zhi/HarborForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
226 Commits 2 Branches 0 Tags
627ffcf2fa3f9c44cee082915456e798d28358e5
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
hzhang 627ffcf2fa Bump HarborForge.Backend to Tessera bearer support 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 16:57:57 +01:00
AbstractWizard @ 21815f58eb
chore: bump all 7 submodule pointers to latest main
2026-05-16 17:57:30 +01:00
archive
docs: move plans into archive and place next wave doc under plans
2026-03-29 11:19:33 +00:00
docs
BE-PR-001: Rename Propose -> Proposal across backend
2026-03-29 15:35:59 +00:00
HarborForge.Backend @ 0bdc432215
Bump HarborForge.Backend to Tessera bearer support
2026-06-02 16:57:57 +01:00
HarborForge.Cli @ 729365ca46
chore: bump Backend/Cli/Frontend → main (KnowledgeBase + security-audit merges)
2026-06-01 09:25:28 +01:00
HarborForge.Frontend @ bcdf1cbe7a
chore: bump Backend/Cli/Frontend → main (KnowledgeBase + security-audit merges)
2026-06-01 09:25:28 +01:00
HarborForge.Monitor @ db986e6bf4
chore: bump all 7 submodule pointers to latest main
2026-05-16 17:57:30 +01:00
HarborForge.OpenclawPlugin @ 06ccd3564e
chore(submodules): bump HarborForge.OpenclawPlugin (#12: installCli git-clone refactor)
2026-05-29 08:52:42 +01:00
HarborForge.Test @ e6a186b698
chore: bump all 7 submodule pointers to latest main
2026-05-16 17:57:30 +01:00
plans
TEST-CLI-CAL-001 TEST-CLI-PR-001 complete CLI test tasks
2026-04-01 12:03:37 +00:00
.env
fix: docker-compose paths after backend restructure
2026-02-21 08:25:49 +00:00
.env.example
Add .env.example with default port configuration
2026-03-14 08:23:55 +00:00
.gitmodules
feat: add HarborForge.Cli submodule
2026-03-21 07:32:14 +00:00
docker-compose.yml
Use env vars for ports: WIZARD_PORT, MYSQL_PORT, BACKEND_PORT, FRONTEND_PORT
2026-03-14 08:23:49 +00:00
docker-compose.yml.new
Merge feat/task-type-hierarchy into main
2026-03-12 13:12:17 +00:00
nginx-host.conf.example
feat: no-nginx frontend, host nginx config, configurable ports
2026-03-06 13:06:27 +00:00
README.md
docs: translate top-level README to English
2026-05-16 18:32:21 +01:00

README.md

HarborForge

Agent / human collaborative task-management platform — manages the full proposal → milestone → task lifecycle with strict state machines, plus a CLI, monitoring, and OpenClaw integration.

Repository layout

This is the umbrella repository; every component is a git submodule:

HarborForge/
├── AbstractWizard/             # Go, secure first-time setup service (SSH tunnel, port 8080)
├── HarborForge.Backend/        # Python/FastAPI, core REST API + RBAC (port 8000)
├── HarborForge.Frontend/       # React + TypeScript + Vite single-page app (port 3000)
├── HarborForge.Cli/            # Go command-line client `hf`
├── HarborForge.Monitor/        # Go host telemetry client (optional local bridge 9100)
├── HarborForge.OpenclawPlugin/ # Node OpenClaw plugin `harbor-forge`
├── HarborForge.Test/           # Integration tests (backend pytest / frontend Playwright)
├── docker-compose.yml          # Docker orchestration
├── nginx-host.conf.example     # Host nginx config example
└── .env.example                # Environment variable template

Quick start

# Clone and initialize all submodules
git clone --recurse-submodules https://git.hangman-lab.top/zhi/HarborForge.git
cd HarborForge
# If already cloned without submodules:
git submodule update --init --recursive

# Configure environment (do NOT use the defaults — see "Security")
cp .env.example .env
# Edit .env: set at minimum a strong random SECRET_KEY and DB passwords

# Start the services
docker compose up -d

First deployment — setup wizard

HarborForge uses AbstractWizard for secure initialization. The wizard listens on 127.0.0.1 only and must be reached over an SSH tunnel.

