@aion0/forge 0.8.0 → 0.8.2

package/RELEASE_NOTES.md

@@ -1,107 +1,31 @@
-# Forge v0.8.0
+# Forge v0.8.2
 
-Released: 2026-05-19
+Released: 2026-05-20
 
-## Changes since v0.6.3
-
-### Features
-- feat: job preview auto-fill + forge worktree CLI + faster startup
-
-### Documentation
-- docs: example pipeline for a Forge Job driving Mantis → branch triage
-- docs: Jobs — scheduled connector polls that fan out to pipelines or chat
-- docs: connector declarative-extract spec + handoff + updated help doc
-- docs: connector packaging section + plugin category ADR
-- docs: ADR for browser-agent data architecture (Temper write strategy)
-- docs: RFC + implementation plan for browser-agent / connector system
+## Changes since v0.8.1
 
 ### Other
-- feat(chat): local memory fallback + simplified /chat web page
-- feat(security): encrypt plugin secrets at rest + mask on API
-- feat(pipeline): print fetch-bug-details + download-attachments to task log
-- feat(mantis+pipeline): attachment download into worktree for vision analysis
-- fix(pipeline): push-and-mr detects revoked glab token + prints fix cmd
-- fix(pipeline): push-and-mr surfaces glab output + MR-list fallback
-- feat(pipeline/mantis): fetch-bug-details exposes ALL fields downstream
-- fix(pipeline-ui): fetch full pipeline on click — summary breaks detail view
-- feat(jobs): expose {{total_matching}} placeholder in chat summary mode
-- fix(mantis): regex escape — YAML | block passes backslashes verbatim
-- fix(time): normalize all SQLite datetimes to ISO Z + add settings.timezone
-- feat(jobs/mantis): target='main' chat dispatch + total_matching count
-- fix(mantis): reset all filter fields before applying — no session leak
-- feat(chat): persistent main session + clear-messages + fork
-- feat(jobs): chat 'summary' dispatch mode — bundle N items into 1 LLM analysis
-- perf(pipeline-ui): lazy-load runs per workflow, drop 5s full poll
-- perf(watcher): defer initial sync + skip entry_count on first pass
-- feat(pipeline-ui): 'Load older runs' button per workflow
-- perf(pipeline): default limit 100 + ?workflow / ?before cursor
-- perf(pipeline): mtime cache + summary mode for list — 1.6MB → <50KB
-- perf(init): instrument 5s gap + demote skills sync failure to warn
-- feat(teams): _probe diagnostic tool — DOM state in one call
-- fix(chat): unwrap Node fetch 'fetch failed' with concrete remediation
-- fix(teams): char-by-char typing for search input (keyboard events)
-- feat(teams): v0.8.0 — send_message 3-tier resolver (left-rail → expand groups → search)
-- feat(mantis): v0.4.3 — accurate filters via show_status + handler_id
-- fix(pipeline): real workdir support + worktree-setup emits path only
-- fix(pipeline): node tasks always start fresh Claude session
-- fix(jobs): warn loudly when input_template keys render to empty
-- feat(jobs): 'Force run' — reset dedup + run, one click
-- fix(jobs): drop dedup_key from triggerPipeline — UNIQUE blocked replay
-- feat(gitlab): full HTTP-API connector (32 tools) — replaces DOM scraping
-- fix(mantis): bug notes always carry an id — fallback strategies + hash
-- feat(chat): connector narrowing — /teams forces tool use; bare mention narrows tool list
-- fix(chat): connector tools always surfaced + stronger 'use the tool' prompt
-- fix(notify-test): explain 'fetch failed' (corp SSL / proxy / DNS)
-- fix(notify-test): drop Markdown parse_mode + split chat_id + surface real reason
-- fix(mantis): search_bugs — fix_schedule (version) filter + auto-pagination
-- fix(mantis): search_bugs honours status + project_id, drops broken query syntax
-- feat(health): startup probe + Pipelines banner for missing CLIs (glab/gh/git/jq)
-- feat(pipeline): mantis-bug-fix-and-mr builtin + connector-tool API
-- feat(mantis): notes carry stable note_id so Jobs can dedup on them
-- feat(jobs): per-run verbose execution log persisted to job_runs.log
-- feat(web): Jobs first in Automation, deep-link to logs filtered by job id
-- fix(web): Automation sub-tabs squished header; new sub-toolbar row fix(terminal): Split Right/Down → SVG icons; mouse hint to tooltip feat(jobs): notes column — backfill + items_path mismatch surfaced
