You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Version-agreement check in /forge:audit. The mechanical audit now refuses
to pass when a project declares its version in more than one place that
disagree — pyproject.toml [project], a package __version__, and every .claude-plugin/*.json manifest (top-level and nested plugin entries). This
caught a real drift: pyproject.toml was 0.10.0 while the plugin/marketplace
manifests were still 0.9.1. (lib/versions.py)
Security scanning in /forge:audit. Optional pip-audit (dependency CVEs,
blocking) and bandit (risky code patterns, advisory — or blocking under FORGE_SECURITY_STRICT=1) scans. Both degrade to a hint when the tool isn't
installed, so forge never forces the dependency. (lib/security.py)
python-security-auditor agent for logic-level security review of changed
code in /forge:review, complementing the mechanical scanners.
Override hygiene./forge:override list prints the consumed-bypass trail and /forge:override prune [keep] compacts it; /forge:status now warns when the
trail piles up (a signal a gate may be mis-calibrated).
FORGE_COVERAGE_FLOOR env var to override the default coverage floor (80),
mirroring FORGE_GATE_TIMEOUT. A project's own fail_under still wins.
Three new style references:fastapi, pytest, and library (packaging /
library-authoring conventions), installable via /forge:reference add.