Portal
Web interface built with SvelteKit. Handles authentication, app catalog, deployment management, and user settings.
Platform
Built for transparency and control
Three components work together: a web portal for management, an orchestrator for coordination, and an agent running on your hardware. All designed to keep you in control.
How it works
Three layers that work together to give you automated protections without giving up control.
Orchestrator
Control plane running on Cloudflare Workers. Manages device pairing, command queues, backup coordination, and health checks.
Agent
Lightweight service running on your hardware. Executes commands, manages Docker containers, handles backups, and reports health status.
Design principles
The technical choices that drive how we build.
Your hardware, your data
Apps run on infrastructure you control. We never see your application data—only metadata needed for coordination.
Open source apps
Every app we deploy is open source and self-hostable. No proprietary lock-in, no vendor control over your stack.
Transparent security
HMAC-signed agent communication, Auth0 for identity, HashiCorp Vault for secrets. Standard tools, no magic.
Edge-native control plane
Cloudflare Workers and Durable Objects provide low-latency coordination with strong consistency guarantees.
Why Cloudflare?
We chose Cloudflare Workers and Durable Objects for the control plane for several key reasons.
Global Edge Network
Cloudflare's edge network spans 300+ cities worldwide, ensuring low-latency access to the control plane from anywhere. Your agent connects to the nearest edge location automatically.
Strong Consistency
Durable Objects provide strong consistency guarantees with automatic failover. Your tenant state is always consistent, even during edge failures or network partitions.
Zero Infrastructure Management
No servers to manage, no databases to maintain, no scaling decisions to make. Cloudflare handles all infrastructure operations, letting us focus on building features.
Built-in Security
Cloudflare provides DDoS protection, WAF, and TLS termination out of the box. We get enterprise-grade security without building it ourselves.
Cost Effective
Pay only for what you use. No idle server costs, no over-provisioning. This keeps our platform costs low, which means better pricing for you.
Developer Experience
TypeScript-first, local development with Wrangler, and instant global deployments. We can ship features faster and iterate more quickly.
Full stack
Standard, proven technologies—no proprietary magic.
Frontend
SvelteKit, TypeScript, Vite
Backend
Cloudflare Workers, Durable Objects, D1, R2
Agent
Rust, Docker Compose, WebSockets
Security
Auth0, HashiCorp Vault, HMAC signatures
Deployment
Docker, Docker Compose, GitHub Actions
Observability
Structured logging, health checks, metrics
Deployment flow
What happens when you deploy an app—from selection to production.
1. Select & Configure
Choose an app from the catalog and configure settings in the portal. The orchestrator validates your deployment requirements.
→
2. Command Generation
The orchestrator generates a secure deployment command with encrypted configuration, Docker Compose setup, and secrets from Vault.
→
3. Agent Execution
Your agent receives the command via secure WebSocket, validates the HMAC signature, pulls Docker images, and starts containers.
→
4. Automation Active
Backups begin automatically, health checks monitor the app, unified auth integrates, and metrics start flowing to the portal.