@aion0/forge 0.10.85 → 0.10.86

package/RELEASE_NOTES.md

@@ -1,11 +1,11 @@
-# Forge v0.10.85
+# Forge v0.10.86
 
 Released: 2026-06-16
 
-## Changes since v0.10.84
+## Changes since v0.10.85
 
 ### Other
-- feat(home): three-pane Home view with web chat + activity rail
+- fix(schedules): pause/resume + extractor openai support
 
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.84...v0.10.85
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.85...v0.10.86

package/app/api/schedules/[id]/route.ts

@@ -116,29 +116,36 @@ export async function PATCH(req: Request, { params }: { params: Promise<{ id: st
     }
     patch.action_config = body.action_config;
   }
-  const effectiveActionKind = patch.action_kind ?? existing.action_kind;
-  const effectiveActionConfig = patch.action_config ?? existing.action_config ?? {};
-  if (effectiveActionKind === 'chat') {
-    const sid = typeof effectiveActionConfig.session_id === 'string' ? effectiveActionConfig.session_id.trim() : '';
-    if (!sid) return NextResponse.json({ error: 'action_kind=chat requires action_config.session_id' }, { status: 400 });
-  }
-  if (effectiveActionKind === 'email') {
-    const toRaw = effectiveActionConfig.to;
-    const to = Array.isArray(toRaw)
-      ? toRaw.filter((x) => typeof x === 'string' && x.trim())
-      : (typeof toRaw === 'string' && toRaw.trim() ? [toRaw] : []);
-    if (to.length === 0) {
-      return NextResponse.json({ error: 'action_kind=email requires action_config.to (recipient address or array)' }, { status: 400 });
+  // Cross-field validation runs ONLY for the section being patched.
+  // Toggling unrelated fields (e.g. `enabled` from the Pause/Resume button)
+  // must not re-validate sections the user isn't touching — a schedule with a
+  // pre-existing quirk in its action_config would otherwise refuse to pause.
+  if (patch.action_kind !== undefined || patch.action_config !== undefined) {
+    const effectiveActionKind = patch.action_kind ?? existing.action_kind;
+    const effectiveActionConfig = patch.action_config ?? existing.action_config ?? {};
+    if (effectiveActionKind === 'chat') {
+      const sid = typeof effectiveActionConfig.session_id === 'string' ? effectiveActionConfig.session_id.trim() : '';
+      if (!sid) return NextResponse.json({ error: 'action_kind=chat requires action_config.session_id' }, { status: 400 });
+    }
+    if (effectiveActionKind === 'email') {
+      const toRaw = effectiveActionConfig.to;
+      const to = Array.isArray(toRaw)
+        ? toRaw.filter((x) => typeof x === 'string' && x.trim())
+        : (typeof toRaw === 'string' && toRaw.trim() ? [toRaw] : []);
+      if (to.length === 0) {
+        return NextResponse.json({ error: 'action_kind=email requires action_config.to (recipient address or array)' }, { status: 400 });
+      }
     }
   }
 
-  // Cross-field consistency
-  const effectiveKind = patch.schedule_kind ?? existing.schedule_kind;
-  if (effectiveKind === 'cron' && !(patch.schedule_cron ?? existing.schedule_cron)) {
-    return NextResponse.json({ error: 'schedule_cron is required when schedule_kind=cron' }, { status: 400 });
-  }
-  if (effectiveKind === 'once' && !(patch.schedule_at ?? existing.schedule_at)) {
-    return NextResponse.json({ error: 'schedule_at is required when schedule_kind=once' }, { status: 400 });
+  if (patch.schedule_kind !== undefined || patch.schedule_cron !== undefined || patch.schedule_at !== undefined) {
+    const effectiveKind = patch.schedule_kind ?? existing.schedule_kind;
+    if (effectiveKind === 'cron' && !(patch.schedule_cron ?? existing.schedule_cron)) {
+      return NextResponse.json({ error: 'schedule_cron is required when schedule_kind=cron' }, { status: 400 });
+    }
+    if (effectiveKind === 'once' && !(patch.schedule_at ?? existing.schedule_at)) {
+      return NextResponse.json({ error: 'schedule_at is required when schedule_kind=once' }, { status: 400 });
+    }
   }
 
