v1.0 — Prompt Firewall now in GA

The operating system
for prompt engineering.

FORGHD treats prompts as first-class engineering artifacts. Version, branch, review, and ship them with the rigor you apply to code — and stop unapproved changes from reaching production.

Start building free See the SDK
SDK · Python · TS · Go Self-hostable
FORGHD logo
diff v23 → v24 +12 / −4
PR #412 awaiting sign-off
firewall blocked 1 deploy
p50 312ms · cost $0.0021
The Lifecycle

From draft to production. In one continuous pipeline.

Every prompt has a story — author, branch, review, deploy, observe. FORGHD captures all of it so nothing ships unsigned and nothing gets lost in Slack.

01 / Author

Draft with intent

Rich editor with variables, tests, and metadata. Schema-first authoring keeps prompts predictable.

02 / Branch

Fork, edit, propose

Branches and PR-style proposals. Diff every token. Squash, rebase, and merge — without leaving the canvas.

03 / Review

Review & approve

Threaded feedback, suggestions, and required sign-offs on every proposal — with a full audit trail from idea to merge.

04 / Firewall

Gate the release

Block unsigned, untested, or unapproved prompts before they reach production. Policy as code.

05 / Deploy

Promote in one call

Targeted rollouts to environments and tenants. Roll back atomically when telemetry says so.

06 / Observe

Live performance

Latency, cost, completion quality, eval scores — all per version, per env, in one timeline.

Built for serious teams

Everything a prompt needs
between idea and production.

Versioning & Branching

Treat prompts like code.

Branch off any version, propose changes, and merge with a full diff. Every commit is signed, traceable, and reversible. Roll forward and back with a single API call.

a3f9c1refine system role@maya
b7e210add safety eval@kio
ƒ mergeinto main@maya
c92044tighten temperature@dev
d8aa3bv1.4 → v1.5@bot
e1b7c0production tag@kio
Prompt Firewall

Nothing unsigned ships.

Policy gates between staging and prod. Untested or unapproved versions fail loud at deploy.

PASScheckout/refund-summaryv2.4
BLOCKsupport/auto-replyv1.8
HOLDonboarding/welcomev3.0
PASSsearch/rerankv0.9
Analytics

See what's working.

Latency, cost, eval scores per version. A/B without leaving the platform.

312ms
p50 latency
$.21/k
cost / req
94%
eval score
MCP bridge

Your registry in every MCP client.

Serve FORGHD over the Model Context Protocol so assistants can list prompts, pull pinned versions, and run against policy — without copy-paste or drift.

Connected clients
CL
Claude Desktop
live
CU
Cursor
live
CH
ChatGPT
live
CN
Cline
live
Prompt Firewall

The release gate
your prompts never had.

Define the policy once — required tests, required reviewers, schema validation, max cost, allowed models, redaction rules. Every deploy hits the wall before it hits prod.

Inbound deploys

v2.4refund-summarysigned
v1.8auto-replyeval
v3.0welcomeno review
v0.9reranksigned

FW.policy.v3

Block first, ship after.

Policies live in YAML alongside your code. Diff-on-PR. Replayable on any historical deploy.

require: 2 approvers from #ml-team
tests.coverage ≥ 0.85 over golden set
deny: PII regex match in system role
max.cost.per.run ≤ $0.012

To production

apiprod-eu-1live
apiprod-us-1live
apicanary-5%ramp
edgeworkerslive
Teams & Workflow

Built for how teams actually ship.

Approval workflows, shared context, and direct MCP bridges to the LLMs your team already uses — so prompts stop being one engineer’s secret weapon and start being team infrastructure.

Approval workflow
Configurable reviewers per project, branch protection, and required checks. Merging without sign-off is impossible.
Shared context
Variables, schemas, golden datasets and snippets live in one workspace. Reference them from any prompt; updates ripple everywhere.
MCP for any LLM soon
Connect Claude, ChatGPT, Cursor, Cline — any MCP-aware client — straight to your prompt registry. Edit, fetch, and run live without leaving the chat.
Roles & permissions
Granular RBAC — author, reviewer, deployer, viewer — scoped per project, env, or tenant. SAML SSO included.
Gated ship path

Review once, promote once.

