Platform tour

The complete agentic
engineering platform.

Point tools give you an agent. AnyForge gives you the whole engineering organization around the agent: a planning layer that turns demand into scored, spec-driven work; a delivery layer that ships it through governed crews; a governance layer with cryptographic audit and human approval gates; and an insight layer that tells leadership what actually happened — all on any model, from frontier clouds to private LLMs hosted on your own metal.

From raw customer signal to merged, audited pull request — one platform, one ledger, one flat fee.

Try Code Studio free →Engineering deep-dive →

Plan

From raw demand to a runnable spec.

Most AI coding tools start at the prompt. AnyForge starts where your business does — with the customer ask, the strategy bet, the production incident — and shapes it into prioritized, spec-verified work an AI crew can actually run.

Signals — capture demand where it lands

Client asks, sales requests, stakeholder ideas and strategy bets land as Signals — the cheapest thing to write down. Nothing lives in an inbox; every signal keeps its source so you always know what is customer-driven vs strategy-driven.

Opportunities with RICE scoring

Signals consolidate into scored Opportunities: Reach × Impact × Confidence ÷ Effort, server-computed from anchored buckets with mandatory rationale on every input. AI Suggest drafts scores grounded in your actual signals — no gut-feel prioritization.

Revenue at Risk

The backlog translated into money: monthly MRR blocked by unshipped work, annual run-rate exposure, concentration by region, account and reason. The exec-facing lens that turns a prioritization debate into a business decision.

Roadmap themes with investment guardrails

Now / Next / Later horizons plus a quarter-gridded timeline. Set an investment mix — say 60% features, 25% tech debt, 15% keep-the-lights-on — and the roadmap tells you when reality drifts from the strategy.

Capacity forecasting (Monte Carlo)

AnyForge models the real bottleneck of agentic delivery: operator review attention, not engineer hours. Little’s-Law lead times, P50/P85/P95 Monte-Carlo forecasts over your trailing eight weeks, and a what-if simulator for adding operators or raising autonomy.

Spec-driven development (ICE)

Every initiative carries a structured spec — Intent, Context, Expectations — checked by a deterministic readiness rubric before dispatch. The spec becomes the contract every agent reads and the checklist the PR is verified against, including "verify NOT introduced" non-goals.

Programs → Initiatives → Work items

A four-level hierarchy that matches how software actually ships: cross-codebase programs, per-repo initiatives, PR-sized work items with dependency waves. Program cockpits roll up progress, spend, risks and blockers — exportable to PDF or Markdown for the board.

Business Capability Map

A BIZBOK-style capability tree synthesized from your own codebases: which repositories realize Payments, Risk, Onboarding. Heatmap badges expose coverage gaps and duplication in the language your leadership speaks.

Build

Governed delivery that ships real PRs.

One capable Engineer, specialist advisors on demand, deterministic edits, your test suite as ground truth — the delivery architecture the failure data says actually works, running in your browser or as unattended background crews.

One Engineer, on-demand specialists

Crew rejects the multi-agent telephone game. A single capable Engineer drives every build in a long tool loop, consulting Architect, Security & Compliance and QA specialists as advisors mid-run. Industry data puts multi-agent handoff failure at 41–87% — we designed around it.

Deterministic edits, real tests

Patches apply through git — checked, then applied, never fuzzy-matched — so a stale diff is rejected loudly instead of corrupting code silently. Your own test suite is the ground truth oracle: the Engineer detects your runner and runs your tests, not a proxy metric.

Parallel specialist review on every PR

When the PR opens, Architect, Security and QA specialists fan out in parallel and review the actual diff — OWASP-class security findings, coverage analysis, architectural conformance — and attach their reports to the approval card.

A fifty-tool agent arsenal

AnyForge agents don’t just edit files. They run your terminal, search the live web, spawn read-only research sub-agents with isolated budgets, enter plan mode, work in isolated git worktrees, submit line-anchored PR reviews — and verify UI changes by launching a headless browser, screenshotting the page and reading its console and network errors.

