@aion0/forge 0.10.68 → 0.10.70

package/RELEASE_NOTES.md

@@ -1,8 +1,23 @@
-# Forge v0.10.68
+# Forge v0.10.70
 
-Released: 2026-06-10
+Released: 2026-06-11
 
-## Changes since v0.10.67
+## Changes since v0.10.69
 
+### Other
+- revert: remove CLI quick-setup wizard + AUTH_SECRET persist (keep BRIDGE/CHAT port fixes)
+- feat(setup): ask for department in enterprise wizard
+- fix(auth): persist AUTH_SECRET so sessions survive refresh/restart
+- fix(server): per-instance CHAT_PORT (webPort+5) — fixes 2nd-instance settings/sync
+- feat(server): minimal first-run quick setup (public/enterprise)
+- revert: remove first-run wizard + AUTH_SECRET persist + onboarding tweaks
+- fix(setup): skip first-run wizard when instance already configured
+- fix(setup): normalize half-typed email against tenant domain
+- fix(auth): persist AUTH_SECRET so sessions survive refresh/restart
+- fix(onboarding): show banner only, don't auto-open the modal each load
+- fix(server): per-instance BRIDGE_PORT (webPort+4) + wizard sets onboardingCompleted
+- feat(server): first-run public/enterprise quick-setup wizard
+- fix(pipeline): run finalizePipeline on git-preflight abort
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.67...v0.10.68
+
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.69...v0.10.70

package/bin/forge-server.mjs

@@ -123,6 +123,19 @@ const workspacePort = parseInt(getArg('--workspace-port')) || (webPort + 2);
 // second instance (dev-test on a different webPort) collided with the
 // main instance. Offset from webPort like every other service.
 const mcpPort = parseInt(getArg('--mcp-port')) || (webPort + 3);
+// Browser-bridge standalone. Was hardcoded to 8407 everywhere (standalone,
+// bridge-info route, extension fallback), so a second instance (e.g. --port
+// 4000) reused the 8403 instance's bridge → the extension connected to the
+// wrong instance and its token was rejected. Offset from webPort like the
+// others; default 8403+4 = 8407 keeps existing single-instance pairings.
+const bridgePort = parseInt(getArg('--bridge-port')) || (webPort + 4);
+// Chat standalone. Was hardcoded to 8408 everywhere — a second instance
+// (--port 4000) failed to bind it, then its next-server fell back to the
+// 8408 default and hit the FIRST instance's chat standalone with a token
+// signed for the wrong instance → "Sync failed: unauthorized" on
+// settings/marketplace. Offset like bridge; default 8403+5 = 8408 keeps
+// existing single-instance behaviour.
+const chatPort = parseInt(getArg('--chat-port')) || (webPort + 5);
 const DATA_DIR = getArg('--dir')?.replace(/^~/, homedir()) || join(homedir(), '.forge', 'data');
 
 const PID_FILE = join(DATA_DIR, 'forge.pid');
@@ -245,6 +258,8 @@ process.env.PORT = String(webPort);
 process.env.TERMINAL_PORT = String(terminalPort);
 process.env.WORKSPACE_PORT = String(workspacePort);
 process.env.MCP_PORT = String(mcpPort);
+process.env.BRIDGE_PORT = String(bridgePort);
+process.env.CHAT_PORT = String(chatPort);
 process.env.FORGE_DATA_DIR = DATA_DIR;
 
 // ── Password setup (first run or --reset-password) ──
@@ -318,6 +333,7 @@ if (!isStop && !addEnterpriseKeyOnly) {
   }
 }
 
+
 // ── Enterprise keys (--enterprise-key=…) ──
 //
 // Each key is encrypted with AES-256-GCM via the same `.encrypt-key`

package/components/EnterpriseBadge.tsx

@@ -98,7 +98,6 @@ export default function EnterpriseBadge({ onOpenSettings: _onOpenSettings }: { o
   // creds and prefill so the user only types OTP.
   const [idpSaveCreds, setIdpSaveCreds] = useState(false);
   const [idpHasSaved, setIdpHasSaved] = useState(false);
-  const [idpOtp, setIdpOtp] = useState('');
   const [idpBusy, setIdpBusy] = useState(false);
   const [idpErr, setIdpErr] = useState('');
   const [idpStatus, setIdpStatus] = useState('');
@@ -190,8 +189,8 @@ export default function EnterpriseBadge({ onOpenSettings: _onOpenSettings }: { o
 
