Aleris Forge  learn
Skip to the console →

Deploy your first born-secure app

You'll bring klinfys onto forge yourself — six small steps, no server access, no one in the loop. Each step does the real thing.

1

Log in as yourself

This is you — a real person. (Mock login here; Azure → Authentik in production.) You get a token, never the keys to the box.

2

You hold a token, not the keys

Forge's broker holds the only privileged connection. Your role can't even CREATE SCHEMA. The broker provisions on your behalf — so you can't create an insecure app, even by accident.

Understood — the airlock.
3

Declare how your app is built

You tell forge klinfys's shape. Forge checks this against the live reality — a false claim only hardens the checks; it never waves you through.

write path  ·  through RPC functions
tenancy  ·  one organisation
data  ·  employee competency — no patient PII
Declared.
4

Provision — born secure

The broker generates a born-secure schema (RLS forced, the controller + owner wall, an append-only audit log — injected, not optional), materialises dev + prod, and the gate verifies each.

5

Deploy

Ship it. dev and prod get the same born-secure schema; one audit row; and no key ever leaves forge.

6

It's yours

klinfys is live and born-secure — and you did it with no lab access and no one in the loop. That is the whole point: the operator stops being the middleman.

That's the loop.

Login → declare → gate → provision → deploy — self-service, born-secure, yours. The console shows your estate.

Open the console