Name: ForgeAI
Author: ForgeAI

What's New

The latest ForgeAI release focuses on deeper security hardening, durable memory, better diagnostics, and safer autonomous execution.

Area	Highlights
Security Hardening	8 new defensive layers: tool output sanitization, sensitive file guard, exfiltration prevention, persistence blocker, model security profiles, network egress control, sandbox isolation, and system prompt defense.
Stability & Reliability	Memory leak fixes across session management and plan tracking, cleaner shutdown behavior with unref'd timers, better response sanitization, and more stable CI timing assertions.
Skill Registry	Runtime-managed skills with 3 handler types: script, HTTP, and function. Skills can be installed, activated, deactivated, and managed without rebuilding the app.
Enhanced CLI Diagnostics	`pnpm forge doctor` now checks Runtime, Configuration, LLM Providers, Services, and Workspace for a much more complete system audit.
Blocked IP Persistence	IPs blocked by rate limiting or threat detection now persist in MySQL (migration 008). Survives restarts, with automatic expiry cleanup on boot.
Audit Hash Integrity	Audit log hash chain auto-repairs on startup. Timestamp normalization fixes MySQL precision truncation. No more false integrity alerts.
Intent Classifier	Zero-cost heuristic classification (no LLM call) that skips tool definitions for simple/greeting intents, saving hundreds of tokens per request.
Agent Workflow Engine	State-machine-driven execution model with structured steps, retry logic, token tracking, and MySQL persistence for complex autonomous tasks.

Quick Start

Get ForgeAI running in under 2 minutes with Docker:

git clone https://github.com/forgeai-dev/ForgeAI.git
cd ForgeAI
docker compose up -d

Open http://localhost:18800 → the Setup Wizard guides you through SMTP, 2FA, and admin PIN configuration → add an LLM API key in Settings → start chatting.

No .env file needed. Security secrets are auto-generated on first run. The Setup Wizard appears only once, on the very first access.

From Source

pnpm install && pnpm -r build
node packages/cli/dist/index.js onboard   # Interactive setup wizard
node packages/cli/dist/index.js start --migrate

Prerequisites: Node.js ≥ 22, pnpm ≥ 9, MySQL 8.x. Gateway runs at http://127.0.0.1:18800.

Installation

Linux (Ubuntu/Debian)

# Install Node.js 22 + pnpm
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs
corepack enable && corepack prepare pnpm@latest --activate

# Install MySQL 8
sudo apt-get install -y mysql-server
sudo systemctl start mysql && sudo systemctl enable mysql
sudo mysql -e "CREATE DATABASE forgeai CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"

# Clone, install, configure, start
git clone https://github.com/forgeai-dev/ForgeAI.git && cd ForgeAI
pnpm install && pnpm -r build
pnpm forge onboard   # Interactive wizard
pnpm forge start     # http://127.0.0.1:18800

macOS

brew install node@22 mysql
brew services start mysql
mysql -u root -e "CREATE DATABASE forgeai CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
corepack enable && corepack prepare pnpm@latest --activate
git clone https://github.com/forgeai-dev/ForgeAI.git && cd ForgeAI
pnpm install && pnpm -r build
pnpm forge onboard && pnpm forge start

Windows

# Install Node.js 22 from https://nodejs.org
# Install MySQL 8 (installer or XAMPP)
corepack enable
corepack prepare pnpm@latest --activate
git clone https://github.com/forgeai-dev/ForgeAI.git
cd ForgeAI
pnpm install && pnpm -r build
pnpm forge onboard
pnpm forge start

Docker

git clone https://github.com/forgeai-dev/ForgeAI.git && cd ForgeAI
cp .env.example .env  # Edit with your settings
docker compose up -d  # Gateway + MySQL, ready at http://localhost:18800

# Optional: Enable custom domain with automatic HTTPS
bash scripts/setup-domain.sh

Configuration

Environment Variables (.env)

# Database
MYSQL_HOST=127.0.0.1
MYSQL_PASSWORD=your_password
MYSQL_DATABASE=forgeai

# Security (auto-generated by onboard wizard)
JWT_SECRET=your-random-jwt-secret
VAULT_MASTER_PASSWORD=your-strong-vault-password

# Gateway
GATEWAY_PORT=18800

LLM API keys and channel tokens are managed via the Dashboard Settings page. They are validated with a test call and stored encrypted in the Vault — never in .env or plain text.

