Forge
Modern Infrastructure Automation
Forging modern infrastructure
Infrastructure Automation, Reimagined
Forge is a modern, agentless configuration management and infrastructure orchestration tool written in Go. It combines the best features of Terraform’s plan/apply workflow, Ansible’s agentless approach, and Puppet’s resource model into a fast, typed, and secure platform.
Why Forge?
🚀 Modern Architecture
Built from the ground up with Go for performance, reliability, and cross-platform support
📋 Plan/Apply Workflow
Terraform-style preview and execution with deterministic change planning
🔧 Agentless Design
No agents to install or maintain - works over SSH, WinRM, and cloud APIs
⚡ Typed Resources
Strongly typed resource definitions with comprehensive validation
Core Features
Intelligent Resource Management
- Typed Resources - Strongly typed infrastructure units (packages, files, services, users)
- Dependency Resolution - Automatic dependency graph creation and parallel execution
- State Tracking - Real-time state monitoring without centralized state files
- Drift Detection - Continuous monitoring with configurable intervals and auto-healing
Modern Workflow
- Plan/Apply - Preview changes before execution with detailed change summaries
- Parallel Execution - Dependency-aware concurrent operations for maximum performance
- Error Handling - Comprehensive error handling with automatic rollback capabilities
- Real-time Feedback - Live progress updates and detailed execution logs
Enterprise Ready
- Policy Engine - Built-in policy evaluation with Rego-style rules
- RBAC & Multi-tenancy - Role-based access control with user management
- Audit Logging - Comprehensive audit trails with rotation and compliance reporting
- Secrets Management - Integration with Vault, AWS Secrets Manager, and more
- Compliance Modules - Pre-built compliance policies (CIS, NIST, STIG)
- Approval Workflows - Multi-stage approval processes
- Web UI Dashboard - Visual management interface
- Event System - Real-time status updates with multiple notification channels
Quick Start
Installation
# Linux (x86_64)
curl -L https://github.com/ataiva-software/forge/releases/latest/download/forge-linux-amd64 -o forge
chmod +x forge
sudo mv forge /usr/local/bin/
# macOS (Intel)
curl -L https://github.com/ataiva-software/forge/releases/latest/download/forge-darwin-amd64 -o forge
chmod +x forge
sudo mv forge /usr/local/bin/
# Build from Source
git clone https://github.com/ataiva-software/forge.git
cd forge
make build
sudo cp bin/forge /usr/local/bin/
Try It Out
# Initialize a new project
forge init my-infrastructure
cd my-infrastructure
# Create a plan to see what will change
forge plan --module modules/webserver.yaml --inventory inventory/hosts.yaml
# Apply changes (dry run first)
forge apply --module modules/webserver.yaml --inventory inventory/hosts.yaml --dry-run
# Apply for real (with confirmation)
forge apply --module modules/webserver.yaml --inventory inventory/hosts.yaml
Configuration Examples
Simple Web Server Setup
apiVersion: ataiva.com/forge/v1
kind: Module
metadata:
name: webserver
version: 1.0.0
spec:
resources:
- type: pkg
name: nginx
state: present
- type: file
name: nginx-config
state: present
path: /etc/nginx/nginx.conf
content: |
server {
listen 80;
root /var/www/html;
}
mode: "0644"
- type: service
name: nginx
state: running
enabled: true
Complete User Environment
apiVersion: ataiva.com/forge/v1
kind: Module
metadata:
name: user-management
spec:
resources:
# Install development tools
- type: pkg
name: git
state: present
# Create user
- type: user
name: devuser
state: present
# Create home directory
- type: file
name: devuser-home
state: present
path: /home/devuser
file_type: directory
mode: "0755"
owner: devuser
# Configure shell
- type: file
name: devuser-bashrc
state: present
path: /home/devuser/.bashrc
content: |
alias ll='ls -alF'
export EDITOR=vim
mode: "0644"
owner: devuser
# Setup workspace
- type: shell
name: create-workspace
command: mkdir -p /home/devuser/workspace
creates: /home/devuser/workspace
Dynamic Inventory
# inventory/hosts.yaml
targets:
webservers:
selector: "role=web,env=prod"
connection:
type: ssh
user: ubuntu
key: ~/.ssh/id_rsa
databases:
hosts:
- db1.example.com
- db2.example.com
connection:
type: ssh
user: admin
key: ~/.ssh/id_rsa
Architecture
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Controller │ │ Inventory │ │ Targets │
│ │ │ │ │ │
│ • Compiler │◄──►│ • Static YAML │ │ • Linux/macOS │
│ • Planner │ │ • Cloud APIs │ │ • Windows │
│ • Executor │ │ • Labels/Facts │ │ • Containers │
│ • Policy Engine │ │ │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ ▲
│ SSH/WinRM/Cloud APIs │
└──────────────────────────────────────────────┘
Implementation Status
Phase 1: Core Configuration Management - COMPLETE
- Basic CLI structure - Full command-line interface
- Resource type system - Strongly typed resource definitions
- SSH connection management - Secure remote execution
- Core providers - All 5 providers implemented and tested
- File Provider - Files, directories, templates, permissions
- Package Provider - Cross-platform package management
- Service Provider - System service lifecycle management
- User Provider - User and group management
- Shell Provider - Command execution with guardrails
- Module system and registry - YAML-based configuration
- Plan/apply workflow - Terraform-style preview and execution
- Static inventory support - Host and group management
- Basic templating - Go template engine integration
Phase 2: Orchestration & Workflow - COMPLETE
- Dynamic inventory - Pluggable inventory providers with AWS support
- Parallel execution engine - Dependency-aware concurrent execution
- Dependency resolution - Automatic dependency graph creation
- Error handling and rollback - Automatic failure recovery with retry logic
- Real SSH integration - Production-ready SSH connection management
- WinRM integration - Windows remote management support
- Drift detection scheduling - Continuous monitoring with configurable intervals
- Event system and notifications - Real-time status updates with multiple channels
- Web UI dashboard - Visual management interface
Phase 3: Policy & Compliance - COMPLETE
- Policy engine - Built-in policy evaluation with Rego-style rules
- Audit logging and trails - Comprehensive audit logging with rotation
- RBAC and multi-tenancy - Role-based access control with user management
- Secrets management integration - Vault, AWS Secrets Manager integration
- Compliance modules (CIS, NIST, STIG) - Pre-built compliance policies
- Approval workflows - Multi-stage approval processes
Phase 4: Advanced Features - MAJOR PROGRESS
- Kubernetes provider - Container orchestration support
- Cloud provider integrations - Azure VM discovery
- Monitoring and observability - Prometheus metrics and monitoring
- WASM provider SDK - WebAssembly provider extensions
- Supply chain security (cosign, SLSA) - Signed modules and provenance
- High availability controller - Distributed controller architecture
- Enterprise features (SAML, SCIM) - Enterprise authentication
Phase 5: Ecosystem Integration - PLANNED
- Terraform integration
- GitOps workflows
- CI/CD pipeline integration
- SaaS offering (Forge Cloud)
CLI Commands
Available Commands
# Initialize a new project
forge init <project-name>
# Create an execution plan
forge plan --module <module.yaml> [--inventory <inventory.yaml>]
# Apply changes to infrastructure
forge apply --module <module.yaml> [--inventory <inventory.yaml>] [--dry-run] [--auto-approve]
# Get help
forge --help
forge <command> --help
Example Usage
# Plan changes for a module
forge plan --module examples/simple-file/module.yaml
# Apply changes with confirmation
forge apply --module examples/simple-file/module.yaml
# Dry run (show what would happen)
forge apply --module examples/simple-file/module.yaml --dry-run
# Auto-approve (skip confirmation)
forge apply --module examples/simple-file/module.yaml --auto-approve
# Use with inventory
forge plan --module webserver.yaml --inventory hosts.yaml
Providers
Core Providers - IMPLEMENTED
- file: File and directory management with templating
- pkg: Package management (apt, yum, dnf, zypper, brew, choco)
- service: System service management (systemd, init)
- user: User and group management with full configuration
- shell: Command execution with conditional logic and guardrails
Cloud Providers - PLANNED
- aws: EC2, SSM, tags, metadata
- azure: VM metadata, tags
- gcp: Compute metadata, tags
Future Providers
- kubernetes: Deployments, ConfigMaps, Secrets
- database: PostgreSQL, MySQL user/schema management
- network: Routes, firewall rules, DNS
Performance & Security
Performance
- Concurrent execution: Parallel SSH connections with dependency resolution
- Efficient planning: Incremental graph computation
- Minimal footprint: Single binary, no runtime dependencies
- Fast startup: Sub-second initialization
- Smart caching: Resource state caching for performance
Security
- mTLS: All communication encrypted with mutual TLS
- RBAC: Role-based access control with comprehensive permissions
- Audit: Immutable audit trails with compliance reporting
- Secrets: Integration with Vault, AWS Secrets Manager, and more
- Supply Chain: Signed modules and provenance tracking (planned)
Development Status
ALPHA SOFTWARE WARNING
Forge is currently in alpha stage. While the architecture is solid and the CLI is functional, many providers use mock implementations for testing. This is perfect for:
- Testing the CLI and workflow
- Evaluating the architecture
- Providing feedback on the user experience
Not yet ready for production use.
Release Schedule
- Alpha (Current) - Core functionality, mock implementations
- Beta (Q1 2024) - Real provider implementations, production testing
- v1.0 (Q2 2024) - Production ready, full feature set
Get Started
Forge is available as an open source project with active development and community support.
GitHub Repository • Documentation • Discussions
Forge your infrastructure into perfect shape with modern automation platform.