docs: consolidate architecture docs for current state#3598
Open
KooshaPari wants to merge 96 commits into
Open
Conversation
- Bootstrap deny.toml with license allowlist + advisory ignores - Add license = MIT to workspace.package (was missing) - Add license.workspace = true to all 27 crate manifests - Ignore transitive unmaintained (bincode, yaml-rust, paste, rustls-pemfile) - Ignore transitive vulns (hickory-proto, rustls-webpki) via aws-sdk/reqwest Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Phenotype Agent <agent@phenotype.ai>
Pin all action refs to immutable SHAs across workflow files: - checkout@v4 → @11bd71901bbe5b1630ceea73d27597364c9af683 - checkout@v6 → @de0fac2e4500dabe0009e67214ff5f5447ce83dd - setup-node@v4/v5, setup-python@v4/v5, setup-go@v5 - upload-artifact@v4/v7, download-artifact@v4 - cache@v3/v4, github-script@v7 - configure-pages@v5/v6, deploy-pages@v4/v5 - upload-pages-artifact@v3/v5, dependency-review-action@v4 Fixes version-tag normalization (add v4/v5 tags where missing). Fixes double-SHA corruption artifacts from prior patching rounds. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Reduce README from 1124 to 169 lines (-85%). Keep: project name, description, quickstart, usage examples, why forge, installation, community, documentation link. Add fork disclaimer pointing to upstream tailcallhq/forgecode. Preserve all upstream content via pointer comment. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Reduce README from 1124 to 169 lines (-85%). Keep: project name, description, quickstart, usage examples, why forge, installation, community, documentation link. Add fork disclaimer pointing to upstream tailcallhq/forgecode. Preserve all upstream content via pointer comment. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Phenotype Agent <agent@phenotype.ai>
Verified resolved upstream; advisory no longer triggers. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
…nale - Add 4 ignore entries for bincode 1.x (RUSTSEC-2025-0141), paste (2024-0436), rustls-pemfile (2025-0134), yaml-rust (2024-0320) — all transitive via upstream forgecode workspace deps; resolution depends on upstream tailcallhq/forgecode bumps. - Pre-existing fork-specific RUSTSEC-2026-* ignores preserved. - cargo deny check advisories: PASS.
…nale (#8) - Add 4 ignore entries for bincode 1.x (RUSTSEC-2025-0141), paste (2024-0436), rustls-pemfile (2025-0134), yaml-rust (2024-0320) — all transitive via upstream forgecode workspace deps; resolution depends on upstream tailcallhq/forgecode bumps. - Pre-existing fork-specific RUSTSEC-2026-* ignores preserved. - cargo deny check advisories: PASS. Co-authored-by: Phenotype Agent <agent@phenotype.ai>
Root cause: crossterm's cursor position CSI query times out (2s) when multiple concurrent sessions are running or terminal is under load. Fix: - Add error::is_cursor_timeout_error() to detect cursor position errors - Add terminal::get_cursor_position_with_retry() with backoff - Suppress cursor errors during shutdown in Ui::shutdown() - Add comprehensive tests for cursor error detection Fixes session crashes where user sees: 'cursor position could not be read within a normal duration' 'Resource temporarily unavailable (os error 35)' Tested: 337 tests pass (333 existing + 4 new cursor error tests)
Add summarization feature with: - llm_summarizer: Async LLM-based summarization service - adaptive_eviction: Importance-based eviction strategies - metrics: Summarization metrics tracking - prefilter: Pre-summarization filtering - Updated compaction config and strategy Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…p-go Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Restore the workspace members array by listing all crate directories present on disk, removing invalid glob patterns. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add [bans] section with recommended warnings - Update GitHub workflow files (trufflehog, stale, labels, release)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…eystroke subprocess spawn (#45) Adds a simple time-based debounce: before calling render_preview(), check if >=150ms has elapsed since the last render. Holding arrow for 2s went from ~60 subprocess spawns to ~2-3. Matches the 250ms event::poll interval. Co-authored-by: Phenotype Agent <agent@phenotype.ai>
…in (#46) Two surgical fixes that were blocking ALL PR auto-merges: 1. **cargo-deny.yml** — was using taiki-e/upload-rust-binary-action (wrong action — that uploads release binaries) instead of taiki-e/install-action (which installs Rust tools). Replaced with install-action@v2 with tool: cargo-deny. 2. **trufflehog.yml** — stale SHA pin on actions/setup-go (the SHA was deleted/broken). Updated to explicit @f111f3307d8850f501ac008e886eec1fd1932a34 (# v5) with proper validation. Both are 1-line changes that fix the root cause of the systemic 'required check CI failing' error that forced every PR to merge with --admin bypass. Co-authored-by: Phenotype Agent <agent@phenotype.ai>
… fix Remaining Claude Code parity gaps plus the debounce hotfix: 1. /review — opens a structured code review prompt 2. /test — triggers test creation workflow 3. /think — signals thinking before acting All 3 are registered as AppCommand variants with name() arms, on_command match arms, and handler stubs. 4. Debounce fix (preview.rs) — prevents per-keystroke subprocess spawn by checking if >=150ms elapsed since last render. Build: cargo build --bin forge clean. forge-dev installed.
