'%20fill='%23fff'%3e%3cpath%20d='M24%20364.337V24h141.909c25.481%200%2046.833%203.601%2064.056%2010.803%2017.222%207.191%2030.183%2017.279%2038.882%2030.24s13.049%2027.972%2013.049%2045.041c0%2012.961-2.72%2024.513-8.148%2034.645-5.429%2010.142-12.906%2018.534-22.431%2025.174-9.526%206.651-20.548%2011.299-33.069%2013.953v3.325c13.732.661%2026.451%204.383%2038.134%2011.134%2011.684%206.762%2021.077%2016.155%2028.168%2028.17%207.092%2012.025%2010.638%2026.231%2010.638%2042.628%200%2018.281-4.647%2034.601-13.952%2048.939-9.305%2014.35-22.762%2025.648-40.381%2033.908-17.607%208.248-38.992%2012.377-64.143%2012.377H24zm82.258-200.414h45.534c8.975%200%2016.947-1.497%2023.929-4.493s12.432-7.312%2016.374-12.961c3.931-5.65%205.902-12.466%205.902-20.439%200-11.409-4.041-20.384-12.135-26.926-8.082-6.53-18.995-9.801-32.738-9.801h-46.866v74.62zm0%20134.109h50.853c17.839%200%2030.987-3.381%2039.466-10.131%208.479-6.762%2012.708-16.178%2012.708-28.247%200-8.755-2.049-16.309-6.145-22.686-4.096-6.365-9.922-11.298-17.443-14.789-7.532-3.491-16.561-5.231-27.089-5.231h-52.339v81.095l-.011-.011zM388.865%2024v340.337h-81.256V24h81.256zm181.618%20230.159V109.082h81.091v255.255h-77.435v-47.529h-2.665c-5.649%2015.616-15.263%2028.004-28.829%2037.145-13.578%209.14-29.941%2013.71-49.102%2013.71-17.398%200-32.683-3.986-45.864-11.97-13.181-7.973-23.433-19.14-30.745-33.489s-11.023-31.165-11.133-50.437V109.082h81.256v146.739c.11%2013.854%203.766%2024.767%2010.968%2032.74s17.002%2011.96%2029.413%2011.96c8.082%200%2015.372-1.795%2021.847-5.407%206.486-3.601%2011.628-8.865%2015.45-15.781%203.821-6.927%205.737-15.318%205.737-25.174h.011zm224.376%20115.002c-26.704%200-49.718-5.286-69.044-15.869-19.337-10.583-34.181-25.703-44.532-45.371-10.362-19.668-15.537-43.069-15.537-70.215s5.208-49.445%2015.614-69.212c10.418-19.779%2025.096-35.174%2044.037-46.197s41.261-16.53%2066.962-16.53c18.17%200%2034.787%202.83%2049.851%208.48s28.08%2014.007%2039.048%2025.086%2019.501%2024.734%2025.591%2040.966%209.14%2034.81%209.14%2055.756v20.273H694.145v-47.199h146.226c-.11-8.633-2.159-16.342-6.145-23.104s-9.448-12.047-16.374-15.869-14.866-5.726-23.841-5.726-17.233%202.015-24.424%206.057c-7.202%204.052-12.906%209.537-17.112%2016.452-4.207%206.927-6.431%2014.757-6.652%2023.512v48.025c0%2010.417%202.049%2019.525%206.145%2027.332s9.911%2013.876%2017.454%2018.193c7.532%204.317%2016.506%206.486%2026.924%206.486%207.201%200%2013.731-1.002%2019.612-2.995%205.869-1.993%2010.912-4.923%2015.119-8.81%204.206-3.876%207.367-8.645%209.47-14.294l74.616%202.158c-3.105%2016.728-9.889%2031.264-20.361%2043.62s-24.182%2021.937-41.129%2028.743c-16.947%206.816-36.559%2010.219-58.825%2010.219l.011.033z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='A'%3e%3cpath%20fill='%23fff'%20transform='translate(24%2024)'%20d='M0%200h892v345.161H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Why We Built Cobalt
We open-sourced the deployment platform now running Blue.
The deployment platform is the most leveraged piece of software in our stack. Every release passes through it. Every secret is decrypted by it. Every customer request is routed by it. For most of Blue’s life, we ran on someone else’s.
Today we’re shipping our own. Cobalt is an open-source deployment platform — single Go binary, Docker Swarm orchestration, automatic HTTPS via Caddy, rqlite for the control plane. MIT-licensed. In production now, running the infrastructure that 19,000 organizations rely on.
Why we built it
We ship hundreds of pull requests a month. That cadence is how three engineers compete with venture-funded teams. It only works if deploys are boring.
Ours weren’t.
Intermittently, a deploy would land in a state where Caddy’s in-memory routing pointed at a Docker Swarm service that hadn’t actually come up healthy. The result was a window of 502s until somebody noticed. The fix was reproducible enough that we’d turned it into a AI Agent fix skill — deploy-proxy-fix — that we’d run from a laptop, over SSH, in about five minutes.
A skill that fixes your deploy bug is a useful skill. But its existence meant we couldn’t approve and merge pull requests from a phone, because the moment something went sideways we needed a laptop. For a team of three trying to ship from anywhere, that’s a structural problem, not a bug.
Around the same time, we found 150+ stale Docker networks accumulated on the production host — leaked across deploys, never cleaned up, eventually consuming IP space. Another patch. Another runbook. Each one rational in isolation. Together, a signal.
These weren’t bugs to fix. They were design-level decisions to make differently.
Then there was money. The deployment platform we were running offered a paid tier to prioritize our pull requests. Reasonable for them. Wrong for us. We just shipped one-time pricing for Blue — $99, $299, $999, paid once, no renewal. We are structurally the cheapest serious option in our category. Every recurring vendor cost we take on eventually shows up in a customer’s bill. Owning our deployment layer is a cost decision as much as a technical one.
How it works
Cobalt began as a fork of Disco, whose disco.json + Dockerfile model we kept and rebuilt the engine underneath. The shape stays familiar — drop a cobalt.json file in your repo, push to GitHub, it deploys. The differences are below the surface.
┌─────────────────────────────────────────────────────────────┐
│ COBALT DAEMON │
├─────────────────────────────────────────────────────────────┤
│ │
│ CLI (You) ──────────► HTTP API ──────────► Deploy │
│ │
│ │ │ │
│ ▼ ▼ │
│ ┌──────────┐ ┌──────────┐ │
│ │ Store │ │ Build │ │
│ │ (rqlite) │ │ Kit │ │
│ └──────────┘ └──────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌──────────────────────────────┐ │
│ │ Caddy + Docker │ │
│ └──────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘Four things matter.
rqlite for the control plane. Most single-host deployment tools use SQLite for their state. rqlite is a distributed SQLite built on Raft — same SQL surface, same files, but replicated. Today Cobalt runs single-node; rqlite is there so the day we need multi-node, we don’t have to migrate the data layer first.
Stable project IDs, not project names. Every Docker label, every Caddy @id, every internal lookup in Cobalt is keyed on a project’s stable ID, not its display name. The label is cobalt.project.id={id}; the Caddy route is cobalt-project-{id}. Renaming a project becomes a metadata change instead of a re-keying operation across the whole host. In a system that has accumulated infrastructure objects over a year of production, this is the difference between idempotent and not.
Reconciler-based Caddy state. The 502 class of bug we’d been patching was a reconciler problem — the in-memory Caddy config and the on-disk source of truth drifted apart under certain failure paths. Cobalt reconciles Caddy state from rqlite on every deploy and swaps upstreams via @id-keyed PATCH that’s atomic from Caddy’s perspective. The bug class is gone, not patched.
One binary, one runtime. Cobalt is a single Go binary. The CLI and the daemon are the same executable. Where comparable tools split a Python daemon and a Node.js CLI — two runtimes, two dependency trees, two version trains — Cobalt is one statically-linked file you scp to a server. Deploying Cobalt itself is cobalt server and a systemd unit.
The code is MIT-licensed. Read it, fork it, run it.
What it changes for customers
When we say “we control our stack,” it sounds like a slogan. Here’s what it actually means for teams running their work on Blue.
The 502 class of incident is designed out. Not patched, designed out. Same for the network leak. We’re not promising no failures — we’re saying the failure modes we already knew about have been addressed at the architecture layer, not the runbook layer.
We ship more, from anywhere. Cobalt deploys are faster than what they replaced, and crucially, they’re recoverable without SSH. The constraint that anchored us to laptops during ship hours is gone. More features, more fixes, more often.
Price stays low because cost stays low. Cobalt is the infrastructure half of the same bet behind our business model. The more of the stack we own, the more of the cost curve we control. Cloud bills go up. Managed-service tiers go up. Code we run ourselves does not. One-time pricing only works when there’s no recurring cost stack underneath that would force the asterisk later.
Open by default. Cobalt is on GitHub. The deployment layer is one of the highest-leverage pieces of software in any company’s stack — it touches every release, every secret, every domain. We don’t think it should be a black box for us, and we don’t think it should be one for anyone else running it.
What’s next
Cobalt is in production. It’s orchestrating Blue right now — every API call, every deploy, every customer request flowing through blue.cc.
The roadmap is what we’re focused on next: managed Postgres, automated backups to S3-compatible object storage, ephemeral preview environments per pull request, multi-node Swarm. Each one is a piece of cost or operational complexity we’d otherwise be renting from someone else, and passing on the extra costs to you.
The case for owning your infrastructure used to end at the hardware. We don’t think it does anymore.
— Manny