npm - @aion0/forge - Versions diffs - 0.10.84 → 0.10.86 - Mend

@aion0/forge 0.10.84 → 0.10.86

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/RELEASE_NOTES.md +5 -5
package/app/api/schedules/[id]/route.ts +27 -20
package/app/api/schedules/extract/route.ts +23 -16
package/app/chat/page.tsx +7 -1231
package/components/Dashboard.tsx +37 -15
package/components/HomeView.tsx +142 -0
package/components/PipelineActivityPanel.tsx +327 -0
package/components/SchedulesView.tsx +7 -1
package/components/WebChatPanel.tsx +1253 -0
package/lib/chat/agent-loop.ts +10 -11
package/lib/pipeline.ts +43 -1
package/lib/projects.ts +154 -1
package/package.json +1 -1

package/lib/chat/agent-loop.ts CHANGED Viewed

@@ -360,12 +360,12 @@ function buildConnectorCatalog(openSet: Set<string>): string[] {
   return lines;
 }
-function buildSystemPrompt(
+async function buildSystemPrompt(
   openConnectorTools: LlmTool[],
   openSet: Set<string>,
   builtinDefs: typeof BUILTIN_TOOL_DEFS,
   sessionSystemPrompt: string | null,
-): string {
+): Promise<string> {
   const now = new Date().toISOString();
   // Inject a brief Forge context block (project names only) so the LLM can
@@ -375,7 +375,7 @@ function buildSystemPrompt(
   // names are cheap enough to ship every turn.
   let projectNames: string[] = [];
   try {
-    const { scanProjects } = require('../projects') as typeof import('../projects');
+    const { scanProjects } = await import('../projects');
     projectNames = scanProjects().map((p) => p.name);
   } catch { /* projects roots not configured / read failed — omit */ }
@@ -751,8 +751,8 @@ export async function runTurn(args: RunTurnArgs): Promise<{ ok: boolean; error?:
   }
   const sessionSystemPrompt = session.system_prompt;
-  function buildSystem(openTools: LlmTool[], openSet: Set<string>): string {
-    let s = buildSystemPrompt(openTools, openSet, builtinDefsAll, sessionSystemPrompt);
+  async function buildSystem(openTools: LlmTool[], openSet: Set<string>): Promise<string> {
+    let s = await buildSystemPrompt(openTools, openSet, builtinDefsAll, sessionSystemPrompt);
     if (narrowDirective) s += narrowDirective;
     return s;
   }
@@ -766,7 +766,7 @@ export async function runTurn(args: RunTurnArgs): Promise<{ ok: boolean; error?:
   // per-iteration when the profile's maxInputTokens is tight. The
   // assembled string is recomputed each iter (after open-set + memory
   // trim). `system` here holds the base (no memory section).
-  let system = buildSystem(openConnectorTools, openSet);
+  let system = await buildSystem(openConnectorTools, openSet);
   if (memStore.enabled) {
     const searchHint = memStore.kind === 'local'
       ? '• memory_search is keyword LIKE over local blocks + episodes — useful for finding past notes; prefer memory_get_block / memory_list_blocks for first-person facts.'
@@ -848,7 +848,7 @@ export async function runTurn(args: RunTurnArgs): Promise<{ ok: boolean; error?:
         openSet = newOpenSet;
         openConnectorTools = allConnectorTools.filter((t) => openSet.has(t.name.split('.')[0]!));
         allTools = [...builtinToolDefs, ...openConnectorTools];
-        system = buildSystem(openConnectorTools, openSet);
+        system = await buildSystem(openConnectorTools, openSet);
         console.log(`[chat] open set → {${[...openSet].join(',')}} (${openConnectorTools.length} connector tools active)`);
       }
@@ -1071,10 +1071,9 @@ export async function runTurn(args: RunTurnArgs): Promise<{ ok: boolean; error?:
     const leftovers = consumeNotes(args.sessionId);
     endTurn(args.sessionId);
     if (leftovers.length > 0) {
-      // Lazy require: input-queue imports runTurn from this module —
-      // a static import here would be circular.
-      // eslint-disable-next-line @typescript-eslint/no-require-imports
-      const { enqueueChatInput } = require('./input-queue') as typeof import('./input-queue');
+      // Lazy dynamic import: input-queue imports runTurn from this module —
+      // a static import here would be circular. ESM requires await import (no require).
+      const { enqueueChatInput } = await import('./input-queue');
       for (const text of leftovers) {
         enqueueChatInput({
           sessionId: args.sessionId,

