ForgeAI is a production-ready, fully self-hosted AI assistant platform built from scratch in TypeScript. Connect any LLM to WhatsApp, Telegram, Discord, Slack, Teams, Google Chat, WebChat & IoT devices — all managed through a modern 19-page dashboard with 17 security modules.
$ git clone https://github.com/forgeai-dev/ForgeAI && pnpm install && pnpm forge start10
LLM Providers
19
Built-in Tools
8
Channels
19
Dashboard Pages
17
Security Modules
What's New
ForgeAI now ships with 8 additional hardening layers, including tool output sanitization, sensitive file guard, exfiltration prevention, persistence blocker, model-aware security profiles, network egress control, sandbox isolation, and system prompt defense.
Cross-session memory is now MySQL-persistent, survives restarts and deployments, supports OpenAI embeddings with TF-IDF fallback, and extracts entities automatically for richer long-term context.
Install, activate, deactivate, and manage custom skills at runtime with script, HTTP, and JavaScript function handlers. Skills are persisted and injected into the agent context automatically.
The agentic loop now uses a 200-iteration safety cap, adds intent classification to reduce unnecessary tool usage, and improves reliability with memory leak fixes, cleaner shutdown behavior, and better stored response sanitization.
Features
Route between 10 providers — OpenAI, Anthropic, Google, Mistral, Groq, DeepSeek, xAI, Kimi (Moonshot), Ollama (local), and OpenAI-Compatible (LM Studio, vLLM). Automatic failover with circuit breaker, exponential backoff, cloud↔local failover.
Web browsing (stealth anti-detection), search, Puppeteer (21 actions), shell, code sandbox, image generation (DALL-E 3, Leonardo AI, SD), file I/O, screenshots, cron scheduler, smart home, Spotify, execution planning, task delegation, and Forge Teams.
WhatsApp, Telegram, Discord, Slack, Teams, Google Chat, WebChat, and Node Protocol (IoT/ESP32). One agent, every platform. Real-time progress updates and typing indicators.
Durable MySQL-backed memory with OpenAI embeddings and TF-IDF fallback, plus a full RAG engine for document upload, semantic retrieval, runtime configuration, and long-term contextual recall across sessions.
AES-256-GCM encrypted vault, RBAC, rate limiting, prompt guard, input sanitizer, 2FA, Email OTP, setup wizard, audit logging, plus tool output sanitization, sensitive file guard, exfiltration prevention, persistence blocking, model security profiles, network egress control, sandbox isolation, and system prompt defense.
Speech-to-text (Whisper), text-to-speech (Piper/OpenAI), image analysis, and image generation. Full multimodal support across all channels. Wake word detection ("Hey Forge").
Extensible plugin architecture with a built-in store, MCP client for external tool servers, and a new Skill Registry for runtime-managed script, HTTP, and function-based capabilities.
Workflow engine with cron scheduling, conditional branches, and parallel execution, plus plan tools, intent classification, autopilot routines, and a state-machine-driven execution model for complex autonomous tasks.
GitHub, Gmail, Google Calendar, Notion, and RSS feeds built-in. OAuth2/SSO support (Google, GitHub, Microsoft). Config Sync between Gateways. GDPR compliance.
Architecture
core, agent, tools, plugins, channels, security, workflows, shared, cli, dashboard, companion, node-agent, node-agent-esp32. Clean boundaries, zero circular deps.
100% TypeScript. Fastify HTTP gateway with 140+ REST API endpoints, WebSocket real-time broadcasting. React 19 dashboard served directly.
17 security modules with AES-256-GCM vault encryption, 4-factor auth for external access, immutable audit trails, indirect prompt injection defense, sandbox isolation, persistence blocking, and network egress control.
Docker Compose with MySQL. One command to deploy. Native domain/HTTPS support with Caddy reverse proxy and automatic Let's Encrypt SSL.
version: '3.8'
services:
gateway:
image: forgeai/gateway:latest
ports:
- "18800:18800"
environment:
- MYSQL_HOST=db
- MYSQL_PASSWORD=your_password
- MYSQL_DATABASE=forgeai
- GATEWAY_PORT=18800
volumes:
- ./data:/app/.forgeai
depends_on:
- db
db:
image: mysql:8
environment:
- MYSQL_DATABASE=forgeai
- MYSQL_ROOT_PASSWORD=your_passwordProviders
Switch between providers with a single config change. Automatic failover with circuit breaker ensures your agents never go down. Cloud↔local failover built-in.
