@aion0/forge 0.10.44 → 0.10.46

package/lib/auth/terminal-keystroke.ts

@@ -0,0 +1,245 @@
+/**
+ * Generic "type a command into the user's frontmost macOS Terminal,
+ * optionally feed an OTP at the prompt, scrape outcome" runner.
+ *
+ * The original use case is GitLab SSH 2FA refresh, but the mechanism
+ * is fully tenant-configurable via the wizard template's
+ * `_idp.post_login_terminal` array. Each entry is a TerminalSpec.
+ *
+ * Why this approach exists: corp VPNs (FortiClient) gate the tunnel
+ * by PID. Only the user's manually-launched Terminal session is
+ * whitelisted, so commands run by Forge-spawned processes don't
+ * reach internal hosts. Typing into the frontmost Terminal via
+ * AppleScript+System Events makes the command a direct child of
+ * that whitelisted PID.
+ */
+
+import { spawn } from 'node:child_process';
+
+export interface TerminalSpec {
+  name: string;
+  command: string;
+  needs_otp?: boolean;
+  /** Regexes to detect the OTP prompt in fresh Terminal output. */
+  prompt_markers?: string[];
+  /** Validity window (informational only, surfaced to UI). */
+  valid_minutes?: number;
+  /** Regex (case-insensitive). If transcript matches, force verdict=fail
+   *  even when exit code is 0. Needed when the command prints failure
+   *  text to stdout without setting a non-zero exit code (e.g. GitLab
+   *  `ssh ... 2fa_verify` on bad OTP). */
+  failure_match?: string;
+  /** Regex (case-insensitive). If specified and transcript does NOT match
+   *  on exit 0, force verdict=fail. Stronger than failure_match — use
+   *  when you know the exact success phrase. */
+  success_match?: string;
+}
+
+export interface TerminalResult {
+  name: string;
+  ok: boolean;
+  /** Resolved command — surfaced so UI can offer "run this manually" on failure. */
+  command: string;
+  error?: string;
+  transcript?: string;
+}
+
+const DEFAULT_PROMPT_MARKERS = ['OTP', 'Token', 'verification', 'code:'];
+
+interface AppleScriptResult { stdout: string; stderr: string; code: number | null }
+
+function runAppleScript(script: string, timeoutMs = 60_000): Promise<AppleScriptResult> {
+  return new Promise((resolve) => {
+    const p = spawn('osascript', [], { stdio: ['pipe', 'pipe', 'pipe'] });
+    let stdout = '', stderr = '';
+    p.stdout.on('data', (d) => { stdout += d.toString(); });
+    p.stderr.on('data', (d) => { stderr += d.toString(); });
+    const timer = setTimeout(() => { try { p.kill(); } catch {} }, timeoutMs);
+    p.on('close', (code) => { clearTimeout(timer); resolve({ stdout, stderr, code }); });
+    p.stdin.write(script);
+    p.stdin.end();
+  });
+}
+
+/**
+ * Type `spec.command` into the frontmost Terminal window, optionally
+ * paste `otp` when the prompt appears, and look for OK/FAIL marker.
+ * Strings are pasted via clipboard (not keystroke char-by-char) to
+ * avoid macOS's well-known character-drop bug on long strings.
+ */
+export async function runTerminalKeystroke(
+  spec: TerminalSpec,
+  otp?: string,
+): Promise<TerminalResult> {
+  if (process.platform !== 'darwin') {
+    return { name: spec.name, command: spec.command, ok: false, error: 'Keystroke mode is macOS-only.' };
+  }
+  if (spec.needs_otp) {
+    const cleaned = String(otp || '').replace(/\s+/g, '');
+    if (!/^\d{6,8}$/.test(cleaned)) {
+      return { name: spec.name, command: spec.command, ok: false, error: 'OTP must be 6–8 digits' };
+    }
+    otp = cleaned;
+  }
+  const tag = `${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
+  const markOk = `FORGE_TERM_OK_${tag}`;
+  const markFail = `FORGE_TERM_FAIL_${tag}`;
+  // Leading space → HIST_IGNORE_SPACE keeps it out of shell history.
+  // Two atomic markers avoid the partial-render race we hit earlier.
+  const cmd = ` ${spec.command} && echo "${markOk}" || echo "${markFail}"`;
+
+  const esc = (s: string) => s.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+  const markers = (spec.prompt_markers && spec.prompt_markers.length
+    ? spec.prompt_markers
+    : DEFAULT_PROMPT_MARKERS
+  ).map(esc);
+  const promptCheck = markers.map((m) => `fresh contains "${m}"`).join(' or ');
+
+  const lines: string[] = [
+    'set savedClip to ""',
+    'try',
+    '  set savedClip to (the clipboard as text)',
+    'end try',
+    'tell application "Terminal" to activate',
+    'delay 0.4',
+    'tell application "Terminal"',
+    '  set baseline to (contents of front window as text)',
+    'end tell',
+    'set baseLen to count of baseline',
+    `set the clipboard to "${esc(cmd)}"`,
+    'delay 0.1',
+    'tell application "System Events"',
+    '  keystroke "v" using {command down}',
+    '  delay 0.15',
+    '  key code 36',
+    'end tell',
+  ];
+
+  if (spec.needs_otp) {
+    lines.push(
