Skip to content

Releases: initializ/forge

v0.6.0

03 Mar 17:31
@initializ-mk initializ-mk
v0.6.0
d4f1f69
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.6.0 Latest
Latest

What's New

Code Review Skill Suite

Three new embedded skills for AI-powered code review:

  • code-review — Script-backed skill with code_review_diff and code_review_file tools. Supports GitHub PR URLs and local git diffs, Anthropic/OpenAI LLM routing, large diff detection, untracked file inclusion, ~ path expansion, and org standards via .forge-review/ directory.
  • code-review-standards — Standards discovery and initialization with templates for config.yaml, ignore patterns, and language-specific rules (Go, Python, TypeScript, security, testing).
  • code-review-github — PR workflow orchestration: list PRs, post inline review comments, apply labels, and guarded auto-merge.

Bug Fix

  • Fixed OneOf env vars not being passed to skill script executor, causing skills with one_of requirements (e.g., ANTHROPIC_API_KEY/OPENAI_API_KEY) to silently fail at runtime.

Full Changelog: v0.5.0...v0.6.0

Assets 9
Loading

v0.5.0

02 Mar 07:28
@initializ-mk initializ-mk
v0.5.0
bdc1041
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.0

Forge v0.5.0 — A2A Authentication, Slack Socket Mode & Documentation Overhaul

Forge is an open-source, secure AI agent runtime for building, deploying, and operating LLM-powered agents with built-in security, observability, and multi-provider support. This release adds bearer token authentication to the A2A server, rewrites the Slack adapter to Socket Mode, and reorganizes all documentation into a navigable 22-page doc site.

Highlights

Secure-by-Default A2A Authentication

The Forge A2A HTTP server now requires bearer token authentication on all endpoints by default — closing the open-localhost attack surface that affects most local AI agent frameworks.

  • Auto-generated tokensforge run generates a cryptographically random token on startup and stores it at .forge/runtime.token with 0600 permissions
  • HTTP middleware — validates Authorization: Bearer <token> on all JSON-RPC and SSE endpoints
  • Smart path skipping — health checks (/healthz), agent card (/.well-known/agent.json), and CORS preflight (OPTIONS) bypass authentication
  • Channel integration — the channel router and forge ui chat proxy automatically load and send the token when forwarding requests
  • Opt-out for development--no-auth flag disables authentication (only allowed on localhost bindings)
  • Explicit tokens--auth-token <value> for CI/CD and scripted setups
  • Audit trailauth_success and auth_failure events emitted with request method, path, and remote address
  • Daemon supportforge serve passes auth flags to the background process and reports auth status
# Default: auth enabled, token auto-generated
forge run
# Auth:    enabled (token in .forge/runtime.token)

# Disable for local development
forge run --no-auth

# Explicit token for CI/CD
forge run --auth-token "my-secret-token"

Why this matters: Local AI agent servers typically bind to localhost:8080 with no authentication. Any local process — a malicious browser extension, compromised npm package, or rogue script — can send requests to the agent, exfiltrate data via tool calls, or trigger actions. Forge now prevents this by default.

Slack Socket Mode Rewrite

The Slack channel adapter has been completely rewritten from webhook-based to Socket Mode, eliminating the need for public URLs, ngrok, or inbound webhooks.

  • Outbound WebSocket only — connects to Slack via apps.connections.open, no public URL needed
  • Mention-aware filtering — responds only when @mentioned in channels, always in DMs and active threads
  • Processing indicators — 👀 reaction on receipt, interim "Researching..." message after 15 seconds
  • Large response handling — responses >4096 chars split into summary + downloadable Markdown file upload
  • Thread support — replies in-thread when the original message is in a thread
  • Community files — added CONTRIBUTING.md, CODE_OF_CONDUCT.md, issue templates, and PR template

Documentation Reorganization

The README has been slimmed from 1,349 lines to 115 lines. All detailed content now lives in 22 focused, navigable documentation pages.

