Crate freenet_git_types

Expand description

Shared state types and the pure validation/update logic for freenet-git.

Both the repo-contract WASM and the on-host helpers depend on this crate at the same pinned version. The contract WASM compiles a tiny shim that deserializes parameters/state and dispatches into validate_state / update_state / merge_state / summarize_state / get_state_delta. Keeping all the logic here lets us unit-test it as ordinary Rust without booting a WASM runtime.

§Phase 1.0 scope

Phase 1.0 is single-writer: only the repo owner can sign anything. The schema includes the ACL fields (AclState, WriterGrant) so that adding multi-writer support in Phase 1.1 is a contract WASM upgrade and not a fundamentally different schema. For now validate_state requires entry.updater == parameters.owner for every signed entry.

Modules§

chunked: ChunkedPack manifest format and validation.
limits: Hard upper bounds on string-shaped fields. These are not security-critical (signatures already bound what an attacker can publish to what the owner signs) but they eliminate accidental footguns like cat huge.log | xargs freenet-git rename.

Structs§

AclState: ACL grant log with epoch numbers. Owner-signed as a whole via the surrounding SignedField. Phase 1.0 keeps this empty (epoch = 0, no grants); Phase 1.1 adds grant/revoke via dedicated CLI commands.
ExtensionEntry: One entry in RepoState::extensions.
ObjectBundleRecord: One entry in RepoState::object_index: a bundle and the signature of the writer who introduced it.
RefEntry: One ref pointer. Phase 1.0 only accepts entries where updater == parameters.owner.
RepoParams: Initial parameters, immutable, part of the contract key via BLAKE3(BLAKE3(WASM) || Parameters).
RepoState: The full mutable state of a repo contract.
RepoSummary: Compact summary used for summarize_state -> get_state_delta.
SignedField: A field that carries its own owner signature so a peer can verify it in isolation, regardless of how the surrounding state was assembled.
WriterGrant: Per-writer ACL grant. Phase 1.0 schema includes this for forward compat but validate_state ignores it — only the owner is authorized.

Enums§

ObjectBundle: One stored bundle of git objects.
UpdateError: Errors update_state can surface in addition to ValidateError.
ValidateError: Errors validate_state can surface. The string variants carry diagnostic detail; treat the variant as the machine-readable signal.

Functions§

get_state_delta: Compute the delta a peer needs to update from summary to state.
merge_state: Apply a full new state on top of the existing state, treating both as CRDT snapshots and merging deterministically. This is the path triggered by a peer pushing a fresh state to us.
pubkey_prefix: Compute the canonical prefix of an owner pubkey at a given length: base58(owner)[..len], with len saturated to the encoded string’s actual length so we never index past the end.
signature_domain_key: Public version of [params_repo_key] for callers that need the same derivation when constructing signed payloads.
signed_payload_acl_field: Signed-payload bytes for acl.
signed_payload_bundle_record: Signed-payload bytes for an ObjectBundleRecord.
signed_payload_extension: Signed-payload bytes for an ExtensionEntry.
signed_payload_optional_repo_key_field: Signed-payload bytes for upgrade.
signed_payload_ref_entry: Signed-payload bytes for a RefEntry.
signed_payload_ref_list_field: Signed-payload bytes for force_push_allowed.
signed_payload_string_field: Construct the canonical signed-payload bytes for the name / description / default_branch field updates.
summarize_state: Build a RepoSummary from a state. Used by the contract’s summarize_state entry point.
update_state: Apply a delta (a partial update produced by a writer) to the current state. Used on the optimistic path. Performs the merge_state CRDT reconciliation plus the additional fast-forward / sequence-number guards described in the issue spec.
validate_state: Run the full contract validate_state check.

Type Aliases§

CommitHash: SHA-1 git commit hash, 20 bytes. Phase 1 does not care about the SHA-256-object-format experiment yet; if/when we adopt it, this becomes enum CommitHash { Sha1([u8; 20]), Sha256([u8; 32]) }.
ManifestHash: BLAKE3-32 of a chunked-pack manifest’s bytes. (Not consumed in Phase 1.0.)
ObjectBundleId: Stable identifier for a stored bundle: BLAKE3-32(canonical-CBOR(bundle)).
PackHash: BLAKE3-32 of a packfile’s bytes.
PublicKey: Owner public key, lives in RepoState and is checked by validate_state against the prefix in parameters.
RefName: A git ref name, e.g. refs/heads/main. Stored as a String but constrained at validation time:
RepoKey: Logical key under which the contract is stored. We store this as the raw 32-byte key part rather than the full freenet_stdlib::ContractKey to avoid pulling stdlib into the contract WASM’s link surface for signature-domain purposes.
Signature: ed25519 signature.