- Add POST /api/v1/admin/tools/{id}/request-changes endpoint
- Sets moderation_status to 'changes_requested' with feedback
- Extend /me/tools/{name}/status to return feedback when status is
changes_requested or rejected
- Add Request Changes button and modal in admin pending UI
- Make changes modal draggable like other modals
This allows admins to send feedback to publishers instead of just
approving or rejecting tools outright.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The AI review was failing because it referenced 'config' which doesn't
exist in the publish endpoint scope. Changed to 'data' which is the
actual variable containing the parsed tool configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change nargs="*" to REMAINDER for tool_args to stop argparse from
intercepting --flag style arguments meant for the tool
- Add -- separator handling to distinguish cmdforge args from tool args
- Map flag names to variable names using tool argument definitions
- Update AI review subprocess calls to use -- separator
Fixes scrutiny-ai-review tool arguments not being passed correctly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create scrutiny-ai-review tool that uses AI to analyze warnings
- Integrate AI review into publish flow (app.py)
- Integrate AI review into Fabric sync script
- If AI review returns APPROVE with >=80% confidence, auto-approve
- Display AI review results in admin pending tools modal
- Shows verdict (APPROVE/REJECT/NEEDS_HUMAN_REVIEW) with confidence
- Shows per-finding analysis (FALSE_POSITIVE/LEGITIMATE_CONCERN)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Click tool name to view full details in modal
- Shows description, arguments, steps (prompt/code), and README
- Approve/Reject buttons in detail modal
- New API endpoint GET /api/v1/admin/tools/<id> returns full tool config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Track moderation status (pending/approved/rejected) in local tool config
- Add new "pending" state indicator (◐ yellow) distinct from "published" (✓ green)
- Add "Sync Status" button to check registry for updated moderation status
- Add /me/tools/<name>/status API endpoint for checking tool status
- Improve admin panel error handling with better error messages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add config_hash to publish API response
- Save registry_hash to local tool config after successful publish
- Show appropriate message based on moderation status (approved vs pending)
This enables the GUI to show publish state indicators (✓ published, ● modified)
for tools that have been published to the registry.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Registry API improvements:
- Add /api/v1/me POST endpoint for profile updates
- Add /api/v1/me/password POST endpoint for password changes
- Fix visibility filtering on categories and tags endpoints to only
show approved public tools
- Allow underscores in tool names for fabric pattern compatibility
- Fix sqlite3.Row access (use bracket notation instead of .get())
Web UI improvements:
- Add tag filter to /tools page with three-state buttons
(include/exclude/neutral)
- Add mobile-friendly tag filter in responsive view
- Display tags on tool cards in the tools listing
- Add dashboard settings form handlers for profile and password
Admin improvements:
- Add scrutiny audit page for reviewing tool safety analysis
- Improve pending tools page with scrutiny report display
- Add scrutiny stats to admin dashboard
Fabric sync improvements:
- Add direct database publishing with scrutiny vetting
- Support auto-approve for tools passing scrutiny
- Improve error handling and logging
- Add source attribution for imported tools
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add hash_utils.py module for SHA256 content hashing with normalized YAML
- Store config_hash in registry database on publish
- Include hash in download response for client verification
- Verify downloaded content matches registry hash on install
- Store registry_hash in local tool config for publish state tracking
- Show publish state indicators in Tools page UI:
- Green checkmark: Published and up to date
- Orange dot: Modified since last publish
- No indicator: Local tool (never published)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add pairing_requests table and hostname column to api_tokens
- Add pairing API endpoints: initiate, check, status, connected-apps
- Add cmdforge config connect <username> CLI command
- Rewrite tokens.html as Connected Apps with pairing flow
- Update TUI: Connect button when not authenticated, Publish when connected
- Add private sync option after save in TUI when connected
- Add visibility parameter to publish_tool in registry_client
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Was using werkzeug's generate_password_hash which creates incompatible
hashes. Now uses the same argon2 password_hasher as registration/login.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The index creation for moderation_status, visibility, role, and banned
columns was in SCHEMA_SQL which runs before migrate_db(). This caused
failures on existing databases that didn't have these columns yet.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When the registry server starts, it now automatically adds any missing
columns to existing tables. This prevents 500 errors when publishing
to a database created before newer columns were added.
Columns added by migration:
- scrutiny_status, scrutiny_report (tool scrutiny)
- source, source_url, source_json (tool attribution)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix create token modal z-index so it's not covered by backdrop
- Rename session tokens from "login" to "Web Session" for clarity
- Delete old session tokens when logging in (prevents accumulation)
- Filter out session tokens from dashboard display (users only see
their manually created API tokens)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- TUI: Use list_tools for browsing (no query), search_tools only when
user enters a search term. Fixes 500 error on initial registry load.
- API: Sanitize FTS5 queries by escaping special characters (* " ( ) etc)
Prevents SQL errors from malformed search queries like "*"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Categories API now includes dynamic categories from database
(categories used by tools but not in predefined list)
- Add total_tools to categories API meta for accurate All Tools count
- Fix web routes to use total_tools instead of summing category counts
- Dynamic categories get auto-generated descriptions
This fixes:
- "All Tools" showing 2 instead of 4
- Categories like "code-analysis" and "education" not appearing
- Incorrect category counts in sidebar
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /api/v1/tags endpoint for listing available tags
- Enhance search API with tag filtering (AND logic), multi-category
filtering (OR logic), owner filter, download range, and date range
- Add faceted response support (category/tag/owner counts)
- Update registry client with new search parameters and get_tags method
- Add CLI search options: -t/--tag, -o/--owner, --min-downloads,
--popular, --new, --since, --before, --json, --show-facets
- Add new 'registry tags' CLI subcommand
- Add web UI filter sidebar with checkboxes, dropdowns, and active
filter chips with URL-based state management
- Display clickable tags on tool cards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New /api/v1/webhook/deploy endpoint
- Verifies Gitea HMAC-SHA256 signature
- Only deploys on push to main/master branch
- Runs git pull and service restart in background
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add source_json column to store complete source attribution
- Update publish API to accept source object or legacy string
- Update get_tool API to return parsed source object
- Update web UI to display type, author, license, url, original_tool
- Add gunicorn config and dependency for production server
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Major rename operation:
- Rename Python package: smarttools -> cmdforge
- Update CLI entry point: smarttools -> cmdforge
- Update all imports and module references
- Update pyproject.toml with new name, URLs, entry point
- Update all HTML templates with new branding
- Update documentation (CLAUDE.md, README.md, docs/*, wiki/*)
- Update environment variables:
- SMARTTOOLS_ENV -> CMDFORGE_ENV
- SMARTTOOLS_REGISTRY_DB -> CMDFORGE_REGISTRY_DB
- SMARTTOOLS_TOKEN -> CMDFORGE_TOKEN
- SMARTTOOLS_REGISTRY_* -> CMDFORGE_REGISTRY_*
- Update Dockerfile and docker-compose.yml
- Update tests to use new package name
- Update scripts and examples
- Update package.json and tailwind.config.js
All 158 unit tests pass. The CLI is working correctly with the
new cmdforge command.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
rob