ποΈ Platform Overview¶
Forge is SAIF's internal developer platform β the cloud-native foundation teams use to build, deploy, and operate applications.
π See Also: Platform Principles Β· Platform History Β· Roadmap
π Overview¶
Forge was created to solve a structural problem: every team was solving the same infrastructure, security, and deployment problems in different ways, creating inconsistency, risk, and toil. Forge consolidates those solutions into a single, opinionated platform so development teams can focus on business outcomes rather than infrastructure plumbing.
The platform launched in 2025 and is currently at version 3.0, running in production across SAIF's cloud environment on Microsoft Azure.
β¨ What Forge Provides¶
Golden Path β From Code to Production¶
A new application follows a single, standardized path from scaffolding to production deployment. The SAIF CLI (saif new) generates a complete project including source code, infrastructure-as-code, CI/CD pipelines, authentication, and API contracts. Same-day first deployments are the target.
| Stage | What Forge Automates |
|---|---|
| Scaffolding | Project structure, build, lint, test configurations |
| Infrastructure | Azure resources via pre-built, security-hardened Terraform modules |
| Authentication | Okta (external) and Microsoft Entra ID (corporate) out of the box |
| Authorization | API scopes, app roles, and business role mappings via YAML |
| Deployment | Azure DevOps CI/CD pipelines targeting Container Apps |
| Observability | OpenTelemetry + Dynatrace wired in by default |
| Secrets | Azure Key Vault via managed identity β no credentials in code |
| API Contracts | TypeSpec-first design with auto-generated clients and documentation |
𧱠Technology Foundation¶
Forge standardizes on a modern, Microsoft-aligned technology stack. These are not suggestions β they are the platform defaults enforced by templates and infrastructure modules.
| Capability | Technology | Notes |
|---|---|---|
| Runtime | .NET 10 (LTS) | C# across all workloads (APIs, functions, workers) |
| Frontend | React | SPA pattern via Forge templates |
| Local Orchestration | Aspire 13.x | Service discovery, mocking, telemetry locally |
| Hosting | Azure App Service (Linux) | Containerized, VNet-integrated |
| Edge / CDN | Azure Front Door | Public entry point; routes to APIM via Private Link |
| API Gateway | Azure API Management | Auth, rate limiting, policies β centrally managed |
| Database (Relational) | Oracle via Entity Framework Core | EF Core is the data access standard |
| Database (Document) | Azure Cosmos DB via Entity Framework Core | Optional; same EF Core pattern |
| Messaging | Azure Service Bus | Events and async workflows |
| Identity (External) | Okta | Customer and partner-facing |
| Identity (Corporate) | Microsoft Entra ID | Internal users; delivered in Forge 3.0 |
| Secrets | Azure Key Vault + Managed Identity | No stored credentials anywhere |
| Observability | OpenTelemetry β Dynatrace | Logs, traces, and metrics unified |
| IaC | Terraform (Terraform Cloud) | Modules published via iac-azure-modules and iac-okta-modules |
π Security by Default¶
Security in Forge is not a configuration option β it is a platform constraint.
- Zero public access by default β All new resources are private; teams explicitly grant access
- No hardcoded credentials β Managed identities replace service accounts and stored passwords
- Auth enforced at the gateway β Azure API Management handles authentication and authorization so application code doesn't carry that responsibility
- True Authorization model β Access requires both an authorized application and an authorized user via overlapping scope + app role checks (see Authorization reference)
- On-premise bridge (planned) β Legacy applications authenticating via Windows Auth/NTLM will integrate with Forge Experience APIs through a platform-managed API key pattern. Designed in ADR-0009; tracked in #455
π Environments¶
Forge provides a structured, consistent set of environments from developer workstation to production.
| Environment | Purpose | Deployment |
|---|---|---|
| Local | Active feature development | Developer machine (Aspire) |
| Test | Integration validation | Continuous, automatic |
| QA | QA team testing | Continuous with peer approval |
| UAT | Business acceptance testing | Continuous with product owner approval |
| Production | Live workloads | Blue/green slot swap with approval |
Blue/green deployments use Azure App Service deployment slots β new versions are warmed up in a slot and swapped into production with approval, enabling instant rollback. Local development mirrors production topology via Aspire service orchestration and WireMock-based service mocking β no VPN or cloud dependencies required.
π Platform Maturity¶
Forge is in active production and under continuous delivery.
| Metric | Value |
|---|---|
| Current Major Version | 3.0 |
| Production Since | 2025 |
| Release Cadence | Continuous (semantic versioning) |
| Templates Available | API, Event Service, Test Tools, Frontend (React) |
| Auth Providers | Okta (external), Entra ID (corporate) |
πΊοΈ What's Next¶
See the Roadmap for current initiatives, priorities, and rationale.
π¬ Engaging the Platform Team¶
| Channel | Use For |
|---|---|
| Teams β Platform Support | Questions, troubleshooting, general discussion |
| GitHub Issues β forge | Feature requests, bug reports, roadmap input |
Last Updated: March 2026