diff options
Diffstat (limited to 'REVIEW_SUMMARY.md')
| -rw-r--r-- | REVIEW_SUMMARY.md | 322 |
1 files changed, 322 insertions, 0 deletions
diff --git a/REVIEW_SUMMARY.md b/REVIEW_SUMMARY.md new file mode 100644 index 0000000..f66a371 --- /dev/null +++ b/REVIEW_SUMMARY.md | |||
| @@ -0,0 +1,322 @@ | |||
| 1 | # ngit-grasp Architecture Review Summary | ||
| 2 | |||
| 3 | ## Investigation Complete ✅ | ||
| 4 | |||
| 5 | After thorough investigation of: | ||
| 6 | 1. The GRASP protocol specification | ||
| 7 | 2. The reference implementation (ngit-relay in Go) | ||
| 8 | 3. The `git-http-backend` Rust crate | ||
| 9 | 4. The `nostr-relay-builder` Rust crate | ||
| 10 | |||
| 11 | ## Key Decision: Inline Authorization (Not Hooks) | ||
| 12 | |||
| 13 | **Question**: Should we use Git pre-receive hooks or inject logic directly into the HTTP handler? | ||
| 14 | |||
| 15 | **Answer**: **Direct injection is both pragmatic and superior** ✅ | ||
| 16 | |||
| 17 | ### Why This Works | ||
| 18 | |||
| 19 | The `git-http-backend` Rust crate: | ||
| 20 | - Provides actix-web handlers for Git Smart HTTP protocol | ||
| 21 | - Spawns `git-receive-pack` as a subprocess | ||
| 22 | - We can intercept **before** spawning Git | ||
| 23 | - Full access to request body for parsing ref updates | ||
| 24 | |||
| 25 | ### Advantages | ||
| 26 | |||
| 27 | 1. **Better Error Handling**: Direct HTTP responses vs. parsing hook stderr | ||
| 28 | 2. **Simpler Deployment**: Single binary, no hook management | ||
| 29 | 3. **Easier Testing**: Pure Rust unit tests, no shell scripts | ||
| 30 | 4. **Better Performance**: Skip Git spawn for invalid pushes | ||
| 31 | 5. **Tighter Integration**: Shared state between Git and Nostr | ||
| 32 | |||
| 33 | ### Architecture | ||
| 34 | |||
| 35 | ``` | ||
| 36 | Client Request | ||
| 37 | ↓ | ||
| 38 | actix-web Router | ||
| 39 | ↓ | ||
| 40 | git_receive_pack handler | ||
| 41 | ↓ | ||
| 42 | Parse ref updates from body | ||
| 43 | ↓ | ||
| 44 | Query local Nostr relay (in-process) | ||
| 45 | ↓ | ||
| 46 | Validate refs against state event | ||
| 47 | ↓ | ||
| 48 | Valid? ──No──→ HTTP 403 Error | ||
| 49 | ↓ | ||
| 50 | Yes | ||
| 51 | ↓ | ||
| 52 | Spawn git-receive-pack | ||
| 53 | ↓ | ||
| 54 | Stream to/from Git | ||
| 55 | ↓ | ||
| 56 | Return response to client | ||
| 57 | ``` | ||
| 58 | |||
| 59 | ## Documentation Created | ||
| 60 | |||
| 61 | ### 1. README.md | ||
| 62 | - Project overview and goals | ||
| 63 | - Quick start guide | ||
| 64 | - Feature list and GRASP compliance | ||
| 65 | - Technology stack | ||
| 66 | - Comparison with reference implementation | ||
| 67 | |||
| 68 | ### 2. docs/ARCHITECTURE.md | ||
| 69 | - Detailed architectural design | ||
| 70 | - Component breakdown with code examples | ||
| 71 | - Data flow diagrams | ||
| 72 | - Implementation details for: | ||
| 73 | - Git protocol handling | ||
| 74 | - Nostr relay configuration | ||
| 75 | - Push validation logic | ||
| 76 | - Repository management | ||
| 77 | - Performance considerations | ||
| 78 | - Testing strategy | ||
| 79 | - Future extensions (GRASP-02, GRASP-05) | ||
