@aion0/forge 0.9.16 → 0.9.18

package/RELEASE_NOTES.md

@@ -1,14 +1,22 @@
-# Forge v0.9.16
+# Forge v0.9.18
 
 Released: 2026-05-28
 
-## Changes since v0.9.15
-
-### Bug Fixes
-- fix: convert all @/ aliases in lib/ and src/ to relative paths
+## Changes since v0.9.16
 
 ### Other
-- fix(chat): replace @/src/* aliases with relative paths in lib/
+- feat(chat): trigger_pipeline accepts skills array
+- feat(connectors): body_form_inject_from + nested instances UI
+- fix(http-protocol): JSON.parse args[X] when LLM stringified it + template inject keys
+- feat(connectors): http body_form_inject for server-side credential injection
+- Revert "feat(connectors): {secret:...} refs for cross-connector + global secrets"
+- Revert "fix(chat): make secret-refs system prompt push the tool-call path"
+- fix(chat): make secret-refs system prompt push the tool-call path
+- revert: drop migrateConnectorInstanceSecrets startup hook
+- fix(connectors): encrypt nested secrets inside type:instances rows
+- feat(connectors): {secret:...} refs for cross-connector + global secrets
+- feat(connectors): generic 'type: instances' field renderer + v0.9.17
+- feat(connectors): generic auth + url_encoding + body_form + multi-instance
 
 
-**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.9.15...v0.9.16
+**Full Changelog**: https://github.com/aiwatching/forge/compare/v0.9.16...v0.9.18

package/app/api/connectors/[id]/settings/route.ts

@@ -41,17 +41,76 @@ function defaultsFor(id: string): Record<string, any> {
 
 const SECRET_MASK = '••••••••';
 
-function isSecretField(schema: ConnectorFieldSchema | undefined): boolean {
-  if (!schema) return false;
-  return schema.type === 'secret' || (schema.type as string) === 'password';
+/**
+ * Walk `value` against `schema`, applying `mask` (plaintext → ••••) or
+ * `restore` (•••• → stored plaintext). Recurses into `type: 'instances'`
+ * arrays so per-row sub-secrets get the same mask treatment as flat
+ * top-level secrets. Mirrors the encrypt/decrypt walker in
+ * lib/connectors/registry.ts so the on-disk and over-the-wire
+ * representations stay symmetric.
+ */
+function transformFieldSecrets(
+  value: any,
+  schema: ConnectorFieldSchema | undefined,
+  existingValue: any,
+  op: 'mask' | 'restore',
+): any {
+  if (!schema) return value;
+  const t = String((schema as any)?.type || '');
+
+  if (t === 'secret' || t === 'password') {
+    if (op === 'mask') {
+      return typeof value === 'string' && value ? SECRET_MASK : value;
+    }
+    // restore
+    if (value === SECRET_MASK) {
+      return typeof existingValue === 'string' ? existingValue : undefined;
+    }
+    return value;
+  }
+
+  if (t === 'instances' && (schema as any).fields) {
+    const wasString = typeof value === 'string';
+    let rows: any;
+    if (wasString) {
+      try { rows = JSON.parse(value); } catch { return value; }
+    } else {
+      rows = value;
+    }
+    if (!Array.isArray(rows)) return value;
+
+    // Build name→row map of the existing stored value so per-instance
+    // mask restoration can find the corresponding row by name.
+    let existingRows: any[] = [];
+    if (typeof existingValue === 'string') {
+      try { existingRows = JSON.parse(existingValue); } catch { existingRows = []; }
+    } else if (Array.isArray(existingValue)) {
+      existingRows = existingValue;
+    }
+    const existingByName = new Map<string, any>();
+    for (const r of existingRows) {
+      if (r && typeof r === 'object' && typeof r.name === 'string') existingByName.set(r.name, r);
+    }
+
+    const transformed = rows.map((row: any) => {
+      if (!row || typeof row !== 'object') return row;
+      const existingRow = (typeof row.name === 'string' && existingByName.get(row.name)) || {};
+      const out: any = { ...row };
+      for (const [k, sub] of Object.entries((schema as any).fields)) {
+        out[k] = transformFieldSecrets(out[k], sub as ConnectorFieldSchema, existingRow[k], op);
+      }
+      return out;
+    });
+    return wasString ? JSON.stringify(transformed) : transformed;
+  }
+
+  return value;
 }
 
 function maskSecrets(settings: Record<string, any>, schema: Record<string, ConnectorFieldSchema>): Record<string, any> {
   const out: Record<string, any> = { ...settings };
   for (const [k, v] of Object.entries(schema)) {
-    if (isSecretField(v) && typeof out[k] === 'string' && out[k]) {
-      out[k] = SECRET_MASK;
-    }
+    out[k] = transformFieldSecrets(out[k], v, undefined, 'mask');
   }
   return out;
 }
@@ -63,10 +122,9 @@ function restoreSecrets(
 ): Record<string, any> {
   const out: Record<string, any> = { ...incoming };
   for (const [k, v] of Object.entries(schema)) {
-    if (isSecretField(v) && out[k] === SECRET_MASK) {
-      if (typeof existing[k] === 'string') out[k] = existing[k];
-      else delete out[k];
-    }
+    const restored = transformFieldSecrets(out[k], v, existing[k], 'restore');
+    if (restored === undefined) delete out[k];
+    else out[k] = restored;
   }
   return out;
 }

package/app/api/connectors/[id]/test/route.ts

@@ -34,6 +34,7 @@ import {
 } from '@/lib/connectors/registry';
 import { expandSettingsTokens, expandAllTokens } from '@/lib/plugins/templates';
 import { bridgeRpc } from '@/lib/chat/bridge-client';
+import { applyAuth } from '@/lib/chat/protocols/http';
 import type { ConnectorDefinition, ConnectorTest, HttpRequestSpec } from '@/lib/connectors/types';
 
 const DEFAULT_TIMEOUT_MS = 15_000;
@@ -106,17 +107,39 @@ interface TestResult {
   body_preview?: string;
 }
 
-async function runHttpProbe(test: ConnectorTest, settings: Record<string, unknown>): Promise<TestResult> {
+async function runHttpProbe(test: ConnectorTest, settings: Record<string, unknown>, def: ConnectorDefinition): Promise<TestResult> {
   const spec = test.request;
   if (!spec?.url) return { ok: false, error: 'test.request.url is required for http probe' };
 
