- Upgrade Go to 1.26, FrankenPHP to v1.11.2 (CVE-2026-24894)
- Add non-root USER to all Dockerfiles (Trivy misconfig)
- Upgrade gitleaks to v8.24.3 with arch detection
Co-Authored-By: Virgil <virgil@lethean.io>
Move module identity to our own Forgejo instance. All import paths
updated across 434 Go files, sub-module go.mod files, and go.work.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements quota enforcement for agents including daily token limits,
daily job limits, concurrent job caps, model allowlists, and global
per-model budgets. Quota recovery returns 50% for failed jobs and
100% for cancelled jobs.
Go: AllowanceService with MemoryStore, AllowanceStore interface, and
25 tests covering all enforcement paths.
Laravel: migration for 5 tables (agent_allowances, quota_usage,
model_quotas, usage_reports, repo_limits), Eloquent models,
AllowanceService, QuotaMiddleware, and REST API routes.
Closes#99
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ForgejoClient and ForgejoService to the Laravel app, providing a
clean service layer for all Forgejo REST API operations the orchestrator
needs. Supports multiple instances (forge, dev, qa) with config-driven
auto-routing, token auth, retry with circuit breaker, and pagination.
Covers issues, PRs, repos, branches, user/token management, and orgs.
Closes#98
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AppServiceProvider runs migrate --force on first request.
Sessions and cache tables created automatically in SQLite.
Removed synthetic HTTP migration approach in favour of pure
PHP service provider — cleaner, works with Octane workers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added `pre-commit` task in Makefile.
- Enhanced CLI with banner display and stricter file selection validation.
- Expanded App Transport Security settings and updated permissions in `Info.dev.plist`.
