What It Is
Agent Forge is a template agent system manager. You register your projects, and the forge scans them against a pattern library, identifies gaps, and propagates best practices — one project at a time.
How It Works
- Audit — scans every registered project's agent system
- Review — compares against the pattern library, ranks by priority
- Propagate — applies upgrades to one project at a time
- Update — refreshes patterns and the registry
- Repeat
Forge Roles
Forgemaster
Coordinates the audit-and-propagate cycle. Decides what to scan, what to upgrade, and in what order.
Assayer
Scans projects against the pattern library. Produces gap analyses with maturity levels and concrete upgrade plans.
Smith
Applies upgrades to target projects. Adapts templates to each project's domain, conventions, and tone.
Keeper
Maintains the pattern library. Challenges the assayer's findings to keep the forge honest about itself.
Pattern Library
The forge scans against patterns from Rhizome, the agent orchestration pattern catalog.
Security
When you run Agent Forge, your AI agent reads the role files and patterns in this repo as instructions. That's a supply chain risk — a compromised prompt file could instruct your agent to exfiltrate data or modify code in harmful ways. We take that seriously.
What we have in place:
- Automated security scan on every release: checks all prompt files for network requests, sensitive file access, encoding/eval, system paths outside project scope, and confirmation bypasses
- Automated leak scan: catches ecosystem-specific data that shouldn't be in a generic template
- Pinned tag releases — clone a vetted tag, not
main - Upstream upgrade diffs — when a new version is available, the forge shows you the diff and asks before applying
- Role files are plain markdown with no obfuscation — you can read every instruction your agent will follow
Read the full policy: SECURITY.md