Workspace Files (.forgeai/)

File	Purpose
`AGENTS.md`	Agent definitions and configurations
`SOUL.md`	Agent personality and behavior rules
`IDENTITY.md`	Agent identity (name, capabilities)
`USER.md`	User context and preferences
`AUTOPILOT.md`	Scheduled tasks with @startup, @hourly, @daily tags

All editable from Dashboard → Workspace.

Channels (8)

One AI, every platform. Each channel gets real-time progress updates, typing indicators, and automatic message chunking.

Channel	Protocol	Status
WhatsApp	Baileys (Web)	Active
Telegram	Bot API	Active
Discord	Discord.js	Active
Slack	Bolt SDK	Active
Microsoft Teams	Bot Framework	Active
Google Chat	Google API	Active
WebChat	WebSocket	Active
Node Protocol	WebSocket (IoT)	Active

Built-in Tools (19)

Tool	Description
`web_browse`	Fetch URLs with HTTP methods, headers, extract tables/metadata/JSON. HTML→clean Markdown via Turndown.
`browser`	Puppeteer with 21 actions: click, type, scroll, hover, select, cookies, multi-tab, extract_table. Stealth anti-detection.
`web_search`	Search Google or DuckDuckGo and return structured results.
`file_manager`	Full file operations: read, write, copy, move, search, permissions, disk_info. Absolute paths supported.
`shell_exec`	Execute shell commands. Dual routing: target="server" or target="companion".
`code_run`	Execute JavaScript in Node.js VM sandbox.
`cron_scheduler`	Create, list, delete scheduled tasks with cron expressions.
`knowledge_base`	RAG operations: ingest, search, list documents.
`desktop`	Take screenshots, GUI control. Routes to Companion on Windows.
`sessions_list`	List active chat sessions across channels.
`sessions_history`	Get chat history for a specific session.
`sessions_send`	Send messages to other sessions (multi-agent communication).
`image_generate`	Generate images with DALL-E 3, Leonardo AI, or Stable Diffusion.
`smart_home`	Control Home Assistant devices via natural language.
`spotify`	Control Spotify playback, playlists, and search.
`plan_create`	Create structured execution plans with steps, statuses, and auto-progression. Breaks complex goals into manageable steps (max 15).
`plan_update`	Update plan step statuses (pending/in_progress/completed/failed/skipped). Auto-advances to next step on completion.
`agent_delegate`	Delegate tasks to temporary specialist sub-agents that run in parallel. Each sub-agent has full tool access and works independently.
`forge_team`	Create coordinated teams of specialist agents with dependency graphs. Independent tasks run in parallel; dependent tasks wait for upstream results. Up to 5 workers per team.

LLM Providers (10)

All model lists are configurable per provider via the Dashboard Settings page or the POST /api/providers/:name/models endpoint. Custom models are stored encrypted in Vault.

Every provider has circuit breaker protection (5-failure threshold, 2-minute cooldown), exponential backoff retries, and automatic failover to the next provider in the chain.

Provider	Models	Type
OpenAI	GPT-5.2, o3-pro, o4	Cloud
Anthropic	Claude Opus 4.6, Sonnet 4.6	Cloud
Google	Gemini 2.5 Pro, 2.5 Flash	Cloud
Mistral	Large, Codestral, Nemo	Cloud
Groq	Llama 3.3, Mixtral	Cloud (Fast)
DeepSeek	Chat, Reasoner	Cloud
xAI	Grok 4	Cloud
OpenAI-Compatible	LM Studio, llama.cpp, vLLM	Compatible
Kimi (Moonshot)	K2.5	Cloud
Ollama	Any local model	Local

Tip: You don't need a pay-as-you-go API key to use Claude. If you have a Claude Pro/Max/CLI subscription plan, paste the API key in Dashboard → Settings → Anthropic.

