Appendix Q · Reference
Unified API Surface Index
One index, four surfaces. Every 104 MCP tool, every 97 CLI command, every REST endpoint domain, and every SDK export, alphabetized, grouped, and cross-linked. If you can't remember whether forge_secret_scan has a CLI wrapper, this is the page.
The source of truth. This appendix is a navigable index, not a reference manual. For deep usage:
On this page
The four surfaces
Plan Forge exposes its capabilities through four orthogonal transports. The same handler set backs all four, choosing one is a question of who is calling.
| Surface |
Count |
Auth |
Best for |
| MCP (stdio + WebSocket) |
104 tools |
Transport-bound (stdio = inherited trust; WS = bearer) |
Copilot, Claude, Cursor, Codex, anything speaking MCP |
CLI (pforge) |
97 commands |
Local filesystem trust + PFORGE_API_TOKEN |
Scripts, cron, humans in terminals, CI runners |
REST (/api/*) |
103 endpoints across 17+ domains |
Bearer token in Authorization header |
HTTP clients, CI, dashboards, mobile, anything cross-process |
SDK (pforge-sdk) |
12 sub-paths |
Bearer token via createClient |
Node.js / TypeScript callers wanting typed responses |
WebSocket events on /api/hub are the fifth, observation-only surface, see Chapter 29 — Integrating from Outside. The full payload schema for every hub event is in Appendix V — Event Catalog.
Canonical source: pforge-mcp/tools.json. The full description, input schema, error map, and example for each tool is exposed via forge_capabilities. The table below is the one-line index.
Diagnostics & setup (7)
| Tool | Purpose |
|---|
forge_smith | Inspect the forge, env, VS Code, setup health, version currency, common problems |
forge_validate | Validate Plan Forge setup, required files, counts, unresolved placeholders |
forge_status | All phases from DEPLOYMENT-ROADMAP.md with current status |
forge_diff | Compare changes against a plan's Scope Contract, drift + forbidden edits |
forge_sweep | Completeness sweep, scan for TODO/FIXME/HACK/stub/placeholder/mock markers |
forge_audit_export | Export audit events from .forge/runs/*/events.log — ACI-paginated, filterable by date/type/run |
forge_diff_stats | Classify staged git diff changes by category (plan, test, docs, config, chore, scope) — advisory only, never blocks |
GitHub stack (3)
forge_github_status | Inspect the GitHub-native AI surface (instructions, agents, MCP wiring, workflows, gh CLI) |
forge_github_metrics | Live GitHub repo metrics via gh CLI, stars, PRs, issues, commit activity |
forge_delegate_review | Delegate PR review to the Copilot Coding Agent (cloud) |
Team coordination (2)
forge_team_dashboard | Multi-developer coordination, per-developer cards + conflict-risk assessment |
forge_team_activity | Read recent run summaries from .forge/team-activity.jsonl |
Plan execution (8)
forge_new_phase | Create a new phase plan + roadmap entry |
forge_analyze | Cross-artifact analysis, traceability, coverage, scope, validation gates |
forge_run_plan | Execute a hardened plan, spawn workers, validate at every boundary, track tokens |
forge_abort | Abort the currently running plan execution |
forge_plan_status | Status of the latest plan execution run |
forge_regression_guard | Run gate commands from plan files against the current codebase |
forge_export_plan | Convert a Copilot cloud agent session plan into a hardened Phase-X-PLAN.md |
forge_pipelines_list | List the four standing capture pipelines and report their last-write timestamps plus Anvil hit rates |
Cost & quorum (5)
forge_cost_report | Total spend, per-model breakdown, monthly aggregation from cost-history.json |
forge_estimate_quorum | Projected plan cost under all four quorum modes (auto/power/speed/false) |
forge_estimate_slice | Projected cost for a single slice under a chosen quorum mode |
forge_quorum_analyze | Assemble a structured 3-section quorum prompt from any LiveGuard data source |
forge_doctor_quorum | Preflight viability check, probe all preset models, report availability + fallbacks |
Crucible — idea smelting (8)
forge_crucible_submit | Submit a raw idea, start a new smelt |
