forgeos 0.1.0-alpha.2 → 0.1.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +38 -3
- package/CHANGELOG.md +29 -0
- package/README.md +25 -10
- package/package.json +8 -5
- package/src/forge/_generated/actionSubscriptions.json +2 -2
- package/src/forge/_generated/actionSubscriptions.ts +3 -3
- package/src/forge/_generated/agentAdapterManifest.json +2 -2
- package/src/forge/_generated/agentAdapterManifest.ts +3 -3
- package/src/forge/_generated/agentContract.json +2 -2
- package/src/forge/_generated/agentContract.ts +183 -50
- package/src/forge/_generated/agentQuickstart.md +3 -1
- package/src/forge/_generated/agentTools.json +2 -0
- package/src/forge/_generated/agentTools.md +16 -0
- package/src/forge/_generated/agentTools.ts +12 -0
- package/src/forge/_generated/aiContext.ts +67 -1
- package/src/forge/_generated/aiModels.json +2 -2
- package/src/forge/_generated/aiModels.ts +17 -1
- package/src/forge/_generated/aiProviders.json +1 -1
- package/src/forge/_generated/aiProviders.ts +1 -1
- package/src/forge/_generated/aiRegistry.json +2 -2
- package/src/forge/_generated/aiRegistry.ts +7 -5
- package/src/forge/_generated/api.json +2 -2
- package/src/forge/_generated/api.ts +1 -1
- package/src/forge/_generated/appGraph.json +2 -2
- package/src/forge/_generated/appGraph.ts +512 -260
- package/src/forge/_generated/appMap.md +21 -1
- package/src/forge/_generated/artifactManifest.json +2 -2
- package/src/forge/_generated/artifactManifest.ts +2 -2
- package/src/forge/_generated/authClaims.json +1 -1
- package/src/forge/_generated/authClaims.ts +1 -1
- package/src/forge/_generated/authConfig.json +1 -1
- package/src/forge/_generated/authConfig.ts +1 -1
- package/src/forge/_generated/authContext.ts +1 -1
- package/src/forge/_generated/authRegistry.json +1 -1
- package/src/forge/_generated/authRegistry.ts +1 -1
- package/src/forge/_generated/buildInfo.json +2 -2
- package/src/forge/_generated/buildInfo.ts +4 -4
- package/src/forge/_generated/capabilityMap.json +2 -2
- package/src/forge/_generated/capabilityMap.md +1 -1
- package/src/forge/_generated/capabilityMap.ts +2 -2
- package/src/forge/_generated/client.ts +1 -1
- package/src/forge/_generated/clientApi.ts +1 -1
- package/src/forge/_generated/clientManifest.json +2 -2
- package/src/forge/_generated/clientManifest.ts +3 -3
- package/src/forge/_generated/clientTypes.ts +1 -1
- package/src/forge/_generated/configRegistry.json +1 -1
- package/src/forge/_generated/configRegistry.ts +1 -1
- package/src/forge/_generated/dataGraph.json +2 -2
- package/src/forge/_generated/dataGraph.ts +3 -3
- package/src/forge/_generated/db.json +1 -1
- package/src/forge/_generated/db.ts +1 -1
- package/src/forge/_generated/dbSecurityManifest.json +1 -1
- package/src/forge/_generated/dbSecurityManifest.ts +1 -1
- package/src/forge/_generated/dbSessionContext.json +1 -1
- package/src/forge/_generated/dbSessionContext.ts +1 -1
- package/src/forge/_generated/deployManifest.json +2 -2
- package/src/forge/_generated/deployManifest.ts +7 -7
- package/src/forge/_generated/devManifest.json +2 -2
- package/src/forge/_generated/devManifest.ts +18 -3
- package/src/forge/_generated/envSchema.json +1 -1
- package/src/forge/_generated/envSchema.ts +1 -1
- package/src/forge/_generated/frontendGraph.json +1 -1
- package/src/forge/_generated/frontendGraph.ts +1 -1
- package/src/forge/_generated/importGuards.json +1 -1
- package/src/forge/_generated/importGuards.ts +1 -1
- package/src/forge/_generated/index.ts +2 -1
- package/src/forge/_generated/liveProductionManifest.json +1 -1
- package/src/forge/_generated/liveProductionManifest.ts +1 -1
- package/src/forge/_generated/liveProtocol.json +1 -1
- package/src/forge/_generated/liveProtocol.ts +1 -1
