coopernetes / fogwall-git-proxy-comparison.md

Last active June 24, 2026 04:01

Programming Model: JGit + Jetty vs Express + child-process git

Context: finos/git-proxy is a FINOS project that acts as a policy-enforcing proxy for git pushes. The current implementation is Node.js/Express. fogwall is a Java/Jetty implementation that uses JGit's native git protocol stack.

This document compares the programming models — how each codebase structures request handling, validation, streaming, and extensibility.

The Architectural Split

finos/git-proxy proves you can block or allow a push with a single buffered response as part of a stateful, transparent proxy with a processing & enrichment layer from git wire data for the purposes of enforcing a company's policy around source code movement between trusted and untrusted zones (primarily - or rather originally - intended to enable organizations with stringent security policies to contribute code to public open source projects). That abili

coopernetes / jgit-server-side-abstractions.md

Created March 26, 2026 08:00

JGit Server-Side Abstractions: Reference Guide

Quick reference for integrating JGit's server-side git-receive-pack handling into jgit-proxy's servlet-based filter architecture.

Core Composition Model

GitServlet (HTTP layer)
  ├── RepositoryResolver<HttpServletRequest>  ← "which repo?"
  ├── ReceivePackFactory<HttpServletRequest>   ← "how to handle this push?"

coopernetes / fogwall-vision-todo.md

Last active June 21, 2026 03:30

fogwall: Background & Architecture

What This Is

fogwall is a git push proxy — it sits between developers and upstream git hosting (GitHub, GitLab, Bitbucket, Forgejo) and enforces policy on pushes: who can push, what they can push, whether someone needs to approve it first. It's used internally at RBC for GitHub Enterprise governance and controlled code exchange scenarios (M&A, contractor access, cross-environment transfers).

It's a Java application built on Jetty 12 and JGit, with a React 19 dashboard for push management and approval workflows.

coopernetes / git-proxy-push.md

Last active October 23, 2023 18:17

git-proxy manual authorization steps

Authorize git pushes through git-proxy using the API

Git-proxy includes a REST-based API for managing certain aspects of repositories & git operations (pushes, pulls). This API is fronted by a web UI. The web interface is under active development and is missing some key features to allow Git Proxy to push commits through it.

The below procedure will allow you to "authorize" a push through git-proxy using the included API. The following assumptions are made and must be modified to match your deployment of git-proxy:

Both the proxy & API server is running. This is the default behaviour.
git-proxy is running on localhost on ports 8000 (proxy) and 8080 (API)
The instructions from the quick start have been followed. This includes modifying the configuration to add a new repository to the authorisedList. For this doc, we assume the upstream repository is https://github.com/RBC/git-proxy.