+  // Multi-instance overlay: test probe always uses the first instance
+  // (same guard as tool-dispatcher — only kicks in when instances is a
+  // well-formed array, so single-instance connectors are unaffected).
+  let effectiveSettings = settings as Record<string, any>;
+  let instances = effectiveSettings?.instances;
+  // type: json fields persist as strings — parse before checking.
+  if (typeof instances === 'string') {
+    try { instances = JSON.parse(instances); } catch { instances = null; }
+  }
+  if (
+    Array.isArray(instances) &&
+    instances.length > 0 &&
+    instances.every((i: any) => i && typeof i === 'object' && typeof i.name === 'string')
+  ) {
+    effectiveSettings = { ...effectiveSettings, ...instances[0] };
+  }
+
   const method = (spec.method || 'GET').toUpperCase();
-  const url = buildUrl(spec, settings);
-  const headers = buildHeaders(spec, settings);
-  const { body, contentType } = buildBody(spec, settings);
+  let url = buildUrl(spec, effectiveSettings);
+  const headers = buildHeaders(spec, effectiveSettings);
+  const { body, contentType } = buildBody(spec, effectiveSettings);
   if (body != null && contentType && !headers.has('content-type')) {
     headers.set('content-type', contentType);
   }
+  // Apply connector-level auth so the test probe uses the same scheme
+  // as live tool calls (e.g. Basic auth for Jenkins). Manifests that
+  // hand-craft Authorization in test.request.headers still work — the
+  // auth scheme would just overwrite the header.
+  url = applyAuth(url, headers, def.auth, effectiveSettings);
 
   const timeoutMs = test.timeout_ms || DEFAULT_TIMEOUT_MS;
   const okStatus = test.ok_status?.length ? test.ok_status : [200];
@@ -255,6 +278,6 @@ export async function POST(req: Request, { params }: { params: Promise<{ id: str
   const probe = def.test.probe || 'http';
   const r = probe === 'browser'
     ? await runBrowserProbe(def, inst.config)
-    : await runHttpProbe(def.test, inst.config);
+    : await runHttpProbe(def.test, inst.config, def);
   return NextResponse.json(r);
 }

package/components/ConnectorsPanel.tsx

@@ -44,6 +44,8 @@ interface FieldSchema {
   required?: boolean;
   default?: any;
   options?: string[];
+  /** For type: 'instances' — schema of each row's inner fields. */
+  fields?: Record<string, FieldSchema>;
 }
 
 interface ConnectorTool {
@@ -532,7 +534,13 @@ export default function ConnectorsPanel() {
                           <label className="text-[10px] text-[var(--text-secondary)] block mb-0.5">
                             {sc.label || key} {sc.required && <span className="text-red-400">*</span>}
                           </label>
-                          {sc.type === 'boolean' ? (
+                          {sc.type === 'instances' ? (
+                            <InstancesField
+                              schema={sc}
+                              rawValue={values[key]}
+                              onChange={(v) => setValues({ ...values, [key]: v })}
+                            />
+                          ) : sc.type === 'boolean' ? (
                             <input
                               type="checkbox"
                               checked={values[key] === true || values[key] === 'true'}
@@ -634,3 +642,135 @@ export default function ConnectorsPanel() {
     </div>
   );
 }
+
+/**
+ * Generic renderer for `type: instances` — a list of named records
+ * configured per-connector (Jenkins instances, GitLab tenants, etc.).
+ * Each row collapses into the connector's declared sub-fields. Value
+ * is round-tripped as a JSON-stringified array so the existing
+ * connector-configs.json shape (the textarea-saved string) keeps
+ * working unchanged.
+ */
+function InstancesField({
+  schema,
+  rawValue,
+  onChange,
+}: {
+  schema: FieldSchema;
+  rawValue: any;
+  onChange: (next: string) => void;
+}) {
+  const subFields = schema.fields || {};
+  const subKeys = Object.keys(subFields);
+
+  // Parse incoming value: accept stored JSON string, in-memory array,
+  // null, or anything malformed (treat as empty).
+  const rows: Record<string, any>[] = (() => {
+    let v: any = rawValue;
+    if (v == null || v === '') return [];
+    if (typeof v === 'string') {
+      try { v = JSON.parse(v); } catch { return []; }
+    }
+    return Array.isArray(v) ? v : [];
+  })();
+
+  const commit = (next: Record<string, any>[]) => onChange(JSON.stringify(next));
+
+  const addRow = () => {
+    const blank: Record<string, any> = {};
+    for (const k of subKeys) blank[k] = subFields[k]?.default ?? '';
+    commit([...rows, blank]);
+  };
+  const removeRow = (i: number) => commit(rows.filter((_, idx) => idx !== i));
+  const updateRow = (i: number, key: string, val: any) => {
+    const next = rows.map((r, idx) => (idx === i ? { ...r, [key]: val } : r));
+    commit(next);
+  };
+
+  return (
+    <div className="space-y-1.5">
+      {rows.length === 0 && (
+        <div className="text-[10px] text-[var(--text-secondary)] italic py-1">
+          No entries yet — click “+ Add” to create one.
+        </div>
+      )}
+      {rows.map((row, i) => {
+        const rowLabel =
+          (typeof row.name === 'string' && row.name.trim()) || `(unnamed #${i + 1})`;
+        return (
+          <div
+            key={i}
+            className="border border-[var(--border)] rounded p-2 bg-[var(--bg-secondary)]"
+          >
+            <div className="flex items-center justify-between mb-1.5">
+              <span className="text-[10px] font-semibold text-[var(--text-primary)]">
+                {rowLabel}
+              </span>
+              <button
+                type="button"
+                onClick={() => removeRow(i)}
+                title="Remove this entry"
+                className="text-[10px] text-red-400 hover:text-red-300"
+              >
+                ✕
+              </button>
+            </div>
+            <div className="space-y-1.5">
+              {subKeys.map((k) => {
+                const f = subFields[k];
+                // Nested instances — render the same component recursively.
+                // Lets a connector model "rows of rows" (e.g. Jenkins
+                // instances each with a list of inject_params key/value
+                // pairs).
+                if (f.type === 'instances') {
+                  return (
+                    <div key={k}>
+                      <label className="text-[9px] text-[var(--text-secondary)] block mb-0.5">
+                        {f.label || k} {f.required && <span className="text-red-400">*</span>}
+                      </label>
+                      <InstancesField
+                        schema={f}
+                        rawValue={row[k]}
+                        onChange={(next) => updateRow(i, k, next)}
+                      />
+                      {f.description && (
+                        <p className="text-[9px] text-[var(--text-secondary)] mt-0.5">{f.description}</p>
+                      )}
+                    </div>
+                  );
+                }
+                const inputType =
+                  f.type === 'secret' || f.type === 'password'
+                    ? 'password'
+                    : f.type === 'number'
+                      ? 'number'
+                      : 'text';
+                return (
+                  <div key={k}>
+                    <label className="text-[9px] text-[var(--text-secondary)] block mb-0.5">
+                      {f.label || k} {f.required && <span className="text-red-400">*</span>}
+                    </label>
+                    <input
+                      type={inputType}
+                      value={row[k] ?? ''}
+                      onChange={(e) => updateRow(i, k, e.target.value)}
+                      placeholder={f.description || ''}
+                      className="w-full bg-[var(--bg-tertiary)] border border-[var(--border)] rounded px-2 py-1 text-[10px] text-[var(--text-primary)] font-mono"
+                    />
+                  </div>
+                );
+              })}
+            </div>
+          </div>
+        );
+      })}
+      <button
+        type="button"
+        onClick={addRow}
+        className="text-[10px] px-2 py-1 rounded border border-dashed border-[var(--border)] text-[var(--text-secondary)] hover:border-[var(--accent)] hover:text-[var(--accent)] transition-colors w-full"
+      >
+        + Add {schema.label || 'instance'}
+      </button>
+    </div>
+  );
+}

