v0.9.2

Forge v0.9.2 — Skill Environment Injection, Docker Images, Agent Reliability Fixes

Release Date: April 17, 2026
Full Changelog: v0.9.1...v0.9.2

---

Highlights

Forge v0.9.2 delivers automatic environment variable and egress domain injection when saving skills, pre-built multi-architecture Docker images on GHCR, and critical agent reliability fixes for port allocation, stale daemon detection, and OAuth credential handling. This release modifies 25 files with over 1,200 lines of new code across all five modules.

---

What's New

Skill Environment & Egress Auto-Configuration (#46)

When saving a skill via the UI Skill Builder or forge skills add, Forge now automatically configures the agent's environment — no manual .env or forge.yaml editing required.

How it works:

1. SKILL.md frontmatter declares metadata.forge.requires.env and metadata.forge.egress_domains
2. On save, Forge parses requirements and:
   • Writes env vars to .env (deduplicated, skips existing keys and encrypted placeholders)
   • Merges egress domains into forge.yaml security.egress.allowed_domains (deduplicated, sorted, YAML formatting preserved)
   • Reports missing env vars back to the UI for user input
3. Frontend displays what was configured and prompts for any remaining required variables

# CLI: forge skills add now also merges egress domains
forge skills add github
# ✓ Added egress domains: api.github.com, github.com
# ✓ Wrote GITHUB_TOKEN to .env

New shared utilities in forge-cli/cmd/skill_env.go:

• ParseSkillRequirements() — extracts env requirements and egress domains from SKILL.md
• MergeEgressDomains() — adds domains to forge.yaml allowlist with text-based YAML insertion
• AppendEnvVars() — appends key=value pairs to .env with deduplication
• CheckMissingEnv() — checks OS env + .env + secret placeholders for missing entries

SkillSaveFunc now returns *SkillSaveResult with structured response fields: path, egress_added, env_configured, env_missing.

Pre-Built Docker Images on GHCR (#46)

Forge now publishes multi-architecture Docker images (linux/amd64, linux/arm64) to GitHub Container Registry on every release.

# Pull the latest release
docker pull ghcr.io/initializ/forge:latest

# Pin to a specific version
docker pull ghcr.io/initializ/forge:v0.9.2

# Run with your agent directory mounted
docker run -v /path/to/agent:/home/forge/agent -w /home/forge/agent \
  -e OPENAI_API_KEY=sk-... \
  ghcr.io/initializ/forge:latest run --host 0.0.0.0

Image details:

• Tags: v0.9.2, v0.9, v0, latest (semver hierarchy)
• Base: alpine:3.22.4 with ca-certificates, git, tzdata
• Build: Multi-stage with golang:1.25-alpine, BuildKit cache mounts, CGO_ENABLED=0 static binary
• Security: Non-root forge user, minimal attack surface
• CI: QEMU for cross-platform emulation, GitHub Actions cache for layer reuse

LLM Agent Loop Robustness (#46)

Two fixes to the core agent loop that prevent subtle failures across providers:

Tool call execution fix: The loop now terminates based solely on len(ToolCalls) == 0, ignoring FinishReason. Some providers (notably certain OpenAI models) return FinishReason: "stop" even when tool calls are present — previously this caused the agent to stop mid-execution.

Session recovery deduplication: When a session is recovered from disk after a crash or timeout, the executor checks whether the conversation already ends with an identical user message and skips the duplicate. This prevents the same prompt from appearing twice in the context window on retry.

Q&A nudge suppression: When only explore-phase tools were invoked (e.g., web_search, file_read), the agent no longer sends a continuation nudge ("You stopped..."), correctly treating the response as a final answer to an informational query.

---

Bug Fixes

Port Collision on Agent Start (forge-ui)

Before: When the UI restarted, PortAllocator lost its in-memory state and always tried port 9100 first — colliding with agents already running on that port from a previous session.

After: Allocate() now does a net.Listen TCP probe to verify the port is actually free before assigning it. Occupied ports are automatically skipped.

Stale Agent Status After UI Restart (forge-ui)

Before: detectExternalAgent() only checked if a port was listening via TCP probe. If serve.json was stale (agent crashed) but another process happened to be on the same port, the dead agent appeared as "running".

After: detectExternalAgent() now checks PID liveness via pidAlive() (signal 0) before the TCP probe. If the PID from serve.json is dead, the stale file is cleaned up and the agent is correctly reported as stopped.

OAuth Silent 401 in Skill Builder and Runner (forge-cli)

Before: When OpenAI OAuth credentials were missing or unloadable (no ~/.forge/credentials/openai.json), both the Skill Builder llmStreamFunc and the Runner createProviderClient silently fell through to create a regular OpenAI client with no API key — resulting in a cryptic 401 Unauthorized error.

After: When the API key is empty/__oauth__ and oauth.LoadCredentials() fails, a clear error is returned: "no OpenAI API key or OAuth credentials found; run 'forge init' with OAuth or set OPENAI_API_KEY".

---

Files Changed

Area	Files	Description
Skill env utilities	forge-cli/cmd/skill_env.go	ParseSkillRequirements, MergeEgressDomains, AppendEnvVars, CheckMissingEnv
Skill env tests	forge-cli/cmd/skill_env_test.go	12 unit tests for shared utilities
CLI skills add	forge-cli/cmd/skills.go	Egress domain merge in runSkillsAdd
UI save func	forge-cli/cmd/ui.go	Enhanced skill save with env/egress handling, OAuth error surfacing
Runner OAuth	forge-cli/runtime/runner.go	OAuth error surfacing in createProviderClient
Parser export	forge-skills/parser/parser.go	Export ExtractForgeReqs for reuse
LLM loop	forge-core/runtime/loop.go	Ignore FinishReason, session dedup, Q&A nudge suppression
Loop tests	forge-core/runtime/loop_test.go	Regression tests for stop+tool_calls
UI types	forge-ui/types.go	SkillSaveResult, SkillEnvEntry, updated SkillSaveFunc signature
UI handler	forge-ui/handlers_skill_builder.go	Pass env vars, return SkillSaveResult
Port allocator	forge-ui/process.go	net.Listen probe in Allocate(), portFree() helper
Agent discovery	forge-ui/discovery.go	PID liveness check, stale serve.json cleanup
Frontend	forge-ui/static/dist/app.js	Env var inputs, egress/env status display
Docker	Dockerfile, .dockerignore	Multi-stage alpine build
CI	.github/workflows/release.yaml	GHCR multi-arch build+push job
Docs	docs/{runtime,skills,dashboard,deployment,commands}.md	Synced with code changes

25 files changed, 1,201 insertions, 79 deletions

---

Installation

# Homebrew
brew upgrade initializ/tap/forge

# One-line install/upgrade
curl -sSL https://raw.githubusercontent.com/initializ/forge/main/install.sh | bash

# Docker
docker pull ghcr.io/initializ/forge:v0.9.2

---

Contributors

Built with Forge — turn SKILL.md into portable, secure, runnable AI agents.

v0.9.1

Forge v0.9.1 — Container Packaging, Local Binary Overrides, External Auth, and Guardrails Library

Release Date: April 13, 2026
Full Changelog: v0.9.0...v0.9.1

---

Highlights

Forge v0.9.1 delivers container packaging improvements, local binary injection, external authentication, inline KUBECONFIG support, and a full guardrails library integration. This release modifies 65 files with over 3,600 lines of new code, making container-based agent deployments significantly more flexible and production-ready.

