npm - @pierre/storage - Versions diffs - 0.0.10 → 0.1.0 - Mend

@pierre/storage 0.0.10 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/index.js CHANGED Viewed

@@ -1,14 +1,658 @@
 import { importPKCS8, SignJWT } from 'jose';
 import snakecaseKeys from 'snakecase-keys';
+import { z } from 'zod';
 // src/index.ts
+// src/errors.ts
+var RefUpdateError = class extends Error {
+  status;
+  reason;
+  refUpdate;
+  constructor(message, options) {
+    super(message);
+    this.name = "RefUpdateError";
+    this.status = options.status;
+    this.reason = options.reason ?? inferRefUpdateReason(options.status);
+    this.refUpdate = options.refUpdate;
+  }
+};
+var REF_REASON_MAP = {
+  precondition_failed: "precondition_failed",
+  conflict: "conflict",
+  not_found: "not_found",
+  invalid: "invalid",
+  timeout: "timeout",
+  unauthorized: "unauthorized",
+  forbidden: "forbidden",
+  unavailable: "unavailable",
+  internal: "internal",
+  failed: "failed",
+  ok: "unknown"
+};
+function inferRefUpdateReason(status) {
+  if (!status) {
+    return "unknown";
+  }
+  const trimmed = status.trim();
+  if (trimmed === "") {
+    return "unknown";
+  }
+  const label = trimmed.toLowerCase();
+  return REF_REASON_MAP[label] ?? "unknown";
+}
+var listFilesResponseSchema = z.object({
+  paths: z.array(z.string()),
+  ref: z.string()
+});
+var branchInfoSchema = z.object({
+  cursor: z.string(),
+  name: z.string(),
+  head_sha: z.string(),
+  created_at: z.string()
+});
+var listBranchesResponseSchema = z.object({
+  branches: z.array(branchInfoSchema),
+  next_cursor: z.string().nullable().optional(),
+  has_more: z.boolean()
+});
+var commitInfoRawSchema = z.object({
+  sha: z.string(),
+  message: z.string(),
+  author_name: z.string(),
+  author_email: z.string(),
+  committer_name: z.string(),
+  committer_email: z.string(),
+  date: z.string()
+});
+var listCommitsResponseSchema = z.object({
+  commits: z.array(commitInfoRawSchema),
+  next_cursor: z.string().nullable().optional(),
+  has_more: z.boolean()
+});
+var diffStatsSchema = z.object({
+  files: z.number(),
+  additions: z.number(),
+  deletions: z.number(),
+  changes: z.number()
+});
+var diffFileRawSchema = z.object({
+  path: z.string(),
+  state: z.string(),
+  old_path: z.string().nullable().optional(),
+  raw: z.string(),
+  bytes: z.number(),
+  is_eof: z.boolean()
+});
+var filteredFileRawSchema = z.object({
+  path: z.string(),
+  state: z.string(),
+  old_path: z.string().nullable().optional(),
+  bytes: z.number(),
+  is_eof: z.boolean()
+});
+var branchDiffResponseSchema = z.object({
+  branch: z.string(),
+  base: z.string(),
+  stats: diffStatsSchema,
+  files: z.array(diffFileRawSchema),
+  filtered_files: z.array(filteredFileRawSchema)
+});
+var commitDiffResponseSchema = z.object({
+  sha: z.string(),
+  stats: diffStatsSchema,
+  files: z.array(diffFileRawSchema),
+  filtered_files: z.array(filteredFileRawSchema)
+});
+var refUpdateResultSchema = z.object({
+  branch: z.string(),
+  old_sha: z.string(),
+  new_sha: z.string(),
+  success: z.boolean(),
+  status: z.string(),
+  message: z.string().optional()
+});
+var commitPackCommitSchema = z.object({
+  commit_sha: z.string(),
+  tree_sha: z.string(),
+  target_branch: z.string(),
+  pack_bytes: z.number(),
+  blob_count: z.number()
+});
+var resetCommitCommitSchema = commitPackCommitSchema.omit({ blob_count: true });
+var refUpdateResultWithOptionalsSchema = z.object({
+  branch: z.string().optional(),
+  old_sha: z.string().optional(),
+  new_sha: z.string().optional(),
+  success: z.boolean().optional(),
+  status: z.string(),
+  message: z.string().optional()
+});
+var commitPackAckSchema = z.object({
+  commit: commitPackCommitSchema,
+  result: refUpdateResultSchema
+});
+var resetCommitAckSchema = z.object({
+  commit: resetCommitCommitSchema,
+  result: refUpdateResultSchema.extend({ success: z.literal(true) })
+});
+var commitPackResponseSchema = z.object({
+  commit: commitPackCommitSchema.partial().optional().nullable(),
+  result: refUpdateResultWithOptionalsSchema
+});
+var resetCommitResponseSchema = z.object({
+  commit: resetCommitCommitSchema.partial().optional().nullable(),
+  result: refUpdateResultWithOptionalsSchema
+});
+var errorEnvelopeSchema = z.object({
+  error: z.string()
+});
+// src/commit.ts
+var MAX_CHUNK_BYTES = 4 * 1024 * 1024;
+var DEFAULT_TTL_SECONDS = 60 * 60;
+var BufferCtor = globalThis.Buffer;
+var CommitBuilderImpl = class {
+  options;
+  getAuthToken;
+  transport;
+  operations = [];
+  sent = false;
+  constructor(deps) {
+    this.options = { ...deps.options };
+    this.getAuthToken = deps.getAuthToken;
+    this.transport = deps.transport;
+    const trimmedTarget = this.options.targetBranch?.trim();
