Cortex+Forge
Sign in Start free trial
Enterprise · Bring-your-own-cloud

AI agents that work like senior engineers — in your cloud.

Cortex captures the decisions, patterns, and lessons your team has already paid for. Forge gives AI agents an isolated microVM to actually do the work — with your secrets, your code, your guardrails. The whole platform deploys into your GCP or AWS account in 15 minutes.

Start enterprise trial Read documentation
  • ✓ All data stays in your cloud — we never see KB, secrets, or agent transcripts
  • ✓ Firecracker microVMs by default — hardware-virt isolation per beam
  • ✓ SOC 2-friendly: hash-chained audit, deny-by-default egress, BYO-KMS
cortex.acme.example.com
$ forge-connect create fix-auth-bug
✓ beam booted in 187ms (firecracker, 2 vCPU, 4GB)
✓ KB context loaded — 3 pages relevant to auth/
✓ agent identity: cert-eng-troy-3a92.crt (1h ttl)

[agent] Reading src/auth/session.ts ...
[agent] Found regression: cookie expiry off by 1000x.
[agent] Patching, running tests ...
[agent] All tests pass. Opening PR #1247.

✓ artifacts: 1 PR, 2 audit events, 1 KB candidate
$ _
Deploys into Google Cloud · AWS · Azure (coming soon)

One platform, two layers

Cortex remembers what your team learns. Forge gives that knowledge a body — a sandbox where agents safely act on it.

🧠

Cortex — your team's living knowledge base

Atoms are extracted from specs, PRs, post-mortems, and Slack. Reviewers consolidate them into KB pages with provenance, ownership, and review SLAs. Agents pull from this — they don't reinvent context every session.

Forge — sandboxed agent runtime

Each agent task runs in its own Firecracker microVM (own kernel, hardware-virt isolation). Boots in ~125 ms from snapshot. No shared state between beams. Egress is deny-by-default.

🔒

Cert-based agent identity

Agents never hold API keys. Each gets a 1-hour cert chained from your tenant's CA, scoped to one beam, one user, one approval window. Every action is hash-chain audited.

🌐

Bring-your-own-cloud, by design

You run a single bootstrap script in your GCP project or AWS account. Cortex+Forge provisions a VPC, three VMs, Postgres, Redis, TLS. We never have access — we just issue licenses and ship updates.

🔧

Forge CLI for developers

forge-connect create spins up an isolated workspace where engineers and agents collaborate. forge-connect exec -- "claude '…'" runs an agent with the user's cert + the team's KB context pre-loaded.

📊

Audit-ready by default

Hash-chained append-only audit log of every state change — proposals, approvals, beam lifecycle, agent calls, integration writes. Pulled by your SIEM or polled via signed API. Object-locked retention for the legal window.

How it works

  1. 1

    Sign up at the portal

    4-step wizard: account → org → cloud → review. Takes 90 seconds. Nothing is provisioned in your cloud yet.

  2. 2

    Run one bootstrap command in your cloud

    From the dashboard, copy curl … | bash -s -- --license-key …. The script provisions VPC, three VMs, Postgres, TLS, and phones home when ready.

  3. 3

    Invite your team & connect integrations

    From your tenant dashboard at cortex.<you>.example.com: invite members, connect GitHub/Slack/Jira, set egress allow-lists.

  4. 4

    Engineers forge-connect from their laptop

    Beams boot in ~200 ms. Agents come pre-loaded with relevant KB. Every action audited. KB grows from artifacts when the beam is destroyed.

30-day trial. Five seats. Your cloud.

No credit card up front. Uninstall in one command. Export your data anytime.

Start trial →