-- feat(web): Automation hub — merge Tasks/Pipelines nav + add Jobs view
-- feat(jobs): trace flow — Dashboard deep-link + CLI dispatches view
-- feat(jobs): Jobs backend — scheduled connector polls + dispatch
-- fix(settings): don't overwrite agent apiKey with masked placeholder
-- feat(chat): port Temper memory to Forge — pinned blocks + memory_* tools
-- feat(chat): reuse API agent profiles + add baseUrl (LiteLLM support)
-- feat(bridge): drop pairing — bridge auths with the user's Forge token
-- feat(connectors): Phase 3 — multi-protocol runtime (http, shell)
-- feat(chat): Phase 5 part 3 — Telegram /chat command
-- feat(chat): Phase 5 part 2 — forge chat CLI subcommand
-- feat(chat): Phase 5 part 1 — chat-standalone (8408) + Next proxy
-- fix(bridge): spawn browser-bridge from lib/init.ts too
-- feat(chat): Phase 2 part 3 — HTTP API + WS push streaming
-- feat(chat): Phase 2 part 2 — tool dispatcher + agent loop
-- feat(chat): Phase 2 part 1 — chat backend foundation
-- feat(bridge): Phase 1 — Forge↔Extension WebSocket bridge
-- feat(connectors): teams v0.7.1 — send_message no longer requires confirmation
-- feat(connectors): teams v0.7.0 — robust wait + send_message by name
-- feat(connectors): teams v0.6.0 — read_chat + read_channel by name
-- feat(connectors): teams v0.5.0 — channels support (list + read posts)
-- feat(connectors): pmdb v0.2.0 — read-only Fortinet PMDB connector
-- feat(connectors): teams v0.4.0 — send_message (destructive)
-- feat(connectors): teams v0.3.0 — rewritten from real DOM probe
-- feat(connectors): multi-runner — manifest declares execution context
-- feat(connectors): teams (Microsoft Teams) — first-cut declarative manifest
-- chore(connectors): bump gitlab to 0.2.0
-- feat(connectors): gitlab — declarative manifest with 6 tools
-- feat(connectors): declarative extract — manifest carries page + script
-- chore(connectors): bump mantis to 0.2.0 — full tool set landed
-- feat(mcp): user-managed external MCP servers in .mcp.json
-- feat(connectors): mantis probe — auto-copy JSON result to clipboard
-- fix(connectors): mantis probe — support 1.x classic URL + checkbox row marker
-- feat(connectors): mantis selector probe sibling script
-- chore(connectors): bump mantis + gitlab-browser to 0.1.1
-- docs(connectors): DOM extraction is the default path, not REST APIs
-- feat(ui): dedicated Connectors panel separate from Plugins
-- fix(connectors-api): rely on middleware auth, drop explicit token check
-- feat(api): connectors discovery + per-user settings endpoints
-- feat(plugins): connector category + browser-side mode, mantis + gitlab manifests
-- feat(gitlab): \`gitlab-issue-fix-and-review\` pipeline + scanner
-- fix(mcp): mirror .forge/mcp.json to project root so claude picks it up
+- feat(skills): local skill upload (.md / .zip), parallel to connector install-local
+- fix(pipeline): auto-sync gitlab connector PAT into glab auth + env
+- feat(jobs): Job.skills + thread through to claude --append-system-prompt
+- fix(connectors): friendlier error when browser-probe handler missing
+- fix(pipeline): allow retry on running nodes + reap orphans on boot
+- feat(connectors): browser-side test probe via extension bridge
+- feat(connectors): manifest-driven Test button
+- docs(connectors): 21-build-connector.md + AI routing for authoring
+- feat(connectors): Upload button + drag-and-drop in marketplace
+- feat(connectors): install-local API — accept YAML or zip
+- refactor(connectors): move marketplace from Settings to SkillsPanel tab
+- fix(connectors): surface fetch root cause + show installed in marketplace
+- docs(connectors): rewrite 17-connectors.md for marketplace model
+- feat(connectors): drop builtin yamls + purge connector code from plugin/
+- feat(connectors): one-shot migration from plugin-configs.json
+- feat(connectors): Settings Marketplace panel
+- feat(connectors): marketplace API /api/connectors/marketplace
+- feat(connectors): route /api/connectors + chat through new registry
+- feat(connectors): sync — pull registry + manifests from forge-connectors
+- feat(connectors): registry — load manifests from <dataDir>/connectors/
+- feat(connectors): extract independent types in lib/connectors/
 