   updateSchedule(id, patch);

package/app/api/schedules/extract/route.ts

@@ -19,6 +19,8 @@ import { inferAdapter, pickApiKey, pickBaseUrl } from '@/lib/chat/agent-loop';
 import { makeAnthropicClient } from '@/lib/chat/llm/anthropic';
 import { listAgents } from '@/lib/agents';
 import { scanProjects } from '@/lib/projects';
+import { createOpenAI } from '@ai-sdk/openai';
+import { generateText } from 'ai';
 
 interface Extracted {
   name: string;
@@ -116,15 +118,9 @@ export async function POST(req: Request) {
     ? profiles[preferredId]
     : candidates[0]![1];
   const adapter = inferAdapter(profile.provider);
-  if (adapter !== 'anthropic') {
-    return NextResponse.json({
-      ok: false,
-      error: 'extractor currently supports anthropic profiles only (openai is a follow-up)',
-    }, { status: 400 });
-  }
   const apiKey = pickApiKey(profile, adapter);
   const baseUrl = pickBaseUrl(profile, adapter);
-  const model = profile.model || 'claude-sonnet-4-6';
+  const model = profile.model || (adapter === 'anthropic' ? 'claude-sonnet-4-6' : 'gpt-4o-mini');
 
   const cliAgents = listAgents().filter((a: any) => a.backendType !== 'api');
   const availableAgentIds = cliAgents.map((a: any) => a.id);
@@ -134,15 +130,26 @@ export async function POST(req: Request) {
 
   let raw = '';
   try {
-    const client = makeAnthropicClient(apiKey, baseUrl);
-    const resp = await client.messages.create({
-      model,
-      max_tokens: 1500,
-      system,
-      messages: [{ role: 'user', content: text }],
-    });
-    for (const block of resp.content) {
-      if (block.type === 'text') raw += block.text;
+    if (adapter === 'anthropic') {
+      const client = makeAnthropicClient(apiKey, baseUrl);
+      const resp = await client.messages.create({
+        model,
+        max_tokens: 1500,
+        system,
+        messages: [{ role: 'user', content: text }],
+      });
+      for (const block of resp.content) {
+        if (block.type === 'text') raw += block.text;
+      }
+    } else {
+      // OpenAI / OpenAI-compatible — non-streaming one-shot via @ai-sdk/openai.
+      const provider = createOpenAI({ apiKey, baseURL: baseUrl });
+      const resp = await generateText({
+        model: provider.chat(model),
+        system,
+        messages: [{ role: 'user', content: text }],
+      });
+      raw = resp.text;
     }
   } catch (e: any) {
     return NextResponse.json({

package/components/SchedulesView.tsx

@@ -145,11 +145,17 @@ export default function SchedulesView({ onViewPipeline }: Props) {
 
   async function togglePaused(s: Schedule) {
     try {
-      await fetch(`/api/schedules/${encodeURIComponent(s.id)}`, {
+      const res = await fetch(`/api/schedules/${encodeURIComponent(s.id)}`, {
         method: 'PATCH',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ enabled: !s.enabled }),
       });
+      if (!res.ok) {
+        // Surface backend validation errors — otherwise the button looks dead.
+        const body = await res.json().catch(() => ({}));
+        setErr(`Toggle failed (${res.status}): ${body?.error || res.statusText}`);
+        return;
+      }
       void refresh();
     } catch (e) { setErr(`Toggle failed: ${e instanceof Error ? e.message : String(e)}`); }
   }

