A backup plan for your GitHub repos.

Self-host a live mirror on your own Cloudflare account. One command, private by default, open source. Nothing routes through anyone else.

GitFlare ships in versions. Each one stands alone — if the next one never gets built, the current one is still useful by itself. The grand plan is to move from "read replica" all the way to "fully self-sovereign collaboration on Cloudflare primitives." Full design and the reasoning behind each version is in PLAN.md.

Install once:

npm i -g gitflare

Then, from inside any GitHub repo on your machine:

gitflare init        # autodetects the GitHub remote from the current directory

Or pass a repo explicitly:

gitflare init github.com/<owner>/<repo>

The CLI walks you through a GitHub PAT + a scoped Cloudflare API token (three account-level permissions, all named), shows you exactly what it's about to provision, and waits for confirmation. After that it imports your repo into Artifacts, deploys a Worker on your account, sets secrets, installs a webhook, and prints the dashboard URL. Step-by-step walkthrough with screenshots in QUICKSTART.md.

GitFlare never sees your code, your token, or your traffic. It's an MIT-licensed CLI; everything it provisions runs on infrastructure you own.

• gitflare status — sync status for the repos you've provisioned.

• gitflare access enable — gate the dashboard + API behind Cloudflare Access SSO (free up to 50 seats on Cloudflare One). Note: this protects the web UI/API; git clone from Artifacts isn't gated yet — that's a later version.

• gitflare deploy enable — turn on continuous deploy. Commit a .gitflare/deploy.yml and your pre-built Worker (or Pages site) ships on every push, straight from your account:

  on: push
  branches: [main]
  steps:
    - cloudflare/deploy:
        project: my-worker
        kind: worker            # or "pages"
        entry: dist/worker.js   # worker: a built single-file ES module; pages: a directory
        vars:
          API_BASE: https://example.com
        kv:
          - { binding: CACHE, id: "<namespace-id>" }
        d1:
          - { binding: DB, database_id: "<id>" }
        migrations:             # optional; runs only with apply: true (idempotent)
          dir: migrations
          database_id: "<id>"
          apply: true

• gitflare deploy run — deploy the current Artifacts HEAD right now. This is the GitHub-down escape hatch: push straight to your Artifacts remote, then run this; no GitHub involved.

• gitflare deploy list / gitflare deploy rollback [--to <id>] — review deploy history and roll back to a previous successful deploy.

  Deploys and their live logs show up at <dashboard-url>/r/<repo>/deployments.

Pre-alpha, built in the open, and there's a lot of obvious next work. Cloudflare Access (M5), syntax highlighting, the image proxy, and the full v0.2 CD feature set have landed — see PLAN.md §12 for current status. PRs and issues are welcome — particularly on:

• Live-validating M5 + v0.2 against a real Cloudflare account. The Access apps/policies API, the Workers Scripts upload, Pages Direct Upload, and the D1 query path are coded to spec but need an end-to-end run.
• v0.2 build steps. CD currently deploys pre-built artifacts; running npm run build needs a Linux runtime (Sandboxes) — that's v0.3.
• Private git clone. Access gates the dashboard, but clone still hits Artifacts directly. Closing that needs an Access service token / Mesh path (v0.4+).
• Custom domains in front of the Worker, and better empty states / error messages anywhere in the CLI or dashboard.
• Anything in PLAN.md §8 Open Questions you have a strong opinion on.

How to contribute:

1. Open an issue describing what you want to do (so we don't duplicate work).
2. Fork, branch, code. The repo is a pnpm workspace; pnpm install && pnpm -r typecheck && pnpm -r test should pass.
3. Open a PR. Small, focused PRs land fastest.

Releases are automated with Release Please. Write PR titles as Conventional Commits — feat: → minor, fix: → patch, feat!: / BREAKING CHANGE → major; docs:/chore: don't trigger a release. On merge to main, a release PR is opened that bumps the version and changelog; merging that tags the release and publishes gitflare to npm.

If you just want to talk through an idea, open a Discussion or DM @sinameraji.

git push origin main
        │
        ▼
   github.com ──────► webhook ──────► your Worker ──────► Artifacts (in your account)
                                                                 │
                                                                 ▼
                                                       https://<repo>.<you>.workers.dev
                                                       (git clone + read-only web UI)

• Your Worker, your Artifacts repo, your D1, your R2 — all on your Cloudflare account.
• Cloudflare's free tier + $5/month Workers Paid covers a solo developer.
• No server in the loop between you and Cloudflare. We don't have an account to log you into.

gitflare/
├── PLAN.md              ← the design doc — read this first
├── README.md            ← you are here
├── QUICKSTART.md        ← end-to-end provisioning walkthrough
├── assets/              ← logo, diagrams
└── packages/
    ├── cli/             ← the `gitflare` CLI (Node.js, commander + clack)
    ├── worker/          ← the Cloudflare Worker — sync pipeline + dashboard
    └── shared/          ← shared TypeScript types

MIT © Sina Meraji and GitFlare contributors.