From 7d54df71de1c20780c0edc41db4657230acf461f Mon Sep 17 00:00:00 2001
From: matthewpeterkort <matthewpeterkort@gmail.com>
Date: Tue, 5 May 2026 13:57:03 -0700
Subject: [PATCH 1/7] fix add error passing

---
 cmd/remote/add/gen3.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/remote/add/gen3.go b/cmd/remote/add/gen3.go
index 9f9ceed7..33151ebc 100644
--- a/cmd/remote/add/gen3.go
+++ b/cmd/remote/add/gen3.go
@@ -99,13 +99,13 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 
 	default:
 		existing, err := configure.Load(remoteName)
-		if err == nil {
+		if err != nil {
+			return fmt.Errorf("failed to load %s config: %w", remoteName, err)
+		} else {
 			accessToken = existing.AccessToken
 			apiKey = existing.APIKey
 			keyID = existing.KeyID
 			apiEndpoint = existing.APIEndpoint
-		} else {
-			return fmt.Errorf("must provide either --cred or --token (or have existing profile %s)", remoteName)
 		}
 	}
 

From 254a25f0b04c0b31074a1b0315b77e5490fc1426 Mon Sep 17 00:00:00 2001
From: Brian <brian@bwalsh.com>
Date: Wed, 6 May 2026 15:28:50 -0700
Subject: [PATCH 2/7] dont delete repo;force push instead (#227)

Co-authored-by: Matthew Peterkort <33436238+matthewpeterkort@users.noreply.github.com>
---
 tests/monorepos/e2e-monorepo-remote.sh | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tests/monorepos/e2e-monorepo-remote.sh b/tests/monorepos/e2e-monorepo-remote.sh
index 7c40376b..a53dc5a2 100755
--- a/tests/monorepos/e2e-monorepo-remote.sh
+++ b/tests/monorepos/e2e-monorepo-remote.sh
@@ -504,7 +504,7 @@ validate_config() {
 configure_remote_auth() {
   MONO_REMOTE_URL_AUTH="$MONO_REMOTE_URL"
   if [[ -n "$TEST_GITHUB_TOKEN" && "$MONO_REMOTE_URL" =~ ^https://github.com/ ]]; then
-    MONO_REMOTE_URL_AUTH="${MONO_REMOTE_URL/https:\/\/github.com\//https:\/\/x-access-token:${TEST_GITHUB_TOKEN}@github.com/}"
+    MONO_REMOTE_URL_AUTH="${MONO_REMOTE_URL/https:\/\/github.com\//https://x-access-token:${TEST_GITHUB_TOKEN}@github.com/}"
   fi
 }
 
@@ -571,11 +571,12 @@ delete_github_repo_if_requested() {
 
   require_cmd gh
   if GH_TOKEN="$TEST_GITHUB_TOKEN" gh api "/repos/${GITHUB_OWNER_REPO}" >/dev/null 2>&1; then
-    log "Deleting existing GitHub repo ${GITHUB_OWNER_REPO} for clean test run"
-    GH_TOKEN="$TEST_GITHUB_TOKEN" gh api -X DELETE "/repos/${GITHUB_OWNER_REPO}" >/dev/null
-    DELETED_REMOTE_REPO_AT_START=true
-    # Small wait to avoid eventual-consistency race with immediate recreation.
-    sleep 2
+    # log "Deleting existing GitHub repo ${GITHUB_OWNER_REPO} for clean test run"
+    # GH_TOKEN="$TEST_GITHUB_TOKEN" gh api -X DELETE "/repos/${GITHUB_OWNER_REPO}" >/dev/null
+    # DELETED_REMOTE_REPO_AT_START=true
+    # # Small wait to avoid eventual-consistency race with immediate recreation.
+    # sleep 2
+    log "Skipping deletion of existing GitHub repo ${GITHUB_OWNER_REPO}; using push -f instead"
   fi
 }
 
@@ -683,7 +684,7 @@ push_dataset() {
   git add .gitattributes
   git commit -m "Initialize LFS tracking" || true
   # Ensure origin/main is established as upstream for subsequent git-drs pushes.
-  git push --set-upstream "$MONO_REMOTE_NAME" "$MONO_GIT_BRANCH"
+  git push -f --set-upstream "$MONO_REMOTE_NAME" "$MONO_GIT_BRANCH"
 
   if [[ "$MONO_RUN_MULTIPART_SMOKE" == "true" ]]; then
     mkdir -p fixtures/multipart-smoke

From 1fda5621ef9cbda55a353deb50f785729ec11dc2 Mon Sep 17 00:00:00 2001
From: Brian <brian@bwalsh.com>
Date: Thu, 7 May 2026 09:14:39 -0700
Subject: [PATCH 3/7] update docs for latest (#226)

* update docs for latest

* document new,non-lfs paths

* extract issues

* refactor lfs out of docs

* update docs

---------

Co-authored-by: matthewpeterkort <matthewpeterkort@gmail.com>
Co-authored-by: Matthew Peterkort <33436238+matthewpeterkort@users.noreply.github.com>
---
 README.md                                     | 174 ++---
 ...sue-add-include-pattern-to-git-drs-pull.md |  51 ++
 docs/adding-s3-files.md                       |  26 +-
 ...-drs-endpoints-and-transfer-concurrency.md | 216 ++++++
 docs/commands.md                              | 639 +++++-------------
 docs/developer-guide.md                       |  21 +-
 docs/drs-registerfile-upsert.md               |   4 +-
 docs/e2e-modes-and-local-setup.md             |   6 +-
 docs/getting-started.md                       | 421 ++++++------
 docs/installation.md                          |  48 +-
 docs/precommit-cache-addurl-prepush.md        |  10 +-
 docs/precommit.md                             |  41 +-
 docs/troubleshooting.md                       | 581 ++++++----------
 13 files changed, 971 insertions(+), 1267 deletions(-)
 create mode 100644 attic/issue-add-include-pattern-to-git-drs-pull.md
 create mode 100644 docs/architecture-drs-endpoints-and-transfer-concurrency.md

diff --git a/README.md b/README.md
index 9fa44367..81ea2f6c 100644
--- a/README.md
+++ b/README.md
@@ -3,143 +3,113 @@
 ---
 # NOTICE
 
-git-drs is not yet fully compliant with DRS. It currently works against Gen3 DRS server. Full GA4GH DRS support is expected once v1.6 of the specification has been published.
+`git-drs` is not a pure GA4GH DRS client. It targets Syfon/Gen3-style DRS workflows and uses extensions where repo-scale behavior requires them.
 
 ---
 
 [![Tests](https://github.com/calypr/git-drs/actions/workflows/test.yaml/badge.svg)](https://github.com/calypr/git-drs/actions/workflows/test.yaml)
 
-**Git/DRS orchestration with optional Git LFS compatibility**
+**Git/DRS orchestration with Git-compatible pointer workflows**
 
-Git DRS manages Git-facing DRS workflows: local metadata, Git hooks, filter behavior, lookup/register/push/pull orchestration, and optional Git LFS compatibility. Provider-specific transfer, signed URL behavior, and direct cloud inspection live in client code outside this repo.
+`git-drs` manages:
+
+- remote Gen3/Syfon configuration
+- local DRS metadata
+- pointer-aware push/pull orchestration
+- bucket-scoped object reference workflows
 
 ## Key Features
 
-- **Unified Workflow**: Manage both code and large data files using standard Git commands
-- **DRS Integration**: Built-in support for Gen3 DRS servers
-- **Multi-Remote Support**: Work with development, staging, and production servers in one repository
-- **Automatic Processing**: Files are processed automatically during commits and pushes
-- **Flexible Tracking**: Track individual files, patterns, or entire directories
+- unified Git/data workflow around DRS-backed pointers
+- Gen3/Syfon integration
+- multiple remotes in one repository
+- explicit file tracking and hydration
+- metadata-only reference support for existing bucket objects
 
 ## How It Works
 
-Git DRS works alongside Git LFS when you want LFS-compatible pointers and storage, while still supporting DRS-centric workflows:
+At a high level:
 
-1. **Initialization**: Set up repository and DRS server configuration
-2. **Automatic Commits**: Create DRS objects during pre-commit hooks
-3. **Automatic Pushes**: Register files with DRS servers and upload to configured storage
-4. **On-Demand Downloads**: Pull specific files or patterns as needed
+1. initialize the repository with `git drs init`
+2. configure a remote for one `organization/project`
+3. track file patterns with `git drs track`
+4. add/commit/push normally
+5. hydrate pointer files later with `git drs pull`
 
 ## Quick Start
 
-### Installation
-
 ```bash
-# Install Git LFS first
-brew install git-lfs  # macOS
-git lfs install --skip-smudge
-
-# Install Git DRS
-/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)" -- $GIT_DRS_VERSION
-
-# Install global Git filter configuration for git-drs
 git drs install
-```
-
-### Basic Usage
-
-```bash
-# Initialize repository (one-time Git repo setup)
 git drs init
-
-# Add DRS remote
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --organization my-program \
-    --project my-project \
-    --bucket my-bucket
-
-# Required prerequisite (usually steward/admin setup):
-# create bucket credentials, then map org/project to full storage roots before users run push/pull
-git drs bucket add production \
-    --bucket my-bucket \
-    --region us-east-1 \
-    --access-key "$AWS_ACCESS_KEY_ID" \
-    --secret-key "$AWS_SECRET_ACCESS_KEY" \
-    --s3-endpoint https://s3.amazonaws.com
-git drs bucket add-organization production \
-    --organization my-program \
-    --path s3://my-bucket/my-program
-git drs bucket add-project production \
-    --organization my-program \
-    --project my-project \
-    --path s3://my-bucket/my-program/my-project
-
-# Track files
-git lfs track "*.bam"
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+git drs track "*.bam"
 git add .gitattributes
-
-# Add and commit files
-git add my-file.bam
-git commit -m "Add data file"
+git add sample.bam
+git commit -m "Add sample"
 git push
-
-# Download files
-git lfs pull -I "*.bam"
+git drs ls-files
+git drs pull -I "*.bam"
 ```
 
-## Documentation
+## Current CLI Shape
 
-For detailed setup and usage information:
+The cleaned CLI intentionally removed legacy commands:
 
-- **[Getting Started](docs/getting-started.md)** - Repository setup and basic workflows
-- **[Commands Reference](docs/commands.md)** - Complete command documentation
-- **[Installation Guide](docs/installation.md)** - Platform-specific installation
-- **[Troubleshooting](docs/troubleshooting.md)** - Common issues and solutions
-- **[E2E Modes + Local Setup](docs/e2e-modes-and-local-setup.md)** - Local vs remote mode, server config, and end-to-end runbooks
-- **[Cloud/Object Integration](docs/adding-s3-files.md)** - Adding files from provider URLs or configured bucket object keys
-- **[Developer Guide](docs/developer-guide.md)** - Internals and development
+- removed:
+  - `git drs fetch`
+  - `git drs list`
+  - `git drs upload`
+  - `git drs download`
+- `git drs pull` is hydration-only
+- `git drs ls-files` is the local file inventory command
+- `git drs remote add gen3` takes scope as `organization/project`
 
-## Supported Servers
+Example:
 
-- **Gen3 Data Commons** (e.g., CALYPR)
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+```
 
-## Supported Environments
+## Bucket Mapping Model
 
-- **Local Development** environments
-- **HPC Systems** (e.g., ARC)
+End users should not need to know the bucket name.
 
-## Commands Overview
+Push and pull depend on server-side bucket mapping for the requested scope. That mapping is normally provisioned once by a steward/admin using the bucket commands.
 
-| Command                | Description                           |
-| ---------------------- | ------------------------------------- |
-| `git drs install`      | Install global git-drs filter config  |
-| `git drs init`         | Initialize repository                 |
-| `git drs remote add`   | Add a DRS remote server               |
-| `git drs remote list`  | List configured remotes               |
-| `git drs remote set`   | Set default remote                    |
-| `git drs add-url`      | Add files via provider URLs or configured bucket object keys |
-| `git lfs track`        | Track file patterns with LFS          |
-| `git lfs ls-files`     | List tracked files                    |
-| `git lfs pull`         | Download tracked files                |
-| `git drs fetch`        | Fetch metadata from DRS server        |
-| `git drs push`         | Push objects to DRS server            |
+## Common Commands
 
-Use `--help` with any command for details. See [Commands Reference](docs/commands.md) for complete documentation.
+| Command | Description |
+| --- | --- |
+| `git drs install` | Install global `git-drs` filter config |
+| `git drs init` | Initialize repository-local `git-drs` state |
+| `git drs remote add gen3 [remote] <org/project>` | Add or refresh a Gen3/Syfon remote |
+| `git drs remote list` | List configured remotes |
+| `git drs remote set <name>` | Set the default remote |
+| `git drs track <pattern>` | Track files or globs |
+| `git drs untrack <pattern>` | Stop tracking files or globs |
+| `git drs ls-files` | List tracked files and localization state |
+| `git drs pull` | Hydrate pointer files in the current checkout |
+| `git drs push` | Register/upload objects and push metadata workflow |
+| `git drs add-url` | Add an existing provider object by URL or scoped key |
+| `git drs add-ref` | Add a local reference to an existing DRS object |
+| `git drs query` | Query a DRS object by ID |
+| `git drs copy-records` | Copy Syfon records between remotes for one scope |
 
-## Requirements
+## Documentation
 
-- Git LFS installed and configured
-- Access credentials for your DRS server
-- Go 1.24+ (for building from source)
+- [Getting Started](docs/getting-started.md)
+- [Commands Reference](docs/commands.md)
+- [Troubleshooting](docs/troubleshooting.md)
+- [Developer Guide](docs/developer-guide.md)
+- [GA4GH DRS Scalability Gaps](docs/ga4gh-drs-scalability-gaps.md)
 
-## Support
+## Requirements
 
-- **Issues**: [GitHub Issues](https://github.com/calypr/git-drs/issues)
-- **Releases**: [GitHub Releases](https://github.com/calypr/git-drs/releases)
-- **Documentation**: See `docs/` folder for detailed guides
+- Git
+- access credentials for the target Gen3/Syfon deployment
+- Go 1.26.2+ for local builds
 
-## License
+## Support
 
-This project is part of the CALYPR data commons ecosystem.
+- [GitHub Issues](https://github.com/calypr/git-drs/issues)
+- [GitHub Releases](https://github.com/calypr/git-drs/releases)
diff --git a/attic/issue-add-include-pattern-to-git-drs-pull.md b/attic/issue-add-include-pattern-to-git-drs-pull.md
new file mode 100644
index 00000000..4217ab3b
--- /dev/null
+++ b/attic/issue-add-include-pattern-to-git-drs-pull.md
@@ -0,0 +1,51 @@
+# Add `-I "pattern"` include filter support to `git drs pull`
+
+## Summary
+Add include-pattern filtering to `git drs pull`, similar to legacy `git lfs pull -I "pattern"` workflows.
+
+## Motivation
+Current `git drs pull` behavior pulls based on repository resolution without a user-facing path pattern filter. Users migrating from `git lfs pull -I` expect selective hydration of files by glob/path.
+
+## Proposed UX
+Support:
+
+```bash
+git drs pull -I "results/*.txt"
+git drs pull -I "*.bam" -I "data/**"
+git drs pull --include "path/to/file"
+```
+
+Optional:
+- `--exclude` parity (if desired in same change or follow-up)
+
+## Proposed behavior
+1. Parse one or more include patterns (`-I`, `--include`).
+2. Resolve candidate pointers as usual.
+3. Filter by repo-relative path match before download.
+4. Download only matched objects; skip others with clear logging.
+5. If no pattern supplied, preserve current default behavior.
+
+## Scope
+- `cmd/pull/main.go` CLI flags and pull selection pipeline
+- pointer/path inventory layer (where path<->OID candidates are produced)
+- docs: `docs/commands.md`, `docs/getting-started.md`, `docs/troubleshooting.md`
+- tests for include filtering semantics
+
+## Acceptance criteria
+- [ ] `git drs pull -I "<pattern>"` works for a single pattern.
+- [ ] Repeated `-I` flags are supported.
+- [ ] Include matching is against repo-relative paths.
+- [ ] Default `git drs pull` behavior unchanged when no `-I` is passed.
+- [ ] Help text documents pattern syntax and examples.
+- [ ] Unit/integration tests cover positive and negative matches.
+
+## Testing matrix
+- Single file exact path include.
+- Wildcard include (`*.bam`, `data/**`).
+- Multiple `-I` values.
+- No matches (should no-op cleanly and return success unless policy says otherwise).
+- Mixed matched/unmatched objects in same pull run.
+
+## Notes
+This closes a usability gap for users transitioning from `git lfs` CLI habits to `git drs` commands while keeping pull behavior explicit and predictable.
+
diff --git a/docs/adding-s3-files.md b/docs/adding-s3-files.md
index cb233826..f8a83a6b 100644
--- a/docs/adding-s3-files.md
+++ b/docs/adding-s3-files.md
@@ -1,6 +1,6 @@
 # Adding Provider Objects with `git drs add-url`
 
-`git drs add-url` prepares a Git LFS pointer plus local DRS metadata for an object that already exists in provider storage.
+`git drs add-url` prepares a Git pointer plus local DRS metadata for an object that already exists in provider storage.
 
 Important behavior:
 
@@ -26,7 +26,7 @@ The inspector also accepts other go-cloud styles (`gs://`, `azblob://`, `file://
 If your remote org/project already has a bucket mapping, pass an object key relative to that configured bucket scope and set `--scheme`.
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 
 git drs add-url path/to/object.bin data/from-bucket.bin \
@@ -54,7 +54,7 @@ git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin \
 If you know the authoritative SHA256, pass `--sha256`.
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 
 git drs add-url path/to/object.bin data/from-bucket.bin \
@@ -66,25 +66,25 @@ git commit -m "add known-sha object"
 git drs push
 ```
 
-## Unknown SHA256 (experimental sentinel mode)
+## Unknown SHA256
 
 If SHA256 is unknown, omit `--sha256`.
 
 Behavior:
 
 1. `add-url` performs object metadata lookup (HEAD/attributes).
-2. Synthetic OID is derived from ETag (`sha256(etag)`).
-3. A local sentinel object is written into `.git/lfs/objects/...`.
-4. `git drs push` performs metadata-only registration.
+2. A deterministic placeholder OID is derived from remote object metadata.
+3. A pointer file and local DRS metadata are written.
+4. `git drs push` performs metadata registration.
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 
 git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
 
 git add data/from-bucket.bin
-git commit -m "add unknown-sha object (sentinel mode)"
+git commit -m "add unknown-sha object"
 git drs push
 ```
 
@@ -103,7 +103,7 @@ For e2e/dev harnesses, `TEST_BUCKET_*` variables are also supported by command-l
 
 ## Prerequisites
 
-- File path must be LFS-tracked (via `.gitattributes`).
+- File path must be tracked (via `.gitattributes`).
 - Remote configuration must point to the intended org/project scope.
 - The bucket credential and org/project storage scope must exist on drs-server, for example via `git drs bucket add`, then `git drs bucket add-organization` or `git drs bucket add-project --path s3://bucket/prefix`.
 
@@ -118,13 +118,13 @@ Usually region/endpoint mismatch for S3-compatible storage.
 
 ### `no local payload available; skipping upload and keeping metadata-only registration`
 
-Expected for add-url pointer/sentinel flows where local payload bytes are intentionally absent.
+Expected for add-url pointer/metadata-only flows where local payload bytes are intentionally absent.
 
-### `file is not tracked by LFS`
+### `file is not tracked`
 
 Track the path pattern and re-add:
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 ```
diff --git a/docs/architecture-drs-endpoints-and-transfer-concurrency.md b/docs/architecture-drs-endpoints-and-transfer-concurrency.md
new file mode 100644
index 00000000..7f5d258a
--- /dev/null
+++ b/docs/architecture-drs-endpoints-and-transfer-concurrency.md
@@ -0,0 +1,216 @@
+# Architecture: DRS Endpoint Flows, Transfer Concurrency, and `add-url`/`add-ref`
+
+This document explains three implementation areas in `git-drs`:
+
+1. How user-issued Git/Git-DRS commands map to GA4GH DRS endpoint calls.
+2. How transfer concurrency works for upload and download.
+3. How `add-url` and `add-ref` work, including when and where SHA existence is checked on the DRS server.
+
+---
+
+## 1) Command to Endpoint Trace (User command -> Code path -> DRS API)
+
+## 1.1 High-level command routing
+
+- User-facing commands are registered in `cmd/root.go`.
+- Relevant command entrypoints:
+  - `git drs push` -> `cmd/push/main.go`
+  - `git drs pull` -> `cmd/pull/main.go`
+  - `git drs ls-files` -> `cmd/lsfiles/main.go`
+  - `git drs query` -> `cmd/query/main.go`
+  - `git drs add-ref` -> `cmd/addref/add-ref.go`
+  - `git drs add-url` -> `cmd/addurl/service.go`
+
+`git-drs` obtains a remote-specific API client via `config.LoadConfig()` + `cfg.GetRemoteClient(...)` (see `internal/config/remote.go`).
+
+## 1.2 Endpoint mapping matrix
+
+The table below maps command behavior to DRS client calls and the corresponding DRS API intent.
+
+| User command | Main call path | DRS client method(s) | DRS endpoint intent |
+| --- | --- | --- | --- |
+| `git drs query <drs_id>` | `cmd/query/main.go` | `DRS().GetObject(drs_id)` | Get object by DRS ID (`/ga4gh/drs/v1/objects/{id}` style) |
+| `git drs query --checksum <sha256>` | `cmd/query/main.go` -> `drsremote.ObjectsByHashForScope` | `DRS().BatchGetObjectsByHash([]checksum)` | Lookup objects by checksum (`/ga4gh/drs/v1/objects/checksum/{checksum}` style; asserted in tests) |
+| `git drs ls-files --drs` | `cmd/lsfiles/main.go` | `DRS().BatchGetObjectsByHash([]checksum)` | Check DRS registration status for local tracked files |
+| `git drs pull` | `cmd/pull/main.go` -> `drsremote.DownloadToCachePath` | `DRS().BatchGetObjectsByHash`, `DRS().GetAccessURL`; optional bulk via `DRSAPI().GetBulkAccessURLWithResponse` | Resolve missing OIDs to DRS records and access URLs, then hydrate content into the current checkout |
+| `git drs push [remote]` | `cmd/push/main.go` -> `pushsync.BatchSyncForPush` | `DRS().BatchGetObjectsByHash`, `DRS().RegisterObjects`, `DRS().GetAccessURL` | Check checksum presence, register missing records, probe/downloadability before upload |
+| `git drs add-ref <drs_uri> <path>` | `cmd/addref/add-ref.go` | `DRS().GetObject(drs_uri)` | Resolve existing DRS object and write pointer |
+
+Notes:
+
+- `internal/drsremote/remote_test.go` explicitly verifies some concrete paths:
+  - checksum lookup path `/ga4gh/drs/v1/objects/checksum/{sha}`
+  - bulk access path `/ga4gh/drs/v1/objects/access`
+  - access URL path `/ga4gh/drs/v1/objects/{id}/access/{type}`
+- `git drs pre-push-prepare` also calls a non-GA4GH metadata staging endpoint:
+  - `POST {remote}/info/drs/objects/metadata` (`cmd/prepush/main.go`)
+  - This is optional capability and not part of GA4GH DRS.
+
+## 1.3 Trace from standard Git commands
+
+`git-drs` participates in both explicit `git drs ...` commands and standard Git workflows after `git drs init`:
+
+- `git drs init` installs hooks (`cmd/initialize/main.go`):
+  - pre-commit: `git drs precommit`
+- During a normal `git push`, pre-push metadata can be staged via `/info/drs/objects/metadata` before transfer.
+- The explicit `git drs push` command runs the register/upload workflow, then runs `git push --no-verify` by default (`cmd/push/main.go`).
+
+---
+
+## 2) Transfer Concurrency Model (Upload and Download)
+
+### Concurrency mechanism: in-process goroutines only
+
+All transfer concurrency in `git-drs` is **in-process**, implemented with **Go goroutines and channels**. There is no use of OS-level multi-processing (no `fork`/`exec` of worker processes) for data movement.
+
+- Upload object fan-out uses `golang.org/x/sync/errgroup` — goroutines with a shared context and bounded by `errgroup.SetLimit(n)`.
+- Download chunk parallelism uses the `sydownload` library, which internally uses goroutines to issue concurrent HTTP range requests.
+- Sub-process calls (`exec.Command("git", ...)`) appear only for Git metadata operations (for example `git checkout`, `git ls-files`, `git check-attr`), never for data-transfer concurrency.
+
+## 2.1 Upload concurrency (`git drs push`)
+
+Upload tuning originates from Git config and is carried in `config.GitContext`:
+
+- `lfs.concurrenttransfers` -> `UploadConcurrency` (Git config key)
+- `drs.multipart-threshold` (MB) -> `MultiPartThreshold`
+
+See `internal/config/remote.go` (`newGitContext`) and `cmd/initialize/main.go` (`initGitConfig`).
+
+### Upload execution strategy
+
+In `internal/pushsync/batch_sync.go`:
+
+1. Build upload candidates.
+2. Split candidates into:
+   - small files: `size < MultiPartThreshold`
+   - large files: `size >= MultiPartThreshold`
+3. Small files upload in parallel using `errgroup.WithContext` + `eg.SetLimit(UploadConcurrency)` + `eg.Go(goroutine)` — **in-process goroutine fan-out**.
+4. Large files upload sequentially (single goroutine, no additional concurrency).
+
+Key implementation points:
+
+- `executeUploadPlan(...)` controls fan-out and limits.
+- Actual upload call is `syupload.UploadObjectFile(...)` in `internal/pushsync/register.go`.
+- `forceMultipart` is computed per file (`fileSize >= threshold`) and passed to upload.
+
+Operationally, this gives bounded goroutine parallelism for many small objects while reducing resource contention for very large uploads.
+
+## 2.2 Download concurrency (`git drs pull`)
+
+Download concurrency is set via `sydownload.DownloadOptions`:
+
+- `MultipartThreshold: 5 MiB`
+- `Concurrency: 2`
+- `ChunkSize: 64 MiB`
+
+These values are currently hardcoded in `internal/drsremote/remote.go` (`downloadResolved`) and apply to the pull/hydration workflow.
+
+### Intra-object chunk concurrency
+
+The `sydownload` library implements **goroutine-based HTTP range-request concurrency** within a single object download:
+
+- `resolvedSource.GetRangeReader(ctx, guid, offset, length)` issues an HTTP range (`Range: bytes=offset-end`) request.
+- `sydownload.DownloadToPathWithOptions` coordinates up to `Concurrency` (2) goroutines issuing simultaneous range requests per object.
+- This is purely in-process; no subprocess is spawned.
+
+### Object-level iteration in pull
+
+- In `cmd/pull/main.go`, missing OIDs are processed in a **sequential** `for` loop — one object at a time.
+- Each object download can still be internally chunk-concurrent (up to `Concurrency=2` goroutines) via `sydownload`.
+- So pull concurrency is **intra-object** (goroutine-based chunk/range concurrency), not broad object fan-out.
+- Bulk metadata prefetch (DRS objects + bulk access URLs) is performed **before** the sequential download loop to amortize API round-trips.
+
+## 2.3 Git metadata subprocesses
+
+Some flows still call Git commands directly for repository state inspection.
+
+- These are **subprocess** calls (`exec.Command("git", ...)`), not goroutine fan-out.
+- Examples include tracked-file discovery and attribute inspection used by `ls-files` and `pull`.
+- This is distinct from the goroutine-based `git drs push` upload fan-out and `sydownload` chunk concurrency.
+
+---
+
+## 3) `add-url` and `add-ref`: Implementation and SHA existence checks
+
+## 3.1 `add-url` implementation
+
+Main logic lives in `cmd/addurl/service.go`.
+
+Workflow:
+
+1. Parse CLI input (`cmd/addurl/params.go`).
+2. Resolve remote scope (org/project/bucket/prefix) (`cmd/addurl/scope.go`).
+3. Resolve source object URL (full URL mode or key+`--scheme` mode).
+4. Inspect object using cloud client (`sycloud.InspectObject`).
+5. Ensure object identity:
+   - If `--sha256` provided: trust it as OID.
+   - Otherwise: derive a deterministic placeholder OID from remote object metadata.
+6. Write pointer file to worktree.
+7. Best-effort update of pre-commit cache (`updatePrecommitCache`).
+8. Ensure file is tracked if needed.
+9. Write/update local DRS metadata object under `.git/drs/lfs/objects` (`writeAddURLDrsObject`).
+
+### Does `add-url` query DRS server for SHA existence?
+
+Not immediately. `add-url` is local-preparation oriented:
+
+- It inspects provider object metadata.
+- It writes local pointer + local DRS metadata.
+- Server checksum existence is checked later during push (see section 3.3).
+
+## 3.2 `add-ref` implementation
+
+Main logic is in `cmd/addref/add-ref.go`.
+
+Workflow:
+
+1. Resolve remote client.
+2. Call `DRS().GetObject(drs_uri)`.
+3. Create parent directory if needed.
+4. Write pointer from returned DRS object checksums (`lfs.CreateLfsPointer`).
+
+### Does `add-ref` query DRS server for SHA existence?
+
+It does not perform a checksum lookup endpoint call. It verifies existence by object ID (`GetObject`) and consumes checksum from that object payload.## 3.3 Where SHA existence check against DRS actually happens
+
+Checksum existence checks are performed during `git drs push` in `internal/pushsync/batch_sync.go`:
+
+1. `lookupMetadata()` iterates OIDs and calls:
+   - `drsremote.ObjectsByHash(...)` -> `DRS().BatchGetObjectsByHash(...)`
+2. If no records exist for an OID, object candidate is included for bulk registration:
+   - `DRS().RegisterObjects(...)`
+3. Upload decision is then based on registration status + downloadability probe.
+
+So for both `add-url` and `add-ref`, the checksum-existence gate is primarily deferred to push-time synchronization logic.
+
+---
+
+## 4) End-to-end sequence summaries
+
+## 4.1 `git drs add-url ...` then `git drs push`
+
+1. `add-url`: local pointer + local DRS object prepared.
+2. `push`: checksum lookup (`BatchGetObjectsByHash`).
+3. Missing checksum -> `RegisterObjects`.
+4. If payload required and available -> upload via syfon transfer.
+5. Git refs pushed.
+
+## 4.2 `git drs add-ref <drs_id> <path>` then `git drs pull`
+
+1. `add-ref`: `GetObject(drs_id)` and write pointer.
+2. `pull`: detect unresolved pointers.
+3. For each OID, resolve scoped object by checksum and access URL.
+4. Download to local object cache and hydrate the tracked file in the worktree.
+
+---
+
+## 5) Practical implications for operators and developers
+
+- If you need immediate server-side checksum validation during `add-url`, that behavior does not exist today; validation happens at push time.
+- All transfer concurrency is in-process (goroutines); no subprocess workers are used for data movement.
+- Upload concurrency is configurable through Git config (`lfs.concurrenttransfers` key) and is implemented as a goroutine pool bounded by `errgroup.SetLimit`.
+- Download concurrency is fixed (not configurable at runtime): `Concurrency=2` goroutines per object for HTTP range requests, currently hardcoded in `internal/drsremote/remote.go`.
+- Object-level download iteration in `git drs pull` is sequential; only intra-object chunk downloads are concurrent.
+- Git metadata discovery still uses subprocess calls, but those are repository inspection details, not data-transfer concurrency.
+
+---
diff --git a/docs/commands.md b/docs/commands.md
index e1a7329f..43ac6d5a 100644
--- a/docs/commands.md
+++ b/docs/commands.md
@@ -1,617 +1,288 @@
 # Commands Reference
 
-Complete reference for Git DRS and related Git LFS commands.
+Complete reference for the `git-drs` CLI as used on the `fix/cli` line.
 
-Git DRS owns Git/DRS orchestration and local metadata. Direct provider access, signed URL behavior, and cloud inspection are client-side responsibilities reached through `syfon/client`.
+Git DRS owns Git/DRS orchestration and local metadata. Provider access, signed URL behavior, and cloud inspection are handled through Syfon and client code behind these commands.
 
-> **Navigation:** [Getting Started](getting-started.md) → **Commands Reference** → [Troubleshooting](troubleshooting.md)
+> **Navigation:** [Getting Started](getting-started.md) -> **Commands Reference** -> [Troubleshooting](troubleshooting.md)
 
-## Git DRS Commands
+## Command Model
 
-### `git drs install`
-
-Install global Git filter configuration for git-drs. This is equivalent in purpose to running `git-lfs install` for the git-drs filter.
-
-**Usage:**
+`git-drs` is intentionally smaller now.
 
-```bash
-git drs install
-```
+- Removed legacy commands:
+  - `git drs fetch`
+  - `git drs list`
+  - `git drs upload`
+  - `git drs download`
+- `git drs pull` now mirrors `git lfs pull` semantics:
+  - it hydrates tracked pointer files in the current checkout
+  - it does not run `git pull`
+- `git drs ls-files` is the `git lfs ls-files` analog:
+  - local-first inventory
+  - optional DRS registration checks
+- `git drs remote add gen3` now takes scope as a positional `organization/project`
 
-**What it does:**
+## Core Setup
 
-- Sets global Git config for `filter.drs.clean`
-- Sets global Git config for `filter.drs.smudge`
-- Sets global Git config for `filter.drs.process`
-- Sets global Git config for `filter.drs.required`
+### `git drs install`
 
-**Resulting `~/.gitconfig` entries:**
+Install global Git filter configuration for `git-drs`.
 
-```ini
-[filter "drs"]
-    clean = git-drs clean -- %f
-    smudge = git-drs smudge -- %f
-    process = git-drs filter
-    required = true
+```bash
+git drs install
 ```
 
-**When to run:**
-
-- **Once per machine/user** after installing `git-drs`
-- Re-run any time you want to reset these global filter values
+This sets the global `filter.drs.*` entries used by Git clean/smudge/filter operations.
 
 ### `git drs init`
 
-Initialize Git DRS in a repository. Sets up Git DRS hooks and creates a `.git/drs/` directory that Git ignores automatically.
-
-**Usage:**
+Initialize `git-drs` in the current repository.
 
 ```bash
 git drs init [flags]
 ```
 
-**Options:**
-
-- `--transfers <n>`: Number of concurrent transfers (default: 4)
-
-**Example:**
-
-```bash
-git drs init
-```
-
-**What it does:**
-
-- Creates `.git/drs/` directory structure
-- Configures Git/LFS settings for git-drs managed push/pull
-- Installs Git hooks for DRS workflows
-
-**When to run:**
-
-- **Once** after cloning a Git repository
-- **Once** after creating a new Git repository
-- **Never** needed for subsequent work sessions
-
-**You do NOT need to run `git drs init` again:**
-
-- When starting a new work session
-- After refreshing credentials
-- After pulling new changes
+Common flags:
 
-**Note:** Run this before adding remotes.
+- `--transfers <n>`: concurrent transfers
+- `--upsert`: enable upsert behavior for push/register flows
+- `--multipart-threshold <mb>`: multipart threshold in MB
+- `--enable-data-client-logs`: enable lower-level client logging
 
-### `git drs remote`
+Run this once per repository.
 
-Manage DRS remote server configurations. Git DRS supports multiple remotes for working with development, staging, and production servers.
+## Remote Configuration
 
-#### `git drs remote add gen3 <name>`
+### `git drs remote add gen3 [remote-name] <organization/project>`
 
-Add a Gen3 DRS server configuration.
-
-**Usage:**
+Add or refresh a Gen3-backed Syfon remote.
 
 ```bash
-git drs remote add gen3 <remote-name> \
-    --url <server-url> \
-    --cred <credentials-file> \
-    --organization <program> \
-    --project <project-id> \
-    [--bucket <bucket-name>]
+git drs remote add gen3 [remote-name] <organization/project> [--cred <file> | --token <token>]
 ```
 
-**Options:**
-
-- `--url <url>`: Gen3 server endpoint (required)
-- `--cred <file>`: Path to credentials JSON file (required)
-- `--token <token>`: Token for temporary access (alternative to --cred)
-- `--organization <name>`: Program/organization scope used for bucket mapping
-- `--project <id>`: Project ID (required)
-- `--bucket <name>`: Bucket name fallback when no org/project mapping is configured
-
-**Examples:**
+Examples:
 
 ```bash
-# Add production remote
-git drs remote add gen3 production \
-    --url https://calypr-public.ohsu.edu \
-    --cred /path/to/credentials.json \
-    --organization my-program \
-    --project my-project
-
-# Add staging remote
-git drs remote add gen3 staging \
-    --url https://staging.calypr.ohsu.edu \
-    --cred /path/to/staging-credentials.json \
-    --organization staging-program \
-    --project staging-project
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+git drs remote add gen3 staging HTAN_INT/BForePC --token "$GEN3_TOKEN"
 ```
 
-**Note:** The first remote you add automatically becomes the default remote.
-**Important:** A bucket mapping for the target `organization/project` must already exist, typically created once by a steward/admin with `git drs bucket add`, then `git drs bucket add-organization` or `git drs bucket add-project --path <scheme>://<bucket>/<prefix>`. Without that mapping, push/pull operations will fail.
+Notes:
 
-#### `git drs remote list`
+- `remote-name` is optional; if omitted, the default remote name is used.
+- scope is always one positional argument: `organization/project`
+- `--cred` imports a Gen3 credential file
+- `--token` uses a temporary bearer token
+- bucket resolution is scope-driven; users do not need to provide `--bucket`
+- endpoint resolution comes from the credential/token path; users do not need to provide `--url`
 
-List all configured DRS remotes.
+Prerequisite:
 
-**Usage:**
-
-```bash
-git drs remote list
-```
-
-**Example Output:**
-
-```
-* production  gen3    https://calypr-public.ohsu.edu
-  staging     gen3    https://staging.calypr.ohsu.edu
-  development gen3    https://dev.calypr.ohsu.edu
-```
+- the target `organization/project` must already be mapped to a bucket on the server
+- if no local repo mapping exists, `git-drs` can resolve the visible bucket from the server
 
-The `*` indicates the default remote used by all commands unless specified otherwise.
+### `git drs remote list`
 
-#### `git drs remote set <name>`
-
-Set the default DRS remote for all operations.
-
-**Usage:**
-
-```bash
-git drs remote set <remote-name>
-```
-
-**Examples:**
+List configured DRS remotes.
 
 ```bash
-# Switch to staging for testing
-git drs remote set staging
-
-# Switch back to production
-git drs remote set production
-
-# Verify change
 git drs remote list
 ```
 
-### `git drs fetch [remote-name]`
-
-Fetch DRS object metadata from remote server. Downloads metadata only, not actual files.
+### `git drs remote set <name>`
 
-**Usage:**
+Set the default DRS remote.
 
 ```bash
-# Fetch from default remote
-git drs fetch
-
-# Fetch from specific remote
-git drs fetch staging
-git drs fetch production
-```
-
-**Note:** `fetch` and `push` are commonly used together for cross-remote workflows. See `git drs push` below.
-
-**What it does:**
-
-- Identifies remote and project from configuration
-- Transfers all DRS records for a given project from the server to the local `.git/drs/lfs/objects/` directory
-
-### `git drs add-url <object-url-or-key> [path]`
-
-Prepare a pointer plus local DRS metadata for an object that already exists in provider storage.
-
-**Usage:**
-
-```bash
-# Preferred: object key resolved against configured bucket scope
-git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
-
-# Compatibility: explicit provider URL
-git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
-```
-
-**Options:**
-
-- `--scheme <scheme>`: Required for object-key mode because local bucket mappings persist bucket/prefix, not provider scheme
-- `--sha256 <hex>`: Expected SHA256 checksum when known
-
-**What it does:**
-
-- Resolves the effective org/project bucket scope for the current remote
-- Inspects the provider object through client-owned cloud code
-- Writes a Git LFS pointer into the worktree
-- Stores local DRS metadata for later registration during `git drs push`
-
-### `git drs push [remote-name]`
-
-Push local DRS objects to server. Uploads new files and registers metadata.
-
-**Usage:**
-
-```bash
-# Push to default remote
-git drs push
-
-# Push to specific remote
-git drs push staging
-git drs push production
-```
-
-**What it does:**
-
-- Checks local `.git/drs/lfs/objects/` for DRS metadata
-- For each object, uploads file to bucket if file exists locally
-- If file doesn't exist locally (metadata only), registers metadata without upload
-- This enables cross-remote promotion workflows
-
-**Cross-Remote Promotion:**
-
-Transfer DRS records from one remote to another (eg staging to production) without re-uploading files:
-
-```bash
-# Fetch metadata from staging
-git drs fetch staging
-
-# Push metadata to production (no file upload since files don't exist locally)
-git drs push production
-```
-
-This is useful when files are already in the production bucket with matching SHA256 hashes. It can also be used to reupload files given that the files are pulled to the repo first.
-
-**Note:** `fetch` and `push` are commonly used together. `fetch` pulls metadata from one remote, `push` registers it to another.
-
-### `git drs query`
-
-Query a DRS object by its DRS ID or SHA256 checksum.
-
-**Usage:**
-
-```bash
-# Query by DRS ID (default behavior)
-git drs query <drs-id>
-
-# Query by SHA256 checksum
-git drs query --checksum <sha256>
+git drs remote set production
 ```
 
-**Options:**
+## Bucket Mapping
 
-- `--checksum`, `-c`: Treat the argument as a SHA256 checksum instead of a DRS ID.
-- `--pretty`, `-p`: Output indented JSON for easier reading.
-- `--remote`, `-r`: Target a specific remote (default: default_remote).
+These commands are typically steward/admin setup, not day-to-day end-user commands.
 
-**Examples:**
+### `git drs bucket add`
 
-```bash
-# Query by checksum and pretty-print the result
-git drs query --checksum 9f2c2db77f0a3e2b47e4b44b8ce8d4c8c3c4c0b5f4c5a2d2f9b1d0bfb0a1c2d3 --pretty
+Declare bucket credentials for a remote.
 
-# Query by DRS ID against a specific remote
-git drs query did:example:12345 --remote staging
-```
-
-### `git drs add-url`
-
-Prepare a file reference via cloud object URL for DRS registration.
+### `git drs bucket add-organization`
 
-**Usage:**
+Map an organization to a bucket path.
 
 ```bash
-# Stage local pointer + DRS metadata
-git drs add-url <cloud-url> [path] [--sha256 <hash>]
-# Register/push prepared records
-git drs push
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
 ```
 
-**Examples:**
+### `git drs bucket add-project`
 
-```bash
-# Known SHA path
-git drs add-url s3://bucket/path/file.bin data/file.bin --sha256 <sha256>
-
-# Unknown SHA path (experimental sentinel mode)
-git drs add-url s3://bucket/path/file.bin data/file.bin
-```
-
-**Options:**
-
-- `--sha256 <hash>`: Optional SHA256 hash of the source object.  
-  If omitted, add-url uses experimental ETag-derived sentinel mode and registers a synthetic OID.
-
-**Notes:**
-
-- `add-url` no longer accepts per-command AWS credential flags.
-- S3 connection hints are resolved from environment/runtime config when needed (for example `AWS_REGION`, `AWS_ENDPOINT_URL`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`).
-- Registration happens on `git drs push`, not at `add-url` time.
-
-### `git drs version`
-
-Display Git DRS version information.
+Map an organization/project to a bucket path.
 
 ```bash
-git drs version
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/htan-int/bforepc
 ```
 
-### `git drs track [pattern ...]`
-
-Manage Git LFS tracking patterns from Git DRS.
-
-**View tracked patterns:**
+## File Tracking and Hydration
 
-```bash
-git drs track
-```
+### `git drs track`
 
-**Track one or more patterns:**
+Track files or patterns with Git-compatible pointer behavior.
 
 ```bash
 git drs track "*.bam"
-git drs track "*.bam" "data/**"
+git drs track "data/**"
 ```
 
-**Options:**
-
-- `--verbose`: Show detailed Git LFS output
-- `--dry-run`: Show what would change without writing `.gitattributes`
+Stage `.gitattributes` after changing tracked patterns.
 
-### `git drs untrack <pattern> [pattern ...]`
+### `git drs untrack`
 
-Remove one or more Git LFS tracking patterns.
+Stop tracking patterns.
 
 ```bash
 git drs untrack "*.bam"
-git drs untrack "*.bam" "data/**"
-```
-
-**Options:**
-
-- `--verbose`: Show detailed Git LFS output
-- `--dry-run`: Show what would change without writing `.gitattributes`
-
-### Internal Commands
-
-These commands are called automatically by Git hooks:
-
-- `git drs precommit`: Process staged files during commit
-- `git drs pre-push-prepare`: Stage DRS metadata before push
-- `git lfs pre-push`: Optional Git LFS compatibility push flow (invoked by the pre-push hook when enabled)
-
-## Git LFS Commands
-
-### `git lfs track`
-
-Manage file tracking patterns.
-
-**View Tracked Patterns:**
-
-```bash
-git lfs track
-```
-
-**Track New Pattern:**
-
-```bash
-git lfs track "*.bam"
-git lfs track "data/**"
-git lfs track "specific-file.txt"
-```
-
-**Untrack Pattern:**
-
-```bash
-git lfs untrack "*.bam"
 ```
 
-### `git lfs ls-files`
-
-List LFS-tracked files in the repository.
+### `git drs ls-files [pathspec...]`
 
-**All Files:**
+List tracked LFS-style files in the current checkout.
 
 ```bash
-git lfs ls-files
+git drs ls-files
+git drs ls-files data/**
+git drs ls-files -I "*.bam"
+git drs ls-files --drs
+git drs ls-files -l --drs
+git drs ls-files -n results/**
 ```
 
-**Specific Pattern:**
-
-```bash
-git lfs ls-files -I "*.bam"
-git lfs ls-files -I "data/**"
-```
+Important behavior:
 
-**Output Format:**
+- default mode is local-first and cheap
+- `*` means localized/hydrated in the worktree
+- `-` means the worktree still contains a pointer
+- `--drs` adds DRS registration checks
 
-- `*` prefix: File is localized (downloaded)
-- `-` prefix: File is not localized
-- No prefix: File status unknown
+Common flags:
 
-### `git lfs pull`
+- `-I, --include <pattern>`: include filter; may be repeated
+- `-l, --long`: long output
+- `-n, --name-only`: path-only output
+- `--json`: structured output
+- `--drs`: check DRS registration status
 
-Download LFS-tracked files.
+### `git drs pull`
 
-**All Files:**
+Hydrate tracked pointer files in the current checkout.
 
 ```bash
-git lfs pull
+git drs pull
+git drs pull -I "*.bam"
+git drs pull -I "data/**" -I "results/*.txt"
+git drs pull --dry-run -I "results/**"
 ```
 
-**Specific Files:**
+Important behavior:
 
-```bash
-git lfs pull -I "*.bam"
-git lfs pull -I "data/important.txt"
-git lfs pull -I "results/**"
-```
-
-**Multiple Patterns:**
+- `git drs pull` does not run `git pull`
+- it only hydrates tracked pointer files already present in the current checkout
+- include matching is against repo-relative paths
 
-```bash
-git lfs pull -I "*.bam" -I "*.vcf"
-```
+Common flags:
 
-### `git lfs install`
+- `-I, --include <pattern>`: include filter; may be repeated
+- `--dry-run`: show what would be hydrated without downloading
 
-Configure Git LFS for the system or repository.
+## Object Registration and Push
 
-**System-wide:**
-
-```bash
-git lfs install --skip-smudge
-```
+### `git drs push [remote-name]`
 
-**Repository-only:**
+Register and upload tracked objects, then rely on normal Git push for refs.
 
 ```bash
-git lfs install --local --skip-smudge
+git drs push
+git drs push production
 ```
 
-The `--skip-smudge` option prevents automatic downloading of all LFS files during clone/checkout.
-
-## Standard Git Commands
-
-Git DRS integrates with standard Git commands:
-
-### `git add`
-
-Stage files for commit. LFS-tracked files are automatically processed.
+What it does:
 
-```bash
-git add myfile.bam
-git add data/
-git add .
-```
+- resolves local pointer/object metadata
+- uploads local bytes when needed
+- registers object metadata with the target Syfon instance
 
-### `git commit`
+### `git drs add-url <object-url-or-key> [path]`
 
-Commit changes. Git DRS pre-commit hook runs automatically.
+Create a pointer and local metadata for an object that already exists in provider storage.
 
 ```bash
-git commit -m "Add new data files"
+git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
+git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
+git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin --sha256 <hex>
 ```
 
-### `git push`
+Notes:
 
-Push commits to remote. Git DRS automatically uploads new files to DRS server.
+- object-key mode resolves against the configured bucket scope
+- explicit provider URL mode remains supported
+- `--scheme` is required for object-key mode
 
-```bash
-git push
-git push origin main
-```
-
-### `git clone`
+### `git drs add-ref <drs-id> <path>`
 
-Clone repository. Use with Git DRS initialization:
+Add a local pointer file for an existing DRS object.
 
 ```bash
-git clone <repo-url>
-cd <repo-name>
-git drs init
-git drs remote add gen3 production --cred /path/to/credentials.json --url ... --organization ... --project ...
+git drs add-ref drs://example/object-id data/object.bin
 ```
 
-## Workflow Examples
+### `git drs query <drs-id>`
 
-### Complete File Addition Workflow
+Query a DRS object by ID.
 
 ```bash
-# 1. Ensure file type is tracked
-git lfs track "*.bam"
-git add .gitattributes
-
-# 2. Add your file
-git add mydata.bam
-
-# 3. Verify tracking
-git lfs ls-files -I "mydata.bam"
-
-# 4. Commit (creates DRS record)
-git commit -m "Add analysis results"
-
-# 5. Push (uploads to default DRS server)
-git push
+git drs query drs://example/object-id
 ```
 
-### Selective File Download
-
-```bash
-# Check what's available
-git lfs ls-files
+## Metadata Copy
 
-# Download specific files
-git lfs pull -I "results/*.txt"
-git lfs pull -I "important-dataset.bam"
-
-# Verify download
-git lfs ls-files -I "results/*.txt"
-```
+### `git drs copy-records [source-remote] <target-remote> <organization/project>`
 
-### Repository Setup from Scratch
+Copy Syfon metadata records from one remote to another for a single project scope.
 
