@git-stunts/git-cas 1.6.0

package/CHANGELOG.md

@@ -0,0 +1,105 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.6.0] — M4 Compass + M5 Sonar + M6 Cartographer (2026-02-06)
+
+### Added
+- `CasService.readManifest({ treeOid })` — reads a Git tree, locates and decodes the manifest, returns a validated `Manifest` value object.
+- `CasService.deleteAsset({ treeOid })` — returns logical deletion metadata (`{ slug, chunksOrphaned }`) without performing destructive Git operations.
+- `CasService.findOrphanedChunks({ treeOids })` — aggregates referenced chunk blob OIDs across multiple assets, returning `{ referenced: Set<string>, total: number }`.
+- Facade pass-throughs for `readManifest`, `deleteAsset`, and `findOrphanedChunks` on `ContentAddressableStore`.
+- New error codes: `MANIFEST_NOT_FOUND`, `GIT_ERROR`.
+- 42 new unit tests across three new test suites.
+- `CasService` now extends `EventEmitter` with lifecycle events:
+  `chunk:stored`, `chunk:restored`, `file:stored`, `file:restored`,
+  `integrity:pass`, `integrity:fail`, and `error` (guarded).
+- Comprehensive benchmark suite (`test/benchmark/cas.bench.js`) covering
+  store, restore, encrypt/decrypt, createTree, verifyIntegrity, and
+  JsonCodec vs CborCodec at multiple data sizes.
+- 14 new unit tests for EventEmitter integration.
+- `docs/API.md` — full API reference for all public methods, events, value objects, ports, and error codes.
+- `docs/SECURITY.md` — threat model, AES-256-GCM design, key handling, limitations.
+- `GUIDE.md` — progressive-disclosure guide from zero knowledge to mastery.
+- `examples/` directory with runnable scripts: `store-and-restore.js`, `encrypted-workflow.js`, `progress-tracking.js`.
+- ESLint config now ignores `examples/` directory (runnable scripts use `console.log`).
+
+## [1.3.0] — M3 Launchpad (2026-02-06)
+
+### Added
+- Native Bun support via `BunCryptoAdapter` (uses `Bun.CryptoHasher`).
+- Native Deno/Web standard support via `WebCryptoAdapter` (uses `crypto.subtle`).
+- Automated, secure release workflow (`.github/workflows/release.yml`) with:
+    - **NPM OIDC support** including build provenance.
+    - **JSR support** via `jsr.json` and automated publishing.
+    - **GitHub Releases** with automated release notes.
+    - **Idempotency & Version Checks** to prevent failed partial releases.
+- Dynamic runtime detection in `ContentAddressableStore` to pick the best adapter automatically.
+- Hardened `package.json` with repository metadata, engine constraints, and explicit file inclusion.
+- Local quality gates via `pre-push` git hook and `scripts/install-hooks.sh`.
+
+### Changed
+- **Breaking Change:** `CasService` cryptographic methods (`sha256`, `encrypt`, `decrypt`, `verifyIntegrity`) are now asynchronous to support Web Crypto and native optimizations.
+- `ContentAddressableStore` facade methods are now asynchronous to accommodate lazy service initialization and async crypto.
+- Project migrated from `npm` to `pnpm` for faster, more reliable dependency management.
+- CI workflow (`.github/workflows/ci.yml`) now runs on all branches but prevents duplicate runs on PRs.
+- `Dockerfile` now uses `corepack` for pnpm management.
+
+### Fixed
+- Fixed recursion bug in `BunCryptoAdapter` where `randomBytes` shadowed the imported function.
+- Resolved lazy-initialization race condition in `ContentAddressableStore` via promise caching.
+- Fixed state leak in `WebCryptoAdapter` streaming encryption.
+- Consolidated double decrypt calls in integrity tests for better performance.
+- Hardened adapter-level key validation with type checks.
+
+## [1.2.0] — M2 Boomerang (v1.2.0)
+
+### Added
+- `CryptoPort` interface and `NodeCryptoAdapter` — extracted all `node:crypto` usage from the domain layer.
+- `CasService.store()` — accepts `AsyncIterable<Buffer>` sources (renamed from `storeFile`).
+- Multi-stage Dockerfile (Node 22, Bun, Deno) with `docker-compose.yml` for per-runtime testing.
+- BATS parallel test runner (`test/platform/runtimes.bats`).
+- Devcontainer setup (`.devcontainer/`) with all three runtimes + BATS.
+- Encryption key validation (`INVALID_KEY_TYPE`, `INVALID_KEY_LENGTH` error codes).
+- Encryption round-trip unit tests (110 tests including fuzz).
+- Empty file (0-byte) edge case tests.
+- Error-path unit tests for constructors and core failures.
+- Deterministic test digest helper (`digestOf`).
+
+### Changed
+- `CasService` domain layer has zero `node:*` imports — all platform dependencies injected via ports.
+- Constructor requires `crypto` and `codec` params (no defaults); facade supplies them.
+- Facade `storeFile()` now opens the file and delegates to `CasService.store()`.
+
+### Fixed
+- None.
+
+### Security
+- None.
+
+## [1.0.0] - 2025-05-30
+
+### Added
+
+- `ContentAddressableStore` facade with `createJson` and `createCbor` factory methods.
+- `CasService` core with `storeFile`, `createTree`, `encrypt`, `decrypt`, and `verifyIntegrity` operations.
+- Hexagonal architecture via `GitPersistencePort` interface and `GitPersistenceAdapter` backed by Git's object database.
+- Pluggable codec system with `JsonCodec` and `CborCodec` implementations.
+- `Manifest` and `Chunk` Zod-validated, frozen value objects.
+- `CasError` custom error class for structured error handling.
+- Streaming AES-256-GCM encryption and decryption.
+- Docker-based test runner for reproducible CI builds.
+
+### Changed
+- None.
+
+### Fixed
+- None.
+
+### Security
+- None.