+      'set promptDeadline to (current date) + 20',
+      'set sawPrompt to false',
+      'repeat',
+      '  if (current date) > promptDeadline then exit repeat',
+      '  delay 0.4',
+      '  try',
+      '    tell application "Terminal"',
+      '      set txt to contents of front window as text',
+      '    end tell',
+      '    set fresh to txt',
+      '    if (count of txt) > baseLen then',
+      '      try',
+      '        set fresh to text (baseLen + 1) thru -1 of txt',
+      '      end try',
+      '    end if',
+      `    if ${promptCheck} then`,
+      '      set sawPrompt to true',
+      '      exit repeat',
+      '    end if',
+      '  end try',
+      'end repeat',
+      'if not sawPrompt then',
+      '  set the clipboard to savedClip',
+      '  return "noprompt|no prompt detected after 20s"',
+      'end if',
+      'delay 0.3',
+      `set the clipboard to "${esc(otp!)}"`,
+      'delay 0.1',
+      'tell application "System Events"',
+      '  keystroke "v" using {command down}',
+      '  delay 0.15',
+      '  key code 36',
+      'end tell',
+    );
+  }
+
+  lines.push(
+    'set t0 to current date',
+    'set verdict to "timeout"',
+    'set tail to ""',
+    'repeat',
+    '  if ((current date) - t0) > 30 then exit repeat',
+    '  delay 0.4',
+    '  try',
+    '    tell application "Terminal"',
+    '      set txt to contents of front window as text',
+    '    end tell',
+    `    if txt contains "${markOk}" then`,
+    '      set verdict to "ok"',
+    // Capture tail on OK branch too — caller may regex-check it to
+    // override exit-code-based verdict (e.g. GitLab 2fa_verify exits
+    // 0 but prints failure text on bad OTP).
+    '      if (length of txt) > 400 then',
+    '        set tail to text -400 thru -1 of txt',
+    '      else',
+    '        set tail to txt',
+    '      end if',
+    '      exit repeat',
+    `    else if txt contains "${markFail}" then`,
+    '      set verdict to "fail"',
+    '      if (length of txt) > 400 then',
+    '        set tail to text -400 thru -1 of txt',
+    '      else',
+    '        set tail to txt',
+    '      end if',
+    '      exit repeat',
+    '    end if',
+    '  on error errMsg',
+    '    set the clipboard to savedClip',
+    '    return "error:" & errMsg',
+    '  end try',
+    'end repeat',
+    'set the clipboard to savedClip',
+    'return verdict & "|" & tail',
+  );
+
+  const r = await runAppleScript(lines.join('\n'), 60_000);
+  const out = (r.stdout || '').trim();
+  if (r.code !== 0) {
+    const err = (r.stderr || '').trim();
+    if (/not authorized.*assistive|accessibility|tcc/i.test(err)) {
+      return {
+        name: spec.name,
+        command: spec.command,
+        ok: false,
+        error:
+          'Accessibility permission required. Open System Settings → ' +
+          'Privacy & Security → Accessibility, add node/Forge and enable it.',
+      };
+    }
+    if (/-1719|no window|application isn.t running/i.test(err)) {
+      return {
+        name: spec.name,
+        command: spec.command,
+        ok: false,
+        error: 'No Terminal window open. Open one and retry.',
+      };
+    }
+    return { name: spec.name, command: spec.command, ok: false, error: `osascript failed (code ${r.code}): ${err || out}` };
+  }
+  const [verdict, ...rest] = out.split('|');
+  const tail = rest.join('|');
+  if (verdict === 'ok') {
+    // Transcript-based override: some commands report failure via stdout
+    // text instead of non-zero exit (e.g. GitLab 2fa_verify).
+    if (spec.failure_match) {
+      try {
+        if (new RegExp(spec.failure_match, 'i').test(tail)) {
+          return { name: spec.name, command: spec.command, ok: false, error: 'transcript matched failure pattern', transcript: tail };
+        }
+      } catch { /* invalid regex — skip */ }
+    }
+    if (spec.success_match) {
+      try {
+        if (!new RegExp(spec.success_match, 'i').test(tail)) {
+          return { name: spec.name, command: spec.command, ok: false, error: 'transcript did not match success pattern', transcript: tail };
+        }
+      } catch { /* invalid regex — skip */ }
+    }
+    return { name: spec.name, command: spec.command, ok: true, transcript: tail };
+  }
+  if (verdict === 'fail') return { name: spec.name, command: spec.command, ok: false, error: 'command exited non-zero', transcript: tail };
+  if (verdict === 'noprompt') return { name: spec.name, command: spec.command, ok: false, error: tail || 'No prompt appeared' };
+  if (verdict.startsWith('error:')) return { name: spec.name, command: spec.command, ok: false, error: verdict.slice(6) };
+  return { name: spec.name, command: spec.command, ok: false, error: 'timed out reading Terminal' };
+}