Code Studio — governed coding in the browser

A full agentic workspace on any device: Files, Diff, Terminal and Metrics tabs, 200+ models switchable per request, repo-grounded plans, surgical edits, main-branch locking. Commands run in an in-browser container or fail over to our cloud runtime — npm test works from your phone.

One-click escalation to Crew

When a task outgrows a single agent, Code Studio proposes a Crew inline. Accept once and the initiative, work items and crew are created atomically — and you stay on the same conversation, approving gates in-thread.

Automations & routines

Saved crew templates fire on cron schedules or signed webhooks (HMAC-SHA256): nightly security audits, weekly tech-debt refactors, dependency sweeps. Recurring engineering runs itself; you review the PRs.

Self-healing releases

Your pipeline reports a release failure, AnyForge opens a P0 hotfix crew automatically, files the incident, and — if you opt in — auto-merges hotfix PRs that fit your safe-diff envelope (small, safe-path-only changes). Change-failure rate and lead time tracked honestly, DORA-style.

Automatic merge-conflict resolution

A sweep every 30 minutes detects cross-work-item conflicts before they block a release, attributes them to the sibling branches that caused them, and resolves them with a crew that merges (never rebases), runs your tests and updates the PR in place.

Mission control for every run

Watch a crew work in a live activity feed with a phase tracker — Engineer, Specialist Review, PR Review — and typed interaction cards for everything that needs you: plan approvals, agent questions, task proposals, backlog refinements, ADR revisions. Mention @architect in the thread, get desktop notifications when a gate needs a decision.

A review room, not a diff dump

Every crew PR opens in a three-pane review cockpit: an AI-generated walkthrough that tours the diff in the order it should be read, syntax-highlighted diffs with click-to-comment on any line (posted to GitHub and in-app, @-mentions included), and the agent chat with approve, amend and auto-merge right where you’re reading.

Workspace bootstrap that respects your repo

The agent runtime ships every major toolchain — Node, Python, Go, Rust, Java, Kotlin, .NET, Ruby, PHP — plus cloud CLIs. Pin a setup command, a test command, and your AGENTS.md conventions; every crew and Studio session honors them.

Code intelligence

The graph index: your codebase as a queryable brain.

Underneath every AnyForge surface sits one code-intelligence layer — a continuously refreshed call graph plus semantic embeddings of every connected repository. It's why AnyForge agents act like engineers who've read the codebase, and why your questions get answers with line numbers.

A graph of everything you ever shipped

AnyForge builds a call-and-import graph of every connected codebase — the TypeScript compiler API for TS/JS, tree-sitter parsing for Go, Kotlin, Python, Java and Rust — so agents and humans navigate your systems by structure, not by grep.

Semantic search over symbols, not strings

Vector embeddings of symbol-aligned code chunks power natural-language search across the fleet: "where do we validate webhook signatures?" finds the function, its callers, and the docs that mention it — across repositories.

Always fresh, never a batch job

Indexing is SHA-gated and incremental: it refreshes on every PR merge via webhook, on operator demand, and on a rolling sweep. The graph you query reflects the code you merged this morning, not last quarter.

Edges that admit what they know

Every call edge carries a confidence label — extracted (import-verified), inferred (unique name match), or ambiguous — so agents know when to double-check before acting on it. Honest metadata beats confident guessing.

Analysis on every pass

Each index run detects god nodes, module communities, surprising cross-boundary connections, and doc-to-code drift — and generates suggested questions worth asking about your own architecture. Incremental runs report the graph delta: what structurally changed since last time.

One index, every consumer

The same graph powers the Engineer mid-build, the PR-review specialists, the Oracle, semantic ⌘K search, and the interactive Code Graph views — per-repo and cross-repo. Ask, click, or let an agent traverse it.

Documentation engine

Documentation that regenerates itself.

Every codebase you connect gets living architecture documentation — generated from the code, refreshed on merge, and organized the way architects and boards actually think. The wiki that rotted the day it was written is over.