package/LICENSE

@@ -0,0 +1,200 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to the Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by the Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding any notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. Please do not remove or change
+      the license header template below.
+
+   Copyright 2026 James Ross <james@flyingrobots.dev>
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,111 @@
+# @git-stunts/git-cas
+
+<img width="420" alt="git-cas" src="https://github.com/user-attachments/assets/e7cb63b9-25b7-4369-b053-4a35962ccee4" />
+
+## JESSIE, STOP—
+
+> Hold on. He’s turning Git into a blob store. Let him cook.
+
+**Most potent clone available on GitHub (legally).**
+
+### Git, freebased: pure CAS that’ll knock your SHAs off. LFS hates this repo.
+
+Git isn’t source control. 
+Git is a content-addressed object database.  
+We use the object database.  
+
+`git-cas` chunks files into Git blobs (dedupe for free), optionally encrypts them, and emits a manifest + a real Git tree so you can commit/tag/ref it like any other artifact.
+
+## What you get
+
+- **Dedupe for free** Git already hashes objects. We just lean into it.
+- **Chunked storage** big files become stable, reusable blobs.
+- **Optional AES-256-GCM encryption** store secrets without leaking plaintext into the ODB.
+- **Manifests** a tiny explicit index of chunks + metadata (JSON/CBOR).
+- **Tree output** generates standard Git trees so assets snap into commits cleanly.
+- **Full round-trip** store, tree, and restore — get your bytes back, verified.
+- **Lifecycle management** `readManifest`, `deleteAsset`, `findOrphanedChunks` — inspect trees, plan deletions, audit storage.
+
+**Use it for:** binary assets, build artifacts, model weights, data packs, secret bundles, weird experiments, etc.
+
+## Usage (Node API)
+
+```js
+import GitPlumbing from '@git-stunts/plumbing';
+import ContentAddressableStore from '@git-stunts/cas';
+
+const git = new GitPlumbing({ cwd: './assets-repo' });
+const cas = new ContentAddressableStore({ plumbing: git });
+
+// Store a file -> returns a manifest (chunk list + metadata)
+const manifest = await cas.storeFile({
+  filePath: './image.png',
+  slug: 'my-image',
+  encryptionKey: myKeyBuffer, // optional (32 bytes)
+});
+
+// Turn the manifest into a Git tree OID
+const treeOid = await cas.createTree({ manifest });
+
+// Restore later — get your bytes back, integrity-verified
+await cas.restoreFile({ manifest, outputPath: './restored.png' });
+
+// Read the manifest back from a tree OID
+const m = await cas.readManifest({ treeOid });
+
+// Lifecycle: inspect deletion impact, find orphaned chunks
+const { slug, chunksOrphaned } = await cas.deleteAsset({ treeOid });
+const { referenced, total } = await cas.findOrphanedChunks({ treeOids: [treeOid] });
+```
+
+## CLI (git plugin)
+
+`git-cas` installs as a Git subcommand:
+
+```bash
+# Store a file — prints manifest JSON
+git cas store ./image.png --slug my-image
+
+# Store and get a tree OID directly
+git cas store ./image.png --slug my-image --tree
+
+# Create a tree from an existing manifest
+git cas tree --manifest manifest.json
+
+# Restore from a tree OID
+git cas restore <tree-oid> --out ./restored.png
+
+# Encrypted round-trip (32-byte raw key file)
+git cas store ./secret.bin --slug vault --key-file ./my.key --tree
+git cas restore <tree-oid> --out ./decrypted.bin --key-file ./my.key
+```
+
+## Why not Git LFS?
+
+Because sometimes you want the Git object database to be the store:
+
+- deterministic 
+- content-addressed 
+- locally replicable 
+- commit-addressable
+
+Also because LFS is, well... LFS.
+
+---
+
+> _THIS HASH’LL KNOCK YOUR SHAs OFF! FIRST COMMIT’S FREE, MAN._
+
+<img width="420" alt="dhtux" src="https://github.com/user-attachments/assets/f2c13357-22c7-4685-83ce-7eccd747e2fe" />
+
+---
+
+## License
+
+Apache-2.0 
+Copyright © 2026 [James Ross](https://github.com/flyingrobots)
+
+---
+
+<p align="center">
+<sub>Built by <a href="https://github.com/flyingrobots">FLYING ROBOTS</a></sub>
+</p>

