PyPI - multi-forge - Versions diffs - 0.2.0__py3-none-any.whl - Mend

multi-forge 0.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (311) hide show

forge/__init__.py +3 -0
forge/_extensions/agents/.gitkeep +0 -0
forge/_extensions/commands/.gitkeep +0 -0
forge/_extensions/skills/analyze/SKILL.md +87 -0
forge/_extensions/skills/challenge/SKILL.md +91 -0
forge/_extensions/skills/consensus/SKILL.md +120 -0
forge/_extensions/skills/consensus/resources/code_consensus_evaluation.md +94 -0
forge/_extensions/skills/consensus/resources/consensus_evaluation.md +70 -0
forge/_extensions/skills/consensus/resources/synthesis.md +101 -0
forge/_extensions/skills/debate/SKILL.md +116 -0
forge/_extensions/skills/debate/resources/code_debate_evaluation.md +101 -0
forge/_extensions/skills/debate/resources/debate_evaluation.md +90 -0
forge/_extensions/skills/panel/SKILL.md +141 -0
forge/_extensions/skills/panel/resources/synthesis.md +103 -0
forge/_extensions/skills/qa/SKILL.md +704 -0
forge/_extensions/skills/qa/resources/checklist/0-enable.md +78 -0
forge/_extensions/skills/qa/resources/checklist/1-preflight.md +24 -0
forge/_extensions/skills/qa/resources/checklist/10-resume.md +143 -0
forge/_extensions/skills/qa/resources/checklist/11-config.md +150 -0
forge/_extensions/skills/qa/resources/checklist/12-search.md +58 -0
forge/_extensions/skills/qa/resources/checklist/13-guard.md +237 -0
forge/_extensions/skills/qa/resources/checklist/14-workflow.md +305 -0
forge/_extensions/skills/qa/resources/checklist/15-skills.md +155 -0
forge/_extensions/skills/qa/resources/checklist/16-handoff.md +224 -0
forge/_extensions/skills/qa/resources/checklist/17-info.md +50 -0
forge/_extensions/skills/qa/resources/checklist/18-disable.md +84 -0
forge/_extensions/skills/qa/resources/checklist/19-uninstall.md +146 -0
forge/_extensions/skills/qa/resources/checklist/2-extensions.md +188 -0
forge/_extensions/skills/qa/resources/checklist/20-cleanup.md +36 -0
forge/_extensions/skills/qa/resources/checklist/3-auth.md +234 -0
forge/_extensions/skills/qa/resources/checklist/4-proxy.md +481 -0
forge/_extensions/skills/qa/resources/checklist/5-session.md +541 -0
forge/_extensions/skills/qa/resources/checklist/6-hooks.md +275 -0
forge/_extensions/skills/qa/resources/checklist/7-costs.md +309 -0
forge/_extensions/skills/qa/resources/checklist/8-status-line.md +174 -0
forge/_extensions/skills/qa/resources/checklist/9-direct-commands.md +146 -0
forge/_extensions/skills/qa/resources/checklist.md +103 -0
forge/_extensions/skills/qa/resources/report-template.md +62 -0
forge/_extensions/skills/qa/scripts/start-container.sh +529 -0
forge/_extensions/skills/qa/scripts/walkthrough-state.py +1137 -0
forge/_extensions/skills/review/SKILL.md +125 -0
forge/_extensions/skills/review/references/claude-4.6.md +474 -0
forge/_extensions/skills/review/references/claude-4.7.md +710 -0
forge/_extensions/skills/review/references/gemini-3.1.md +546 -0
forge/_extensions/skills/review/references/gpt-5.5.md +490 -0
forge/_extensions/skills/review/references/skills-writing-guide.md +1588 -0
forge/_extensions/skills/review/resources/code-anthropic.md +160 -0
forge/_extensions/skills/review/resources/code-gemini.md +184 -0
forge/_extensions/skills/review/resources/code-openai.md +203 -0
forge/_extensions/skills/review/resources/code.md +160 -0
forge/_extensions/skills/review-docs/SKILL.md +121 -0
forge/_extensions/skills/review-docs/resources/docs-anthropic.md +170 -0
forge/_extensions/skills/review-docs/resources/docs-gemini.md +204 -0
