[Edit: as of mid-2016, an Enterprise version of Reviewable built along the lines sketched out below—but also supporting full at-rest data encryption in Firebase—is now available. See here for details!]

Over the last year, a number of people have asked me whether Reviewable would work with GitHub Enterprise, behind their company's firewall. The answer has always been no: third-party services that cannot run on-premises are an intrinsic part of Reviewable's architecture, with the biggest one being Firebase.

Recently, though, I've been prompted to consider a hybrid model where Reviewable runs on-premises, behind the firewall, but still reaches out to Firebase (and perhaps other minor services) for storing and processing less sensitive data such as review comments, PR titles, filenames, etc. This would be possible because Reviewable doesn't store any customer code in Firebase—it's all accessed directly from the in-browser client.

The advantage of this approach for me is that it's a lot cheaper to adapt Reviewable this way than it would be to rewrite the entire codebase to move away from Firebase, and becomes downright feasible if I take advantage of a SaaS-on-premises wrapper service like Replicated. The obvious downside is that there are undoubtedly many companies with a stringent security policy that this kind of semi-on-premises configuration will not satisfy.

So the big question is: is there enough of a market for this hybrid SaaS / on-premises model to make it worth building? Please let me know if it would or wouldn't work for your company!