---

What's New

Container Packaging: Local Binary Overrides (#44)

Inject host-compiled binaries directly into container images, bypassing remote resolution entirely. This enables air-gapped builds, custom binary versions, and rapid iteration without waiting for upstream releases.

# Inject a locally-built forge binary into the container
forge package --local-bin forge=/path/to/linux/forge

# Combine with image optimization
forge package --local-bin forge=./bin/forge --alpine --slim

• --local-bin name=/path/to/file flag on both forge build and forge package (repeatable)
• --slim flag to minimize image size by skipping heavy/optional binaries
• --alpine flag to prefer Alpine base image
• Configurable in forge.yaml via package.bin_overrides.<name>.local
• Smart Dockerfile generation with multi-stage bin resolution: local override → skill override → config override → image registry → apt/apk
• Automatic ca-certificates installation for TLS support

External Authentication Provider (#44)

Delegate token validation to an external auth endpoint for enterprise deployments. The internal loopback token ensures channel adapters (Slack, Telegram) continue to work without needing a valid external token.

# Via CLI flag
forge run --auth-url https://auth.example.com/verify

# Via environment variable (containers)
docker run -e FORGE_AUTH_URL=https://auth.example.com/verify my-agent

• Two-layer auth middleware: internal token accepted first (channel loopback), then external provider
• FORGE_AUTH_URL and FORGE_AUTH_ORG_ID environment variables
• Org ID extracted from X-Org-ID, org-id, or org_id request headers

KUBECONFIG Materialization (#44)

Pass kubeconfig content directly as an environment variable — the runtime automatically writes it to a file and updates KUBECONFIG to the file path. No volume mounts needed.

docker run -e KUBECONFIG="$(cat ~/.kube/config)" my-agent

• Detects inline YAML via newlines, apiVersion: markers, and certificate-authority-data: presence
• kubectl and helm receive the materialized path via env passthrough

Channel Adapter Fixes (#44)

• Entrypoint now includes --with flag — container entrypoint automatically becomes ["forge", "run", "--host", "0.0.0.0", "--with", "slack,telegram"] when channels are configured in forge.yaml
• Channel config files packaged — slack-config.yaml, telegram-config.yaml, etc. are automatically copied into the Docker build context
• Auth loopback — channel adapters authenticate to the A2A server using an internal token, bypassing external auth providers

Guardrails Library Integration (#45)

Replaced the hand-rolled GuardrailEngine (435 lines of hardcoded patterns) with the external github.com/initializ/guardrails library, supporting dual-mode operation.

• File-based mode (guardrails.json) for local development — zero external dependencies
• MongoDB-backed mode for platform deployments with centralized policy management and audit logging
• Inbound PII masking fixed — CheckInbound now correctly masks PII (e.g., SSNs) before they reach the LLM
• Session recovery crash fixed — orphaned tool calls (assistant tool_calls without matching tool results) are stripped on save and recovery, preventing API rejection errors

Skills Build Stage Fix (#45)

• SkillsStage now always scans the skills/ subdirectory even without a root SKILL.md, restoring binary installation (e.g., kubectl) for subdirectory-only skill projects

Root SKILL.md Removed (#44)

• forge init no longer generates a root-level SKILL.md with placeholder content
• Skills live exclusively in skills/<skill-name>/SKILL.md subdirectories
• Removed skills.path from forge.yaml template
• Build pipeline already scans skills/ automatically

OpenAI API Fix (#44)

• Fixed "Invalid value for 'content': expected a string, got null" error by omitting content field for assistant messages with tool_calls per OpenAI spec

---

New Configuration

forge.yaml — Package Section

package:
  alpine: false                     # Prefer Alpine base image
  slim: false                       # Minimize image size
  bin_overrides:
    forge:
      local: "/path/to/linux/forge" # Host path to local binary
    jq:
      apt: "jq"                     # APT package name
    custom-tool:
      url: "https://example.com/tool.tar.gz"
      dest: "/usr/local/bin/custom-tool"
      chmod: "0755"

New Environment Variables

Variable	Description
FORGE_AUTH_URL	External auth provider URL for token validation
FORGE_AUTH_ORG_ID	Organization ID sent to external auth provider
FORGE_GUARDRAILS_DB	MongoDB connection string for centralized guardrails

New CLI Flags

Command	Flag	Description
forge build	--local-bin	Local binary override as name=/path/to/file (repeatable)
forge build	--slim	Minimize image size
forge build	--alpine	Prefer Alpine base image
forge package	--local-bin	Local binary override (same as build)
forge package	--slim	Minimize image size
forge package	--alpine	Prefer Alpine base image
forge run	--auth-url	External auth provider URL
forge serve	--auth-url	External auth provider URL

---

Breaking Changes

• Root SKILL.md no longer generated by forge init. Existing projects with a root SKILL.md are unaffected — the build pipeline still reads it if present, but new projects should use skills/ subdirectories exclusively.
• skills.path removed from forge.yaml template. Existing configs with skills.path still work at runtime.

---

Pull Requests

• #44 — feat: container packaging, local binary overrides, and external auth
• #45 — feat: integrate guardrails library with dual-mode support

---

Stats

• 65 files changed, 3,652 insertions, 1,031 deletions
• 5 new CLI flags across build, package, run, and serve
• 3 new environment variables for auth and guardrails
• 1 new forge.yaml section (package)

---

Installation:

# Homebrew
brew upgrade initializ/tap/forge

# Binary (Linux/macOS)
curl -fsSL https://github.com/initializ/forge/releases/download/v0.9.1/forge-$(uname -s)-$(uname -m).tar.gz | tar xz -C /usr/local/bin forge

Documentation: docs/

v0.9.0

Forge v0.9.0 — Security Hardening, GitHub Skills, and Bug Fixes

Release Date: April 4, 2026
Full Changelog: v0.8.0...v0.9.0

---

Highlights

Forge v0.9.0 is a security-focused release that delivers two full phases of security hardening (17 fixes total), a new GitHub API skill, a critical secret decryption bug fix, and improvements across the CLI, TUI, and channel plugins. This release modifies 78 files with over 4,100 lines of new code and hardened tests.

---

What's New

Security: Phase 1 — Critical Fixes (C-1 through C-7)

• SSRF protection — new IP validator blocks requests to private/loopback/link-local ranges (#34)
• Safe dialer — all outbound HTTP connections routed through a secure dialer with DNS rebinding protection
• Redirect validation — HTTP redirects are checked against the egress allowlist before following
• bash_execute removed — eliminated the high-risk shell execution tool from the code-agent skill (#29)
• Egress enforcer hardened — stricter domain matching and proxy enforcement

Security: Phase 2 — High-Priority Fixes (H-1 through H-10)

• Scoped environment variables — KUBECONFIG, NO_PROXY, and GH_CONFIG_DIR are now injected only into their target binaries (kubectl, helm, gh), not the global environment (#39, #42)
• A2A server hardened — added input validation, rate limiting, and auth improvements to the Agent-to-Agent server
• Custom tool sandboxing — external tool execution now enforces stricter argument validation
• Channel plugin hardening — Slack and Telegram adapters received input sanitization and error-handling improvements
• Guardrails loader hardened — runtime guardrail loading now validates schema before application

New Feature: GitHub API Skill

• Query GitHub users, pull requests, forks, and stargazers directly from within an agent (#38)
• Includes six new scripts: github-get-user, github-list-prs, github-list-forks, github-list-stargazers, github-pr-author-profiles, github-stargazer-profiles
• Per-tool PII exemptions — tools that need GitHub usernames can bypass PII redaction on a per-tool basis

Bug Fixes

• Secret decryption — fixed a bug where decryption failed even with the correct passphrase (#40, #41)
• Q&A nudge suppression — resolved unwanted nudge prompts during agent conversations
• UI agent start errors — fixed errors when starting agents from the skill builder UI
• Chat streaming — resolved streaming interruption issues in the TUI
• File attachment — cli_execute now correctly handles file attachment behavior
• Errcheck lint — fixed unchecked error returns in test files

Documentation

• Updated security docs covering egress enforcement, guardrails, and the new IP validator
• Synced architecture, channels, runtime, skills, and tools documentation with code changes (#43)

---

Breaking Changes

• bash_execute tool removed — agents using the bash_execute builtin tool must migrate to cli_execute or custom tool definitions. This tool was removed for security reasons.

---

Upgrade Guide

# Update via Homebrew
brew upgrade initializ/tap/forge

# Or pull the latest binary
curl -sSL https://raw.githubusercontent.com/initializ/forge/main/install.sh | bash

No configuration changes required. Existing agents and skills are fully compatible with v0.9.0.

---

Stats

Metric	Value
Files changed	78
Insertions	+4,126
Deletions	−632
Net new lines	+3,494
PRs merged	6
Contributors	2

---

Pull Requests Included

• #43 — docs: sync documentation for Phase 2 fixes and UI improvements (@initializ-mk)
• #42 — security: Phase 2 high-priority fixes and UI improvements (@initializ-mk)
• #41 — [Bug]: Secret decryption fails with correct passphrase #40 (@pandey03muskan)
• #39 — security: Phase 2 high-priority fixes (H-1 through H-10) (@initializ-mk)
• #38 — feat: add GitHub API query tools and per-tool PII exemptions (@initializ-mk)
• #34 — security: Phase 1 critical fixes (C-1 through C-7) (@initializ-mk)

---

Contributors

• @initializ-mk
• @pandey03muskan

---

Forge is a secure, portable AI agent runtime. Build, run, and deploy AI agents from a single SKILL.md file.
Learn more at github.com/initializ/forge • Documentation

v0.8.0

Forge v0.8.0 — Code Agent, Skill Guardrails, and Telegram Reliability

Forge v0.8.0 introduces the Code Agent skill for autonomous code generation, a multi-layer skill guardrails system for fine-grained security policy enforcement, Kubernetes cost visibility, and critical Telegram reliability fixes — making Forge the most secure open-source AI agent runtime for enterprise deployments.

---

Code Agent Skill

New embedded skill (code-agent) that enables autonomous code generation, modification, and project scaffolding across multiple frameworks.

• 7 builtin tools: file_read, file_write, file_edit, file_patch, glob_search, grep_search, directory_tree — all confined to the agent's working directory via PathValidator
• Multi-framework scaffolding: Vite + React, Express, FastAPI, Go, Spring Boot, and more via code_agent_scaffold
• Surgical code editing: Exact string matching with unified diff output via code_agent_edit
• Batch operations: Atomic multi-file add/update/delete/move in a single call via file_patch
• Smart search: Uses ripgrep when available, with Go-based fallback for grep_search
• Layered registration: Skills request only the capabilities they need — search-only, read-only, or full read-write

forge skills add code-agent

GitHub Skill — Now Script-Backed

The github skill has been upgraded from binary-backed to script-backed with 6 shell scripts and 8 tools:

Tool	Purpose
github_clone	Clone a repository and create a feature branch
github_checkout	Switch to or create a branch
github_status	Show git status
github_commit	Stage and commit changes
github_push	Push feature branch to remote
github_create_pr	Create a pull request
github_create_issue	Create a GitHub issue
github_list_issues	List open issues

Multi-Layer Skill Guardrails

Skills can now declare domain-specific security policies in their SKILL.md frontmatter, enforced at four interception points in the agent loop:

Guardrail	Hook Point	Purpose
deny_commands	Before tool execution	Block dangerous CLI commands (e.g., kubectl get secrets)
deny_output	After tool execution	Block or redact sensitive tool output (e.g., Secret manifests, tokens)
deny_prompts	Before LLM call	Intercept capability enumeration probes
deny_responses	After LLM call	Prevent binary name disclosure in LLM responses

• Declarative YAML config in SKILL.md frontmatter — no code changes needed
• Pattern aggregation across multiple active skills with deduplication
• Runtime fallback — guardrails fire during forge run without requiring forge build
• file:// protocol blocking in cli_execute to prevent filesystem traversal via curl file:///etc/passwd

Kubernetes Cost Visibility Skill

New embedded skill (k8s-cost-visibility) that estimates cluster infrastructure costs:

