Proposal: Deconfig — Distributed Git Infrastructure with Durable Objects
Overview
Deconfig is a distributed Git infrastructure built on Cloudflare Durable Objects that provides realtime collaborative environments, multi-tenant isolation, and seamless synchronization with external Git services like GitHub and GitLab.
Architecture
Core Components
1. Control Plane
The control plane provides centralized orchestration for:
- Admin UI: Management interface for the entire system
- Auth/ACL: Policy enforcement and access control
- Tenant Manager: Multi-tenant lifecycle and provisioning
- Monitoring: Logs, metrics, and usage tracking across all components
2. Data Plane: Durable Objects Git Farm
Each Durable Object instance is a fully-functional Git server backed by SQLite:
- Horizontal Scalability: Infinite instances, each isolated
- Lightweight: SQLite provides fast, embedded storage
- Git-Native: Full Git protocol support (push, pull, clone, fetch)
- Submodule Support: Native Git submodule capabilities for hierarchical repo relationships
- Smart Routing: DO placement via shard keys ensures requests hit the correct instance
3. ENVIRONMENT (Realtime Client)
Each environment represents an isolated workspace with:
- Local Filesystem: Working directory for Git operations
- Realtime Collaboration: Powered by Yjs + WebSocket for live multi-user editing
- Multiple Client Types: Web editors, mobile apps, CI runners, bots
- Dual Mode Access: Can connect to DO Git servers OR external Git services
4. Multi-Tenant Hierarchy
Sponsors can create and manage child tenants with:
- Git Submodules: Code sharing between parent and child tenants
- Access Control: Sponsors control child tenant permissions
- Isolated Repos: Each tenant has dedicated Git repositories in the farm
Key Features
🔄 Bidirectional Sync with External Git
Durable Object Git servers can synchronize bidirectionally with external services:
- DO → GitHub/GitLab: Push local changes to external remotes
- GitHub/GitLab → DO: Clone/mirror external repos into DO Git servers
- Use Cases:
- Backup DO repos to GitHub
- Cache frequently-accessed GitHub repos in DO for faster access
- Hybrid workflows: develop in DO, deploy from GitHub
- Multi-cloud redundancy
⚡ Realtime Collaboration
- Live editing with Yjs CRDT
- WebSocket connections for instant sync
- Each editor maintains its own filesystem
- Changes can be committed individually or collaboratively
🔒 Security & Isolation
- Control plane enforces ACL policies across all layers
- Each DO instance is isolated
- Tenant-level access boundaries
- Observable via centralized monitoring
📦 Git Submodules for Multi-Tenancy
- Parent tenants can sponsor child tenants
- Shared code via Git submodules
- Hierarchical ownership model
- Independent versioning and updates
Implementation Benefits
- Edge-Native: Runs on Cloudflare's global network
- No Infrastructure Management: Durable Objects handle state automatically
- Infinite Scale: Each repo can be its own DO instance
- Git Protocol Compatible: Works with existing Git clients and tools
- Realtime UX: Collaborative editing without conflicts
- Flexible Topology: Hybrid local + remote Git workflows
Architecture Diagram
graph TB
subgraph CP["🎛️ Control Plane"]
AdminUI["Admin UI"]
Auth["Auth / ACL"]
TenantMgr["Tenant Manager"]
Monitor["📊 Monitoring<br/>(Logs, Metrics, Usage)"]
end
subgraph DP["💾 Data Plane: Durable Objects Git Farm"]
Router["🔀 Router<br/>DO Placement / Shard Key"]
DO1["DO: git-server-1<br/>🗄️ SQLite"]
DO2["DO: git-server-2<br/>🗄️ SQLite"]
DO3["DO: git-server-3<br/>🗄️ SQLite"]
DON["DO: git-server-N<br/>🗄️ SQLite"]
DO1 -..- DO2
DO2 -..- DO3
DO3 -..- DON
end
subgraph ENV["🌐 ENVIRONMENT (Realtime Client)"]
YJS["Yjs + WebSocket<br/>Realtime Collaboration"]
subgraph EnvA["Environment A"]
EditorA["Editor A"]
FSA["📁 FILESYSTEM"]
EditorA --- FSA
end
subgraph EnvB["Environment B"]
EditorB["Editor B (mobile)"]
FSB["📁 FILESYSTEM"]
EditorB --- FSB
end
subgraph EnvCI["Environment CI"]
CI["CI Runner"]
FSCI["📁 FILESYSTEM"]
CI --- FSCI
end
subgraph EnvBot["Environment Bot"]