Dashboard
React 19 SPA served directly by the Gateway. Manage agents, monitor usage, configure tools, upload RAG documents, and view audit logs — all with WebSocket real-time updates.
Messages
12,847
Tokens
2.4M
Tools Used
1,293
Uptime
99.9%
What's Coming
36 phases completed. Here's what we've built and what's next — from embedded IoT devices to native apps and beyond.
Full internationalization system with React Context. English, Portuguese, Spanish, French, German, Italian, Japanese, Korean, Chinese.
Self-hosted STT/TTS using Whisper + Piper on your own VPS. Zero OpenAI credits needed. TTS streaming playback with markdown sanitization.
Anti-hallucination system prompt. Agent clearly identifies as ForgeAI, never claims to be Claude/GPT. Only describes actual capabilities.
Full observability with OTLP/HTTP traces, metrics, and spans. Google Calendar and Notion integrations for productivity workflows.
Go binary (~5MB) for Linux SBCs (Raspberry Pi, Jetson, BeagleBone) + MicroPython for ESP32. WebSocket, auth, heartbeat, GPIO, node-to-node relay.
Agent-driven visual artifact system. Live rendering of HTML, React, SVG, Mermaid, Charts, Markdown, and Code in sandboxed iframes.
Puppeteer stealth anti-detection, proxy rotation. Native Caddy reverse proxy with automatic Let's Encrypt SSL. Static site hosting built-in.
Windows-only desktop client that connects to the Gateway and lets the AI control your PC. Pairing system, voice mode with wake word, desktop automation, dual-environment routing (server + companion), Rust safety system, Config Sync.
Cross-platform Dashboard wrapper for Windows, macOS, and Linux. Opens the Dashboard as a native desktop window instead of a browser tab. System tray, global hotkeys, auto-update, startup on boot.
Coordinated agent teams with dependency graphs — independent tasks run in parallel, dependent tasks wait for upstream results. Sub-agent delegation via agent_delegate. Execution planning with plan_create/plan_update tools.
DSPy-inspired auto-optimization. Classifies tasks into 9 categories, records success/failure patterns, injects proven strategies into prompts for similar future tasks. Temporal decay keeps strategies fresh.
Docker image includes Python 3, pip, Node.js 22, Chromium. Agent installs ANY missing dependency with full root access. The agentic loop now runs with a 200-iteration safety cap plus reflection and stuck-loop protection.
Cross-session memory is now MySQL-persistent, survives redeploys, uses OpenAI embeddings with TF-IDF fallback, extracts entities automatically, and keeps durable long-term context available to the agent.
Runtime skill management with script, HTTP, and function handlers, plus an expanded forge doctor command covering runtime, config, providers, services, and workspace diagnostics.
8 new security layers plus blocked IP persistence in MySQL, audit hash chain integrity auto-repair, and dynamic security status on the /info endpoint. 150+ API endpoints, 14 MySQL tables.
Two new messaging channels. Signal via signal-cli bridge for encrypted messaging. Matrix via matrix-js-sdk for decentralized communication.
Full database encryption with MySQL TDE or application-level AES. All sensitive data encrypted at rest, complementing the Vault encryption.
Native iOS and Android app with Expo. Chat interface, push notifications, voice input, biometric auth, and offline message queue.
Always-listening wake word detection with Porcupine/Picovoice. Say "Hey Forge" to activate your agent hands-free.
Control Spotify playback, Home Assistant devices, and smart home routines through natural language via any channel.
Record and replay full agent sessions for debugging, auditing, and training. Step-by-step tool execution visualization with timeline.
Structured logging pipeline compatible with ELK Stack, Grafana Loki, and AWS CloudWatch. Centralized log management.
Public plugin registry for community-built integrations. Publish, discover, and install plugins with one click.
Pre-built workflow templates for CI/CD pipelines, content generation, data processing, customer support, and DevOps.
Opt-in managed hosting for zero-ops. Your data stays yours — just without the server management. One-click deploy.
ForgeAI is free, open-source, and self-hosted. No vendor lock-in, no data leaves your server. Start building in minutes.
$ docker compose up -d