@aion0/forge 0.10.87 → 0.10.89

package/RELEASE_NOTES.md

@@ -1,14 +1,14 @@
-# Forge v0.10.87
+# Forge v0.10.89
 
 Released: 2026-06-17
 
-## Changes since v0.10.86
+## Changes since v0.10.88
 
 ### Other
-- feat(pipeline): log attached skills in task init line
-- feat(skills): per-skill source badge in marketplace (#354)
-- feat(skills): multi-source sync + install (enterprise + public) — #354
-- feat(pipeline): workflow-level skills: field + template _skills auto-install
+- fix(build): clean install on fresh machines — webpack build + valid route exports
+- fix(projects): strict resolve requires git-backed match + fresh-clone visibility
+- refactor(projects): auto-clone lands in project root, retire cloned-projects
+- feat(projects): auto-clone lands in a real project root, not the cache
 
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.86...v0.10.87
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.10.88...v0.10.89

package/app/api/auth/check/route.ts

@@ -8,7 +8,7 @@
  */
 
 import { NextResponse } from 'next/server';
-import { isValidToken } from '../verify/route';
+import { isValidToken } from '@/lib/api-tokens';
 
 export async function POST(req: Request) {
   if (!isValidToken(req)) {

package/app/api/auth/keys/route.ts

@@ -2,7 +2,7 @@ import { NextResponse } from 'next/server';
 import { verifyAdmin, getAdminPassword } from '@/lib/password';
 import { createApiKey, listApiKeys } from '@/lib/api-keys';
 import { isAuthenticated } from '@/lib/api-auth';
-import { isValidToken } from '@/app/api/auth/verify/route';
+import { isValidToken } from '@/lib/api-tokens';
 
 function isDev(): boolean {
   return process.env.NODE_ENV !== 'production' || process.env.FORGE_DEV === '1';

package/app/api/auth/verify/route.ts

@@ -1,23 +1,7 @@
 import { NextResponse } from 'next/server';
-import { randomUUID } from 'node:crypto';
-
-// In-memory valid tokens — shared across API routes in the same process
-const tokenKey = Symbol.for('forge-api-tokens');
-const g = globalThis as any;
-if (!g[tokenKey]) g[tokenKey] = new Set<string>();
-export const validTokens: Set<string> = g[tokenKey];
-
-/** Verify a token is valid (for use in other API routes) */
-export function isValidToken(req: Request): boolean {
-  // Check header
-  const headerToken = new Headers(req.headers).get('x-forge-token');
-  if (headerToken && validTokens.has(headerToken)) return true;
-  // Check cookie
-  const cookieHeader = new Headers(req.headers).get('cookie') || '';
-  const match = cookieHeader.match(/forge-api-token=([^;]+)/);
-  if (match && validTokens.has(match[1])) return true;
-  return false;
-}
+// Token store/helpers live in lib/api-tokens (a route file may only export
+// HTTP handlers + Next's allowed config fields — Next 16 type-checks this).
+import { mintToken } from '@/lib/api-tokens';
 
 export async function POST(req: Request) {
   const body = await req.json();
@@ -32,8 +16,7 @@ export async function POST(req: Request) {
     return NextResponse.json({ error: 'invalid password' }, { status: 401 });
   }
 
-  const token = randomUUID();
-  validTokens.add(token);
+  const token = mintToken();
 
   const res = NextResponse.json({ ok: true, token });
   res.cookies.set('forge-api-token', token, {

package/app/api/mcp/route.ts

@@ -15,7 +15,7 @@
  * forwards JSON-RPC frames here and carries the Mcp-Session-Id header.
  */
 
-import { isValidToken } from '@/app/api/auth/verify/route';
+import { isValidToken } from '@/lib/api-tokens';
 import { isAuthenticated } from '@/lib/api-auth';
 import { createManagementMcpServer } from '@/mcp/server';
 import { WebStandardStreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js';

package/app/api/onboarding/route.ts

@@ -544,7 +544,9 @@ function preprocessTemplate(
 // / default_project_path) after a Reinstall without forcing the user
 // to re-run the entire wizard. Existing non-empty values are preserved
 // — see the merge logic inside.
-export async function applyConnectors(
+// Module-local (not exported): a route file may only export HTTP handlers +
+// Next's config fields — exporting helpers fails Next 16's route type-check.
+async function applyConnectors(
   values: Record<string, string> | undefined,
   selectedConnectors: string[] | undefined,
   sourceId?: string,
@@ -758,7 +760,7 @@ export async function applyConnectors(
  * template omits `_pipelines`, falls back to `suggested_pipelines` (the
  * marketplace's fortinet-* prefix heuristic).
  */
-export async function applyTemplatePipelines(sourceId?: string, deptId?: string): Promise<{
+async function applyTemplatePipelines(sourceId?: string, deptId?: string): Promise<{
   installed: string[];
   errors: Array<{ name: string; error: string }>;
 }> {

package/bin/forge-server.mjs

@@ -28,6 +28,32 @@ import { homedir } from 'node:os';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const ROOT = join(__dirname, '..');
 