 ```bash
-# 1. Create and clone repo
-git clone <new-repo-url>
-cd <repo-name>
-
-# 2. Initialize Git DRS
-git drs init
-
-# 3. Add DRS remote
-git drs remote add gen3 production \
-    --url https://calypr-public.ohsu.edu \
-    --cred /path/to/credentials.json \
-    --organization my-program \
-    --project my-project
-
-# 4. Set up file tracking
-git lfs track "*.bam"
-git lfs track "*.vcf.gz"
-git lfs track "data/**"
-git add .gitattributes
-git commit -m "Configure LFS tracking"
-git push
-
-# 5. Add data files
-git add data/sample1.bam
-git commit -m "Add sample data"
-git push
+git drs copy-records prod HTAN_INT/BForePC
+git drs copy-records dev prod HTAN_INT/BForePC
 ```
 
-### Cross-Remote Promotion Workflow
+Behavior:
 
-```bash
-# 1. Add multiple remotes
-git drs remote add gen3 staging \
-    --url https://staging.calypr.ohsu.edu \
-    --cred /path/to/staging-credentials.json \
-    --organization staging-program \
-    --project staging-project
-
-git drs remote add gen3 production \
-    --url https://calypr-public.ohsu.edu \
-    --cred /path/to/prod-credentials.json \
-    --organization prod-program \
-    --project prod-project
-
-# 2. Fetch metadata from staging
-git drs fetch staging
-
-# 3. Push metadata to production (no re-upload)
-git drs push production
-```
+- with one remote arg:
+  - source defaults to the configured default remote
+  - arg is treated as the target remote
+- with two remote args:
+  - first is source
+  - second is target
+- copies metadata only, not object bytes
 
-## Environment Variables
+Merge behavior for existing target records:
 
-Git DRS respects these environment variables:
+- match by DID
+- union `controlled_access`
+- union `access_methods`
+- preserve existing target metadata otherwise
 
-- `AWS_ACCESS_KEY_ID`: AWS access key (for S3 operations)
-- `AWS_SECRET_ACCESS_KEY`: AWS secret key (for S3 operations)
+## Removed Legacy Commands
 
-## Help and Documentation
+These commands are gone from the cleaned CLI:
 
-Use `--help` with any command for detailed usage:
+- `git drs fetch`
+- `git drs list`
+- `git drs upload`
+- `git drs download`
 
-```bash
-git-drs --help
-git-drs init --help
-git-drs add-url --help
-git lfs --help
-git lfs track --help
-```
+If older docs or notes mention them, treat those references as stale.
diff --git a/docs/developer-guide.md b/docs/developer-guide.md
index e9751130..df82388c 100644
--- a/docs/developer-guide.md
+++ b/docs/developer-guide.md
@@ -10,7 +10,7 @@ Git DRS integrates with Git through several mechanisms:
 
 **Pre-commit Hook**: `git drs precommit`
 - Triggered automatically before each commit
-- Processes all staged LFS files
+- Processes all staged files
 - Creates DRS records for new files
 - Only processes files that don't already exist on the DRS server
 - Prepares metadata for later upload during push
@@ -34,7 +34,7 @@ Git DRS integrates with Git through several mechanisms:
    - Stores in .git/drs/ directory
 4. Developer: git push
 5. Git Hook: git drs pre-push-prepare
-   - Stages pending metadata for LFS verify
+   - Stages pending metadata for DRS verify
 6. Git DRS:
    - `git drs push` runs register/upload directly
    - `git drs pull` runs download directly
@@ -44,8 +44,8 @@ Git DRS integrates with Git through several mechanisms:
 
 Git DRS no longer uses a custom transfer agent.
 
-- Upload path (primary): `git drs push` discovers local LFS pointers, bulk-registers missing objects, checks validity, and uploads missing bits.
-- Download path (primary): `git drs pull` resolves object records and downloads into local LFS object storage.
+- Upload path (primary): `git drs push` discovers local pointers, bulk-registers missing objects, checks validity, and uploads missing bits.
+- Download path (primary): `git drs pull` resolves object records and downloads into local object storage.
 
 ## Repository Structure
 
@@ -73,12 +73,12 @@ drs/                   # DRS object utilities
 ├── object.go         # DRS object structures
 └── util.go           # Utility functions
 
-lfs/                   # Git LFS integration
-└── lfs.go            # LFS pointer/discovery helpers
+lfs/                   # Pointer utilities
+└── lfs.go            # Pointer/discovery helpers
 
 utils/                 # Shared utilities
 ├── common.go         # Common functions
-├── lfs-track.go      # LFS tracking utilities
+├── lfs-track.go      # Tracking utilities
 └── util.go           # General utilities
 ```
 
@@ -97,14 +97,13 @@ servers:
 
 ### DRS Object Management
 
-Objects are stored in `.git/drs/lfs/objects/` during pre-commit and referenced during push/pull workflows.
+Objects are stored in `.git/drs/objects/` during pre-commit and referenced during push/pull workflows.
 
 ## Development Setup
 
 ### Prerequisites
 
-- Go 1.24+
-- Git LFS installed
+- Go 1.26.2+
 - Access to a DRS server for testing
 
 ### Building from Source
@@ -152,7 +151,7 @@ export PATH=$PATH:$(pwd)
 
 ```bash
 # Test specific functionality
-go test ./utils -run TestLFSTrack
+go test ./utils -run TestTrack
 ```
 
 ### Integration Tests
diff --git a/docs/drs-registerfile-upsert.md b/docs/drs-registerfile-upsert.md
index 72f162b5..03d1cff4 100644
--- a/docs/drs-registerfile-upsert.md
+++ b/docs/drs-registerfile-upsert.md
@@ -1,4 +1,4 @@
-# ADR 0001: Configure RegisterFile upsert/bucket checks via git LFS config
+# ADR 0001: Configure RegisterFile upsert/bucket checks via git config
 
 ## Status
 Accepted
@@ -8,7 +8,7 @@ The DRS `RegisterFile` flow needs toggles for:
 - whether to upsert DRS records (create when no matching project record exists, or replace by deleting and re-registering when a ma
 - whether to check bucket existence before uploading (Unimplemented, currently always checks and skips upload if already present)
 
-These toggles must be controlled per-repository using git LFS configuration (`git config` entries under `drs.*`). This keeps behavior in repo-local configuration and avoids coupling to remote YAML configuration.
+These toggles must be controlled per-repository using git config (`git config` entries under `drs.*`). This keeps behavior in repo-local configuration and avoids coupling to remote YAML configuration.
 
 ## Decision
 Read `drs.upsert` from git config during DRS client initialization. Missing values default to `false`. Invalid values fail initialization with a clear error.
diff --git a/docs/e2e-modes-and-local-setup.md b/docs/e2e-modes-and-local-setup.md
index 20820cf2..eb0de218 100644
--- a/docs/e2e-modes-and-local-setup.md
+++ b/docs/e2e-modes-and-local-setup.md
@@ -81,7 +81,7 @@ TEST_STRICT_CLEANUP=true
   - HTTP basic auth via:
     - `TEST_LOCAL_USERNAME` + `TEST_LOCAL_PASSWORD`, or
     - `TEST_ADMIN_AUTH_HEADER="Authorization: Basic <base64(user:pass)>"`
-- `git drs remote add local ... --username ... --password ...` stores local basic auth in repo config for helper/LFS flows.
+- `git drs remote add local ... --username ... --password ...` stores local basic auth in repo config for credential-helper flows.
 
 ## How wrapper scripts map to the main suites
 
@@ -138,7 +138,7 @@ What it covers:
 
 - `git drs push` metadata register + upload
 - multipart/resume behavior
-- `git drs pull` and `git lfs pull` compatibility checks
+- `git drs pull` download and compatibility checks
 - cleanup by DID resolution
 
 ## Local add-url E2E: runbook
@@ -152,7 +152,7 @@ bash tests/e2e-local-addurl.sh
 What it covers:
 
 - known-sha add-url path (`--sha256 <real hash>`)
-- unknown-sha add-url path (sentinel pointer OID)
+- unknown-sha add-url path (placeholder pointer OID)
 - push/register + pull hydration checks
 
 ## Monorepo E2E (remote and local)
diff --git a/docs/getting-started.md b/docs/getting-started.md
index 92a2b636..cfef54f3 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -1,25 +1,32 @@
 # Getting Started
 
-This guide walks you through setting up Git DRS and performing common workflows.
+This guide walks through the current `git-drs` workflow on the cleaned CLI path.
 
-> **Navigation:** [Installation](installation.md) → **Getting Started** → [Commands Reference](commands.md) → [Troubleshooting](troubleshooting.md)
+> **Navigation:** [Installation](installation.md) -> **Getting Started** -> [Commands Reference](commands.md) -> [Troubleshooting](troubleshooting.md)
 
-## Repository Initialization
+## What `git-drs` Does
 
-Every Git repository using Git DRS requires configuration, whether you're creating a new repo or cloning an existing one.
+`git-drs` manages:
 
-### Cloning Existing Repository (Gen3)
+- Git-compatible pointer files
+- local DRS metadata
+- remote Syfon/Gen3 configuration
+- pointer hydration and object registration workflows
 
-1. **Clone the Repository**
+It no longer tries to be a mixed bag of Git, Git LFS, and DRS transport wrappers.
+
+## Cloning an Existing Repository
+
+1. Clone the repository:
 
    ```bash
    git clone <repo-clone-url>.git
    cd <name-of-repo>
    ```
 
-2. **Configure SSH** (if using SSH URLs)
+2. If you use SSH remotes, make sure your SSH setup is already working for that host.
 
-   If using SSH URLs like `git@github.com:user/repo.git`, add to `~/.ssh/config`:
+   A typical keepalive configuration looks like:
 
    ```
    Host github.com
@@ -27,347 +34,361 @@ Every Git repository using Git DRS requires configuration, whether you're creati
        ServerAliveInterval 30
    ```
 
-3. **Get Credentials**
-
-   - Log in to your data commons (e.g., https://calypr-public.ohsu.edu/)
-   - Profile → Create API Key → Download JSON
-   - **Note**: Credentials expire after 30 days
-
-4. **Initialize Repository**
+3. Initialize `git-drs` in the repo:
 
    ```bash
    git drs init
    ```
 
-5. **Verify Configuration**
+4. Hydrate tracked files if needed:
 
    ```bash
-   git drs remote list
+   git drs pull
    ```
 
-   Output:
-   ```
-   * production  gen3    https://calypr-public.ohsu.edu/
-   ```
+This is the normal onboarding flow for an existing repo. `git drs pull` hydrates pointer files already present in the checkout. It does not replace `git pull`.
 
-   The `*` indicates this is the default remote.
+## One-Time Machine Setup
 
-### New Repository Setup (Gen3)
+Install `git-drs` and the global Git filter configuration:
 
-1. **Create and Clone Repository**
+```bash
+git drs install
+```
 
-   ```bash
-   git clone <repo-clone-url>.git
-   cd <name-of-repo>
-   ```
+## One-Time Repository Setup
+
+After cloning or creating a repository:
+
+```bash
+git drs init
+```
+
+That sets up repository-local `git-drs` state and hooks.
+
+## Add a Gen3 Remote
+
+The current shape is:
+
+```bash
+git drs remote add gen3 [remote-name] <organization/project> [--cred <file> | --token <token>]
+```
+
+Example:
+
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+```
 
-2. **Configure SSH** (if needed - same as above)
+Notes:
 
-3. **Get Credentials** (same as above)
+- scope is one positional argument: `organization/project`
+- users do not provide `--bucket`
+- users do not provide `--url`
+- bucket resolution is scope-based and server-backed
 
-4. **Get Project Details**
+Verify:
 
-   Contact your data coordinator for:
-   - DRS server URL
-   - Organization name
-   - Project ID
-   - Bucket name
-   - Confirmation that bucket mapping exists for your organization/project
+```bash
+git drs remote list
+```
 
-5. **Initialize Git DRS**
+## New Repository Setup
+
+For a new repository or a repository that has not yet been configured with `git-drs`:
+
+1. Initialize the repository:
 
    ```bash
    git drs init
    ```
 
-6. **Add Remote Configuration**
+2. Add the target remote:
 
    ```bash
-   git drs remote add gen3 production \
-       --cred /path/to/credentials.json \
-       --url https://calypr-public.ohsu.edu \
-       --project my-project \
-       --bucket my-bucket
+   git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
    ```
 
-   **Note:** Since this is your first remote, it automatically becomes the default. No need to run `git drs remote set`.
-
-7. **Verify Configuration**
+3. Verify the configuration:
 
    ```bash
    git drs remote list
    ```
 
-   Output:
-   ```
-   * production  gen3    https://calypr-public.ohsu.edu
-   ```
+## Steward/Admin Prerequisite
 
-   **Important:** `git drs remote add` alone is not enough. Push/pull requires an existing bucket mapping for your `organization/project` (usually provisioned once by a steward/admin).
+Push and pull depend on server-side bucket mapping for the target scope.
 
-**Managing Additional Remotes**
-
-You can add more remotes later for multi-environment workflows (development, staging, production):
+That usually means a steward/admin has already done something like:
 
 ```bash
-# Add staging remote
-git drs remote add gen3 staging \
-    --cred /path/to/staging-credentials.json \
-    --url https://staging.calypr.ohsu.edu \
-    --project staging-project \
-    --bucket staging-bucket
-
-# View all remotes
-git drs remote list
+git drs bucket add production \
+  --bucket cbds \
+  --region us-east-1 \
+  --access-key "$AWS_ACCESS_KEY_ID" \
+  --secret-key "$AWS_SECRET_ACCESS_KEY"
+
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/htan-int/bforepc
+```
 
-# Switch default remote
-git drs remote set staging
+End users generally should not need to know the bucket name.
 
-# Or use specific remote for one command
-git drs push production
-git drs fetch staging
-```
+## Credentials
 
-## File Tracking
+For Gen3-backed deployments:
 
-Git DRS can use Git LFS-compatible pointers and local object storage. You must explicitly track file patterns before adding LFS-managed files.
+- obtain a credential JSON or token from the target data commons
+- the common path is: log in -> profile -> create API key -> download JSON
+- refresh it when it expires
+- re-run `git drs remote add gen3 ... --cred ...` when you need to refresh the stored profile
 
-### View Current Tracking
+Example:
 
 ```bash
-git lfs track
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
 ```
 
-### Track Files
+## Managing Additional Remotes
 
-**Single File**
+You can add multiple remotes for multi-environment workflows.
 
 ```bash
-git lfs track path/to/specific-file.txt
-git add .gitattributes
+git drs remote add gen3 staging HTAN_INT/BForePC --cred /path/to/staging-credentials.json
+git drs remote list
+git drs remote set staging
 ```
 
-**File Pattern**
+Or target a non-default remote for a single command:
 
 ```bash
-git lfs track "*.bam"
-git add .gitattributes
+git drs push production
+git drs copy-records staging production HTAN_INT/BForePC
 ```
 
-**Directory**
+## Track Files
+
+Track file types or paths you want managed by `git-drs`:
 
 ```bash
-git lfs track "data/**"
+git drs track "*.bam"
 git add .gitattributes
 ```
 
-### Untrack Files
+You can also track explicit paths or path globs:
 
 ```bash
-# View tracked patterns
-git lfs track
-
-# Remove pattern
-git lfs untrack "*.bam"
-
-# Stage changes
+git drs track "data/**"
 git add .gitattributes
 ```
 
-## Basic Workflows
+View current tracking:
+
+```bash
+git drs track
+```
 
-### Adding and Pushing Files
+Stop tracking patterns:
 
 ```bash
-# Track file type (if not already tracked)
-git lfs track "*.bam"
+git drs untrack "*.bam"
 git add .gitattributes
+```
 
-# Add your file
-git add myfile.bam
-
-# Verify LFS is tracking it
-git lfs ls-files
+## Add, Commit, and Push
 
-# Commit and push
-git commit -m "Add new data file"
+```bash
+git add sample.bam
+git commit -m "Add sample"
 git push
 ```
 
-> **Note**: Git DRS automatically creates DRS records during commit and uploads files to the default remote during push.
+`git-drs` handles pointer/object registration behavior around the Git workflow.
 
-### Downloading Files
+## Inspect Tracked Files
 
-**Single File**
+Use `ls-files` as the local inventory command:
 
 ```bash
-git lfs pull -I path/to/file.bam
+git drs ls-files
+git drs ls-files -l
+git drs ls-files --drs
+git drs ls-files -I "*.bam"
 ```
 
-**Pattern**
+Interpretation:
 
-```bash
-git lfs pull -I "*.bam"
-```
-
-**All Files**
+- `*` means localized/hydrated in the worktree
+- `-` means the worktree still contains a pointer
 
-```bash
-git lfs pull
-```
+## Hydrate Files
 
-**Directory**
+Use `git drs pull` only for hydration.
 
 ```bash
-git lfs pull -I "data/**"
+git drs pull
+git drs pull -I "*.bam"
+git drs pull -I "results/**" -I "*.txt"
 ```
 
-### Checking File Status
-
-```bash
-# List all LFS-tracked files
-git lfs ls-files
+Important:
 
-# Check specific pattern
-git lfs ls-files -I "*.bam"
+- `git drs pull` does not run `git pull`
+- run plain `git pull` yourself when you want new commits/trees
+- then run `git drs pull` if you need to hydrate pointer files in the checkout
 
-# View localization status
-# (-) = not localized, (*) = localized
-git lfs ls-files
-```
+## Add Existing Bucket Objects
 
-## Working with Cloud Object URLs
-
-You can add references to existing bucket objects without copying them:
+If the object already exists in provider storage, use `add-url`:
 
 ```bash
 # Track the file pattern first
-git lfs track "myfile.txt"
+git drs track "myfile.txt"
 git add .gitattributes
 
 # Add object reference (known sha256 path)
-git drs add-url s3://bucket/path/to/file \
+git drs add-url s3://bucket/path/to/file myfile.txt \
   --sha256 <file-hash>
 
-# Or use unknown-sha (experimental sentinel mode)
-git drs add-url s3://bucket/path/to/file
+# Or use unknown-sha
+git drs add-url s3://bucket/path/to/file myfile.txt
 
 # Commit and push
+git add myfile.txt
 git commit -m "Add S3 file reference"
 git push
 ```
 
-See [Cloud URL Integration Guide](adding-s3-files.md) for detailed examples.
-
-## Configuration Management
-
-### View Configuration
+Scoped bucket-key mode also works:
 
 ```bash
-git drs remote list
+git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
+git commit -m "Add bucket-backed object reference"
+git push
 ```
 
-### Update Configuration
+Explicit provider URL mode also works:
 
 ```bash
-# Refresh credentials - re-add remote with new credentials
-git drs remote add gen3 production \
-    --cred /path/to/new-credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
-
-# Switch default remote
-git drs remote set staging
+git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
 ```
 
-### View Logs
+## Session Workflow
 
-- Logs location: `.git/drs/` directory
+> **Note:** You do not need to run `git drs init` again. Initialization is a one-time setup per local repository clone.
 
-## Command Summary
+For a normal work session:
 
-| Action             | Commands                                    |
-| ------------------ | ------------------------------------------- |
-| **Initialize**     | `git drs init`                              |
-| **Add remote**     | `git drs remote add gen3 <name> --cred...` |
-| **View remotes**   | `git drs remote list`                       |
-| **Set default**    | `git drs remote set <name>`                 |
-| **Track files**    | `git lfs track "pattern"`                   |
-| **Check tracked**  | `git lfs ls-files`                          |
-| **Add files**      | `git add file.ext`                          |
-| **Commit**         | `git commit -m "message"`                   |
-| **Push**           | `git push`                                  |
-| **Download**       | `git lfs pull -I "pattern"`                 |
+1. Refresh credentials if needed
 
-## Session Workflow
+   ```bash
+   git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
+   ```
+
+2. Update Git history if needed
+
+   ```bash
+   git pull
+   ```
 
-> **Note**: You do NOT need to run `git drs init` again. Initialization is a one-time setup per Git repository clone.
+3. Hydrate tracked files if needed
 
-For each work session:
+   ```bash
+   git drs pull
+   ```
 
-1. **Refresh credentials** (if expired - credentials expire after 30 days)
+4. Work with files normally
 
    ```bash
-   git drs remote add gen3 production \
-       --cred /path/to/new-credentials.json \
-       --url https://calypr-public.ohsu.edu \
-       --project my-project \
-       --bucket my-bucket
+   git add ...
+   git commit -m "..."
+   git push
    ```
 
-2. **Work with files** (track, add, commit, push)
+## Configuration Management
+
+View current remote configuration:
+
+```bash
+git drs remote list
+```
+
+Refresh or update credentials by re-adding the remote:
+
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
+```
 
 ## Local DRS Server Setup
 
-Use this flow when developing against a local `drs-server` instead of hosted Gen3.
+Use this flow when developing against a local Syfon/DRS server instead of a hosted Gen3 deployment.
 
-1. **Initialize repo**
+1. Initialize the repo:
 
    ```bash
    git drs init
    ```
 
-2. **Add local remote**
+2. Add the local remote:
 
    ```bash
-   git drs remote add local origin http://localhost:8080 \
-       --organization calypr \
-       --project end_to_end_test \
-       --bucket cbds \
-       --username drs-user \
-       --password drs-pass
+   git drs remote add local origin http://localhost:8080
    ```
 
-   If your local server has no basic auth, omit `--username/--password`.
+   If your local server requires basic auth, include the local auth flags supported by that command.
 
-3. **Track and push**
+3. Track and push:
 
    ```bash
-   git lfs track "*.bin"
+   git drs track "*.bin"
    git add .gitattributes data/example.bin
    git commit -m "Add local DRS test file"
    git drs push
    ```
 
-4. **Verify pull**
+4. Verify hydration:
 
    ```bash
    git drs pull
-   # or the Git LFS compatibility path
-   git lfs pull
    ```
 
-For complete local/remote mode behavior and e2e runbooks, see [E2E Modes + Local Setup](e2e-modes-and-local-setup.md).
+For full local/remote runbooks, see [E2E Modes + Local Setup](e2e-modes-and-local-setup.md).
 
-3. **Download files as needed**
+## Copy Metadata Between Remotes
 
-   ```bash
-   git lfs pull -I "required-files*"
-   ```
+Use `copy-records` to copy Syfon metadata records between remotes for a single scope:
 
-## Next Steps
+```bash
+git drs copy-records dev prod HTAN_INT/BForePC
+```
+
+Or let the default remote be the source:
+
+```bash
+git drs copy-records prod HTAN_INT/BForePC
+```
+
+This copies metadata only. It does not copy object bytes between buckets.
+
+## Common Flow Summary
+
+```bash
+git drs install
+git drs init
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+git drs track "*.bam"
+git add .gitattributes
+git add sample.bam
+git commit -m "Add sample"
+git push
+git drs ls-files
+git drs pull -I "*.bam"
+```
 
-- [Commands Reference](commands.md) - Complete command documentation
-- [Troubleshooting](troubleshooting.md) - Common issues and solutions
-- [Developer Guide](developer-guide.md) - Advanced usage and internals
+For command details, see [commands.md](commands.md).
diff --git a/docs/installation.md b/docs/installation.md
index 723303d7..0f111459 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -4,21 +4,7 @@ This guide covers installation of Git DRS across different environments and targ
 
 ## Prerequisites
 
-All installations require [Git LFS](https://git-lfs.com/) to be installed first:
-
-```bash
-# macOS
-brew install git-lfs
-
-# Linux (download binary)
-wget https://github.com/git-lfs/git-lfs/releases/download/v3.7.0/git-lfs-linux-amd64-v3.7.0.tar.gz
-tar -xvf git-lfs-linux-amd64-v3.7.0.tar.gz
-export PREFIX=$HOME
-./git-lfs-v3.7.0/install.sh
-
-# Configure LFS
-git lfs install --skip-smudge
-```
+Git DRS requires Git to be installed. Install Git DRS using the steps below, then run `git drs install` to configure Git filters.
 
 ## Local Installation (Gen3 Server)
 
@@ -33,9 +19,9 @@ git lfs install --skip-smudge
 
 2. **Update PATH**
    ```bash
-   # Add to ~/.bash_profile or ~/.zshrc
+   # Add to your shell startup file (for example ~/.zshrc, ~/.bashrc, or ~/.profile)
    export PATH="$PATH:$HOME/.local/bin"
-   source ~/.bash_profile  # or source ~/.zshrc
+   source ~/.zshrc  # or source your shell startup file
    ```
 
 3. **Verify Installation**
@@ -61,27 +47,7 @@ git lfs install --skip-smudge
 
 ### Steps
 
-1. **Install Git LFS on HPC**
-   ```bash
-   # Download and install Git LFS
-   wget https://github.com/git-lfs/git-lfs/releases/download/v3.7.1/git-lfs-linux-amd64-v3.7.1.tar.gz
-   tar -xvf git-lfs-linux-amd64-v3.7.1.tar.gz
-   export PREFIX=$HOME
-   ./git-lfs-3.7.1/install.sh
-   
-   # Make permanent
-   echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bash_profile
-   source ~/.bash_profile
-   
-   # Configure
-   git lfs install --skip-smudge
-   
-   # Cleanup
-   rm git-lfs-linux-amd64-v3.7.0.tar.gz
-   rm -r git-lfs-3.7.0/
-   ```
-
-2. **Configure Git/SSH (if needed)**
+1. **Configure Git/SSH (if needed)**
    ```bash
    # Generate SSH key
    ssh-keygen -t ed25519 -C "your_email@example.com"
@@ -94,7 +60,7 @@ git lfs install --skip-smudge
    cat ~/.ssh/id_ed25519.pub
    ```
 
-3. **Install Git DRS**
+2. **Install Git DRS**
    ```bash
    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)"
    
@@ -103,7 +69,7 @@ git lfs install --skip-smudge
    source ~/.bash_profile
    ```
 
-4. **Verify Installation**
+3. **Verify Installation**
    ```bash
    git-drs version
    git drs install
@@ -133,8 +99,6 @@ After installation, verify your setup:
 # Check Git DRS version
 git-drs version
 
-# Check Git LFS
-git lfs version
 
 # View configured remotes (after setup)
 git drs remote list
diff --git a/docs/precommit-cache-addurl-prepush.md b/docs/precommit-cache-addurl-prepush.md
index fe77ec08..924050c3 100644
--- a/docs/precommit-cache-addurl-prepush.md
+++ b/docs/precommit-cache-addurl-prepush.md
@@ -5,10 +5,10 @@ Proposed
 
 ## Context
 `cmd/precommit` now maintains a local cache under `.git/drs/pre-commit/v1` that records:
-- path → LFS OID in `paths/<encoded-path>.json`
+- path → OID in `paths/<encoded-path>.json`
 - OID → paths + URL hint in `oids/<oid-hash>.json`
 
-`precommit_cache` provides read helpers for this cache and is intended to let the pre-push hook validate against authoritative sources while using cached hints to avoid re-scanning worktrees. `cmd/addurl` currently writes the LFS pointer and DRS files but does not update the pre-commit cache. `cmd/prepush` currently computes updates without consulting the cache. This means:
+`precommit_cache` provides read helpers for this cache and is intended to let the pre-push hook validate against authoritative sources while using cached hints to avoid re-scanning worktrees. `cmd/addurl` currently writes the pointer and DRS files but does not update the pre-commit cache. `cmd/prepush` currently computes updates without consulting the cache. This means:
 - `add-url`-created objects are invisible to cache-aware workflows unless a pre-commit hook runs later.
 - `pre-push` cannot leverage cached OID/path/url hints or detect mismatches early.
 
@@ -16,7 +16,7 @@ Proposed
 Update `cmd/addurl` and `cmd/prepush` to integrate with the pre-commit cache, while preserving the current fallback behavior when the cache is missing or stale.
 
 ### Changes required in `cmd/addurl`
-1. **Write cache entries after LFS pointer creation**
+1. **Write cache entries after pointer creation**
    - Create/update the path entry (`paths/<encoded-path>.json`) using the same encoding as `cmd/precommit` (`base64.RawURLEncoding` of the repo-relative path).
    - Create/update the OID entry (`oids/<oid-hash>.json`) using the same OID hashing (`sha256(oid string)`), ensuring the `paths` list includes the new path.
 2. **Persist the external URL hint**
@@ -30,13 +30,13 @@ Update `cmd/addurl` and `cmd/prepush` to integrate with the pre-commit cache, wh
 
 ### Changes required in `cmd/prepush`
 1. **Use `precommit_cache` to seed work**
-   - Open the cache early and, when available, use it to map pushed paths/branches to their LFS OIDs and cached URL hints.
+   - Open the cache early and, when available, use it to map pushed paths/branches to their OIDs and cached URL hints.
    - If the cache is missing or entries are stale, fall back to current discovery/update logic.
 2. **Validate cached URL hints**
    - When `updateDrsObjects` resolves authoritative URLs, compare them to cached hints via `precommit_cache.CheckExternalURLMismatch`.
    - Warn (or fail, depending on policy) on mismatches to surface potentially stale or incorrect metadata before pushing.
 3. **Prefer cache data for DRS updates**
-   - Use cached OIDs/paths to reduce redundant file scans for LFS pointers.
+   - Use cached OIDs/paths to reduce redundant file scans for pointers.
    - Carry cached `external_url` into DRS metadata when authoritative sources are unavailable, while still treating it as non-authoritative.
 
 ## Consequences
diff --git a/docs/precommit.md b/docs/precommit.md
index 91682b6c..89bb318d 100644
--- a/docs/precommit.md
+++ b/docs/precommit.md
@@ -16,11 +16,11 @@ This repository uses a **local, non-versioned cache** under:
 .git/drs/pre-commit/
 ```
 
-to support fast, offline-friendly workflows for **Git LFS–tracked files**.
+to support fast, offline-friendly workflows for **Git DRS–tracked files**.
 
 The cache is:
 
-* **LFS-only**
+* **pointer-only**
 * **non-authoritative**
 * **local to a working copy**
 * **never committed to Git**
@@ -44,7 +44,7 @@ Its sole purpose is to bridge the gap between:
 * Updates `.git/drs/pre-commit` cache
 * Never performs network I/O
 * Never queries DRS or DRS
-* Ignores all non-LFS files
+* Ignores all non-tracked files
 
 ### `precommit_cache` (helper library)
 
@@ -61,7 +61,7 @@ Its sole purpose is to bridge the gap between:
 
 ## Cache Scope (Important)
 
-Only files whose **staged content** is a valid Git LFS pointer are in scope:
+Only files whose **staged content** is a valid Git DRS pointer are in scope:
 
 ```
 version https://git-lfs.github.com/spec/v1
@@ -112,7 +112,7 @@ The cache models **three non-authoritative relationships**:
 3. **OID → External URL (hint)**
 
 All are **hints only**.
-The authoritative source of truth lives on the server (DRS / DRS).
+The authoritative source of truth lives on the server (DRS).
 
 ---
 
@@ -122,7 +122,7 @@ The authoritative source of truth lives on the server (DRS / DRS).
 
 `v1/paths/<encoded-path>.json`
 
-Represents the **currently staged** LFS object at a given working-tree path.
+Represents the **currently staged** DRS object at a given working-tree path.
 
 ```json
 {
@@ -135,7 +135,7 @@ Represents the **currently staged** LFS object at a given working-tree path.
 Notes:
 
 * `path` is repo-relative
-* `lfs_oid` comes from the staged LFS pointer
+* `lfs_oid` comes from the staged DRS pointer
 * Updated on:
 
     * add
@@ -149,7 +149,7 @@ Notes:
 
 `v1/oids/<oid-hash>.json`
 
-Represents **advisory information** about an LFS object.
+Represents **advisory information** about a DRS object.
 
 ```json
 {
@@ -187,16 +187,16 @@ Used to record deleted paths for potential GC or debugging.
 
 ## Pre-Commit Behavior (What Happens Automatically)
 
-### Add / Modify LFS File
+### Add / Modify Tracked File
 
-* Extracts LFS OID from staged pointer
+* Extracts OID from staged pointer
 * Updates:
 
     * `paths/<path>.json`
     * `oids/<oid>.json`
 * Preserves any existing `external_url` hint
 
-### Rename / Move LFS File
+### Rename / Move Tracked File
 
 * Moves `paths/<old>.json` → `paths/<new>.json`
 * Updates OID entry paths list
@@ -291,7 +291,7 @@ url, ok, err := cache.LookupExternalURLByOID(oid)
 
 * Hint only
 * May be stale or missing
-* Must be validated against DRS / DRS
+* Must be validated against DRS
 
 ---
 
@@ -322,7 +322,7 @@ Used by pre-push to compare local hints with server truth.
 ## Intended Pre-Push Usage Pattern
 
 1. Determine commit range from pre-push stdin
-2. Enumerate **LFS OIDs** referenced by pushed commits
+2. Enumerate **OIDs** referenced by pushed commits
 3. For each OID:
 
     * Optionally read local hints from `precommit_cache`
@@ -377,9 +377,7 @@ sequenceDiagram
   participant PC as pre-commit hook (cmd/precommit)
   participant Cache as .git/drs/pre-commit (local cache)
   participant PP as pre-push hook
-  participant LFS as git-lfs
   participant IDX as DRS (authoritative)
-  participant DRS as DRS (authoritative)
 
   Dev->>Git: git add <files>
   Dev->>Git: git commit
@@ -387,10 +385,10 @@ sequenceDiagram
   Git->>PC: invoke pre-commit (no stdin)
   PC->>Git: git diff --cached --name-status -M
   PC->>Git: git show :<path> (staged pointer)
-  alt staged file is LFS pointer
+  alt staged file is DRS pointer
     PC->>Cache: write paths/<encoded-path>.json (path -> oid)
     PC->>Cache: upsert oids/<oid-hash>.json (oid -> paths[] + external_url hint)
-  else non-LFS file
+  else non-tracked file
     PC-->>Git: ignore (out of scope)
   end
   PC-->>Git: exit 0 (commit proceeds)
@@ -398,13 +396,10 @@ sequenceDiagram
   Dev->>Git: git push <remote> <ref>
   Git->>PP: invoke pre-push (stdin: ref updates)
   PP->>PP: compute commit ranges from stdin
-  PP->>LFS: enumerate LFS OIDs referenced by pushed commits
+  PP->>IDX: enumerate OIDs referenced by pushed commits
   loop for each required OID
     PP->>Cache: lookup external_url hint (optional)
     PP->>IDX: resolve by sha256 (OID) -> object_id + urls[]
-    opt DRS resolution
-      PP->>DRS: resolve by object_id -> access_methods[]
-    end
     alt OID not resolvable
       PP-->>Git: fail push (exit non-zero)
     else resolvable
@@ -418,7 +413,7 @@ sequenceDiagram
 
 ## Summary
 
-> `.git/drs/pre-commit` is a **local, LFS-only, non-authoritative cache** that tracks
+> `.git/drs/pre-commit` is a **local, pointer-only, non-authoritative cache** that tracks
 > **path ↔ OID ↔ external URL hints** to support rename, undo, and offline workflows.
 >
 > `precommit_cache` provides safe, read-only access to this cache for enforcement at pre-push.
@@ -426,5 +421,5 @@ sequenceDiagram
 If you want, I can also:
 
 * add **inline Go doc comments** suitable for `pkg.go.dev`
-* generate a **sequence diagram** (commit → cache → push → DRS/DRS)
+* generate a **sequence diagram** (commit → cache → push → DRS)
 * or write a **pre-push reference implementation** that uses these helpers end-to-end
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 01ff0f3b..c0b77c7b 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -1,247 +1,166 @@
 # Troubleshooting
 
-Common issues and solutions when working with Git DRS.
+Common issues and solutions for the cleaned `git-drs` CLI.
 
-> **Navigation:** [Getting Started](getting-started.md) → [Commands Reference](commands.md) → **Troubleshooting**
+> **Navigation:** [Getting Started](getting-started.md) -> [Commands Reference](commands.md) -> **Troubleshooting**
 
 ## Frequently Asked Questions
 
 ### Do I need to run `git drs init` each time?
 
-**No.** `git drs init` is set up once per Git repo.
+No.
 
-**Run it once when:**
+`git drs init` is repository setup. Run it once per local clone unless you are deliberately reinitializing the repo.
 
-- You first clone a repository
-- You create a new repository
+Run it when:
 
-**Don't run it again:**
+- you first clone a repository and need local `git-drs` setup
+- you create a new repository and want to enable `git-drs`
 
-- At the start of each work session
-- After refreshing credentials
-- After pulling updates
+Do not run it every session:
 
-**What it does:**
+- not at the start of normal daily work
+- not after refreshing credentials
+- not after `git pull`
 
-- Sets up `.drs/` directory structure
-- Configures Git LFS hooks
-- Updates `.gitignore`
+What it changes:
 
-These changes persist in your local repository. For subsequent sessions, you only need to refresh credentials if they've expired (every 30 days).
+- creates `.git/drs/` repository-local state
+- sets up `git-drs` repository configuration and hooks
+- prepares the repo for managed pointer/register/hydration behavior
 
-### What to do if you run `git drs init` again
+### What if I run `git drs init` again?
 
-Running `git drs init` a second time is usually harmless but unnecessary. It may re-create the `\`.git/drs/\`` directory, re-install hooks, or modify `\`.gitattributes\`` and `\`.gitignore\``. If you ran it accidentally, follow these steps:
+Usually nothing catastrophic, but it is unnecessary.
 
-1. Inspect what changed
-   - `git status`
-   - `git diff` (or `git diff -- <file>` for a specific file, e.g. `\`.gitignore\``)
+If you did it accidentally:
 
-2. If changes are fine
-   - No action required; commit the intended changes or leave them uncommitted.
+1. inspect what changed
 
-3. If you want to discard uncommitted changes
-   - Restore specific files: `git restore --staged \`.gitignore\`` && `git restore \`.gitignore\``
-   - Restore all working-tree changes: `git restore .`
-   - Or (destructive) reset everything: `git reset --hard`  \- use with caution.
-
-4. If you already committed the unintended changes
-   - Undo the last commit but keep changes staged: `git reset --soft HEAD~1`
-   - Or remove the commit and working changes: `git reset --hard HEAD~1`  \- use with caution.
-   - See the "Undo Last Commit" section above for alternatives.
-
-5. Hooks or credentials issues
-   - If hooks were replaced or credentials need refresh, run `git drs init` with the correct `--cred`/`--profile` options, or re-add the remote with `git drs remote add`.
-
-Summary: inspect with `git status`/`git diff`, then either accept, manually edit, or revert the changes using standard `git restore` / `git reset` commands.
-
-
-## When to Use Which Tool
-
-Understanding when to use Git, Git LFS, or Git DRS commands:
-
-### Git DRS Commands
-
-**Use for**: Repository and remote configuration
-
-- `git drs init` - Initialize Git LFS hooks
-- `git drs remote add` - Configure DRS server connections
-- `git drs remote list` - View configured remotes
-- `git drs add-url` - Add cloud object references
-
-**When**:
-
-- Setting up a new repository
-- Adding/managing DRS remotes
-- Refreshing expired credentials
-- Adding external file references
-
-### Git LFS Commands
-
-**Use for**: File tracking and management
-
-- `git lfs track` - Define which files to track
-- `git lfs ls-files` - See tracked files and status
-- `git lfs pull` - Download specific files
-- `git lfs untrack` - Stop tracking file patterns
-
-**When**:
-
-- Managing which files are stored externally
-- Downloading specific files
-- Checking file localization status
+   ```bash
+   git status
+   git diff
+   ```
 
-### Standard Git Commands
+2. if the changes are harmless, leave them alone or commit what you intended
 
-**Use for**: Version control operations
+3. if you want to discard the uncommitted changes, use normal Git restore/reset flow carefully
 
-- `git add` - Stage files for commit
-- `git commit` - Create commits
-- `git push` - Upload commits and trigger file uploads
-- `git pull` - Get latest commits
+4. if hooks or repo-local state were repaired intentionally, keep the changes
 
-**When**:
+The right default is: inspect first, then decide whether anything actually needs to be reverted.
 
-- Normal development workflow
-- Git DRS runs automatically in the background
+### What does `git drs init` actually change?
 
-## Common Error Messages
+It prepares repository-local `git-drs` state:
 
-## Git LFS-Oriented Troubleshooting Guide (Commit/Push/Clone/Pull)
+- `.git/drs/` metadata/state
+- hook/config wiring for `git-drs` workflows
+- the repo-local setup needed for pointer/register/hydration behavior
 
-The checks below prioritize Git LFS guidance and documentation because Git DRS relies on Git LFS for large-file handling. If you run into issues, start with the Git LFS troubleshooting docs and logs, then move to Git DRS-specific configuration checks. Primary references: the Git LFS troubleshooting guide and the Git LFS documentation for installation, tracking, and environment variables:  
+Those changes persist in the clone. They are not something you redo per session.
 
-- Git LFS troubleshooting: https://github.com/git-lfs/git-lfs/wiki/Troubleshooting  
-- Git LFS docs: https://github.com/git-lfs/git-lfs/tree/main/docs  
+## When to Use Which Tool
 
-### Failed Commit (Git LFS hooks or pointer issues)
+### Use `git-drs` for
 
-1. **Confirm Git LFS is installed and hooks are active**  
-   - Run: `git lfs version` and `git lfs env`  
-   - If `git lfs env` reports `git lfs install` is needed, run `git lfs install` to re-install hooks.  
-   - This is the most common cause of commits failing to convert large files into LFS pointers.  
+- repository-local `git-drs` setup
+- remote configuration
+- tracking rules
+- object hydration
+- DRS/Syfon metadata-oriented workflows
 
-2. **Check whether the file was tracked before the commit**  
-   - Run: `git lfs track` and confirm the file pattern is listed.  
-   - If not tracked, add it (`git lfs track "*.bam"`) and stage `.gitattributes`.  
+Examples:
 
-3. **Verify the file is staged as an LFS pointer**  
-   - Run: `git lfs ls-files` to confirm the file is listed.  
-   - If a large file was added to Git history directly, remove it from the index and re-add it after tracking.  
+- `git drs init`
+- `git drs remote add gen3 ...`
+- `git drs track`
+- `git drs ls-files`
+- `git drs pull`
+- `git drs add-url`
+- `git drs copy-records`
 
-4. **Review Git LFS logs for hook errors**  
-   - Run: `git lfs logs last` to inspect hook failures.  
-   - Common errors include missing filters or file locking issues.  
+### Use normal Git for
 
-### Failed Push (LFS uploads, auth, or bandwidth issues)
+- branch and commit movement
+- staging and committing
+- ordinary ref push/pull operations
 
-1. **Check Git LFS authentication and endpoint configuration**  
-   - Run: `git lfs env` and confirm `Endpoint` values are correct.  
-   - If tokens are expired, refresh credentials and re-run the push.  
+Examples:
 
-2. **Retry with LFS verbose logging**  
-   - Run: `GIT_TRACE=1 GIT_CURL_VERBOSE=1 git lfs push --all`  
-   - Use this output to identify `403/401` auth issues or proxy errors.  
+- `git add`
+- `git commit`
+- `git push`
+- `git pull`
 
-3. **Confirm the LFS objects exist locally**  
-   - Run: `git lfs ls-files` and ensure your large files are listed.  
-   - Missing objects indicate a tracking or filter issue before the push.  
+## First Principles
 
-4. **Validate the remote supports Git LFS**  
-   - Run: `git lfs env` to confirm the remote endpoint.  
-   - Some Git servers require explicit LFS enablement or URL configuration.  
+Before debugging behavior, keep the command split straight:
 
-### Failed Clone (LFS objects missing or blocked)
+- `git pull`
+  - updates commits, branches, and checkout state
+- `git drs pull`
+  - hydrates tracked pointer files already present in the current checkout
+- `git drs ls-files`
+  - shows tracked files and localization state
 
-1. **Confirm LFS objects were fetched**  
-   - After clone, run: `git lfs pull` to fetch large files.  
-   - If the repo only has LFS pointers, you will see pointer files until you pull.  
+If you blur those together, the failure modes get confusing.
 
-2. **Check LFS smudge/clean filters**  
-   - Run: `git lfs env` and verify `git-lfs` filters are enabled.  
-   - If not, run `git lfs install` and re-run `git lfs pull`.  
+## Common Error Patterns
 
-3. **Validate access and authentication**  
-   - `git lfs env` will show which endpoint is used; 401/403 errors point to invalid credentials.  
+### Failed commit or pointer conversion issues
 
-4. **Inspect LFS logs for download errors**  
-   - Run: `git lfs logs last` for the most recent transfer errors.  
+Check these in order:
 
-### Failed Pull (LFS fetch/checkout issues)
+1. confirm the file pattern was tracked before the add/commit flow
 
-1. **Run `git lfs pull` separately**  
-   - This isolates LFS download errors from Git merge errors.  
+   ```bash
+   git drs track
+   ```
 
-2. **Check LFS file locking or concurrent transfers**  
-   - If your Git host uses LFS file locking, verify the file is not locked by another user.  
+2. confirm `.gitattributes` was staged after changing tracking rules
 
-3. **Review filters and tracking**  
-   - Run: `git lfs track` to ensure required patterns are present.  
-   - If a file type is newly tracked, re-run `git add .gitattributes` and commit.  
+   ```bash
+   git status
+   ```
 
-4. **Check for storage or bandwidth limits**  
-   - Some Git LFS hosts enforce quotas; errors will show in `git lfs logs last`.  
+3. confirm the file shows up in the tracked inventory
 
-### Authentication Errors
+   ```bash
+   git drs ls-files
+   ```
 
-**Error**: `Upload error: 403 Forbidden` or `401 Unauthorized`
+4. inspect `.git/drs/` logs if the hook path failed
 
-**Cause**: Expired or invalid credentials
+### Failed push: upload, register, or auth
 
-**Solution**:
+Check:
 
 ```bash
-# Download new credentials from your data commons
-# Then refresh them by re-adding the remote
-git drs remote add gen3 production \
-    --cred /path/to/new-credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
+git drs remote list
+git drs ls-files --drs
 ```
 
-**Prevention**:
+Then retry with higher Git/HTTP verbosity if needed:
 
-- Credentials expire after 30 days
-- Set a reminder to refresh them regularly
-
----
-
-**Error**: `Upload error: 503 Service Unavailable`
-
-**Cause**: DRS server is temporarily unavailable or credentials expired
-
-**Solutions**:
-
-1. Wait and retry the operation
-2. Refresh credentials:
-   ```bash
-   git drs remote add gen3 production \
-       --cred /path/to/credentials.json \
-       --url https://calypr-public.ohsu.edu \
-       --project my-project \
-       --bucket my-bucket
-   ```
-3. If persistent, download new credentials from the data commons
-
-### Network Errors
-
-**Error**: `net/http: TLS handshake timeout`
-
-**Cause**: Network connectivity issues
+```bash
+GIT_TRACE=1 GIT_CURL_VERBOSE=1 git push
+```
 
-**Solution**:
+### Failed clone or fresh checkout still has pointer files
 
-- Simply retry the command
-- These are usually temporary network issues
+That usually just means hydration has not happened yet.
 
----
+Run:
 
-**Error**: Git push timeout during large file uploads
+```bash
+git drs init
+git drs pull
+```
 
-**Cause**: Long-running operations timing out
+### Network timeout during push or download
 
-**Solution**: Add to `~/.ssh/config`:
+If you use SSH remotes, keepalives help:
 
 ```
 Host github.com
@@ -249,297 +168,195 @@ Host github.com
     ServerAliveInterval 30
 ```
 
-### File Tracking Issues
+## Common Problems
 
-**Error**: Files not being tracked by LFS
+### `git drs pull` did not update my branch
 
-**Symptoms**:
+That is expected.
 
-- Large files committed directly to Git
-- `git lfs ls-files` doesn't show your files
+`git drs pull` no longer runs `git pull`.
 
-**Solution**:
+Use:
 
 ```bash
-# Check what's currently tracked
-git lfs track
-
-# Track your file type
-git lfs track "*.bam"
-git add .gitattributes
-
-# Remove from Git and re-add
-git rm --cached large-file.bam
-git add large-file.bam
-git commit -m "Track large file with LFS"
+git pull
+git drs pull
 ```
 
----
+### `git drs ls-files` does not show my file
 
-**Error**: `[404] Object does not exist on the server`
+Check these in order:
 
-**Symptoms**:
-
-- After clone, git pull fails
-
-**Solution**:
+1. is the path actually tracked?
 
 ```bash
-# confirm repo has complete configuration
-git drs list-config
-
-# init your git drs project
-git drs init --cred /path/to/cred/file --profile <name>
-
-# attempt git pull again
-git lfs pull -I path/to/file
+git drs track
 ```
 
----
-
-**Error**: `git lfs ls-files` shows files but they won't download
-
-**Cause**: Files may not have been properly uploaded or DRS records missing
-
-**Solution**:
+2. did you stage `.gitattributes` after adding the pattern?
 
 ```bash
-# Check repository status
-git drs list-config
-
-# Try pulling with verbose output
-git lfs pull -I "problematic-file*" --verbose
-
-# Check logs
-cat .git/drs/*.log
+git add .gitattributes
 ```
 
-### Configuration Issues
-
-**Error**: `git drs remote list` shows empty or incomplete configuration
-
-**Cause**: Repository not properly initialized or no remotes configured
-
-**Solution**:
+3. is the file part of the current checkout?
 