+    const trimmedMessage = this.options.commitMessage?.trim();
+    const trimmedAuthorName = this.options.author?.name?.trim();
+    const trimmedAuthorEmail = this.options.author?.email?.trim();
+    if (!trimmedTarget) {
+      throw new Error("createCommit targetBranch is required");
+    }
+    if (trimmedTarget.startsWith("refs/")) {
+      throw new Error("createCommit targetBranch must not include refs/ prefix");
+    }
+    if (!trimmedMessage) {
+      throw new Error("createCommit commitMessage is required");
+    }
+    if (!trimmedAuthorName || !trimmedAuthorEmail) {
+      throw new Error("createCommit author name and email are required");
+    }
+    this.options.targetBranch = trimmedTarget;
+    this.options.commitMessage = trimmedMessage;
+    this.options.author = {
+      name: trimmedAuthorName,
+      email: trimmedAuthorEmail
+    };
+    if (typeof this.options.expectedHeadSha === "string") {
+      this.options.expectedHeadSha = this.options.expectedHeadSha.trim();
+    }
+  }
+  addFile(path, source, options) {
+    this.ensureNotSent();
+    const normalizedPath = this.normalizePath(path);
+    const contentId = randomContentId();
+    const mode = options?.mode ?? "100644";
+    this.operations.push({
+      path: normalizedPath,
+      contentId,
+      mode,
+      operation: "upsert",
+      streamFactory: () => toAsyncIterable(source)
+    });
+    return this;
+  }
+  addFileFromString(path, contents, options) {
+    const encoding = options?.encoding ?? "utf8";
+    const normalizedEncoding = encoding === "utf-8" ? "utf8" : encoding;
+    let data;
+    if (normalizedEncoding === "utf8") {
+      data = new TextEncoder().encode(contents);
+    } else if (BufferCtor) {
+      data = BufferCtor.from(
+        contents,
+        normalizedEncoding
+      );
+    } else {
+      throw new Error(
+        `Unsupported encoding "${encoding}" in this environment. Non-UTF encodings require Node.js Buffer support.`
+      );
+    }
+    return this.addFile(path, data, options);
+  }
+  deletePath(path) {
+    this.ensureNotSent();
+    const normalizedPath = this.normalizePath(path);
+    this.operations.push({
+      path: normalizedPath,
+      contentId: randomContentId(),
+      operation: "delete"
+    });
+    return this;
+  }
+  async send() {
+    this.ensureNotSent();
+    this.sent = true;
+    const metadata = this.buildMetadata();
+    const blobEntries = this.operations.filter((op) => op.operation === "upsert" && op.streamFactory).map((op) => ({
+      contentId: op.contentId,
+      chunks: chunkify(op.streamFactory())
+    }));
+    const authorization = await this.getAuthToken();
+    const ack = await this.transport.send({
+      authorization,
+      signal: this.options.signal,
+      metadata,
+      blobs: blobEntries
+    });
+    return buildCommitResult(ack);
+  }
+  buildMetadata() {
+    const files = this.operations.map((op) => {
+      const entry = {
+        path: op.path,
+        content_id: op.contentId,
+        operation: op.operation
+      };
+      if (op.mode) {
+        entry.mode = op.mode;
+      }
+      return entry;
+    });
+    const metadata = {
+      target_branch: this.options.targetBranch,
+      commit_message: this.options.commitMessage,
+      author: {
+        name: this.options.author.name,
+        email: this.options.author.email
+      },
+      files
+    };
+    if (this.options.expectedHeadSha) {
+      metadata.expected_head_sha = this.options.expectedHeadSha;
+    }
+    if (this.options.committer) {
+      metadata.committer = {
+        name: this.options.committer.name,
+        email: this.options.committer.email
+      };
+    }
+    return metadata;
+  }
+  ensureNotSent() {
+    if (this.sent) {
+      throw new Error("createCommit builder cannot be reused after send()");
+    }
+  }
+  normalizePath(path) {
+    if (!path || typeof path !== "string" || path.trim() === "") {
+      throw new Error("File path must be a non-empty string");
+    }
+    return path.replace(/^\//, "");
+  }
+};
+var FetchCommitTransport = class {
+  url;
+  constructor(config) {
+    const trimmedBase = config.baseUrl.replace(/\/+$/, "");
+    this.url = `${trimmedBase}/api/v${config.version}/repos/commit-pack`;
+  }
+  async send(request) {
+    const bodyIterable = buildMessageIterable(request.metadata, request.blobs);
+    const body = toRequestBody(bodyIterable);
+    const response = await fetch(this.url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${request.authorization}`,
+        "Content-Type": "application/x-ndjson",
+        Accept: "application/json"
+      },
+      body,
+      signal: request.signal
+    });
+    if (!response.ok) {
+      const { statusMessage, statusLabel, refUpdate } = await parseCommitPackError(response);