• Four cost dimensions: Compute (CPU + memory), Storage (PVC/PV), LoadBalancer, and Waste (unbound PVs)
• Multiple grouping modes: namespace, workload, node, label, annotation
• Auto-detect cloud pricing: AWS, GCP, Azure, or static/custom rates
• Strictly read-only — only kubectl get commands, never mutating operations

forge skills add k8s-cost-visibility

Telegram Reliability Fix

Resolved a critical context cancellation bug that killed in-flight agent tasks during polling restarts:

• Context isolation: Each handler goroutine now runs with an independent context (10-minute timeout), detached from the polling lifecycle
• Interim messaging: After 15 seconds of processing, Telegram sends "Working on it — I'll send the result when ready" — matching Slack's existing behavior
• Shared handler logic: Extracted handleEvent() method eliminates duplication between polling and webhook code paths

PII Detection Improvements

Reduced false positives in the guardrail engine with structural validators:

Pattern	Validator	What It Checks
SSN	validateSSN	Rejects area=000/666/900+, group=00, serial=0000, known test SSNs
Credit Card	validateLuhn	Luhn checksum, 13-19 digit length
Phone	Regex	Area code 2-9, requires separators (prevents matching version numbers)

Outbound messages are now always redacted rather than blocked — even in enforce mode — to avoid discarding useful agent responses over false positives in source code.

Additional Changes

• TUI: Updated OpenAI provider description to show current model names (GPT 5.4, GPT 5 Mini, GPT 5 Nano)
• UI: Fixed auth and channel config propagation when starting agents from the web dashboard
• Docs: Comprehensive documentation sync across tools, skills, channels, and security guardrails

---

Upgrade

# macOS / Linux
curl -fsSL https://raw.githubusercontent.com/initializ/forge/main/install.sh | bash

# Or build from source
git clone https://github.com/initializ/forge.git && cd forge && make build

Contributors

Built by the Initializ team.

---

Full Changelog: v0.7.0...v0.8.0

v0.7.0

What's New in Forge v0.7.0

Forge v0.7.0 brings Kubernetes cost optimization, frontend code generation, an interactive skill builder UI, and OpenAI Enterprise support — plus infrastructure improvements that make adding new skills a single-directory operation.

---

Kubernetes Pod Rightsizer Skill

New embedded skill (k8s-pod-rightsizer) that analyzes real workload metrics and produces deterministic CPU/memory rightsizing recommendations — no LLM guessing.

• Three modes: dry-run (report only), plan (generate patch YAMLs), apply (execute with automatic rollback bundles)
• Prometheus p95 metrics with metrics-server fallback
• Policy model with per-namespace and per-workload overrides (safety factors, min/max bounds, step constraints)
• Workload classification: over-provisioned, under-provisioned, right-sized, limit-bound, insufficient-data
• Safety: apply mode requires explicit i_accept_risk: true confirmation; generates rollback bundle before patching

Code Generation Skills

Two new embedded skills for scaffolding and iterating on frontend applications:

• codegen-react — Vite + React 19 with Tailwind CSS. Four tools: scaffold, run (npm install + dev server with browser auto-open), read, write. Vite hot-reloads on file changes.
• codegen-html — Preact + HTM with zero local dependencies. Three tools: scaffold (single-file or multi-file mode), read, write. No Node.js, no build step — just open index.html in a browser.

Both skills include Forge dark theme defaults, path traversal prevention, and LLM guardrails to prevent common errors.

Skill Builder UI

Interactive LLM-powered skill creation wizard in the web dashboard:

• Real-time chat for generating skills from natural language descriptions
• YAML frontmatter validation with inline error display
• One-click save to agent configuration
• Daemon lifecycle — agents now run as forge serve daemon processes via exec.Command, surviving UI shutdown and auto-detected on restart

file_create Builtin Tool

New tool for creating downloadable files that are both written to disk and uploaded to the user's channel (Slack/Telegram):

• Files written to agent-scoped .forge/files/ directory (not system temp) via FilesDir context injection
• Returns a path field so other tools (e.g., kubectl apply -f <path>) can reference created files
• Supports .json, .yaml, .yml, .txt, .md, .csv, .xml, .html, .sh, .py, .go, .js, .ts

OpenAI Enterprise Organization ID

Full-stack support for routing OpenAI API requests to the correct enterprise organization:

• organization_id in forge.yaml and OPENAI_ORG_ID env var
• OpenAI-Organization header on all OpenAI API calls (chat, embeddings, responses)
• Fallback inheritance with per-fallback override
• Audit logging includes organization_id field
• TUI wizard and web dashboard org ID configuration

Skill Metadata Improvements

All 11 embedded skills now declare icon, category, and tags in their SKILL.md frontmatter:

• Icons flow from SKILL.md → parser → scanner → registry → TUI (no hardcoded map)
• Adding a new skill never requires touching forge-cli — all metadata is in the SKILL.md
• Enforced by tests: TestEmbeddedRegistry_AllSkillsHaveIcons and TestEmbeddedRegistry_AllSkillsHaveCategoryAndTags
• Category and tag filtering: forge skills list --category sre --tags kubernetes

Additional Improvements

• TUI scroll fix — MultiSelect and SingleSelect components now use viewport-based scrolling with ▲ N more above / ▼ N more below indicators
• Update notifications — Dashboard checks GitHub Releases API (30-min cache) and shows an animated banner when a newer Forge version is available
• Slack file handling — Preserves raw content for typed files (JSON, YAML) instead of unwrapping as markdown

---

Embedded Skills (11 total)

Skill	Icon	Category	Type
github	🐙	developer	binary-backed
weather	🌤️	utilities	binary-backed
tavily-search	🔍	research	script-backed
tavily-research	🔬	research	script-backed
k8s-incident-triage	☸️	sre	binary-backed
k8s-pod-rightsizer	⚖️	sre	binary-backed
code-review	🔎	developer	script-backed
code-review-standards	📏	developer	template-based
code-review-github	🐙	developer	binary-backed
codegen-react	⚛️	developer	script-backed
codegen-html	🌐	developer	script-backed

Pull Requests

• #22 — feat: skill builder UI, daemon lifecycle, update notifications
• #21 — feat: add k8s-pod-rightsizer skill, file_create tool, and skill metadata improvements
• #20 — feat: OpenAI Enterprise org ID support and TUI scroll fix
• #19 — feat: add codegen-react and codegen-html embedded skills

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's New

Code Review Skill Suite

Three new embedded skills for AI-powered code review:

• code-review — Script-backed skill with code_review_diff and code_review_file tools. Supports GitHub PR URLs and local git diffs, Anthropic/OpenAI LLM routing, large diff detection, untracked file inclusion, ~ path expansion, and org standards via .forge-review/ directory.
• code-review-standards — Standards discovery and initialization with templates for config.yaml, ignore patterns, and language-specific rules (Go, Python, TypeScript, security, testing).
• code-review-github — PR workflow orchestration: list PRs, post inline review comments, apply labels, and guarded auto-merge.

