@aion0/forge 0.10.78 → 0.10.79

package/components/WebTerminal.tsx

@@ -209,6 +209,9 @@ function MouseToggle() {
 // ─── Pending commands for new terminal panes ────────────────
 
 const pendingCommands = new Map<number, string>();
+// Secret env (API keys) to inject via `tmux set-environment` on connect, so the
+// launch command never types `export KEY=value` into the pane (no echo/history).
+const pendingEnv = new Map<number, Record<string, string>>();
 
 // ─── Bell notification tracking ─────────────────────────────
 
@@ -439,14 +442,14 @@ const WebTerminal = forwardRef<WebTerminalHandle, WebTerminalProps>(function Web
       // Model flag from profile
       const modelFlag = profileEnv?.CLAUDE_MODEL ? ` --model ${profileEnv.CLAUDE_MODEL}` : '';
 
-      // Build env exports from profile (exclude CLAUDE_MODEL — passed via --model)
-      const envExports = profileEnv
-        ? Object.entries(profileEnv)
-            .filter(([k]) => k !== 'CLAUDE_MODEL')
-            .map(([k, v]) => `export ${k}="${v}"`)
-            .join(' && ')
-        : '';
-      const envPrefix = envExports ? envExports + ' && ' : '';
+      // Build env injection from profile (exclude CLAUDE_MODEL — passed via
+      // --model). Secret values go via `tmux set-environment` (sent on connect);
+      // the prefix only references var NAMES so keys never echo into the pane.
+      const envEntries = profileEnv
+        ? Object.entries(profileEnv).filter(([k]) => k !== 'CLAUDE_MODEL')
+        : [];
+      const { tmuxEnvPrefix } = await import('@/lib/session-utils');
+      const envPrefix = tmuxEnvPrefix(envEntries.map(([k]) => k));
 
       // Skip-permissions flag. agent === 'claude' means the agent ID is
       // the base claude — not the resolved path. The check must compare
@@ -479,6 +482,7 @@ const WebTerminal = forwardRef<WebTerminalHandle, WebTerminalProps>(function Web
         const tree = makeTerminal(undefined, projectPath);
         const paneId = firstTerminalId(tree);
         pendingCommands.set(paneId, `${envPrefix}cd "${projectPath}" && ${quotedCmd}${resumeFlag}${modelFlag}${sf}${mcpFlag}\n`);
+        if (envEntries.length) pendingEnv.set(paneId, Object.fromEntries(envEntries));
         const newTab: TabState = {
           id: nextId++,
           label: agent !== 'claude' ? `${projectName} (${agent})` : projectName,
@@ -1613,6 +1617,13 @@ const MemoTerminalPane = memo(function TerminalPane({
             const cmd = pendingCommands.get(id);
             if (cmd) {
               pendingCommands.delete(id);
+              // Inject secret env into the tmux session first (no echo), so the
+              // launch command can pull it via `tmux show-environment`.
+              const penv = pendingEnv.get(id);
+              if (penv && connectedSession && ws?.readyState === WebSocket.OPEN) {
+                pendingEnv.delete(id);
+                ws.send(JSON.stringify({ type: 'setenv', sessionName: connectedSession, env: penv }));
+              }
               setTimeout(() => {
                 if (!disposed && ws?.readyState === WebSocket.OPEN) {
                   ws.send(JSON.stringify({ type: 'input', data: cmd }));

package/components/WorkspaceView.tsx

@@ -3,6 +3,7 @@
 import { useState, useEffect, useCallback, useMemo, useRef, forwardRef, useImperativeHandle, lazy, Suspense } from 'react';
 import { TerminalSessionPickerLazy, fetchAgentSessions, type PickerSelection } from './TerminalLauncher';
 import { useModelsRegistry } from '@/lib/public-info/use-models-registry';
+import { updateTreeChildren } from '@/lib/fileTree';
 import {
   ReactFlow, Background, Controls, Handle, Position, useReactFlow, ReactFlowProvider,
   type Node, type NodeProps, MarkerType, type NodeChange,
@@ -559,25 +560,47 @@ function WatchPathPicker({ value, projectPath, onChange }: { value: string; proj
   const [search, setSearch] = useState('');
   const [flatFiles, setFlatFiles] = useState<string[]>([]);
 
