Socially self-hosting source code with Tangled on Bluesky / Mar 2025

I've been an avid user of GitHub since its launch, and it really has revolutionised how communities come together to work on open source. In recent years though, I find myself utterly overwhelmed by its notifications and want to experiment with alternative workflows. This experimentation also has a more serious undertone due to the increasing need for data sovereignty and so I'm starting to move my source code to self-hosted solutions that are less reliant on centralised services.

This has also come up persistently over the years in the OCaml community, with questions over why participation in packaging requires a GitHub account ever since the early days of opam. I've never found a good answer... until now, with the launch of an exciting new service that's built over the same protocol that Bluesky uses. As I noted a few weeks ago, the ATProto can be used for more than just microblogging. It can also be an identity layer, across which other applications can be built which reuse the social fabric from Bluesky accounts.

"Tangled" is a new service launched (just yesterday!) by @opilli and @icyphox to manage Git repositories. I'm having a lot of fun trying it out, even in its early alpha stages! The coolest thing about Tangled is that you can self-host your own knots, which control where the source code repositories are actually stored.

Self hosting my own Tangled knot

I set up one of the first knots on the network on git.recoil.org, and can now directly share my source code online without depending on GitHub! For example, this is the knot-docker container config which you can use to deploy your own version of this.

It looks pretty similar to GitHub doesn't it? The first key difference is the login on the top-right, which is the same as my @anil.recoil.org account. Once you're logged in, the other difference shows up when creating a new Git repository.

As you can see, you can not only select the name of the repository, but also where it's going to be stored. I can either put it on the central Tangled knot, or stick it on my own Recoil one. After this, the user experience of cloning is as simple as:

git clone https://tangled.sh/@anil.recoil.org/knot-docker
git clone git@git.recoil.org:anil.recoil.org/knot-docker

In the first case, the central tangled web server proxies the Git contents over HTTP, and for SSH I can just connect directly to my own server. Inside my Knot container, we can see where the Git repositories are stored:

/home/git # ls -1
did:plc:nhyitepp3u4u6fcfboegzcjw
knotserver.db
knotserver.db-shm
knotserver.db-wal
log

The did: directory is actually my 'decentralised identifier' from the ATProto, which we can verify by looking up the DNS atproto TXT record for my domain:

$ dig txt _atproto.anil.recoil.org
;; ANSWER SECTION:
_atproto.anil.recoil.org. 10799 IN      TXT     "did=did:plc:nhyitepp3u4u6fcfboegzcjw"

And then if we navigate into that directory, we can see there are just normal bare git repositories stored on my server.

/home/git/did:plc:nhyitepp3u4u6fcfboegzcjw/knot-docker # ls -la
total 24
drwxr-sr-x    4 git      git           4096 Mar  8 19:02 .
drwxr-sr-x    4 git      git           4096 Mar  8 18:23 ..
-rw-r--r--    1 git      git             21 Mar  8 18:01 HEAD
-rw-r--r--    1 git      git             36 Mar  8 18:01 config
drwxr-sr-x   17 git      git           4096 Mar  8 19:02 objects
drwxr-sr-x    4 git      git           4096 Mar  8 18:01 refs

This makes the core of Tangled very safe to use, even if the service disappears: I maintain the actual git repositories myself, so I can (e.g.) mirror them to GitHub via a simple cron script.

Collaboration is as simple as Bluesky

Tangled has only been out for about a day, so I coopted fellow Recoiler Nick Ludlam to create an account. I added his handle over to the Recoil knot, and that's all it took for him to be able to create repositories on our server.

I can also just add people directly to a particular repository, as you can see from the one below on his profile.

The issue metadata is also distributed

The real lockin to code repository management though, is the metadata around the repository; things like issues, comments and so on. Tangled makes it possible to decentralise where is this stored without needing a central Forge, by relaying it all via the ATProto. Let's take a look at how this works.

I created an issue on knot-docker, and it looks very similar to a GitHub issue. Zicklag on #tangled pointed me to the PDSLS public ATProto browser with which you can browse the actual ATProto records. I can start from my DID record and look for the sh.tangled.repo.issue collection, and find the issue URL from earlier. I then prodded Nick Ludlam to leave a comment on the issue, and you can see his sh.tangled.repo.issue.comment in the relay as well.

Even the repository stars are on the relay; see for example this entry for knot-docker that I did. The Tangled developers just added support for stars a few hours ago, and that changeset is a nice way to see how to add a new lexicon entry.

Why this fits in so well with the rest of Bluesky

The ATProto developers also released their roadmap for early 2025 today, and it aligns really well with some of the productions features I would need to completely shift over to a service like Tangled.

The first, and most vital one, is auth scopes to control the permissions of an app password to only certain operations. Once this is in the protocol, then a client to manage Tangled repositories could use a differently privileged password from the main social client.

Secondly, privately shared data and encrypted DMs using MLS point to how private code repositories could work. Srinivasan Keshav and I were discussing the difficulty of access-controlled replication over the Internet just yesterday, and I'm starting to believe that ATProto has the right balance of ergonomics and good design to make solving this problem much, much easier.

If you'd like to try this out, then the Knot Docker repository welcomes your issues!

Many thanks to Zicklag and icyphox on tangled IRC for helping me out with debugging the Knot setup and fixing bugs in real-time.