 ```bash
-# Initialize repository if needed
-git drs init
+git ls-files -- path/to/file
+```
 
-# Add Gen3 remote
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
+4. inspect the local view:
 
-# Verify configuration
-git drs remote list
+```bash
+git drs ls-files -l
 ```
 
----
+### `git drs pull` does nothing
 
-**Error**: Configuration exists but commands fail
+That usually means one of these:
 
-**Cause**: Mismatched configuration between global and local settings, or expired credentials
+- the current checkout already has localized bytes
+- there are no tracked pointer files matching your include filters
+- the file is not tracked by `git-drs`
 
-**Solution**:
+Check:
 
 ```bash
-# Check configuration
-git drs remote list
-
-# Refresh credentials by re-adding the remote
-git drs remote add gen3 production \
-    --cred /path/to/new-credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
+git drs ls-files
+git drs ls-files -I "*.bam"
+git drs pull --dry-run -I "*.bam"
 ```
 
-### Remote Configuration Issues
-
-**Error**: `no default remote configured`
+### `git drs pull` still leaves pointer files
 
-**Cause**: Repository initialized but no remotes added yet
-
-**Solution**:
+Check DRS registration status:
 
 ```bash
-# Add your first remote (automatically becomes default)
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
+git drs ls-files --drs
 ```
 
----
-
-**Error**: `default remote 'X' not found`
+If the object is not registered or not resolvable from the configured remote, hydration cannot succeed.
 
-**Cause**: Default remote was deleted or configuration is corrupted
-
-**Solution**:
+Also confirm the remote configuration:
 
 ```bash
-# List available remotes
 git drs remote list
-
-# Set a different remote as default
-git drs remote set staging
-
-# Or add a new remote
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
 ```
 
----
+If needed, inspect the detailed logs:
 
-**Error**: Commands using wrong remote
+```bash
+ls -la .git/drs/
+```
 
-**Cause**: Default remote is not the one you want to use
+### `git drs remote add gen3` fails on bucket mapping
 
-**Solution**:
+Current shape:
 
 ```bash
-# Check current default
-git drs remote list
-
-# Option 1: Change default remote
-git drs remote set production
-
-# Option 2: Specify remote for single command
-git drs push staging
-git drs fetch production
+git drs remote add gen3 [remote-name] <organization/project> [--cred <file> | --token <token>]
 ```
 
-## Undoing Changes
-
-### Untrack LFS Files
+If this fails, the likely cause is missing bucket mapping for that scope.
 
-If you accidentally tracked the wrong files:
+That mapping is usually steward/admin setup, not something the end user invents ad hoc.
 
-```bash
-# See current tracking
-git lfs track
+### My credentials expired
 
-# Remove incorrect pattern
-git lfs untrack "wrong-dir/**"
+Refresh by re-adding the remote with a new credential file or token:
 
-# Add correct pattern
-git lfs track "correct-dir/**"
-
-# Stage the changes
-git add .gitattributes
-git commit -m "Fix LFS tracking patterns"
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
 ```
 
-### Undo Git Add
+### `git push` fails with upload or register errors
 
-Remove files from staging area:
+Check:
 
 ```bash
-# Check what's staged
-git status
-
-# Unstage specific files
-git restore --staged file1.bam file2.bam
-
-# Unstage all files
-git restore --staged .
+git drs remote list
+git drs ls-files --drs
 ```
 
-### Undo Last Commit
+Typical root causes:
 
-To retry a commit with different files:
+- expired credentials
+- wrong remote selected
+- missing server-side bucket mapping
+- object registration or upload permissions missing for the target scope
 
-```bash
-# Undo last commit, keep files in working directory
-git reset --soft HEAD~1
+### Files are not being tracked
 
-# Or undo and unstage files
-git reset HEAD~1
+Symptoms:
 
-# Or completely undo commit and changes (BE CAREFUL!)
-git reset --hard HEAD~1
-```
-
-### Remove Files from LFS History
+- large files were committed directly to Git
+- `git drs ls-files` does not show the file
 
-If you committed large files directly to Git by mistake:
+Recovery:
 
 ```bash
-# Remove from Git history (use carefully!)
-git filter-branch --tree-filter 'rm -f large-file.dat' HEAD
-
-# Then track properly with LFS
-git lfs track "*.dat"
+git drs track "*.bam"
 git add .gitattributes
-git add large-file.dat
-git commit -m "Track large file with LFS"
+git rm --cached large-file.bam
+git add large-file.bam
+git commit -m "Track large file with git-drs"
 ```
 
-## Diagnostic Commands
-
-### Check System Status
+### Cloned repo only has pointer files
 
-```bash
-# Git DRS version and help
-git-drs version
-git-drs --help
+That is normal.
 
-# Configuration
-git drs remote list
+After cloning:
 
-# Repository status
-git status
-git lfs ls-files
+```bash
+git drs init
+git drs pull
 ```
 
-### View Logs
+Or hydrate only what you need:
 
 ```bash
-# Git DRS logs (in repository)
-ls -la .git/drs/
-cat .git/drs/*.log
+git drs pull -I "*.bam"
 ```
 
-### Test Connectivity
+## Debugging Workflow
 
-```bash
-# Test basic Git operations
-git lfs pull --dry-run
+When behavior is unclear, use this sequence:
 
-# Test DRS configuration
+```bash
 git drs remote list
+git drs track
+git drs ls-files -l
+git drs ls-files --drs
+git drs pull --dry-run
 ```
 
-## Getting Help
+That usually tells you whether the problem is:
 
-### Log Analysis
+- tracking
+- hydration state
+- DRS registration
+- remote configuration
 
-When reporting issues, include:
+## Log and State Inspection
 
-```bash
-# System information
-git-drs version
-git lfs version
-git --version
+Useful checks:
 
-# Configuration
+```bash
 git drs remote list
-
-# Recent logs
-tail -50 .git/drs/*.log
+git drs track
+git drs ls-files -l
+git drs ls-files --drs
+ls -la .git/drs/
 ```
 
-## Prevention Best Practices
+## Removed Commands
+
+If you see old notes mentioning these, ignore them:
+
+- `git drs fetch`
+- `git drs list`
+- `git drs upload`
+- `git drs download`
 
-1. **Test in small batches** - Don't commit hundreds of files at once
-2. **Verify tracking** - Always check `git lfs ls-files` after adding files
-3. **Use .gitignore** - Prevent accidental commits of temporary files
-4. **Monitor repository size** - Keep an eye on `.git` directory size
+Those were removed from the cleaned CLI surface.

From 002ab10c389398dc81454012b33d9f2e0baa02c0 Mon Sep 17 00:00:00 2001
From: Matthew Peterkort <33436238+matthewpeterkort@users.noreply.github.com>
Date: Mon, 11 May 2026 15:29:20 -0700
Subject: [PATCH 4/7] Mirror git-drs CLI to be like LFS (#232)

* update git-drs cli to be LFS like

* remove sentinel, address issues

* add design doc

* add new command for migrating records, fix go.mod

* Fix ls-files inventory for hydrated tracked LFS files

* fix cli

* fix tests

* integrate git drs init into remote add

* address a bajillion outstanding issues

* fix tests

* fix test

* bump deps

* fix progress bar output styling

* add business logic for handling git-drs rm command

* fix tests

* bump deps

* clean up

* fix tests

* fix go mod

* fix tests
---
 .github/workflows/build.yaml                  |   1 -
 .github/workflows/pr-checks.yaml              |   1 -
 .github/workflows/syfon-backend-e2e.yaml      |   1 -
 .github/workflows/test.yaml                   |   1 -
 README.md                                     |  14 +-
 cmd/addurl/main_test.go                       |  36 +-
 cmd/addurl/service.go                         |  34 +-
 cmd/copyrecords/main.go                       | 350 ++++++++++++++
 cmd/copyrecords/main_test.go                  | 139 ++++++
 cmd/download/main.go                          | 100 ----
 cmd/fetch/fetch_test.go                       |  37 --
 cmd/fetch/main.go                             |  66 ---
 cmd/initialize/main.go                        | 152 ++++--
 cmd/initialize/main_test.go                   |  24 +
 cmd/list/main.go                              |  59 ---
 cmd/lsfiles/main.go                           | 199 ++++++--
 cmd/lsfiles/main_test.go                      | 217 +++++++--
 cmd/ping/main.go                              | 137 ++++++
 cmd/ping/main_test.go                         | 132 +++++
 cmd/precommit/main.go                         | 115 ++++-
 cmd/precommit/main_test.go                    |  79 +++
 cmd/prepush/io_helpers.go                     |  27 ++
 cmd/prepush/main.go                           | 139 +-----
 cmd/prepush/main_test.go                      |  13 +-
 cmd/prepush/pushed_refs.go                    |  76 +++
 cmd/pull/main.go                              | 142 +++---
 cmd/pull/pull_test.go                         |  85 +++-
 cmd/push/main.go                              |  40 +-
 cmd/push/main_test.go                         |  58 +++
 cmd/push/progress.go                          | 189 ++++++++
 cmd/push/progress_test.go                     |  73 +++
 cmd/remote/add/add_test.go                    |  91 +++-
 cmd/remote/add/gen3.go                        | 185 ++++++--
 cmd/remote/add/init.go                        |  15 +-
 cmd/remote/add/local.go                       |  88 +++-
 cmd/remote/add/local_test.go                  |  75 ++-
 cmd/remote/list.go                            |  22 +-
 cmd/remote/remote_test.go                     | 108 +++++
 cmd/remote/remove.go                          |  59 +++
 cmd/remote/root.go                            |   1 +
 cmd/rm/main.go                                |  58 +++
 cmd/rm/main_test.go                           |  54 +++
 cmd/root.go                                   |  17 +-
 cmd/upload/main.go                            |  99 ----
 ...-drs-endpoints-and-transfer-concurrency.md |   2 +-
 docs/TODO/git-drs-rm-semantics.md             | 155 ++++++
 docs/adding-s3-files.md                       |   2 +-
 docs/commands.md                              | 233 ++++++++-
 docs/drs-uri-canonical-identity.md            | 212 +++++++++
 docs/ga4gh-drs-scalability-gaps.md            | 195 ++++++++
 docs/getting-started.md                       |  89 ++--
 docs/troubleshooting.md                       |  59 ++-
 go.mod                                        |  12 +-
 go.sum                                        |  16 +-
 internal/config/config.go                     |  59 +++
 internal/config/config_test.go                |  30 ++
 internal/config/remote.go                     |  14 +-
 internal/drsdelete/git_history.go             |  98 ++++
 internal/drsdelete/live_refs.go               |  42 ++
 internal/drsdelete/reconcile.go               | 115 +++++
 internal/drsdelete/reconcile_test.go          | 167 +++++++
 internal/drsdelete/test_helpers_test.go       | 103 ++++
 internal/drsmap/drs_map.go                    |  36 +-
 internal/drsmap/drs_map_test.go               |  58 +--
 internal/drsobject/object.go                  |  26 +-
 internal/drsremote/remote.go                  |  72 +++
 internal/drsremote/remote_test.go             | 112 ++++-
 internal/drsremote/scope.go                   |  13 +-
 internal/gitrepo/bucket_scope.go              |   5 +-
 internal/lfs/inventory.go                     | 265 +++++++++--
 internal/lfs/inventory_test.go                | 120 ++++-
 internal/lfs/sentinel.go                      |  65 ---
 internal/lfs/sentinel_test.go                 |  66 ---
 internal/pathspec/match.go                    |  62 +++
 internal/pathspec/match_test.go               |  22 +
 internal/precommit_cache/helpers.go           | 134 ++++++
 internal/pushsync/batch_sync.go               | 155 +++++-
 internal/pushsync/batch_sync_test.go          | 449 ++++++++++++++++++
 internal/pushsync/progress.go                 |  34 ++
 internal/pushsync/register.go                 |  87 +++-
 internal/pushsync/register_test.go            |  53 ++-
 internal/testutils/config.go                  |   6 +
 tests/README.md                               |   2 +-
 tests/coverage-test.sh                        |   4 +-
 tests/e2e-gen3-remote-addurl.sh               |  22 +-
 tests/e2e-gen3-remote-full.sh                 |  12 +-
 .../docker_syfon_e2e_assertions_test.go       |  46 +-
 .../docker_syfon_e2e_helpers_test.go          |   5 +-
 .../docker_syfon/docker_syfon_e2e_test.go     |  11 +
 tests/monorepos/e2e-monorepo-remote.sh        |  32 +-
 tests/monorepos/run-test.sh                   |   4 +-
 91 files changed, 5956 insertions(+), 1233 deletions(-)
 create mode 100644 cmd/copyrecords/main.go
 create mode 100644 cmd/copyrecords/main_test.go
 delete mode 100644 cmd/download/main.go
 delete mode 100644 cmd/fetch/fetch_test.go
 delete mode 100644 cmd/fetch/main.go
 delete mode 100644 cmd/list/main.go
 create mode 100644 cmd/ping/main.go
 create mode 100644 cmd/ping/main_test.go
 create mode 100644 cmd/prepush/io_helpers.go
 create mode 100644 cmd/prepush/pushed_refs.go
 create mode 100644 cmd/push/main_test.go
 create mode 100644 cmd/push/progress.go
 create mode 100644 cmd/push/progress_test.go
 create mode 100644 cmd/remote/remove.go
 create mode 100644 cmd/rm/main.go
 create mode 100644 cmd/rm/main_test.go
 delete mode 100644 cmd/upload/main.go
 rename docs/{ => TODO}/architecture-drs-endpoints-and-transfer-concurrency.md (98%)
 create mode 100644 docs/TODO/git-drs-rm-semantics.md
 create mode 100644 docs/drs-uri-canonical-identity.md
 create mode 100644 docs/ga4gh-drs-scalability-gaps.md
 create mode 100644 internal/drsdelete/git_history.go
 create mode 100644 internal/drsdelete/live_refs.go
 create mode 100644 internal/drsdelete/reconcile.go
 create mode 100644 internal/drsdelete/reconcile_test.go
 create mode 100644 internal/drsdelete/test_helpers_test.go
 delete mode 100644 internal/lfs/sentinel.go
 delete mode 100644 internal/lfs/sentinel_test.go
 create mode 100644 internal/pathspec/match.go
 create mode 100644 internal/pathspec/match_test.go
 create mode 100644 internal/pushsync/batch_sync_test.go
 create mode 100644 internal/pushsync/progress.go

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index de23db13..76e94efc 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -4,7 +4,6 @@ on:
   push:
     branches: [ main, master, develop ]
   pull_request:
-    branches: [ main, master, develop ]
   workflow_dispatch:
 
 concurrency:
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
index 4069d45f..6557835b 100644
--- a/.github/workflows/pr-checks.yaml
+++ b/.github/workflows/pr-checks.yaml
@@ -2,7 +2,6 @@ name: PR Checks
 
 on:
   pull_request:
-    branches: [ main, master, develop ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
diff --git a/.github/workflows/syfon-backend-e2e.yaml b/.github/workflows/syfon-backend-e2e.yaml
index 62bb839b..cfc4474d 100644
--- a/.github/workflows/syfon-backend-e2e.yaml
+++ b/.github/workflows/syfon-backend-e2e.yaml
@@ -2,7 +2,6 @@ name: Syfon Backend E2E
 
 on:
   pull_request:
-    branches: [ main, master, develop ]
   workflow_dispatch:
 
 concurrency:
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 82d0ec2c..38b2fc29 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -4,7 +4,6 @@ on:
   push:
     branches: [ main, master, develop ]
   pull_request:
-    branches: [ main, master, develop ]
   workflow_dispatch:
 
 concurrency:
diff --git a/README.md b/README.md
index 81ea2f6c..48dc57d9 100644
--- a/README.md
+++ b/README.md
@@ -30,23 +30,23 @@
 
 At a high level:
 
-1. initialize the repository with `git drs init`
-2. configure a remote for one `organization/project`
+1. configure a remote for one `organization/project`
+2. let `remote add` bootstrap repo-local `git-drs` state if needed
 3. track file patterns with `git drs track`
 4. add/commit/push normally
+5. remove tracked pointers with `git drs rm` when you want repository deletion to reconcile with remote DRS state
 5. hydrate pointer files later with `git drs pull`
 
 ## Quick Start
 