package/lib/chat/link-patterns.ts

@@ -81,6 +81,17 @@ export const LINK_PATTERNS: LinkPattern[] = [
     url: 'https://nvd.nist.gov/vuln/detail/{1}',
     label: '{1}',
   },
+  // Forge scratch-dir files. LLMs frequently emit paths like
+  // `scratch/foo.md` when they write reports during chat-launched tasks.
+  // Turn them into clickable links served by /api/scratch/<path>.
+  // Match path segments + filename with extension; bound to a known set
+  // of extensions to avoid linkifying noise like `scratch/notes`.
+  {
+    id: 'scratch-file',
+    regex: /\bscratch\/([\w\-./]+?\.(?:md|txt|json|yaml|yml|csv|log|html|pdf|png|jpg|jpeg|gif|svg))\b/gi,
+    url: '/api/scratch/{1}',
+    label: 'scratch/{1}',
+  },
 ];
 
 export interface CompiledPattern {

package/lib/chat/session-store.ts

@@ -278,11 +278,14 @@ export function listMessages(session_id: string, opts?: { limit?: number; after_
   ensureSchema();
   const limit = opts?.limit ?? 500;
   const after = opts?.after_ts ?? 0;
+  // Take the LAST N matching (DESC + LIMIT) then reverse to chronological
+  // order for the caller. ASC + LIMIT was returning the OLDEST N, so a
+  // session with >limit messages looked frozen at message #N's timestamp.
   const rows = db().prepare(`
     SELECT * FROM chat_messages WHERE session_id = ? AND ts > ?
-    ORDER BY ts ASC LIMIT ?
+    ORDER BY ts DESC LIMIT ?
   `).all(session_id, after, limit) as MessageRow[];
-  return rows.map(rowToMessage);
+  return rows.map(rowToMessage).reverse();
 }
 
