Govern AI coding agents
before they govern your codebase.

Audit, review and control every code decision produced by Claude Code, Codex, Cursor and other AI coding agents.

curl -sSL https://govforge.dev/install.sh | sh
Get startedView on GitHubRead the docs →
Open sourceApache 2.0Self-hostedNo telemetry

Works with the agents you already use

Claude
Codex
Cursor
Cline
Aider
RooCode
Continue
Zed
+ MCP

Any tool that speaks the Model Context Protocol works.

AI agents now write production code.

Most teams have no idea what they decided, or why.

Without GovForge

  • Decisions are implicit
  • Reviews are inconsistent
  • Risks slip through
  • Audit trails don't exist
  • Disagreements are lost
  • Humans rubber-stamp

With GovForge

  • Every decision recorded
  • Reviews are structured
  • Policies catch them
  • Git-aware audit timeline
  • Disagreements are explicit
  • Humans approve with context

What GovForge gives you

Not another agent. The infrastructure to govern the ones you already use.

Decision Records

Every code change becomes a structured decision: author, intent, rationale, risk, status.

Policy Engine

Block changes that touch auth, secrets, or schema without explicit review and approval.

Audit Timeline

Append-only event log linked to every commit, review, finding, and approval.

Structured Disagreement

Capture conflicts between agents as first-class artifacts — not buried in chat history.

Human Approval

High-risk diffs require a human signature. With full context, not blind rubber-stamping.

Git-aware Reviews

Reviews from another agent attached to lines, files, and commits. Findings, not opinions.

How it works

Four steps. Real CLI commands. Real audit trail at the end.

1

Claude modifies auth.py

gf task create --title "Migrate auth to signed cookies"
TASK-001 created
# Claude commits the change
git commit -m "refactor(auth): signed session cookies"
gf git attach --decision DEC-001 --commit HEAD
2

Policy engine flags the change

gf policy check --decision DEC-001
⚠ BLOCKED auth_change_requires_review
auth.py modified — review required
✓ PASSED secret_pattern_detection
✓ PASSED test_required_for_high_risk
3

Codex reviews and disagrees

gf review request --decision DEC-001 --reviewer codex
📝 codex submitted REV-001 → changes_requested
high security middleware/session.py:42
Session token is not rotated after login.
⚡ Disagreement recorded:
Author: signed cookies are sufficient
Reviewer: signed cookies do not prevent fixation
4

Human approves after fix

gf approve DEC-001 --comment "Approved after token rotation"
✓ DEC-001 approved by eric
✓ TASK-001 closed
Audit trail: 7 events, 1 commit, 1 review, 1 disagreement
See the full workflowWatch 90s demo

Local-first. Git-native.

Everything runs on your machine. No cloud unless you choose. Optional team sync (Phase 3) for collaboration and enterprise.

AI Agents

  • Claude Code
  • Codex
  • Cursor
  • + MCP clients

GovForge MCP Server

  • create_task
  • record_decision
  • submit_review
  • ...

Git (read-only)

  • diff, commits
  • files, branches

Decision Store

  • SQLite local
  • events, reviews
  • policies, approvals

Policy Engine

  • auth-change
  • secret-pattern
  • diff-size
  • ...

Audit Timeline

  • append-only
  • Git-aware
  • event sourced

The MCP server is the integration point. Everything else is offline-by-default.

Install in 30 seconds.

Pick a channel. Every channel ships the same v0.1.0 binary — signed with cosign, SHA-256 verified.

Available today
linux / darwin / windows × amd64 / arm64
curl -fsSL https://govforge.dev/install.sh | sh

Detects your OS + arch, downloads the matching gf binary from GitHub Releases, and verifies the SHA-256 against checksums.txt. The script is under 100 lines — read it before piping.

Built for code that actually has consequences.

GovForge runs entirely on your machine. The threat model is pinned by tests in CI — every guarantee is grep-able.

  • Local-first by default

    All data lives in .govforge/govforge.db. Backend binds to 127.0.0.1; MCP transport is stdio. No outbound network calls in Phase 1.

  • Read-only Git

    The extractor uses an allowlist of seven verbs (diff/show/log/rev_parse/ls_tree/rev_list/cat_file). A regression that adds push/reset/checkout/commit fails CI.

  • No shell, no eval

    MCP tools never spawn a subprocess and never call eval/exec. The MCP package is grep-asserted on every PR.

  • Append-only audit log

    Every mutating service writes an Event row. The timeline can be replayed from the events table alone.

  • Apache 2.0

    Open source, enterprise-friendly. No CLA. Auditors can read every line; legal teams can ship without sign-off.

  • Compliance-ready foundations

    Local audit log + signed approvals + per-decision risk classification map onto SOC 2, Loi 25 (Quebec), and the EU AI Act. Phase 3 adds the formal reporting layer.

Read the threat model →

Open core. Pay only for what teams actually need.

Open Source

Apache 2.0 · Forever free

  • MCP server
  • CLI (gf)
  • Local SQLite
  • Git-aware reviews
  • Decision timeline
  • Default policies
  • Local UI cockpit
  • Self-hosted
Install

Enterprise

For teams & compliance

Everything in OSS, plus:

  • Cloud sync
  • Team workspaces
  • RBAC + SSO/SAML
  • Air-gapped deployment
  • Advanced policies
  • Compliance reports
  • SLA support
Contact sales

Built for code that actually matters.

Local-first

Your code never leaves your machine.

Apache 2.0

Permissive, enterprise-friendly license.

No telemetry

Zero phone-home. Verify on GitHub.

Air-gapped ready

Deployment in isolated networks.

Stop trusting AI agents on faith.
Start governing them.

curl -sSL https://govforge.dev/install.sh | sh
Get startedStar on GitHub