forgemax

Forgemax is a Code Mode MCP gateway. It presents exactly two MCP tools to the LLM: search and execute. The search tool lets you query a capability manifest to discover tools across downstream servers in a read-only, sandboxed manner. The execute tool runs JavaScript code against the tool API inside a locked-down V8 sandbox, enabling multi-hop tool orchestration without exposing filesystem, network access, or internal state to the model. Additional sandbox APIs (forge.readResource, forge.stash, and forge.parallel) provide controlled access to resources, session storage, and bounded parallelism while keeping credentials opaque to the sandbox. The overall design keeps the LLM focused on reasoning with two stable interfaces while still enabling rich, cross-server automation via the sandboxed JavaScript layer.

To use Forgemax, you typically issue search queries to discover available tools and then craft a single execute call that chains together tool invocations using the provided proxy bindings. The sandbox enforces timeouts, resource limits, and security checks, and it reports structured errors when something goes wrong. You don’t interact with individual tool schemas directly; instead you rely on the manifest discovered through search and then orchestrate through the execute API, benefiting from a fixed interface size and predictable context length.

Prerequisites:

• A supported runtime for your installation method (see options below).
• Basic tooling: curl, a shell, and a package manager appropriate for your platform.

Install options:

• npm (recommended):

  npm install -g forgemax
  

• Homebrew (macOS/Linux):

  brew tap postrv/forgemax && brew install forgemax
  

• Shell installer (macOS/Linux):

  curl -fsSL https://raw.githubusercontent.com/postrv/forgemax/main/install.sh | bash
  

• PowerShell (Windows):

  irm https://raw.githubusercontent.com/postrv/forgemax/main/install.ps1 | iex
  

• Scoop (Windows):

  scoop bucket add forgemax https://github.com/postrv/scoop-forgemax
  scoop install forgemax
  

• Cargo (from source) – Rust toolchain required:

  cargo install forge-cli
  

• From source (build locally):

  cargo build --release
  # Binaries: target/release/forgemax + target/release/forgemax-worker
  

Post-installation steps:

• Ensure the binary is in your PATH and accessible as forgemax.
• Optionally generate and edit a forge.toml config to connect to downstream MCP servers (see the project docs for forge-config).

Tips and notes:

• The configuration file (forge.toml) may require environment variable expansion. If you publish a config, document any required tokens and endpoints inside forge.toml and/or environment variables.
• Forgemax enforces sandbox boundaries: credentials and internal state are never exposed to the sandboxed code. If you need to share state across executions, use forge.stash with TTL and proper scoping.
• If you encounter tool discovery issues, use the search tool to query the LiveManifest index and verify downstream server connections are healthy.
• The recommended workflow avoids loading large tool schemas into the LLM context by design; rely on search to discover capabilities and execute for orchestration.
• When debugging, enable verbose logging (e.g., RUST_LOG=info) and consult forge-audit for execution traces, hashes, and tool call metadata.