package/lib/pipeline.ts CHANGED Viewed

@@ -11,7 +11,7 @@ import { execSync } from 'node:child_process';
 import { join } from 'node:path';
 import YAML from 'yaml';
 import { createTask, getTask, onTaskEvent, taskModelOverrides, taskAppendSystemPromptOverrides, cancelTask } from './task-manager';
-import { getProjectInfo, resolveOrCloneProject, getProjectWorktreeRoot, ensureScratchProject } from './projects';
+import { getProjectInfo, resolveOrCloneProject, resolveProjectStrict, getProjectWorktreeRoot, ensureScratchProject } from './projects';
 import { loadSettings } from './settings';
 import { getAgent, listAgents } from './agents';
 import type { Task } from '../src/types';
@@ -172,6 +172,16 @@ export interface Workflow {
   /** Declares the pipeline pushes to git. Enables an up-front OTP/2FA preflight
    *  so a 2fa_verify wall aborts BEFORE any code work instead of at push time. */
   git_push?: boolean;
+  /** Declares the pipeline needs a real git checkout to operate (e.g. it will
+   *  cd into the project and run `git`, `glab`, build/test commands). When
+   *  true, startPipeline runs the strict resolver (resolveProjectStrict) and
+   *  aborts the whole run with a clear error if no project can be resolved —
+   *  instead of silently falling back to scratch, which causes downstream
+   *  shell nodes to crash with "fatal: not a git repository".
+   *
+   *  Default: false (preserves the scratch fallback for connector-only / chat
+   *  pipelines that don't touch a repo). */
+  requires_real_project?: boolean;
   /** Default execution backend for every node's task. 'tmux' runs interactive
    *  claude in a per-node tmux session (subscription billing); 'headless' /
    *  omitted uses default `claude -p`. Per-node `backend:` overrides this. */
@@ -517,6 +527,14 @@ export function parseWorkflow(raw: string): Workflow {
     for_each,
     conversation,
     backend: parsed.backend === 'tmux' || parsed.backend === 'headless' ? parsed.backend : undefined,
+    // Top-level boolean flag — must be explicitly passed through; the return is
+    // a literal, so any field omitted here is silently dropped from the parsed
+    // workflow. NOTE: `git_push` has the SAME latent issue (it's declared in
+    // the interface + read at startPipeline but never parsed here, so its OTP
+    // preflight has never actually fired). Left as-is on purpose: wiring it up
+    // would newly enable the preflight on existing fortinet pipelines, an
+    // unrelated behavior change that belongs in its own commit.
+    requires_real_project: parsed.requires_real_project === true,
   };
 }
@@ -1081,6 +1099,30 @@ export function startPipeline(
     forEach: forEachState,
   };
+  // Strict project resolution — only for pipelines that declared they need a
+  // real git checkout. MUST run BEFORE ensurePipelineTmpDir: the lenient
+  // resolver inside that helper falls back to scratch (building tmp_dir in the
+  // wrong place) and downstream `git` / `glab` commands then crash with
+  // "fatal: not a git repository". The strict resolver instead clones/locates
+  // the real repo (or returns a structured error we surface here), and seeds
+  // input.project so the tmp_dir lands inside that repo.
+  if (workflow.requires_real_project) {
+    const r = resolveProjectStrict(input.project || '');
+    if ('error' in r) {
+      pipeline.status = 'failed';
+      pipeline.error = r.message;
+      pipeline.completedAt = new Date().toISOString();
+      savePipeline(pipeline);
+      finalizePipeline(pipeline);
+      return pipeline;
+    }
+    // Seed the resolved project name into input so ensurePipelineTmpDir and
+    // every node's lenient resolveOrCloneProject hit it immediately as
+    // 'existing' (no redundant scan/clone). pipeline.input === input here
+    // (same ref from construction), so an in-place mutation updates both.
+    if (r.project.name) input.project = r.project.name;
+  }
   ensurePipelineTmpDir(pipeline);
   // Git OTP/2FA preflight — abort the whole run up front so a push wall never

