# Forge > Your customers ask. Forge ships. Hosts plug Forge into their product; > their customers describe what they want; Forge writes, validates, and > ships a scoped extension into a sandboxed runtime inside the host's > product. The host owns the trigger surface, the model provider, the approval UI, and the product surface where extensions appear. Forge owns the build-time agent harness, the capability registry, the event-type catalog, the runtime, and the lifecycle API. Capabilities are design-time only — invoked by the build-time agent while writing extensions, not by extension code at runtime. Extensions at runtime use plain HTTP against host APIs with namespace-scoped secrets. Forge's runtime is open source as Cue, but operating it isn't part of the product — Forge customers don't think about it. Self-hosters who want the bare runtime can use Cue OSS directly. ## Pages - [Home](https://withforge.ai/): hero, three pillars (agent harness, capability surface, sandboxed runtime), the split between what you bring and what Forge ships. - [How it works](https://withforge.ai/how-it-works): the build-time loop (codegen → validate → retry → ship), plus the four integration points — subjects + scoped tokens, source adapters + capability registry, approval flow, event delivery. Code samples included. - [For apps](https://withforge.ai/for-apps): pitch to vertical SaaS founders / PMs whose roadmap can't ship every customer's edge case. The split between what your app owns and what Forge owns. Three trigger patterns (form, chat-with-refinement, assistant-inferred). Four UI patterns (embedded form, detail-page widget, modal, custom list view). - [For platforms](https://withforge.ai/for-platforms): pitch to platforms with existing app marketplaces and developer programs (Shopify-class, Salesforce-class). Forge as a per-customer codegen tier alongside the marketplace, not a competitor to it. - [Security](https://withforge.ai/security): how isolation is enforced — namespace sandboxing, capability scoping, subject-scoped tokens, HMAC-signed dispatch, approval-gated activation. Honest about what's not yet (no SOC 2, no third-party pen test). - [Cue OSS](https://withforge.ai/oss): the open-source runtime under Forge. Brief page; primarily for developers who want to self-host the runtime without the codegen layer. - [Request access](https://withforge.ai/request-access): pilots are open with a small group of vertical SaaS partners. - [Changelog](https://withforge.ai/changelog). ## Status Private pilot with a small group of partners. Not yet open to general signups. Email hello@withforge.ai for pilot conversations.