   const handleIdpLogin = async () => {
     if (idpBusy) return;
-    if (!idpUser.trim() || !idpPass || !idpOtp.trim()) {
-      setIdpErr('Username, password, and OTP are all required');
+    if (!idpUser.trim() || !idpPass) {
+      setIdpErr('Username and password are required');
       return;
     }
     setIdpBusy(true); setIdpErr(''); setIdpStatus(''); setIdpManualCommands([]); setIdpManualUrls([]);
@@ -199,7 +198,10 @@ export default function EnterpriseBadge({ onOpenSettings: _onOpenSettings }: { o
       const r = await fetch('/api/auth/idp-login', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ username: idpUser.trim(), password: idpPass, otp: idpOtp.trim() }),
+        // No OTP field — FortiToken push: the IdP prompts the user's phone
+        // and the extension/terminal wait for the approval (or a manually
+        // typed code) instead of Forge pasting one.
+        body: JSON.stringify({ username: idpUser.trim(), password: idpPass }),
       });
       const data = await r.json();
       // Template may declare multiple IdPs (e.g. FAC for mantis/pmdb/tp +
@@ -253,9 +255,6 @@ export default function EnterpriseBadge({ onOpenSettings: _onOpenSettings }: { o
           setIdpHasSaved(true);
         } catch { /* non-fatal */ }
       }
-      // Only wipe OTP after success — keep password for follow-up Login
-      // All Sites within the same session (OTP is single-use anyway).
-      setIdpOtp('');
       if (!idpSaveCreds) setIdpPass('');
       setIdpStatus(`${parts.join(' · ')}. Re-probing sessions…`);
       await handleCheckAllWeb();
@@ -485,26 +484,16 @@ export default function EnterpriseBadge({ onOpenSettings: _onOpenSettings }: { o
                   </button>
                 </div>
               </div>
-              <div className="flex gap-1">
-                <input
-                  type="text"
-                  inputMode="numeric"
-                  pattern="\d*"
-                  autoComplete="one-time-code"
-                  maxLength={8}
-                  placeholder="6-digit OTP"
-                  value={idpOtp}
-                  onChange={(e) => setIdpOtp(e.target.value.replace(/\D/g, ''))}
-                  onKeyDown={(e) => { if (e.key === 'Enter') handleIdpLogin(); }}
-                  className="flex-1 text-xs px-2 py-1 bg-[var(--bg)] border border-[var(--border)] rounded font-mono tracking-wider"
-                  disabled={idpBusy}
-                />
+              <div className="flex items-center gap-1.5">
+                <span className="flex-1 text-[9px] text-[var(--text-secondary)]">
+                  OTP via phone push — approve on your FortiToken when prompted
+                </span>
                 <button
                   onClick={handleIdpLogin}
-                  disabled={idpBusy || !idpUser.trim() || !idpPass || !idpOtp.trim()}
+                  disabled={idpBusy || !idpUser.trim() || !idpPass}
                   className="text-[10px] px-2 py-1 rounded bg-amber-500/20 text-amber-400 hover:bg-amber-500/30 disabled:opacity-40 disabled:cursor-not-allowed"
                 >
-                  {idpBusy ? '…' : 'Login all sites'}
+                  {idpBusy ? 'Waiting for approval…' : 'Login all sites'}
                 </button>
               </div>
               <div className="flex items-center gap-2 text-[10px] text-[var(--text-secondary)]">