package/lib/chat/protocols/http.ts

@@ -15,13 +15,20 @@
  * is_error so the LLM can react.
  */
 
-import type { HttpRequestSpec, ConnectorTool } from '../../connectors/types';
+import type { HttpRequestSpec, ConnectorTool, ConnectorAuth, ConnectorFieldSchema } from '../../connectors/types';
 import { expandAllTokens } from '../../plugins/templates';
 
 export interface HttpProtocolArgs {
   tool: ConnectorTool;
   settings: Record<string, any>;
   args: Record<string, any>;
+  /**
+   * Connector-level auth. Tool-level `tool.auth` takes precedence.
+   * Forge resolves the scheme into the right header/query at dispatch
+   * time so manifests don't have to hand-craft Authorization headers
+   * or base64-encode credentials.
+   */
+  connectorAuth?: ConnectorAuth;
   /**
    * When true, return the full response body without the 8KB cap. Used by
    * the Jobs scheduler — it parses JSON, not feeds the response into an
@@ -53,22 +60,42 @@ function expandObjectLeaves(obj: any, settings: Record<string, any>, args: Recor
 }
 
 /**
- * Expand `{args.X}` placeholders in a URL path with the value URL-
- * encoded. `{settings.X}` is NOT encoded — `{settings.base_url}` is the
- * scheme + host (with its own `://` and `/`), which must stay literal.
- *
- * Why: GitLab and many REST APIs accept either a numeric id or a
- * URL-encoded namespace path (`fortinac%2FFortiNAC`) as the project
- * identifier in the path. Without encoding, `args.project_id =
- * "fortinac/FortiNAC"` interpolates as a raw `/` and turns
- * `/projects/{args.project_id}/...` into `/projects/fortinac/FortiNAC/...`
- * (extra path segment), which the API can't parse. Numeric ids encode
- * to themselves — no regression.
+ * Encode a string value per its parameter's `url_encoding` declaration.
+ * Default `uri_component` matches encodeURIComponent (slashes encoded).
+ * `none` is raw, for pre-formatted paths (e.g. Jenkins folder paths
+ * `job/team/job/build`). `path_segments` encodes each `/`-separated
+ * piece but preserves the slashes — good for human-readable paths
+ * that contain spaces or unicode.
+ */
+function encodePathValue(raw: string, mode: ConnectorFieldSchema['url_encoding'] | undefined): string {
+  switch (mode) {
+    case 'none':
+      return raw;
+    case 'path_segments':
+      return raw.split('/').map(encodeURIComponent).join('/');
+    case 'uri_component':
+    case undefined:
+    default:
+      return encodeURIComponent(raw);
+  }
+}
+
+/**
+ * Expand `{args.X}` placeholders in a URL path. Each arg's encoding is
+ * decided by its parameter schema's `url_encoding` field (default
+ * `uri_component` — see `encodePathValue` for the modes). `{settings.X}`
+ * is NOT encoded — `{settings.base_url}` is the scheme + host (with its
+ * own `://` and `/`), which must stay literal.
  */
-function expandUrlPath(template: string, settings: Record<string, any>, args: Record<string, any>): string {
+function expandUrlPath(
+  template: string,
+  settings: Record<string, any>,
+  args: Record<string, any>,
+  paramSchemas?: Record<string, ConnectorFieldSchema>,
+): string {
   // First handle settings.* with raw substitution (keeps base_url intact).
   let out = expandAllTokens(template, settings, {});
-  // Then handle args.* with URL-encoding.
+  // Then handle args.* with per-parameter URL encoding.
   out = out.replace(/\{args\.([^{}]+)\}/g, (full, rawKey) => {
     const path = String(rawKey).trim().split('.');
     let v: any = args;
@@ -78,13 +105,23 @@ function expandUrlPath(template: string, settings: Record<string, any>, args: Re
     }
     if (v == null) return full;
     const s = typeof v === 'string' ? v : (typeof v === 'number' || typeof v === 'boolean' ? String(v) : JSON.stringify(v));
-    return encodeURIComponent(s);
+    // Encoding mode comes from the top-level parameter's schema. Nested
+    // arg paths inherit their root parameter's encoding — common case is
+    // a flat scalar parameter so this matters rarely.
+    const rootParam = path[0];
+    const mode = paramSchemas?.[rootParam]?.url_encoding;
+    return encodePathValue(s, mode);
   });
   return out;
 }
 
-function buildUrl(spec: HttpRequestSpec, settings: Record<string, any>, args: Record<string, any>): string {
-  const base = expandUrlPath(spec.url, settings, args);
+function buildUrl(
+  spec: HttpRequestSpec,
+  settings: Record<string, any>,
+  args: Record<string, any>,
+  paramSchemas?: Record<string, ConnectorFieldSchema>,
+): string {
+  const base = expandUrlPath(spec.url, settings, args, paramSchemas);
   if (!spec.query) return base;
   const url = new URL(base);
   for (const [k, raw] of Object.entries(spec.query)) {
@@ -98,6 +135,48 @@ function buildUrl(spec: HttpRequestSpec, settings: Record<string, any>, args: Re
   return url.toString();
 }
 
