Version control + package distribution in one protocol.
BLAKE3 content-addressing. Ed25519 identity. Built in Janus.
One protocol. One identity. One manifest.
Ship code, distribute packages, prove integrity – without ever touching GitHub again.
What happens when you build a VCS from the physics up, without 30 years of accidental complexity.
BLAKE3 CIDs. The hash is the name. Every object is immutable, every reference is a proof. Physics, not policy.
graf1 + hex(BLAKE3(type_byte ++ content)). 69 characters. Deterministic.Wall clock + Lamport counter + local sequence. Every event has a total causal order. CRDT-safe. Merge without coordination.
Ed25519 keypairs. Your public key is your identity. No usernames, no passwords, no OAuth, no KYC. SoulKeyID – 20 characters, zero PII, permanent. Works the same for humans and autonomous agents.
grf1 + hex(BLAKE3(pubkey)[0:8]). Challenge-response auth. No secrets on the wire.24,600 lines. Full VCS + package manager: checkpoint, diff, merge, cherry-pick, blame, release, stash, sync, publish. 24 commands. Clarity is the architecture.
Graf doesn't lock you out of the old ecosystem. graf sync push redistributes your repository to any legacy git remote – GitHub, GitLab, Gitea, bare SSH. Sovereign at the core, compatible at the edge.
Git has one protocol for code and npm/pip/cargo for packages. Graf unifies both. GTP – the Graf Transfer Protocol – handles version control, package distribution, and identity in a single wire protocol. Push code and publish packages through the same endpoint, with the same key.
Ed25519 challenge → sign → session nonce. No passwords stored. No tokens to rotate. BLAKE3(challenge ++ sig ++ secret) derives the session.
R2-backed CAS. Push objects by CID, pull by CID. HEAD to check existence. Batch existence queries. Every write is idempotent.
Compare-and-swap on every ref write. Race-safe. old_cid must match or the update is rejected. Tags are immutable once created.
Pack multiple objects into a single framed stream. Length-prefixed frames, BLAKE3 footer checksum. Efficient clone and fetch.
Same protocol, same identity. graf publish seals a package with your SoulKey, pushes to the registry. graf resolve pulls deps by CID.
Every endpoint tested against the live forge. Auth, repos, CAS, refs, GPAK, conflicts, error cases. Zero-dependency Node.js test suite.
Everything you need to version, build, publish, and collaborate – sovereign from edge to forge.
24 commands. Single binary built with janus build. Checkpoint, diff, merge, blame, stash, release, sync. Sub-100ms status via stat cache.
GTP v1.1 server on Cloudflare Workers. R2 for objects, D1 for refs, KV for sessions. BLAKE3 WASM for all crypto. Ed25519 verification at the edge. Cloudflare-independent local backends coming soon – self-host your own forge.
SemVer 2.0 resolution, BFS dependency solver, KDL manifests, RFC 8785 lockfiles. Seal, sign, publish, verify. Transparency log with BLAKE3 chain.
Repository browsing, ref explorer, package registry UI, SoulKey management. The GitHub/GitLab replacement – without the surveillance.
Git was designed for humans typing at terminals in 2005. Twenty years later, AI agents generate more commits than people in some repositories. Graf was designed for this world. Agent collaboration isn't a plugin or a wrapper – it's why the architecture exists.
Each agent operates on its own branch. No lock contention. No index.lock. Parallel work by design, merge when ready.
Agents implement a typed WorkFn callback. The nursery schedules, supervises, and collects results. Structured concurrency for version control.
Three-level nested nurseries: supervisor → agent → scanner. Budget fairness. Structured cancellation. If an agent panics, its siblings survive.
Every merge can be gated: approve, reject, hold. Human-in-the-loop or fully autonomous – the policy is configurable, not hardcoded.
Three-way conflict entries carry base_cid, ours_cid, theirs_cid. Agents can resolve programmatically. No interactive prompts needed.
Every agent gets an Ed25519 keypair. SoulKeyID identifies the agent permanently. No shared credentials. Audit trail is cryptographic, not string-based.
Git asks "who typed this?" – Graf asks "what caused this, and can you prove it?"