| 80 | - Deployment options | ||
| 81 | |||
| 82 | ### 3. docs/DECISION_SUMMARY.md | ||
| 83 | - Investigation findings | ||
| 84 | - Hook vs. inline comparison | ||
| 85 | - Detailed rationale for inline approach | ||
| 86 | - Concerns and mitigations | ||
| 87 | - Next steps | ||
| 88 | |||
| 89 | ### 4. docs/COMPARISON.md | ||
| 90 | - Side-by-side comparison with ngit-relay | ||
| 91 | - Component breakdown | ||
| 92 | - Performance estimates | ||
| 93 | - Code complexity analysis | ||
| 94 | - Migration path | ||
| 95 | - When to choose each implementation | ||
| 96 | |||
| 97 | ### 5. docs/GIT_PROTOCOL.md | ||
| 98 | - Git Smart HTTP protocol reference | ||
| 99 | - Pkt-line format explanation | ||
| 100 | - Ref update parsing | ||
| 101 | - Validation logic examples | ||
| 102 | - Integration with actix-web | ||
| 103 | - Testing examples | ||
| 104 | |||
| 105 | ### 6. .env.example | ||
| 106 | - Configuration template | ||
| 107 | |||
| 108 | ## Technology Stack | ||
| 109 | |||
| 110 | ### Core | ||
| 111 | - **Rust 1.75+**: Language | ||
| 112 | - **actix-web 4**: HTTP server | ||
| 113 | - **tokio**: Async runtime | ||
| 114 | |||
| 115 | ### Git | ||
| 116 | - **git-http-backend 0.1.3**: Git protocol handling | ||
| 117 | - **tokio::process**: Git subprocess management | ||
| 118 | |||
| 119 | ### Nostr | ||
| 120 | - **nostr-relay-builder 0.43**: Relay infrastructure | ||
| 121 | - **nostr-sdk 0.43**: Event handling and validation | ||
| 122 | |||
| 123 | ### Storage | ||
| 124 | - **LMDB or NDB**: Event storage (via nostr-relay-builder) | ||
| 125 | - **File system**: Git repositories | ||
| 126 | |||
| 127 | ## Project Structure | ||
| 128 | |||
| 129 | ``` | ||
| 130 | ngit-grasp/ | ||
| 131 | ├── src/ | ||
| 132 | │ ├── main.rs # Server setup | ||
| 133 | │ ├── config.rs # Configuration | ||
| 134 | │ ├── git/ | ||
| 135 | │ │ ├── mod.rs | ||
| 136 | │ │ ├── handler.rs # Git HTTP handlers | ||
| 137 | │ │ └── authorization.rs # Push validation | ||
| 138 | │ ├── nostr/ | ||
| 139 | │ │ ├── mod.rs | ||
| 140 | │ │ ├── relay.rs # Relay setup | ||
| 141 | │ │ └── events.rs # Event handlers | ||
| 142 | │ └── storage/ | ||
| 143 | │ ├── mod.rs | ||
| 144 | │ └── repository.rs # Repo management | ||
| 145 | ├── docs/ | ||
| 146 | │ ├── ARCHITECTURE.md # Detailed design | ||
| 147 | │ ├── DECISION_SUMMARY.md # Why inline auth | ||
| 148 | │ ├── COMPARISON.md # vs ngit-relay | ||
| 149 | │ └── GIT_PROTOCOL.md # Protocol reference | ||
| 150 | ├── tests/ | ||
| 151 | │ ├── integration/ | ||
| 152 | │ └── fixtures/ | ||
| 153 | ├── README.md # Overview | ||
| 154 | ├── .env.example # Config template | ||
| 155 | └── Cargo.toml # Dependencies | ||
| 156 | ``` | ||
| 157 | |||
| 158 | ## Implementation Complexity | ||
| 159 | |||
| 160 | ### What We Need to Build | ||
| 161 | |||
| 162 | 1. **Git Protocol Parsing** (~500 LOC) | ||
| 163 | - Pkt-line parser | ||
| 164 | - Ref update extraction | ||
| 165 | - Request/response handling | ||
| 166 | |||
| 167 | 2. **Authorization Logic** (~300 LOC) | ||
| 168 | - Maintainer resolution (recursive) | ||