forge/_extensions/skills/review-docs/resources/docs-openai.md +231 -0
forge/_extensions/skills/review-docs/resources/docs.md +170 -0
forge/_extensions/skills/smoke-test/SKILL.md +27 -0
forge/_extensions/skills/smoke-test/scripts/smoke-test.sh +118 -0
forge/_extensions/skills/understand/SKILL.md +148 -0
forge/_extensions/skills/understand/resources/code-anthropic.md +163 -0
forge/_extensions/skills/understand/resources/code-gemini.md +194 -0
forge/_extensions/skills/understand/resources/code-openai.md +181 -0
forge/_extensions/skills/understand/resources/code.md +163 -0
forge/_extensions/skills/understand/resources/docs-anthropic.md +177 -0
forge/_extensions/skills/understand/resources/docs-gemini.md +202 -0
forge/_extensions/skills/understand/resources/docs-openai.md +191 -0
forge/_extensions/skills/understand/resources/docs.md +177 -0
forge/_extensions/skills/walkthrough/SKILL.md +599 -0
forge/_extensions/skills/walkthrough/resources/checklist.md +765 -0
forge/_extensions/skills/walkthrough/scripts/run-in-repo.sh +118 -0
forge/_extensions/skills/walkthrough/scripts/setup-test-repo.sh +198 -0
forge/_extensions/skills/walkthrough/scripts/walkthrough-state.py +1137 -0
forge/backend/__init__.py +174 -0
forge/backend/adapters/__init__.py +38 -0
forge/backend/adapters/litellm.py +158 -0
forge/backend/creation.py +89 -0
forge/backend/registry.py +178 -0
forge/cli/__init__.py +16 -0
forge/cli/auth.py +483 -0
forge/cli/backend.py +298 -0
forge/cli/claude.py +411 -0
forge/cli/config_cmd.py +303 -0
forge/cli/extensions.py +1001 -0
forge/cli/gc.py +165 -0
forge/cli/guard.py +1018 -0
forge/cli/guards.py +106 -0
forge/cli/handoff.py +110 -0
forge/cli/hooks/__init__.py +36 -0
forge/cli/hooks/_group.py +20 -0
forge/cli/hooks/_helpers.py +149 -0
forge/cli/hooks/commands.py +1677 -0
forge/cli/hooks/direct_commands.py +1304 -0
forge/cli/hooks/install.py +232 -0
forge/cli/hooks/policy.py +151 -0
forge/cli/hooks/read_hygiene.py +74 -0
forge/cli/hooks/verification.py +370 -0
forge/cli/logs.py +406 -0
forge/cli/main.py +292 -0
forge/cli/proxy.py +1821 -0
forge/cli/proxy_costs.py +313 -0
forge/cli/search.py +416 -0
forge/cli/session.py +892 -0
forge/cli/session_addendum.py +81 -0
forge/cli/session_fork.py +750 -0
forge/cli/session_handoff.py +141 -0
forge/cli/session_lifecycle.py +2053 -0
forge/cli/session_manage.py +1336 -0
forge/cli/session_memory.py +201 -0
forge/cli/status_line.py +1398 -0
forge/cli/workflow.py +1964 -0
forge/config/__init__.py +110 -0
forge/config/dataclass_utils.py +88 -0
forge/config/defaults/__init__.py +0 -0
forge/config/defaults/backends/__init__.py +0 -0
forge/config/defaults/backends/litellm.yaml +196 -0
forge/config/defaults/templates/__init__.py +0 -0
forge/config/defaults/templates/litellm-anthropic-local.yaml +33 -0
forge/config/defaults/templates/litellm-anthropic.yaml +24 -0
forge/config/defaults/templates/litellm-gemini-flash-local.yaml +37 -0
forge/config/defaults/templates/litellm-gemini-local.yaml +32 -0
forge/config/defaults/templates/litellm-gemini-test.yaml +34 -0
forge/config/defaults/templates/litellm-gemini.yaml +21 -0
forge/config/defaults/templates/litellm-openai-codex-local.yaml +36 -0
forge/config/defaults/templates/litellm-openai-local.yaml +38 -0
forge/config/defaults/templates/litellm-openai.yaml +28 -0
forge/config/defaults/templates/openrouter-anthropic.yaml +23 -0
forge/config/defaults/templates/openrouter-deepseek.yaml +26 -0
forge/config/defaults/templates/openrouter-gemini-flash.yaml +26 -0
forge/config/defaults/templates/openrouter-gemini.yaml +23 -0