- package/src/forge/_generated/liveQueryRegistry.json +2 -2
- package/src/forge/_generated/liveQueryRegistry.ts +3 -3
- package/src/forge/_generated/liveTransportConfig.json +1 -1
- package/src/forge/_generated/liveTransportConfig.ts +1 -1
- package/src/forge/_generated/makeRegistry.json +2 -2
- package/src/forge/_generated/makeRegistry.ts +16 -2
- package/src/forge/_generated/makeTemplates.json +2 -2
- package/src/forge/_generated/makeTemplates.ts +6 -1
- package/src/forge/_generated/mockMap.json +1 -1
- package/src/forge/_generated/mockMap.ts +1 -1
- package/src/forge/_generated/operationPlaybooks.md +34 -14
- package/src/forge/_generated/packageGraph.json +2 -2
- package/src/forge/_generated/packageGraph.ts +8808 -4723
- package/src/forge/_generated/packageUpgradeRegistry.json +2 -2
- package/src/forge/_generated/packageUpgradeRegistry.ts +2 -2
- package/src/forge/_generated/permissionMatrix.json +2 -2
- package/src/forge/_generated/permissionMatrix.ts +3 -3
- package/src/forge/_generated/policyRegistry.json +2 -2
- package/src/forge/_generated/policyRegistry.ts +3 -3
- package/src/forge/_generated/queryRegistry.json +2 -2
- package/src/forge/_generated/queryRegistry.ts +3 -3
- package/src/forge/_generated/react.d.ts +1 -1
- package/src/forge/_generated/react.ts +1 -1
- package/src/forge/_generated/reactManifest.json +2 -2
- package/src/forge/_generated/reactManifest.ts +3 -3
- package/src/forge/_generated/releaseManifest.json +2 -2
- package/src/forge/_generated/releaseManifest.ts +3 -3
- package/src/forge/_generated/rlsPolicies.json +1 -1
- package/src/forge/_generated/rlsPolicies.sql +1 -1
- package/src/forge/_generated/rlsPolicies.ts +1 -1
- package/src/forge/_generated/runtimeGraph.json +2 -2
- package/src/forge/_generated/runtimeGraph.ts +3 -3
- package/src/forge/_generated/runtimeMatrix.json +2 -2
- package/src/forge/_generated/runtimeMatrix.ts +8684 -1939
- package/src/forge/_generated/runtimeRegistry.ts +1 -1
- package/src/forge/_generated/runtimeRules.md +13 -1
- package/src/forge/_generated/secretRegistry.json +1 -1
- package/src/forge/_generated/secretRegistry.ts +1 -1
- package/src/forge/_generated/secretsContext.ts +1 -1
- package/src/forge/_generated/serverApi.ts +1 -1
- package/src/forge/_generated/sourceMapManifest.json +2 -2
- package/src/forge/_generated/sourceMapManifest.ts +2 -2
- package/src/forge/_generated/sqlPlan.json +1 -1
- package/src/forge/_generated/sqlPlan.ts +1 -1
- package/src/forge/_generated/subscriptionManifest.json +2 -2
- package/src/forge/_generated/subscriptionManifest.ts +3 -3
- package/src/forge/_generated/symbolicationManifest.json +2 -2
- package/src/forge/_generated/symbolicationManifest.ts +2 -2
- package/src/forge/_generated/telemetryRegistry.json +2 -2
- package/src/forge/_generated/telemetryRegistry.ts +3 -3
- package/src/forge/_generated/telemetrySinks.json +2 -2
- package/src/forge/_generated/telemetrySinks.ts +2 -2
- package/src/forge/_generated/tenantScope.json +2 -2
- package/src/forge/_generated/tenantScope.ts +3 -3
- package/src/forge/_generated/testGraph.json +2 -2
- package/src/forge/_generated/testGraph.ts +339 -17
- package/src/forge/_generated/testPlanRegistry.json +2 -2
- package/src/forge/_generated/testPlanRegistry.ts +2 -2
- package/src/forge/_generated/uiRoutes.json +1 -1
- package/src/forge/_generated/uiRoutes.ts +1 -1
- package/src/forge/_generated/uiScenarios.json +1 -1
- package/src/forge/_generated/uiScenarios.ts +1 -1
- package/src/forge/_generated/uiTestManifest.json +2 -2
- package/src/forge/_generated/uiTestManifest.ts +2 -2
- package/src/forge/_generated/workflowRegistry.json +2 -2
- package/src/forge/_generated/workflowRegistry.ts +3 -3
- package/src/forge/_generated/workflowSubscriptions.json +2 -2
