@aion0/forge 0.10.3 → 0.10.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/RELEASE_NOTES.md +4 -4
- package/lib/agents/migrate.ts +9 -16
- package/package.json +1 -1
package/RELEASE_NOTES.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
# Forge v0.10.
|
|
1
|
+
# Forge v0.10.4
|
|
2
2
|
|
|
3
3
|
Released: 2026-05-30
|
|
4
4
|
|
|
5
|
-
## Changes since v0.10.
|
|
5
|
+
## Changes since v0.10.3
|
|
6
6
|
|
|
7
7
|
### Other
|
|
8
|
-
- fix(
|
|
8
|
+
- fix(migrate): backup raw settings.yaml bytes (don't leak plaintext secrets)
|
|
9
9
|
|
|
10
10
|
|
|
11
|
-
**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.
|
|
11
|
+
**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.3...v0.10.4
|
package/lib/agents/migrate.ts
CHANGED
|
@@ -24,9 +24,8 @@
|
|
|
24
24
|
* no-op (returns false, no save).
|
|
25
25
|
*/
|
|
26
26
|
|
|
27
|
-
import {
|
|
27
|
+
import { copyFileSync, existsSync } from 'node:fs';
|
|
28
28
|
import { join } from 'node:path';
|
|
29
|
-
import YAML from 'yaml';
|
|
30
29
|
import { getDataDir } from '../dirs';
|
|
31
30
|
import type { Settings } from '../settings';
|
|
32
31
|
|
|
@@ -130,23 +129,17 @@ function detectsLegacyShape(settings: Settings): boolean {
|
|
|
130
129
|
return false;
|
|
131
130
|
}
|
|
132
131
|
|
|
133
|
-
function writeBackup(
|
|
132
|
+
function writeBackup(_settings: Settings): void {
|
|
133
|
+
// Raw byte copy of settings.yaml — never re-serialize the decrypted
|
|
134
|
+
// in-memory form. v0.10.x shipped a YAML.stringify(settings) backup
|
|
135
|
+
// that leaked plaintext API tokens + ANTHROPIC_AUTH_TOKEN into the
|
|
136
|
+
// data dir. Fixed in v0.10.4+.
|
|
134
137
|
try {
|
|
138
|
+
const src = join(getDataDir(), 'settings.yaml');
|
|
139
|
+
if (!existsSync(src)) return;
|
|
135
140
|
const ts = Date.now();
|
|
136
141
|
const backupPath = join(getDataDir(), `settings.backup.agents-${ts}.yaml`);
|
|
137
|
-
|
|
138
|
-
_backup_note: 'Pre-migration snapshot of agent-related settings. Safe to delete after verifying migration worked.',
|
|
139
|
-
_backup_ts: new Date(ts).toISOString(),
|
|
140
|
-
agents: settings.agents,
|
|
141
|
-
defaultAgent: settings.defaultAgent,
|
|
142
|
-
chatAgent: settings.chatAgent,
|
|
143
|
-
telegramAgent: settings.telegramAgent,
|
|
144
|
-
docsAgent: settings.docsAgent,
|
|
145
|
-
telegramModel: settings.telegramModel,
|
|
146
|
-
taskModel: settings.taskModel,
|
|
147
|
-
pipelineModel: settings.pipelineModel,
|
|
148
|
-
};
|
|
149
|
-
writeFileSync(backupPath, YAML.stringify(slice), 'utf-8');
|
|
142
|
+
copyFileSync(src, backupPath);
|
|
150
143
|
console.log(`[migrate-agents] backup → ${backupPath}`);
|
|
151
144
|
} catch (err) {
|
|
152
145
|
console.warn('[migrate-agents] backup write failed (continuing anyway):', err instanceof Error ? err.message : err);
|
package/package.json
CHANGED