package/components/WebTerminal.tsx

@@ -1572,26 +1572,31 @@ const MemoTerminalPane = memo(function TerminalPane({
             if (isNewlyCreated && projectPathRef.current && !pendingCommands.has(id)) {
               isNewlyCreated = false;
               const pp = projectPathRef.current;
-              import('@/lib/session-utils').then(({ resolveFixedSession, buildResumeFlag, getMcpFlag }) => {
-                // Resolve the agent's absolute claude path — bare
-                // `claude` rides on the tmux pane PATH, which on a
-                // fresh-install machine still points at the user's
-                // stale global @anthropic-ai/claude-code (e.g.
-                // /opt/homebrew/...) and crashes on resume.
-                Promise.all([
-                  resolveFixedSession(pp),
-                  getMcpFlag(pp),
-                  fetch('/api/agents?resolve=').then(r => r.ok ? r.json() : null).catch(() => null),
-                ]).then(([fixedId, mcpFlag, agentInfo]) => {
-                  const resumeFlag = buildResumeFlag(fixedId, true);
-                  const skipFlag = skipPermRef.current ? ' --dangerously-skip-permissions' : '';
-                  const claudeCmd = `"${agentInfo?.cliCmd || 'claude'}"`;
-                  setTimeout(() => {
-                    if (!disposed && ws?.readyState === WebSocket.OPEN) {
-                      ws.send(JSON.stringify({ type: 'input', data: `cd "${pp}" && ${claudeCmd}${resumeFlag}${skipFlag}${mcpFlag}\n` }));
-                    }
-                  }, 300);
-                });
+              import('@/lib/session-utils').then(async ({ resolveFixedSession, buildResumeFlag, getMcpFlag }) => {
+                const [fixedId, mcpFlag] = await Promise.all([resolveFixedSession(pp), getMcpFlag(pp)]);
+                // Resolve the agent's ABSOLUTE claude binary. Bare `claude`
+                // rides the tmux pane PATH, which on this machine can hit a
+                // stale global @anthropic-ai/claude-code (e.g. /opt/homebrew,
+                // conda base) that fails on --resume. On restart the resolve
+                // can lose a race with worker boot, so retry a few times
+                // rather than launching bare claude — launching the wrong
+                // binary is the actual restart-failure bug.
+                let agentCmd = 'claude';
+                for (let i = 0; i < 3; i++) {
+                  try {
+                    const info = await fetch('/api/agents?resolve=').then(r => r.ok ? r.json() : null);
+                    if (info?.cliCmd) { agentCmd = info.cliCmd; break; }
+                  } catch {}
+                  await new Promise(res => setTimeout(res, 400));
+                }
+                const resumeFlag = buildResumeFlag(fixedId, true);
+                const skipFlag = skipPermRef.current ? ' --dangerously-skip-permissions' : '';
+                const claudeCmd = `"${agentCmd}"`;
+                setTimeout(() => {
+                  if (!disposed && ws?.readyState === WebSocket.OPEN) {
+                    ws.send(JSON.stringify({ type: 'input', data: `cd "${pp}" && ${claudeCmd}${resumeFlag}${skipFlag}${mcpFlag}\n` }));
+                  }
+                }, 300);
               });
             }
             isNewlyCreated = false;

package/lib/auth/idp-login.ts

@@ -56,6 +56,14 @@ export interface IdpTemplateBlock {
    *  `https://<host>/`. Override when the IdP's logged-in landing page
    *  is at a specific path (e.g. `/saml-idp/portal/` for FAC). */
   probe_url?: string;
+  /** Hostname the Login Status probe expects to land on when signed in.
+   *  Defaults to `host`. Set when login and logged-in detection live on
+   *  DIFFERENT hosts: e.g. the SCAP SP logs in via the sso.frval IdP form
+   *  (host = sso.frval, where the extension fills credentials) but a
+   *  signed-in probe of scap.fortinet.com lands back on scap
+   *  (probe_host = scap.fortinet.com). Without this the host-only probe
+   *  would mismatch and falsely report "not signed in". */
+  probe_host?: string;
   /** DOM selector present ONLY on the login page (e.g. 'input[type=password]').
    *  Required for IdPs that serve their login form on the SAME host as the
    *  logged-in page (sso.frval.fortinet-emea.com) — without it the host-only
@@ -223,8 +231,11 @@ async function runOneIdp(block: IdpTemplateBlock, req: IdpLoginRequest): Promise
 }
 
 export async function performIdpLogin(req: IdpLoginRequest): Promise<IdpLoginResult> {
-  if (!req.username || !req.password || !req.otp) {
-    return { ok: false, idp_logins: [], error: 'username, password, and otp are all required' };
+  // OTP is optional: when absent, the extension waits for the user to
+  // approve the FortiToken push (or type the code by hand) instead of
+  // Forge pasting one — see token_push_wait in the extension's idpLogin.
+  if (!req.username || !req.password) {
+    return { ok: false, idp_logins: [], error: 'username and password are required' };
   }
   const blocks = readIdpBlocks();
   if (blocks.length === 0) {

