@aion0/forge 0.9.1 → 0.9.2

package/RELEASE_NOTES.md

@@ -1,11 +1,66 @@
-# Forge v0.9.1
+# Forge v0.9.2
 
-Released: 2026-05-22
+Released: 2026-05-26
 
-## Changes since v0.9.0
+## Changes since v0.9.1
+
+### Bug Fixes
+- fix(jobs/run): manual fire actually passes trigger='manual' to executeRun
+- fix: nuke all remaining CommonJS require() in task / jobs hot paths
+
+### Documentation
+- feat(pipeline): {{run.tmp_dir}} per-run scratch + GC + Settings UI for API profiles
+- feat(schedules): skills field + reconciler race fix + chat action SSE fanout
+- docs: team workflow integration + side-panel UI design brief
 
 ### Other
-- fix(settings): CLI/API profile add doesn't show + leaks into Agents
+- chore(server): drop misleading 'Stop:' line from start output
+- feat(pipeline): for_each loop primitive + before: setup-phase hook
+- feat(pipeline): {{run.tmp_dir}} per-run scratch + GC + Settings UI for API profiles
+- feat(schedules): skills field + reconciler race fix + chat action SSE fanout
+- fix(server): kill zombie tsx task-runner processes from prior dev sessions
+- feat(pipeline): {{raw:…}} template variant — bypass shell ANSI-C escape
+- chore(sync): cache-bust workflow fetches + force flag for connector sync
+- feat(schedules): connector_tool Test button + tool-test endpoint
+- feat(schedules): edit mode + run details + delete-resurrection fix
+- feat(pipeline): extended input field spec — type/enum/required/default/multiline
+- fix(schedules): connector_tool picker + schema-driven Step 2 form
+- feat(schedules v2): unified describeAction helper for cards
+- feat(schedules v2): Phase 6 — action=telegram via existing bot
+- feat(schedules v2): Phase 5 — action=email via SMTP
+- feat(schedules v2): Phase 4 — action=chat appends body output to a session
+- feat(schedules v2): Phase 3 — body_kind=connector_tool dispatch + UI picker
+- feat(schedules v2): Phase 2 — body_kind=skill dispatch + UI picker
+- feat(schedules v2): Phase 1 — schema rename + body/action field extension
+- fix(pipeline): reconciler honors retries; task-manager catches log err.stack
+- fix(schedules): rename pipeline schema route from [name] to [id]
+- docs(schedules): help-docs/13-schedules.md for Help AI + users
+- feat(schedules UI): Forge web SchedulesView + 3-step Create modal
+- feat(schedules): backend — pipeline_schedules + scheduler + 8 API + pipeline schema
+- fix(claude-process): kill require() on Claude task spawn path
+- fix(jobs/run): manual fire actually passes trigger='manual' to executeRun
+- feat(bulk-delete): cleanup old tasks + pipeline runs by age
+- fix(jobs UI): refresh + poll while expanded — Cancel/Stop buttons appear after Run
+- feat(jobs UI): Dispatched pipelines list trims to running + last-terminal
+- fix(jobs): on_failure=stop skips manual fires — let user resume after failure
+- fix(pipeline): cascading cancel — task → node → pipeline → job, all in sync
+- feat(pipeline): per-node retry — retries: N + retry_delay_ms
+- fix(dirs): break dirs↔settings cycle without require() — kills last hot-path race
+- feat(jobs): on_failure policy — 'continue' (default) | 'stop'
+- feat(jobs/UI): aggregate status summary + deferred-queue hint
+- feat(jobs): monitor + cancel — Job tracks its dispatched pipelines, can stop drain or kill in-flight
+- fix(jobs): sequential mode drains deferred items across ticks regardless of schedule_kind
+- feat(connectors/gitlab): Sync to glab CLI button — unify token between Forge and shell
+- feat(jobs): isJobBusy gate — refuse double-fire + disable UI buttons
+- feat(jobs UI): show + toggle concurrency_mode in JobsView
+- feat(jobs): per-Job concurrency_mode — sequential by default
+- fix(notify): use globalThis Symbol for pipelineTaskIds, drop require()
+- fix(jobs/scheduler): reconcile zombie pipeline_runs before counting cap
+- fix(pipeline): empty try-catch audit — add console.warn where silence hid bugs
+- fix(pipeline): remove all CommonJS require() — package is type:module
+- refactor(pipeline): move 3 legacy builtins to marketplace
+- fix(pipeline): listWorkflows logs WHY a yaml was skipped
+- feat(jobs): pickDedupKey supports composite key (field1:field2)
 