Bug Fix

• Fixed OneOf env vars not being passed to skill script executor, causing skills with one_of requirements (e.g., ANTHROPIC_API_KEY/OPENAI_API_KEY) to silently fail at runtime.

Full Changelog: v0.5.0...v0.6.0

v0.5.0

Forge v0.5.0 — A2A Authentication, Slack Socket Mode & Documentation Overhaul

Forge is an open-source, secure AI agent runtime for building, deploying, and operating LLM-powered agents with built-in security, observability, and multi-provider support. This release adds bearer token authentication to the A2A server, rewrites the Slack adapter to Socket Mode, and reorganizes all documentation into a navigable 22-page doc site.

---

Highlights

Secure-by-Default A2A Authentication

The Forge A2A HTTP server now requires bearer token authentication on all endpoints by default — closing the open-localhost attack surface that affects most local AI agent frameworks.

• Auto-generated tokens — forge run generates a cryptographically random token on startup and stores it at .forge/runtime.token with 0600 permissions
• HTTP middleware — validates Authorization: Bearer <token> on all JSON-RPC and SSE endpoints
• Smart path skipping — health checks (/healthz), agent card (/.well-known/agent.json), and CORS preflight (OPTIONS) bypass authentication
• Channel integration — the channel router and forge ui chat proxy automatically load and send the token when forwarding requests
• Opt-out for development — --no-auth flag disables authentication (only allowed on localhost bindings)
• Explicit tokens — --auth-token <value> for CI/CD and scripted setups
• Audit trail — auth_success and auth_failure events emitted with request method, path, and remote address
• Daemon support — forge serve passes auth flags to the background process and reports auth status

# Default: auth enabled, token auto-generated
forge run
# Auth:    enabled (token in .forge/runtime.token)

# Disable for local development
forge run --no-auth

# Explicit token for CI/CD
forge run --auth-token "my-secret-token"

Why this matters: Local AI agent servers typically bind to localhost:8080 with no authentication. Any local process — a malicious browser extension, compromised npm package, or rogue script — can send requests to the agent, exfiltrate data via tool calls, or trigger actions. Forge now prevents this by default.

Slack Socket Mode Rewrite

The Slack channel adapter has been completely rewritten from webhook-based to Socket Mode, eliminating the need for public URLs, ngrok, or inbound webhooks.

• Outbound WebSocket only — connects to Slack via apps.connections.open, no public URL needed
• Mention-aware filtering — responds only when @mentioned in channels, always in DMs and active threads
• Processing indicators — 👀 reaction on receipt, interim "Researching..." message after 15 seconds
• Large response handling — responses >4096 chars split into summary + downloadable Markdown file upload
• Thread support — replies in-thread when the original message is in a thread
• Community files — added CONTRIBUTING.md, CODE_OF_CONDUCT.md, issue templates, and PR template

Documentation Reorganization

The README has been slimmed from 1,349 lines to 115 lines. All detailed content now lives in 22 focused, navigable documentation pages.

• 10 new doc pages — installation, quickstart, memory, configuration, deployment, scheduling, dashboard, secrets, signing, guardrails
• 7 enriched pages — skills, tools, runtime, hooks, channels, commands, architecture updated with full README content
• Security docs restructured — SECURITY.md renamed to overview.md with sub-pages for egress, secrets, signing, and guardrails
• Navigation system — every doc has prev/next links in a 22-page reading order
• /sync-docs slash command — Claude Code command that reads git diff, maps changed files to affected docs, and updates them

---

New: forge-core/auth Package

A new forge-core/auth package provides reusable authentication primitives:

Component	Description
auth.GenerateToken()	Generate 32-byte cryptographically random hex token
auth.StoreToken(dir, token)	Write token to .forge/runtime.token with 0600 permissions
auth.LoadToken(dir)	Read token from an agent directory
auth.Middleware(cfg)	HTTP middleware for bearer token validation
auth.Config	Configuration with skip paths, audit callbacks, and enable/disable

Platform-aware file permissions: 0600 on Unix, ACL-restricted on Windows.

---

Breaking Changes

Channel Router API

channels.NewRouter() now requires a bearer token parameter:

// Before (v0.4.0)
router := channels.NewRouter(agentURL)

// After (v0.5.0)
router := channels.NewRouter(agentURL, bearerToken)

Pass an empty string to disable authentication on the router.

Slack Configuration

Slack now requires Socket Mode tokens instead of webhook configuration:

# Before: webhook-based
SLACK_BOT_TOKEN=xoxb-...

# After: Socket Mode (requires app-level token)
SLACK_APP_TOKEN=xapp-1-...
SLACK_BOT_TOKEN=xoxb-...

See Slack App Setup for the full configuration guide.

---

New CLI Flags

Command	Flag	Description
forge run	--no-auth	Disable bearer token authentication (localhost only)
forge run	--auth-token	Set an explicit bearer token
forge serve	--no-auth	Disable auth for the background daemon
forge serve	--auth-token	Set an explicit token for the daemon

---

New Audit Events

Event	Description
auth_success	Authenticated request (method, path, remote_addr)
auth_failure	Rejected request — missing or invalid token

---

Documentation

Page	Description
Quick Start	Get an agent running in 60 seconds
Installation	All installation methods
Architecture	System design and data flows
Skills	Skill definitions, registry, and built-in skills
Tools	Built-in tools, adapters, and custom tools
Runtime	LLM providers, fallbacks, running modes
Memory	Session persistence and long-term memory
Channels	Slack and Telegram adapter setup
Security Overview	Complete security architecture
Configuration	Full forge.yaml schema and env vars
Commands	CLI reference with all flags
Dashboard	Web UI for agent management
Deployment	Container, Kubernetes, and air-gap deployment

---

Stats

• 68 files changed, 4,317 insertions, 1,968 deletions
• 17 Go files changed across forge-core, forge-cli, forge-plugins, and forge-ui
• 22 documentation pages (10 new, 12 updated)
• 6 new Go source files in forge-core/auth/
• PRs: #15, #17
• Issue: Closes #16

---

Contributors

Thanks to everyone who contributed to this release.