+      throw new RefUpdateError(statusMessage, {
+        status: statusLabel,
+        message: statusMessage,
+        refUpdate
+      });
+    }
+    const ack = commitPackAckSchema.parse(await response.json());
+    return ack;
+  }
+};
+function toRequestBody(iterable) {
+  const readableStreamCtor = globalThis.ReadableStream;
+  if (typeof readableStreamCtor === "function") {
+    const iterator = iterable[Symbol.asyncIterator]();
+    return new readableStreamCtor({
+      async pull(controller) {
+        const { value, done } = await iterator.next();
+        if (done) {
+          controller.close();
+          return;
+        }
+        controller.enqueue(value);
+      },
+      async cancel(reason) {
+        if (typeof iterator.return === "function") {
+          await iterator.return(reason);
+        }
+      }
+    });
+  }
+  return iterable;
+}
+function buildMessageIterable(metadata, blobs) {
+  const encoder = new TextEncoder();
+  return {
+    async *[Symbol.asyncIterator]() {
+      yield encoder.encode(`${JSON.stringify({ metadata })}
+`);
+      for (const blob of blobs) {
+        for await (const segment of blob.chunks) {
+          const payload = {
+            blob_chunk: {
+              content_id: blob.contentId,
+              data: base64Encode(segment.chunk),
+              eof: segment.eof
+            }
+          };
+          yield encoder.encode(`${JSON.stringify(payload)}
+`);
+        }
+      }
+    }
+  };
+}
+function buildCommitResult(ack) {
+  const refUpdate = toRefUpdate(ack.result);
+  if (!ack.result.success) {
+    throw new RefUpdateError(
+      ack.result.message ?? `Commit failed with status ${ack.result.status}`,
+      {
+        status: ack.result.status,
+        message: ack.result.message,
+        refUpdate
+      }
+    );
+  }
+  return {
+    commitSha: ack.commit.commit_sha,
+    treeSha: ack.commit.tree_sha,
+    targetBranch: ack.commit.target_branch,
+    packBytes: ack.commit.pack_bytes,
+    blobCount: ack.commit.blob_count,
+    refUpdate
+  };
+}
+function toRefUpdate(result) {
+  return {
+    branch: result.branch,
+    oldSha: result.old_sha,
+    newSha: result.new_sha
+  };
+}
+async function* chunkify(source) {
+  let pending = null;
+  let produced = false;
+  for await (const value of source) {
+    const bytes = value;
+    if (pending && pending.byteLength === MAX_CHUNK_BYTES) {
+      yield { chunk: pending, eof: false };
+      produced = true;
+      pending = null;
+    }
+    const merged = pending ? concatChunks(pending, bytes) : bytes;
+    pending = null;
+    let cursor = merged;
+    while (cursor.byteLength > MAX_CHUNK_BYTES) {
+      const chunk = cursor.slice(0, MAX_CHUNK_BYTES);
+      cursor = cursor.slice(MAX_CHUNK_BYTES);
+      yield { chunk, eof: false };
+      produced = true;
+    }
+    pending = cursor;
+  }
+  if (pending) {
+    yield { chunk: pending, eof: true };
+    produced = true;
+  }
+  if (!produced) {
+    yield { chunk: new Uint8Array(0), eof: true };
+  }
+}
+async function* toAsyncIterable(source) {
+  if (typeof source === "string") {
+    yield new TextEncoder().encode(source);
+    return;
+  }
+  if (source instanceof Uint8Array) {
+    yield source;
+    return;
+  }
+  if (source instanceof ArrayBuffer) {
+    yield new Uint8Array(source);
+    return;
+  }
+  if (ArrayBuffer.isView(source)) {
+    yield new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
+    return;
+  }
+  if (isBlobLike(source)) {
+    const stream = source.stream();
+    if (isAsyncIterable(stream)) {
+      for await (const chunk of stream) {
+        yield ensureUint8Array(chunk);
+      }
+      return;
+    }
+    if (isReadableStreamLike(stream)) {
+      yield* readReadableStream(stream);
+      return;
+    }
+  }
+  if (isReadableStreamLike(source)) {
+    yield* readReadableStream(source);
+    return;
+  }
+  if (isAsyncIterable(source)) {
+    for await (const chunk of source) {
+      yield ensureUint8Array(chunk);
+    }
+    return;
+  }
+  if (isIterable(source)) {
+    for (const chunk of source) {
+      yield ensureUint8Array(chunk);
+    }
+    return;
+  }
+  throw new Error("Unsupported file source for createCommit");
+}
+async function* readReadableStream(stream) {
+  const reader = stream.getReader();
+  try {
+    while (true) {
+      const { value, done } = await reader.read();
+      if (done) {
+        break;
+      }
+      if (value !== void 0) {
+        yield ensureUint8Array(value);
+      }
+    }
+  } finally {
+    reader.releaseLock?.();
+  }
+}
+function ensureUint8Array(value) {
+  if (value instanceof Uint8Array) {
+    return value;
+  }
+  if (value instanceof ArrayBuffer) {
+    return new Uint8Array(value);
+  }
+  if (ArrayBuffer.isView(value)) {