 /** Last N messages in chronological order — used by agent-loop to cap LLM context. */

package/lib/chat/tool-dispatcher.ts

@@ -305,6 +305,39 @@ const BUILTINS: Record<string, BuiltinHandler> = {
     return out.join('\n');
   },
 
+  // Save raw content to <dataDir>/scratch/<filename>. The chat UI auto-links
+  // any prose mention of `scratch/<filename>` (link-patterns.ts) so the user
+  // gets a download link in the response. Prefer this over dispatch_task for
+  // "save / create / export a file" asks — the LLM already has the content
+  // in context, no need to spawn a CLI task that may write elsewhere.
+  save_scratch_file: async (input) => {
+    const params = (input as { filename?: string; content?: string } | undefined) || {};
+    const filename = (params.filename || '').trim();
+    const content = params.content == null ? '' : String(params.content);
+    if (!filename) return JSON.stringify({ ok: false, error: 'filename is required' });
+    if (filename.includes('..') || filename.startsWith('/') || filename.includes('\0')) {
+      return JSON.stringify({ ok: false, error: 'filename must be a bare relative name (no .. / leading /)' });
+    }
+    const { getDataDir } = await import('../dirs');
+    const { join, resolve } = await import('node:path');
+    const { mkdir, writeFile } = await import('node:fs/promises');
+    const scratchRoot = join(getDataDir(), 'scratch');
+    const target = resolve(scratchRoot, filename);
+    if (!target.startsWith(scratchRoot + '/') && target !== scratchRoot) {
+      return JSON.stringify({ ok: false, error: 'resolved path escapes scratch dir' });
+    }
+    const { dirname } = await import('node:path');
+    await mkdir(dirname(target), { recursive: true });
+    await writeFile(target, content, 'utf8');
+    return JSON.stringify({
+      ok: true,
+      path: `scratch/${filename}`,
+      url: `/api/scratch/${filename}`,
+      bytes: Buffer.byteLength(content, 'utf8'),
+      hint: 'Tell the user the file is ready and reference it inline as `scratch/' + filename + '` — chat will render a download link automatically.',
+    });
+  },
+
   // Dispatch a one-shot background task. Agent + skills optional; project is
   // required (defaults to 'scratch' if not given). Returns the task id; the
   // caller can ask "what's the status of task <id>?" later — we don't block.
@@ -617,6 +650,24 @@ export const BUILTIN_TOOL_DEFS: BuiltinToolDef[] = [
       required: ['prompt'],
     },
   },
+  {
+    name: 'save_scratch_file',
+    description: 'Save text content to a file under <dataDir>/scratch/ and return a clickable download URL. USE THIS — not dispatch_task — when the user says "save this to a file", "create a file with X", "export the results", "give me a downloadable copy". The LLM provides the content directly (you already have it in context); no CLI task needed. Chat will auto-link any `scratch/<filename>` mention in your reply as a download link, so just mention the returned path in prose. Scratch is EPHEMERAL — files are auto-deleted after settings.scratchRetentionDays (default 7 days); tell the user this when handing over the link. Filename must be a bare relative name (no .. or /). Allowed extensions for the auto-link: .md .txt .json .yaml .yml .csv .log .html .pdf .png .jpg .jpeg .gif .svg.',
+    input_schema: {
+      type: 'object',
+      properties: {
+        filename: {
+          type: 'string',
+          description: 'Bare filename like "top5_bugs_20260608.md" — relative, no path traversal. Prefer descriptive names with a date stamp.',
+        },
+        content: {
+          type: 'string',
+          description: 'Full file content as a UTF-8 string.',
+        },