forge/config/defaults/templates/openrouter-glm.yaml +23 -0
forge/config/defaults/templates/openrouter-kimi.yaml +30 -0
forge/config/defaults/templates/openrouter-minimax.yaml +26 -0
forge/config/defaults/templates/openrouter-openai-codex.yaml +23 -0
forge/config/defaults/templates/openrouter-openai.yaml +28 -0
forge/config/defaults/templates/openrouter-qwen.yaml +25 -0
forge/config/loader.py +675 -0
forge/config/schema.py +448 -0
forge/core/__init__.py +5 -0
forge/core/auth/__init__.py +67 -0
forge/core/auth/capabilities.py +219 -0
forge/core/auth/credentials_file.py +244 -0
forge/core/auth/protocols.py +18 -0
forge/core/auth/secrets.py +243 -0
forge/core/auth/template_secrets.py +112 -0
forge/core/data/__init__.py +5 -0
forge/core/data/model_catalog.yaml +1522 -0
forge/core/data/pricing.yaml +140 -0
forge/core/data/system_prompt_addendums/__init__.py +0 -0
forge/core/data/system_prompt_addendums/gemini.md +330 -0
forge/core/data/system_prompt_addendums/openai.md +328 -0
forge/core/llm/__init__.py +231 -0
forge/core/llm/clients/__init__.py +14 -0
forge/core/llm/clients/base.py +115 -0
forge/core/llm/clients/litellm.py +619 -0
forge/core/llm/clients/openai_compat.py +244 -0
forge/core/llm/clients/openrouter.py +234 -0
forge/core/llm/credentials.py +439 -0
forge/core/llm/detection.py +86 -0
forge/core/llm/errors.py +44 -0
forge/core/llm/protocols.py +80 -0
forge/core/llm/types.py +176 -0
forge/core/logging.py +146 -0
forge/core/models/__init__.py +91 -0
forge/core/models/catalog.py +467 -0
forge/core/models/pricing.py +165 -0
forge/core/models/types.py +167 -0
forge/core/naming.py +212 -0
forge/core/ops/__init__.py +73 -0
forge/core/ops/context.py +141 -0
forge/core/ops/gc.py +802 -0
forge/core/ops/proxy.py +146 -0
forge/core/ops/resolution.py +135 -0
forge/core/ops/session.py +344 -0
forge/core/ops/session_context.py +548 -0
forge/core/paths.py +38 -0
forge/core/process.py +54 -0
forge/core/reactive/__init__.py +38 -0
forge/core/reactive/cost_tracking.py +300 -0
forge/core/reactive/env.py +180 -0
forge/core/reactive/proxy.py +78 -0
forge/core/reactive/routing.py +622 -0
forge/core/reactive/session_runner.py +185 -0
forge/core/reactive/structured_output.py +62 -0
forge/core/reactive/tagger.py +94 -0
forge/core/reactive/throttle.py +132 -0
forge/core/state/__init__.py +59 -0
forge/core/state/exceptions.py +59 -0
forge/core/state/io.py +140 -0
forge/core/state/lock.py +99 -0
forge/core/state/timestamps.py +60 -0
forge/core/transcript.py +78 -0
forge/core/typing_helpers.py +24 -0
forge/core/workqueue/__init__.py +67 -0
forge/core/workqueue/queue.py +552 -0
forge/core/workqueue/types.py +63 -0
forge/guard/__init__.py +26 -0
forge/guard/deterministic/__init__.py +26 -0
forge/guard/deterministic/base.py +158 -0
forge/guard/deterministic/coding_standards.py +256 -0
forge/guard/deterministic/registry.py +148 -0
forge/guard/deterministic/tdd.py +171 -0
forge/guard/engine.py +216 -0
forge/guard/protocols.py +91 -0
forge/guard/queries.py +96 -0
forge/guard/semantic/__init__.py +34 -0
forge/guard/semantic/promotion.py +18 -0
forge/guard/semantic/supervisor.py +813 -0
forge/guard/semantic/verdict.py +183 -0
forge/guard/store.py +124 -0
forge/guard/team/__init__.py +6 -0
forge/guard/team/config.py +24 -0
forge/guard/team/handlers.py +209 -0
forge/guard/team/prompts.py +41 -0
forge/guard/types.py +125 -0
forge/guard/workflow/__init__.py +17 -0
forge/guard/workflow/branches.py +67 -0
forge/guard/workflow/config.py +63 -0
forge/guard/workflow/divergence.py +113 -0
forge/guard/workflow/policy.py +87 -0