Install / Upgrade

# Homebrew
brew upgrade initializ/tap/forge

# Binary
curl -sSL https://github.com/initializ/forge/releases/download/v0.5.0/forge-$(uname -s)-$(uname -m).tar.gz | tar xz
sudo mv forge /usr/local/bin/

# Verify
forge --version

Full Changelog: v0.4.0...v0.5.0

v0.4.0

Forge v0.4.0 — Cron Scheduler, Web Dashboard, K8s Triage & Deep Research

Forge is an open-source framework for building, deploying, and operating AI agents with built-in security, observability, and multi-provider LLM support. This release adds a built-in cron scheduler with channel delivery, a local web dashboard for agent lifecycle management, a Kubernetes incident triage skill, deep research capabilities, and a redesigned forge serve daemon manager.

---

Highlights

Built-in Cron Scheduler with Channel Delivery

Forge agents can now execute tasks on cron schedules — no external scheduler, database, or message queue required. Schedules are created declaratively in forge.yaml or dynamically by the LLM via tool calls during conversation.

• Standard cron expressions — 5-field (*/15 * * * *), aliases (@hourly, @daily), intervals
• Overlap prevention — running tasks are tracked per schedule ID; next tick skips if still executing
• Markdown-backed persistence — schedules stored in .forge/memory/SCHEDULES.md (human-readable, version-controllable)
• Channel delivery — scheduled task results are automatically sent to Slack or Telegram channels
• Channel context injection — when users create schedules from a chat conversation, the originating channel and chat ID are captured automatically for result delivery
• Execution history — last 50 runs tracked with timestamp, status, duration, and correlation ID
• 4 new LLM tools — schedule_set, schedule_list, schedule_delete, schedule_history
• 2 new CLI commands — forge schedule list, forge schedule delete <id>
• YAML sync — declarative schedules in forge.yaml are auto-synced to the store on startup

# forge.yaml
schedules:
  - id: daily-health-check
    cron: "0 9 * * *"
    task: "Run health check on all services and report status"
    skill: k8s-incident-triage
    channel: telegram
    channel_target: "-100123456"

forge serve — Background Daemon Manager

forge serve has been redesigned from a duplicate foreground server into a proper daemon lifecycle manager with start/stop/status/logs subcommands.

• forge serve / forge serve start — forks forge run in background, writes PID to .forge/serve.json, logs to .forge/serve.log
• forge serve stop — SIGTERM with 10-second graceful timeout, SIGKILL fallback
• forge serve status — shows PID, listen address, and health endpoint status
• forge serve logs — tails last 100 lines of daemon log
• Passphrase handling — parent process prompts for passphrase (has TTY), child inherits via environment
• Cross-platform — Unix (Setsid, SIGTERM/SIGKILL) and Windows (DETACHED_PROCESS, OpenProcess) via build-tagged files

forge run — Production Flags

forge run gains flags for container deployments:

• --host — bind address (e.g., 0.0.0.0 for containers; default: all interfaces)
• --shutdown-timeout — graceful shutdown duration (e.g., 30s; default: immediate)

# Container deployment
CMD ["forge", "run", "--host", "0.0.0.0", "--shutdown-timeout", "30s"]

Local Web Dashboard (forge ui)

A browser-based agent management interface — the GUI equivalent of the full CLI.

• Agent dashboard — discover, start, stop, and monitor agents in a workspace
• Interactive chat — A2A streaming chat with live progress indicators
• 9-step creation wizard — mirrors forge init with inline credential collection, OAuth support, model selection, skill picking, and passphrase setup
• Monaco config editor — tree-shaken YAML-only Monaco bundle (~615KB) with live validation and Cmd/Ctrl+S save
• Skills browser — browse registry skills by category with full SKILL.md content viewer
• Real-time updates — Server-Sent Events for live agent state changes
• Zero dependencies — Preact + HTM via ESM CDN, no npm/webpack build step; embedded in binary via go:embed

forge ui                          # Open http://localhost:4200
forge ui --port 8080 --dir /work  # Custom port + workspace

K8s Incident Triage Skill

A read-only Kubernetes triage skill with comprehensive operational instructions (~320 lines of LLM guidance).

• 7-step triage process — preconditions → health snapshot → events → describe → node diagnostics → logs → metrics
• 8 detection heuristics — CrashLoop, OOMKilled, Image Pull, Scheduling, Probe Failure, PVC/Volume, Node Pressure, Rollout Stuck — each with hypothesis, evidence, confidence score, and recommended next commands
• Safety constraints — read-only only (get, describe, logs, top); never executes apply, patch, delete, exec, port-forward, scale, or rollout restart
• Denied tools — removes http_request and web_search from registry to prevent LLM from bypassing kubectl
• Full SKILL.md body injected inline into the system prompt (no read_skill call needed)

Skill Filtering & Full Body Threading

• Category and tags — skills can declare category (e.g., sre) and tags (e.g., kubernetes, incident-response) in frontmatter
• Filterable — forge skills list --category sre --tags kubernetes,triage with AND semantics
• --skill flag — forge run --skill k8s-incident-triage restricts the agent to specific skills
• Body threading — SkillEntry.Body captures the full markdown after frontmatter and injects it into the system prompt for binary-backed skills

Tavily Deep Research & Skill-as-Tool Adapter

• Async two-tool pattern — tavily_research (submit) + tavily_research_poll (poll with internal retry, up to 280s)
• Skill-as-tool adapter — SkillTool wraps script-backed skills as first-class LLM tools with JSON Schema input
• Channel document upload — responses >4096 chars split into summary message + full report as file attachment (Slack files.upload, Telegram sendDocument)
• Local egress proxy — subprocess egress enforcement for skill scripts

---

New CLI Commands

Command	Description
forge ui	Launch local web dashboard
forge schedule list	List all cron schedules with status
forge schedule delete <id>	Delete a cron schedule
forge serve start	Start agent as background daemon
forge serve stop	Stop the running daemon
forge serve status	Show daemon status and health
forge serve logs	Tail daemon log output
forge run --host 0.0.0.0	Bind to specific address
forge run --shutdown-timeout 30s	Graceful shutdown for containers
forge skills list --category sre	Filter skills by category

---

New Built-in Tools

Tool	Description
schedule_set	Create or update a cron schedule with optional channel delivery
schedule_list	List all schedules with status and next run time
schedule_delete	Delete a schedule by ID
schedule_history	View execution history for schedules