Deep analysis on connect

Point AnyForge at a repository and it reverse-engineers the architecture: components, boundaries, data flows, build tooling, test posture. Scheduled reanalysis keeps every codebase’s documentation on a cadence you set — freshness is a policy, not a hope.

C4 diagrams & ADRs, generated

Context, container and component views drawn from the code itself, plus Architectural Decision Records drafted by the architect agents as they work — the documentation trail writes itself while the work happens.

Deployment topology & dependency maps

A live L1 deployment topology with component-to-component dependency arrows and relationship overlays, plus cross-repo dependency maps — see what actually talks to what, across the whole estate.

Opinionated architecture lenses

Conway analysis (does your org chart match your architecture?), an AI-readiness score per codebase (how well can agents work here?), and a security-posture view — the assessments consultants charge six figures for, regenerated on merge.

The org narrative

A background worker synthesizes a business-readable overview of your entire estate — every analyzed system, woven into one wiki-home narrative your board can actually read, with live generation progress and ETA.

Searchable, shareable, exportable

Full-text search across all generated documentation, external share links for auditors and diligence teams, and Markdown/PNG/PDF exports. Due diligence prep becomes a link, not a fire drill.

AnyForge Oracle

The one teammate who has read everything.

The Oracle is a 360° intelligence layer over your entire engineering reality — every codebase, every architecture doc, every release, every crew — correlated live with production observability data from Datadog, Google Cloud Logging, AWS CloudWatch and Sentry. It's the difference between asking 'what broke?' and being told 'this release, this code path, this fix — shall I dispatch a crew?'

A 360° view of every codebase

The Oracle sits on top of the full code-intelligence layer: the cross-repo call graph, semantic code search, generated architecture docs, ADRs, the business capability map, releases and dependency maps. Ask "what talks to the payments service and who changed it last?" and get an answer with clickable deep links — not a guess.

Correlated with production reality

It reads your observability stack live — Datadog, Sentry, Google Cloud Logging and Crashlytics, AWS CloudWatch, Aikido — and correlates a production error with the code path that throws it, the release that shipped it, and the PR that introduced it. From stack trace to root cause to a dispatched fix crew, in one conversation.

Real computation, not vibes

A sandboxed, credential-isolated run_code interpreter (Python/Node) lets the Oracle parse, aggregate, calculate and chart inside the conversation — so the answer to "what did this initiative really cost per merged PR?" is computed, not estimated.

For every member, on every page

Summonable anywhere in the console (⌘-J) by every member including viewers, read-only by construction, and never budget-gated — it keeps answering even when a token budget pauses delivery. Runs on your own AI key.

Answers that leave the chat

Every answer exports to Markdown, JSON, CSV, HTML or DOCX; per-user memory carries your context between sessions; and ⌘K global search adds a semantic deep tier over the indexed code.

Everywhere your team already is

The same Oracle answers from Slack via the /oracle slash command, from Claude Code or Cursor via the anyforge_ask_oracle MCP tool, and over the headless Control API — one brain, every doorway.

The agents

Not a bot. A staff.

Every role a scaling engineering org hires for, AnyForge ships as a specialist agent — each one grounded in your workspace, metered on your keys, and accountable to the same audit chain. The Oracle answers; these agents act.

Opportunity Genesis — from signal to PRD

Feed it raw demand and it drafts the product case: versioned PRDs grounded in your actual signals, complete with browsable HTML UI mockups your stakeholders can click through before a line of code exists.

Program Genesis — the portfolio planner

Analyzes your repositories, proposes program scope, creates the initiatives, writes versioned program briefs, maintains the risk register and generates status reports — the program-management overhead, automated.

Spec Genesis — the spec author

Drafts and refines ICE specs in conversation, dispatches the architect for decomposition, and requests backlog refinement — so every initiative reaches the crew with a contract worth building against.

Report Genesis — dashboards you talk into existence

The reporting module: describe what you want to see and it assembles the dashboard — stat tiles, timeseries, bars and tables over crews, work items, initiatives, token usage and codebases. Queries are validated against a safe catalog and executed live at view time, and finished reports live under Insights → Reports for the whole org.