forge/guard/workflow/stages.py +205 -0
forge/install/__init__.py +55 -0
forge/install/cli.py +281 -0
forge/install/exceptions.py +163 -0
forge/install/hooks.py +109 -0
forge/install/installer.py +1037 -0
forge/install/models.py +321 -0
forge/install/preset.py +272 -0
forge/install/settings_merge.py +831 -0
forge/install/tracking.py +238 -0
forge/install/version.py +141 -0
forge/proxy/__init__.py +0 -0
forge/proxy/base_client.py +181 -0
forge/proxy/client_adapter.py +476 -0
forge/proxy/client_factory.py +531 -0
forge/proxy/converters.py +1206 -0
forge/proxy/cost_logger.py +132 -0
forge/proxy/cost_tracker.py +242 -0
forge/proxy/data_models.py +338 -0
forge/proxy/error_hints.py +92 -0
forge/proxy/metrics.py +222 -0
forge/proxy/model_spec.py +158 -0
forge/proxy/proxies.py +333 -0
forge/proxy/proxy_identity.py +134 -0
forge/proxy/proxy_orchestrator.py +1018 -0
forge/proxy/proxy_startup.py +54 -0
forge/proxy/server.py +1561 -0
forge/proxy/utils.py +537 -0
forge/review/__init__.py +6 -0
forge/review/adversarial.py +111 -0
forge/review/consensus.py +236 -0
forge/review/engine.py +356 -0
forge/review/models.py +437 -0
forge/review/resources/__init__.py +5 -0
forge/review/resources/codereview-performance.md +85 -0
forge/review/resources/codereview-quick.md +75 -0
forge/review/resources/codereview-security.md +92 -0
forge/review/resources/codereview.md +85 -0
forge/review/resources/docreview-quick.md +75 -0
forge/review/resources/docreview.md +86 -0
forge/review/resources/thinkdeep.md +89 -0
forge/review/routing.py +368 -0
forge/review/synthesis.py +73 -0
forge/runtime_config.py +438 -0
forge/search/__init__.py +55 -0
forge/search/bm25_store.py +264 -0
forge/search/content_store.py +197 -0
forge/search/engine.py +352 -0
forge/search/exceptions.py +51 -0
forge/search/extractor.py +234 -0
forge/search/index_state.py +295 -0
forge/search/store.py +215 -0
forge/search/tokenizer.py +24 -0
forge/session/__init__.py +130 -0
forge/session/active.py +339 -0
forge/session/artifacts.py +202 -0
forge/session/claude/__init__.py +50 -0
forge/session/claude/cleanup.py +105 -0
forge/session/claude/invoke.py +236 -0
forge/session/claude/paths.py +200 -0
forge/session/cleanup.py +216 -0
forge/session/config.py +34 -0
forge/session/direct_model.py +107 -0
forge/session/effective.py +169 -0
forge/session/exceptions.py +255 -0
forge/session/handoff.py +881 -0
forge/session/handoff_agent.py +544 -0
forge/session/hooks/__init__.py +35 -0
forge/session/hooks/models.py +73 -0
forge/session/hooks/session_start.py +507 -0
forge/session/identity.py +84 -0
forge/session/index.py +553 -0
forge/session/manager.py +1506 -0
forge/session/models.py +572 -0
forge/session/overrides.py +344 -0
forge/session/plan_resolution.py +286 -0
forge/session/prev_sessions.py +128 -0
forge/session/store.py +431 -0
forge/session/validation.py +47 -0
forge/session/worktree/__init__.py +65 -0
forge/session/worktree/cleanup.py +262 -0
forge/session/worktree/config_copy.py +203 -0
forge/session/worktree/create.py +332 -0
forge/sidecar/__init__.py +29 -0
forge/sidecar/container.py +161 -0
forge/sidecar/docker.py +86 -0
forge/sidecar/secrets.py +19 -0
multi_forge-0.2.0.dist-info/METADATA +242 -0
multi_forge-0.2.0.dist-info/RECORD +311 -0
multi_forge-0.2.0.dist-info/WHEEL +4 -0
multi_forge-0.2.0.dist-info/entry_points.txt +2 -0
multi_forge-0.2.0.dist-info/licenses/LICENSE +203 -0
multi_forge-0.2.0.dist-info/licenses/NOTICE +14 -0

forge/core/auth/secrets.py ADDED Viewed

@@ -0,0 +1,243 @@
+"""SecretsProvider protocol and implementations.
