Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# CODEOWNERS — every PR needs an approval from a code owner before merge
# (enforced by the protect-main ruleset's "Require review from Code Owners").
# Owner is the @Forgeweb-ai/maintainers team (has write access). Last matching rule wins.

# Default: everything requires a maintainer review.
* @Forgeweb-ai/maintainers

# High blast-radius paths — runner image ships to every project container;
# forge-server runner code controls container lifecycle for all projects.
/forge-server/runner-image/ @Forgeweb-ai/maintainers
/forge-server/forge_server/runner/ @Forgeweb-ai/maintainers
/opencode/ @Forgeweb-ai/maintainers
/.github/ @Forgeweb-ai/maintainers
68 changes: 68 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# Forge CI — required status checks for the protect-main ruleset.
# Keep jobs fast and deterministic: typecheck + syntax gates, no network
# beyond dependency install. Add heavier suites (pytest, bun test) as
# separate jobs later so a flaky test never blocks a docs-only PR longer
# than needed.
name: ci

on:
pull_request:
push:
branches: [main]

concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

jobs:
forge-ui-typecheck:
name: forge-ui typecheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
# forge-ui is a workspace of the opencode monorepo — install from there.
- name: Install deps
run: bun install --cwd opencode
- name: Typecheck
run: bun run typecheck
working-directory: forge-ui

forge-server-check:
name: forge-server syntax + tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip
cache-dependency-path: forge-server/requirements*.txt
- name: Compile check (no deps needed)
run: python -m compileall -q forge_server
working-directory: forge-server
- name: Install deps
run: pip install -r requirements.txt -r requirements-dev.txt
working-directory: forge-server
- name: Unit tests
run: python -m pytest tests -x -q
working-directory: forge-server

runner-image-shellcheck:
name: runner-image script syntax
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: bash -n all runner scripts
run: |
set -e
for f in forge-server/runner-image/*.sh dev.sh install.sh; do
echo "checking $f"; bash -n "$f"
done
- name: node syntax check loader/visitor
run: |
node --check forge-server/runner-image/forge-source-stamp/loader.js
node --check forge-server/runner-image/forge-source-stamp/visitor.js
node --check forge-server/runner-image/forge-db-precheck.js
8 changes: 7 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ SECRETS_AUDIT.local.md
# forge-server smoke artifacts
forge-server/*.png

# Landing site — deployed separately to forgeweb.ai, not shipped in the OSS repo
# Landing site — deployed separately, not shipped in the OSS repo
/landing/