Security Modules (17)

ForgeAI now ships with 17 security modules. The visualization below shows the core request flow, while the additional hardening layers protect tool outputs, file access, command execution, outbound traffic, and model-specific risk.

Request

Rate Limiter

IP Filter

JWT Auth

RBAC

Input Sanitizer

Prompt Guard

Agent

Parallel Security Layers

Smart IP Detection

Auto-detects local vs external access

Audit Log

Every action recorded with hash chains

Encrypted Vault

AES-256-GCM encrypted secrets

Authentication Paths

Local Access

PIN + 2FA (TOTP)

External Access

PIN + 2FA + Email OTP (4-factor)

Encrypted Vault

All secrets (API keys, tokens, passwords) encrypted with AES-256-GCM. PBKDF2 key derivation. Never stored in plain text or .env.

RBAC

Role-based access control. Admin and user roles with hard enforcement (403 block for non-admin authenticated users on restricted endpoints).

Rate Limiting

Configurable per-IP and per-user rate limits. Protects against brute force and abuse.

Prompt Guard

Detects and blocks prompt injection attempts before they reach the LLM. The current guard includes direct injection, role hijacking, encoding tricks, delimiter abuse, context manipulation, and multilingual attack patterns.

2FA & Email OTP

TOTP-based 2FA with QR code setup. Email OTP for external access with styled HTML emails, 5-minute expiry, rate limiting.

Audit Log

Tamper-proof audit logging with hash chains. Every action recorded. Rotation support.

First-Run Setup Wizard

Guided setup on first access: SMTP configuration with test connection, 2FA (TOTP) with QR code, admin PIN change.

Smart IP Detection

Automatically detects whether requests come from localhost or an external IP. On a VPS or any internet-facing deployment, ForgeAI automatically requires an additional Email OTP step with no extra configuration.

Tool Output Sanitizer

Scans content returned by tools before it is injected into the model context. This blocks indirect prompt injection coming from web pages, search results, files, and other external content sources.

Sensitive File Guard

Detects and blocks reads of highly sensitive material such as .env files, SSH keys, PEM/KEY files, vault artifacts, cloud credentials, and password databases like /etc/shadow or Windows SAM.

Exfiltration Prevention

Prevents suspicious outbound shell commands that attempt to send secrets to external destinations via curl, wget, scp, nc, and similar patterns.

Persistence Blocker

Blocks persistence techniques such as reverse shells, SSH key injection, cron manipulation, systemd service installation, and scheduled task abuse across both shell_exec and file_manager.

Model Security Profiles

ForgeAI maps supported models into security tiers and automatically applies stricter prompt defense thresholds to weaker or more manipulation-prone models.

Network Egress Control

Blocks known exfiltration domains and prevents SSRF-style access to sensitive metadata endpoints from AWS, GCP, and Azure.

Sandbox Isolation

Code execution is sandboxed by default with read-only filesystems, no-new-privileges, disabled networking, and memory/CPU limits to reduce blast radius during code execution tasks.

System Prompt Defense

ForgeAI injects explicit defensive rules into the model instructions so the agent treats untrusted external content as hostile by default instead of blindly obeying embedded instructions.

Dashboard (19 Pages)

Full-featured React 19 SPA served directly by the Gateway. No separate deployment needed. Real-time WebSocket updates.

