Solutions / Platform Engineering

API-first Git hosting for platform teams

Every Git operation is an API call. SDKs in TypeScript, Python, and Go. Path-level RBAC for monorepo team boundaries. BYO S3 storage for data custody. SSO, SCIM, and audit logging for enterprise compliance. A stateless architecture that scales horizontally.

Start Free Explore the API

Features

Infrastructure for internal developer platforms

Every Git operation available as an API call

SDKs for TypeScript, Python, and Go

CLI tool for CI pipelines and automation scripts

Webhooks with HMAC signing and replay protection

Path-level RBAC with glob patterns

BYO storage — S3, R2, GCS, or MinIO

SSO (SAML/OIDC) and SCIM user provisioning

Audit logging with up to 365-day retention

Repository mirroring from GitHub and GitLab

Stateless architecture — S3 + Postgres + Redis

Branch protection with configurable rules

CI/CD pipelines with YAML configuration

Capabilities

Git as programmable infrastructure

Platform teams need Git hosting they can automate, integrate, and control. GitForge provides the APIs, SDKs, and access controls to build internal tooling on top of Git without fighting the hosting layer.

API-first design

Create repos, commit files, create branches, merge, manage tags, configure webhooks — all through HTTP API calls. Every operation that works in the UI works through the API. Build internal developer platforms, scaffolding tools, and automation on top of standard REST endpoints.

SDKs and CLI

Typed SDK clients for TypeScript, Python, and Go with builder patterns, automatic pagination, and structured error handling. The @gitforge/cli wraps the SDK for shell scripts, CI pipelines, and developer machine setup.

Path-level RBAC

Team A owns services/auth/**. Team B owns services/payments/**. Glob-pattern permissions enforce team boundaries at the file path level, not just the repo level. One monorepo, many teams, clear ownership.

Webhooks with signing

Push, pull request, branch, and tag events fire webhooks to your endpoints. HMAC-SHA256 signing and replay protection are built in. Trigger deployment pipelines, Slack notifications, metrics collection, or any custom workflow.

BYO storage and stateless architecture

All Git objects are stored in S3-compatible storage. The server layer is stateless — no shared filesystem, no NFS mounts. Scale horizontally by adding instances. On the Custom plan, connect your own S3 bucket for data residency and cost control.

SSO, SCIM, and audit logging

SAML and OIDC single sign-on on Pro plans. SCIM auto-provisioning from Okta, Azure AD, and other identity providers on Enterprise. Full audit trail of every operation — 90-day retention on Pro, 365 days on Enterprise.

How It Works

Building an internal developer platform on GitForge

1. Create project templates via API

Your platform team defines project templates — each template creates a repo, configures branch rules (require PR, require approvals, linear history), and sets up path-level RBAC. All through the SDK, no manual setup.

2. CI scaffolds new services using the SDK

When a team requests a new service, automation commits the initial files (Dockerfile, CI config, README, service boilerplate) using the Direct Commit API and configures webhooks for deployment pipelines.

3. Developers push via standard Git

Developers use git push as usual. Path-level RBAC enforces team boundaries at push time. Branch protection ensures PRs are reviewed before merging. No change to the developer workflow.

4. Webhooks trigger downstream pipelines

Push and merge events fire webhooks to your deployment system, Slack, metrics collector, or any other service. HMAC-signed payloads with replay protection. Build a complete developer workflow from Git events.

Architecture

Stateless by design

GitForge stores all Git objects in S3-compatible storage, metadata in Postgres, and cache in Redis. The API server is completely stateless. No shared filesystem. No NFS. Scale by adding instances behind a load balancer.

Git objectsS3 / R2 / MinIO

MetadataPostgreSQL

L1 cacheRedis

Full clone cacheGolden packs (S3)

API serverStateless (Bun + Hono)

Who It Is For

Teams that treat Git as infrastructure

Platform teams building internal developer portals

Automate repo creation, branch rules, RBAC, and webhook configuration through the API. Every new project gets consistent setup without manual work.

DevEx teams automating onboarding

Scaffold new services using the SDK. Commit initial files, configure CI, set up webhooks — all programmatically. New developers start with a working repo in minutes.

Infrastructure teams needing data custody

BYO storage keeps all Git data in your own S3 bucket. Combined with SSO, SCIM, and audit logging, you maintain full control over access, data residency, and compliance.

Companies building products on top of Git

Use GitForge as the Git backend for your product. The API covers repos, commits, branches, PRs, webhooks, and more. SDKs in three languages. No need to run your own Git server.

Frequently Asked Questions

How does the commit API work without a git client?+

The SDK builds a commit object (tree + blobs), sends it via HTTP to the GitForge API, and the server stores objects in S3 and updates refs atomically. No git binary, no working directory, no checkout. This is how training scripts, CI pipelines, and scaffolding tools commit files programmatically.

Can we enforce team boundaries across a monorepo?+

Yes. Path-level RBAC uses glob patterns to control who can read and write specific directories. For example, services/auth/** can be restricted to the auth team, while services/payments/** is restricted to the payments team. Permissions are enforced at push time — unauthorized changes are rejected before they reach the repository.

Does BYO storage affect performance?+

No. Three-tier caching (Redis L1, S3, golden packs) works regardless of which S3-compatible backend you use. Frequently accessed objects are served from Redis. Full clones are served from golden pack cache. The storage backend only matters for cold reads, which are optimized with zlib compression and parallel fetching.

Can we migrate from GitHub or GitLab?+

Yes. Repository mirroring lets you pull from GitHub or GitLab to GitForge. Alternatively, change your git remote and push — all history transfers. LFS objects are migrated automatically. The API is different from GitHub/GitLab, but the SDKs provide equivalent functionality with typed clients.

How does SSO and SCIM provisioning work?+

SAML and OIDC are supported on Pro plans and above. Connect your identity provider (Okta, Azure AD, Google Workspace, etc.) and users authenticate through your IdP. SCIM on Enterprise plans auto-provisions and de-provisions users when they join or leave your organization in the IdP.

What does the audit log capture?+

Every authenticated operation: repo creation, pushes, branch changes, permission changes, membership changes, webhook configuration, and more. Logs include actor, action, resource, timestamp, and IP address. 90-day retention on Pro, 365 days on Enterprise.

Ready to build your developer platform on Git?

Create a free account, install an SDK, and make your first API call. Create a repo, commit files, and configure webhooks — all programmatically.

Start Free API Reference