+// Node version guard — Forge is tested on Node 20–22 (LTS). Bleeding-edge
+// majors crash `next build` with a cryptic Turbopack error ("Expected process
+// result to be a module"); old majors lack required APIs. Warn early so the
+// real cause is visible before the build runs.
+{
+  const major = Number(process.versions.node.split('.')[0]);
+  if (major < 20 || major > 24) {
+    console.warn(
+      `\n⚠️  Forge is tested on Node 20–22 (LTS); you're on Node ${process.versions.node}.\n` +
+      `   If startup fails with a Turbopack / native-module error, switch to Node 22:\n` +
+      `     nvm install 22 && nvm use 22 && npm i -g @aion0/forge\n`
+    );
+  }
+}
+
+// Pre-install EnvHttpProxyAgent before any dynamic import('undici') can
+// clobber Node's NODE_USE_ENV_PROXY agent (see lib/proxy-setup.ts).
+// No-op off-corp (no proxy env), so non-docker deployments are unchanged.
+if (process.env.HTTPS_PROXY || process.env.HTTP_PROXY ||
+    process.env.https_proxy || process.env.http_proxy) {
+  try {
+    const { setGlobalDispatcher, EnvHttpProxyAgent } = await import('undici');
+    setGlobalDispatcher(new EnvHttpProxyAgent());
+  } catch { /* undici unavailable — leave Node's default dispatcher */ }
+}
+
 /** Build Next.js — install devDependencies first if missing */
 function buildNext() {
   // Check if devDependencies are installed (e.g. @tailwindcss/postcss)
@@ -40,7 +66,12 @@ function buildNext() {
     // installed npm-package copy (.npmrc isn't published).
     execSync('npm install --include=dev --legacy-peer-deps', { cwd: ROOT, stdio: 'inherit' });
   }
-  execSync('npx next build', { cwd: ROOT, stdio: 'inherit', env: { ...process.env } });
+  // Build with webpack, not Turbopack (Next 16's default). Turbopack chokes on
+  // the Proxy/middleware bundle — proxy.ts pulls auth + a route module that
+  // transitively imports Node-native deps (better-sqlite3 …) — and dies with
+  // "TurbopackInternalError: Expected process result to be a module". Webpack
+  // (the pre-16 path) handles the Node-runtime middleware fine.
+  execSync('npx next build --webpack', { cwd: ROOT, stdio: 'inherit', env: { ...process.env } });
 }
 
 /**

package/instrumentation.ts

@@ -2,6 +2,8 @@
  * Next.js instrumentation — runs once when the server starts.
  * Loads .env.local and prints login password.
  */
+import './lib/proxy-setup';   // MUST be first — see proxy-setup.ts header.
+
 export async function register() {
   // Only run on server, not Edge
   if (process.env.NEXT_RUNTIME === 'nodejs') {

package/lib/api-tokens.ts

@@ -0,0 +1,31 @@
+import { randomUUID } from 'node:crypto';
+
+/**
+ * In-memory admin-minted API tokens, shared across API routes + the proxy in
+ * the same process. Lives in lib/ (not an API route) on purpose: Next 16's
+ * route type-check rejects non-handler exports from a route file, and importing
+ * a route module into proxy.ts dragged Node-native deps into the middleware
+ * bundle — which crashed the Turbopack build.
+ */
+const tokenKey = Symbol.for('forge-api-tokens');
+const g = globalThis as any;
+if (!g[tokenKey]) g[tokenKey] = new Set<string>();
+export const validTokens: Set<string> = g[tokenKey];
+
+/** Mint + register a new token (called by the password-verify route). */
+export function mintToken(): string {
+  const token = randomUUID();
+  validTokens.add(token);
+  return token;
+}
+
+/** True if the request carries a valid token (x-forge-token header or
+ *  forge-api-token cookie). */
+export function isValidToken(req: Request): boolean {
+  const headerToken = new Headers(req.headers).get('x-forge-token');
+  if (headerToken && validTokens.has(headerToken)) return true;
+  const cookieHeader = new Headers(req.headers).get('cookie') || '';
+  const match = cookieHeader.match(/forge-api-token=([^;]+)/);
+  if (match && validTokens.has(match[1])) return true;
+  return false;
+}

package/lib/browser-bridge-standalone.ts

@@ -39,6 +39,7 @@
  * Usage: npx tsx lib/browser-bridge-standalone.ts [--forge-port=8403]
  */
 