  • 10 new doc pages — installation, quickstart, memory, configuration, deployment, scheduling, dashboard, secrets, signing, guardrails
  • 7 enriched pages — skills, tools, runtime, hooks, channels, commands, architecture updated with full README content
  • Security docs restructuredSECURITY.md renamed to overview.md with sub-pages for egress, secrets, signing, and guardrails
  • Navigation system — every doc has prev/next links in a 22-page reading order
  • /sync-docs slash command — Claude Code command that reads git diff, maps changed files to affected docs, and updates them

New: forge-core/auth Package

A new forge-core/auth package provides reusable authentication primitives:

Component Description
auth.GenerateToken() Generate 32-byte cryptographically random hex token
auth.StoreToken(dir, token) Write token to .forge/runtime.token with 0600 permissions
auth.LoadToken(dir) Read token from an agent directory
auth.Middleware(cfg) HTTP middleware for bearer token validation
auth.Config Configuration with skip paths, audit callbacks, and enable/disable

Platform-aware file permissions: 0600 on Unix, ACL-restricted on Windows.

Breaking Changes

Channel Router API

channels.NewRouter() now requires a bearer token parameter:

// Before (v0.4.0)
router := channels.NewRouter(agentURL)

// After (v0.5.0)
router := channels.NewRouter(agentURL, bearerToken)

Pass an empty string to disable authentication on the router.

Slack Configuration

Slack now requires Socket Mode tokens instead of webhook configuration:

# Before: webhook-based
SLACK_BOT_TOKEN=xoxb-...

# After: Socket Mode (requires app-level token)
SLACK_APP_TOKEN=xapp-1-...
SLACK_BOT_TOKEN=xoxb-...

See Slack App Setup for the full configuration guide.

New CLI Flags

Command Flag Description
forge run --no-auth Disable bearer token authentication (localhost only)
forge run --auth-token Set an explicit bearer token
forge serve --no-auth Disable auth for the background daemon
forge serve --auth-token Set an explicit token for the daemon

New Audit Events

Event Description
auth_success Authenticated request (method, path, remote_addr)
auth_failure Rejected request — missing or invalid token

Documentation

Page Description
Quick Start Get an agent running in 60 seconds
Installation All installation methods
Architecture System design and data flows
Skills Skill definitions, registry, and built-in skills
Tools Built-in tools, adapters, and custom tools
Runtime LLM providers, fallbacks, running modes
Memory Session persistence and long-term memory
Channels Slack and Telegram adapter setup
Security Overview Complete security architecture
Configuration Full forge.yaml schema and env vars
Commands CLI reference with all flags
Dashboard Web UI for agent management
Deployment Container, Kubernetes, and air-gap deployment

Stats

  • 68 files changed, 4,317 insertions, 1,968 deletions
  • 17 Go files changed across forge-core, forge-cli, forge-plugins, and forge-ui
  • 22 documentation pages (10 new, 12 updated)
  • 6 new Go source files in forge-core/auth/
  • PRs: #15, #17
  • Issue: Closes #16

Contributors

Thanks to everyone who contributed to this release.

Install / Upgrade

# Homebrew
brew upgrade initializ/tap/forge

# Binary
curl -sSL https://github.com/initializ/forge/releases/download/v0.5.0/forge-$(uname -s)-$(uname -m).tar.gz | tar xz
sudo mv forge /usr/local/bin/

# Verify
forge --version

Full Changelog: v0.4.0...v0.5.0

Loading

v0.4.0

01 Mar 07:39
@initializ-mk initializ-mk
v0.4.0
9887d53
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.4.0

Forge v0.4.0 — Cron Scheduler, Web Dashboard, K8s Triage & Deep Research

Forge is an open-source framework for building, deploying, and operating AI agents with built-in security, observability, and multi-provider LLM support. This release adds a built-in cron scheduler with channel delivery, a local web dashboard for agent lifecycle management, a Kubernetes incident triage skill, deep research capabilities, and a redesigned forge serve daemon manager.

Highlights

Built-in Cron Scheduler with Channel Delivery

Forge agents can now execute tasks on cron schedules — no external scheduler, database, or message queue required. Schedules are created declaratively in forge.yaml or dynamically by the LLM via tool calls during conversation.

