Forge better Rust, automatically.
Ferrous Forge is an opinionated, aggressive Rust development standards enforcer. Unlike other tools that suggest fixes or warn about issues, Forge physically prevents non-compliant code from being committed, pushed, or published.
Rust development has a consistency problem:
- LLM agents routinely "workaround" lint rules to fix compile errors
- Teams struggle to enforce standards across multiple projects
- CI/CD catches issues too late in the development cycle
- Junior developers don't know what "good" Rust looks like
- Code reviews become nit-picky debates about style instead of architecture Traditional solutions (clippy, rustfmt, CI checks) are permissive by default. They warn, suggest, and allow overrides. This permissiveness creates drift—small compromises that accumulate into technical debt.
Ferrous Forge takes the opposite approach: aggressive enforcement with escape hatches.
# Agent tries to change edition to fix compile error
$ sed -i 's/edition = "2024"/edition = "2021"/' Cargo.toml
# Ferrous Forge detects this and blocks the change!
# Agent must explicitly unlock with justification
$ ferrous-forge config unlock edition --reason="Upgrading dependency that requires 2021"
# This is logged and requires human awareness
# Publishing blocked if validation fails
$ cargo publish
# 🛡️ Ferrous Forge validation failed - publish blocked!
# Run 'ferrous-forge validate' to see issues
# Must explicitly bypass with justification
$ ferrous-forge safety bypass --stage=publish --reason="Emergency security patch"Forge sets up clippy, rustfmt, and lints optimally from project creation. No configuration needed—professional-grade standards out of the box. Current State: ✅ Implemented
- 7 built-in templates (CLI, library, WASM, embedded, web-service, plugin, workspace)
- Automatic injection of
[lints]blocks into Cargo.toml - Pre-configured rustfmt.toml and clippy.toml
- VS Code settings for optimal Rust development
Critical settings (edition, rust-version) are immutable without explicit justification. Prevents "temporary" downgrades that become permanent. Current State: ✅ Implemented
- Hierarchical locking: System → User → Project levels
ferrous-forge config lock <key> --reason="..."ferrous-forge config unlock <key> --reason="..."- Full audit trail of all lock/unlock operations
- Lock validation before any config changes
Blocks git operations and cargo publish by default when checks fail. Safety is opt-out, not opt-in. Current State: ✅ Implemented
- Pre-commit hooks block commits with violations
- Pre-push hooks block pushes with test failures
- Cargo publish interception with validation
- All hooks respect bypass status
Designed specifically to prevent LLM agents from "workaround-ing" standards. Every bypass requires explicit command with justification and audit logging. Current State: ✅ Implemented
ferrous-forge safety bypass --stage=pre-commit --reason="..."- 24-hour bypass duration by default
- Complete audit log with user, timestamp, and reason
- Hooks check bypass status before allowing operations
Bypass available but requires explicit command with audit logging. No silent overrides, no environment variables that disable everything. Current State: ✅ Implemented
ferrous-forge safety bypasswith mandatory--reasonferrous-forge safety auditto view all bypasses- Configurable bypass duration
- Team-wide visibility of all bypasses
┌─────────────────────────────────────────────────────────────────────────┐
│ CONFIGURATION HIERARCHY │
├─────────────────────────────────────────────────────────────────────────┤
│ System: /etc/ferrous-forge/config.toml (Organization-wide) │
│ User: ~/.config/ferrous-forge/config.toml (Personal defaults) │
│ Project: ./.ferrous-forge/config.toml (Team-agreed standards) │
│ │
│ Locks are inherited: Project locks override User locks │
└─────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ SAFETY PIPELINE │
├─────────────────────────────────────────────────────────────────────────┤
│ Pre-Commit: Format → Clippy → Validation → BLOCK if failed │
│ Pre-Push: Tests → Security Audit → Full Validation → BLOCK if failed │
│ Publish: Validation → Dry-run → BLOCK if failed │
│ │
│ Bypass: ferrous-forge safety bypass --stage=X --reason="..." │
│ Audit: ferrous-forge safety audit │
└─────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────┐
│ TOOLCHAIN MANAGEMENT │
├─────────────────────────────────────────────────────────────────────────┤
│ Rustup Integration: ferrous-forge rust update │
│ Version Enforcement: Locked rust-version compliance │
│ Edition Management: ferrous-forge edition migrate │
│ Release Tracking: GitHub API integration with security advisories │
└─────────────────────────────────────────────────────────────────────────┘
- ✅ Zero code published to crates.io that fails validation
- ✅ Zero commits to main that bypass safety checks without audit trail
- ✅ 100% enforcement of locked configuration values
- ✅ Package manager availability (Homebrew, AUR, Nix, Chocolatey)
- ✅ Team config sharing via export/import
- ✅ LLM agents using Forge as guardrails
- ✅ Consistent standards across all Forge-managed projects
- ✅ Reduced "creative workarounds" by AI agents
- ✅ Clear audit trail of all bypasses
Version: 1.7.6 | Status: Aggressive Enforcement System Complete
- T015: Config Locking System
- T016: Cargo Publish Interception & Blocking
- T017: Mandatory Safety Pipeline Hooks
- T019: Complete Safety Pipeline CLI
- T018: Hierarchical Configuration with Sharing
- T020: Rustup Integration & Toolchain Management
- T021: Template Repository System
- T022: VS Code Extension for Real-time Validation
- T023: Package Manager Distribution
- T024: GitHub API Integration for Release Tracking
We believe it's better to be overly strict and have developers explicitly opt-out than to be permissive and let quality slip. Every opt-out is logged and visible.
Catch issues at commit time, not CI time. The feedback loop is tighter, and the cost of fixing is lower.
No magic environment variables. No hidden config files. Every bypass requires an explicit command with a reason.
Configuration is hierarchical so organizations can set standards. Individual preferences are fine, but team standards take precedence.
Documentation is auto-generated from code. README is synced from lib.rs. No drift between code and docs.
- Enforce organization-wide standards
- Audit trail of all configuration changes
- Zero-configuration onboarding for new team members
- Never worry about style debates again
- Automatic setup for new projects
- Consistent tooling across all your Rust projects
- Hierarchical configuration for organization standards
- Git hooks prevent bad code from entering CI/CD
- Package manager distribution for easy adoption
- Clear boundaries: "These settings are locked, find another way"
- Audit trail of all workarounds attempted
- Guided fixes instead of silent violations
While the core aggressive enforcement system is complete, we continue to evolve:
- Real-time IDE Integration: VS Code extension with inline diagnostics
- Custom Lint Rules: Dylint integration for organization-specific rules
- Metrics Dashboard: Historical trend analysis and team analytics
- Web Dashboard: Multi-project overview and team collaboration
Ferrous Forge is not just another linting tool. It's a quality gatekeeper that sits between your code and your repository, ensuring that only code meeting professional-grade standards makes it to production. Like a blacksmith forges iron into steel, Ferrous Forge shapes your Rust code into perfection.
Forge better Rust, automatically. 🔨