The delivery crew & Retro Analyst

The One Engineer and its Architect, Security & Compliance, QA and Sage specialists do the building — and when a crew completes, an operator-triggered Retrospective Analyst reads the step trail and audit log, writes the retro, and proposes new memory facts for humans to promote.

Govern

Autonomy you can hand an auditor.

Speed without governance is liability. Every AnyForge surface shares the same enforcement machinery — approval gates, policy engine, constraint checks and a tamper-evident audit chain — so moving faster never means explaining less.

One human gate. Cryptographic proof.

Every normal crew run ends at a mandatory human approval gate at PR review — unbypassable by the model. Each decision is recorded with a SHA-256 proof of approver, timestamp and content, and the Approve button locks itself while CI is red or the branch has conflicts.

Hash-chained audit trail

Every governance event — approvals, constraint checks, crew lifecycle, access — is SHA-256 hashed and chained to the previous event in an append-only ledger that application code cannot write. Tampering with any historical event breaks verification of everything after it. Regulator-ready, exportable.

Enforced constraints (Atomic Facts)

Your engineering rules — TLS requirements, API contracts, schema invariants, compliance mandates — are injected into every agent’s prompt and verified per-constraint at PR time. PCI-DSS and SOC 2 profiles seed a working posture on day one. Facts are never deleted, only superseded.

Policy as code (OPA)

Budget caps, circuit breakers and per-role tool allow-lists run as Rego policies distributed via OPAL — the same policy engine your platform team already trusts, applied to AI agents. Redaction, PII blocking and rate limits toggle per rule.

Portable governance memory

Architecture decisions, API contracts and declined proposals persist across runs, sessions, and provider switches — policy-checked, fail-closed, tenant-isolated, every write signed into the audit chain. Your agents stop re-litigating decisions your team already made.

Autonomy is a dial, not a switch

Turn up unattended operation one envelope at a time: CI-failure triage, then auto-fix with hard caps (bounded rounds and tokens), then auto-merge for small fixes only (line and file limits you set), then Release Health auto-heal inside a safe-path allow-list with capped attempts. Auto-merge defaults cascade org → program → initiative → individual gate, with an explicit opt-out at every level. Everything above the envelope waits for a human.

Config Packs — compliance in one click

Installable bundles of agent configs, enforced constraints, routines and skills that stand up a working governance posture instantly: PCI-DSS, SOC 2, NIST AI-RMF, NIST CSF, NIST SSDF, EU CCD2, source-code escrow, and a startup pack. Your whole company configuration also exports and imports as a manifest — template one company, stamp out the next.

Team & access management

Teams, invitations, email-domain auto-join, and a role model that goes down to surface-locked board viewers. Every membership change and permission decision lands in the same audit chain as the code.

A deliberate trust boundary

AnyForge produces and merges pull requests. It never deploys and never holds your infrastructure keys. Secrets live in Google Secret Manager — the database stores only pointers. Role-based access with surface-locked board viewers, invited-email allowlisting and pending-approval onboarding.

See

Every question answered, from board room to terminal.

What shipped? What did it cost? What's at risk? Who approved it? AnyForge answers in whatever language the asker speaks — a board pack for directors, a trace waterfall for engineers, or a conversation with the Oracle for everyone in between.

Management Overview & board packs

A deterministic leadership lens: what shipped, what was decided, committed vs forecast dates with variance history, cost, and an honest change-failure rate. One click prints a board pack. A weekly brief email keeps execs current without another meeting.

Usage, traces & spend

Month-to-date token spend and projected month-end by user, initiative, provider, model, repo and product surface. Full LLM trace waterfalls with three lenses — recent, highest-spend, errors — filterable by source (Crew, Code Studio, external agent), plus opt-in run-tree tracing that nests every LLM round under its graph node.

Operator effectiveness scores

A composite 0–100 score per operator — outcomes, cost efficiency, spec quality, responsiveness, context reuse — with coaching notes. The management question "who runs agents well?" finally has data behind it.

