dbt-state-oss 0.1.0__tar.gz

dbt_state_oss-0.1.0/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

dbt_state_oss-0.1.0/PKG-INFO

@@ -0,0 +1,178 @@
+Metadata-Version: 2.4
+Name: dbt-state-oss
+Version: 0.1.0
+Summary: Self-hosted decision server for the dbt-state client, with pluggable state storage.
+Author: Pradip Sodha
+License-Expression: Apache-2.0
+Project-URL: Homepage, https://github.com/sudo-pradip/dbt-state-oss
+Project-URL: Repository, https://github.com/sudo-pradip/dbt-state-oss
+Project-URL: Issues, https://github.com/sudo-pradip/dbt-state-oss/issues
+Keywords: dbt,dbt-state,grpc,cache,state,s3,azure
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Database
+Classifier: Topic :: Software Development :: Build Tools
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: query-cache-protobuf>=1.6.0
+Requires-Dist: grpcio>=1.60.0
+Requires-Dist: protobuf>=4.0.0
+Requires-Dist: sqlglot>=27.6.1
+Provides-Extra: azure
+Requires-Dist: azure-identity; extra == "azure"
+Requires-Dist: azure-storage-blob; extra == "azure"
+Provides-Extra: s3
+Requires-Dist: boto3>=1.28; extra == "s3"
+Provides-Extra: dev
+Requires-Dist: dbt-core<2.0,>=1.9; extra == "dev"
+Requires-Dist: dbt-postgres<2.0,>=1.9; extra == "dev"
+Requires-Dist: dbt-state; extra == "dev"
+Requires-Dist: pytest; extra == "dev"
+Requires-Dist: build; extra == "dev"
+Requires-Dist: twine; extra == "dev"
+Dynamic: license-file
+
+# dbt-state-oss
+
+An open-source, self-hosted decision server for the Apache-2.0
+[`dbt-state`](https://github.com/dbt-labs/dbt-state) client, keeping the state
+store in **your own storage** (local disk, S3, or Azure Blob) instead of dbt
+Labs' hosted, metered service.
+
+## Why
+
+`dbt-state` skips redundant model executions ("NO-OP" on a second run) and
+auto-defers to prod, without a manifest. But the **decision engine is a hosted,
+metered gRPC service** (`api.state.dbt.com`); the pip package is only a client.
+With no auth, the client silently disables itself and dbt runs vanilla.
+
+The client, the protobuf protocol, and the shared libs are all **Apache-2.0**.
+Only the server is closed. This project builds an open replacement server that:
+
+- speaks the same gRPC protocol (reuses the client's `*Servicer` stubs),
+- keeps all state in **your own storage** (local disk, S3, or Azure Blob),
+- needs **no dbt Labs account** (insecure channel for dev; your own OAuth/Entra ID for prod).
+
+## How the client/server split works (verified against the wheel)
+
+- **Client (unchanged, Apache-2.0):** compiles model SQL, extracts deps + table
+  refs (sqlglot), reads each input's `last_modified` from the warehouse via an
+  adapter extension, hashes seed files, ships **raw SQL + metadata** over gRPC,
+  acts on the verdict, and reports outcomes back.
+- **Server (this repo):** computes a semantic fingerprint, matches it against
+  stored history for the target table, checks freshness + execution_type, and
+  returns **skip / clone / execute**. Persists run records to your chosen
+  backend (local, S3, or Azure Blob).
+
+Our fingerprint algorithm only has to be **self-consistent** between
+"record a run" and "check a run" - it does not need to match dbt Labs'.
+
+## Auth
+
+- **Dev / trusted network:** `RUN_CACHE_API_URL=localhost:50051` (non-:443) or
+  `RUN_CACHE_API_SECURE=false` -> insecure channel, zero OAuth. In CI/non-interactive,
+  set `RUN_CACHE_OAUTH_CLIENT_SECRET=<dummy>` to pass the client's disable-gate
+  (presence-checked only; never used on an insecure channel).
+- **Production:** TLS + override `RUN_CACHE_AUTH_URL`/`RUN_CACHE_TOKEN_URL` to your
+  own IdP (e.g. Azure Entra ID, same identity that guards your storage). Client does
+  OAuth2 and attaches a bearer token; the server validates the JWT.
+
+## Repo layout
+
+(The pip package ships only `dbt_state_oss/`; the rest is for development.)
+
+```
+dbt_state_oss/   the gRPC decision server (the engine)
+example_project/ a tiny dbt-postgres project (seed -> staging -> mart) for local testing
+tests/           unit + S3 integration tests