+import './proxy-setup';   // MUST be first — see proxy-setup.ts header.
 import { createServer, type IncomingMessage, type ServerResponse } from 'node:http';
 import { WebSocket, WebSocketServer } from 'ws';
 import { randomUUID, createHash } from 'node:crypto';

package/lib/chat/protocols/http.ts

@@ -241,8 +241,14 @@ async function exchangeBearerToken(
   const exchangeFetchInit = { method: auth.exchange_method || 'POST', headers, body };
   let res: Response;
   if (verifyTls === false) {
-    const { fetch: undiciFetch, Agent } = await import('undici');
-    const dispatcher = new Agent({ connect: { rejectUnauthorized: false } });
+    // Per-call dispatcher bypasses the global proxy agent — route via
+    // ProxyAgent when a proxy is set (corp), else plain Agent (direct).
+    const { fetch: undiciFetch, Agent, ProxyAgent } = await import('undici');
+    const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy ||
+                     process.env.HTTP_PROXY || process.env.http_proxy;
+    const dispatcher = proxyUrl
+      ? new ProxyAgent({ uri: proxyUrl, requestTls: { rejectUnauthorized: false } })
+      : new Agent({ connect: { rejectUnauthorized: false } });
     res = await undiciFetch(exchangeUrl, { ...exchangeFetchInit, dispatcher }) as unknown as Response;
   } else {
     res = await fetch(exchangeUrl, exchangeFetchInit);
@@ -488,8 +494,14 @@ export async function runHttp({ tool, settings, args, connectorAuth, noTruncatio
       // fetch are version-matched; passing an external undici Agent
       // into Node's bundled global fetch fails with UND_ERR_INVALID_ARG
       // because Node 22 ships an older undici than the installed one.
-      const { fetch: undiciFetch, Agent } = await import('undici');
-      const dispatcher = new Agent({ connect: { rejectUnauthorized: false } });
+      // Per-call dispatcher bypasses the global proxy agent — route via
+      // ProxyAgent when a proxy is set (corp), else plain Agent (direct).
+      const { fetch: undiciFetch, Agent, ProxyAgent } = await import('undici');
+      const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy ||
+                       process.env.HTTP_PROXY || process.env.http_proxy;
+      const dispatcher = proxyUrl
+        ? new ProxyAgent({ uri: proxyUrl, requestTls: { rejectUnauthorized: false } })
+        : new Agent({ connect: { rejectUnauthorized: false } });
       res = await undiciFetch(url, { method, headers, body, signal: controller.signal, dispatcher }) as unknown as Response;
     } else {
       res = await fetch(url, { method, headers, body, signal: controller.signal });

package/lib/chat-standalone.ts

@@ -30,6 +30,7 @@
  *   keep their existing WS path; HTTP-only surfaces use SSE.
  */
 
+import './proxy-setup';   // MUST be first — see proxy-setup.ts header.
 import { createServer, type IncomingMessage, type ServerResponse } from 'node:http';
 import {
   createSession, getSession, listSessions, updateSession, deleteSession, listMessages,

package/lib/connectors/test-runner.ts

@@ -134,8 +134,14 @@ async function runHttpProbe(
     // NAC, ESXi …) need undici with rejectUnauthorized:false, same as http.ts.
     const fetchInit = { method, headers, body, signal: ctrl.signal };
     if (def.http?.verify_tls === false) {
-      const { fetch: undiciFetch, Agent } = await import('undici');
-      const dispatcher = new Agent({ connect: { rejectUnauthorized: false } });
+      // A per-call dispatcher bypasses the global proxy agent, so when a proxy
+      // is set (corp) route through ProxyAgent; else plain Agent (direct).
+      const { fetch: undiciFetch, Agent, ProxyAgent } = await import('undici');
+      const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy ||
+                       process.env.HTTP_PROXY || process.env.http_proxy;
+      const dispatcher = proxyUrl
+        ? new ProxyAgent({ uri: proxyUrl, requestTls: { rejectUnauthorized: false } })
+        : new Agent({ connect: { rejectUnauthorized: false } });
       res = await undiciFetch(url, { ...fetchInit, dispatcher } as any) as unknown as Response;
     } else {
       res = await fetch(url, fetchInit);