package/lib/projects.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { readdirSync, existsSync, statSync, readFileSync, mkdirSync, writeFileSync } from 'node:fs';
+import { readdirSync, existsSync, statSync, readFileSync, mkdirSync, writeFileSync, accessSync, constants as fsConstants } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { join, resolve, isAbsolute, parse } from 'node:path';
 import { homedir } from 'node:os';
@@ -231,6 +231,159 @@ export interface ResolveResult {
   clone_url?: string;
 }
+// ─── Container mode + auto-root ───────────────────────────────────
+const CONTAINER_DEFAULT_ROOT = '/data/project';
+/** True when Forge is running inside a Docker/container deployment.
+ *  Two-channel detection (per user choice C):
+ *    1. FORGE_CONTAINER=1 env var (set by entrypoint)
+ *    2. /data/project exists AND is writable (probe; covers ad-hoc mounts)
+ *  Either signal is enough. */
+export function detectContainerMode(): boolean {
+  if (process.env.FORGE_CONTAINER === '1') return true;
+  try {
+    accessSync(CONTAINER_DEFAULT_ROOT, fsConstants.W_OK);
+    return true;
+  } catch { return false; }
+}
+/** In container mode, register `/data/project` as a project root if no roots
+ *  are configured yet. Idempotent: returns the path that was added (or
+ *  already present), or null when we're not in container mode / the path
+ *  isn't writable. Auto-add (user choice 3) so subsequent runs use it without
+ *  re-triggering this path.
+ *
+ *  Persists to settings so the path also appears in Settings → Projects. */
+export function ensureContainerRoot(): string | null {
+  if (!detectContainerMode()) return null;
+  try {
+    mkdirSync(CONTAINER_DEFAULT_ROOT, { recursive: true });
+    accessSync(CONTAINER_DEFAULT_ROOT, fsConstants.W_OK);
+  } catch { return null; }
+  const settings = loadSettings();
+  const roots = settings.projectRoots || [];
+  if (roots.includes(CONTAINER_DEFAULT_ROOT)) return CONTAINER_DEFAULT_ROOT;
+  settings.projectRoots = [...roots, CONTAINER_DEFAULT_ROOT];
+  saveSettings(settings);
+  invalidateProjectScan();
+  return CONTAINER_DEFAULT_ROOT;
+}
+// ─── Strict resolver (for pipelines that declare requires_real_project) ───
+export type StrictResolveError =
+  | 'no_repo_specified'
+  | 'clone_failed';
+export interface StrictResolveResult {
+  project: LocalProject;
+  source: 'existing' | 'gitlab-cloned';
+  clone_url?: string;
+}
+/**
+ * Strict project resolver — used by pipelines that declare
+ * `requires_real_project: true`. Differs from resolveOrCloneProject in that
+ * it NEVER falls back to scratch; on any failure it returns a structured
+ * error so the caller (startPipeline) can abort the run with a clear message
+ * instead of letting git commands inside the task crash with
+ * "fatal: not a git repository".
+ *
+ * Flow (matches the user's spec):
+ *   1. Existing project by name / owner-repo / fuzzy → use it
+ *   2. Otherwise figure out the target repo URL:
+ *      - input name contains '/' → treat as owner/repo
+ *      - else gitlab connector default_project_path
+ *      - else → error('no_repo_specified')
+ *   3. Re-scan locally for a checkout whose origin matches the target → use it
+ *   4. Clone via tryGitlabClone — writes to the Forge-managed cache
+ *      (<dataDir>/cloned-projects), which is ALWAYS writable and does NOT
+ *      need a configured projectRoot. We best-effort register the container
+ *      root (/data/project) so manually-placed checkouts there get scanned,
+ *      but never block the clone on it.
+ *      - gitlab connector missing → error('no_repo_specified')
+ *      - clone failed → error('clone_failed')
+ */