+docs/            PROTOCOL.md (the reverse-engineered contract), FINDINGS.md (the eval)
+reference/       local copy of dbt-labs' Apache-2.0 client source (gitignored, not committed)
+```
+
+## Status
+
+**v1 works** — postgres warehouse; `local`, `s3`, and `azure` state stores.
+Verified end-to-end against our own server with zero dbt Labs:
+
+| scenario | result |
+|---|---|
+| second run, nothing changed | all models **NO-OP** (reused, no SQL run) |
+| comment / whitespace-only edit | **NO-OP** (semantic fingerprint) |
+| real SQL change to a model | that model rebuilds |
+| real change upstream | downstream rebuilds too (freshness check, cache stays safe) |
+| seed file unchanged | seed **NO-OP** (via values_hash) |
+
+Requires postgres `track_commit_timestamp=on` (the client reads freshness from
+`pg_xact_commit_timestamp`); the local docker postgres sets it.
+
+### State backends
+
+Pick the backend with `--store` (or the `STATE_STORE` env var). Each backend's
+config takes a CLI flag that falls back to its env var. All backends implement
+the same two-method `StateStore` interface, so the roadmap entries are additive.
+
+| backend | status | flags | env |
+|---|---|---|---|
+| `local` | supported | `--dir` | `DBTSTATE_LOCAL_DIR` |
+| `s3` | supported | `--bucket`, `--prefix` | `DBTSTATE_S3_BUCKET`, `DBTSTATE_S3_PREFIX` |
+| `azure` | supported | `--account`, `--container`, `--prefix` | `DBTSTATE_AZURE_ACCOUNT`, `DBTSTATE_AZURE_CONTAINER`, `DBTSTATE_AZURE_PREFIX` |
+| `memory` | dev/test only | - | - |
+
+```bash
+dbt-state-oss --store s3    --bucket my-bucket
+dbt-state-oss --store azure --account acct --container dbt-state
+dbt-state-oss --store local --dir ./.state_data
+```
+
+**Roadmap (not yet implemented):**
+- Google Cloud Storage (`gcs`)
+- Fabric OneLake files
+
+**Azure auth:** `DefaultAzureCredential` (`az login` locally, OIDC/workload-identity
+in CI, managed identity on Azure). The identity needs the **Storage Blob Data
+Contributor** role on the account (control-plane Owner/Contributor is NOT enough):
+```bash
+az role assignment create --assignee-object-id <your-oid> --assignee-principal-type User \
+  --role "Storage Blob Data Contributor" \
+  --scope /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Storage/storageAccounts/<acct>
+```
+
+**S3 auth:** the boto3 default credential chain (IAM role, instance profile, SSO,
+`AWS_*` env vars, or `~/.aws/credentials`). No keys are read from this repo. The
+identity needs read/write on the bucket; region comes from your standard AWS
+configuration. After `pip install "dbt-state-oss[s3]"`, start the server with
+`dbt-state-oss --store s3 --bucket <bucket>`.
+
+Next milestones: GCS / OneLake backends -> fabricspark adapter extension -> clone + prod auth.
+
+## Install & run
+
+```bash
+pip install dbt-state-oss          # add [s3] or [azure] for those backends
+dbt-state-oss --store local --port 50051
+```
+
+Then point your dbt-state client at the server (client env vars use the
+`RUN_CACHE_` prefix):
+
+```bash
+export RUN_CACHE_API_URL=localhost:50051 RUN_CACHE_API_SECURE=false RUN_CACHE_OAUTH_CLIENT_SECRET=dev
+dbt build      # in your dbt project; run twice and the second run NO-OPs
+```
+
+`RUN_CACHE_API_SECURE=false` selects an insecure channel (no OAuth);
+`RUN_CACHE_OAUTH_CLIENT_SECRET` only needs to be *present* to pass the client's
+enable-gate in non-interactive runs. Switch backends with `--store` (see the
+table above), e.g. `dbt-state-oss --store azure --account <acct>` after `az login`.
+
+## The NO-OP demo (from a clone)
+
+A runnable seed -> staging -> mart project that NO-OPs on the second run lives in
+`example_project/`. It ships only in the repo (not the pip package) and needs a
+postgres with `track_commit_timestamp=on` — the client reads freshness from
+`pg_xact_commit_timestamp`. The example profile expects postgres on `:5433`,
+database `dbt_oss`. Clone the repo, install with the `dev` extra, start the
+server (`--store local`), then `dbt build --target prod` twice from
+`example_project/`.

dbt_state_oss-0.1.0/README.md

@@ -0,0 +1,142 @@
+# dbt-state-oss
+
+An open-source, self-hosted decision server for the Apache-2.0
+[`dbt-state`](https://github.com/dbt-labs/dbt-state) client, keeping the state
+store in **your own storage** (local disk, S3, or Azure Blob) instead of dbt
+Labs' hosted, metered service.
+
+## Why
+
+`dbt-state` skips redundant model executions ("NO-OP" on a second run) and
+auto-defers to prod, without a manifest. But the **decision engine is a hosted,
+metered gRPC service** (`api.state.dbt.com`); the pip package is only a client.
+With no auth, the client silently disables itself and dbt runs vanilla.
+
+The client, the protobuf protocol, and the shared libs are all **Apache-2.0**.
+Only the server is closed. This project builds an open replacement server that:
+
+- speaks the same gRPC protocol (reuses the client's `*Servicer` stubs),
+- keeps all state in **your own storage** (local disk, S3, or Azure Blob),
+- needs **no dbt Labs account** (insecure channel for dev; your own OAuth/Entra ID for prod).
+
+## How the client/server split works (verified against the wheel)
+
+- **Client (unchanged, Apache-2.0):** compiles model SQL, extracts deps + table
+  refs (sqlglot), reads each input's `last_modified` from the warehouse via an
+  adapter extension, hashes seed files, ships **raw SQL + metadata** over gRPC,
+  acts on the verdict, and reports outcomes back.
+- **Server (this repo):** computes a semantic fingerprint, matches it against
+  stored history for the target table, checks freshness + execution_type, and
+  returns **skip / clone / execute**. Persists run records to your chosen
+  backend (local, S3, or Azure Blob).
+
+Our fingerprint algorithm only has to be **self-consistent** between
+"record a run" and "check a run" - it does not need to match dbt Labs'.
+
+## Auth
+
+- **Dev / trusted network:** `RUN_CACHE_API_URL=localhost:50051` (non-:443) or
+  `RUN_CACHE_API_SECURE=false` -> insecure channel, zero OAuth. In CI/non-interactive,
+  set `RUN_CACHE_OAUTH_CLIENT_SECRET=<dummy>` to pass the client's disable-gate
+  (presence-checked only; never used on an insecure channel).
+- **Production:** TLS + override `RUN_CACHE_AUTH_URL`/`RUN_CACHE_TOKEN_URL` to your
+  own IdP (e.g. Azure Entra ID, same identity that guards your storage). Client does
+  OAuth2 and attaches a bearer token; the server validates the JWT.
+
+## Repo layout
+
+(The pip package ships only `dbt_state_oss/`; the rest is for development.)
+
+```
+dbt_state_oss/   the gRPC decision server (the engine)
+example_project/ a tiny dbt-postgres project (seed -> staging -> mart) for local testing
+tests/           unit + S3 integration tests
+docs/            PROTOCOL.md (the reverse-engineered contract), FINDINGS.md (the eval)
+reference/       local copy of dbt-labs' Apache-2.0 client source (gitignored, not committed)
+```
+
+## Status
+
+**v1 works** — postgres warehouse; `local`, `s3`, and `azure` state stores.
+Verified end-to-end against our own server with zero dbt Labs:
+
+| scenario | result |
+|---|---|
+| second run, nothing changed | all models **NO-OP** (reused, no SQL run) |
+| comment / whitespace-only edit | **NO-OP** (semantic fingerprint) |
+| real SQL change to a model | that model rebuilds |
+| real change upstream | downstream rebuilds too (freshness check, cache stays safe) |
+| seed file unchanged | seed **NO-OP** (via values_hash) |
+
+Requires postgres `track_commit_timestamp=on` (the client reads freshness from
+`pg_xact_commit_timestamp`); the local docker postgres sets it.
+
+### State backends
+
+Pick the backend with `--store` (or the `STATE_STORE` env var). Each backend's
+config takes a CLI flag that falls back to its env var. All backends implement
+the same two-method `StateStore` interface, so the roadmap entries are additive.
+
+| backend | status | flags | env |
+|---|---|---|---|
+| `local` | supported | `--dir` | `DBTSTATE_LOCAL_DIR` |
+| `s3` | supported | `--bucket`, `--prefix` | `DBTSTATE_S3_BUCKET`, `DBTSTATE_S3_PREFIX` |
+| `azure` | supported | `--account`, `--container`, `--prefix` | `DBTSTATE_AZURE_ACCOUNT`, `DBTSTATE_AZURE_CONTAINER`, `DBTSTATE_AZURE_PREFIX` |
+| `memory` | dev/test only | - | - |
+
+```bash
+dbt-state-oss --store s3    --bucket my-bucket
+dbt-state-oss --store azure --account acct --container dbt-state
+dbt-state-oss --store local --dir ./.state_data
+```
+
+**Roadmap (not yet implemented):**
+- Google Cloud Storage (`gcs`)
+- Fabric OneLake files
+
+**Azure auth:** `DefaultAzureCredential` (`az login` locally, OIDC/workload-identity
+in CI, managed identity on Azure). The identity needs the **Storage Blob Data
+Contributor** role on the account (control-plane Owner/Contributor is NOT enough):
+```bash
+az role assignment create --assignee-object-id <your-oid> --assignee-principal-type User \
+  --role "Storage Blob Data Contributor" \
+  --scope /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Storage/storageAccounts/<acct>
+```
+
+**S3 auth:** the boto3 default credential chain (IAM role, instance profile, SSO,
+`AWS_*` env vars, or `~/.aws/credentials`). No keys are read from this repo. The
+identity needs read/write on the bucket; region comes from your standard AWS
+configuration. After `pip install "dbt-state-oss[s3]"`, start the server with
+`dbt-state-oss --store s3 --bucket <bucket>`.
+
+Next milestones: GCS / OneLake backends -> fabricspark adapter extension -> clone + prod auth.
+
+## Install & run
+
+```bash
+pip install dbt-state-oss          # add [s3] or [azure] for those backends
+dbt-state-oss --store local --port 50051
+```
+
+Then point your dbt-state client at the server (client env vars use the
+`RUN_CACHE_` prefix):
+
+```bash
+export RUN_CACHE_API_URL=localhost:50051 RUN_CACHE_API_SECURE=false RUN_CACHE_OAUTH_CLIENT_SECRET=dev
+dbt build      # in your dbt project; run twice and the second run NO-OPs
+```
+
+`RUN_CACHE_API_SECURE=false` selects an insecure channel (no OAuth);
+`RUN_CACHE_OAUTH_CLIENT_SECRET` only needs to be *present* to pass the client's
+enable-gate in non-interactive runs. Switch backends with `--store` (see the
+table above), e.g. `dbt-state-oss --store azure --account <acct>` after `az login`.
+
+## The NO-OP demo (from a clone)
+
+A runnable seed -> staging -> mart project that NO-OPs on the second run lives in
+`example_project/`. It ships only in the repo (not the pip package) and needs a
+postgres with `track_commit_timestamp=on` — the client reads freshness from
+`pg_xact_commit_timestamp`. The example profile expects postgres on `:5433`,
+database `dbt_oss`. Clone the repo, install with the `dev` extra, start the
+server (`--store local`), then `dbt build --target prod` twice from
+`example_project/`.

dbt_state_oss-0.1.0/dbt_state_oss/__init__.py

@@ -0,0 +1,5 @@
+"""dbt-state-oss: an open, self-hosted decision server for the Apache-2.0
+dbt-state client, with state stored in your own backend (local, S3, or Azure Blob).
+
+Proves a real NO-OP on the second run against a postgres warehouse.
+"""

dbt_state_oss-0.1.0/dbt_state_oss/__main__.py

@@ -0,0 +1,71 @@
+"""Run the dbt-state-oss decision server.
+
+    dbt-state-oss --store s3 --bucket my-bucket --port 50051
+
+Point the dbt-state client at it with:
+    RUN_CACHE_API_URL=localhost:50051 RUN_CACHE_API_SECURE=false RUN_CACHE_OAUTH_CLIENT_SECRET=dev
+"""
+from __future__ import annotations
+
+import argparse
+import os
+from concurrent import futures
+
+import grpc
+
+from query_cache_protobuf.query_cache.services import (
+    client_validation_service_pb2_grpc as val_grpc,
+    execution_service_pb2_grpc as exec_grpc,
+    health_service_pb2_grpc as health_grpc,
+    sql_service_pb2_grpc as sql_grpc,
+)
+
+from .servicers import (
+    ClientValidationServicer,
+    ExecutionServicer,
+    HealthServicer,
+    SQLServicer,
+    _Pending,
+    _log,
+)
+from .store import make_store
+
+
+def serve(port: int, store) -> None:
+    pending = _Pending()
+
+    server = grpc.server(futures.ThreadPoolExecutor(max_workers=16))
+    sql_grpc.add_SQLServicer_to_server(SQLServicer(store, pending), server)
+    exec_grpc.add_ExecutionServicer_to_server(ExecutionServicer(store, pending), server)
+    val_grpc.add_ClientValidationServicer_to_server(ClientValidationServicer(), server)
+    health_grpc.add_HealthServicer_to_server(HealthServicer(), server)
+
+    server.add_insecure_port(f"[::]:{port}")
+    server.start()
+    _log(f"listening on :{port} (insecure)  store={type(store).__name__}")
+    server.wait_for_termination()
+
+
+def main() -> None:
+    ap = argparse.ArgumentParser(prog="dbt-state-oss")
+    ap.add_argument("--store", choices=["local", "s3", "azure", "memory"],
+                    help="state backend (env STATE_STORE; default local)")
+    ap.add_argument("--port", type=int,
+                    help="listen port (env DBTSTATE_PORT; default 50051)")
+    ap.add_argument("--dir", help="[local] state directory (env DBTSTATE_LOCAL_DIR)")
+    ap.add_argument("--bucket", help="[s3] bucket (env DBTSTATE_S3_BUCKET)")
+    ap.add_argument("--account", help="[azure] storage account (env DBTSTATE_AZURE_ACCOUNT)")
+    ap.add_argument("--container", help="[azure] container (env DBTSTATE_AZURE_CONTAINER)")
+    ap.add_argument("--prefix", help="[s3|azure] key prefix (env DBTSTATE_S3_PREFIX/DBTSTATE_AZURE_PREFIX)")
+    args = ap.parse_args()
+
+    port = args.port or int(os.environ.get("DBTSTATE_PORT") or 50051)
+    store = make_store(
+        store=args.store, dir=args.dir, bucket=args.bucket,
+        prefix=args.prefix, account=args.account, container=args.container,
+    )
+    serve(port, store)
+
+
+if __name__ == "__main__":
+    main()

dbt_state_oss-0.1.0/dbt_state_oss/fingerprint.py

@@ -0,0 +1,48 @@
+"""Semantic fingerprint of a model execution.
+
+The skip decision compares the incoming fingerprint against stored ones, so the
+fingerprint only needs to be self-consistent (same input -> same hash).
+
+Folds in:
+  - execution_type (FULL vs MERGE etc. must not collide)
+  - the model's own SQL, normalized via sqlglot (whitespace/comments/formatting
+    do not change the hash)
+  - each dependency SQL passed in query_dependencies, normalized
+
+The fingerprint covers only a model's own SQL. Invalidation when an upstream
+changes is handled separately by the freshness check in servicers._is_fresh.
+"""
+from __future__ import annotations
+
+import hashlib
+from typing import Iterable
+
+from sqlglot import parse_one
+
+
+def normalize_sql(sql: str | None, dialect: str | None) -> str:
+    if not sql:
+        return ""
+    try:
+        return parse_one(sql, read=dialect or None).sql(
+            dialect=dialect or None, normalize=True, comments=False, pretty=False
+        )
+    except Exception:
+        # Unparseable SQL: fall back to a trimmed raw string so we still hash something stable.
+        return sql.strip()
+
+
+def compute_fingerprint(
+    sql: str | None,
+    dialect: str | None,
+    execution_type: str,
+    dependency_queries: Iterable[str],
+) -> str:
+    h = hashlib.sha256()
+    h.update((execution_type or "").encode())
+    h.update(b"\x00")
+    h.update(normalize_sql(sql, dialect).encode())
+    for dep in sorted(normalize_sql(q, dialect) for q in dependency_queries):
+        h.update(b"\x00")
+        h.update(dep.encode())
+    return h.hexdigest()