zhi/HarborForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
219 Commits 2 Branches 0 Tags
79be9f34c3fc04b36c357bc95e1483111f039981
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
hzhang 79be9f34c3 chore: bump Backend + Frontend submodule pointers 
* HarborForge.Backend  54feb96 → 595391b
  feat(users): auto-default agent accounts to general-agent role
  (POST /users with agent_id sets role=general-agent, was guest).
  Also seeds general-agent in init_bootstrap _DEFAULT_ROLES.

* HarborForge.Frontend 766474f → 04bb0c6
  feat(role-editor): "Use as template" — copy another role's perm set
  Pick from dropdown → click button → replaces all checkboxes locally
  (save still required to persist).

prod cutover: hf_backend v0.4.2 + hf_frontend v0.4.3 live on t1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 19:40:00 +01:00
AbstractWizard @ 21815f58eb
chore: bump all 7 submodule pointers to latest main
2026-05-16 17:57:30 +01:00
archive
docs: move plans into archive and place next wave doc under plans
2026-03-29 11:19:33 +00:00
docs
BE-PR-001: Rename Propose -> Proposal across backend
2026-03-29 15:35:59 +00:00
HarborForge.Backend @ 595391b41b
chore: bump Backend + Frontend submodule pointers
2026-05-24 19:40:00 +01:00
HarborForge.Cli @ b0f4aa286b
chore: bump 4 submodule pointers — wizard removal + supporting work
2026-05-24 19:04:32 +01:00
HarborForge.Frontend @ 04bb0c6f94
chore: bump Backend + Frontend submodule pointers
2026-05-24 19:40:00 +01:00
HarborForge.Monitor @ db986e6bf4
chore: bump all 7 submodule pointers to latest main
2026-05-16 17:57:30 +01:00
HarborForge.OpenclawPlugin @ c2d00c18a7
chore: bump 4 submodule pointers — wizard removal + supporting work
2026-05-24 19:04:32 +01:00
HarborForge.Test @ e6a186b698
chore: bump all 7 submodule pointers to latest main
2026-05-16 17:57:30 +01:00
plans
TEST-CLI-CAL-001 TEST-CLI-PR-001 complete CLI test tasks
2026-04-01 12:03:37 +00:00
.env
fix: docker-compose paths after backend restructure
2026-02-21 08:25:49 +00:00
.env.example
Add .env.example with default port configuration
2026-03-14 08:23:55 +00:00
.gitmodules
feat: add HarborForge.Cli submodule
2026-03-21 07:32:14 +00:00
docker-compose.yml
Use env vars for ports: WIZARD_PORT, MYSQL_PORT, BACKEND_PORT, FRONTEND_PORT
2026-03-14 08:23:49 +00:00
docker-compose.yml.new
Merge feat/task-type-hierarchy into main
2026-03-12 13:12:17 +00:00
nginx-host.conf.example
feat: no-nginx frontend, host nginx config, configurable ports
2026-03-06 13:06:27 +00:00
README.md
docs: translate top-level README to English
2026-05-16 18:32:21 +01:00

README.md

HarborForge

Agent / human collaborative task-management platform — manages the full proposal → milestone → task lifecycle with strict state machines, plus a CLI, monitoring, and OpenClaw integration.

Repository layout

This is the umbrella repository; every component is a git submodule:

HarborForge/
├── AbstractWizard/             # Go, secure first-time setup service (SSH tunnel, port 8080)
├── HarborForge.Backend/        # Python/FastAPI, core REST API + RBAC (port 8000)
├── HarborForge.Frontend/       # React + TypeScript + Vite single-page app (port 3000)
├── HarborForge.Cli/            # Go command-line client `hf`
├── HarborForge.Monitor/        # Go host telemetry client (optional local bridge 9100)
├── HarborForge.OpenclawPlugin/ # Node OpenClaw plugin `harbor-forge`
├── HarborForge.Test/           # Integration tests (backend pytest / frontend Playwright)
├── docker-compose.yml          # Docker orchestration
├── nginx-host.conf.example     # Host nginx config example
└── .env.example                # Environment variable template

Quick start

# Clone and initialize all submodules
git clone --recurse-submodules https://git.hangman-lab.top/zhi/HarborForge.git
cd HarborForge
# If already cloned without submodules:
git submodule update --init --recursive

# Configure environment (do NOT use the defaults — see "Security")
cp .env.example .env
# Edit .env: set at minimum a strong random SECRET_KEY and DB passwords

# Start the services
docker compose up -d

First deployment — setup wizard

HarborForge uses AbstractWizard for secure initialization. The wizard listens on 127.0.0.1 only and must be reached over an SSH tunnel.

