@aion0/forge 0.10.27 → 0.10.28

package/RELEASE_NOTES.md

@@ -1,14 +1,11 @@
-# Forge v0.10.27
+# Forge v0.10.28
 
 Released: 2026-06-02
 
-## Changes since v0.10.26
+## Changes since v0.10.27
 
 ### Other
-- fix(chat): atomic tool_use+tool_result cap + raise budget 8k→32k
-- fix(http): scope slash-collapse to pathname only (don't touch query/fragment)
-- fix(http): collapse double-slash in URLs (base_url trailing-slash bug)
-- fix(connector-test): wrap applyAuth + route handler so errors come back as JSON
+- fix(login-status): remove GitLab 2FA row — 2fa_verify is interactive, can't probe
 
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.26...v0.10.27
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.27...v0.10.28

package/lib/auth/login-status.ts

@@ -19,7 +19,6 @@
 
 import { existsSync, readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
-import { spawn } from 'node:child_process';
 import { getDataDir } from '../dirs';
 import { listConnectorIds, getConnector, getInstalledConnector } from '../connectors/registry';
 import { runConnectorTest } from '../connectors/test-runner';
@@ -151,40 +150,15 @@ export function listSources(): LoginSource[] {
     });
   }
 
-  // 2. External: GitLab 2FA — derive SSH host from the gitlab
-  //    connector. Only surface this row if gitlab connector is
-  //    installed; otherwise it's noise.
-  const gitlabHost = getGitLabHost();
-  if (gitlabHost) {
-    out.push({
-      id: 'ext:gitlab-2fa',
-      label: 'GitLab 2FA',
-      category: 'external',
-      detail: `ssh git@${gitlabHost} 2fa_verify (BatchMode)`,
-      refresh: {
-        kind: 'show-command',
-        command: `ssh git@${gitlabHost} 2fa_verify`,
-        description:
-          'Run in a terminal — it will prompt for your 2FA token. Once accepted, future git fetch/push work for a while.',
-      },
-    });
-  }
+  // GitLab 2FA used to be an external row here, but `2fa_verify` is
+  // interactive auth (not a probe) and bare SSH greet doesn't catch
+  // expiry. Removed in favour of a static hint on the GitLab
+  // connector itself — user copies the command when they actually
+  // hit a 2FA expiry instead of being nagged proactively.
 
   return out;
 }
 
-/** Pull the gitlab connector's host from its installed base_url, if any. */
-function getGitLabHost(): string | null {
-  try {
-    const inst = getInstalledConnector('gitlab');
-    const baseUrl = (inst?.config as any)?.base_url as string | undefined;
-    if (!baseUrl) return null;
-    return new URL(baseUrl).hostname || null;
-  } catch {
-    return null;
-  }
-}
-
 // ─── Checks ─────────────────────────────────────────────────────────
 
 /**
@@ -197,8 +171,6 @@ export async function checkSource(source: LoginSource): Promise<LoginCheckResult
 
   if (source.id.startsWith('connector:')) {
     r = await checkConnector(source.id.slice('connector:'.length));
-  } else if (source.id === 'ext:gitlab-2fa') {
-    r = await checkGitLab2fa();
   } else {
     r = { ok: false, message: `unknown source ${source.id}` };
   }
@@ -229,58 +201,6 @@ async function checkConnector(
   }
 }
 
-async function checkGitLab2fa(): Promise<Omit<LoginCheckResult, 'checked_at' | 'duration_ms'>> {
-  const host = getGitLabHost();
-  if (!host) {
-    return {
-      ok: false,
-      message: 'gitlab connector not installed or base_url empty',
-    };
-  }
-  // Passive probe: SSH to the host with NO command. gitlab-shell prints
-  // "Welcome to GitLab, @user!" then closes — only triggers SSH key auth,
-  // never the interactive 2fa_verify push. Used here purely to confirm
-  // the SSH path + key + server are all reachable; if your setup gates
-  // git operations behind a separate 2FA window, this won't catch that
-  // (no known passive 2FA-status command).
-  return new Promise((resolve) => {
-    const proc = spawn(
-      'ssh',
-      ['-o', 'BatchMode=yes', '-o', 'ConnectTimeout=30', `git@${host}`],
-      { stdio: ['ignore', 'pipe', 'pipe'] },
-    );
-    let stdout = '';
-    let stderr = '';
-    const timer = setTimeout(() => {
-      try { proc.kill('SIGTERM'); } catch {}
-      resolve({ ok: false, message: 'timeout after 35s — host unreachable' });
-    }, 35_000);
-    proc.stdout?.on('data', (b) => { stdout += b.toString('utf-8'); });
-    proc.stderr?.on('data', (b) => { stderr += b.toString('utf-8'); });
-    proc.on('close', (code) => {
-      clearTimeout(timer);
-      const combined = (stdout + '\n' + stderr).trim().replace(/\s+/g, ' ');
-      // gitlab-shell exits 0 on greeting; "Welcome to GitLab" is the
-      // success marker regardless of exit code (some setups exit 1 with
-      // PTY warnings on stderr but still authenticate).
-      const welcomed = /Welcome to GitLab/i.test(combined);
-      if (welcomed) {
-        const m = combined.match(/Welcome to GitLab,?\s*@?[\w.-]+!?/i);
-        resolve({ ok: true, message: m ? m[0] : 'gitlab-shell greeted ok' });
-      } else {
-        resolve({
-          ok: false,
-          message: `exit ${code}: ${combined.slice(0, 400) || '(no output)'}`,
-        });
-      }
-    });
-    proc.on('error', (e) => {
-      clearTimeout(timer);
-      resolve({ ok: false, message: e.message });
-    });
-  });
-}
-
 // ─── Bulk view ──────────────────────────────────────────────────────
 
 export function listStatus(): LoginStatusRow[] {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.27",
+  "version": "0.10.28",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {