Version control that makes sense.
Content-addressed, cryptographically signed, agent-native – and actually fun to use.
One protocol. One identity. One manifest.
Ship code, distribute packages, prove integrity – without ever touching GitHub again.
What happens when you build a VCS from the physics up, without 30 years of accidental complexity.
BLAKE3 CIDs. The hash is the name. Every object is immutable, every reference is a proof. Physics, not policy.
Wall clock + Lamport counter + local sequence. Every event has a total causal order. CRDT-safe. Merge without coordination.
Ed25519 keypairs. Your public key is your identity. No usernames, no passwords, no OAuth, no KYC. SoulKeyID – 20 characters, zero PII, permanent.
~26,000 lines of Janus + Zig. Full VCS + package manager + native transport. 35+ commands. Git needs 400K lines for less.
graf sync push redistributes your repository to any legacy git remote – GitHub, GitLab, Gitea, bare SSH. Sovereign at the core, compatible at the edge.
Git has one protocol for code and npm/pip/cargo for packages. Graf unifies both. GTP – the Graf Transfer Protocol – handles version control, package distribution, and identity in a single wire protocol. Push code and publish packages through the same endpoint, with the same key.
Ed25519 challenge → sign → session nonce. No passwords stored. No tokens to rotate.
BLAKE3(challenge ++ sig ++ secret) R2-backed CAS. Push objects by CID, pull by CID. HEAD to check existence. Every write is idempotent.
Compare-and-swap on every ref write. Race-safe. Tags are immutable once created.
old_cid must match or reject Pack multiple objects into a single framed stream. Length-prefixed frames, BLAKE3 footer checksum.
Same protocol, same identity. graf publish seals a package with your SoulKey, pushes to the registry.
graf publish → graf resolve 68 integration tests against the live forge + 38 wire protocol tests. Auth, repos, CAS, refs, GPAK, SBI. Zero regressions.
Everything you need to version, build, publish, and collaborate – sovereign from edge to forge.
35+ commands. Single binary built with Janus + Zig. Checkpoint, diff, merge, blame, stash, release, sync, push, clone. Sub-100ms status via stat cache.
GTP v1.1 server on Cloudflare Workers. R2 for objects, D1 for refs, KV for sessions. BLAKE3 WASM at the edge. Self-hostable local backends coming soon.
SemVer 2.0 resolution, BFS dependency solver, KDL manifests, RFC 8785 lockfiles. Seal, sign, publish, verify. Transparency log with BLAKE3 chain.
Repository browsing, ref explorer, package registry, DAG visualization, merge requests. The GitHub replacement – federated, sovereign, surveillance-free.
Git was designed for humans typing at terminals in 2005. Twenty years later, AI agents generate more commits than people in some repositories. Graf was designed for this world. Agent collaboration isn't a plugin or a wrapper – it's why the architecture exists.
Each agent operates on its own branch. No lock contention. No index.lock. Parallel work by design, merge when ready.
Agents implement a typed WorkFn callback. The nursery schedules, supervises, and collects results. Structured concurrency for version control.
Three-level nested nurseries: supervisor → agent → scanner. Budget fairness. Structured cancellation. If an agent panics, its siblings survive.
Every merge can be gated: approve, reject, hold. Human-in-the-loop or fully autonomous – the policy is configurable, not hardcoded.
Three-way conflict entries carry base_cid, ours_cid, theirs_cid. Agents can resolve programmatically. No interactive prompts needed.
Every agent gets an Ed25519 keypair. SoulKeyID identifies the agent permanently. No shared credentials. Audit trail is cryptographic.
Git asks "who typed this?" – Graf asks "what caused this, and can you prove it?"
