Govern AI coding agents
before they govern your codebase.

Audit, review and control every code decision produced by Claude Code, Codex, Cursor and other AI coding agents.

curl -sSL https://govforge.dev/install.sh | sh
Get startedView on GitHubRead the docs →
Open sourceApache 2.0Self-hostedNo telemetry

Works with the agents you already use

Claude
Codex
Cursor
Cline
Aider
RooCode
Continue
Zed
+ MCP

Any tool that speaks the Model Context Protocol works.

AI agents now write production code.

Most teams have no idea what they decided, or why.

Without GovForge

  • Decisions are implicit
  • Reviews are inconsistent
  • Risks slip through
  • Audit trails don't exist
  • Disagreements are lost
  • Humans rubber-stamp

With GovForge

  • Every decision recorded
  • Reviews are structured
  • Policies catch them
  • Git-aware audit timeline
  • Disagreements are explicit
  • Humans approve with context

What GovForge gives you

Not another agent. The infrastructure to govern the ones you already use.

Decision Records

Every code change becomes a structured decision: author, intent, rationale, risk, status.

Policy Engine

Block changes that touch auth, secrets, or schema without explicit review and approval.

Audit Timeline

Append-only event log linked to every commit, review, finding, and approval.

Structured Disagreement

Capture conflicts between agents as first-class artifacts — not buried in chat history.

Human Approval

High-risk diffs require a human signature. With full context, not blind rubber-stamping.

Git-aware Reviews

Reviews from another agent attached to lines, files, and commits. Findings, not opinions.

Structured AI review lenses

Five governance dimensions on every decision

Security, architecture, patterns, performance, and compliance — each a structured lens on AI-authored changes. Findings flow into the same audit timeline you already trust. Not a SAST scanner. A governance layer.

Security

Auth and session handling, secrets exposure, SQL injection surfaces, unsafe crypto, ACL changes.

Architecture

DDD boundaries, layering, repository pattern, dependency direction, anti-pattern detection.

Patterns

Async consistency, naming conventions, factory usage, CQRS, dependency-injection rules.

Performance

N+1 queries, allocation hotspots, blocking I/O in async handlers, cache bypass.

Compliance

PII exposure, sensitive logging, retention rules, AI Act / Loi 25 / GDPR mapping.

Plays well with the scanners you already run

GovForge stays opinionated about workflow and audit trail. Specialized scanners stay opinionated about their domain. Output from the tools below becomes structured findings on the GovForge timeline — we don't rebuild what they already do well.

  • Semgrep
  • CodeQL
  • Ruff
  • SonarQube
  • Snyk

How it works

Four steps. You just chat with your AI assistant — Claude Code authors, Codex reviews, you approve. Real audit trail at the end.

1

Claude modifies auth.py

Refactor session auth to signed cookies. Flag it as high-risk in GovForge.
Opened TASK-001 (risk: high) in GovForge.
Editing auth.py, middleware/session.py, tests/test_auth.py…
Committed: refactor(auth): signed session cookies
Recorded DEC-001 and attached the diff.
2

Policy engine flags the change

Running GovForge policy checks on DEC-001…
⚠ BLOCKED auth_change_requires_review
auth.py modified — review required
✓ PASSED secret_pattern_detection
✓ PASSED test_required_for_high_risk
Decision moved to review_required. Want me to ask Codex?
3

Codex reviews and disagrees

Yes — focus the review on session security.
(you switch to Codex)
Review DEC-001 in GovForge. Focus on session security.
Found: session token not rotated after login.
severity=high file=middleware/session.py:42
Submitted REV-001 → changes_requested
⚡ Disagreement recorded:
Author: signed cookies are sufficient
Reviewer: signed cookies don't prevent fixation
4

Human approves after fix

(back to Claude Code)
Fix the rotation issue Codex flagged.
Patched. Re-attached the diff. Policies pass.
(you open the cockpit and click Approve)
✓ DEC-001 approved by eric
✓ TASK-001 closed
Audit trail: 7 events, 2 commits, 1 review, 1 disagreement
See the full workflowWatch 90s demoNew to GitHub? Full Git + PR workflow

Local-first. Git-native.

Everything runs on your machine. No cloud unless you choose. Optional team sync (Phase 3) for collaboration and enterprise.

AI Agents

  • Claude Code
  • Codex
  • Cursor
  • + MCP clients

GovForge MCP Server

  • create_task
  • record_decision
  • submit_review
  • ...

Git (read-only)

  • diff, commits
  • files, branches

Decision Store

  • SQLite local
  • events, reviews
  • policies, approvals

Policy Engine

  • auth-change
  • secret-pattern
  • diff-size
  • ...

Audit Timeline

  • append-only
  • Git-aware
  • event sourced

The MCP server is the integration point. Everything else is offline-by-default.

Install in 30 seconds.

Pick a channel. Every channel ships the same v0.1.0 binary — signed with cosign, SHA-256 verified.

Available today
linux / darwin / windows × amd64 / arm64
curl -fsSL https://govforge.dev/install.sh | sh

Detects your OS + arch, downloads the matching gf binary from GitHub Releases, and verifies the SHA-256 against checksums.txt. The script is under 100 lines — read it before piping.

Built for code that actually has consequences.

GovForge runs entirely on your machine. The threat model is pinned by tests in CI — every guarantee is grep-able.

  • Local-first by default

    All data lives in .govforge/govforge.db. Backend binds to 127.0.0.1; MCP transport is stdio. No outbound network calls in Phase 1.

  • Read-only Git

    The extractor uses an allowlist of seven verbs (diff/show/log/rev_parse/ls_tree/rev_list/cat_file). A regression that adds push/reset/checkout/commit fails CI.

  • No shell, no eval

    MCP tools never spawn a subprocess and never call eval/exec. The MCP package is grep-asserted on every PR.

  • Append-only audit log

    Every mutating service writes an Event row. The timeline can be replayed from the events table alone.

  • Apache 2.0

    Open source, enterprise-friendly. No CLA. Auditors can read every line; legal teams can ship without sign-off.

  • Compliance-ready foundations

    Local audit log + signed approvals + per-decision risk classification map onto SOC 2, Loi 25 (Quebec), and the EU AI Act. Phase 3 adds the formal reporting layer.

Read the threat model →

Open core. Pay only for what teams actually need.

Open Source

Apache 2.0 · Forever free

  • MCP server
  • CLI (gf)
  • Local SQLite
  • Git-aware reviews
  • Decision timeline
  • Default policies
  • Local UI cockpit
  • Self-hosted
Install

Enterprise

For teams & compliance

Everything in OSS, plus:

  • Cloud sync
  • Team workspaces
  • RBAC + SSO/SAML
  • Air-gapped deployment
  • Advanced policies
  • Compliance reports
  • SLA support
Contact sales

Built for code that actually matters.

Local-first

Your code never leaves your machine.

Apache 2.0

Permissive, enterprise-friendly license.

No telemetry

Zero phone-home. Verify on GitHub.

Air-gapped ready

Deployment in isolated networks.

Stop trusting AI agents on faith.
Start governing them.

curl -sSL https://govforge.dev/install.sh | sh
Get startedStar on GitHub