docs: record Forge fork deltas + plugin-surface constraint in CLAUDE/README

[jestyr27]

Summary

Refresh the fork docs with the latest context: record the in-flight Forge groundwork in CLAUDE.md and note the fork's purpose in the README.

Changes

• CLAUDE.md — add the new fork deltas to the "Fork changes (current)" table (runtime-context trust boundary, multi-provider OAuth device-code, NocoDB read preset template, with PR links), and add a "plugin surface is observe-and-annotate" note: registerCommand has no HTTP and cannot seed an agent turn, so agent-behavior changes go through hooks / runtime-context.ts or agent-native tools, not commands.
• README.md — add a brief uhstray-io fork note pointing to CLAUDE.md (kept minimal so it stays mergeable with upstream).

Type of Change

• Doc only (prose changes, no code sample modifications)

Verification

• markdownlint-cli2 passes (pre-commit hook)
• No secrets, API keys, or credentials committed
• No code changes (docs only)

---

Signed-off-by: Joseph A. Wisneski IV stray@uhstray.io

Summary by CodeRabbit

• Documentation

  • Updated README to clarify the fork's relationship to upstream and point to fork-specific guidance.
  • Enhanced fork documentation with plugin architecture clarifications and behavioral context.

• Proposals

  • Added proposal for improved web-fetch functionality with fallback handling.
  • Added comprehensive plan for Forge assistant integration within the sandbox environment.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 15e98114-52d2-48c9-ba7f-5349fcf191fe

📥 Commits

Reviewing files that changed from the base of the PR and between 020dbff and 2f27c85.

📒 Files selected for processing (4)

• CLAUDE.md
• README.md
• proposals/firecrawl-web-fetch-provider.md
• proposals/forge-integration-plan.md

---

📝 Walkthrough

Walkthrough

This PR establishes the uhstray-io fork's public identity, contributor rules, and documents two major implementation proposals: a Firecrawl web-fetch enhancement and a comprehensive Forge assistant security plan grounded in verified architecture constraints and phased gating.

Changes

Fork foundation and implementation groundwork

Layer / File(s)	Summary
Fork identity and contributor guidance README.md, CLAUDE.md	README introduces the uhstray-io fork as tracking upstream with targeted fixes and Forge groundwork. CLAUDE.md adds commit/PR hygiene rules, clarifies that slash commands and plugin handlers are display-only/observe-only (no network calls, no agent-turn injection), and documents fork changes including web-search config, tool-aware runtime context, untrusted-data boundaries, multi-provider OAuth, and NocoDB preset examples.
Firecrawl web-fetch fallback proposal proposals/firecrawl-web-fetch-provider.md	Complete feature proposal for self-hosted Firecrawl fallback to handle JS-rendered and bot-protected pages. Specifies two-layer egress control (sandbox→Firecrawl only; Firecrawl→approved targets), documents current Readability behavior and failure modes, defines Phase 0/1 verification and deployment, introduces firecrawl-self egress policy preset with RFC1918 IP restrictions, wires OpenClaw config generator via plugins.entries.firecrawl.config.webFetch.*, outlines optional Phase 4 keyed/brokered mode, and provides testing gates and rollback strategy.
Forge integration security-first execution plan proposals/forge-integration-plan.md	Comprehensive architectural plan establishing six execution gates (G-1…G-6) for security blockers, ground-truth repo facts (registerCommand HTTP limitations, hook constraints, cron gaps), resolved prior layering conflicts, feasibility tiers A/B/C/D, and phased execution Phase 0 (verification) through Phase 5 (conditional integrations). Specifies per-workstream security controls (identity separation, secret custody, L7+host gating, untrusted-data provenance), documents cuts/deferrals (incident playbook, IMAP/SMTP/SSH/socket), and provides testing and upstream-PR-ability guidance with key file references.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

📝 A fork finds its footing, rules bright and clear,
Two pathways unfold: Firecrawl draws near,
While Forge gates its secrets with six careful locks,
Each phase builds on truth—no rickety rocks. 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs: record Forge fork deltas + plugin-surface constraint in CLAUDE/README' directly and specifically describes the main changes: documentation updates to CLAUDE.md and README.md recording Forge fork deltas and plugin-surface constraints.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/update-fork-context

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}