Every proposal carries owners, checks, and pinned context. The card below is the same structure we attach to merges — so approvers see policy, datasets, and MCP bridges before anyone touches prod.

See the underlying approval flow →
refund-summary / propose
2 of 2 approved
MA
Tighten refund tone & add JSON schema
@maya · feature/v2.4 → main · 4 files changed
+12   −4   2 tests added
@kio approved
reviewer · ml-team
2m ago
@anya approved
reviewer · safety
just now
Eval suite passed
checks · golden-set
94.2%
Firewall policy check
policy · FW.v3
running…
·
Promote to prod
deployer required
queued
@contextrefund-policy.mdpinned
@datasetgolden/refunds.v6 · 1,240 casespinned
@schemaRefundDecision.jsonpinned
MCP bridges connected
CL
Claude Desktop
live
CU
Cursor
live
CH
ChatGPT
live
CN
Cline
live
Product tour

Motion first. Then the panels you live in.

The recording walks an end-to-end change in the real product. The screenshots are the static views reviewers and auditors grab today — timeline, diff, merge, and editor — each in its own tab so nothing is buried under a single “demo” switch.

Screen recording

From draft to signed version in one continuous session.

Follow a refund prompt as it moves through edit, diff against what prod pinned, three-way merge, and the approval queue. This is the path every environment enforces before traffic sees new tokens.

Full session capture — edit · diff · merge · firewall queue
Screenshots

Frames for the people who sign off and file tickets.

Each still maps to a real workflow: shipping history you can diff, line-level changes you can revert, merge decisions you can defend, and authoring with variables and versions in one surface.

Version timeline — Blog Post Generator
Every save is a version. Select any two points to diff or merge; prod pins never drift quietly.
Diff view
Line-level changes with one-click restore — audit-friendly without round-tripping through a repo.
Three-way merge
Resolve each conflict from base, yours, or theirs — then land a single merged prompt with a clear provenance trail.
Prompt editor Versions sidebar
Typed variables, AI assist, and the versions rail stay in one frame so authors never leave the canvas to ship.
Developer SDK

Slot it in.
Three lines is enough.

Drop FORGHD into any service. Fetch the active version, run with telemetry, and let the firewall enforce policy at the edge — all with one client.

Drop-in client
Python, TypeScript, and Go SDKs. Zero-config caching. Streaming support.
Edge-ready telemetry
Every call ships latency, tokens, cost, and eval signal back without blocking your hot path.
Provider-agnostic
OpenAI, Anthropic, Google, open-source — switch model without touching your prompt source.
app.ts
app.py
curl
forghd@1.0.4
// Fetch the production-pinned version, run, ship telemetry.
import { forghd } from "@forghd/sdk";

const fg = forghd({ project: "checkout" });

export async function summarizeRefund(order: Order) {
  const prompt = await fg.prompt("refund-summary", { env: "prod" });

  // Firewall runs server-side — denies on policy violation.
  const { text, runId } = await prompt.run({
    model: "claude-haiku-4-5",
    vars: { order },
  });

  return { text, runId }; // runId joins the live timeline.
}
# Fetch the production-pinned version, run, ship telemetry.
from forghd import Forghd

fg = Forghd(project="checkout")

def summarize_refund(order):
    prompt = fg.prompt("refund-summary", env="prod")

    # Firewall runs server-side — denies on policy violation.
    result = prompt.run(
        model="claude-haiku-4-5",
        vars={"order": order},
    )

    return result.text, result.run_id
# One request — version resolution, run, telemetry.
curl https://api.forghd.dev/v1/run \
  -H "authorization: Bearer $FORGHD_KEY" \
  -H "content-type: application/json" \
  -d '{
    "project": "checkout",
    "prompt":  "refund-summary",
    "env":     "prod",
    "model":   "claude-haiku-4-5",
    "vars":    { "order": { "id": "ord_3F2k" } }
  }'
Ship prompts. Without the chaos.

Make "it shipped the wrong prompt"
impossible.

Free for individuals and small teams. Pricing scales when you do — and there's a self-host plan for the regulated.

Start free Book a demo
$ npm i @forghd/sdk  ·  pip install forghd