The trusted registry for interoperable AI systems

The signing, discovery, and trust layer underneath MCP servers, A2A agents, Agent Skills, and collections. Built for developers shipping agent infrastructure.

Read the v0.1 trust spec
// Early access for developers building with MCP, A2A, and Agent Skills
HostingHosted registryCLIMIT-licensed open sourcePricingFree during early access · org plans comingSelf-hostv1.0 roadmap
How Forge fits

Three roles. One verifiable graph.

Forge sits between the publishers who ship agent components and the agents that compose them. The registry signs, scans, and serves. The runtime verifies before it runs.

01 · Publisher
Ship a component
Push an MCP server, A2A agent card, or Agent Skill manifest — signed locally with your Ed25519 publisher key, identity confirmed via GitHub.
$forge publish
signed manifest
02 · Forge
Verify and serve
The registry confirms publisher identity, scans for known CVEs and suspicious install scripts, and indexes for search. Every response is signed so tampering is detectable.
forgeregistry.com/api/v1
signed metadata
03 · Consumer
Check before you run
Check any package before it enters your stack: publisher identity, Ed25519 signature, live CVE scan, install-script analysis. Also inline in your AI client via forge mcp.
$forge verify
The problem

Discovery is fragmented. Trust doesn't exist.

// The agentic ecosystem now mirrors early Node.js — capability is exploding, but provenance and security remain ad hoc. Skills are copy-pasted from gists and installed as system prompts, sight unseen. MCP servers are pulled from npm by name and granted file, shell, and network access. Agent cards are fetched by URL. Nothing is signed. Nothing is scanned. Nobody checks who published what.

// Marketplaces list tens of thousands of skills and servers, but listing is not vetting: no marketplace today verifies publisher identity, scans for known CVEs, or revokes a listing when it goes bad.

// Forge introduces a single forge.* extension that any MCP, A2A, or Agent Skill manifest can carry. It is interoperable by design. The registry, the verifier, and the AI-client tools are downstream of one specification.

manifest.json
forge spec v0.1
// What Forge adds on top of existing standards
"forge": {
  "security":    { "scanned": true, "signed": true, "vulnerabilities": 0 },
  "evals":       { "accuracy": 0.94, "latency_p50": "8s" },
  "compose":     { "depends_on": ["ana/web-researcher@1.4"] }
}
What Forge indexes

Four formats. One registry.

Forge indexes MCP servers, A2A agent cards, AI skills, and collections (bundles of skills, agents, and commands) today. Evaluators and structured prompts are on the roadmap.

MCP
Tools
MCP servers
A2A
Agents
A2A agent cards
SK
Skills
SKILL.md
CO
Collections
bundled packs
EV
Evaluators
coming soon
PR
Prompts
coming soon
What Forge builds

Three layers of trust infrastructure

Each layer ships independently. Together they form the supply chain substrate the standards assume but never define.

1
Security and provenance

CVE scanning via OSV, Ed25519-signed manifests, verified publishers via GitHub OAuth, and domain verification. The supply chain layer that doesn't exist anywhere else.

CVE scanningsigned manifestspublisher verificationdomain verification
$ forge verify @modelcontextprotocol/server-memory
2
Discovery and trust scoring

Universal search across A2A Agent Cards, SKILL.md packages, and MCP manifests. Every entry gets a 0–100 trust score based on publisher identity, CVE status, and script safety.

universal searchtrust scoresrevocation checksAI skills
$ forge skills list --category behavior
3
Composability graph
v1.0

Declare what your pipeline depends on. Forge resolves, verifies, and locks the graph. The routing substrate for interoperable AI systems.

depends_onlock filespipeline composition
$ forge lock --audit— coming in v1.0
Watch it verify

A single command. Signed answers.

