Branch your backend like you branch code.
Workspaces are mutable actor-owned overlays with optimistic concurrency. Sandboxes spin up real isolated databases with sampled production shape — not mocks. Commits are immutable, content-addressed via SHA-256 of canonical sorted-key JSON. Three-way merge is path-aware. Nineteen typed manifest domains all participate in one DAG, one review pipeline, one rollback story.
Workspace. Commit. Sandbox. Proposal. Each canonical.
Single persistent branch DAG
One DAG per project. Branches advance through optimistic concurrency. Version tokens prevent races. Branch protection policies (RequireValidation, RequiredApprovalCount, RestrictDirectCommit) gate merge.
Immutable content-addressed commits
SHA-256 of canonical sorted-key JSON. Identical commits dedupe automatically. The canonical serializer is deterministic — same inputs always produce the same hash.
Mutable workspaces
Actor-owned overlays. Concurrent edits use optimistic concurrency on Version. Multiple authors collaborate without stepping on each other; conflicts surface at merge time, not at edit time.
Real-database sandboxes
Spin up isolated copies of Postgres, Mongo, Redis with sampled production shape. CAS-driven, operation-log-as-source-of-truth, checkpoints, undo / redo, fork with explicit ancestry. Resource-managed and cleanly disposed.
Three-way merge
Semantic conflict detection. Path-aware. Schema, providers, federation, agents — all 19 typed manifest domains contribute IDomainDiffAnalyzer participants. Two PRs touching the same access policy surface the conflict before either lands.
Generic typed proposals
Branch / commit / workspace / environment / sandbox proposals — all unified. Workflow-style approvals. ApprovalCount and RestrictDirectCommit gate the merge. Audit-traced through canonical observability.
Everything branchable. In one DAG.
Each manifest domain plugs into UnifiedDiffEngine through a typed IDomainDiffAnalyzer. Same diff pipeline, same merge semantics — across schema, source assets, agents, all of it.
Test before you ship. See exactly what will change.
ValidationPipeline
IValidationRule plugins (SchemaIntegrityRule, MigrationSafetyRule, DestructiveChangeRule, more) run before merge. Branch protection can require validation pass before deploy.
DeployPreviewService
See the migration plan before you run it. Schema diff. DDL plan per provider. Estimated risk class. Approval-gated for destructive changes.
DeploymentRollbackService
DDL-level rollback assessment. What's reversible. What's past the cutover boundary. The rollback story is first-class — same semantics as forward deploy.
Agent-driven proposal testing
Open a PR. A Vadyl agent spins up a sandbox, replays last week's traffic shape against your changes, reports what broke / slowed / regressed. A real test report — not just a green check.
BranchComparisonService
Diff two branches structurally. See what's added, changed, removed across all 19 domains. Before you merge. Before you deploy.
BranchApproval entity
Approval count, approver identity, timestamp, message. Auditable. Never bypassable. The branch protection policies enforce it at merge time.
Schema · code · providers · agents · more
Not mocks
Semantic conflict detection
SHA-256 dedup
Stop dreading backend changes.
Branch the schema. Sandbox the migration. Run the agent. Open a proposal. Three-way merge. Deploy with confidence — through a system designed for change.