# 1. SSH tunnel: forward the wizard port to your machine
ssh -L 18080:127.0.0.1:18080 user@your-server

# 2. Open the frontend in a browser (or via the host nginx).
#    If the backend is not initialized, it redirects to the setup wizard.

# 3. In the wizard, configure: database connection, admin account,
#    default project (optional).

# 4. Once saved, the backend detects the config and starts; refresh
#    the page → login screen.

Startup flow

docker compose up
  ├── mysql    → database starts
  ├── wizard   → AbstractWizard starts (127.0.0.1, SSH-tunnel access)
  ├── backend  → blocks waiting for the config file (polls /config/harborforge.json)
  └── frontend → checks backend state
                 ├── backend not ready → shows the setup wizard (SSH tunnel to wizard)
                 └── backend ready     → normal login screen

Security model

  • The wizard port binds to 127.0.0.1 and is never exposed to the external network; initialization must be done over an SSH tunnel.
  • Config is shared with the backend via a Docker volume (never over the network); the backend mounts it read-only.

Deployment architecture

Host nginx (80/443)
  ├── /     → frontend (Docker, port 3000)
  └── /api/ → backend  (Docker, port 8000)

Internal to Docker (not exposed):
  wizard (127.0.0.1) → config management, SSH-tunnel access
  wizard_config vol  → written by wizard, read-only for the backend
  mysql (127.0.0.1)  → data persistence

Submodules

Submodule Stack Role
AbstractWizard Go First-time setup wizard; atomic config writes + backups; init/readonly modes
HarborForge.Backend Python / FastAPI / SQLAlchemy / MySQL Core API: users, projects, tasks, milestones, proposals, RBAC, webhooks, worklogs, notifications
HarborForge.Frontend React 18 / TS / Vite SPA, ~20 pages; auto-detects an uninitialized backend → setup wizard
HarborForge.Cli Go Permission-aware command-line client hf
HarborForge.Monitor Go Standalone host telemetry client, heartbeat reporting
HarborForge.OpenclawPlugin Node / TS OpenClaw plugin; bridges telemetry; can install the hf skills and calendar scheduling
HarborForge.Test pytest / Playwright Backend and frontend integration tests

Core domain model

  • Milestone: open → freeze → undergoing → completed (freeze requires exactly one release task)
  • Task (issue / story / test / maintenance / research / review / resolution): pending → open → undergoing → completed; completion requires a comment
  • Proposal: a user proposes → a manager accepts → a feature-story task is auto-created in a milestone; rejected proposals can reopen
  • RBAC: fine-grained permissions + a project role hierarchy (guest < viewer < member < dev < mgr < admin)

Ports

Service Container port Bind Env var
Frontend 3000 see compose FRONTEND_PORT
Backend 8000 see compose BACKEND_PORT
MySQL 3306 127.0.0.1 MYSQL_PORT
Wizard 8080 127.0.0.1 WIZARD_PORT

The SSH-tunnel example uses local port 18080 forwarding to the server-side wizard.

Security

Before deploying, you must:

  • Set a strong random SECRET_KEY (e.g. openssl rand -hex 32). The backend refuses to start on a weak/default/short key.
  • Not use the placeholder passwords from .env.example; set a strong MySQL password.
  • Never commit a .env containing real secrets.

The backend's auth / RBAC / SSRF hardening is documented in the "Security" section of the HarborForge.Backend README.

Frontend

The frontend uses a centralized custom design system (the industrial "Foundry Deck" theme); see the HarborForge.Frontend README for details.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 826 KiB
Languages
Markdown 100%