  • Standard cron expressions — 5-field (*/15 * * * *), aliases (@hourly, @daily), intervals
  • Overlap prevention — running tasks are tracked per schedule ID; next tick skips if still executing
  • Markdown-backed persistence — schedules stored in .forge/memory/SCHEDULES.md (human-readable, version-controllable)
  • Channel delivery — scheduled task results are automatically sent to Slack or Telegram channels
  • Channel context injection — when users create schedules from a chat conversation, the originating channel and chat ID are captured automatically for result delivery
  • Execution history — last 50 runs tracked with timestamp, status, duration, and correlation ID
  • 4 new LLM toolsschedule_set, schedule_list, schedule_delete, schedule_history
  • 2 new CLI commandsforge schedule list, forge schedule delete <id>
  • YAML sync — declarative schedules in forge.yaml are auto-synced to the store on startup
# forge.yaml
schedules:
  - id: daily-health-check
    cron: "0 9 * * *"
    task: "Run health check on all services and report status"
    skill: k8s-incident-triage
    channel: telegram
    channel_target: "-100123456"

forge serve — Background Daemon Manager

forge serve has been redesigned from a duplicate foreground server into a proper daemon lifecycle manager with start/stop/status/logs subcommands.

  • forge serve / forge serve start — forks forge run in background, writes PID to .forge/serve.json, logs to .forge/serve.log
  • forge serve stop — SIGTERM with 10-second graceful timeout, SIGKILL fallback
  • forge serve status — shows PID, listen address, and health endpoint status
  • forge serve logs — tails last 100 lines of daemon log
  • Passphrase handling — parent process prompts for passphrase (has TTY), child inherits via environment
  • Cross-platform — Unix (Setsid, SIGTERM/SIGKILL) and Windows (DETACHED_PROCESS, OpenProcess) via build-tagged files

forge run — Production Flags

forge run gains flags for container deployments:

  • --host — bind address (e.g., 0.0.0.0 for containers; default: all interfaces)
  • --shutdown-timeout — graceful shutdown duration (e.g., 30s; default: immediate)
# Container deployment
CMD ["forge", "run", "--host", "0.0.0.0", "--shutdown-timeout", "30s"]

Local Web Dashboard (forge ui)

A browser-based agent management interface — the GUI equivalent of the full CLI.

  • Agent dashboard — discover, start, stop, and monitor agents in a workspace
  • Interactive chat — A2A streaming chat with live progress indicators
  • 9-step creation wizard — mirrors forge init with inline credential collection, OAuth support, model selection, skill picking, and passphrase setup
  • Monaco config editor — tree-shaken YAML-only Monaco bundle (~615KB) with live validation and Cmd/Ctrl+S save
  • Skills browser — browse registry skills by category with full SKILL.md content viewer
  • Real-time updates — Server-Sent Events for live agent state changes
  • Zero dependencies — Preact + HTM via ESM CDN, no npm/webpack build step; embedded in binary via go:embed
forge ui                          # Open http://localhost:4200
forge ui --port 8080 --dir /work  # Custom port + workspace

K8s Incident Triage Skill

A read-only Kubernetes triage skill with comprehensive operational instructions (~320 lines of LLM guidance).

  • 7-step triage process — preconditions → health snapshot → events → describe → node diagnostics → logs → metrics
  • 8 detection heuristics — CrashLoop, OOMKilled, Image Pull, Scheduling, Probe Failure, PVC/Volume, Node Pressure, Rollout Stuck — each with hypothesis, evidence, confidence score, and recommended next commands
  • Safety constraints — read-only only (get, describe, logs, top); never executes apply, patch, delete, exec, port-forward, scale, or rollout restart
  • Denied tools — removes http_request and web_search from registry to prevent LLM from bypassing kubectl
  • Full SKILL.md body injected inline into the system prompt (no read_skill call needed)

Skill Filtering & Full Body Threading

  • Category and tags — skills can declare category (e.g., sre) and tags (e.g., kubernetes, incident-response) in frontmatter
  • Filterableforge skills list --category sre --tags kubernetes,triage with AND semantics
  • --skill flagforge run --skill k8s-incident-triage restricts the agent to specific skills
  • Body threadingSkillEntry.Body captures the full markdown after frontmatter and injects it into the system prompt for binary-backed skills