- package/src/forge/_generated/workflowSubscriptions.ts +3 -3
- package/src/forge/cli/ai.ts +351 -1
- package/src/forge/cli/auth.ts +36 -1
- package/src/forge/cli/commands.ts +19 -0
- package/src/forge/cli/parse.ts +67 -8
- package/src/forge/cli/rls.ts +529 -17
- package/src/forge/cli/secrets.ts +46 -1
- package/src/forge/cli/security.ts +269 -0
- package/src/forge/compiler/agent-contract/build.ts +289 -8
- package/src/forge/compiler/agent-contract/types.ts +43 -0
- package/src/forge/compiler/ai-registry/build.ts +62 -1
- package/src/forge/compiler/ai-registry/constants.ts +1 -1
- package/src/forge/compiler/ai-registry/parse.ts +98 -4
- package/src/forge/compiler/app-graph/forge-apis.ts +1 -0
- package/src/forge/compiler/dev-manifest/build.ts +3 -0
- package/src/forge/compiler/diagnostics/codes.ts +15 -0
- package/src/forge/compiler/diagnostics/create.ts +1 -1
- package/src/forge/compiler/make-registry/build.ts +13 -0
- package/src/forge/compiler/orchestrator/plan.ts +11 -0
- package/src/forge/compiler/orchestrator/serialize.ts +68 -0
- package/src/forge/compiler/package-graph/compiler.ts +13 -3
- package/src/forge/compiler/types/ai-registry.ts +25 -1
- package/src/forge/compiler/types/app-graph.ts +1 -0
- package/src/forge/compiler/types/cli.ts +1 -0
- package/src/forge/compiler/types/dev-manifest.ts +3 -0
- package/src/forge/dev/server.ts +508 -1
- package/src/forge/make/index.ts +126 -3
- package/src/forge/make/templates.ts +188 -0
- package/src/forge/make/types.ts +1 -0
- package/src/forge/runtime/ai/context.ts +210 -5
- package/src/forge/runtime/ai/types.ts +70 -0
- package/src/forge/runtime/auth/claims.ts +32 -0
- package/src/forge/runtime/auth/errors.ts +2 -0
- package/src/forge/runtime/context/create-context.ts +30 -6
- package/src/forge/runtime/db/memory-adapter.ts +2 -2
- package/src/forge/runtime/telemetry/scrubber.ts +56 -5
- package/src/forge/runtime/webhooks/security.ts +184 -0
- package/src/forge/server.ts +93 -0
- package/src/forge/version.ts +1 -1
- package/templates/b2b-support-web/package.json +1 -0
- package/templates/b2b-support-web/tsconfig.json +4 -1
- package/templates/minimal-web/package.json +1 -0
- package/templates/minimal-web/tsconfig.json +3 -1
package/AGENTS.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
// @forge-generated generator=0.1.0-alpha.
|
|
1
|
+
// @forge-generated generator=0.1.0-alpha.4 input=4af795b70ec62dc5967f6e9b78865cfbc8afb09275e575845cf80a360b3b85e2 content=1611635edf59c122b013ba76c85bd333ab3b30b289aaea04a9074f9438782a50
|
|
2
2
|
# AGENTS.md
|
|
3
3
|
|
|
4
4
|
<!-- forge-generated:start -->
|
|
@@ -69,6 +69,7 @@ forge inspect app --json
|
|
|
69
69
|
forge inspect all --json
|
|
70
70
|
forge inspect frontend --json
|
|
71
71
|
forge inspect capabilities --json
|
|
72
|
+
forge inspect agent-tools --json
|
|
72
73
|
forge deps inspect <package> --json
|
|
73
74
|
forge deps api <package> <symbol> --json
|
|
74
75
|
forge deps trace <package> --json
|
|
@@ -82,6 +83,9 @@ forge doctor
|
|
|
82
83
|
forge doctor windows --json
|
|
83
84
|
forge setup windows --json
|
|
84
85
|
forge agent print-context --json
|
|
86
|
+
forge ai tools --json
|
|
87
|
+
forge ai agents --json
|
|
88
|
+
forge ai trace <traceId> --json
|
|
85
89
|
forge verify --smoke
|
|
86
90
|
forge verify --standard
|
|
87
91
|
forge verify --strict
|
|
@@ -103,6 +107,21 @@ Tenant-scoped tables:
|
|
|
103
107
|
- ANTHROPIC_API_KEY (required)
|
|
104
108
|
- OPENAI_API_KEY (required)
|
|
105
109
|
|
|
110
|
+
## AI Tools And Agents
|
|
111
|
+
|
|
112
|
+
- AI SDK engine: Vercel AI SDK v6.
|
|
113
|
+
- Forge layer: generated registry, runtime rules, telemetry, secrets, tenant/auth context, and agent contract.