package/lib/auth/login-status.ts

@@ -234,8 +234,12 @@ async function checkIdp(
 ): Promise<Omit<LoginCheckResult, 'checked_at' | 'duration_ms'>> {
   const block = readIdpBlocks().find((b) => b.host === host);
   const probe_url = block ? idpProbeUrl(block) : `https://${host}/`;
+  // Host the signed-in probe should land on — defaults to the IdP host,
+  // but SP-fronted IdPs (login at host, logged-in lands on the SP) set
+  // probe_host to the SP so hostnameMatch doesn't falsely fail.
+  const expectHost = (block?.probe_host && block.probe_host.trim()) || host;
   try {
-    const r = await runBrowserUrlProbe({ id: `idp:${host}`, host, probe_url, auth_required_selector: block?.auth_required_selector });
+    const r = await runBrowserUrlProbe({ id: `idp:${host}`, host: expectHost, probe_url, auth_required_selector: block?.auth_required_selector });
     return {
       ok: !!r.ok,
       message: r.ok ? (r.message || 'ok') : (r.error || `HTTP ${r.status || '?'}`),

package/lib/auth/terminal-keystroke.ts

@@ -74,7 +74,13 @@ export async function runTerminalKeystroke(
   if (process.platform !== 'darwin') {
     return { name: spec.name, command: spec.command, ok: false, error: 'Keystroke mode is macOS-only.' };
   }
-  if (spec.needs_otp) {
+  // OTP is optional: absent on a needs_otp command → "push mode". We type
+  // the command and then WAIT for the human to finish it — approve the
+  // FortiToken push on their phone, or type the code into the Terminal
+  // themselves. Completion is still detected via the OK/FAIL echo markers,
+  // so it works regardless of how the prompt gets satisfied.
+  const pushMode = !!spec.needs_otp && !String(otp || '').trim();
+  if (spec.needs_otp && !pushMode) {
     const cleaned = String(otp || '').replace(/\s+/g, '');
     if (!/^\d{6,8}$/.test(cleaned)) {
       return { name: spec.name, command: spec.command, ok: false, error: 'OTP must be 6–8 digits' };
@@ -115,7 +121,7 @@ export async function runTerminalKeystroke(
     'end tell',
   ];
 
-  if (spec.needs_otp) {
+  if (spec.needs_otp && !pushMode) {
     lines.push(
       'set promptDeadline to (current date) + 20',
       'set sawPrompt to false',
@@ -153,12 +159,15 @@ export async function runTerminalKeystroke(
     );
   }
 
+  // Push mode waits for a human (phone approve / manual code entry), so
+  // give it minutes, not seconds. Normal mode keeps the snappy 30s cap.
+  const waitSecs = pushMode ? 180 : 30;
   lines.push(
     'set t0 to current date',
     'set verdict to "timeout"',
     'set tail to ""',
     'repeat',
-    '  if ((current date) - t0) > 30 then exit repeat',
+    `  if ((current date) - t0) > ${waitSecs} then exit repeat`,
     '  delay 0.4',
     '  try',
     '    tell application "Terminal"',
@@ -193,7 +202,7 @@ export async function runTerminalKeystroke(
     'return verdict & "|" & tail',
   );
 
-  const r = await runAppleScript(lines.join('\n'), 60_000);
+  const r = await runAppleScript(lines.join('\n'), (waitSecs + 40) * 1000);
   const out = (r.stdout || '').trim();
   if (r.code !== 0) {
     const err = (r.stderr || '').trim();
@@ -241,5 +250,12 @@ export async function runTerminalKeystroke(
   if (verdict === 'fail') return { name: spec.name, command: spec.command, ok: false, error: 'command exited non-zero', transcript: tail };
   if (verdict === 'noprompt') return { name: spec.name, command: spec.command, ok: false, error: tail || 'No prompt appeared' };
   if (verdict.startsWith('error:')) return { name: spec.name, command: spec.command, ok: false, error: verdict.slice(6) };
-  return { name: spec.name, command: spec.command, ok: false, error: 'timed out reading Terminal' };
+  return {
+    name: spec.name,
+    command: spec.command,
+    ok: false,
+    error: pushMode
+      ? `No completion after ${waitSecs}s — approve the push on your phone or type the code in the Terminal, then retry`
+      : 'timed out reading Terminal',
+  };
 }