+/**
+ * Apply a connector/tool auth scheme onto an outbound request. Resolves
+ * templated `{settings.*}` inside auth values, base64-encodes basic
+ * credentials, and chooses between header / query placement. The URL is
+ * passed by reference (returned as a new string if the auth scheme
+ * appends a query param). Centralised so the chat dispatcher and the
+ * connector-test probe stay consistent.
+ */
+export function applyAuth(
+  url: string,
+  headers: Headers,
+  auth: ConnectorAuth | undefined,
+  settings: Record<string, any>,
+  args: Record<string, any> = {},
+): string {
+  if (!auth || auth.type === 'none') return url;
+  const exp = (s: string) => expandAllTokens(String(s ?? ''), settings, args);
+  switch (auth.type) {
+    case 'basic': {
+      const u = exp(auth.username);
+      const p = exp(auth.password);
+      const token = Buffer.from(`${u}:${p}`, 'utf-8').toString('base64');
+      headers.set('Authorization', `Basic ${token}`);
+      return url;
+    }
+    case 'bearer': {
+      headers.set('Authorization', `Bearer ${exp(auth.token)}`);
+      return url;
+    }
+    case 'header': {
+      headers.set(auth.name, exp(auth.value));
+      return url;
+    }
+    case 'query': {
+      const u = new URL(url);
+      u.searchParams.set(auth.name, exp(auth.value));
+      return u.toString();
+    }
+  }
+  return url;
+}
+
 function buildHeaders(spec: HttpRequestSpec, settings: Record<string, any>, args: Record<string, any>): Headers {
   const h = new Headers();
   if (spec.headers) {
@@ -109,12 +188,102 @@ function buildHeaders(spec: HttpRequestSpec, settings: Record<string, any>, args
 }
 
 function buildBody(spec: HttpRequestSpec, settings: Record<string, any>, args: Record<string, any>): { body?: string; contentType?: string } {
-  if (spec.body == null) return {};
-  if (typeof spec.body === 'string') {
-    return { body: expandAllTokens(spec.body, settings, args) };
+  if (spec.body != null) {
+    if (typeof spec.body === 'string') {
+      return { body: expandAllTokens(spec.body, settings, args) };
+    }
+    const obj = expandObjectLeaves(spec.body, settings, args);
+    return { body: JSON.stringify(obj), contentType: 'application/json' };
+  }
+  if (spec.body_form != null || spec.body_form_inject != null || spec.body_form_inject_from != null) {
+    return buildFormBody(spec.body_form, spec.body_form_inject, spec.body_form_inject_from, settings, args);
   }
-  const obj = expandObjectLeaves(spec.body, settings, args);
-  return { body: JSON.stringify(obj), contentType: 'application/json' };
+  return {};
+}
+
+/**
+ * Serialise an object into application/x-www-form-urlencoded body.
+ * The spec value can be:
+ *  - a literal placeholder `{args.NAME}` — resolved to the named arg
+ *    (must be a plain object); used by Jenkins trigger_build to take a
+ *    dynamic `params` map of build parameters.
+ *  - an inline object whose leaves get template-expanded — used when
+ *    the form keys are static.
+ *  - any other string — treated as a JSON-string template, parsed, then
+ *    serialised (less common, but lets manifests build the body inline).
+ *
+ * null/undefined values are dropped (no empty `KEY=`). Non-string values
+ * are stringified.
+ */
+function buildFormBody(spec: string | Record<string, unknown> | undefined, inject: Record<string, string> | undefined, injectFrom: string | undefined, settings: Record<string, any>, args: Record<string, any>): { body?: string; contentType?: string } {
+  let obj: any = null;
+  if (spec != null) {
+    if (typeof spec === 'string') {
+      const m = spec.match(/^\{args\.([^{}]+)\}$/);
+      if (m) {
+        obj = args[m[1]];
+        // LLMs frequently JSON-stringify an object arg even when the
+        // tool schema declares it as `type: json`. Parse it back so the
+        // form serialisation works either way.
+        if (typeof obj === 'string') {
+          try { obj = JSON.parse(obj); } catch { /* leave as null below */ }
+        }
+      } else {
+        const expanded = expandAllTokens(spec, settings, args);
+        try { obj = JSON.parse(expanded); } catch { obj = null; }
+      }
+    } else {
+      obj = expandObjectLeaves(spec, settings, args);
+    }
+  }
+  if (obj == null) obj = {};
+  if (typeof obj !== 'object' || Array.isArray(obj)) obj = {};
+
+  // Server-side inject — typically secrets pulled from settings.
+  // BOTH key and value are templated (against settings only, NOT args,
+  // so the LLM can't shadow injected keys). Templated keys let one
+  // manifest target different Jenkins jobs whose param names vary —
+  // each instance config sets the key name (e.g. TOKEN_PASSWORD)
+  // alongside the value source (e.g. {settings.gitlab_pat}). Entries
+  // where the key OR value comes back empty / unresolved get dropped.
+  if (inject) {
+    for (const [rawKey, rawVal] of Object.entries(inject)) {
+      const k = expandAllTokens(String(rawKey), settings, {});
+      if (!k || /\{(settings|args)\./.test(k)) continue;
+      const v = expandAllTokens(String(rawVal), settings, {});
+      if (!v || /\{(settings|args)\./.test(v)) continue;
+      obj[k] = v;
+    }
+  }
+
+  // body_form_inject_from — settings[X] is expected to be an
+  // `instances`-shaped array (each row { name, value, ... }). Inject
+  // every row as one form key/value pair. Lets the connector defer
+  // the actual key+value choices to per-user instance config without
+  // hardcoding them in the manifest. Rows with empty name or value
+  // are dropped.
+  if (injectFrom) {
+    let rows: any = (settings as any)[injectFrom];
+    if (typeof rows === 'string') {
+      try { rows = JSON.parse(rows); } catch { rows = null; }
+    }
+    if (Array.isArray(rows)) {
+      for (const row of rows) {
+        if (!row || typeof row !== 'object') continue;
+        const k = typeof row.name === 'string' ? row.name.trim() : '';
+        const v = typeof row.value === 'string' ? row.value : (row.value == null ? '' : String(row.value));
+        if (!k || !v) continue;
+        obj[k] = v;
+      }
+    }
+  }
+
+  const usp = new URLSearchParams();
+  for (const [k, v] of Object.entries(obj)) {
+    if (v == null) continue;
+    usp.append(k, typeof v === 'string' ? v : String(v));
+  }
+  return { body: usp.toString(), contentType: 'application/x-www-form-urlencoded' };
 }
 
 function truncate(s: string): { text: string; truncated: boolean; totalBytes: number } {
@@ -124,7 +293,7 @@ function truncate(s: string): { text: string; truncated: boolean; totalBytes: nu
   return { text: slice, truncated: true, totalBytes: buf.byteLength };
 }
 