Tavily Deep Research & Skill-as-Tool Adapter

  • Async two-tool patterntavily_research (submit) + tavily_research_poll (poll with internal retry, up to 280s)
  • Skill-as-tool adapterSkillTool wraps script-backed skills as first-class LLM tools with JSON Schema input
  • Channel document upload — responses >4096 chars split into summary message + full report as file attachment (Slack files.upload, Telegram sendDocument)
  • Local egress proxy — subprocess egress enforcement for skill scripts

New CLI Commands

Command Description
forge ui Launch local web dashboard
forge schedule list List all cron schedules with status
forge schedule delete <id> Delete a cron schedule
forge serve start Start agent as background daemon
forge serve stop Stop the running daemon
forge serve status Show daemon status and health
forge serve logs Tail daemon log output
forge run --host 0.0.0.0 Bind to specific address
forge run --shutdown-timeout 30s Graceful shutdown for containers
forge skills list --category sre Filter skills by category

New Built-in Tools

Tool Description
schedule_set Create or update a cron schedule with optional channel delivery
schedule_list List all schedules with status and next run time
schedule_delete Delete a schedule by ID
schedule_history View execution history for schedules

Configuration

New schedules block in forge.yaml:

schedules:
  - id: daily-report
    cron: "0 9 * * *"
    task: "Generate daily status report"
    skill: k8s-incident-triage   # optional: restrict to a skill
    channel: telegram            # optional: deliver to channel
    channel_target: "-100123456" # optional: chat/channel ID

New skill frontmatter fields:

category: sre                    # optional: lowercase kebab-case
tags: [kubernetes, triage]       # optional: filterable
metadata.forge.denied_tools:     # optional: remove tools from registry
  - http_request
  - web_search

What Changed

118 files changed, 16,573 insertions(+), 510 deletions(-)

New Modules & Packages

  • forge-ui/ — Local web dashboard module (server, handlers, process manager, discovery, SSE, chat proxy, embedded SPA)
  • forge-core/scheduler/ — Cron scheduler package (tick loop, cron parsing, overlap prevention, history)
  • forge-cli/runtime/scheduler_store.go — Markdown-backed schedule persistence

New Skills

  • skills/k8s-incident-triage/SKILL.md — Kubernetes incident triage (~320 lines)
  • skills/tavily-research/ — Async deep research with submit + poll scripts

New CLI Commands

  • forge-cli/cmd/schedule.goforge schedule list, forge schedule delete
  • forge-cli/cmd/serve.go — Daemon manager (start/stop/status/logs)
  • forge-cli/cmd/serve_unix.go / serve_windows.go — Platform-specific process management
  • forge-cli/cmd/ui.go — Web dashboard launcher with dependency injection

New Tools

  • forge-core/tools/builtins/schedule_set.go — Create/update schedules
  • forge-core/tools/builtins/schedule_list.go — List schedules
  • forge-core/tools/builtins/schedule_delete.go — Delete schedules
  • forge-core/tools/builtins/schedule_history.go — Execution history

Key Changes

  • forge-cli/runtime/runner.go — Scheduler integration, ScheduleNotifier, channel delivery, skill body threading
  • forge-cli/channels/router.go — Channel context injection ([channel:X channel_target:Y] prefix)
  • forge-core/types/config.go — Schedule config, channel fields
  • forge-skills/contract/filter.go — Category/tag filtering with AND semantics

Pull Requests

  • #14 — Add cron scheduler, serve daemon, and channel delivery
  • #13 — Add local web dashboard (forge ui)
  • #12 — Add K8s incident triage skill, filtering, and inline skill instructions
  • #11 — Add skill-as-tool adapter, Tavily Research skill, and channel document upload

Contributors

Installation

brew tap initializ/tap
brew install forge-cli

Or download from releases:

curl -sSL https://github.com/initializ/forge/releases/download/v0.4.0/forge-$(un...
Read more

Contributors

initializ-mk
Loading

v0.3.0

28 Feb 06:29
@initializ-mk initializ-mk
v0.3.0
9d6f249
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.0

Forge v0.3.0 — Encrypted Secrets, Build Signing & Runtime Security

Forge is an open-source framework for building, deploying, and operating AI agents with built-in security, observability, and multi-provider LLM support. This release adds encrypted secret management, cryptographic build signing, runtime egress enforcement, and structured audit logging.

