout_ms: def.test?.timeout_ms || 30_000,
+    });
+  } catch (e) {
+    const raw = (e as Error).message || String(e);
+    let friendly = raw;
+    if (raw.includes('unknown method: connector.probe')) {
+      friendly =
+        'Your Forge browser extension is out of date — it doesn\'t know how to run browser probes yet. ' +
+        'Rebuild the extension (pnpm ext in forge-browser-extension), then chrome://extensions → Reload, and try Test again.';
+    } else if (raw.includes('bridge') && raw.includes('unreachable')) {
+      friendly =
+        'Forge browser bridge is unreachable on port 8407. Restart Forge (forge server restart) or check that the browser-bridge standalone is running.';
+    } else if (raw.includes('no paired extensions') || raw.includes('no connected')) {
+      friendly =
+        'Forge browser extension not connected. Install the extension from forge-browser-extension/dist, pin it, and sign in with your Forge URL + admin password.';
+    }
+    return { ok: false, error: friendly, duration_ms: Date.now() - t0 };
+  }
+  const r = (value || {}) as { ok?: boolean; url?: string; error?: string };
+  return {
+    ok: !!r.ok,
+    message: r.ok ? `Session active${r.url ? ` · ${r.url}` : ''}` : undefined,
+    error: r.ok ? undefined : (r.error || 'login required'),
+    url: r.url,
+    duration_ms: Date.now() - t0,
+  };
+}
+
+/**
+ * Run a connector's `test:` probe. Returns a structured result. The HTTP
+ * route + Login Status panel both call this — they share the same
+ * semantics for free.
+ */
+export async function runConnectorTest(id: string): Promise<TestResult & { code?: number }> {
+  const def = getConnector(id);
+  if (!def) return { ok: false, error: 'connector not found', code: 404 };
+  if (!def.test) return { ok: false, error: 'connector has no test block', code: 400 };
+  const inst = getInstalledConnector(id);
+  if (!inst) return { ok: false, error: 'connector not installed', code: 400 };
+
+  const probe = def.test.probe || 'http';
+  return probe === 'browser'
+    ? await runBrowserProbe(def, inst.config)
+    : await runHttpProbe(def.test, inst.config, def);
+}

package/lib/connectors/types.ts

@@ -159,7 +159,36 @@ export type ConnectorAuth =
   | { type: 'basic'; username: string; password: string }
   | { type: 'bearer'; token: string }
   | { type: 'header'; name: string; value: string }
-  | { type: 'query'; name: string; value: string };
+  | { type: 'query'; name: string; value: string }
+  /**
+   * Two-step bearer-token exchange, e.g. Black Duck:
+   *   POST {exchange_url}  Authorization: {exchange_auth_header}
+   *     → { bearerToken, expiresInMilliseconds }
+   *   ...then every subsequent request gets `Authorization: Bearer <jwt>`.
+   * Forge caches the bearer in-memory keyed by (api_token, exchange_url)
+   * and refreshes when within 60s of expiry. Tool calls stay fast — only
+   * the first call per ~2h pays the exchange round-trip.
+   */
+  | {
+      type: 'bearer-token-exchange';
+      /** Long-lived API token sent to the exchange endpoint. Templated. */
+      api_token: string;
+      /** Exchange URL. Templated — usually `{base_url}/api/tokens/authenticate`. */
+      exchange_url: string;
+      /** HTTP method for the exchange. Default POST. */
+      exchange_method?: 'POST' | 'GET';
+      /**
+       * Authorization header VALUE sent to the exchange endpoint.
+       * Default `token {api_token}` (Black Duck style). Templated.
+       */
+      exchange_auth_header?: string;
+      /** Extra headers (Accept etc.) for the exchange. Values templated. */
+      exchange_headers?: Record<string, string>;
+      /** JSON path to the bearer in the exchange response. Default `bearerToken`. */
+      bearer_path?: string;
+      /** JSON path to expiry ms in the exchange response. Default `expiresInMilliseconds`. */
+      expires_path?: string;
+    };
 
