TT-Wang/forge

v0.4.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent anthropic claude claude-code claude-code-plugin git-worktree

+9 more

mcp mcp-server nodejs orchestrator parallel-execution planning plugin validation workflow

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Six production orchestration bugs fixed across validation, iteration state scoping, security regex whitelisting, and reviewer checklist.

Full changelog

Fixes six real orchestration bugs surfaced while using forge to ship memem v0.10.0. Every fix traces to a concrete failure mode observed in a production run.

Validator CWD fixes

handleValidate accepts optional cwd to redirect file checks, syntax checks, contract checks, and command execution. Workers in worktrees can now pass their worktreePath so validation actually sees their changes. Pre-v0.4.0 the validator resolved everything against a fixed server-startup CWD — every worker self-verify was silently checking main, not the worktree. This is the root cause of the worktree-clobber trust problem.
Nonexistent cwd paths return a cwd_check failure with recommendation: ESCALATE instead of a confusing ENOENT cascade.

Iteration state per-run scoping

State now stored at iterations/<runId>/<moduleId>.json when runId provided, legacy path as fallback.
Previously attempts accumulated across every run forever — a brand-new m1 would see attempt: 21 and trigger ESCALATE because prior plans had used the same module ID.
Security: runId regex-whitelisted to /^[\\w.-]{1,128}$/ to prevent path traversal.

Agent prompts

planner.md: unconditional failure-pattern recall via "forge workflow failure" query in addition to task keywords. Flag file overlaps. Prefer one file per module.
worker.md: explicitly forbidden from calling mcp__forge__validate. Bash self-checks from worktree root instead. Report worktreePath and runId.
reviewer.md: two-mode — per-module (Phase 2b) and final release (Phase 4.5). Final mode has an 8-item checklist matching the bug categories we missed in memem v0.10.0: field-name consistency, default values, hook stdin double-drain, lazy state races, transient vs permanent errors, subprocess cold-start, ARG_MAX, unbounded injection.

Orchestrator (skills/forge/SKILL.md)

Phase 0: working-tree cleanliness check with warning
Phase 0b: unconditional memory_recall for framework failure patterns
Phase 1b: "File overlap risk" and "Known risks from memory" sections in plan approval
Phase 2: MANDATORY auto-WIP-commit between tiers; per-tier validate-in-main before spawning next tier; workers receive runId in prompt
Phase 4: all validate / iteration_state calls pass runId
Phase 4.5 (NEW, MANDATORY): final release review with full cumulative diff
Phase 5: save success_pattern memory with run-shape metadata; squash WIP commits into release commit
Lite mode: ≤4 modules or --lite flag skips worktree isolation entirely

Security Fixes

`runId` regex‑whitelisted to `/^[\w.-]{1,128}$/` preventing path traversal

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TT-Wang/forge

Get notified when new releases ship.

About TT-Wang/forge

Structured planning, parallel execution in git worktrees, and deep validation for Claude Code. Turns a one-line objective into a validated DAG of modules executed by worker agents, each self-checked and cross-module-reviewed before merge-back. 7 MCP tools: `validate`, `validate_plan`, `memory_recall`, `memory_save`, `iteration_state` (per-run scoped, with stagnation/velocity/oscillation detection)

All releases →