|
|
114
|
+
- Use `ctx.agent.run` or `ctx.ai.runAgent` only in actions, workflows, endpoints, and server code.
|
|
115
|
+
- Do not create custom tool loops; use Forge tools and AI SDK `ToolLoopAgent` through the Forge runtime.
|
|
116
|
+
|
|
117
|
+
Tools:
|
|
118
|
+
|
|
119
|
+
- none
|
|
120
|
+
|
|
121
|
+
Agents:
|
|
122
|
+
|
|
123
|
+
- none
|
|
124
|
+
|
|
106
125
|
## Auth
|
|
107
126
|
|
|
108
127
|
- Modes: dev-headers, jwt, oidc, disabled
|
|
@@ -158,6 +177,7 @@ Use:
|
|
|
158
177
|
forge make resource <name> --fields title:text,status:enum(open,closed) --dry-run --json
|
|
159
178
|
forge make resource <name> --fields title:text,status:enum(open,closed) --with-ui --yes
|
|
160
179
|
forge make ui --framework vite --dry-run --json
|
|
180
|
+
forge make ai-chat support --dry-run --json
|
|
161
181
|
```
|
|
162
182
|
|
|
163
183
|
Review the plan before applying when the resource touches schema or policies.
|
|
@@ -194,11 +214,13 @@ Use:
|
|
|
194
214
|
```bash
|
|
195
215
|
forge refactor rename field tickets.priority tickets.urgency --dry-run --json
|
|
196
216
|
forge refactor rename field tickets.priority tickets.urgency --yes
|
|
217
|
+
forge refactor rename command createTicket openTicket --dry-run --json
|
|
218
|
+
forge refactor rename command createTicket openTicket --yes
|
|
197
219
|
```
|
|
198
220
|
|
|
199
|
-
These codemods are AST-aware for `extract-action`, `rename field`, and `rename table`. Field renames are scoped to the target table, so `tickets.priority` only rewrites references linked to `tickets`.
|
|
221
|
+
These codemods are AST-aware for `extract-action`, `rename command`, `rename field`, and `rename table`. Command renames update runtime registries, generated client references, frontend hooks, tests, and string references where safe. Field renames are scoped to the target table, so `tickets.priority` only rewrites references linked to `tickets`.
|
|
200
222
|
|
|
201
|
-
Never edit `src/forge/_generated/**` directly. Review migration hints before applying field or table renames.
|
|
223
|
+
Never edit `src/forge/_generated/**` directly. Review migration hints before applying command, field, or table renames.
|
|
202
224
|
|
|
203
225
|
### Plan impact-based tests
|
|
204
226
|
|
|
@@ -224,6 +246,19 @@ forge repair plan --from-last-test-run --write
|
|
|
224
246
|
|
|
225
247
|
Apply only high-confidence deterministic repairs automatically. Review medium or low confidence repairs before changing code.
|
|
226
248
|
|
|
249
|
+
### Add AI tools or agents
|
|
250
|
+
|
|
251
|
+
Use:
|
|
252
|
+
|
|
253
|
+
```bash
|
|
254
|
+
forge generate
|
|
255
|
+
forge inspect all --json
|
|
256
|
+
forge ai check --json
|
|
257
|
+
forge ai trace <traceId> --json
|
|
258
|
+
```
|
|
259
|
+
|
|
260
|
+
Define tools with `aiTool({ inputSchema, outputSchema, risk, needsApproval, handler })` and agents with `agent({ provider, model, instructions, tools, stopWhen })`. Execute agents with `ctx.agent.run` or `ctx.ai.runAgent` only from actions, workflows, endpoints, or server code. In dev, POST `/ai/agents/run` returns JSON for automation and POST `/ai/agents/chat` returns an AI SDK UIMessage stream for React `useChat`; both accept `agent: "<exportedAgentName>"` and use generated auto-tools from `agentTools.json`.
|
|
261
|
+
|
|
227
262
|
### Export agent adapters
|
|
228
263
|
|
|
229
264
|
Use:
|
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,34 @@
|
|
|
1
1
|
# forgeos
|
|
2
2
|
|
|
3
|
+
## 0.1.0-alpha.4
|
|
4
|
+
|
|
5
|
+
Security assurance and release evidence hardening:
|
|
6
|
+
|
|
7
|
+
- Added value-aware telemetry redaction for known secret values in safe-looking fields, messages, details, outputs, and stack traces.
|
|
8
|
+
- Added webhook signature, timestamp, and replay protection helpers with Stripe/GitHub/generic HMAC coverage.
|
|
9
|
+
- Added HTTP tenant-isolation tests that exercise the dev server/API boundary, not only the internal runtime executor.