+    return new Uint8Array(value.buffer, value.byteOffset, value.byteLength);
+  }
+  if (typeof value === "string") {
+    return new TextEncoder().encode(value);
+  }
+  if (BufferCtor && BufferCtor.isBuffer(value)) {
+    return value;
+  }
+  throw new Error("Unsupported chunk type; expected binary data");
+}
+function isBlobLike(value) {
+  return typeof value === "object" && value !== null && typeof value.stream === "function";
+}
+function isReadableStreamLike(value) {
+  return typeof value === "object" && value !== null && typeof value.getReader === "function";
+}
+function isAsyncIterable(value) {
+  return typeof value === "object" && value !== null && Symbol.asyncIterator in value;
+}
+function isIterable(value) {
+  return typeof value === "object" && value !== null && Symbol.iterator in value;
+}
+function concatChunks(a, b) {
+  if (a.byteLength === 0) {
+    return b;
+  }
+  if (b.byteLength === 0) {
+    return a;
+  }
+  const merged = new Uint8Array(a.byteLength + b.byteLength);
+  merged.set(a, 0);
+  merged.set(b, a.byteLength);
+  return merged;
+}
+function base64Encode(bytes) {
+  if (BufferCtor) {
+    return BufferCtor.from(bytes).toString("base64");
+  }
+  let binary = "";
+  for (let i = 0; i < bytes.byteLength; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  const btoaFn = globalThis.btoa;
+  if (typeof btoaFn === "function") {
+    return btoaFn(binary);
+  }
+  throw new Error("Base64 encoding is not supported in this environment");
+}
+function randomContentId() {
+  const cryptoObj = globalThis.crypto;
+  if (cryptoObj && typeof cryptoObj.randomUUID === "function") {
+    return cryptoObj.randomUUID();
+  }
+  const random = Math.random().toString(36).slice(2);
+  return `cid-${Date.now().toString(36)}-${random}`;
+}
+function createCommitBuilder(deps) {
+  return new CommitBuilderImpl(deps);
+}
+function resolveCommitTtlSeconds(options) {
+  if (typeof options?.ttl === "number" && options.ttl > 0) {
+    return options.ttl;
+  }
+  return DEFAULT_TTL_SECONDS;
+}
+async function parseCommitPackError(response) {
+  const fallbackMessage = `createCommit request failed (${response.status} ${response.statusText})`;
+  const cloned = response.clone();
+  let jsonBody;
+  try {
+    jsonBody = await cloned.json();
+  } catch {
+    jsonBody = void 0;
+  }
+  let textBody;
+  if (jsonBody === void 0) {
+    try {
+      textBody = await response.text();
+    } catch {
+      textBody = void 0;
+    }
+  }
+  const defaultStatus = (() => {
+    const inferred = inferRefUpdateReason(String(response.status));
+    return inferred === "unknown" ? "failed" : inferred;
+  })();
+  let statusLabel = defaultStatus;
+  let refUpdate;
+  let message;
+  if (jsonBody !== void 0) {
+    const parsedResponse = commitPackResponseSchema.safeParse(jsonBody);
+    if (parsedResponse.success) {
+      const result = parsedResponse.data.result;
+      if (typeof result.status === "string" && result.status.trim() !== "") {
+        statusLabel = result.status.trim();
+      }
+      refUpdate = toPartialRefUpdateFields(result.branch, result.old_sha, result.new_sha);
+      if (typeof result.message === "string" && result.message.trim() !== "") {
+        message = result.message.trim();
+      }
+    }
+    if (!message) {
+      const parsedError = errorEnvelopeSchema.safeParse(jsonBody);
+      if (parsedError.success) {
+        const trimmed = parsedError.data.error.trim();
+        if (trimmed) {
+          message = trimmed;
+        }
+      }
+    }
+  }
+  if (!message && typeof jsonBody === "string" && jsonBody.trim() !== "") {
+    message = jsonBody.trim();
+  }
+  if (!message && textBody && textBody.trim() !== "") {
+    message = textBody.trim();
+  }
+  return {
+    statusMessage: message ?? fallbackMessage,
+    statusLabel,
+    refUpdate
+  };
+}
+function toPartialRefUpdateFields(branch, oldSha, newSha) {
+  const refUpdate = {};
+  if (typeof branch === "string" && branch.trim() !== "") {
+    refUpdate.branch = branch.trim();
+  }
+  if (typeof oldSha === "string" && oldSha.trim() !== "") {
+    refUpdate.oldSha = oldSha.trim();
+  }
+  if (typeof newSha === "string" && newSha.trim() !== "") {
+    refUpdate.newSha = newSha.trim();
+  }
+  return Object.keys(refUpdate).length > 0 ? refUpdate : void 0;
+}
 // src/fetch.ts
+var ApiError = class extends Error {
+  status;
+  statusText;
+  method;
+  url;
+  body;
+  constructor(params) {
+    super(params.message);
+    this.name = "ApiError";
+    this.status = params.status;
+    this.statusText = params.statusText;
+    this.method = params.method;
+    this.url = params.url;
+    this.body = params.body;
+  }
+};
 var ApiFetcher = class {
   constructor(API_BASE_URL2, version) {
