[ Autonomous SDLC ]

Watch the AI build Forge.

A recorded walkthrough of real Forge runs: the planner authors stories, a team of sonnet sub-agents builds them, an adversarial pass verifies, and the owner reviews and commits. Five phases — thinking → stories → build → verify → commit.

honest

Recorded, candidate showcase — not a live stream. "Autonomous" means planner-authored, executor-built, and human-gated: the owner approves every gate. Live mode is deferred. Story titles, agent counts, test counts, file/line counts, and commit hashes are authored from real Forge-ecosystem build history — never a raw session transcript.

recorded · candidate3 runs · 1 queuesecrets masked · hosts redacted
[ the loop ]

The pattern, every run.

Planner-authored, executor-built, human-gated. The same gates these runs ran under.

  1. 1
    ThinkingPlanner reads the constitution + mistake ledger, cross-checks, decides.
  2. 2
    StoriesPlanner authors the queue — _bmad stories, one commit each.
  3. 3
    BuildExecutor runs multiple sonnet sub-agents: recon → build → verify.
  4. 4
    VerifyAdversarial + edge-case passes. Tests green before done.
  5. 5
    CommitOwner reviews, then commits. Not pushed — consent-gated.
[ Forge building Forge ]

Recorded runs, phase by phase.

Real diff stats, real test counts, real commit hashes — authored from Forge-ecosystem build history. Not a live stream; a curated, masked recording.

1.0.3

Auto-capture decisions & mistakes → Brain

Epic 1.0 — Memory
recorded
  1. 1
    thinkingPlanner reads the constitution + mistake ledger, then decides on an LLM-free heuristic detector.

    PLANNER (claude.ai browser) reads CONSTITUTION + MISTAKES_LEDGER + Brain memory first. Decision recorded to Brain: capture decisions/mistakes with a deterministic regex/heuristic detector — no per-session API cost, confidence always "candidate" so it never over-claims.

  2. 2
    storiesPlanner authors the queued story + acceptance criteria; executor never drafts its own.

    Acceptance criteria queued as _bmad/forge-product story: additive-only writes (never delete/overwrite), per-user isolation (the caller's token decides the account), Brain-unreachable → log + continue (never crash the hook), and secrets masked first4****last4 before any summary leaves the collector.

  3. 3
    buildExecutor runs four sonnet sub-agents: recon → detector → exporter → adversarial verify.
    reconsonnet · explore
    build-asonnet · detector
    build-bsonnet · exporter
    verifysonnet · adversarial

    recon reads the existing violation-detector + api-client before any new module. build-a writes claude-fuse/collector decision-mistake-detector.js (regex/heuristic catalogue, +357). build-b writes brain-exporter.js (cursor-tracked, error-resilient, +327) + the brain-api POST /api/memories route (Bearer→user_id scoped, additive INSERT, body user_id ignored, +42). 9 files changed, +1744 lines.

  4. 4
    verifyAdversarial + edge-case passes; one blocker found and fixed before done.
    verifysonnet · edge-case-hunter

    BLOCKER: a summary could carry an unmasked secret before POST — fixed by masking first4****last4 at the collector boundary and never POSTing raw evidence (evidence stays local, SEC-05). NOTE: collector/package.json left uncommitted (unrelated prior WIP) — deliberately scoped out of this story.

  5. 5
    commitOwner reviews and commits locally. Not pushed — consent-gated.

    One commit for the story, co-authored, local only. No deploy, no push — pushing requires a fresh, explicit owner yes (consent-gated).

verify · adversarial-verify + edge-case-hunter — masking blocker fixed, all green.
  • Secrets masked first4****last4 before any summary leaves the collector; raw evidence never POSTed.
  • Additive-only: a write with no key never upserts; never deletes or overwrites existing memories.
  • Per-user isolation: Bearer → user_id; a POST body user_id is ignored.
  • Brain unreachable → log + continue; the hook never crashes.
  • BRAIN_AUTO_CAPTURE=false opt-out honoured; the collector never reads data/ (SEC-05).
result · tests-green, owner-reviewed, not pushed
148 passing (detector 36 incl. secret-masking · collector vitest 97 · brain-api 15)
21eb4b5feat(1.0.3): auto-capture decisions & mistakes → Brain (claude-fuse + brain-api)
Co-Authored-By: Claude Opus 4.8commit-not-push · consent-gated
1.0.4

Promote-to-Brain: session-start memory recall

Epic 1.0 — Memory
recorded
  1. 1
    thinkingPlanner decides the assistant should recall recent decisions/mistakes at session start, not start cold.

