Forge Orbital

The developer on-ramp to Forge Orbital

Your AI agent can act. A pop-up is not control.

Agents are moving from chat to action. They can issue a refund, send a payment, approve a vendor, route a purchase, isolate an account, or place a trade. Forge Agent Gate gives that agent an API key, adds approval gates and spending limits, checks each action against the mandate you set, and turns the result into a proof trail before the action becomes a mess you have to explain later.

One API key. One mandate. Any consequential agent action you want bounded.

Forge Orbital is built for enterprise and federal AI accountability. Agent Gate is the developer on-ramp to the same engine, so you can start small and grow into the platform.

Forge's AI decision engine has been federally evaluated, and the Forge solution was assessed as Awardable on the U.S. Department of Defense CDAO Tradewinds Solutions Marketplace. Not a generic LLM wrapper.

It is live and open source. npm i forge-agent-gate works today, and we are opening it to everyone. Install it now, or join the list before the full launch.

Refunds Payments Approvals Procurement Trading Kill switch
Why this exists

Nobody giving an agent hands gets to skip one question: how do I let it work without letting its worst five minutes become my problem?

What it actually does.

Set You write the rules once in plain fields: which action types are allowed, how large, which counterparty or system, when it can run, and what size needs human review. The mandate is versioned.
Gate Your agent calls Forge Agent Gate before the target system. Every action it attempts is checked against your mandate before it leaves the controlled path.
Decide Actions inside the rules pass instantly. Actions outside the rules never reach the target. Actions over your review threshold wait for approval. One kill switch stops everything at once.
Prove Allowed or blocked, every decision leaves a proof trail in your archive: the AI agent audit trail people expect, plus the rule, evidence, and replay path behind it. The signature is the integrity check. Replay it offline to show an auditor, a partner, or yourself exactly what your agent did and why.

For self-serve integrations, your credentials stay with you. The Gate checks the action and issues the proof trail; you keep custody of the account, system, or workflow.

Set it up in minutes.

01

Get a key

You get an API key for one monitored agent workflow. Run it repeatedly; trace credits count the proof trails.

02

Run one command

npx forge-agent-gate init writes the local config. API users can call the gate directly from the agent loop and monitor usage at /v1/agent-gate/me.

03

Sign your mandate

Set refund, payment, procurement, approval, or trading limits. Your agent now works inside the mandate.

Plug it in. Two calls, or zero code.

You do not have to read a spec. Copy the prompt below, paste it into your coding assistant, and give it the file that takes the risky action. The prompt carries the whole contract, so the model does not guess.

  1. Install. npm i forge-agent-gate
  2. Paste the prompt into your coding assistant with the file that spends, refunds, approves, or procures.
  3. Ship. The gate answers allow, escalate, or block before the action runs, and records the proof trail.
I want to add Forge Agent Gate to my AI agent so a human approves the risky actions
and every decision leaves a verifiable Forge proof trail. Wire it into the code I give you.

Package: forge-agent-gate (npm, Node 18.17 or newer).   Install: npm i forge-agent-gate
Import:  import { generic, presets, type ForgeConfig } from "forge-agent-gate";

ForgeConfig = {
  baseUrl: "https://forgeorbital.com",
  apiKey: "fi_...",              // your Forge Agent Gate key (or bearerToken)
  recordMode: "required",        // or "best_effort"
  tenantId: "your-tenant",
  agentId: "refund-agent",       // ONE stable id per monitored workflow, reused forever
}

Mandate presets (pick one, or hand-build a PolicyMandate):
  presets.refundsPresetMandate({ autoApproveBelowUsd })
  presets.paymentsPresetMandate({ maxSingleTransferUsd })
  presets.tradingPresetMandate({ ... })

The two calls:
  const decision = generic.enforceAction({ mandate, action, activity, now });
  await generic.recordGenericAction(forgeConfig, mandate, action, decision);

action   = { actionType, amountUsd?, counterparty?, resource?, metadata? }
actionType is one of: spend | transfer | approve | refund | procure | submit |
                      trade | escalate | isolate | custom
activity = { dailyTotalUsd, knownCounterparties }

decision.disposition is exactly one of: "allow" | "escalate" | "block".
There is no "hold". Execute the real action ONLY on "allow".
On "escalate" route to a human. On "block" do not execute and surface the reason.

Rules you must follow when you write the code:
  1. Call the gate BEFORE the action executes, never after.
  2. Never auto-approve, retry past, or bypass an "escalate" or "block".
  3. Never put secrets or credentials in action.metadata.
  4. Reuse one stable agentId for the workflow; do not mint a new one per run.

Errors the API can return, handle them:
  402 agent_gate_trace_credits_exhausted   out of monthly trace credits
  402 agent_gate_agent_cap_exceeded        too many distinct agentIds for the plan
  402 agent_gate_action_not_in_plan        that actionType is not on this plan
  403 agent_gate_agent_disabled            the operator killed this agent
  422 agent_id is required                 agentId missing
  429                                      rate limited, back off and retry

Check usage any time:
  curl -H "X-API-Key: $FORGE_API_KEY" https://forgeorbital.com/v1/agent-gate/me

Zero-code alternative: run it as an MCP server (npx -y forge-agent-gate init, then
serve) and call the gate_action tool before any consequential tool call.

Prefer no code at all? Run it as an MCP server: npx -y forge-agent-gate init, then serve, and your agent calls the gate_action tool before any consequential tool call. Same gate, same proof trail.

Or drop it in as an MCP server. No rewrite.

If your agent speaks the Model Context Protocol, point it at Forge Agent Gate and every tool call is checked before it runs. It is in the official MCP registry as com.forgeorbital/agent-gate.

{
  "mcpServers": {
    "forge-agent-gate": {
      "command": "npx",
      "args": ["-y", "forge-agent-gate", "serve"]
    }
  }
}

Write tools like place_order or issue_refund are gated: the server checks the action, records the proof trail, and executes only on an allow. Read-only tools pass through untouched.

What a blocked agent action looks like.

A synthetic example. The demo shows a payments action, but the same shape fits a refund bot, procurement agent, or approval workflow. Before anything reaches the target system, the action is checked against the mandate. Names, amounts, and hashes are illustrative, not real.

Illustrative Forge Agent Gate decision record (synthetic)
decision_id:        gate-2026-07-09-0000731
surface:            agent_pre_action_gate
agent:              payments_assistant_v2
mandate_ref:        payments_mandate_v3   (hash sha256:11ac93... )
disposition:        BLOCK
reasons:
  r1  amount = "4,000.00 USD" exceeds max_payment = "500.00 USD"
  r2  daily_outflow already at cap ("2,500.00 USD" of "2,500.00 USD")
  r3  payee "new-vendor-x" not in payee_allowlist

action_proposed:
  system:  payments
  payee:   new-vendor-x
  type:    vendor_payout
  amount:  4,000.00 USD

constraint_results:
  c1  max_payment              FAIL  (4000.00 > 500.00)
  c2  max_daily_outflow        FAIL  (cap reached)
  c3  payee_allowlist          FAIL  (not permitted)
  c4  allowed_hours             PASS
  c5  human_approval_threshold  N/A   (already blocked)

result:   payment not sent to any system
signature: Ed25519  (integrity check, verifies offline)
replay_key: rk_7f1c20a9e...  (same input reproduces this record)

Read it the way you would the morning after. The agent tried to send eight times its authorized amount to a vendor you never approved, after it had already hit the daily payout cap you set. None of that reached your payments system. You have a proof trail that it was stopped, and the exact reasons it was stopped. That is the difference between an agent that is autonomous and an agent that is unsupervised.

Bigger than trading

The gate does not care what the action is. It cares whether you authorized it.

Trading is the first demo because the fear is instant: an agent with a balance and no ceiling. The same is true of any agent that takes a consequential action. Give it a mandate it cannot exceed and a proof trail of every attempt. The action changes; the control does not.

One control layer, many consequential actions.

Trade Trading and brokerage agents. Position size, daily loss, venue allowlist. Offered as a separate Forge trading gate.
Spend and transfer Payments agents. Amount caps, new-payee approval, counterparty allowlists.
Refund and adjust Support and billing agents. Auto-approve ceilings, over-ceiling escalation, duplicate checks.
Approve and reject Workflow agents. Value thresholds that route to a human instead of executing silently.
Procure Procurement agents. Approved-vendor lists, spend limits, purchase-order gates.
Isolate and escalate Security and operations agents. Bounded response actions with a human boundary and a proof trail.

This is the same control an enterprise needs across finance, procurement, support, and security. The self-serve gate lets you watch it work on one agent today, before anyone signs a contract. One limited workflow is enough: a refund bot, a payments agent, or a procurement assistant. It runs on the same Forge decision engine that produces the proof trail.

Common questions.

How do I stop an AI agent from making a purchase or issuing a refund? Route the action through the Gate first. You sign a mandate with amount caps, allowlists, approval thresholds, and hours, and each action is checked before it executes. Anything outside the mandate is blocked or escalated, and every decision leaves a verifiable proof trail.
Can a system prompt enforce a spending or approval limit? No. A system prompt is a request, not an enforcement boundary. The Gate checks the action outside the agent, before it executes, so a prompt injection or a confused agent cannot exceed the limits you set.
How do I put a spending limit or approval threshold on an agent? Set a mandate once with amount caps, counterparty allowlists, per-day totals, approval thresholds, and hours. The gate enforces it deterministically on every action.
Does Forge take custody of funds or give trading advice? No. Agent Gate is a risk-control gateway and proof-trail layer. It never takes custody of funds or your venue keys, and it does not provide trading advice. It enforces the limits you set and records what your agent did.
What actions can Agent Gate control? Any consequential action an agent can take: issue a refund, send a payment, approve a vendor, route a procurement request, isolate an account, escalate a claim, or place a trade.

Put a ceiling on the agent before you need one.

Set the limit while you are calm, not while you are watching the balance drop. Watch the demo, get access, run one command, and your agent works inside rules you signed.