forge
mcp
Pass
Health Pass
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 12 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool is a secure, portable runtime for building and deploying AI agents from a single configuration file. It is designed to run these agents locally, in the cloud, or in air-gapped enterprise environments without exposing inbound network tunnels.
Security Assessment
Overall Risk: Medium. The tool is designed with strong security principles, such as outbound-only connections, encrypted secrets, and artifact signing. However, because it orchestrates and runs AI agents, it inherently processes data and executes actions (like subprocess proxying and cron scheduling) based on user inputs. The automated code scan found no dangerous patterns, hardcoded secrets, or dangerous permission requests. Network requests are heavily featured but appear strictly controlled via egress allowlists. As with any AI agent runtime, there is inherent risk in the prompts and skills it executes, so users must trust the agent definitions they provide.
Quality Assessment
The project demonstrates good overall health. It is actively maintained, with repository activity as recent as today. It uses the permissive Apache-2.0 license, making it highly suitable for both open-source and enterprise adoption. The project has a small but growing community, currently backed by 12 GitHub stars, which indicates early-stage validation rather than widespread community trust.
Verdict
Safe to use, provided you review the specific AI skills and configurations you instruct it to run.
This tool is a secure, portable runtime for building and deploying AI agents from a single configuration file. It is designed to run these agents locally, in the cloud, or in air-gapped enterprise environments without exposing inbound network tunnels.
Security Assessment
Overall Risk: Medium. The tool is designed with strong security principles, such as outbound-only connections, encrypted secrets, and artifact signing. However, because it orchestrates and runs AI agents, it inherently processes data and executes actions (like subprocess proxying and cron scheduling) based on user inputs. The automated code scan found no dangerous patterns, hardcoded secrets, or dangerous permission requests. Network requests are heavily featured but appear strictly controlled via egress allowlists. As with any AI agent runtime, there is inherent risk in the prompts and skills it executes, so users must trust the agent definitions they provide.
Quality Assessment
The project demonstrates good overall health. It is actively maintained, with repository activity as recent as today. It uses the permissive Apache-2.0 license, making it highly suitable for both open-source and enterprise adoption. The project has a small but growing community, currently backed by 12 GitHub stars, which indicates early-stage validation rather than widespread community trust.
Verdict
Safe to use, provided you review the specific AI skills and configurations you instruct it to run.
Forge - OpenClaw for Enterprise: Forge is a secure, portable AI Agent runtime. Run agents locally, in cloud, or enterprise environments without exposing inbound tunnels.
README.md
Forge — OpenClaw for Enterprise: A Secure, Portable AI Agent Runtime
Build, run, and deploy AI agents from a single SKILL.md file.
Secure by default. Runs anywhere — local, container, cloud, air-gapped.
Why Forge?
- 60-second setup —
forge initwizard configures provider, keys, channels, and skills - Secure by default — outbound-only connections, egress allowlists, encrypted secrets, no public listeners
- Portable — same agent runs locally, in Docker, Kubernetes, or inside Initializ Command
- Observable — structured NDJSON audit logs with correlation IDs for every action
- Extensible — add skills, tools, channels, and LLM providers without changing core code
Quick Start
# Install (pick one)
brew install initializ/tap/forge
curl -sSL https://raw.githubusercontent.com/initializ/forge/main/install.sh | bash
# Create and run an agent
forge init my-agent && cd my-agent && forge run
# Connect to Slack
forge run --with slack
See Quick Start for the full walkthrough, or Installation for all methods.
How It Works
SKILL.md --> Parse --> Discover tools/requirements --> Compile AgentSpec
|
v
Apply security policy
|
v
Run LLM agent loop
(tool calling + memory + cron)
You write a SKILL.md. Forge compiles it into a secure, runnable agent with egress controls, encrypted secrets, and audit logging.
Key Features
| Feature | Description |
|---|---|
| Atomic Skills | SKILL.md-based agent definitions with YAML frontmatter |
| Egress Security | Runtime + build-time domain allowlists with subprocess proxy |
| Channel Connectors | Slack (Socket Mode), Telegram (polling) — outbound-only |
| Cron Scheduling | Recurring tasks with channel delivery |
| Memory | Session persistence + long-term vector search |
| LLM Fallbacks | Multi-provider with automatic failover |
| Web Dashboard | forge ui for browser-based agent management |
| Build Signing | Ed25519 artifact signing & verification |
| Air-Gap Ready | Runs with local models, no cloud required |
Documentation
Getting Started
| Document | Description |
|---|---|
| Quick Start | Get an agent running in 60 seconds |
| Installation | Homebrew, binary, and Windows install |
| Architecture | System design, module layout, and data flows |
Core Concepts
| Document | Description |
|---|---|
| Skills | Skill definitions, registry, and compilation |
| Tools | Built-in tools, adapters, and custom tools |
| Runtime | LLM providers, fallback chains, running modes |
| Memory | Session persistence and long-term memory |
| Channels | Slack and Telegram adapter setup |
| Scheduling | Cron configuration and schedule tools |
Security
| Document | Description |
|---|---|
| Security Overview | Complete security architecture |
| Egress Security | Egress enforcement deep dive |
| Secrets | Encrypted secret management |
| Build Signing | Ed25519 signing and verification |
| Guardrails | Content filtering and PII detection |
Operations
| Document | Description |
|---|---|
| Commands | Full CLI reference |
| Configuration | forge.yaml schema and environment variables |
| Dashboard | Web UI features and architecture |
| Deployment | Container packaging, Kubernetes, air-gap |
| Hooks | Agent loop hook system |
| Plugins | Framework plugin system |
| Command Integration | Initializ Command platform guide |
Philosophy
Running agents that do real work requires atomicity (explicit skills, defined tools, declared dependencies), security (restricted egress, encrypted secrets, audit trails), and portability (runs locally, in containers, in Kubernetes, in cloud — same agent, anywhere).
Real agent systems require atomicity, security, and portability. Forge provides those building blocks.
Contributing
We welcome contributions! See CONTRIBUTING.md for development setup, how to add skills/tools/channels, and the PR process.
Please read our Code of Conduct before participating.
License
See LICENSE for details.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found