package/lib/pipeline.ts

@@ -11,7 +11,7 @@ import { execSync } from 'node:child_process';
 import { join } from 'node:path';
 import YAML from 'yaml';
 import { createTask, getTask, onTaskEvent, taskModelOverrides, taskAppendSystemPromptOverrides, cancelTask } from './task-manager';
-import { getProjectInfo, resolveOrCloneProject, getProjectWorktreeRoot, ensureScratchProject } from './projects';
+import { getProjectInfo, resolveOrCloneProject, resolveProjectStrict, getProjectWorktreeRoot, ensureScratchProject } from './projects';
 import { loadSettings } from './settings';
 import { getAgent, listAgents } from './agents';
 import type { Task } from '../src/types';
@@ -172,6 +172,16 @@ export interface Workflow {
   /** Declares the pipeline pushes to git. Enables an up-front OTP/2FA preflight
    *  so a 2fa_verify wall aborts BEFORE any code work instead of at push time. */
   git_push?: boolean;
+  /** Declares the pipeline needs a real git checkout to operate (e.g. it will
+   *  cd into the project and run `git`, `glab`, build/test commands). When
+   *  true, startPipeline runs the strict resolver (resolveProjectStrict) and
+   *  aborts the whole run with a clear error if no project can be resolved —
+   *  instead of silently falling back to scratch, which causes downstream
+   *  shell nodes to crash with "fatal: not a git repository".
+   *
+   *  Default: false (preserves the scratch fallback for connector-only / chat
+   *  pipelines that don't touch a repo). */
+  requires_real_project?: boolean;
   /** Default execution backend for every node's task. 'tmux' runs interactive
    *  claude in a per-node tmux session (subscription billing); 'headless' /
    *  omitted uses default `claude -p`. Per-node `backend:` overrides this. */
@@ -517,6 +527,14 @@ export function parseWorkflow(raw: string): Workflow {
     for_each,
     conversation,
     backend: parsed.backend === 'tmux' || parsed.backend === 'headless' ? parsed.backend : undefined,
+    // Top-level boolean flag — must be explicitly passed through; the return is
+    // a literal, so any field omitted here is silently dropped from the parsed
+    // workflow. NOTE: `git_push` has the SAME latent issue (it's declared in
+    // the interface + read at startPipeline but never parsed here, so its OTP
+    // preflight has never actually fired). Left as-is on purpose: wiring it up
+    // would newly enable the preflight on existing fortinet pipelines, an
+    // unrelated behavior change that belongs in its own commit.
+    requires_real_project: parsed.requires_real_project === true,
   };
 }
 
@@ -1081,6 +1099,30 @@ export function startPipeline(
     forEach: forEachState,
   };
 
+  // Strict project resolution — only for pipelines that declared they need a
+  // real git checkout. MUST run BEFORE ensurePipelineTmpDir: the lenient
+  // resolver inside that helper falls back to scratch (building tmp_dir in the
+  // wrong place) and downstream `git` / `glab` commands then crash with
+  // "fatal: not a git repository". The strict resolver instead clones/locates
+  // the real repo (or returns a structured error we surface here), and seeds
+  // input.project so the tmp_dir lands inside that repo.
+  if (workflow.requires_real_project) {
+    const r = resolveProjectStrict(input.project || '');
+    if ('error' in r) {
+      pipeline.status = 'failed';
+      pipeline.error = r.message;
+      pipeline.completedAt = new Date().toISOString();
+      savePipeline(pipeline);
+      finalizePipeline(pipeline);
+      return pipeline;
+    }
+    // Seed the resolved project name into input so ensurePipelineTmpDir and
+    // every node's lenient resolveOrCloneProject hit it immediately as
+    // 'existing' (no redundant scan/clone). pipeline.input === input here
+    // (same ref from construction), so an in-place mutation updates both.
+    if (r.project.name) input.project = r.project.name;
+  }
+
   ensurePipelineTmpDir(pipeline);
 