+This module provides a unified interface for accessing secrets (API keys,
+auth URLs) from multiple sources with explicit precedence.
+Usage:
+    from forge.core.auth import EnvSecretsProvider, ChainSecretsProvider
+    # Simple env-only access
+    secrets = EnvSecretsProvider()
+    api_key = secrets.require("ANTHROPIC_API_KEY")
+    # Chain with file-based credentials
+    from forge.core.auth.secrets import FileSecretsProvider
+    secrets = ChainSecretsProvider(
+        EnvSecretsProvider(),           # Env wins (user can override)
+        FileSecretsProvider(),          # File-based fallback
+    )
+"""
+from __future__ import annotations
+import logging
+import os
+from pathlib import Path
+from typing import Any
+from forge.config.schema import ForgeConfig
+from forge.core.auth.protocols import SecretsProvider
+from forge.core.llm.errors import NoApiKeyError
+logger = logging.getLogger(__name__)
+def _format_missing_credential_detail(
+    key: str,
+    *,
+    profile: str | None = None,
+    env_ignored: bool = False,
+) -> str | None:
+    """Best-effort actionable message for known credential env vars."""
+    try:
+        from forge.core.auth.capabilities import (
+            credential_for_env_var,
+            format_missing_credential_error,
+        )
+        credential = credential_for_env_var(key)
+        if credential is None:
+            return None
+        return format_missing_credential_error(
+            credential,
+            missing_vars=[key],
+            profile=profile,
+            env_ignored=env_ignored,
+        )
+    except Exception as e:
+        logger.debug("Could not format missing credential detail for %s: %s", key, e)
+        return None
+class EnvSecretsProvider:
+    """Reads secrets from os.environ.
+    Expects dotenv to already be loaded (by CLI main or config loader).
+    Does NOT call load_dotenv() itself to avoid import-time side effects.
+    Args:
+        ignore_env: When True, all lookups return the default value.
+            Used by ``auth_ignore_env`` to bypass shell env vars.
+            When None (default), reads from runtime config on each call
+            so config changes take effect without restarting.
+    """
+    def __init__(self, *, ignore_env: bool | None = None) -> None:
+        self._ignore_env = ignore_env
+    def _should_ignore(self) -> bool:
+        if self._ignore_env is not None:
+            return self._ignore_env
+        try:
+            from forge.runtime_config import get_runtime_config
+            return get_runtime_config().auth_ignore_env
+        except Exception as e:
+            logger.debug("Could not read auth_ignore_env; using environment credentials: %s", e)
+            return False
+    def get(self, key: str, default: Any = None) -> Any:
+        """Get secret from environment, returning default if not found or empty."""
+        if self._should_ignore():
+            return default
+        value = os.environ.get(key)
+        # Treat empty string as not-set (consistent with config schema defaults)
+        return value if value else default
+    def require(self, key: str) -> str:
+        """Get required secret from environment, raising if not found or empty."""
+        if self._should_ignore():
+            raise NoApiKeyError(
+                provider="env",
+                env_var=key,
+                detail=_format_missing_credential_detail(key, env_ignored=True),
+            )
+        value = os.environ.get(key)
+        if not value:
+            raise NoApiKeyError(
+                provider="env",
+                env_var=key,
+                detail=_format_missing_credential_detail(key),
+            )
+        return value
+class ConfigSecretsProvider:
+    """Reads secrets injected into ForgeConfig by the config loader.
