A Go framework for content-driven applications. Zero runtime dependencies. AI-native by default.
Module path changed. The Go module path has been renamed from
forge-cms.dev/forgetosmeldr.dev/coreas part of the Smeldr rebrand. Thepkg.go.dev/forge-cms.dev/forgedocumentation is no longer updated. Usego get smeldr.dev/corefor all new and existing projects.
v1.25.0 — stable. Public APIs are intended to be stable within v1. Breaking changes may still occur in Phase 2 where the architecture demands it. See the stability map below. See CHANGELOG.md.
Status: Phase 2 — active production dogfooding. Forge powers smeldr.dev and is under active development. The core architecture is in place; APIs may still evolve as dogfooding reveals better shapes. Use it today if you are comfortable following changes. The stability map below shows which areas are settled and which are still moving.
Stability map
| Tier | Areas |
|---|---|
| Stable | Content lifecycle, module routing, MemoryRepo, SEO / feed / AI index endpoints, auth |
| Dogfooding | SQLRepo, webhooks, audit trail, token management |
| Experimental | forge-social, forge-agent, some MCP write workflows |
Breaking changes are documented in CHANGELOG.md.
git clone https://github.com/forge-cms/forge
cd example/blog
go run .
# open http://localhost:8080Content
- Full CRUD — create, update, publish, archive, and delete through a single
Module[T] - Draft-safe lifecycle — drafts return 404 to guests; only Published content is visible
- Draft preview — share a signed
?preview=<token>URL to let reviewers see a draft without logging in - Scheduled publishing — set a future
ScheduledAt; Forge transitions to Published automatically - Content negotiation — one endpoint serves JSON, HTML, or Markdown based on
Accept
Auth & security
- Role-based auth — Guest → Author → Editor → Admin enforced per-module, per-operation
- Cookie compliance —
/.well-known/cookies.jsondeclares cookie categories for GDPR tooling - Security headers — CSP, HSTS, X-Frame-Options wired in one middleware call
Discovery
- Structured data (JSON-LD) — Article, Product, FAQ, and more emitted in every page
<head> - Event-driven sitemap — regenerated on publish, update, and delete; no cron job required
- Open Graph — og:title, og:description, og:image meta tags for social link previews
- Twitter Cards — twitter: meta tags with summary and summary_large_image support
- RSS feed — per-module feed at
/{prefix}/feed.xmlplus a global aggregate at/feed.xml
AI-native
- AI indexing —
/llms.txtcompact index,/llms-full.txtMarkdown corpus, and per-item/aidocendpoints - MCP integration — connect AI agents to read and write content via the Model Context Protocol
Infrastructure
- Graceful shutdown — drains in-flight requests before exiting on SIGINT/SIGTERM
| Forge | Echo | Gin | Chi | |
|---|---|---|---|---|
| Zero runtime dependencies¹ | ✓ | ✗ | ✗ | ~ |
| Content lifecycle built-in | ✓ | ✗ | ✗ | ✗ |
| Draft-safe by default | ✓ | ✗ | ✗ | ✗ |
| SEO + structured data | ✓ | ✗ | ✗ | ✗ |
| AI indexing (llms.txt + AIDoc) | ✓ | ✗ | ✗ | ✗ |
| Cookie compliance built-in | ✓ | ✗ | ✗ | ✗ |
| Social sharing built-in | ✓ | ✗ | ✗ | ✗ |
| Role hierarchy built-in | ✓ | ✗ | ✗ | ✗ |
¹ The test suite uses
modernc.org/sqlitefor in-process SQL integration tests. There are no runtime dependencies in the core package.
go get smeldr.dev/coreRequires Go 1.26+. No other dependencies.
Define a content type, wire it, run it.
package main
import (
"log"
"smeldr.dev/core"
)
type Post struct {
forge.Node
Title string `forge:"required,min=3" json:"title"`
Body string `forge:"required" json:"body"`
}
func (p *Post) Head() forge.Head {
return forge.Head{
Title: p.Title,
Description: forge.Excerpt(p.Body, 160),
}
}
func (p *Post) Markdown() string { return p.Body }
func main() {
repo := forge.NewMemoryRepo[*Post]()
m := forge.NewModule((*Post)(nil), // nil pointer — type parameter inferred, no allocation
forge.At("/posts"),
forge.Repo(repo),
forge.Auth(forge.Read(forge.Guest), forge.Write(forge.Author)),
)
app := forge.New(forge.MustConfig(forge.Config{
BaseURL: "http://localhost:8080",
Secret: []byte("change-this-secret-in-production"),
}))
app.Content(m)
if err := app.Run(":8080"); err != nil {
log.Fatal(err)
}
}Routes: GET /posts, GET /posts/{slug}, POST /posts, PUT /posts/{slug},
DELETE /posts/{slug}, GET /sitemap.xml. Draft posts return 404 for guests.
Same content type. Add options — each line unlocks a production feature.
m := forge.NewModule((*Post)(nil),
forge.At("/posts"),
forge.Repo(forge.NewMemoryRepo[*Post]()),
forge.Auth(forge.Read(forge.Guest), forge.Write(forge.Author)),
forge.SitemapConfig{ChangeFreq: forge.Weekly, Priority: 0.8}, // /posts/sitemap.xml
forge.Social(forge.OpenGraph, forge.TwitterCard), // og: and twitter: meta tags
forge.AIIndex(forge.LLMsTxt, forge.LLMsTxtFull, forge.AIDoc), // /llms.txt + /posts/{slug}/aidoc
forge.Feed(forge.FeedConfig{Title: "My Blog"}), // /posts/feed.xml + /feed.xml
forge.Templates("templates/posts"), // HTML at Accept: text/html
forge.On(forge.AfterPublish, func(_ forge.Context, p *Post) error {
log.Printf("published: %s", p.Slug) // fires on publish and scheduled→Published
return nil
}),
)Three runnable examples are in example/:
- example/blog — devlog with seeded posts, RSS, AI indexing, and scheduled publishing
- example/api — headless JSON API with role-based auth and a redirect manifest
- example/docs — documentation site with AI indexing,
/llms.txt, and AIDoc endpoints
Each runs with: cd example/blog && go run .
Full API reference: REFERENCE.md
Web docs: smeldr.dev/docs
For full token management reference (create, list, revoke) see REFERENCE.md — Token management.
For draft preview tokens see REFERENCE.md — Draft preview.
AGPL v3 — free for individuals, open source projects, and companies building their own sites. A commercial license will be available for organisations running Forge as a hosted service. See COMMERCIAL.md.