 ```bash
 git drs install
-git drs init
 git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
 git drs track "*.bam"
 git add .gitattributes
 git add sample.bam
 git commit -m "Add sample"
-git push
+git drs push
 git drs ls-files
 git drs pull -I "*.bam"
 ```
@@ -81,15 +81,17 @@ Push and pull depend on server-side bucket mapping for the requested scope. That
 | Command | Description |
 | --- | --- |
 | `git drs install` | Install global `git-drs` filter config |
-| `git drs init` | Initialize repository-local `git-drs` state |
+| `git drs init` | Explicitly initialize or repair repository-local `git-drs` state |
 | `git drs remote add gen3 [remote] <org/project>` | Add or refresh a Gen3/Syfon remote |
 | `git drs remote list` | List configured remotes |
+| `git drs remote remove <name>` | Remove a configured DRS remote |
 | `git drs remote set <name>` | Set the default remote |
 | `git drs track <pattern>` | Track files or globs |
 | `git drs untrack <pattern>` | Stop tracking files or globs |
+| `git drs rm <path>...` | Remove tracked DRS/LFS files from Git |
 | `git drs ls-files` | List tracked files and localization state |
 | `git drs pull` | Hydrate pointer files in the current checkout |
-| `git drs push` | Register/upload objects and push metadata workflow |
+| `git drs push` | Register/upload objects, reconcile committed deletes, and push refs |
 | `git drs add-url` | Add an existing provider object by URL or scoped key |
 | `git drs add-ref` | Add a local reference to an existing DRS object |
 | `git drs query` | Query a DRS object by ID |
diff --git a/cmd/addurl/main_test.go b/cmd/addurl/main_test.go
index 26a6456a..060dea16 100644
--- a/cmd/addurl/main_test.go
+++ b/cmd/addurl/main_test.go
@@ -19,7 +19,6 @@ import (
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drsobject"
 	"github.com/calypr/git-drs/internal/gitrepo"
-	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/calypr/git-drs/internal/precommit_cache"
 	sycloud "github.com/calypr/syfon/client/cloud"
 )
@@ -100,9 +99,9 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 		t.Fatalf("service.Run error: %v", err)
 	}
 
-	oid, err := lfs.SyntheticOIDFromETag("abcd1234")
+	oid, err := placeholderOIDForUnknownSHA("abcd1234", "s3://bucket/path/to/file.bin")
 	if err != nil {
-		t.Fatalf("SyntheticOIDFromETag: %v", err)
+		t.Fatalf("placeholderOIDForUnknownSHA: %v", err)
 	}
 
 	pointerPath := filepath.Join(tempDir, "path/to/file.bin")
@@ -120,15 +119,8 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 	}
 
 	lfsObject := filepath.Join(lfsRoot, "objects", oid[0:2], oid[2:4], oid)
-	if _, err := os.Stat(lfsObject); err != nil {
-		t.Fatalf("expected LFS object at %s: %v", lfsObject, err)
-	}
-	sentinel, err := os.ReadFile(lfsObject)
-	if err != nil {
-		t.Fatalf("read sentinel: %v", err)
-	}
-	if !lfs.IsAddURLSentinelBytes(sentinel) {
-		t.Fatalf("expected add-url sentinel payload, got: %q", string(sentinel))
+	if _, err := os.Stat(lfsObject); !os.IsNotExist(err) {
+		t.Fatalf("expected no local LFS object payload at %s, got err=%v", lfsObject, err)
 	}
 
 	drsObject, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid)
@@ -143,6 +135,26 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 	}
 }
 
+func TestPlaceholderOIDForUnknownSHA(t *testing.T) {
+	oid1, err := placeholderOIDForUnknownSHA("etag-abc", "s3://bucket/key")
+	if err != nil {
+		t.Fatalf("placeholderOIDForUnknownSHA: %v", err)
+	}
+	oid2, err := placeholderOIDForUnknownSHA(`"etag-abc"`, "s3://bucket/key")
+	if err != nil {
+		t.Fatalf("placeholderOIDForUnknownSHA quoted: %v", err)
+	}
+	if oid1 != oid2 {
+		t.Fatalf("expected trimmed etag handling to be stable: %s vs %s", oid1, oid2)
+	}
+	if len(oid1) != 64 {
+		t.Fatalf("expected 64-char oid, got %q", oid1)
+	}
+	if _, err := placeholderOIDForUnknownSHA("", "s3://bucket/key"); err == nil {
+		t.Fatal("expected empty etag error")
+	}
+}
+
 func TestParseAddURLInput_DoesNotRequireAWSFlags(t *testing.T) {
 	cmd := NewCommand()
 	in, err := parseAddURLInput(cmd, []string{"gs://bucket/path/to/file.bin"})
diff --git a/cmd/addurl/service.go b/cmd/addurl/service.go
index 79ad6195..e50ca8c1 100644
--- a/cmd/addurl/service.go
+++ b/cmd/addurl/service.go
@@ -2,9 +2,10 @@ package addurl
 
 import (
 	"context"
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
-	"os"
+	"strings"
 
 	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
@@ -186,26 +187,29 @@ func writeAddURLDrsObject(builder drsobject.Builder, file addURLDrsFile, objectP
 	return drsObj, nil
 }
 
-// ensureLFSObject ensures the LFS object identified by objectInfo exists in the
-// repository's LFS storage. If SHA256 is provided, it is trusted and returned.
-// Otherwise we create a sentinel object and synthetic OID derived from ETag,
-// deferring true checksum validation to first real data use.
+// ensureLFSObject returns the LFS pointer OID to use for the add-url target.
+// If SHA256 is provided, it is trusted and returned. Otherwise we derive a
+// deterministic placeholder OID from provider identity without writing any
+// local LFS object payload.
 func (s *AddURLService) ensureLFSObject(ctx context.Context, objectInfo *sycloud.ObjectInfo, input addURLInput, lfsRoot string) (string, error) {
 	_ = ctx
+	_ = lfsRoot
 	if input.sha256 != "" {
 		return input.sha256, nil
 	}
 
-	oid, err := lfs.SyntheticOIDFromETag(objectInfo.ETag)
-	if err != nil {
-		return "", err
-	}
-	objPath, err := lfs.WriteAddURLSentinelObject(lfsRoot, oid, objectInfo.ETag, input.objectURL)
-	if err != nil {
-		return "", err
+	return placeholderOIDForUnknownSHA(objectInfo.ETag, input.objectURL)
+}
+
+func placeholderOIDForUnknownSHA(etag string, sourceURL string) (string, error) {
+	e := strings.TrimSpace(strings.Trim(etag, `"`))
+	src := strings.TrimSpace(sourceURL)
+	if e == "" {
+		return "", fmt.Errorf("etag is required for placeholder oid")
 	}
-	if _, err := fmt.Fprintf(os.Stderr, "Added add-url sentinel object at %s\n", objPath); err != nil {
-		return "", fmt.Errorf("stderr write: %w", err)
+	if src == "" {
+		return "", fmt.Errorf("source URL is required for placeholder oid")
 	}
-	return oid, nil
+	sum := sha256.Sum256([]byte("git-drs-add-url-placeholder:v2\netag=" + e + "\nsource=" + src + "\n"))
+	return fmt.Sprintf("%x", sum[:]), nil
 }
diff --git a/cmd/copyrecords/main.go b/cmd/copyrecords/main.go
new file mode 100644
index 00000000..c494190c
--- /dev/null
+++ b/cmd/copyrecords/main.go
@@ -0,0 +1,350 @@
+package copyrecords
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log/slog"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+	syservices "github.com/calypr/syfon/client/services"
+	"github.com/spf13/cobra"
+)
+
+var (
+	batchSize int
+)
+
+type copyStats struct {
+	SourceSeen int
+	Created    int
+	Updated    int
+	Unchanged  int
+	Written    int
+}
+
+type indexAPI interface {
+	List(ctx context.Context, opts syservices.ListRecordsOptions) (internalapi.ListRecordsResponse, error)
+	BulkDocuments(ctx context.Context, dids []string) ([]internalapi.InternalRecordResponse, error)
+	CreateBulk(ctx context.Context, req internalapi.BulkCreateRequest) (internalapi.ListRecordsResponse, error)
+}
+
+var Cmd = &cobra.Command{
+	Use:   "copy-records [source-remote] <target-remote> <organization/project>",
+	Short: "Copy Syfon records between remotes for one organization/project scope",
+	Long:  "Read all Syfon records for a source organization/project scope and bulk load them into a target Syfon instance, only merging controlled_access and access_methods for records that already exist on the target.",
+	Args:  cobra.RangeArgs(2, 3),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		logger := drslog.GetLogger()
+		cfg, err := config.LoadConfig()
+		if err != nil {
+			return fmt.Errorf("error loading config: %w", err)
+		}
+
+		sourceRemote := ""
+		targetRemote := ""
+		scopeArg := ""
+		if len(args) == 2 {
+			targetRemote = args[0]
+			scopeArg = args[1]
+		} else {
+			sourceRemote = args[0]
+			targetRemote = args[1]
+			scopeArg = args[2]
+		}
+
+		srcRemoteName, err := cfg.GetRemoteOrDefault(sourceRemote)
+		if err != nil {
+			return fmt.Errorf("error resolving source remote: %w", err)
+		}
+		if strings.TrimSpace(targetRemote) == "" {
+			return fmt.Errorf("target remote is required")
+		}
+		dstRemoteName := config.Remote(targetRemote)
+		if srcRemoteName == dstRemoteName {
+			return fmt.Errorf("source and target remotes must be different")
+		}
+
+		srcCfg := cfg.GetRemote(srcRemoteName)
+		if srcCfg == nil {
+			return fmt.Errorf("source remote %q not found", srcRemoteName)
+		}
+
+		org, proj, err := parseScopeArg(scopeArg)
+		if err != nil {
+			return err
+		}
+
+		srcCtx, err := cfg.GetRemoteClient(srcRemoteName, logger)
+		if err != nil {
+			return fmt.Errorf("error creating source client: %w", err)
+		}
+		dstCtx, err := cfg.GetRemoteClient(dstRemoteName, logger)
+		if err != nil {
+			return fmt.Errorf("error creating target client: %w", err)
+		}
+
+		stats, err := copyProjectRecords(cmd.Context(), logger, srcCtx.Client.Index(), dstCtx.Client.Index(), org, proj, batchSize)
+		if err != nil {
+			return err
+		}
+
+		logger.Info("copy-records complete",
+			"source_remote", srcRemoteName,
+			"target_remote", dstRemoteName,
+			"organization", org,
+			"project", proj,
+			"source_seen", stats.SourceSeen,
+			"created", stats.Created,
+			"updated", stats.Updated,
+			"unchanged", stats.Unchanged,
+			"written", stats.Written,
+		)
+		return nil
+	},
+}
+
+func init() {
+	Cmd.Flags().IntVar(&batchSize, "batch-size", 250, "records per source page and target bulk write")
+}
+
+func parseScopeArg(raw string) (string, string, error) {
+	raw = strings.TrimSpace(raw)
+	if raw == "" {
+		return "", "", fmt.Errorf("scope is required and must be in organization/project form")
+	}
+	parts := strings.Split(raw, "/")
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	org := strings.TrimSpace(parts[0])
+	project := strings.TrimSpace(parts[1])
+	if org == "" || project == "" {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	return org, project, nil
+}
+
+func copyProjectRecords(ctx context.Context, logger *slog.Logger, src indexAPI, dst indexAPI, org, project string, batchSize int) (copyStats, error) {
+	if batchSize <= 0 {
+		batchSize = 250
+	}
+
+	stats := copyStats{}
+	page := 1
+	for {
+		listResp, err := src.List(ctx, syservices.ListRecordsOptions{
+			Organization: org,
+			ProjectID:    project,
+			Limit:        batchSize,
+			Page:         page,
+		})
+		if err != nil {
+			return stats, fmt.Errorf("source list failed for %s/%s page %d: %w", org, project, page, err)
+		}
+		records := []internalapi.InternalRecord{}
+		if listResp.Records != nil {
+			records = *listResp.Records
+		}
+		if len(records) == 0 {
+			break
+		}
+		stats.SourceSeen += len(records)
+
+		toWrite, batchStats, err := buildMergedBatch(ctx, dst, records)
+		if err != nil {
+			return stats, err
+		}
+		stats.Created += batchStats.Created
+		stats.Updated += batchStats.Updated
+		stats.Unchanged += batchStats.Unchanged
+
+		if len(toWrite) > 0 {
+			resp, err := dst.CreateBulk(ctx, internalapi.BulkCreateRequest{Records: toWrite})
+			if err != nil {
+				return stats, fmt.Errorf("target bulk create failed on page %d: %w", page, err)
+			}
+			if resp.Records != nil {
+				stats.Written += len(*resp.Records)
+			} else {
+				stats.Written += len(toWrite)
+			}
+		}
+
+		if logger != nil {
+			logger.Info("copy-records batch complete",
+				"organization", org,
+				"project", project,
+				"page", page,
+				"source_records", len(records),
+				"created", batchStats.Created,
+				"updated", batchStats.Updated,
+				"unchanged", batchStats.Unchanged,
+				"written", len(toWrite),
+			)
+		}
+
+		if len(records) < batchSize {
+			break
+		}
+		page++
+	}
+
+	return stats, nil
+}
+
+func buildMergedBatch(ctx context.Context, dst indexAPI, source []internalapi.InternalRecord) ([]internalapi.InternalRecord, copyStats, error) {
+	stats := copyStats{}
+	if len(source) == 0 {
+		return nil, stats, nil
+	}
+
+	dids := make([]string, 0, len(source))
+	for _, rec := range source {
+		did := strings.TrimSpace(rec.Did)
+		if did == "" {
+			continue
+		}
+		dids = append(dids, did)
+	}
+
+	existing, err := dst.BulkDocuments(ctx, dids)
+	if err != nil {
+		return nil, stats, fmt.Errorf("target bulk documents failed: %w", err)
+	}
+	existingByDID := make(map[string]internalapi.InternalRecord, len(existing))
+	for _, rec := range existing {
+		existingByDID[strings.TrimSpace(rec.Did)] = recordResponseToRecord(rec)
+	}
+
+	out := make([]internalapi.InternalRecord, 0, len(source))
+	for _, src := range source {
+		did := strings.TrimSpace(src.Did)
+		if did == "" {
+			continue
+		}
+		if dstRec, ok := existingByDID[did]; ok {
+			merged, changed := mergeExistingRecord(dstRec, src)
+			if changed {
+				out = append(out, merged)
+				stats.Updated++
+			} else {
+				stats.Unchanged++
+			}
+			continue
+		}
+		out = append(out, src)
+		stats.Created++
+	}
+
+	return out, stats, nil
+}
+
+func mergeExistingRecord(dst, src internalapi.InternalRecord) (internalapi.InternalRecord, bool) {
+	merged := dst
+	changed := false
+
+	controlledAccess := mergeStringLists(dst.ControlledAccess, src.ControlledAccess)
+	if !equalStringPointers(merged.ControlledAccess, controlledAccess) {
+		merged.ControlledAccess = controlledAccess
+		changed = true
+	}
+
+	accessMethods := mergeAccessMethods(dst.AccessMethods, src.AccessMethods)
+	if !equalAccessMethodPointers(merged.AccessMethods, accessMethods) {
+		merged.AccessMethods = accessMethods
+		changed = true
+	}
+
+	return merged, changed
+}
+
+func recordResponseToRecord(in internalapi.InternalRecordResponse) internalapi.InternalRecord {
+	return internalapi.InternalRecord{
+		Did:              in.Did,
+		AccessMethods:    in.AccessMethods,
+		ControlledAccess: in.ControlledAccess,
+		CreatedTime:      in.CreatedTime,
+		Description:      in.Description,
+		FileName:         in.FileName,
+		Hashes:           in.Hashes,
+		Organization:     in.Organization,
+		Project:          in.Project,
+		Size:             in.Size,
+		UpdatedTime:      in.UpdatedTime,
+		Version:          in.Version,
+	}
+}
+
+func mergeStringLists(left, right *[]string) *[]string {
+	seen := map[string]struct{}{}
+	out := make([]string, 0)
+	for _, list := range []*[]string{left, right} {
+		if list == nil {
+			continue
+		}
+		for _, raw := range *list {
+			val := strings.TrimSpace(raw)
+			if val == "" {
+				continue
+			}
+			if _, ok := seen[val]; ok {
+				continue
+			}
+			seen[val] = struct{}{}
+			out = append(out, val)
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return &out
+}
+
+func mergeAccessMethods(left, right *[]drsapi.AccessMethod) *[]drsapi.AccessMethod {
+	seen := map[string]struct{}{}
+	out := make([]drsapi.AccessMethod, 0)
+	for _, list := range []*[]drsapi.AccessMethod{left, right} {
+		if list == nil {
+			continue
+		}
+		for _, method := range *list {
+			key := canonicalAccessMethod(method)
+			if _, ok := seen[key]; ok {
+				continue
+			}
+			seen[key] = struct{}{}
+			out = append(out, method)
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return &out
+}
+
+func canonicalAccessMethod(method drsapi.AccessMethod) string {
+	b, err := json.Marshal(method)
+	if err != nil {
+		return fmt.Sprintf("%s|%v", method.Type, method.AccessId)
+	}
+	return string(b)
+}
+
+func equalStringPointers(a, b *[]string) bool {
+	return equalJSON(a, b)
+}
+
+func equalAccessMethodPointers(a, b *[]drsapi.AccessMethod) bool {
+	return equalJSON(a, b)
+}
+
+func equalJSON(a, b any) bool {
+	ab, _ := json.Marshal(a)
+	bb, _ := json.Marshal(b)
+	return string(ab) == string(bb)
+}
diff --git a/cmd/copyrecords/main_test.go b/cmd/copyrecords/main_test.go
new file mode 100644
index 00000000..6e1e4528
--- /dev/null
+++ b/cmd/copyrecords/main_test.go
@@ -0,0 +1,139 @@
+package copyrecords
+
+import (
+	"context"
+	"testing"
+
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+	syservices "github.com/calypr/syfon/client/services"
+)
+
+type fakeIndexAPI struct {
+	listResp      internalapi.ListRecordsResponse
+	bulkDocsResp  []internalapi.InternalRecordResponse
+	createBulkReq []internalapi.BulkCreateRequest
+}
+
+func (f *fakeIndexAPI) List(ctx context.Context, opts syservices.ListRecordsOptions) (internalapi.ListRecordsResponse, error) {
+	return f.listResp, nil
+}
+
+func (f *fakeIndexAPI) BulkDocuments(ctx context.Context, dids []string) ([]internalapi.InternalRecordResponse, error) {
+	return f.bulkDocsResp, nil
+}
+
+func (f *fakeIndexAPI) CreateBulk(ctx context.Context, req internalapi.BulkCreateRequest) (internalapi.ListRecordsResponse, error) {
+	f.createBulkReq = append(f.createBulkReq, req)
+	return internalapi.ListRecordsResponse{Records: &req.Records}, nil
+}
+
+func TestMergeExistingRecord_UnionsControlledAccessAndAccessMethodsOnly(t *testing.T) {
+	dstName := "target.bin"
+	srcName := "source.bin"
+	desc := "keep target description"
+	leftCA := []string{"/organization/A/project/P1"}
+	rightCA := []string{"/organization/A/project/P1", "/organization/A/project/P2"}
+	leftMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "s3://bucket/one"},
+	}}
+	rightMethods := []drsapi.AccessMethod{
+		leftMethods[0],
+		{
+			Type: drsapi.AccessMethodTypeHttps,
+			AccessUrl: &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: "https://example.org/two"},
+		},
+	}
+
+	merged, changed := mergeExistingRecord(
+		internalapi.InternalRecord{
+			Did:              "did-1",
+			FileName:         &dstName,
+			Description:      &desc,
+			ControlledAccess: &leftCA,
+			AccessMethods:    &leftMethods,
+		},
+		internalapi.InternalRecord{
+			Did:              "did-1",
+			FileName:         &srcName,
+			ControlledAccess: &rightCA,
+			AccessMethods:    &rightMethods,
+		},
+	)
+
+	if !changed {
+		t.Fatalf("expected merge to report a change")
+	}
+	if merged.FileName == nil || *merged.FileName != dstName {
+		t.Fatalf("expected target metadata to be preserved, got %+v", merged.FileName)
+	}
+	if merged.Description == nil || *merged.Description != desc {
+		t.Fatalf("expected target description to be preserved")
+	}
+	if merged.ControlledAccess == nil || len(*merged.ControlledAccess) != 2 {
+		t.Fatalf("expected merged controlled access union, got %+v", merged.ControlledAccess)
+	}
+	if merged.AccessMethods == nil || len(*merged.AccessMethods) != 2 {
+		t.Fatalf("expected merged access method union, got %+v", merged.AccessMethods)
+	}
+}
+
+func TestBuildMergedBatch_CreatesNewAndUpdatesExisting(t *testing.T) {
+	srcCA := []string{"/organization/A/project/P1"}
+	newCA := []string{"/organization/A/project/P2"}
+	srcMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "s3://bucket/a"},
+	}}
+	newMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeHttps,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "https://example.org/b"},
+	}}
+
+	target := &fakeIndexAPI{
+		bulkDocsResp: []internalapi.InternalRecordResponse{
+			{
+				Did:              "did-existing",
+				ControlledAccess: &srcCA,
+				AccessMethods:    &srcMethods,
+			},
+		},
+	}
+
+	source := []internalapi.InternalRecord{
+		{
+			Did:              "did-existing",
+			ControlledAccess: &newCA,
+			AccessMethods:    &newMethods,
+		},
+		{
+			Did:              "did-new",
+			ControlledAccess: &srcCA,
+			AccessMethods:    &srcMethods,
+		},
+	}
+
+	out, stats, err := buildMergedBatch(context.Background(), target, source)
+	if err != nil {
+		t.Fatalf("buildMergedBatch error: %v", err)
+	}
+	if len(out) != 2 {
+		t.Fatalf("expected 2 output records, got %d", len(out))
+	}
+	if stats.Created != 1 || stats.Updated != 1 || stats.Unchanged != 0 {
+		t.Fatalf("unexpected stats: %+v", stats)
+	}
+}
diff --git a/cmd/download/main.go b/cmd/download/main.go
deleted file mode 100644
index 599cd2e0..00000000
--- a/cmd/download/main.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package download
-
-import (
-	"context"
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	sydownload "github.com/calypr/syfon/client/transfer/download"
-	"github.com/spf13/cobra"
-)
-
-var remote string
-var outdir string
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "download <DRS ID>",
-	Short: "Download a file from a DRS server",
-	Long:  "Download a file from a DRS server, without creating an LFS pointer",
-	Args:  cobra.MinimumNArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		logger := drslog.GetLogger()
-
-		config, err := config.LoadConfig()
-		if err != nil {
-			return err
-		}
-
-		remoteName, err := config.GetRemoteOrDefault(remote)
-		if err != nil {
-			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-			return err
-		}
-
-		client, err := config.GetRemoteClient(remoteName, logger)
-		if err != nil {
-			return err
-		}
-		for _, src := range args {
-			obj, err := client.Client.DRS().GetObject(context.Background(), src)
-			if err != nil {
-				logger.Error(fmt.Sprintf("Error downloading object %s: %v", src, err))
-			} else {
-				common.PrintDRSObject(obj, false)
-				dstName := src
-				if obj.Name != nil && *obj.Name != "" {
-					dstName = filepath.Base(*obj.Name)
-				}
-				dstPath := filepath.Join(outdir, dstName)
-				logger.Info(fmt.Sprintf("Downloading object %s to path %s", src, dstPath))
-				accessURL, err := resolveAccessURL(cmd.Context(), client, obj)
-				if err != nil {
-					logger.Error(fmt.Sprintf("Error resolving access URL for object %s: %v", src, err))
-					continue
-				}
-				if err := drsremote.DownloadResolvedToPath(cmd.Context(), client, obj.Id, dstPath, &obj, accessURL, sydownload.DownloadOptions{
-					MultipartThreshold: 5 * 1024 * 1024,
-					Concurrency:        2,
-					ChunkSize:          64 * 1024 * 1024,
-				}); err != nil {
-					logger.Error(fmt.Sprintf("Error downloading object %s to path %s: %v", src, dstPath, err))
-				} else {
-					logger.Info(fmt.Sprintf("Successfully downloaded object %s to path %s", src, dstPath))
-				}
-			}
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-	Cmd.Flags().StringVarP(&outdir, "outdir", "o", ".", "output directory for downloaded files")
-}
-
-func resolveAccessURL(ctx context.Context, remote *config.GitContext, obj drsapi.DrsObject) (*drsapi.AccessURL, error) {
-	if remote == nil || remote.Client == nil {
-		return nil, fmt.Errorf("DRS client unavailable")
-	}
-	if obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 {
-		return nil, fmt.Errorf("no access methods available for DRS object %s", obj.Id)
-	}
-	accessType := strings.TrimSpace(string((*obj.AccessMethods)[0].Type))
-	if accessType == "" {
-		return nil, fmt.Errorf("no access type found in access method for DRS object %s", obj.Id)
-	}
-	accessURL, err := remote.Client.DRS().GetAccessURL(ctx, obj.Id, accessType)
-	if err != nil {
-		return nil, err
-	}
-	return &accessURL, nil
-}
diff --git a/cmd/fetch/fetch_test.go b/cmd/fetch/fetch_test.go
deleted file mode 100644
index 37766718..00000000
--- a/cmd/fetch/fetch_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package fetch
-
-import (
-	"testing"
-
-	"github.com/calypr/git-drs/internal/testutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFetchCmdArgs(t *testing.T) {
-	// Test with no arguments (valid)
-	err := Cmd.Args(Cmd, []string{})
-	assert.NoError(t, err)
-
-	// Test with 1 argument (valid)
-	err = Cmd.Args(Cmd, []string{"origin"})
-	assert.NoError(t, err)
-
-	// Test with multiple arguments (invalid)
-	err = Cmd.Args(Cmd, []string{"origin", "extra"})
-	assert.Error(t, err)
-}
-
-func TestFetchRun_Error(t *testing.T) {
-	_ = testutils.SetupTestGitRepo(t)
-	// No config, should error
-	err := Cmd.RunE(Cmd, []string{})
-	assert.Error(t, err)
-}
-
-func TestFetchRun_InvalidRemote(t *testing.T) {
-	tmpDir := testutils.SetupTestGitRepo(t)
-	testutils.CreateDefaultTestConfig(t, tmpDir)
-	// Fetch from non-existent remote
-	err := Cmd.RunE(Cmd, []string{"no-remote"})
-	assert.Error(t, err)
-}
diff --git a/cmd/fetch/main.go b/cmd/fetch/main.go
deleted file mode 100644
index 0acf089a..00000000
--- a/cmd/fetch/main.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package fetch
-
-import (
-	"fmt"
-	"os/exec"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/spf13/cobra"
-)
-
-var runCommand = func(name string, args ...string) ([]byte, error) {
-	cmd := exec.Command(name, args...)
-	return cmd.CombinedOutput()
-}
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "fetch [remote-name]",
-	Short: "Fetch LFS objects from remote via standard git-lfs",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 1 {
-			cmd.SilenceUsage = false
-			return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs fetch --help' for more details", len(args), cmd.UseLine())
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		logger := drslog.GetLogger()
-
-		cfg, err := config.LoadConfig()
-		if err != nil {
-			return fmt.Errorf("error loading config: %v", err)
-		}
-
-		var remote config.Remote
-		if len(args) > 0 {
-			remote = config.Remote(args[0])
-		} else {
-			remote, err = cfg.GetDefaultRemote()
-			if err != nil {
-				logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-				return err
-			}
-		}
-
-		drsClient, err := cfg.GetRemoteClient(remote, logger)
-		if err != nil {
-			logger.Error(fmt.Sprintf("\nerror creating DRS client: %s", err))
-			return err
-		}
-		_ = drsClient // Remote validation only.
-
-		out, err := runCommand("git", "lfs", "pull", string(remote))
-		if err != nil {
-			msg := strings.TrimSpace(string(out))
-			if msg == "" {
-				msg = err.Error()
-			}
-			return fmt.Errorf("git lfs pull failed for remote %q: %s", remote, msg)
-		}
-
-		return nil
-	},
-}
diff --git a/cmd/initialize/main.go b/cmd/initialize/main.go
index 95fcdf65..26a0738b 100644
--- a/cmd/initialize/main.go
+++ b/cmd/initialize/main.go
@@ -39,57 +39,123 @@ var Cmd = &cobra.Command{
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
-
-		// check if .git dir exists to ensure you're in a git repository
-		_, err := gitrepo.GitTopLevel()
-		if err != nil {
-			return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+		if err := InitializeRepo(logg); err != nil {
+			return err
 		}
+		logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
+		return nil
+	},
+}
 
-		// create config file if it doesn't exist
-		err = config.CreateEmptyConfig()
-		if err != nil {
-			return fmt.Errorf("error: unable to create config file: %v", err)
-		}
+// InitializeRepo applies git-drs repository-local setup to the current git repository.
+// It is safe to call repeatedly.
+func InitializeRepo(logg *slog.Logger) error {
+	// check if .git dir exists to ensure you're in a git repository
+	_, err := gitrepo.GitTopLevel()
+	if err != nil {
+		return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+	}
 
-		// load the config
-		_, err = config.LoadConfig()
-		if err != nil {
-			logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
-			return fmt.Errorf("error: unable to load config file: %v", err)
-		}
+	// create config file if it doesn't exist
+	err = config.CreateEmptyConfig()
+	if err != nil {
+		return fmt.Errorf("error: unable to create config file: %v", err)
+	}
 
-		// create drs directories
-		drsDir := common.DRS_DIR
-		drsLfsObjsDir := common.DRS_OBJS_PATH
-		if err := os.MkdirAll(drsDir, 0755); err != nil {
-			return fmt.Errorf("error: unable to create drs directory: %v", err)
-		}
-		if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil {
-			return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
-		}
+	// load the config
+	_, err = config.LoadConfig()
+	if err != nil {
+		logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
+		return fmt.Errorf("error: unable to load config file: %v", err)
+	}
 
-		err = initGitConfig()
-		if err != nil {
-			return fmt.Errorf("error initializing git-drs repository config: %v", err)
-		}
+	// create drs directories
+	drsDir := common.DRS_DIR
+	drsLfsObjsDir := common.DRS_OBJS_PATH
+	if err := os.MkdirAll(drsDir, 0755); err != nil {
+		return fmt.Errorf("error: unable to create drs directory: %v", err)
+	}
+	if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil {
+		return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
+	}
 
-		// install pre-push hook
-		err = installPrePushHook(logg)
-		if err != nil {
-			return fmt.Errorf("error installing pre-push hook: %v", err)
-		}
-		// install pre-commit hook
-		err = installPreCommitHook(logg)
-		if err != nil {
-			return fmt.Errorf("error installing pre-commit hook: %v", err)
-		}
+	err = initGitConfig()
+	if err != nil {
+		return fmt.Errorf("error initializing git-drs repository config: %v", err)
+	}
 
-		// final logs
-		logg.Debug("Git DRS initialized")
-		logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
+	// install pre-push hook
+	err = installPrePushHook(logg)
+	if err != nil {
+		return fmt.Errorf("error installing pre-push hook: %v", err)
+	}
+	// install pre-commit hook
+	err = installPreCommitHook(logg)
+	if err != nil {
+		return fmt.Errorf("error installing pre-commit hook: %v", err)
+	}
+
+	logg.Debug("Git DRS initialized")
+	return nil
+}
+
+// EnsureInitialized applies initialization only when the repository does not
+// already appear to have git-drs local setup installed.
+func EnsureInitialized(logg *slog.Logger) error {
+	initialized, err := isInitialized()
+	if err != nil {
+		return err
+	}
+	if initialized {
 		return nil
-	},
+	}
+	return InitializeRepo(logg)
+}
+
+func isInitialized() (bool, error) {
+	if _, err := gitrepo.GitTopLevel(); err != nil {
+		return false, fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+	}
+
+	if _, err := os.Stat(common.DRS_DIR); err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, fmt.Errorf("error checking git-drs directory: %v", err)
+	}
+
+	if val, err := gitrepo.GetGitConfigString("filter.drs.process"); err != nil || strings.TrimSpace(val) != "git-drs filter" {
+		return false, err
+	}
+
+	preCommitInstalled, err := hookContains("pre-commit", "git drs precommit")
+	if err != nil {
+		return false, err
+	}
+	if !preCommitInstalled {
+		return false, nil
+	}
+
+	prePushInstalled, err := hookContains("pre-push", "git drs pre-push-prepare")
+	if err != nil {
+		return false, err
+	}
+	return prePushInstalled, nil
+}
+
+func hookContains(name, marker string) (bool, error) {
+	hooksDir, err := gitrepo.GetGitHooksDir()
+	if err != nil {
+		return false, fmt.Errorf("unable to get hooks directory: %w", err)
+	}
+	content, err := os.ReadFile(filepath.Join(hooksDir, name))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	return strings.Contains(string(content), marker), nil
 }
 
 func initGitConfig() error {
diff --git a/cmd/initialize/main_test.go b/cmd/initialize/main_test.go
index 1126a2dd..04b02369 100644
--- a/cmd/initialize/main_test.go
+++ b/cmd/initialize/main_test.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/testutils"
@@ -106,3 +107,26 @@ func TestInitConfigValues(t *testing.T) {
 	check("lfs.concurrenttransfers", "8")
 	check("lfs.allowincompletepush", "false")
 }
+
+func TestEnsureInitialized(t *testing.T) {
+	testutils.SetupTestGitRepo(t)
+	logger := drslog.NewNoOpLogger()
+
+	if err := EnsureInitialized(logger); err != nil {
+		t.Fatalf("EnsureInitialized error: %v", err)
+	}
+	if err := EnsureInitialized(logger); err != nil {
+		t.Fatalf("EnsureInitialized second call error: %v", err)
+	}
+
+	if _, err := os.Stat(common.DRS_DIR); err != nil {
+		t.Fatalf("expected %s to exist: %v", common.DRS_DIR, err)
+	}
+	filterProcess, err := gitrepo.GetGitConfigString("filter.drs.process")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.process): %v", err)
+	}
+	if filterProcess != "git-drs filter" {
+		t.Fatalf("unexpected filter.drs.process: %q", filterProcess)
+	}
+}
diff --git a/cmd/list/main.go b/cmd/list/main.go
deleted file mode 100644
index dfcf7a7c..00000000
--- a/cmd/list/main.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package list
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/spf13/cobra"
-)
-
-var remote string
-var pretty = false
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "list",
-	Short: "List DRS objects in a DRS server",
-	Long:  "List DRS objects in a DRS server",
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		logger := drslog.GetLogger()
-
-		config, err := config.LoadConfig()
-		if err != nil {
-			return err
-		}
-
-		remoteName, err := config.GetRemoteOrDefault(remote)
-		if err != nil {
-			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-			return err
-		}
-
-		client, err := config.GetRemoteClient(remoteName, logger)
-		if err != nil {
-			return err
-		}
-
-		objs, err := client.Client.DRS().ListObjects(context.Background(), 1000, 1)
-		if err != nil {
-			return err
-		}
-
-		for _, drsObj := range objs.DrsObjects {
-			if err := common.PrintDRSObject(drsObj, pretty); err != nil {
-				return err
-			}
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-	Cmd.Flags().BoolVarP(&pretty, "pretty", "p", false, "pretty print JSON output")
-}
diff --git a/cmd/lsfiles/main.go b/cmd/lsfiles/main.go
index 96c3dfd1..5da58516 100644
--- a/cmd/lsfiles/main.go
+++ b/cmd/lsfiles/main.go
@@ -1,8 +1,10 @@
 package lsfiles
 
 import (
+	"encoding/json"
 	"fmt"
 	"log/slog"
+	"os"
 	"sort"
 	"strings"
 
@@ -10,11 +12,18 @@ import (
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/drsremote"
 	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/pathspec"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
 	"github.com/spf13/cobra"
 )
 
 var gitRemote string
 var drsRemote string
+var includePatterns []string
+var showLong bool
+var nameOnly bool
+var jsonOutput bool
+var drsStatus bool
 
 var (
 	loadConfig      = config.LoadConfig
@@ -22,34 +31,46 @@ var (
 	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
 		return cfg.GetRemoteClient(remote, logger)
 	}
-	loadLFSInventory    = lfs.GetAllLfsFiles
-	lookupScopedObjects = drsremote.ObjectsByHashForScope
+	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		if len(branches) == 0 {
+			return lfs.GetTrackedLfsFiles(logger)
+		}
+		return lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
+	}
+	lookupScopedObjectsBatch = drsremote.ObjectsByHashesForScope
 )
 
 type fileRow struct {
-	OID    string
-	Status string
-	Path   string
-	Detail string
+	OID        string   `json:"oid"`
+	ShortOID   string   `json:"short_oid"`
+	Status     string   `json:"status"`
+	Path       string   `json:"path"`
+	Localized  bool     `json:"localized"`
+	Registered bool     `json:"registered,omitempty"`
+	DRSIDs     []string `json:"drs_ids,omitempty"`
+	Detail     string   `json:"detail,omitempty"`
 }
 
-func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string) ([]fileRow, error) {
+func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string, patterns []string, resolveDRS bool) ([]fileRow, error) {
 	logger := drslog.GetLogger()
 
-	cfg, err := loadConfig()
-	if err != nil {
-		return nil, err
-	}
+	var client *config.GitContext
+	if resolveDRS {
+		cfg, err := loadConfig()
+		if err != nil {
+			return nil, err
+		}
 
-	remoteName, err := resolveRemote(cfg, drsRemoteName)
-	if err != nil {
-		logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-		return nil, err
-	}
+		remoteName, err := resolveRemote(cfg, drsRemoteName)
+		if err != nil {
+			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
+			return nil, err
+		}
 
-	client, err := newRemoteClient(cfg, remoteName, logger)
-	if err != nil {
-		return nil, err
+		client, err = newRemoteClient(cfg, remoteName, logger)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, []string{}, logger)
@@ -64,28 +85,60 @@ func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string) ([]fil
 	sort.Strings(keys)
 
 	rows := make([]fileRow, 0, len(keys))
+	var drsResults map[string][]drsapi.DrsObject
+	var drsLookupErr error
+	if resolveDRS {
+		oids := make([]string, 0, len(keys))
+		seenOIDs := make(map[string]struct{}, len(keys))
+		for _, path := range keys {
+			if !pathspec.MatchesAny(path, patterns) {
+				continue
+			}
+			oid := lfsFiles[path].Oid
+			if oid == "" {
+				continue
+			}
+			if _, exists := seenOIDs[oid]; exists {
+				continue
+			}
+			seenOIDs[oid] = struct{}{}
+			oids = append(oids, oid)
+		}
+		drsResults, drsLookupErr = lookupScopedObjectsBatch(cmd.Context(), client, oids)
+	}
 	for _, path := range keys {
+		if !pathspec.MatchesAny(path, patterns) {
+			continue
+		}
 		info := lfsFiles[path]
 		row := fileRow{
-			OID:  info.Oid,
-			Path: path,
+			OID:       info.Oid,
+			ShortOID:  shortOID(info.Oid),
+			Path:      path,
+			Localized: isLocalized(path),
+		}
+		row.Status = "-"
+		if row.Localized {
+			row.Status = "*"
 		}
 
-		results, err := lookupScopedObjects(cmd.Context(), client, info.Oid)
-		switch {
-		case err != nil:
-			row.Status = "error"
-			row.Detail = err.Error()
-		case len(results) == 0:
-			row.Status = "missing"
-			row.Detail = "-"
-		default:
-			row.Status = "present"
-			ids := make([]string, 0, len(results))
-			for _, res := range results {
-				ids = append(ids, "drs://"+res.Id)
+		if resolveDRS {
+			switch {
+			case drsLookupErr != nil:
+				row.Detail = drsLookupErr.Error()
+			default:
+				results := drsResults[info.Oid]
+				if len(results) == 0 {
+					row.Registered = false
+					break
+				}
+				row.Registered = true
+				row.DRSIDs = make([]string, 0, len(results))
+				for _, res := range results {
+					row.DRSIDs = append(row.DRSIDs, "drs://"+res.Id)
+				}
+				row.Detail = strings.Join(row.DRSIDs, ",")
 			}
-			row.Detail = strings.Join(ids, ",")
 		}
 
 		rows = append(rows, row)
@@ -95,23 +148,80 @@ func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string) ([]fil
 }
 
 func printRows(cmd *cobra.Command, rows []fileRow) error {
-	if _, err := fmt.Fprintf(cmd.OutOrStdout(), "OID\tSTATUS\tPATH\tDETAIL\n"); err != nil {
-		return err
+	if jsonOutput {
+		enc := json.NewEncoder(cmd.OutOrStdout())
+		enc.SetIndent("", "  ")
+		return enc.Encode(rows)
 	}
 	for _, row := range rows {
-		if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s\t%s\t%s\t%s\n", row.OID, row.Status, row.Path, row.Detail); err != nil {
-			return err
+		switch {
+		case nameOnly:
+			if _, err := fmt.Fprintln(cmd.OutOrStdout(), row.Path); err != nil {
+				return err
+			}
+		case drsStatus:
+			oid := row.ShortOID
+			if showLong {
+				oid = row.OID
+			}
+			detail := row.Detail
+			if detail == "" {
+				detail = "-"
+			}
+			if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\t%s\n", oid, row.Status, row.Path, detail); err != nil {
+				return err
+			}
+		default:
+			oid := row.ShortOID
+			if showLong {
+				oid = row.OID
+			}
+			if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\n", oid, row.Status, row.Path); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
 }
 
+func shortOID(oid string) string {
+	if len(oid) <= 10 {
+		return oid
+	}
+	return oid[:10]
+}
+
+func isLocalized(path string) bool {
+	payload, err := os.ReadFile(path)
+	if err != nil {
+		return false
+	}
+	_, _, ok := lfs.ParseLFSPointer(payload)
+	return !ok
+}
+
+func validateOutputFlags() error {
+	if nameOnly && jsonOutput {
+		return fmt.Errorf("--name-only and --json are mutually exclusive")
+	}
+	if showLong && nameOnly {
+		return fmt.Errorf("--long and --name-only are mutually exclusive")
+	}
+	return nil
+}
+
 // Cmd line declaration
 var Cmd = &cobra.Command{
-	Use:   "ls-files",
-	Short: "List local LFS-tracked files and their DRS registration status",
+	Use:   "ls-files [pathspec...]",
+	Short: "List tracked DRS/LFS pointer files in the repository",
+	Long:  "List tracked DRS/Git-LFS pointer files in the repository. By default this behaves like a local file inventory. Use --drs to also resolve DRS registration status.",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		rows, err := collectRows(cmd, gitRemote, drsRemote)
+		if err := validateOutputFlags(); err != nil {
+			return err
+		}
+		patterns := append([]string{}, includePatterns...)
+		patterns = append(patterns, args...)
+		rows, err := collectRows(cmd, gitRemote, drsRemote, patterns, drsStatus)
 		if err != nil {
 			return err
 		}
@@ -122,4 +232,9 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.Flags().StringVarP(&gitRemote, "git-remote", "r", "", "target remote Git server (default: origin)")
 	Cmd.Flags().StringVarP(&drsRemote, "drs-remote", "d", "", "target remote DRS server (default: origin)")
+	Cmd.Flags().StringArrayVarP(&includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+	Cmd.Flags().BoolVarP(&showLong, "long", "l", false, "show full object IDs")
+	Cmd.Flags().BoolVarP(&nameOnly, "name-only", "n", false, "show only file paths")
+	Cmd.Flags().BoolVar(&jsonOutput, "json", false, "emit JSON output")
+	Cmd.Flags().BoolVar(&drsStatus, "drs", false, "include DRS registration lookup details")
 }
diff --git a/cmd/lsfiles/main_test.go b/cmd/lsfiles/main_test.go
index 492b0b4f..1daab41b 100644
--- a/cmd/lsfiles/main_test.go
+++ b/cmd/lsfiles/main_test.go
@@ -5,6 +5,8 @@ import (
 	"context"
 	"errors"
 	"log/slog"
+	"os"
+	"path/filepath"
 	"strings"
 	"testing"
 
@@ -14,18 +16,108 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func TestCollectRowsAndPrintRows(t *testing.T) {
+func resetFlagsForTest() {
+	gitRemote = ""
+	drsRemote = ""
+	includePatterns = nil
+	showLong = false
+	nameOnly = false
+	jsonOutput = false
+	drsStatus = false
+}
+
+func TestCollectRowsLocalDefault(t *testing.T) {
+	resetFlagsForTest()
+
+	oldLoadLFSInventory := loadLFSInventory
+	oldLookupScopedObjectsBatch := lookupScopedObjectsBatch
+	t.Cleanup(func() {
+		loadLFSInventory = oldLoadLFSInventory
+		lookupScopedObjectsBatch = oldLookupScopedObjectsBatch
+	})
+
+	tmpDir := t.TempDir()
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(tmpDir); err != nil {
+		t.Fatalf("chdir tempdir: %v", err)
+	}
+	t.Cleanup(func() {
+		_ = os.Chdir(oldWD)
+	})
+
+	localizedPath := filepath.Join("a", "localized.bin")
+	pointerPath := filepath.Join("b", "pointer.bin")
+	if err := os.MkdirAll(filepath.Dir(localizedPath), 0o755); err != nil {
+		t.Fatalf("mkdir localized dir: %v", err)
+	}
+	if err := os.MkdirAll(filepath.Dir(pointerPath), 0o755); err != nil {
+		t.Fatalf("mkdir pointer dir: %v", err)
+	}
+	if err := os.WriteFile(localizedPath, []byte("hydrated-bytes"), 0o644); err != nil {
+		t.Fatalf("write localized file: %v", err)
+	}
+	pointerContent := "version https://git-lfs.github.com/spec/v1\noid sha256:" + strings.Repeat("b", 64) + "\nsize 12\n"
+	if err := os.WriteFile(pointerPath, []byte(pointerContent), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+
+	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		return map[string]lfs.LfsFileInfo{
+			localizedPath: {Name: localizedPath, Oid: strings.Repeat("a", 64)},
+			pointerPath:   {Name: pointerPath, Oid: strings.Repeat("b", 64)},
+		}, nil
+	}
+	lookupScopedObjectsBatch = func(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+		t.Fatalf("unexpected remote lookup for checksums %v", checksums)
+		return nil, nil
+	}
+
+	cmd := &cobra.Command{}
+	rows, err := collectRows(cmd, "", "", nil, false)
+	if err != nil {
+		t.Fatalf("collectRows returned error: %v", err)
+	}
+	if len(rows) != 2 {
+		t.Fatalf("expected 2 rows, got %d", len(rows))
+	}
+	if rows[0].Path != localizedPath || rows[0].Status != "*" || !rows[0].Localized {
+		t.Fatalf("unexpected localized row: %+v", rows[0])
+	}
+	if rows[1].Path != pointerPath || rows[1].Status != "-" || rows[1].Localized {
+		t.Fatalf("unexpected pointer row: %+v", rows[1])
+	}
+
+	var out bytes.Buffer
+	cmd.SetOut(&out)
+	if err := printRows(cmd, rows); err != nil {
+		t.Fatalf("printRows returned error: %v", err)
+	}
+	got := out.String()
+	if !strings.Contains(got, rows[0].ShortOID+" * "+localizedPath+"\n") {
+		t.Fatalf("missing localized row: %q", got)
+	}
+	if !strings.Contains(got, rows[1].ShortOID+" - "+pointerPath+"\n") {
+		t.Fatalf("missing pointer row: %q", got)
+	}
+}
+
+func TestCollectRowsWithDRSLookupAndFilters(t *testing.T) {
+	resetFlagsForTest()
+
 	oldLoadConfig := loadConfig
 	oldResolveRemote := resolveRemote
 	oldNewRemoteClient := newRemoteClient
 	oldLoadLFSInventory := loadLFSInventory
-	oldLookupScopedObjects := lookupScopedObjects
+	oldLookupScopedObjectsBatch := lookupScopedObjectsBatch
 	t.Cleanup(func() {
 		loadConfig = oldLoadConfig
 		resolveRemote = oldResolveRemote
 		newRemoteClient = oldNewRemoteClient
 		loadLFSInventory = oldLoadLFSInventory
-		lookupScopedObjects = oldLookupScopedObjects
+		lookupScopedObjectsBatch = oldLookupScopedObjectsBatch
 	})
 
 	loadConfig = func() (*config.Config, error) {
@@ -37,58 +129,119 @@ func TestCollectRowsAndPrintRows(t *testing.T) {
 	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
 		return &config.GitContext{}, nil
 	}
+
 	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
 		return map[string]lfs.LfsFileInfo{
-			"b/file2.bin": {Name: "b/file2.bin", Oid: strings.Repeat("b", 64)},
-			"a/file1.bin": {Name: "a/file1.bin", Oid: strings.Repeat("a", 64)},
-			"c/file3.bin": {Name: "c/file3.bin", Oid: strings.Repeat("c", 64)},
+			"a/file1.bin":    {Name: "a/file1.bin", Oid: strings.Repeat("a", 64)},
+			"data/file2.bam": {Name: "data/file2.bam", Oid: strings.Repeat("b", 64)},
+			"data/file3.txt": {Name: "data/file3.txt", Oid: strings.Repeat("c", 64)},
 		}, nil
 	}
-	lookupScopedObjects = func(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) {
-		switch checksum {
-		case strings.Repeat("a", 64):
-			return []drsapi.DrsObject{{Id: "did-1"}}, nil
-		case strings.Repeat("b", 64):
-			return nil, nil
-		default:
-			return nil, errors.New("lookup failed")
+	lookupScopedObjectsBatch = func(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+		got := map[string][]drsapi.DrsObject{}
+		for _, checksum := range checksums {
+			switch checksum {
+			case strings.Repeat("b", 64):
+				got[checksum] = []drsapi.DrsObject{{Id: "did-1"}}
+			default:
+				got[checksum] = nil
+			}
 		}
+		return got, nil
 	}
 
 	cmd := &cobra.Command{}
-	rows, err := collectRows(cmd, "", "")
+	rows, err := collectRows(cmd, "", "", []string{"data/**"}, true)
 	if err != nil {
 		t.Fatalf("collectRows returned error: %v", err)
 	}
-	if len(rows) != 3 {
-		t.Fatalf("expected 3 rows, got %d", len(rows))
+	if len(rows) != 2 {
+		t.Fatalf("expected 2 rows, got %d", len(rows))
 	}
-	if rows[0].Path != "a/file1.bin" || rows[0].Status != "present" || rows[0].Detail != "drs://did-1" {
-		t.Fatalf("unexpected first row: %+v", rows[0])
+	if rows[0].Path != "data/file2.bam" || !rows[0].Registered || rows[0].Detail != "drs://did-1" {
+		t.Fatalf("unexpected registered row: %+v", rows[0])
 	}
-	if rows[1].Path != "b/file2.bin" || rows[1].Status != "missing" || rows[1].Detail != "-" {
-		t.Fatalf("unexpected second row: %+v", rows[1])
-	}
-	if rows[2].Path != "c/file3.bin" || rows[2].Status != "error" || rows[2].Detail != "lookup failed" {
-		t.Fatalf("unexpected third row: %+v", rows[2])
+	if rows[1].Path != "data/file3.txt" || rows[1].Registered || rows[1].Detail != "" {
+		t.Fatalf("unexpected unregistered row: %+v", rows[1])
 	}
 
+	drsStatus = true
+	showLong = true
 	var out bytes.Buffer
 	cmd.SetOut(&out)
 	if err := printRows(cmd, rows); err != nil {
 		t.Fatalf("printRows returned error: %v", err)
 	}
 	got := out.String()
-	if !strings.Contains(got, "OID\tSTATUS\tPATH\tDETAIL\n") {
-		t.Fatalf("missing header in output: %q", got)
+	if !strings.Contains(got, rows[0].OID+" - data/file2.bam\tdrs://did-1\n") {
+		t.Fatalf("missing registered row: %q", got)
 	}
-	if !strings.Contains(got, rows[0].OID+"\tpresent\ta/file1.bin\tdrs://did-1\n") {
-		t.Fatalf("missing present row: %q", got)
+	if !strings.Contains(got, rows[1].OID+" - data/file3.txt\t-\n") {
+		t.Fatalf("missing unregistered row: %q", got)
 	}
-	if !strings.Contains(got, rows[1].OID+"\tmissing\tb/file2.bin\t-\n") {
-		t.Fatalf("missing missing row: %q", got)
+}
+
+func TestCollectRowsWithDRSLookupBatchError(t *testing.T) {
+	resetFlagsForTest()
+
+	oldLoadConfig := loadConfig
+	oldResolveRemote := resolveRemote
+	oldNewRemoteClient := newRemoteClient
+	oldLoadLFSInventory := loadLFSInventory
+	oldLookupScopedObjectsBatch := lookupScopedObjectsBatch
+	t.Cleanup(func() {
+		loadConfig = oldLoadConfig
+		resolveRemote = oldResolveRemote
+		newRemoteClient = oldNewRemoteClient
+		loadLFSInventory = oldLoadLFSInventory
+		lookupScopedObjectsBatch = oldLookupScopedObjectsBatch
+	})
+
+	loadConfig = func() (*config.Config, error) { return &config.Config{}, nil }
+	resolveRemote = func(cfg *config.Config, name string) (config.Remote, error) {
+		return config.Remote("origin"), nil
 	}
-	if !strings.Contains(got, rows[2].OID+"\terror\tc/file3.bin\tlookup failed\n") {
-		t.Fatalf("missing error row: %q", got)
+	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
+		return &config.GitContext{}, nil
+	}
+	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		return map[string]lfs.LfsFileInfo{
+			"data/file2.bam": {Name: "data/file2.bam", Oid: strings.Repeat("b", 64)},
+			"data/file3.txt": {Name: "data/file3.txt", Oid: strings.Repeat("c", 64)},
+		}, nil
+	}
+	lookupScopedObjectsBatch = func(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+		return nil, errors.New("lookup failed")
+	}
+
+	cmd := &cobra.Command{}
+	rows, err := collectRows(cmd, "", "", []string{"data/**"}, true)
+	if err != nil {
+		t.Fatalf("collectRows returned error: %v", err)
+	}
+	if len(rows) != 2 {
+		t.Fatalf("expected 2 rows, got %d", len(rows))
+	}
+	for _, row := range rows {
+		if row.Detail != "lookup failed" {
+			t.Fatalf("expected shared batch lookup error, got row=%+v", row)
+		}
+	}
+}
+
+func TestValidateOutputFlags(t *testing.T) {
+	resetFlagsForTest()
+
+	nameOnly = true
+	jsonOutput = true
+	if err := validateOutputFlags(); err == nil {
+		t.Fatal("expected name-only/json conflict")
+	}
+
+	resetFlagsForTest()
+	nameOnly = true
+	showLong = true
+	if err := validateOutputFlags(); err == nil {
+		t.Fatal("expected long/name-only conflict")
 	}
 }
diff --git a/cmd/ping/main.go b/cmd/ping/main.go
new file mode 100644
index 00000000..e02d070f
--- /dev/null
+++ b/cmd/ping/main.go
@@ -0,0 +1,137 @@
+package ping
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/spf13/cobra"
+)
+
+type statusInfo struct {
+	Remote        config.Remote
+	IsDefault     bool
+	RemoteType    string
+	Endpoint      string
+	Organization  string
+	Project       string
+	Bucket        string
+	StoragePrefix string
+	AuthMode      string
+}
+
+var pingHealth = func(ctx context.Context, gc *config.GitContext) error {
+	return gc.Client.Health().Ping(ctx)
+}
+
+var Cmd = &cobra.Command{
+	Use:   "ping [remote-name]",
+	Short: "Show effective remote setup and verify the remote responds",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) > 1 {
+			cmd.SilenceUsage = false
+			return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs ping --help' for more details", len(args), cmd.UseLine())
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		logger := drslog.GetLogger()
+		status, gc, err := resolveStatus(args, logger)
+		if err != nil {
+			return err
+		}
+		printStatus(status)
+
+		if err := pingHealth(cmd.Context(), gc); err != nil {
+			return fmt.Errorf("remote health check failed for %q (%s): %w", status.Remote, status.Endpoint, err)
+		}
+		fmt.Println("health: ok")
+		return nil
+	},
+}
+
+func resolveStatus(args []string, logger *slog.Logger) (statusInfo, *config.GitContext, error) {
+	cfg, err := config.LoadConfig()
+	if err != nil {
+		return statusInfo{}, nil, err
+	}
+
+	var remoteArg string
+	if len(args) == 1 {
+		remoteArg = args[0]
+	}
+	remoteName, err := cfg.GetRemoteOrDefault(remoteArg)
+	if err != nil {
+		return statusInfo{}, nil, err
+	}
+
+	remoteCfg := cfg.GetRemote(remoteName)
+	if remoteCfg == nil {
+		return statusInfo{}, nil, fmt.Errorf("no remote configuration found for %q", remoteName)
+	}
+
+	gc, err := cfg.GetRemoteClient(remoteName, logger)
+	if err != nil {
+		return statusInfo{}, nil, err
+	}
+
+	status := statusInfo{
+		Remote:        remoteName,
+		IsDefault:     remoteName == cfg.DefaultRemote,
+		Endpoint:      remoteCfg.GetEndpoint(),
+		Organization:  remoteCfg.GetOrganization(),
+		Project:       remoteCfg.GetProjectId(),
+		Bucket:        gc.BucketName,
+		StoragePrefix: gc.StoragePrefix,
+		AuthMode:      authMode(gc),
+	}
+	switch remoteCfg.(type) {
+	case *config.Gen3Remote:
+		status.RemoteType = string(config.Gen3ServerType)
+	case *config.LocalRemote:
+		status.RemoteType = string(config.LocalServerType)
+	default:
+		status.RemoteType = "unknown"
+	}
+
+	return status, gc, nil
+}
+
+func printStatus(status statusInfo) {
+	def := ""
+	if status.IsDefault {
+		def = " (default)"
+	}
+	fmt.Printf("remote: %s%s\n", status.Remote, def)
+	fmt.Printf("type: %s\n", status.RemoteType)
+	fmt.Printf("endpoint: %s\n", status.Endpoint)
+	fmt.Printf("organization: %s\n", blankIfEmpty(status.Organization))
+	fmt.Printf("project: %s\n", blankIfEmpty(status.Project))
+	fmt.Printf("bucket: %s\n", blankIfEmpty(status.Bucket))
+	fmt.Printf("storage_prefix: %s\n", blankIfEmpty(status.StoragePrefix))
+	fmt.Printf("auth: %s\n", status.AuthMode)
+}
+
+func authMode(gc *config.GitContext) string {
+	if gc == nil || gc.Credential == nil {
+		return "none"
+	}
+	if strings.TrimSpace(gc.Credential.AccessToken) != "" {
+		return "bearer"
+	}
+	if strings.TrimSpace(gc.Credential.KeyID) != "" || strings.TrimSpace(gc.Credential.APIKey) != "" {
+		return "basic"
+	}
+	return "none"
+}
+
+func blankIfEmpty(v string) string {
+	v = strings.TrimSpace(v)
+	if v == "" {
+		return "-"
+	}
+	return v
+}
diff --git a/cmd/ping/main_test.go b/cmd/ping/main_test.go
new file mode 100644
index 00000000..8efff3c7
--- /dev/null
+++ b/cmd/ping/main_test.go
@@ -0,0 +1,132 @@
+package ping
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/testutils"
+)
+
+func TestPingCmdArgs(t *testing.T) {
+	if err := Cmd.Args(Cmd, nil); err != nil {
+		t.Fatalf("unexpected error with no args: %v", err)
+	}
+	if err := Cmd.Args(Cmd, []string{"origin"}); err != nil {
+		t.Fatalf("unexpected error with one arg: %v", err)
+	}
+	if err := Cmd.Args(Cmd, []string{"origin", "extra"}); err == nil {
+		t.Fatal("expected error for extra args")
+	}
+}
+
+func TestResolveStatusLocalRemote(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: config.Remote(config.ORIGIN),
+		Remotes: map[config.Remote]config.RemoteSelect{
+			config.Remote(config.ORIGIN): {
+				Local: &config.LocalRemote{
+					BaseURL:       "http://127.0.0.1:8080",
+					ProjectID:     "end_to_end_test",
+					Bucket:        "cbds",
+					Organization:  "calypr",
+					BasicUsername: "drs-user",
+					BasicPassword: "drs-pass",
+				},
+			},
+		},
+	})
+	if err := gitrepo.SetBucketMapping("calypr", "end_to_end_test", "cbds", "prefix"); err != nil {
+		t.Fatalf("SetBucketMapping failed: %v", err)
+	}
+
+	status, _, err := resolveStatus(nil, drslog.NewNoOpLogger())
+	if err != nil {
+		t.Fatalf("resolveStatus returned error: %v", err)
+	}
+	if status.Remote != "origin" || !status.IsDefault {
+		t.Fatalf("unexpected remote selection: %+v", status)
+	}
+	if status.RemoteType != "local" || status.Endpoint != "http://127.0.0.1:8080" {
+		t.Fatalf("unexpected remote type/endpoint: %+v", status)
+	}
+	if status.Organization != "calypr" || status.Project != "end_to_end_test" {
+		t.Fatalf("unexpected scope: %+v", status)
+	}
+	if status.Bucket != "cbds" || status.StoragePrefix != "prefix" {
+		t.Fatalf("unexpected bucket scope: %+v", status)
+	}
+	if status.AuthMode != "none" {
+		t.Fatalf("expected auth mode none from client credential shape, got %+v", status)
+	}
+}
+
+func TestPingRunEPrintsStatusAndHealth(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: config.Remote(config.ORIGIN),
+		Remotes: map[config.Remote]config.RemoteSelect{
+			config.Remote(config.ORIGIN): {
+				Local: &config.LocalRemote{
+					BaseURL:      "http://127.0.0.1:8080",
+					ProjectID:    "end_to_end_test",
+					Bucket:       "cbds",
+					Organization: "calypr",
+				},
+			},
+		},
+	})
+	if err := gitrepo.SetBucketMapping("calypr", "end_to_end_test", "cbds", "prefix"); err != nil {
+		t.Fatalf("SetBucketMapping failed: %v", err)
+	}
+
+	oldHealth := pingHealth
+	pingHealth = func(ctx context.Context, gc *config.GitContext) error {
+		if gc == nil || gc.ProjectId != "end_to_end_test" {
+			t.Fatalf("unexpected git context: %+v", gc)
+		}
+		return nil
+	}
+	t.Cleanup(func() { pingHealth = oldHealth })
+
+	oldStdout := os.Stdout
+	r, w, err := os.Pipe()
+	if err != nil {
+		t.Fatalf("pipe: %v", err)
+	}
+	os.Stdout = w
+	t.Cleanup(func() { os.Stdout = oldStdout })
+
+	runErr := Cmd.RunE(Cmd, nil)
+	_ = w.Close()
+	if runErr != nil {
+		t.Fatalf("Cmd.RunE returned error: %v", runErr)
+	}
+
+	var buf bytes.Buffer
+	if _, err := io.Copy(&buf, r); err != nil {
+		t.Fatalf("read stdout: %v", err)
+	}
+	got := buf.String()
+	for _, want := range []string{
+		"remote: origin (default)",
+		"type: local",
+		"endpoint: http://127.0.0.1:8080",
+		"organization: calypr",
+		"project: end_to_end_test",
+		"bucket: cbds",
+		"storage_prefix: prefix",
+		"health: ok",
+	} {
+		if !strings.Contains(got, want) {
+			t.Fatalf("expected output to contain %q, got %q", want, got)
+		}
+	}
+}
diff --git a/cmd/precommit/main.go b/cmd/precommit/main.go
index ac2f3047..53ca5a12 100644
--- a/cmd/precommit/main.go
+++ b/cmd/precommit/main.go
@@ -26,6 +26,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"sort"
+	"strconv"
 	"strings"
 	"time"
 
@@ -33,8 +34,14 @@ import (
 )
 
 const (
-	cacheVersionDir = "drs/pre-commit/v1"
-	lfsSpecLine     = "version https://git-lfs.github.com/spec/v1"
+	cacheVersionDir                     = "drs/pre-commit/v1"
+	lfsSpecLine                         = "version https://git-lfs.github.com/spec/v1"
+	defaultDirectCommitWarningThreshold = int64(10 * 1024 * 1024)
+)
+
+var (
+	directCommitWarningThresholdBytes = defaultDirectCommitWarningThreshold
+	confirmOversizedDirectGitCommit   = promptOversizedDirectGitCommit
 )
 
 type PathEntry struct {
@@ -67,6 +74,11 @@ type Change struct {
 	Status  string // raw status, e.g. "A", "M", "D", "R100"
 }
 
+type OversizedStagedFile struct {
+	Path string
+	Size int64
+}
+
 // Cmd line declaration
 var Cmd = &cobra.Command{
 	Use:   "precommit",
@@ -114,6 +126,19 @@ func run(ctx context.Context) error {
 	if len(changes) == 0 {
 		return nil
 	}
+	oversized, err := collectOversizedPlainGitStagedFiles(ctx, changes, directCommitWarningThresholdBytes)
+	if err != nil {
+		return err
+	}
+	if len(oversized) > 0 {
+		allowed, err := confirmOversizedDirectGitCommit(oversized)
+		if err != nil {
+			return err
+		}
+		if !allowed {
+			return fmt.Errorf("commit aborted so you can track large files before committing them directly to Git")
+		}
+	}
 
 	now := time.Now().UTC().Format(time.RFC3339)
 
@@ -349,6 +374,92 @@ func stagedLFSOID(ctx context.Context, path string) (string, bool, error) {
 	return "", false, nil
 }
 
+func stagedBlobSize(ctx context.Context, path string) (int64, error) {
+	out, err := git(ctx, "cat-file", "-s", ":"+path)
+	if err != nil {
+		return 0, err
+	}
+	size, err := strconv.ParseInt(strings.TrimSpace(string(out)), 10, 64)
+	if err != nil {
+		return 0, fmt.Errorf("parse staged blob size for %s: %w", path, err)
+	}
+	return size, nil
+}
+
+func collectOversizedPlainGitStagedFiles(ctx context.Context, changes []Change, thresholdBytes int64) ([]OversizedStagedFile, error) {
+	if thresholdBytes <= 0 {
+		return nil, nil
+	}
+	var oversized []OversizedStagedFile
+	seen := make(map[string]struct{})
+	for _, ch := range changes {
+		if ch.Kind != KindAdd && ch.Kind != KindModify && ch.Kind != KindRename {
+			continue
+		}
+		path := ch.NewPath
+		if path == "" {
+			continue
+		}
+		if _, ok := seen[path]; ok {
+			continue
+		}
+		seen[path] = struct{}{}
+
+		_, isLFS, err := stagedLFSOID(ctx, path)
+		if err != nil {
+			continue
+		}
+		if isLFS {
+			continue
+		}
+
+		size, err := stagedBlobSize(ctx, path)
+		if err != nil {
+			return nil, err
+		}
+		if size <= thresholdBytes {
+			continue
+		}
+		oversized = append(oversized, OversizedStagedFile{Path: path, Size: size})
+	}
+	sort.Slice(oversized, func(i, j int) bool { return oversized[i].Path < oversized[j].Path })
+	return oversized, nil
+}
+
+func promptOversizedDirectGitCommit(files []OversizedStagedFile) (bool, error) {
+	if len(files) == 0 {
+		return true, nil
+	}
+
+	fmt.Fprintf(os.Stderr, "\nWarning: the following staged files are being committed directly to Git and exceed %s:\n\n", humanBytes(directCommitWarningThresholdBytes))
+	for _, f := range files {
+		fmt.Fprintf(os.Stderr, "  - %s (%s)\n", f.Path, humanBytes(f.Size))
+	}
+	fmt.Fprintln(os.Stderr, "\nIf these should be managed by git-drs, track them first and re-add them.")
+	fmt.Fprint(os.Stderr, "Continue committing these files directly to GitHub? [y/N]: ")
+
+	reader := bufio.NewReader(os.Stdin)
+	line, err := reader.ReadString('\n')
+	if err != nil && !errors.Is(err, io.EOF) {
+		return false, err
+	}
+	answer := strings.ToLower(strings.TrimSpace(line))
+	return answer == "y" || answer == "yes", nil
+}
+
+func humanBytes(n int64) string {
+	const unit = int64(1024)
+	if n < unit {
+		return fmt.Sprintf("%d B", n)
+	}
+	div, exp := unit, 0
+	for q := n / unit; q >= unit; q /= unit {
+		div *= unit
+		exp++
+	}
+	return fmt.Sprintf("%.1f %ciB", float64(n)/float64(div), "KMGTPE"[exp])
+}
+
 func gitRevParseGitDir(ctx context.Context) (string, error) {
 	out, err := git(ctx, "rev-parse", "--git-dir")
 	if err != nil {
diff --git a/cmd/precommit/main_test.go b/cmd/precommit/main_test.go
index 8a0fb0c6..5ee5cc9a 100644
--- a/cmd/precommit/main_test.go
+++ b/cmd/precommit/main_test.go
@@ -114,6 +114,85 @@ func TestHandleUpsertWritesLFSPointerCache(t *testing.T) {
 	}
 }
 
+func TestCollectOversizedPlainGitStagedFiles(t *testing.T) {
+	repo := setupGitRepo(t)
+	oldwd := mustChdir(t, repo)
+	t.Cleanup(func() { _ = os.Chdir(oldwd) })
+
+	plainPath := filepath.Join(repo, "data", "large.bin")
+	if err := os.MkdirAll(filepath.Dir(plainPath), 0o755); err != nil {
+		t.Fatalf("mkdir: %v", err)
+	}
+	if err := os.WriteFile(plainPath, []byte("plain oversized payload"), 0o644); err != nil {
+		t.Fatalf("write plain file: %v", err)
+	}
+	gitCmd(t, repo, "add", "data/large.bin")
+
+	pointerPath := filepath.Join(repo, "data", "pointer.bin")
+	lfsPointer := strings.Join([]string{
+		"version https://git-lfs.github.com/spec/v1",
+		"oid sha256:deadbeef",
+		"size 999",
+		"",
+	}, "\n")
+	if err := os.WriteFile(pointerPath, []byte(lfsPointer), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+	gitCmd(t, repo, "add", "data/pointer.bin")
+
+	changes, err := stagedChanges(context.Background())
+	if err != nil {
+		t.Fatalf("stagedChanges: %v", err)
+	}
+	files, err := collectOversizedPlainGitStagedFiles(context.Background(), changes, 1)
+	if err != nil {
+		t.Fatalf("collectOversizedPlainGitStagedFiles: %v", err)
+	}
+	if len(files) != 1 {
+		t.Fatalf("expected 1 oversized plain file, got %d: %+v", len(files), files)
+	}
+	if files[0].Path != "data/large.bin" {
+		t.Fatalf("unexpected oversized file path: %+v", files[0])
+	}
+}
+
+func TestRunAbortsWhenOversizedPlainGitCommitIsRejected(t *testing.T) {
+	repo := setupGitRepo(t)
+	oldwd := mustChdir(t, repo)
+	t.Cleanup(func() { _ = os.Chdir(oldwd) })
+
+	path := filepath.Join(repo, "data", "large.bin")
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		t.Fatalf("mkdir: %v", err)
+	}
+	if err := os.WriteFile(path, []byte("plain oversized payload"), 0o644); err != nil {
+		t.Fatalf("write file: %v", err)
+	}
+	gitCmd(t, repo, "add", "data/large.bin")
+
+	oldThreshold := directCommitWarningThresholdBytes
+	oldPrompt := confirmOversizedDirectGitCommit
+	t.Cleanup(func() {
+		directCommitWarningThresholdBytes = oldThreshold
+		confirmOversizedDirectGitCommit = oldPrompt
+	})
+	directCommitWarningThresholdBytes = 1
+	confirmOversizedDirectGitCommit = func(files []OversizedStagedFile) (bool, error) {
+		if len(files) != 1 || files[0].Path != "data/large.bin" {
+			t.Fatalf("unexpected prompt files: %+v", files)
+		}
+		return false, nil
+	}
+
+	err := run(context.Background())
+	if err == nil {
+		t.Fatal("expected run to abort when oversized file warning is rejected")
+	}
+	if !strings.Contains(err.Error(), "commit aborted") {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
 func setupGitRepo(t *testing.T) string {
 	t.Helper()
 	dir := t.TempDir()
diff --git a/cmd/prepush/io_helpers.go b/cmd/prepush/io_helpers.go
new file mode 100644
index 00000000..75dee003
--- /dev/null
+++ b/cmd/prepush/io_helpers.go
@@ -0,0 +1,27 @@
+package prepush
+
+import (
+	"fmt"
+	"io"
+	"os"
+)
+
+func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) {
+	tmp, err := createTempFile("", "prepush-stdin-*")
+	if err != nil {
+		return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
+	}
+
+	if _, err := io.Copy(tmp, stdin); err != nil {
+		_ = tmp.Close()
+		_ = os.Remove(tmp.Name())
+		return nil, fmt.Errorf("error buffering stdin: %w", err)
+	}
+
+	if _, err := tmp.Seek(0, 0); err != nil {
+		_ = tmp.Close()
+		_ = os.Remove(tmp.Name())
+		return nil, fmt.Errorf("error seeking temp stdin: %w", err)
+	}
+	return tmp, nil
+}
diff --git a/cmd/prepush/main.go b/cmd/prepush/main.go
index 9e2e841e..6ff4a411 100644
--- a/cmd/prepush/main.go
+++ b/cmd/prepush/main.go
@@ -1,7 +1,6 @@
 package prepush
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/base64"
@@ -18,6 +17,7 @@ import (
 
 	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drsdelete"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/drsmap"
 	"github.com/calypr/git-drs/internal/drsobject"
@@ -25,7 +25,6 @@ import (
 	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/calypr/git-drs/internal/precommit_cache"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	syfoncommon "github.com/calypr/syfon/common"
 	"github.com/spf13/cobra"
 )
 
@@ -86,6 +85,10 @@ func (s *PrePushService) Run(args []string, stdin io.Reader) error {
 		myLogger.Debug("Warning. Skipping DRS preparation. Error getting remote configuration.")
 		return nil
 	}
+	drsClient, err := cfg.GetRemoteClient(remote, myLogger)
+	if err != nil {
+		return err
+	}
 
 	scope, err := gitrepo.ResolveBucketScope(
 		remoteConfig.GetOrganization(),
@@ -117,6 +120,10 @@ func (s *PrePushService) Run(args []string, stdin io.Reader) error {
 		myLogger.Error(fmt.Sprintf("error reading pushed refs: %v", err))
 		return err
 	}
+	if _, err := drsdelete.ReconcileCommittedDeletes(ctx, drsClient, drsDeleteRefs(refs), myLogger); err != nil {
+		myLogger.Error(fmt.Sprintf("delete reconciliation failed: %v", err))
+		return err
+	}
 	branches := branchesFromRefs(refs)
 
 	cache, cacheReady := openCache(ctx, myLogger)
@@ -244,9 +251,6 @@ func toMetadataCandidate(c drsapi.DrsObjectCandidate) metadataCandidate {
 					URL: accURL,
 				},
 			}
-			if authzMap := syfoncommon.AuthzMapFromAccessMethodAuthorizations(am.Authorizations); len(authzMap) > 0 {
-				m.Authorizations = authzMap
-			}
 			out.AccessMethods = append(out.AccessMethods, m)
 		}
 	}
@@ -288,7 +292,7 @@ func submitPendingLFSMeta(ctx context.Context, remote config.Remote, endpoint st
 	if err != nil {
 		return fmt.Errorf("failed to create pending metadata request: %w", err)
 	}
-	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("Content-Type", "application/vnd.git-lfs+json")
 	httpReq.Header.Set("Accept", "application/vnd.git-lfs+json")
 	if authHeader, ok := resolveRemoteAuthHeader(string(remote)); ok {
 		httpReq.Header.Set("Authorization", authHeader)
@@ -350,87 +354,6 @@ func parseRemoteArgs(args []string) (string, string) {
 	return gitRemoteName, gitRemoteLocation
 }
 
-type pushedRef struct {
-	LocalRef  string
-	LocalSHA  string
-	RemoteRef string
-	RemoteSHA string
-}
-
-func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) {
-	tmp, err := createTempFile("", "prepush-stdin-*")
-	if err != nil {
-		return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
-	}
-
-	if _, err := io.Copy(tmp, stdin); err != nil {
-		_ = tmp.Close()
-		_ = os.Remove(tmp.Name())
-		return nil, fmt.Errorf("error buffering stdin: %w", err)
-	}
-
-	if _, err := tmp.Seek(0, 0); err != nil {
-		_ = tmp.Close()
-		_ = os.Remove(tmp.Name())
-		return nil, fmt.Errorf("error seeking temp stdin: %w", err)
-	}
-	return tmp, nil
-}
-
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) {
-	// Ensure we read from start
-	// example:
-	// refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	scanner := bufio.NewScanner(f)
-	refs := make([]pushedRef, 0)
-	for scanner.Scan() {
-		line := scanner.Text()
-		fields := strings.Fields(line)
-		if len(fields) < 4 {
-			continue
-		}
-		refs = append(refs, pushedRef{
-			LocalRef:  fields[0],
-			LocalSHA:  fields[1],
-			RemoteRef: fields[2],
-			RemoteSHA: fields[3],
-		})
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-	// Rewind so caller can reuse the file
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	return refs, nil
-}
-
-func branchesFromRefs(refs []pushedRef) []string {
-	const prefix = "refs/heads/"
-	set := make(map[string]struct{})
-	for _, ref := range refs {
-		if strings.HasPrefix(ref.LocalRef, prefix) {
-			branch := strings.TrimPrefix(ref.LocalRef, prefix)
-			if branch != "" {
-				set[branch] = struct{}{}
-			}
-		}
-	}
-	branches := make([]string, 0, len(set))
-	for b := range set {