package/lib/help-docs/05-pipelines.md

@@ -49,6 +49,48 @@ nodes:
     prompt: "Review the changes"
 ```
 
+## Git OTP / 2FA preflight (`git_push: true`)
+
+Pipelines that push to git (open MRs, push fixup commits) can declare a
+top-level `git_push: true`. When set, Forge runs a **preflight** at pipeline
+start — a lightweight `git ls-remote --heads origin` (no object transfer) on
+the resolved project's repo:
+
+```yaml
+name: my-fix-and-mr
+version: "1.0.0"
+git_push: true        # <-- enables the OTP/2FA preflight
+input: { ... }
+nodes: { ... }
+```
+
+- If the remote demands OTP/2FA (e.g. Fortinet's
+  `ssh git@<host> 2fa_verify`), the **entire run aborts immediately**, before
+  any code work — so a 2FA wall never wastes a full fix pass that can't push.
+- The pipeline is marked `failed` with the exact `2fa_verify` command in its
+  error, and an **auth alert** is fired (see below).
+- Scratch / non-git projects and unrelated remote errors (network, no origin)
+  are ignored — only a genuine OTP marker blocks. Those still surface at push
+  time as before.
+
+## Auth-required alerts (git OTP + expired connector logins)
+
+When a `git_push` pipeline hits the OTP wall, **or** any pipeline fails on an
+expired connector login (Mantis / Teams / OWA session lapsed), Forge fires one
+"auth required" alert across every channel it can, so you can fix it and re-run
+without digging through logs:
+
+1. **In-app notification** (always).
+2. **Telegram** — if `telegramBotToken` + `telegramChatId` are set (Settings →
+   Telegram).
+3. **Email to yourself** — sent to your own mailbox (your **`displayEmail`** from
+   Settings → Identity, i.e. `{user.email}`) via the OWA connector, if that's
+   configured. No SMTP or extra recipient setting needed.
+
+The connector-login case is detected heuristically from the failed node's
+error/output (login-page / "session expired" / "请登录" markers), one alert per
+pipeline.
+
 ## Node Options
 
 | Field | Description | Default |

package/lib/notify.ts

@@ -76,6 +76,59 @@ export async function notifyTaskFailed(task: Task) {
   );
 }
 
+/**
+ * Fan-out alert for a blocking auth wall (git OTP/2FA, expired connector
+ * login). "Notify as loudly as possible" — fires all three channels
+ * best-effort and independently; one failing never blocks the others:
+ *   1. in-app alert (always)
+ *   2. Telegram (if bot token + chat id configured)
+ *   3. email to the user's own mailbox via OWA (if idpSavedUsername set)
+ * The action line (e.g. the `ssh ... 2fa_verify` command) is carried so the
+ * user can resolve it from the notification alone.
+ */
+export async function notifyAuthBlocked(opts: {
+  title: string;
+  body: string;
+  /** Optional shell command the user can run to clear the block. */
+  action?: string;
+  refId?: string;
+}): Promise<void> {
+  const settings = loadSettings();
+  const fullBody = opts.action ? `${opts.body}\n\nRun: ${opts.action}` : opts.body;
+
+  try {
+    addNotification('auth_blocked', opts.title, fullBody, opts.refId);
+  } catch {}
+
+  await sendTelegram(
+    `🔐 *Auth Required*\n\n` +
+    `${esc(opts.title)}\n\n` +
+    `${esc(opts.body)}` +
+    (opts.action ? `\n\n\`${esc(opts.action)}\`` : '')
+  ).catch(() => {});
+
+  // Email to self via the logged-in OWA mailbox. Recipient is the user's
+  // own email from Settings → Identity (displayEmail / {user.email}) — read,
+  // not inferred. No SMTP config or extra notifyEmail setting needed.
+  const self = (settings.displayEmail || '').trim();
+  if (self && self.includes('@')) {
+    try {
+      const { dispatchTool } = await import('./chat/tool-dispatcher');
+      await dispatchTool({
+        id: `auth-blocked-${Date.now()}`,
+        name: 'owa.send_mail',
+        input: {
+          to: self,
+          subject: `[Forge] ${opts.title}`,
+          body: fullBody,