 /**
  * Server-side HTTP request shape, used by `protocol: http` tools.
@@ -205,6 +234,21 @@ export interface HttpRequestSpec {
    * rather than baking them into the manifest.
    */
   body_form_inject_from?: string;
+  /**
+   * Names (case-insensitive) of response headers to surface in the
+   * truncated preamble. Default empty. Use when the connector needs
+   * a value the upstream returns via headers — typically `set-cookie`
+   * for session bootstrap, `location` for create-redirect APIs, or
+   * `x-ratelimit-remaining` for backoff logic.
+   *
+   * Headers appear between the status line and the blank line that
+   * separates preamble from body, one per line as `name: value`.
+   * Pipeline scripts can grep them with sed/awk before the body parse:
+   *   JS=$(echo "$RESP" | jq -r '.content' | sed -n 's/^set-cookie: //p' | …)
+   *
+   * Ignored when `noTruncation: true` (raw-body mode for Jobs scheduler).
+   */
+  capture_response_headers?: string[];
 }
 
 /**
@@ -432,6 +476,19 @@ export interface ConnectorDefinition {
    */
   auth?: ConnectorAuth;
 
+  /**
+   * Connector-level HTTP runtime knobs. Apply to every `protocol: http`
+   * tool in this connector unless overridden per-tool.
+   *
+   * `verify_tls: false` disables TLS cert verification — necessary for
+   * appliances that ship self-signed certs (FortiNAC, ESXi, internal
+   * services). Set this ONLY for hosts you trust by IP; turning it off
+   * means an attacker on-path could impersonate the server.
+   */
+  http?: {
+    verify_tls?: boolean;
+  };
+
   // ─── 1:N suite — list of sibling entries sharing auth ──
   connectors?: ConnectorEntry[];
 

package/lib/help-docs/18-chrome-mcp.md

@@ -25,29 +25,44 @@ chrome-devtools-mcp  ──CDP──▶  Chrome (user's real instance)
 
 ### 1. Start Chrome with remote debugging enabled
 
-Quit all Chrome windows first (so the new instance can take the debug
-port).
+**Easiest path — use the bundled script:**
+```bash
+./scripts/chrome-mcp.sh restart    # stop + start with debug port 9222
+./scripts/chrome-mcp.sh status     # check whether port is up
+```
+Subcommands: `start`, `stop`, `restart`, `status`. Use `-p PORT` to override.
+
+**Manual path** — quit all Chrome windows first (so the new instance
+can take the debug port), then:
 
 **macOS:**
 ```bash
 /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
   --remote-debugging-port=9222 \
-  --user-data-dir="$HOME/Library/Application Support/Google/Chrome"
+  --user-data-dir="$HOME/.chrome-mcp-profile"
 ```
 
-The `--user-data-dir` argument keeps your normal profile (and all your
-logins) — drop it only if you want a fresh profile.
+**IMPORTANT — non-default profile required.** Chrome refuses to open
+the remote debug port on the default user-data-dir (security guard, so
+localhost code can't hijack your real Chrome with all its logins). The
+error message reads: `DevTools remote debugging requires a non-default
+data directory`.
+
+Use a separate path like `$HOME/.chrome-mcp-profile`. **One-time cost:**
+this profile starts empty, so you log in to NAC / Mantis / GitLab once
+inside it. Cookies persist across restarts — wipe with
+`rm -rf "$HOME/.chrome-mcp-profile"` if you want a fresh start.
 