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.9.0...v0.9.1
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.9.1...v0.9.2

package/app/api/agents/[id]/test/route.ts

@@ -0,0 +1,150 @@
+/**
+ * POST /api/agents/[id]/test
+ *
+ * Reachability probe for an API profile. Resolves baseUrl + apiKey from
+ * the saved profile (settings.agents[id]), then pings the provider's
+ * /models endpoint:
+ *
+ *   - anthropic:    GET {baseUrl}/v1/models   x-api-key, anthropic-version
+ *   - openai-shape: GET {baseUrl}/models      Authorization: Bearer
+ *
+ * Body (optional, all fields override saved values — lets the user test
+ * before saving):
+ *   { apiKey?, baseUrl?, provider?, model? }
+ *
+ * Result shape mirrors /api/connectors/[id]/test:
+ *   { ok, status, message?, error?, duration_ms, body_preview? }
+ */
+
+import { NextResponse } from 'next/server';
+import { loadSettings } from '@/lib/settings';
+import { inferAdapter, pickApiKey, pickBaseUrl, defaultBaseUrl } from '@/lib/chat/agent-loop';
+
+const DEFAULT_TIMEOUT_MS = 15_000;
+const MAX_BODY_PREVIEW = 512;
+
+interface TestResult {
+  ok: boolean;
+  status?: number;
+  message?: string;
+  error?: string;
+  duration_ms?: number;
+  body_preview?: string;
+}
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const settings = loadSettings();
+  const saved = (settings.agents || {})[id] as any | undefined;
+
+  let override: any = {};
+  try { override = (await req.json()) ?? {}; } catch { override = {}; }
+
+  // Settings GET masks secrets as '••••••••' before sending to the client;
+   // if the user hasn't re-typed the API key, the form re-submits the mask.
+   // Treat the sentinel as "use the saved value".
+  const MASK = '••••••••';
+  const unmask = (v: any, fallback: any) => (typeof v === 'string' && v === MASK ? fallback : v);
+
+  // Merge — body overrides saved, but unsaved fields ok if body has them.
+  const profile = {
+    type: 'api' as const,
+    provider: override.provider ?? saved?.provider,
+    apiKey:   unmask(override.apiKey, saved?.apiKey) ?? saved?.apiKey,
+    baseUrl:  override.baseUrl  ?? saved?.baseUrl,
+    model:    override.model    ?? saved?.model,
+    env:      saved?.env,
+  };
+
+  if (!profile.provider) {
+    return NextResponse.json<TestResult>({ ok: false, error: 'profile has no provider' });
+  }
+  const adapter = inferAdapter(profile.provider);
+  const apiKey = pickApiKey(profile, adapter);
+  if (!apiKey) {
+    return NextResponse.json<TestResult>({ ok: false, error: 'apiKey is empty (and no fallback in env.*_API_KEY)' });
+  }
+  const baseUrl = pickBaseUrl(profile, adapter) || defaultBaseUrl(profile.provider);
+  if (!baseUrl) {
+    return NextResponse.json<TestResult>({ ok: false, error: `no baseUrl resolved for provider '${profile.provider}'` });
+  }
+
+  const url = adapter === 'anthropic'
+    ? `${baseUrl.replace(/\/+$/, '').replace(/\/v1$/, '')}/v1/models`
+    : `${baseUrl.replace(/\/+$/, '')}/models`;
+  const headers: Record<string, string> = {};
+  if (adapter === 'anthropic') {
+    // Claude Code OAuth access tokens (sk-ant-oat*) use Bearer auth +
+    // the oauth beta header; standard API keys (sk-ant-api*) use x-api-key.
+    if (apiKey.startsWith('sk-ant-oat')) {
+      headers['Authorization'] = `Bearer ${apiKey}`;
+      headers['anthropic-beta'] = 'oauth-2025-04-20';
+    } else {
+      headers['x-api-key'] = apiKey;
+    }
+    headers['anthropic-version'] = '2023-06-01';
+  } else {
+    headers['Authorization'] = `Bearer ${apiKey}`;
+  }
+
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), DEFAULT_TIMEOUT_MS);
+  const t0 = Date.now();
+  let res: Response;
+  try {
+    res = await fetch(url, { method: 'GET', headers, signal: ctrl.signal });
+  } catch (e) {
+    clearTimeout(timer);
+    const err = e as Error & { cause?: any };
+    const causeMsg = err.cause?.message || err.cause?.code || '';
+    return NextResponse.json<TestResult>({
+      ok: false,
+      error: `request failed: ${err.message}${causeMsg ? ` (${causeMsg})` : ''} → ${url}`,
+      duration_ms: Date.now() - t0,
+    });
+  }
+  clearTimeout(timer);
+  const duration = Date.now() - t0;
+  const text = await res.text().catch(() => '');
+  const preview = text.length > MAX_BODY_PREVIEW ? text.slice(0, MAX_BODY_PREVIEW) + '…' : text;
+
+  if (!res.ok) {
+    let errMsg = `HTTP ${res.status} ${res.statusText}`;
+    try {
+      const j = JSON.parse(text);
+      const detail = j?.error?.message || j?.error || j?.message;
+      if (typeof detail === 'string') errMsg += `: ${detail}`;
+    } catch {}
+    return NextResponse.json<TestResult>({
+      ok: false,
+      status: res.status,
+      error: errMsg,
+      duration_ms: duration,
+      body_preview: preview,
+    });
+  }
+
+  // Parse model count + optionally verify cfg.model is in the list.
+  let modelCount = 0;
+  let modelFound: boolean | null = null;
+  try {
+    const j = JSON.parse(text);
+    const arr = Array.isArray(j?.data) ? j.data : Array.isArray(j?.models) ? j.models : [];
+    modelCount = arr.length;
+    if (profile.model && arr.length > 0) {
+      modelFound = arr.some((m: any) => (m?.id || m?.name) === profile.model);
+    }
+  } catch {}
+
+  const parts = [`HTTP ${res.status}`, `${modelCount} model${modelCount === 1 ? '' : 's'}`];
+  if (profile.model) {
+    parts.push(modelFound === false ? `'${profile.model}' NOT in list` : `'${profile.model}' OK`);
+  }
+  return NextResponse.json<TestResult>({
+    ok: true,
+    status: res.status,
+    message: parts.join(' · '),
+    duration_ms: duration,
+  });
+}
+