+    The config loader maps certain env vars into ForgeConfig fields:
+    - OPENAI_AUTH_URL -> config.proxy.openai.auth_url
+    - GEMINI_AUTH_URL -> config.proxy.gemini.auth_url
+    This provider reads those config paths, allowing env vars to be the
+    primary source while config-injected values serve as fallbacks.
+    Args:
+        config: ForgeConfig instance (explicitly injected to avoid circular deps)
+    """
+    # Mapping of secret keys to config accessor lambdas
+    _KEY_MAPPING: dict[str, str] = {
+        "OPENAI_AUTH_URL": "proxy.openai.auth_url",
+        "GEMINI_AUTH_URL": "proxy.gemini.auth_url",
+    }
+    def __init__(self, config: ForgeConfig) -> None:
+        self._config = config
+    def get(self, key: str, default: Any = None) -> Any:
+        """Get secret from config-injected value, returning default if not found."""
+        if key not in self._KEY_MAPPING:
+            return default
+        # Navigate the config path
+        path = self._KEY_MAPPING[key]
+        value = self._get_nested_attr(path)
+        # Treat empty string as not-set
+        return value if value else default
+    def require(self, key: str) -> str:
+        """Get required secret from config, raising if not found or empty."""
+        value = self.get(key)
+        if not value:
+            raise NoApiKeyError(
+                provider="config",
+                env_var=key,
+                detail=_format_missing_credential_detail(key),
+            )
+        return value
+    def _get_nested_attr(self, path: str) -> Any:
+        """Navigate dotted path on config object."""
+        obj: Any = self._config
+        for part in path.split("."):
+            obj = getattr(obj, part, None)
+            if obj is None:
+                return None
+        return obj
+class FileSecretsProvider:
+    """Read secrets from ~/.forge/credentials.yaml for a named profile.
+    Reads from disk on each call (no caching) — CredentialManager's TTL
+    cache gates call frequency. This ensures freshly-saved credentials
+    (via ``forge auth login``) are picked up without restart.
+    """
+    def __init__(self, profile: str | None = None, *, path: Path | None = None) -> None:
+        from forge.core.auth.credentials_file import resolve_profile
+        self._profile = resolve_profile(profile)
+        self._path = path
+    def get(self, key: str, default: Any = None) -> Any:
+        """Get secret from credential file, returning default if not found or empty."""
+        from forge.core.auth.credentials_file import load_profile
+        secrets = load_profile(self._profile, path=self._path)
+        value = secrets.get(key)
+        return value if value else default
+    def require(self, key: str) -> str:
+        """Get required secret from credential file, raising if not found or empty."""
+        value = self.get(key)
+        if not value:
+            raise NoApiKeyError(
+                provider=f"file:{self._profile}",
+                env_var=key,
+                detail=_format_missing_credential_detail(key, profile=self._profile),
+            )
+        return value
+class ChainSecretsProvider:
+    """Chain of providers with explicit precedence.
+    Returns the first truthy (non-empty) value found across the provider chain.
+    Both None and empty string "" are treated as "not set".
+    Typical usage:
+        secrets = ChainSecretsProvider(
+            EnvSecretsProvider(),           # Env wins
+            ConfigSecretsProvider(config),  # Config fallback
+        )
+    Args:
+        *providers: SecretsProvider instances in priority order (first wins)
+    """
+    def __init__(self, *providers: SecretsProvider) -> None:
+        if not providers:
+            raise ValueError("ChainSecretsProvider requires at least one provider")
+        self._providers = providers
+    def get(self, key: str, default: Any = None) -> Any:
+        """Get secret from first provider that has a truthy value."""
+        for provider in self._providers:
+            value = provider.get(key)
+            if value:  # Truthy check: treats "" and None as not-set
+                return value
+        return default
+    def require(self, key: str) -> str:
+        """Get required secret, raising if no provider has a truthy value."""
+        value = self.get(key)
+        if not value:
+            raise NoApiKeyError(
+                provider="chain",
+                env_var=key,
+                detail=_format_missing_credential_detail(key),
+            )
+        return value

forge/core/auth/template_secrets.py ADDED Viewed

@@ -0,0 +1,112 @@
+"""Template-to-credential mapping and credential resolution.
+Maps proxy templates to required environment variable names and provides
+``resolve_env_or_credential()`` — the single lookup that checks os.environ
+first, then falls back to ``~/.forge/credentials.yaml``.