forge_crucible_ask | Advance the interview, supply an answer, get the next question |
forge_crucible_preview | Render the current draft as a Markdown plan |
forge_crucible_finalize | Atomically claim a phase number, write Phase-NN.md, stamp crucibleId: |
forge_crucible_list | List smelts (newest first), optionally filtered by status |
forge_crucible_abandon | Abandon a smelt, release any phase-number claim |
forge_crucible_import | Import a Spec Kit project, deterministic, LLM-free field mapping |
forge_crucible_status | List smelts by source and status, or inspect a single smelt |
Tempering — coverage & quality (5)
forge_tempering_scan | Read-only scan of an existing coverage report (lcov/cobertura/jacoco/cover.out/...) |
forge_tempering_status | Latest N scan summaries, dashboard feed + forge_smith panel |
forge_tempering_run | Execution harness, runs unit/integration/UI/API scanners per stack preset |
forge_tempering_approve_baseline | Promote current screenshot to visual-diff baseline |
forge_tempering_drain | Round-loop wrapper, re-probe until convergence or max-rounds cap |
Triage, bugs & classifiers (6)
forge_triage_route | Route a tempering finding into bug / spec / classifier lane |
forge_classifier_issue | File a GitHub issue proposing a classifier rule update (closes the audit loop) |
forge_bug_register | Register a bug discovered by a tempering scanner |
forge_bug_list | List bugs with optional filters |
forge_bug_update_status | Transition status (open → in-fix → fixed) with validation |
forge_bug_validate_fix | Re-run the scanner that discovered a bug to verify the fix |
Memory, provenance & brain (9)
forge_memory_capture | Capture a thought, decision, or lesson into OpenBrain persistent memory |
forge_memory_report | Aggregate health of every memory surface (L2 jsonl, OpenBrain queue, search cache, orphans) |
forge_sync_memories | Generate .github/copilot-memory-hints.md from trajectories + auto-skills + brain |
forge_brain_replay | Bulk-load records into OpenBrain via capture_thought from a local source file |
forge_brain_test | Round-trip test against OpenBrain (L3 memory) — write a test thought and read it back |
forge_hallmark_show | Show Hallmark provenance records — immutable milestone stamps written at slice completions, gate passes, phase closures |
forge_hallmark_verify | Verify a Hallmark record has not drifted — re-hashes the referenced source file and compares against the stored hash |
Copilot integration (1)
forge_sync_instructions | Generate .github/copilot-instructions.md from profile + principles + .forge.json |
Lattice — code graph (5)
forge_lattice_index | Build/update the code-graph index, chunks tracked files, persists JSONL |
forge_lattice_stat | Bounded summary, chunk count, edge count, language dist, Anvil hit rate |
forge_lattice_query | Search chunks by name, language, kind, or file path |
forge_lattice_callers | Find all chunks that reference a given symbol |
forge_lattice_blast | BFS traversal, expand callees/callers from a seed chunk up to depth N |
Knowledge graph & patterns (2)
forge_graph_query | Query the in-memory knowledge graph (Phase/Slice/Commit/File/Run/Bug nodes) |
forge_patterns_list | List recurring patterns detected across runs (4 detectors) |
Anvil — memoization cache (5)
forge_anvil_stat | Inspect the Anvil memoization cache — entries, bytes, oldest entry, per-tool hit/miss counters |
forge_anvil_clear | Delete Anvil cache entries — scope by tool name, by age (olderThanMs), or both |
forge_anvil_rebuild | Invalidate Anvil cache entries for files changed since a git commit SHA |
forge_anvil_dlq_list | List dead-letter queue entries — records of cache writes that failed and were quarantined |
forge_anvil_dlq_drain | Drain (purge) dead-letter queue entries from the Anvil memoization cache |
Semantic recall & embeddings (3)
forge_local_search | Semantic search over local .forge/ thought stores — TF-IDF or neural embeddings backend |
forge_local_recall_status | Inspect and manage the persistent TF-IDF index cache used by forge_local_search |
forge_embedding_status | Report embedding backend status — whether @xenova/transformers (neural) or TF-IDF is active, corpus size, configured backend override |