|
|
10
|
+
- Added `forge rls mutate-test --json` to kill dangerous generated RLS mutations such as missing FORCE RLS, missing policies, unconditional predicates, and `BYPASSRLS`.
|
|
11
|
+
- Extended `forge security prove --json` with RLS mutation proof and invariant-level evidence metadata.
|
|
12
|
+
- Added scripts to split security evidence by invariant and emit basic release supply-chain evidence plus CycloneDX SBOM.
|
|
13
|
+
- Strengthened publish/security workflows so release gates use Postgres-backed security proof, RLS mutation proof, release evidence, and SBOM generation.
|
|
14
|
+
|
|
15
|
+
## 0.1.0-alpha.3
|
|
16
|
+
|
|
17
|
+
Native Forge AI agents on top of Vercel AI SDK v6:
|
|
18
|
+
|
|
19
|
+
- Added `aiTool` and `agent` primitives with generated `agentTools.json` / `agentTools.md`.
|
|
20
|
+
- Added `ctx.agent.run` and `ctx.ai.runAgent` using AI SDK `ToolLoopAgent`.
|
|
21
|
+
- Added auto-tools for commands, queries, and liveQueries with read-only vs approval-required writes.
|
|
22
|
+
- Added dev agent endpoints: `POST /ai/agents/run` and `POST /ai/agents/chat`.
|
|
23
|
+
- Extended `forge ai` CLI with `tools`, `agents`, and `trace` subcommands.
|
|
24
|
+
- Added `forge inspect agent-tools` and agent tool metadata in `agentContract.json`.
|
|
25
|
+
- Upgraded runtime dependency to AI SDK v6 for tool calling, streaming UI, and MCP compatibility.
|
|
26
|
+
|
|
27
|
+
Documentation:
|
|
28
|
+
|
|
29
|
+
- Added public [AI](https://forgeos.readthedocs.io/en/latest/ai/) page and AST-aware `rename command` codemod docs.
|
|
30
|
+
- Expanded ReadTheDocs to full agent-native coverage: agent workflow (`forge do`), frontend/liveQuery, security/data, authoring, testing/repair, self-host, templates, Material theme, and changelog page.
|
|
31
|
+
|
|
3
32
|
## 0.1.0-alpha.2
|
|
4
33
|
|
|
5
34
|
Windows and generated-app hardening:
|
package/README.md
CHANGED
|
@@ -2,9 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
Agent-native application framework and compiler for building Forge apps without a mandatory dashboard. ForgeOS turns application source into deterministic runtime contracts, generated clients, safety checks, and machine-readable context that humans and AI coding agents can use safely.
|
|
4
4
|
|
|
5
|
-
**Status:** private/public alpha MVP, implemented through
|
|
5
|
+
**Status:** private/public alpha MVP, implemented through H43. ForgeOS already includes the compiler, local runtime, frontend SDK, production auth, RLS compiler, liveQuery, self-host artifacts, generated agent contract, guided dev loop, repair/review/test tooling, AST-aware codemods, package intelligence, native AI tools/agents, npm alpha publishing, and Read the Docs public docs. Public release hardening is still focused on deeper semantic codemods, broader field reports, and more production mileage.
|
|
6
6
|
|
|
7
|
-
Public docs
|
|
7
|
+
Public docs live at [forgeos.readthedocs.io](https://forgeos.readthedocs.io/). The repo builds them with `.readthedocs.yaml`, `mkdocs.yml`, and `docs/index.md`.
|
|
8
|
+
|
|
9
|
+
Start with [Why ForgeOS](https://forgeos.readthedocs.io/en/latest/why-forgeos/) to understand the agent-native design.
|
|
8
10
|
|
|
9
11
|
## Agent-First Quickstart
|
|
10
12
|
|
|
@@ -138,7 +140,7 @@ forge.lock
|
|
|
138
140
|
| Auth | dev headers, JWT, OIDC discovery/JWKS verification via `jose`, production-mode guardrails |
|
|
139
141
|
| RLS | Postgres RLS SQL compiler/checks for DB-enforced tenant isolation |
|
|
140
142
|
| Secrets/env | secret registry, env schema, redaction, strict `process.env` checks |
|
|
141
|
-
| AI | provider registry, `ctx.ai`, mock mode, telemetry without prompt/output retention by default |
|
|
143
|
+
| AI | Vercel AI SDK v6 engine, provider registry, `ctx.ai`, `ctx.agent.run`, `aiTool`, `agent`, `/ai/agents/run` JSON automation, `/ai/agents/chat` UIMessage streaming, `forge ai trace`, mock mode, telemetry without prompt/output retention by default |
|
|
142
144
|
| Frontend | generated client SDK, React/Next hooks, template app, liveQuery client support |
|
|
143
145
|
| LiveQuery | durable invalidation log, reconnect/resume semantics, production hardening checks |
|
|
144
146
|
| Self-host | compose/deploy artifacts and self-host checks |
|
|
@@ -214,6 +216,7 @@ Common command groups:
|
|
|
214
216
|
Refactor codemods are AST-aware where safety matters most:
|
|
215
217
|
|
|
216
218
|
- `forge refactor extract-action` is binding-aware and preserves unrelated imports, type-only imports, and shadowed locals.