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.6.3...v0.8.0
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.8.1...v0.8.2

package/app/api/connectors/[id]/settings/route.ts

@@ -1,28 +1,31 @@
 /**
- * Per-user settings for a connector plugin.
+ * Per-user settings for an installed connector.
  *
- * Browser-side connectors don't have a Forge-side executor, so "install" is
- * really just "save your host URL + preferences". We map connector `settings`
- * onto the existing plugin config storage to avoid a second store.
+ * GET  → masked settings + schema + installed flag
+ * POST → save settings (preserves stored secrets if client returns
+ *        the bullet placeholder unchanged)
+ *
+ * Secrets (fields with type === 'secret') are encrypted at rest by
+ * lib/connectors/registry.ts (AES-256-GCM via lib/crypto.ts) and
+ * masked here so the plaintext never crosses the wire on GET.
  */
 
 import { NextResponse } from 'next/server';
 import {
-  getPlugin,
-  getInstalledPlugin,
-  installPlugin,
-  updatePluginConfig,
-  getConnectorsForPlugin,
-} from '@/lib/plugins/registry';
-import type { PluginFieldSchema } from '@/lib/plugins/types';
+  getConnector,
+  getInstalledConnector,
+  setConnectorConfig,
+} from '@/lib/connectors/registry';
+import type { ConnectorFieldSchema } from '@/lib/connectors/types';
 
-function settingsSchemaFor(id: string): Record<string, PluginFieldSchema> {
-  const def = getPlugin(id);
+function settingsSchemaFor(id: string): Record<string, ConnectorFieldSchema> {
+  const def = getConnector(id);
   if (!def) return {};
-  // For 1:N suites, merge settings across all entries (caller can scope by entry id).
-  const merged: Record<string, PluginFieldSchema> = {};
-  for (const c of getConnectorsForPlugin(def)) {
-    if (c.settings) Object.assign(merged, c.settings);
+  const merged: Record<string, ConnectorFieldSchema> = {};
+  if (def.settings) Object.assign(merged, def.settings);
+  // 1:N suites: union of each entry's settings
+  for (const entry of def.connectors || []) {
+    if (entry.settings) Object.assign(merged, entry.settings);
   }
   return merged;
 }
@@ -38,12 +41,12 @@ function defaultsFor(id: string): Record<string, any> {
 
 const SECRET_MASK = '••••••••';
 
-function isSecretField(schema: PluginFieldSchema | undefined): boolean {
+function isSecretField(schema: ConnectorFieldSchema | undefined): boolean {
   if (!schema) return false;
   return schema.type === 'secret' || (schema.type as string) === 'password';
 }
 