     this.API_BASE_URL = API_BASE_URL2;
     this.version = version;
-    console.log("api fetcher created", API_BASE_URL2, version);
   }
   getBaseUrl() {
     return `${this.API_BASE_URL}/api/v${this.version}`;
@@ -38,9 +682,48 @@ var ApiFetcher = class {
     const response = await fetch(requestUrl, requestOptions);
     if (!response.ok) {
       const allowed = options?.allowedStatus ?? [];
-      if (!allowed.includes(response.status)) {
-        throw new Error(`Failed to fetch ${method} ${requestUrl}: ${response.statusText}`);
+      if (allowed.includes(response.status)) {
+        return response;
+      }
+      let errorBody;
+      let message;
+      const contentType = response.headers.get("content-type") ?? "";
+      try {
+        if (contentType.includes("application/json")) {
+          errorBody = await response.json();
+        } else {
+          const text = await response.text();
+          errorBody = text;
+        }
+      } catch {
+        try {
+          errorBody = await response.text();
+        } catch {
+          errorBody = void 0;
+        }
       }
+      if (typeof errorBody === "string") {
+        const trimmed = errorBody.trim();
+        if (trimmed) {
+          message = trimmed;
+        }
+      } else if (errorBody && typeof errorBody === "object") {
+        const parsedError = errorEnvelopeSchema.safeParse(errorBody);
+        if (parsedError.success) {
+          const trimmed = parsedError.data.error.trim();
+          if (trimmed) {
+            message = trimmed;
+          }
+        }
+      }
+      throw new ApiError({
+        message: message ?? `Request ${method} ${requestUrl} failed with status ${response.status} ${response.statusText}`,
+        status: response.status,
+        statusText: response.statusText,
+        method,
+        url: requestUrl,
+        body: errorBody
+      });
     }
     return response;
   }
@@ -213,9 +896,9 @@ async function validateWebhook(payload, headers, secret, options = {}) {
     return validationResult;
   }
   const payloadStr = typeof payload === "string" ? payload : payload.toString("utf8");
-  let parsedPayload;
+  let parsedJson;
   try {
-    parsedPayload = JSON.parse(payloadStr);
+    parsedJson = JSON.parse(payloadStr);
   } catch {
     return {
       valid: false,
@@ -223,25 +906,283 @@ async function validateWebhook(payload, headers, secret, options = {}) {
       timestamp: validationResult.timestamp
     };
   }
+  const conversion = convertWebhookPayload(String(eventType), parsedJson);
+  if (!conversion.valid) {
+    return {
+      valid: false,
+      error: conversion.error,
+      timestamp: validationResult.timestamp
+    };
+  }
   return {
     valid: true,
     eventType,
     timestamp: validationResult.timestamp,
-    payload: parsedPayload
+    payload: conversion.payload
+  };
+}
+function convertWebhookPayload(eventType, raw) {
+  if (eventType === "push") {
+    if (!isRawWebhookPushEvent(raw)) {
+      return {
+        valid: false,
+        error: "Invalid push payload"
+      };
+    }
+    return {
+      valid: true,
+      payload: transformPushEvent(raw)
+    };
+  }
+  const fallbackPayload = { type: eventType, raw };
+  return {
+    valid: true,
+    payload: fallbackPayload
+  };
+}
+function transformPushEvent(raw) {
+  return {
+    type: "push",
+    repository: {
+      id: raw.repository.id,
+      url: raw.repository.url
+    },
+    ref: raw.ref,
+    before: raw.before,
+    after: raw.after,
+    customerId: raw.customer_id,
+    pushedAt: new Date(raw.pushed_at),
+    rawPushedAt: raw.pushed_at
   };
 }
+function isRawWebhookPushEvent(value) {
+  if (!isRecord(value)) {
+    return false;
+  }
+  if (!isRecord(value.repository)) {
+    return false;
+  }
+  return typeof value.repository.id === "string" && typeof value.repository.url === "string" && typeof value.ref === "string" && typeof value.before === "string" && typeof value.after === "string" && typeof value.customer_id === "string" && typeof value.pushed_at === "string";
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
 // src/index.ts
-var API_BASE_URL = "https://api.git.storage";
-var STORAGE_BASE_URL = "git.storage";
+var API_BASE_URL = "https://api.code.storage";
+var STORAGE_BASE_URL = "code.storage";
 var API_VERSION = 1;
 var apiInstanceMap = /* @__PURE__ */ new Map();
+var DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;
+var RESET_COMMIT_ALLOWED_STATUS = [
+  400,
+  // Bad Request - validation errors
+  401,
+  // Unauthorized - missing/invalid auth header
+  403,
+  // Forbidden - missing git:write scope
+  404,
+  // Not Found - repo lookup failures
+  408,
+  // Request Timeout - client cancelled
+  409,
+  // Conflict - concurrent ref updates
+  412,