+      },
+      required: ['filename', 'content'],
+    },
+  },
   {
     name: 'get_task_status',
     description: "Check a dispatched Forge task's status + result by id. Pass task_id (returned by dispatch_task). Returns JSON: {id, status: 'queued'|'running'|'done'|'failed'|'cancelled', terminal: bool, project, result_summary?, error?, completed_at?}. For start_watch, use done_path=\"terminal\" (fires on done/failed/cancelled) or done_match={path:\"status\",equals:\"done\"}.",
@@ -987,26 +1038,47 @@ export async function dispatchTool(
   // can say "build fortinac" without spelling out the job path every
   // time. Strict: only string args, only when missing or blank, only
   // when the default is non-empty.
-  // Stem-strip param + setting suffixes so default_project_path can fill a
-  // project_id arg (GitLab accepts URL-encoded paths as :id, and the wizard
-  // baked the user's default as `_path`). Exact match wins; stem match is
-  // the safety net.
+  //
+  // Two-pass with consumed-default tracking. Exact `default_<pname>`
+  // wins (e.g. `default_project_name` → `project_name` arg). Stem
+  // match is the safety net (e.g. `default_project_path` → `project_id`
+  // arg, since GitLab accepts URL-encoded paths as :id). The consumed
+  // set keeps a default value from polluting MULTIPLE sibling params —
+  // before this, both `project_id` AND `project_name` would receive
+  // the same value from `default_project`, breaking Mantis where
+  // project_id must be numeric.
   const stem = (n: string) => n.replace(/_(id|path|name|key|slug)$/, '');
-  for (const pname of Object.keys(located.tool.parameters || {})) {
-    const current = argInput[pname];
-    if (current != null && !(typeof current === 'string' && current.trim() === '')) continue;
-    let fallback = (effectiveSettings as any)?.[`default_${pname}`];
-    if (typeof fallback !== 'string' || !fallback.trim()) {
-      const want = stem(pname);
-      for (const k of Object.keys(effectiveSettings || {})) {
-        if (!k.startsWith('default_')) continue;
-        if (stem(k.slice('default_'.length)) !== want) continue;
-        const v = (effectiveSettings as any)[k];
-        if (typeof v === 'string' && v.trim()) { fallback = v; break; }
-      }
+  const paramNames = Object.keys(located.tool.parameters || {});
+  const isMissing = (pname: string) => {
+    const v = argInput[pname];
+    return v == null || (typeof v === 'string' && v.trim() === '');
+  };
+  const consumed = new Set<string>();
+  // Pass 1 — exact default_<pname> matches.
+  for (const pname of paramNames) {
+    if (!isMissing(pname)) continue;
+    const key = `default_${pname}`;
+    const v = (effectiveSettings as any)?.[key];
+    if (typeof v === 'string' && v.trim() !== '') {
+      argInput[pname] = v;
+      consumed.add(key);
     }
-    if (typeof fallback === 'string' && fallback.trim() !== '') {
-      argInput[pname] = fallback;
+  }
+  // Pass 2 — stem-match for still-unfilled params, skipping defaults
+  // already consumed by pass 1.
+  for (const pname of paramNames) {
+    if (!isMissing(pname)) continue;
+    const want = stem(pname);
+    for (const k of Object.keys(effectiveSettings || {})) {
+      if (consumed.has(k)) continue;
+      if (!k.startsWith('default_')) continue;
+      if (stem(k.slice('default_'.length)) !== want) continue;
+      const v = (effectiveSettings as any)[k];
+      if (typeof v === 'string' && v.trim() !== '') {
+        argInput[pname] = v;
+        consumed.add(k);
+        break;
+      }
     }
   }
 

package/lib/connectors/migration.ts

@@ -108,3 +108,58 @@ export function migrateConnectorConfigs(): { migrated: number; skipped: number }
 