Health, trends & hotspots (4)
forge_drift_report | Score codebase against architecture guardrail rules, track drift over time |
forge_health_trend | Aggregate drift, cost, incidents, model performance over configurable window |
forge_hotspot | Identify git churn hotspots, files that change most frequently |
forge_alert_triage | Rank incidents + drift violations by severity × recency |
Incidents, deploys & dependencies (3)
forge_incident_capture | Capture an incident, description, severity, files, resolution time (MTTR) |
forge_deploy_journal | Record a deployment, version, deployer, notes, optional slice ref |
forge_dep_watch | Scan dependencies for known vulnerabilities (npm audit / equivalent) |
LiveGuard — deploy safety (4)
forge_secret_scan | Post-commit entropy analysis, scan git diff for likely leaked secrets |
forge_env_diff | Compare env var keys across .env files, detect missing keys |
forge_liveguard_run | Run all applicable LiveGuard checks in a single call, return unified report |
forge_diff_classify | Classify staged git diff against 6 safety categories: leaked-secret, prompt-injection, eval/exec introduction, license-incompatible paste, scope-undeclared change, and test-only change |
Fix & runbook (3)
forge_fix_proposal | Generate 1-3 slice fix plan from drift / incident / secret / Crucible / tempering finding |
forge_runbook | Generate human-readable operational runbook from a hardened plan |
forge_diagnose | Multi-model bug investigation, dispatch to multiple models, synthesize root cause |
Skills & org rules (3)
forge_skill_status | Recent skill execution events from the WebSocket hub history |
forge_run_skill | Execute a skill programmatically, parse SKILL.md, run with validation gates |
forge_org_rules | Consolidate .github/instructions/*.instructions.md for org-level Copilot |
Cross-project watching (2)
forge_watch | Read-only observer that tails another project's pforge run |
forge_watch_live | Live event stream from another project's pforge run for a fixed duration |
Review queue (3)
forge_review_add | Add an item to the review queue |
forge_review_list | List review queue items with filters and pagination |
forge_review_resolve | Resolve an open review item (approve/reject/defer) |
Delegation & notifications (3)
forge_delegate_to_agent | Route a tempering bug to the appropriate agent/skill for read-only analysis |
forge_notify_send | Send a notification directly via a named adapter (bypass routing) |
forge_notify_test | Test notification adapter configuration |
Search, timeline & snapshots (4)
forge_search | Search across runs, bugs, incidents, tempering, hub events, review queue, memories, plans |
forge_timeline | Unified chronological view across all sources with correlationId grouping |
forge_home_snapshot | Aggregated snapshot of Crucible, runs, LiveGuard, Tempering + trimmed feed |
forge_capabilities | Machine-readable API surface, tools, CLI, workflows, config, dashboard, extensions |
Testbed (3)
forge_testbed_run | Run a testbed scenario against an external testbed repository |
forge_testbed_findings | Query testbed defect-log findings |
forge_testbed_happypath | Run all happy-path testbed scenarios sequentially |
Extensions, Forge-Master, image gen, meta (5)
forge_ext_search | Search the Plan Forge community extension catalog |
forge_ext_info | Detailed info for a specific extension (author, version, install command) |
forge_master_ask | Ask Forge-Master to reason about workflows (read-only orchestration) |
forge_generate_image | Generate an image via xAI Grok Aurora or OpenAI DALL-E |
forge_meta_bug_file | File a self-repair meta-bug against Plan Forge itself |
Total: 104 MCP tools across 24 domains. Run forge_capabilities for the machine-readable manifest with full schemas, cost tiers, intent tags, and error maps.
CLI commands — pforge
Canonical source: pforge.ps1 + pforge.sh (mirror implementations). Schema doc: pforge-mcp/cli-schema.json. The full reference with arguments, flags, and examples lives in Chapter 8 — CLI Reference; this is the one-line index.