…parent_id Adds a visual breadcrumb in the conversation selector: subagent sessions (conversations with a parent_id) now show with a '↳' prefix before their title, making it immediately visible which sessions are subagents spawned from a parent. Addresses the 'pollution of session history' complaint. Also verified: OrchestratorDropGuard already wired at orch.rs:268-272, preview debounce already at preview.rs:401-410, :search already wired to FTS5 snippets in 6 layers.
…header Shows a breadcrumb in both the conversation info panel (info.rs) and the on_show_current_message chat header (ui.rs) when the current conversation is a subagent (has a parent_id set). Displays: 'parent_id: <id>'. This addresses the 'pollution of session history' pain by making it instantly visible which sessions are subagents spawned from a parent, even when you're inside the conversation itself. Combined with the '↳' prefix in the conversation selector (previous commit), this gives a complete visual hierarchy across both surfaces.
Adds a slash command that manually invokes the FTS5 optimize_fts_index method to reclaim search index bloat. The optimize method was fully wired through 6 layers but never called from any UI path — this is the final 'wired but dead' item from the deep audit. :fts-optimize triggers an immediate FTS5 merge (not incremental). Uses writeln_info and writeln_help for output. Also adds the AppCommand::FtsOptimize variant + name() match arm + on_command dispatch + handler.
…okens)
Auth types that hold secret values derived `#[derive(Debug)]`, allowing
plaintext secrets to leak via `{:?}` into logs and the PostHog tracker.
Types fixed:
- `ApiKey` — custom Debug prints `ApiKey(<redacted>)`
- `AccessToken` — custom Debug prints `AccessToken(<redacted>)`
- `RefreshToken` — custom Debug prints `RefreshToken(<redacted>)`
- `AuthorizationCode` — custom Debug prints `AuthorizationCode(<redacted>)`
- `PkceVerifier` — custom Debug prints `PkceVerifier(<redacted>)`
- `State` — custom Debug prints `State(<redacted>)` (holds PKCE verifier in Anthropic flow)
- `OAuthTokenResponse` — hand-written Debug redacts access_token, refresh_token, id_token
- `McpOAuthTokens` — hand-written Debug redacts access_token, refresh_token
- `McpClientRegistration` — hand-written Debug redacts client_secret
Non-secret fields (provider id, expires_at, token_type, scope, client_id) remain
visible in Debug for usability. Display impls are unchanged (already redacted).
Tests added asserting `format!("{:?}", secret_value)` does not contain plaintext
and does contain `<redacted>`.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
) 5-cluster deep audit (W02/W03/W05/W07/W12, 87 findings) of weakest pillars (means 0.83-1.40) against current main. Root cause: leftover TS-evals fork scaffolding. Adds phased WBS+DAG (P0 de-fork docs -> P1 gates/stubs/security -> P2 hardening -> P3 perf/concurrency -> P4 ops -> P5 cross-repo crates) with agent-effort estimates, plus live-bug known-issues (P0 secret Debug-leak). Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace leftover 'ForgeCode Evals' TypeScript scaffolding with accurate docs for the real 33-crate Rust workspace (root cause of W12/W05/W01 audit misscoring). - README: Rust product description, real crate architecture, cargo/just quick-start - docs/SSOT.md: kill 'Rust: N/A' + fictional ProviderPort/CsvAdapter; real workspace - Justfile: cargo-driven recipes (build/test/lint/fmt) replacing npm/eslint - .gitignore: ignore .credentials.json (local 0o600 credential store) cargo build exit 0; README/SSOT grep-clean of TS ghosts; just recipes parse. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…#48) - Delete crates/ghostty-kit entirely: no workspace crate depended on it (confirmed via grep on Cargo.toml files and .rs imports). Removed from workspace members and workspace.dependencies in root Cargo.toml. - forge_dbd: add description field marking it WIP and add README.md explaining it is part of the SQLite-WAL/FTS epic, not yet wired into forge_app. No code deleted — crate preserved for the epic. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
… true no-op (#49) - forge_repo: MockHttpClient.http_delete in #[cfg(test)] block now calls self.client.delete(url).send() instead of unimplemented!() - forge_domain: NoopIntentExtractor.extract_intent returns Ok(ExtractedIntent { episodic: Null, identity: Null, project_knowledge: Null }) and verify_extraction returns Ok(false) instead of propagating errors Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
P1.1b — Finish secret Debug redaction:
- DeviceCode (forge_domain): already had impl; add missing unit test
asserting {:?} contains <redacted> and no plaintext.
