vibe-forge 0.2.1 → 0.3.0

package/.claude/commands/forge.md

@@ -18,23 +18,23 @@ Based on the first argument, do ONE of the following:
 You are now the **Vibe Forge Planning Hub** - a multi-expert planning team.
 
 #### Your Identity
-@agents/planning-hub/personality.md
+@_vibe-forge/agents/planning-hub/personality.md
 
 #### Project Context
 @context/project-context.md
 
 #### Current Forge State
-@context/forge-state.yaml
+@_vibe-forge/context/forge-state.yaml
 
 #### Task Overview
 Pending tasks:
-!`ls tasks/pending/ 2>/dev/null || echo "None"`
+!`ls _vibe-forge/tasks/pending/ 2>/dev/null || echo "None"`
 
 In-progress tasks:
-!`ls tasks/in-progress/ 2>/dev/null || echo "None"`
+!`ls _vibe-forge/tasks/in-progress/ 2>/dev/null || echo "None"`
 
 Tasks needing changes:
-!`ls tasks/needs-changes/ 2>/dev/null || echo "None"`
+!`ls _vibe-forge/tasks/needs-changes/ 2>/dev/null || echo "None"`
 
 **Startup:** Display the team assembly welcome as shown in your personality's Startup Behavior section. Show the forge council assembling, then check current work status.
 
@@ -45,15 +45,15 @@ Tasks needing changes:
 Display a formatted status dashboard:
 
 #### Forge State
-@context/forge-state.yaml
+@_vibe-forge/context/forge-state.yaml
 
 #### Task Counts
-!`echo "Pending:       $(ls tasks/pending/*.md 2>/dev/null | wc -l || echo 0)"`
-!`echo "In Progress:   $(ls tasks/in-progress/*.md 2>/dev/null | wc -l || echo 0)"`
-!`echo "Completed:     $(ls tasks/completed/*.md 2>/dev/null | wc -l || echo 0)"`
-!`echo "In Review:     $(ls tasks/review/*.md 2>/dev/null | wc -l || echo 0)"`
-!`echo "Needs Changes: $(ls tasks/needs-changes/*.md 2>/dev/null | wc -l || echo 0)"`
-!`echo "Approved:      $(ls tasks/approved/*.md 2>/dev/null | wc -l || echo 0)"`
+!`echo "Pending:       $(ls _vibe-forge/tasks/pending/*.md 2>/dev/null | wc -l || echo 0)"`
+!`echo "In Progress:   $(ls _vibe-forge/tasks/in-progress/*.md 2>/dev/null | wc -l || echo 0)"`
+!`echo "Completed:     $(ls _vibe-forge/tasks/completed/*.md 2>/dev/null | wc -l || echo 0)"`
+!`echo "In Review:     $(ls _vibe-forge/tasks/review/*.md 2>/dev/null | wc -l || echo 0)"`
+!`echo "Needs Changes: $(ls _vibe-forge/tasks/needs-changes/*.md 2>/dev/null | wc -l || echo 0)"`
+!`echo "Approved:      $(ls _vibe-forge/tasks/approved/*.md 2>/dev/null | wc -l || echo 0)"`
 
 Format output like:
 ```
@@ -87,7 +87,7 @@ If `$2` is empty, show the table above and ask which agent to spawn.
 If `$2` is provided, run:
 
 ```bash
-./bin/forge-spawn.sh $2
+./_vibe-forge/bin/forge-spawn.sh $2
 ```
 
 Confirm the spawn. If an alias was used (e.g., "frontend"), mention the resolved name: "Spawning **Anvil** (frontend)..."
@@ -99,17 +99,17 @@ Confirm the spawn. If an alias was used (e.g., "frontend"), mention the resolved
 **Task description:** `$2` `$3` `$4` (remaining arguments)
 
 #### Task Template
-@config/task-template.md
+@_vibe-forge/config/task-template.md
 
 #### Existing Tasks
-!`ls tasks/pending/ 2>/dev/null || echo "None pending"`
+!`ls _vibe-forge/tasks/pending/ 2>/dev/null || echo "None pending"`
 
 If no description provided, ask:
 - What needs to be done?
 - Which agent? (anvil, furnace, crucible, sentinel, scribe, herald, ember, aegis)
 - Priority? (high, medium, low)
 
-Generate task ID as `task-XXX` (next sequential number), create file at `tasks/pending/task-XXX.md`.
+Generate task ID as `task-XXX` (next sequential number), create file at `_vibe-forge/tasks/pending/task-XXX.md`.
 
 ---
 

package/.claude/settings.local.json

@@ -1,7 +1,16 @@
 {
   "permissions": {
     "allow": [
-      "Bash(ls:*)"
+      "Bash(ls:*)",
+      "Bash(git pull:*)",
+      "Bash(npm view:*)",
+      "Bash(gh run list:*)",
+      "Bash(gh run view:*)",
+      "Bash(gh secret list:*)",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(gh workflow run:*)",
+      "Bash(gh repo view:*)"
     ]
   }
 }

package/bin/forge-setup.sh

@@ -305,7 +305,36 @@ configure_daemon() {
 }
 
 # =============================================================================
-# STEP 8: Create Project Context
+# STEP 8: Install Slash Command
+# =============================================================================
+
+install_slash_command() {
+    echo ""
+    echo "Installing /forge slash command..."
+
+    # Parent project directory (one level up from _vibe-forge)
+    local parent_dir
+    parent_dir="$(dirname "$FORGE_ROOT")"
+
+    local target_dir="$parent_dir/.claude/commands"
+    local source_file="$FORGE_ROOT/.claude/commands/forge.md"
+
+    # Create .claude/commands in parent project if it doesn't exist
+    mkdir -p "$target_dir"
+
+    # Copy the forge command
+    if [[ -f "$source_file" ]]; then
+        cp "$source_file" "$target_dir/forge.md"
+        echo -e "${GREEN}✅ Slash command installed:${NC} $target_dir/forge.md"
+        echo "   Use /forge in Claude Code to access Vibe Forge"
+    else
+        echo -e "${YELLOW}⚠️  Could not find forge command template${NC}"
+        echo "   You may need to manually copy .claude/commands/forge.md"
+    fi
+}
+
+# =============================================================================
+# STEP 9: Create Project Context
 # =============================================================================
 
 detect_project_info() {
@@ -414,7 +443,7 @@ EOF
 }
 
 # =============================================================================
-# STEP 9: Setup Complete
+# STEP 10: Setup Complete
 # =============================================================================
 
 setup_complete() {
@@ -423,11 +452,12 @@ setup_complete() {
     echo -e "${GREEN}🔥 Vibe Forge initialized!${NC}"
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo ""
-    echo "Ready to start! Run:"
+    echo "Ready to start! Open Claude Code in this project and run:"
     echo ""
-    echo -e "  ${BLUE}forge${NC}              Start the Planning Hub"
-    echo -e "  ${BLUE}forge status${NC}       Check forge status"
-    echo -e "  ${BLUE}forge help${NC}         See all commands"
+    echo -e "  ${BLUE}/forge${NC}              Start the Planning Hub"
+    echo -e "  ${BLUE}/forge status${NC}       Show status dashboard"
+    echo -e "  ${BLUE}/forge spawn anvil${NC}  Spawn a worker agent"
+    echo -e "  ${BLUE}/forge help${NC}         See all commands"
     echo ""
     echo "Optional: Edit context/project-context.md to add more details."
     echo ""
@@ -446,6 +476,7 @@ main() {
     if validate_setup; then
         configure_terminal
         configure_daemon
+        install_slash_command
         create_project_context
         setup_complete
     else

package/docs/npm-publishing.md

@@ -0,0 +1,95 @@
+# npm Publishing with OIDC Trusted Publishing
+
+This document explains how Vibe Forge publishes to npm using GitHub Actions OIDC trusted publishing - no npm tokens required.
+
+## Overview
+
+npm's [trusted publishing](https://docs.npmjs.com/trusted-publishers/) uses OpenID Connect (OIDC) to authenticate GitHub Actions workflows directly with npm. This eliminates the need to store npm tokens as secrets.
+
+## Requirements
+
+1. **npm CLI v11.5.1+** - OIDC support was added in npm 11.5.1
+2. **Public GitHub repository** - Provenance attestation only works with public repos
+3. **Trusted Publisher configured on npmjs.com** - Links your package to your GitHub repo
+
+## Setup
+
+### 1. Configure Trusted Publisher on npm
+
+1. Go to https://www.npmjs.com/package/vibe-forge/access
+2. Under "Trusted Publishers", add a new publisher:
+   - **Publisher**: GitHub Actions
+   - **Organization/user**: SpasticPalate
+   - **Repository**: vibe-forge
+   - **Workflow filename**: publish.yml
+   - **Environment name**: (leave empty)
+
+### 2. GitHub Actions Workflow
+
+The workflow requires specific permissions and npm version:
+
+```yaml
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write  # Required for OIDC token generation
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      # npm 11.5.1+ required for OIDC
+      - run: npm install -g npm@latest
+
+      - run: npm publish --provenance --access public
+```
+
+Key points:
+- `id-token: write` permission enables OIDC token generation
+- `--provenance` flag enables signed provenance attestation
+- No `NODE_AUTH_TOKEN` or `NPM_TOKEN` needed
+
+## Troubleshooting
+
+### "Access token expired or revoked" with E404
+
+**Cause**: npm CLI version is too old (< 11.5.1)
+
+**Fix**: Add `npm install -g npm@latest` before publishing
+
+### "Unsupported GitHub Actions source repository visibility: private"
+
+**Cause**: Provenance attestation only works with public repositories
+
+**Fix**: Either make the repo public, or remove `--provenance` and use a granular npm token instead
+
+### "ENEEDAUTH - need auth"
+
+**Cause**: OIDC token not being generated/used
+
+**Fix**: Ensure `id-token: write` permission is set on the job
+
+### 404 on publish despite correct setup
+
+**Cause**: Trusted Publisher configuration doesn't match workflow
+
+**Fix**: Verify on npmjs.com that:
+- Organization/user matches exactly (case-sensitive)
+- Repository name matches exactly
+- Workflow filename matches exactly (e.g., `publish.yml`)
+
+## Benefits
+
+- **No secrets to manage** - No npm tokens to rotate or accidentally expose
+- **Provenance attestation** - Packages are cryptographically signed with build info
+- **Audit trail** - Provenance is published to Sigstore transparency log
+
+## References
+
+- [npm Trusted Publishers](https://docs.npmjs.com/trusted-publishers/)
+- [npm Provenance](https://docs.npmjs.com/generating-provenance-statements/)
+- [GitHub: npm trusted publishing GA](https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vibe-forge",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "Multi-agent development orchestration system for terminal-native vibe coding",
   "keywords": [
     "vibe-coding",