+  // Full searchable path list comes from the server's bounded index (files +
+  // dirs), computed once. Falls back to walking the loaded tree only if an
+  // older server omits the index.
+  const buildSearchList = useCallback((data: any) => {
+    const fi = data?.fileIndex, di = data?.dirIndex;
+    if (Array.isArray(fi) || Array.isArray(di)) {
+      return [
+        ...(di || []).map((d: any) => `${d.path}/`),
+        ...(fi || []).map((f: any) => f.path),
+      ];
+    }
+    const files: string[] = [];
+    const walk = (items: any[]) => {
+      for (const n of items || []) {
+        files.push(n.type === 'dir' ? `${n.path}/` : n.path);
+        if (n.children) walk(n.children);
+      }
+    };
+    walk(data?.tree || []);
+    return files;
+  }, []);
+
   const loadTree = useCallback(() => {
     if (!projectPath) return;
     fetch(`/api/code?dir=${encodeURIComponent(projectPath)}`)
       .then(r => r.json())
       .then(data => {
         setTree(data.tree || []);
-        // Build flat list for search
-        const files: string[] = [];
-        const walk = (nodes: any[], prefix = '') => {
-          for (const n of nodes || []) {
-            const path = prefix ? `${prefix}/${n.name}` : n.name;
-            files.push(n.type === 'dir' ? path + '/' : path);
-            if (n.children) walk(n.children, path);
-          }
-        };
-        walk(data.tree || []);
-        setFlatFiles(files);
+        setFlatFiles(buildSearchList(data));
       })
       .catch(() => {});
+  }, [buildSearchList, projectPath]);
+
+  const loadChildren = useCallback(async (path: string) => {
+    if (!projectPath) return;
+    try {
+      const res = await fetch(`/api/code?dir=${encodeURIComponent(projectPath)}&treePath=${encodeURIComponent(path)}`);
+      const data = await res.json();
+      // Tree display only — search already covers the whole repo via the index.
+      setTree(prev => updateTreeChildren(prev, path, data.tree || []));
+    } catch {}
   }, [projectPath]);
 
   const filtered = search ? flatFiles.filter(f => f.toLowerCase().includes(search.toLowerCase())).slice(0, 30) : [];
@@ -613,7 +636,7 @@ function WatchPathPicker({ value, projectPath, onChange }: { value: string; proj
               )) : <div className="px-2 py-1 text-[9px] text-gray-500">No matches</div>
             ) : (
               // Tree view (first 2 levels)
-              tree.map(n => <PathTreeNode key={n.name} node={n} prefix="" onSelect={p => { onChange(p); setShowBrowser(false); }} />)
+              tree.map(n => <PathTreeNode key={n.path} node={n} onSelect={p => { onChange(p); setShowBrowser(false); }} onLoadChildren={loadChildren} />)
             )}
           </div>
           <div className="flex items-center justify-between px-2 py-0.5 border-t border-[#30363d] bg-[#161b22]">
@@ -626,21 +649,34 @@ function WatchPathPicker({ value, projectPath, onChange }: { value: string; proj
   );
 }
 
-function PathTreeNode({ node, prefix, onSelect, depth = 0 }: { node: any; prefix: string; onSelect: (path: string) => void; depth?: number }) {
-  const [expanded, setExpanded] = useState(depth < 1);
-  const path = prefix ? `${prefix}/${node.name}` : node.name;
+function PathTreeNode({ node, onSelect, onLoadChildren, depth = 0 }: { node: any; onSelect: (path: string) => void; onLoadChildren: (path: string) => Promise<void>; depth?: number }) {
+  const [expanded, setExpanded] = useState(false);
+  const path = node.path;
   const isDir = node.type === 'dir';
+  const hasChildren = node.hasChildren || (node.children?.length ?? 0) > 0;
 
   if (!isDir && depth > 1) return null; // only show files at top 2 levels
 
+  const toggleExpanded = async () => {
+    if (!isDir) {
+      onSelect(path);
+      return;
+    }
+    const nextExpanded = !expanded;
+    setExpanded(nextExpanded);
+    if (nextExpanded && hasChildren && !node.children) {
+      await onLoadChildren(path);
+    }
+  };
+
   return (
     <div>
       <div
-        onClick={() => isDir ? setExpanded(!expanded) : onSelect(path)}
+        onClick={toggleExpanded}
         className="flex items-center px-2 py-0.5 text-[9px] hover:bg-[#161b22] cursor-pointer"
         style={{ paddingLeft: 8 + depth * 12 }}
       >
-        <span className="text-gray-500 mr-1 w-3">{isDir ? (expanded ? '▼' : '▶') : ''}</span>
+        <span className="text-gray-500 mr-1 w-3">{isDir && hasChildren ? (expanded ? '▼' : '▶') : ''}</span>
         <span className={isDir ? 'text-[var(--accent)]' : 'text-gray-400'}>{isDir ? '📁' : '📄'} {node.name}</span>
         {isDir && (
           <button onClick={e => { e.stopPropagation(); onSelect(path + '/'); }}
@@ -648,7 +684,7 @@ function PathTreeNode({ node, prefix, onSelect, depth = 0 }: { node: any; prefix
         )}
       </div>
       {isDir && expanded && node.children && depth < 2 && (
-        node.children.map((c: any) => <PathTreeNode key={c.name} node={c} prefix={path} onSelect={onSelect} depth={depth + 1} />)
+        node.children.map((c: any) => <PathTreeNode key={c.path} node={c} onSelect={onSelect} onLoadChildren={onLoadChildren} depth={depth + 1} />)
       )}
     </div>
   );
@@ -782,29 +818,6 @@ function AgentConfigModal({ initial, mode, existingAgents, projectPath, onConfir
   const [watchTargets, setWatchTargets] = useState<{ type: string; path?: string; cmd?: string; pattern?: string }[]>(
     initial.watch?.targets || []
   );
-  const [projectDirs, setProjectDirs] = useState<string[]>([]);
-
-  useEffect(() => {
-    if (!watchEnabled || !projectPath) return;
-    fetch(`/api/code?dir=${encodeURIComponent(projectPath)}`)
-      .then(r => r.json())
-      .then(data => {
-        // Collect directories with depth limit (max 2 levels for readability)
-        const dirs: string[] = [];
-        const walk = (nodes: any[], prefix = '', depth = 0) => {
-          for (const n of nodes || []) {
-            if (n.type === 'dir') {
-              const path = prefix ? `${prefix}/${n.name}` : n.name;
-              dirs.push(path);
-              if (n.children && depth < 2) walk(n.children, path, depth + 1);
-            }
-          }
-        };
-        walk(data.tree || []);
-        setProjectDirs(dirs);
-      })
-      .catch(() => {});
-  }, [watchEnabled, projectPath]);
 
   const applyPreset = (p: Omit<AgentConfig, 'id'>) => {
     setLabel(p.label); setIcon(p.icon); setRole(p.role);
@@ -2296,8 +2309,11 @@ function FloatingTerminalInline({ agentLabel, agentIcon, projectPath, agentCliId
               const profileVarsToReset = ['ANTHROPIC_AUTH_TOKEN', 'ANTHROPIC_BASE_URL', 'ANTHROPIC_SMALL_FAST_MODEL', 'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC', 'DISABLE_TELEMETRY', 'DISABLE_ERROR_REPORTING', 'DISABLE_AUTOUPDATER', 'DISABLE_NON_ESSENTIAL_MODEL_CALLS', 'CLAUDE_MODEL'];
               commands.push(profileVarsToReset.map(v => `unset ${v}`).join('; '));
               const envWithoutForge = Object.entries(envWithoutModel).filter(([k]) => !k.startsWith('FORGE_'));
-              if (envWithoutForge.length > 0) {
-                commands.push(envWithoutForge.map(([k, v]) => `export ${k}="${v}"`).join('; '));
+              if (envWithoutForge.length > 0 && msg.sessionName) {
+                ws.send(JSON.stringify({ type: 'setenv', sessionName: msg.sessionName, env: Object.fromEntries(envWithoutForge) }));
+                const { tmuxEnvPrefix } = await import('@/lib/session-utils');
+                const wrap = tmuxEnvPrefix(envWithoutForge.map(([k]) => k));
+                if (wrap) commands.push(wrap.replace(/ && $/, ''));
               }
               const forgeVars = Object.entries(envWithoutModel).filter(([k]) => k.startsWith('FORGE_'));
               if (forgeVars.length > 0) {
@@ -2541,13 +2557,18 @@ function FloatingTerminal({ agentLabel, agentIcon, projectPath, agentCliId, cliC
             const profileVarsToReset = ['ANTHROPIC_AUTH_TOKEN', 'ANTHROPIC_BASE_URL', 'ANTHROPIC_SMALL_FAST_MODEL', 'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC', 'DISABLE_TELEMETRY', 'DISABLE_ERROR_REPORTING', 'DISABLE_AUTOUPDATER', 'DISABLE_NON_ESSENTIAL_MODEL_CALLS', 'CLAUDE_MODEL'];
             commands.push(profileVarsToReset.map(v => `unset ${v}`).join('; '));
 
-            // 2. Export new profile vars (if any)
+            // 2. Profile vars (secrets) — inject via `tmux set-environment` (no
+            //    echo), then reference by NAME in the launch command so API keys
+            //    never appear in the pane or shell history.
             const envWithoutForge = Object.entries(envWithoutModel).filter(([k]) => !k.startsWith('FORGE_'));
-            if (envWithoutForge.length > 0) {
-              commands.push(envWithoutForge.map(([k, v]) => `export ${k}="${v}"`).join('; '));
+            if (envWithoutForge.length > 0 && sessionNameRef.current) {
+              ws.send(JSON.stringify({ type: 'setenv', sessionName: sessionNameRef.current, env: Object.fromEntries(envWithoutForge) }));
+              const { tmuxEnvPrefix } = await import('@/lib/session-utils');
+              const wrap = tmuxEnvPrefix(envWithoutForge.map(([k]) => k));
+              if (wrap) commands.push(wrap.replace(/ && $/, ''));
             }
 
-            // 3. Export FORGE vars
+            // 3. Export FORGE vars (not secret — plain export is fine)
             const forgeVars = Object.entries(envWithoutModel).filter(([k]) => k.startsWith('FORGE_'));
             if (forgeVars.length > 0) {
               commands.push(forgeVars.map(([k, v]) => `export ${k}="${v}"`).join('; '));

package/lib/agents/index.ts

@@ -5,6 +5,7 @@
 
 import { execFileSync, execSync } from 'node:child_process';
 import { loadSettings } from '../settings';
+import { decryptSecret } from '../crypto';
 
 // Cache absolute-path resolution per command — `which <cmd>` is cheap
 // but resolveTerminalLaunch is on the hot path for every chat tool call.
@@ -311,6 +312,14 @@ export function resolveTerminalLaunch(agentId?: string, scene: 'terminal' | 'tas
       if (model === 'default') model = undefined;
     }
   }
+  // Decrypt any enc:… env values (e.g. CLAUDE_CODE_OAUTH_TOKEN written by the
+  // onboarding wizard). decryptSecret is a no-op on plaintext, so template-
+  // derived plaintext env passes through untouched.
+  if (env) {
+    for (const k of Object.keys(env)) {
+      if (typeof env[k] === 'string' && env[k].startsWith('enc:')) env[k] = decryptSecret(env[k]);
+    }
+  }
 
   return {
     // Prefer the user-configured absolute binary path over the bare command

package/lib/fileTree.ts

@@ -0,0 +1,28 @@
+// Shared helpers for the lazily-loaded file trees served by /api/code.
+// The tree is fetched one directory level at a time; children for a directory
+// are merged in on demand. Kept generic so each consumer can use its own node
+// shape (CodeViewer, ProjectDetail, WorkspaceView) as long as it carries a
+// `path` and an optional `children` array.
+
+export interface FileTreeNode {
+  path: string;
+  children?: FileTreeNode[];
+  hasChildren?: boolean;
+}
+
+/**
+ * Return a new tree with `children` spliced in under the node whose `path`
+ * matches. Pure — does not mutate the input. `hasChildren` is recomputed so a
+ * directory that turns out to be empty loses its expand affordance.
+ */
+export function updateTreeChildren<T extends { path: string; children?: T[]; hasChildren?: boolean }>(
+  nodes: T[],
+  path: string,
+  children: T[],
+): T[] {
+  return nodes.map(node => {
+    if (node.path === path) return { ...node, children, hasChildren: children.length > 0 };
+    if (node.children) return { ...node, children: updateTreeChildren(node.children, path, children) };
+    return node;
+  });
+}

package/lib/help-docs/01-settings.md

@@ -53,6 +53,17 @@ Each agent entry in `settings.agents` supports:
 | `models` | object | Model overrides per context: `terminal`, `task`, `telegram`, `help`, `mobile` |
 | `profile` | string | Linked profile ID — applies that profile's env/model when launching |
 