Overview

Chat

Tools

Usage

Plugins

Channels

Agents

Workspace

Gmail

Memory

RAG

API Keys

Webhooks

Calendar

Voice

Audit Log

Canvas

Nodes

Settings

Desktop Apps

ForgeAI offers two desktop applications with different purposes. Understanding the distinction is important to choose the right one for your use case:

	Desktop App (`packages/desktop`)	Companion (`packages/companion`)
Framework	Electron	Tauri 2 + React + Rust
Purpose	Lightweight wrapper that opens the Dashboard as a native desktop window instead of a browser tab	Smart client that connects to the Gateway and lets the AI agent control your Windows PC (desktop automation, voice, file management)
Platforms	Windows, macOS, Linux	Windows 10/11 only
Requires Gateway?	No — embeds the Dashboard UI directly	Yes — pairs with a running Gateway via WebSocket
Key Features	System tray, global hotkeys, auto-update, startup on boot	Pairing, voice mode, desktop automation, dual-environment routing, Rust safety system
When to use	You want a native app to access the Dashboard without opening a browser	You want the AI to interact with your Windows PC remotely (e.g., Gateway on VPS, Companion on your desktop)

ForgeAI Companion — AI Desktop Controller (Tauri 2)

Native desktop client (packages/companion) built with Tauri 2 + React + Rust. The Companion connects to any ForgeAI Gateway (local or remote) and gives the AI agent the ability to control your Windows desktop — creating files, running commands, taking screenshots, and more. The Gateway itself can run on any platform (Linux VPS, Docker, etc.), while the Companion runs on your Windows machine.

Feature	Description
Pairing System	Connect to any Gateway with URL + pairing code (generated in Dashboard → Settings)
Real-time Progress	WebSocket connection shows live tool execution (which tool, success/failure, duration)
Voice Mode	Push-to-talk with waveform visualizer, wake word detection ("Hey Forge"), STT → AI → TTS pipeline
Config Sync	Securely transfer all Gateway config between instances using AES-256-GCM encrypted one-time sync codes
Desktop Automation	AI creates folders, deletes files, launches apps, takes screenshots, runs shell commands on the Windows machine
Dual Environment Routing	AI controls two machines simultaneously: `target="server"` for the Linux/Docker Gateway, `target="companion"` for the Windows PC. Auto-detects intent from keywords
Smart Safety	Rust-based security layer protects OS-critical paths (C:\Windows, System32, boot files) while allowing operations everywhere else
Streaming Heartbeat	Long-running agent tasks never timeout. Gateway sends periodic heartbeats to keep the connection alive

Desktop App — Dashboard Wrapper (Electron)

Lightweight native wrapper (packages/desktop) that packages the ForgeAI Dashboard as a standalone desktop application. Instead of opening a browser tab to access http://localhost:18800, the Desktop App gives you a native window with OS-level integration. It does not connect to the Gateway as a client or give the AI control over your PC — it simply displays the same Dashboard UI in a native window.

Feature	Description
System Tray	Runs in background, double-click to show, context menu with quick actions
Global Hotkeys	Ctrl+Shift+F to toggle window, Ctrl+Shift+C for quick chat
Native Notifications	OS-level notifications for agent events
Auto-Update	Automatic updates via GitHub Releases (electron-updater)
Startup on Boot	Optional auto-start with operating system
Single Instance	Prevents multiple windows; close button minimizes to tray instead of quitting
Persistent Settings	Gateway URL, window bounds, preferences stored in user data directory

Persistent Memory

ForgeAI memory is now durable across restarts, rebuilds, and deployments. Instead of living only in-process, important learnings are stored in MySQL and retrieved with semantic search when relevant.

Capability	Description
MySQL Persistence	Cross-session memory survives server restarts, Docker rebuilds, and redeploys.
OpenAI Embeddings	Uses semantic similarity search when an OpenAI key is available for richer recall quality.
TF-IDF Fallback	Works even without an embeddings provider, so memory remains useful in fully self-hosted mode.
Entity Extraction	Projects, URLs, technologies, and file paths are extracted to improve retrieval quality and structure.

Skill Registry

The Skill Registry lets you extend ForgeAI with runtime-managed capabilities. Skills are persisted, can be enabled or disabled on demand, and are injected into the agent context automatically.

