rename forge→voge: docs, CI, scripts, Nix, plans, benchmarks
Update the remaining references: README.md, AGENTS.md, docs/, GitHub workflows
and issue templates (binary matrix, npm/homebrew publish targets left as-is),
scripts/, flake.nix, .devcontainer, historical plans/, and the benchmarks/ eval
harness. External links (forgecode.dev, tailcallhq/forgecode, antinomyhq/*) and
the npm package name "forgecode" in install commands are intentionally preserved.
Also fix two ProviderId display tests in voge_main: "Forge"→"Voge" is one char
shorter, so the expected padding is now built dynamically from name_width instead
of hardcoded (avoids drift on future provider additions).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
rename forge→voge: docs, CI, scripts, Nix, plans, benchmarks
Update the remaining references: README.md, AGENTS.md, docs/, GitHub workflows
and issue templates (binary matrix, npm/homebrew publish targets left as-is),
scripts/, flake.nix, .devcontainer, historical plans/, and the benchmarks/ eval
harness. External links (forgecode.dev, tailcallhq/forgecode, antinomyhq/*) and
the npm package name "forgecode" in install commands are intentionally preserved.
Also fix two ProviderId display tests in voge_main: "Forge"→"Voge" is one char
shorter, so the expected padding is now built dynamically from name_width instead
of hardcoded (avoids drift on future provider additions).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
rename forge→voge: docs, CI, scripts, Nix, plans, benchmarks
Update the remaining references: README.md, AGENTS.md, docs/, GitHub workflows
and issue templates (binary matrix, npm/homebrew publish targets left as-is),
scripts/, flake.nix, .devcontainer, historical plans/, and the benchmarks/ eval
harness. External links (forgecode.dev, tailcallhq/forgecode, antinomyhq/*) and
the npm package name "forgecode" in install commands are intentionally preserved.
Also fix two ProviderId display tests in voge_main: "Forge"→"Voge" is one char
shorter, so the expected padding is now built dynamically from name_width instead
of hardcoded (avoids drift on future provider additions).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
rename forge→voge: docs, CI, scripts, Nix, plans, benchmarks
Update the remaining references: README.md, AGENTS.md, docs/, GitHub workflows
and issue templates (binary matrix, npm/homebrew publish targets left as-is),
scripts/, flake.nix, .devcontainer, historical plans/, and the benchmarks/ eval
harness. External links (forgecode.dev, tailcallhq/forgecode, antinomyhq/*) and
the npm package name "forgecode" in install commands are intentionally preserved.
Also fix two ProviderId display tests in voge_main: "Forge"→"Voge" is one char
shorter, so the expected padding is now built dynamically from name_width instead
of hardcoded (avoids drift on future provider additions).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
feat(vuln-hunting): round-2 integrity hardening (F–J) + rewrite README
Five fixes to the vuln-hunting pipeline, each closing a failure mode
observed during the comprehensive Teleport audit (see
plans/2026-07-14-teleport-tier1-consolidated-audit.md):
- F (HIGH, prompts): reframe the taint `sink` as the AUTHORITATIVE
enforcement/consumption gate — an intermediate value (e.g. SSH cert
principals) that is later re-checked is a propagator, not a sink. The
adversary must trace the effect to the authoritative gate and rule out
re-enforcement there before `survived`; otherwise the confirmation gate
ships a false `confirmed` (GetLoginsForTTL-shape false-confirm). Edits:
adversary.md L2 + verdict, voge.md Rule-1 + workflow step 5,
memory_verification.md description. Instruction-only; the substance
fingerprint then naturally keys on the authoritative gate.
- G (HIGH, code): isolate side-investigation tools (fetch) from the hard
abort limit so a flaky network resource cannot abort a near-complete
audit. Mirrors the gating-isolation template: ToolErrorTracker gains
side_tool_names / side_tool_errors / side_tool_limit + routing;
config.rs side_tool_names (default ["fetch"]) + side_tool_failure_limit
(default 12); app.rs wires it; orch.rs 3-way abort report (hard ->
gating -> side).
- H (HIGH): scripts/voge_audit_split.sh splits large Go packages by
immediate sub-package (each chunk its own engagement) + an efficiency
prompt in sage.md (batch coverage, quick-safe trivial files). The 90-min
kill is external (no in-process cap; VOGE_HEADLESS_STALL_SECS is a
silence watchdog).
- I (MED, code): engagement-scoped coverage. The engagement_id field and
write-path stamping already existed; only the reader ignored it. Thread
engagement_id through get_coverage (keep matching engagement + un-tagged
legacy rows, exclude other engagements), stamp the finalize marker, and
auto-generate eng-<epoch>-<pid> per run in run_headless (config id
overrides -> group a campaign). Eliminates cross-unit contamination.
- J (MED, prompt): CGo census — include sibling .h/.c/.m counterparts +
audit the boundary contract when a .go has import "C" / #cgo.
Tests: per-crate green (voge_domain 636 incl. 5 new side-tool tests,
voge_repo 361 incl. engagement-scoping test, voge_app 737, voge_services
213). 3 insta snapshots refreshed (memory_verification description).
README rewritten to describe what voge actually is (a blind multi-agent
vuln-hunting pipeline), with a dedicated "Voge vs upstream forgecode"
section, the integrity-model table, and honest limitations — replacing
the upstream forgecode generic-coding-agent README that was misleading.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>