-		branches = append(branches, b)
-	}
-	sort.Strings(branches)
-	return branches
-}
-
 func openCache(ctx context.Context, logger *slog.Logger) (*precommit_cache.Cache, bool) {
 	cache, err := precommit_cache.Open(ctx)
 	if err != nil {
@@ -561,45 +484,3 @@ func gitOutput(ctx context.Context, args ...string) (string, error) {
 	}
 	return string(out), nil
 }
-
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedBranches(f *os.File) ([]string, error) {
-	// Ensure we read from start
-	// example:
-	// refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	scanner := bufio.NewScanner(f)
-	set := make(map[string]struct{})
-	for scanner.Scan() {
-		line := scanner.Text()
-		fields := strings.Fields(line)
-		if len(fields) < 1 {
-			continue
-		}
-		localRef := fields[0]
-		const prefix = "refs/heads/"
-		if strings.HasPrefix(localRef, prefix) {
-			branch := strings.TrimPrefix(localRef, prefix)
-			if branch != "" {
-				set[branch] = struct{}{}
-			}
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-	branches := make([]string, 0, len(set))
-	for b := range set {
-		branches = append(branches, b)
-	}
-	sort.Strings(branches)
-	// Rewind so caller can reuse the file
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	return branches, nil
-}
diff --git a/cmd/prepush/main_test.go b/cmd/prepush/main_test.go
index 5fad785b..99b0a164 100644
--- a/cmd/prepush/main_test.go
+++ b/cmd/prepush/main_test.go
@@ -100,7 +100,7 @@ func TestLfsFilesFromCache(t *testing.T) {
 	}
 }
 
-func TestReadPushedBranches(t *testing.T) {
+func TestReadPushedRefsAndBranchesFromRefs(t *testing.T) {
 	tests := []struct {
 		name     string
 		input    string
@@ -145,12 +145,11 @@ func TestReadPushedBranches(t *testing.T) {
 				t.Fatalf("write temp: %v", err)
 			}
 
-			// readPushedBranches seeks to 0 itself, but we pass the *os.File
-			// which must be valid.
-			branches, err := readPushedBranches(tmp)
+			refs, err := readPushedRefs(tmp)
 			if err != nil {
-				t.Fatalf("readPushedBranches error: %v", err)
+				t.Fatalf("readPushedRefs error: %v", err)
 			}
+			branches := branchesFromRefs(refs)
 
 			if len(branches) != len(tt.expected) {
 				t.Errorf("expected %d branches, got %d: %v", len(tt.expected), len(branches), branches)
@@ -363,8 +362,8 @@ func TestSubmitPendingLFSMetaRequestWiring(t *testing.T) {
 	if gotAuth != "Bearer test-token" {
 		t.Fatalf("expected auth header, got %q", gotAuth)
 	}
-	if gotContentType != "application/json" {
-		t.Fatalf("expected content-type application/json, got %q", gotContentType)
+	if gotContentType != "application/vnd.git-lfs+json" {
+		t.Fatalf("expected content-type application/vnd.git-lfs+json, got %q", gotContentType)
 	}
 	if gotAccept != "application/vnd.git-lfs+json" {
 		t.Fatalf("expected accept header application/vnd.git-lfs+json, got %q", gotAccept)
diff --git a/cmd/prepush/pushed_refs.go b/cmd/prepush/pushed_refs.go
new file mode 100644
index 00000000..6db5298e
--- /dev/null
+++ b/cmd/prepush/pushed_refs.go
@@ -0,0 +1,76 @@
+package prepush
+
+import (
+	"bufio"
+	"io"
+	"sort"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/drsdelete"
+)
+
+type pushedRef struct {
+	LocalRef  string
+	LocalSHA  string
+	RemoteRef string
+	RemoteSHA string
+}
+
+// readPushedRefs parses git's pre-push stdin format and rewinds the reader
+// before returning so callers can reuse the buffered input.
+func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) {
+	if _, err := f.Seek(0, 0); err != nil {
+		return nil, err
+	}
+	scanner := bufio.NewScanner(f)
+	refs := make([]pushedRef, 0)
+	for scanner.Scan() {
+		fields := strings.Fields(scanner.Text())
+		if len(fields) < 4 {
+			continue
+		}
+		refs = append(refs, pushedRef{
+			LocalRef:  fields[0],
+			LocalSHA:  fields[1],
+			RemoteRef: fields[2],
+			RemoteSHA: fields[3],
+		})
+	}
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+	if _, err := f.Seek(0, 0); err != nil {
+		return nil, err
+	}
+	return refs, nil
+}
+
+func branchesFromRefs(refs []pushedRef) []string {
+	const prefix = "refs/heads/"
+	set := make(map[string]struct{})
+	for _, ref := range refs {
+		if strings.HasPrefix(ref.LocalRef, prefix) {
+			branch := strings.TrimPrefix(ref.LocalRef, prefix)
+			if branch != "" {
+				set[branch] = struct{}{}
+			}
+		}
+	}
+	branches := make([]string, 0, len(set))
+	for branch := range set {
+		branches = append(branches, branch)
+	}
+	sort.Strings(branches)
+	return branches
+}
+
+func drsDeleteRefs(refs []pushedRef) []drsdelete.RefUpdate {
+	out := make([]drsdelete.RefUpdate, 0, len(refs))
+	for _, ref := range refs {
+		out = append(out, drsdelete.RefUpdate{
+			OldSHA: strings.TrimSpace(ref.RemoteSHA),
+			NewSHA: strings.TrimSpace(ref.LocalSHA),
+		})
+	}
+	return out
+}
diff --git a/cmd/pull/main.go b/cmd/pull/main.go
index cf352d73..75e1d75d 100644
--- a/cmd/pull/main.go
+++ b/cmd/pull/main.go
@@ -3,30 +3,38 @@ package pull
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"net/url"
 	"os"
-	"os/exec"
+	"sort"
 	"strings"
 
-	"github.com/bytedance/sonic"
 	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/drsremote"
 	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/pathspec"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 	"github.com/spf13/cobra"
 )
 
-var runCommand = func(name string, args ...string) ([]byte, error) {
-	cmd := exec.Command(name, args...)
-	return cmd.CombinedOutput()
-}
+var includePatterns []string
+var dryRun bool
+
+var (
+	loadCfg         = config.LoadConfig
+	resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) { return cfg.GetRemoteOrDefault(name) }
+	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
+		return cfg.GetRemoteClient(remote, logger)
+	}
+	loadWorktreeInventory = lfs.GetWorktreeLfsFiles
+)
 
 var Cmd = &cobra.Command{
 	Use:   "pull [remote-name]",
-	Short: "Pull using the standard Git + Git LFS flow",
-	Long:  "Pull using the standard Git + Git LFS flow (git pull, git lfs pull, git lfs checkout).",
+	Short: "Download DRS pointer file content into the current checkout",
+	Long:  "Hydrate DRS/Git-LFS pointer files in the current checkout. By default this mirrors git lfs pull semantics for the worktree rather than running git pull.",
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) > 1 {
 			cmd.SilenceUsage = false
@@ -37,7 +45,7 @@ var Cmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
 
-		cfg, err := config.LoadConfig()
+		cfg, err := loadCfg()
 		if err != nil {
 			return fmt.Errorf("error loading config: %v", err)
 		}
@@ -46,55 +54,50 @@ var Cmd = &cobra.Command{
 		if len(args) > 0 {
 			remote = config.Remote(args[0])
 		} else {
-			remote, err = cfg.GetDefaultRemote()
+			remote, err = resolveRemote(cfg, "")
 			if err != nil {
 				logg.Error(fmt.Sprintf("Error getting remote: %v", err))
 				return err
 			}
 		}
 
-		drsCtx, err := cfg.GetRemoteClient(remote, logg)
+		drsCtx, err := newRemoteClient(cfg, remote, logg)
 		if err != nil {
 			logg.Error(fmt.Sprintf("error creating DRS client: %s", err))
 			return err
 		}
-		_ = drsCtx // Remote validation only.
 
-		if out, err := runCommand("git", "pull", string(remote)); err != nil {
-			msg := strings.TrimSpace(string(out))
-			if msg == "" {
-				msg = err.Error()
-			}
-			return fmt.Errorf("git pull failed for remote %q: %s", remote, msg)
+		inventory, err := loadWorktreeInventory(logg)
+		if err != nil {
+			return fmt.Errorf("failed to discover pointer files in worktree: %w", err)
 		}
-
-		var parsed struct {
-			Files []lfs.LfsFileInfo `json:"files"`
+		pointers := collectPointerFiles(inventory, includePatterns)
+		if len(pointers) == 0 {
+			logg.Debug("no matching pointer files to hydrate")
+			return nil
 		}
-		out, err := runCommand("git", "lfs", "ls-files", "--json")
-		if err != nil {
-			msg := commandMessage(out, err)
-			if !isMissingGitLFS(msg) {
-				return fmt.Errorf("git lfs ls-files failed: %s", msg)
-			}
-			lfsFiles, inventoryErr := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, logg)
-			if inventoryErr != nil {
-				return fmt.Errorf("git lfs ls-files failed: %s; fallback inventory failed: %w", msg, inventoryErr)
-			}
-			parsed.Files = make([]lfs.LfsFileInfo, 0, len(lfsFiles))
-			for _, f := range lfsFiles {
-				parsed.Files = append(parsed.Files, f)
+
+		if dryRun {
+			for _, f := range pointers {
+				if _, err := fmt.Fprintln(cmd.OutOrStdout(), f.Name); err != nil {
+					return err
+				}
 			}
-		} else if err := lfsjsonUnmarshal(out, &parsed); err != nil {
-			return fmt.Errorf("failed to parse git lfs ls-files output: %w", err)
+			return nil
 		}
 
 		ctx := context.Background()
-		missingOIDs := make([]string, 0, len(parsed.Files))
-		seenMissing := make(map[string]struct{}, len(parsed.Files))
-		for _, f := range parsed.Files {
-			if f.Downloaded {
+		missingOIDs := make([]string, 0, len(pointers))
+		seenMissing := make(map[string]struct{}, len(pointers))
+		for _, f := range pointers {
+			cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+			if err != nil {
+				return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
+			}
+			if _, err := os.Stat(cachePath); err == nil {
 				continue
+			} else if !os.IsNotExist(err) {
+				return fmt.Errorf("failed to stat cached object for %s: %w", f.Oid, err)
 			}
 			if _, seen := seenMissing[f.Oid]; seen {
 				continue
@@ -131,14 +134,16 @@ var Cmd = &cobra.Command{
 					logg.Debug(fmt.Sprintf("bulk access prefetch failed; continuing per-object: %v", err))
 				}
 			}
-			for _, f := range parsed.Files {
-				if f.Downloaded {
-					continue
-				}
+			for _, f := range pointers {
 				dstPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
 				if err != nil {
 					return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
 				}
+				if _, err := os.Stat(dstPath); err == nil {
+					continue
+				} else if !os.IsNotExist(err) {
+					return fmt.Errorf("failed to stat cache path %s: %w", dstPath, err)
+				}
 				if obj, ok := prefetched[f.Oid]; ok {
 					if accessURL, ok := prefetchedAccess[obj.Id]; ok {
 						objCopy := obj
@@ -155,16 +160,10 @@ var Cmd = &cobra.Command{
 				}
 			}
 		} else {
-			logg.Debug("no missing LFS objects to download")
+			logg.Debug("no missing pointer objects to download")
 		}
 
-		if out, err := runCommand("git", "lfs", "checkout"); err != nil {
-			msg := commandMessage(out, err)
-			if !isMissingGitLFS(msg) {
-				return fmt.Errorf("git lfs checkout failed: %s", msg)
-			}
-		}
-		if err := checkoutDownloadedFiles(parsed.Files); err != nil {
+		if err := checkoutDownloadedFiles(pointers); err != nil {
 			return err
 		}
 
@@ -172,19 +171,31 @@ var Cmd = &cobra.Command{
 	},
 }
 
-func commandMessage(out []byte, err error) string {
-	msg := strings.TrimSpace(string(out))
-	if msg == "" && err != nil {
-		msg = err.Error()
-	}
-	return msg
+type pointerFile struct {
+	Name string
+	Oid  string
+	Size int64
 }
 
-func isMissingGitLFS(msg string) bool {
-	return strings.Contains(msg, "git: 'lfs' is not a git command")
+func collectPointerFiles(inventory map[string]lfs.LfsFileInfo, patterns []string) []pointerFile {
+	keys := make([]string, 0, len(inventory))
+	for path := range inventory {
+		if !pathspec.MatchesAny(path, patterns) {
+			continue
+		}
+		keys = append(keys, path)
+	}
+	sort.Strings(keys)
+
+	files := make([]pointerFile, 0, len(keys))
+	for _, path := range keys {
+		info := inventory[path]
+		files = append(files, pointerFile{Name: path, Oid: info.Oid, Size: info.Size})
+	}
+	return files
 }
 
-func checkoutDownloadedFiles(files []lfs.LfsFileInfo) error {
+func checkoutDownloadedFiles(files []pointerFile) error {
 	for _, f := range files {
 		if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" {
 			continue
@@ -204,10 +215,6 @@ func checkoutDownloadedFiles(files []lfs.LfsFileInfo) error {
 	return nil
 }
 
-var lfsjsonUnmarshal = func(data []byte, v any) error {
-	return sonic.ConfigFastest.Unmarshal(data, v)
-}
-
 func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContext, oid string) string {
 	recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
 	if err != nil {
@@ -242,3 +249,8 @@ func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContex
 	}
 	return fmt.Sprintf("oid=%s did=%s size=%d access_methods=%s", oid, strings.TrimSpace(match.Id), match.Size, strings.Join(methods, ", "))
 }
+
+func init() {
+	Cmd.Flags().StringArrayVarP(&includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+	Cmd.Flags().BoolVar(&dryRun, "dry-run", false, "list matching pointer files without downloading them")
+}
diff --git a/cmd/pull/pull_test.go b/cmd/pull/pull_test.go
index 41c999ac..7e8e6c74 100644
--- a/cmd/pull/pull_test.go
+++ b/cmd/pull/pull_test.go
@@ -1,34 +1,81 @@
 package pull
 
 import (
+	"bytes"
+	"log/slog"
 	"testing"
 
 	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/testutils"
-	"github.com/stretchr/testify/assert"
+	"github.com/calypr/git-drs/internal/lfs"
 )
 
-func TestPullCmdArgs(t *testing.T) {
-	err := Cmd.Args(Cmd, []string{})
-	assert.NoError(t, err)
+func resetPullFlagsForTest() {
+	includePatterns = nil
+	dryRun = false
+}
 
-	err = Cmd.Args(Cmd, []string{"origin"})
-	assert.NoError(t, err)
+func TestCollectPointerFilesFiltersAndSorts(t *testing.T) {
+	resetPullFlagsForTest()
 
-	err = Cmd.Args(Cmd, []string{"origin", "extra"})
-	assert.Error(t, err)
-}
+	inventory := map[string]lfs.LfsFileInfo{
+		"data/b.bin": {Name: "data/b.bin", Oid: "bbbb", Size: 2},
+		"data/a.bin": {Name: "data/a.bin", Oid: "aaaa", Size: 1},
+		"misc/c.bin": {Name: "misc/c.bin", Oid: "cccc", Size: 3},
+	}
 
-func TestPullRun_LoadConfigError(t *testing.T) {
-	_ = testutils.SetupTestGitRepo(t)
-	err := Cmd.RunE(Cmd, []string{})
-	assert.Error(t, err)
+	files := collectPointerFiles(inventory, []string{"data/**"})
+	if len(files) != 2 {
+		t.Fatalf("expected 2 files, got %d", len(files))
+	}
+	if files[0].Name != "data/a.bin" || files[1].Name != "data/b.bin" {
+		t.Fatalf("unexpected file order: %+v", files)
+	}
 }
 
-func TestPullRun_DefaultRemoteError(t *testing.T) {
-	tmpDir := testutils.SetupTestGitRepo(t)
-	testutils.CreateTestConfig(t, tmpDir, &config.Config{})
+func TestPullDryRunListsMatchingPaths(t *testing.T) {
+	resetPullFlagsForTest()
+
+	oldLoadCfg := loadCfg
+	oldResolveRemote := resolveRemote
+	oldNewRemoteClient := newRemoteClient
+	oldInventory := loadWorktreeInventory
+	t.Cleanup(func() {
+		loadCfg = oldLoadCfg
+		resolveRemote = oldResolveRemote
+		newRemoteClient = oldNewRemoteClient
+		loadWorktreeInventory = oldInventory
+	})
+
+	loadCfg = func() (*config.Config, error) { return &config.Config{}, nil }
+	resolveRemote = func(cfg *config.Config, name string) (config.Remote, error) { return config.Remote("origin"), nil }
+	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
+		return &config.GitContext{}, nil
+	}
+	loadWorktreeInventory = func(_ *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		return map[string]lfs.LfsFileInfo{
+			"data/a.bin": {Name: "data/a.bin", Oid: "aaaa", Size: 1},
+			"misc/b.bin": {Name: "misc/b.bin", Oid: "bbbb", Size: 2},
+		}, nil
+	}
+
+	includePatterns = []string{"data/**"}
+	dryRun = true
+
+	var out bytes.Buffer
+	Cmd.SetOut(&out)
+	Cmd.SetErr(&out)
+	Cmd.SetArgs([]string{"--dry-run"})
+	t.Cleanup(func() {
+		Cmd.SetOut(nil)
+		Cmd.SetErr(nil)
+		Cmd.SetArgs(nil)
+		resetPullFlagsForTest()
+	})
 
-	err := Cmd.RunE(Cmd, []string{})
-	assert.Error(t, err)
+	if err := Cmd.RunE(Cmd, []string{}); err != nil {
+		t.Fatalf("RunE returned error: %v", err)
+	}
+	if got := out.String(); got != "data/a.bin\n" {
+		t.Fatalf("unexpected dry-run output: %q", got)
+	}
 }
diff --git a/cmd/push/main.go b/cmd/push/main.go
index 4d0445ca..2e04d189 100644
--- a/cmd/push/main.go
+++ b/cmd/push/main.go
@@ -3,10 +3,12 @@ package push
 import (
 	"context"
 	"fmt"
+	"os"
 	"os/exec"
 	"strings"
 
 	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drsdelete"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/calypr/git-drs/internal/pushsync"
@@ -20,6 +22,8 @@ var runCommand = func(name string, args ...string) ([]byte, error) {
 	return cmd.CombinedOutput()
 }
 
+var gitOutputFn = gitOutput
+
 var Cmd = &cobra.Command{
 	Use:   "push [remote-name]",
 	Short: "Upload/register DRS objects and push Git refs",
@@ -61,9 +65,19 @@ var Cmd = &cobra.Command{
 		}
 
 		ctx := context.Background()
-		if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles); err != nil {
+		deleteRefs, err := currentDeleteRefUpdates(ctx)
+		if err != nil {
+			return fmt.Errorf("failed to resolve delete reconciliation base: %w", err)
+		}
+		if _, err := drsdelete.ReconcileCommittedDeletes(ctx, drsClient, deleteRefs, myLogger); err != nil {
+			return fmt.Errorf("failed to reconcile deletes: %w", err)
+		}
+		progress := newUploadProgressRenderer(os.Stderr)
+		if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles, progress); err != nil {
+			progress.Finish()
 			return fmt.Errorf("failed batch register/upload workflow: %w", err)
 		}
+		progress.Finish()
 
 		pushArgs := []string{"push"}
 		if !pushWithHooks {
@@ -85,3 +99,27 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.Flags().BoolVar(&pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
 }
+
+func currentDeleteRefUpdates(ctx context.Context) ([]drsdelete.RefUpdate, error) {
+	head, err := gitOutputFn(ctx, "rev-parse", "HEAD")
+	if err != nil {
+		return nil, err
+	}
+	upstream, err := gitOutputFn(ctx, "rev-parse", "--verify", "@{upstream}")
+	if err != nil {
+		return nil, nil
+	}
+	return []drsdelete.RefUpdate{{
+		OldSHA: upstream,
+		NewSHA: head,
+	}}, nil
+}
+
+func gitOutput(ctx context.Context, args ...string) (string, error) {
+	cmd := exec.CommandContext(ctx, "git", args...)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
+	}
+	return strings.TrimSpace(string(out)), nil
+}
diff --git a/cmd/push/main_test.go b/cmd/push/main_test.go
new file mode 100644
index 00000000..b18b8a87
--- /dev/null
+++ b/cmd/push/main_test.go
@@ -0,0 +1,58 @@
+package push
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/drsdelete"
+)
+
+func TestCurrentDeleteRefUpdatesUsesUpstreamWhenConfigured(t *testing.T) {
+	oldFn := gitOutputFn
+	gitOutputFn = func(ctx context.Context, args ...string) (string, error) {
+		switch fmt.Sprint(args) {
+		case "[rev-parse HEAD]":
+			return "head-sha", nil
+		case "[rev-parse --verify @{upstream}]":
+			return "upstream-sha", nil
+		default:
+			t.Fatalf("unexpected git args: %v", args)
+			return "", nil
+		}
+	}
+	t.Cleanup(func() { gitOutputFn = oldFn })
+
+	got, err := currentDeleteRefUpdates(context.Background())
+	if err != nil {
+		t.Fatalf("currentDeleteRefUpdates returned error: %v", err)
+	}
+	want := []drsdelete.RefUpdate{{OldSHA: "upstream-sha", NewSHA: "head-sha"}}
+	if len(got) != len(want) || got[0] != want[0] {
+		t.Fatalf("unexpected delete refs: got %+v want %+v", got, want)
+	}
+}
+
+func TestCurrentDeleteRefUpdatesSkipsWhenUpstreamMissing(t *testing.T) {
+	oldFn := gitOutputFn
+	gitOutputFn = func(ctx context.Context, args ...string) (string, error) {
+		switch fmt.Sprint(args) {
+		case "[rev-parse HEAD]":
+			return "head-sha", nil
+		case "[rev-parse --verify @{upstream}]":
+			return "", fmt.Errorf("git rev-parse --verify @{upstream}: fatal: no upstream configured")
+		default:
+			t.Fatalf("unexpected git args: %v", args)
+			return "", nil
+		}
+	}
+	t.Cleanup(func() { gitOutputFn = oldFn })
+
+	got, err := currentDeleteRefUpdates(context.Background())
+	if err != nil {
+		t.Fatalf("currentDeleteRefUpdates returned error: %v", err)
+	}
+	if got != nil {
+		t.Fatalf("expected nil delete refs when upstream is missing, got %+v", got)
+	}
+}
diff --git a/cmd/push/progress.go b/cmd/push/progress.go
new file mode 100644
index 00000000..2c6dd6fe
--- /dev/null
+++ b/cmd/push/progress.go
@@ -0,0 +1,189 @@
+package push
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/calypr/git-drs/internal/pushsync"
+	"github.com/mattn/go-isatty"
+)
+
+const nonTTYProgressInterval = 2 * time.Second
+
+type uploadFileProgress struct {
+	path      string
+	total     int64
+	uploaded  int64
+	completed bool
+}
+
+type uploadProgressRenderer struct {
+	out          io.Writer
+	isTTY        bool
+	now          func() time.Time
+	lastRender   time.Time
+	mu           sync.Mutex
+	planned      bool
+	plan         pushsync.UploadPlanSummary
+	files        map[string]*uploadFileProgress
+	totalBytes   int64
+	doneBytes    int64
+	doneFiles    int
+	currentLabel string
+}
+
+func newUploadProgressRenderer(out io.Writer) *uploadProgressRenderer {
+	return &uploadProgressRenderer{
+		out:   out,
+		isTTY: isWriterTTY(out),
+		now:   time.Now,
+		files: make(map[string]*uploadFileProgress),
+	}
+}
+
+func isWriterTTY(w io.Writer) bool {
+	type fdWriter interface{ Fd() uintptr }
+	f, ok := w.(fdWriter)
+	if !ok {
+		return false
+	}
+	fd := f.Fd()
+	return isatty.IsTerminal(fd) || isatty.IsCygwinTerminal(fd)
+}
+
+func (r *uploadProgressRenderer) OnUploadPlan(plan pushsync.UploadPlanSummary) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.plan = plan
+	r.planned = plan.TotalFiles > 0
+	r.totalBytes = 0
+	r.doneBytes = 0
+	r.doneFiles = 0
+	r.currentLabel = ""
+	r.files = make(map[string]*uploadFileProgress, len(plan.Files))
+	for _, file := range plan.Files {
+		r.files[file.OID] = &uploadFileProgress{
+			path:  file.Path,
+			total: file.Bytes,
+		}
+		r.totalBytes += file.Bytes
+	}
+	if r.planned {
+		r.renderLocked(true)
+	}
+}
+
+func (r *uploadProgressRenderer) OnUploadProgress(ev pushsync.UploadProgressEvent) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if !r.planned {
+		return
+	}
+	file, ok := r.files[ev.OID]
+	if !ok {
+		return
+	}
+	if ev.Path != "" {
+		file.path = ev.Path
+	}
+	if ev.TotalBytes > 0 {
+		file.total = ev.TotalBytes
+	}
+	if file.total > 0 && ev.BytesSoFar > file.total {
+		ev.BytesSoFar = file.total
+	}
+	if ev.BytesSoFar > file.uploaded {
+		r.doneBytes += ev.BytesSoFar - file.uploaded
+		file.uploaded = ev.BytesSoFar
+	}
+	if ev.Path != "" {
+		r.currentLabel = ev.Path
+	} else if file.path != "" {
+		r.currentLabel = file.path
+	}
+	if ev.Phase == pushsync.UploadProgressCompleted && !file.completed {
+		file.completed = true
+		r.doneFiles++
+		if file.total > 0 && file.uploaded < file.total {
+			r.doneBytes += file.total - file.uploaded
+			file.uploaded = file.total
+		}
+	}
+	r.renderLocked(false)
+}
+
+func (r *uploadProgressRenderer) Finish() {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if !r.planned {
+		return
+	}
+	r.renderLocked(true)
+	if r.isTTY {
+		_, _ = fmt.Fprintln(r.out)
+	}
+	r.planned = false
+}
+
+func (r *uploadProgressRenderer) renderLocked(force bool) {
+	now := r.now()
+	if !force && !r.isTTY && !r.lastRender.IsZero() && now.Sub(r.lastRender) < nonTTYProgressInterval {
+		return
+	}
+	r.lastRender = now
+	totalBytes := r.totalBytes
+	doneBytes := r.doneBytes
+	doneFiles := r.doneFiles
+	totalFiles := r.plan.TotalFiles
+	percent := 0.0
+	if totalBytes > 0 {
+		percent = (float64(doneBytes) / float64(totalBytes)) * 100
+	}
+	current := r.currentLabel
+	if current == "" {
+		current = "preparing uploads"
+	}
+
+	if r.isTTY {
+		barWidth := 28
+		filled := 0
+		if totalBytes > 0 {
+			filled = int((float64(doneBytes) / float64(totalBytes)) * float64(barWidth))
+		}
+		if filled > barWidth {
+			filled = barWidth
+		}
+		bar := strings.Repeat("=", filled) + strings.Repeat(" ", barWidth-filled)
+		line := fmt.Sprintf("\rUploading %d/%d files [%s] %5.1f%% %s/%s current: %s",
+			doneFiles, totalFiles, bar, percent, humanBytes(doneBytes), humanBytes(totalBytes), trimProgressLabel(current, 48))
+		_, _ = fmt.Fprint(r.out, line)
+		return
+	}
+
+	line := fmt.Sprintf("Uploading %d/%d files (%.1f%%) %s/%s current=%s\n",
+		doneFiles, totalFiles, percent, humanBytes(doneBytes), humanBytes(totalBytes), current)
+	_, _ = fmt.Fprint(r.out, line)
+}
+
+func trimProgressLabel(s string, max int) string {
+	if max <= 3 || len(s) <= max {
+		return s
+	}
+	return "..." + s[len(s)-(max-3):]
+}
+
+func humanBytes(n int64) string {
+	const unit = 1024
+	if n < unit {
+		return fmt.Sprintf("%d B", n)
+	}
+	div, exp := int64(unit), 0
+	for v := n / unit; v >= unit; v /= unit {
+		div *= unit
+		exp++
+	}
+	return fmt.Sprintf("%.1f %ciB", float64(n)/float64(div), "KMGTPE"[exp])
+}
diff --git a/cmd/push/progress_test.go b/cmd/push/progress_test.go
new file mode 100644
index 00000000..a740822c
--- /dev/null
+++ b/cmd/push/progress_test.go
@@ -0,0 +1,73 @@
+package push
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/calypr/git-drs/internal/pushsync"
+)
+
+func TestUploadProgressRendererTTY(t *testing.T) {
+	var out bytes.Buffer
+	r := newUploadProgressRenderer(&out)
+	r.isTTY = true
+
+	r.OnUploadPlan(pushsync.UploadPlanSummary{
+		Files: []pushsync.UploadPlanFile{
+			{OID: "oid-1", Path: "a.bin", Bytes: 100},
+			{OID: "oid-2", Path: "b.bin", Bytes: 100},
+		},
+		TotalFiles: 2,
+		TotalBytes: 200,
+	})
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 50, BytesSinceLast: 50, TotalBytes: 100, Phase: pushsync.UploadProgressUploading})
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted})
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-2", Path: "b.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted})
+	r.Finish()
+
+	got := out.String()
+	if !strings.Contains(got, "Uploading 2/2 files") {
+		t.Fatalf("expected final tty summary, got %q", got)
+	}
+	if !strings.Contains(got, "100.0%") {
+		t.Fatalf("expected 100%% completion, got %q", got)
+	}
+	if !strings.HasSuffix(got, "\n") {
+		t.Fatalf("expected trailing newline, got %q", got)
+	}
+}
+
+func TestUploadProgressRendererNonTTYThrottles(t *testing.T) {
+	var out bytes.Buffer
+	r := newUploadProgressRenderer(&out)
+	r.isTTY = false
+	now := time.Unix(0, 0)
+	r.now = func() time.Time { return now }
+
+	r.OnUploadPlan(pushsync.UploadPlanSummary{
+		Files:      []pushsync.UploadPlanFile{{OID: "oid-1", Path: "a.bin", Bytes: 100}},
+		TotalFiles: 1,
+		TotalBytes: 100,
+	})
+	first := out.String()
+	if first == "" {
+		t.Fatal("expected initial non-tty progress line")
+	}
+
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 10, BytesSinceLast: 10, TotalBytes: 100, Phase: pushsync.UploadProgressUploading})
+	if out.String() != first {
+		t.Fatalf("expected throttled output to remain unchanged, got %q", out.String())
+	}
+
+	now = now.Add(3 * time.Second)
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted})
+	got := out.String()
+	if strings.Count(got, "\n") < 2 {
+		t.Fatalf("expected throttled summary updates, got %q", got)
+	}
+	if !strings.Contains(got, "Uploading 1/1 files") {
+		t.Fatalf("expected non-tty progress summary, got %q", got)
+	}
+}
diff --git a/cmd/remote/add/add_test.go b/cmd/remote/add/add_test.go
index 2923b5d8..e71c3745 100644
--- a/cmd/remote/add/add_test.go
+++ b/cmd/remote/add/add_test.go
@@ -1,8 +1,13 @@
 package add
 
 import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
 	"testing"
 
+	bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -12,5 +17,89 @@ func TestAddCmd(t *testing.T) {
 }
 
 func TestGen3Cmd(t *testing.T) {
-	assert.Equal(t, "gen3 [remote-name]", Gen3Cmd.Use)
+	assert.Equal(t, "gen3 [remote-name] <organization/project>", Gen3Cmd.Use)
+}
+
+func TestParseScopeArg(t *testing.T) {
+	t.Run("splits org and project on slash", func(t *testing.T) {
+		org, project, err := parseScopeArg("HTAN_INT/BForePC")
+		if err != nil {
+			t.Fatalf("parseScopeArg returned error: %v", err)
+		}
+		if org != "HTAN_INT" || project != "BForePC" {
+			t.Fatalf("unexpected scope parse result: %q/%q", org, project)
+		}
+	})
+
+	t.Run("rejects legacy single token input", func(t *testing.T) {
+		_, _, err := parseScopeArg("BForePC")
+		if err == nil {
+			t.Fatal("expected invalid scope error")
+		}
+	})
+
+	t.Run("rejects empty org or project", func(t *testing.T) {
+		for _, raw := range []string{"/BForePC", "HTAN_INT/", "HTAN_INT//BForePC"} {
+			_, _, err := parseScopeArg(raw)
+			if err == nil {
+				t.Fatalf("expected invalid scope error for %q", raw)
+			}
+		}
+	})
+}
+
+func TestResolveBucketScopeFromServer(t *testing.T) {
+	t.Run("matches project resource", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path != "/data/buckets" {
+				t.Fatalf("unexpected path: %s", r.URL.Path)
+			}
+			if got := r.Header.Get("Authorization"); got != "Bearer test-token" {
+				t.Fatalf("unexpected auth header: %q", got)
+			}
+			_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/HTAN_INT/project/BForePC"]}}}`))
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "HTAN_INT", "BForePC")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
+
+	t.Run("falls back to org resource", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/HTAN_INT"]}}}`))
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "HTAN_INT", "BForePC")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
+
+	t.Run("no match", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			resp := bucketapi.BucketsResponse{S3BUCKETS: map[string]bucketapi.BucketMetadata{
+				"cbds": {},
+			}}
+			w.Header().Set("Content-Type", "application/json")
+			if err := json.NewEncoder(w).Encode(resp); err != nil {
+				t.Fatalf("encode response: %v", err)
+			}
+		}))
+		defer srv.Close()
+
+		_, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "HTAN_INT", "BForePC")
+		if err == nil {
+			t.Fatal("expected error when no matching bucket is visible")
+		}
+	})
 }
diff --git a/cmd/remote/add/gen3.go b/cmd/remote/add/gen3.go
index 33151ebc..2028bfa3 100644
--- a/cmd/remote/add/gen3.go
+++ b/cmd/remote/add/gen3.go
@@ -2,42 +2,46 @@ package add
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"log/slog"
+	"net/http"
 	"strings"
 
 	"github.com/calypr/data-client/credentials"
+	"github.com/calypr/git-drs/cmd/initialize"
 	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
+	bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
 	conf "github.com/calypr/syfon/client/config"
+	syfoncommon "github.com/calypr/syfon/common"
 	"github.com/spf13/cobra"
 )
 
 var Gen3Cmd = &cobra.Command{
-	Use: "gen3 [remote-name]",
+	Use: "gen3 [remote-name] <organization/project>",
 	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 1 {
+		if len(args) < 1 || len(args) > 2 {
 			cmd.SilenceUsage = false
-			return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
+			return fmt.Errorf("error: expected [remote-name] <organization/project>, received %d arguments\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
 		}
 		return nil
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
 
-		// make sure at least one of the credentials params is provided
-		if credFile == "" && fenceToken == "" && len(args) == 0 {
-			return fmt.Errorf("error: Gen3 requires a credentials file or accessToken to setup project locally. Please provide either a --cred or --token flag. See 'git drs remote add gen3 --help' for more details")
-		}
-
 		remoteName := config.ORIGIN
-		if len(args) > 0 {
+		scopeArg := ""
+		if len(args) == 1 {
+			scopeArg = args[0]
+		} else {
 			remoteName = args[0]
+			scopeArg = args[1]
 		}
 
-		err := gen3Init(remoteName, credFile, fenceToken, project, organization, bucket, logg)
+		err := gen3Init(remoteName, credFile, fenceToken, scopeArg, logg)
 		if err != nil {
 			return fmt.Errorf("error configuring gen3 server: %v", err)
 		}
@@ -45,31 +49,16 @@ var Gen3Cmd = &cobra.Command{
 	},
 }
 
-func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket string, logg *slog.Logger) error {
+func gen3Init(remoteName, credFile, fenceToken, scopeArg string, logg *slog.Logger) error {
 	if remoteName == "" {
 		return fmt.Errorf("remote name is required")
 	}
-	if project == "" {
-		return fmt.Errorf("project is required for Gen3 remote")
+	if err := initialize.EnsureInitialized(logg); err != nil {
+		return fmt.Errorf("failed to initialize repository: %w", err)
 	}
-
-	resolvedBucket := strings.TrimSpace(bucket)
-	resolvedStoragePrefix := ""
-	if strings.TrimSpace(organization) != "" {
-		scope, err := gitrepo.ResolveBucketScope(organization, project, resolvedBucket, "")
-		if err != nil {
-			return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
-		}
-		resolvedBucket = strings.TrimSpace(scope.Bucket)
-		resolvedStoragePrefix = strings.TrimSpace(scope.Prefix)
-	}
-	if resolvedBucket == "" {
-		if strings.TrimSpace(organization) == "" {
-			return fmt.Errorf("bucket is required when organization is empty")
-		}
-		if strings.TrimSpace(resolvedBucket) == "" {
-			return fmt.Errorf("bucket is required (or configure mapping first with `git drs bucket add-project --organization %s --project %s --path <scheme>://<bucket>/<prefix>`)", organization, project)
-		}
+	organization, project, err := parseScopeArg(scopeArg)
+	if err != nil {
+		return err
 	}
 
 	var accessToken, apiKey, keyID, apiEndpoint string
@@ -113,6 +102,33 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 		return fmt.Errorf("could not determine Gen3 API endpoint")
 	}
 
+	cred := &conf.Credential{
+		Profile:            remoteName,
+		APIEndpoint:        apiEndpoint,
+		APIKey:             apiKey,
+		KeyID:              keyID,
+		AccessToken:        accessToken, // may be stale
+		UseShepherd:        "false",
+		MinShepherdVersion: "",
+	}
+
+	if err := credentials.EnsureValidCredential(context.Background(), cred, logg); err != nil {
+		return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", config.WrapCredentialValidationError(remoteName, err))
+	}
+
+	scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+	if err != nil {
+		scope, err = resolveBucketScopeFromServer(context.Background(), apiEndpoint, strings.TrimSpace(cred.AccessToken), organization, project)
+		if err != nil {
+			return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
+		}
+	}
+	resolvedBucket := strings.TrimSpace(scope.Bucket)
+	resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+	if resolvedBucket == "" {
+		return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
+	}
+
 	remoteGen3 := config.RemoteSelect{
 		Gen3: &config.Gen3Remote{
 			Endpoint:      apiEndpoint,
@@ -129,21 +145,6 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 	}
 	logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
 
-	// Step 3: Ensure credential profile is up-to-date (refreshes token if needed)
-	cred := &conf.Credential{
-		Profile:            remoteName,
-		APIEndpoint:        apiEndpoint,
-		APIKey:             apiKey,
-		KeyID:              keyID,
-		AccessToken:        accessToken, // may be stale
-		UseShepherd:        "false",     // or preserve from existing?
-		MinShepherdVersion: "",
-	}
-
-	if err := credentials.EnsureValidCredential(context.Background(), cred, logg); err != nil {
-		return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", err)
-	}
-
 	if err := configure.Save(cred); err != nil {
 		return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
 	}
@@ -163,3 +164,95 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 	logg.Debug(fmt.Sprintf("Gen3 profile '%s' configured and token refreshed successfully", remoteName))
 	return nil
 }
+
+func parseScopeArg(raw string) (string, string, error) {
+	raw = strings.TrimSpace(raw)
+	if raw == "" {
+		return "", "", fmt.Errorf("organization/project scope is required")
+	}
+
+	parts := strings.Split(raw, "/")
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	organization := strings.TrimSpace(parts[0])
+	project := strings.TrimSpace(parts[1])
+	if organization == "" || project == "" {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	return organization, project, nil
+}
+
+func resolveBucketScopeFromServer(ctx context.Context, endpoint, token, organization, project string) (gitrepo.ResolvedBucketScope, error) {
+	if strings.TrimSpace(endpoint) == "" {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
+	}
+	if strings.TrimSpace(token) == "" {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing access token for server bucket lookup")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(token))
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
+	}
+
+	var payload bucketapi.BucketsResponse
+	if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
+	}
+
+	projectResource, err := syfoncommon.ResourcePath(organization, project)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, err
+	}
+	orgResource, err := syfoncommon.ResourcePath(organization, "")
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, err
+	}
+
+	if bucket, ok := findBucketByResource(payload, projectResource); ok {
+		return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
+	}
+	if bucket, ok := findBucketByResource(payload, orgResource); ok {
+		return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
+	}
+
+	return gitrepo.ResolvedBucketScope{}, fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)
+}
+
+func findBucketByResource(payload bucketapi.BucketsResponse, resource string) (string, bool) {
+	resource = syfoncommon.NormalizeAccessResource(resource)
+	if resource == "" {
+		return "", false
+	}
+	var match string
+	for bucket, meta := range payload.S3BUCKETS {
+		if meta.Programs == nil {
+			continue
+		}
+		for _, candidate := range *meta.Programs {
+			if syfoncommon.NormalizeAccessResource(candidate) != resource {
+				continue
+			}
+			if match != "" && match != bucket {
+				return "", false
+			}
+			match = bucket
+			break
+		}
+	}
+	if match == "" {
+		return "", false
+	}
+	return match, true
+}
diff --git a/cmd/remote/add/init.go b/cmd/remote/add/init.go
index 55f848f2..e156d376 100644
--- a/cmd/remote/add/init.go
+++ b/cmd/remote/add/init.go
@@ -3,14 +3,10 @@ package add
 import "github.com/spf13/cobra"
 
 var (
-	apiEndpoint   string
-	bucket        string
 	credFile      string
 	fenceToken    string
 	localPassword string
 	localUsername string
-	project       string
-	organization  string
 )
 
 // Cmd line declaration
@@ -20,17 +16,10 @@ var Cmd = &cobra.Command{
 }
 
 func init() {
-	Gen3Cmd.Flags().StringVar(&apiEndpoint, "url", "", "[gen3] Specify the API endpoint of the data commons")
-	Gen3Cmd.Flags().StringVar(&bucket, "bucket", "", "[gen3] Specify the bucket name")
-	Gen3Cmd.Flags().StringVar(&credFile, "cred", "", "[gen3] Specify the gen3 credential file that you want to use")
-	Gen3Cmd.Flags().StringVar(&fenceToken, "token", "", "[gen3] Specify the token to be used as a replacement for a credential file for temporary access")
-	Gen3Cmd.Flags().StringVar(&project, "project", "", "[gen3] Specify the gen3 project ID in the format <program>-<project>")
-	Gen3Cmd.Flags().StringVar(&organization, "organization", "", "[gen3] Optional organization/program scope (use with --project as project id)")
+	Gen3Cmd.Flags().StringVar(&credFile, "cred", "", "[gen3] Import a Gen3 credential file into this profile")
+	Gen3Cmd.Flags().StringVar(&fenceToken, "token", "", "[gen3] Use a temporary bearer token issued from fence")
 
 	Cmd.AddCommand(Gen3Cmd)
-	LocalCmd.Flags().StringVarP(&project, "project", "p", "", "Project ID")
-	LocalCmd.Flags().StringVar(&bucket, "bucket", "", "Bucket Name")
-	LocalCmd.Flags().StringVar(&organization, "organization", "", "Organization Name")
 	LocalCmd.Flags().StringVar(&localUsername, "username", "", "Username for local DRS HTTP basic auth")
 	LocalCmd.Flags().StringVar(&localPassword, "password", "", "Password for local DRS HTTP basic auth")
 	Cmd.AddCommand(LocalCmd)
diff --git a/cmd/remote/add/local.go b/cmd/remote/add/local.go
index c0d61b29..8a572d9d 100644
--- a/cmd/remote/add/local.go
+++ b/cmd/remote/add/local.go
@@ -1,33 +1,61 @@
 package add
 
 import (
+	"context"
+	"encoding/json"
 	"fmt"
+	"net/http"
 	"strings"
 
+	"github.com/calypr/git-drs/cmd/initialize"
 	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
+	bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+	syfoncommon "github.com/calypr/syfon/common"
 	"github.com/spf13/cobra"
 )
 
 var LocalCmd = &cobra.Command{
-	Use:   "local <remote-name> <url>",
+	Use:   "local <remote-name> <url> <organization/project>",
 	Short: "Add a local DRS server",
-	Long:  "Add a local DRS server by specifying its base URL, e.g., http://localhost:8000. Optional --username/--password configures basic auth for git-lfs and helper flows.",
-	Args:  cobra.ExactArgs(2),
+	Long:  "Add a local DRS server by specifying its base URL and scope. Optional --username/--password configures basic auth for helper flows.",
+	Args:  cobra.ExactArgs(3),
 	RunE: func(cmd *cobra.Command, args []string) error {
 		remoteName := args[0]
 		url := args[1]
+		scopeArg := args[2]
 
+		if err := initialize.EnsureInitialized(drslog.GetLogger()); err != nil {
+			return fmt.Errorf("failed to initialize repository: %w", err)
+		}
 		if url == "" {
 			return fmt.Errorf("URL cannot be empty")
 		}
+		organization, project, err := parseScopeArg(scopeArg)
+		if err != nil {
+			return err
+		}
+		scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+		if err != nil {
+			scope, err = resolveBucketScopeFromLocalServer(context.Background(), url, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword), organization, project)
+			if err != nil {
+				return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
+			}
+		}
+		resolvedBucket := strings.TrimSpace(scope.Bucket)
+		resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+		if resolvedBucket == "" {
+			return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
+		}
 
 		remoteSelect := config.RemoteSelect{
 			Local: &config.LocalRemote{
-				BaseURL:      url,
-				ProjectID:    project,
-				Bucket:       bucket,
-				Organization: organization,
+				BaseURL:       url,
+				ProjectID:     project,
+				Bucket:        resolvedBucket,
+				Organization:  organization,
+				StoragePrefix: resolvedStoragePrefix,
 			},
 		}
 
@@ -54,3 +82,49 @@ var LocalCmd = &cobra.Command{
 		return nil
 	},
 }
+
+func resolveBucketScopeFromLocalServer(ctx context.Context, endpoint, username, password, organization, project string) (gitrepo.ResolvedBucketScope, error) {
+	if strings.TrimSpace(endpoint) == "" {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
+	}
+	if username != "" || password != "" {
+		req.SetBasicAuth(username, password)
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
+	}
+
+	var payload bucketapi.BucketsResponse
+	if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
+	}
+
+	projectResource, err := syfoncommon.ResourcePath(organization, project)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, err
+	}
+	orgResource, err := syfoncommon.ResourcePath(organization, "")
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, err
+	}
+
+	if bucket, ok := findBucketByResource(payload, projectResource); ok {
+		return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
+	}
+	if bucket, ok := findBucketByResource(payload, orgResource); ok {
+		return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
+	}
+
+	return gitrepo.ResolvedBucketScope{}, fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)
+}
diff --git a/cmd/remote/add/local_test.go b/cmd/remote/add/local_test.go
index 80e908a6..67ba39e1 100644
--- a/cmd/remote/add/local_test.go
+++ b/cmd/remote/add/local_test.go
@@ -1,14 +1,87 @@
 package add
 
 import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
 	"testing"
 
+	"github.com/calypr/git-drs/internal/common"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/testutils"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestAddLocalRemote(t *testing.T) {
 	assert.NotNil(t, LocalCmd)
-	assert.Equal(t, "local <remote-name> <url>", LocalCmd.Use)
+	assert.Equal(t, "local <remote-name> <url> <organization/project>", LocalCmd.Use)
 	assert.NotNil(t, LocalCmd.Flag("username"))
 	assert.NotNil(t, LocalCmd.Flag("password"))
+	assert.Nil(t, LocalCmd.Flag("organization"))
+	assert.Nil(t, LocalCmd.Flag("project"))
+	assert.Nil(t, LocalCmd.Flag("bucket"))
+}
+
+func TestResolveBucketScopeFromLocalServer(t *testing.T) {
+	t.Run("matches project resource", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path != "/data/buckets" {
+				t.Fatalf("unexpected path: %s", r.URL.Path)
+			}
+			user, pass, ok := r.BasicAuth()
+			if !ok || user != "drs-user" || pass != "drs-pass" {
+				t.Fatalf("unexpected basic auth: ok=%v user=%q pass=%q", ok, user, pass)
+			}
+			_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/calypr/project/end_to_end_test"]}}}`))
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromLocalServer(context.Background(), srv.URL, "drs-user", "drs-pass", "calypr", "end_to_end_test")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromLocalServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
+}
+
+func TestLocalRemoteAddEnsuresInitialization(t *testing.T) {
+	testutils.SetupTestGitRepo(t)
+	localUsername = ""
+	localPassword = ""
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/data/buckets" {
+			t.Fatalf("unexpected path: %s", r.URL.Path)
+		}
+		_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/calypr/project/end_to_end_test"]}}}`))
+	}))
+	defer srv.Close()
+
+	if err := LocalCmd.RunE(LocalCmd, []string{"origin", srv.URL, "calypr/end_to_end_test"}); err != nil {
+		t.Fatalf("LocalCmd.RunE returned error: %v", err)
+	}
+
+	if _, err := os.Stat(common.DRS_DIR); err != nil {
+		t.Fatalf("expected %s to exist: %v", common.DRS_DIR, err)
+	}
+
+	filterProcess, err := gitrepo.GetGitConfigString("filter.drs.process")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.process): %v", err)
+	}
+	if filterProcess != "git-drs filter" {
+		t.Fatalf("unexpected filter.drs.process: %q", filterProcess)
+	}
+
+	preCommit, err := os.ReadFile(filepath.Join(".git", "hooks", "pre-commit"))
+	if err != nil {
+		t.Fatalf("read pre-commit hook: %v", err)
+	}
+	if string(preCommit) == "" {
+		t.Fatalf("expected pre-commit hook to be installed")
+	}
 }
diff --git a/cmd/remote/list.go b/cmd/remote/list.go
index 8723bc97..86a231c5 100644
--- a/cmd/remote/list.go
+++ b/cmd/remote/list.go
@@ -3,11 +3,21 @@ package remote
 import (
 	"fmt"
 
+	"github.com/calypr/data-client/credentials"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
+	syconf "github.com/calypr/syfon/client/config"
 	"github.com/spf13/cobra"
 )
 
+var (
+	loadConfig            = config.LoadConfig
+	loadProfileCredential = func(profile string) (*syconf.Credential, error) {
+		return syconf.NewConfigure(drslog.GetLogger()).Load(profile)
+	}
+	ensureValidCredential = credentials.EnsureValidCredential
+)
+
 var ListCmd = &cobra.Command{
 	Use:   "list",
 	Short: "List DRS repos",
@@ -20,7 +30,7 @@ var ListCmd = &cobra.Command{
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
-		cfg, err := config.LoadConfig()
+		cfg, err := loadConfig()
 		if err != nil {
 			logg.Debug(fmt.Sprintf("Error loading config: %s", err))
 			return err
@@ -53,6 +63,16 @@ var ListCmd = &cobra.Command{
 			}
 
 			fmt.Printf("%s %-10s %-8s %s\n", marker, name, remoteType, endpoint)
+			if remoteSelect.Gen3 != nil {
+				cred, err := loadProfileCredential(string(name))
+				if err != nil {
+					logg.Warn(fmt.Sprintf("remote %s credential check skipped: %v", name, err))
+					continue
+				}
+				if err := ensureValidCredential(cmd.Context(), cred, logg); err != nil {
+					logg.Warn(config.WrapCredentialValidationError(string(name), err).Error())
+				}
+			}
 		}
 		return nil
 	},
diff --git a/cmd/remote/remote_test.go b/cmd/remote/remote_test.go
index b03b3121..c1d33aab 100644
--- a/cmd/remote/remote_test.go
+++ b/cmd/remote/remote_test.go
@@ -1,9 +1,14 @@
 package remote
 
 import (
+	"context"
+	"log/slog"
+	"os/exec"
 	"testing"
 
+	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/testutils"
+	syconf "github.com/calypr/syfon/client/config"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -21,6 +26,22 @@ func TestRemoteListRun(t *testing.T) {
 	tmpDir := testutils.SetupTestGitRepo(t)
 	testutils.CreateDefaultTestConfig(t, tmpDir)
 
+	oldLoadProfileCredential := loadProfileCredential
+	oldEnsureValidCredential := ensureValidCredential
+	t.Cleanup(func() {
+		loadProfileCredential = oldLoadProfileCredential
+		ensureValidCredential = oldEnsureValidCredential
+	})
+
+	loadProfileCredential = func(profile string) (*syconf.Credential, error) {
+		return &syconf.Credential{Profile: profile, AccessToken: "token", APIEndpoint: "https://example.test"}, nil
+	}
+	called := false
+	ensureValidCredential = func(ctx context.Context, cred *syconf.Credential, _ *slog.Logger) error {
+		called = true
+		return nil
+	}
+
 	// Capture stdout
 	output := testutils.CaptureStdout(t, func() {
 		err := ListCmd.RunE(ListCmd, []string{})
@@ -29,6 +50,7 @@ func TestRemoteListRun(t *testing.T) {
 
 	assert.Contains(t, output, "origin")
 	assert.Contains(t, output, "gen3")
+	assert.True(t, called, "expected remote list to validate the configured credential")
 }
 
 func TestRemoteSetArgs(t *testing.T) {
@@ -44,3 +66,89 @@ func TestRemoteSetArgs(t *testing.T) {
 	err = SetCmd.Args(SetCmd, []string{"origin", "extra"})
 	assert.Error(t, err)
 }
+
+func TestRemoteRemoveArgs(t *testing.T) {
+	err := RemoveCmd.Args(RemoveCmd, []string{"origin"})
+	assert.NoError(t, err)
+
+	err = RemoveCmd.Args(RemoveCmd, []string{})
+	assert.Error(t, err)
+
+	err = RemoveCmd.Args(RemoveCmd, []string{"origin", "extra"})
+	assert.Error(t, err)
+}
+
+func TestRemoteRemoveRunReassignsDefaultAndCleansKeys(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: "origin",
+		Remotes: map[config.Remote]config.RemoteSelect{
+			"origin": {
+				Gen3: &config.Gen3Remote{
+					Endpoint:  "https://origin.example",
+					ProjectID: "origin-proj",
+					Bucket:    "origin-bucket",
+				},
+			},
+			"backup": {
+				Gen3: &config.Gen3Remote{
+					Endpoint:  "https://backup.example",
+					ProjectID: "backup-proj",
+					Bucket:    "backup-bucket",
+				},
+			},
+		},
+	})
+
+	for _, args := range [][]string{
+		{"config", "drs.remote.origin.token", "token"},
+		{"config", "drs.remote.origin.username", "alice"},
+		{"config", "drs.remote.origin.password", "secret"},
+		{"config", "remote.origin.lfsurl", "https://origin.example/info/lfs"},
+	} {
+		cmd := exec.Command("git", args...)
+		cmd.Dir = tmpDir
+		err := cmd.Run()
+		assert.NoError(t, err)
+	}
+
+	err := RemoveCmd.RunE(RemoveCmd, []string{"origin"})
+	assert.NoError(t, err)
+
+	cfg, err := config.LoadConfig()
+	assert.NoError(t, err)
+	assert.NotContains(t, cfg.Remotes, config.Remote("origin"))
+	assert.Equal(t, config.Remote("backup"), cfg.DefaultRemote)
+
+	for _, key := range []string{
+		"drs.remote.origin.type",
+		"drs.remote.origin.endpoint",
+		"drs.remote.origin.project",
+		"drs.remote.origin.bucket",
+		"drs.remote.origin.token",
+		"drs.remote.origin.username",
+		"drs.remote.origin.password",
+		"remote.origin.lfsurl",
+	} {
+		val, err := exec.Command("git", "config", "--get", key).CombinedOutput()
+		assert.Empty(t, string(val))
+		assert.Error(t, err)
+	}
+}
+
+func TestRemoteRemoveRunClearsDefaultWhenLastRemoteRemoved(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateDefaultTestConfig(t, tmpDir)
+
+	err := RemoveCmd.RunE(RemoveCmd, []string{"origin"})
+	assert.NoError(t, err)
+
+	cfg, err := config.LoadConfig()
+	assert.NoError(t, err)
+	assert.Empty(t, cfg.Remotes)
+	assert.Equal(t, config.Remote(""), cfg.DefaultRemote)
+
+	val, err := exec.Command("git", "config", "--get", "drs.default-remote").CombinedOutput()
+	assert.Empty(t, string(val))
+	assert.Error(t, err)
+}
diff --git a/cmd/remote/remove.go b/cmd/remote/remove.go
new file mode 100644
index 00000000..a5f5dbdc
--- /dev/null
+++ b/cmd/remote/remove.go
@@ -0,0 +1,59 @@
+package remote
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/spf13/cobra"
+)
+
+var RemoveCmd = &cobra.Command{
+	Use:     "remove <remote-name>",
+	Aliases: []string{"rm"},
+	Short:   "Remove a DRS remote",
+	Long:    "Remove a configured DRS remote and repair the default remote if needed.",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) != 1 {
+			cmd.SilenceUsage = false
+			return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote remove --help' for more details", len(args), cmd.UseLine())
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		remoteName := config.Remote(args[0])
+		logger := drslog.GetLogger()
+
+		cfg, err := config.LoadConfig()
+		if err != nil {
+			return fmt.Errorf("failed to load config: %w", err)
+		}
+
+		if _, ok := cfg.Remotes[remoteName]; !ok {
+			availableRemotes := make([]string, 0, len(cfg.Remotes))
+			for name := range cfg.Remotes {
+				availableRemotes = append(availableRemotes, string(name))
+			}
+			sort.Strings(availableRemotes)
+			return fmt.Errorf(
+				"remote '%s' not found.\nAvailable remotes: %v",
+				remoteName,
+				availableRemotes,
+			)
+		}
+
+		updated, err := config.RemoveRemote(remoteName)
+		if err != nil {
+			return fmt.Errorf("failed to remove remote: %w", err)
+		}
+
+		if updated.DefaultRemote == "" {
+			logger.Debug(fmt.Sprintf("Removed remote %s; no default remote remains", remoteName))
+			return nil
+		}
+
+		logger.Debug(fmt.Sprintf("Removed remote %s; default remote is now %s", remoteName, updated.DefaultRemote))
+		return nil
+	},
+}
diff --git a/cmd/remote/root.go b/cmd/remote/root.go
index 7d865720..45a1963d 100644
--- a/cmd/remote/root.go
+++ b/cmd/remote/root.go
@@ -14,5 +14,6 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.AddCommand(add.Cmd)
 	Cmd.AddCommand(ListCmd)
+	Cmd.AddCommand(RemoveCmd)
 	Cmd.AddCommand(SetCmd)
 }
diff --git a/cmd/rm/main.go b/cmd/rm/main.go
new file mode 100644
index 00000000..a58124d1
--- /dev/null
+++ b/cmd/rm/main.go
@@ -0,0 +1,58 @@
+package rm
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/spf13/cobra"
+)
+
+var runCommand = func(name string, args ...string) error {
+	cmd := exec.Command(name, args...)
+	return cmd.Run()
+}
+
+var Cmd = &cobra.Command{
+	Use:   "rm <path>...",
+	Short: "Remove tracked git-drs files",
+	Args:  cobra.MinimumNArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return run(cmd.Context(), args)
+	},
+}
+
+func run(ctx context.Context, args []string) error {
+	tracked, err := lfs.GetTrackedLfsFiles(drslog.GetLogger())
+	if err != nil {
+		return err
+	}
+
+	type removal struct {
+		path string
+		oid  string
+	}
+	planned := make([]removal, 0, len(args))
+	for _, raw := range args {
+		path := filepath.ToSlash(filepath.Clean(raw))
+		info, ok := tracked[path]
+		if !ok || strings.TrimSpace(info.Oid) == "" {
+			return fmt.Errorf("%s is not a tracked git-drs/LFS file", raw)
+		}
+		planned = append(planned, removal{path: path, oid: "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")})
+	}
+
+	gitArgs := []string{"rm", "--"}
+	for _, item := range planned {
+		gitArgs = append(gitArgs, item.path)
+	}
+	if err := runCommand("git", gitArgs...); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/cmd/rm/main_test.go b/cmd/rm/main_test.go
new file mode 100644
index 00000000..16c51f28
--- /dev/null
+++ b/cmd/rm/main_test.go
@@ -0,0 +1,54 @@
+package rm
+
+import (
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+)
+
+func TestRunRemovesTrackedFile(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmd(t, repo, "init")
+	runGitCmd(t, repo, "config", "user.email", "test@example.com")
+	runGitCmd(t, repo, "config", "user.name", "Test User")
+	runGitCmd(t, repo, "config", "filter.drs.clean", "cat")
+	runGitCmd(t, repo, "config", "filter.drs.smudge", "cat")
+	runGitCmd(t, repo, "config", "filter.drs.process", "cat")
+	runGitCmd(t, repo, "config", "filter.drs.required", "false")
+
+	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), []byte("*.dat filter=drs diff=drs merge=drs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+	path := filepath.Join(repo, "data.dat")
+	if err := os.WriteFile(path, []byte("version https://git-lfs.github.com/spec/v1\noid sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\nsize 12\n"), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+	runGitCmd(t, repo, "add", ".")
+	runGitCmd(t, repo, "commit", "-m", "add pointer")
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	if err := run(context.Background(), []string{"data.dat"}); err != nil {
+		t.Fatalf("run returned error: %v", err)
+	}
+
+	if _, err := os.Stat(path); !os.IsNotExist(err) {
+		t.Fatalf("expected file removed from worktree, stat err=%v", err)
+	}
+}
+
+func runGitCmd(t *testing.T, dir string, args ...string) {
+	t.Helper()
+	cmd := exec.Command("git", args...)
+	cmd.Dir = dir
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("git %v failed: %v\n%s", args, err, string(out))
+	}
+}
diff --git a/cmd/root.go b/cmd/root.go
index ddfc95ac..4365f5c3 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -5,28 +5,24 @@ import (
 	"github.com/calypr/git-drs/cmd/addurl"
 	"github.com/calypr/git-drs/cmd/bucket"
 	"github.com/calypr/git-drs/cmd/clean"
+	"github.com/calypr/git-drs/cmd/copyrecords"
 	deleteCmd "github.com/calypr/git-drs/cmd/delete"
 	"github.com/calypr/git-drs/cmd/deleteproject"
-
-	"github.com/calypr/git-drs/cmd/download"
-	"github.com/calypr/git-drs/cmd/fetch"
 	"github.com/calypr/git-drs/cmd/filter"
 	"github.com/calypr/git-drs/cmd/initialize"
 	"github.com/calypr/git-drs/cmd/install"
-
-	"github.com/calypr/git-drs/cmd/list"
 	"github.com/calypr/git-drs/cmd/lsfiles"
+	"github.com/calypr/git-drs/cmd/ping"
 	"github.com/calypr/git-drs/cmd/precommit"
 	"github.com/calypr/git-drs/cmd/prepush"
 	"github.com/calypr/git-drs/cmd/pull"
 	"github.com/calypr/git-drs/cmd/push"
 	"github.com/calypr/git-drs/cmd/query"
 	"github.com/calypr/git-drs/cmd/remote"
+	"github.com/calypr/git-drs/cmd/rm"
 	"github.com/calypr/git-drs/cmd/smudge"
 	"github.com/calypr/git-drs/cmd/track"
 	"github.com/calypr/git-drs/cmd/untrack"
-
-	"github.com/calypr/git-drs/cmd/upload"
 	"github.com/calypr/git-drs/cmd/version"
 	"github.com/spf13/cobra"
 )
@@ -46,11 +42,13 @@ func init() {
 
 	RootCmd.AddCommand(initialize.Cmd)
 	RootCmd.AddCommand(version.Cmd)
+	RootCmd.AddCommand(ping.Cmd)
 	RootCmd.AddCommand(filter.Cmd)
 	RootCmd.AddCommand(clean.Cmd)
+	RootCmd.AddCommand(copyrecords.Cmd)
 	RootCmd.AddCommand(smudge.Cmd)
 	RootCmd.AddCommand(remote.Cmd)
-	RootCmd.AddCommand(fetch.Cmd)
+	RootCmd.AddCommand(rm.Cmd)
 	RootCmd.AddCommand(pull.Cmd)
 	RootCmd.AddCommand(push.Cmd)
 	RootCmd.AddCommand(precommit.Cmd)
@@ -63,10 +61,7 @@ func init() {
 	RootCmd.AddCommand(bucket.Cmd)
 	RootCmd.AddCommand(track.Cmd)
 	RootCmd.AddCommand(untrack.Cmd)
-	RootCmd.AddCommand(list.Cmd)
 	RootCmd.AddCommand(lsfiles.Cmd)
-	RootCmd.AddCommand(upload.Cmd)
-	RootCmd.AddCommand(download.Cmd)
 	RootCmd.AddCommand(install.Cmd)
 
 	RootCmd.CompletionOptions.HiddenDefaultCmd = true
diff --git a/cmd/upload/main.go b/cmd/upload/main.go
deleted file mode 100644
index 992b8f52..00000000
--- a/cmd/upload/main.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package upload
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/drsremote"
-	syupload "github.com/calypr/syfon/client/transfer/upload"
-	"github.com/spf13/cobra"
-)
-
-var remote string
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "upload <src file>",
-	Short: "Upload a file to a DRS server",
-	Long:  "Upload a file to a DRS server, without creating an LFS pointer",
-	Args:  cobra.MinimumNArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		logger := drslog.GetLogger()
-
-		config, err := config.LoadConfig()
-		if err != nil {
-			return err
-		}
-
-		remoteName, err := config.GetRemoteOrDefault(remote)
-		if err != nil {
-			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-			return err
-		}
-
-		client, err := config.GetRemoteClient(remoteName, logger)
-		if err != nil {
-			return err
-		}
-
-		remoteConfig := config.GetRemote(remoteName)
-		organization := ""
-		project := ""
-		storagePrefix := ""
-		bucketName := ""
-		if remoteConfig != nil {
-			organization = remoteConfig.GetOrganization()
-			project = remoteConfig.GetProjectId()
-			storagePrefix = remoteConfig.GetStoragePrefix()
-			bucketName = remoteConfig.GetBucketName()
-		}
-
-		for _, src := range args {
-			if s, err := os.Stat(src); err != nil {
-				logger.Error(fmt.Sprintf("Error stating file %s: %v", src, err))
-				return err
-			} else if s.IsDir() {
-				logger.Error(fmt.Sprintf("Skipping directory %s", src))
-				continue
-			} else {
-				sha256, err := common.CalculateFileSHA256(src)
-				if err != nil {
-					logger.Error(fmt.Sprintf("Error calculating SHA256 for file %s: %v", src, err))
-					return err
-				}
-
-				objs, err := drsremote.ObjectsByHashForScope(cmd.Context(), client, sha256)
-				if err != nil || len(objs) == 0 {
-					did := sha256
-					name := filepath.Base(src)
-					drsObj, err := drsobject.BuildWithPrefix(name, sha256, s.Size(), did, bucketName, organization, project, storagePrefix)
-					if err != nil {
-						return fmt.Errorf("build DRS object for %s: %w", src, err)
-					}
-					registered, err := syupload.RegisterFile(cmd.Context(), client.Client.Data(), client.Client.DRS(), drsObj, src, bucketName)
-					if err != nil {
-						return fmt.Errorf("error uploading %s: %v", src, err)
-					}
-					if registered != nil {
-						logger.Info(fmt.Sprintf("Successfully uploaded %s to server with DRS ID %s", src, registered.Id))
-					}
-				} else {
-					logger.Info(fmt.Sprintf("File %s already exists on server with DRS ID %s, skipping upload", src, strings.TrimSpace(objs[0].Id)))
-				}
-			}
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-}
diff --git a/docs/architecture-drs-endpoints-and-transfer-concurrency.md b/docs/TODO/architecture-drs-endpoints-and-transfer-concurrency.md
similarity index 98%
rename from docs/architecture-drs-endpoints-and-transfer-concurrency.md
rename to docs/TODO/architecture-drs-endpoints-and-transfer-concurrency.md
index 7f5d258a..39e7bc6c 100644
--- a/docs/architecture-drs-endpoints-and-transfer-concurrency.md
+++ b/docs/TODO/architecture-drs-endpoints-and-transfer-concurrency.md
@@ -48,7 +48,7 @@ Notes:
 
 ## 1.3 Trace from standard Git commands
 
-`git-drs` participates in both explicit `git drs ...` commands and standard Git workflows after `git drs init`:
+`git-drs` participates in both explicit `git drs ...` commands and standard Git workflows after repository-local setup is installed. That setup can happen either through explicit `git drs init` or automatically during `git drs remote add ...`:
 
 - `git drs init` installs hooks (`cmd/initialize/main.go`):
   - pre-commit: `git drs precommit`
diff --git a/docs/TODO/git-drs-rm-semantics.md b/docs/TODO/git-drs-rm-semantics.md
new file mode 100644
index 00000000..6b7beab0
--- /dev/null
+++ b/docs/TODO/git-drs-rm-semantics.md
@@ -0,0 +1,155 @@
+# ADR 0004: `git drs rm` as scoped Git-plus-remote delete workflow
+
+## Status
+Implemented
+
+## Context
+
+`git-drs` currently has a gap in normal file lifecycle handling:
+
+- users can add, register, and push tracked data
+- users can remove pointer files from Git with `git rm`
+- but removing the file from the repository does not provide a coherent remote deletion workflow
+
+There are older hidden delete-oriented commands, but they are not a good user-facing model:
+
+- they are backend-centric
+- they are not path-oriented
+- they are easy to use unsafely
+- they do not fit the normal repository workflow
+
+At the same time, automatically deleting remote objects as soon as a tracked file disappears from Git is too aggressive:
+
+- one content object may be referenced by multiple DRS records
+- one DRS record may exist in more than one project or instance
+- deleting a DRS record is not the same as deleting the underlying bucket object
+- destructive behavior during `push` must be explicit and scoped
+
+## Decision
+
+Adopt `git drs rm` as the user-facing delete workflow, with three distinct layers of behavior:
+
+1. remove the tracked pointer from the Git repository
+2. remove matching remote DRS record state for the configured remote scope during `git drs push`
+3. only delete underlying object bytes when explicitly requested by a stronger policy
+
+The canonical behavior is:
+
+- `git drs rm <path>` removes the tracked file from the worktree and index
+- it does not write sidecar delete state
+- `git drs push` and the managed `pre-push` hook derive deletions from pushed Git ref deltas
+- default remote action is **record deletion only**, scoped to the configured organization/project
+- bucket object deletion is **not** the default behavior
+
+## Rationale
+
+This model matches the way users already think:
+
+- `git rm` removes a file from the repository
+- `git drs push` synchronizes repository state with remote DRS state
+
+It also avoids the worst failure mode:
+
+- silent deletion of shared underlying object bytes
+
+Separating record deletion from object-byte deletion keeps the default behavior aligned with least surprise and least destruction.
+
+It also avoids extra small-file local I/O under `.git/...`, which is a poor fit for HPC-style environments.
+
+## Detailed semantics
+
+### Local command behavior
+
+`git drs rm <path>...` should:
+
+- validate that each path is tracked as a git-drs/LFS pointer
+- remove the file from the index and worktree
+- fail clearly for plain Git files
+
+### Push behavior
+
+When `git drs push` or the managed `pre-push` hook reconciles deletes, it should:
+
+- resolve the current remote and configured organization/project scope
+- compute deleted paths from the pushed Git ref delta
+- read the deleted pointer blob from the old tree
+- parse the tracked object identity from that pointer
+- resolve the tracked object identity to matching remote DRS records in that scope
+- delete matching record state when the result is unambiguous
+- warn and require explicit follow-up when the result is ambiguous
+
+Examples of ambiguity:
+
+- no matching record exists in the configured scope
+- more than one matching record exists in the configured scope
+- the object is shared with another project or instance and the server cannot prove safe purge semantics
+
+### Default delete policy
+
+Default policy for `git drs rm` + `git drs push`:
+
+- remove the Git pointer locally
+- if the scoped record has one `controlled_access` entry, delete the whole record
+- if the scoped record has multiple `controlled_access` entries, remove only the current scope resource
+- do not delete bucket bytes automatically
+
+### Optional stronger policy
+
+A future explicit mode may support purging underlying bytes, for example:
+
+- `git drs rm --purge-object <path>`
+- repo config enabling scoped auto-purge
+
+That mode must remain opt-in and should only proceed when the server can prove the delete is safe or the user explicitly forces it.
+
+## Non-goals
+
+This ADR does not define:
+
+- cross-project garbage collection
+- global deduplication ownership policy
+- automatic deletion of all records sharing the same checksum across an instance
+- silent purge of shared bucket content
+
+## Implementation direction
+
+### Phase 1: user-facing command
+
+Add `git drs rm` as a first-class command:
+
+- path-oriented
+- repo-aware
+- explicit about remote consequences
+
+### Phase 2: push-time sync
+
+Teach `git drs push` to:
+
+- derive deleted tracked pointers from pushed refs
+- apply scoped record deletion
+- print a concise summary of deleted records, skipped records, and ambiguous cases
+
+### Phase 3: optional purge policy
+
+Add a stricter opt-in mode for underlying object-byte deletion with strong safeguards.
+
+## Consequences
+
+### Positive
+
+- delete workflow becomes part of the normal `git-drs` lifecycle
+- users no longer need to manually reconcile Git state and remote DRS state
+- destructive bucket deletion is kept behind explicit policy
+
+### Negative
+
+- push flow must inspect Git history carefully
+- delete semantics require server-side and client-side ambiguity handling
+- `git drs push` needs an explicit compare base when it is not running under the `pre-push` hook
+
+## Current notes
+
+- `git drs rm` wraps `git rm` directly after validating tracked LFS/git-drs paths.
+- Plain `git push` uses the managed `pre-push` hook, which receives authoritative old/new SHAs from Git.
+- `git drs push` derives deletes from `HEAD` vs `@{upstream}` when an upstream exists.
+- Ambiguous remote matches warn and remain untouched.
diff --git a/docs/adding-s3-files.md b/docs/adding-s3-files.md
index f8a83a6b..fe651263 100644
--- a/docs/adding-s3-files.md
+++ b/docs/adding-s3-files.md
@@ -17,7 +17,7 @@ Primary support today is S3-style URLs:
 - `https://bucket.s3.amazonaws.com/key`
 - Path-style S3-compatible HTTPS URLs
 
-The inspector also accepts other go-cloud styles (`gs://`, `azblob://`, `file://`), but the main production path in current e2e coverage is S3/Gen3 bucket-backed workflows.
+The inspector also accepts other cloud styles (`gs://`, `azblob://`), but the main production path in current e2e coverage is S3/Gen3 bucket-backed workflows.
 
 ## Two Add-URL Input Modes
 
diff --git a/docs/commands.md b/docs/commands.md
index 43ac6d5a..7e5dc492 100644
--- a/docs/commands.md
+++ b/docs/commands.md
@@ -50,7 +50,9 @@ Common flags:
 - `--multipart-threshold <mb>`: multipart threshold in MB
 - `--enable-data-client-logs`: enable lower-level client logging
 
-Run this once per repository.
+Use this when you want to initialize the repo explicitly, or to repair repo-local hooks/config.
+
+For normal onboarding, `git drs remote add ...` now auto-initializes the repository if that setup is missing.
 
 ## Remote Configuration
 
@@ -59,14 +61,26 @@ Run this once per repository.
 Add or refresh a Gen3-backed Syfon remote.
 
