Function write_pack 

pub fn write_pack(
    source: &dyn StreamStore,
    ids: &[String],
    manifest_id: Option<&str>,
    out: impl Write,
) -> Result<PackWriteReport, StoreError>

Emits a SNAPPACK 1 stream: magic, one obj record per entry of ids IN INPUT ORDER, then (if manifest_id is given) the manifest record LAST, then the end trailer.

Fail-closed discipline:

• Every id (and manifest_id) is validated against ^[0-9a-f]{64}$ BEFORE any byte is written.
• The manifest is fetched and serialized up front (fail fast) but emitted last; its serialized bytes (Manifest text + trailing \n, exactly the stored byte form file_store.rs writes) must hash back to manifest_id.
• Each object’s bytes are re-verified to hash to its id after get_object (belt and braces over the store’s own read verification) before its record is written.
• Any failure — including a missing object — aborts BEFORE the end trailer is emitted, so a consumer of the partial stream also fails (no silent partial transfer).

Duplicates in ids emit duplicate records (the reader handles them idempotently); deduplication is the caller’s job.