package/lib/help-docs/10-troubleshooting.md

@@ -76,6 +76,19 @@ The WebSocket dropped (system suspend, network blip). Forge auto-reconnects afte
 gh auth login
 ```
 
+### Connector Test fails with `ENETUNREACH` behind a corp proxy
+Symptom: a brand-new deployment behind a corporate proxy/ZTNA, configure a
+connector (e.g. GitLab) → **Test** → `request failed: fetch failed: connect
+ENETUNREACH <backend-ip>:443`.
+
+Forge honours `HTTPS_PROXY` / `HTTP_PROXY` / `NO_PROXY` automatically — every
+entry point pre-installs an `EnvHttpProxyAgent` before any code makes a request,
+so a proxy set in the environment is used for all connector calls (including
+`verify_tls: false` self-signed appliances like FortiNAC). Just make sure the
+proxy env vars are exported for the Forge process (in Docker, via the
+container's environment). Off-corp deployments with no proxy env are unaffected
+— requests go direct as before.
+
 ### Skills not syncing
 Click "Sync" in Skills tab. Check `skillsRepoUrl` in Settings points to valid registry.
 

package/lib/memory-standalone.ts

@@ -18,6 +18,8 @@
  * next sub-task still runs in the same cycle.
  */
 
+import './proxy-setup';   // MUST be first — see proxy-setup.ts header.
+
 const MEMORY_TICK_SEC = 120;
 
 export interface MemorySubTask {

package/lib/projects.ts

@@ -297,11 +297,12 @@ export interface StrictResolveResult {
  *      - else gitlab connector default_project_path
  *      - else → error('no_repo_specified')
  *   3. Re-scan locally for a checkout whose origin matches the target → use it
- *   4. Clone via tryGitlabClone — writes to the Forge-managed cache
- *      (<dataDir>/cloned-projects), which is ALWAYS writable and does NOT
- *      need a configured projectRoot. We best-effort register the container
- *      root (/data/project) so manually-placed checkouts there get scanned,
- *      but never block the clone on it.
+ *   4. Clone via tryGitlabClone — lands in a real project root so the
+ *      checkout persists and is reused next run. In container mode we register
+ *      the docker-internal /data/project (a host-mounted path) as the root
+ *      first, so the clone shows up as a normal project; on a host install it
+ *      takes the first configured project path (projectRoots[0]), falling back
+ *      to ~/IdeaProjects / <dataDir>/scratch.
  *      - gitlab connector missing → error('no_repo_specified')
  *      - clone failed → error('clone_failed')
  */
@@ -309,25 +310,30 @@ export function resolveProjectStrict(name: string | undefined): StrictResolveRes
   const trimmed = (name || '').trim();
 
   // Step 1: existing match — reuse the lenient resolver's match logic by
-  // delegating, but discard its scratch fallback.
+  // delegating, but discard its scratch fallback. Crucially, only accept a
+  // GIT-BACKED match: this resolver exists for requires_real_project pipelines,
+  // so a non-git project (e.g. the built-in 'default' / 'scratch', or a plain
+  // folder the chat agent named) must NOT satisfy it — fall through and clone
+  // the real repo instead. Without this, `project: default` was returned as-is
+  // and the node's `git rev-parse` then failed with "not a git repository".
   if (trimmed) {
     const hit = getProjectInfo(trimmed);
-    if (hit) return { project: hit, source: 'existing' };
+    if (hit?.hasGit) return { project: hit, source: 'existing' };
 
     const projects = scanProjects();
     if (trimmed.includes('/')) {
       const want = normalizeRepoPath(trimmed) || trimmed.toLowerCase().replace(/^\/+|\/+$/g, '');
       const wantBase = want.split('/').pop()!;
       const byRepo = projects.filter((p) => p.repo && p.repo === want);
-      if (byRepo.length === 1) return { project: byRepo[0], source: 'existing' };
+      if (byRepo.length === 1 && byRepo[0].hasGit) return { project: byRepo[0], source: 'existing' };
       const byRepoBase = projects.filter((p) => p.repo && p.repo.split('/').pop() === wantBase);
-      if (byRepoBase.length === 1) return { project: byRepoBase[0], source: 'existing' };