    PLANNER frames the recall side of 1.0.3: a memory_context tool that returns recent per-user memories so context carries across sessions. Cross-checked against isolation rules — recall must be user_id-scoped.

  2. 2
    storiesPlanner queues the MCP tool + mirrored REST route + CLI surface as one story.

    Acceptance: memory_context MCP tool returns recent per-user memories at session start; REST /api/memories-context mirrors it (Bearer → user_id scoped); a claude-fuse-brain-context CLI surfaces recall to the hook.

  3. 3
    buildThree sonnet sub-agents: recon → tool+route → adversarial verify.
    reconsonnet · explore
    buildsonnet · tool+route
    verifysonnet · adversarial

    recon confirms the memory_store schema + REST mapping. build writes the brain-mcp memory_context tool (+205), the brain-api memories-context route (+195), and the claude-fuse-brain-context CLI (+104). 8 files changed, +771 lines.

  4. 4
    verifyAdversarial pass asserts isolation + recall ordering.
    verifysonnet · adversarial

    NOTE: recall must be user_id-scoped — the suite asserts a cross-user term is excluded from results, and that recall ordering is most-recent-first.

  5. 5
    commitOwner reviews and commits locally. Not pushed — consent-gated.

    One story, one commit, co-authored, local only. No push without a fresh owner yes.

verify · adversarial-verify — isolation + ordering assertions green.
  • memory_context returns recent per-user memories at session start.
  • REST /api/memories-context mirrors the MCP tool, Bearer → user_id scoped.
  • Per-user isolation enforced by user_id WHERE clauses; a B-only term never surfaces for A.
  • Recall ordering is most-recent-first.
result · tests-green, owner-reviewed, not pushed
75 passing (memory-context 18 · brain-mcp regression 57)
c3ee815feat(brain-mcp): story 1.0.4 — memory_context session-start recall
Co-Authored-By: Claude Opus 4.8commit-not-push · consent-gated
4.0.5

Auto-SDLC safety rails: cross-user isolation backstop

Epic 4.0 — Autonomous SDLC
candidate
  1. 1
    thinkingPlanner decides the approval gates this run ran under should become tested harness features, not tribal knowledge.

    The gates — per-user isolation, dry-run-first, archive-not-delete, no-push-without-consent — are codified. This story adds a server-side isolation backstop so a scoping bug fails closed instead of leaking across users.

  2. 2
    storiesPlanner queues the isolation backstop as a tests-first story.

    Acceptance: cross-user read returns 404 (non-enumeration, not 403); cross-user delete denied + the row survives; an A-scoped search excludes a B-only term; a POST body user_id is ignored (the token wins); storeMemory throws on a missing userId (fail closed).

  3. 3
    buildThree sonnet sub-agents: audit → tests → verify-no-behaviour-change.
    reconsonnet · audit
    buildsonnet · tests
    verifysonnet · adversarial

    recon audits every IP-keyed + user-keyed path for scoping correctness. build writes brain-api/tests/memories-isolation.test.js (8 isolation assertions, +209) + marks the Epic 2.0 build-readiness D1 item resolved. 2 files changed, +211 lines. A pure backstop — no behaviour change.

  4. 4
    verifyAdversarial pass confirms this is a backstop only — no behaviour change.
    verifysonnet · adversarial

    NOTE: build-readiness D1 (last-write-wins + conflict log) marked RESOLVED with owner sign-off recorded to Brain. Verify confirms existing endpoints behave identically — the tests only lock in the guarantees.

  5. 5
    commitOwner reviews and commits locally. Not pushed — consent-gated.

    One story, one commit, co-authored, local only. Push stays consent-gated.

verify · adversarial-verify — 8 isolation assertions green, no behaviour change.
  • Cross-user read returns 404 (non-enumeration), not 403.
  • Cross-user delete is denied and the target row survives.
  • An A-scoped search excludes a B-only term.
  • A POST body user_id is ignored — the token wins.
  • storeMemory throws on a missing userId (fail closed).
result · tests-green, owner-reviewed, not pushed
8 passing (cross-user isolation)
6c01a46test(4.0.5): brain-api cross-user isolation backstop + mark D1 resolved (LWW)
Co-Authored-By: Claude Opus 4.8commit-not-push · consent-gated

This is how Forge builds Forge today: a planner that cross-checks the mistake ledger, a queue of pre-written stories, a team of sub-agents, an adversarial verify, and an owner who approves every gate. Recorded — not live. Live mode is deferred.