Handler Type	Description
Script	Runs a configured shell command or script as a skill handler.
HTTP	Calls an external HTTP endpoint as part of a reusable skill.
Function	Executes a JavaScript function-based skill for custom local behaviors.

Intent Classifier

Zero-cost heuristic classification that runs before every LLM call — no extra API request needed. Classifies user messages into intent types and optimizes what gets sent to the model.

Feature	Description
5 Intent Types	`simple`, `complex`, `ambiguous`, `followup`, `greeting` — detected via regex patterns for greetings, status checks, yes/no, thanks, and follow-ups.
skipTools Optimization	Simple and greeting intents skip tool definitions entirely, saving hundreds of input tokens per request.
Disambiguation	Maps ambiguous terms (e.g. "status", "deploy", "mysql") to the correct intent using a built-in disambiguation dictionary.
Context Injection	`buildIntentContext()` injects the classification result into the system prompt so the LLM knows the user's intent upfront.

Agent Workflow Engine

A state-machine execution model for complex autonomous tasks. The engine tracks structured steps, manages retries, and persists state to MySQL so workflows survive restarts.

Feature	Description
State Machine	States: `pending` → `extracting_context` → `planning` → `executing` → `verifying` → `completed`. Each transition is tracked.
Context Extraction	Automatically extracts task type, entities, constraints, language, and complexity from the user message.
Step Tracking	Steps with title, objective, allowed tools, retry logic, and per-step token usage tracking.
MySQL Persistence	`workflow_states` table (migration 007) with session/agent IDs, steps JSON, context, metadata, and timestamps. Falls back to in-memory if DB unavailable.

Forge Teams & Task Delegation

Create coordinated teams of specialist agents that work together on complex projects. Independent tasks run in parallel; dependent tasks wait for upstream results and receive them as context.

Feature	Description
Forge Teams	Up to 5 specialist workers per team with dependency graphs. 2 concurrent teams max. Visible at `GET /api/teams/active` and in the Agents dashboard page.
Task Delegation	Delegate tasks to temporary sub-agents via `agent_delegate`. Each sub-agent has full tool access, runs independently, returns results. Multiple delegates run in parallel via Promise.allSettled. No recursion (sub-agents cannot delegate further).
Execution Planning	`plan_create` and `plan_update` tools for structured step-by-step execution. Plans with up to 15 steps, auto-advance on completion, plan context injected on each LLM iteration.
Agentic Loop Runtime	The agent runs with a 200-iteration safety cap, stuck-loop detection, and a reflection phase after multi-step work. In practice this is effectively unlimited for real production tasks while still protecting against runaway execution.

Adaptive Prompt Optimizer

The agent learns from past task outcomes and automatically improves prompts for future tasks. Inspired by DSPy's optimization concepts, built natively for ForgeAI.

Feature	Description
Task Classification	Categorizes tasks into 9 types: web_creation, api_development, data_analysis, scripting, research, file_operations, system_admin, automation, general
Success Patterns	Records tool-call sequences from successful tasks with scores (0–1) based on failures, reflection triggers, and iteration count
Anti-Patterns	Tracks failure patterns and generates avoidance instructions for future tasks
Few-Shot Injection	Injects proven strategies and warnings into prompts for similar future tasks
Temporal Decay	Old patterns lose relevance (30-day window), keeping the most recent and effective strategies at the top

Blocked IP Persistence

IPs blocked by rate limiting or threat detection are now persisted in MySQL instead of only living in memory. They survive server restarts, Docker rebuilds, and redeploys.

Feature	Description
MySQL Table	`blocked_ips` (migration 008) with IP, reason, auto_blocked flag, threat count, timestamps, and optional expiration.
Auto-Cleanup	Expired entries are automatically removed on startup and periodically during runtime.
Boot Hydration	`IPFilter.loadBlocked()` restores all persisted blocks from the database on every Gateway start.

Audit Hash Chain Integrity

The audit log uses a hash chain (each entry's hash includes the previous entry's hash) for tamper detection. Phase 36 fixed a precision issue and added auto-repair.