| 169 | - State validation | ||
| 170 | - PR ref handling | ||
| 171 | |||
| 172 | 3. **Nostr Relay Setup** (~100 LOC) | ||
| 173 | - Policies for announcements | ||
| 174 | - Event hooks | ||
| 175 | - NIP-11 configuration | ||
| 176 | |||
| 177 | 4. **Repository Management** (~200 LOC) | ||
| 178 | - Create/configure repos | ||
| 179 | - Path management | ||
| 180 | - Git command execution | ||
| 181 | |||
| 182 | 5. **Main Server** (~200 LOC) | ||
| 183 | - Route configuration | ||
| 184 | - State management | ||
| 185 | - Error handling | ||
| 186 | |||
| 187 | **Total: ~1,300-1,500 LOC** (similar to reference implementation) | ||
| 188 | |||
| 189 | ### What We Get from Libraries | ||
| 190 | |||
| 191 | - Nostr relay infrastructure (WebSocket, event store, etc.) | ||
| 192 | - Git protocol basics (upload-pack, receive-pack) | ||
| 193 | - Async runtime and HTTP server | ||
| 194 | - Nostr event parsing and validation | ||
| 195 | |||
| 196 | ## GRASP Compliance Roadmap | ||
| 197 | |||
| 198 | ### Phase 1: GRASP-01 Core (MVP) | ||
| 199 | - [ ] Basic HTTP server with routing | ||
| 200 | - [ ] Nostr relay with announcement policies | ||
| 201 | - [ ] Git upload-pack (clone/fetch) | ||
| 202 | - [ ] Git receive-pack with inline validation | ||
| 203 | - [ ] Repository provisioning on announcements | ||
| 204 | - [ ] Multi-maintainer support | ||
| 205 | - [ ] refs/nostr/* support for PRs | ||
| 206 | - [ ] CORS support | ||
| 207 | - [ ] NIP-11 relay info | ||
| 208 | |||
| 209 | ### Phase 2: GRASP-02 Proactive Sync | ||
| 210 | - [ ] Background event sync from listed relays | ||
| 211 | - [ ] Background Git sync from listed clones | ||
| 212 | - [ ] PR data fetching | ||
| 213 | |||
| 214 | ### Phase 3: GRASP-05 Archive | ||
| 215 | - [ ] Accept non-listed repositories | ||
| 216 | - [ ] Mirror/backup mode | ||
| 217 | |||
| 218 | ## Risks and Mitigations | ||
| 219 | |||
| 220 | ### Risk 1: Git Protocol Complexity | ||
| 221 | **Impact**: Medium | ||
| 222 | **Likelihood**: Low | ||
| 223 | **Mitigation**: Well-documented protocol, reference implementation exists, comprehensive testing | ||
| 224 | |||
| 225 | ### Risk 2: Performance of Inline Validation | ||
| 226 | **Impact**: Low | ||
| 227 | **Likelihood**: Low | ||
| 228 | **Mitigation**: State caching, async validation, benchmarking | ||
| 229 | |||
| 230 | ### Risk 3: nostr-relay-builder API Changes | ||
| 231 | **Impact**: Medium | ||
| 232 | **Likelihood**: Medium (it's in alpha) | ||
| 233 | **Mitigation**: Pin versions, monitor upstream, abstract relay interface | ||
| 234 | |||
| 235 | ### Risk 4: Compatibility with ngit Clients | ||
| 236 | **Impact**: High | ||
| 237 | **Likelihood**: Low | ||
| 238 | **Mitigation**: Follow GRASP spec exactly, test with ngit CLI | ||
| 239 | |||
| 240 | ## Success Criteria | ||
| 241 | |||
| 242 | 1. **Functional**: | ||
| 243 | - ✅ Accept repository announcements | ||
| 244 | - ✅ Provision Git repositories | ||
| 245 | - ✅ Validate pushes against state events | ||
| 246 | - ✅ Serve clones/fetches | ||
| 247 | - ✅ Support multi-maintainer repos | ||
