FORGE scans your codebase for security vulnerabilities, code quality issues, and architectural problems — then your AI assistant fixes them.
pip3 install vibe2prodOne command. Installs the FORGE engine and MCP server.
forge_scan(path=".")Discovers security, quality, and architecture issues in your codebase.
/forgeClaude reads the report and fixes findings using your own Edit tools. Locally.
Code never leaves your machine. Only anonymous telemetry metrics — no file paths, no code content.
Full security, quality, and architecture audit. Depends on codebase size.
Your own OpenRouter API key. No subscription. Pay only for what you use.
You need an OpenRouter API key (free signup, pay per token).
pip3 install vibe2prodclaude mcp add forge \
-e OPENROUTER_API_KEY=sk-or-v1-your-key \
-- forge-mcp# Add these flags before the -- separator:
-e VIBE2PROD_API_KEY=v2p_your-key \mkdir -p ~/.claude/skills/forge && curl -sL https://vibe2prod.net/forge-skill.md -o ~/.claude/skills/forge/SKILL.mdIn Claude Code: "Scan my codebase with forge"Then: /forge to fix all findings automaticallyNo API key? The scan will show a clear error message asking you to set one up.
Usage tracking: Anonymous scan metrics only (finding counts, not code). Opt-in data sharing available for improving FORGE.
FORGE works fully offline. Add an API key to sync scan results to your dashboard.
3 steps:
claude mcp add forge \
-e OPENROUTER_API_KEY=sk-or-... \
-e VIBE2PROD_API_KEY=v2p_... \
-- forge-mcpCLI scans appear in your dashboard alongside cloud scans, grouped by repo with readiness trends over time.
Add VIBE2PROD_DATA_SHARING=true to your MCP setup
Shares anonymized finding patterns (types, severities, fix rates)
NEVER shares code, file paths, or repo identity
Helps improve FORGE's detection accuracy for everyone
Works with any MCP-compatible tool