Highlights

Encrypted Secrets Management

Per-agent encrypted secret storage using AES-256-GCM with Argon2id key derivation. Each agent gets its own encrypted vault (<agent>/.forge/secrets.enc) with a global fallback (~/.forge/secrets.enc), so different agents can use different API keys without conflict.

  • forge secret set KEY value [--local] — store secrets in encrypted files
  • forge secret get KEY — retrieve decrypted values at runtime
  • forge secret list — list all stored secret keys
  • forge secret delete KEY — remove a secret
  • Runtime passphrase promptingforge run prompts for passphrase interactively when FORGE_PASSPHRASE is not set (TTY-aware, graceful fallback for CI/CD)
  • Smart init passphrase — first-time setup prompts twice (enter + confirm); subsequent agents prompt once and validate against the existing encrypted file
  • Secret safety build stage — prevents secrets from leaking into container images during forge build

Build Signing & Verification

Cryptographic integrity for build artifacts using Ed25519 signatures and SHA-256 checksums.

  • forge key generate — generate Ed25519 signing keypair (~/.forge/forge-signing.key / .pub)
  • forge key trust <pubkey> — add a public key to the trust keyring (~/.forge/trusted-keys/)
  • forge key list — list trusted public keys
  • Automatic build signingforge build computes SHA-256 checksums for all artifacts and signs them into checksums.json
  • Runtime verificationforge run validates checksums.json signatures against the trust keyring before starting the agent

Runtime Egress Enforcement

Network-level security for agent HTTP requests via EgressEnforcer, an http.RoundTripper that validates every outbound request against the resolved domain allowlist.

  • Three modes: deny-all (block everything), allowlist (only configured domains), dev-open (allow all, log only)
  • Wildcard support: *.github.com matches all subdomains
  • Capability bundles: slack, telegram, etc. auto-expand to required domains
  • Always-allowed: localhost / 127.0.0.1 bypass enforcement
  • All HTTP tools wired: http_request, mcp_call, webhook_call, web_search_tavily, web_search_perplexity

Structured Audit Logging

NDJSON event stream for runtime observability with correlation IDs for end-to-end request tracing.

  • Event types: session_start, session_end, tool_exec, egress_allowed, egress_blocked, llm_call
  • Correlation IDs: TaskID and CorrelationID propagated through context and HookContext
  • Context-threaded: all audit events linked to originating task for full request traces

Framework Rename: customforge

The default framework is now forge (previously custom). The forge framework uses the built-in LLM executor — no external entrypoint script required.

  • entrypoint is now optional for framework: forge (required for crewai, langchain)
  • Backward compatible: framework: custom is still accepted as an alias
  • Dead agent.py / main.go scaffolding removed from forge init

New CLI Commands

Command Description
forge secret set KEY VALUE Store an encrypted secret
forge secret get KEY Retrieve a decrypted secret
forge secret list List stored secret keys
forge secret delete KEY Remove a secret
forge key generate Generate Ed25519 signing keypair
forge key trust <pubkey-path> Add public key to trust keyring
forge key list List trusted public keys

All forge secret commands support --local to operate on the agent-local file instead of the global one.

Configuration

New secrets block in forge.yaml:

agent_id: my-agent
version: "1.0"
framework: forge      # was "custom" — entrypoint now optional
model:
  provider: anthropic
  name: claude-sonnet-4-20250514
secrets:
  providers: [encrypted-file, env]
  path: .forge/secrets.enc    # optional, defaults to ~/.forge/secrets.enc

New environment variable: FORGE_PASSPHRASE — passphrase for encrypted secret files (prompted interactively if not set).

