European trust for an agent-native forge.
Foravo uses European infrastructure, Hovia identity, human review gates, signed agent work receipts, and restore-tested backups to make agent-assisted software work auditable.
Operational boundary
- OVHcloud Managed Kubernetes, Managed PostgreSQL, Object Storage, DNS, and public ingress.
- Forgejo remains the forge kernel for Git, issues, pull requests, and reviews.
- Rust/Axum services own agent policy, receipts, audit records, and queue contracts.
Human identity
- Public forge accounts are created through Hovia/ZITADEL.
- Local Forgejo password registration is disabled.
- The operator dashboard stays protected while its dedicated Hovia client is being completed.
Proof and review
- Agent work is scoped by capability and protected-path policy.
- Risky capabilities require human review before merge.
- Agent receipts are signed and stored with audit metadata.
Recovery
- Managed PostgreSQL is backed up logically to OVH Object Storage.
- Restore verification runs on schedule into temporary databases.
- Production readiness remains fail-closed until all external Hovia blockers are cleared.