+export function resolveProjectStrict(name: string | undefined): StrictResolveResult | { error: StrictResolveError; message: string } {
+  const trimmed = (name || '').trim();
+  // Step 1: existing match — reuse the lenient resolver's match logic by
+  // delegating, but discard its scratch fallback.
+  if (trimmed) {
+    const hit = getProjectInfo(trimmed);
+    if (hit) return { project: hit, source: 'existing' };
+    const projects = scanProjects();
+    if (trimmed.includes('/')) {
+      const want = normalizeRepoPath(trimmed) || trimmed.toLowerCase().replace(/^\/+|\/+$/g, '');
+      const wantBase = want.split('/').pop()!;
+      const byRepo = projects.filter((p) => p.repo && p.repo === want);
+      if (byRepo.length === 1) return { project: byRepo[0], source: 'existing' };
+      const byRepoBase = projects.filter((p) => p.repo && p.repo.split('/').pop() === wantBase);
+      if (byRepoBase.length === 1) return { project: byRepoBase[0], source: 'existing' };
+    }
+    const base = trimmed.split('/').pop()!.trim();
+    const ownerRepo = trimmed.replace(/\//g, '-');
+    const cands = projects.filter((p) =>
+      p.name === base || p.name === ownerRepo || p.name.toLowerCase() === base.toLowerCase());
+    if (cands.length === 1) return { project: cands[0], source: 'existing' };
+  }
+  // Step 2: derive target repo path
+  const gl = readGitlabConnector();
+  const targetPath = trimmed && trimmed.includes('/')
+    ? trimmed
+    : (gl?.default_project_path || '').trim();
+  if (!targetPath) {
+    return {
+      error: 'no_repo_specified',
+      message: trimmed
+        ? `Could not resolve project "${trimmed}". Pass an owner/repo path, or set GitLab connector's default_project_path.`
+        : 'No repository specified. Set `project: owner/repo` in pipeline input, or set GitLab connector\'s default_project_path.',
+    };
+  }
+  // Step 3: scan locally by origin remote
+  if (gl) {
+    const projects = scanProjects();
+    const want = normalizeRepoPath(targetPath) || targetPath.toLowerCase().replace(/^\/+|\/+$/g, '');
+    const wantBase = want.split('/').pop()!;
+    const localHit =
+      projects.find((p) => p.repo && p.repo === want) ||
+      projects.find((p) => p.repo && p.repo.split('/').pop() === wantBase) ||
+      projects.find((p) => p.name.toLowerCase() === wantBase.toLowerCase());
+    if (localHit) return { project: localHit, source: 'existing' };
+  }
+  // Step 4: clone. tryGitlabClone writes to <dataDir>/cloned-projects (always
+  // writable) — it does NOT use projectRoots, so there's no "no project root"
+  // failure here: as long as the gitlab connector is configured, a clone has
+  // somewhere to land. Best-effort register the container root so manual
+  // checkouts under /data/project are discoverable on the next scan; ignore
+  // its result — it must never block the clone.
+  ensureContainerRoot();
+  if (!gl) {
+    return {
+      error: 'no_repo_specified',
+      message: `GitLab connector is not configured; cannot clone "${targetPath}". Install + configure the GitLab connector first.`,
+    };
+  }
+  const cloned = tryGitlabClone(targetPath);
+  if (!cloned) {
+    return {
+      error: 'clone_failed',
+      message: `Failed to clone ${gl.base_url}/${targetPath}. Check GitLab connectivity, credentials, and that the path exists.`,
+    };
+  }
+  return {
+    project: cloned,
+    source: 'gitlab-cloned',
+    clone_url: `${gl.base_url}/${targetPath.replace(/^\/+|\/+$/g, '')}.git`,
+  };
+}
 /**
  * Pick a writable directory to clone into, in priority order:
  *   1. settings.projectRoots[0] — what the user already trusts

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.84",
+  "version": "0.10.86",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {