A code-change workflow for Claude Code. Your request gets planned, the plan gets attacked, the code gets written with tests, and a panel of reviewers shoots at it before you ever see it.
/plugin marketplace add alp82/forge /plugin install forge@alperortac /forge:setup-forge
The setup runs once, plugin-prefixed; it installs the bare command names, so from then on it's /setup-forge everywhere. Plugin updates propagate on their own — no re-run needed. Upgrading from alp-river? Three steps in the 2.0.0 changelog entry.
One verb. Describe the change you want in your own words.
/forge add rate limiting to the public API /forge #482 # or point it at a ticket /crossfire # review what's already there
One request, end to end — the markers on the timeline are the stage boundaries.
A second agent's only job is to break the plan — and with a worker CLI on PATH, a different model attacks it too. Cheapest possible place to be wrong.
❯ /forge add rate limiting to the public API planner → .forge/rate-limit-public-api/plan.md challenge ✗ BLOCKER ▌ per-process buckets break under 3 gateway replicas — every client ▌ quietly gets 3× the limit. Redis sliding window or sticky routing; ▌ the plan proves neither. ▌ worker concurs — also flags the missing Retry-After on 429. planner plan v2: Redis sliding-window counters, Retry-After on 429 ❯ Gate — Approve open concerns become known risks
The red tests come before the code, and a reviewer hunts for the one that would still pass with the feature deleted. False green is worse than red.
test-author 4 tests written · all red ✗ test-review ✗ misaligned ▌ test_limit_resets still passes with the limiter deleted — ▌ it asserts on the mock clock, never on the 429. test-author rewriting the flagged test test-review ready — 4 red tests prove the behavior. Code starts now. implement ✓ tests 4/4 green · receipt.md
Independent lenses hit the diff at once, each carrying one thing only, blind to the others. Also runs standalone as /crossfire on any diff, branch, or file set.
Seven stages, six hooks, no hidden layer. Pick any stage: what it does, what it reads and emits, the brief that drives it — and ten seconds of it running.
With a worker CLI on PATH (codex, gemini, opencode), the challenge and the crossfire wave each get a different-model second opinion — read-only, failure visible, never blocking.
Prompts get forgotten under compaction; hooks don't. Forge ships six of them. If code changed and the review never ran, the session refuses to end.
No agent definitions, no config language, no signal vocabulary. Every stage is a markdown file you can read in one sitting and edit with your own opinions — start at skills/forge/SKILL.md. The plugin is a delivery mechanism, nothing more.
Point /forge at a ticket and it reads the ticket as the request, then posts the verdict back and closes it. No tracker? Nothing is missing — the contract lies dormant.