Description

Forge 🔨 — Repair-Inspect loop orchestrator. Automated code repair with independent inspection, dependency-aware parallel execution, protected file guardrail...

README (SKILL.md)

Forge 🔨 — 维修-监理自动循环

Name: Forge 🔨 Repair-Inspect Loop
Author: melody1015

Automated repair-inspect loop with state persistence, dependency analysis, and safety guardrails.

When to Use

Multiple repair tasks from review board / audit / user instructions
Need independent verification (not just "looks fixed")
Want protected file safety + auto-commit on PASS

Quick Start

cd /path/to/project

# 1. Initialize
python3 ~/clawd/skills/forge/scripts/forge.py init

# 2. Add tasks
python3 forge.py add "修复空值处理" --criteria "空输入不崩溃" --priority P0
python3 forge.py add "清理废弃代码" --criteria "无import报错" --depends task-001

# 3. See execution plan
python3 forge.py plan

# 4. Run (outputs spawn instructions)
python3 forge.py run

# 5. Execute spawns, then run again to check results
python3 forge.py run   # checks results, auto-loops on FAIL

# 6. When all done
python3 forge.py summary

CLI Reference

Command	Description
`init --workdir DIR`	Initialize forge session
`add "desc" --criteria "..." --depends task-001 --priority P0`	Add repair task
`plan`	Show dependency graph + parallel execution waves
`run`	Advance state machine (spawn or check results)
`status`	Show current progress
`check`	Pre-commit safety check (protected files, deletions)
`summary`	Generate completion report
`reset`	Clear state

How It Works

State Machine (per task)

pending → repairing → inspecting → done
                ↑          │
                └── fail ──┘   (auto-loop, max 5 rounds)

inspecting → needs_human  (pause, escalate)
inspecting → escalated    (>5 rounds)
repairing  → needs_human  (all BLOCKED)

Dependency-Aware Parallel Execution

Tasks without dependencies run in parallel. forge.py plan shows execution waves:

Wave 1: task-001, task-002, task-003  (并行)
Wave 2: task-004 ← task-001          (等task-001完成)

Safety Guardrails (3 layers)

Protected files — protected-files.txt in project root. Listed files cannot be modified by repair agents. Touching them → BLOCKED → NEEDS_HUMAN.
Pre-commit diff check — forge.py check detects: file deletions, protected file modifications, abnormally large changes.
Prompt constraints — Repair engineer prompt explicitly forbids deletions, protected files, cron changes.

Experience Accumulation

Each repair produces a repair_pattern with error classification and reusable solution templates. These are stored in forge-reflections.jsonl and the most recent 5 patterns are injected into future repair tasks as context.

Integration with AI Agents

When the agent receives repair tasks (from code review, audit, or user):

# 1. Init forge in project dir
exec("cd /path/to/project && python3 ~/clawd/skills/forge/scripts/forge.py init")

# 2. Add tasks
exec("python3 forge.py add 'Fix null handling in processor' --criteria 'No crash on empty input' --priority P0")

# 3. Run to get spawn instructions
exec("python3 forge.py run")
# → Script outputs spawn instructions

# 4. Execute spawns
sessions_spawn(task=read(task_file), label=label, model=model)

# 5. After spawn completes, run again
exec("python3 forge.py run")
# → Checks repair result → prepares inspector spawn
# → Or auto-loops on FAIL → prepares next repair spawn

# 6. On all PASS → git commit + notify

File Layout

forge/
├── SKILL.md                           # This file
├── scripts/
│   └── forge.py                       # Core orchestrator
├── references/
│   └── protocol.md                    # Full protocol documentation
└── assets/
    └── templates/
        ├── repair-engineer.md         # Repair agent role reference
        └── inspector.md              # Inspector role reference

Project-side files (created by forge)

project/
├── forge-state.json                   # State persistence (crash recovery)
├── forge-reflections.jsonl            # Project-specific experience (stays with project)
├── forge-output/                      # Task files and results
│   ├── task-001-repair-r1.task.md     # Repair spawn task
│   ├── task-001-repair-r1.json        # Repair result
│   ├── task-001-inspect-r1.task.md    # Inspect spawn task
│   └── task-001-inspect-r1.json       # Inspect result
└── protected-files.txt                # (optional) Protected file list

Experience: Two-Layer Architecture

forge/reflections/patterns.jsonl       # Universal patterns (cross-project, stays with skill)
project/forge-reflections.jsonl        # Project-specific patterns (stays with project)

Universal layer (forge/reflections/patterns.jsonl): Abstract lessons stripped of file paths and project context. Auto-extracted from project patterns after each repair. Deduped by pattern_name. Injected into ALL future repairs across any project.
Project layer ({project}/forge-reflections.jsonl): Full detail with file names, paths, project-specific context. Only injected when working on that project.
Auto-extraction: After each repair, extract_universal_pattern() checks if the pattern is generalizable (not too many project-specific paths). If so, it's added to the universal layer with dedup.