Four version control systems. Three decades of evolution. One table.
| Feature | CVS | Git | Mercurial | Graf |
|---|---|---|---|---|
| Storage model | RCS deltas per file | Snapshot DAG, packfiles | Revlog delta chains | Merkle DAG, BLAKE3 CIDs, CBOR |
| Content addressing | None (sequential revnums) | SHA-1 (SHA-256 transition) | SHA-1 nodeid | BLAKE3, prefix-sharded CAS |
| Branching | Directory copies | Lightweight refs | Named branches / bookmarks | Named refs + per-agent branches |
| Merge strategy | Manual | Recursive 3-way + rename detect | 3-way with bdiff | LCA via alternating BFS + 3-way tree+line merge |
| Timestamps | Wall clock | Wall clock + timezone | Wall clock + timezone | Three-clock: wall + Lamport + sequence (CRDT-safe) |
| Wire protocol | pserver / SSH | git:// / SSH / HTTP smart | SSH / HTTP | GTP v1.1 – unified VCS + package distribution |
| Package distribution | None | None (npm/pip/cargo separate) | None | Native: Hinge + Nip packages over same protocol |
| Identity / auth | Unix user | Author string, GPG optional | Author string | Ed25519 SoulKeyID + challenge-response. Zero PII. |
| Agent awareness | None | None | None | Native: per-agent branches, nursery supervision, policy hooks |
| Concurrency | Single-threaded, lock files | Single-threaded + index.lock | Single-threaded | M:N fiber scheduler, nursery-structured concurrency |
| Codebase | ~80K lines C | ~400K lines C | ~200K lines Python/C | ~26K lines Janus + Zig |
| Crypto | None | SHA-1 (migrating SHA-256) | SHA-1 | BLAKE3 everywhere. Ed25519 signatures. Zero SHA. |
CVS counted files. Git counted snapshots. Graf counts meaning. And it does it in ~26,000 lines – including native push to its own forge – because it doesn't carry 30 years of accidental complexity.
Single static binary. GTP-native push. No build step required.
# download prebuilt binary (Linux, macOS, soon: Brew) curl -fsSL https://graf.tools/install.sh | sh # initialize repository graf init myproject # content-addressed snapshot graf checkpoint "first snapshot" # stat-cached, sub-100ms graf status # Merkle DAG history graf log # signed release with test proof graf release create v1.0.0 --run-tests # generate your SoulKey identity (once, global) graf key generate # → SoulKey: grf:a8b7c9d2 + Ed25519 keypair # add remote & push natively via GTP graf remote add origin https://grafhub.org grf:a8b7c9d2/myproject graf push # → Push complete: 4 objects, 176 bytes, 1 ref updated
Version control, native push, package distribution, git interop. Everything.
init Initialize repository status Stat-cached change detection checkpoint Content-addressed snapshot log DAG history with three-clock timestamps diff Myers O(ND) line-level diff cat Inspect any CAS object by CID branch Create, switch, list, delete merge LCA + 3-way tree+line merge cherry-pick Apply checkpoint to current branch revert Undo checkpoint's changes stash Snapshot/restore dirty state explore Lightweight experimental branches blame Line-level attribution fsck Full DAG integrity verification checkout Materialize tree by CID release create Ed25519-signed certificate release verify Cryptographic signature check tag create Lightweight named ref to CID publish Seal and push Hinge package push Push objects + refs to GrafHub pull Pull from remote registry clone Clone a remote repository remote Add, list, remove remotes key generate Create global Ed25519 identity sync push Redistribute to git remotes sync pull Import from git remotes import Import git history daemon Unix socket server + MCP cas push Bulk CAS object sync Five subsystems. Auditable in an afternoon. No magic.
BLAKE3 CIDs with graf1 prefix. Prefix-sharded object directory, transparent deflate compression. graf fsck verifies the entire graph.
Five types: Blob → Tree → Change → Checkpoint → Release. All CBOR-serialized. Checkpoints form the DAG. Releases are cryptographic – not faith.
Ed25519 keypair = identity. SoulKeyID = grf: + BLAKE3(pubkey)[0:8]. 20 characters, zero PII. Challenge-response auth – no passwords on the wire.
