Forge Kit

CI/CD Workflows for Forge Kit

---

Overview

Forge Kit is a collection of production-grade infrastructure components extracted directly from the Forge Platform—battle-tested building blocks for building secure, observable, and resilient backend services.

Forge Kit focuses on horizontal concerns—the infrastructure every serious service needs—without prescribing business logic, workflows, or domain models.

Forge Kit is intentionally opinionated where it matters (security, observability, testability) and deliberately unopinionated where it should be.

---

What Forge Kit Provides

🔒 Security & Protection

• Rate Limiting & Throttling (forge-throttle)
  • Deterministic rate limiting (Bucket4j-based)
  • Clear separation of authenticated vs unauthenticated capacity
  • Zero-trust–friendly request enforcement patterns
  • Documentation →

📈 Observability

• Metrics Framework (forge-metrics)

  • Micrometer integration
  • Prometheus-ready metrics
  • Service, circuit breaker, database recorders
  • Documentation →

• Health Checks (forge-health)

  • Production-ready health checks
  • Liveness and readiness probes
  • Documentation →

🧱 Platform Utilities

• Common Utilities (forge-common)
  • Validation and error-handling primitives
  • Method entry logging
  • Documentation →

Each module is independently usable and documented.

---

What Forge Kit Is Not

Forge Kit is not a full platform. It does not include:

• ❌ Business workflows or domain logic
• ❌ Service orchestration
• ❌ Multi-tenant enforcement
• ❌ Authentication providers or identity flows
• ❌ Data persistence strategies
• ❌ SaaS lifecycle concerns
• ❌ Operational dashboards or SLO tooling

Forge Kit solves how to build reliable services—not what those services do.

---

Why Forge Kit Exists

Teams repeatedly re-implement foundational infrastructure with small variations, accumulating hidden risk that only surfaces under load or failure.

Forge Kit distills:

• ✅ Real-world operational experience
• ✅ Proven architectural patterns
• ✅ Sensible defaults with explicit escape hatches

The result is infrastructure code you can trust, understand, and extend.

---

Repository Structure

forge-kit/
├── forge-api/              # Annotations and contracts
    ├── forge-common-api/
    ├── forge-metrics-api/
    ├── forge-security-api/ 
    ├── forge-throttle-api/ 
├── forge-impl/             # Implementations
    ├── forge-common/           # Common utilities and helpers
    ├── forge-health/           # Health check implementations
    ├── forge-metrics/          # Metrics and observability
    ├── forge-security/         # Metrics and observability
    ├── forge-throttle/         # Rate limiting and throttling
├── examples/               # Usage examples and patterns
├── templates/              # Configuration templates
└── docs/                   # Architecture Decision Records (ADRs)

---

Getting Started

Add the required modules to your project:

<dependency>
  <groupId>io.forge</groupId>
  <artifactId>forge-throttle</artifactId>
  <version>1.0.0</version>
</dependency>

Each module includes focused documentation and examples.

📚 Documentation

• Examples →
• Templates →
• Architecture Decision Records →

---

Quality Gates

Forge Kit enforces strict quality gates in CI to ensure production readiness:

• Static analysis (PMD, SpotBugs, OWASP Dependency Check)
• Test coverage via OpenClover
• Deterministic unit and integration tests
• Conventional commits and semantic versioning via Commitizen

All checks must pass before release artifacts are published.

📄 See Code Quality & CI Enforcement for full details.

---

Relationship to the Forge Platform

Forge Kit is a foundational subset of the Forge Platform.

The Forge Platform builds on these same components to provide a fully integrated system, including:

• Service orchestration across multiple domains
• Zero-trust service-to-service security
• Multi-tenant SaaS architecture
• Authentication and authorization flows
• API gateways by user persona
• Operational tooling and production workflows

In short:

Feature	Forge Kit	Forge Platform
Infrastructure primitives	✅	✅
Domain services	❌	✅
Multi-tenant SaaS	❌	✅
Security orchestration	❌	✅
Operational maturity	❌	✅
Commercial support	❌	✅

Forge Kit answers: "How should we build this correctly?"
Forge Platform answers: "Do we need to build this at all?"

---

Architecture Decision Records (ADRs)

📘 View Architecture Decision Records

---

Who Should Use Forge Kit

Forge Kit is a good fit if you:

• Are building backend services from scratch
• Want production-grade infrastructure without vendor lock-in (excluding the forge-health-aws module)
• Prefer explicit, readable architecture over hidden framework behavior
• Value testability and operational clarity

If your primary goal is time-to-market rather than infrastructure ownership 👉 Forge Platform may be a better fit.

---

Support & Commercial Offering

Forge Kit is open-source and community-supported.

For teams looking to accelerate delivery with a fully integrated platform built on these same foundations, learn more about the 👉 Forge Platform.

Commercial inquiries and architecture discussions:

Andrew Eells
Forge Platform
[Contact Information]

---

License

Forge Kit is licensed under the MIT License.

---

Built with ❤️ by the Forge Platform team