What Changed

61 files changed, 4,585 insertions(+), 270 deletions(-)

New Packages

  • forge-core/secrets/ — encrypted file provider, env provider, chain provider with full test coverage
  • forge-core/security/egress_enforcer.go — HTTP transport-level egress enforcement
  • forge-core/runtime/audit.go — structured NDJSON audit logging

New Build Stages

  • forge-cli/build/signing_stage.go — SHA-256 checksums + Ed25519 signing
  • forge-cli/build/secret_safety_stage.go — prevents secret leakage into containers

New Runtime Components

  • forge-cli/runtime/verify.go — runtime signature verification against trust keyring
  • forge-cli/cmd/secret.goforge secret subcommands
  • forge-cli/cmd/key.goforge key subcommands

Pull Requests

  • #9 — Add runtime egress enforcement and audit logging
  • #10 — Add per-agent secrets, build signing, and forge framework

Contributors

Installation

brew tap initializ/tap
brew install forge-cli

Or build from source:

git clone https://github.com/initializ/forge.git
cd forge
go build -o forge ./forge-cli/cmd/forge/

Full Changelog: v0.2.0...v0.3.0

Contributors

initializ-mk
Loading

v0.2.0

26 Feb 06:47
@initializ-mk initializ-mk
v0.2.0
b9d9d07
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.0

Forge v0.2.0

Forge is a secure, portable AI agent runtime. Run agents locally, in cloud, or enterprise environments without exposing inbound tunnels.

This release introduces long-term agent memory with hybrid vector + keyword search, multi-provider LLM failover, a modular skills architecture with security analysis, and a redesigned Bubble Tea TUI wizard — along with numerous bug fixes and developer experience improvements.

Highlights

Long-Term Agent Memory (PR #8)

Agents can now accumulate knowledge across sessions. Observations from tool results and assistant decisions are automatically captured before compaction discards old messages, then persisted as daily markdown logs alongside a curated MEMORY.md. A hybrid search engine combines vector cosine similarity with keyword overlap and temporal decay to retrieve the most relevant context.

  • Embedder interface with OpenAI (text-embedding-3-small), Gemini, and Ollama (nomic-embed-text) providers
  • Pluggable VectorStore interface with file-based JSON implementation (ready for future Qdrant/Pinecone swap)
  • Hybrid search: 70% vector similarity + 30% keyword overlap, exponential decay (7-day half-life), MEMORY.md marked evergreen
  • memory_search and memory_get builtin tools — agents query their own long-term memory
  • MemoryFlusher hook in the compactor pipeline captures observations before discard
  • Graceful degradation: no embedder → keyword-only search; no memory dir → skip silently; corrupted index → auto-rebuild

Enable with memory.long_term: true in forge.yaml or FORGE_MEMORY_LONG_TERM=true.

LLM Fallback Chains and OpenAI OAuth (PR #7)

Production agents need resilience. Forge now supports automatic failover across multiple LLM providers with intelligent error classification and cooldown tracking.

  • FallbackChain wraps multiple LLM clients — retries on rate limits (429), server errors (503), and timeouts
  • Cooldown tracker prevents hammering failed providers
  • Auto-detection from available API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.)
  • OpenAI OAuth with Authorization Code + PKCE flow, browser-based login, and auto-refresh
  • Responses API client for ChatGPT OAuth / Codex endpoints
  • Configure via forge.yaml, FORGE_MODEL_FALLBACKS env, or the init wizard

Modular Skills Architecture (PR #6)

Skills are now a standalone forge-skills module with a complete trust and security pipeline.

  • forge-skills/ module: autodiscovery, SkillRegistry interface, SKILL.md-per-subdirectory convention, embedded filesystem
  • Trust model: SHA-256 integrity checksums, Ed25519 signature verification, keyring management
  • Security analyzer: deterministic risk scoring, configurable policy enforcement, audit report generation
  • CLI commands: forge skills audit [--format text|json], forge skills sign --key <path>, forge skills keygen <name>
  • Build pipeline: SecurityAnalysisStage blocks builds on policy violations, writes compiled/security-audit.json

Bubble Tea TUI Wizard and Web Search (PRs #4, #3, #2)