Two-ledger spend reconciliation

AnyForge’s metered ledger reconciled daily against each provider’s own usage API — Anthropic, OpenAI, Google, OpenRouter — with leakage surfaced per provider, model and day. Trust the meter because it audits itself.

Platform health & incidents

A live health dashboard with 30-second refresh, smoke-test heatmaps and halt taxonomies. Production errors from any provider are fingerprint-grouped into signals; accept one and it becomes a tracked KTLO incident a crew can fix.

Release notes that write themselves

Push a version tag and AnyForge generates redacted, customer-safe release notes — new, improved, fixed, secrets scrubbed — publishes them to your release timeline and changelog, and announces them to Discord. Shipped user-reported items announce themselves back to the community that asked.

Delivery analytics & DORA

Cost per completed crew as the headline number, plus deployment frequency, lead time (median and p90), change-failure rate, MTTR, first-pass acceptance-criteria rate, amend rounds per initiative, and token forecast-vs-actual — pivotable by operator, initiative, codebase, program or team. A correlation view empirically ties review-override decisions to later failures. Cloud spend syncs in too, with per-service and per-SKU GCP drill-downs.

Notifications that find you

Four channels — in-app inbox, email, Slack DM, Discord — with an @mention inbox, per-event preferences, and approval alerts that reach the right operator with severity built in. Slack slash commands query the Oracle or file a signal without opening the console.

Extend

Plugged into everything you already run.

AnyForge meets your stack where it is: your observability, your ticketing, your CI, your editor, your compliance obligations.

Every MCP server. Not a curated few.

AnyForge speaks the Model Context Protocol natively, so any MCP server works — connect it over Streamable HTTP or SSE with OAuth (auto-refreshing), Bearer tokens, API keys, or no auth at all, scoped per-user or company-wide. A one-click marketplace covers the popular ones — GitHub, Datadog, Sentry, Jira, Confluence, Linear, Notion, Salesforce, Stripe, Cloudflare, CloudZero, Google Drive & Calendar, Microsoft 365, Firebase, Aikido — and everything else plugs in the same way. Connected tools flow to the Oracle, the Genesis agents, and (with permission) your crews; read tools for everyone, mutating tools operator-gated.

Skills marketplace & curated registries

Reusable prompt packs — your conventions, governance rules, output contracts — composed into every agent, scoped by toolchain or codebase. Install from curated registries pinned to immutable commits, import SKILL.md files, or let AnyForge auto-detect skills committed in your repos.

Drive AnyForge from your editor

The AnyForge MCP server puts ~50 tools in Claude Code, Cursor or any MCP client: approve HIL gates, dispatch crews, query the Oracle, manage constraints, sync coverage, drive escrow — without leaving the terminal. Scoped read / write / approve keys enforce least privilege.

A full HTTP control surface

Everything the console does, an API does: repos, crews, initiatives, programs, work items, approvals, coverage, escrow, observability signals. SDK-compatible LLM endpoints mean your existing OpenAI or Anthropic client code works by changing one base URL.

Coverage & quality ingestion

Pipe the coverage your CI already computes — Jest, pytest, Go, LCOV, SonarQube, Codecov, Coveralls — into per-merge program and initiative metrics. Coverage guides scope; your test suite remains the gate.

Source-code escrow, verified

Escrow-grade deposits with SHA-256 manifests, build-and-deploy runbooks, dependency registers and masked secret scans — delivered over pinned SFTP to agents like Escode/NCC, on quarterly sweeps across your fleet. A Replicate rehearsal proves each deposit actually rebuilds.

Connectors & integrations

GitHubSlackDatadogSentryNew RelicGrafanaCloudWatchAikido SecurityJiraConfluenceLinearNotionSalesforceStripeCloudflareCloudZeroGoogle DriveGoogle CalendarMicrosoft 365Firebase / GCPSonarQubeCodecovCoverallsEscode / NCCGitHub ActionsGitLab CIJenkinsCircleCIAzure DevOps+ any MCP server

Any model

Frontier clouds, open weights, or your own metal.

