fixpointforge.report

FORGE collects anonymized structural metadata to improve the algorithm for everyone.

Fixpoint Output Repair for Generative Engines is a structural self-correction framework for LLM-based systems. When repair loops fail, FORGE can optionally report anonymized failure metadata — never content — to help the project improve for every user and every deployment.

What is this domain?

fixpointforge.report is the dedicated transparency and privacy hub for FORGE's anonymous structural telemetry system. When telemetry upload is enabled, FORGE deployments send anonymized failure metadata here via HTTPS POST. This site explains exactly what is collected, how it is anonymized, how data is stored and eventually deleted, and how you can opt out at any time with a single environment variable.

What is FORGE?

FORGE is a fixpoint-based output repair framework for generative AI systems. It applies iterative correction lanes to LLM outputs until they converge to a structurally valid, self-consistent state — or it detects that convergence cannot be reached and terminates the loop gracefully.

The fixpoint repair process works by running a pipeline of typed "lanes" — structural validators, schema enforcers, format normalizers, and content-aware repair operators — in a loop. Each iteration takes the previous output, runs it through all active lanes, and checks whether the result has converged (i.e., whether the output is unchanged from the previous iteration). If it has, the repair is complete. If not, the loop continues.

When a repair loop fails — whether from oscillation (cyclic outputs), budget exhaustion, maximum iteration limits, lane errors, or parse failures — FORGE can optionally construct and transmit an anonymized FailureRecord describing the structural characteristics of that failure. This data enables pattern analysis across the entire FORGE user base, driving targeted improvements to lane ordering, convergence heuristics, default budgets, and failure detection algorithms.

Privacy by design

The telemetry system is built on a non-negotiable principle: no content is ever transmitted. Every field in the telemetry record describes the structure and behavior of the repair system — never the actual content being processed. No raw content, file paths, IP addresses, user identities, emails, credentials, API keys, or organization names are collected under any circumstances.

This is enforced by design, not by policy. The telemetry code physically does not have access to content data — it only receives pre-computed structural metadata from the repair engine.

Explore This Site

Dive into the details of how FORGE handles telemetry data — or confirm that it doesn't collect any personal data at all.

🔒

Privacy Policy

Comprehensive, field-by-field breakdown of every data point in a FailureRecord. Explicit list of what is never collected. Anonymization techniques (SimHash, bucketing, opaque IDs), storage architecture, retention schedule, GDPR/CCPA analysis, and opt-out instructions.

Read the full policy → 📊

Transparency Report

End-to-end data flow from deployment to public report. How failure data is clustered, ranked, and turned into reproducibility specs. What gets published, what gets deleted, and the audit trail linking to the open-source codebase.

View the full report →

Telemetry at a Glance

A quick summary of the FORGE telemetry system's design, operation, and guarantees:

Property Detail
Opt-in or opt-out? Opt-out — enabled by default but easily disabled with a single environment variable or config key
What is sent? Structural metadata only: shapes, counts, failure classes, bucketed sizes, hashed identifiers, SimHash fingerprints
Any content? Never. No prompts, outputs, diffs, code, or file contents of any kind are transmitted.
Any personal data? None. No IP addresses, usernames, email addresses, API keys, or organization names.
Transport HTTPS POST to https://telemetry.fixpointforge.report/v1/ingest via a Cloudflare Worker
Storage Cloudflare R2 (private bucket, encrypted at rest, maintainer-only access)
Retention 90 days for individual records; then aggregated into cluster summaries and permanently deleted
Public disclosure Aggregated cluster summaries published in the FORGE repository for community review

What a FailureRecord Contains

Each telemetry record contains exactly the following fields — no more, no less. This schema is enforced at the code level; additional fields cannot be added without a code change that would be visible in the commit history. For detailed descriptions of each field, see the Privacy Policy.

