Features How It Works Builder Pricing FAQ Get Started
Identity Mutation Platform

Transform any identity.
In one atomic operation.

Reforge lets you rename, relocate, regroup, lock, unlock, and reshape user identities across your entire infrastructure — without downtime, without data loss, without fear.

Start Reforging Free See it in action ↓
Before
JD
jdoe
UID 1001
Home /home/jdoe
Shell /bin/sh
Group users
Comment John Doe
Status Active
After
JS
jsmith
UID 2050
Home /home/jsmith
Shell /bin/zsh
Group engineering
Comment Jane Smith — Staff Eng
Status Active
14
Mutation primitives
0 ms
Downtime per reforge
100%
File ownership sync
99.97%
Platform uptime
Capabilities

Every mutation primitive
your identity layer needs.

Reforge ships 14 purpose-built mutation operators. Each one is atomic, auditable, and reversible.

✏️

Identity Rebrand™

Rename any user login across your entire system in a single atomic operation. Old identity pointers gracefully redirect. Zero orphaned references.

reforge -l jsmith jdoe
🏠

Home Relocation Engine™

Move a user's home directory to any path with full content migration. File permissions, ACLs, and extended attributes — all preserved automatically.

reforge -d /home/jsmith -m jdoe
🐚

Environment Override™

Swap login shells instantly. Upgrade your team from legacy environments to modern toolchains without disrupting any active sessions.

reforge -s /bin/zsh jdoe
🎯

Primary Alignment™

Re-anchor any identity to a new primary group. All home directory file ownership updates cascade automatically. Zero manual cleanup.

reforge -g engineering jdoe
🔗

Multi-Cluster Assignment™

Assign identities to multiple supplementary groups in one pass. Additive mode preserves existing memberships — subtractive mode prunes surgically.

reforge -aG docker,sudo,dev jdoe
🔢

Core ID Rewrite™

Change the numerical user ID. All owned files in the home directory automatically re-map. The deepest identity mutation possible.

reforge -u 2050 jdoe
🔒

Identity Lock / Unlock™

Instantly freeze or thaw password-based access. Perfect for incident response, compliance holds, or offboarding workflows.

reforge -L jdoe

Lifecycle Control™

Set precise expiration dates and inactivity grace periods. Accounts sunset automatically — no cron jobs, no manual cleanup, no zombie identities.

reforge -e 2099-12-31 -f 30 jdoe
How It Works

Four steps to
identity transformation.

01

Select Identity

Choose the target user account from your identity registry. Reforge validates that no active processes are running under that identity.

02

Define Mutations

Stack any combination of mutations — rename, relocate, regroup, re-shell, rekey. Each mutation is validated against your identity schema before execution.

03

Execute Atomically

Reforge applies all mutations in a single transactional pass. System account files, home directories, and file ownerships update simultaneously.

04

Verify & Ship

Automatic post-mutation verification confirms every file, every permission, every group membership. Your reforged identity is production-ready.

Interactive

Mutation Builder™

Compose your transformation visually. Toggle mutations, set parameters, and watch your command assemble in real time.

reforge jdoe

Toggle options to compose your mutation. The command updates in real time.

Interactive

Group Manager™

Visually assign and remove users from supplementary groups. Click to toggle group membership.

Maya Krishnamurthy
jdoe
Primary: users
reforge -G users jdoe
Live Demo

See Reforge in action.

A complete identity transformation in three commands.

$ reforge -l jsmith -d /home/jsmith -m -s /bin/zsh jdoe

$ reforge -aG docker,sudo,engineering jsmith

$ reforge -c "Jane Smith — Staff Engineer" -e 2099-12-31 jsmith

$ id jsmith
uid=1001(jsmith) gid=100(users) groups=100(users),27(sudo),999(docker),1010(engineering)

$ grep jsmith /etc/passwd
jsmith:x:1001:100:Jane Smith — Staff Engineer:/home/jsmith:/bin/zsh
What People Are Saying

Trusted by identity teams
at the world's fastest companies.

"We used to have a six-step runbook for user renames. Reforge's Identity Rebrand™ reduced it to a single atomic operation. Our ops team literally cried."

