Distributed version control for the open web

Your git.
Your pod.
Your future.

Every repository is a collection of RDF resources living in your Solid pod — a URL space you own. Every commit, pull request, and collaborator has a permanent address. No platform lock-in. No sign-up required.

Get started → How it works
scroll

Distributed by design

Every repository lives in a Solid pod — a personal URL namespace you control. No central server holds your history. Anyone can self-host; anyone can federate.

Cryptographically authenticated

Every pod request carries a DPoP-bound access token tied to your WebID — a URL, not a username. Stolen tokens are useless without the matching EC private key.

Open linked data

Commits, trees, refs, PRs, and issues are Turtle RDF resources at permanent URLs. Query your entire history with SPARQL. Link to any commit from anywhere on the web.

How it works

From WebID to git push

Three steps: authenticate with your Solid pod, push with the standard git protocol, then grant collaborators access via WAC — all without touching a third-party platform.

Step 01

Authenticate

The auth service discovers your OIDC issuer by dereferencing your WebID URL, runs the Solid-OIDC browser flow, and returns a DPoP-bound access token.

# Initiate login with your WebID solid-git login https://you.pod/profile/card#me # Opens browser → OIDC login → # token saved to ~/.config/solid-git/
Step 02

Push your repository

The git remote helper translates the standard git push/fetch protocol into authenticated requests against your pod. Commits and trees become Turtle RDF at permanent URLs.

# Add a Solid remote git remote add origin \ solid://you.pod/git/myrepo # Push — same as any git remote git push origin main
Step 03

Collaborate via WAC

Grant any WebID access to your repository container. Collaborators authenticate against their own pod — no shared secret or pre-registration between pods needed.

solid-git grant \ --repo https://you.pod/git/myrepo/ \ --to https://bob.pod/profile/card#me \ --write # Bob can now clone and push

Components

Three components, one workflow

solid-git is a small stack of focused tools. Each does one thing and composes cleanly with the others.

auth-service

Authentication broker

A small Express server that handles the Solid-OIDC browser flow for the CLI. Manages PKCE and ephemeral DPoP EC key pairs. A public instance runs at solid-git.redpencil.io — no local setup needed for end users.

# Public instance — used by default https://solid-git.redpencil.io # Self-host via Docker docker compose up
git-remote-solid

Git remote helper

A git remote helper that git discovers automatically for solid:// remotes. Translates the git push/fetch protocol into authenticated HTTP calls against the pod. Commits and trees are stored as Turtle RDF; blobs as a binary pack file.

# git finds it automatically on PATH git clone \ solid://you.pod/git/myrepo
solid-git CLI

Terminal command

The solid-git command handles login, token management, collaborator grants, and opening pull requests and issues via ActivityStreams 2.0 activities posted to your repo's LDP inbox.

solid-git login <webid> solid-git whoami solid-git grant --repo … --to … solid-git pr --title "…"

Features

Everything you'd expect, nothing you don't

DPoP token binding

Every access token is cryptographically bound to an ephemeral EC key pair generated at login. Stolen tokens cannot be replayed from another machine.

WAC access control

Grant read or read+write to any WebID with a single command. Access control lists live in your pod as Turtle RDF — no separate permission system to manage.

Pull requests and issues

PRs and issues are ActivityStreams 2.0 resources in your pod's LDP inbox. Contributors POST activities to your inbox; you own the data, always.

Any Solid pod

Works with solid.redpencil.io, or any self-hosted Community Solid Server instance. If it speaks Solid-OIDC and LDP, solid-git works with it.

Pure git protocol

git push, git pull, git clone. No new commands, no new mental model. The remote helper is invisible — git just works.

SPARQL-queryable history

Every commit is a Turtle document at a permanent URL. Traverse your history with SPARQL, link to any commit from papers or documentation, or build tooling on top of the RDF graph directly.

Quick start

Four steps to your first commit

Install solid-git

Download the solid-git and git-remote-solid binaries from the releases page and put them on your PATH. No Node.js required.

Log in with your WebID

Run solid-git login <your-webid>. The CLI contacts the hosted auth service at solid-git.redpencil.io — no local service needed. A browser window opens, you log in, and your DPoP token is saved automatically.

Add a solid remote

Point git at your pod with git remote add origin solid://you.pod/git/myrepo. The remote helper handles the rest.

Push

git push origin main — your commits, trees, and refs are now first-class linked data resources living at permanent URLs in your pod.

terminal
# 1. Install — download binaries and put on PATH $ curl -Lo ~/bin/solid-git \ https://gitea.redpencil.io/solid-git/releases/latest/solid-git-linux-x64 $ curl -Lo ~/bin/git-remote-solid \ https://gitea.redpencil.io/solid-git/releases/latest/git-remote-solid-linux-x64 $ chmod +x ~/bin/solid-git ~/bin/git-remote-solid # 2. Log in (uses solid-git.redpencil.io by default) $ solid-git login https://you.solid.redpencil.io/profile/card#me Open this URL in your browser to authenticate: https://solid.redpencil.io/authorize?... Waiting for authentication......... done. Logged in as https://you.solid.redpencil.io/profile/card#me # 3. Add remote and push $ git remote add origin solid://you.solid.redpencil.io/git/myrepo $ git push origin main Uploading commit feedface... Uploading tree deadbeef... Uploading 3 blobs... Updated refs/heads/main To solid://you.solid.redpencil.io/git/myrepo * [new branch] main -> main

Deploy

Auth service — yours or ours

A public auth service runs at solid-git.redpencil.io — the CLI uses it by default so most users need nothing local. Self-hosters can run their own instance behind nginx-proxy.

Hosted

solid-git.redpencil.io

The default. No configuration needed — the CLI points here out of the box. Get a pod at solid.redpencil.io and start pushing.

# No setup required — just log in solid-git login https://you.solid.redpencil.io/profile/card#me
Local dev

Docker Compose

Run the auth service locally when developing against a local Solid pod. Set SOLID_GIT_AUTH_PORT=3456 to override the default public URL.

docker compose up # Point CLI at local instance: export SOLID_GIT_AUTH_PORT=3456
Self-host

Public server (nginx-proxy)

Deploy your own instance behind jwilder/nginx-proxy with automatic TLS. Point users at it with SOLID_GIT_AUTH_URL.

BASE_URL=https://solid-git.example.com \ VIRTUAL_HOST=solid-git.example.com \ LETSENCRYPT_HOST=solid-git.example.com \ docker compose up -d

Built on open standards

No platform.
No lock-in.
Just your pod.

solid-git is assembled entirely from W3C and IETF standards. Your data is portable, linkable, and yours. Shut down the auth service tomorrow — your repository is still in your pod, fully intact, ready to clone.

  • Solid / LDP — Container-based resource storage with link discovery
  • Solid-OIDC — WebID-grounded identity, issuer discovered from your profile
  • DPoP (RFC 9449) — Cryptographic token binding, no replay attacks
  • WAC — Web Access Control, access lists as Turtle in your pod
  • RDF / Turtle — Every commit is a first-class linked data resource
  • ActivityStreams 2.0 — Pull requests and issues as standard social activities

Ready to own your version history?

Get a Solid pod, install solid-git, and push your first commit to a URL you control.

Get started → Get a pod at solid.redpencil.io