Skip to content

feat(forgejo): add forgejo-project CLI for project board management via web routes#135

Merged
ncrmro merged 5 commits intomainfrom
copilot/feat-automate-project-board-management
Mar 19, 2026
Merged

feat(forgejo): add forgejo-project CLI for project board management via web routes#135
ncrmro merged 5 commits intomainfrom
copilot/feat-automate-project-board-management

Conversation

Copy link
Contributor

Copilot AI commented Mar 19, 2026
edited
Loading

Forgejo has no REST API for project boards (upstream PR open since Nov 2023). All board operations are possible via the web UI's internal HTTP endpoints using session cookie auth — API tokens and OAuth2 tokens are explicitly skipped for non-/api/ paths.

New package: packages/forgejo-project

Single Bash script (curl + jq only) implementing a gh project-like interface over Forgejo's web routes:

# Login once — session cookie cached at ~/.local/state/forgejo-project/cookies.txt
forgejo-project login --host git.example.com --user alice \
  --password-cmd "rbw get git.example.com --field password"

# Project CRUD
forgejo-project create --repo owner/repo --title "v1.0" --template basic-kanban
forgejo-project list   --repo owner/repo          # JSON output

# Column CRUD
forgejo-project column add  --repo owner/repo --project 5 --title "In Review" --color "#0075ca"
forgejo-project column edit --repo owner/repo --project 5 --column 3 --title "Reviewing"

# Issue management (resolves issue number → internal DB ID via REST API automatically)
forgejo-project item add  --repo owner/repo --project 5 --issue 42
forgejo-project item move --repo owner/repo --project 5 --issue 42 --column 3

Key design details:

  • --password-cmd delegates credential retrieval to rbw, pass, op, etc.
  • Auto re-login: _curl wrapper detects 302→/user/login and transparently retries
  • Issue ID resolution: uses /api/v1/repos/{owner}/{repo}/issues/{number} (session cookies work there) to convert issue numbers to internal DB IDs
  • HTML parsing for list commands via grep -oP — no full HTML parser needed

Integration

  • Registered in flake.nix overlay (pkgs.keystone.forgejo-project) and packages.x86_64-linux
  • Automatically included when keystone.terminal.git.forgejo.enable = true
  • AGENTS.md updated with project board automation docs and CLI reference
Original prompt

This section details on the original issue you should resolve

<issue_title>feat(forgejo): automate project board management via web routes</issue_title>
<issue_description>## Context

Forgejo has no REST API for project boards. The upstream Gitea PR (go-gitea/gitea#28111) to add project API endpoints has been open since Nov 2023 with no merge in sight.

However, investigation of the Forgejo source code (routers/web/repo/projects.go) reveals that all board operations are automatable via curl using the web UI's internal HTTP endpoints with session cookie authentication.

Findings

What works (all tested against git.ncrmro.com)

Operation Method Endpoint Auth Response
Login POST /user/login form: user_name, password 303 + session cookie
Create project POST /{owner}/{repo}/projects/new session cookie 303 redirect
Add column POST /{owner}/{repo}/projects/{id} session cookie {"ok":true}
Assign issue to project POST /{owner}/{repo}/issues/projects session cookie {"ok":true}
Move issue between columns POST /{owner}/{repo}/projects/{id}/{colID}/move session cookie + JSON body {"ok":true}
Edit column PUT /{owner}/{repo}/projects/{id}/{colID} session cookie {"ok":true}
Set default column POST /{owner}/{repo}/projects/{id}/{colID}/default session cookie {"ok":true}
Delete column DELETE /{owner}/{repo}/projects/{id}/{colID} session cookie JSON
Close/open project POST /{owner}/{repo}/projects/{id}/{open|close} session cookie JSON redirect
Delete project POST /{owner}/{repo}/projects/{id}/delete session cookie {"redirect":"..."}

Why it works without CSRF tokens

Forgejo uses Go 1.25's net/http.CrossOriginProtection which only blocks browser cross-origin requests. Plain curl (no Sec-Fetch-Site or Origin headers) passes the check by design.

Auth limitations

  • API tokens do NOT workservices/auth/basic.go line 47 explicitly skips non-/api/ paths
  • OAuth2 tokens do NOT workservices/auth/oauth2.go line 221 explicitly skips non-API paths
  • Session cookies are the only auth method for web routes
  • Issue assignment (issue_ids param) uses internal DB IDs, not issue numbers — must resolve via GET /api/v1/repos/{owner}/{repo}/issues/{number} first

Form parameters

CreateProjectForm:
  Title        string  (required, max 100)
  Content      string  (description)
  TemplateType int     (0=none, 1=basic kanban, 2=bug triage)
  CardType     int     (card display type)

EditProjectColumnForm:
  Title   string  (required, max 100)
  Sorting int8    (column sort order)
  Color   string  (hex color, max 7 chars)

MoveIssues (JSON body):
  {"issues": [{"issueID": <internal_id>, "sorting": <int>}]}

New Requirements

1. forgejo-project CLI script

Location: bin/forgejo-project (in keystone or agents repo — TBD)

The script wraps Forgejo's web routes into a gh project-like CLI. It should be a single Bash script with no dependencies beyond curl and jq.