- CodexDeviceAuthResponse / CodexDeviceTokenResponse (forge_infra):
remove #[derive(Debug)]; hand-write impl Debug redacting device_auth_id,
user_code, authorization_code, code_verifier; keep non-secret interval
visible. Add two unit tests mirroring existing pattern.
P1.6 — Dedup update bots + fix suppression policy:
- Remove renovate.json (blanket automerge:true, no grouping config);
retain Dependabot (.github/dependabot.yml) which has major/minor/patch
and github-actions groups with weekly schedule.
- Add reason field to 5 bare RUSTSEC advisory ignores in deny.toml
(RUSTSEC-2026-0118/0119/0098/0099/0104) per quality policy — no bare
suppressions allowed.
Build: cargo build -p forge_domain -p forge_infra exit 0.
Tests: 639 + 82 passed; 0 failed (incl. new device-code redaction tests).
Clippy: clean on both crates.
Co-authored-by: Phenotype Agent <agent@phenotype.ai>
Co-authored-by: ForgeCode <noreply@forgecode.dev>
* feat(p2): forge_dbd health probe + graceful drain on shutdown - protocol: add `Request::Ping`, `Response::Health`, `HealthStatus` (uptime_secs, queue_depth, db_reachable) - server: `DaemonState` with atomic queue-depth counter; Ping handled inline (no queue round-trip); SIGTERM/SIGINT caught via tokio::signal, accept loop exits, queue_tx dropped to signal writer, writer flushes remaining batch before exit; socket file cleaned up on shutdown - client: replace `todo!()` stubs with real connect + send + health() - Cargo.toml: add tokio/signal feature, tempfile dev-dep - tests: health_probe_returns_status, graceful_drain_flushes_queued_writes, health_probe_reflects_queue_depth (all green) - clippy: fix io_other_error in protocol.rs (pre-existing) forge_dbd remains WIP-marked; this advances the daemon toward production. Co-Authored-By: ForgeCode <noreply@forgecode.dev> * chore: update Cargo.lock (tempfile dev-dep for forge_dbd tests) Co-Authored-By: ForgeCode <noreply@forgecode.dev> --------- Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…accept, telemetry spawns) (#54) - forge_api: FTS refresh loop now accepts a CancellationToken and select!s on shutdown so it exits immediately instead of waiting for the next tick. BackgroundTasks owns the JoinHandle and is stored in ForgeAPI; tasks are aborted on drop (no fire-and-forget orphans). - forge3d: serve() loop select!s on a CancellationToken; per-connection spawns are tracked in a JoinSet (not fire-and-forget) and aborted cleanly on shutdown. - Documented the task-lifecycle convention (P2.4) in both crates. - Added serve_exits_on_cancellation test (forge3d); 28/28 tests green. - cargo build (full workspace) clean; cargo clippy -p forge3d -p forge_api clean. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
Add pluggable `MetricsSink` trait to `forge_domain` with a zero-cost `NoopMetricsSink` default — no Prometheus dep required. Counters are emitted for request, model_exec, and retry events via the `Orchestrator::with_metrics_sink` builder. Add `#[tracing::instrument]` spans (8 total) on all hot paths: - orch: run, execute_chat_turn, execute_tool_calls - agent: chat_agent - agent_executor: execute - tool_registry: call, call_inner - tool_executor: execute Spans carry safe fields (model id, agent id, conversation id, tool name) and explicitly skip context/task arguments that may carry auth tokens or user data. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…#56) - Replace hardcoded 5-attempt ExponentialBuilder in ForgeMcpClient with one driven by the global RetryConfig; zero observable behaviour change when config is default. - ForgeMcpClient gains a CircuitBreaker (opens after max_attempts failures, half-open probe, closes on success) and a Bulkhead (16-permit semaphore) wrapping every list/call invocation. - ForgeMcpServer now carries RetryConfig and threads it to each ForgeMcpClient it constructs; ForgeInfra seeds it from ForgeConfig.retry. - DatabasePool::retry_with_backoff now accepts &RetryConfig and maps its fields (max_attempts, min_delay_ms, backoff_factor) to the backon ExponentialBuilder; PoolConfig gains an optional retry_config field and a with_retry_config builder method. - New forge_infra::resilience module: CircuitBreaker + Bulkhead impls with 7 unit tests (trips/half-opens/closes, bulkhead capacity). - Fix two pre-existing clippy::collapsible_if / unused-variable / manual-char-comparison warnings in conversation_repo.rs and mcp_client.rs. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