# 1. SSH tunnel: forward the wizard port to your machine
ssh -L 18080:127.0.0.1:18080 user@your-server

# 2. Open the frontend in a browser (or via the host nginx).
#    If the backend is not initialized, it redirects to the setup wizard.

# 3. In the wizard, configure: database connection, admin account,
#    default project (optional).

# 4. Once saved, the backend detects the config and starts; refresh
#    the page → login screen.

Startup flow

docker compose up
  ├── mysql    → database starts
  ├── wizard   → AbstractWizard starts (127.0.0.1, SSH-tunnel access)
  ├── backend  → blocks waiting for the config file (polls /config/harborforge.json)
  └── frontend → checks backend state
                 ├── backend not ready → shows the setup wizard (SSH tunnel to wizard)
                 └── backend ready     → normal login screen

Security model

  • The wizard port binds to 127.0.0.1 and is never exposed to the external network; initialization must be done over an SSH tunnel.
  • Config is shared with the backend via a Docker volume (never over the network); the backend mounts it read-only.

Deployment architecture

Host nginx (80/443)
  ├── /     → frontend (Docker, port 3000)
  └── /api/ → backend  (Docker, port 8000)

Internal to Docker (not exposed):
  wizard (127.0.0.1) → config management, SSH-tunnel access
  wizard_config vol  → written by wizard, read-only for the backend
  mysql (127.0.0.1)  → data persistence

Submodules

Submodule Stack Role
AbstractWizard Go First-time setup wizard; atomic config writes + backups; init/readonly modes
HarborForge.Backend Python / FastAPI / SQLAlchemy / MySQL Core API: users, projects, tasks, milestones, proposals, RBAC, webhooks, worklogs, notifications
HarborForge.Frontend React 18 / TS / Vite SPA, ~20 pages; auto-detects an uninitialized backend → setup wizard
HarborForge.Cli Go Permission-aware command-line client hf
HarborForge.Monitor Go Standalone host telemetry client, heartbeat reporting
HarborForge.OpenclawPlugin Node / TS OpenClaw plugin; bridges telemetry; can install the hf skills and calendar scheduling
HarborForge.Test pytest / Playwright Backend and frontend integration tests

Core domain model

  • Milestone: open → freeze → undergoing → completed (freeze requires exactly one release task)
  • Task (issue / story / test / maintenance / research / review / resolution): pending → open → undergoing → completed; completion requires a comment
  • Proposal: a user proposes → a manager accepts → a feature-story task is auto-created in a milestone; rejected proposals can reopen
  • RBAC: fine-grained permissions + a project role hierarchy (guest < viewer < member < dev < mgr < admin)

Ports

Service Container port Bind Env var
Frontend 3000 see compose FRONTEND_PORT
Backend 8000 see compose BACKEND_PORT
MySQL 3306 127.0.0.1 MYSQL_PORT
Wizard 8080 127.0.0.1 WIZARD_PORT

The SSH-tunnel example uses local port 18080 forwarding to the server-side wizard.

Security

Before deploying, you must:

  • Set a strong random SECRET_KEY (e.g. openssl rand -hex 32). The backend refuses to start on a weak/default/short key.
  • Not use the placeholder passwords from .env.example; set a strong MySQL password.
  • Never commit a .env containing real secrets.

The backend's auth / RBAC / SSRF hardening is documented in the "Security" section of the HarborForge.Backend README.

Frontend

The frontend uses a centralized custom design system (the industrial "Foundry Deck" theme); see the HarborForge.Frontend README for details.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 826 KiB
Languages
Markdown 100%