Core (12)
pforge smith Diagnose environment + setup health
pforge check Validate setup files
pforge validate (alias) Validate Plan Forge setup
pforge status Show phase status from roadmap
pforge sweep Scan for TODO/FIXME markers
pforge tour Guided walkthrough of installed Plan Forge files
pforge help Show help
pforge config get/set <k> [v] Read or write keys in .forge.json (atomic)
pforge update Update framework files (auto-selects source)
pforge self-update Force-pull latest GitHub release
pforge install First-time install bootstrap
pforge init Initialize a new project
Plan + analysis (12)
pforge new-phase <name> Create a new phase plan + roadmap entry
pforge analyze Cross-artifact consistency scoring (0-100)
pforge run-plan <plan> Execute a hardened plan
pforge diff <plan> Compare changes against plan Scope Contract
pforge phase-status Update phase status in DEPLOYMENT-ROADMAP
pforge regression-guard <plan> Run validation gates from plan files
pforge plan-from-sarif <sarif> Generate a fix plan from a SARIF findings file
pforge fix-proposal <finding> Generate a 1-3 slice fix plan
pforge runbook <plan> Generate operational runbook from a plan
pforge branch <plan> Create git branch from plan's Branch Strategy
pforge commit Auto-generate conventional commit from slice goal
pforge version-bump [v] Update VERSION + package.json + badges
Team + Copilot (8)
pforge team-dashboard Per-developer cards in the terminal
pforge team-activity Query the team-activity.jsonl ledger
pforge sync-memories Generate .github/copilot-memory-hints.md
pforge sync-instructions Generate .github/copilot-instructions.md
pforge sync-spaces Sync inter-project memory spaces
pforge github status Inspect GitHub-native AI surface
pforge github metrics Live repo metrics via gh CLI
pforge org-rules Export org-level custom instructions
Quality, drift & health (10)
pforge drift Score codebase against architecture guardrails
pforge hotspot Identify git churn hotspots
pforge health-trend Drift, cost, incidents, model perf over time
pforge digest Daily digest, yesterday's deltas + anomalies
pforge triage Triage open alerts by priority
pforge dep-watch Dependency vulnerability + freshness
pforge incident capture Record an incident
pforge deploy-log Record a deployment
pforge audit-loop Drive a single audit-loop iteration
pforge audit list/show Inspect classifier audit findings
Tempering (4)
pforge hammer-fm Run the full tempering harness (false-marker scan)
pforge testbed-happypath Run all happy-path testbed scenarios
pforge regression-guard (also a plan command) Run gates as guard
pforge mcp-call <tool> ... Invoke any MCP tool not yet wrapped by a verb
Memory + brain (6)
pforge drain-memory Drain OpenBrain queue via local MCP REST
pforge migrate-memory Merge legacy *-history.json into .jsonl
pforge fm-session Start a Forge-Master reasoning session
pforge fm-recall Recall a prior Forge-Master session
pforge anvil stat/purge Inspect / reset the Δ-only memoization layer
pforge lattice index/stat/... Code-graph index commands
Security & environment (5)
pforge secret-scan Scan recent commits for high-entropy strings
pforge env-diff Compare .env keys across environments
pforge quorum-analyze Assemble quorum prompt from LiveGuard data
pforge hallmark verify Verify Hallmark provenance envelopes
pforge ext add/remove/... Extension management
Total: 57+ top-level CLI commands across 7 functional areas. Run pforge --help for the live listing on your installed version.
REST endpoints — /api/*
Canonical source: handlers in pforge-mcp/server.mjs + pforge-mcp/dashboard/. Full per-endpoint reference: Appendix W — REST API Reference; raw dump in docs/REST-API.md on GitHub. OpenAPI spec: GET /api/openapi.json.
116 endpoints organize into these prefixes (one-line summary each, see Appendix W for verbs, query params, request/response shapes, and error codes):
| Prefix |
Endpoints |
Covers |
/api/plan | ~10 | Plan execution, status, abort, runs |
/api/cost | ~6 | Cost report, estimate-quorum, estimate-slice |
/api/team | ~5 | Team dashboard, activity feed, ledger queries |
/api/copilot-instructions | 3 | Read / preview / sync the trilogy file pair |
/api/graph | ~5 | Knowledge graph query, stats, rebuild |
/api/lattice | ~5 | Code-graph index, query, callers, blast |
/api/liveguard | ~6 | Secret scan, env diff, unified run, runbooks |
/api/bugs | ~6 | Register, list, update-status, validate-fix |
/api/crucible | ~10 | Submit, ask, preview, finalize, abandon, import, list, status |
/api/tempering | ~6 | Scan, status, run, drain, approve-baseline |
/api/incident | ~4 | Capture, list, MTTR, deploy-journal |
/api/health | ~5 | Drift report, trends, hotspot, alert triage |
/api/review | 3 | Add / list / resolve review queue items |
/api/forge-master | ~4 | Read-only reasoning agent ask + session mgmt |
/api/search | ~3 | Cross-artifact search, timeline, home snapshot |
/api/notify | 2 | Send / test notification adapters |
/api/ext | ~4 | Extension search, info, install, remove |
/api/anvil | ~5 | Cache stat, clear, rebuild, DLQ list, DLQ drain |
/api/embedding | ~2 | Embedding backend status, local-recall index status |
/api/audit | 1 | Audit event export (paginated, filterable by date / type / run) |
/api/hub | 1 (WS) | WebSocket event stream, 60+ event types |
/api/openapi.json | 1 | OpenAPI 3 spec for the entire surface (codegen-ready) |
SDK — pforge-sdk
Twelve sub-paths, all pure Node.js (zero runtime dependencies). Full reference: pforge-sdk/README.md on GitHub.