Doc-Sync Check (文档同步检查)

Forge收尾时自动检查：修改的代码文件是否有关联文档需要同步更新。

工作原理

优先运行 scripts/tools/doc-sync-checker.py --json（如果存在）
回退到 references/doc-sync-manifest.yaml：交叉对比forge修改的文件与manifest中的authority→consumer映射

项目配置

在项目中创建 references/doc-sync-manifest.yaml：

facts:
  api_config:
    authority: src/config.py
    consumers:
      - docs/api-reference.md
      - docs/deployment-guide.md
    last_synced: 2026-03-01

Forge完成报告会显示：

📄 文档同步检查 — 2 个文档可能需要更新:
  ⚠️ docs/api-reference.md 可能需要同步更新（api_config 的权威源 src/config.py 已修改）

Configuration

Via init flags or forge-state.json config section:

Key	Default	Description
`model`	`anthropic/claude-opus-4-6`	LLM model for agents
`max_rounds`	`5`	Max repair-inspect cycles before escalation
`repair_timeout`	`600`	Repair agent timeout (seconds)
`inspect_timeout`	`300`	Inspector timeout (seconds)
`auto_commit`	`true`	Auto git-commit on PASS

Usage Guidance

This skill appears to implement the advertised repair→inspect orchestration, but take these precautions before installing or running it on real repositories: 1. Audit scripts/forge.py (search for subprocess.run/exec/git calls and any network operations). Confirm exactly how commits and external commands are executed. 2. Disable auto-commit and automatic auto-looping during initial evaluation (set config.auto_commit = False and run single-step manual flows). Require human approval before any git push or commit to protected branches. 3. Review how 'universal' patterns are extracted and stored (forge/reflections/patterns.jsonl). If you will run this across multiple projects, either turn off universal extraction or ensure a strict sanitization step to remove any project-specific paths, sample data, or secrets. 4. Treat the doc-sync step as untrusted code execution: it will run project-provided scripts (e.g., scripts/tools/doc-sync-checker.py) if present. Only enable that in isolated/test environments or after reviewing those scripts. 5. Populate protected-files.txt for anything that must never be touched (credentials, deployment scripts, CI config). Test the protected-files enforcement on a sandbox repo with safe dummy files. 6. Run the skill first in a disposable clone/branch with no secrets, and inspect forge-output and reflections files to ensure no sensitive data is being recorded or leaked across projects. If you want, provide the full forge.py content (or search results for subprocess/git/network usage) and I can point to the exact lines to review and suggest safer configuration changes.

Capability Analysis

Type: OpenClaw Skill Name: forge-loop Version: 1.0.0 The skill is classified as suspicious due to a critical Remote Code Execution (RCE) vulnerability found in `scripts/forge.py`. The `check_doc_sync` function dynamically executes `scripts/tools/doc-sync-checker.py` if it exists within the project's work directory. This allows a malicious project owner to place arbitrary code in this file, which would then be executed by the OpenClaw agent running the Forge skill. While the skill's prompts for sub-agents include safety guardrails, this direct execution of untrusted project-supplied code constitutes a significant vulnerability, enabling potential self-exploitation of the agent.

Capability Assessment

✓ Purpose & Capability

Name/description match what is present: an orchestrator for repair→inspect loops. The artifact contains an orchestrator script (scripts/forge.py), role templates, protocol docs, and state/reflection file conventions. It does not request unrelated credentials or binaries.

⚠ Instruction Scope

The SKILL.md directs the agent to run forge.py to create tasks, spawn repair/inspect sessions, write outputs into the project (forge-output/), and automatically extract and reuse repair patterns. It also will try to run project-side helpers (e.g., scripts/tools/doc-sync-checker.py) if present. Two concerns: (1) the universal 'patterns.jsonl' is reused across all projects — project-specific information may be insufficiently sanitized and could be injected into later repairs on other projects; (2) the doc-sync step and other scripted steps execute project-provided code, which can run arbitrary code in the project environment. Both are outside the minimal scope of “orchestration” and increase risk.

✓ Install Mechanism

There is no external install spec — this is instruction + bundled script. No network downloads or remote installers are involved in the skill bundle itself, which reduces supply-chain risk.

ℹ Credentials

The skill does not request environment variables or credentials. However it persistently stores two cross-cutting artifacts: a universal reflections file inside the skill (forge/reflections/patterns.jsonl) and project-specific reflections (project/forge-reflections.jsonl). If the extraction/sanitization heuristics fail, sensitive project data (paths, examples, tokens, or config snippets) could be recorded and then exposed to other projects' runs.

⚠ Persistence & Privilege

The orchestrator will modify project state (forge-state.json, forge-output/, forge-reflections.jsonl) and — per the protocol — auto-commit changes on PASS (config.auto_commit = True by default). Combined with automatic retry loops ('auto-loop on FAIL' and up to 5 rounds) and cross-project universal pattern accumulation, the skill has a persistent and far-reaching footprint. While not flagged as always:true, the skill still performs high-privilege actions (writing, committing, executing project scripts) without human review by default.

Version History

v1.0.0

Initial release: Repair-Inspect loop orchestrator with dependency-aware parallel execution, protected file guardrails, two-layer experience accumulation, doc-sync checking, and crash-recoverable state.

Metadata

Slug forge-loop

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Forge 🔨 Repair-Inspect Loop?

Forge 🔨 — Repair-Inspect loop orchestrator. Automated code repair with independent inspection, dependency-aware parallel execution, protected file guardrail... It is an AI Agent Skill for Claude Code / OpenClaw, with 409 downloads so far.

How do I install Forge 🔨 Repair-Inspect Loop?

Run "/install forge-loop" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Forge 🔨 Repair-Inspect Loop free?

Yes, Forge 🔨 Repair-Inspect Loop is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Forge 🔨 Repair-Inspect Loop support?

Forge 🔨 Repair-Inspect Loop is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Forge 🔨 Repair-Inspect Loop?

It is built and maintained by melody1015 (@melody1015); the current version is v1.0.0.

More Skills

Forge 🔨 Repair-Inspect Loop