Interface

# Auth — login once, cache session cookie at ~/.local/state/forgejo-project/cookies.txt
forgejo-project login --host git.ncrmro.com --user drago --password-cmd "rbw get mail.ncrmro.com --field password"

# Project CRUD
forgejo-project create --repo ncrmro/agents --title "v1.0" --template basic-kanban
forgejo-project list   --repo ncrmro/agents                          # parse HTML, output JSON
forgejo-project close  --repo ncrmro/agents --project 5
forgejo-project open   --repo ncrmro/agents --project 5
forgejo-project delete --repo ncrmro/agents --project 5

# Column CRUD
forgejo-project column add     --repo ncrmro/agents --project 5 --title "In Review" --color "#0075ca"
forgejo-project column list    --repo ncrmro/agents --project 5  # parse HTML, output JSON
forgejo-project column edit    --repo ncrmro/agents --project 5 --column 3 --title "Reviewing" --color "#e4e669"
forgejo-project column default --repo ncrmro/agents --project 5 --column 1
forgejo-project column delete  --repo ncrmro/agents --project 5 --column 3

# Issue management
forgejo-project item add  --repo ncrmro/agents --project 5 --issue 42       # resolves ncrmro/keystone#42 → internal ID via API
forgejo-project item move --repo ncrmro/agents --project 5 --issue 42 --column 3
forgejo-project item list --repo ncrmro/agents --project 5                  # parse HTML, output JSON

Implementation details

#!/usr/bin/env bash
set -euo pipefail

STATE_DIR="${XDG_STATE_HOME:-$HOME/.local/state}/forgejo-project"
COOKIE_JAR="$STATE_DIR/cookies.txt"

# ── Helpers ──────────────────────────────────────────────────────────

_host() { # read from --host flag or FORGEJO_HOST env
  echo "${FORGEJO_HOST:?Set FORGEJO_HOST or pass --host...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes ncrmro/keystone#133

<!-- START COPILOT CODING AGENT TIPS -->
---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. [Learn more about Advanced Security.](https://gh.io/cca-advanced-security)

Copilot AI changed the title [WIP] Add automation for project board management via web routes feat(forgejo): add forgejo-project CLI for project board management via web routes Mar 19, 2026
Copilot AI requested a review from ncrmro March 19, 2026 02:34
Copilot AI and others added 3 commits March 18, 2026 21:50
@kdrgo
Initial plan
cdb9b4b
@ncrmro @kdrgo
feat(forgejo): add forgejo-project CLI for project board management v…
d9bc197 
…ia web routes

Co-authored-by: ncrmro <8276365+ncrmro@users.noreply.github.com>
@kdrgo @claude
docs(conventions): update Forgejo project board sections with automation
e9ef03a 
Replace "manual web UI" guidance with forgejo-project CLI references
now that all board operations work via session cookie auth.

- tool.forgejo: add full CLI reference, web route table, auth details
- process.project-board: update transition rules, replace Forgejo
  Limitations with Forgejo Automation section

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kdrgo kdrgo force-pushed the copilot/feat-automate-project-board-management branch from 558b199 to e9ef03a Compare March 19, 2026 02:51
kdrgo and others added 2 commits March 18, 2026 22:05
@kdrgo @claude
fix(conventions): remove explicit login step from forgejo-project docs
b869603 
The script auto-authenticates on first use and re-authenticates on
session expiry — no explicit login call needed. Agents just set
FORGEJO_HOST, FORGEJO_USER, and FORGEJO_PASSWORD_CMD env vars.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kdrgo @claude
refactor(conventions): trim forgejo project board section to usage only
6a420ef 
Remove implementation details (web route table, session cookie
internals, internal ID resolution) that the forgejo-project CLI
abstracts away. Keep only what agents need: env vars, CLI commands.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ncrmro ncrmro marked this pull request as ready for review March 19, 2026 03:10
@ncrmro ncrmro merged commit 6939dbc into main Mar 19, 2026
4 checks passed
@ncrmro ncrmro linked an issue Mar 19, 2026 that may be closed by this pull request
feat(forgejo): automate project board management via web routes #133
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ncrmro ncrmro Awaiting requested review from ncrmro

Assignees

@ncrmro ncrmro

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(forgejo): automate project board management via web routes

3 participants

@ncrmro @kdrgo