|
|
219
|
+
- `forge refactor rename command <oldName> <newName>` rewrites command declarations, generated client references, React hook usage, tests, and safe string references while preserving unrelated symbols.
|
|
217
220
|
- `forge refactor rename field <table.field> <table.field>` rewrites structured TS/JS/JSX/TSX and JSON references, preserves locals, and scopes the field change to files/objects linked to the target table. For example, `tickets.priority -> tickets.urgency` does not rewrite a generic `priority` prop in a component with no `tickets` binding.
|
|
218
221
|
- `forge refactor rename table <from> <to>` rewrites table definitions, `ctx.db.<table>` access, policy strings, JSON/blueprints, and import/export specifiers while preserving unrelated locals with the same name.
|
|
219
222
|
|
|
@@ -242,12 +245,23 @@ See [`examples/showcase-forge-app`](examples/showcase-forge-app/README.md).
|
|
|
242
245
|
|
|
243
246
|
```bash
|
|
244
247
|
cd examples/showcase-forge-app
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
+
npm install
|
|
249
|
+
npm run generate
|
|
250
|
+
npm run dev
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
For the reproducible public proof path:
|
|
254
|
+
|
|
255
|
+
```bash
|
|
256
|
+
npm run proof:inspect
|
|
257
|
+
npm run proof:dev
|
|
258
|
+
npm run proof:capabilities
|
|
259
|
+
npm run proof:verify
|
|
248
260
|
```
|
|
249
261
|
|
|
250
|
-
|
|
262
|
+
Read [`examples/showcase-forge-app/PUBLIC_PROOF.md`](examples/showcase-forge-app/PUBLIC_PROOF.md) for the full walkthrough.
|
|
263
|
+
|
|
264
|
+
Examples are source-only where practical: generated artifacts, `forge.lock`, package lockfiles, and operational `.forge/**` state are recreated locally. The showcase demonstrates tenant-scoped data, policies, commands, queries, liveQueries, outbox actions, workflows, mock AI, telemetry trace IDs, generated React hooks, `agentContract`, `frontendGraph`, `capabilityMap`, and the standard agent handoff loop.
|
|
251
265
|
|
|
252
266
|
## Platform Support
|
|
253
267
|
|
|
@@ -323,7 +337,7 @@ For the first prerelease publish, use the alpha dist-tag explicitly:
|
|
|
323
337
|
|
|
324
338
|
```bash
|
|
325
339
|
npm run release:publish-local-alpha -- --dry-run
|
|
326
|
-
npm run release:publish-
|
|
340
|
+
npm run release:publish-alpha
|
|
327
341
|
```
|
|
328
342
|
|
|
329
343
|
The normal path is:
|
|
@@ -346,7 +360,7 @@ Configure npm Trusted Publisher for package `forgeos`:
|
|
|
346
360
|
| Environment | blank |
|
|
347
361
|
| Allowed action | `npm publish` |
|
|
348
362
|
|
|
349
|
-
Do not add `NPM_TOKEN` for normal releases. Alpha releases publish with the `alpha` dist-tag so prerelease builds do not become `latest` accidentally.
|
|
363
|
+
Do not add `NPM_TOKEN` for normal releases. Alpha releases publish with the `alpha` dist-tag so prerelease builds do not become `latest` accidentally. Use `release:publish-local-alpha -- --dry-run` only to validate the staged tarball locally; real npm publishing should go through `release:publish-alpha`, which dispatches `publish.yml` and uses npm OIDC Trusted Publisher. The workflow checks whether the package version already exists before installing dependencies or running tests, then uses `id-token: write`, Node 24/npm 11+, and provenance for the actual publish. `npm run release:smoke` runs `npm pack`, creates a fresh app with the packed tarball, installs dependencies, runs `forge dev --once --json`, and verifies the app smoke path.