Every package goes through the same pipeline: publisher identity, Ed25519 signature, live CVE scan, install-script analysis. Registry responses are signed, so tampering is detectable end to end.

forge — verifying @modelcontextprotocol/server-memory
$forge verify @modelcontextprotocol/server-memory
 
[1/5] registry index listed
[2/5] publisher @modelcontextprotocol (identity verified)
[3/5] signature valid (ed25519:8f3a…92c1)
[4/5] CVE scan (OSV) 0 known vulnerabilities
[5/5] install scripts no suspicious lifecycle hooks
 
@modelcontextprotocol/server-memory · v2026.1.26
publisher @modelcontextprotocol (verified 2026-05-12)
signed_by Ed25519 publisher key
scanned_at 2026-05-27T14:33:01Z
trust_score 95/100
response ✓ signed by registry (x-forge-signature)
 
clean scan · publisher identity verified # 0.8s
MCP Integration

Works inside your AI client.
Natively.

Add Forge to your editor once. From then on your AI assistant can search the registry, vet packages, audit your configs, and install skills inline — no terminal round-trip.

  1. 01
    One JSON entry in your MCP config

    Claude Code, Cursor, VS Code, Antigravity — Forge becomes a native tool your client can call.

  2. 02
    Ask in plain language

    “Find me a verified web scraping MCP” or “audit my current config.”

  3. 03
    Supply-chain checks happen automatically

    Your client calls forge_search, forge_get_package, and forge_audit and reports back vetted.

Setup guide
.mcp.jsonone-time setup
{
  "mcpServers": {
    "forge": {
      "command": "npx",
      "args": ["-y", "@forge-registry/cli", "mcp"]
    }
  }
}
claude code — conversation
youfind me a verified web scraping MCP and set it up
forge_search(query: "web scraping", verified_only: true)
forge_get_package(id: "@apify/mcp-server-rag-web-browser")
forge_audit(directory: "/project")
Verified publisher · @apify
0 CVEs · clean install scripts
Config audited — all servers clean
Added to .mcp.json. Ready to use.
Why Forge

The closest analogs still miss the layer

Hugging Face is the registry for ML weights. Smithery indexes MCP servers. Neither covers the agentic supply chain end-to-end, neither was designed for the multi-protocol agent stack, and neither offers signed provenance.

CapabilityHugging FaceSmitheryForge
Indexes agents + skills + toolstools onlyyes
Security scanningpartialyes
Signed manifestsyes
Supply chain verificationidentity + CVE today
Dependency resolutionv0.3 roadmap
Reproducible evalsbenchmarksv0.4 roadmap
Cross-vendor neutralyesyesyes
Indexes agents + skills + tools
Hugging Face
Smitherytools only
Forgeyes
Security scanning
Hugging Facepartial
Smithery
Forgeyes
Signed manifests
Hugging Face
Smithery
Forgeyes
Supply chain verification
Hugging Face
Smithery
Forgeidentity + CVE today
Dependency resolution
Hugging Face
Smithery
Forgev0.3 roadmap
Reproducible evals
Hugging Facebenchmarks
Smithery
Forgev0.4 roadmap
Cross-vendor neutral
Hugging Faceyes
Smitheryyes
Forgeyes
Precedent

Standards create registries

Every major protocol standardization created a discovery and trust layer. The agentic AI standards are next.

GitGitHub
Node.jsnpm
DockerDocker Hub
TerraformTerraform Registry
KubernetesHelm
ML modelsHugging Face Hub
MCP + A2A + Agent SkillsForge

Read the spec. Try the CLI.
Join the waitlist.

The forge.* extension is a minimal addition to existing agent manifests. Decide for yourself whether it's worth signing onto.

01 / Trust spec

forge.* extension — v0.1

// The full schema for security, evals, and compose blocks. Security ships today; evals and compose are spec'd ahead of their releases.

Read the spec
02 / forge mcp

Use Forge from your AI client

// One config entry. Claude Code, Cursor, VS Code, Antigravity. Search, vet, audit, and publish without leaving the conversation.

{ "mcpServers": { "forge": {
    "command": "npx",
    "args": ["-y",
      "@forge-registry/cli",
      "mcp"] } } }
Setup guide
03 / Early access

Join the developer waitlist

// First batch ships with the v0.1 CLI, signed publishing, and verification. Limited to MCP, A2A, and Agent Skill manifests for now.