+  // Precondition Failed - optimistic concurrency
+  422,
+  // Unprocessable Entity - metadata issues
+  429,
+  // Too Many Requests - upstream throttling
+  499,
+  // Client Closed Request - storage cancellation
+  500,
+  // Internal Server Error - generic failure
+  502,
+  // Bad Gateway - storage/gateway bridge issues
+  503,
+  // Service Unavailable - storage selection failures
+  504
+  // Gateway Timeout - long-running storage operations
+];
+function resolveInvocationTtlSeconds(options, defaultValue = DEFAULT_TOKEN_TTL_SECONDS) {
+  if (typeof options?.ttl === "number" && options.ttl > 0) {
+    return options.ttl;
+  }
+  return defaultValue;
+}
+function toRefUpdate2(result) {
+  return {
+    branch: result.branch,
+    oldSha: result.old_sha,
+    newSha: result.new_sha
+  };
+}
+function buildResetCommitResult(ack) {
+  const refUpdate = toRefUpdate2(ack.result);
+  if (!ack.result.success) {
+    throw new RefUpdateError(
+      ack.result.message ?? `Reset commit failed with status ${ack.result.status}`,
+      {
+        status: ack.result.status,
+        message: ack.result.message,
+        refUpdate
+      }
+    );
+  }
+  return {
+    commitSha: ack.commit.commit_sha,
+    treeSha: ack.commit.tree_sha,
+    targetBranch: ack.commit.target_branch,
+    packBytes: ack.commit.pack_bytes,
+    refUpdate
+  };
+}
+function toPartialRefUpdate(branch, oldSha, newSha) {
+  const refUpdate = {};
+  if (typeof branch === "string" && branch.trim() !== "") {
+    refUpdate.branch = branch;
+  }
+  if (typeof oldSha === "string" && oldSha.trim() !== "") {
+    refUpdate.oldSha = oldSha;
+  }
+  if (typeof newSha === "string" && newSha.trim() !== "") {
+    refUpdate.newSha = newSha;
+  }
+  return Object.keys(refUpdate).length > 0 ? refUpdate : void 0;
+}
+function parseResetCommitPayload(payload) {
+  const ack = resetCommitAckSchema.safeParse(payload);
+  if (ack.success) {
+    return { ack: ack.data };
+  }
+  const failure = resetCommitResponseSchema.safeParse(payload);
+  if (failure.success) {
+    const result = failure.data.result;
+    return {
+      failure: {
+        status: result.status,
+        message: result.message,
+        refUpdate: toPartialRefUpdate(result.branch, result.old_sha, result.new_sha)
+      }
+    };
+  }
+  return null;
+}
+function httpStatusToResetStatus(status) {
+  switch (status) {
+    case 409:
+      return "conflict";
+    case 412:
+      return "precondition_failed";
+    default:
+      return `${status}`;
+  }
+}
 function getApiInstance(baseUrl, version) {
   if (!apiInstanceMap.has(`${baseUrl}--${version}`)) {
     apiInstanceMap.set(`${baseUrl}--${version}`, new ApiFetcher(baseUrl, version));
   }
   return apiInstanceMap.get(`${baseUrl}--${version}`);
 }
+function transformBranchInfo(raw) {
+  return {
+    cursor: raw.cursor,
+    name: raw.name,
+    headSha: raw.head_sha,
+    createdAt: raw.created_at
+  };
+}
+function transformListBranchesResult(raw) {
+  return {
+    branches: raw.branches.map(transformBranchInfo),
+    nextCursor: raw.next_cursor ?? void 0,
+    hasMore: raw.has_more
+  };
+}
+function transformCommitInfo(raw) {
+  const parsedDate = new Date(raw.date);
+  return {
+    sha: raw.sha,
+    message: raw.message,
+    authorName: raw.author_name,
+    authorEmail: raw.author_email,
+    committerName: raw.committer_name,
+    committerEmail: raw.committer_email,
+    date: parsedDate,
+    rawDate: raw.date
+  };
+}
+function transformListCommitsResult(raw) {
+  return {
+    commits: raw.commits.map(transformCommitInfo),
+    nextCursor: raw.next_cursor ?? void 0,
+    hasMore: raw.has_more
+  };
+}
+function normalizeDiffState(rawState) {
+  if (!rawState) {
+    return "unknown";
+  }
+  const leading = rawState.trim()[0]?.toUpperCase();
+  switch (leading) {
+    case "A":
+      return "added";
+    case "M":
+      return "modified";
+    case "D":
+      return "deleted";
+    case "R":
+      return "renamed";
+    case "C":
+      return "copied";
+    case "T":
+      return "type_changed";
+    case "U":
+      return "unmerged";
+    default:
+      return "unknown";
+  }
+}
+function transformFileDiff(raw) {
+  const normalizedState = normalizeDiffState(raw.state);
+  return {
+    path: raw.path,
+    state: normalizedState,
+    rawState: raw.state,
+    oldPath: raw.old_path ?? void 0,
+    raw: raw.raw,
+    bytes: raw.bytes,
+    isEof: raw.is_eof
+  };
+}
+function transformFilteredFile(raw) {
+  const normalizedState = normalizeDiffState(raw.state);
+  return {
+    path: raw.path,
+    state: normalizedState,
+    rawState: raw.state,
+    oldPath: raw.old_path ?? void 0,
+    bytes: raw.bytes,
+    isEof: raw.is_eof
+  };
+}
+function transformBranchDiffResult(raw) {
+  return {
+    branch: raw.branch,