 ```bash
-git drs remote add gen3 [remote-name] <organization/project> [--cred <file> | --token <token>]
+git drs remote add gen3 [remote-name] <organization/project> \
+    --cred <credentials-file>
 ```
 
-Examples:
+**Options:**
+
+- `--cred <file>`: Path to credentials JSON file (required)
+- `--token <token>`: Token for temporary access (alternative to --cred)
+- `<organization/project>`: Required scope argument, for example `HTAN_INT/BForePC`
+
+**Examples:**
 
 ```bash
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
-git drs remote add gen3 staging HTAN_INT/BForePC --token "$GEN3_TOKEN"
+# Add production remote
+git drs remote add gen3 production my-program/my-project \
+    --cred /path/to/credentials.json
+
+# Add staging remote
+git drs remote add gen3 staging staging-program/staging-project \
+    --cred /path/to/staging-credentials.json
 ```
 
 Notes:
@@ -75,6 +89,7 @@ Notes:
 - scope is always one positional argument: `organization/project`
 - `--cred` imports a Gen3 credential file
 - `--token` uses a temporary bearer token
+- if the repo has not been initialized yet, this command bootstraps the local `git-drs` hooks/config first
 - bucket resolution is scope-driven; users do not need to provide `--bucket`
 - endpoint resolution comes from the credential/token path; users do not need to provide `--url`
 
@@ -91,12 +106,184 @@ List configured DRS remotes.
 git drs remote list
 ```
 
-### `git drs remote set <name>`
+### `git drs remote remove <remote-name>`
+
+Remove a configured DRS remote.
+
+```bash
+git drs remote remove <remote-name>
+git drs remote rm <remote-name>
+```
+
+Notes:
+
+- this removes `git-drs` remote config, not normal Git remotes
+- `git remote remove <name>` does not manage `git-drs` remote config
+- if the removed remote was the default and other `git-drs` remotes remain, one remaining remote becomes the new default
+- if the removed remote was the last one, `git-drs` clears the default remote
+
+### `git drs add-url <object-url-or-key> [path]`
+
+Prepare a pointer plus local DRS metadata for an object that already exists in provider storage.
+
+**Usage:**
+
+```bash
+# Preferred: object key resolved against configured bucket scope
+git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
+
+# Compatibility: explicit provider URL
+git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
+```
+
+**Options:**
+
+- `--scheme <scheme>`: Required for object-key mode because local bucket mappings persist bucket/prefix, not provider scheme
+- `--sha256 <hex>`: Expected SHA256 checksum when known
+
+**What it does:**
+
+- Resolves the effective org/project bucket scope for the current remote
+- Inspects the provider object through client-owned cloud code
+- Writes a Git LFS pointer into the worktree
+- Stores local DRS metadata for later registration during `git drs push`
+
+### `git drs push [remote-name]`
+
+Push local DRS objects to server. Uploads new files and registers metadata.
+
+**Usage:**
+
+```bash
+# Push to default remote
+git drs push
+
+# Push to specific remote
+git drs push staging
+git drs push production
+```
+
+**What it does:**
+
+- Checks local `.git/drs/lfs/objects/` for DRS metadata
+- For each object, uploads file to bucket if file exists locally
+- If file doesn't exist locally (metadata only), registers metadata without upload
+- Reconciles committed tracked-file deletions against the pushed Git ref delta
+- This enables cross-remote promotion workflows
+
+**Cross-Remote Promotion:**
+
+Transfer DRS records from one remote to another (eg staging to production) without re-uploading files:
+
+```bash
+# Fetch metadata from staging
+git drs fetch staging
+
+# Push metadata to production (no file upload since files don't exist locally)
+git drs push production
+```
+
+This is useful when files are already in the production bucket with matching SHA256 hashes. It can also be used to reupload files given that the files are pulled to the repo first.
+
+**Note:** `fetch` and `push` are commonly used together. `fetch` pulls metadata from one remote, `push` registers it to another.
+
+### `git drs rm <path>...`
+
+Remove tracked DRS/LFS files from the worktree and index.
 
-Set the default DRS remote.
+**Usage:**
 
 ```bash
-git drs remote set production
+git drs rm data/sample.bam
+git drs rm data/sample1.bam data/sample2.bam
+```
+
+**What it does:**
+
+- Validates that each path is tracked as a Git LFS / git-drs file
+- Runs `git rm` for those paths
+- Does not mutate remote DRS state immediately
+
+**Remote behavior on push:**
+
+When the deletion is committed and pushed:
+
+- `git drs push` and the managed `pre-push` hook derive deleted pointers from the pushed Git commit delta
+- if the scoped record has exactly one `controlled_access` entry, the whole DRS record is deleted
+- if the scoped record has multiple `controlled_access` entries, only the current `organization/project` resource is removed
+- underlying object bytes are not deleted by default
+
+### `git drs copy-records [source-remote] <target-remote> <organization/project>`
+
+Copy Syfon records for one `organization/project` scope from one configured remote to another.
+
+**Usage:**
+
+```bash
+git drs copy-records \
+  <source-remote> \
+  <target-remote> \
+  <organization/project>
+```
+
+Or, to copy from the configured default remote:
+
+```bash
+git drs copy-records \
+  <target-remote> \
+  <organization/project>
+```
+
+**Options:**
+
+- `<source-remote>`: Source remote. Optional. Defaults to the configured default remote.
+- `<target-remote>`: Target remote. Required.
+- `<organization/project>`: Required scope argument, for example `HTAN_INT/BForePC`.
+- `--batch-size <n>`: Source page size and target bulk write size. Default: `250`.
+
+**What it does:**
+
+- Reads all source records for the requested `organization/project` using Syfon's internal bulk/list APIs
+- Looks up matching DIDs on the target in batches
+- Creates records that do not already exist on the target
+- For existing DIDs, preserves the target record and only merges:
+  - `controlled_access`
+  - `access_methods`
+
+**Merge semantics for existing target records:**
+
+- Existing target metadata is preserved
+- `controlled_access` becomes the union of source and target values
+- `access_methods` becomes the union of source and target values
+- Records with no effective change are skipped
+
+**Example:**
+
+```bash
+git drs copy-records \
+  dev \
+  prod \
+  HTAN_INT/BForePC
+```
+
+**When to use it:**
+
+- Promote DRS metadata between Syfon instances
+- Backfill `controlled_access` and `access_methods` onto an existing target instance
+- Copy project-scoped records without re-uploading object bytes
+
+### `git drs query`
+
+Query a DRS object by its DRS ID or SHA256 checksum.
+
+**Usage:**
+
+```bash
+# Query by DRS ID (default behavior)
+git drs query <drs-id>
+
+# Query by SHA256 checksum
+git drs query --checksum <sha256>
 ```
 
 ## Bucket Mapping
@@ -119,7 +306,28 @@ git drs bucket add-organization production \
 
 ### `git drs bucket add-project`
 
-Map an organization/project to a bucket path.
+```bash
+# Known SHA path
+git drs add-url s3://bucket/path/file.bin data/file.bin --sha256 <sha256>
+
+# Unknown SHA path
+git drs add-url s3://bucket/path/file.bin data/file.bin
+```
+
+**Options:**
+
+- `--sha256 <hash>`: Optional SHA256 hash of the source object.  
+  If omitted, add-url uses an ETag+source-derived placeholder OID and registers metadata without a local payload blob.
+
+**Notes:**
+
+- `add-url` no longer accepts per-command AWS credential flags.
+- S3 connection hints are resolved from environment/runtime config when needed (for example `AWS_REGION`, `AWS_ENDPOINT_URL`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`).
+- Registration happens on `git drs push`, not at `add-url` time.
+
+### `git drs version`
+
+Display Git DRS version information.
 
 ```bash
 git drs bucket add-project production \
@@ -215,6 +423,13 @@ What it does:
 - resolves local pointer/object metadata
 - uploads local bytes when needed
 - registers object metadata with the target Syfon instance
+- reconciles committed deletes derived from the pushed ref delta
+
+Notes:
+
+- delete reconciliation is Git-history-derived; there is no local delete-intent sidecar state
+- `git drs push` uses the current branch upstream as the delete diff base when one exists
+- plain `git push` uses the managed `pre-push` hook, which receives authoritative old/new SHAs from Git
 
 ### `git drs add-url <object-url-or-key> [path]`
 
diff --git a/docs/drs-uri-canonical-identity.md b/docs/drs-uri-canonical-identity.md
new file mode 100644
index 00000000..c810d357
--- /dev/null
+++ b/docs/drs-uri-canonical-identity.md
@@ -0,0 +1,212 @@
+# ADR 0003: Use DRS URI as canonical remote identity and a derived compact OID for local pointer/cache identity
+
+## Status
+Proposed
+
+## Context
+
+`git-drs` no longer needs to treat the Git LFS-style `oid` as a literal content SHA256 in every workflow.
+
+This is most obvious in `add-url` and other metadata-first flows:
+
+- the authoritative remote object identity is the DRS object itself
+- the authoritative retrieval source is the DRS metadata (`access_methods`, checksums, scoped metadata)
+- local pointer files and local cache paths still need a compact identifier
+
+Today the code still assumes the local pointer/cache identifier is shaped like a Git LFS SHA256:
+
+- pointers are parsed only when they contain `oid sha256:<64-hex>`
+- local object fanout paths assume a 64-character hex identifier
+- some code still conflates "pointer OID" with "content SHA256"
+
+At the same time, raw DRS URIs are not a good direct substitute for the pointer `oid` slot:
+
+- they are long and punctuation-heavy
+- they are awkward as local cache keys and filesystem fanout paths
+- they couple local identity directly to remote URI syntax
+- they reduce cache/dedupe reuse if the same bytes exist under multiple DRS records
+
+So we need to separate two concepts that are currently blurred together:
+
+1. **Canonical remote identity**
+   - the DRS URI / DRS object ID that identifies the remote record
+2. **Local pointer/cache identity**
+   - a compact, filesystem-safe identifier used in pointer files, cache keys, and worktree inventory
+
+## Decision
+
+Adopt this identity model:
+
+1. **DRS URI is the canonical remote identity**
+   - it identifies the remote record
+   - it is the primary stable reference for metadata-first workflows
+2. **A derived compact OID is the local pointer/cache identity**
+   - it is derived deterministically from the canonical remote identity
+   - it is used in pointer files, local fanout paths, and cache indexing
+3. **Do not use the raw DRS URI as the literal pointer OID**
+   - the pointer/cache slot remains compact and derived
+4. **Do not require the derived compact OID to equal the content SHA256**
+   - content SHA256 remains useful metadata when known
+   - but it is not required to be the primary local identity in metadata-first flows
+
+## Recommended derived OID format
+
+The derived local OID should be:
+
+- deterministic
+- compact
+- filesystem-safe
+- independent of transient access URLs
+
+Recommended derivation:
+
+```text
+derived_oid = sha256("git-drs-object:v1\ndrs_uri=<normalized-drs-uri>\n")
+```
+
+This gives:
+
+- a stable 64-hex identifier
+- compatibility with existing local fanout assumptions
+- independence from raw URL punctuation/length
+- a clean boundary between remote identity and local cache identity
+
+## Why not use the raw DRS URI as the pointer OID?
+
+Because the pointer OID slot behaves like a local key, not just a human-readable identifier.
+
+Using raw DRS URI directly would:
+
+- make pointer parsing and cache fanout messy
+- force local storage assumptions to depend on URI syntax
+- complicate path encoding, diagnostics, and inventory code
+- make future URI normalization/versioning harder
+
+The DRS URI should be stored as first-class metadata, not jammed directly into the pointer key slot.
+
+## Before
+
+The current model is effectively:
+
+- pointer OID is assumed to be `sha256:<64hex>`
+- local cache fanout is based on that value
+- some workflows use placeholders, but still pretend the OID slot is "the SHA256"
+
+This causes confusion:
+
+- "OID" and "content checksum" are treated as the same thing even when they are not
+- metadata-first objects need placeholder semantics
+- design discussions keep returning to "can we use md5, etag, or path instead?"
+
+## After
+
+The identity model becomes explicit:
+
+- **DRS URI** = canonical remote identity
+- **derived OID** = compact local pointer/cache identity
+- **checksums** = content metadata, not always the primary local key
+
+In practical terms:
+
+- pointer files keep a compact OID
+- local fanout code keeps a compact OID
+- remote record matching and canonical reference logic prefer DRS URI
+- content SHA256 remains available when known, but no longer defines the whole identity model
+
+## Implementation guidance
+
+### Phase 1: Introduce explicit identity types
+
+Add an internal identity structure such as:
+
+```text
+ObjectIdentity
+  - DRSURI
+  - OID
+  - Checksums
+```
+
+This is the critical first step. It prevents more code from assuming:
+
+```text
+OID == content SHA256
+```
+
+### Phase 2: Keep pointer/cache format compact
+
+Retain the existing compact local OID shape for compatibility:
+
+- `oid sha256:<64hex>` in pointer files
+- existing local fanout layout
+
+But redefine the meaning:
+
+- in metadata-first flows, the 64-hex value is the derived local identity
+- not necessarily the file content SHA256
+
+This avoids a broad pointer-format migration up front.
+
+### Phase 3: Store DRS URI as authoritative metadata
+
+Wherever local DRS metadata is written or read:
+
+- persist the DRS URI explicitly
+- treat it as the canonical remote reference
+
+This applies especially to:
+
+- `add-url`
+- `add-ref`
+- local DRS object files
+- copy/query/register reconciliation logic
+
+### Phase 4: Remove code that equates OID and checksum
+
+Audit and reduce assumptions in:
+
+- pointer parsing/writing helpers
+- inventory
+- push/pull resolution
+- registration/update logic
+- cache helpers
+
+The main rule:
+
+- if code wants a checksum, ask for a checksum
+- if code wants a pointer/cache key, ask for the derived OID
+- if code wants remote identity, ask for the DRS URI
+
+## Consequences
+
+### Positive
+
+- clarifies identity semantics
+- makes metadata-first workflows more coherent
+- avoids raw DRS URI leakage into local cache/path mechanics
+- preserves compact local storage behavior
+- reduces pressure to misuse ETag/MD5/path directly as pointer OIDs
+
+### Negative
+
+- requires a modest identity refactor
+- some current code still assumes pointer OID is content SHA256
+- compatibility language around `oid sha256:` becomes semantically looser until or unless the external pointer format is generalized later
+
+## Explicit non-goals
+
+This ADR does **not** require:
+
+- raw DRS URI to become the literal pointer OID
+- multi-algorithm pointer syntax (`oid md5:...`, `oid etag:...`, etc.) immediately
+- full removal of the current compact SHA256-shaped local OID format
+
+Those may be considered later, but they are not required to fix the architectural confusion now.
+
+## Summary
+
+The correct split is:
+
+- **DRS URI** for canonical remote identity
+- **derived compact OID** for local pointer/cache identity
+
+That gives `git-drs` a cleaner architecture without forcing local storage and pointer behavior to inherit all the messiness of raw remote identifiers.
diff --git a/docs/ga4gh-drs-scalability-gaps.md b/docs/ga4gh-drs-scalability-gaps.md
new file mode 100644
index 00000000..a3395ad5
--- /dev/null
+++ b/docs/ga4gh-drs-scalability-gaps.md
@@ -0,0 +1,195 @@
+# GA4GH DRS Scalability Gaps for `git-drs`
+
+## Summary
+
+GA4GH DRS is a reasonable read/access protocol for individual object resolution, but it is not a good standalone fit for high-volume `git-drs` workflows when the client must translate one logical operation into many REST calls.
+
+The problem is not that DRS is incorrect. The problem is that the base API surface is too narrow for the operational patterns `git-drs` actually needs:
+
+- checksum-first lookup
+- bulk existence checks
+- bulk access URL resolution
+- bulk registration
+- upload orchestration
+- scoped delete/update flows
+
+If every one of those has to be decomposed into multiple per-object HTTP calls, the result is not operationally scalable.
+
+## The core issue
+
+For `git-drs`, many user-facing operations are logically single operations:
+
+- "do these 500 OIDs already exist?"
+- "give me access URLs for these 200 objects"
+- "register these 150 objects"
+- "delete the objects that match this checksum in this scope"
+
+Base GA4GH DRS mostly gives the client:
+
+- `GET /ga4gh/drs/v1/objects/{object_id}`
+- `GET /ga4gh/drs/v1/objects/{object_id}/access/{access_id}`
+- `GET /ga4gh/drs/v1/service-info`
+
+That works for one object at a time. It does not work well for batch-oriented Git and LFS workflows.
+
+## Why this is not scalable
+
+### 1. One logical operation turns into N network round-trips
+
+Examples:
+
+- checksum lookup by many OIDs:
+  - no native bulk checksum query in base DRS
+  - client must fan out one request per checksum
+- access resolution for many objects:
+  - no native bulk access URL resolution in base DRS
+  - client must fan out one request per object/access method
+- delete by hash:
+  - client must first resolve matching objects
+  - then issue one delete per object
+
+This is acceptable for a handful of objects. It is poor for large repos, monorepos, or pre-push/pull batch flows.
+
+### 2. Latency compounds even when payload size is small
+
+Most of these calls are metadata calls, not large transfers. The bottleneck is round-trip count:
+
+- HTTP connection overhead
+- auth middleware and token processing
+- authz lookup
+- request routing
+- JSON encode/decode
+- repeated server-side DB lookups
+
+A workflow that should feel like "one batch metadata operation" becomes "hundreds of tiny RPCs over HTTP".
+
+### 3. Capability gaps force client-side orchestration complexity
+
+Without batch primitives, the client has to own:
+
+- fan-out scheduling
+- retry policy
+- partial failure handling
+- de-duplication
+- concurrency limits
+- fallback behavior when some objects resolve and some do not
+
+That complexity is not free. It moves real system cost from the server contract into every client.
+
+### 4. It weakens read-path ergonomics for Git/LFS-shaped workflows
+
+`git-drs` is not a generic browser for one object at a time. It is operating on working trees, pointer inventories, checksum sets, and batch synchronization.
+
+Those workflows are naturally set-oriented, not object-at-a-time.
+
+Trying to force them through only:
+
+- `GetObject(id)`
+- `GetAccessURL(id, access_id)`
+
+produces a client that is formally "more DRS-pure" but operationally worse.
+
+## Concrete examples
+
+### Bulk checksum validity
+
+Logical operation:
+
+- "tell me which of these 1000 SHA256 values already exist"
+
+Base DRS shape:
+
+- 1000 repeated checksum/object lookups
+
+What the client actually needs:
+
+- one bulk validity response:
+  - `sha256 -> exists`
+
+This is why `/index/bulk/sha256/validity` or an equivalent bulk DRS extension exists.
+
+### Bulk access resolution
+
+Logical operation:
+
+- "hydrate all unresolved pointer files in this checkout"
+
+Base DRS shape:
+
+- resolve object for each OID
+- resolve access URL for each object
+
+That means at least:
+
+- one object-resolution request per object
+- one access-resolution request per object
+
+For a checkout with many files, this is an avoidable round-trip explosion.
+
+### Delete by checksum or scoped cleanup
+
+Logical operation:
+
+- "delete matching records for this checksum in this repo scope"
+
+Base DRS shape:
+
+1. resolve records
+2. iterate matching IDs
+3. delete one by one
+
+That is technically possible. It is not a good contract for batch cleanup.
+
+## Position
+
+`git-drs` should not be forced into a "base DRS only" model when that model degrades correctness, simplicity, or scale.
+
+The better architecture is:
+
+- use base GA4GH DRS where it fits naturally
+  - single-object read
+  - access resolution
+  - service-info probing
+- keep explicit extension APIs where batch or write semantics are required
+  - bulk checksum validity
+  - bulk checksum lookup
+  - bulk access URL resolution
+  - bulk registration
+  - upload negotiation
+  - batch delete/update helpers
+
+## Recommended design rule
+
+Do not collapse one logical client operation into multiple mandatory REST calls unless there is no practical alternative.
+
+More concretely:
+
+- if a client operation is inherently batch-oriented, prefer a batch endpoint
+- if a workflow is write-oriented, do not pretend it is standard DRS when it is not
+- if an optimization is required for acceptable repo-scale performance, keep it as an explicit extension instead of hiding it behind repeated single-object DRS calls
+
+## Recommended client split
+
+`git-drs` should continue to distinguish:
+
+- **DRS read contract**
+  - `GetObject`
+  - `GetAccessURL`
+  - `GetServiceInfo`
+
+- **DRS extension contract**
+  - bulk checksum lookup / validity
+  - object registration
+  - upload request negotiation
+  - bulk access resolution
+  - delete/update helpers
+
+That is a more honest and more scalable model than pretending all useful client operations can be reduced to base DRS primitives without cost.
+
+## Bottom line
+
+GA4GH DRS is a solid object access protocol.
+
+It is not, by itself, a scalable batch control-plane for `git-drs`.
+
+Where one custom operation would otherwise require two or more mandatory REST operations per object, a dedicated extension is justified. The scalability cost is real, and the client should not absorb it just to preserve a cleaner-looking but weaker protocol story.
diff --git a/docs/getting-started.md b/docs/getting-started.md
index cfef54f3..4151b627 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -34,11 +34,7 @@ It no longer tries to be a mixed bag of Git, Git LFS, and DRS transport wrappers
        ServerAliveInterval 30
    ```
 
-3. Initialize `git-drs` in the repo:
-
-   ```bash
-   git drs init
-   ```
+3. If the repo does not yet have a `git-drs` remote configured, add one now. `remote add` will bootstrap the repo-local hooks/config automatically if needed.
 
 4. Hydrate tracked files if needed:
 
@@ -58,13 +54,15 @@ git drs install
 
 ## One-Time Repository Setup
 
-After cloning or creating a repository:
+After cloning or creating a repository, the normal first step is adding a remote:
 
 ```bash
-git drs init
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
 ```
 
-That sets up repository-local `git-drs` state and hooks.
+That command now sets up repository-local `git-drs` state and hooks automatically if they are missing.
+
+You can still run `git drs init` directly when you want to initialize the repo explicitly before configuring any remote, or when you want to repair the hook/config wiring.
 
 ## Add a Gen3 Remote
 
@@ -83,6 +81,7 @@ git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.
 Notes:
 
 - scope is one positional argument: `organization/project`
+- if repo-local `git-drs` setup is missing, this command initializes it first
 - users do not provide `--bucket`
 - users do not provide `--url`
 - bucket resolution is scope-based and server-backed
@@ -99,17 +98,13 @@ For a new repository or a repository that has not yet been configured with `git-
 
 1. Initialize the repository:
 
-   ```bash
-   git drs init
-   ```
-
-2. Add the target remote:
-
    ```bash
    git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
    ```
 
-3. Verify the configuration:
+   This bootstraps the repo-local `git-drs` hooks/config if needed.
+
+2. Verify the configuration:
 
    ```bash
    git drs remote list
@@ -155,6 +150,30 @@ Example:
 git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
 ```
 
+### When a key expires or is replaced
+
+The supported recovery path is:
+
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
+```
+
+Practical answers to the common questions:
+
+- do you need to run `git drs init` again?
+  - no
+- do you need to run `git drs remote add gen3` again?
+  - yes, if the API key itself was replaced or you want to import a new credential file/token
+- does `git-drs` detect token expiry automatically?
+  - partially
+  - if the stored access token is expired but the stored API key is still valid, `git-drs` will try to refresh the access token automatically
+  - if the API key itself is expired, revoked, or replaced, rerun `git drs remote add gen3 ...`
+- how do you check what remote/profile is in use?
+  - `git drs remote list` shows the configured remotes
+  - the Gen3 profile data lives in `~/.gen3/gen3_client_config.ini`
+
+As a rule, if credentials changed and you want a predictable fix, re-run `git drs remote add gen3 ...` for that remote. That updates the stored profile and repo token plumbing without requiring repo re-initialization.
+
 ## Managing Additional Remotes
 
 You can add multiple remotes for multi-environment workflows.
@@ -206,11 +225,27 @@ git add .gitattributes
 ```bash
 git add sample.bam
 git commit -m "Add sample"
-git push
+git drs push
 ```
 
 `git-drs` handles pointer/object registration behavior around the Git workflow.
 
+## Remove a Tracked File
+
+Use `git drs rm` for tracked DRS/LFS files:
+
+```bash
+git drs rm sample.bam
+git commit -m "Remove sample"
+git drs push
+```
+
+This removes the pointer from Git immediately. The remote DRS mutation happens only when that deletion is committed and pushed:
+
+- if the scoped record has one `controlled_access` entry, the record is deleted
+- if it has multiple `controlled_access` entries, only the current `organization/project` resource is removed
+- underlying object bytes are not deleted by default
+
 ## Inspect Tracked Files
 
 Use `ls-files` as the local inventory command:
@@ -281,7 +316,7 @@ git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
 
 ## Session Workflow
 
-> **Note:** You do not need to run `git drs init` again. Initialization is a one-time setup per local repository clone.
+> **Note:** You do not need to run `git drs init` again. Remote configuration bootstraps repo-local setup when needed, and explicit `git drs init` is mainly for manual setup or repair.
 
 For a normal work session:
 
@@ -291,6 +326,8 @@ For a normal work session:
    git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
    ```
 
+   You do not need to run `git drs init` again for this. Refreshing credentials is a `remote add` operation, not a repo reinitialization step.
+
 2. Update Git history if needed
 
    ```bash
@@ -329,21 +366,20 @@ git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credenti
 
 Use this flow when developing against a local Syfon/DRS server instead of a hosted Gen3 deployment.
 
-1. Initialize the repo:
+1. Add the local remote:
 
    ```bash
-   git drs init
+   git drs remote add local origin http://localhost:8080 \
+       calypr/end_to_end_test \
+       --username drs-user \
+       --password drs-pass
    ```
 
-2. Add the local remote:
-
-   ```bash
-   git drs remote add local origin http://localhost:8080
-   ```
+   This bootstraps the repo-local `git-drs` hooks/config if needed.
 
    If your local server requires basic auth, include the local auth flags supported by that command.
 
-3. Track and push:
+2. Track and push:
 
    ```bash
    git drs track "*.bin"
@@ -352,7 +388,7 @@ Use this flow when developing against a local Syfon/DRS server instead of a host
    git drs push
    ```
 
-4. Verify hydration:
+3. Verify hydration:
 
    ```bash
    git drs pull
@@ -380,7 +416,6 @@ This copies metadata only. It does not copy object bytes between buckets.
 
 ```bash
 git drs install
-git drs init
 git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
 git drs track "*.bam"
 git add .gitattributes
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index c0b77c7b..0158fac0 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -10,12 +10,12 @@ Common issues and solutions for the cleaned `git-drs` CLI.
 
 No.
 
-`git drs init` is repository setup. Run it once per local clone unless you are deliberately reinitializing the repo.
+`git drs init` is repository setup. In most cases you do not need to run it manually at all, because `git drs remote add ...` now bootstraps that setup automatically when it is missing.
 
 Run it when:
 
-- you first clone a repository and need local `git-drs` setup
-- you create a new repository and want to enable `git-drs`
+- you want to initialize repo-local `git-drs` state before adding any remote
+- you want to repair hooks/config wiring explicitly
 
 Do not run it every session:
 
@@ -72,8 +72,9 @@ Those changes persist in the clone. They are not something you redo per session.
 