-export async function runHttp({ tool, settings, args, noTruncation }: HttpProtocolArgs): Promise<HttpProtocolResult> {
+export async function runHttp({ tool, settings, args, connectorAuth, noTruncation }: HttpProtocolArgs): Promise<HttpProtocolResult> {
   const spec = tool.request;
   if (!spec || !spec.url) {
     return { content: 'http tool missing `request.url`', is_error: true };
@@ -145,11 +314,16 @@ export async function runHttp({ tool, settings, args, noTruncation }: HttpProtoc
     }
   }
 
-  const url = buildUrl(spec, settings, argsWithDefaults);
+  let url = buildUrl(spec, settings, argsWithDefaults, tool.parameters);
   const headers = buildHeaders(spec, settings, argsWithDefaults);
   const { body, contentType } = buildBody(spec, settings, argsWithDefaults);
   if (body != null && contentType && !headers.has('content-type')) headers.set('content-type', contentType);
 
+  // Tool-level auth overrides connector-level. `{ type: 'none' }` is a
+  // valid override that disables auth entirely (public endpoint).
+  const effectiveAuth = tool.auth ?? connectorAuth;
+  url = applyAuth(url, headers, effectiveAuth, settings, argsWithDefaults);
+
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
 

package/lib/chat/tool-dispatcher.ts

@@ -48,8 +48,8 @@ const BUILTINS: Record<string, BuiltinHandler> = {
   // required (no default) vs optional (have default) so the agent can omit
   // optional ones rather than passing wrong placeholder values.
   trigger_pipeline: async (input) => {
-    const params = (input as { workflow?: string; input?: Record<string, unknown> } | undefined) || {};
-    const { listWorkflows, startPipeline, getPipeline } = await import('../pipeline');
+    const params = (input as { workflow?: string; input?: Record<string, unknown>; skills?: unknown } | undefined) || {};
+    const { listWorkflows, startPipeline, getPipeline, getWorkflow } = await import('../pipeline');
     if (!params.workflow) {
       const workflows = listWorkflows();
       if (workflows.length === 0) return 'No workflows found. Create one in <dataDir>/flows/.';
@@ -120,7 +120,48 @@ const BUILTINS: Record<string, BuiltinHandler> = {
     for (const [k, v] of Object.entries(params.input || {})) {
       stringInput[k] = v == null ? '' : typeof v === 'string' ? v : String(v);
     }
-    const pipeline = startPipeline(params.workflow, stringInput);
+
+    // Skills — same plumbing as Schedule / Job: pre-install each named
+    // skill into every project the workflow's nodes target, then thread
+    // the list through to startPipeline so per-task --append-system-prompt
+    // gets the /skill-name lines. Unknown skill names are warned (not
+    // blocked) — startPipeline ignores any that aren't installed by then.
+    let skills: string[] = [];
+    if (Array.isArray(params.skills)) {
+      skills = (params.skills as unknown[]).filter((s): s is string => typeof s === 'string' && s.trim() !== '');
+    }
+    if (skills.length > 0) {
+      try {
+        const { listSkills } = await import('../skills');
+        const known = new Set(listSkills().map((s: any) => s.name));
+        const unknown = skills.filter((s) => !known.has(s));
+        if (unknown.length > 0) {
+          return `Unknown skills: ${unknown.join(', ')}. Available: ${[...known].slice(0, 40).join(', ')}. Call list_forge_context to see all skills.`;
+        }
+        const { ensureInstalledInProject } = await import('../skills');
+        const { getProjectInfo } = await import('../projects');
+        const projectNames = new Set<string>();
+        for (const n of Object.values(wf.nodes || {})) {
+          if ((n as any).project) projectNames.add((n as any).project as string);
+        }
+        const seenPaths = new Set<string>();
+        for (const pName of projectNames) {
+          const resolved = pName.replace(/\{\{\s*input\.([\w-]+)\s*\}\}/g, (_, k: string) => stringInput[k] ?? '');
+          if (!resolved) continue;
+          const pInfo = getProjectInfo(resolved);
+          if (!pInfo || seenPaths.has(pInfo.path)) continue;
+          seenPaths.add(pInfo.path);
+          for (const skill of skills) {
+            try { await ensureInstalledInProject(skill, pInfo.path); }
+            catch (e) { console.warn(`[chat] skill "${skill}" install failed in ${pInfo.path}: ${(e as Error).message}`); }
+          }
+        }
+      } catch (e) {
+        console.warn(`[chat] skills preflight failed: ${(e as Error).message}`);
+      }
+    }
+
+    const pipeline = startPipeline(params.workflow, stringInput, { skills: skills.length ? skills : undefined });
     let line = `Pipeline started: ${pipeline.id} (workflow: ${params.workflow}, status: ${pipeline.status})`;
     if (pipeline.status === 'failed') {
       const fresh = getPipeline(pipeline.id) || pipeline;
@@ -242,6 +283,11 @@ export const BUILTIN_TOOL_DEFS: BuiltinToolDef[] = [
           type: 'object',
           description: 'Pipeline input fields as a flat object. Pass ONLY required fields (marked * in the list response) and optional fields the user explicitly named. Omit optional fields to use their defaults.',
         },
+        skills: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Forge skills (by name) to make available to every Claude task inside the pipeline — injected via --append-system-prompt. Pass when the user mentions skill names ("用 git-savvy", "with the code-reviewer skill"). Call list_forge_context to validate names. Omit if the user didn\'t mention any.',
+        },
       },
     },
   },
@@ -400,23 +446,54 @@ export async function dispatchTool(
   const protocol = located.tool.protocol || 'browser';
   const argInput = (call.input ?? {}) as Record<string, any>;
 