   return { migrated, skipped };
 }
+
+/**
+ * One-shot setting-key renames inside connector-configs.json. Add a
+ * row when a manifest renames a setting field — the rename is applied
+ * on disk so the new schema's UI fields stay populated for upgrading
+ * users. Running getInstalledConnector's read-time alias can't do this
+ * alone: if the user opens the settings UI between an alias-aware READ
+ * and a save, they save an empty value back over the legacy key (Forge
+ * settings GET/POST round-trips against the NEW manifest schema and
+ * the old key disappears entirely).
+ *
+ * Idempotent: once renamed, the legacy key is gone and the loop is a
+ * no-op on subsequent runs.
+ */
+const CONNECTOR_KEY_RENAMES: Array<{ id: string; from: string; to: string }> = [
+  // mantis v0.27.0 (Forge v0.10.45): rename so the dispatcher's exact-
+  // match default-fill targets project_name and stops polluting
+  // project_id (a number param) with a string value. See
+  // applyLegacyConfigAliases in registry.ts for the read-time safety net.
+  { id: 'mantis', from: 'default_project', to: 'default_project_name' },
+];
+
+export function migrateConnectorSettingKeys(): { renamed: number } {
+  const newPath = connectorConfigsPath();
+  if (!existsSync(newPath)) return { renamed: 0 };
+  let store: Record<string, ConnectorConfigRow>;
+  try { store = JSON.parse(readFileSync(newPath, 'utf-8')); }
+  catch { return { renamed: 0 }; }
+  let renamed = 0;
+  for (const rule of CONNECTOR_KEY_RENAMES) {
+    const row = store[rule.id];
+    if (!row?.config) continue;
+    const cfg = row.config as Record<string, unknown>;
+    const legacy = cfg[rule.from];
+    const current = cfg[rule.to];
+    // Only act when the LEGACY key has a real value AND the new key is
+    // either absent or blank. If the user has already set the new key
+    // (even by re-saving the form), respect that.
+    const hasLegacy = typeof legacy === 'string' ? legacy.trim() !== '' : legacy != null;
+    const hasCurrent = typeof current === 'string' ? current.trim() !== '' : current != null;
+    if (hasLegacy && !hasCurrent) {
+      cfg[rule.to] = legacy;
+      delete cfg[rule.from];
+      renamed += 1;
+      console.log(`[connectors] migration: ${rule.id}.${rule.from} → ${rule.id}.${rule.to}`);
+    } else if (hasLegacy && hasCurrent) {
+      // New key already set — drop the legacy key so it doesn't shadow.
+      delete cfg[rule.from];
+    }
+  }
+  if (renamed > 0) {
+    writeFileSync(newPath, JSON.stringify(store, null, 2), { mode: 0o600 });
+  }
+  return { renamed };
+}

package/lib/connectors/registry.ts

@@ -317,7 +317,7 @@ export function listInstalledConnectors(): InstalledConnector[] {
     if (!row) continue; // manifest on disk but no config row → not installed
     out.push({
       definition: def,
-      config: row.config || {},
+      config: applyLegacyConfigAliases(id, row.config || {}),
       installed_version: row.installed_version || def.version,
       enabled: row.enabled !== false,
       installed_source_id: row.installed_source_id,
@@ -332,9 +332,10 @@ export function getInstalledConnector(id: string): InstalledConnector | null {
   if (!def) return null;
   const row = loadStore()[id];
   if (!row) return null;
+  const config = applyLegacyConfigAliases(id, row.config || {});
   return {
     definition: def,
-    config: row.config || {},
+    config,
     installed_version: row.installed_version || def.version,
     enabled: row.enabled !== false,
     installed_source_id: row.installed_source_id,
@@ -342,6 +343,23 @@ export function getInstalledConnector(id: string): InstalledConnector | null {
   };
 }
 
