Technical Documentation

Architecture & Flow

A transparent breakdown of how .git processes deployments, routes traffic, and manages state across a globally distributed edge network.

System Architecture

.git operates on a control-plane / data-plane separation model. The control plane handles configuration, CI/CD orchestration, and state management, while the data plane executes requests and serves content from 300+ edge locations.

👨‍💻

Developer CLI/SDK

Local builds, git hooks, and direct API calls for pipeline triggers.

🌐

Control Plane

Auth, project config, RBAC, CI/CD orchestration, and state storage.

🔍

Edge Router

Geo-aware DNS, TLS termination, request routing, and cache validation.

Compute Runtime

Serverless functions, static hosting, and dynamic request handling.

💾

Storage & Cache

Edge cache, distributed object storage, and ephemeral build artifacts.

Deployment & Request Flow

Step 1 Push & Detect

Developer pushes to a monitored branch. Git hooks or webhook listeners detect the change and trigger the pipeline.

$ git push origin feature/auth-redesign
> Detected branch: feature/auth-redesign
> Triggering pipeline: #4829

Step 2 Build & Validate

Control plane spins up ephemeral build runners. Dependencies are cached, tests execute, and artifacts are generated.

[build] Restoring cache: node_modules/@next
[test] Passing: 142/142 suites
[build] Output: 18.4MB optimized bundle

Step 3 Deploy & Propagate

Artifacts are encrypted and streamed to edge nodes. Configuration is updated atomically using blue-green deployment strategy.

[deploy] Uploading artifacts... done (0.8s)
[edge] Propagating to 14 regions... done (2.1s)
✓ Live at: app.git.dev/feature/auth

Step 4 Route & Serve

Incoming requests hit the nearest edge node. Cache hits are served instantly. Dynamic requests are routed to compute runtimes.

GET /api/user/profile
[edge] Cache: MISS
[compute] Function: getUser (42ms)
[edge] 200 OK (Total: 68ms)

Infrastructure Specifications

🌍 Global Network

  • Edge Locations300+ PoPs
  • Regions14 Primary Zones
  • Anycast DNSYes
  • Avg Latency<25ms

⚙️ Compute & Runtime

  • Cold Start<100ms (V8 isolates)
  • Max Duration60s / request
  • Concurrent InvocationsAuto-scales to 100k+
  • Supported RuntimesNode, Python, Go, Rust, WASM

💾 Storage & Caching

  • Edge Cache TierL2/L3 Distributed
  • Object StorageS3-Compatible, 99.999999999% dur
  • Build ArtifactsEphemeral, auto-cleanup
  • Cache InvalidationInstant, edge-terminated

Security & Compliance Architecture

🔐 Identity & Access

Zero-trust model with OIDC/OAuth2.0 federation. Role-based access control (RBAC) and fine-grained permissions at project, branch, and environment levels. Session tokens expire after 24h with automatic rotation.

🛡️ Data Protection

All data encrypted at rest using AES-256-GCM and in transit via TLS 1.3. Build environments are isolated with ephemeral namespaces. Secrets are injected at runtime and never persisted to disk or logs.

📜 Compliance & Audit

SOC 2 Type II certified, GDPR & CCPA compliant. Immutable audit logs for all pipeline actions, deployments, and configuration changes. Exportable to SIEM tools via webhook or API.

🌐 Network Security

DDoS mitigation at edge layer with 1Tbps+ capacity. Web Application Firewall (WAF) with custom rule sets. IP allowlisting and geo-blocking available at account level.