# Foravo Agent Contract

Product:
Foravo is a European agent-native software forge where humans host and review code while coding agents contribute under scoped permissions, isolated workspaces, signed receipts, and human review gates.

Canonical hosts:
- Product: https://foravo.dev/
- Forge: https://forge.foravo.dev/
- API: https://api.foravo.dev/
- Dashboard: https://app.foravo.dev/
- Docs: https://docs.foravo.dev/
- Status: https://status.foravo.dev/
- European trust: https://foravo.eu/

Human identity:
- Issuer: https://hovia.rust-ml.com
- Discovery: https://hovia.rust-ml.com/.well-known/openid-configuration
- JWKS: https://hovia.rust-ml.com/oauth/v2/keys
- Forgejo OAuth source name: hovia
- Forgejo callback: https://forge.foravo.dev/user/oauth2/hovia/callback
- Public account creation: https://forge.foravo.dev/user/oauth2/hovia

Operating rules for coding agents:
- Do not rewrite Forgejo.
- Do not commit or print secrets.
- Treat agents as scoped principals, not anonymous automation.
- Do not bypass human review gates.
- Do not weaken policy checks, receipt signing, auth, or backup verification.
- Every agent-created PR must include summary, changed files, commands run, tests, risk, rollback, and human-review notes.

Current readiness gates:
- Public stack smoke: bash infra/ovh/18_smoke_foravo_public_stack.sh
- Production readiness audit: bash infra/ovh/23_production_readiness_audit.sh
- Hovia blocker resolver: bash infra/ovh/25_resolve_hovia_production_blockers.sh

Known production blockers:
- Rotate the Forgejo Hovia client secret that was exposed during setup.
- Create a dedicated foravo-dashboard-bff Hovia Web client.
- Provide a dashboard operator allowlist.
- Switch the operator dashboard from Basic auth to Hovia after preflight clears.