   // Git OTP/2FA preflight — abort the whole run up front so a push wall never

package/lib/projects.ts

@@ -1,4 +1,4 @@
-import { readdirSync, existsSync, statSync, readFileSync, mkdirSync, writeFileSync } from 'node:fs';
+import { readdirSync, existsSync, statSync, readFileSync, mkdirSync, writeFileSync, accessSync, constants as fsConstants } from 'node:fs';
 import { execSync } from 'node:child_process';
 import { join, resolve, isAbsolute, parse } from 'node:path';
 import { homedir } from 'node:os';
@@ -231,6 +231,159 @@ export interface ResolveResult {
   clone_url?: string;
 }
 
+// ─── Container mode + auto-root ───────────────────────────────────
+
+const CONTAINER_DEFAULT_ROOT = '/data/project';
+
+/** True when Forge is running inside a Docker/container deployment.
+ *  Two-channel detection (per user choice C):
+ *    1. FORGE_CONTAINER=1 env var (set by entrypoint)
+ *    2. /data/project exists AND is writable (probe; covers ad-hoc mounts)
+ *  Either signal is enough. */
+export function detectContainerMode(): boolean {
+  if (process.env.FORGE_CONTAINER === '1') return true;
+  try {
+    accessSync(CONTAINER_DEFAULT_ROOT, fsConstants.W_OK);
+    return true;
+  } catch { return false; }
+}
+
+/** In container mode, register `/data/project` as a project root if no roots
+ *  are configured yet. Idempotent: returns the path that was added (or
+ *  already present), or null when we're not in container mode / the path
+ *  isn't writable. Auto-add (user choice 3) so subsequent runs use it without
+ *  re-triggering this path.
+ *
+ *  Persists to settings so the path also appears in Settings → Projects. */
+export function ensureContainerRoot(): string | null {
+  if (!detectContainerMode()) return null;
+  try {
+    mkdirSync(CONTAINER_DEFAULT_ROOT, { recursive: true });
+    accessSync(CONTAINER_DEFAULT_ROOT, fsConstants.W_OK);
+  } catch { return null; }
+  const settings = loadSettings();
+  const roots = settings.projectRoots || [];
+  if (roots.includes(CONTAINER_DEFAULT_ROOT)) return CONTAINER_DEFAULT_ROOT;
+  settings.projectRoots = [...roots, CONTAINER_DEFAULT_ROOT];
+  saveSettings(settings);
+  invalidateProjectScan();
+  return CONTAINER_DEFAULT_ROOT;
+}
+
+// ─── Strict resolver (for pipelines that declare requires_real_project) ───
+
+export type StrictResolveError =
+  | 'no_repo_specified'
+  | 'clone_failed';
+
+export interface StrictResolveResult {
+  project: LocalProject;
+  source: 'existing' | 'gitlab-cloned';
+  clone_url?: string;
+}
+
+/**
+ * Strict project resolver — used by pipelines that declare
+ * `requires_real_project: true`. Differs from resolveOrCloneProject in that
+ * it NEVER falls back to scratch; on any failure it returns a structured
+ * error so the caller (startPipeline) can abort the run with a clear message
+ * instead of letting git commands inside the task crash with
+ * "fatal: not a git repository".
+ *
+ * Flow (matches the user's spec):
+ *   1. Existing project by name / owner-repo / fuzzy → use it
+ *   2. Otherwise figure out the target repo URL:
+ *      - input name contains '/' → treat as owner/repo
+ *      - else gitlab connector default_project_path
+ *      - else → error('no_repo_specified')
+ *   3. Re-scan locally for a checkout whose origin matches the target → use it
+ *   4. Clone via tryGitlabClone — writes to the Forge-managed cache
+ *      (<dataDir>/cloned-projects), which is ALWAYS writable and does NOT
+ *      need a configured projectRoot. We best-effort register the container
+ *      root (/data/project) so manually-placed checkouts there get scanned,
+ *      but never block the clone on it.
+ *      - gitlab connector missing → error('no_repo_specified')
+ *      - clone failed → error('clone_failed')
+ */
