- Change nargs="*" to REMAINDER for tool_args to stop argparse from
intercepting --flag style arguments meant for the tool
- Add -- separator handling to distinguish cmdforge args from tool args
- Map flag names to variable names using tool argument definitions
- Update AI review subprocess calls to use -- separator
Fixes scrutiny-ai-review tool arguments not being passed correctly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create scrutiny-ai-review tool that uses AI to analyze warnings
- Integrate AI review into publish flow (app.py)
- Integrate AI review into Fabric sync script
- If AI review returns APPROVE with >=80% confidence, auto-approve
- Display AI review results in admin pending tools modal
- Shows verdict (APPROVE/REJECT/NEEDS_HUMAN_REVIEW) with confidence
- Shows per-finding analysis (FALSE_POSITIVE/LEGITIMATE_CONCERN)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Click tool name to view full details in modal
- Shows description, arguments, steps (prompt/code), and README
- Approve/Reject buttons in detail modal
- New API endpoint GET /api/v1/admin/tools/<id> returns full tool config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Track moderation status (pending/approved/rejected) in local tool config
- Add new "pending" state indicator (◐ yellow) distinct from "published" (✓ green)
- Add "Sync Status" button to check registry for updated moderation status
- Add /me/tools/<name>/status API endpoint for checking tool status
- Improve admin panel error handling with better error messages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add config_hash to publish API response
- Save registry_hash to local tool config after successful publish
- Show appropriate message based on moderation status (approved vs pending)
This enables the GUI to show publish state indicators (✓ published, ● modified)
for tools that have been published to the registry.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Registry API improvements:
- Add /api/v1/me POST endpoint for profile updates
- Add /api/v1/me/password POST endpoint for password changes
- Fix visibility filtering on categories and tags endpoints to only
show approved public tools
- Allow underscores in tool names for fabric pattern compatibility
- Fix sqlite3.Row access (use bracket notation instead of .get())
Web UI improvements:
- Add tag filter to /tools page with three-state buttons
(include/exclude/neutral)
- Add mobile-friendly tag filter in responsive view
- Display tags on tool cards in the tools listing
- Add dashboard settings form handlers for profile and password
Admin improvements:
- Add scrutiny audit page for reviewing tool safety analysis
- Improve pending tools page with scrutiny report display
- Add scrutiny stats to admin dashboard
Fabric sync improvements:
- Add direct database publishing with scrutiny vetting
- Support auto-approve for tools passing scrutiny
- Improve error handling and logging
- Add source attribution for imported tools
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add hash_utils.py module for SHA256 content hashing with normalized YAML
- Store config_hash in registry database on publish
- Include hash in download response for client verification
- Verify downloaded content matches registry hash on install
- Store registry_hash in local tool config for publish state tracking
- Show publish state indicators in Tools page UI:
- Green checkmark: Published and up to date
- Orange dot: Modified since last publish
- No indicator: Local tool (never published)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add pairing_requests table and hostname column to api_tokens
- Add pairing API endpoints: initiate, check, status, connected-apps
- Add cmdforge config connect <username> CLI command
- Rewrite tokens.html as Connected Apps with pairing flow
- Update TUI: Connect button when not authenticated, Publish when connected
- Add private sync option after save in TUI when connected
- Add visibility parameter to publish_tool in registry_client
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Was using werkzeug's generate_password_hash which creates incompatible
hashes. Now uses the same argon2 password_hasher as registration/login.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix create token modal z-index so it's not covered by backdrop
- Rename session tokens from "login" to "Web Session" for clarity
- Delete old session tokens when logging in (prevents accumulation)
- Filter out session tokens from dashboard display (users only see
their manually created API tokens)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- TUI: Use list_tools for browsing (no query), search_tools only when
user enters a search term. Fixes 500 error on initial registry load.
- API: Sanitize FTS5 queries by escaping special characters (* " ( ) etc)
Prevents SQL errors from malformed search queries like "*"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Categories API now includes dynamic categories from database
(categories used by tools but not in predefined list)
- Add total_tools to categories API meta for accurate All Tools count
- Fix web routes to use total_tools instead of summing category counts
- Dynamic categories get auto-generated descriptions
This fixes:
- "All Tools" showing 2 instead of 4
- Categories like "code-analysis" and "education" not appearing
- Incorrect category counts in sidebar
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /api/v1/tags endpoint for listing available tags
- Enhance search API with tag filtering (AND logic), multi-category
filtering (OR logic), owner filter, download range, and date range
- Add faceted response support (category/tag/owner counts)
- Update registry client with new search parameters and get_tags method
- Add CLI search options: -t/--tag, -o/--owner, --min-downloads,
--popular, --new, --since, --before, --json, --show-facets
- Add new 'registry tags' CLI subcommand
- Add web UI filter sidebar with checkboxes, dropdowns, and active
filter chips with URL-based state management
- Display clickable tags on tool cards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New /api/v1/webhook/deploy endpoint
- Verifies Gitea HMAC-SHA256 signature
- Only deploys on push to main/master branch
- Runs git pull and service restart in background
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add source_json column to store complete source attribution
- Update publish API to accept source object or legacy string
- Update get_tool API to return parsed source object
- Update web UI to display type, author, license, url, original_tool
- Add gunicorn config and dependency for production server
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Major rename operation:
- Rename Python package: smarttools -> cmdforge
- Update CLI entry point: smarttools -> cmdforge
- Update all imports and module references
- Update pyproject.toml with new name, URLs, entry point
- Update all HTML templates with new branding
- Update documentation (CLAUDE.md, README.md, docs/*, wiki/*)
- Update environment variables:
- SMARTTOOLS_ENV -> CMDFORGE_ENV
- SMARTTOOLS_REGISTRY_DB -> CMDFORGE_REGISTRY_DB
- SMARTTOOLS_TOKEN -> CMDFORGE_TOKEN
- SMARTTOOLS_REGISTRY_* -> CMDFORGE_REGISTRY_*
- Update Dockerfile and docker-compose.yml
- Update tests to use new package name
- Update scripts and examples
- Update package.json and tailwind.config.js
All 158 unit tests pass. The CLI is working correctly with the
new cmdforge command.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
rob