 Examples:
 
-- `git drs init`
 - `git drs remote add gen3 ...`
+- `git drs remote remove ...`
+- `git drs init`
 - `git drs track`
 - `git drs ls-files`
 - `git drs pull`
@@ -154,10 +155,12 @@ That usually just means hydration has not happened yet.
 Run:
 
 ```bash
-git drs init
+git drs remote list
 git drs pull
 ```
 
+If the repo has never had a `git-drs` remote configured, run `git drs remote add ...` first. That command will also install the repo-local hooks/config.
+
 ### Network timeout during push or download
 
 If you use SSH remotes, keepalives help:
@@ -211,6 +214,25 @@ git ls-files -- path/to/file
 git drs ls-files -l
 ```
 
+### `git remote remove` did not remove my `git-drs` remote
+
+That is expected.
+
+Git remotes and `git-drs` remotes live in different config domains.
+
+Use:
+
+```bash
+git drs remote list
+git drs remote remove <name>
+```
+
+or:
+
+```bash
+git drs remote rm <name>
+```
+
 ### `git drs pull` does nothing
 
 That usually means one of these:
@@ -269,6 +291,32 @@ Refresh by re-adding the remote with a new credential file or token:
 git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
 ```
 
+You do not need to run `git drs init` again.
+
+What `git-drs` does automatically:
+
+- if the stored access token is expired but the stored API key is still valid, `git-drs` will attempt to refresh the access token
+- if the API key itself is expired, revoked, or replaced, you need to re-run `git drs remote add gen3 ...`
+
+How to think about recovery:
+
+- token expired, key still valid:
+  - often automatic
+- key expired or replaced:
+  - rerun `git drs remote add gen3 ... --cred ...` or `--token ...`
+
+How to check what is in use:
+
+```bash
+git drs remote list
+```
+
+And for the underlying Gen3 profile data:
+
+- inspect `~/.gen3/gen3_client_config.ini`
+
+If you want the least surprising fix, just re-run `git drs remote add gen3 ...` with the current credential file. That updates the stored profile and repo token plumbing in one step.
+
 ### `git push` fails with upload or register errors
 
 Check:
@@ -309,7 +357,6 @@ That is normal.
 After cloning:
 
 ```bash
-git drs init
 git drs pull
 ```
 
diff --git a/go.mod b/go.mod
index 8765febe..3096b9d6 100644
--- a/go.mod
+++ b/go.mod
@@ -1,16 +1,17 @@
 module github.com/calypr/git-drs
 
-go 1.26.2
+go 1.26.3
 
 require (
 	github.com/bytedance/sonic v1.15.0
-	github.com/calypr/data-client v0.0.0-20260504172902-8e9b714aa299
-	github.com/calypr/syfon v0.2.8-0.20260503003649-cda722e27216
-	github.com/calypr/syfon/apigen v0.2.6-0.20260503003649-cda722e27216
+	github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f
+	github.com/calypr/syfon v0.2.9-0.20260511213931-ff4d5a467b3e
+	github.com/calypr/syfon/apigen v0.2.7-0.20260511213931-ff4d5a467b3e
 	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1
 	github.com/go-git/go-git/v5 v5.13.0
 	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/google/uuid v1.6.0
+	github.com/mattn/go-isatty v0.0.21
 	github.com/spf13/cobra v1.10.2
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/sync v0.20.0
@@ -92,7 +93,6 @@ require (
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
-	github.com/mattn/go-isatty v0.0.21 // indirect
 	github.com/mattn/go-runewidth v0.0.23 // indirect
 	github.com/oapi-codegen/runtime v1.4.0 // indirect
 	github.com/philhofer/fwd v1.2.0 // indirect
@@ -141,7 +141,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.32.14
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.14
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0
-	github.com/calypr/syfon/client v0.2.7-0.20260503003649-cda722e27216
+	github.com/calypr/syfon/client v0.2.8-0.20260511213931-ff4d5a467b3e
 	github.com/hashicorp/go-version v1.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
diff --git a/go.sum b/go.sum
index 514e9f90..d823b2d1 100644
--- a/go.sum
+++ b/go.sum
@@ -115,14 +115,14 @@ github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uS
 github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
 github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
 github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
-github.com/calypr/data-client v0.0.0-20260504172902-8e9b714aa299 h1:q5clCvC1DVNgswtek9iXa0AW31Pz0zAVEAryN/Ertdo=
-github.com/calypr/data-client v0.0.0-20260504172902-8e9b714aa299/go.mod h1:cAKvEGQogXFM4Hz22/JNOH+l2bRaz+pjT3N2H5cC8D4=
-github.com/calypr/syfon v0.2.8-0.20260503003649-cda722e27216 h1:f/fr9r4N3yKARlX+RPiZmg6fJG3xuSLpeTvk6as6AxM=
-github.com/calypr/syfon v0.2.8-0.20260503003649-cda722e27216/go.mod h1:m2jd8Snb+Gjc32AcOTdioZVjLmhsAXw7F4uzHQTGBtg=
-github.com/calypr/syfon/apigen v0.2.6-0.20260503003649-cda722e27216 h1:MuPHiYQXGX7frvN3EQZ4ZM5RjRZ1eGVY0D4iXCNAj0s=
-github.com/calypr/syfon/apigen v0.2.6-0.20260503003649-cda722e27216/go.mod h1:9JNwTgR57yKJlWqZpdqP+/l4zCNzH1EIFrW+e20PyMQ=
-github.com/calypr/syfon/client v0.2.7-0.20260503003649-cda722e27216 h1:1LFo3dMc4ZQHml9zQsBE5/k2ZEcHT4EpqxL+Hr/ROjo=
-github.com/calypr/syfon/client v0.2.7-0.20260503003649-cda722e27216/go.mod h1:DQSqNkxl9V3w08BiMconcJh3xtc+/Je7Xeo7qRH7wto=
+github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f h1:+jRjTLBjCjxbWvcbYIi9Oe+XBGlwLJnnk8mk1wHEamY=
+github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f/go.mod h1:cAKvEGQogXFM4Hz22/JNOH+l2bRaz+pjT3N2H5cC8D4=
+github.com/calypr/syfon v0.2.9-0.20260511213931-ff4d5a467b3e h1:VSCX3ZwQcOWCjrZ7WFP4TW9vGi9WPYZuuZsjEoRluwA=
+github.com/calypr/syfon v0.2.9-0.20260511213931-ff4d5a467b3e/go.mod h1:FMYmSy6rbUGbFcuNTlKtxIhWSlIRPbZfpauKMO0k1V4=
+github.com/calypr/syfon/apigen v0.2.7-0.20260511213931-ff4d5a467b3e h1:PtLxUIloatJGqZx/UkvG7wT9z8vh7R3N4CyDnc139Zk=
+github.com/calypr/syfon/apigen v0.2.7-0.20260511213931-ff4d5a467b3e/go.mod h1:VrRZ2A17YV91Zsm7CF/u1/Z+DfcZAk8Q4Pk1xklb5xU=
+github.com/calypr/syfon/client v0.2.8-0.20260511213931-ff4d5a467b3e h1:ycB0RN7nRdbU9gRynm8JC1pGsBSc4VmOxLkKGNPCLtg=
+github.com/calypr/syfon/client v0.2.8-0.20260511213931-ff4d5a467b3e/go.mod h1:9MTLDQ5clwDHcDuKCEuVaV7bebsCIUtUQxTegW3RDVo=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
diff --git a/internal/config/config.go b/internal/config/config.go
index 58a94fa2..e45a0d43 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log/slog"
 	"path/filepath"
+	"sort"
 	"strings"
 
 	"github.com/calypr/git-drs/internal/common"
@@ -318,6 +319,64 @@ func SaveConfig(cfg *Config) error {
 	return repo.Storer.SetConfig(conf)
 }
 
+func RemoveRemote(name Remote) (*Config, error) {
+	cfg, err := LoadConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	if _, ok := cfg.Remotes[name]; !ok {
+		return nil, fmt.Errorf("remote '%s' not found", name)
+	}
+
+	delete(cfg.Remotes, name)
+
+	keys := []string{
+		fmt.Sprintf("drs.remote.%s.type", name),
+		fmt.Sprintf("drs.remote.%s.endpoint", name),
+		fmt.Sprintf("drs.remote.%s.project", name),
+		fmt.Sprintf("drs.remote.%s.bucket", name),
+		fmt.Sprintf("drs.remote.%s.organization", name),
+		fmt.Sprintf("drs.remote.%s.storage_prefix", name),
+		fmt.Sprintf("drs.remote.%s.token", name),
+		fmt.Sprintf("drs.remote.%s.username", name),
+		fmt.Sprintf("drs.remote.%s.password", name),
+		fmt.Sprintf("remote.%s.lfsurl", name),
+	}
+	if err := gitrepo.UnsetGitConfigOptions(keys); err != nil {
+		return nil, err
+	}
+
+	if cfg.DefaultRemote == name {
+		cfg.DefaultRemote = firstRemote(cfg)
+	}
+
+	if err := SaveConfig(cfg); err != nil {
+		return nil, err
+	}
+
+	if cfg.DefaultRemote == "" {
+		if err := gitrepo.UnsetGitConfigOptions([]string{"drs.default-remote"}); err != nil {
+			return nil, err
+		}
+	}
+
+	return LoadConfig()
+}
+
+func firstRemote(cfg *Config) Remote {
+	if cfg == nil || len(cfg.Remotes) == 0 {
+		return ""
+	}
+
+	names := make([]string, 0, len(cfg.Remotes))
+	for name := range cfg.Remotes {
+		names = append(names, string(name))
+	}
+	sort.Strings(names)
+	return Remote(names[0])
+}
+
 // GetGitConfigInt reads an integer value from git config
 // getGitConfigValue retrieves a value from git config by key
 func getConfigPath() (string, error) {
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index e555b340..cdf0c98e 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
+	syconf "github.com/calypr/syfon/client/config"
 )
 
 func setupTestRepo(t *testing.T) string {
@@ -383,3 +384,32 @@ func TestLocalRemoteGetClientResolvesBucketScopeMappings(t *testing.T) {
 		t.Fatalf("StoragePrefix = %q, want program-root/project-subpath", gitCtx.StoragePrefix)
 	}
 }
+
+func TestNewGitContextReadsLFSConcurrentTransfers(t *testing.T) {
+	setupTestRepo(t)
+
+	if err := gitrepo.SetGitConfigOptions(map[string]string{
+		"lfs.concurrenttransfers": "7",
+	}); err != nil {
+		t.Fatalf("SetGitConfigOptions failed: %v", err)
+	}
+
+	cred := syconf.Credential{
+		APIEndpoint: "https://example.test",
+		AccessToken: "token",
+	}
+	remote := Gen3Remote{
+		Endpoint:     "https://example.test",
+		Organization: "org1",
+		ProjectID:    "proj1",
+		Bucket:       "bucket1",
+	}
+
+	gitCtx, err := newGitContext(cred, remote, drslog.GetLogger())
+	if err != nil {
+		t.Fatalf("newGitContext failed: %v", err)
+	}
+	if gitCtx.UploadConcurrency != 7 {
+		t.Fatalf("UploadConcurrency = %d, want 7", gitCtx.UploadConcurrency)
+	}
+}
diff --git a/internal/config/remote.go b/internal/config/remote.go
index 8bb0b0bc..3245d372 100644
--- a/internal/config/remote.go
+++ b/internal/config/remote.go
@@ -13,6 +13,8 @@ import (
 	syconf "github.com/calypr/syfon/client/config"
 )
 
+const credentialHelpSuffix = "Refresh credentials with `git drs remote add gen3 <remote-name> <organization/project> --cred <path>` or `--token <token>`. See docs/getting-started.md."
+
 type DRSRemote interface {
 	GetProjectId() string
 	GetOrganization() string
@@ -61,7 +63,7 @@ func (s Gen3Remote) GetClient(remoteName string, logger *slog.Logger) (*GitConte
 		return nil, err
 	}
 	if err := credentials.EnsureValidCredential(context.Background(), cred, logger); err != nil {
-		return nil, err
+		return nil, WrapCredentialValidationError(remoteName, err)
 	}
 	return newGitContext(*cred, s, logger)
 }
@@ -194,3 +196,13 @@ func localRemoteFromGen3(gen3 *Gen3Remote, username string, password string) *Lo
 		BasicPassword: strings.TrimSpace(password),
 	}
 }
+
+func WrapCredentialValidationError(remoteName string, err error) error {
+	if err == nil {
+		return nil
+	}
+	if strings.TrimSpace(remoteName) == "" {
+		return fmt.Errorf("%w. %s", err, credentialHelpSuffix)
+	}
+	return fmt.Errorf("%w. Remote %q requires refreshed credentials. %s", err, remoteName, credentialHelpSuffix)
+}
diff --git a/internal/drsdelete/git_history.go b/internal/drsdelete/git_history.go
new file mode 100644
index 00000000..acc39351
--- /dev/null
+++ b/internal/drsdelete/git_history.go
@@ -0,0 +1,98 @@
+package drsdelete
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"sort"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/lfs"
+)
+
+type deletedPointer struct {
+	Path string
+	OID  string
+}
+
+func collectDeletedPointers(ctx context.Context, refs []RefUpdate) (map[string][]deletedPointer, error) {
+	grouped := make(map[string][]deletedPointer)
+	seen := make(map[string]struct{})
+	for _, ref := range refs {
+		oldSHA := strings.TrimSpace(ref.OldSHA)
+		newSHA := strings.TrimSpace(ref.NewSHA)
+		if oldSHA == "" || newSHA == "" || isZeroSHA(oldSHA) || isZeroSHA(newSHA) {
+			continue
+		}
+		paths, err := gitDeletedPaths(ctx, oldSHA, newSHA)
+		if err != nil {
+			return nil, err
+		}
+		for _, path := range paths {
+			key := oldSHA + "\x00" + path
+			if _, ok := seen[key]; ok {
+				continue
+			}
+			seen[key] = struct{}{}
+
+			oid, ok, err := gitPointerOID(ctx, oldSHA, path)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			grouped[oid] = append(grouped[oid], deletedPointer{Path: path, OID: oid})
+		}
+	}
+	return grouped, nil
+}
+
+func deletedPaths(items []deletedPointer) []string {
+	out := make([]string, 0, len(items))
+	for _, item := range items {
+		out = append(out, item.Path)
+	}
+	sort.Strings(out)
+	return out
+}
+
+func gitDeletedPaths(ctx context.Context, oldSHA, newSHA string) ([]string, error) {
+	cmd := exec.CommandContext(ctx, "git", "diff", "--name-status", "--diff-filter=D", "-M", oldSHA, newSHA)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("git diff deleted paths %s..%s: %s", oldSHA, newSHA, strings.TrimSpace(string(out)))
+	}
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	paths := make([]string, 0, len(lines))
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" {
+			continue
+		}
+		parts := strings.Split(line, "\t")
+		if len(parts) < 2 || parts[0] != "D" {
+			continue
+		}
+		paths = append(paths, parts[1])
+	}
+	return paths, nil
+}
+
+func gitPointerOID(ctx context.Context, ref, path string) (string, bool, error) {
+	spec := ref + ":" + path
+	cmd := exec.CommandContext(ctx, "git", "show", spec)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", false, fmt.Errorf("git show %s: %s", spec, strings.TrimSpace(string(out)))
+	}
+	oid, _, ok := lfs.ParseLFSPointer(out)
+	if !ok {
+		return "", false, nil
+	}
+	return "sha256:" + strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), true, nil
+}
+
+func isZeroSHA(sha string) bool {
+	return strings.TrimSpace(sha) == "0000000000000000000000000000000000000000"
+}
diff --git a/internal/drsdelete/live_refs.go b/internal/drsdelete/live_refs.go
new file mode 100644
index 00000000..7198c32e
--- /dev/null
+++ b/internal/drsdelete/live_refs.go
@@ -0,0 +1,42 @@
+package drsdelete
+
+import (
+	"log/slog"
+	"sort"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/lfs"
+)
+
+func collectLivePathsByOID(refs []RefUpdate, logger *slog.Logger) (map[string][]string, error) {
+	targets := make([]string, 0, len(refs))
+	seen := make(map[string]struct{}, len(refs))
+	for _, ref := range refs {
+		newSHA := strings.TrimSpace(ref.NewSHA)
+		if newSHA == "" || isZeroSHA(newSHA) {
+			continue
+		}
+		if _, ok := seen[newSHA]; ok {
+			continue
+		}
+		seen[newSHA] = struct{}{}
+		targets = append(targets, newSHA)
+	}
+	if len(targets) == 0 {
+		return map[string][]string{}, nil
+	}
+
+	files, err := lfs.GetLfsFilesForRefs(targets, logger)
+	if err != nil {
+		return nil, err
+	}
+	liveByOID := make(map[string][]string)
+	for path, info := range files {
+		oid := "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")
+		liveByOID[oid] = append(liveByOID[oid], path)
+	}
+	for oid := range liveByOID {
+		sort.Strings(liveByOID[oid])
+	}
+	return liveByOID, nil
+}
diff --git a/internal/drsdelete/reconcile.go b/internal/drsdelete/reconcile.go
new file mode 100644
index 00000000..7e413e5e
--- /dev/null
+++ b/internal/drsdelete/reconcile.go
@@ -0,0 +1,115 @@
+package drsdelete
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log/slog"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drsremote"
+	sycommon "github.com/calypr/syfon/common"
+)
+
+type RefUpdate struct {
+	OldSHA string
+	NewSHA string
+}
+
+type Summary struct {
+	DeletedRecords   int
+	RemovedResources int
+	ClearedLocalOnly int
+	PendingMissing   int
+	PendingAmbiguous int
+}
+
+func ReconcileCommittedDeletes(ctx context.Context, drsCtx *config.GitContext, refs []RefUpdate, logger *slog.Logger) (Summary, error) {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return Summary{}, fmt.Errorf("DRS client unavailable")
+	}
+	if logger == nil {
+		logger = slog.New(slog.NewTextHandler(io.Discard, nil))
+	}
+	if len(refs) == 0 {
+		return Summary{}, nil
+	}
+
+	deletedByOID, err := collectDeletedPointers(ctx, refs)
+	if err != nil {
+		return Summary{}, err
+	}
+	if len(deletedByOID) == 0 {
+		return Summary{}, nil
+	}
+
+	liveByOID, err := collectLivePathsByOID(refs, logger)
+	if err != nil {
+		return Summary{}, err
+	}
+
+	resource, err := sycommon.ResourcePath(drsCtx.Organization, drsCtx.ProjectId)
+	if err != nil {
+		return Summary{}, err
+	}
+
+	summary := Summary{}
+	for oid, deletions := range deletedByOID {
+		if livePaths := liveByOID[oid]; len(livePaths) > 0 {
+			summary.ClearedLocalOnly += len(deletions)
+			continue
+		}
+
+		records, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+		if err != nil {
+			return summary, err
+		}
+		switch len(records) {
+		case 0:
+			summary.PendingMissing += len(deletions)
+			if logger != nil {
+				logger.Warn("deleted pointer has no scoped DRS match", "oid", oid, "paths", deletedPaths(deletions))
+			}
+			continue
+		case 1:
+		default:
+			summary.PendingAmbiguous += len(deletions)
+			if logger != nil {
+				logger.Warn("deleted pointer matched multiple scoped DRS records", "oid", oid, "count", len(records), "paths", deletedPaths(deletions))
+			}
+			continue
+		}
+
+		record := records[0]
+		controlled := []string(nil)
+		if record.ControlledAccess != nil {
+			controlled = sycommon.NormalizeAccessResources(*record.ControlledAccess)
+		}
+		if len(controlled) <= 1 {
+			if err := drsCtx.Client.DRS().DeleteObject(ctx, record.Id, true); err != nil {
+				return summary, err
+			}
+			summary.DeletedRecords++
+			continue
+		}
+
+		var out map[string]any
+		if err := drsCtx.Client.Requestor().Do(ctx, "POST", "/index/"+record.Id+"/controlled-access/remove", map[string]string{
+			"resource": resource,
+		}, &out); err != nil {
+			return summary, err
+		}
+		summary.RemovedResources++
+	}
+
+	if logger != nil && (summary.DeletedRecords > 0 || summary.RemovedResources > 0 || summary.ClearedLocalOnly > 0 || summary.PendingMissing > 0 || summary.PendingAmbiguous > 0) {
+		logger.Info("delete reconciliation complete",
+			"deleted_records", summary.DeletedRecords,
+			"removed_resources", summary.RemovedResources,
+			"cleared_local_only", summary.ClearedLocalOnly,
+			"pending_missing", summary.PendingMissing,
+			"pending_ambiguous", summary.PendingAmbiguous,
+		)
+	}
+	return summary, nil
+}
diff --git a/internal/drsdelete/reconcile_test.go b/internal/drsdelete/reconcile_test.go
new file mode 100644
index 00000000..73c900c5
--- /dev/null
+++ b/internal/drsdelete/reconcile_test.go
@@ -0,0 +1,167 @@
+package drsdelete
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+func TestReconcileCommittedDeletes_RemovesControlledAccess(t *testing.T) {
+	repo := initRepoWithDelete(t, []pointerSpec{{Path: "data.dat", OID: strings.Repeat("a", 64)}})
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	oldSHA := gitRevParse(t, repo, "HEAD~1")
+	newSHA := gitRevParse(t, repo, "HEAD")
+
+	var removedResource string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/"+strings.Repeat("a", 64):
+			obj := drsapi.DrsObject{
+				Id:               "did-1",
+				ControlledAccess: &[]string{"/organization/org/project/proj", "/organization/other/project/x"},
+				Checksums:        []drsapi.Checksum{{Type: "sha256", Checksum: strings.Repeat("a", 64)}},
+			}
+			records := []drsapi.DrsObject{obj}
+			writeJSON(t, w, http.StatusOK, drsapi.N200OkDrsObjects{ResolvedDrsObject: &records})
+		case r.Method == http.MethodPost && r.URL.Path == "/index/did-1/controlled-access/remove":
+			var req struct {
+				Resource string `json:"resource"`
+			}
+			if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+				t.Fatalf("decode remove controlled access: %v", err)
+			}
+			removedResource = req.Resource
+			writeJSON(t, w, http.StatusOK, map[string]any{"did": "did-1"})
+		default:
+			t.Fatalf("unexpected request: %s %s", r.Method, r.URL.Path)
+		}
+	}))
+	defer server.Close()
+
+	drsCtx := newGitContext(t, server.URL)
+	summary, err := ReconcileCommittedDeletes(context.Background(), drsCtx, []RefUpdate{{OldSHA: oldSHA, NewSHA: newSHA}}, nil)
+	if err != nil {
+		t.Fatalf("reconcile returned error: %v", err)
+	}
+	if summary.RemovedResources != 1 {
+		t.Fatalf("expected one removed resource, got %+v", summary)
+	}
+	if removedResource != "/organization/org/project/proj" {
+		t.Fatalf("unexpected removed resource: %s", removedResource)
+	}
+}
+
+func TestReconcileCommittedDeletes_DeletesWholeRecord(t *testing.T) {
+	repo := initRepoWithDelete(t, []pointerSpec{{Path: "other.dat", OID: strings.Repeat("b", 64)}})
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	oldSHA := gitRevParse(t, repo, "HEAD~1")
+	newSHA := gitRevParse(t, repo, "HEAD")
+
+	deleted := false
+	var deleteReq struct {
+		DeleteObjectMetadata bool `json:"delete_object_metadata"`
+		DeleteStorageData    bool `json:"delete_storage_data"`
+	}
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/"+strings.Repeat("b", 64):
+			obj := drsapi.DrsObject{
+				Id:               "did-2",
+				ControlledAccess: &[]string{"/organization/org/project/proj"},
+				Checksums:        []drsapi.Checksum{{Type: "sha256", Checksum: strings.Repeat("b", 64)}},
+			}
+			records := []drsapi.DrsObject{obj}
+			writeJSON(t, w, http.StatusOK, drsapi.N200OkDrsObjects{ResolvedDrsObject: &records})
+		case r.Method == http.MethodPut && r.URL.Path == "/ga4gh/drs/v1/objects/did-2/delete":
+			if err := json.NewDecoder(r.Body).Decode(&deleteReq); err != nil {
+				t.Fatalf("decode delete request: %v", err)
+			}
+			deleted = true
+			w.WriteHeader(http.StatusOK)
+		default:
+			t.Fatalf("unexpected request: %s %s", r.Method, r.URL.Path)
+		}
+	}))
+	defer server.Close()
+
+	drsCtx := newGitContext(t, server.URL)
+	summary, err := ReconcileCommittedDeletes(context.Background(), drsCtx, []RefUpdate{{OldSHA: oldSHA, NewSHA: newSHA}}, nil)
+	if err != nil {
+		t.Fatalf("reconcile returned error: %v", err)
+	}
+	if summary.DeletedRecords != 1 || !deleted {
+		t.Fatalf("expected full delete, deleted=%v summary=%+v", deleted, summary)
+	}
+	if !deleteReq.DeleteObjectMetadata || !deleteReq.DeleteStorageData {
+		t.Fatalf("expected delete request to purge metadata and storage, got %+v", deleteReq)
+	}
+}
+
+func TestReconcileCommittedDeletes_SkipsWhenOIDStillLive(t *testing.T) {
+	oid := strings.Repeat("c", 64)
+	repo := t.TempDir()
+	runGit(t, repo, "init")
+	runGit(t, repo, "config", "user.email", "test@example.com")
+	runGit(t, repo, "config", "user.name", "Test User")
+	runGit(t, repo, "config", "filter.lfs.clean", "cat")
+	runGit(t, repo, "config", "filter.lfs.smudge", "cat")
+	runGit(t, repo, "config", "filter.lfs.process", "cat")
+	runGit(t, repo, "config", "filter.lfs.required", "false")
+	runGit(t, repo, "checkout", "-b", "main")
+	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), []byte("*.dat filter=lfs diff=lfs merge=lfs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+	writePointerFile(t, filepath.Join(repo, "data.dat"), oid, "12")
+	writePointerFile(t, filepath.Join(repo, "copy.dat"), oid, "12")
+	runGit(t, repo, "add", ".")
+	runGit(t, repo, "commit", "-m", "add two pointers")
+	runGit(t, repo, "rm", "--", "data.dat")
+	runGit(t, repo, "commit", "-m", "delete one pointer")
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	oldSHA := gitRevParse(t, repo, "HEAD~1")
+	newSHA := gitRevParse(t, repo, "HEAD")
+
+	called := false
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		called = true
+		t.Fatalf("unexpected remote mutation request: %s %s", r.Method, r.URL.Path)
+	}))
+	defer server.Close()
+
+	drsCtx := newGitContext(t, server.URL)
+	summary, err := ReconcileCommittedDeletes(context.Background(), drsCtx, []RefUpdate{{OldSHA: oldSHA, NewSHA: newSHA}}, nil)
+	if err != nil {
+		t.Fatalf("reconcile returned error: %v", err)
+	}
+	if called {
+		t.Fatalf("expected no remote call when oid still live")
+	}
+	if summary.ClearedLocalOnly != 1 {
+		t.Fatalf("expected local-only clear, got %+v", summary)
+	}
+}
diff --git a/internal/drsdelete/test_helpers_test.go b/internal/drsdelete/test_helpers_test.go
new file mode 100644
index 00000000..147a1867
--- /dev/null
+++ b/internal/drsdelete/test_helpers_test.go
@@ -0,0 +1,103 @@
+package drsdelete
+
+import (
+	"encoding/json"
+	"net/http"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/config"
+	syclient "github.com/calypr/syfon/client"
+)
+
+type pointerSpec struct {
+	Path string
+	OID  string
+}
+
+func initRepoWithDelete(t *testing.T, specs []pointerSpec) string {
+	t.Helper()
+	repo := t.TempDir()
+	runGit(t, repo, "init")
+	runGit(t, repo, "config", "user.email", "test@example.com")
+	runGit(t, repo, "config", "user.name", "Test User")
+	runGit(t, repo, "config", "filter.lfs.clean", "cat")
+	runGit(t, repo, "config", "filter.lfs.smudge", "cat")
+	runGit(t, repo, "config", "filter.lfs.process", "cat")
+	runGit(t, repo, "config", "filter.lfs.required", "false")
+	runGit(t, repo, "checkout", "-b", "main")
+
+	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), []byte("*.dat filter=lfs diff=lfs merge=lfs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+	for _, spec := range specs {
+		writePointerFile(t, filepath.Join(repo, spec.Path), spec.OID, "12")
+	}
+	runGit(t, repo, "add", ".")
+	runGit(t, repo, "commit", "-m", "add pointers")
+	for _, spec := range specs {
+		runGit(t, repo, "rm", "--", spec.Path)
+	}
+	runGit(t, repo, "commit", "-m", "delete pointers")
+	return repo
+}
+
+func newGitContext(t *testing.T, serverURL string) *config.GitContext {
+	t.Helper()
+	rawClient, err := syclient.New(serverURL)
+	if err != nil {
+		t.Fatalf("new client: %v", err)
+	}
+	client := rawClient.(*syclient.Client)
+	return &config.GitContext{
+		Client:       client,
+		Organization: "org",
+		ProjectId:    "proj",
+	}
+}
+
+func gitRevParse(t *testing.T, dir, ref string) string {
+	t.Helper()
+	cmd := exec.Command("git", "rev-parse", ref)
+	cmd.Dir = dir
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("git rev-parse %s failed: %v\n%s", ref, err, string(out))
+	}
+	return strings.TrimSpace(string(out))
+}
+
+func runGit(t *testing.T, dir string, args ...string) {
+	t.Helper()
+	cmd := exec.Command("git", args...)
+	cmd.Dir = dir
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("git %s failed: %v\n%s", strings.Join(args, " "), err, string(out))
+	}
+}
+
+func writeJSON(t *testing.T, w http.ResponseWriter, status int, v any) {
+	t.Helper()
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	if err := json.NewEncoder(w).Encode(v); err != nil {
+		t.Fatalf("encode json: %v", err)
+	}
+}
+
+func writePointerFile(t *testing.T, path, oid, size string) {
+	t.Helper()
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		t.Fatalf("mkdir pointer dir: %v", err)
+	}
+	content := "version https://git-lfs.github.com/spec/v1\n" +
+		"oid sha256:" + oid + "\n" +
+		"size " + size + "\n"
+	if err := os.WriteFile(path, []byte(content), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+}
diff --git a/internal/drsmap/drs_map.go b/internal/drsmap/drs_map.go
index 2d88734a..6029ecbf 100644
--- a/internal/drsmap/drs_map.go
+++ b/internal/drsmap/drs_map.go
@@ -40,9 +40,7 @@ func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.
 			name := file.Name
 			authoritativeObj.Name = &name
 			authoritativeObj.Size = file.Size
-
-			authzMap := syfoncommon.AuthzMapFromScope(builder.Organization, builder.Project)
-			authoritativeObj, _ = syfoncommon.EnsureAccessMethodAuthorizations(authoritativeObj, authzMap)
+			ensureControlledAccess(authoritativeObj, builder.Organization, builder.Project)
 		} else {
 			drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
 			authoritativeObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
@@ -74,16 +72,12 @@ func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.
 		}
 
 		if opts.PreferCacheURL && hint != "" {
-			cacheAuthzMap := syfoncommon.AuthzMapFromScope(builder.Organization, builder.Project)
 			if authoritativeObj.AccessMethods != nil && len(*authoritativeObj.AccessMethods) > 0 {
 				am := &(*authoritativeObj.AccessMethods)[0]
 				am.AccessUrl = &struct {
 					Headers *[]string `json:"headers,omitempty"`
 					Url     string    `json:"url"`
 				}{Url: hint}
-				if cacheAuthzMap != nil {
-					am.Authorizations = syfoncommon.AccessMethodAuthorizationsFromAuthzMap(cacheAuthzMap)
-				}
 			} else {
 				newAm := drsapi.AccessMethod{
 					Type: drsapi.AccessMethodTypeS3,
@@ -92,11 +86,9 @@ func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.
 						Url     string    `json:"url"`
 					}{Url: hint},
 				}
-				if cacheAuthzMap != nil {
-					newAm.Authorizations = syfoncommon.AccessMethodAuthorizationsFromAuthzMap(cacheAuthzMap)
-				}
 				authoritativeObj.AccessMethods = &[]drsapi.AccessMethod{newAm}
 			}
+			ensureControlledAccess(authoritativeObj, builder.Organization, builder.Project)
 		}
 
 		if err := drsobject.WriteObject(common.DRS_OBJS_PATH, authoritativeObj, file.Oid); err != nil {
@@ -108,3 +100,27 @@ func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.
 
 	return nil
 }
+
+func ensureControlledAccess(obj *drsapi.DrsObject, org, project string) {
+	if obj == nil {
+		return
+	}
+	authzMap := syfoncommon.AuthzMapFromScope(org, project)
+	if len(authzMap) == 0 {
+		return
+	}
+	next := append([]string(nil), derefStringSlice(obj.ControlledAccess)...)
+	next = append(next, syfoncommon.AuthzMapToControlledAccess(authzMap)...)
+	normalized := syfoncommon.NormalizeAccessResources(next)
+	if len(normalized) == 0 {
+		return
+	}
+	obj.ControlledAccess = &normalized
+}
+
+func derefStringSlice(ptr *[]string) []string {
+	if ptr == nil {
+		return nil
+	}
+	return append([]string(nil), (*ptr)...)
+}
diff --git a/internal/drsmap/drs_map_test.go b/internal/drsmap/drs_map_test.go
index 00fd3b70..99bad3e8 100644
--- a/internal/drsmap/drs_map_test.go
+++ b/internal/drsmap/drs_map_test.go
@@ -17,7 +17,6 @@ import (
 	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/calypr/git-drs/internal/precommit_cache"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	syfoncommon "github.com/calypr/syfon/common"
 )
 
 func setupTestRepo(t *testing.T) {
@@ -37,7 +36,7 @@ func setupTestRepo(t *testing.T) {
 	t.Cleanup(func() { _ = os.Chdir(cwd) })
 }
 
-func TestWriteObjectsForLFSFilesBackfillsMissingAuthzWithoutOverwritingURL(t *testing.T) {
+func TestWriteObjectsForLFSFilesBackfillsMissingControlledAccessWithoutOverwritingURL(t *testing.T) {
 	setupTestRepo(t)
 
 	oid := "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
@@ -73,23 +72,24 @@ func TestWriteObjectsForLFSFilesBackfillsMissingAuthzWithoutOverwritingURL(t *te
 	if method.AccessUrl == nil || method.AccessUrl.Url != explicitURL {
 		t.Fatalf("access url overwritten: %+v", method.AccessUrl)
 	}
-	authz := syfoncommon.AuthzMapFromAccessMethodAuthorizations(method.Authorizations)
-	want := map[string][]string{"org": {"proj"}}
-	if !equalAuthzMaps(authz, want) {
-		t.Fatalf("unexpected authz: got=%v want=%v", authz, want)
+	if method.Authorizations != nil {
+		t.Fatalf("did not expect access method authorizations: %+v", method.Authorizations)
+	}
+	if !equalStringSlices(derefStringSlice(got.ControlledAccess), []string{"/organization/org/project/proj"}) {
+		t.Fatalf("unexpected controlled_access: %+v", derefStringSlice(got.ControlledAccess))
 	}
 }
 
-func TestWriteObjectsForLFSFilesPreservesExistingAuthz(t *testing.T) {
+func TestWriteObjectsForLFSFilesUnionsExistingControlledAccess(t *testing.T) {
 	setupTestRepo(t)
 
 	oid := "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
-	existingAuthz := syfoncommon.AccessMethodAuthorizationsFromAuthzMap(map[string][]string{"keep": {"me"}})
+	existingControlled := []string{"/organization/keep/project/me"}
 	if err := drsobject.WriteObject(common.DRS_OBJS_PATH, &drsapi.DrsObject{
-		Id: "did-2",
+		Id:               "did-2",
+		ControlledAccess: &existingControlled,
 		AccessMethods: &[]drsapi.AccessMethod{{
-			Type:           drsapi.AccessMethodTypeS3,
-			Authorizations: existingAuthz,
+			Type: drsapi.AccessMethodTypeS3,
 		}},
 		Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: oid}},
 	}, oid); err != nil {
@@ -109,14 +109,16 @@ func TestWriteObjectsForLFSFilesPreservesExistingAuthz(t *testing.T) {
 	if err != nil {
 		t.Fatalf("ReadObject error: %v", err)
 	}
-	authz := syfoncommon.AuthzMapFromAccessMethodAuthorizations((*got.AccessMethods)[0].Authorizations)
-	want := map[string][]string{"keep": {"me"}}
-	if !equalAuthzMaps(authz, want) {
-		t.Fatalf("existing authz overwritten: got=%v want=%v", authz, want)
+	if (*got.AccessMethods)[0].Authorizations != nil {
+		t.Fatalf("did not expect access method authorizations: %+v", (*got.AccessMethods)[0].Authorizations)
+	}
+	want := []string{"/organization/keep/project/me", "/organization/org/project/proj"}
+	if !equalStringSlices(derefStringSlice(got.ControlledAccess), want) {
+		t.Fatalf("unexpected controlled_access: got=%v want=%v", derefStringSlice(got.ControlledAccess), want)
 	}
 }
 
-func TestWriteObjectsForLFSFilesPreferCacheURLPreservesAuthz(t *testing.T) {
+func TestWriteObjectsForLFSFilesPreferCacheURLSetsControlledAccess(t *testing.T) {
 	setupTestRepo(t)
 
 	oid := "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
@@ -143,10 +145,11 @@ func TestWriteObjectsForLFSFilesPreferCacheURLPreservesAuthz(t *testing.T) {
 	if method.AccessUrl == nil || method.AccessUrl.Url != "s3://cache/object" {
 		t.Fatalf("expected cache URL, got %+v", method.AccessUrl)
 	}
-	authz := syfoncommon.AuthzMapFromAccessMethodAuthorizations(method.Authorizations)
-	want := map[string][]string{"org": {"proj"}}
-	if !equalAuthzMaps(authz, want) {
-		t.Fatalf("unexpected authz after cache URL preference: got=%v want=%v", authz, want)
+	if method.Authorizations != nil {
+		t.Fatalf("did not expect access method authorizations: %+v", method.Authorizations)
+	}
+	if !equalStringSlices(derefStringSlice(got.ControlledAccess), []string{"/organization/org/project/proj"}) {
+		t.Fatalf("unexpected controlled_access after cache URL preference: %+v", derefStringSlice(got.ControlledAccess))
 	}
 }
 
@@ -157,23 +160,14 @@ func testLogger(t *testing.T) *slog.Logger {
 	return slog.New(slog.NewTextHandler(io.Discard, nil))
 }
 
-func equalAuthzMaps(got, want map[string][]string) bool {
+func equalStringSlices(got, want []string) bool {
 	if len(got) != len(want) {
 		return false
 	}
-	for org, wantProjects := range want {
-		gotProjects, ok := got[org]
-		if !ok {
+	for i := range want {
+		if got[i] != want[i] {
 			return false
 		}
-		if len(gotProjects) != len(wantProjects) {
-			return false
-		}
-		for i := range wantProjects {
-			if gotProjects[i] != wantProjects[i] {
-				return false
-			}
-		}
 	}
 	return true
 }
diff --git a/internal/drsobject/object.go b/internal/drsobject/object.go
index fd85bd38..1d295a6f 100644
--- a/internal/drsobject/object.go
+++ b/internal/drsobject/object.go
@@ -58,15 +58,16 @@ func ConvertToCandidate(obj *drsapi.DrsObject) drsapi.DrsObjectCandidate {
 		return drsapi.DrsObjectCandidate{}
 	}
 	return drsapi.DrsObjectCandidate{
-		AccessMethods: obj.AccessMethods,
-		Aliases:       obj.Aliases,
-		Checksums:     obj.Checksums,
-		Contents:      obj.Contents,
-		Description:   obj.Description,
-		MimeType:      obj.MimeType,
-		Name:          obj.Name,
-		Size:          obj.Size,
-		Version:       obj.Version,
+		AccessMethods:    obj.AccessMethods,
+		Aliases:          obj.Aliases,
+		Checksums:        obj.Checksums,
+		Contents:         obj.Contents,
+		ControlledAccess: obj.ControlledAccess,
+		Description:      obj.Description,
+		MimeType:         obj.MimeType,
+		Name:             obj.Name,
+		Size:             obj.Size,
+		Version:          obj.Version,
 	}
 }
 
@@ -113,11 +114,12 @@ func BuildWithOptions(fileName string, checksum string, size int64, drsID string
 			Url     string    `json:"url"`
 		}{Url: accessURL},
 	}
-	if authzMap := syfoncommon.AuthzMapFromScope(opts.Organization, opts.Project); authzMap != nil {
-		am.Authorizations = syfoncommon.AccessMethodAuthorizationsFromAuthzMap(authzMap)
-	}
 	ams := []drsapi.AccessMethod{am}
 	obj.AccessMethods = &ams
+	if authzMap := syfoncommon.AuthzMapFromScope(opts.Organization, opts.Project); authzMap != nil {
+		controlled := syfoncommon.AuthzMapToControlledAccess(authzMap)
+		obj.ControlledAccess = &controlled
+	}
 	return obj, nil
 }
 
diff --git a/internal/drsremote/remote.go b/internal/drsremote/remote.go
index 4d7c2a01..9d0336a5 100644
--- a/internal/drsremote/remote.go
+++ b/internal/drsremote/remote.go
@@ -33,6 +33,60 @@ func ObjectsByHash(ctx context.Context, drsCtx *config.GitContext, checksum stri
 	return page.DrsObjects, nil
 }
 
+func ObjectsByHashes(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return nil, fmt.Errorf("DRS client unavailable")
+	}
+	normalizedToOriginal := make(map[string]string, len(checksums))
+	queryChecksums := make([]string, 0, len(checksums))
+	for _, checksum := range checksums {
+		normalized := drsobject.NormalizeChecksum(checksum)
+		if normalized == "" {
+			continue
+		}
+		if _, exists := normalizedToOriginal[normalized]; exists {
+			continue
+		}
+		normalizedToOriginal[normalized] = checksum
+		queryChecksums = append(queryChecksums, normalized)
+	}
+	if len(queryChecksums) == 0 {
+		return map[string][]drsapi.DrsObject{}, nil
+	}
+
+	page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, queryChecksums)
+	if err != nil {
+		return nil, err
+	}
+
+	results := make(map[string][]drsapi.DrsObject, len(normalizedToOriginal))
+	for normalized, original := range normalizedToOriginal {
+		results[original] = nil
+		results[normalized] = nil
+	}
+	for _, obj := range page.DrsObjects {
+		for _, checksum := range obj.Checksums {
+			if checksum.Type == "" || checksum.Checksum == "" {
+				continue
+			}
+			normalized := drsobject.NormalizeChecksum(fmt.Sprintf("%s:%s", checksum.Type, checksum.Checksum))
+			if normalized == "" {
+				continue
+			}
+			original, ok := normalizedToOriginal[normalized]
+			if !ok {
+				continue
+			}
+			results[original] = append(results[original], obj)
+			if original != normalized {
+				results[normalized] = append(results[normalized], obj)
+			}
+		}
+	}
+
+	return results, nil
+}
+
 func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) {
 	objects, err := ObjectsByHash(ctx, drsCtx, checksum)
 	if err != nil {
@@ -47,6 +101,24 @@ func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, check
 	return result, nil
 }
 
+func ObjectsByHashesForScope(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+	objectsByChecksum, err := ObjectsByHashes(ctx, drsCtx, checksums)
+	if err != nil {
+		return nil, err
+	}
+	results := make(map[string][]drsapi.DrsObject, len(objectsByChecksum))
+	for checksum, objects := range objectsByChecksum {
+		filtered := make([]drsapi.DrsObject, 0, len(objects))
+		for _, obj := range objects {
+			if MatchesScope(&obj, drsCtx.Organization, drsCtx.ProjectId) {
+				filtered = append(filtered, obj)
+			}
+		}
+		results[checksum] = filtered
+	}
+	return results, nil
+}
+
 func AccessURLForHashScope(ctx context.Context, drsCtx *config.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) {
 	records, err := ObjectsByHashForScope(ctx, drsCtx, checksum)
 	if err != nil {
diff --git a/internal/drsremote/remote_test.go b/internal/drsremote/remote_test.go
index fadc40f3..4a9a6a4f 100644
--- a/internal/drsremote/remote_test.go
+++ b/internal/drsremote/remote_test.go
@@ -14,7 +14,6 @@ import (
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 	syclient "github.com/calypr/syfon/client"
 	sydownload "github.com/calypr/syfon/client/transfer/download"
-	syfoncommon "github.com/calypr/syfon/common"
 )
 
 type roundTripFunc func(*http.Request) (*http.Response, error)
@@ -76,23 +75,19 @@ func TestFindMatchingRecord_EmptyList(t *testing.T) {
 	}
 }
 
-func makeAuthzRecord(id, org, project string) drsapi.DrsObject {
-	authzMap := map[string][]string{org: {project}}
-	accessMethods := []drsapi.AccessMethod{{
-		Type:           "s3",
-		Authorizations: syfoncommon.AccessMethodAuthorizationsFromAuthzMap(authzMap),
-	}}
+func makeScopedRecord(id, resource string) drsapi.DrsObject {
+	controlledAccess := []string{resource}
 	return drsapi.DrsObject{
-		Id:            id,
-		AccessMethods: &accessMethods,
-		Checksums:     []drsapi.Checksum{{Type: "sha256", Checksum: "sha256"}},
+		Id:               id,
+		ControlledAccess: &controlledAccess,
+		Checksums:        []drsapi.Checksum{{Type: "sha256", Checksum: "sha256"}},
 	}
 }
 
 func TestFindMatchingRecord_MatchFound(t *testing.T) {
 	records := []drsapi.DrsObject{
-		makeAuthzRecord("no-match", "OTHER", "resource"),
-		makeAuthzRecord("match", "PROG", "PROJ"),
+		makeScopedRecord("no-match", "/organization/OTHER/project/resource"),
+		makeScopedRecord("match", "/organization/PROG/project/PROJ"),
 	}
 
 	result, err := FindMatchingRecord(records, "", "PROG-PROJ")
@@ -100,20 +95,20 @@ func TestFindMatchingRecord_MatchFound(t *testing.T) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if result == nil || result.Id != "match" {
-		t.Fatalf("expected record id match, got %#v", result)
+		t.Fatalf("expected controlled_access record match, got %#v", result)
 	}
 }
 
-func TestFindMatchingRecord_NoAuthzMatchReturnsNil(t *testing.T) {
+func TestFindMatchingRecord_NoControlledAccessMatchReturnsNil(t *testing.T) {
 	records := []drsapi.DrsObject{
-		makeAuthzRecord("no-match", "OTHER", "resource"),
+		makeScopedRecord("no-match", "/organization/OTHER/project/resource"),
 	}
 	result, err := FindMatchingRecord(records, "", "PROG-PROJ")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if result != nil {
-		t.Fatalf("expected nil when no authz matches, got id=%q", result.Id)
+		t.Fatalf("expected nil when no controlled_access matches, got id=%q", result.Id)
 	}
 }
 
@@ -129,18 +124,18 @@ func TestAccessURLForHashScope_FiltersByScope(t *testing.T) {
 	projectAccessID := "s3-project"
 	orgAccessID := "s3-org"
 	projectMethods := []drsapi.AccessMethod{{
-		Type:           drsapi.AccessMethodTypeS3,
-		AccessId:       &projectAccessID,
-		Authorizations: syfoncommon.AccessMethodAuthorizationsFromAuthzMap(map[string][]string{"org1": {"proj1"}}),
+		Type:     drsapi.AccessMethodTypeS3,
+		AccessId: &projectAccessID,
 	}}
 	orgMethods := []drsapi.AccessMethod{{
-		Type:           drsapi.AccessMethodTypeS3,
-		AccessId:       &orgAccessID,
-		Authorizations: syfoncommon.AccessMethodAuthorizationsFromAuthzMap(map[string][]string{"org1": {}}),
+		Type:     drsapi.AccessMethodTypeS3,
+		AccessId: &orgAccessID,
 	}}
+	projectControlled := []string{"/organization/org1/project/proj1"}
+	orgControlled := []string{"/organization/org1"}
 	checksumResponse := drsapi.N200OkDrsObjects{ResolvedDrsObject: &[]drsapi.DrsObject{
-		{Id: "obj-project", Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &projectMethods},
-		{Id: "obj-org", Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &orgMethods},
+		{Id: "obj-project", ControlledAccess: &projectControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &projectMethods},
+		{Id: "obj-org", ControlledAccess: &orgControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &orgMethods},
 	}}
 	checksumBody, err := json.Marshal(checksumResponse)
 	if err != nil {
@@ -195,6 +190,75 @@ func TestAccessURLForHashScope_FiltersByScope(t *testing.T) {
 	}
 }
 
+func TestObjectsByHashesForScope_FiltersByScope(t *testing.T) {
+	t.Parallel()
+
+	projectAccessID := "s3-project"
+	orgAccessID := "s3-org"
+	projectMethods := []drsapi.AccessMethod{{
+		Type:     drsapi.AccessMethodTypeS3,
+		AccessId: &projectAccessID,
+	}}
+	orgMethods := []drsapi.AccessMethod{{
+		Type:     drsapi.AccessMethodTypeS3,
+		AccessId: &orgAccessID,
+	}}
+	otherMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+	}}
+	projectControlled := []string{"/organization/org1/project/proj1"}
+	orgControlled := []string{"/organization/org1"}
+	otherControlled := []string{"/organization/other/project/proj"}
+	checksumResponse := drsapi.N200OkDrsObjects{ResolvedDrsObject: &[]drsapi.DrsObject{
+		{Id: "obj-project", ControlledAccess: &projectControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &projectMethods},
+		{Id: "obj-org", ControlledAccess: &orgControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &orgMethods},
+		{Id: "obj-other", ControlledAccess: &otherControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "def"}}, AccessMethods: &otherMethods},
+	}}
+	checksumBody, err := json.Marshal(checksumResponse)
+	if err != nil {
+		t.Fatalf("marshal checksum response: %v", err)
+	}
+
+	httpClient := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/abc":
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(strings.NewReader(string(checksumBody))),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/def":
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(strings.NewReader(`{"resolved_drs_object":[]}`)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		default:
+			return nil, io.EOF
+		}
+	})}
+
+	raw, err := syclient.New("http://example.test", syclient.WithHTTPClient(httpClient))
+	if err != nil {
+		t.Fatalf("syclient.New: %v", err)
+	}
+	client := raw.(*syclient.Client)
+	ctx := &config.GitContext{Client: client, Organization: "org1", ProjectId: "proj1"}
+
+	got, err := ObjectsByHashesForScope(context.Background(), ctx, []string{"sha256:abc", "sha256:def"})
+	if err != nil {
+		t.Fatalf("ObjectsByHashesForScope returned error: %v", err)
+	}
+	if len(got["sha256:abc"]) != 2 {
+		t.Fatalf("expected project and org-wide matches for abc, got %+v", got["sha256:abc"])
+	}
+	if len(got["sha256:def"]) != 0 {
+		t.Fatalf("expected non-matching scope to be filtered, got %+v", got["sha256:def"])
+	}
+}
+
 func TestDownloadResolvedToPath_RangeIgnoredRestartsDownload(t *testing.T) {
 	t.Parallel()
 
diff --git a/internal/drsremote/scope.go b/internal/drsremote/scope.go
index 4692f8f3..91aa92ba 100644
--- a/internal/drsremote/scope.go
+++ b/internal/drsremote/scope.go
@@ -24,17 +24,8 @@ func FindMatchingRecord(records []drsapi.DrsObject, organization, projectID stri
 	}
 
 	for _, record := range records {
-		if record.AccessMethods == nil {
-			continue
-		}
-		for _, access := range *record.AccessMethods {
-			authzMap := syfoncommon.AuthzMapFromAccessMethodAuthorizations(access.Authorizations)
-			if len(authzMap) == 0 {
-				continue
-			}
-			if syfoncommon.AuthzMapMatchesScope(authzMap, org, project) {
-				return &record, nil
-			}
+		if MatchesScope(&record, org, project) {
+			return &record, nil
 		}
 	}
 	return nil, nil
diff --git a/internal/gitrepo/bucket_scope.go b/internal/gitrepo/bucket_scope.go
index 643aeee3..7ad45d55 100644
--- a/internal/gitrepo/bucket_scope.go
+++ b/internal/gitrepo/bucket_scope.go
@@ -66,7 +66,10 @@ func ResolveBucketScope(organization, project, configuredBucket, configuredPrefi
 	}
 
 	if configuredBucket == "" {
-		return ResolvedBucketScope{}, fmt.Errorf("bucket is required (or configure mapping with `git drs bucket add-organization --organization %s --path <scheme>://<bucket>/<prefix>`)", organization)
+		if project != "" {
+			return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q project=%q; configure one first with `git drs bucket add-organization --organization %s --path <scheme>://<bucket>/<prefix>` or `git drs bucket add-project --organization %s --project %s --path <scheme>://<bucket>/<prefix>`", organization, project, organization, organization, project)
+		}
+		return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q; configure one first with `git drs bucket add-organization --organization %s --path <scheme>://<bucket>/<prefix>`", organization, organization)
 	}
 	return ResolvedBucketScope{
 		Bucket: configuredBucket,
diff --git a/internal/lfs/inventory.go b/internal/lfs/inventory.go
index 69b490d6..897ddf16 100644
--- a/internal/lfs/inventory.go
+++ b/internal/lfs/inventory.go
@@ -3,6 +3,7 @@ package lfs
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"log/slog"
 	"os"
@@ -45,7 +46,7 @@ func IsLFSTracked(path string) (bool, error) {
 	if len(fields) < 3 {
 		return false, nil
 	}
-	return strings.TrimSpace(fields[2]) == "lfs", nil
+	return isTrackedFilter(strings.TrimSpace(fields[2])), nil
 }
 
 func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]LfsFileInfo, error) {
@@ -80,28 +81,119 @@ func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string,
 	return lfsFileMap, nil
 }
 
-func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error {
-	out, err := runGitCommand(ctx, repoDir, "ls-tree", "-r", "-z", "--long", ref)
+// GetLfsFilesForRefs scans arbitrary refs or SHAs and returns the LFS pointer
+// files present in those trees.
+func GetLfsFilesForRefs(refs []string, logger *slog.Logger) (map[string]LfsFileInfo, error) {
+	if logger == nil {
+		return nil, fmt.Errorf("logger is required")
+	}
+	repoDir, err := os.Getwd()
 	if err != nil {
-		return fmt.Errorf("git ls-tree failed for %s: %w", ref, err)
+		return nil, err
 	}
 
-	entries := strings.Split(out, "\x00")
-	for _, entry := range entries {
-		entry = strings.TrimSpace(entry)
-		if entry == "" {
+	ctx := context.Background()
+	lfsFileMap := make(map[string]LfsFileInfo)
+	seen := make(map[string]struct{}, len(refs))
+	for _, ref := range refs {
+		ref = strings.TrimSpace(ref)
+		if ref == "" {
+			continue
+		}
+		if _, ok := seen[ref]; ok {
 			continue
 		}
+		seen[ref] = struct{}{}
+		if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil {
+			return nil, err
+		}
+	}
+	return lfsFileMap, nil
+}
 
-		oid, path, err := parseLsTreeEntry(entry)
+// GetWorktreeLfsFiles scans the current checkout and returns tracked files whose
+// worktree content is currently a valid Git LFS pointer. This is the fast path
+// for interactive commands like `git-drs ls-files`.
+func GetWorktreeLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) {
+	if logger == nil {
+		return nil, fmt.Errorf("logger is required")
+	}
+	repoDir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	logger.Debug("Scanning current worktree for LFS pointer files")
+	ctx := context.Background()
+	paths, err := listTrackedWorktreeFiles(ctx, repoDir)
+	if err != nil {
+		return nil, err
+	}
+	files := make(map[string]LfsFileInfo)
+	for _, path := range paths {
+		payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
 		if err != nil {
-			logger.Debug(fmt.Sprintf("skipping unparseable ls-tree entry for %s: %q", ref, entry))
 			continue
 		}
+		pointer, ok := parseLFSPointer(string(payload))
+		if !ok {
+			continue
+		}
+		files[path] = LfsFileInfo{
+			Name:      path,
+			Size:      pointer.Size,
+			IsPointer: true,
+			OidType:   pointer.OidType,
+			Oid:       pointer.Oid,
+			Version:   pointer.Version,
+		}
+	}
+	return files, nil
+}
+
+// GetTrackedLfsFiles scans the current checkout and returns files that are LFS
+// tracked according to Git attributes. Pointer metadata is taken from the
+// worktree when still present, or from the index when the worktree has already
+// been hydrated.
+func GetTrackedLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) {
+	if logger == nil {
+		return nil, fmt.Errorf("logger is required")
+	}
+	repoDir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	logger.Debug("Scanning current worktree for LFS-tracked files")
+	ctx := context.Background()
+	paths, err := listTrackedWorktreeFiles(ctx, repoDir)
+	if err != nil {
+		return nil, err
+	}
+	tracked, err := filterLfsTrackedPaths(ctx, repoDir, paths)
+	if err != nil {
+		return nil, err
+	}
+	files := make(map[string]LfsFileInfo, len(tracked))
+	for _, path := range tracked {
+		if info, ok := readWorktreePointerInfo(repoDir, path); ok {
+			files[path] = info
+			continue
+		}
+		if info, ok := readIndexPointerInfo(ctx, repoDir, path); ok {
+			files[path] = info
+		}
+	}
+	return files, nil
+}
 
