Skip to content

Design the application storage and cache ownership boundary#61

Merged
flyingrobots merged 3 commits into
mainfrom
design/application-storage-boundary
Jul 13, 2026
Merged

Design the application storage and cache ownership boundary#61
flyingrobots merged 3 commits into
mainfrom
design/application-storage-boundary

Conversation

@flyingrobots

Copy link
Copy Markdown
Member

Summary

  • establish API-0047 as the application storage and cache ownership contract
  • define opaque handles, generic publication, structured bundles/pages, CacheSet, ExpiringSet, and generation-scoped retention witnesses
  • add invariant I-002 and align v6.2.0 roadmap/bearing truth
  • record self-review and Code Lawyer findings with all identified ambiguities corrected

Why

Downstream applications currently have to sequence raw CAS objects, build Git trees, maintain cache refs and indexes, and implement retention/expiry/repair themselves. This design makes git-cas the sole owner of those mechanics while preserving application domain and causal semantics.

Review evidence

The committed design witness records four resolved findings:

  • logical versus physical byte accounting
  • pin/expiry precedence
  • repository-independent handle portability
  • active versus landed design indexing

Validation

  • pnpm run lint
  • pnpm test: 192 files, 1,686 passed, 2 skipped
  • pnpm vitest run test/unit/docs: 14 files, 57 passed
  • focused markdown-link/planning tests: 8 passed
  • Prettier check
  • git diff --check
  • pre-push lint and unit-test gates

Closes #58
Refs #50
Downstream: git-stunts/git-warp#734

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 107f45ed-4188-473a-8957-8226af2f6b9c

📥 Commits

Reviewing files that changed from the base of the PR and between cadfb96 and a23d3cb.

📒 Files selected for processing (2)
  • docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
  • docs/design/0047-application-storage-cache-boundary/witness/design-review.md
📜 Recent review details
🧰 Additional context used
📓 Path-based instructions (1)
docs/design/**

📄 CodeRabbit inference engine (AGENTS.md)

Use docs/design/ directory for durable design contracts and proof plans

Files:

  • docs/design/0047-application-storage-cache-boundary/witness/design-review.md
  • docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
🔇 Additional comments (2)
docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md (1)

413-429: LGTM!

docs/design/0047-application-storage-cache-boundary/witness/design-review.md (1)

106-111: LGTM!


📝 Walkthrough

Summary by CodeRabbit

  • Documentation
    • Published the API-0047 “Application storage ownership” design for the v6.2.0 storage/cache ownership boundary, including retention, expiry, and cache/expiry contract behaviors.
    • Added the I-002 “Application Storage Ownership” invariant and an API-0047 design-review witness with documented review outcomes.
    • Updated roadmap and project state materials (including changelog/design indexes) to reflect the v6.2.0/v6.3.0 milestone focus and tracker revisions.

Walkthrough

The PR documents API-0047, defining application storage and cache ownership contracts, retention and cache semantics, compatibility requirements, validation plans, and review evidence. Release, roadmap, changelog, design-cycle, and invariant indexes are updated for the v6.2.0 direction.

Changes

Application storage boundary

Layer / File(s) Summary
Release and roadmap alignment
BEARING.md, CHANGELOG.md, ROADMAP.md, docs/design/README.md
Release planning and repository indexes identify API-0047 as the selected v6.2.0 application storage ownership work.
Facade and ownership contracts
docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md, docs/invariants/*
The design defines application-facing handles, publications, retention witnesses, CacheSet, ExpiringSet, and storage/domain responsibility boundaries.
System posture and implementation plan
docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
The specification records architecture, compatibility, error, security, accessibility, determinism, testing, acceptance, and implementation requirements.
Design-review witness
docs/design/0047-application-storage-cache-boundary/witness/design-review.md
The witness records design decisions, resolved concerns, external corrections, validation results, and pending runtime implementation status.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related issues

Possibly related PRs

  • git-stunts/git-cas#47 — Uses the same release-planning and tracker documentation surfaces updated by this PR.

Poem

A rabbit reviewed each handle with care,
While caches and witnesses settled their share.
v6.2.0 hopped into view,
With storage boundaries crisp and true.
“No duplicated burrows!” the rabbit sings.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed It clearly summarizes the main change: designing the application storage and cache ownership boundary.
Description check ✅ Passed It includes the linked issue, design/proof evidence, validation, and release-impact info, though under custom headings.
Linked Issues check ✅ Passed The diff implements the API-0047 storage/cache ownership contract and supporting docs, matching the #58 objectives and acceptance criteria.
Out of Scope Changes check ✅ Passed The changes stay within documentation, design, invariant, roadmap, and changelog updates for the storage/cache boundary work.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

Comment @coderabbitai help to get the list of available commands.

