Skip to content

v0.8.0

Latest
Latest

Choose a tag to compare

View all tags
@initializ-mk initializ-mk released this 11 Mar 07:27
· 1 commit to skills/code-agent since this release
v0.8.0
3607b88

Forge v0.8.0 — Code Agent, Skill Guardrails, and Telegram Reliability

Forge v0.8.0 introduces the Code Agent skill for autonomous code generation, a multi-layer skill guardrails system for fine-grained security policy enforcement, Kubernetes cost visibility, and critical Telegram reliability fixes — making Forge the most secure open-source AI agent runtime for enterprise deployments.

Code Agent Skill

New embedded skill (code-agent) that enables autonomous code generation, modification, and project scaffolding across multiple frameworks.

  • 7 builtin tools: file_read, file_write, file_edit, file_patch, glob_search, grep_search, directory_tree — all confined to the agent's working directory via PathValidator
  • Multi-framework scaffolding: Vite + React, Express, FastAPI, Go, Spring Boot, and more via code_agent_scaffold
  • Surgical code editing: Exact string matching with unified diff output via code_agent_edit
  • Batch operations: Atomic multi-file add/update/delete/move in a single call via file_patch
  • Smart search: Uses ripgrep when available, with Go-based fallback for grep_search
  • Layered registration: Skills request only the capabilities they need — search-only, read-only, or full read-write
forge skills add code-agent

GitHub Skill — Now Script-Backed

The github skill has been upgraded from binary-backed to script-backed with 6 shell scripts and 8 tools:

Tool Purpose
github_clone Clone a repository and create a feature branch
github_checkout Switch to or create a branch
github_status Show git status
github_commit Stage and commit changes
github_push Push feature branch to remote
github_create_pr Create a pull request
github_create_issue Create a GitHub issue
github_list_issues List open issues

Multi-Layer Skill Guardrails

Skills can now declare domain-specific security policies in their SKILL.md frontmatter, enforced at four interception points in the agent loop:

Guardrail Hook Point Purpose
deny_commands Before tool execution Block dangerous CLI commands (e.g., kubectl get secrets)
deny_output After tool execution Block or redact sensitive tool output (e.g., Secret manifests, tokens)
deny_prompts Before LLM call Intercept capability enumeration probes
deny_responses After LLM call Prevent binary name disclosure in LLM responses
  • Declarative YAML config in SKILL.md frontmatter — no code changes needed
  • Pattern aggregation across multiple active skills with deduplication
  • Runtime fallback — guardrails fire during forge run without requiring forge build
  • file:// protocol blocking in cli_execute to prevent filesystem traversal via curl file:///etc/passwd

Kubernetes Cost Visibility Skill

New embedded skill (k8s-cost-visibility) that estimates cluster infrastructure costs:

  • Four cost dimensions: Compute (CPU + memory), Storage (PVC/PV), LoadBalancer, and Waste (unbound PVs)
  • Multiple grouping modes: namespace, workload, node, label, annotation
  • Auto-detect cloud pricing: AWS, GCP, Azure, or static/custom rates
  • Strictly read-only — only kubectl get commands, never mutating operations
forge skills add k8s-cost-visibility

Telegram Reliability Fix

Resolved a critical context cancellation bug that killed in-flight agent tasks during polling restarts:

  • Context isolation: Each handler goroutine now runs with an independent context (10-minute timeout), detached from the polling lifecycle
  • Interim messaging: After 15 seconds of processing, Telegram sends "Working on it — I'll send the result when ready" — matching Slack's existing behavior
  • Shared handler logic: Extracted handleEvent() method eliminates duplication between polling and webhook code paths

PII Detection Improvements

Reduced false positives in the guardrail engine with structural validators:

Pattern Validator What It Checks
SSN validateSSN Rejects area=000/666/900+, group=00, serial=0000, known test SSNs
Credit Card validateLuhn Luhn checksum, 13-19 digit length
Phone Regex Area code 2-9, requires separators (prevents matching version numbers)

Outbound messages are now always redacted rather than blocked — even in enforce mode — to avoid discarding useful agent responses over false positives in source code.

Additional Changes

  • TUI: Updated OpenAI provider description to show current model names (GPT 5.4, GPT 5 Mini, GPT 5 Nano)
  • UI: Fixed auth and channel config propagation when starting agents from the web dashboard
  • Docs: Comprehensive documentation sync across tools, skills, channels, and security guardrails

Upgrade

# macOS / Linux
curl -fsSL https://raw.githubusercontent.com/initializ/forge/main/install.sh | bash

# Or build from source
git clone https://github.com/initializ/forge.git && cd forge && make build

Contributors

Built by the Initializ team.

Full Changelog: v0.7.0...v0.8.0

Assets 9
Loading