Skip to content

Releases: stalzkie/local-forge

LocalForge v2.1.2

20 Jun 15:09
@stalzkie stalzkie
v2.1.2
5ba3e6e

Choose a tag to compare

View all tags
LocalForge v2.1.2 Latest
Latest

What's new in v2.1.2

Critical fix — standalone binary now fully self-contained

Previous releases required the surrounding repo or app bundle to be present for --install to work. Users downloading the raw binary from the Releases page would hit:

[LocalForge] ⚠ pre-commit hook source not found
[LocalForge] ⚠ infer.py not found
[LocalForge] ⚠ advisory.py not found

Root cause: run_install() searched for hooks/pre-commit, coreml/infer.py, and coreml/advisory.py as external files relative to the binary or app bundle. A standalone binary download has neither.

Fix: All three files are now embedded directly into the binary at compile time using Rust's include_str!(). --install and --upgrade-all write them from the embedded constants — no external files needed, ever.

A standalone localforge-v2.1.2-macos-arm64 download now fully installs hook, shims, and binary in one command:

curl -L https://github.com/stalzkie/local-forge/releases/download/v2.1.2/localforge-v2.1.2-macos-arm64 \
  -o /tmp/localforge && chmod +x /tmp/localforge && /tmp/localforge --install

Also adds Cargo.toml and Cargo.lock to .localforgeignore to suppress Layer 2 false positives on version bumps.

Requires Apple Silicon (M1/M2/M3/M4). macOS 14+.

Assets 4
Loading

LocalForge v2.1.1

20 Jun 04:55
@stalzkie stalzkie
v2.1.1
15d6636

Choose a tag to compare

View all tags
LocalForge v2.1.1

What's new in v2.1.1

macOS App — Repo Discovery UI

The Repos tab now includes a Scan Folder button that discovers all git repos in any folder you pick (e.g. ~/Developer, ~/Desktop) and shows them in a dedicated section. Each discovered repo displays its hook status and a one-click Protect button that installs LocalForge without touching the terminal. No more hunting for paths.

CLI — Team & Compliance Features

  • localforge --install-org [repo] — generates a localforge-install-org.sh script you can paste into your dev setup doc or Makefile. Each teammate runs it once: downloads binary, sets up ~/.localforge/, adds PATH, installs the hook. No admin rights required.
  • localforge --export-report <json|csv> — exports full scan history for security audits and due diligence. Flags: --last N to limit count, --out path for custom output path.

Version bumps

  • Cargo.toml, CLI --version, and app header all updated to v2.1.1

Installation

curl -L https://github.com/stalzkie/local-forge/releases/download/v2.1.1/localforge-v2.1.1-macos-arm64 \
  -o ~/.localforge/bin/localforge
chmod +x ~/.localforge/bin/localforge
localforge --install

Requires Apple Silicon (M1/M2/M3/M4). macOS 14+.

Loading

LocalForge v2.1.0

19 Jun 17:23
@stalzkie stalzkie
v2.1.0
d7c1e84

Choose a tag to compare

View all tags
LocalForge v2.1.0

What's new in v2.1.0

Layer 1 — Secret detection

  • Expanded from 7 → 26 patterns across 13 providers
  • New providers: GCP, Azure SAS, Stripe restricted, GitHub Actions secrets, Slack webhooks, Twilio, SendGrid, npm, PyPI, HuggingFace, Anthropic, OpenAI, Shopify, PuTTY, DSA keys, .env assignments
  • Patterns compiled once at startup via once_cell::Lazy — zero per-commit regex cost
  • Only scans + diff lines — removing a secret never triggers a false block

Layer 2 — CoreML classifier

  • Training set: 81 → 297 samples across 11 languages (Python, JS/TS, Java, Go, Rust, C#, PHP, Ruby, Swift, Kotlin, SQL)
  • CV F1 (5-fold stratified): 0.754 ± 0.021 (up from 0.496 ± 0.229)
  • Held-out verification: 32/33 cases (97%)