@flyingrobots

Copy link
Copy Markdown
Member Author

Self-review

Reviewed the complete main...design/application-storage-boundary diff against #58, the METHOD template, existing RootSet behavior, semver compatibility, and downstream goalpost git-stunts/git-warp#734.

  • Scope is docs/design/invariant only; Graft reports 8 documentation files and no exported/runtime changes.
  • All required design sections and tracker links are present.
  • Existing store(), createTree(), RootSet, and Vault behavior remains explicitly compatible.
  • Runtime claims are framed as required proof for later slices, not as shipped behavior.
  • The active cycle is indexed as active, not landed.
  • No unresolved self-review findings remain.

Validation evidence is committed in docs/design/0047-application-storage-cache-boundary/witness/design-review.md.

@flyingrobots

Copy link
Copy Markdown
Member Author

Code Lawyer verdict

PASS after corrections

Adversarial review found and resolved four contract defects before publication:

  1. High: maxBytes lacked a dedupe-safe definition. It is now logical manifest bytes; physical bytes are non-additive doctor evidence.
  2. High: pin/expiry precedence was ambiguous. Explicit expiry authorizes release after expiry; otherwise pinned entries require explicit release.
  3. Medium: handle portability conflicted with Add opaque asset handles and retention witnesses #54. Handles are repository-location independent and fail explicitly when the object graph is absent.
  4. Medium: cycle 0047 was initially indexed as landed. It is now active.

Residual constraints are explicit: witnesses are generation-scoped, streaming requires residency proof, and unknown physical attribution must remain unknown rather than guessed.

Open blockers: none in the diff. CI and CodeRabbit remain external merge gates.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md`:
- Around line 184-191: Update the bundle materialization flow around
cas.bundles.put and define configurable resource limits for member count, member
path length, descriptor size, and fanout. Enforce these limits before accepting
the bundle, and return stable, documented errors for each exceeded limit so
bounded batch and residency guarantees remain valid.
- Around line 350-354: Expand the maxBytes accounting section near the existing
logical-payload definition with deterministic rules for which validated manifest
fields contribute to assets, bundles, and pages, how shared child graphs are
counted across entries, and how adopted or legacy handles without size metadata
are treated. Ensure sweep() and inspect() use the same rules and produce
consistent capacity and eviction results.
- Around line 205-212: Define a ref-safe grammar for the cache namespace used by
the cas.caches.open configuration, including normalization and rejection rules
for empty components, “..”, control characters, ambiguous separators, and
reserved names. State that invalid or ambiguous namespaces must be rejected and
valid namespaces must map uniquely within the intended refs/cas/caches/*
boundary; apply the same rules to the additional cache namespace.
- Around line 193-203: Update publications.commit validation and its generic
contract to accept a validated root handle for all supported facade kinds,
including bundle, asset, and page handles, rather than requiring only a bundle
handle. Alternatively, explicitly enumerate those supported root kinds and add
proof tests covering each; keep the commit flow in the application storage
example consistent with the revised contract.
- Around line 219-223: Define the CacheSet.get() hit shape to explicitly include
handle, key, generation/evidence, expiry, and policy fields, matching the fields
used by the cache lookup example. Add tests covering a valid hit, an expired
entry returning a miss, and evidence from the current generation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 12c081c7-9d7c-4ed0-98d9-a230676360fd

📥 Commits

Reviewing files that changed from the base of the PR and between 295f21f and d2e8371.

📒 Files selected for processing (8)
  • BEARING.md
  • CHANGELOG.md
  • ROADMAP.md
  • docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
  • docs/design/0047-application-storage-cache-boundary/witness/design-review.md
  • docs/design/README.md
  • docs/invariants/I-002-application-storage-ownership.md
  • docs/invariants/README.md
📜 Review details
🧰 Additional context used
📓 Path-based instructions (4)
docs/design/**

📄 CodeRabbit inference engine (AGENTS.md)

Use docs/design/ directory for durable design contracts and proof plans

Files:

  • docs/design/README.md
  • docs/design/0047-application-storage-cache-boundary/witness/design-review.md
  • docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
BEARING.md

📄 CodeRabbit inference engine (AGENTS.md)

Use BEARING.md to document current execution gravity and active tensions

Files:

  • BEARING.md
CHANGELOG.md

📄 CodeRabbit inference engine (AGENTS.md)

Use CHANGELOG.md to record the historical truth of merged behavior

Files:

  • CHANGELOG.md
ROADMAP.md

📄 CodeRabbit inference engine (AGENTS.md)

Use ROADMAP.md as a signpost to the GitHub release tracker

Files:

  • ROADMAP.md
🧠 Learnings (1)
📚 Learning: 2026-03-30T19:53:48.000Z
Learnt from: flyingrobots
Repo: git-stunts/git-cas PR: 29
File: docs/design/TR-010-planning-index-consistency-review.md:121-131
Timestamp: 2026-03-30T19:53:48.000Z
Learning: In this repo, CHANGELOG.md entries should be user-facing and descriptive (bullet points) rather than cycle-ID headings (e.g., use a phrase like “Planning-index consistency review” instead of a “TR-010 — …” heading). When searching the changelog, don’t rely on grepping for cycle IDs (e.g., “TR-010”) because it may cause false negatives; search for the descriptive keywords/phrases from the bullet entries instead.

Applied to files:

  • CHANGELOG.md
🪛 LanguageTool
docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md

[style] ~669-~669: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...sh a handle from a durability claim? 3. Can a caller publish causal history without...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)


[style] ~670-~670: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ry without assembling payload trees? 4. Can cache data be live now and collectible ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)


[style] ~706-~706: As an alternative to the over-used intensifier ‘very’, consider replacing this phrase.
Context: ...ll objects reachable from a handle. - Very large repository attribution may need commit-...

(EN_WEAK_ADJECTIVE)

🔇 Additional comments (7)
BEARING.md (1)

17-22: LGTM!

Also applies to: 124-131

ROADMAP.md (1)

32-40: LGTM!

Also applies to: 45-50, 51-59

CHANGELOG.md (1)

10-18: LGTM!

docs/design/README.md (1)

40-40: LGTM!

docs/design/0047-application-storage-cache-boundary/witness/design-review.md (1)

1-91: LGTM!

docs/invariants/I-002-application-storage-ownership.md (1)

1-46: LGTM!

docs/invariants/README.md (1)

13-13: LGTM!

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md`:
- Around line 407-419: Align the CacheHit example’s policy representation with
the Retention Witness Contract by replacing the nested policy object in the
stable CacheHit shape with the flat cache-policy value used by retentionWitness
(such as “pinned” or “evictable”). Keep evidence: retentionWitness unchanged and
ensure the example exposes only one consistent policy shape.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 810bdf07-dcb9-4d9d-b018-cc1d2a4d328d

📥 Commits

Reviewing files that changed from the base of the PR and between d2e8371 and cadfb96.

📒 Files selected for processing (2)
  • docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
  • docs/design/0047-application-storage-cache-boundary/witness/design-review.md
📜 Review details
⏰ Context from checks skipped due to timeout. (3)
  • GitHub Check: test-docker (node)
  • GitHub Check: test-docker (deno)
  • GitHub Check: test-docker (bun)
🧰 Additional context used
📓 Path-based instructions (1)
docs/design/**

📄 CodeRabbit inference engine (AGENTS.md)

Use docs/design/ directory for durable design contracts and proof plans

Files:

  • docs/design/0047-application-storage-cache-boundary/witness/design-review.md
  • docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md
🔇 Additional comments (7)
docs/design/0047-application-storage-cache-boundary/application-storage-cache-boundary.md (6)

191-197: LGTM!

Also applies to: 274-295


373-393: LGTM!


398-398: LGTM!


421-461: LGTM!


584-589: LGTM!


709-714: LGTM!

docs/design/0047-application-storage-cache-boundary/witness/design-review.md (1)

71-105: LGTM! CR-001 through CR-005 accurately reflect the corresponding contract fixes now present in the design specification.

@flyingrobots flyingrobots merged commit ee1be5d into main Jul 13, 2026
6 checks passed
@flyingrobots flyingrobots deleted the design/application-storage-boundary branch July 13, 2026 09:53
@flyingrobots flyingrobots mentioned this pull request Jul 13, 2026
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Design the application storage and cache policy contract

1 participant