Security and trust posture

Forge is currently shaped for private pilot use. The MVP emphasizes workspace isolation, citation-backed artifacts, source deletion pathways, review history, and adapter boundaries. Regulated production workloads should wait for deeper controls: SSO, audit-log export, ACL inheritance, retention policy enforcement, and private deployment options.