Feature	Description
Timestamp Normalization	MySQL `TIMESTAMP` truncates milliseconds. `computeHash()` now normalizes to second precision before hashing, eliminating false mismatches.
Auto-Repair	`repairHashChain()` recomputes the full chain on startup if integrity check fails, instead of raising a critical alert.
/info Endpoint	Dashboard Overview now shows dynamic security module status from `GET /info`, including all 17 active modules.

Node Protocol (IoT/Embedded)

Connect lightweight devices to your AI via WebSocket. A single Go binary (~5MB, zero dependencies) turns any Linux board into an AI-powered node.

Supported: Raspberry Pi, Jetson Nano, BeagleBone, Orange Pi, NanoKVM, ESP32 (MicroPython).

# Download binary from GitHub Releases
wget https://github.com/forgeai-dev/ForgeAI/releases/download/node-agent-latest/forgeai-node-linux-arm64
chmod +x forgeai-node-linux-arm64

# Run
./forgeai-node-linux-arm64 \
  --gateway http://YOUR_GATEWAY_IP:18800 \
  --token YOUR_NODE_API_KEY \
  --name "My-RaspberryPi"

RAG Engine

Ingest documents (text, markdown, PDF text), chunk with configurable overlap, generate TF-IDF or OpenAI embeddings, search semantically. Retrieved context is injected into the agent's prompt automatically. Persistence to disk with auto-load on startup.

Workflow Engine

Define multi-step workflows with conditions, delays, transforms, and parallel branches. Execute via API or schedule with cron. Each step can call tools, send messages, or trigger other workflows.

Autopilot

Define scheduled tasks in AUTOPILOT.md with tags: @startup, @hourly, @morning, @evening, @daily, @weekly. Editable from Dashboard.

Config Sync

Securely transfer all Gateway configurations between instances using encrypted one-time sync codes. AES-256-GCM encryption, 5-minute TTL, single-use, rate-limited, audit-logged.

Domain / HTTPS (Native)

Built-in Caddy reverse proxy with automatic Let's Encrypt SSL. Run bash scripts/setup-domain.sh for interactive setup that validates DNS, checks ports, configures .env, and deploys.

Static Site Hosting

The Gateway automatically serves static websites created by the agent at /sites/<project-name>/. No extra ports, no HTTP servers needed. With a domain: https://yourdomain.com/sites/<project-name>/.

API Reference (150+ Endpoints)

Full list available at GET /info. Key endpoints:

Endpoint	Description
`POST /api/chat`	Send message to agent
`GET /api/chat/sessions`	List chat sessions
`GET /api/agents`	List agents
`POST /api/agents`	Create agent
`GET /api/providers`	List LLM providers
`GET /api/providers/balances`	Credit balances
`GET /api/tools`	List available tools
`POST /api/tools/execute`	Execute a tool
`POST /api/rag/ingest`	Ingest RAG document
`POST /api/rag/search`	Semantic search
`GET /api/nodes`	List IoT nodes
`POST /api/nodes/:id/command`	Execute command on device
`GET /api/security/summary`	Security status
`GET /api/audit/events`	Audit log events
`POST /api/workflows`	Create workflow
`POST /api/config/sync-push`	Push config to another Gateway
`GET /api/gdpr/export`	GDPR data export
`GET /health`	Health check

CLI Reference

pnpm forge onboard   # Interactive first-time setup
pnpm forge start     # Start Gateway + Dashboard
pnpm forge doctor    # Check Runtime, Configuration, LLM Providers, Services, Workspace
pnpm forge status    # Quick status check

Chat Commands (from any channel)

Command	Description
`/new`	Start new conversation
`/status`	Show agent status
`/think <off\|low\|medium\|high>`	Control reasoning depth
`/usage <off\|tokens\|full>`	Toggle usage display
`/compact`	Compact conversation history
`/pair FORGE-XXXX`	Pair with invite code
`/autopilot`	View scheduled tasks
`/help`	Show available commands