{"id":50012126,"url":"https://github.com/apprafter/apprafter","last_synced_at":"2026-06-15T00:04:42.863Z","repository":{"id":357960921,"uuid":"1231434280","full_name":"AppRafter/apprafter","owner":"AppRafter","description":"Opinionated open-source PaaS on Kubernetes — same Application manifest from a single VPS to confidential bare metal.","archived":false,"fork":false,"pushed_at":"2026-06-07T00:51:08.000Z","size":6448,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-06-07T02:04:38.804Z","etag":null,"topics":["cue-lang","developer-platform","devops","gitops","kubernetes","opinionated","paas","platform-engineering","rust","self-hosted"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AppRafter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-07T00:46:24.000Z","updated_at":"2026-06-07T00:46:02.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/AppRafter/apprafter","commit_stats":null,"previous_names":["apprafter/apprafter"],"tags_count":306,"template":false,"template_full_name":null,"purl":"pkg:github/AppRafter/apprafter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppRafter%2Fapprafter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppRafter%2Fapprafter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppRafter%2Fapprafter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppRafter%2Fapprafter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AppRafter","download_url":"https://codeload.github.com/AppRafter/apprafter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppRafter%2Fapprafter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34114437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cue-lang","developer-platform","devops","gitops","kubernetes","opinionated","paas","platform-engineering","rust","self-hosted"],"created_at":"2026-05-20T00:05:08.488Z","updated_at":"2026-06-09T16:01:07.854Z","avatar_url":"https://github.com/AppRafter.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/apprafter-logo.svg\" alt=\"AppRafter\" width=\"160\" /\u003e\n\n# AppRafter\n\n**An opinionated, vertically integrated Platform-as-a-Service on Kubernetes.**\n\n**One `Application` manifest, designed to run unchanged from a €5 VDS to multi-node production — an open-source core, with an optional managed cloud on top.**\n\n[![License: FSL-1.1-Apache-2.0](https://img.shields.io/badge/license-FSL--1.1--Apache--2.0-blue.svg)](./LICENSE)\n[![Plugins: MIT](https://img.shields.io/badge/plugins-MIT-green.svg)](./LICENSE-MIT)\n\n\u003c/div\u003e\n\n---\n\n\u003e **Status:** pre-1.0, under active development. The single-node **Tier 1** path has shipped (MVP, the `v0.1.x` series); multi-node tiers, the platform services, and the managed cloud are in active development. `spec.md` (its `Revision` line) and `plan.md` are the source of truth — this README states what runs today versus what is on the roadmap.\n\n## What it is\n\nAppRafter fills the gap between a hosted PaaS and vanilla Kubernetes:\n\n- **Hosted PaaS** — easy to start, but tied to one vendor, costly at scale, and not self-hostable.\n- **Vanilla Kubernetes** — portable and scalable, but the cognitive load is high and the ecosystem is fragmented.\n- **AppRafter** — one `Application` manifest, four hardware tiers, GitOps as the only control surface, and no vendor lock-in at any layer. Deploy via Argo CD and the `apprafter` CLI, with destructive operations gated by a `MigrationPlan` CRD rather than an unguarded `kubectl delete`. (An MCP interface — letting an AI agent drive deploys through the same gate — is on the roadmap.)\n\nThe platform is deliberately **opinionated** — one proven component per slot (e.g. Cilium for networking, Argo CD for GitOps) — so there is a single, well-trodden path instead of an assembly project.\n\n## Two products, one platform\n\nAppRafter is an open-source platform first, with a managed cloud as a second product built **on top of** the same core — not a premium fork of it.\n\n### 1. Open-source core — self-host\n\nEverything required to run the platform is open source and free to run on your own hardware or in your own cloud: the Rust operator and its CRDs, the `apprafter` CLI, the developer portal, the platform services, and observability. The managed cloud adds only a thin convenience layer on top — a self-hosted cluster is **fully functional without it**.\n\nShipped today is the single-node **Tier 1** control plane: `apprafter` provisions a Hetzner VDS, bootstraps the cluster (Cilium, upstream Gateway API, the AppRafter operator, Argo CD, cert-manager), and the operator reconciles your `Application`s through GitOps. Multi-node tiers and the `needs`-based platform services (Postgres, Redis, and more) are landing per `plan.md`.\n\nLicensed under **FSL-1.1-Apache-2.0** (see [License](#license)).\n\n### 2. Managed cloud — on top (in development)\n\nFor teams who would rather not run the ops themselves, a managed cloud is in development. Its defining design choice: **your cluster, control plane, operator, and all your data always stay on your own infrastructure.** The managed side hosts only a thin layer on top — the Backstage portal, an account UI, and a hosted MCP endpoint.\n\nTwo properties follow directly from that architecture:\n\n- **Anti-vendor-lock by design.** Because the cluster will be a standalone open-source install on your own infrastructure, canceling the subscription leaves it running by design — you lose only the hosted convenience layer, with no migration required.\n- **Minimal Data Exposure.** The managed services are designed to see only metadata — manifests applied, status and audit events — never the data in your databases or your secret values.\n\nThe managed cloud is planned at three levels of increasing scope — **Hosted Services** (the launch plan) → **Managed Operations** → **Turnkey Cloud** — billed per cluster. A waitlist opens at launch.\n\n\u003e A hardware **tier** (the compute substrate, T1–T4) and a managed **plan** (how much of the operations we run for you) are two independent axes — any tier can run self-hosted or under a managed plan.\n\n## Tier model\n\nThe dev-facing API is identical across tiers; moving between tiers is a platform operation, not a manifest rewrite. Tier names denote the **compute substrate** only.\n\n| Tier               | Substrate                                  | Typical use                    | Status              |\n| ------------------ | ------------------------------------------ | ------------------------------ | ------------------- |\n| **1 · Solo**       | Single VDS (Hetzner CX/CPX-class)          | Side-projects, solo founders   | **Implemented**     |\n| **2 · Small team** | 3+ heterogeneous nodes (HA)                | Growing teams, production      | In development      |\n| **3 · Production** | Bare metal (dedicated EPYC, Talos)         | Established products           | Roadmap (Phase 5+)  |\n| **4 · Regulated**  | External hyperscalers (AWS / GCP / Azure)  | Regulatory / sovereignty needs | Roadmap (Phase 6+)  |\n\n**Confidential containers** (Kata-CC on TDX / SEV-SNP hardware) are a planned **orthogonal opt-in capability** — available on any tier whose hardware supports it, not a tier of their own.\n\n## Under the hood\n\nBoring, proven components, plus a thin layer of our own code only where no ready solution exists.\n\n- **Components the platform standardizes on (one per slot):** Talos Linux, k3s + Cilium (eBPF networking), Argo CD (GitOps), CloudNativePG, Dragonfly (Redis-compatible), ClickHouse, NATS JetStream, Backstage, cert-manager, external-dns, KEDA. Secrets use SealedSecrets on Tier 1 and OpenBao on Tier 2+; control-plane storage is kine (SQLite on Tier 1), with a NATS JetStream backend and a replayable audit log as the Tier 2+ target.\n- **Written here, shipping today:** the Rust operator on kube-rs (reconciling `Application`, `MigrationPlan`, `PlatformStack`, and `SourceCredential`), a Rust admission webhook enforcing cross-field invariants the CRD schema can't express, the `apprafter` CLI (provisioning, bootstrap, lifecycle), and the `MigrationPlan` reconciler that gates destructive changes behind explicit approval. CUE is the design-time schema layer (`schemas/`), checked with `cue vet`.\n- **Designed, landing per the roadmap:** the `ResourceClaim` / `ServiceProvider` primitives and their reconcilers (Phase 2), the `AccessGrant` access model (Phase 4), and the MCP server with its agentic-safety gate (managed track).\n\n## Repository layout\n\n| Directory                                    | Contents                                                       |\n| -------------------------------------------- | -------------------------------------------------------------- |\n| [`cli/`](./cli/)                             | `apprafter` — Rust CLI for provisioning, bootstrap, lifecycle  |\n| [`operator/`](./operator/)                   | In-cluster Rust operator and admission webhook (kube-rs)       |\n| [`schemas/`](./schemas/)                     | CUE schemas for every CRD                                      |\n| [`providers/`](./providers/)                 | Built-in `ServiceProvider`s (Postgres, JetStream, ClickHouse, Redis, S3) |\n| [`backstage-plugins/`](./backstage-plugins/) | TypeScript plugins for the developer portal                    |\n| [`platform-stack/`](./platform-stack/)       | Platform Helm / CUE charts distributed to clusters             |\n| [`argocd-cue-cmp/`](./argocd-cue-cmp/)       | Argo CD config-management plugin for CUE app repositories      |\n| [`manifests/`](./manifests/)                 | Base platform manifests (Tier 1 today)                         |\n| [`landing/`](./landing/)                     | Project website (Astro + Payload CMS)                          |\n| [`docs/`](./docs/)                           | TechDocs sources, ADRs, visual assets                          |\n| [`examples/`](./examples/)                   | Reference `Application`s and golden-path templates             |\n\n## Quick start\n\n```sh\ngit clone https://github.com/AppRafter/apprafter\ncd apprafter\nnix develop          # or open in the VS Code Dev Container\njust bootstrap       # install local Git hooks\njust lint            # CUE + SPDX + cargo + bun checks\njust e2e-up          # local k3d cluster\n```\n\nThree setup paths (Nix flake, Dev Container, manual via `mise`) are documented in\n[`docs/contributing/setup.md`](./docs/contributing/setup.md).\n\nFull operator and developer documentation:\n\n- [Operator quickstart](./docs/operator-guide/quickstart.md) — provision and bootstrap a Tier-1 cluster.\n- [Platform management](./docs/operator-guide/platform-management.md) — PlatformStack lifecycle, channels, upgrade and freeze.\n- [Migration plans](./docs/operator-guide/migration-plans.md) — approve and reject destructive-change gates.\n- [GitOps walk](./docs/operator-guide/gitops-walk.md) — wiring Argo CD to your Git repositories.\n- [Writing Application.cue](./docs/dev-guide/application-cue.md) — the CUE manifest format, CMP, and multi-environment patterns.\n\n## License\n\nAppRafter is **open core**:\n\n- **Platform core** (`cli/`, `operator/`, `schemas/`, `manifests/`) — **FSL-1.1-Apache-2.0**: the Functional Source License, which auto-converts to **Apache 2.0** two years after each release. It permits any use — personal, internal business, and commercial workloads — **except offering AppRafter itself as a managed service to third parties**. Once a release reaches its two-year conversion date, that restriction lifts.\n- **Plugins** (`providers/*`, `backstage-plugins/*`, community SDKs) — **MIT** from day one.\n\nSee [`LICENSE`](./LICENSE), [`LICENSE-APACHE`](./LICENSE-APACHE), [`LICENSE-MIT`](./LICENSE-MIT), [`NOTICE`](./NOTICE), and ADRs [0001](./docs/adr/0001-license-fsl-1-1-mit.md) (original FSL choice) and [0032](./docs/adr/0032-license-fsl-1-1-apache-2-0.md) (current core license) for the rationale.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapprafter%2Fapprafter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapprafter%2Fapprafter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapprafter%2Fapprafter/lists"}