- Mark collections CLI as fully implemented
- Add admin management UI documentation
- Update CLI command examples (cmdforge collections list/info/install)
- Add API endpoint documentation
- Include example output and usage instructions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The API returns tools as objects with owner/name fields, but the CLI
expected string refs. Now handles both formats correctly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace undefined get_current_user() with existing g.current_publisher
- Replace undefined log_admin_action() with existing log_audit() function
- Remove redundant role checks (already handled by @require_admin decorator)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The @require_auth decorator doesn't exist - should use @require_admin
for admin-only endpoints.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CLI Commands:
- cmdforge collections list - List available collections
- cmdforge collections info <name> - Show collection details
- cmdforge collections install <name> - Install all tools in a collection
Admin API:
- GET /api/v1/admin/collections - List all collections (admin)
- POST /api/v1/admin/collections - Create collection
- PUT /api/v1/admin/collections/<name> - Update collection
- DELETE /api/v1/admin/collections/<name> - Delete collection
Admin Web UI:
- /dashboard/admin/collections - List and manage collections
- /dashboard/admin/collections/new - Create new collection form
- /dashboard/admin/collections/<name>/edit - Edit collection form
- Added "Manage collections" link to admin dashboard
Registry Client:
- Added get_collections() method
- Added get_collection(name) method
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Search terms now automatically get a * suffix for prefix matching.
E.g., searching "summ" matches "summarize", "summary", etc.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add validate_token() method to RegistryClient
- Returns (is_valid, error_message) tuple
- Catches 401/UNAUTHORIZED errors and connection issues
- Add startup validation in MainWindow
- Runs 500ms after window shows (non-blocking)
- Clears invalid tokens automatically
- Shows status bar message explaining what happened
- Document cmdforge config disconnect command
This prevents confusing errors when trying to publish with stale or
revoked credentials - the GUI now auto-clears bad connections on restart.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Registry Features:
- Fork tracking with forked_from/forked_version metadata
- Forked tools show "Forked from" notice on detail page
- Original tools display "Forks" section listing all forks
- Fork count in tool stats
- API: GET /api/v1/tools/<owner>/<name>/forks
GUI Improvements:
- Version selector dropdown for registry installs
- Fetch available versions via GET /api/v1/tools/<owner>/<name>/versions
- "Latest" option plus all available versions listed
Admin Features:
- POST /api/v1/admin/cleanup/rejected endpoint
- Maintenance section in admin dashboard
- "Dry Run" and "Run Cleanup" buttons for rejected version cleanup
- Configurable grace period (default 7 days)
Documentation:
- Updated CHANGELOG.md with all recent changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Make publish endpoint idempotent: return success if same content
already exists instead of VERSION_EXISTS error (fixes retry issues)
- Always refresh tools page after publish dialog closes
- Consolidate My Tools page to group versions by tool name
- Show version count and list instead of separate rows per version
- Sum downloads across all versions for accurate totals
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Show local and registry version in publish dialog
- Add +Patch/+Minor/+Major bump buttons
- Auto-fetch registry version on dialog open
- Suggest next version based on latest registry version
- Add fork detection and forked_from metadata support
- Update registry schema for forked_from/forked_version fields
- Display fork indicator when publishing forked tools
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The visible button was confusing since auto-polling handles status
updates. Power users can press F5 to manually sync if needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Simplified approach: just show the moderation status from the server
without trying to detect local modifications. This eliminates the
fragile hash comparison that kept breaking due to representation
differences between to_dict(), raw YAML, and server-side normalization.
States are now simply: local, pending, published, changes_requested, rejected
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The GUI was sending to_dict() output to server but only updating the
existing config file with the hash. This caused mismatches because
to_dict() adds fields like 'arguments: []' that weren't in the original.
Now saves the exact config that was published, ensuring local file
matches what was sent to server.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When syncing feedback from server, the registry_feedback field was
being saved to config but not excluded from hash computation, causing
tools to appear as "modified" instead of showing their actual status.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use raw config for hash comparison instead of to_dict(), which was
adding fields like 'arguments: []' that weren't in the original config.
