feat: container packaging, local binary overrides, and external auth#44
Merged
initializ-mk merged 3 commits intomainfrom Apr 13, 2026
Merged
feat: container packaging, local binary overrides, and external auth#44initializ-mk merged 3 commits intomainfrom
initializ-mk merged 3 commits intomainfrom
Conversation
…zation, and packaging improvements - Add --local-bin flag to forge build/package for injecting host binaries into container images - Add --slim and --alpine flags for image size optimization - Add package config section in forge.yaml (bin_overrides, alpine, slim) - Add smart Dockerfile generation with multi-stage bin resolution - Add external auth provider support (--auth-url / FORGE_AUTH_URL) - Add inline KUBECONFIG materialization for container deployments - Fix OpenAI API null content serialization for assistant messages with tool_calls - Remove root SKILL.md from forge init (skills live in skills/ subdirectories) - Add ca-certificates install in Dockerfile template for TLS support - Sync documentation for all changes
…g file packaging - Include channel config files (slack-config.yaml, etc.) in Docker build context - Add --with flag to container entrypoint when channels are configured in forge.yaml - Generate internal auth token for channel adapter loopback when using external auth - Accept internal token before external auth provider in middleware - Sync docs for channels and runtime
Remove assertions for SKILL.md.tmpl and SKILL.md from init tests since root-level SKILL.md is no longer generated by forge init.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--local-bin name=/path/to/fileflag onforge buildandforge packageto inject host binaries into container images, bypassing remote resolution. Also configurable viaforge.yamlpackage.bin_overrides.<name>.local.forge-core/packaging/— classifies binary requirements, resolves via local override → skill override → config override → image registry → apt/apk, and generates optimized Dockerfile stages.--slimand--alpineflags onforge build/forge packagefor smaller container images.--auth-urlflag (andFORGE_AUTH_URLenv var) for delegating token validation to an external auth endpoint.KUBECONFIGenv var and writes it to a file, enablingdocker run -e KUBECONFIG="$(cat ~/.kube/config)".skills/subdirectories; removed scaffold template andskills.pathconfig fromforge init.ca-certificatesinstall in Dockerfile template.Test plan
forge build --local-bin forge=/path/to/linux/forgegenerates Dockerfile withCOPY .local-bins/forgeinstructionforge package --local-bin forge=/path/to/linux/forgebuilds a working container imageforge package --alpine --slimproduces a smaller imageforge init my-agentno longer creates rootSKILL.mdorskills.pathinforge.yamlforge run --auth-url https://auth.example.com/verifyskips local token generationKUBECONFIGenv var materializes it to a filego test ./...passes in all modules