feat(forge): add dynamic agent orchestration system for code validation

This introduces the Forge Orchestration System, a comprehensive framework
for code validation through dynamically loaded agents.

Key features:
- Dynamic agent loading from TOML configuration files
- DAG-based agent execution with dependency resolution
- Three built-in agents: SecurityAgent, QualityAgent, AggregatorAgent
- DynamicAgent for user-defined validation rules
- /forge slash command with subcommands (run, status, config, agents, check)
- ForgeView TUI dashboard for validation monitoring
- JSON protocol for structured validation results

Architecture:
- Agents loaded from .cortex/forge/agents/<agent>/rules.toml
- Global config in .cortex/forge/forge.toml
- No hardcoded agent definitions - fully configurable
- ValidationAgent trait for custom agent implementation

Files:
- src/cortex-agents/src/forge/ - Core orchestration modules
- src/cortex-engine/src/commands/forge.rs - Slash command
- src/cortex-tui/src/views/forge.rs - TUI dashboard
- .cortex/forge/ - Configuration files

Author: echobt

.cortex/forge/agents/aggregator/rules.toml

@@ -0,0 +1,26 @@
+# Aggregator Agent Rules Configuration
+
+[agent]
+id = "aggregator"
+name = "Result Aggregator"
+description = "Collects and summarizes all validation results"
+enabled = true
+# Always runs last
+priority = -1
+
+[thresholds]
+# Maximum allowed errors before blocking
+max_errors = 0
+# Maximum allowed warnings
+max_warnings = 10
+# Require all agents to pass
+require_all_pass = true
+
+[actions]
+# What to do when validation passes
+on_pass = "proceed"
+# What to do when validation fails
+on_fail = "block"
+# Generate summary report
+generate_report = true
+report_format = "markdown"

.cortex/forge/agents/quality/rules.toml

@@ -0,0 +1,38 @@
+# Quality Agent Rules Configuration
+
+[agent]
+id = "quality"
+name = "Code Quality Validator"
+description = "Enforces code quality standards and best practices"
+enabled = true
+
+[rules.todo_comments]
+enabled = true
+severity = "warning"
+description = "Find TODO/FIXME/HACK comments"
+patterns = ["TODO", "FIXME", "XXX", "HACK"]
+max_allowed = 0
+
+[rules.unimplemented_code]
+enabled = true
+severity = "error"
+description = "Detect unimplemented!() and todo!() macros"
+
+[rules.error_handling]
+enabled = true
+severity = "warning"
+description = "Check for unwrap() without context"
+allow_in_tests = true
+
+[rules.dead_code]
+enabled = false  # Often handled by compiler
+severity = "info"
+description = "Detect potentially unused code"
+
+[rules.documentation]
+enabled = true
+severity = "info"
+description = "Check for missing documentation on public items"
+require_module_docs = true
+require_function_docs = true
+min_doc_length = 10

.cortex/forge/agents/security/rules.toml

@@ -0,0 +1,37 @@
+# Security Agent Rules Configuration
+
+[agent]
+id = "security"
+name = "Security Validator"
+description = "Checks for security vulnerabilities and best practices"
+enabled = true
+
+[rules.secrets_exposed]
+enabled = true
+severity = "error"
+description = "Detect hardcoded secrets and API keys"
+patterns = [
+    "(?i)(api[_-]?key|apikey)\\s*[=:]\\s*['\"][^'\"]{8,}['\"]",
+    "(?i)(secret|password|passwd|pwd)\\s*[=:]\\s*['\"][^'\"]+['\"]",
+    "(?i)(token|bearer)\\s*[=:]\\s*['\"][^'\"]{16,}['\"]",
+]
+exclude_patterns = ["*.test.rs", "*_test.go", "*.spec.ts"]
+
+[rules.dependencies_audit]
+enabled = true
+severity = "warning"
+description = "Check for known vulnerable dependencies"
+check_cargo_lock = true
+check_package_lock = true
+
+[rules.unsafe_code]
+enabled = true
+severity = "warning"
+description = "Detect unsafe blocks without safety comments"
+require_safety_comment = true
+allowed_files = ["src/ffi/*.rs", "src/sys/*.rs"]
+
+[rules.input_validation]
+enabled = true
+severity = "info"
+description = "Check for proper input validation patterns"

.cortex/forge/forge.toml

@@ -0,0 +1,24 @@
+# Forge Orchestration Configuration
+
+[global]
+# Maximum parallel agent executions
+max_parallel = 4
+# Timeout for each agent in seconds
+timeout_seconds = 300
+# Stop on first failure
+fail_fast = false
+# Output format: "json", "text", "markdown"
+output_format = "json"
+
+[agents.security]
+enabled = true
+priority = 10
+
+[agents.quality]
+enabled = true
+priority = 10
+
+[agents.aggregator]
+enabled = true
+depends_on = ["security", "quality"]
+priority = 5

Cargo.lock

@@ -12,7 +12,9 @@ tokio = { workspace = true }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 serde_yaml = "0.9"
+toml = { workspace = true }
 async-trait = "0.1"
+async-recursion = "1"
 tracing = "0.1"
 thiserror = "1"
 uuid = { version = "1", features = ["v4"] }