* fix(lint): resolve all clippy -D warnings and fmt diffs blocking gate - forge_dbd: use io::Error::other() (clippy::io_other_error) - forge_mux: add bstr dep, replace from_utf8_lossy with ByteSlice::to_str_lossy - forge_pheno_shell: doc missing field, collapse nested ifs, remove useless format! - forge_pheno_winterminal: remove unused HashMap import, derive Default on enums/struct, remove mut on immutable binding - forge_similarity: fix empty-line-after-doc, add Default impls for HashOnlyProvider and LocalFastembedProvider - forge_drift: remove dead last_seen_ms field, drop now_ms from observe(), add Default for DriftIndex - forge3d: move AlertCounter to #[cfg(test)], fix needless return, sort_by_key, remove redundant as u32 cast - forge_repo: use .is_some() instead of if let Some(_), use array pattern in trim_end_matches - forge_main: remove needless borrow in TitleFormat::error call - run cargo fmt --all to keep formatting canonical Co-Authored-By: ForgeCode <noreply@forgecode.dev> * ci(p1): blocking fmt+clippy+test gates (Linux) P1.2 — add lint.yml: two blocking jobs on ubuntu-latest - fmt: cargo fmt --all -- --check (fails PR on formatting drift) - clippy: cargo clippy --all-targets --all-features -- -D warnings P1.3 — add test.yml: blocking nextest job on ubuntu-latest - installs cargo-nextest via taiki-e/install-action - runs cargo nextest run --all-features --workspace - Swatinem/rust-cache for fast incremental runs autofix.yml — made advisory-only (continue-on-error: true) Gating is now owned by lint.yml; autofix.ci is informational only. All jobs: ubuntu-latest only (no macOS/Windows — billing constraint). Co-Authored-By: ForgeCode <noreply@forgecode.dev> * test(cli): make is_interactive test TTY-agnostic so CI gate is green Assert against std::io::stdin().is_terminal() instead of hardcoded true, so the test passes under piped CI stdin (was the one pre-existing failure that would have made the new nextest gate red). Co-Authored-By: ForgeCode <noreply@forgecode.dev> --------- Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
Phase P4 of forgecode overhaul (planner docs only, no code). - docs/security/threat-model.md: STRIDE analysis of all 5 attack surfaces (credential store, prompt-injection->tool exec, MCP server trust, telemetry egress, ZSH integration) with evidence-cited mitigations (0o600 store, secret-Debug redaction, circuit breaker/bulkhead, retry config) and an open-gap register. - docs/operations/slo.md: CLI-appropriate SLOs (startup/local latency, daemon availability, provider/MCP effective success) with error budgets. - docs/operations/runbook.md: DB locked, daemon down, auth expiry, provider 429 + circuit-breaker behavior, MCP misbehavior, shell integration. - docs/operations/postmortem-template.md: blameless incident template. Addresses audit W07/L20 and W03/L27 (weakest pillars). Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
- Confirmed all set_var calls are inside #[cfg(test)] blocks — no production runtime env mutation exists. Documented this finding. - Fixed TOCTOU in ForgeMcpClient::connect(): added connect_mutex (tokio::sync::Mutex) so concurrent callers serialise the slow path; double-checked locking pattern prevents redundant connections. - Added test_connect_mutex_is_present_and_starts_unlocked to verify the fix and document the concurrency invariant. - Added // SAFETY: comments to the 3 production unsafe blocks: * forge_main/src/main.rs (Windows console VT enable at startup) * forge3d/src/pidfile.rs (libc::kill probe) * forge_eventsource_stream/src/utf8_stream.rs (from_utf8_unchecked) - cargo build exit 0; forge_infra 91/91 tests green; clippy clean. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…ed stream buffers (#61) * feat(p3): criterion bench spine + jemalloc allocator + bounded stream buffers P3.1 — bench spine: - Add criterion [[bench]] to 7 hot crates: forge_walker, forge_json_repair, forge_similarity, forge_drift, forge_stream, forge_fs, forge_eventsource - One representative workload per crate; benches compile and run clean - Add dhat heap-profiling harness in forge_json_repair/examples/heap_profile.rs Baseline numbers (criterion, release, Apple M-series): json_repair/small_truncated 1.78 µs json_repair/nested_broken 5.66 µs json_repair/markdown_wrapped 33.8 µs drift/observe_exact_match 1.29 µs drift/observe_similar_prompt 1.48 µs drift/observe_disjoint_prompt 1.59 µs eventsource/parse_1000_events_single_chunk 857 µs eventsource/parse_100_events_fragmented 26 µs P3.2 — allocator + bounded buffers: - Add tikv-jemallocator as #[global_allocator] in forge_main/src/main.rs (_rjem_malloc_conf symbols confirmed in release binary) - Cap forge_eventsource_stream::Utf8Stream partial-sequence remainder at MAX_UTF8_BUFFER (4 KiB) to prevent unbounded growth on malformed input - Cap forge_eventsource_stream::EventStream line-accumulation buffer at MAX_EVENT_BUFFER (1 MiB) per event; emit Parser error on overflow All touched-crate tests green; cargo check clean; cargo clippy clean. Co-Authored-By: ForgeCode <noreply@forgecode.dev> * style(p3): cargo fmt pass + merge main (satisfy new fmt/clippy CI gate) Co-Authored-By: ForgeCode <noreply@forgecode.dev> * fix(p3): drift bench uses 2-arg DriftIndex::observe (sig changed in #59) Co-Authored-By: ForgeCode <noreply@forgecode.dev> * fix(p3): clippy gate green on integrated main (&Path, with_metrics_sink allow) Resolves clippy -D warnings violations introduced by merges that landed after the CI gate's original pass (forge_dbd &PathBuf->&Path, forge_app dead-code builder). Makes 'cargo clippy --all-targets --all-features' green on main. Co-Authored-By: ForgeCode <noreply@forgecode.dev> --------- Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…ntract schema (#63) - Add forge_eventsource::is_sse_terminal() as the single source of truth for SSE terminal-marker detection ([DONE] / empty-string sentinel). - Route all 4 production call sites through the helper: crates/forge_repo/src/provider/event.rs crates/forge_repo/src/provider/anthropic.rs crates/forge_repo/src/provider/openai_responses/repository.rs (×2) - Add docs/contracts/provider-models/provider-model.schema.json (JSON Schema 2020-12) covering Model, ProviderConfig, SseStopRule, OAuthRefreshPolicy — the language-agnostic contract OmniRoute and cliproxy can align to. - Add docs/contracts/provider-models/README.md explaining consumer alignment for each repo (Rust/TS/Go) and codegen options. Build: cargo build --workspace clean. Clippy: --all-targets --all-features -D warnings clean. Fmt: cargo fmt --all -- --check clean. Tests: forge_eventsource + forge_repo green (4 stop_signal unit tests pass). Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
* feat(p5): OAuth refresh-policy + resilience contract specs (P5.2 + P5.3) P5.2 — oauth-refresh-policy.schema.json: standalone JSON Schema 2020-12 contract for the parameterized OAuth token refresh policy; captures default_refresh_lead_seconds (300 s), per-provider overrides, the needs_refresh predicate (now + lead >= expires_at), token-type taxonomy, and fallback semantics. Lifts the inline chrono::Duration::minutes(5) in forge_services/provider_auth.rs to named const OAUTH_REFRESH_LEAD. P5.3 — resilience-policy.schema.json: standalone JSON Schema for the exponential-backoff retry parameter set (max_attempts, initial_backoff_ms, min_delay_ms, backoff_factor, max_delay_secs, jitter, suppress_errors), retryable-error taxonomy (HTTP status codes + transport error kinds), and cross-reference to the SSE terminal-marker rule set (SseStopRule / is_sse_terminal) landed in P5.1. Code touch: behavior-preserving only — const + clippy collapsible-if fix. cargo build, clippy --D warnings, fmt --check: all green. Co-Authored-By: ForgeCode <noreply@forgecode.dev> * style(p5): cargo fmt pass (satisfy fmt CI gate) Co-Authored-By: ForgeCode <noreply@forgecode.dev> --------- Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…mance