| Import |
Key exports |
Use when |
pforge-sdk |
Re-exports all sub-paths below |
Single import for all SDK utilities |
pforge-sdk/tools |
tools, getTool, getToolsByRisk, getToolsByIntent |
Loading + filtering the MCP tool registry from Node.js |
pforge-sdk/hallmark |
buildProvenance, validateProvenance, mergeProvenance |
Stamping / validating Hallmark provenance envelopes |
pforge-sdk/chunker |
validateChunk, CHUNK_KINDS |
Validating Lattice code-graph chunk records |
pforge-sdk/client v0.4.0 |
PForgeClient, createClient, PForgeClientError |
Calling the Plan Forge REST API from Node.js without raw fetch |
pforge-sdk/anvil v0.5.0 |
computeAnvilKey, anvilEntryPath, anvilCacheDir, anvilStatsPath |
Computing Anvil cache keys + paths without running the server |
pforge-sdk/lattice-query v0.5.0 |
LatticeQueryBuilder, tokenizeForSearch, scoreChunk |
Building fluent Lattice queries + scoring chunks without the server |
pforge-sdk/notifications/adapter-contract v0.5.0 |
validateAdapterShape, ERR_NOT_IMPLEMENTED |
Validating a custom notification adapter shape before registering it |
pforge-sdk/run-reader v0.6.0 |
listRuns, readRunMeta, readRunSummary, readRunIndex, parseEventLine |
Offline access to .forge/runs/ artifacts — no running server required |
pforge-sdk/plan-reader v0.7.0 |
listPlans, readPlan, getPlanStatus, getPlanSlices, plansDir |
Offline access to docs/plans/ plan files — read status, slices, and frontmatter without a server |
pforge-sdk/thought-reader v0.8.0 |
readThoughts, readAllThoughts, listThoughtSources, parseThoughtLine, thoughtFilePath |
Offline access to .forge/*.jsonl thought stores — OpenBrain queue, archive, DLQ, and LiveGuard memories |
pforge-sdk/digest-reader v0.9.0 |
listDigests, readDigest, readLatestDigest, overallSeverity, getSectionsByMinSeverity, digestFilePath |
Offline access to .forge/digests/*.json daily digest files — list, read, and compute severity |
Surface coverage matrix
Not every capability is exposed through every surface. This matrix shows which features have CLI wrappers, REST endpoints, and SDK helpers. Use it to pick the right surface for a caller.
| Capability |
MCP |
CLI |
REST |
SDK |
Plan execution (run-plan) | ✓ | ✓ | ✓ | ✓ |
| Cost reporting + estimates | ✓ | ✓ | ✓ | ✓ |
| Copilot trilogy (memory + instructions sync) | ✓ | ✓ | ✓ | ✓ |
| Team dashboard + activity | ✓ | ✓ | ✓ | ✓ |
| Knowledge graph queries | ✓ | ✓ | ✓ | ✓ |
| Daily digest | — | ✓ | ✓ | ✓ |
| LiveGuard checks (secret/env/full) | ✓ | ✓ | ✓ | ✓ |
| Tempering (scan, run, drain) | ✓ | ✓ | ✓ | ✓ |
| Crucible smelting | ✓ | ✓ | ✓ | ✓ |
| Forge-Master (read-only reasoning) | ✓ | ✓ | ✓ | ✓ |
| Lattice code graph | ✓ | ✓ | ✓ | ✓ |
| Hallmark stamp / verify | — | ✓ | — | ✓ |
| Anvil purge / stat | — | ✓ | ✓ | ✓ |
| Bug registry CRUD | ✓ | — | ✓ | ✓ |
| WebSocket live events | — | — | ✓ | ✓ |
| Self-update / install | — | ✓ | — | — |
| Notification adapter contract validation | — | — | — | ✓ |
Offline run artifact access (run-reader) | — | — | — | ✓ |
Offline plan file access (plan-reader) | — | — | — | ✓ |
Offline thought store access (thought-reader) | — | — | — | ✓ |
Offline digest file access (digest-reader) | — | — | — | ✓ |
| Anvil cache management | ✓ | ✓ | ✓ | ✓ |
| Semantic recall / local search | ✓ | — | — | — |
| Extension marketplace | ✓ | ✓ | ✓ | — |
Reading the matrix. A "—" means "the capability isn't exposed on this surface", usually intentional. For example, pforge install only makes sense as a CLI command; WebSocket live events have no CLI representation (subscribe via REST + WS).