+  // Multi-instance overlay: when a connector's settings carry a
+  // `instances` array of `{name, ...}` objects, the tool's `instance`
+  // arg picks one and its fields are merged into the top-level settings
+  // namespace so templates like `{settings.base_url}` resolve against
+  // the chosen instance. Strictly guarded so connectors without this
+  // shape (the existing gitlab/mantis/teams/github-api/pmdb) are
+  // completely unaffected.
+  let effectiveSettings = located.settings;
+  let instances = (located.settings as any)?.instances;
+  // The `type: json` settings UI stores the field as a string literal,
+  // not a parsed value — accept both forms (string from the form,
+  // already-parsed array from manifests that ship a default).
+  if (typeof instances === 'string') {
+    try { instances = JSON.parse(instances); } catch { instances = null; }
+  }
+  if (
+    Array.isArray(instances) &&
+    instances.length > 0 &&
+    instances.every((i: any) => i && typeof i === 'object' && typeof i.name === 'string')
+  ) {
+    const wanted = typeof argInput.instance === 'string' ? argInput.instance : undefined;
+    const inst = wanted
+      ? instances.find((i: any) => i.name === wanted)
+      : instances[0];
+    if (wanted && !inst) {
+      const available = instances.map((i: any) => i.name).join(', ');
+      return { content: `unknown instance "${wanted}". Available: ${available}`, is_error: true };
+    }
+    effectiveSettings = { ...located.settings, ...inst };
+  }
+
   try {
     switch (protocol) {
       case 'http':
-        return await runHttp({ tool: located.tool, settings: located.settings, args: argInput, noTruncation: opts.noTruncation });
+        return await runHttp({ tool: located.tool, settings: effectiveSettings, args: argInput, connectorAuth: def.auth, noTruncation: opts.noTruncation });
       case 'shell':
-        return await runShell({ tool: located.tool, settings: located.settings, args: argInput });
+        return await runShell({ tool: located.tool, settings: effectiveSettings, args: argInput });
       case 'browser': {
         // Hand the whole connector + tool spec + input + settings to the
         // extension's runner.ts via the bridge. The extension keeps owning
         // the runner logic (tab acquire, navigate, executeScript).
-        const connector = buildConnectorPayload(def, located.entry, located.settings);
+        const connector = buildConnectorPayload(def, located.entry, effectiveSettings);
         const result = (await bridgeRpc('connector.run', {
           pluginId: located.connectorId,       // wire-name kept for extension
           toolName: located.toolName,
           input: argInput,
           connector,
-          settings: located.settings,
+          settings: effectiveSettings,
         })) as { content?: string; is_error?: boolean } | null;
         return { content: result?.content ?? '(no content returned)', is_error: !!result?.is_error };
       }

package/lib/connectors/registry.ts

@@ -132,6 +132,70 @@ function getSecretFieldNames(def: ConnectorDefinition | null): string[] {
     .map(([name]) => name);
 }
 
+function getAllSettingsSchema(def: ConnectorDefinition | null): Record<string, ConnectorFieldSchema> {
+  const out: Record<string, ConnectorFieldSchema> = {};
+  if (!def) return out;
+  if (def.settings) Object.assign(out, def.settings);
+  for (const entry of def.connectors || []) {
+    if (entry.settings) Object.assign(out, entry.settings);
+  }
+  return out;
+}
+
+/**
+ * Walk a connector config value applying `op` (encrypt | decrypt) to
+ * every leaf whose schema is `type: 'secret'` or `'password'`. Recurses
+ * into `type: 'instances'` arrays so per-row sub-secrets (e.g. Jenkins
+ * api_token inside each instances row) get the same treatment as flat
+ * top-level secrets — otherwise nested credentials stay plaintext at
+ * rest. The on-disk shape is preserved: instances stay as a JSON-
+ * stringified array (which is how the type:instances UI persists it).
+ */
+function transformConnectorSecrets(
+  value: any,
+  schema: ConnectorFieldSchema | undefined,
+  op: 'encrypt' | 'decrypt',
+): any {
+  if (!schema) return value;
+  const t = String((schema as any)?.type || '');
+
+  if (t === 'secret' || t === 'password') {
+    if (typeof value !== 'string' || !value) return value;
+    if (op === 'encrypt') return isEncrypted(value) ? value : (() => {
+      try { return encryptSecret(value); } catch { return value; }
+    })();
+    if (op === 'decrypt') {
+      if (!isEncrypted(value)) return value;
+      try { return decryptSecret(value); }
+      catch { return value; }
+    }
+    return value;
+  }
+
+  if (t === 'instances' && (schema as any).fields) {
+    // Accept either the stored JSON-string form or an in-memory array.
+    let rows: any;
+    const wasString = typeof value === 'string';
+    if (wasString) {
+      try { rows = JSON.parse(value); } catch { return value; }
+    } else {
+      rows = value;
+    }
+    if (!Array.isArray(rows)) return value;
+    const transformed = rows.map((row: any) => {
+      if (!row || typeof row !== 'object') return row;
+      const out: any = { ...row };
+      for (const [k, sub] of Object.entries((schema as any).fields)) {
+        out[k] = transformConnectorSecrets(out[k], sub as ConnectorFieldSchema, op);
+      }
+      return out;
+    });
+    return wasString ? JSON.stringify(transformed) : transformed;
+  }
+
+  return value;
+}
+
 function loadStoreRaw(): ConfigStore {
   const p = configsFile();
   if (!existsSync(p)) return {};
@@ -144,20 +208,16 @@ function loadStoreRaw(): ConfigStore {
 
