You'll bring klinfys onto forge yourself — six small steps, no server access, no one in the loop. Each step does the real thing.
This is you — a real person. (Mock login here; Azure → Authentik in production.) You get a token, never the keys to the box.
Forge's broker holds the only privileged connection. Your role can't even CREATE SCHEMA. The broker provisions on your behalf — so you can't create an insecure app, even by accident.
You tell forge klinfys's shape. Forge checks this against the live reality — a false claim only hardens the checks; it never waves you through.
The broker generates a born-secure schema (RLS forced, the controller + owner wall, an append-only audit log — injected, not optional), materialises dev + prod, and the gate verifies each.
Ship it. dev and prod get the same born-secure schema; one audit row; and no key ever leaves forge.
klinfys is live and born-secure — and you did it with no lab access and no one in the loop. That is the whole point: the operator stops being the middleman.
Login → declare → gate → provision → deploy — self-service, born-secure, yours. The console shows your estate.
Open the console