package/app/api/connectors/[id]/sync-cli/route.ts

@@ -0,0 +1,73 @@
+/**
+ * POST /api/connectors/<id>/sync-cli
+ *
+ * For connectors whose token doubles as a CLI tool's auth (currently
+ * gitlab → `glab auth login`), write the Forge-stored token into the
+ * CLI's own config so `glab` invocations from the user's terminal
+ * use the same token Forge does for pipelines.
+ *
+ * Without this users hit "Forge says my MR pipeline 401s but I can run
+ * glab fine in shell" — because shell glab has a stale revoked token
+ * in ~/.config/glab-cli/config.yml while Forge has the fresh PAT.
+ *
+ * Currently only `gitlab` is supported. Other CLIs (gh) could be added
+ * by extending the switch below.
+ */
+
+import { NextResponse } from 'next/server';
+import { spawn } from 'node:child_process';
+import { getInstalledConnector } from '@/lib/connectors/registry';
+
+function runGlabLogin(host: string, token: string): Promise<{ ok: boolean; stderr: string }> {
+  return new Promise((resolve) => {
+    // Use --stdin so the token never appears in argv (visible in ps).
+    const child = spawn('glab', ['auth', 'login', '--hostname', host, '--stdin'], {
+      env: { ...process.env, NO_COLOR: '1' },
+    });
+    let stderr = '';
+    child.stderr.on('data', (b: Buffer) => { stderr += b.toString(); });
+    child.stdout.on('data', () => { /* swallow */ });
+    child.on('error', (e) => resolve({ ok: false, stderr: `spawn failed: ${e.message}` }));
+    child.on('exit', (code) => resolve({ ok: code === 0, stderr }));
+    child.stdin.write(token + '\n');
+    child.stdin.end();
+  });
+}
+
+export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+
+  if (id !== 'gitlab') {
+    return NextResponse.json({ error: `sync-cli is only implemented for gitlab (got: ${id})` }, { status: 400 });
+  }
+
+  const conn = getInstalledConnector('gitlab');
+  if (!conn || !conn.enabled) {
+    return NextResponse.json({ error: 'gitlab connector is not installed or not enabled' }, { status: 404 });
+  }
+  const token = typeof conn.config?.token === 'string' ? conn.config.token.trim() : '';
+  const baseUrl = typeof conn.config?.base_url === 'string' ? conn.config.base_url.trim() : '';
+  if (!token) {
+    return NextResponse.json({ error: 'gitlab connector has no token set — fill it in first, save, then sync' }, { status: 400 });
+  }
+  if (!baseUrl) {
+    return NextResponse.json({ error: 'gitlab connector has no base_url set' }, { status: 400 });
+  }
+  let host: string;
+  try {
+    host = new URL(baseUrl).host;
+  } catch {
+    return NextResponse.json({ error: `base_url "${baseUrl}" is not a valid URL` }, { status: 400 });
+  }
+
+  const r = await runGlabLogin(host, token);
+  if (!r.ok) {
+    return NextResponse.json({
+      ok: false,
+      host,
+      error: `glab auth login failed: ${r.stderr.trim() || '(no stderr)'}`,
+      hint: 'Is `glab` installed and on PATH? Try `which glab` in a terminal.',
+    }, { status: 500 });
+  }
+  return NextResponse.json({ ok: true, host, message: `glab auth login successful for ${host}` });
+}

