For Investors
Engineering
Next.js 14 marketing + dashboard, FastAPI service tier, Postgres 16 for manifest history (content-addressed by repo + commit SHA), and S3-compatible object storage for full route snapshots. The CI plugin is a thin Node binary that emits the build's route manifest and POSTs it to the API; the API diffs against the prior manifest for the base branch and writes a GitHub Checks annotation. No source code leaves the customer's CI — only the route manifest.
Architecture summary
Next.js 14 marketing + dashboard, FastAPI service tier, Postgres 16 for manifest history (content-addressed by repo + commit SHA), and S3-compatible object storage for full route snapshots. The CI plugin is a thin Node binary that emits the build's route manifest and POSTs it to the API; the API diffs against the prior manifest for the base branch and writes a GitHub Checks annotation. No source code leaves the customer's CI — only the route manifest.
Integrations
- GitHub Actions / GitHub Checks API (primary)
- GitLab CI (phase 3)
- CircleCI orb (phase 3)
- Vercel + Netlify deploy webhooks (phase 3)
- Sanity / Contentful slug-rename webhooks (phase 4 stretch)
Data model
Core entities: Repo, Manifest (commit SHA, route list, checksum), Diff (base manifest → PR manifest, broken-slug list, suggested redirects), RedirectStub. Manifests are append-only and content-addressed; diffs are derived and cached.
Security posture
SOC 2 Type I targeted in phase 2; Type II in phase 3. mTLS between CI plugin and API; manifests are diffed only, never source. Self-hosted runner option in phase 4 for customers that cannot egress manifest data.
Scalability
Linear to ~10K repos on a single Postgres + Redis pair; bottleneck above that is GitHub Checks API rate per installation, mitigated by per-installation queueing.
Risk register
Risk register
| Risk | Severity | Likelihood | Mitigation | Confidence |
|---|---|---|---|---|
| GitHub Checks API rate limits throttle annotations during deploy-heavy windows | Medium | Medium | Per-installation queue with backoff; pre-negotiated higher tier before 1K repos. | Modeled |
| Customer security team blocks manifest egress, demanding self-hosted runner earlier than planned | Medium | Medium | Ship a self-hosted runner option in phase 4; document manifest-only egress in security one-pager. | Modeled |
| Headless-CMS slug renames bypass the CI gate entirely (content edits never trigger a PR) | High | Medium | Phase-4 webhook integration with Sanity / Contentful; document the gap in marketing copy until shipped. | Assumption |