v0.9.0
Forge v0.9.0 — Security Hardening, GitHub Skills, and Bug Fixes
Release Date: April 4, 2026
Full Changelog: v0.8.0...v0.9.0
Highlights
Forge v0.9.0 is a security-focused release that delivers two full phases of security hardening (17 fixes total), a new GitHub API skill, a critical secret decryption bug fix, and improvements across the CLI, TUI, and channel plugins. This release modifies 78 files with over 4,100 lines of new code and hardened tests.
What's New
Security: Phase 1 — Critical Fixes (C-1 through C-7)
- SSRF protection — new IP validator blocks requests to private/loopback/link-local ranges (#34)
- Safe dialer — all outbound HTTP connections routed through a secure dialer with DNS rebinding protection
- Redirect validation — HTTP redirects are checked against the egress allowlist before following
bash_executeremoved — eliminated the high-risk shell execution tool from the code-agent skill (#29)- Egress enforcer hardened — stricter domain matching and proxy enforcement
Security: Phase 2 — High-Priority Fixes (H-1 through H-10)
- Scoped environment variables —
KUBECONFIG,NO_PROXY, andGH_CONFIG_DIRare now injected only into their target binaries (kubectl, helm, gh), not the global environment (#39, #42) - A2A server hardened — added input validation, rate limiting, and auth improvements to the Agent-to-Agent server
- Custom tool sandboxing — external tool execution now enforces stricter argument validation
- Channel plugin hardening — Slack and Telegram adapters received input sanitization and error-handling improvements
- Guardrails loader hardened — runtime guardrail loading now validates schema before application
New Feature: GitHub API Skill
- Query GitHub users, pull requests, forks, and stargazers directly from within an agent (#38)
- Includes six new scripts:
github-get-user,github-list-prs,github-list-forks,github-list-stargazers,github-pr-author-profiles,github-stargazer-profiles - Per-tool PII exemptions — tools that need GitHub usernames can bypass PII redaction on a per-tool basis
Bug Fixes
- Secret decryption — fixed a bug where decryption failed even with the correct passphrase (#40, #41)
- Q&A nudge suppression — resolved unwanted nudge prompts during agent conversations
- UI agent start errors — fixed errors when starting agents from the skill builder UI
- Chat streaming — resolved streaming interruption issues in the TUI
- File attachment —
cli_executenow correctly handles file attachment behavior - Errcheck lint — fixed unchecked error returns in test files
Documentation
- Updated security docs covering egress enforcement, guardrails, and the new IP validator
- Synced architecture, channels, runtime, skills, and tools documentation with code changes (#43)
Breaking Changes
bash_executetool removed — agents using thebash_executebuiltin tool must migrate tocli_executeor custom tool definitions. This tool was removed for security reasons.
Upgrade Guide
# Update via Homebrew
brew upgrade initializ/tap/forge
# Or pull the latest binary
curl -sSL https://raw.githubusercontent.com/initializ/forge/main/install.sh | bashNo configuration changes required. Existing agents and skills are fully compatible with v0.9.0.
Stats
| Metric | Value |
|---|---|
| Files changed | 78 |
| Insertions | +4,126 |
| Deletions | −632 |
| Net new lines | +3,494 |
| PRs merged | 6 |
| Contributors | 2 |
Pull Requests Included
- #43 — docs: sync documentation for Phase 2 fixes and UI improvements (@initializ-mk)
- #42 — security: Phase 2 high-priority fixes and UI improvements (@initializ-mk)
- #41 — [Bug]: Secret decryption fails with correct passphrase #40 (@pandey03muskan)
- #39 — security: Phase 2 high-priority fixes (H-1 through H-10) (@initializ-mk)
- #38 — feat: add GitHub API query tools and per-tool PII exemptions (@initializ-mk)
- #34 — security: Phase 1 critical fixes (C-1 through C-7) (@initializ-mk)
Contributors
Forge is a secure, portable AI agent runtime. Build, run, and deploy AI agents from a single SKILL.md file.
Learn more at github.com/initializ/forge • Documentation
Contributors
initializ-mk and pandey03muskan