package/app/api/connectors/tool-test/route.ts

@@ -0,0 +1,70 @@
+/**
+ * POST /api/connectors/tool-test
+ *
+ * Dry-run a connector tool with user-supplied input and return the raw
+ * result. Used by the Schedule create modal's connector_tool form so
+ * users can validate parameters before saving the schedule.
+ *
+ * No dedup, no items_path massaging, no Job preview semantics — that's
+ * /api/jobs/preview. This endpoint is the minimal "did the tool call
+ * work?" probe.
+ *
+ * Request body:
+ *   {
+ *     plugin_id: string,    // e.g. "gitlab"
+ *     tool: string,         // e.g. "me"
+ *     input?: object        // tool input args
+ *   }
+ *
+ * Response:
+ *   {
+ *     ok: boolean,
+ *     is_error: boolean,
+ *     content: string,       // raw tool output (truncated to 8KB)
+ *     duration_ms: number,
+ *     content_full_size: number,
+ *     error?: string         // only when dispatch itself threw
+ *   }
+ */
+
+import { NextResponse } from 'next/server';
+import { dispatchTool } from '@/lib/chat/tool-dispatcher';
+
+const MAX_PREVIEW = 8192;
+
+export async function POST(req: Request) {
+  let body: any;
+  try { body = await req.json(); }
+  catch { return NextResponse.json({ ok: false, error: 'invalid JSON body' }, { status: 400 }); }
+
+  const { plugin_id, tool, input } = body || {};
+  if (!plugin_id || !tool) {
+    return NextResponse.json({ ok: false, error: 'plugin_id and tool are required' }, { status: 400 });
+  }
+
+  const callName = `${plugin_id}.${tool}`;
+  const t0 = Date.now();
+  try {
+    const result = await dispatchTool(
+      { id: `tool-test-${Date.now()}`, name: callName, input: input || {} },
+      { noTruncation: true },
+    );
+    const content = typeof result.content === 'string' ? result.content : JSON.stringify(result.content ?? '');
+    return NextResponse.json({
+      ok: !result.is_error,
+      is_error: !!result.is_error,
+      content: content.length > MAX_PREVIEW ? content.slice(0, MAX_PREVIEW) + '…' : content,
+      content_full_size: content.length,
+      duration_ms: Date.now() - t0,
+    });
+  } catch (e) {
+    return NextResponse.json({
+      ok: false,
+      is_error: true,
+      content: '',
+      content_full_size: 0,
+      duration_ms: Date.now() - t0,
+      error: (e as Error)?.message || String(e),
+    });
+  }
+}

