Control

Total Control. Zero Compromise.

A complete control plane for AI usage across your org. Budget enforcement, model policy, and team-level governance — cascading from org down to every individual session.

Scope levels

< 2ms

Policy eval

Git-native

Rules format

Real-time

Enforcement

Start controlling Read the docs

Governance that cascades

Rules flow from org-level down. Lower scopes can only restrict — never expand — what the level above allows.

Org

Managed by: Security & Compliance team

Global model blocklist · Compliance mandates · Spend ceilings · Geo restrictions

Visibility

All teams & users

Team

Managed by: Team leads / eng managers

Per-team budgets · Model preferences · Time windows · Usage caps

Visibility

Team members only

Individual

Managed by: Developers (within team limits)

Personal spend view · Session history · Cannot exceed team policy

Visibility

Own sessions only

Budget enforcement, three ways

Choose how aggressive your guardrails are. Mix modes across teams.

Hard stop

Session is blocked the moment the budget ceiling is hit. No exceptions, no grace period. Protects against runaway agents and batch jobs that ignore soft limits.

When: 100% of budget consumed

Soft cap

Usage continues past the threshold but is flagged and reported. The user sees a warning banner. Great for tracking without blocking productivity.

When: Configurable % — typically 90%

Alert

Silent notification to a Slack channel, email, or webhook when spend crosses a threshold. No disruption to the user. Used for early-warning dashboards.

When: Any configurable $ or % threshold

Team Budget Status — May 2025

Engineering$3,840 / $5,000

77% used$1,160 remaining

Product$1,120 / $2,000

56% used$880 remaining

Design$890 / $1,000

89% used$110 remaining

Total org spend$5,850 / $8,000

Control which models your teams can use

Allowlists, blocklists, and approval flows — applied at policy eval time, not at the API.

Scenario A: StartupCost focus

Early-stage teams allowlist only GPT-4o-mini and Claude Haiku. Powerful enough for 90% of tasks, at a fraction of flagship cost. Any request for a blocked model is auto-redirected.

gpt-4o-mini✓ allowed

claude-haiku-3-5✓ allowed

gpt-4o✗ blocked

claude-opus-4✗ blocked

Scenario B: EnterpriseCompliance

Large orgs blocklist experimental and preview models. Production traffic uses only approved, stable versions. New models require a formal approval workflow before they're unblocked.

gpt-4o-2025-04✓ approved

claude-sonnet-4✓ approved

gpt-4o-preview⏳ pending

gemini-experimental✗ blocked

policy.forg.yaml — model policy block
# Model policy — Enterprise org
model_policy:
mode: blocklist
blocked_patterns:
- "*-preview"
- "*-experimental"
new_model_approval: required
approvers: ["security-team", "cto"]

Four dimensions of control

Cover every enforcement scenario without writing custom middleware.

Budget Rules

Set hard stops, soft caps, and alert thresholds per user, team, or org. Never get surprised by an invoice again.

Model Rules

Allowlist or blocklist specific models. Require approval workflows before new models reach production.

Time Rules

Restrict AI usage to business hours, enforce cooldowns, or block overnight batch jobs from runaway.

Usage Rules

Cap tokens per session, rate-limit per user, and kill runaway sessions before they drain your budget.

Start with a template

Drop a proven policy in with one command. Customize from there.

StartupCost-first

$500/mo cap · Claude Haiku only · Business hours only

Hard stop at $500/mo org-wide

Claude Haiku as sole allowed model

Active 09:00–18:00 weekdays

Slack alert at 80% spend

TeamBalanced

$5K/mo cap · Approved models · No overnight usage

$5,000/mo team budget

Pre-approved model allowlist

Block sessions 22:00–06:00

Weekly spend digest to manager

EnterpriseFull control

Custom caps · Full allowlist management · 24/7 with alerts

Per-team custom budgets

Centrally managed allowlist

24/7 with anomaly alerts

Immutable audit log

Security-firstCompliance

Model blocklist · Geo restrictions · Mandatory session logging

Block all non-approved models

Geographic access controls

Mandatory session recording

Automated compliance reports

Rules as code. Rules in git.

Export your entire policy set to a YAML file, commit it to version control, and import it anywhere. Rules are diffable, reviewable, and rollbackable — just like application code.

Full audit trail on every policy change

PR reviews for rule updates

Instant rollback with git revert

Sync rules across environments

terminal
$ forg rules export > .forg/rules.yaml
✓ Exported 12 rules to .forg/rules.yaml

$ git add .forg/rules.yaml
$ git commit -m "tighten budget caps"
[main a3f92c1] tighten budget caps

$ forg rules import .forg/rules.yaml
✓ Applied 12 rules — active in 1.8ms

Before FORG. After FORG.

Before — Ad-hoc AI usage

✗Engineers choose any model freely

✗Costs discovered in end-of-month invoices

✗No rollback on policy changes

✗Compliance by honour system

After — Controlled environment

Policy-gated model access, enforced at eval time

Budget alerts fire before overspend occurs

Rules versioned in git, rollback in one command

Automated compliance enforcement with audit log

Take back control of your AI stack

Set your first policy in minutes. Ships with sensible defaults — tighten or loosen any rule from the dashboard or API.

Start controlling View policy docs