test (#66) - docs/contracts/provider-models/README.md: declare canonical home as KooshaPari/phenotype-contracts, mark local copies as vendored pin, record pinned ref cc8f34ed34a3f1ae2ba7edd6810a902e51738693, add re-vendoring instructions - crates/forge_eventsource/tests/contract_conformance.rs: 7 deterministic tests asserting forgecode constants match the vendored schema values: SSE terminal markers ("[DONE]", ""), OAuth refresh lead == 300 s, retryable HTTP status codes {408,429,500,502,503,504,520,522,524,529}, non-retryable 4xx codes absent from retryable set - crates/forge_eventsource/Cargo.toml: add chrono dev-dependency (workspace) needed by the conformance test Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
Preserve two research dossiers capturing the 2026-06-29 state-of-the-art analysis for agentic coding CLI tools and competitor landscape. These were at risk of loss in the uncommitted canonical checkout. Co-authored-by: Phenotype Agent <agent@phenotype.ai> Co-authored-by: ForgeCode <noreply@forgecode.dev>
…#68) PolicyEngine previously returned Permission::Confirm (prompt user) when no policies were configured or no rule matched an operation. This is a default-allow posture: any unconfigured operation could proceed after a single user confirmation, with no explicit allowlist required. forge_tracker previously enabled PostHog telemetry by default (opt-out via FORGE_TRACKER=false) and transmitted raw CLI args and Prompt event content (user-supplied text) in every telemetry event. Changes (Phenotype-org security hardening, audit issue #58): - PolicyEngine: return Permission::Deny (not Confirm) when the policy list is empty or when no rule matches the requested operation. An explicit allowlist is now required to permit any operation. - tracking_enabled(): invert default from opt-out to opt-in. FORGE_TRACKER must be explicitly set to 'true' to enable telemetry; absent or any other value disables it. - redact_event_value(): replace Prompt and Error event content with '<redacted>' before any collector.collect() call so user-typed text and stack traces are never sent to PostHog. - redact_args(): replace positional CLI arg values with '<redacted>' at cache time; flag names (--foo) are kept for diagnostics but inline =values are stripped. Regression tests added in both crates (failing-first verified manually): - test_policy_engine_default_deny_when_no_policies - test_policy_engine_default_deny_when_no_rule_matches - test_tracking_disabled_by_default_when_env_absent - test_tracking_enabled_only_when_explicitly_true - test_prompt_event_value_is_redacted - test_error_event_value_is_redacted - test_non_sensitive_event_value_is_not_redacted - test_redact_args_replaces_positional_values - test_redact_args_keeps_flag_names_strips_inline_values Co-authored-by: Phenotype Agent <agent@phenotype.ai>
- Add Custom Commands (Slash Commands) section to AGENTS.md with review, test, think, exec, pipe, capture, parent, subagents listing - Add Resilience & Stability Patterns section to AGENTS.md covering retry policy, circuit breaker, doom-loop detection, compaction, hooks - Create docs/architecture/ARCHITECTURE.md with crate map (34 crates including forge3d, forge_similarity, forge_markdown_stream, forge_dbd, forge_ci, forge_display), core pipeline, resilience patterns, tool system, streaming, agent system, persistence, and observability - Create docs/architecture/REPOSITORY_MAP.md with top-level layout, full crate map organized by category, key file paths for CLI, core pipeline, domain, slash commands, configuration, and resilience - Fix stale references: remove vestigial src/ dir, update workspace crate count, add forge_tui and ghostty-kit to repository map Co-Authored-By: ForgeCode <noreply@forgecode.dev>
|
Phenotype Agent seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates and updates architecture documentation to reflect the current state of the forgecode codebase.
Changes
AGENTS.md (updated):
review,test,think,exec,pipe,capture,check,fixme,parent,subagentsdocs/architecture/ARCHITECTURE.md (new):
docs/architecture/REPOSITORY_MAP.md (new):
Verification