Bot["Bot"]
FSBot["📁 FILESYSTEM"]
Bot --- FSBot
end
YJS --- EditorA
YJS --- EditorB
YJS --- CI
YJS --- Bot
end
subgraph Tenants["👥 Multi-Tenant Hierarchy"]
Sponsor["Tenant: Sponsor"]
ChildA["Child Tenant A"]
ChildB["Child Tenant B"]
Sponsor -->|git submodule| ChildA
Sponsor -->|git submodule| ChildB
end
subgraph ExtGit["☁️ External Git Services"]
GitHub["GitHub Repo"]
GitLab["GitLab Repo"]
Other["Other Git Remote"]
end
%% Control Plane connections
Auth -.->|policy enforcement| DP
Auth -.->|policy enforcement| ENV
Monitor -.->|observability| DP
Monitor -.->|observability| ENV
TenantMgr -.->|provisions| Tenants
%% Routing
Router -->|routes to correct instance| DO1
Router -->|routes to correct instance| DO2
Router -->|routes to correct instance| DON
%% Git operations with filesystem
FSA -->|git push / commit| DO1
DO1 -->|git clone / pull| FSA
FSB -->|git push / commit| DO2
FSCI -->|git operations| DO3
%% Bidirectional sync between DO Git and External Git
DO1 <-->|"🔄 sync<br/>(push/pull)"| GitHub
DO2 <-->|"🔄 sync<br/>(push/pull)"| GitHub
DO3 <-->|"🔄 sync<br/>(push/pull)"| GitLab
DON <-->|"🔄 sync<br/>(push/pull)"| Other
%% Environment can also directly access external git
ENV -->|direct access| ExtGit
%% Tenant to Git Farm
Tenants -.->|repos in| DP
classDef controlPlane fill:#e6d5f5,stroke:#8b5cf6,stroke-width:3px
classDef dataPlane fill:#dbeafe,stroke:#3b82f6,stroke-width:3px
classDef environment fill:#d1fae5,stroke:#10b981,stroke-width:3px
classDef tenants fill:#fed7aa,stroke:#f59e0b,stroke-width:3px
classDef filesystem fill:#fef3c7,stroke:#eab308,stroke-width:2px
classDef external fill:#f3f4f6,stroke:#6b7280,stroke-width:2px
class CP controlPlane
class DP dataPlane
class ENV,EnvA,EnvB,EnvCI,EnvBot environment
class Tenants tenants
class FSA,FSB,FSCI,FSBot filesystem
class ExtGit,GitHub,GitLab,Other external
Use Cases
1. Internal Development Platform
- Teams edit code in realtime environments
- Changes sync instantly via Yjs
- Commits push to DO Git servers
- Periodic sync to GitHub for external access
2. Multi-Tenant SaaS
- Each customer gets isolated tenant with dedicated repos
- Sponsors can provision child tenants with submodule access
- Centralized billing and access control
3. CI/CD Integration
- CI runners operate as environments with filesystems
- Clone from DO Git servers for fast access
- Can sync with external GitHub for deployment
4. Hybrid Cloud Strategy
- Primary repos in DO Git for speed and control
- Mirror to GitHub/GitLab for redundancy
- Use external Git for public-facing projects
Implementation Phases
Phase 1: Core Infrastructure
- Durable Object Git server implementation
- SQLite storage backend
- Basic Git protocol support (clone, push, pull)
- Router and DO placement logic
Phase 2: Control Plane
- Admin UI for tenant management
- Auth/ACL system with policy enforcement
- Monitoring and observability stack
Phase 3: Realtime Environments
- Yjs integration for CRDT-based collaboration
- WebSocket transport layer
- Filesystem abstraction per environment
- Multi-client support (web, mobile, CI)
Phase 4: External Git Sync
- Bidirectional sync with GitHub
- GitLab integration
- Generic Git remote support
- Conflict resolution strategies
Phase 5: Multi-Tenancy
- Tenant hierarchy (sponsor/child model)
- Git submodule support
- Access delegation and provisioning
- Usage tracking and billing hooks
Open Questions
- Conflict Resolution: How should conflicts be handled when syncing DO ↔ GitHub?
- Webhook Integration: Should external Git services trigger sync via webhooks?
- Storage Limits: What are the practical size limits for SQLite-backed repos?
- Migration Path: How can existing GitHub repos be migrated into Deconfig?
- Cost Model: How to price multi-tenant usage fairly?
Next Steps
- Validate technical feasibility of Git-over-SQLite in Durable Objects
- Prototype Yjs + WebSocket realtime editing
- Design ACL model for multi-tenant isolation
- Build proof-of-concept DO Git server with basic push/pull
- Document Git sync strategies and conflict resolution