+    base: raw.base,
+    stats: raw.stats,
+    files: raw.files.map(transformFileDiff),
+    filteredFiles: raw.filtered_files.map(transformFilteredFile)
+  };
+}
+function transformCommitDiffResult(raw) {
+  return {
+    sha: raw.sha,
+    stats: raw.stats,
+    files: raw.files.map(transformFileDiff),
+    filteredFiles: raw.filtered_files.map(transformFilteredFile)
+  };
+}
 var RepoImpl = class {
   constructor(id, options, generateJWT) {
     this.id = id;
@@ -261,10 +1202,10 @@ var RepoImpl = class {
     return url.toString();
   }
   async getFileStream(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = {
       path: options.path
@@ -275,39 +1216,46 @@ var RepoImpl = class {
     return this.api.get({ path: "repos/file", params }, jwt);
   }
   async listFiles(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = options?.ref ? { ref: options.ref } : void 0;
     const response = await this.api.get({ path: "repos/files", params }, jwt);
-    return await response.json();
+    const raw = listFilesResponseSchema.parse(await response.json());
+    return { paths: raw.paths, ref: raw.ref };
   }
   async listBranches(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
+    const cursor = options?.cursor;
+    const limit = options?.limit;
     let params;
-    if (options?.cursor || !options?.limit) {
+    if (typeof cursor === "string" || typeof limit === "number") {
       params = {};
-      if (options?.cursor) {
-        params.cursor = options.cursor;
+      if (typeof cursor === "string") {
+        params.cursor = cursor;
       }
-      if (typeof options?.limit == "number") {
-        params.limit = options.limit.toString();
+      if (typeof limit === "number") {
+        params.limit = limit.toString();
       }
     }
     const response = await this.api.get({ path: "repos/branches", params }, jwt);
-    return await response.json();
+    const raw = listBranchesResponseSchema.parse(await response.json());
+    return transformListBranchesResult({
+      ...raw,
+      next_cursor: raw.next_cursor ?? void 0
+    });
   }
   async listCommits(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     let params;
     if (options?.branch || options?.cursor || options?.limit) {
@@ -323,13 +1271,17 @@ var RepoImpl = class {
       }
     }
     const response = await this.api.get({ path: "repos/commits", params }, jwt);
-    return await response.json();
+    const raw = listCommitsResponseSchema.parse(await response.json());
+    return transformListCommitsResult({
+      ...raw,
+      next_cursor: raw.next_cursor ?? void 0
+    });
   }
   async getBranchDiff(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = {
       branch: options.branch
@@ -338,38 +1290,27 @@ var RepoImpl = class {
       params.base = options.base;
     }
     const response = await this.api.get({ path: "repos/branches/diff", params }, jwt);
-    return await response.json();
+    const raw = branchDiffResponseSchema.parse(await response.json());
+    return transformBranchDiffResult(raw);
   }
   async getCommitDiff(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = {
       sha: options.sha
     };
     const response = await this.api.get({ path: "repos/diff", params }, jwt);
-    return await response.json();
-  }
-  async getCommit(options) {
-    const jwt = await this.generateJWT(this.id, {
-      permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
-    });
-    const params = {
-      repo: this.id,
-      sha: options.sha
-    };
-    const response = await this.api.get({ path: "commit", params }, jwt);
-    return await response.json();
+    const raw = commitDiffResponseSchema.parse(await response.json());
+    return transformCommitDiffResult(raw);
   }
   async pullUpstream(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:write"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const body = {};
     if (options.ref) {
@@ -381,6 +1322,90 @@ var RepoImpl = class {
     }
     return;
   }
+  async resetCommit(options) {
+    const targetBranch = options?.targetBranch?.trim();
+    if (!targetBranch) {
+      throw new Error("resetCommit targetBranch is required");
+    }
+    if (targetBranch.startsWith("refs/")) {
+      throw new Error("resetCommit targetBranch must not include refs/ prefix");
+    }
+    const targetCommitSha = options?.targetCommitSha?.trim();
+    if (!targetCommitSha) {
+      throw new Error("resetCommit targetCommitSha is required");
+    }
+    const commitMessage = options?.commitMessage?.trim();
+    const authorName = options.author?.name?.trim();
+    const authorEmail = options.author?.email?.trim();
+    if (!authorName || !authorEmail) {
+      throw new Error("resetCommit author name and email are required");
+    }
+    const ttl = resolveCommitTtlSeconds(options);
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:write"],
+      ttl
+    });
+    const metadata = {
+      target_branch: targetBranch,
+      target_commit_sha: targetCommitSha,
+      author: {
+        name: authorName,
+        email: authorEmail
+      }
+    };
+    if (commitMessage) {
+      metadata.commit_message = commitMessage;
+    }
+    const expectedHeadSha = options.expectedHeadSha?.trim();
+    if (expectedHeadSha) {
+      metadata.expected_head_sha = expectedHeadSha;
+    }
+    if (options.committer) {
+      const committerName = options.committer.name?.trim();
+      const committerEmail = options.committer.email?.trim();
+      if (!committerName || !committerEmail) {
+        throw new Error("resetCommit committer name and email are required when provided");
+      }
+      metadata.committer = {
+        name: committerName,
+        email: committerEmail
+      };
+    }
+    const response = await this.api.post({ path: "repos/reset-commits", body: { metadata } }, jwt, {
+      allowedStatus: [...RESET_COMMIT_ALLOWED_STATUS]
+    });
+    const payload = await response.json();
+    const parsed = parseResetCommitPayload(payload);
+    if (parsed && "ack" in parsed) {
+      return buildResetCommitResult(parsed.ack);
+    }
+    const failure = parsed && "failure" in parsed ? parsed.failure : void 0;
+    const status = failure?.status ?? httpStatusToResetStatus(response.status);
+    const message = failure?.message ?? `Reset commit failed with HTTP ${response.status}` + (response.statusText ? ` ${response.statusText}` : "");
+    throw new RefUpdateError(message, {
+      status,
+      refUpdate: failure?.refUpdate
+    });
+  }
+  createCommit(options) {
+    const version = this.options.apiVersion ?? API_VERSION;
+    const baseUrl = this.options.apiBaseUrl ?? API_BASE_URL;
+    const transport = new FetchCommitTransport({ baseUrl, version });
+    const ttl = resolveCommitTtlSeconds(options);
+    const builderOptions = {
+      ...options,
+      ttl
+    };
+    const getAuthToken = () => this.generateJWT(this.id, {
+      permissions: ["git:write"],
+      ttl
+    });
+    return createCommitBuilder({
+      options: builderOptions,
+      getAuthToken,
+      transport
+    });
+  }
 };
 var GitStorage = class _GitStorage {
   static overrides = {};
@@ -401,13 +1426,15 @@ var GitStorage = class _GitStorage {
     const resolvedApiBaseUrl = options.apiBaseUrl ?? _GitStorage.overrides.apiBaseUrl ?? API_BASE_URL;
     const resolvedApiVersion = options.apiVersion ?? _GitStorage.overrides.apiVersion ?? API_VERSION;
     const resolvedStorageBaseUrl = options.storageBaseUrl ?? _GitStorage.overrides.storageBaseUrl ?? STORAGE_BASE_URL;
+    const resolvedDefaultTtl = options.defaultTTL ?? _GitStorage.overrides.defaultTTL;
     this.api = getApiInstance(resolvedApiBaseUrl, resolvedApiVersion);
     this.options = {
       key: options.key,
       name: options.name,
       apiBaseUrl: resolvedApiBaseUrl,
       apiVersion: resolvedApiVersion,
-      storageBaseUrl: resolvedStorageBaseUrl
+      storageBaseUrl: resolvedStorageBaseUrl,
+      defaultTTL: resolvedDefaultTtl
     };
   }
   static override(options) {
@@ -419,10 +1446,10 @@ var GitStorage = class _GitStorage {
    */
   async createRepo(options) {
     const repoId = options?.id || crypto.randomUUID();
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(repoId, {
       permissions: ["repo:write"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const baseRepoOptions = options?.baseRepo ? {
       provider: "github",
@@ -450,7 +1477,7 @@ var GitStorage = class _GitStorage {
   async findOne(options) {
     const jwt = await this.generateJWT(options.id, {
       permissions: ["git:read"],
-      ttl: 1 * 60 * 60
+      ttl: DEFAULT_TOKEN_TTL_SECONDS
     });
     const resp = await this.api.get("repo", jwt, { allowedStatus: [404] });
     if (resp.status === 404) {
@@ -471,7 +1498,7 @@ var GitStorage = class _GitStorage {
    */
   async generateJWT(repoId, options) {
     const permissions = options?.permissions || ["git:write", "git:read"];
-    const ttl = options?.ttl || 365 * 24 * 60 * 60;
+    const ttl = resolveInvocationTtlSeconds(options, this.options.defaultTTL ?? 365 * 24 * 60 * 60);
     const now = Math.floor(Date.now() / 1e3);
     const payload = {
       iss: this.options.name,
@@ -490,6 +1517,6 @@ function createClient(options) {
   return new GitStorage(options);
 }
-export { GitStorage, createClient, parseSignatureHeader, validateWebhook, validateWebhookSignature };
+export { ApiError, GitStorage, RefUpdateError, createClient, parseSignatureHeader, validateWebhook, validateWebhookSignature };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map