| 248 | - ✅ Handle PR refs | ||
| 249 | |||
| 250 | 2. **Performance**: | ||
| 251 | - ✅ < 50ms push validation overhead | ||
| 252 | - ✅ < 100MB memory usage | ||
| 253 | - ✅ Handle 100+ concurrent connections | ||
| 254 | |||
| 255 | 3. **Quality**: | ||
| 256 | - ✅ >80% test coverage | ||
| 257 | - ✅ No clippy warnings | ||
| 258 | - ✅ Comprehensive error handling | ||
| 259 | - ✅ Good logging/observability | ||
| 260 | |||
| 261 | 4. **Compliance**: | ||
| 262 | - ✅ GRASP-01 compliant | ||
| 263 | - ✅ NIP-34 compliant | ||
| 264 | - ✅ NIP-11 compliant | ||
| 265 | - ✅ Works with ngit CLI | ||
| 266 | |||
| 267 | ## Next Steps | ||
| 268 | |||
| 269 | ### Immediate (Week 1) | ||
| 270 | 1. Set up Cargo workspace | ||
| 271 | 2. Define core types (RefUpdate, RepositoryState, etc.) | ||
| 272 | 3. Implement pkt-line parser | ||
| 273 | 4. Write parser tests | ||
| 274 | |||
| 275 | ### Short-term (Week 2-3) | ||
| 276 | 1. Implement Nostr relay with policies | ||
| 277 | 2. Implement Git upload-pack handler | ||
| 278 | 3. Implement Git receive-pack with validation | ||
| 279 | 4. Repository management | ||
| 280 | |||
| 281 | ### Medium-term (Week 4-6) | ||
| 282 | 1. Integration testing | ||
| 283 | 2. GRASP-01 compliance testing | ||
| 284 | 3. Documentation | ||
| 285 | 4. Performance optimization | ||
| 286 | |||
| 287 | ### Long-term (Month 2+) | ||
| 288 | 1. GRASP-02 implementation | ||
| 289 | 2. Production hardening | ||
| 290 | 3. Deployment tooling | ||
| 291 | 4. Community feedback | ||
| 292 | |||
| 293 | ## Questions for Review | ||
| 294 | |||
| 295 | 1. **Architecture**: Does the inline authorization approach make sense? | ||
| 296 | 2. **Complexity**: Is the estimated LOC reasonable? | ||
| 297 | 3. **Dependencies**: Are the chosen libraries appropriate? | ||
| 298 | 4. **Scope**: Should we start with GRASP-01 only, or include GRASP-02? | ||
| 299 | 5. **Testing**: What level of testing is needed before first release? | ||
| 300 | 6. **Deployment**: Single binary, Docker, or both? | ||
| 301 | |||
| 302 | ## Recommendation | ||
| 303 | |||
| 304 | **Proceed with implementation** using the inline authorization architecture. | ||
| 305 | |||
| 306 | The design is: | ||
| 307 | - ✅ Technically sound | ||
| 308 | - ✅ Pragmatic and achievable | ||
| 309 | - ✅ Superior to hook-based approach | ||
| 310 | - ✅ Well-documented | ||
| 311 | - ✅ Testable | ||
| 312 | - ✅ GRASP-compliant | ||
| 313 | |||
| 314 | The Rust ecosystem provides excellent libraries for both Git and Nostr, making this implementation both feasible and maintainable. | ||
| 315 | |||
| 316 | ## References | ||
| 317 | |||
| 318 | - [GRASP Protocol](https://gitworkshop.dev/danconwaydev.com/grasp) | ||
| 319 | - [ngit-relay (Reference)](https://gitworkshop.dev/npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr/ngit-relay) | ||
| 320 | - [NIP-34: Git Stuff](https://nips.nostr.com/34) | ||
| 321 | - [git-http-backend crate](https://crates.io/crates/git-http-backend) | ||
| 322 | - [nostr-relay-builder crate](https://crates.io/crates/nostr-relay-builder) | ||