|
|
350
364
|
|
|
351
365
|
## Milestone History
|
|
352
366
|
|
|
@@ -393,11 +407,12 @@ H39 Showcase app
|
|
|
393
407
|
H40 Windows/runtime hardening
|
|
394
408
|
H41 Node-compatible CLI/runtime
|
|
395
409
|
H42 Verify observability and quieter app workspaces
|
|
410
|
+
H43 Native AI tools and agent loop
|
|
396
411
|
```
|
|
397
412
|
|
|
398
413
|
## Remaining Hardening Before Public Release
|
|
399
414
|
|
|
400
|
-
- Keep expanding semantic codemods beyond the current AST-aware `extract-action`, `rename field`, and `rename table` paths.
|
|
415
|
+
- Keep expanding semantic codemods beyond the current AST-aware `extract-action`, `rename command`, `rename field`, and `rename table` paths.
|
|
401
416
|
- Reduce command-selection risk with more task routers and richer inline diagnostics.
|
|
402
417
|
- Keep hardening native Windows setup beyond diagnostics and safe automatic environment fixes.
|
|
403
418
|
- Keep broadening package manager CI from template smoke toward install/build smoke for pnpm and yarn apps.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "forgeos",
|
|
3
|
-
"version": "0.1.0-alpha.
|
|
3
|
+
"version": "0.1.0-alpha.4",
|
|
4
4
|
"description": "Agent-native application framework and compiler for building Forge apps without a mandatory dashboard.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"files": [
|
|
@@ -36,6 +36,9 @@
|
|
|
36
36
|
"release": "changeset publish --tag alpha",
|
|
37
37
|
"release:pack": "npm pack --dry-run",
|
|
38
38
|
"release:smoke": "node scripts/smoke-packed-package.mjs",
|
|
39
|
+
"release:evidence": "node scripts/write-release-evidence.mjs",
|
|
40
|
+
"security:evidence": "node scripts/write-security-evidence.mjs",
|
|
41
|
+
"release:publish-alpha": "node scripts/publish-trusted-alpha.mjs",
|
|
39
42
|
"release:publish-local-alpha": "node scripts/publish-local-alpha.mjs",
|
|
40
43
|
"field:test": "node scripts/field-test-forgeos.mjs",
|
|
41
44
|
"forge": "node ./bin/forge.mjs",
|
|
@@ -59,7 +62,7 @@
|
|
|
59
62
|
"type": "git",
|
|
60
63
|
"url": "git+https://github.com/Stahldavid/forge.git"
|
|
61
64
|
},
|
|
62
|
-
"homepage": "https://
|
|
65
|
+
"homepage": "https://forgeos.readthedocs.io/",
|
|
63
66
|
"bugs": {
|
|
64
67
|
"url": "https://github.com/Stahldavid/forge/issues"
|
|
65
68
|
},
|
|
@@ -72,10 +75,10 @@
|
|
|
72
75
|
"cli"
|
|
73
76
|
],
|
|
74
77
|
"dependencies": {
|
|
75
|
-
"@ai-sdk/anthropic": "^
|
|
76
|
-
"@ai-sdk/openai": "^
|
|
78
|
+
"@ai-sdk/anthropic": "^3.0.84",
|
|
79
|
+
"@ai-sdk/openai": "^3.0.71",
|
|
77
80
|
"@electric-sql/pglite": "^0.2.17",
|
|
78
|
-
"ai": "^
|
|
81
|
+
"ai": "^6.0.205",
|
|
79
82
|
"jose": "^6.2.3",
|
|
80
83
|
"postgres": "^3.4.5",
|
|
81
84
|
"react": "^19.2.7",
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// @forge-generated generator=0.1.0-alpha.
|
|
2
|
-
{"analyzerVersion":"0.1.0","byEvent":{},"diagnostics":[],"generatorVersion":"0.1.0-alpha.
|
|
1
|
+
// @forge-generated generator=0.1.0-alpha.4 input=4af795b70ec62dc5967f6e9b78865cfbc8afb09275e575845cf80a360b3b85e2 content=e38472b113dc79a2390dcbc2f51741b8a86e33c858849367109b170f347b056e
|
|
2
|
+
{"analyzerVersion":"0.1.0","byEvent":{},"diagnostics":[],"generatorVersion":"0.1.0-alpha.4","inputHash":"c52261a0b76af0f64feadff97d3852e815fa814de2566d0d1fce9e4805d1bfab","schemaVersion":"0.1.0","subscriptions":[]}
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
// @forge-generated generator=0.1.0-alpha.