+/**
+ * Per-connector backwards-compat for setting renames. Lets us evolve
+ * default_<param> keys (e.g. `default_project` → `default_project_name`
+ * for mantis v0.27.0) without forcing every existing user to re-fill
+ * the wizard. New name wins when both are set.
+ */
+function applyLegacyConfigAliases(id: string, config: Record<string, unknown>): Record<string, unknown> {
+  if (id === 'mantis' && config.default_project && !config.default_project_name) {
+    // Rename (not duplicate): leaving the legacy key around lets the
+    // dispatcher's pass-2 stem-match still fire it into project_id,
+    // which is a number param Mantis can't resolve from a string.
+    const { default_project, ...rest } = config;
+    return { ...rest, default_project_name: default_project };
+  }
+  return config;
+}
+
 /**
  * Install (or upgrade) a connector by writing its manifest YAML and
  * recording the version in the config store. Existing user config is

package/lib/connectors/sync.ts

@@ -28,7 +28,7 @@ import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { loadSettings } from '../settings';
 import { getDataDir } from '../dirs';
-import { listEnterpriseSources, type EnterpriseSource } from '../enterprise';
+import { listEnterpriseSources, parseKey, type EnterpriseSource } from '../enterprise';
 import { getConnector, installConnector, listConfigOnlyIds, listInstalledConnectors } from './registry';
 import type { ConnectorMarketEntry } from './types';
 
@@ -286,6 +286,26 @@ function cacheBust(): string {
   return `?_t=${Date.now()}`;
 }
 
+/**
+ * Validate an enterprise key by fetching registry.json from its repo
+ * before persisting. Catches: bad format, expired/wrong PAT (401/403),
+ * repo not granted (404), network unreachable. Pure probe — no writes.
+ */
+export async function probeEnterpriseKey(
+  rawKey: string,
+): Promise<{ ok: true; tenant_id: string } | { ok: false; error: string }> {
+  const parsed = parseKey(rawKey.trim(), 0);
+  if ('error' in parsed) return { ok: false, error: parsed.error };
+  const source = enterpriseToSource(parsed, 0);
+  try {
+    await fetchSourceFile(source, 'registry.json');
+    return { ok: true, tenant_id: parsed.tenant_id };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, error: msg };
+  }
+}
+
 /**
  * Enterprise sources only, in configured priority order. Workflow-
  * marketplace shares these — one enterprise repo serves connectors

package/lib/crypto.ts

@@ -63,5 +63,5 @@ export function hashSecret(value: string): string {
 }
 
 /** Secret field names in settings */
-export const SECRET_FIELDS = ['telegramBotToken', 'telegramTunnelPassword', 'temperKey', 'smtpPassword'] as const;
+export const SECRET_FIELDS = ['telegramBotToken', 'telegramTunnelPassword', 'temperKey', 'smtpPassword', 'idpSavedUsername', 'idpSavedPassword'] as const;
 export type SecretField = typeof SECRET_FIELDS[number];

package/lib/enterprise.ts

@@ -38,7 +38,11 @@ function preview(key: string): string {
 }
 
 export function parseKey(key: string, priority: number): EnterpriseSource | { error: string } {
-  const trimmed = key.trim();
+  // Strip every whitespace + zero-width char — pastes from Teams/email/
+  // wiki often carry trailing \r\n, line-wraps, or invisible separators.
+  // Valid keys have no internal whitespace (PAT alphanumeric + '_',
+  // repo URL has no spaces).
+  const trimmed = key.replace(/[\s\u200B-\u200F\u202A-\u202E\u2060\uFEFF]/g, '');
   if (!trimmed) return { error: 'empty' };
 
   const longMatch = trimmed.match(LONG_RE);