+        },
+      });
+    } catch (e) {
+      console.warn('[notify] auth-blocked email failed:', (e as Error).message);
+    }
+  }
+}
+
 async function sendTelegram(text: string) {
   const settings = loadSettings();
   const { telegramBotToken, telegramChatId } = settings;

package/lib/pipeline.ts

@@ -16,6 +16,7 @@ import { loadSettings } from './settings';
 import { getAgent, listAgents } from './agents';
 import type { Task } from '../src/types';
 import { getDataDir } from './dirs';
+import { notifyAuthBlocked } from './notify';
 
 const PIPELINES_DIR = join(getDataDir(), 'pipelines');
 const WORKFLOWS_DIR = join(getDataDir(), 'flows');
@@ -164,6 +165,9 @@ export interface Workflow {
   nodes: Record<string, WorkflowNode>;
   /** Loop over a list — each iteration runs the full DAG once. See ForEachSpec. */
   for_each?: ForEachSpec;
+  /** Declares the pipeline pushes to git. Enables an up-front OTP/2FA preflight
+   *  so a 2fa_verify wall aborts BEFORE any code work instead of at push time. */
+  git_push?: boolean;
   // Conversation mode fields (only when type === 'conversation')
   conversation?: ConversationConfig;
 }
@@ -233,6 +237,9 @@ export interface Pipeline {
   nodeOrder: string[];  // for UI display
   createdAt: string;
   completedAt?: string;
+  /** Pipeline-level failure reason (e.g. git OTP preflight abort) — distinct
+   *  from per-node errors. Set when the run is settled outside a node. */
+  error?: string;
   /**
    * Skill names from the forge-skills registry to make available to
    * every task this pipeline spawns. Composed into the task's
@@ -809,6 +816,83 @@ export function cleanupPipelineTmpDir(pipeline: Pipeline): void {
   }
 }
 
+// ─── git auth preflight ───────────────────────────────────
+
+/** Marker patterns in git's stderr that mean an OTP/2FA wall blocks pushes. */
+const GIT_OTP_MARKER = /2fa_verify|OTP verification is required|two-factor|2fa/i;
+
+/**
+ * For pipelines that declare `git_push: true`, probe remote access up front
+ * with a lightweight `git ls-remote` (no object transfer). If the remote
+ * demands OTP/2FA the probe fails with the marker text — we return the human
+ * message + the command to clear it, so startPipeline can abort the whole run
+ * before any expensive code work. Returns null when access is fine, the repo
+ * is scratch/unknown, or the probe itself errors for unrelated reasons (we do
+ * not block on ambiguous failures — those surface at push time as before).
+ */
+function preflightGitAuth(pipeline: Pipeline): { message: string; action?: string } | null {
+  let projectPath: string;
+  try {
+    const resolved = resolveOrCloneProject(pipeline.input?.project || '');
+    if (resolved.source === 'scratch') return null; // no real repo to push to
+    projectPath = resolved.project.path;
+  } catch {
+    return null;
+  }
+  if (!existsSync(join(projectPath, '.git'))) return null;
+
+  try {
+    execSync('git ls-remote --heads origin', {
+      cwd: projectPath,
+      stdio: 'pipe',
+      timeout: 15_000,
+      encoding: 'utf8',
+    });
+    return null; // remote reachable, no OTP wall
+  } catch (e) {
+    const err = e as { stderr?: Buffer | string; stdout?: Buffer | string; message?: string };
+    const out = `${err.stderr || ''}${err.stdout || ''}${err.message || ''}`;
+    const m = out.match(/ssh\s+git@\S+\s+2fa_verify/i);
+    if (GIT_OTP_MARKER.test(out)) {
+      return {
+        message: 'Git remote requires OTP/2FA verification before pushes are allowed. ' +
+          'Aborting before any code work to avoid wasted effort.',
+        action: m ? m[0] : 'ssh git@<git-host> 2fa_verify',
+      };
+    }
+    // Other failures (network, no origin, etc.) — don't block; let nodes handle.
+    return null;
+  }
+}
+
+/** Markers in a failed node's error/output that mean a connector hit an auth