Four version control systems. Three decades of evolution. One table.
| Feature | CVS | Git | Mercurial | Graf |
|---|---|---|---|---|
| Storage model | RCS deltas per file | Snapshot DAG, packfiles | Revlog delta chains | Merkle DAG, BLAKE3 CIDs, CBOR |
| Content addressing | None (sequential revnums) | SHA-1 (SHA-256 transition) | SHA-1 nodeid | BLAKE3, prefix-sharded CAS |
| Branching | Directory copies | Lightweight refs | Named branches / bookmarks | Named refs + per-agent branches |
| Merge strategy | Manual | Recursive 3-way + rename detect | 3-way with bdiff | LCA via alternating BFS + 3-way tree+line merge |
| Timestamps | Wall clock | Wall clock + timezone | Wall clock + timezone | Three-clock: wall + Lamport + sequence (CRDT-safe) |
| Wire protocol | pserver / SSH | git:// / SSH / HTTP smart | SSH / HTTP | GTP v1.1 – unified VCS + package distribution |
| Package distribution | None | None (npm/pip/cargo separate) | None | Native: Janus Hinge & Nexus OS Nip packages & your sources over same protocol, same identity |
| Identity / auth | Unix user | Author string, GPG optional | Author string | Ed25519 SoulKeyID + challenge-response. Zero PII. |
| Agent awareness | None | None | None | Native: per-agent branches, WorkFn, nursery supervision, policy hooks, three-way conflict CIDs |
| Concurrency | Single-threaded, lock files | Single-threaded + index.lock | Single-threaded | M:N fiber scheduler, nursery-structured concurrency |
| Codebase | ~80K lines C | ~400K lines C | ~200K lines Python/C | ~24.6K lines Janus + Zig |
| Crypto | None | SHA-1 (migrating SHA-256) | SHA-1 | BLAKE3 everywhere. Ed25519 signatures. Zero SHA. |
CVS counted files. Git counted snapshots. Graf counts meaning. And it does it in 24,600 lines because it doesn't carry 30 years of accidental complexity.
Single static binary. Clone, build, run. Requires Janus (Zig 0.16+ backend).
# build graf CLI janus build # initialize repository graf init myproject # content-addressed snapshot graf checkpoint "first snapshot" # stat-cached, sub-100ms graf status # Merkle DAG history graf log # signed release with test proof graf release create v1.0.0 --run-tests # verify the signature graf release verify v1.0.0 # → VALID: Ed25519 signature verified # push to forge graf sync push # publish package graf publish # → Sealed with SoulKey grf1a3f8c2e1...
Everything a VCS should do. Nothing it shouldn't.
init Initialize repositorystatus Stat-cached change detectioncheckpoint Content-addressed snapshotlog DAG history with three-clock timestampsdiff Myers O(ND) line-level diffcat Inspect any CAS object by CIDbranch Create, switch, list, deletemerge LCA + 3-way tree+line mergecherry-pick Apply checkpoint to current branchrevert Undo checkpoint's changesstash Snapshot/restore dirty stateblame Line-level attributionfsck Full DAG integrity verificationcheckout Materialize tree by CIDrelease create Ed25519-signed certificaterelease verify Cryptographic signature checktag create Lightweight named ref to CIDpublish Seal and push Hinge packagesync push Push to forge or git remotesync pull Pull from forge or git remoteimport Import git historydaemon Unix socket serverFive subsystems. Auditable in an afternoon. No magic.
BLAKE3 CIDs with graf1 prefix. Prefix-sharded object directory, transparent deflate compression. CIDs hash raw content – compression is invisible. graf fsck verifies the entire graph.
Five types: Blob → Tree → Change → Checkpoint → Release. All CBOR-serialized. Checkpoints form the DAG. Tags and releases are cryptographic – not faith.
Ed25519 keypair = identity. SoulKeyID = grf1 + BLAKE3(pubkey)[0:8]. 20 characters, zero PII, permanent. No KYC – for humans and agents alike. Challenge-response auth – no passwords on the wire, no tokens to rotate.
LCA via alternating BFS (depth limit 10K). Three-way tree + line-level merge. Conflict entries carry base_cid, ours_cid, theirs_cid for programmatic resolution.
Ed25519-signed release objects binding version + checkpoint + tree CID. --run-tests embeds verified test counts. Git tags are faith. Graf releases are receipts.
17 endpoints over HTTPS. CAS per-object, refs with atomic CAS, GPAK bulk transfer, challenge-response auth. BLAKE3 WASM at the edge. Cloudflare Workers + R2 + D1.
"Git tags are faith. Graf releases are receipts."
Ed25519-signed release certificates with embedded test proof. The version, the checkpoint, the tree, the signature – all in one CAS object, verified by BLAKE3.