This caused tools to show as "modified" when they weren't.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The GUI was saving tracking fields but CLI wasn't. Now both save
registry_hash, registry_status, and clear feedback on republish.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add QTimer polling every 30s when tools are pending/changes_requested
- Display changes_requested (⚠) and rejected (✗) states in tool tree
- Show moderator feedback in tool info panel
- Add `cmdforge registry status <tool>` CLI command with --sync flag
- Update _sync_tool to persist registry_feedback field
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add POST /api/v1/admin/tools/{id}/request-changes endpoint
- Sets moderation_status to 'changes_requested' with feedback
- Extend /me/tools/{name}/status to return feedback when status is
changes_requested or rejected
- Add Request Changes button and modal in admin pending UI
- Make changes modal draggable like other modals
This allows admins to send feedback to publishers instead of just
approving or rejecting tools outright.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The AI review was failing because it referenced 'config' which doesn't
exist in the publish endpoint scope. Changed to 'data' which is the
actual variable containing the parsed tool configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change nargs="*" to REMAINDER for tool_args to stop argparse from
intercepting --flag style arguments meant for the tool
- Add -- separator handling to distinguish cmdforge args from tool args
- Map flag names to variable names using tool argument definitions
- Update AI review subprocess calls to use -- separator
Fixes scrutiny-ai-review tool arguments not being passed correctly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create scrutiny-ai-review tool that uses AI to analyze warnings
- Integrate AI review into publish flow (app.py)
- Integrate AI review into Fabric sync script
- If AI review returns APPROVE with >=80% confidence, auto-approve
- Display AI review results in admin pending tools modal
- Shows verdict (APPROVE/REJECT/NEEDS_HUMAN_REVIEW) with confidence
- Shows per-finding analysis (FALSE_POSITIVE/LEGITIMATE_CONCERN)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Shows warnings at the top of the detail view with:
- Yellow warning styling
- Check name, message, and suggestion
- Warning icon for visibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Modal now has max-height of viewport minus padding
- Content area scrolls independently (overflow-y-auto)
- Header and footer buttons stay fixed/visible
- Background scroll locked when modal is open
- Fixes scroll context issues after dragging
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Header now flush with top of modal (full draggable area)
- Content area properly padded below header
- Fix step rendering: use step.prompt not step.content
- Show provider, output_var, and step name in step display
- Add support for tool steps
- Add max-height with scroll for long prompts/code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Darker overlay (bg-gray-900 bg-opacity-60)
- Stronger border (border-2 border-gray-300)
- Larger shadow (shadow-2xl)
- Gray header bar with cursor-move indicator
- Draggable by header (both detail and reject modals)
- Position resets on close for re-centering
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Click tool name to view full details in modal
- Shows description, arguments, steps (prompt/code), and README
- Approve/Reject buttons in detail modal
- New API endpoint GET /api/v1/admin/tools/<id> returns full tool config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Page number links with ellipsis for large ranges
- First/Last page buttons (« and »)
- "Go to page" input for direct page jumping
- Current page highlighted in indigo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When the Tools page loads, automatically sync statuses for all published
tools in the background. This means users don't need to manually click
"Sync Status" - the indicators will update automatically.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The publish dialog adds version and tags fields that aren't stored in
the local config.yaml. Exclude these from hash computation so the
hash comparison works correctly.
Also use Tool.to_dict() for consistent hash computation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Track moderation status (pending/approved/rejected) in local tool config
- Add new "pending" state indicator (◐ yellow) distinct from "published" (✓ green)
- Add "Sync Status" button to check registry for updated moderation status
- Add /me/tools/<name>/status API endpoint for checking tool status
- Improve admin panel error handling with better error messages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The tool list now refreshes after publishing to immediately show
the updated publish state indicator (✓).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Tool dataclass now has a path field that points to the config.yaml
file it was loaded from. This is set by load_tool() and enables the
publish dialog to save the registry_hash back to the local config.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add config_hash to publish API response
- Save registry_hash to local tool config after successful publish
- Show appropriate message based on moderation status (approved vs pending)
This enables the GUI to show publish state indicators (✓ published, ● modified)
for tools that have been published to the registry.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The publish_tool() API expects a YAML config string, but the dialog
was passing a dict directly, causing a 500 error on the server.
