Case Study: Extensible SaaS Architecture, Local-First, and Cloud-Collaborative

Executive Summary

Modern knowledge work is fragmented across disparate tools and silos. This case study proposes a paradigm shift in SaaS delivery: a Unified Control Plane architecture. By providing a single native desktop application that acts as a secure host for Zero-Cost Local Workspaces and Extensible Cloud Instances, we decouple the user interface from the compute environment.

The platform’s architectural integrity is sustained by two pillars of extensibility Obsidian-style Internal Plugins and Notion-style External Connections and a granular, usage-based billing model inspired by GitHub Codespaces. This model ensures that individuals, power users, and enterprise teams can operate within a single, cohesive environment that scales precisely with their needs.

1. The Unified Control Plane: The Workspace Hub

At the heart of the application is the Workspace Hub. This is the primary navigation and orchestration layer that transforms the desktop app from a “file editor” into a “portal for compute.”

1.1. Centralized Orchestration

The Hub serves as a unified dashboard where users manage every environment they are a part of. This includes:

• Local Workspaces: Direct links to directories on the user’s physical machine. These are private, zero-latency havens for personal thought and development.
• Collaborative Cloud Workspaces: Remote compute instances hosted on the platform’s managed infrastructure. These are listed with real-time status indicators (e.g., “Active,” “Hibernating,” “Syncing”).
• Organization Grouping: For enterprise users, the Hub groups workspaces by team or project, allowing for seamless context-switching between different organizational identities.

1.2. The Seamless Context Switcher

The Hub enables a “Hot-Swap” workflow. A user can finish personal research in a Local Workspace and, with a single click, switch to a Team Cloud Instance. The app backend re-initializes, loading the specific plugins, connections, and data permissions associated with that new context all without restarting the application.

2. Extensibility Pillar 1: “Sub-App” Internal Plugins

We adopt an “Obsidian-style” model where plugins are the primary method of functional expansion. Plugins are not merely cosmetic additions; they are deeply integrated engines.

2.1. The Bundling & Host Model

A plugin acts as a delivery vehicle for entire applications (e.g., Excalidraw, Kanban boards, SQL clients).

• Functional Embedding: The plugin carries the full library and runtime logic of the sub-app within its bundle. This allows the platform to support nearly any web-based or WASM-based technology.
• The Glue Layer: The plugin provides the “manager” logic that interprets the Host App’s API. It registers file types, handles auto-saving to the Host’s storage, and hooks into the global command palette.
• Zero-Latency Execution: Because these engines run within the application’s own memory space, interactions are fluid, bypassing the “wait-time” typical of cloud-only web applications.

2.2. Scoped Permission Architecture

To protect user integrity while enabling power, we implement a “Workspace-Locked” permission model:

• No Root Required: Plugins never require administrative (Root) privileges on the OS.
• Vault Isolation: A plugin is granted access only to the files and settings of the active workspace. It cannot “see” into other local folders or cloud instances listed in the Hub.
• UI Slots: The Host App provides designated “Slots” where plugins can inject their interfaces, ensuring a consistent design language and preventing UI-clutter.

3. Extensibility Pillar 2: Notion-style Connections (External)

While plugins live “inside” the app, Connections bridge the workspace with the external digital ecosystem.

• Ecosystem Interoperability: Notion-style links allow the workspace to become a “Single Source of Truth.” Users can connect to GitHub for issue tracking, Slack for notifications, or Google Drive for asset management.
• Federated Compute (MCP): Native support for the Model Context Protocol (MCP) allows internal plugins to securely query remote AI models or specialized data providers without exposing the user’s primary credentials.
• Managed Auth Proxy: The Host App manages all OAuth2 and API Key handshakes, providing plugins with ephemeral “Connection Handles” rather than raw secrets.

4. Workspace Tiers & The Codespace Billing Model

The platform aligns its business model with the raw cost of compute and storage, providing transparency and fairness.

4.1. Local Workspaces: The Power User Haven

• Zero Cost: The core experience is free. All compute (CPU/RAM) is provided by the user’s own machine.
• Secure Personal Sync (Premium): For a flat monthly fee, users can enable an E2EE relay service. This allows their local workspaces including their unique configuration of sub-apps and plugins to stay perfectly in sync across their Home PC, Work Laptop, and Mobile device.

4.2. Cloud Workspaces: Collaborative Team Compute

Cloud instances are charged based on a granular, four-term usage model:

1. CPU & RAM (Compute): Hourly charges for active instance time. Organizations can choose “Standard” or “Performance” machine profiles based on the complexity of their sub-apps.
2. Persistent Storage: A monthly GB-based fee for the vault storage, ensuring data is always available even when the instance is hibernating.
3. Database (DB): Metered billing for high-speed record storage and metadata operations within the managed DB tier.
4. Governance: Workspace Admins manage the organizational plugin registry and use real-time telemetry to monitor and optimize resource spending.

5. Security & Isolation Rationale

A primary challenge of this architecture is ensuring that a “Hackable” plugin system does not lead to “Vulnerable” data.

• Cryptographic Boundaries: Every workspace (Local or Cloud) is treated as a unique cryptographic domain. Encryption keys for a Personal Workspace never touch the memory of a Team Cloud Instance.
• Audit Manifests: Every extension must provide a manifest declaring its required resources (e.g., “Network,” “FileSystem:Read,” “Connection:GitHub”). The Workspace Hub surfaces these for user review before activation.

6. Conclusion

By combining the Workspace Hub with a Dual Extensibility Model, this architecture delivers a platform that is both a private power-tool and an enterprise powerhouse. It respects the “Local-First” principles of privacy and performance for individuals while providing the “Cloud-Collaborative” scale and governance required by teams. This unified approach ensures that as the user’s career or company grows, their digital environment grows with them moving seamlessly from a single local folder to a globally distributed, usage-powered cloud network.

• Obsidian: Plugin Developer Principles
• Notion: Connections and External Data Flow
• GitHub: Codespaces Billing and Resource Management
• Ink & Switch: Local-first software