|
|
1
|
+
// @forge-generated generator=0.1.0-alpha.4 input=4af795b70ec62dc5967f6e9b78865cfbc8afb09275e575845cf80a360b3b85e2 content=a5b050935bb13ffac31c4e8f6b4a0a5e08cd84e7df079cce295b225302323b3a
|
|
2
2
|
export const actionSubscriptions = {
|
|
3
3
|
"analyzerVersion": "0.1.0",
|
|
4
4
|
"byEvent": {},
|
|
5
5
|
"diagnostics": [],
|
|
6
|
-
"generatorVersion": "0.1.0-alpha.
|
|
7
|
-
"inputHash": "
|
|
6
|
+
"generatorVersion": "0.1.0-alpha.4",
|
|
7
|
+
"inputHash": "c52261a0b76af0f64feadff97d3852e815fa814de2566d0d1fce9e4805d1bfab",
|
|
8
8
|
"schemaVersion": "0.1.0",
|
|
9
9
|
"subscriptions": []
|
|
10
10
|
} as const;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
// @forge-generated generator=0.1.0-alpha.
|
|
2
|
-
{"generatorVersion":"0.1.0-alpha.
|
|
1
|
+
// @forge-generated generator=0.1.0-alpha.4 input=4af795b70ec62dc5967f6e9b78865cfbc8afb09275e575845cf80a360b3b85e2 content=488bf387fd048437f772a253b7b64f6a51c25d1f2e6d7d07f7a8c971e0c8c90d
|
|
2
|
+
{"generatorVersion":"0.1.0-alpha.4","schemaVersion":"0.1.0","sourceHash":"sha256:69500f8aefc9e77c7049e70279cadc0242fbeb0be0390ef26b051889956ad680","targets":[{"adapterVersion":"agent-adapter-0.1.0","default":true,"files":["AGENTS.md",".forge/agent/context.json",".forge/agent/commands.json",".forge/agent/done-criteria.json",".forge/agent/playbooks/add-command.md",".forge/agent/playbooks/add-query.md",".forge/agent/playbooks/add-livequery.md",".forge/agent/playbooks/add-resource.md",".forge/agent/playbooks/refactor-field.md",".forge/agent/playbooks/fix-policy-denied.md",".forge/agent/playbooks/fix-guard-violation.md",".forge/agent/playbooks/upgrade-package.md",".forge/agent/playbooks/debug-trace.md",".forge/agent/playbooks/frontend-change.md",".forge/agent/playbooks/self-host-check.md"],"formatVersion":"2026-06","name":"generic"},{"adapterVersion":"agent-adapter-0.1.0","files":[".codex/skills/forge-add-command/SKILL.md",".codex/skills/forge-add-resource/SKILL.md",".codex/skills/forge-fix-guard-violation/SKILL.md",".codex/skills/forge-fix-policy-denied/SKILL.md",".codex/skills/forge-upgrade-package/SKILL.md",".codex/skills/forge-debug-trace/SKILL.md",".codex/agents/forge-explorer.toml",".codex/agents/forge-worker.toml",".codex/agents/forge-reviewer.toml",".codex/agents/forge-security.toml"],"formatVersion":"2026-06","name":"codex","optional":true},{"adapterVersion":"agent-adapter-0.1.0","files":[".cursor/rules/forge-runtime.mdc",".cursor/rules/forge-frontend.mdc",".cursor/rules/forge-security.mdc",".cursor/rules/forge-workflow.mdc"],"formatVersion":"2026-06","name":"cursor","optional":true},{"adapterVersion":"agent-adapter-0.1.0","files":["CLAUDE.md",".claude/forge-runtime.md",".claude/forge-playbooks.md",".claude/forge-security.md"],"formatVersion":"2026-06","name":"claude","optional":true}]}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
// @forge-generated generator=0.1.0-alpha.
|
|
1
|
+
// @forge-generated generator=0.1.0-alpha.4 input=4af795b70ec62dc5967f6e9b78865cfbc8afb09275e575845cf80a360b3b85e2 content=a111bf4de7c15892a6465afaf86be51e792266d18f2f526fd03a78f9f08f89c6
|
|
2
2
|
export const agentAdapterManifest = {
|
|
3
|
-
"generatorVersion": "0.1.0-alpha.
|
|
3
|
+
"generatorVersion": "0.1.0-alpha.4",
|
|
4
4
|
"schemaVersion": "0.1.0",
|
|
5
|
-
"sourceHash": "sha256:
|
|
5
|
+
"sourceHash": "sha256:69500f8aefc9e77c7049e70279cadc0242fbeb0be0390ef26b051889956ad680",
|
|
6
6
|
"targets": [
|
|
7
7
|
{
|
|
8
8
|
"adapterVersion": "agent-adapter-0.1.0",
|