-function maskSecrets(settings: Record<string, any>, schema: Record<string, PluginFieldSchema>): Record<string, any> {
+function maskSecrets(settings: Record<string, any>, schema: Record<string, ConnectorFieldSchema>): Record<string, any> {
   const out: Record<string, any> = { ...settings };
   for (const [k, v] of Object.entries(schema)) {
     if (isSecretField(v) && typeof out[k] === 'string' && out[k]) {
@@ -56,7 +59,7 @@ function maskSecrets(settings: Record<string, any>, schema: Record<string, Plugi
 function restoreSecrets(
   incoming: Record<string, any>,
   existing: Record<string, any>,
-  schema: Record<string, PluginFieldSchema>,
+  schema: Record<string, ConnectorFieldSchema>,
 ): Record<string, any> {
   const out: Record<string, any> = { ...incoming };
   for (const [k, v] of Object.entries(schema)) {
@@ -70,11 +73,9 @@ function restoreSecrets(
 
 export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params;
-  const def = getPlugin(id);
-  if (!def || def.category !== 'connector') {
-    return NextResponse.json({ error: 'connector not found' }, { status: 404 });
-  }
-  const inst = getInstalledPlugin(id);
+  const def = getConnector(id);
+  if (!def) return NextResponse.json({ error: 'connector not found' }, { status: 404 });
+  const inst = getInstalledConnector(id);
   const stored = inst?.config || {};
   const schema = settingsSchemaFor(id);
   const merged = { ...defaultsFor(id), ...stored };
@@ -87,10 +88,8 @@ export async function GET(req: Request, { params }: { params: Promise<{ id: stri
 
 export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params;
-  const def = getPlugin(id);
-  if (!def || def.category !== 'connector') {
-    return NextResponse.json({ error: 'connector not found' }, { status: 404 });
-  }
+  const def = getConnector(id);
+  if (!def) return NextResponse.json({ error: 'connector not found' }, { status: 404 });
 
   const body = await req.json().catch(() => ({}));
   const settings = body?.settings ?? body;
@@ -98,15 +97,10 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
     return NextResponse.json({ error: 'settings must be an object' }, { status: 400 });
   }
 
-  const existing = getInstalledPlugin(id);
+  const existing = getInstalledConnector(id);
   const schema = settingsSchemaFor(id);
   const merged = restoreSecrets(settings, existing?.config || {}, schema);
-  const ok = existing
-    ? updatePluginConfig(id, merged)
-    : installPlugin(id, merged);
-
-  if (!ok) {
-    return NextResponse.json({ error: 'failed to persist settings' }, { status: 500 });
-  }
+  const ok = setConnectorConfig(id, merged);
+  if (!ok) return NextResponse.json({ error: 'failed to persist settings' }, { status: 500 });
   return NextResponse.json({ ok: true, settings: maskSecrets(merged, schema) });
 }