package/app/api/jobs/[id]/cancel/route.ts

@@ -0,0 +1,50 @@
+/**
+ * POST /api/jobs/<id>/cancel
+ *
+ * Stop the sequential drain for this Job. Clears `next_run_at` so the
+ * scheduler won't pick the Job up again automatically. Pipelines that
+ * are already running are NOT touched — the user can cancel those
+ * individually on the Pipeline view if they want.
+ *
+ * Query / body:
+ *   cancel_inflight=1  (optional) — also cancel any pipeline this Job
+ *                       dispatched that's still running. Best-effort.
+ */
+
+import { NextResponse } from 'next/server';
+import { getJob, cancelJobDrain, listJobDispatchedPipelines } from '@/lib/jobs/store';
+import { cancelPipeline } from '@/lib/pipeline';
+
+export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const job = getJob(id);
+  if (!job) return NextResponse.json({ error: 'job not found' }, { status: 404 });
+
+  const url = new URL(req.url);
+  const cancelInflight = url.searchParams.get('cancel_inflight') === '1';
+
+  const stopped = cancelJobDrain(id);
+
+  let cancelledPipelines = 0;
+  if (cancelInflight) {
+    // Best-effort: walk the most-recent dispatched pipelines and
+    // cancel ones still running. cancelPipeline is a no-op for
+    // already-terminal pipelines, so this stays idempotent.
+    for (const p of listJobDispatchedPipelines(id, 50)) {
+      if (p.pipeline_status === 'running' || p.pipeline_status === 'pending') {
+        try {
+          if (cancelPipeline(p.pipeline_id)) cancelledPipelines++;
+        } catch (e) {
+          console.warn(`[jobs/cancel] cancelPipeline(${p.pipeline_id}) failed: ${(e as Error).message}`);
+        }
+      }
+    }
+  }
+
+  return NextResponse.json({
+    ok: true,
+    drain_stopped: stopped,
+    cancelled_pipelines: cancelledPipelines,
+    cancel_inflight_requested: cancelInflight,
+  });
+}

package/app/api/jobs/[id]/dispatched-pipelines/route.ts

@@ -0,0 +1,24 @@
+/**
+ * GET /api/jobs/<id>/dispatched-pipelines?limit=20
+ *
+ * Recent pipelines this Job has dispatched, decorated with live
+ * pipeline_runs status. Lets the Jobs UI show "what did this Job
+ * fire and what state are they in" without a roundtrip per row.
+ */
+
+import { NextResponse } from 'next/server';
+import { listJobDispatchedPipelines, getJob } from '@/lib/jobs/store';
+
+export async function GET(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const job = getJob(id);
+  if (!job) return NextResponse.json({ error: 'job not found' }, { status: 404 });
+
+  const url = new URL(req.url);
+  const limitParam = url.searchParams.get('limit');
+  const limit = limitParam && Number.isFinite(Number(limitParam))
+    ? Math.min(Math.max(Number(limitParam), 1), 100)
+    : 20;
+
+  return NextResponse.json({ pipelines: listJobDispatchedPipelines(id, limit) });
+}

package/app/api/jobs/[id]/run/route.ts

@@ -12,13 +12,29 @@
  */
 
 import { NextResponse } from 'next/server';
-import { prepareRun, executeRun } from '@/lib/jobs/scheduler';
+import { prepareRun, executeRun, isJobBusy } from '@/lib/jobs/scheduler';
 import { resetDedup } from '@/lib/jobs/store';
 
 export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
   const { id } = await params;
   const url = new URL(req.url);
   const shouldReset = url.searchParams.get('reset_dedup') === '1';
+
+  // Refuse to fire if the Job is mid-tick or, for sequential mode,
+  // has a previously-dispatched pipeline still running. Without this
+  // double-clicking Force run was queuing identical concurrent ticks
+  // that all dispatched the same items in parallel — defeating the
+  // sequential safety. The check runs reconcile internally so stale
+  // zombies don't block legitimate manual fires.
+  const busy = isJobBusy(id);
+  if (busy.busy) {
+    return NextResponse.json({
+      error: `Job is busy: ${busy.reason}. Wait for it to finish before firing again.`,
+      busy: true,
+      reason: busy.reason,
+    }, { status: 409 });
+  }
+
   let removedDedupKeys = 0;
   if (shouldReset) {
     try { removedDedupKeys = resetDedup(id); }
@@ -32,7 +48,11 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   } catch (e) {
     return NextResponse.json({ error: (e as Error).message }, { status: 404 });
   }
-  void executeRun(prepared.job, prepared.runId).catch((err) => {
+  // Pass trigger='manual' so executeRun's on_failure=stop gate
+  // recognises this as a user-initiated resume and lets it through.
+  // Without this the run is treated as scheduled and halts on the
+  // last failure forever.
+  void executeRun(prepared.job, prepared.runId, 'manual').catch((err) => {
     console.error('[jobs] manual run crashed', err);
   });
   return NextResponse.json({

