Six months in the making. A complete rebuild of FORG from the ground up. Three pillars, new architecture, new plans, and the most significant set of new capabilities we've shipped since launch.
Major release
v3.0.0 is a major release with breaking changes from v1.x and v2.x. Review the migration notes below before upgrading.
FORG v3 is a ground-up rebuild across all three components. The agent is rewritten in Go with CGO-native keystore support (macOS Security.framework, Linux libsecret, Windows DPAPI). The Rules Engine is a new Cloudflare Worker with a versioned signal schema, atomic budget accumulators, and sub-5ms P50 evaluation. The dashboard is rebuilt on Next.js 15 App Router with a new design system.
The v1.5.x plugin model (shell-based, single-adapter) is retired. Tag pre-rebuild-v1.5.2 is preserved for historical reference only.
v3 organizes FORG around three distinct pillars:
Observe: Signal collection from all adapters, session tracking, signal timeline, model breakdown, cost attribution by user/team/project/environment.
Control: Rules engine with budget, model policy, rate limit, and session policy rules. Gateway enforcement mode for pre-call evaluation. Audit log with cryptographic chain.
Optimize: Cost intelligence dashboard, automatic waste pattern detection, FORG Atlas alpha for natural language queries.
The v3 rules engine supports four rule types: budget (spending limits per scope/period), model_policy (allowlist/denylist with redirect support), rate_limit (calls per hour/day with burst), and session_policy (idle timeout, max duration).
Rules evaluate in priority order. Block actions are deterministic — the most restrictive matching rule wins. All rule evaluations are written to the audit log. Rules can be deployed in warn-only mode for tuning before enforcement.
FORG Atlas embeds your signal data (aggregated into semantic chunks: session summaries, daily developer summaries, team weekly summaries) using text-embedding-3-small. Queries are answered via RAG: embed the query, retrieve top-N relevant chunks via cosine similarity, generate a specific answer with citations via Claude Sonnet.
Available on Business+ plans. Current limitations: nightly data freshness (not real-time), single-turn queries only, 3-8 second response latency.
Every signal, rule evaluation, and enforcement action is written to the audit chain. Each entry includes a SHA-256 hash of its content chained with the previous entry hash. Any modification to historical records produces a detectable break in the chain.
The audit log is exportable in JSON format for SOC 2 auditors. The chain can be verified independently using the FORG CLI: forg audit verify --from=2025-01-01 --to=2025-05-20.
v3 ships with GA adapters for Claude Code (all 7 hook event types), Cursor (including Tab completions), VS Code (GitHub Copilot, Continue.dev, Codeium), and JetBrains IDEs (AI Assistant).
All adapters use the same signal schema v3 and support the project.yaml dimension tagging system. Adapter auto-detection (forg detect) installs the correct adapter based on what tools are found on the system.
v3 launches two new plan tiers:
Team ($99/month): Up to 25 users, shared dashboard, org-level budgets, SAML 2.0 + OIDC SSO, webhook notifications.
Business ($299/month): Unlimited users, SCIM provisioning, data residency (US/EU), DPA, priority support, FORG Atlas access, 1-year signal retention.
Business+ customers can choose their data residency region. US (default): signals processed and stored in Cloudflare US-region Workers and Supabase US (us-east-1). EU: signals processed in Cloudflare EU-region Workers and Supabase EU (eu-central-1). No cross-region data transfer in EU mode.
Data residency applies to signal data only. License and identity data (D1) remains US-resident regardless of plan.