Layer 3 — LLM advisory

  • All findings from a commit now written to one consolidated report at ~/.localforge/reports/commit_<ts>.txt
  • Language auto-detected from diff file extensions
  • Only added lines reviewed — no false flags on removed code
  • Large diffs chunked at file boundaries, findings merged and deduplicated

Install & packaging

  • localforge --install — one command sets up everything: directory, binary, model, hook, PATH export to .zshrc
  • Auto-detects Qwen model from HuggingFace cache
  • localforge --upgrade-all — syncs hooks across all registered repos
  • Homebrew formula added (Formula/localforge.rb)
  • Notarization and packaging scripts added (scripts/notarize.sh, scripts/package_homebrew.sh)

Tests

  • 43 Rust unit tests (up from 16), including 34 pattern tests: 20 detection, 10 false-positive guards, 4 diff-awareness tests

Installation

curl -L https://github.com/stalzkie/local-forge/releases/download/v2.1.0/localforge-v2.1.0-macos-arm64 \
  -o ~/.localforge/bin/localforge
chmod +x ~/.localforge/bin/localforge
localforge --install

Requires Apple Silicon (M1/M2/M3/M4). macOS 14+.

Loading

LocalForge v2.0.0 — On-Device AI Security Gateway

18 Jun 13:22
@stalzkie stalzkie
v2.0.0
847db43

Choose a tag to compare

View all tags
LocalForge v2.0.0 — On-Device AI Security Gateway

LocalForge v2.0.0

A Rust-native, MCP-compliant security gateway for Apple Silicon. Intercepts every git commit through a 3-layer hybrid pipeline — entirely on-device, no cloud, no API keys.

What's in v2.0.0

Core pipeline

  • Layer 1 — Rust AST regex: 7 secret patterns (AWS, Stripe, GitHub PAT, private keys, bearer tokens) — blocks in ~41 µs avg, 0% false positive rate
  • Layer 2 — CoreML / Apple Neural Engine: TF-IDF char n-gram + logistic regression classifier — blocks in ~2s, statistical risk scoring
  • Layer 3 — Qwen2.5-Coder-1.5B via MLX: full semantic code review (security · bug risk · code quality) — advisory only, ~3.8s avg, never blocks

macOS App

  • Native SwiftUI terminal-style UI with live scan output
  • Code Review toggle to enable/disable Qwen L3 per session
  • Per-commit .txt advisory reports in ~/.localforge/reports/
  • Folder button to open reports in Finder

MCP Server

  • JSON-RPC 2.0 over TCP (--mcp-port <port>)
  • scan and ping methods for IDE integrations (Cursor, VS Code)

Packaging

  • Distributable DMG via scripts/package_dmg.sh
  • Git hook installer via scripts/install_hook.sh
  • .localforgeignore support for suppressing false positives

Benchmark Results (80 samples)

Layer Avg Latency Detection Rate False Positive Rate
L1 — AST Regex 40.81 µs 20% (secrets only) 0%
L2 — CoreML/ANE 2,083 ms 15% 10%
L3 — Qwen Advisory 3.8 s advisory advisory-only

Full benchmark graphs in tests/benchmark_results/.

Requirements

  • macOS 14+ on Apple Silicon (M1/M2/M3/M4)
  • Rust 1.78+
  • Python 3.11+
  • Xcode 16+ (to build the app)

Installation

git clone https://github.com/stalzkie/local-forge.git
cd local-forge
cargo build --release
python3 coreml/build_model.py
# Inside the repo you want to protect:
/path/to/local-forge/scripts/install_hook.sh

See the README for full setup instructions including Qwen model download.

Changelog

v2.0.0 — 2026-06-18

  • Initial release

Patch — 2026-06-18

  • Fixed app icon and in-app header logo rendering blank (white-on-transparent from SVG conversion). Replaced with proper PNG source at all required sizes (16–1024px).

MIT License — Copyright (c) 2026 Stalingrad Samulde Dollosa

Loading