+      if (byRepoBase.length === 1 && byRepoBase[0].hasGit) return { project: byRepoBase[0], source: 'existing' };
     }
     const base = trimmed.split('/').pop()!.trim();
     const ownerRepo = trimmed.replace(/\//g, '-');
     const cands = projects.filter((p) =>
       p.name === base || p.name === ownerRepo || p.name.toLowerCase() === base.toLowerCase());
-    if (cands.length === 1) return { project: cands[0], source: 'existing' };
+    if (cands.length === 1 && cands[0].hasGit) return { project: cands[0], source: 'existing' };
   }
 
   // Step 2: derive target repo path
@@ -450,9 +456,17 @@ function tryGitlabClone(repoPath: string): LocalProject | null {
   const path = repoPath.replace(/^\/+|\/+$/g, '');
   if (!path || !path.includes('/')) return null;  // not a repo path shape
   const safe = path.replace(/[^A-Za-z0-9._-]+/g, '-');
-  const cacheRoot = join(getDataDir(), 'cloned-projects');
-  const target = join(cacheRoot, safe);
-  try { mkdirSync(cacheRoot, { recursive: true }); } catch {}
+  // Clone into a real project root so the checkout persists as a normal
+  // project and is reused across runs (no delete needed). In container mode
+  // ensureContainerRoot registers the docker-internal /data/project (a
+  // host-mounted path) as the first root; on a host install we just take the
+  // first configured project path. getDefaultCloneRoot encodes that priority
+  // (projectRoots[0] → ~/IdeaProjects → <dataDir>/scratch). The old
+  // <dataDir>/cloned-projects hidden cache is retired.
+  ensureContainerRoot();
+  const cloneRoot = getDefaultCloneRoot();
+  const target = join(cloneRoot, safe);
+  try { mkdirSync(cloneRoot, { recursive: true }); } catch {}
 
   // Inject PAT into URL. gitlab accepts `oauth2:<token>` basic auth on
   // HTTPS. URL-encode the token in case it contains '@' or '/'.
@@ -467,6 +481,11 @@ function tryGitlabClone(repoPath: string): LocalProject | null {
     if (!alreadyCloned) {
       execSync(`git clone --quiet "${authedUrl}" "${target}"`, { stdio: 'pipe', timeout: 120000 });
       _cloneFreshAt.set(target, Date.now());
+      // The new checkout must be discoverable right away: a scanProjects() cache
+      // populated earlier this run (e.g. by resolveProjectStrict's pre-clone
+      // scan) wouldn't include it, so getProjectInfo would miss the repo we
+      // just cloned and downstream resolution could fall back to scratch.
+      invalidateProjectScan();
     } else if (!stillFresh) {
       // Best-effort refresh; failures (offline, network, auth drift) are
       // non-fatal — fall back to whatever's cached. Pipelines see stale
@@ -487,9 +506,13 @@ function tryGitlabClone(repoPath: string): LocalProject | null {
   try { mtime = statSync(target).mtime.toISOString(); }
   catch { mtime = new Date().toISOString(); }
   return {
-    name: path,
+    // Use the on-disk dir name (== scanProjects' entry.name) so the name we
+    // seed back into input.project matches what getProjectInfo will find next
+    // scan. Returning the slashed repo path here desynced the two and made
+    // computePipelineTmpDir's getProjectInfo miss → tmp_dir fell to scratch.
+    name: safe,
     path: target,
-    root: cacheRoot,
+    root: cloneRoot,
     hasGit: existsSync(join(target, '.git')),
     hasClaudeMd: existsSync(join(target, 'CLAUDE.md')),
     language: null,

package/lib/proxy-setup.ts

@@ -0,0 +1,21 @@
+/**
+ * Pre-install an EnvHttpProxyAgent on undici's global dispatcher BEFORE
+ * anything dynamic-imports the npm undici (8.x).
+ *
+ * Why: Node honours NODE_USE_ENV_PROXY by putting EnvHttpProxyAgent on
+ * undici v1's dispatcher symbol. The npm undici uses v2; on load its
+ * `if (getGlobalDispatcher() === undefined) setGlobalDispatcher(new Agent())`
+ * reads v2 (undefined) and writes a plain Agent into BOTH v1 and v2,
+ * silently clobbering Node's proxy agent — after which every fetch ignores
+ * HTTPS_PROXY and direct-connects (ENETUNREACH behind corp ZTNA).
+ * Setting v2 here makes that check non-undefined, so npm undici skips it.