package/app/api/connectors/[id]/test/route.ts

@@ -0,0 +1,260 @@
+/**
+ * POST /api/connectors/[id]/test
+ *
+ * Reachability probe for a connector. Runs the manifest's `test:`
+ * block (an HTTP request) against the user's saved settings, returns
+ * a structured result for the Settings → Connectors UI to render.
+ *
+ *   {
+ *     ok: true,
+ *     status: 200,
+ *     message: "Authenticated as zliu (Zhen Liu)",
+ *     duration_ms: 152
+ *   }
+ *
+ * On failure:
+ *
+ *   {
+ *     ok: false,
+ *     status: 401,
+ *     error: "Token was revoked. You have to re-authorize from the user.",
+ *     body_preview: "{...}"
+ *   }
+ *
+ * The probe is HTTP-only — connectors that need a different mechanism
+ * (browser DOM, shell exec) simply omit `test:` and the UI hides the
+ * button.
+ */
+
+import { NextResponse } from 'next/server';
+import {
+  getConnector,
+  getConnectorEntries,
+  getInstalledConnector,
+} from '@/lib/connectors/registry';
+import { expandSettingsTokens, expandAllTokens } from '@/lib/plugins/templates';
+import { bridgeRpc } from '@/lib/chat/bridge-client';
+import type { ConnectorDefinition, ConnectorTest, HttpRequestSpec } from '@/lib/connectors/types';
+
+const DEFAULT_TIMEOUT_MS = 15_000;
+const MAX_BODY_PREVIEW = 1024;
+
+function expandString(s: string, settings: Record<string, unknown>): string {
+  return expandAllTokens(s, settings as Record<string, any>, {});
+}
+
+function buildUrl(spec: HttpRequestSpec, settings: Record<string, unknown>): string {
+  let url = expandString(spec.url, settings);
+  if (spec.query) {
+    const u = new URL(url);
+    for (const [k, raw] of Object.entries(spec.query)) {
+      u.searchParams.set(k, expandString(String(raw), settings));
+    }
+    url = u.toString();
+  }
+  return url;
+}
+
+function buildHeaders(spec: HttpRequestSpec, settings: Record<string, unknown>): Headers {
+  const h = new Headers();
+  if (spec.headers) {
+    for (const [k, raw] of Object.entries(spec.headers)) {
+      h.set(k, expandString(String(raw), settings));
+    }
+  }
+  return h;
+}
+
+function buildBody(
+  spec: HttpRequestSpec,
+  settings: Record<string, unknown>,
+): { body?: string; contentType?: string } {
+  if (spec.body == null) return {};
+  if (typeof spec.body === 'string') {
+    return { body: expandString(spec.body, settings) };
+  }
+  const out: Record<string, unknown> = {};
+  for (const [k, v] of Object.entries(spec.body)) {
+    out[k] = typeof v === 'string' ? expandString(v, settings) : v;
+  }
+  return { body: JSON.stringify(out), contentType: 'application/json' };
+}
+
+/**
+ * Render `{{path.to.value}}` placeholders against a parsed JSON body.
+ * Missing paths render as "?", non-string scalars get stringified.
+ */
+function renderTemplate(template: string, body: unknown): string {
+  return template.replace(/\{\{([^{}]+)\}\}/g, (_match, expr) => {
+    const path = String(expr).trim().split('.').filter(Boolean);
+    let cur: any = body;
+    for (const p of path) {
+      if (cur && typeof cur === 'object' && p in cur) cur = cur[p];
+      else return '?';
+    }
+    if (cur == null) return '?';
+    return typeof cur === 'string' ? cur : JSON.stringify(cur);
+  });
+}
+
+interface TestResult {
+  ok: boolean;
+  status?: number;
+  message?: string;
+  error?: string;
+  duration_ms?: number;
+  body_preview?: string;
+}
+
+async function runHttpProbe(test: ConnectorTest, settings: Record<string, unknown>): Promise<TestResult> {
+  const spec = test.request;
+  if (!spec?.url) return { ok: false, error: 'test.request.url is required for http probe' };
+
+  const method = (spec.method || 'GET').toUpperCase();
+  const url = buildUrl(spec, settings);
+  const headers = buildHeaders(spec, settings);
+  const { body, contentType } = buildBody(spec, settings);
+  if (body != null && contentType && !headers.has('content-type')) {
+    headers.set('content-type', contentType);
+  }
+
+  const timeoutMs = test.timeout_ms || DEFAULT_TIMEOUT_MS;
+  const okStatus = test.ok_status?.length ? test.ok_status : [200];
+
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), timeoutMs);
+  const t0 = Date.now();
+  let res: Response;
+  try {
+    res = await fetch(url, { method, headers, body, signal: ctrl.signal });
+  } catch (e) {
+    clearTimeout(timer);
+    const err = e as Error & { cause?: unknown };
+    const cause = err.cause instanceof Error ? `: ${err.cause.message}` : '';
+    return {
+      ok: false,
+      error: `request failed: ${err.message}${cause}`,
+      duration_ms: Date.now() - t0,
+    };
+  }