# Backup files from in-place sed edits
Expand All @@ -110,3 +110,9 @@ CLAUDE.md

# forge-qa run output — local artifacts, never commit
/forge-qa/results/

# Supabase CLI local state + Studio scratch — regenerated locally, never commit.
# supabase/config.toml stays tracked (it's the real project config).
/supabase/.branches/
/supabase/.temp/
/supabase/snippets/
6 changes: 3 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ Forgeweb/
└── docker-compose.yml # Source-build compose
```

**Rule of thumb on `opencode/`.** It's a vendored fork of [sst/opencode](https://github.com/sst/opencode), kept as close to upstream as possible. If your change is something upstream would accept (a generic bug fix, a provider addition, an SDK update), **file it upstream first** that benefits the wider opencode community and means we can drop our patch when upstream merges. If your change is Forge-specific (BYOK middleware, our skill catalog, the design-pool, the verify subagent), it lives in our fork.
**`opencode/` is frozen — don't modify it.** It's a vendored fork of [sst/opencode](https://github.com/sst/opencode), and Forge is tightly bound to this exact revision: the BYOK middleware, the skill catalog, the design-pool, and the verify subagent all depend on its current internals. **We are not accepting changes to `opencode/` for now — PRs that touch it will be closed.** If you've hit a bug that lives inside the agent runtime, open an issue describing it and we'll handle the fork bump on our side. Anything Forge-specific you'd want to change lives *outside* `opencode/` anyway — see the table below.

---

Expand All @@ -67,7 +67,7 @@ Forgeweb/
| The chat UI, settings dialogs, file tree, preview tabs | `forge-ui/` |
| API endpoints, BYOK encryption, image-job worker, sleep manager | `forge-server/` |
| The skill the agent reads when picking colors / building auth / etc. | `forge-opencode-config/` (or `forge-server/forge_server/skills/` for skills mounted into the agent container) |
| A new LLM provider, an SDK update, a generic agent improvement | `opencode/` — but file upstream first |
| A change inside the agent runtime (new LLM provider, SDK bump, generic agent fix) | Nothing — `opencode/` is **frozen** right now. Open an issue, don't PR it. |
| A new image model | Provider registry in `forge-server/forge_server/imagegen/providers.py` + (optional) custom catalog entry |
| Landing-page copy / screenshots | `landing/` |

Expand Down Expand Up @@ -110,7 +110,7 @@ The Docker path uses plain Postgres (no Supabase Storage), so snapshot worker no

Forge platform code is [Business Source License 1.1](LICENSE) (converting to Apache 2.0 four years after each release). Contributions to platform code are accepted under BSL 1.1.

The vendored `opencode/` subtree stays MIT (upstream's license). Contributions to `opencode/` are accepted under MIT, and we strongly prefer they go upstream first.
The vendored `opencode/` subtree stays MIT (upstream's license), but it is **frozen** — we are not accepting contributions to it for now, since it's tightly bound to Forge's internals (see [How the repo is laid out](#how-the-repo-is-laid-out)).

By submitting a PR you confirm you have the right to license the contribution under the relevant license.

Expand Down
16 changes: 4 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

Forge is the open-source, self-hosted alternative to [Lovable](https://lovable.dev) and [v0.dev](https://v0.dev). Describe the app you want, an AI agent ships the code, and you keep your API keys and your code on your own machine. There is no Forge SaaS, no token resale, no telemetry. The default model is free (DeepSeek V4 Flash via opencode zen) from opencode, so a fresh install works with zero API keys. Bring an Anthropic / OpenAI / Moonshot / Google / Replicate key from in-app Settings only if you want a paid model.

[Live page → forgeweb.ai](https://forgeweb.ai) · [License: BSL 1.1](LICENSE) · Built on [opencode](https://github.com/sst/opencode) (MIT)
[License: BSL 1.1](LICENSE) · Built on [opencode](https://github.com/sst/opencode) (MIT)

---

Expand Down Expand Up @@ -81,18 +81,11 @@ The Docker path uses plain Postgres for Forge's own metadata; the `install.sh` p

## Bring your own keys

Forge doesn't resell tokens. You connect your own provider, you pay your own bill, you can cancel any time by removing the key.
Model and key handling comes straight from opencode — you bring your own provider keys, pay your own bill, and cancel any time by removing a key. Forge doesn't resell tokens.

| Provider | What it powers | Required? |
|---|---|---|
| **opencode zen** (default) | DeepSeek V4 Flash Free — chat + design out of the box | Default |
| Anthropic | Claude Sonnet 4.6, Opus 4.6, Haiku 4.5 chat models | Optional |
| OpenAI | GPT chat; gpt-image-1 for image gen | Optional |
| Moonshot | Kimi K2 chat | Optional |
| Google | Gemini chat + Imagen image gen | Optional |
| Replicate | Flux, SDXL, other open-weight image models | Optional |
A fresh install works out of the box on opencode zen's free default, with zero keys. Add your own Anthropic, OpenAI, Moonshot, Google, or Replicate key from in-app Settings only if you want a paid model or image generation.

All paid keys go in via **Settings → API Keys** inside the app. Never in `.env`. Encrypted on disk; decrypted only on the provider request that needs them.
All paid keys go in via **Settings → API Keys** inside the app — never in `.env`. They're encrypted on disk and decrypted only on the provider request that needs them.

### About Supabase

Expand All @@ -118,7 +111,6 @@ When you send a chat message: forge-server forwards it to the opencode agent, th

## Documentation

- [forgeweb.ai](https://forgeweb.ai) — full user-facing docs, architecture diagram, FAQ-style deep-dives.
- [`CONTRIBUTING.md`](CONTRIBUTING.md) — repo layout, dev environment, PR conventions.
- [`LICENSE`](LICENSE) — Business Source License 1.1.
- [`NOTICE`](NOTICE) — third-party attribution (opencode MIT, dependencies).
Expand Down
Loading
Loading