 function loadStore(): ConfigStore {
   const store = loadStoreRaw();
-  // Decrypt secret fields lazily — readers expect plaintext.
+  // Decrypt secret fields lazily — readers expect plaintext. Walks the
+  // schema so both flat top-level secrets AND nested instances sub-
+  // secrets get unwrapped uniformly.
   for (const [id, row] of Object.entries(store)) {
     if (!row?.config) continue;
     const def = getConnector(id);
-    const secrets = getSecretFieldNames(def);
-    if (!secrets.length) continue;
-    for (const key of secrets) {
-      const v = row.config[key];
-      if (typeof v === 'string' && isEncrypted(v)) {
-        try { row.config[key] = decryptSecret(v); }
-        catch (err) {
-          console.warn(`[connectors] failed to decrypt ${id}.${key}`, err);
-        }
-      }
+    const schema = getAllSettingsSchema(def);
+    for (const [k, sub] of Object.entries(schema)) {
+      try { row.config[k] = transformConnectorSecrets(row.config[k], sub, 'decrypt'); }
+      catch (err) { console.warn(`[connectors] failed to decrypt ${id}.${k}`, err); }
     }
   }
   return store;
@@ -169,15 +229,13 @@ function saveStore(store: ConfigStore): void {
   const out: ConfigStore = {};
   for (const [id, row] of Object.entries(store)) {
     const def = getConnector(id);
-    const secrets = new Set(getSecretFieldNames(def));
+    const schema = getAllSettingsSchema(def);
     const encryptedConfig: Record<string, unknown> = {};
     for (const [k, v] of Object.entries(row.config || {})) {
-      if (secrets.has(k) && typeof v === 'string' && v.length > 0 && !isEncrypted(v)) {
-        try { encryptedConfig[k] = encryptSecret(v); }
-        catch { encryptedConfig[k] = v; }
-      } else {
-        encryptedConfig[k] = v;
-      }
+      const sub = schema[k];
+      encryptedConfig[k] = sub
+        ? transformConnectorSecrets(v, sub, 'encrypt')
+        : v;
     }
     out[id] = {
       config: encryptedConfig,

package/lib/connectors/types.ts

@@ -18,15 +18,55 @@ export type ConnectorProtocol = 'browser' | 'http' | 'shell';
 
 /** Schema for one settings or parameter field. */
 export interface ConnectorFieldSchema {
-  type: 'string' | 'number' | 'boolean' | 'secret' | 'json' | 'select';
+  type: 'string' | 'number' | 'boolean' | 'secret' | 'json' | 'select' | 'instances';
   label?: string;
   description?: string;
   required?: boolean;
   default?: unknown;
   /** select-type options */
   options?: string[];
+  /**
+   * For `type: 'instances'` — schema for each row's sub-fields. The UI
+   * renders one collapsible group per row, with these as inner inputs;
+   * one field MUST be named `name` and serves as the row label / the
+   * `instance` key referenced by tools. Stored on disk as a
+   * JSON-stringified array; the tool-dispatcher overlay parses it
+   * before template expansion.
+   */
+  fields?: Record<string, ConnectorFieldSchema>;
+  /**
+   * How this parameter's value is encoded when expanded into a URL path
+   * (`{args.X}` inside an HTTP tool's `request.url`). Default
+   * `uri_component` matches encodeURIComponent (slashes encoded). Use
+   * `none` when the value is a pre-formatted path that must stay literal
+   * (e.g. a Jenkins folder path `job/team/job/build`). `path_segments`
+   * encodes each `/`-separated segment individually but preserves the
+   * slashes (good for human-readable paths with spaces / unicode).
+   *
+   * Has no effect on values used in headers, query strings, or bodies —
+   * those go through token expansion without URL encoding either way.
+   */
+  url_encoding?: 'uri_component' | 'none' | 'path_segments';
 }
 
+/**
+ * How a connector authenticates its HTTP tools. Declared at the
+ * connector level (manifest top) and inherited by every `protocol: http`
+ * tool; an individual tool can override (`tool.auth: { type: none }`)
+ * to skip auth for a public endpoint.
+ *
+ * Forge resolves the scheme into the right header / query param at
+ * dispatch time so manifests don't have to hand-craft Authorization
+ * headers (and so secrets like `password` can be base64-encoded
+ * server-side without leaking to manifests).
+ */
+export type ConnectorAuth =
+  | { type: 'none' }
+  | { type: 'basic'; username: string; password: string }
+  | { type: 'bearer'; token: string }
+  | { type: 'header'; name: string; value: string }
+  | { type: 'query'; name: string; value: string };
+
 /**
  * Server-side HTTP request shape, used by `protocol: http` tools.
  * Template tokens {base_url}, {settings.*}, {args.*} are expanded at run time.
@@ -41,6 +81,36 @@ export interface HttpRequestSpec {
   query?: Record<string, string>;
   /** Body. string = sent as-is (templated); object = JSON.stringify'd (string values templated). */
   body?: string | Record<string, unknown>;
+  /**
+   * Alternative body form: when set, Forge serialises the referenced
+   * value as `application/x-www-form-urlencoded` (URLSearchParams). Use
+   * the literal placeholder string `{args.NAME}` to point at an object-
+   * valued parameter — typical for triggering Jenkins builds with a
+   * dynamic `params` map, or any old-school form-POST API. Ignored if
+   * `body` is also set.
+   */
+  body_form?: string | Record<string, unknown>;
+  /**
+   * Extra form-urlencoded keys merged into `body_form` server-side.
+   * Each value is a template (`{settings.gitlab_pat}` typical). Both
+   * the KEY and the VALUE are templated against settings. Keys with an
+   * empty / unsubstituted value are dropped (don't post blank
+   * secrets). The LLM never sees these — used to inject credentials a
+   * tool needs from settings without exposing them in the tool's
+   * declared parameters. Takes precedence over `body_form` if the
+   * same key appears in both.
+   */
+  body_form_inject?: Record<string, string>;
+  /**
+   * Name of a `type: instances` settings field whose every row is
+   * injected as one form-urlencoded key/value pair. Each row must have
+   * `name` (Jenkins build-param name) and `value` (the value to send).
+   * Server-side resolution — LLM never sees these. Empty rows are
+   * dropped. Use alongside or instead of `body_form_inject` when the
+   * user needs to configure arbitrary key/value pairs at runtime
+   * rather than baking them into the manifest.
+   */
+  body_form_inject_from?: string;
 }
 
 /**
@@ -102,6 +172,13 @@ export interface ConnectorTool {
 
   /** shell/http: timeout in milliseconds. Default 30000, max 300000. */
   timeout_ms?: number;
+
+  /**
+   * http: per-tool auth override. Falls back to the connector's
+   * top-level `auth` when omitted. Set `{ type: 'none' }` to skip
+   * auth on a public endpoint.
+   */
+  auth?: ConnectorAuth;
 }
 
 /**
@@ -230,6 +307,15 @@ export interface ConnectorDefinition {
   host_match?: string;
   login_redirect?: string;
 