+### Claude authentication (host vs container)
+
+The onboarding wizard's **CLI Agent** step detects your deployment shape and adapts how Claude Code authenticates:
+
+- **Host** (desktop/laptop): run `claude login` once in a terminal after onboarding — it stores credentials in the OS keychain.
+- **Container** (Docker / k8s): `claude login` can't reach a keychain. Instead, on a machine where you *can* log in, run `claude setup-token`, then paste the resulting token into the wizard. It's saved encrypted as `CLAUDE_CODE_OAUTH_TOKEN` in the agent's `env` and injected at launch.
+
+Detection signals (any → container): `FORGE_CONTAINER=1`, `/.dockerenv`, or a containerized cgroup. The wizard pre-selects the right mode but you can override it.
+
+Agent `env` secrets (including the OAuth token) are encrypted at rest (`enc:…`) and injected into terminals via `tmux set-environment`, so they never appear in the pane echo or shell history.
+
 ### CLI Type
 
 The `cliType` field determines how Forge interacts with the agent:

package/lib/help-docs/07-projects.md

@@ -38,7 +38,9 @@ Notes:
 ## Features
 
 ### Code Tab
-- File tree browser
+- File tree browser — loads lazily (folders expand on demand), so very large repos open instantly
+- File search uses a fast server-built index; in very large repos the index is sampled per directory, and a note appears when results may be partial
+- "Locate in file tree" (on a changed file) reveals it in the tree
 - Syntax-highlighted code viewer
 - Git diff view (click changed files)
 - Git operations: commit, push, pull

package/lib/session-utils.ts

@@ -51,3 +51,22 @@ export async function getMcpFlag(projectPath: string): Promise<string> {
   return ` --mcp-config "${projectPath}/.forge/mcp.json"`;
 }
 
+
+/**
+ * tmux env injection — keep secret env (API keys) out of pane echo + shell
+ * history. The server stores values via `tmux set-environment` (the `setenv` WS
+ * message); this prefix pulls them back at launch time so only var NAMES appear
+ * in the typed command, never the values.
+ *
+ * Uses a single `eval "$(tmux show-environment -s | grep …)"` instead of one
+ * `export K="$(tmux show-environment K | sed …)"` per var — the latter form
+ * grows O(N) in length and hits tmux send-keys buffer limits with many vars.
+ * `tmux show-environment -s` outputs `KEY="val"; export KEY;` per line, so
+ * grepping `^(K1|K2)=` and eval-ing the matches is both short and safe.
+ */
+export function tmuxEnvPrefix(keys: string[]): string {
+  const valid = keys.filter((k) => /^[A-Za-z_][A-Za-z0-9_]*$/.test(k));
+  if (!valid.length) return '';
+  const pattern = `^(${valid.join('|')})=`;
+  return `eval "$(tmux show-environment -s 2>/dev/null | grep -E '${pattern}')" && `;
+}

package/lib/terminal-standalone.ts

@@ -424,6 +424,23 @@ wss.on('connection', (ws: WebSocket) => {
           break;
         }
 
+        case 'setenv': {
+          // Store secret env (API keys) into the tmux SESSION environment so the
+          // launch command can pull them via `tmux show-environment` instead of
+          // typing `export KEY=value` into the pane — keeps secrets out of the
+          // terminal echo and shell history. Values never touch the typed line.
+          const name = parsed.sessionName;
+          const env = parsed.env;
+          if (name && tmuxSessionExists(name) && env && typeof env === 'object') {
+            for (const [k, v] of Object.entries(env)) {
+              if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(k)) continue;
+              const val = `'${String(v).replace(/'/g, `'\\''`)}'`;
+              try { execSync(`${TMUX} set-environment -t "${name}" ${k} ${val}`, { timeout: 3000 }); } catch {}
+            }
+          }
+          break;
+        }
+
         case 'load-state': {
           const state = loadTerminalState();
           ws.send(JSON.stringify({ type: 'terminal-state', data: state }));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.78",
+  "version": "0.10.79",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {