@pierre/storage 0.0.11 → 0.1.1

package/dist/index.cjs

@@ -2,6 +2,7 @@
 
 var jose = require('jose');
 var snakecaseKeys = require('snakecase-keys');
+var zod = require('zod');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -9,6 +10,150 @@ var snakecaseKeys__default = /*#__PURE__*/_interopDefault(snakecaseKeys);
 
 // src/index.ts
 
+// src/errors.ts
+var RefUpdateError = class extends Error {
+  status;
+  reason;
+  refUpdate;
+  constructor(message, options) {
+    super(message);
+    this.name = "RefUpdateError";
+    this.status = options.status;
+    this.reason = options.reason ?? inferRefUpdateReason(options.status);
+    this.refUpdate = options.refUpdate;
+  }
+};
+var REF_REASON_MAP = {
+  precondition_failed: "precondition_failed",
+  conflict: "conflict",
+  not_found: "not_found",
+  invalid: "invalid",
+  timeout: "timeout",
+  unauthorized: "unauthorized",
+  forbidden: "forbidden",
+  unavailable: "unavailable",
+  internal: "internal",
+  failed: "failed",
+  ok: "unknown"
+};
+function inferRefUpdateReason(status) {
+  if (!status) {
+    return "unknown";
+  }
+  const trimmed = status.trim();
+  if (trimmed === "") {
+    return "unknown";
+  }
+  const label = trimmed.toLowerCase();
+  return REF_REASON_MAP[label] ?? "unknown";
+}
+var listFilesResponseSchema = zod.z.object({
+  paths: zod.z.array(zod.z.string()),
+  ref: zod.z.string()
+});
+var branchInfoSchema = zod.z.object({
+  cursor: zod.z.string(),
+  name: zod.z.string(),
+  head_sha: zod.z.string(),
+  created_at: zod.z.string()
+});
+var listBranchesResponseSchema = zod.z.object({
+  branches: zod.z.array(branchInfoSchema),
+  next_cursor: zod.z.string().nullable().optional(),
+  has_more: zod.z.boolean()
+});
+var commitInfoRawSchema = zod.z.object({
+  sha: zod.z.string(),
+  message: zod.z.string(),
+  author_name: zod.z.string(),
+  author_email: zod.z.string(),
+  committer_name: zod.z.string(),
+  committer_email: zod.z.string(),
+  date: zod.z.string()
+});
+var listCommitsResponseSchema = zod.z.object({
+  commits: zod.z.array(commitInfoRawSchema),
+  next_cursor: zod.z.string().nullable().optional(),
+  has_more: zod.z.boolean()
+});
+var diffStatsSchema = zod.z.object({
+  files: zod.z.number(),
+  additions: zod.z.number(),
+  deletions: zod.z.number(),
+  changes: zod.z.number()
+});
+var diffFileRawSchema = zod.z.object({
+  path: zod.z.string(),
+  state: zod.z.string(),
+  old_path: zod.z.string().nullable().optional(),
+  raw: zod.z.string(),
+  bytes: zod.z.number(),
+  is_eof: zod.z.boolean()
+});
+var filteredFileRawSchema = zod.z.object({
+  path: zod.z.string(),
+  state: zod.z.string(),
+  old_path: zod.z.string().nullable().optional(),
+  bytes: zod.z.number(),
+  is_eof: zod.z.boolean()
+});
+var branchDiffResponseSchema = zod.z.object({
+  branch: zod.z.string(),
+  base: zod.z.string(),
+  stats: diffStatsSchema,
+  files: zod.z.array(diffFileRawSchema),
+  filtered_files: zod.z.array(filteredFileRawSchema)
+});
+var commitDiffResponseSchema = zod.z.object({
+  sha: zod.z.string(),
+  stats: diffStatsSchema,
+  files: zod.z.array(diffFileRawSchema),
+  filtered_files: zod.z.array(filteredFileRawSchema)
+});
+var refUpdateResultSchema = zod.z.object({
+  branch: zod.z.string(),
+  old_sha: zod.z.string(),
+  new_sha: zod.z.string(),
+  success: zod.z.boolean(),
+  status: zod.z.string(),
+  message: zod.z.string().optional()
+});
+var commitPackCommitSchema = zod.z.object({
+  commit_sha: zod.z.string(),
+  tree_sha: zod.z.string(),
+  target_branch: zod.z.string(),
+  pack_bytes: zod.z.number(),
+  blob_count: zod.z.number()
+});
+var restoreCommitCommitSchema = commitPackCommitSchema.omit({ blob_count: true });
+var refUpdateResultWithOptionalsSchema = zod.z.object({
+  branch: zod.z.string().optional(),
+  old_sha: zod.z.string().optional(),
+  new_sha: zod.z.string().optional(),
+  success: zod.z.boolean().optional(),
+  status: zod.z.string(),
+  message: zod.z.string().optional()
+});
+var commitPackAckSchema = zod.z.object({
+  commit: commitPackCommitSchema,
+  result: refUpdateResultSchema
+});
+var restoreCommitAckSchema = zod.z.object({
+  commit: restoreCommitCommitSchema,
+  result: refUpdateResultSchema.extend({ success: zod.z.literal(true) })
+});
+var commitPackResponseSchema = zod.z.object({
+  commit: commitPackCommitSchema.partial().optional().nullable(),
+  result: refUpdateResultWithOptionalsSchema
+});
+var restoreCommitResponseSchema = zod.z.object({
+  commit: restoreCommitCommitSchema.partial().optional().nullable(),
+  result: refUpdateResultWithOptionalsSchema
+});
+var errorEnvelopeSchema = zod.z.object({
+  error: zod.z.string()
+});
+
 // src/commit.ts
 var MAX_CHUNK_BYTES = 4 * 1024 * 1024;
 var DEFAULT_TTL_SECONDS = 60 * 60;
@@ -23,18 +168,30 @@ var CommitBuilderImpl = class {
     this.options = { ...deps.options };
     this.getAuthToken = deps.getAuthToken;
     this.transport = deps.transport;
-    const trimmedTarget = this.options.targetRef?.trim();
+    const trimmedTarget = this.options.targetBranch?.trim();
     const trimmedMessage = this.options.commitMessage?.trim();
+    const trimmedAuthorName = this.options.author?.name?.trim();
+    const trimmedAuthorEmail = this.options.author?.email?.trim();
     if (!trimmedTarget) {
-      throw new Error("createCommit targetRef is required");
+      throw new Error("createCommit targetBranch is required");
+    }
+    if (trimmedTarget.startsWith("refs/")) {
+      throw new Error("createCommit targetBranch must not include refs/ prefix");
     }
     if (!trimmedMessage) {
       throw new Error("createCommit commitMessage is required");
     }
-    this.options.targetRef = trimmedTarget;
+    if (!trimmedAuthorName || !trimmedAuthorEmail) {
+      throw new Error("createCommit author name and email are required");
+    }
+    this.options.targetBranch = trimmedTarget;
     this.options.commitMessage = trimmedMessage;
-    if (typeof this.options.baseRef === "string") {
-      this.options.baseRef = this.options.baseRef.trim();
+    this.options.author = {
+      name: trimmedAuthorName,
+      email: trimmedAuthorEmail
+    };
+    if (typeof this.options.expectedHeadSha === "string") {
+      this.options.expectedHeadSha = this.options.expectedHeadSha.trim();
     }
   }
   addFile(path, source, options) {
@@ -52,11 +209,21 @@ var CommitBuilderImpl = class {
     return this;
   }
   addFileFromString(path, contents, options) {
-    const encoding = options?.encoding;
-    if (encoding && encoding !== "utf8" && encoding !== "utf-8") {
-      throw new Error(`Unsupported encoding "${encoding}". Only UTF-8 is supported.`);
+    const encoding = options?.encoding ?? "utf8";
+    const normalizedEncoding = encoding === "utf-8" ? "utf8" : encoding;
+    let data;
+    if (normalizedEncoding === "utf8") {
+      data = new TextEncoder().encode(contents);
+    } else if (BufferCtor) {
+      data = BufferCtor.from(
+        contents,
+        normalizedEncoding
+      );
+    } else {
+      throw new Error(
+        `Unsupported encoding "${encoding}" in this environment. Non-UTF encodings require Node.js Buffer support.`
+      );
     }
-    const data = new TextEncoder().encode(contents);
     return this.addFile(path, data, options);
   }
   deletePath(path) {
@@ -78,12 +245,13 @@ var CommitBuilderImpl = class {
       chunks: chunkify(op.streamFactory())
     }));
     const authorization = await this.getAuthToken();
-    return this.transport.send({
+    const ack = await this.transport.send({
       authorization,
       signal: this.options.signal,
       metadata,
       blobs: blobEntries
     });
+    return buildCommitResult(ack);
   }
   buildMetadata() {
     const files = this.operations.map((op) => {
@@ -98,18 +266,22 @@ var CommitBuilderImpl = class {
       return entry;
     });
     const metadata = {
-      target_ref: this.options.targetRef,
+      target_branch: this.options.targetBranch,
       commit_message: this.options.commitMessage,
+      author: {
+        name: this.options.author.name,
+        email: this.options.author.email
+      },
       files
     };
-    if (this.options.baseRef) {
-      metadata.base_ref = this.options.baseRef;
-    }
-    if (this.options.author) {
-      metadata.author = { ...this.options.author };
+    if (this.options.expectedHeadSha) {
+      metadata.expected_head_sha = this.options.expectedHeadSha;
     }
     if (this.options.committer) {
-      metadata.committer = { ...this.options.committer };
+      metadata.committer = {
+        name: this.options.committer.name,
+        email: this.options.committer.email
+      };
     }
     return metadata;
   }
@@ -145,10 +317,15 @@ var FetchCommitTransport = class {
       signal: request.signal
     });
     if (!response.ok) {
-      const text = await response.text();
-      throw new Error(`createCommit request failed (${response.status}): ${text}`);
+      const { statusMessage, statusLabel, refUpdate } = await parseCommitPackError(response);
+      throw new RefUpdateError(statusMessage, {
+        status: statusLabel,
+        message: statusMessage,
+        refUpdate
+      });
     }
-    return await response.json();
+    const ack = commitPackAckSchema.parse(await response.json());
+    return ack;
   }
 };
 function toRequestBody(iterable) {
@@ -195,6 +372,34 @@ function buildMessageIterable(metadata, blobs) {
     }
   };
 }
+function buildCommitResult(ack) {
+  const refUpdate = toRefUpdate(ack.result);
+  if (!ack.result.success) {
+    throw new RefUpdateError(
+      ack.result.message ?? `Commit failed with status ${ack.result.status}`,
+      {
+        status: ack.result.status,
+        message: ack.result.message,
+        refUpdate
+      }
+    );
+  }
+  return {
+    commitSha: ack.commit.commit_sha,
+    treeSha: ack.commit.tree_sha,
+    targetBranch: ack.commit.target_branch,
+    packBytes: ack.commit.pack_bytes,
+    blobCount: ack.commit.blob_count,
+    refUpdate
+  };
+}
+function toRefUpdate(result) {
+  return {
+    branch: result.branch,
+    oldSha: result.old_sha,
+    newSha: result.new_sha
+  };
+}
 async function* chunkify(source) {
   let pending = null;
   let produced = false;
@@ -254,6 +459,10 @@ async function* toAsyncIterable(source) {
       return;
     }
   }
+  if (isReadableStreamLike(source)) {
+    yield* readReadableStream(source);
+    return;
+  }
   if (isAsyncIterable(source)) {
     for await (const chunk of source) {
       yield ensureUint8Array(chunk);
@@ -352,15 +561,104 @@ function createCommitBuilder(deps) {
   return new CommitBuilderImpl(deps);
 }
 function resolveCommitTtlSeconds(options) {
-  return typeof options?.ttl === "number" && options.ttl > 0 ? options.ttl : DEFAULT_TTL_SECONDS;
+  if (typeof options?.ttl === "number" && options.ttl > 0) {
+    return options.ttl;
+  }
+  return DEFAULT_TTL_SECONDS;
+}
+async function parseCommitPackError(response) {
+  const fallbackMessage = `createCommit request failed (${response.status} ${response.statusText})`;
+  const cloned = response.clone();
+  let jsonBody;
+  try {
+    jsonBody = await cloned.json();
+  } catch {
+    jsonBody = void 0;
+  }
+  let textBody;
+  if (jsonBody === void 0) {
+    try {
+      textBody = await response.text();
+    } catch {
+      textBody = void 0;
+    }
+  }
+  const defaultStatus = (() => {
+    const inferred = inferRefUpdateReason(String(response.status));
+    return inferred === "unknown" ? "failed" : inferred;
+  })();
+  let statusLabel = defaultStatus;
+  let refUpdate;
+  let message;
+  if (jsonBody !== void 0) {
+    const parsedResponse = commitPackResponseSchema.safeParse(jsonBody);
+    if (parsedResponse.success) {
+      const result = parsedResponse.data.result;
+      if (typeof result.status === "string" && result.status.trim() !== "") {
+        statusLabel = result.status.trim();
+      }
+      refUpdate = toPartialRefUpdateFields(result.branch, result.old_sha, result.new_sha);
+      if (typeof result.message === "string" && result.message.trim() !== "") {
+        message = result.message.trim();
+      }
+    }
+    if (!message) {
+      const parsedError = errorEnvelopeSchema.safeParse(jsonBody);
+      if (parsedError.success) {
+        const trimmed = parsedError.data.error.trim();
+        if (trimmed) {
+          message = trimmed;
+        }
+      }
+    }
+  }
+  if (!message && typeof jsonBody === "string" && jsonBody.trim() !== "") {
+    message = jsonBody.trim();
+  }
+  if (!message && textBody && textBody.trim() !== "") {
+    message = textBody.trim();
+  }
+  return {
+    statusMessage: message ?? fallbackMessage,
+    statusLabel,
+    refUpdate
+  };
+}
+function toPartialRefUpdateFields(branch, oldSha, newSha) {
+  const refUpdate = {};
+  if (typeof branch === "string" && branch.trim() !== "") {
+    refUpdate.branch = branch.trim();
+  }
+  if (typeof oldSha === "string" && oldSha.trim() !== "") {
+    refUpdate.oldSha = oldSha.trim();
+  }
+  if (typeof newSha === "string" && newSha.trim() !== "") {
+    refUpdate.newSha = newSha.trim();
+  }
+  return Object.keys(refUpdate).length > 0 ? refUpdate : void 0;
 }
 
 // src/fetch.ts
+var ApiError = class extends Error {
+  status;
+  statusText;
+  method;
+  url;
+  body;
+  constructor(params) {
+    super(params.message);
+    this.name = "ApiError";
+    this.status = params.status;
+    this.statusText = params.statusText;
+    this.method = params.method;
+    this.url = params.url;
+    this.body = params.body;
+  }
+};
 var ApiFetcher = class {
   constructor(API_BASE_URL2, version) {
     this.API_BASE_URL = API_BASE_URL2;
     this.version = version;
-    console.log("api fetcher created", API_BASE_URL2, version);
   }
   getBaseUrl() {
     return `${this.API_BASE_URL}/api/v${this.version}`;
@@ -390,9 +688,48 @@ var ApiFetcher = class {
     const response = await fetch(requestUrl, requestOptions);
     if (!response.ok) {
       const allowed = options?.allowedStatus ?? [];
-      if (!allowed.includes(response.status)) {
-        throw new Error(`Failed to fetch ${method} ${requestUrl}: ${response.statusText}`);
+      if (allowed.includes(response.status)) {
+        return response;
+      }
+      let errorBody;
+      let message;
+      const contentType = response.headers.get("content-type") ?? "";
+      try {
+        if (contentType.includes("application/json")) {
+          errorBody = await response.json();
+        } else {
+          const text = await response.text();
+          errorBody = text;
+        }
+      } catch {
+        try {
+          errorBody = await response.text();
+        } catch {
+          errorBody = void 0;
+        }
+      }
+      if (typeof errorBody === "string") {
+        const trimmed = errorBody.trim();
+        if (trimmed) {
+          message = trimmed;
+        }
+      } else if (errorBody && typeof errorBody === "object") {
+        const parsedError = errorEnvelopeSchema.safeParse(errorBody);
+        if (parsedError.success) {
+          const trimmed = parsedError.data.error.trim();
+          if (trimmed) {
+            message = trimmed;
+          }
+        }
       }
+      throw new ApiError({
+        message: message ?? `Request ${method} ${requestUrl} failed with status ${response.status} ${response.statusText}`,
+        status: response.status,
+        statusText: response.statusText,
+        method,
+        url: requestUrl,
+        body: errorBody
+      });
     }
     return response;
   }
@@ -565,9 +902,9 @@ async function validateWebhook(payload, headers, secret, options = {}) {
     return validationResult;
   }
   const payloadStr = typeof payload === "string" ? payload : payload.toString("utf8");
-  let parsedPayload;
+  let parsedJson;
   try {
-    parsedPayload = JSON.parse(payloadStr);
+    parsedJson = JSON.parse(payloadStr);
   } catch {
     return {
       valid: false,
@@ -575,25 +912,283 @@ async function validateWebhook(payload, headers, secret, options = {}) {
       timestamp: validationResult.timestamp
     };
   }
+  const conversion = convertWebhookPayload(String(eventType), parsedJson);
+  if (!conversion.valid) {
+    return {
+      valid: false,
+      error: conversion.error,
+      timestamp: validationResult.timestamp
+    };
+  }
   return {
     valid: true,
     eventType,
     timestamp: validationResult.timestamp,
-    payload: parsedPayload
+    payload: conversion.payload
+  };
+}
+function convertWebhookPayload(eventType, raw) {
+  if (eventType === "push") {
+    if (!isRawWebhookPushEvent(raw)) {
+      return {
+        valid: false,
+        error: "Invalid push payload"
+      };
+    }
+    return {
+      valid: true,
+      payload: transformPushEvent(raw)
+    };
+  }
+  const fallbackPayload = { type: eventType, raw };
+  return {
+    valid: true,
+    payload: fallbackPayload
+  };
+}
+function transformPushEvent(raw) {
+  return {
+    type: "push",
+    repository: {
+      id: raw.repository.id,
+      url: raw.repository.url
+    },
+    ref: raw.ref,
+    before: raw.before,
+    after: raw.after,
+    customerId: raw.customer_id,
+    pushedAt: new Date(raw.pushed_at),
+    rawPushedAt: raw.pushed_at
   };
 }
+function isRawWebhookPushEvent(value) {
+  if (!isRecord(value)) {
+    return false;
+  }
+  if (!isRecord(value.repository)) {
+    return false;
+  }
+  return typeof value.repository.id === "string" && typeof value.repository.url === "string" && typeof value.ref === "string" && typeof value.before === "string" && typeof value.after === "string" && typeof value.customer_id === "string" && typeof value.pushed_at === "string";
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
 
 // src/index.ts
 var API_BASE_URL = "https://api.code.storage";
 var STORAGE_BASE_URL = "code.storage";
 var API_VERSION = 1;
 var apiInstanceMap = /* @__PURE__ */ new Map();
+var DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;
+var RESTORE_COMMIT_ALLOWED_STATUS = [
+  400,
+  // Bad Request - validation errors
+  401,
+  // Unauthorized - missing/invalid auth header
+  403,
+  // Forbidden - missing git:write scope
+  404,
+  // Not Found - repo lookup failures
+  408,
+  // Request Timeout - client cancelled
+  409,
+  // Conflict - concurrent ref updates
+  412,
+  // Precondition Failed - optimistic concurrency
+  422,
+  // Unprocessable Entity - metadata issues
+  429,
+  // Too Many Requests - upstream throttling
+  499,
+  // Client Closed Request - storage cancellation
+  500,
+  // Internal Server Error - generic failure
+  502,
+  // Bad Gateway - storage/gateway bridge issues
+  503,
+  // Service Unavailable - storage selection failures
+  504
+  // Gateway Timeout - long-running storage operations
+];
+function resolveInvocationTtlSeconds(options, defaultValue = DEFAULT_TOKEN_TTL_SECONDS) {
+  if (typeof options?.ttl === "number" && options.ttl > 0) {
+    return options.ttl;
+  }
+  return defaultValue;
+}
+function toRefUpdate2(result) {
+  return {
+    branch: result.branch,
+    oldSha: result.old_sha,
+    newSha: result.new_sha
+  };
+}
+function buildRestoreCommitResult(ack) {
+  const refUpdate = toRefUpdate2(ack.result);
+  if (!ack.result.success) {
+    throw new RefUpdateError(
+      ack.result.message ?? `Restore commit failed with status ${ack.result.status}`,
+      {
+        status: ack.result.status,
+        message: ack.result.message,
+        refUpdate
+      }
+    );
+  }
+  return {
+    commitSha: ack.commit.commit_sha,
+    treeSha: ack.commit.tree_sha,
+    targetBranch: ack.commit.target_branch,
+    packBytes: ack.commit.pack_bytes,
+    refUpdate
+  };
+}
+function toPartialRefUpdate(branch, oldSha, newSha) {
+  const refUpdate = {};
+  if (typeof branch === "string" && branch.trim() !== "") {
+    refUpdate.branch = branch;
+  }
+  if (typeof oldSha === "string" && oldSha.trim() !== "") {
+    refUpdate.oldSha = oldSha;
+  }
+  if (typeof newSha === "string" && newSha.trim() !== "") {
+    refUpdate.newSha = newSha;
+  }
+  return Object.keys(refUpdate).length > 0 ? refUpdate : void 0;
+}
+function parseRestoreCommitPayload(payload) {
+  const ack = restoreCommitAckSchema.safeParse(payload);
+  if (ack.success) {
+    return { ack: ack.data };
+  }
+  const failure = restoreCommitResponseSchema.safeParse(payload);
+  if (failure.success) {
+    const result = failure.data.result;
+    return {
+      failure: {
+        status: result.status,
+        message: result.message,
+        refUpdate: toPartialRefUpdate(result.branch, result.old_sha, result.new_sha)
+      }
+    };
+  }
+  return null;
+}
+function httpStatusToRestoreStatus(status) {
+  switch (status) {
+    case 409:
+      return "conflict";
+    case 412:
+      return "precondition_failed";
+    default:
+      return `${status}`;
+  }
+}
 function getApiInstance(baseUrl, version) {
   if (!apiInstanceMap.has(`${baseUrl}--${version}`)) {
     apiInstanceMap.set(`${baseUrl}--${version}`, new ApiFetcher(baseUrl, version));
   }
   return apiInstanceMap.get(`${baseUrl}--${version}`);
 }
+function transformBranchInfo(raw) {
+  return {
+    cursor: raw.cursor,
+    name: raw.name,
+    headSha: raw.head_sha,
+    createdAt: raw.created_at
+  };
+}
+function transformListBranchesResult(raw) {
+  return {
+    branches: raw.branches.map(transformBranchInfo),
+    nextCursor: raw.next_cursor ?? void 0,
+    hasMore: raw.has_more
+  };
+}
+function transformCommitInfo(raw) {
+  const parsedDate = new Date(raw.date);
+  return {
+    sha: raw.sha,
+    message: raw.message,
+    authorName: raw.author_name,
+    authorEmail: raw.author_email,
+    committerName: raw.committer_name,
+    committerEmail: raw.committer_email,
+    date: parsedDate,
+    rawDate: raw.date
+  };
+}
+function transformListCommitsResult(raw) {
+  return {
+    commits: raw.commits.map(transformCommitInfo),
+    nextCursor: raw.next_cursor ?? void 0,
+    hasMore: raw.has_more
+  };
+}
+function normalizeDiffState(rawState) {
+  if (!rawState) {
+    return "unknown";
+  }
+  const leading = rawState.trim()[0]?.toUpperCase();
+  switch (leading) {
+    case "A":
+      return "added";
+    case "M":
+      return "modified";
+    case "D":
+      return "deleted";
+    case "R":
+      return "renamed";
+    case "C":
+      return "copied";
+    case "T":
+      return "type_changed";
+    case "U":
+      return "unmerged";
+    default:
+      return "unknown";
+  }
+}
+function transformFileDiff(raw) {
+  const normalizedState = normalizeDiffState(raw.state);
+  return {
+    path: raw.path,
+    state: normalizedState,
+    rawState: raw.state,
+    oldPath: raw.old_path ?? void 0,
+    raw: raw.raw,
+    bytes: raw.bytes,
+    isEof: raw.is_eof
+  };
+}
+function transformFilteredFile(raw) {
+  const normalizedState = normalizeDiffState(raw.state);
+  return {
+    path: raw.path,
+    state: normalizedState,
+    rawState: raw.state,
+    oldPath: raw.old_path ?? void 0,
+    bytes: raw.bytes,
+    isEof: raw.is_eof
+  };
+}
+function transformBranchDiffResult(raw) {
+  return {
+    branch: raw.branch,
+    base: raw.base,
+    stats: raw.stats,
+    files: raw.files.map(transformFileDiff),
+    filteredFiles: raw.filtered_files.map(transformFilteredFile)
+  };
+}
+function transformCommitDiffResult(raw) {
+  return {
+    sha: raw.sha,
+    stats: raw.stats,
+    files: raw.files.map(transformFileDiff),
+    filteredFiles: raw.filtered_files.map(transformFilteredFile)
+  };
+}
 var RepoImpl = class {
   constructor(id, options, generateJWT) {
     this.id = id;
@@ -613,10 +1208,10 @@ var RepoImpl = class {
     return url.toString();
   }
   async getFileStream(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = {
       path: options.path
@@ -627,39 +1222,46 @@ var RepoImpl = class {
     return this.api.get({ path: "repos/file", params }, jwt);
   }
   async listFiles(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = options?.ref ? { ref: options.ref } : void 0;
     const response = await this.api.get({ path: "repos/files", params }, jwt);
-    return await response.json();
+    const raw = listFilesResponseSchema.parse(await response.json());
+    return { paths: raw.paths, ref: raw.ref };
   }
   async listBranches(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
+    const cursor = options?.cursor;
+    const limit = options?.limit;
     let params;
-    if (options?.cursor || !options?.limit) {
+    if (typeof cursor === "string" || typeof limit === "number") {
       params = {};
-      if (options?.cursor) {
-        params.cursor = options.cursor;
+      if (typeof cursor === "string") {
+        params.cursor = cursor;
       }
-      if (typeof options?.limit == "number") {
-        params.limit = options.limit.toString();
+      if (typeof limit === "number") {
+        params.limit = limit.toString();
       }
     }
     const response = await this.api.get({ path: "repos/branches", params }, jwt);
-    return await response.json();
+    const raw = listBranchesResponseSchema.parse(await response.json());
+    return transformListBranchesResult({
+      ...raw,
+      next_cursor: raw.next_cursor ?? void 0
+    });
   }
   async listCommits(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     let params;
     if (options?.branch || options?.cursor || options?.limit) {
@@ -675,13 +1277,17 @@ var RepoImpl = class {
       }
     }
     const response = await this.api.get({ path: "repos/commits", params }, jwt);
-    return await response.json();
+    const raw = listCommitsResponseSchema.parse(await response.json());
+    return transformListCommitsResult({
+      ...raw,
+      next_cursor: raw.next_cursor ?? void 0
+    });
   }
   async getBranchDiff(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = {
       branch: options.branch
@@ -690,38 +1296,27 @@ var RepoImpl = class {
       params.base = options.base;
     }
     const response = await this.api.get({ path: "repos/branches/diff", params }, jwt);
-    return await response.json();
+    const raw = branchDiffResponseSchema.parse(await response.json());
+    return transformBranchDiffResult(raw);
   }
   async getCommitDiff(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const params = {
       sha: options.sha
     };
     const response = await this.api.get({ path: "repos/diff", params }, jwt);
-    return await response.json();
-  }
-  async getCommit(options) {
-    const jwt = await this.generateJWT(this.id, {
-      permissions: ["git:read"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
-    });
-    const params = {
-      repo: this.id,
-      sha: options.sha
-    };
-    const response = await this.api.get({ path: "commit", params }, jwt);
-    return await response.json();
+    const raw = commitDiffResponseSchema.parse(await response.json());
+    return transformCommitDiffResult(raw);
   }
   async pullUpstream(options) {
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(this.id, {
       permissions: ["git:write"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const body = {};
     if (options.ref) {
@@ -733,15 +1328,83 @@ var RepoImpl = class {
     }
     return;
   }
+  async restoreCommit(options) {
+    const targetBranch = options?.targetBranch?.trim();
+    if (!targetBranch) {
+      throw new Error("restoreCommit targetBranch is required");
+    }
+    if (targetBranch.startsWith("refs/")) {
+      throw new Error("restoreCommit targetBranch must not include refs/ prefix");
+    }
+    const targetCommitSha = options?.targetCommitSha?.trim();
+    if (!targetCommitSha) {
+      throw new Error("restoreCommit targetCommitSha is required");
+    }
+    const commitMessage = options?.commitMessage?.trim();
+    const authorName = options.author?.name?.trim();
+    const authorEmail = options.author?.email?.trim();
+    if (!authorName || !authorEmail) {
+      throw new Error("restoreCommit author name and email are required");
+    }
+    const ttl = resolveCommitTtlSeconds(options);
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:write"],
+      ttl
+    });
+    const metadata = {
+      target_branch: targetBranch,
+      target_commit_sha: targetCommitSha,
+      author: {
+        name: authorName,
+        email: authorEmail
+      }
+    };
+    if (commitMessage) {
+      metadata.commit_message = commitMessage;
+    }
+    const expectedHeadSha = options.expectedHeadSha?.trim();
+    if (expectedHeadSha) {
+      metadata.expected_head_sha = expectedHeadSha;
+    }
+    if (options.committer) {
+      const committerName = options.committer.name?.trim();
+      const committerEmail = options.committer.email?.trim();
+      if (!committerName || !committerEmail) {
+        throw new Error("restoreCommit committer name and email are required when provided");
+      }
+      metadata.committer = {
+        name: committerName,
+        email: committerEmail
+      };
+    }
+    const response = await this.api.post({ path: "repos/reset-commits", body: { metadata } }, jwt, {
+      allowedStatus: [...RESTORE_COMMIT_ALLOWED_STATUS]
+    });
+    const payload = await response.json();
+    const parsed = parseRestoreCommitPayload(payload);
+    if (parsed && "ack" in parsed) {
+      return buildRestoreCommitResult(parsed.ack);
+    }
+    const failure = parsed && "failure" in parsed ? parsed.failure : void 0;
+    const status = failure?.status ?? httpStatusToRestoreStatus(response.status);
+    const message = failure?.message ?? `Restore commit failed with HTTP ${response.status}` + (response.statusText ? ` ${response.statusText}` : "");
+    throw new RefUpdateError(message, {
+      status,
+      refUpdate: failure?.refUpdate
+    });
+  }
   createCommit(options) {
     const version = this.options.apiVersion ?? API_VERSION;
     const baseUrl = this.options.apiBaseUrl ?? API_BASE_URL;
     const transport = new FetchCommitTransport({ baseUrl, version });
-    const ttlSeconds = resolveCommitTtlSeconds(options);
-    const builderOptions = { ...options, ttl: ttlSeconds };
+    const ttl = resolveCommitTtlSeconds(options);
+    const builderOptions = {
+      ...options,
+      ttl
+    };
     const getAuthToken = () => this.generateJWT(this.id, {
       permissions: ["git:write"],
-      ttl: ttlSeconds
+      ttl
     });
     return createCommitBuilder({
       options: builderOptions,
@@ -769,13 +1432,15 @@ var GitStorage = class _GitStorage {
     const resolvedApiBaseUrl = options.apiBaseUrl ?? _GitStorage.overrides.apiBaseUrl ?? API_BASE_URL;
     const resolvedApiVersion = options.apiVersion ?? _GitStorage.overrides.apiVersion ?? API_VERSION;
     const resolvedStorageBaseUrl = options.storageBaseUrl ?? _GitStorage.overrides.storageBaseUrl ?? STORAGE_BASE_URL;
+    const resolvedDefaultTtl = options.defaultTTL ?? _GitStorage.overrides.defaultTTL;
     this.api = getApiInstance(resolvedApiBaseUrl, resolvedApiVersion);
     this.options = {
       key: options.key,
       name: options.name,
       apiBaseUrl: resolvedApiBaseUrl,
       apiVersion: resolvedApiVersion,
-      storageBaseUrl: resolvedStorageBaseUrl
+      storageBaseUrl: resolvedStorageBaseUrl,
+      defaultTTL: resolvedDefaultTtl
     };
   }
   static override(options) {
@@ -787,10 +1452,10 @@ var GitStorage = class _GitStorage {
    */
   async createRepo(options) {
     const repoId = options?.id || crypto.randomUUID();
+    const ttl = resolveInvocationTtlSeconds(options, DEFAULT_TOKEN_TTL_SECONDS);
     const jwt = await this.generateJWT(repoId, {
       permissions: ["repo:write"],
-      ttl: options?.ttl ?? 1 * 60 * 60
-      // 1hr in seconds
+      ttl
     });
     const baseRepoOptions = options?.baseRepo ? {
       provider: "github",
@@ -818,7 +1483,7 @@ var GitStorage = class _GitStorage {
   async findOne(options) {
     const jwt = await this.generateJWT(options.id, {
       permissions: ["git:read"],
-      ttl: 1 * 60 * 60
+      ttl: DEFAULT_TOKEN_TTL_SECONDS
     });
     const resp = await this.api.get("repo", jwt, { allowedStatus: [404] });
     if (resp.status === 404) {
@@ -839,7 +1504,7 @@ var GitStorage = class _GitStorage {
    */
   async generateJWT(repoId, options) {
     const permissions = options?.permissions || ["git:write", "git:read"];
-    const ttl = options?.ttl || 365 * 24 * 60 * 60;
+    const ttl = resolveInvocationTtlSeconds(options, this.options.defaultTTL ?? 365 * 24 * 60 * 60);
     const now = Math.floor(Date.now() / 1e3);
     const payload = {
       iss: this.options.name,
@@ -858,7 +1523,9 @@ function createClient(options) {
   return new GitStorage(options);
 }
 
+exports.ApiError = ApiError;
 exports.GitStorage = GitStorage;
+exports.RefUpdateError = RefUpdateError;
 exports.createClient = createClient;
 exports.parseSignatureHeader = parseSignatureHeader;
 exports.validateWebhook = validateWebhook;