+Extracted from ``forge.sidecar.secrets`` so proxy orchestration, review
+engine, and sidecar can all share the same resolution logic.
+"""
+from __future__ import annotations
+import logging
+import os
+logger = logging.getLogger(__name__)
+TEMPLATE_SECRETS: dict[str, list[str]] = {
+    "litellm-openai": ["LITELLM_API_KEY", "LITELLM_BASE_URL"],
+    "litellm-gemini": ["LITELLM_API_KEY", "LITELLM_BASE_URL"],
+    "litellm-anthropic": ["LITELLM_API_KEY", "LITELLM_BASE_URL"],
+    "litellm-gemini-local": ["GEMINI_API_KEY"],
+    "litellm-gemini-test": ["GEMINI_API_KEY"],
+    "litellm-gemini-flash-local": ["GEMINI_API_KEY"],
+    "litellm-openai-local": ["OPENAI_API_KEY"],
+    "litellm-openai-codex-local": ["OPENAI_API_KEY"],
+    "litellm-anthropic-local": ["ANTHROPIC_API_KEY"],
+    "openrouter-anthropic": ["OPENROUTER_API_KEY"],
+    "openrouter-openai": ["OPENROUTER_API_KEY"],
+    "openrouter-gemini": ["OPENROUTER_API_KEY"],
+    "openrouter-openai-codex": ["OPENROUTER_API_KEY"],
+    "openrouter-gemini-flash": ["OPENROUTER_API_KEY"],
+    "openrouter-deepseek": ["OPENROUTER_API_KEY"],
+    "openrouter-kimi": ["OPENROUTER_API_KEY"],
+    "openrouter-glm": ["OPENROUTER_API_KEY"],
+    "openrouter-minimax": ["OPENROUTER_API_KEY"],
+    "openrouter-qwen": ["OPENROUTER_API_KEY"],
+}
+def _get_file_secrets() -> dict[str, str]:
+    """Load all secrets from the credential file for the active profile.
+    Returns empty dict on any error so callers never fail due to
+    credential file issues.
+    """
+    try:
+        from forge.core.auth.credentials_file import load_profile, resolve_profile
+        profile = resolve_profile()
+        return load_profile(profile)
+    except Exception as e:
+        logger.debug("Credential file load failed (non-critical): %s", e)
+        return {}
+def _auth_ignore_env() -> bool:
+    """Check if auth_ignore_env is active (lazy import to avoid cycles)."""
+    try:
+        from forge.runtime_config import get_runtime_config
+        return get_runtime_config().auth_ignore_env
+    except Exception as e:
+        logger.debug("Could not read auth_ignore_env; using environment credentials: %s", e)
+        return False
+def resolve_env_or_credential(var_name: str) -> str | None:
+    """Resolve a single value from environment, then credential file.
+    When ``auth_ignore_env`` is active, skips os.environ and reads from
+    the credential file only.
+    Returns the first truthy (non-empty) value found, or None.
+    """
+    if not _auth_ignore_env():
+        value = os.environ.get(var_name)
+        if value:
+            return value
+    return _get_file_secrets().get(var_name) or None
+def get_secrets_for_template(template: str) -> dict[str, str]:
+    """Get credentials required by a template.
+    Resolves each key from environment first, then falls back to the
+    credential file. When ``auth_ignore_env`` is active, skips environment.
+    Only includes values that resolve to non-empty strings.
+    """
+    required = TEMPLATE_SECRETS.get(template, [])
+    if not required:
+        return {}
+    ignore_env = _auth_ignore_env()
+    secrets: dict[str, str] = {}
+    file_secrets: dict[str, str] | None = None
+    for key in required:
+        if not ignore_env:
+            value = os.environ.get(key)
+            if value:
+                secrets[key] = value
+                continue
+        if file_secrets is None:
+            file_secrets = _get_file_secrets()
+        value = file_secrets.get(key)
+        if value:
+            logger.debug("Credential %s resolved from credential file", key)
+            secrets[key] = value
+    return secrets

forge/core/data/__init__.py ADDED Viewed

@@ -0,0 +1,5 @@
+"""Package marker for core data files.
+This package contains repo-owned data files (YAML, JSON, etc.)
+that are loaded at runtime via importlib.resources.
+"""