+  /**
+   * Default HTTP auth scheme applied to every `protocol: http` tool
+   * in this connector. Tools can override via their own `auth` field.
+   * Omitting it = no auth applied by Forge (tools may still hand-craft
+   * an Authorization header in `request.headers`, like the v0.1 gitlab
+   * and github-api manifests).
+   */
+  auth?: ConnectorAuth;
+
   // ─── 1:N suite — list of sibling entries sharing auth ──
   connectors?: ConnectorEntry[];
 

package/lib/help-docs/21-build-connector.md

@@ -147,6 +147,145 @@ tools:
     timeout_ms: 15000
 ```
 
+#### Auth schemes
+
+Manifests can declare one auth scheme at the top and Forge applies it to every `protocol: http` tool — no need to hand-craft an `Authorization` header per tool, no manifest-side base64.
+
+```yaml
+# Connector-level (applies to all http tools).
+auth:
+  type: basic                       # basic | bearer | header | query | none
+  username: '{settings.username}'
+  password: '{settings.api_token}'
+
+# Variants:
+auth:
+  type: bearer
+  token: '{settings.token}'
+
+auth:
+  type: header
+  name: PRIVATE-TOKEN
+  value: '{settings.token}'
+
+auth:
+  type: query
+  name: access_token
+  value: '{settings.token}'
+```
+
+A tool can override (or disable) the inherited scheme with its own `auth:` block. `{ type: none }` skips auth entirely (public endpoint).
+
+#### Per-parameter URL encoding
+
+Default behaviour for an `{args.X}` in a URL path is `encodeURIComponent` — slashes become `%2F`. This is right for GitLab-style project paths but wrong for systems that expect literal slashes (Jenkins folder paths). Override per parameter:
+
+```yaml
+parameters:
+  job_path:
+    type: string
+    url_encoding: none              # uri_component (default) | none | path_segments
+    description: 'Pre-formatted Jenkins path with "job/" prefixes, e.g. "job/team-x/job/build".'
+  artifact_path:
+    type: string
+    url_encoding: path_segments     # encode each / segment individually, preserve slashes
+```
+
+#### Form-urlencoded bodies (`body_form`)
+
+For old-school form POST APIs (Jenkins `/buildWithParameters`, Slack `/chat.postMessage`, etc.). Point at a JSON-typed parameter and Forge serialises it with `URLSearchParams` (`application/x-www-form-urlencoded`):
+
+```yaml
+parameters:
+  params:
+    type: json
+    description: 'Flat object of build params: { "BRANCH": "main", "ENV": "stg" }'
+request:
+  method: POST
+  url: '{settings.base_url}/{args.job_path}/buildWithParameters'
+  body_form: '{args.params}'
+```
+
+LLMs sometimes JSON-stringify nested objects even when the schema says `type: json` — Forge automatically `JSON.parse`'s string-form values, so both shapes work.
+
+#### Server-side inject — credentials the LLM should never see
+
+Two forms.
+
+**1. `body_form_inject` (static keys, manifest-baked)** — useful when the manifest knows exactly which Jenkins / API param name the credential goes under.
+
+```yaml
+request:
+  body_form: '{args.params}'
+  body_form_inject:
+    GITLAB_PAT: '{settings.gitlab_pat}'         # key + value both templated against settings
+```
+
+Forge expands both the key and the value against settings (NOT args, so the LLM can't shadow). Empty / unsubstituted entries are dropped — optional secrets don't post blank values.
+
+**2. `body_form_inject_from` (dynamic, user-configured per instance)** — when each Jenkins job uses different param names, let the user supply a list of `{name, value}` rows in the settings UI; Forge injects every row.
+
+```yaml
+# settings declaration:
+settings:
+  inject_params:
+    type: instances                 # repeating-row UI
+    label: "Auto-inject build params"
+    fields:
+      name:  { type: string, required: true, label: "Param name" }
+      value: { type: secret, required: true, label: "Value" }
+
+# tool spec:
+request:
+  body_form: '{args.params}'
+  body_form_inject_from: 'inject_params'   # name of the instances settings field
+```
+
+User adds rows in the UI (e.g. `TOKEN_PASSWORD` → `<the-real-pat>`); Forge merges every row into the form body server-side. LLM passes only build-specific params, never sees the credentials.
+
+#### Multi-instance support (`settings.instances`)
+
+To let one install hit multiple servers of the same kind (prod + staging Jenkins, multiple GitLab tenants, etc.), declare your config under a `type: instances` field:
+
+```yaml
+settings:
+  instances:
+    type: instances
+    required: true
+    fields:
+      name:      { type: string, required: true }    # how the LLM picks one
+      base_url:  { type: string, required: true }
+      username:  { type: string, required: true }
+      api_token: { type: secret, required: true }
+```
+
+Each tool gains an implicit `instance` parameter (string). When the LLM passes `instance: "prod"`, Forge looks up the matching row from `settings.instances` and **overlays its fields onto the settings namespace** before template expansion — so your tool spec keeps using `{settings.base_url}` / `{settings.api_token}` as if they were flat. Omitting the arg defaults to the first row.
+
+Pair `instances` with `body_form_inject_from` for fully per-instance secret injection (each Jenkins instance has its own list of credentials to inject).
+
+Secrets nested inside an instance row (e.g. `api_token: { type: secret }` as a sub-field) are encrypted at rest by the same AES-256-GCM pipeline as flat top-level secrets; the UI masks them with bullets and the Settings → Connectors panel renders a "Replace" button to change them.
+
+#### Nested `instances` (rows of rows)
+
+A sub-field of an `instances` schema can itself be `type: instances`, and the renderer handles the nesting. This is how Jenkins's `inject_params` lives inside each instance row:
+
+```yaml
+settings:
+  instances:
+    type: instances
+    fields:
+      name:     { type: string, required: true }
+      base_url: { type: string, required: true }
+      api_token: { type: secret, required: true }
+      inject_params:               # nested instances inside a row
+        type: instances
+        fields:
+          name:  { type: string, required: true }
+          value: { type: secret, required: true }
+```
+
+UI: each top-level instance row expands to a form that includes a nested rows-list for its sub-collection. Encryption recurses, so per-row secrets in either level encrypt correctly.
+
 ### test block
 
 A connector can ship a self-test so the Settings → Connectors UI's

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aion0/forge",
-  "version": "0.9.16",
+  "version": "0.9.18",
   "description": "Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access",
   "type": "module",
   "scripts": {