Skip to content

v0.3.0

Choose a tag to compare

View all tags
@initializ-mk initializ-mk released this 28 Feb 06:29
· 92 commits to main since this release
v0.3.0
9d6f249
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Forge v0.3.0 — Encrypted Secrets, Build Signing & Runtime Security

Forge is an open-source framework for building, deploying, and operating AI agents with built-in security, observability, and multi-provider LLM support. This release adds encrypted secret management, cryptographic build signing, runtime egress enforcement, and structured audit logging.

Highlights

Encrypted Secrets Management

Per-agent encrypted secret storage using AES-256-GCM with Argon2id key derivation. Each agent gets its own encrypted vault (<agent>/.forge/secrets.enc) with a global fallback (~/.forge/secrets.enc), so different agents can use different API keys without conflict.

  • forge secret set KEY value [--local] — store secrets in encrypted files
  • forge secret get KEY — retrieve decrypted values at runtime
  • forge secret list — list all stored secret keys
  • forge secret delete KEY — remove a secret
  • Runtime passphrase promptingforge run prompts for passphrase interactively when FORGE_PASSPHRASE is not set (TTY-aware, graceful fallback for CI/CD)
  • Smart init passphrase — first-time setup prompts twice (enter + confirm); subsequent agents prompt once and validate against the existing encrypted file
  • Secret safety build stage — prevents secrets from leaking into container images during forge build

Build Signing & Verification

Cryptographic integrity for build artifacts using Ed25519 signatures and SHA-256 checksums.

  • forge key generate — generate Ed25519 signing keypair (~/.forge/forge-signing.key / .pub)
  • forge key trust <pubkey> — add a public key to the trust keyring (~/.forge/trusted-keys/)
  • forge key list — list trusted public keys
  • Automatic build signingforge build computes SHA-256 checksums for all artifacts and signs them into checksums.json
  • Runtime verificationforge run validates checksums.json signatures against the trust keyring before starting the agent

Runtime Egress Enforcement

Network-level security for agent HTTP requests via EgressEnforcer, an http.RoundTripper that validates every outbound request against the resolved domain allowlist.

  • Three modes: deny-all (block everything), allowlist (only configured domains), dev-open (allow all, log only)
  • Wildcard support: *.github.com matches all subdomains
  • Capability bundles: slack, telegram, etc. auto-expand to required domains
  • Always-allowed: localhost / 127.0.0.1 bypass enforcement
  • All HTTP tools wired: http_request, mcp_call, webhook_call, web_search_tavily, web_search_perplexity

Structured Audit Logging

NDJSON event stream for runtime observability with correlation IDs for end-to-end request tracing.

  • Event types: session_start, session_end, tool_exec, egress_allowed, egress_blocked, llm_call
  • Correlation IDs: TaskID and CorrelationID propagated through context and HookContext
  • Context-threaded: all audit events linked to originating task for full request traces

Framework Rename: customforge

The default framework is now forge (previously custom). The forge framework uses the built-in LLM executor — no external entrypoint script required.

  • entrypoint is now optional for framework: forge (required for crewai, langchain)
  • Backward compatible: framework: custom is still accepted as an alias
  • Dead agent.py / main.go scaffolding removed from forge init

New CLI Commands

Command Description
forge secret set KEY VALUE Store an encrypted secret
forge secret get KEY Retrieve a decrypted secret
forge secret list List stored secret keys
forge secret delete KEY Remove a secret
forge key generate Generate Ed25519 signing keypair
forge key trust <pubkey-path> Add public key to trust keyring
forge key list List trusted public keys

All forge secret commands support --local to operate on the agent-local file instead of the global one.

Configuration

New secrets block in forge.yaml:

agent_id: my-agent
version: "1.0"
framework: forge      # was "custom" — entrypoint now optional
model:
  provider: anthropic
  name: claude-sonnet-4-20250514
secrets:
  providers: [encrypted-file, env]
  path: .forge/secrets.enc    # optional, defaults to ~/.forge/secrets.enc

New environment variable: FORGE_PASSPHRASE — passphrase for encrypted secret files (prompted interactively if not set).

What Changed

61 files changed, 4,585 insertions(+), 270 deletions(-)

New Packages

  • forge-core/secrets/ — encrypted file provider, env provider, chain provider with full test coverage
  • forge-core/security/egress_enforcer.go — HTTP transport-level egress enforcement
  • forge-core/runtime/audit.go — structured NDJSON audit logging

New Build Stages

  • forge-cli/build/signing_stage.go — SHA-256 checksums + Ed25519 signing
  • forge-cli/build/secret_safety_stage.go — prevents secret leakage into containers

New Runtime Components

  • forge-cli/runtime/verify.go — runtime signature verification against trust keyring
  • forge-cli/cmd/secret.goforge secret subcommands
  • forge-cli/cmd/key.goforge key subcommands

Pull Requests

  • #9 — Add runtime egress enforcement and audit logging
  • #10 — Add per-agent secrets, build signing, and forge framework

Contributors

Installation

brew tap initializ/tap
brew install forge-cli

Or build from source:

git clone https://github.com/initializ/forge.git
cd forge
go build -o forge ./forge-cli/cmd/forge/

Full Changelog: v0.2.0...v0.3.0

Contributors

initializ-mk
Assets 9
Loading