Forge Platform

Security Model

Require approval for:

Default posture

  • Local-first by default.
  • Read-only before write.
  • Proposal before execution.
  • Template execution before raw execution.
  • Human approval before irreversible actions.
  • Redaction before evidence export.

Trust boundaries

Boundary Rule
Lenses system of record for run/evidence/approval state
Blueprints canonical policy and evidence expectations
LCDL no arbitrary execution; governed reasoning only
Fleet bearer token is powerful; expose templates to agents first
Hermes memory is not governance
Factory implementation output must be verified before acceptance
OpenClaw chat is ingress/status unless policy explicitly allows approval

Human gates

Require approval for:

  • repo writes,
  • Fleet job submission,
  • external network calls outside configured endpoints,
  • release/deploy actions,
  • modification of Blueprints baseline,
  • credential/provider changes,
  • agent autonomy upgrades.

Redaction expectations

Evidence must not expose:

  • bearer tokens,
  • API keys,
  • .env contents,
  • auth headers,
  • private keys,
  • raw sensitive user or customer data unless deliberately approved.