---

Configuration

New schedules block in forge.yaml:

schedules:
  - id: daily-report
    cron: "0 9 * * *"
    task: "Generate daily status report"
    skill: k8s-incident-triage   # optional: restrict to a skill
    channel: telegram            # optional: deliver to channel
    channel_target: "-100123456" # optional: chat/channel ID

New skill frontmatter fields:

category: sre                    # optional: lowercase kebab-case
tags: [kubernetes, triage]       # optional: filterable
metadata.forge.denied_tools:     # optional: remove tools from registry
  - http_request
  - web_search

---

What Changed

118 files changed, 16,573 insertions(+), 510 deletions(-)

New Modules & Packages

• forge-ui/ — Local web dashboard module (server, handlers, process manager, discovery, SSE, chat proxy, embedded SPA)
• forge-core/scheduler/ — Cron scheduler package (tick loop, cron parsing, overlap prevention, history)
• forge-cli/runtime/scheduler_store.go — Markdown-backed schedule persistence

New Skills

• skills/k8s-incident-triage/SKILL.md — Kubernetes incident triage (~320 lines)
• skills/tavily-research/ — Async deep research with submit + poll scripts

New CLI Commands

• forge-cli/cmd/schedule.go — forge schedule list, forge schedule delete
• forge-cli/cmd/serve.go — Daemon manager (start/stop/status/logs)
• forge-cli/cmd/serve_unix.go / serve_windows.go — Platform-specific process management
• forge-cli/cmd/ui.go — Web dashboard launcher with dependency injection

New Tools

• forge-core/tools/builtins/schedule_set.go — Create/update schedules
• forge-core/tools/builtins/schedule_list.go — List schedules
• forge-core/tools/builtins/schedule_delete.go — Delete schedules
• forge-core/tools/builtins/schedule_history.go — Execution history

Key Changes

• forge-cli/runtime/runner.go — Scheduler integration, ScheduleNotifier, channel delivery, skill body threading
• forge-cli/channels/router.go — Channel context injection ([channel:X channel_target:Y] prefix)
• forge-core/types/config.go — Schedule config, channel fields
• forge-skills/contract/filter.go — Category/tag filtering with AND semantics

---

Pull Requests

• #14 — Add cron scheduler, serve daemon, and channel delivery
• #13 — Add local web dashboard (forge ui)
• #12 — Add K8s incident triage skill, filtering, and inline skill instructions
• #11 — Add skill-as-tool adapter, Tavily Research skill, and channel document upload

Contributors

• @initializ-mk

---

Installation

brew tap initializ/tap
brew install forge-cli

Or download from releases:

curl -sSL https://github.com/initializ/forge/releases/download/v0.4.0/forge-$(un...

v0.3.0

Forge v0.3.0 — Encrypted Secrets, Build Signing & Runtime Security

Forge is an open-source framework for building, deploying, and operating AI agents with built-in security, observability, and multi-provider LLM support. This release adds encrypted secret management, cryptographic build signing, runtime egress enforcement, and structured audit logging.

---

Highlights

Encrypted Secrets Management

Per-agent encrypted secret storage using AES-256-GCM with Argon2id key derivation. Each agent gets its own encrypted vault (<agent>/.forge/secrets.enc) with a global fallback (~/.forge/secrets.enc), so different agents can use different API keys without conflict.

• forge secret set KEY value [--local] — store secrets in encrypted files
• forge secret get KEY — retrieve decrypted values at runtime
• forge secret list — list all stored secret keys
• forge secret delete KEY — remove a secret
• Runtime passphrase prompting — forge run prompts for passphrase interactively when FORGE_PASSPHRASE is not set (TTY-aware, graceful fallback for CI/CD)
• Smart init passphrase — first-time setup prompts twice (enter + confirm); subsequent agents prompt once and validate against the existing encrypted file
• Secret safety build stage — prevents secrets from leaking into container images during forge build

Build Signing & Verification

Cryptographic integrity for build artifacts using Ed25519 signatures and SHA-256 checksums.

• forge key generate — generate Ed25519 signing keypair (~/.forge/forge-signing.key / .pub)
• forge key trust <pubkey> — add a public key to the trust keyring (~/.forge/trusted-keys/)
• forge key list — list trusted public keys
• Automatic build signing — forge build computes SHA-256 checksums for all artifacts and signs them into checksums.json
• Runtime verification — forge run validates checksums.json signatures against the trust keyring before starting the agent

Runtime Egress Enforcement

Network-level security for agent HTTP requests via EgressEnforcer, an http.RoundTripper that validates every outbound request against the resolved domain allowlist.

• Three modes: deny-all (block everything), allowlist (only configured domains), dev-open (allow all, log only)
• Wildcard support: *.github.com matches all subdomains
• Capability bundles: slack, telegram, etc. auto-expand to required domains
• Always-allowed: localhost / 127.0.0.1 bypass enforcement
• All HTTP tools wired: http_request, mcp_call, webhook_call, web_search_tavily, web_search_perplexity

Structured Audit Logging

NDJSON event stream for runtime observability with correlation IDs for end-to-end request tracing.

• Event types: session_start, session_end, tool_exec, egress_allowed, egress_blocked, llm_call
• Correlation IDs: TaskID and CorrelationID propagated through context and HookContext
• Context-threaded: all audit events linked to originating task for full request traces

Framework Rename: custom → forge

The default framework is now forge (previously custom). The forge framework uses the built-in LLM executor — no external entrypoint script required.

• entrypoint is now optional for framework: forge (required for crewai, langchain)
• Backward compatible: framework: custom is still accepted as an alias
• Dead agent.py / main.go scaffolding removed from forge init

---

New CLI Commands

Command	Description
forge secret set KEY VALUE	Store an encrypted secret
forge secret get KEY	Retrieve a decrypted secret
forge secret list	List stored secret keys
forge secret delete KEY	Remove a secret
forge key generate	Generate Ed25519 signing keypair
forge key trust <pubkey-path>	Add public key to trust keyring
forge key list	List trusted public keys

All forge secret commands support --local to operate on the agent-local file instead of the global one.

---

Configuration

New secrets block in forge.yaml:

agent_id: my-agent
version: "1.0"
framework: forge      # was "custom" — entrypoint now optional
model:
  provider: anthropic
  name: claude-sonnet-4-20250514
secrets:
  providers: [encrypted-file, env]
  path: .forge/secrets.enc    # optional, defaults to ~/.forge/secrets.enc

New environment variable: FORGE_PASSPHRASE — passphrase for encrypted secret files (prompted interactively if not set).

