Skip to main content

Self-hosted git · single-tenant · Cloudflare edge

Your own source control.
Not shared with millions.

jesternet is a smart-HTTP git forge that runs on YOUR Cloudflare account. Your code — and everything your agents push — lands in your R2 and your D1. It's never a training corpus, because the bytes never leave infrastructure you own.

Push with any git client. Sign in through Google OAuth or Cloudflare Access — your team, your identity provider. Agents push with repo-scoped tokens, audited per use.

Sign in View source — audit the claims
Push protocol
smart-HTTP v1
Fetch protocol
smart-HTTP v2
Object storage
your R2
Refs + audit
your D1

What you get

Your code

Pushed into your R2 and your D1

Standard smart-HTTP push + clone over any git client. Receive-pack writes git objects to YOUR Cloudflare R2 bucket and refs to YOUR Cloudflare D1, on YOUR Cloudflare account. No third party sees a byte. No "we promise not to look" — they literally cannot.

Never a training corpus

Agents push without feeding a model

If you drive coding agents, every commit they make is your code being written by a model. On a forge you own, that code lands somewhere that is not a training set. The agent-driven workflow and the no-training guarantee are the same motion — running on a forge you control closes the loop.

Two doors, one access list

Sign-in for humans, tokens for agents

Google OAuth or Cloudflare Access gates the UI — whichever you wire in is the door for your team. Agents push with repo-scoped personal access tokens: one token per repo, scoped to one repo, audited per use. Different doors, same access list — the users table is the single source of truth, and granting access is an admin INSERT, not a side-effect of someone signing in once.

Two doors, one access list

Humans: OAuth or Cloudflare Access

Sign in through Google OAuth (jesternet runs the flow) or Cloudflare Access (your identity provider gates the worker at the edge). Either or both — set the OAuth client details for the in-app flow, or set CF_ACCESS_TEAM_DOMAIN and put the worker behind an Access policy. Your team signs in against your IdP, not a hosted account system.

Strict lookup: a verified email must already exist in the users table. No auto-provision — granting access is an admin INSERT, never a side effect of sign-in.

Agents: repo-scoped tokens

Agents don't use OAuth. Issue a personal access token in /settings/tokens, bound to one repo. Hand it to your agent; its commits land on a forge you own — recorded in the audit log with IP and user-agent, scoped to that one repo, never feeding a model.

A leaked CI token reaches one repo, not your whole namespace. Revoke from the same UI; every use is logged.

Push in 30 seconds 

# Sign in (human), issue a repo-scoped token (agent)
git push https://x:$TOKEN@jesternet.dev/git/you/repo.git main

# Objects land in YOUR R2 bucket. Refs land in YOUR D1.
# Audit log records who, when, from where. The UI updates immediately.