 **Linux:**
 ```bash
-google-chrome --remote-debugging-port=9222 --user-data-dir="$HOME/.config/google-chrome"
+google-chrome --remote-debugging-port=9222 --user-data-dir="$HOME/.chrome-mcp-profile"
 ```
 
 **Windows:**
 ```powershell
 "C:\Program Files\Google\Chrome\Application\chrome.exe" `
   --remote-debugging-port=9222 `
-  --user-data-dir="$env:LOCALAPPDATA\Google\Chrome\User Data"
+  --user-data-dir="$env:USERPROFILE\.chrome-mcp-profile"
 ```
 
 Verify it worked: open `http://localhost:9222/json/version` in the new

package/lib/pipeline.ts

@@ -1930,8 +1930,8 @@ async function scheduleReadyNodes(pipeline: Pipeline, workflow: Workflow) {
     if (skillsAppend) {
       taskAppendSystemPromptOverrides.set(task.id, skillsAppend);
     }
-    // Pipeline tasks use the same model selection as normal tasks:
-    // agent model > global taskModel. No separate pipelineModel override.
+    // Pipeline tasks use the same model selection as normal tasks
+    // (per-task override > agent scene model > agent default).
 
     nodeState.status = 'running';
     nodeState.taskId = task.id;

package/lib/settings.ts

@@ -94,9 +94,6 @@ export interface Settings {
   notifyOnFailure: boolean;
   tunnelAutoStart: boolean;
   telegramTunnelPassword: string;
-  taskModel: string;
-  pipelineModel: string;
-  telegramModel: string;
   skipPermissions: boolean;
   manageClaudeConfig: boolean;
   notificationRetentionDays: number;
@@ -206,9 +203,6 @@ const defaults: Settings = {
   notifyOnFailure: true,
   tunnelAutoStart: false,
   telegramTunnelPassword: '',
-  taskModel: 'default',
-  pipelineModel: 'default',
-  telegramModel: 'sonnet',
   skipPermissions: false,
   manageClaudeConfig: true,
   notificationRetentionDays: 30,
@@ -310,6 +304,23 @@ export function loadSettings(): Settings {
         );
       }
     }
+    // taskModel / pipelineModel / telegramModel were removed: no UI ever
+    // exposed them, and the resolution chain now goes per-task override
+    // → agent scene model → agent default. Drop leftover keys; warn when
+    // they held a non-default value so the user knows their override
+    // stopped applying.
+    for (const k of ['taskModel', 'pipelineModel', 'telegramModel'] as const) {
+      if (k in parsed) {
+        const old = parsed[k];
+        delete parsed[k];
+        if (old && old !== '' && old !== 'default' && old !== 'sonnet') {
+          console.warn(
+            `[settings] ${k}="${old}" is no longer read. ` +
+            `Set the model on the relevant agent (settings.agents.<id>.models.task) instead.`,
+          );
+        }
+      }
+    }
     // Decrypt top-level secret fields
     for (const field of SECRET_FIELDS) {
       if (parsed[field] && isEncrypted(parsed[field])) {

package/lib/task-manager.ts

@@ -54,7 +54,7 @@ function db() {
   return getDb(getDbPath());
 }
 
-// Per-task model overrides (used by pipeline to set pipelineModel)
+// Per-task model overrides — top of the model-resolution chain.
 export const taskModelOverrides = new Map<string, string>();
 
 /**
@@ -514,12 +514,12 @@ function executeTask(task: Task): Promise<void> {
     const agentId = (task as any).agent || settings.defaultAgent || 'claude';
     const adapter = getAgent(agentId);
 
-    // Model priority: per-task override > agent scene model > global taskModel
-    // "default" means "no override" — fall through to next level
+    // Model priority: per-task override > agent scene model > 'default'
+    // (agent picks its own default). "default" means "no override".
     const agentCfg = settings.agents?.[agentId];
     const agentModel = agentCfg?.models?.task;
     const effectiveAgentModel = agentModel && agentModel !== 'default' ? agentModel : null;
-    const model = taskModelOverrides.get(task.id) || effectiveAgentModel || settings.taskModel;
+    const model = taskModelOverrides.get(task.id) || effectiveAgentModel || 'default';
     const supportsModel = adapter.config.capabilities?.supportsModel;
     const spawnOpts = adapter.buildTaskSpawn({
       projectPath: task.projectPath,

package/lib/telegram-bot.ts

@@ -736,7 +736,7 @@ async function handlePeek(chatId: number, projectArg?: string, sessionArg?: stri
     contextLen += line.length;
   }
 