  • Redesigned init wizard using Bubble Tea with multi-step navigation, back/forward, secret masking, and live validation
  • Tavily web search provider alongside Perplexity with auto-detection
  • Telegram typing indicator support
  • Bug fixes: esc quit, back-navigation state resets, env var deduplication, egress domain filtering

What's Changed

New Features

  • Long-term agent memory with hybrid vector + keyword search (#8)
  • LLM fallback chains with cooldown tracking and error classification (#7)
  • OpenAI OAuth login with PKCE and auto-refresh (#7)
  • Modular skills architecture with trust model and security analyzer (#6)
  • Tavily web search integration (#4)
  • Bubble Tea TUI init wizard with multi-step navigation (#4)
  • Telegram typing indicator (#4)
  • memory_search and memory_get builtin tools (#8)
  • forge skills audit, forge skills sign, forge skills keygen CLI commands (#6)

Improvements

  • Embedder auto-resolution from LLM provider config with Anthropic fallback (#8)
  • Auto-detect fallback providers from available API keys (#7)
  • Background memory indexing at startup (#8)
  • Model-aware context budgeting (#7)
  • Custom tool entrypoint resolved relative to working directory (#5)

Bug Fixes

  • Fix OAuth/API-key routing preventing Codex endpoint misuse (#7)
  • Fix esc key quit and back-navigation loop in wizard (#4)
  • Fix spacebar not working after back-navigation (#4)
  • Fix skills step re-prompting for provider API key (#4)
  • Fix panic in skills step when navigating back (#4)
  • Deduplicate env vars in .env file and wizard prompts (#4)

Configuration

# forge.yaml — new memory configuration
memory:
  persistence: true          # session memory (default: true)
  long_term: true            # cross-session memory (default: false)
  memory_dir: .forge/memory  # long-term memory storage
  embedding_provider: openai # auto-detected from LLM provider
  vector_weight: 0.7         # vector vs keyword balance
  keyword_weight: 0.3
  decay_half_life_days: 7    # temporal decay for daily logs

# fallback configuration
model:
  provider: anthropic
  name: claude-sonnet-4-20250514
  fallbacks:
    - provider: openai
      name: gpt-4o
    - provider: gemini
      name: gemini-2.5-flash

On-Disk Memory Layout

.forge/memory/
├── MEMORY.md          # Curated facts (evergreen, no decay)
├── 2026-02-26.md      # Today's observation log
├── 2026-02-25.md      # Yesterday's log
└── index/
    └── index.json     # Embedding vectors (internal, never in context window)

Stats

Full Changelog

v0.1.0...v0.2.0

Contributors

initializ-mk and ratnesh-maurya
Loading

v0.1.0

22 Feb 09:35
@github-actions github-actions
v0.1.0
029f382

Choose a tag to compare

View all tags
v0.1.0

Changelog

  • 539c4fc Add multi-module codebase: forge-core, forge-cli, forge-plugins
  • 5d72b7a Fix .gitignore: use /forge to only ignore root binary
  • dd8aacf Fix CI build: cd into forge-cli module before go build
  • 361eafe Fix CI workflow for Go workspace multi-module layout
  • 4c299cf Fix all golangci-lint issues across all modules
  • 919b925 Fix all remaining errcheck: resp.Body.Close and os.WriteFile
  • 44d9459 Fix goreleaser: remove deprecated replacements field
  • 50acb64 Fix integration test: import slack/telegram from forge-plugins
  • 84fe6ec Fix last 5 errcheck: os.WriteFile and resp.Body.Close
  • 831c89e Fix lint CI: pass explicit module paths to golangci-lint
  • eb938a8 Fix lint CI: upgrade golangci-lint to v2 for Go 1.25 support
  • c5208e3 Fix lint CI: use explicit golangci-lint version v2.10.1
  • eaf9f01 Fix remaining errcheck lint issues
  • abf65a0 Fix remaining lint issues and update test assertion
  • c197a02 Initial commit
  • 029f382 Merge branch 'develop'
  • 448d748 Merge pull request #1 from initializ/develop
  • b58a972 Run gofmt on all Go source files
Loading