package/bin/git-cas.js

@@ -0,0 +1,135 @@
+#!/usr/bin/env node
+
+import { readFileSync } from 'node:fs';
+import { program } from 'commander';
+import GitPlumbing from '@git-stunts/plumbing';
+import ContentAddressableStore from '../index.js';
+import Manifest from '../src/domain/value-objects/Manifest.js';
+
+program
+  .name('git-cas')
+  .description('Content Addressable Storage backed by Git')
+  .version('1.3.0');
+
+/**
+ * Read a 32-byte raw encryption key from a file.
+ */
+function readKeyFile(keyFilePath) {
+  const key = readFileSync(keyFilePath);
+  return key;
+}
+
+/**
+ * Create a CAS instance for the given working directory.
+ */
+function createCas(cwd) {
+  const plumbing = new GitPlumbing({ cwd });
+  return new ContentAddressableStore({ plumbing });
+}
+
+// ---------------------------------------------------------------------------
+// store
+// ---------------------------------------------------------------------------
+program
+  .command('store <file>')
+  .description('Store a file into Git CAS')
+  .requiredOption('--slug <slug>', 'Asset slug identifier')
+  .option('--key-file <path>', 'Path to 32-byte raw encryption key file')
+  .option('--tree', 'Also create a Git tree and print its OID')
+  .option('--cwd <dir>', 'Git working directory', '.')
+  .action(async (file, opts) => {
+    try {
+      const cas = createCas(opts.cwd);
+      const storeOpts = {
+        filePath: file,
+        slug: opts.slug,
+      };
+
+      if (opts.keyFile) {
+        storeOpts.encryptionKey = readKeyFile(opts.keyFile);
+      }
+
+      const manifest = await cas.storeFile(storeOpts);
+
+      if (opts.tree) {
+        const treeOid = await cas.createTree({ manifest });
+        process.stdout.write(`${treeOid  }\n`);
+      } else {
+        process.stdout.write(`${JSON.stringify(manifest.toJSON(), null, 2)  }\n`);
+      }
+    } catch (err) {
+      process.stderr.write(`error: ${err.message}\n`);
+      process.exit(1);
+    }
+  });
+
+// ---------------------------------------------------------------------------
+// tree
+// ---------------------------------------------------------------------------
+program
+  .command('tree')
+  .description('Create a Git tree from a manifest')
+  .requiredOption('--manifest <path>', 'Path to manifest JSON file')
+  .option('--cwd <dir>', 'Git working directory', '.')
+  .action(async (opts) => {
+    try {
+      const cas = createCas(opts.cwd);
+      const raw = readFileSync(opts.manifest, 'utf8');
+      const manifest = new Manifest(JSON.parse(raw));
+      const treeOid = await cas.createTree({ manifest });
+      process.stdout.write(`${treeOid  }\n`);
+    } catch (err) {
+      process.stderr.write(`error: ${err.message}\n`);
+      process.exit(1);
+    }
+  });
+
+// ---------------------------------------------------------------------------
+// restore
+// ---------------------------------------------------------------------------
+program
+  .command('restore <tree-oid>')
+  .description('Restore a file from a Git CAS tree')
+  .requiredOption('--out <path>', 'Output file path')
+  .option('--key-file <path>', 'Path to 32-byte raw encryption key file')
+  .option('--cwd <dir>', 'Git working directory', '.')
+  .action(async (treeOid, opts) => {
+    try {
+      const cas = createCas(opts.cwd);
+      const service = await cas.getService();
+
+      // Read the tree to find the manifest
+      const entries = await service.persistence.readTree(treeOid);
+      const manifestEntry = entries.find(
+        (e) => e.name.startsWith('manifest.'),
+      );
+      if (!manifestEntry) {
+        process.stderr.write('error: No manifest found in tree\n');
+        process.exit(1);
+      }
+
+      const manifestBlob = await service.persistence.readBlob(
+        manifestEntry.oid,
+      );
+      const manifest = new Manifest(
+        service.codec.decode(manifestBlob),
+      );
+
+      const restoreOpts = { manifest };
+      if (opts.keyFile) {
+        restoreOpts.encryptionKey = readKeyFile(opts.keyFile);
+      }
+
+      const { bytesWritten } = await cas.restoreFile({
+        ...restoreOpts,
+        outputPath: opts.out,
+      });
+
+      process.stdout.write(`${bytesWritten}\n`);
+    } catch (err) {
+      process.stderr.write(`error: ${err.message}\n`);
+      process.exit(1);
+    }
+  });
+
+program.parse();