package/lib/init.ts

@@ -110,6 +110,10 @@ export function ensureInitialized() {
     } catch (e) { console.warn('[init] migratePluginSecrets failed:', (e as Error).message); }
   });
   time('cleanupNotifications', () => { try { const { cleanupNotifications } = require('./notifications'); cleanupNotifications(); } catch {} });
+  time('startScratchCleanup', () => {
+    try { const { startScratchCleanup } = require('./scratch-cleanup'); startScratchCleanup(); }
+    catch (e) { console.warn('[init] startScratchCleanup failed:', (e as Error).message); }
+  });
   time('autoDetectAgents', autoDetectAgents);
   time('logToolStatus', () => {
     try { const { logToolStatus } = require('./health'); logToolStatus(); }
@@ -156,8 +160,12 @@ export function ensureInitialized() {
   // installed_version to decide what to refresh).
   try {
     time('migrateConnectorConfigs', () => {
-      const { migrateConnectorConfigs } = require('./connectors/migration');
+      const { migrateConnectorConfigs, migrateConnectorSettingKeys } = require('./connectors/migration');
       migrateConnectorConfigs();
+      // Setting-key renames (e.g. mantis default_project → default_project_name).
+      // Run after the file-level migration so we touch the canonical
+      // connector-configs.json, not the legacy plugin-configs.json.
+      migrateConnectorSettingKeys();
     });
   } catch (err) {
     console.warn('[connectors] migration failed:', err);

package/lib/scratch-cleanup.ts

@@ -0,0 +1,64 @@
+/**
+ * Scratch directory janitor — deletes stale files under <dataDir>/scratch/.
+ *
+ * The save_scratch_file chat tool drops generated reports here so the user
+ * can download them; without periodic sweeping the directory grows forever.
+ * Retention is settings.scratchRetentionDays (default 7).
+ *
+ * Conservative scope: only sweeps PLAIN FILES at the top level of scratch/.
+ * - Skips dotfiles (.mcp.json, .claude/, .forge/) — Forge/Claude project state
+ * - Skips CLAUDE.md — scratch project marker
+ * - Skips subdirectories — could be user-created project trees we don't own
+ */
+
+import { readdirSync, statSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+import { getDataDir } from './dirs';
+import { loadSettings } from './settings';
+
+const DEFAULT_RETENTION_DAYS = 7;
+const ONE_DAY_MS = 24 * 60 * 60 * 1000;
+
+function retentionMs(): number {
+  let days = DEFAULT_RETENTION_DAYS;
+  try {
+    const s = loadSettings() as any;
+    const v = Number(s?.scratchRetentionDays);
+    if (Number.isFinite(v) && v > 0) days = v;
+  } catch { /* settings unreadable — fall back to default */ }
+  return days * ONE_DAY_MS;
+}
+
+export function cleanupScratch(): { scanned: number; deleted: number; freedBytes: number } {
+  const root = join(getDataDir(), 'scratch');
+  let scanned = 0, deleted = 0, freedBytes = 0;
+  const maxAge = retentionMs();
+  const cutoff = Date.now() - maxAge;
+  let entries: string[] = [];
+  try { entries = readdirSync(root); } catch { return { scanned, deleted, freedBytes }; }
+  for (const name of entries) {
+    if (name.startsWith('.')) continue;
+    if (name === 'CLAUDE.md') continue;
+    const p = join(root, name);
+    let st;
+    try { st = statSync(p); } catch { continue }
+    if (!st.isFile()) continue;
+    scanned++;
+    if (st.mtimeMs > cutoff) continue;
+    try { unlinkSync(p); deleted++; freedBytes += st.size; }
+    catch (e) { console.warn('[scratch-cleanup] unlink failed:', p, (e as Error).message); }
+  }
+  if (deleted > 0) {
+    console.log(`[scratch-cleanup] deleted ${deleted}/${scanned} files, freed ${freedBytes} bytes`);
+  }
+  return { scanned, deleted, freedBytes };
+}
+
+let started = false;
+export function startScratchCleanup(): void {
+  if (started) return;
+  started = true;
+  // Run once shortly after boot (don't block ensureInitialized), then every 24h.
+  setTimeout(() => { try { cleanupScratch(); } catch (e) { console.warn('[scratch-cleanup]', (e as Error).message); } }, 30_000);
+  setInterval(() => { try { cleanupScratch(); } catch (e) { console.warn('[scratch-cleanup]', (e as Error).message); } }, ONE_DAY_MS);
+}