+export function resolveProjectStrict(name: string | undefined): StrictResolveResult | { error: StrictResolveError; message: string } {
+  const trimmed = (name || '').trim();
+
+  // Step 1: existing match — reuse the lenient resolver's match logic by
+  // delegating, but discard its scratch fallback.
+  if (trimmed) {
+    const hit = getProjectInfo(trimmed);
+    if (hit) return { project: hit, source: 'existing' };
+
+    const projects = scanProjects();
+    if (trimmed.includes('/')) {
+      const want = normalizeRepoPath(trimmed) || trimmed.toLowerCase().replace(/^\/+|\/+$/g, '');
+      const wantBase = want.split('/').pop()!;
+      const byRepo = projects.filter((p) => p.repo && p.repo === want);
+      if (byRepo.length === 1) return { project: byRepo[0], source: 'existing' };
+      const byRepoBase = projects.filter((p) => p.repo && p.repo.split('/').pop() === wantBase);
+      if (byRepoBase.length === 1) return { project: byRepoBase[0], source: 'existing' };
+    }
+    const base = trimmed.split('/').pop()!.trim();
+    const ownerRepo = trimmed.replace(/\//g, '-');
+    const cands = projects.filter((p) =>
+      p.name === base || p.name === ownerRepo || p.name.toLowerCase() === base.toLowerCase());
+    if (cands.length === 1) return { project: cands[0], source: 'existing' };
+  }
+
+  // Step 2: derive target repo path
+  const gl = readGitlabConnector();
+  const targetPath = trimmed && trimmed.includes('/')
+    ? trimmed
+    : (gl?.default_project_path || '').trim();
+  if (!targetPath) {
+    return {
+      error: 'no_repo_specified',
+      message: trimmed
+        ? `Could not resolve project "${trimmed}". Pass an owner/repo path, or set GitLab connector's default_project_path.`
+        : 'No repository specified. Set `project: owner/repo` in pipeline input, or set GitLab connector\'s default_project_path.',
+    };
+  }
+
+  // Step 3: scan locally by origin remote
+  if (gl) {
+    const projects = scanProjects();
+    const want = normalizeRepoPath(targetPath) || targetPath.toLowerCase().replace(/^\/+|\/+$/g, '');
+    const wantBase = want.split('/').pop()!;
+    const localHit =
+      projects.find((p) => p.repo && p.repo === want) ||
+      projects.find((p) => p.repo && p.repo.split('/').pop() === wantBase) ||
+      projects.find((p) => p.name.toLowerCase() === wantBase.toLowerCase());
+    if (localHit) return { project: localHit, source: 'existing' };
+  }
+
+  // Step 4: clone. tryGitlabClone writes to <dataDir>/cloned-projects (always
+  // writable) — it does NOT use projectRoots, so there's no "no project root"
+  // failure here: as long as the gitlab connector is configured, a clone has
+  // somewhere to land. Best-effort register the container root so manual
+  // checkouts under /data/project are discoverable on the next scan; ignore
+  // its result — it must never block the clone.
+  ensureContainerRoot();
+
+  if (!gl) {
+    return {
+      error: 'no_repo_specified',
+      message: `GitLab connector is not configured; cannot clone "${targetPath}". Install + configure the GitLab connector first.`,
+    };
+  }
+  const cloned = tryGitlabClone(targetPath);
+  if (!cloned) {
+    return {
+      error: 'clone_failed',
+      message: `Failed to clone ${gl.base_url}/${targetPath}. Check GitLab connectivity, credentials, and that the path exists.`,
+    };
+  }
+  return {
+    project: cloned,
+    source: 'gitlab-cloned',
+    clone_url: `${gl.base_url}/${targetPath.replace(/^\/+|\/+$/g, '')}.git`,
+  };
+}
+
 /**
  * Pick a writable directory to clone into, in priority order:
  *   1. settings.projectRoots[0] — what the user already trusts

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.85",
+  "version": "0.10.86",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {