About CloudWall

CloudWall is a kind of offline-ready toy in-browser OS, for authoring, storing, and sharing docs and CouchDB-hosted webapps. CloudWall installs via replication and needs only CouchDB and modern HTML5-compliant browser to run. Also CloudWall can run on static hosting, as a set of files.

CloudWall Architecture

‘GDI’ App runtime CloudWall Storage Renders HTML and receives user interactions Manages bindings between data and UI controls Prepares, runs and closes apps, manages app switch Stores apps and documents, optionally syncs with external CouchDB instances All CloudWall components run in a browser tab, no server or even internet connection required after system started. Any local DB can eventually sync with external CouchDB instances over http(s). One CouchDB can have several users connected, thus providing shared workspace, docs and applications set. CouchDB CouchDB

Use cases

CloudWall is mostly a dev tool, which targets people, managing a lot of CouchDB instances and developing for CouchDB. CloudWall built-in tools ease up both development and daily ops.

CouchDB hub

Running from CouchDB-hosted origin, CloudWall is a perfect hub for managing CouchDB-related systems and projects. Several at a time, on different domains.

CloudWall has built-in App Editor for creating UI apps, intended for processing docs inside CloudWall shell. Using built-in Ddoc Lab editor most CloudWall apps may be exported as a standalone couchapp design documents.

Large distributed nets

CloudWall plays especially well in part with Couchbox, which augments native CouchDB query server with hooks and API constructor. Both hooks and API endpoints descriptors are branches of design docs, very similar to native Couch approach. 

Entire app logic, packed in a single design doc, means apps may be deployed to nodes using standard Couch replication dataflow. Both CouchDB query server and Couchbox code bits are hot-swapped when design doc update received.

Data backup and analysis

Using CloudWall, you can create a backup of a remote CouchDB doc set literally in seconds. Browser might be a good place to stash bucket clones with up to dozens of thousand of docs.

One-way sync enables creating local design docs that never go to server, which might be useful for flexible iterative data analysis, right in browser. Complex reduce queries are especially fast in browser compared to native CouchDB.

How it works

CloudWall keeps in sync local browser DB buckets with remote CouchDBs. Sync can be both uni- and bi-directional. Moreover, each local bucket may sync with many external CouchDB buckets on different domains.

Buckets may contain both data docs and special docs, containing apps. There are several system-wide apps, however each bucket may have additional apps.

Storage. All docs and apps are stored inside user browser, in IndexedDB or WebSQL storage, pumped up with PouchDB lib to be doc-oriented. 

Internal browser storage can have several virtual buckets, each with unique sync settings and set of apps. One local bucket has reserved name cw and holds system docs, user profile, replication settings and passwords, cryptokeys and so on.

Profile sync. Profile, cryptokeys and system-wide apps are stored in System DB. If your System DB is synced with CouchDB, you can share your profile across different devices. Starting CloudWall at new device, just paste profile CouchDB bucket URL and get synced.

Offline. CloudWall opened in a browser tab, works offline perfectly. All libs are loaded during system start, all docs are local. Cloud replication is async by it’s nature and restarts when browser goes online.

Apps. CloudWall apps are jQuery.my manifests. They are structured JSON objects so fit perfectly with storage. There are several system tools for authoring, testing and deploying apps — right in browser tab. jQuery.my learning curve is very short and there are several example apps installed on first system launch.

Security. To ensure sensitive data can’t be read even on occasional replication, CloudWall has built-in crypto lib. It forces encryption of all sensitive user profile docs on save, and can be optionally applied to encrypt some user docs.

To ensure external apps can not run without notice, system asks user trust confirmation if app was updated since last run.


CloudWall app framework has a built-in feature that encrypts docs during save and decrypts when you open it by click. You have your own protected key chain and can select a key to encrypt the doc.

Unless other persons do not have a key, they are unable to open an encrypted doc even if they synced the doc in.

Cryptokeys are managed in User profile and may be shared between users using side channels, like email.

Cryptokeys protection

If your profile is PIN-protected (CloudWall asks for PIN on page reload), cryptokeys are stored encrypted and no user app has direct access to them. However, cw.crypto runtime API exports methods for using keys blindly, which allows apps to encode only parts of a given doc.

Password protection

Sync configuration may have several DB endpoints with credentials. If your profile is protected using PIN, all those passwords are stored encrypted. What is more important, in that case no app have or can have access to decrypted passwords.


Using CloudWall you must clearly understand that it’s a permanent beta. It is built on top of many open-source and fast evolving third-party libraries. It is an open platform — you can write your own code, that can impact system stability. It all means no guarantees, however in most cases all works quiet smooth. 

Be smart and get synced with external CouchDB if you keep sensitive data in browser. 

You can use cloudwall.me and connectivity it provides for any legal purpose. You can create and distribute your own apps and docs, create your local DBs and private clouds of any kind — do anything you want. 

Get CloudWall sources


© 2017 ermouth. CloudWall is MIT-licensed.