package/app/api/jobs/route.ts

@@ -5,9 +5,17 @@
 
 import { NextResponse } from 'next/server';
 import { listJobs, createJob } from '@/lib/jobs/store';
+import { isJobBusy } from '@/lib/jobs/scheduler';
 
 export async function GET() {
-  return NextResponse.json({ jobs: listJobs() });
+  // Decorate each job with a transient `busy` field so the UI can
+  // disable Run / Force-run buttons without doing a separate round
+  // trip per row. busy semantics live in scheduler.isJobBusy.
+  const jobs = listJobs().map((j) => {
+    const b = isJobBusy(j.id);
+    return { ...j, busy: b.busy, busy_reason: b.busy ? b.reason : undefined };
+  });
+  return NextResponse.json({ jobs });
 }
 
 export async function POST(req: Request) {
@@ -35,6 +43,8 @@ export async function POST(req: Request) {
     schedule_at: body.schedule_at ? String(body.schedule_at) : null,
     schedule_cron: body.schedule_cron ? String(body.schedule_cron) : null,
     max_per_tick: Number.isFinite(Number(body.max_per_tick)) ? Number(body.max_per_tick) : undefined,
+    concurrency_mode: body.concurrency_mode === 'parallel' ? 'parallel' : 'sequential',
+    on_failure: body.on_failure === 'stop' ? 'stop' : 'continue',
     mark_existing_as_seen: body.mark_existing_as_seen !== false,
   });
   return NextResponse.json({ job });

package/app/api/pipelines/[id]/schema/route.ts

@@ -0,0 +1,53 @@
+/**
+ * GET /api/pipelines/:id/schema
+ *
+ * Pipeline introspection for UI form rendering. Returns the
+ * declared input fields of a workflow.
+ *
+ * `:id` here actually carries the workflow NAME (not a pipeline_run id);
+ * the path segment must match the sibling `/api/pipelines/[id]/route.ts`
+ * to satisfy Next.js routing (one slug name per path depth).
+ *
+ * Input source supports BOTH shapes (pipeline.yaml `input:` block):
+ *   bug_id: "Bug id (numeric)"                  ← legacy: description only
+ *   bug_id:                                       ← extended: full spec
+ *     description: "Bug id"
+ *     type: integer                              # string | integer | number | boolean | enum
+ *     enum: [open, fixed]                        # only for type: enum
+ *     required: true
+ *     default: 0
+ *     multiline: false                           # forces textarea
+ *     label: "Bug ID"                            # display label
+ *
+ * Both forms are normalized to the same flat response so the UI
+ * doesn't need a per-shape branch.
+ */
+
+import { NextResponse } from 'next/server';
+import { listWorkflows, normalizeInputField } from '@/lib/pipeline';
+
+export async function GET(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const name = decodeURIComponent(id);
+  const workflow = listWorkflows().find((w) => w.name === name);
+  if (!workflow) {
+    return NextResponse.json({ error: `pipeline "${name}" not found` }, { status: 404 });
+  }
+
+  const entries = Object.entries(workflow.input || {});
+  const fields = entries.map(([key, spec]) => normalizeInputField(key, spec));
+
+  // schema_version=2 when EVERY input uses the extended object form
+  // (or the pipeline declares no inputs at all — nothing to render).
+  // Any legacy string-form input → version 1. Lets clients (e.g. the
+  // browser extension) gate strict schema-driven rendering on v2 only
+  // and fall back to a "use Forge web" hint for v1.
+  const schemaVersion = entries.every(([, spec]) => typeof spec === 'object' && spec !== null) ? 2 : 1;
+
+  return NextResponse.json({
+    name: workflow.name,
+    description: workflow.description ?? null,
+    schema_version: schemaVersion,
+    input: fields,
+  });
+}