+ *
+ * MUST be the FIRST import in every entry point. Off-corp (no proxy env)
+ * this is a no-op, so non-docker / standalone deployments are unchanged.
+ */
+import { setGlobalDispatcher, EnvHttpProxyAgent } from 'undici';
+
+if (process.env.HTTPS_PROXY || process.env.HTTP_PROXY ||
+    process.env.https_proxy || process.env.http_proxy) {
+  setGlobalDispatcher(new EnvHttpProxyAgent());
+}

package/lib/telegram-standalone.ts

@@ -4,6 +4,7 @@
  * Runs as a single process — no duplication from Next.js workers.
  */
 
+import './proxy-setup';   // MUST be first — see proxy-setup.ts header.
 import { loadSettings } from './settings';
 
 const settings = loadSettings();

package/lib/terminal-standalone.ts

@@ -24,6 +24,7 @@
  * Usage: npx tsx lib/terminal-standalone.ts
  */
 
+import './proxy-setup';   // MUST be first — see proxy-setup.ts header.
 import { WebSocketServer, WebSocket } from 'ws';
 import * as pty from 'node-pty';
 import { execSync } from 'node:child_process';

package/lib/workspace-standalone.ts

@@ -12,6 +12,7 @@
  *   FORGE_DATA_DIR  — data directory
  */
 
+import './proxy-setup';   // MUST be first — see proxy-setup.ts header.
 import { createServer, type IncomingMessage, type ServerResponse } from 'node:http';
 import { readdirSync, statSync } from 'node:fs';
 import { join, resolve } from 'node:path';

package/next.config.ts

@@ -10,6 +10,13 @@ const localIPs = Object.values(networkInterfaces())
   .map(i => i!.address);
 
 const nextConfig: NextConfig = {
+  // Skip `next build`'s TypeScript step. It duplicates our authoritative
+  // `tsc --noEmit` (run in CI / publish.sh) and additionally enforces a
+  // route-export shape rule that rejects Forge's intentional patterns —
+  // craft-system runtime routes that serve React/jsx as importable modules
+  // (app/api/craft-system/runtime/*) export non-handler symbols on purpose.
+  // tsc remains the real type gate; this only drops Next's redundant check.
+  typescript: { ignoreBuildErrors: true },
   serverExternalPackages: ['better-sqlite3', 'esbuild'],
   allowedDevOrigins: localIPs,
   async rewrites() {

package/package.json

@@ -1,8 +1,11 @@
 {
   "name": "@aion0/forge",
-  "version": "0.10.87",
+  "version": "0.10.89",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
+  "engines": {
+    "node": ">=20"
+  },
   "scripts": {
     "dev": "next dev --turbopack",
     "build": "next build",

package/proxy.ts

@@ -1,7 +1,7 @@
 import { NextResponse } from 'next/server';
 import { auth } from './lib/auth';
 import { hasValidApiKey } from './lib/api-auth';
-import { isValidToken } from './app/api/auth/verify/route';
+import { isValidToken } from './lib/api-tokens';
 
 // Node runtime: the auth() wrapper decodes the NextAuth session JWT with the
 // AUTH_SECRET that the route layer also uses (auto-generated in-process when

package/publish.sh

@@ -46,6 +46,25 @@ fi
 echo "Version: $CURRENT → $NEW_VERSION"
 echo ""
 
+# ── Build gate: a broken build must never ship ──────────────────────────────
+# publish.sh used to bump+tag+push with ZERO build verification, so compile /
+# bundler errors only surfaced when a fresh user ran `forge server start` (their
+# first clean `next build`). Run it here with a CLEAN .next so a stale cache
+# can't mask source errors. tsc is the authoritative type gate (next build's own
+# TS step is off via typescript.ignoreBuildErrors); __tests__ are tsx scripts
+# checked separately, so they're excluded.
+echo "Verifying clean build before publish ..."
+rm -rf .next
+npx next build --webpack
+TSC_ERRORS=$(npx tsc --noEmit 2>&1 | grep "error TS" | grep -v "__tests__" || true)
+if [ -n "$TSC_ERRORS" ]; then
+  echo "$TSC_ERRORS"
+  echo "✗ Type errors — aborting publish (no version bump/commit/tag made)."
+  exit 1
+fi
+echo "✓ Build + type-check clean"
+echo ""
+
 # Refresh the bundled model-registry snapshot from public-info.
 # This is the offline/first-run fallback for lib/agents/known-models.ts —
 # pulling it here keeps it from drifting against the live registry.