Forge Platform

Security — local runner

Focus: allowlist-only actions, no arbitrary argv, path traversal checks on .forge/runs/, and loopback assumptions for writes.