GitForge

GitForge is a multi-tenant Git hosting platform built for teams that work with both code and large binary assets. It stores git objects in Cloudflare R2 instead of the local filesystem, making the server layer stateless and horizontally scalable. It speaks the standard Git Smart HTTP protocol and Git LFS protocol, so existing git clients work without modification.

Features

Git Hosting

• Smart HTTP transport (clone, push, fetch) with Protocol V1 and V2 support
• SSH transport with key-based and PAT-based authentication
• Git LFS for large file storage, backed by Cloudflare R2/S3
• TUS resumable uploads for large file transfers
• Thin pack support with delta encoding for efficient incremental pushes
• Shallow clone support for faster CI/CD checkouts
• Repository mirroring for external repository sync

Collaboration

• Pull requests with reviews, status checks, and merge enforcement
• Code review with inline comments, review requests, and approval workflows
• Issues with labels, milestones, and assignees
• Discussions for threaded conversations
• Wiki pages with revision history
• Project boards with columns and cards (Kanban-style)
• Reactions on issues, comments, and discussions
• Notifications with per-user preference controls

Security and Access Control

• Role-based access control with path-level and branch-level granularity
• Custom roles with fine-grained permission bitmasks
• Branch protection rules (require PR, approvals, linear history, force push control)
• Path-level ACLs with glob pattern matching
• Protected tags with push restrictions
• Asset locking with heartbeat-based expiry and push enforcement
• IP allowlists per tenant
• 9-step push enforcement pipeline (ref permissions, branch rules, path rules, LFS integrity, lock checks, plan limits, commit graph validation)

Authentication

• Email/password with TOTP two-factor authentication
• OAuth providers (GitHub, Google, GitLab)
• SSO via SAML and OIDC
• SCIM user provisioning
• Passkey/WebAuthn support
• Personal access tokens (PATs)
• SSH keys and deploy keys
• App tokens (installation-scoped, short-lived)

CI/CD Pipelines

• YAML-defined pipelines with multi-step execution
• Approval gates for controlled deployments
• Pipeline environments with promotion rules
• Pipeline secrets (encrypted at rest)
• Pipeline artifacts stored in S3
• Commit status checks with merge enforcement

Sandbox Workspaces

• Isolated execution environments powered by containerd + runc
• OCI container hardening (non-root, read-only rootfs, seccomp, cgroups v2)
• SSH gateway for terminal access to sandboxes
• WebSocket PTY for browser-based terminal sessions
• Preview URLs with automatic port forwarding via Caddy reverse proxy
• Git workspace hydration with automatic dependency installation
• In-sandbox commits for editing directly in the workspace
• File upload/download for sandbox file management
• Idle timeout and auto-reaper with crash recovery
• Plan-based quotas for CPU, memory, and concurrent sandboxes

Agentic Platform

• Model Context Protocol (MCP) server with 15+ tools for AI-assisted repository operations
• App platform with OAuth apps and installation-scoped tokens
• Webhook delivery with retry and delivery tracking
• Event-driven architecture with outbox pattern and SSE streaming
• Edit sessions for structured multi-file changes

Storage

• Pluggable storage backends (S3/R2, SFTP, local filesystem)
• Presigned URL generation for direct uploads/downloads
• Multipart upload support for large objects
• Storage tiering (e.g., S3 Glacier)
• Three-tier caching (Redis L1, S3 L2, golden pack cache L3)
• Asset manifests with cached generation
• Asset type registry for diff viewers

Multi-Tenant Platform

• Per-tenant isolation across all data
• Plan-based limits for storage, seats, repos, pipeline minutes, and sandboxes
• Custom plans and contract billing
• Stripe integration with usage metering and invoicing
• Audit logging for compliance and traceability
• Team management with team-scoped permissions

Web UI

• Next.js 15 frontend with Tailwind CSS
• Repository browsing with file tree navigation
• Pull request management with diff viewer
• Issue tracking and project boards
• User and organization settings
• Admin dashboard with billing management

Desktop Client

• Electron app for macOS and Windows
• Local asset caching and selective sync
• Clone wizard for easy repository setup
• LFS prefetch for large files

Developer Tools

• LSP server for editor integration
• Repository indexing for fast code search
• Change tracking for incremental operations

Open Source Assets

• TypeScript SDK https://github.com/Nu11ified/gitforge-ts-sdk
• Python SDK https://github.com/Nu11ified/gitforge-py-sdk
• Go SDK https://github.com/Nu11ified/gitforge-go-sdk
• GitForge CLI https://github.com/Nu11ified/gitforge-cli

Architecture

• Backend: Bun HTTP server (API + Worker)
• Sandbox Controller: Go service with containerd (isolated workspaces)
• SSH Gateway: Go service (SSH transport + sandbox access)
• Storage: Cloudflare R2 / S3 / MinIO (git objects, LFS objects, pipeline artifacts)
• Database: PostgreSQL 16 (48+ tables via Drizzle ORM)
• Cache: Redis 7 (L1 cache, rate limiting, pub/sub, distributed locks)
• Web: Next.js 15 with Tailwind CSS
• Desktop: Electron with local caching
• Reverse Proxy: Caddy (sandbox preview URLs)

Installation

GitForge is closed source. This repository is for issue tracking, feature requests, and release downloads.

Hosted instances and self-hosted deployment options will be documented here as they become available.

Reporting Issues

If you run into a bug or have a feature request, please open an issue.

When reporting a bug, include:

• What you were trying to do
• What happened instead
• Steps to reproduce, if possible
• Any relevant error messages or logs

License

Proprietary. All rights reserved.