---

What Changed

61 files changed, 4,585 insertions(+), 270 deletions(-)

New Packages

• forge-core/secrets/ — encrypted file provider, env provider, chain provider with full test coverage
• forge-core/security/egress_enforcer.go — HTTP transport-level egress enforcement
• forge-core/runtime/audit.go — structured NDJSON audit logging

New Build Stages

• forge-cli/build/signing_stage.go — SHA-256 checksums + Ed25519 signing
• forge-cli/build/secret_safety_stage.go — prevents secret leakage into containers

New Runtime Components

• forge-cli/runtime/verify.go — runtime signature verification against trust keyring
• forge-cli/cmd/secret.go — forge secret subcommands
• forge-cli/cmd/key.go — forge key subcommands

---

Pull Requests

• #9 — Add runtime egress enforcement and audit logging
• #10 — Add per-agent secrets, build signing, and forge framework

Contributors

• @initializ-mk

---

Installation

brew tap initializ/tap
brew install forge-cli

Or build from source:

git clone https://github.com/initializ/forge.git
cd forge
go build -o forge ./forge-cli/cmd/forge/

---

Full Changelog: v0.2.0...v0.3.0

v0.2.0

Forge v0.2.0

Forge is a secure, portable AI agent runtime. Run agents locally, in cloud, or enterprise environments without exposing inbound tunnels.

This release introduces long-term agent memory with hybrid vector + keyword search, multi-provider LLM failover, a modular skills architecture with security analysis, and a redesigned Bubble Tea TUI wizard — along with numerous bug fixes and developer experience improvements.

---

Highlights

Long-Term Agent Memory (PR #8)

Agents can now accumulate knowledge across sessions. Observations from tool results and assistant decisions are automatically captured before compaction discards old messages, then persisted as daily markdown logs alongside a curated MEMORY.md. A hybrid search engine combines vector cosine similarity with keyword overlap and temporal decay to retrieve the most relevant context.

• Embedder interface with OpenAI (text-embedding-3-small), Gemini, and Ollama (nomic-embed-text) providers
• Pluggable VectorStore interface with file-based JSON implementation (ready for future Qdrant/Pinecone swap)
• Hybrid search: 70% vector similarity + 30% keyword overlap, exponential decay (7-day half-life), MEMORY.md marked evergreen
• memory_search and memory_get builtin tools — agents query their own long-term memory
• MemoryFlusher hook in the compactor pipeline captures observations before discard
• Graceful degradation: no embedder → keyword-only search; no memory dir → skip silently; corrupted index → auto-rebuild

Enable with memory.long_term: true in forge.yaml or FORGE_MEMORY_LONG_TERM=true.

LLM Fallback Chains and OpenAI OAuth (PR #7)

Production agents need resilience. Forge now supports automatic failover across multiple LLM providers with intelligent error classification and cooldown tracking.

• FallbackChain wraps multiple LLM clients — retries on rate limits (429), server errors (503), and timeouts
• Cooldown tracker prevents hammering failed providers
• Auto-detection from available API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.)
• OpenAI OAuth with Authorization Code + PKCE flow, browser-based login, and auto-refresh
• Responses API client for ChatGPT OAuth / Codex endpoints
• Configure via forge.yaml, FORGE_MODEL_FALLBACKS env, or the init wizard

Modular Skills Architecture (PR #6)

Skills are now a standalone forge-skills module with a complete trust and security pipeline.

• forge-skills/ module: autodiscovery, SkillRegistry interface, SKILL.md-per-subdirectory convention, embedded filesystem
• Trust model: SHA-256 integrity checksums, Ed25519 signature verification, keyring management
• Security analyzer: deterministic risk scoring, configurable policy enforcement, audit report generation
• CLI commands: forge skills audit [--format text|json], forge skills sign --key <path>, forge skills keygen <name>
• Build pipeline: SecurityAnalysisStage blocks builds on policy violations, writes compiled/security-audit.json

Bubble Tea TUI Wizard and Web Search (PRs #4, #3, #2)

• Redesigned init wizard using Bubble Tea with multi-step navigation, back/forward, secret masking, and live validation
• Tavily web search provider alongside Perplexity with auto-detection
• Telegram typing indicator support
• Bug fixes: esc quit, back-navigation state resets, env var deduplication, egress domain filtering

---

What's Changed

New Features

• Long-term agent memory with hybrid vector + keyword search (#8)
• LLM fallback chains with cooldown tracking and error classification (#7)
• OpenAI OAuth login with PKCE and auto-refresh (#7)
• Modular skills architecture with trust model and security analyzer (#6)
• Tavily web search integration (#4)
• Bubble Tea TUI init wizard with multi-step navigation (#4)
• Telegram typing indicator (#4)
• memory_search and memory_get builtin tools (#8)
• forge skills audit, forge skills sign, forge skills keygen CLI commands (#6)

Improvements

• Embedder auto-resolution from LLM provider config with Anthropic fallback (#8)
• Auto-detect fallback providers from available API keys (#7)
• Background memory indexing at startup (#8)
• Model-aware context budgeting (#7)
• Custom tool entrypoint resolved relative to working directory (#5)

Bug Fixes

• Fix OAuth/API-key routing preventing Codex endpoint misuse (#7)
• Fix esc key quit and back-navigation loop in wizard (#4)
• Fix spacebar not working after back-navigation (#4)
• Fix skills step re-prompting for provider API key (#4)
• Fix panic in skills step when navigating back (#4)
• Deduplicate env vars in .env file and wizard prompts (#4)

---

Configuration

# forge.yaml — new memory configuration
memory:
  persistence: true          # session memory (default: true)
  long_term: true            # cross-session memory (default: false)
  memory_dir: .forge/memory  # long-term memory storage
  embedding_provider: openai # auto-detected from LLM provider
  vector_weight: 0.7         # vector vs keyword balance
  keyword_weight: 0.3
  decay_half_life_days: 7    # temporal decay for daily logs

# fallback configuration
model:
  provider: anthropic
  name: claude-sonnet-4-20250514
  fallbacks:
    - provider: openai
      name: gpt-4o
    - provider: gemini
      name: gemini-2.5-flash

On-Disk Memory Layout

.forge/memory/
├── MEMORY.md          # Curated facts (evergreen, no decay)
├── 2026-02-26.md      # Today's observation log
├── 2026-02-25.md      # Yesterday's log
└── index/
    └── index.json     # Embedding vectors (internal, never in context window)

---

Stats

• 158 files changed, 16,145 insertions, 1,064 deletions
• 6 merged pull requests
• Contributors: @initializ-mk, @ratnesh-maurya

Full Changelog

v0.1.0...v0.2.0