LCA via alternating BFS (depth limit 10K). Three-way tree + line-level merge. Conflict entries carry base, ours, theirs CIDs for programmatic resolution.
Ed25519-signed release objects binding version + checkpoint + tree CID. --run-tests embeds verified test counts. Git tags are faith. Graf releases are receipts.
17 endpoints over HTTPS. CAS per-object, refs with atomic CAS, GPAK bulk transfer, challenge-response auth. BLAKE3 WASM at the edge.
"Git tags are faith. Graf releases are receipts."
Ed25519-signed release certificates with embedded test proof. The version, the checkpoint, the tree, the signature – all in one CAS object, verified by BLAKE3.
Four sovereign licenses covering the full spectrum from fully open to commercial-safe.
File-level copyleft. Use freely; modifications to core files must be shared back. Linking and applications remain proprietary.
Read full text →Strong copyleft. Network deployments must publish source. Ensures SaaS cannot hide source behind a paywall.
Read full text →Permissive. Use, modify, close the source, sell the result. Attribution only. For specs, docs, and protocols.
Read full text →Glass Box. Binary distribution allowed if build provenance is published. For commercial deployments with verifiability.
Read full text →Preamble: This License fosters a sovereign, decentralized ecosystem. It creates a balance between proprietary commercial use and communal innovation. 1. Grant of Rights: Each Contributor grants a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable license to reproduce, prepare Derivative Works of, publicly display, sublicense, and distribute the Contribution. 2. The Reciprocity Rule: If You distribute the Contribution in Executable Form, you must make the Source Code Form of any Modifications available under the terms of this License. This requirement applies only to the files of the Contribution itself that You have modified. 3. Larger Works: You may create and distribute a Larger Work under terms of Your choice. The Reciprocity requirement does not extend to Your independent code that links to or consumes the Contribution. Disclaimer: THIS SOFTWARE IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND. Governing Law: The Netherlands (Amsterdam courts).
Preamble: This License ensures software remains a common good, regardless of how it is distributed or accessed. It closes the "Service Loophole." 1. Grant of Rights: Each Contributor grants a perpetual, worldwide, non-exclusive, no-charge, royalty-free license to reproduce, prepare Derivative Works of, publicly display, sublicense, and distribute the Work. 2. The Service Rule (SaaS Loophole Closed): If You perform a Network Deployment of the Work or a Derivative Work, you must make the complete Source Code available to all users interacting with it. 3. Copyleft Scope: If You create a Derivative Work, the entirety of that Derivative Work must be licensed under this License. Disclaimer: THE WORK IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND. Governing Law: The Netherlands (Amsterdam courts).
Preamble: This License is designed for maximum velocity and adoption. It grants absolute freedom to use, modify, and distribute the Work. 1. The "Do Anything" Clause: Each Contributor grants a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable license to reproduce, prepare Derivative Works of, publicly display, sublicense, and distribute the Work. 2. Freedom of Modification: You are not required to share the source code of Your modifications. You may create proprietary Derivative Works. 3. Attribution: The only condition is that You must include the original copyright notice and a copy of this License in any significant distribution. Disclaimer: THE WORK IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND. Governing Law: The Netherlands (Amsterdam courts).
Preamble: This License is a compact of trust for commercial entities. The "Glass Box" model: You may hide the source code, but you cannot hide the build process. 1. Commercial Distribution: You may distribute the Work in Executable Form without releasing the Source Code, subject to signed binaries and Build Manifests. 2. End User Rights: The End User receives a non-exclusive, perpetual license to run, install, and use the Work. 3. The Glass Box Rule: If a compliance audit reveals malicious code not in declared dependencies, the Registered Entity status and this License are immediately revoked. Disclaimer: THE WORK IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND. Governing Law: The Netherlands (Amsterdam courts).