Service boundary
Forge is a hosted generation product. It does not need direct access to a customer Teamcenter deployment to perform the current workflow, and it does not execute generated customer code in customer environments.
Security
Security overview
A quick trust scan for Forge as a hosted engineering product: service boundary, access model, customer-content handling, and customer responsibility.
Quick scan
- Authentication
- Magic-link sessions + API keys
- Generation boundary
- Server-side generation, no customer environment execution
- Customer content
- Prompts and output retained for service operation and support
- Billing
- Stripe-managed payment workflows
Access controls
Interactive access uses magic-link authentication and server-side sessions. Authenticated API access uses Bearer API keys. Protected routes validate access before returning workspace or generation data.
Content handling
Forge may store and review prompts and generated output as needed to deliver the service, support history and downloads, investigate failures, provide support, detect abuse or security issues, and improve reliability.
Customer responsibility
Forge generates source packages, not production approval. Customers remain responsible for review, build validation, deployment, and environment-specific testing.
Technical detail
Deeper operational notes
For the more detailed technical boundary document, including prompts and output handling, data received, and current service assumptions, see /docs/security.
Contact
Security questions
For disclosure requests or trust-review questions, contact support@plmnexus.com.
This page is an overview. It is intentionally shorter than the technical docs surface.