- Update PublishWorker to accept config_yaml string and readme
- Build complete tool config from Tool.to_dict()
- Convert to YAML string before sending
- Also include README.md if it exists in tool directory
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The _update_buttons method wasn't handling the no-token case properly.
When not connected, the Connect button should always be enabled.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add `cmdforge config disconnect` command to clear registry token
- Fix GUI connection status label not updating after connect
- Store status as instance variable instead of local
- Add _update_connection_status() method
- Call update after connect dialog completes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Registry API improvements:
- Add /api/v1/me POST endpoint for profile updates
- Add /api/v1/me/password POST endpoint for password changes
- Fix visibility filtering on categories and tags endpoints to only
show approved public tools
- Allow underscores in tool names for fabric pattern compatibility
- Fix sqlite3.Row access (use bracket notation instead of .get())
Web UI improvements:
- Add tag filter to /tools page with three-state buttons
(include/exclude/neutral)
- Add mobile-friendly tag filter in responsive view
- Display tags on tool cards in the tools listing
- Add dashboard settings form handlers for profile and password
Admin improvements:
- Add scrutiny audit page for reviewing tool safety analysis
- Improve pending tools page with scrutiny report display
- Add scrutiny stats to admin dashboard
Fabric sync improvements:
- Add direct database publishing with scrutiny vetting
- Support auto-approve for tools passing scrutiny
- Improve error handling and logging
- Add source attribution for imported tools
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add hash_utils.py module for SHA256 content hashing with normalized YAML
- Store config_hash in registry database on publish
- Include hash in download response for client verification
- Verify downloaded content matches registry hash on install
- Store registry_hash in local tool config for publish state tracking
- Show publish state indicators in Tools page UI:
- Green checkmark: Published and up to date
- Orange dot: Modified since last publish
- No indicator: Local tool (never published)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add icons module with programmatically drawn icons:
- Speech bubble for prompt steps
- Code brackets </> for code steps
- Arrow icons for input/output nodes
- Display icons in list view next to step names
- Display icons in flow view node headers
- Add inline name editing in flow view via property_changed signal
- Sync name changes from flow view to tool model and list view
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added "Cut links: Alt+Shift+drag" to help banner.
Shortened other labels to fit.
In NodeGraphQt, connections are cut by:
- Alt+Shift+Left-drag to slice through connections
- Dragging a connection endpoint to empty space
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add _rebuilding flag to ignore signals during rebuild
- Prevents cascade of port_disconnected signals when clearing graph
- Fixes KeyError in NodeGraphQt undo stack
- Fixes false dependency warnings on view switch
The port_disconnected and nodes_deleted signals were firing during
clear_session(), causing recursive rebuilds and errors.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When a connection is broken in the flow view:
1. The node that lost its input moves to the end of the chain
2. The remaining nodes reconnect automatically
3. Tool model updates to reflect new order
4. Dependency validation warns about broken references
Flow: Input → A → B → C → Output
Break B's input: Input → A → C → B → Output
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Only parse {variable} patterns in PromptSteps, not CodeSteps.
In CodeSteps, variables are available directly as Python variables
(e.g., use `input` not `{input}`). The {var} syntax in code is
typically Python f-string or .format() syntax, not CmdForge
template substitution.
This fixes false positives like artifact-ai where Python f-strings
like f"{format_guide}" were incorrectly flagged as missing CmdForge
variable references.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
List View:
- Enable drag-drop reordering of steps
- Show broken dependency warnings when reordering
- Steps with missing variable refs shown in red with tooltip
Validation:
- Parse {variable} references from prompts and code
- Track available variables at each step position
- Warn when steps reference undefined variables
Flow View Sync:
- Deleting nodes in flow view updates the tool model
- steps_deleted signal propagates changes to builder
- Both views stay in sync
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
rob