package/app/api/pipelines/bulk-delete/route.ts

@@ -0,0 +1,39 @@
+/**
+ * POST /api/pipelines/bulk-delete
+ *
+ *   { older_than_days?: number, before?: ISO, statuses?: string[] }
+ *
+ * Same shape as /api/tasks/bulk-delete. Skips running/pending pipelines
+ * — only terminal ones (done/failed/cancelled) are removed.
+ */
+
+import { NextResponse } from 'next/server';
+import { bulkDeletePipelines } from '@/lib/pipeline';
+
+export async function POST(req: Request) {
+  let body: any = {};
+  try { body = await req.json(); } catch {}
+
+  let before: string;
+  if (typeof body.before === 'string' && body.before) {
+    before = body.before;
+  } else if (Number.isFinite(Number(body.older_than_days))) {
+    const days = Math.max(0, Number(body.older_than_days));
+    before = new Date(Date.now() - days * 86_400_000).toISOString();
+  } else {
+    return NextResponse.json({ error: 'pass `older_than_days` (number) or `before` (ISO timestamp)' }, { status: 400 });
+  }
+
+  type PipelineStatus = 'done' | 'failed' | 'cancelled';
+  let statuses: PipelineStatus[] | undefined;
+  if (Array.isArray(body.statuses) && body.statuses.length) {
+    const valid: PipelineStatus[] = ['done', 'failed', 'cancelled'];
+    statuses = (body.statuses as string[]).filter((s) => valid.includes(s as PipelineStatus)) as PipelineStatus[];
+    if (statuses.length === 0) {
+      return NextResponse.json({ error: 'statuses must include done/failed/cancelled (running/pending cannot be bulk-deleted)' }, { status: 400 });
+    }
+  }
+
+  const removed = bulkDeletePipelines({ before, statuses });
+  return NextResponse.json({ removed, before, statuses: statuses ?? ['done', 'failed', 'cancelled'] });
+}

package/app/api/pipelines/gc/route.ts

@@ -0,0 +1,27 @@
+/**
+ * POST /api/pipelines/gc
+ *
+ * On-demand pipeline scratch-dir cleanup. Same logic as the background
+ * sweep in lib/init.ts; this endpoint exists so the user (or CI) can
+ * trigger it on demand via `forge pipeline gc`.
+ *
+ * Body (optional): { dry_run?: boolean }
+ *
+ * Response: { scanned, removed: [{path, reason}], kept: [{path, reason}] }
+ */
+
+import { NextResponse } from 'next/server';
+import { gcPipelineTmp } from '@/lib/pipeline-gc';
+
+export async function POST(req: Request) {
+  let body: any = {};
+  try { body = await req.json(); } catch {}
+  const dryRun = body?.dry_run === true || body?.dryRun === true;
+
+  try {
+    const result = gcPipelineTmp({ dryRun });
+    return NextResponse.json({ ok: true, dryRun, ...result });
+  } catch (e) {
+    return NextResponse.json({ ok: false, error: (e as Error).message }, { status: 500 });
+  }
+}

package/app/api/schedules/[id]/cancel/route.ts

@@ -0,0 +1,27 @@
+/**
+ * POST /api/schedules/:id/cancel
+ *
+ * Cancel all inflight pipelines this schedule launched.
+ * Does NOT change enabled (use /stop for that).
+ */
+
+import { NextResponse } from 'next/server';
+import { getSchedule, listInflightForSchedule } from '@/lib/schedules/store';
+import { cancelPipeline } from '@/lib/pipeline';
+
+export async function POST(_req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  const s = getSchedule(id);
+  if (!s) return NextResponse.json({ error: 'schedule not found' }, { status: 404 });
+
+  let cancelled = 0;
+  for (const run of listInflightForSchedule(id)) {
+    // Phase 1: target_id is always a pipeline_id.
+    try { if (cancelPipeline(run.target_id)) cancelled++; }
+    catch (e) {
+      console.warn(`[schedules/cancel] cancelPipeline(${run.target_id}) failed: ${(e as Error).message}`);
+    }
+  }
+
+  return NextResponse.json({ cancelled });
+}