+ *  wall (expired login, sign-in page) — e.g. Mantis/Teams/OWA session lapsed. */
+const CONNECTOR_AUTH_MARKER =
+  /not logged in|please (?:log|sign) ?in|sign[- ]?in (?:page|required)|login (?:page|required|expired)|session (?:expired|timed out)|authentication required|unauthor(?:ized|ised)|需要登录|未登录|登录(?:已)?(?:失效|过期)|请(?:重新)?登录/i;
+
+/**
+ * Scan a settled-failed pipeline for a connector auth wall. Heuristic text
+ * match over each failed node's error + its task output (the agent's report).
+ * Returns the matching node id + a snippet, or null. Used by finalizePipeline
+ * to fire one auth alert per pipeline so an expired Mantis/Teams/OWA login is
+ * surfaced loudly instead of buried in a generic "node failed".
+ */
+function detectConnectorAuthBlock(pipeline: Pipeline): { nodeId: string; snippet: string } | null {
+  for (const [nodeId, node] of Object.entries(pipeline.nodes)) {
+    if (node.status !== 'failed') continue;
+    let text = node.error || '';
+    if (node.taskId) {
+      const t = getTask(node.taskId);
+      if (t) text += `\n${t.error || ''}\n${t.resultSummary || ''}`;
+    }
+    if (CONNECTOR_AUTH_MARKER.test(text)) {
+      const m = text.match(CONNECTOR_AUTH_MARKER);
+      return { nodeId, snippet: (m ? text.slice(Math.max(0, (m.index ?? 0) - 40), (m.index ?? 0) + 120) : text).trim() };
+    }
+  }
+  return null;
+}
+
 // ─── for_each: source resolution ──────────────────────────
 
 /**
@@ -975,6 +1059,29 @@ export function startPipeline(
 
   ensurePipelineTmpDir(pipeline);
 
+  // Git OTP/2FA preflight — abort the whole run up front so a push wall never
+  // wastes a full code-fix pass. Only for pipelines that declare git_push.
+  if (workflow.git_push) {
+    const blocked = preflightGitAuth(pipeline);
+    if (blocked) {
+      pipeline.status = 'failed';
+      pipeline.error = `${blocked.message}${blocked.action ? `\nRun: ${blocked.action}` : ''}`;
+      pipeline.completedAt = new Date().toISOString();
+      savePipeline(pipeline);
+      // Same settle housekeeping every other failure path gets — without it
+      // schedule/binding-fired runs linger as "running" in pipeline_runs
+      // until zombie reconciliation catches them.
+      finalizePipeline(pipeline);
+      void notifyAuthBlocked({
+        title: `Pipeline aborted — git auth required (${workflowName})`,
+        body: blocked.message,
+        action: blocked.action,
+        refId: pipeline.id,
+      });
+      return pipeline;
+    }
+  }
+
   // Empty for_each source → nothing to iterate; settle done immediately.
   // (E.g. user submitted `bug_ids: ""` or an empty array; not an error.)
   // Deferred (with `before:`) skips this — items get resolved post-setup.
@@ -2137,6 +2244,20 @@ function finalizePipeline(pipeline: Pipeline) {
 
   notifyPipelineComplete(pipeline);
 
+  // Connector auth wall (expired Mantis/Teams/OWA login etc.) — fire a loud
+  // auth alert once per failed pipeline so it's not buried in a generic error.
+  if (pipeline.status === 'failed') {
+    const authBlock = detectConnectorAuthBlock(pipeline);
+    if (authBlock) {
+      void notifyAuthBlocked({
+        title: `Pipeline failed — connector login required (${pipeline.workflowName})`,
+        body: `Node "${authBlock.nodeId}" hit an authentication wall — a connector session has expired. ` +
+          `Re-login to the affected service and re-run.\n\n${authBlock.snippet}`,
+        refId: pipeline.id,
+      });
+    }
+  }
+
   // Sync run status to project pipeline runs. Dynamic import avoids the
   // circular dep (pipeline-scheduler imports from pipeline.ts at its top).
   import('./pipeline-scheduler').then(({ syncRunStatus }) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.68",
+  "version": "0.10.70",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {