Expand description
mkit gc — reclaim unreachable objects (mark-and-sweep prune).
Under the repo lock: expire the recovery log, compute the live-object keep-set (every object reachable from the retention roots — refs, stash, in-progress op state, attestations, and the recovery log), then delete unreachable objects that are older than the grace window.
Safety: the live set is computed before anything is deleted and
the whole run is fail-closed — a missing/corrupt root, a malformed
ref, or the reachability cap aborts with nothing removed (see
mkit_core::ops::gc). Unreachable objects younger than the grace
window (default 14 days) are kept as a belt-and-suspenders against
objects written just before a reference that points at them. Use
--dry-run to preview, and --grace-secs 0 to prune every
unreachable object regardless of age.
Concurrency: gc holds the repo lock for its whole run, and the
root-publishing paths now take the same lock around their object-write +
ref/attestation-publish window — tag (annotated/signed), fetch /
pull, and attest (#267) — so they are serialized against gc. The
grace window remains the belt-and-suspenders net (like Git’s default
gc.pruneExpire, vs prune --expire=now): --grace-secs 0 bypasses it
and prints a warning, but with the publishers now locked it is safe even
under concurrency.