Maria Kowalski
Maria Kowalski VP of Platform Engineering, ScaleForge

"The Group Manager alone is worth the subscription. I can rebalance supplementary group memberships across our entire org in the time it takes to brew coffee."

Rina Nakamura
Rina Nakamura CTO, InfraStack

"Lifecycle Control™ with auto-expiry eliminated our zombie account problem overnight. Compliance audits went from a week-long fire drill to a rubber stamp."

Sana Oyelaran
Sana Oyelaran Head of Security, DataMesh

"I reforged 400 user identities during a company-wide rebrand. Home directories, shells, group memberships — everything migrated flawlessly. This is an unlock."

Valeria Ortiz
Valeria Ortiz Solo DevOps Consultant
Pricing

Start free.
Scale without limits.

Every plan includes our core mutation engine. Upgrade to unlock the full identity transformation platform.

Starter
$0/mo
  • 1 mutation per command
  • Comment update only (-c)
  • 10 reforges / month
  • Community support
  • No UID rewrite
  • No group management
  • No lifecycle control
Get Started
Most Popular
Pro
$19/mo
  • Unlimited mutations per command
  • Identity Rebrand™ (-l)
  • Home Relocation + Migration (-d -m)
  • Shell & Group mutations
  • Lock / Unlock (-L -U)
  • Lifecycle Control™ (-e -f)
  • Unlimited reforges
Start Pro Trial
Team
$49/seat/mo
  • Everything in Pro
  • UID Rewrite (-u)
  • Non-unique UID mode (-o)
  • Mutation Builder™ access
  • Visual Group Manager
  • Audit logs + SSO
  • Batch reforge API
Start Team Trial
Enterprise
Custom
  • Everything in Team
  • SELinux Context Mapping (-Z)
  • Subordinate UID/GID ranges
  • Chroot mutation isolation
  • Dedicated identity architect
  • 99.99% SLA
  • Custom integrations
Contact Sales
FAQ

Frequently asked questions.

Can I stack multiple mutations in a single operation?

Absolutely. Reforge is built for composability. Rename, relocate home, change shell, update groups, and set expiry — all in one atomic pass. No intermediate states, no partial failures.

What happens to files owned by the user when I change their UID?

Reforge automatically re-maps ownership of all files in the user's home directory. Files outside the home directory require separate remediation — our Team plan includes a batch ownership scanner for this.

Can I lock an account without deleting it?

Yes. Identity Lock™ disables password authentication by prefixing the encrypted password hash. The account remains intact — all files, group memberships, and configurations are preserved. Unlock at any time with a single command.

Is Reforge safe to run on accounts with active sessions?

Reforge validates that no processes are currently running under the target identity before executing mutations. If active processes are detected, the operation is paused with a clear diagnostic.

Do you support SELinux environments?

Enterprise customers get full SELinux user mapping via our Security Context operator. Define SELinux user and MLS range bindings directly through Reforge — no manual semanage invocations required.

Why Reforge

The category-defining choice.

Capability Reforge Competitor A Competitor B
Atomic multi-mutation
Home directory migration Manual
Additive group append
UID rewrite + auto-remap Partial
Lifecycle auto-expiry
Identity Lock/Unlock
SELinux context mapping
Visual Mutation Builder

Backed by mandō

See mandō's portfolio →

Lyst Drift Locus Repliq Portage Voidal Scaffold Vøid Imprint Concat Stratum Folio Topline Tailstream Sieve Seekr Rewrite Trellis Sortable SINGULR Census Slice Morph FanOut Argonaut Reverb Formatik Epoch Solstice IDENT Signum Quorum Pulsar Overseer Terminus PURGE Dispatch Sotto Limelight Persist Vantage Canopy Attaché Détaché Tether Aegis CLAIMR Cohort Archivex Deflate Unravel ArcVault XTRAKT Conduit Fetch VaultLink Teleport DeltaSync Heartbeat Hopscotch Resolver Namesake Uplink CONNEX Callsign Milieu Propagate Sourcery Persona SEVER Chronicle Codex Relevance Resolv Nomenclature MAGIQ Intrinsic Diverge Patchwork VIGIL Breeze Cadence Kronos Atelier SUPRA Mandate Turnkey Accession AFFIRMATIV Reforge Collective PipeForge Netweave Panoptik Substrate Repose Verity FAULTR Provenance Chrono