Features Docs Blog Company GitHub
Try Forge →
⭐ Flagship

Forge — our flagship product, built on SC

Forge is a workflow engine for AI agent teams, deployed entirely on Simple Container. We built it to prove the SC architecture at scale. You can dogfood the same patterns.

Multi-runtime architecture
Reasoning agents on AWS Lambda, long-running workers on Fargate, marketing sites on S3+CloudFront. All from one parent stack.
Cross-repo parent references
Forge’s parent stack lives in one repo; six other service repos reference it via parent: forge/infra. SC resolves it at deploy time.
Per-service secrets, shared resources
MongoDB Atlas + S3 + ECR shared across services. Per-service env via ${resource:foo.uri}. No copy-paste.
Secrets safe from AI agents
Forge agents touch real Stripe / GitHub / Postgres credentials. SC’s encrypted-in-git foundation + Forge’s tool-proxy + DLP egress means agents never hold plaintext.

The Forge stack on SC, in one picture

forge (repo) — parent stack `forge/infra`
   ↓ provisioner: AWS · state bucket: sc-simple-forge-state · DNS zones: simple-forge.com (Forge services + product site) + simple-container.com (this site)
   │
   ├── forge-aigateway     ← Lambda · ai.simple-forge.com
   ├── forge-conductor     ← Lambda · app.simple-forge.com
   ├── forge-sessions      ← Lambda · sessions.simple-forge.com
   ├── forge-runtime       ← Fargate workers + ECR for VM-based agents
   ├── simple-forge.com    ← S3 + CloudFront (the Forge product site)
   └── simple-container.com← S3 + CloudFront (this site)

Every box above is a separate repository with its own .sc/stacks/<name>/client.yaml that references parent: forge/infra. The parent is checked out by SC at deploy time via the parentRepository config in each child’s .sc/cfg.github.yaml.

What you get if you adopt the same pattern

  • One source of truth for shared infra — one parent stack defines your DB, queue, registries, DNS, ACM certs. New services don’t reprovision them.
  • Cross-repo deployments stay sane — parent stack in one place; child stacks live with the code they describe.
  • State is segregated — each child stack has its own Pulumi state. Roll back one without touching others.
  • CI is one workflow per stacksc cicd generate -s <stack> produces the GitHub Actions YAML; you commit and forget.
  • Receipts on every deploysc release runs scan + sign + SBOM + provenance as part of the pipeline.

Why Forge needed Simple Container

When we started Forge, we asked the same question every multi-agent platform asks: how do AI agents touch real production infrastructure safely? Multi-step agentic workflows on real customer accounts is a security minefield — secrets, deploy access, rollback authority, audit trail, all of it.

SC answered the substrate question: encrypted-in-git secrets, deterministic Pulumi-backed deploys, per-service IAM, the whole sc release supply-chain pipeline. Forge wraps SC with the AI orchestration on top: multi-persona workflows, manager validation per handoff, git as the audit trail. The combination is what actually delivers 0-to-prod.

If you want to read the long version, the blog post walks through it.

Read more

Ship your infrastructure on autopilot.

Try the SC parent stack in your own repo, or see what we built on top of it — Forge, our flagship AI workflow engine for teams.

Get started on GitHub Try Forge →