-  const telegramModel = loadSettings().telegramModel || 'sonnet';
+  const telegramModel = 'sonnet';
   const summary = contextEntries.length > 3
     ? await aiSummarize(contextEntries.join('\n'), 'Summarize this Claude Code session in 2-3 sentences. What was the user working on? What is the current status? Answer in the same language as the content.')
     : '';
@@ -1353,7 +1353,7 @@ async function aiSummarize(content: string, instruction: string): Promise<string
   try {
     const settings = loadSettings();
     const claudePath = settings.claudePath || process.env.CLAUDE_PATH || 'claude';
-    const model = settings.telegramModel || 'sonnet';
+    const model = 'sonnet';
     const { execSync } = require('child_process');
     const { realpathSync } = require('fs');
 
@@ -1509,7 +1509,7 @@ async function handleDocs(chatId: number, input: string) {
   } catch {}
 
   const recent = entries.slice(-8).join('\n\n');
-  const tModel = loadSettings().telegramModel || 'sonnet';
+  const tModel = 'sonnet';
   const summary = entries.length > 3
     ? await aiSummarize(entries.slice(-15).join('\n'), 'Summarize this Claude Code session in 2-3 sentences. What was the user working on? What is the current status? Answer in the same language as the content.')
     : '';

package/lib/watch/watch-runner.ts

@@ -89,7 +89,11 @@ export function startWatchRunner(hooks: WatchRunnerHooks = {}): void {
     }
     let res;
     try {
-      res = await dispatchTool({ id: `watch-${w.id}-${w.polls}`, name: `${w.connector_id}.${w.poll_tool}`, input: w.poll_args }, { noTruncation: false } as any);
+      // noTruncation=true so http-protocol polls skip the "HTTP 200 OK · GET …"
+      // preamble — the body comes back as raw JSON so done_path/done_match can
+      // see it. (Without this, every http-protocol watch would silently never
+      // hit its done condition, e.g. jenkins.get_build never resolving.)
+      res = await dispatchTool({ id: `watch-${w.id}-${w.polls}`, name: `${w.connector_id}.${w.poll_tool}`, input: w.poll_args }, { noTruncation: true } as any);
     } catch (e) {
       res = { content: String(e), is_error: true };
     }
@@ -129,7 +133,21 @@ export function startWatchRunner(hooks: WatchRunnerHooks = {}): void {
     if (polls >= w.max_polls || now - w.created_at > w.timeout_sec * 1000) {
       return finish(w, 'timed_out', obj, `${w.label}: not done within ${w.max_polls} polls / ${w.timeout_sec}s — please verify manually.`);
     }
-    updateWatch(w.id, { polls, err_count: 0, next_poll_at: now + w.interval_sec * 1000 }, now);
+    // Persist the latest poll result + a tiny preview text on EVERY poll
+    // (not just terminal) so the Monitor / DB shows what the watch is
+    // actually seeing — crucial for diagnosing "polling forever, no done":
+    // usually means the done condition refers to a field the poll's
+    // result doesn't actually have.
+    const previewKeys = obj && typeof obj === 'object' && !Array.isArray(obj)
+      ? Object.keys(obj as Record<string, unknown>).slice(0, 8).join(', ')
+      : typeof obj;
+    updateWatch(w.id, {
+      polls,
+      err_count: 0,
+      next_poll_at: now + w.interval_sec * 1000,
+      last_result: obj,
+      last_text: `poll ${polls}/${w.max_polls} · keys: ${previewKeys}`,
+    }, now);
     emitProgress(w, obj, polls);
   };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.23",
+  "version": "0.10.26",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {
@@ -55,6 +55,7 @@
     "react-dom": "^19.2.4",
     "react-markdown": "^10.1.0",
     "remark-gfm": "^4.0.1",
+    "undici": "^8.3.0",
     "ws": "^8.19.0",
     "yaml": "^2.8.2",
     "zod": "^4.3.6"