feat: content-addressed provenance with sig: prefix#12
Merged
laulauland merged 1 commit intomainfrom Mar 30, 2026
Merged
Conversation
6 tasks
Replace VCS-based provenance (@git-sha) with content-addressed signatures (@sig:<xxhash3-hex>). Staleness is now detected by comparing fingerprints directly — no VCS calls needed. This fixes provenance invalidation from rebasing/amending (issue #10) and enables linking uncommitted files (#9). For supported languages, signatures use AST-normalized fingerprints (same tree-sitter infrastructure). For unsupported languages, raw XxHash3 hash. Blame is decoupled from provenance — derived from spec's last-modified commit instead. Legacy @<git-sha> provenance continues to work unchanged.
laulauland
force-pushed
the
lau/content-sig
branch
from
9263d01 to
9d3a795
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace VCS-based provenance (
@git-sha) with content-addressed signatures (@sig:<xxhash3-hex>). Staleness is detected by comparing fingerprints directly — no VCS calls needed.This fixes:
How it works
drift linkcomputes an XxHash3 fingerprint of the file (or symbol's AST subtree) and stamps it as@sig:<16-hex-chars>.drift checkrecomputes the fingerprint and compares — match means ok, differ means STALE.For supported tree-sitter languages (TypeScript, Python, Rust, Go, Zig, Java), the fingerprint is AST-normalized so formatting-only changes don't trigger staleness. Unsupported languages fall back to raw content hash.
Blame is decoupled from provenance — derived from the spec file's last-modified commit instead of the provenance value.
Migration
Legacy
@<git-sha>provenance continues to work.drift linkalways stampssig:going forward. Specs migrate organically as they get relinked.Changes
checkAnchorBySig,computeFingerprint,computeContentSigfor sig-based check/linkrunLinkcomputes content sigs instead ofgit rev-parseanchorFileIdentityhandlessig:prefixTest plan
drift link spec.md file.tsstamps@sig:provenancedrift link spec.md(blanket) computes per-anchor sigsdrift checkwith@sig:anchors: ok when content matches, STALE when different@<git-sha>anchors continue to work