FailureRecord schema 
record_id             UUID       # random, not linked to any identity
timestamp             epoch      # rounded to the nearest hour boundary
forge_version         string     # semver of the FORGE library (e.g. "0.4.1")
deployment_id         hex        # opaque SHA-256 hash (hostname + PID)
content_type          enum       # "diff" | "json" | "text" | "code" | "structured"
content_length_bucket enum       # "tiny" | "small" | "medium" | "large"
structural_shape      dict       # abstract schema description, no actual values
failure_class         enum       # "oscillation" | "budget_exceeded" | "max_iterations" | ...
lanes_executed        string[]   # names of repair lanes that ran
lanes_failed          string[]   # names of repair lanes that errored
lane_state_transitions string[]  # state machine transitions observed
iteration_count       integer    # total fixpoint iterations attempted
oscillation_detected  boolean    # was a cyclic pattern detected?
fingerprint           hex        # SimHash of structural features (never content)

What is Never Collected

These categories of data are explicitly excluded from FORGE telemetry — by design, not merely by policy. The telemetry subsystem physically cannot access them because content data is never passed to the record construction code.

  • Raw content of any kind — no diffs, patches, JSON documents, text bodies, or code snippets
  • LLM prompts and outputs — no system prompts, user messages, completions, or conversation history
  • File paths or filenames — nothing from your local filesystem or repository
  • IP addresses — the Cloudflare Worker receiving telemetry does not log source IPs
  • User identities — no usernames, email addresses, GitHub handles, or account information
  • Credentials — no API keys, tokens, secrets, passwords, or auth headers
  • Organization names — no company, team, project, or repository identifiers
  • Environment variables — no env var names or values (except the opt-out flag status)
  • Exact content lengths — byte counts are replaced with coarse buckets (tiny/small/medium/large)
  • Exact timestamps — times are rounded to the nearest hour to prevent timing correlation

How to Opt Out

Disable telemetry upload at any time using either method below. Both take effect immediately — no restart is required in most configurations. When disabled, FORGE will not make any network requests related to telemetry.

Option 1 — Environment Variable

Set the following in your shell profile, CI environment, or container configuration:

export FORGE_TELEMETRY_UPLOAD_ENABLED=false

This takes precedence over all configuration file settings.

Option 2 — Configuration File

Add or update the following key in your forge_config.yaml:

telemetry_upload_enabled: false

The configuration file is typically located at ./forge_config.yaml or ~/.config/forge/forge_config.yaml.

Verifying opt-out

Run FORGE with verbose logging enabled. When telemetry is disabled, a log line reading [telemetry] upload disabled will appear at startup. If you do not see this line, telemetry upload is still active.

Data Flow Overview

From failure detection to improvement — every step of the telemetry pipeline at a glance. For detailed explanations of each stage, see the Transparency Report.

🖥️
Deployment
FailureRecord constructed in memory
☁️
Worker
HTTPS POST validated, no IP logged
🗄️
R2 Storage
Encrypted at rest, 90-day TTL
🔬
Analyzer
SimHash clustering & ranking
📄
Public Report
Aggregate summaries only

Open Source

The entire telemetry system — data collection, record construction, worker endpoint, and analysis tooling — is open source. You can audit every line of code that touches telemetry data. We believe verifiable privacy is more trustworthy than promised privacy.

📁

forge/telemetry/

FailureRecord schema, SimHash fingerprinting, upload client, opt-out handling, worker endpoint, and the full analysis pipeline. Everything needed to verify our claims independently.

View on GitHub → 🔥

FORGE Repository

The full FORGE project: fixpoint repair lanes, structural validators, schema enforcers, convergence engine, configuration system, and documentation.

View on GitHub →

Questions or Concerns?

We believe transparency builds trust. If you have questions about FORGE telemetry, want to report a concern, or need to discuss a specific deployment scenario, there are several ways to reach the maintainers:

  • Issue tracker — Open an issue at github.com/RainTechRepos/FORGE/issues for questions, bug reports, or feature requests related to telemetry
  • Source code — Review the telemetry implementation at forge/telemetry/ to verify exactly what is collected and transmitted
  • Privacy Policy — Read the full privacy policy for field-by-field details, anonymization methods, and legal basis
  • Transparency Report — Read the transparency report for the complete data lifecycle, from collection to public disclosure
Contact placeholder

A dedicated contact email for privacy inquiries will be published here when FORGE reaches public release. In the meantime, the GitHub issue tracker is the primary channel for all telemetry-related questions.