+  clearTimeout(timer);
+
+  const duration = Date.now() - t0;
+  const text = await res.text().catch(() => '');
+  const preview = text.length > MAX_BODY_PREVIEW ? text.slice(0, MAX_BODY_PREVIEW) + '…' : text;
+
+  if (!okStatus.includes(res.status)) {
+    let errMsg = `HTTP ${res.status} ${res.statusText}`;
+    try {
+      const j = JSON.parse(text);
+      if (typeof j?.error === 'string') errMsg += `: ${j.error}`;
+      else if (typeof j?.message === 'string') errMsg += `: ${j.message}`;
+      else if (typeof j?.error_description === 'string') errMsg += `: ${j.error_description}`;
+    } catch {}
+    return {
+      ok: false,
+      status: res.status,
+      error: errMsg,
+      duration_ms: duration,
+      body_preview: preview,
+    };
+  }
+
+  let parsedBody: unknown = null;
+  try { parsedBody = JSON.parse(text); } catch {}
+  const message = test.ok_template
+    ? renderTemplate(test.ok_template, parsedBody)
+    : `OK (HTTP ${res.status})`;
+  return {
+    ok: true,
+    status: res.status,
+    message,
+    duration_ms: duration,
+  };
+}
+
+/**
+ * Browser probe: ask the paired extension to land on the connector's
+ * host_match URL and report whether `login_redirect` was hit.
+ *
+ * The extension implements `connector.probe` (see
+ * lib/help-docs/21-build-connector.md for the wire contract). On
+ * sites the user is logged in to, it returns
+ *   { ok: true, url: '<final tab URL>' }
+ * On a redirect to the login page it returns
+ *   { ok: false, error: 'login required', url: '<login url>' }
+ * On extension absence we throw, caller surfaces it.
+ */
+async function runBrowserProbe(
+  def: ConnectorDefinition,
+  settings: Record<string, unknown>,
+): Promise<TestResult> {
+  const entries = getConnectorEntries(def);
+  const entry = entries[0];
+  const hostMatch = def.host_match || entry?.host_match;
+  const loginRedirect = def.login_redirect || entry?.login_redirect;
+  if (!hostMatch) {
+    return { ok: false, error: 'browser probe requires host_match on the manifest' };
+  }
+  const expandedHost = expandSettingsTokens(hostMatch, settings as any);
+  const expandedLoginRedirect = loginRedirect
+    ? expandSettingsTokens(loginRedirect, settings as any)
+    : undefined;
+
+  const t0 = Date.now();
+  let value: unknown;
+  try {
+    value = await bridgeRpc('connector.probe', {
+      pluginId: def.id,
+      host_match: expandedHost,
+      login_redirect: expandedLoginRedirect,
+      runner: def.runner || entry?.runner || 'main',
+      timeout_ms: def.test?.timeout_ms || 30_000,
+    });
+  } catch (e) {
+    const raw = (e as Error).message || String(e);
+    let friendly = raw;
+    if (raw.includes('unknown method: connector.probe')) {
+      friendly =
+        'Your Forge browser extension is out of date — it doesn\'t know how to run browser probes yet. ' +
+        'Rebuild the extension (pnpm ext in forge-browser-extension), then chrome://extensions → Reload, and try Test again.';
+    } else if (raw.includes('bridge') && raw.includes('unreachable')) {
+      friendly =
+        'Forge browser bridge is unreachable on port 8407. Restart Forge (forge server restart) or check that the browser-bridge standalone is running.';
+    } else if (raw.includes('no paired extensions') || raw.includes('no connected')) {
+      friendly =
+        'Forge browser extension not connected. Install the extension from forge-browser-extension/dist, pin it, and sign in with your Forge URL + admin password.';
+    }
+    return {
+      ok: false,
+      error: friendly,
+      duration_ms: Date.now() - t0,
+    };
+  }
+  const r = (value || {}) as { ok?: boolean; url?: string; error?: string };
+  return {
+    ok: !!r.ok,
+    message: r.ok ? `Session active${r.url ? ` · ${r.url}` : ''}` : undefined,
+    error: r.ok ? undefined : (r.error || 'login required'),
+    duration_ms: Date.now() - t0,
+  };
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const def = getConnector(id);
+  if (!def) return NextResponse.json({ ok: false, error: 'connector not found' }, { status: 404 });
+  if (!def.test) {
+    return NextResponse.json({ ok: false, error: 'connector has no test block' }, { status: 400 });
+  }
+  const inst = getInstalledConnector(id);
+  if (!inst) {
+    return NextResponse.json({ ok: false, error: 'connector not installed' }, { status: 400 });
+  }
+
+  const probe = def.test.probe || 'http';
+  const r = probe === 'browser'
+    ? await runBrowserProbe(def, inst.config)
+    : await runHttpProbe(def.test, inst.config);
+  return NextResponse.json(r);
+}