Model strategy is a business decision, not a vendor default. AnyForge is radically provider-neutral: bring your own keys, route every call to the model that earns it, and change your mind later without losing memory, audit history, or a single workflow.

Every frontier cloud

Anthropic Claude (including Fable 5, Sonnet, Opus and Haiku), OpenAI GPT and o-series, Google Gemini — plus AWS Bedrock and Google Vertex for teams that buy through their cloud. Live model catalogs per provider, automatic failover, one endpoint.

Open-weights, first-class

GLM-4.6 and GLM-4.5 Air, DeepSeek V3 and R1, Qwen Coder, Llama, Mistral and Grok are selectable everywhere a frontier model is — for agent roles, Code Studio, and routing targets. 200+ models via OpenRouter, or routed direct to the vendor to skip the middleman.

Custom & private LLM hosting

Run models on infrastructure you control: your own Ollama daemon, a vLLM or llama.cpp cluster, or a dedicated private gateway we operate for you — on-prem, in your VPC, or air-gapped. Same governance, same audit chain, same flat platform fee as cloud. Built for data-residency clauses, regulated industries, and defence.

Claude Max subscription routing

Already paying for Claude Max? Paste an OAuth token and route agent traffic through your flat subscription instead of metered API rates — with a self-pacing throttle against Anthropic’s utilization windows, extended prompt-cache TTL, and automatic fallback to an API key.

Smart routing & caching

Intent-based routing — rules, regex or embeddings — sends each call to the cheapest model that clears the quality bar, with price-intelligence recommendations per agent role. Prompt caching typically shaves 30–40% off model spend. Most teams save more than the platform fee costs.

Budgets that actually stop spend

Per-codebase and per-initiative token budgets with a soft warning at 80% and a hard stop at 100% — enforced in the execution path, not reported after the fact. Failed calls never accrue. One flat platform fee, identical for cloud and self-hosted: $1.00 per 1M tokens.

Providers

Anthropic ClaudeOpenAIGoogle GeminiAWS BedrockGoogle VertexOpenRouter (200+ models)Ollama (self-hosted)vLLMllama.cppPrivate gateway (LiteLLM)Claude Max OAuth

Open-weights models

GLM-4.6GLM-4.5 AirDeepSeek V3DeepSeek R1Qwen 2.5 CoderLlama 3.3 70BMistral LargeGrok

Why AnyForge

Compare us to anything. We built it for that.

AnyForge occupies a category of one: the platforms that govern don't deliver, the tools that deliver don't govern, and the frameworks that promise both hand you a build project. Here is the honest comparison.

vs. Coding agents (Claude Code, Cursor, Codex, Copilot)

They are agents; AnyForge is the platform above them. Keep them and govern every call through Control — or use Code Studio and Crew and get planning, delivery, audit and insights the tool layer cannot see. AnyForge is the only place one ledger covers your IDE agent, your browser agent and your background crews.

vs. LLM observability proxies (Langfuse, Portkey, Helicone-class)

Watching spend is not governing it. AnyForge adds enforcement — budgets that halt, policies that block, approval gates the model cannot skip — plus an entire delivery layer (crews, specs, releases, incidents) that observability products do not attempt.

vs. Agent frameworks (LangChain, CrewAI, AutoGen)

Frameworks give you primitives; you still build the harness — checkpointing, HIL, audit, cost control, tenancy — yourself, then maintain it forever. AnyForge is that production harness, already built, already governed, with a delivery track record you can audit.

vs. Building in-house

Every team that scales agents ends up building this platform. Routing, portable memory, policy engines, hash-chained audit, escrow, capacity science — that is years of platform work. Install Control in five minutes instead, and keep your engineers on your product.

Get started

One flat fee. A hundred million free tokens. Five minutes.

Everything on this page is one platform with one price: $1.00 per 1M tokens, bring-your-own-key, no seats, no tiers. New accounts start with a 100M-token trial — and your first Crew run is on us.

Try Code Studio free →Install Control →Apply for Crew pilot →