-		blob, err := runGitCommand(ctx, repoDir, "cat-file", "-p", oid)
+func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error {
+	paths, err := grepPointerPaths(ctx, repoDir, ref)
+	if err != nil {
+		return fmt.Errorf("git grep failed for %s: %w", ref, err)
+	}
+	for _, path := range paths {
+		blob, err := runGitCommand(ctx, repoDir, "show", fmt.Sprintf("%s:%s", ref, path))
 		if err != nil {
-			logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob %s", path, ref, oid))
+			logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob", path, ref))
 			continue
 		}
 
@@ -123,9 +215,31 @@ func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logg
 	return nil
 }
 
-func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) {
-	cmd := exec.CommandContext(ctx, "git", args...)
+func listTrackedWorktreeFiles(ctx context.Context, repoDir string) ([]string, error) {
+	out, err := runGitCommand(ctx, repoDir, "ls-files", "-z")
+	if err != nil {
+		return nil, fmt.Errorf("git ls-files failed: %w", err)
+	}
+	raw := strings.Split(out, "\x00")
+	paths := make([]string, 0, len(raw))
+	for _, entry := range raw {
+		entry = strings.TrimSpace(entry)
+		if entry == "" {
+			continue
+		}
+		paths = append(paths, entry)
+	}
+	return paths, nil
+}
+
+func filterLfsTrackedPaths(ctx context.Context, repoDir string, paths []string) ([]string, error) {
+	if len(paths) == 0 {
+		return nil, nil
+	}
+
+	cmd := exec.CommandContext(ctx, "git", "check-attr", "-z", "--stdin", "filter")
 	cmd.Dir = repoDir
+	cmd.Stdin = strings.NewReader(strings.Join(paths, "\x00") + "\x00")
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr
@@ -134,31 +248,122 @@ func runGitCommand(ctx context.Context, repoDir string, args ...string) (string,
 		if msg == "" {
 			msg = err.Error()
 		}
-		return "", fmt.Errorf("%s", msg)
+		return nil, fmt.Errorf("git check-attr failed: %s", msg)
 	}
-	return stdout.String(), nil
+
+	raw := strings.Split(stdout.String(), "\x00")
+	filtered := make([]string, 0, len(paths))
+	for i := 0; i+2 < len(raw); i += 3 {
+		path := strings.TrimSpace(raw[i])
+		attr := strings.TrimSpace(raw[i+1])
+		value := strings.TrimSpace(raw[i+2])
+		if path == "" || attr != "filter" {
+			continue
+		}
+		if isTrackedFilter(value) {
+			filtered = append(filtered, path)
+		}
+	}
+	return filtered, nil
 }
 
-func parseLsTreeEntry(entry string) (string, string, error) {
-	tab := strings.Index(entry, "\t")
-	if tab < 0 {
-		return "", "", fmt.Errorf("missing tab separator")
+func isTrackedFilter(value string) bool {
+	switch strings.TrimSpace(value) {
+	case "lfs", "drs":
+		return true
+	default:
+		return false
 	}
+}
 
-	meta := strings.Fields(entry[:tab])
-	if len(meta) < 3 {
-		return "", "", fmt.Errorf("invalid ls-tree metadata")
+func readWorktreePointerInfo(repoDir, path string) (LfsFileInfo, bool) {
+	payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
+	if err != nil {
+		return LfsFileInfo{}, false
 	}
-	if meta[1] != "blob" {
-		return "", "", fmt.Errorf("not a blob entry")
+	pointer, ok := parseLFSPointer(string(payload))
+	if !ok {
+		return LfsFileInfo{}, false
 	}
+	return LfsFileInfo{
+		Name:      path,
+		Size:      pointer.Size,
+		IsPointer: true,
+		OidType:   pointer.OidType,
+		Oid:       pointer.Oid,
+		Version:   pointer.Version,
+	}, true
+}
 
-	oid := strings.TrimSpace(meta[2])
-	path := strings.TrimSpace(entry[tab+1:])
-	if oid == "" || path == "" {
-		return "", "", fmt.Errorf("missing oid or path")
+func readIndexPointerInfo(ctx context.Context, repoDir, path string) (LfsFileInfo, bool) {
+	blob, err := runGitCommand(ctx, repoDir, "show", ":"+path)
+	if err != nil {
+		return LfsFileInfo{}, false
+	}
+	pointer, ok := parseLFSPointer(blob)
+	if !ok {
+		return LfsFileInfo{}, false
 	}
-	return oid, path, nil
+	return LfsFileInfo{
+		Name:      path,
+		Size:      pointer.Size,
+		IsPointer: false,
+		OidType:   pointer.OidType,
+		Oid:       pointer.Oid,
+		Version:   pointer.Version,
+	}, true
+}
+
+func grepPointerPaths(ctx context.Context, repoDir, ref string) ([]string, error) {
+	cmd := exec.CommandContext(ctx, "git", "grep", "-z", "-l", "https://git-lfs.github.com/spec/v1", ref, "--")
+	cmd.Dir = repoDir
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	err := cmd.Run()
+	if err != nil {
+		var exitErr *exec.ExitError
+		if errors.As(err, &exitErr) && exitErr.ExitCode() == 1 {
+			return nil, nil
+		}
+		msg := strings.TrimSpace(stderr.String())
+		if msg == "" {
+			msg = err.Error()
+		}
+		return nil, fmt.Errorf("%s", msg)
+	}
+
+	raw := strings.Split(stdout.String(), "\x00")
+	paths := make([]string, 0, len(raw))
+	prefix := ref + ":"
+	for _, entry := range raw {
+		entry = strings.TrimSpace(entry)
+		if entry == "" {
+			continue
+		}
+		path := entry
+		if strings.HasPrefix(path, prefix) {
+			path = strings.TrimPrefix(path, prefix)
+		}
+		paths = append(paths, path)
+	}
+	return paths, nil
+}
+
+func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) {
+	cmd := exec.CommandContext(ctx, "git", args...)
+	cmd.Dir = repoDir
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	if err := cmd.Run(); err != nil {
+		msg := strings.TrimSpace(stderr.String())
+		if msg == "" {
+			msg = err.Error()
+		}
+		return "", fmt.Errorf("%s", msg)
+	}
+	return stdout.String(), nil
 }
 
 type lfsPointer struct {
diff --git a/internal/lfs/inventory_test.go b/internal/lfs/inventory_test.go
index 9b876760..ba7b3c4a 100644
--- a/internal/lfs/inventory_test.go
+++ b/internal/lfs/inventory_test.go
@@ -14,6 +14,10 @@ func TestGetAllLfsFilesFromGitRefsWithoutLfsCli(t *testing.T) {
 	runGitCmdTest(t, repo, "init")
 	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
 	runGitCmdTest(t, repo, "config", "user.name", "Test User")
+	runGitCmdTest(t, repo, "config", "filter.lfs.clean", "cat")
+	runGitCmdTest(t, repo, "config", "filter.lfs.smudge", "cat")
+	runGitCmdTest(t, repo, "config", "filter.lfs.process", "cat")
+	runGitCmdTest(t, repo, "config", "filter.lfs.required", "false")
 	runGitCmdTest(t, repo, "checkout", "-b", "main")
 
 	oidMain := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
@@ -88,6 +92,120 @@ func TestGetAllLfsFilesFromGitRefsWithoutLfsCli(t *testing.T) {
 	}
 }
 
+func TestGetWorktreeLfsFiles(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmdTest(t, repo, "init")
+	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
+	runGitCmdTest(t, repo, "config", "user.name", "Test User")
+
+	oid := "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
+	pointerPath := filepath.Join(repo, "data", "pointer.dat")
+	writePointerFile(t, pointerPath, oid, "789")
+
+	localizedPath := filepath.Join(repo, "data", "localized.bin")
+	if err := os.WriteFile(localizedPath, []byte("hydrated"), 0o644); err != nil {
+		t.Fatalf("write localized file: %v", err)
+	}
+
+	runGitCmdTest(t, repo, "add", ".")
+	runGitCmdTest(t, repo, "commit", "-m", "commit pointer")
+
+	if err := os.WriteFile(pointerPath, []byte("hydrated pointer replacement"), 0o644); err != nil {
+		t.Fatalf("replace pointer with hydrated content: %v", err)
+	}
+
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() {
+		_ = os.Chdir(oldWD)
+	})
+
+	logger := drslog.NewNoOpLogger()
+	files, err := GetWorktreeLfsFiles(logger)
+	if err != nil {
+		t.Fatalf("GetWorktreeLfsFiles error: %v", err)
+	}
+	if _, exists := files["data/pointer.dat"]; exists {
+		t.Fatalf("hydrated file should not still appear as a pointer")
+	}
+
+	if err := os.WriteFile(pointerPath, []byte("version https://git-lfs.github.com/spec/v1\noid sha256:"+oid+"\nsize 789\n"), 0o644); err != nil {
+		t.Fatalf("restore pointer file: %v", err)
+	}
+
+	files, err = GetWorktreeLfsFiles(logger)
+	if err != nil {
+		t.Fatalf("GetWorktreeLfsFiles error after restore: %v", err)
+	}
+	info, ok := files["data/pointer.dat"]
+	if !ok {
+		t.Fatalf("expected pointer in worktree inventory")
+	}
+	if info.Oid != oid || info.Size != 789 {
+		t.Fatalf("unexpected pointer info: %+v", info)
+	}
+}
+
+func TestGetTrackedLfsFiles_IncludesHydratedTrackedFileUsingIndexPointer(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmdTest(t, repo, "init")
+	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
+	runGitCmdTest(t, repo, "config", "user.name", "Test User")
+	runGitCmdTest(t, repo, "config", "filter.drs.clean", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.smudge", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.process", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.required", "false")
+
+	attrPath := filepath.Join(repo, ".gitattributes")
+	if err := os.WriteFile(attrPath, []byte("*.dat filter=drs diff=drs merge=drs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+
+	oid := "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
+	pointerPath := filepath.Join(repo, "data", "hydrated.dat")
+	writePointerFile(t, pointerPath, oid, "321")
+
+	runGitCmdTest(t, repo, "add", ".")
+	runGitCmdTest(t, repo, "commit", "-m", "commit tracked pointer")
+
+	if err := os.WriteFile(pointerPath, []byte("localized payload"), 0o644); err != nil {
+		t.Fatalf("hydrate tracked file: %v", err)
+	}
+
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() {
+		_ = os.Chdir(oldWD)
+	})
+
+	logger := drslog.NewNoOpLogger()
+	files, err := GetTrackedLfsFiles(logger)
+	if err != nil {
+		t.Fatalf("GetTrackedLfsFiles error: %v", err)
+	}
+
+	info, ok := files["data/hydrated.dat"]
+	if !ok {
+		t.Fatalf("expected hydrated tracked file in inventory")
+	}
+	if info.Oid != oid || info.Size != 321 {
+		t.Fatalf("unexpected hydrated tracked info: %+v", info)
+	}
+	if info.IsPointer {
+		t.Fatalf("expected hydrated tracked file to be marked non-pointer in worktree inventory")
+	}
+}
+
 func writePointerFile(t *testing.T, path, oid, size string) {
 	t.Helper()
 	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
@@ -118,7 +236,7 @@ func TestIsLFSTracked(t *testing.T) {
 	repo := t.TempDir()
 	mustRun(t, repo, "git", "init")
 
-	attr := []byte("*.dat filter=lfs diff=lfs merge=lfs -text\n")
+	attr := []byte("*.dat filter=drs diff=drs merge=drs -text\n")
 	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), attr, 0o644); err != nil {
 		t.Fatalf("write .gitattributes: %v", err)
 	}
diff --git a/internal/lfs/sentinel.go b/internal/lfs/sentinel.go
deleted file mode 100644
index a47beab5..00000000
--- a/internal/lfs/sentinel.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package lfs
-
-import (
-	"crypto/sha256"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-const addURLSentinelHeader = "git-drs-add-url-sentinel:v1\n"
-
-func SyntheticOIDFromETag(etag string) (string, error) {
-	e := strings.TrimSpace(strings.Trim(etag, `"`))
-	if e == "" {
-		return "", fmt.Errorf("etag is required for synthetic oid")
-	}
-	sum := sha256.Sum256([]byte(e))
-	return fmt.Sprintf("%x", sum[:]), nil
-}
-
-func buildAddURLSentinel(etag string, sourceURL string) ([]byte, error) {
-	e := strings.TrimSpace(strings.Trim(etag, `"`))
-	if e == "" {
-		return nil, fmt.Errorf("etag is required for sentinel")
-	}
-	return []byte(addURLSentinelHeader + "etag=" + e + "\nsource=" + strings.TrimSpace(sourceURL) + "\n"), nil
-}
-
-func IsAddURLSentinelBytes(data []byte) bool {
-	return strings.HasPrefix(string(data), addURLSentinelHeader)
-}
-
-func IsAddURLSentinelObject(path string) (bool, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-
-	buf := make([]byte, len(addURLSentinelHeader))
-	n, err := f.Read(buf)
-	if err != nil && n == 0 {
-		return false, err
-	}
-	return IsAddURLSentinelBytes(buf[:n]), nil
-}
-
-func WriteAddURLSentinelObject(lfsRoot string, oid string, etag string, sourceURL string) (string, error) {
-	objPath, err := ObjectPath(filepath.Join(lfsRoot, "objects"), oid)
-	if err != nil {
-		return "", err
-	}
-	if err := os.MkdirAll(filepath.Dir(objPath), 0o755); err != nil {
-		return "", fmt.Errorf("mkdir %s: %w", filepath.Dir(objPath), err)
-	}
-	payload, err := buildAddURLSentinel(etag, sourceURL)
-	if err != nil {
-		return "", err
-	}
-	if err := os.WriteFile(objPath, payload, 0o644); err != nil {
-		return "", fmt.Errorf("write sentinel %s: %w", objPath, err)
-	}
-	return objPath, nil
-}
diff --git a/internal/lfs/sentinel_test.go b/internal/lfs/sentinel_test.go
deleted file mode 100644
index 74d5b9e5..00000000
--- a/internal/lfs/sentinel_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package lfs
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestSyntheticOIDFromETag(t *testing.T) {
-	oid, err := SyntheticOIDFromETag("abcd1234")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if len(oid) != 64 {
-		t.Fatalf("expected 64-char oid, got %q", oid)
-	}
-}
-
-func TestWriteAndDetectAddURLSentinelObject(t *testing.T) {
-	root := t.TempDir()
-	oid, err := SyntheticOIDFromETag("etag-abc")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	path, err := WriteAddURLSentinelObject(root, oid, "etag-abc", "s3://bucket/key")
-	if err != nil {
-		t.Fatalf("write sentinel: %v", err)
-	}
-	if _, err := os.Stat(path); err != nil {
-		t.Fatalf("expected sentinel file: %v", err)
-	}
-	ok, err := IsAddURLSentinelObject(path)
-	if err != nil {
-		t.Fatalf("IsAddURLSentinelObject error: %v", err)
-	}
-	if !ok {
-		t.Fatalf("expected sentinel detection true")
-	}
-}
-
-func TestIsAddURLSentinelBytes(t *testing.T) {
-	payload, err := buildAddURLSentinel("etag", "s3://bucket/key")
-	if err != nil {
-		t.Fatalf("build sentinel: %v", err)
-	}
-	if !IsAddURLSentinelBytes(payload) {
-		t.Fatalf("expected sentinel bytes to be detected")
-	}
-	non := []byte("not-a-sentinel")
-	if IsAddURLSentinelBytes(non) {
-		t.Fatalf("did not expect non-sentinel to match")
-	}
-}
-
-func TestWriteAddURLSentinelObjectCreatesDirectories(t *testing.T) {
-	root := t.TempDir()
-	oid := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-	path, err := WriteAddURLSentinelObject(root, oid, "etag", "s3://bucket/key")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	expected := filepath.Join(root, "objects", oid[:2], oid[2:4], oid)
-	if path != expected {
-		t.Fatalf("expected %s, got %s", expected, path)
-	}
-}
diff --git a/internal/pathspec/match.go b/internal/pathspec/match.go
new file mode 100644
index 00000000..ba034cd8
--- /dev/null
+++ b/internal/pathspec/match.go
@@ -0,0 +1,62 @@
+package pathspec
+
+import (
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+func MatchesAny(path string, patterns []string) bool {
+	if len(patterns) == 0 {
+		return true
+	}
+	normalized := filepath.ToSlash(filepath.Clean(path))
+	for _, pattern := range patterns {
+		pattern = strings.TrimSpace(pattern)
+		if pattern == "" {
+			continue
+		}
+		if Matches(normalized, pattern) {
+			return true
+		}
+	}
+	return false
+}
+
+func Matches(path, pattern string) bool {
+	pattern = filepath.ToSlash(filepath.Clean(pattern))
+	if !strings.ContainsAny(pattern, "*?[") {
+		return path == pattern
+	}
+	re, err := regexp.Compile(globToRegexp(pattern))
+	if err != nil {
+		return false
+	}
+	return re.MatchString(path)
+}
+
+func globToRegexp(pattern string) string {
+	var b strings.Builder
+	b.WriteString("^")
+	for i := 0; i < len(pattern); i++ {
+		ch := pattern[i]
+		switch ch {
+		case '*':
+			if i+1 < len(pattern) && pattern[i+1] == '*' {
+				b.WriteString(".*")
+				i++
+				continue
+			}
+			b.WriteString(`[^/]*`)
+		case '?':
+			b.WriteString(`[^/]`)
+		case '.', '+', '(', ')', '|', '^', '$', '{', '}', '[', ']', '\\':
+			b.WriteByte('\\')
+			b.WriteByte(ch)
+		default:
+			b.WriteByte(ch)
+		}
+	}
+	b.WriteString("$")
+	return b.String()
+}
diff --git a/internal/pathspec/match_test.go b/internal/pathspec/match_test.go
new file mode 100644
index 00000000..f8ac42b5
--- /dev/null
+++ b/internal/pathspec/match_test.go
@@ -0,0 +1,22 @@
+package pathspec
+
+import "testing"
+
+func TestMatches(t *testing.T) {
+	cases := []struct {
+		pattern string
+		path    string
+		want    bool
+	}{
+		{pattern: "data/**", path: "data/a/b/file.bin", want: true},
+		{pattern: "*.bam", path: "data/file.bam", want: false},
+		{pattern: "data/*.bam", path: "data/file.bam", want: true},
+		{pattern: "a/file.txt", path: "a/file.txt", want: true},
+		{pattern: "a/file.txt", path: "a/other.txt", want: false},
+	}
+	for _, tc := range cases {
+		if got := Matches(tc.path, tc.pattern); got != tc.want {
+			t.Fatalf("Matches(%q, %q) = %v, want %v", tc.path, tc.pattern, got, tc.want)
+		}
+	}
+}
diff --git a/internal/precommit_cache/helpers.go b/internal/precommit_cache/helpers.go
index 0a178621..cf4bae7e 100644
--- a/internal/precommit_cache/helpers.go
+++ b/internal/precommit_cache/helpers.go
@@ -169,6 +169,46 @@ func (c *Cache) ReadOIDEntry(oid string) (*OIDEntry, bool, error) {
 	return &oe, true, nil
 }
 
+func (c *Cache) EnsureLayout() error {
+	for _, dir := range []string{c.Root, c.PathsDir, c.OIDsDir} {
+		if err := os.MkdirAll(dir, 0o755); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *Cache) UpsertPathEntry(entry PathEntry) error {
+	if err := c.EnsureLayout(); err != nil {
+		return err
+	}
+	return writeJSONAtomic(c.pathEntryFile(entry.Path), entry)
+}
+
+func (c *Cache) AddOrReplaceOIDPath(oid, oldPath, newPath, now string, contentChanged bool) error {
+	if err := c.EnsureLayout(); err != nil {
+		return err
+	}
+	return oidAddOrReplacePath(c.OIDsDir, oid, oldPath, newPath, now, contentChanged)
+}
+
+func (c *Cache) RemovePathFromOID(oid, path, now string) error {
+	if err := c.EnsureLayout(); err != nil {
+		return err
+	}
+	return oidRemovePath(c.OIDsDir, oid, path, now)
+}
+
+func (c *Cache) DeletePathEntry(path string) error {
+	if err := c.EnsureLayout(); err != nil {
+		return err
+	}
+	if err := os.Remove(c.pathEntryFile(path)); err != nil && !errors.Is(err, fs.ErrNotExist) {
+		return err
+	}
+	return nil
+}
+
 //
 // Validation helpers (optional)
 //
@@ -276,3 +316,97 @@ func git(ctx context.Context, args ...string) ([]byte, error) {
 	}
 	return out, nil
 }
+
+func writeJSONAtomic(path string, v any) error {
+	dir := filepath.Dir(path)
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return err
+	}
+	tmp, err := os.CreateTemp(dir, ".tmp-*.json")
+	if err != nil {
+		return err
+	}
+	tmpName := tmp.Name()
+	enc := json.NewEncoder(tmp)
+	enc.SetIndent("", "  ")
+	if err := enc.Encode(v); err != nil {
+		_ = tmp.Close()
+		_ = os.Remove(tmpName)
+		return err
+	}
+	if err := tmp.Close(); err != nil {
+		_ = os.Remove(tmpName)
+		return err
+	}
+	return os.Rename(tmpName, path)
+}
+
+func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error {
+	f := oidEntryFilePath(oidsDir, oid)
+	var oe OIDEntry
+	if b, err := os.ReadFile(f); err == nil {
+		_ = json.Unmarshal(b, &oe)
+	}
+	if oe.LFSOID == "" {
+		oe.LFSOID = oid
+	}
+	pathsSet := make(map[string]struct{}, len(oe.Paths)+1)
+	for _, p := range oe.Paths {
+		p = strings.TrimSpace(p)
+		if p == "" || p == oldPath {
+			continue
+		}
+		pathsSet[p] = struct{}{}
+	}
+	if strings.TrimSpace(newPath) != "" {
+		pathsSet[newPath] = struct{}{}
+	}
+	oe.Paths = oe.Paths[:0]
+	for p := range pathsSet {
+		oe.Paths = append(oe.Paths, p)
+	}
+	sort.Strings(oe.Paths)
+	oe.UpdatedAt = now
+	oe.ContentChange = contentChanged
+	return writeJSONAtomic(f, oe)
+}
+
+func oidRemovePath(oidsDir, oid, path, now string) error {
+	if strings.TrimSpace(oid) == "" || strings.TrimSpace(path) == "" {
+		return nil
+	}
+	f := oidEntryFilePath(oidsDir, oid)
+	b, err := os.ReadFile(f)
+	if err != nil {
+		if errors.Is(err, fs.ErrNotExist) {
+			return nil
+		}
+		return err
+	}
+	var oe OIDEntry
+	if err := json.Unmarshal(b, &oe); err != nil {
+		return err
+	}
+	filtered := oe.Paths[:0]
+	for _, existing := range oe.Paths {
+		if strings.TrimSpace(existing) == "" || existing == path {
+			continue
+		}
+		filtered = append(filtered, existing)
+	}
+	oe.Paths = filtered
+	oe.UpdatedAt = now
+	if len(oe.Paths) == 0 {
+		if err := os.Remove(f); err != nil && !errors.Is(err, fs.ErrNotExist) {
+			return err
+		}
+		return nil
+	}
+	sort.Strings(oe.Paths)
+	return writeJSONAtomic(f, oe)
+}
+
+func oidEntryFilePath(oidsDir, oid string) string {
+	sum := sha256.Sum256([]byte(oid))
+	return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
+}
diff --git a/internal/pushsync/batch_sync.go b/internal/pushsync/batch_sync.go
index 427b9444..8a783cf7 100644
--- a/internal/pushsync/batch_sync.go
+++ b/internal/pushsync/batch_sync.go
@@ -3,9 +3,11 @@ package pushsync
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"os"
 	"path/filepath"
 	"sort"
+	"strings"
 
 	localcommon "github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
@@ -13,6 +15,7 @@ import (
 	"github.com/calypr/git-drs/internal/drsremote"
 	"github.com/calypr/git-drs/internal/lfs"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	sycommon "github.com/calypr/syfon/client/common"
 	"github.com/calypr/syfon/client/hash"
 	"github.com/google/uuid"
 	"golang.org/x/sync/errgroup"
@@ -21,6 +24,7 @@ import (
 type batchSyncSession struct {
 	ctx            context.Context
 	rt             *pushRuntime
+	reporter       UploadProgressReporter
 	filesByOID     map[string]lfs.LfsFileInfo
 	oids           []string
 	drsObjByOID    map[string]*drsapi.DrsObject
@@ -37,10 +41,11 @@ type uploadCandidate struct {
 }
 
 // BatchSyncForPush performs checksum-first push preparation.
-func BatchSyncForPush(cl *config.GitContext, ctx context.Context, files map[string]lfs.LfsFileInfo) error {
+func BatchSyncForPush(cl *config.GitContext, ctx context.Context, files map[string]lfs.LfsFileInfo, reporter UploadProgressReporter) error {
 	session := &batchSyncSession{
 		ctx:            ctx,
 		rt:             newPushRuntime(cl),
+		reporter:       reporter,
 		drsObjByOID:    make(map[string]*drsapi.DrsObject),
 		existingByHash: make(map[string][]drsapi.DrsObject),
 		registeredOids: make(map[string]bool),
@@ -196,9 +201,10 @@ func scopedDRSObjectForPush(rt *pushRuntime, oid string, path string, size int64
 		return obj, nil
 	}
 
-	if existing.AccessMethods != nil && len(*existing.AccessMethods) > 0 {
+	if shouldPreserveExistingAccessMethodsForPush(existing, obj, oid) {
 		obj.AccessMethods = existing.AccessMethods
 	}
+
 	obj.Aliases = existing.Aliases
 	obj.Contents = existing.Contents
 	obj.Description = existing.Description
@@ -215,10 +221,69 @@ func scopedDRSObjectForPush(rt *pushRuntime, oid string, path string, size int64
 	return obj, nil
 }
 
+func shouldPreserveExistingAccessMethodsForPush(existing *drsapi.DrsObject, generated *drsapi.DrsObject, oid string) bool {
+	existingURL := firstAccessURL(existing)
+	if existingURL == "" {
+		return false
+	}
+	generatedURL := firstAccessURL(generated)
+	if existingURL == generatedURL {
+		return true
+	}
+	existingBucket, existingKey, existingOK := parseStorageURL(existingURL)
+	if !existingOK {
+		return true
+	}
+	generatedBucket, generatedKey, generatedOK := parseStorageURL(generatedURL)
+	normalizedOID := strings.Trim(strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), "/")
+	existingKey = strings.Trim(existingKey, "/")
+	if strings.EqualFold(existingBucket, "objects") {
+		return false
+	}
+	if generatedOK && existingKey == "" {
+		return false
+	}
+	if generatedOK && !strings.EqualFold(existingBucket, generatedBucket) && existingKey == normalizedOID {
+		return false
+	}
+	if generatedOK && existingKey == generatedKey && strings.EqualFold(existingBucket, generatedBucket) {
+		return true
+	}
+	return true
+}
+
+func firstAccessURL(obj *drsapi.DrsObject) string {
+	if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 {
+		return ""
+	}
+	am := (*obj.AccessMethods)[0]
+	if am.AccessUrl == nil {
+		return ""
+	}
+	return strings.TrimSpace(am.AccessUrl.Url)
+}
+
+func parseStorageURL(raw string) (bucket string, key string, ok bool) {
+	u, err := url.Parse(strings.TrimSpace(raw))
+	if err != nil || u.Scheme == "" || u.Host == "" {
+		return "", "", false
+	}
+	switch strings.ToLower(u.Scheme) {
+	case "s3", "gs", "azblob":
+		return u.Host, strings.Trim(u.Path, "/"), true
+	default:
+		return "", "", false
+	}
+}
+
 func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error) {
 	candidates := make([]uploadCandidate, 0)
 	for _, oid := range s.oids {
-		if !s.needsUpload(oid) {
+		needsUpload, err := s.needsUpload(oid)
+		if err != nil {
+			return nil, err
+		}
+		if !needsUpload {
 			continue
 		}
 
@@ -248,17 +313,22 @@ func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error)
 	return candidates, nil
 }
 
-func (s *batchSyncSession) needsUpload(oid string) bool {
+func (s *batchSyncSession) needsUpload(oid string) (bool, error) {
 	if s.registeredOids[oid] {
-		return true
+		return true, nil
 	}
 	if len(s.existingByHash[oid]) == 0 {
-		return true
+		return true, nil
 	}
-	if downloadable, err := isFileDownloadable(s.rt, s.ctx, s.drsObjByOID[oid]); err != nil || !downloadable {
-		return true
+	obj := s.drsObjByOID[oid]
+	if obj == nil {
+		return false, nil
+	}
+	downloadable, err := isFileDownloadable(s.rt, s.ctx, obj)
+	if err != nil {
+		return false, fmt.Errorf("failed to check remote object availability for oid %s: %w", oid, err)
 	}
-	return false
+	return !downloadable, nil
 }
 
 func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error {
@@ -273,6 +343,9 @@ func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error
 
 	small, large := splitCandidatesByThreshold(candidates, threshold)
 	s.rt.Logger.InfoContext(s.ctx, "upload plan prepared", "total", len(candidates), "parallel_small", len(small), "sequential_large", len(large))
+	if s.reporter != nil {
+		s.reporter.OnUploadPlan(buildUploadPlanSummary(candidates))
+	}
 
 	if len(small) > 0 {
 		eg, egCtx := errgroup.WithContext(s.ctx)
@@ -280,7 +353,12 @@ func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error
 		for _, c := range small {
 			c := c
 			eg.Go(func() error {
-				return uploadFileForObject(s.rt, egCtx, c.obj, c.src, false)
+				uploadCtx := s.progressContextForCandidate(egCtx, c)
+				if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil {
+					return err
+				}
+				s.reportUploadCompleted(c)
+				return nil
 			})
 		}
 		if err := eg.Wait(); err != nil {
@@ -289,13 +367,68 @@ func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error
 	}
 
 	for _, c := range large {
-		if err := uploadFileForObject(s.rt, s.ctx, c.obj, c.src, false); err != nil {
+		uploadCtx := s.progressContextForCandidate(s.ctx, c)
+		if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil {
 			return err
 		}
+		s.reportUploadCompleted(c)
 	}
 	return nil
 }
 
+func buildUploadPlanSummary(candidates []uploadCandidate) UploadPlanSummary {
+	files := make([]UploadPlanFile, 0, len(candidates))
+	var totalBytes int64
+	for _, c := range candidates {
+		files = append(files, UploadPlanFile{
+			OID:   c.oid,
+			Path:  c.file.Name,
+			Bytes: c.size,
+		})
+		totalBytes += c.size
+	}
+	return UploadPlanSummary{
+		Files:      files,
+		TotalFiles: len(files),
+		TotalBytes: totalBytes,
+	}
+}
+
+func (s *batchSyncSession) progressContextForCandidate(ctx context.Context, c uploadCandidate) context.Context {
+	if s.reporter == nil {
+		return ctx
+	}
+	ctx = sycommon.WithOid(ctx, c.oid)
+	return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error {
+		if ev.Event != "progress" {
+			return nil
+		}
+		s.reporter.OnUploadProgress(UploadProgressEvent{
+			OID:            c.oid,
+			Path:           c.file.Name,
+			BytesSoFar:     ev.BytesSoFar,
+			BytesSinceLast: ev.BytesSinceLast,
+			TotalBytes:     c.size,
+			Phase:          UploadProgressUploading,
+		})
+		return nil
+	})
+}
+
+func (s *batchSyncSession) reportUploadCompleted(c uploadCandidate) {
+	if s.reporter == nil {
+		return
+	}
+	s.reporter.OnUploadProgress(UploadProgressEvent{
+		OID:            c.oid,
+		Path:           c.file.Name,
+		BytesSoFar:     c.size,
+		BytesSinceLast: 0,
+		TotalBytes:     c.size,
+		Phase:          UploadProgressCompleted,
+	})
+}
+
 func splitCandidatesByThreshold(candidates []uploadCandidate, threshold int64) (small, large []uploadCandidate) {
 	for _, c := range candidates {
 		if c.size < threshold {
diff --git a/internal/pushsync/batch_sync_test.go b/internal/pushsync/batch_sync_test.go
new file mode 100644
index 00000000..96fbdb21
--- /dev/null
+++ b/internal/pushsync/batch_sync_test.go
@@ -0,0 +1,449 @@
+package pushsync
+
+import (
+	"context"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/lfs"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	sycommon "github.com/calypr/syfon/client/common"
+	"github.com/calypr/syfon/client/transfer"
+)
+
+type recordingReporter struct {
+	plan   UploadPlanSummary
+	events []UploadProgressEvent
+}
+
+func (r *recordingReporter) OnUploadPlan(plan UploadPlanSummary) {
+	r.plan = plan
+}
+
+func (r *recordingReporter) OnUploadProgress(ev UploadProgressEvent) {
+	r.events = append(r.events, ev)
+}
+
+type pushUploadBackendStub struct {
+	mu sync.Mutex
+
+	resolveFunc func(context.Context, string, string, sycommon.FileMetadata, string) (string, error)
+	uploadFunc  func(context.Context, string, io.Reader, int64) error
+
+	lastResolve struct {
+		guid     string
+		filename string
+		metadata sycommon.FileMetadata
+		bucket   string
+	}
+	lastUpload struct {
+		url  string
+		size int64
+		body string
+	}
+}
+
+func setTestPushScope(rt *pushRuntime) {
+	rt.Scope = pushScope{
+		Organization: "syfon",
+		Project:      "e2e",
+		Bucket:       "syfon-e2e-bucket",
+	}
+}
+
+func (b *pushUploadBackendStub) Name() string { return "push-upload-backend-stub" }
+
+func (b *pushUploadBackendStub) Logger() transfer.TransferLogger { return transfer.NoOpLogger{} }
+
+func (b *pushUploadBackendStub) Upload(ctx context.Context, url string, body io.Reader, size int64) error {
+	var bodyText string
+	if body != nil {
+		data, _ := io.ReadAll(body)
+		bodyText = string(data)
+	}
+
+	b.mu.Lock()
+	b.lastUpload.url = url
+	b.lastUpload.size = size
+	b.lastUpload.body = bodyText
+	b.mu.Unlock()
+
+	if b.uploadFunc != nil {
+		return b.uploadFunc(ctx, url, strings.NewReader(bodyText), size)
+	}
+	return nil
+}
+
+func (b *pushUploadBackendStub) ResolveUploadURL(ctx context.Context, guid string, filename string, metadata sycommon.FileMetadata, bucket string) (string, error) {
+	b.mu.Lock()
+	b.lastResolve.guid = guid
+	b.lastResolve.filename = filename
+	b.lastResolve.metadata = metadata
+	b.lastResolve.bucket = bucket
+	b.mu.Unlock()
+
+	if b.resolveFunc != nil {
+		return b.resolveFunc(ctx, guid, filename, metadata, bucket)
+	}
+	return "https://upload.example/" + filename, nil
+}
+
+func (b *pushUploadBackendStub) MultipartInit(context.Context, string) (string, error) {
+	return "upload-id", nil
+}
+
+func (b *pushUploadBackendStub) MultipartPart(context.Context, string, string, int, io.Reader) (string, error) {
+	return "etag", nil
+}
+
+func (b *pushUploadBackendStub) MultipartComplete(context.Context, string, string, []transfer.MultipartPart) error {
+	return nil
+}
+
+func TestExecuteUploadPlanReportsProgress(t *testing.T) {
+	tmp := t.TempDir()
+	filePath := filepath.Join(tmp, "a.bin")
+	if err := os.WriteFile(filePath, []byte("hello world"), 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	reporter := &recordingReporter{}
+	rt := newPushRuntime(nil)
+	setTestPushScope(rt)
+	rt.Logger = drslog.NewNoOpLogger()
+	rt.Tuning.MultiPartThreshold = 1024
+	rt.Tuning.UploadConcurrency = 2
+
+	backend := &pushUploadBackendStub{
+		uploadFunc: func(ctx context.Context, _ string, _ io.Reader, _ int64) error {
+			cb := sycommon.GetProgress(ctx)
+			if cb == nil {
+				t.Fatal("expected progress callback in upload context")
+			}
+			_ = cb(sycommon.ProgressEvent{Event: "progress", Oid: sycommon.GetOid(ctx), BytesSoFar: 5, BytesSinceLast: 5})
+			_ = cb(sycommon.ProgressEvent{Event: "progress", Oid: sycommon.GetOid(ctx), BytesSoFar: 11, BytesSinceLast: 6})
+			return nil
+		},
+	}
+	oldBackend := uploadBackendForRuntime
+	uploadBackendForRuntime = func(*pushRuntime) transfer.MultipartBackend { return backend }
+	t.Cleanup(func() { uploadBackendForRuntime = oldBackend })
+
+	session := &batchSyncSession{
+		ctx:      context.Background(),
+		rt:       rt,
+		reporter: reporter,
+	}
+	candidates := []uploadCandidate{{
+		oid:  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+		obj:  &drsapi.DrsObject{Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}}},
+		file: lfs.LfsFileInfo{Name: filePath},
+		size: 11,
+		src:  filePath,
+	}}
+
+	if err := session.executeUploadPlan(candidates); err != nil {
+		t.Fatalf("executeUploadPlan returned error: %v", err)
+	}
+	if reporter.plan.TotalFiles != 1 || reporter.plan.TotalBytes != 11 {
+		t.Fatalf("unexpected plan summary: %+v", reporter.plan)
+	}
+	if len(reporter.events) < 3 {
+		t.Fatalf("expected progress + completed events, got %+v", reporter.events)
+	}
+	last := reporter.events[len(reporter.events)-1]
+	if last.Phase != UploadProgressCompleted || last.BytesSoFar != 11 {
+		t.Fatalf("unexpected final progress event: %+v", last)
+	}
+}
+
+func TestExecuteUploadPlanHonorsUploadConcurrency(t *testing.T) {
+	tmp := t.TempDir()
+	rt := newPushRuntime(nil)
+	setTestPushScope(rt)
+	rt.Logger = drslog.NewNoOpLogger()
+	rt.Tuning.MultiPartThreshold = 1024
+	rt.Tuning.UploadConcurrency = 2
+
+	var active int32
+	var maxActive int32
+	var mu sync.Mutex
+	releaseChans := make([]chan struct{}, 0, 3)
+
+	backend := &pushUploadBackendStub{
+		uploadFunc: func(context.Context, string, io.Reader, int64) error {
+			cur := atomic.AddInt32(&active, 1)
+			for {
+				max := atomic.LoadInt32(&maxActive)
+				if cur <= max || atomic.CompareAndSwapInt32(&maxActive, max, cur) {
+					break
+				}
+			}
+
+			release := make(chan struct{})
+			mu.Lock()
+			releaseChans = append(releaseChans, release)
+			mu.Unlock()
+
+			<-release
+			atomic.AddInt32(&active, -1)
+			return nil
+		},
+	}
+	oldBackend := uploadBackendForRuntime
+	uploadBackendForRuntime = func(*pushRuntime) transfer.MultipartBackend { return backend }
+	t.Cleanup(func() { uploadBackendForRuntime = oldBackend })
+
+	makeCandidate := func(name string) uploadCandidate {
+		path := filepath.Join(tmp, name)
+		if err := os.WriteFile(path, []byte("hello"), 0o644); err != nil {
+			t.Fatalf("write temp file %s: %v", name, err)
+		}
+		return uploadCandidate{
+			oid:  name + "-oid",
+			obj:  &drsapi.DrsObject{Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: name + "-oid"}}},
+			file: lfs.LfsFileInfo{Name: path},
+			size: 5,
+			src:  path,
+		}
+	}
+
+	session := &batchSyncSession{
+		ctx: context.Background(),
+		rt:  rt,
+	}
+	candidates := []uploadCandidate{
+		makeCandidate("a.bin"),
+		makeCandidate("b.bin"),
+		makeCandidate("c.bin"),
+	}
+
+	done := make(chan error, 1)
+	go func() {
+		done <- session.executeUploadPlan(candidates)
+	}()
+
+	for {
+		mu.Lock()
+		count := len(releaseChans)
+		mu.Unlock()
+		if count >= 2 {
+			break
+		}
+	}
+
+	if got := atomic.LoadInt32(&maxActive); got != 2 {
+		t.Fatalf("max active uploads = %d, want 2", got)
+	}
+
+	mu.Lock()
+	firstBatch := append([]chan struct{}(nil), releaseChans[:2]...)
+	mu.Unlock()
+	for _, ch := range firstBatch {
+		close(ch)
+	}
+
+	for {
+		mu.Lock()
+		count := len(releaseChans)
+		mu.Unlock()
+		if count >= 3 {
+			break
+		}
+	}
+
+	mu.Lock()
+	last := releaseChans[2]
+	mu.Unlock()
+	close(last)
+
+	if err := <-done; err != nil {
+		t.Fatalf("executeUploadPlan returned error: %v", err)
+	}
+	if got := atomic.LoadInt32(&maxActive); got != 2 {
+		t.Fatalf("max active uploads after completion = %d, want 2", got)
+	}
+}
+
+func TestScopedDRSObjectForPushRebuildsAccessMethodsFromCurrentScope(t *testing.T) {
+	assertScopedDRSObjectForPushRebuildsAccessMethod(t, "s3://objects/existing-did")
+	assertScopedDRSObjectForPushRebuildsAccessMethod(t, "s3://7b9de5b9-19b2-536f-abcc-fe2a146c4eb5")
+}
+
+func TestUploadFileForObjectUsesScopedKeyForMalformedRegisteredAccessURL(t *testing.T) {
+	tmp := t.TempDir()
+	filePath := filepath.Join(tmp, "project-subpath.bin")
+	if err := os.WriteFile(filePath, []byte("project subpath payload"), 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	rt := &pushRuntime{
+		Logger: drslog.NewNoOpLogger(),
+		Scope: pushScope{
+			Organization: "syfon",
+			Project:      "e2e",
+			Bucket:       "syfon-e2e-bucket",
+			StoragePref:  "program-root/project-subpath",
+		},
+		Tuning: pushTuning{MultiPartThreshold: 1024},
+	}
+
+	oid := "412f8568bfb0e62937ee40c6fcdeaa1cf55910c558c0152250340356c8829a47"
+	obj := &drsapi.DrsObject{
+		Id:   "f781273b-52eb-5ac2-a484-775235eef303",
+		Name: ptrString("project-subpath.bin"),
+		Size: 23,
+		Checksums: []drsapi.Checksum{{
+			Type:     "sha256",
+			Checksum: oid,
+		}},
+		ControlledAccess: &[]string{"/organization/syfon/project/e2e"},
+		AccessMethods: &[]drsapi.AccessMethod{{
+			Type: drsapi.AccessMethodTypeS3,
+			AccessUrl: &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: "s3://f781273b-52eb-5ac2-a484-775235eef303"},
+		}},
+	}
+
+	backend := &pushUploadBackendStub{}
+	oldBackend := uploadBackendForRuntime
+	uploadBackendForRuntime = func(*pushRuntime) transfer.MultipartBackend { return backend }
+	t.Cleanup(func() { uploadBackendForRuntime = oldBackend })
+
+	if err := uploadFileForObject(rt, context.Background(), obj, filePath, false); err != nil {
+		t.Fatalf("uploadFileForObject returned error: %v", err)
+	}
+	if backend.lastUpload.body != "project subpath payload" {
+		t.Fatalf("uploaded body = %q, want project subpath payload", backend.lastUpload.body)
+	}
+	if backend.lastResolve.guid != obj.Id {
+		t.Fatalf("upload guid = %q, want DID %q", backend.lastResolve.guid, obj.Id)
+	}
+	if backend.lastResolve.bucket != "" {
+		t.Fatalf("upload bucket hint = %q, want empty scoped upload hint", backend.lastResolve.bucket)
+	}
+	if got := backend.lastResolve.metadata.Authorizations["syfon"]; len(got) != 1 || got[0] != "e2e" {
+		t.Fatalf("upload scope metadata = %+v, want syfon/e2e", backend.lastResolve.metadata.Authorizations)
+	}
+	wantKey := "program-root/project-subpath/" + oid
+	if backend.lastResolve.filename != wantKey {
+		t.Fatalf("upload object key = %q, want %q", backend.lastResolve.filename, wantKey)
+	}
+	if backend.lastUpload.url != "https://upload.example/"+wantKey {
+		t.Fatalf("upload URL = %q, want signed URL for %q", backend.lastUpload.url, wantKey)
+	}
+}
+
+func assertScopedDRSObjectForPushRebuildsAccessMethod(t *testing.T, existingURL string) {
+	t.Helper()
+	tmp := t.TempDir()
+	filePath := filepath.Join(tmp, "program-root.bin")
+	if err := os.WriteFile(filePath, []byte("payload"), 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	rt := &pushRuntime{
+		API: &config.GitContext{
+			Organization:  "syfon",
+			ProjectId:     "e2e",
+			BucketName:    "syfon-e2e-bucket",
+			StoragePrefix: "program-root",
+		},
+		Scope: pushScope{
+			Organization: "syfon",
+			Project:      "e2e",
+			Bucket:       "syfon-e2e-bucket",
+			StoragePref:  "program-root",
+		},
+	}
+
+	existing := &drsapi.DrsObject{
+		Id:   "existing-did",
+		Name: ptrString("program-root.bin"),
+		Checksums: []drsapi.Checksum{{
+			Type:     "sha256",
+			Checksum: "3d71f043937a09b77826109db4f2b47c46f19923ef823f6a777a15fde0b2c9c7",
+		}},
+		AccessMethods: &[]drsapi.AccessMethod{{
+			Type: drsapi.AccessMethodTypeS3,
+			AccessUrl: &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: existingURL},
+		}},
+	}
+
+	obj, err := scopedDRSObjectForPush(rt, "3d71f043937a09b77826109db4f2b47c46f19923ef823f6a777a15fde0b2c9c7", filePath, 7, existing)
+	if err != nil {
+		t.Fatalf("scopedDRSObjectForPush returned error: %v", err)
+	}
+	if obj.AccessMethods == nil || len(*obj.AccessMethods) != 1 {
+		t.Fatalf("expected rebuilt access method, got %+v", obj.AccessMethods)
+	}
+	got := (*obj.AccessMethods)[0].AccessUrl.Url
+	want := "s3://syfon-e2e-bucket/program-root/3d71f043937a09b77826109db4f2b47c46f19923ef823f6a777a15fde0b2c9c7"
+	if got != want {
+		t.Fatalf("access url = %q, want %q", got, want)
+	}
+}
+
+func TestScopedDRSObjectForPushPreservesExplicitAddURLAccessMethod(t *testing.T) {
+	tmp := t.TempDir()
+	filePath := filepath.Join(tmp, "from-bucket.bin")
+	if err := os.WriteFile(filePath, []byte("payload"), 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	rt := &pushRuntime{
+		API: &config.GitContext{
+			Organization: "syfon",
+			ProjectId:    "e2e",
+			BucketName:   "syfon-e2e-bucket",
+		},
+		Scope: pushScope{
+			Organization: "syfon",
+			Project:      "e2e",
+			Bucket:       "syfon-e2e-bucket",
+		},
+	}
+
+	oid := "95d536cc8df0a8e265832c6bd0422d69593f564d5ff0518e77535c45bc10bfde"
+	explicitURL := "s3://syfon-e2e-bucket/syfon/e2e/addurl/" + oid
+	existing := &drsapi.DrsObject{
+		Id:   "existing-did",
+		Name: ptrString("from-bucket.bin"),
+		Checksums: []drsapi.Checksum{{
+			Type:     "sha256",
+			Checksum: oid,
+		}},
+		AccessMethods: &[]drsapi.AccessMethod{{
+			Type: drsapi.AccessMethodTypeS3,
+			AccessUrl: &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: explicitURL},
+		}},
+	}
+
+	obj, err := scopedDRSObjectForPush(rt, oid, filePath, 7, existing)
+	if err != nil {
+		t.Fatalf("scopedDRSObjectForPush returned error: %v", err)
+	}
+	if obj.AccessMethods == nil || len(*obj.AccessMethods) != 1 || (*obj.AccessMethods)[0].AccessUrl == nil {
+		t.Fatalf("expected access method, got %+v", obj.AccessMethods)
+	}
+	if got := (*obj.AccessMethods)[0].AccessUrl.Url; got != explicitURL {
+		t.Fatalf("access url = %q, want explicit add-url %q", got, explicitURL)
+	}
+}
+
+func ptrString(s string) *string { return &s }
diff --git a/internal/pushsync/progress.go b/internal/pushsync/progress.go
new file mode 100644
index 00000000..996e5480
--- /dev/null
+++ b/internal/pushsync/progress.go
@@ -0,0 +1,34 @@
+package pushsync
+
+type UploadProgressPhase string
+
+const (
+	UploadProgressUploading UploadProgressPhase = "uploading"
+	UploadProgressCompleted UploadProgressPhase = "completed"
+)
+
+type UploadPlanFile struct {
+	OID   string
+	Path  string
+	Bytes int64
+}
+
+type UploadPlanSummary struct {
+	Files      []UploadPlanFile
+	TotalFiles int
+	TotalBytes int64
+}
+
+type UploadProgressEvent struct {
+	OID            string
+	Path           string
+	BytesSoFar     int64
+	BytesSinceLast int64
+	TotalBytes     int64
+	Phase          UploadProgressPhase
+}
+
+type UploadProgressReporter interface {
+	OnUploadPlan(UploadPlanSummary)
+	OnUploadProgress(UploadProgressEvent)
+}
diff --git a/internal/pushsync/register.go b/internal/pushsync/register.go
index de7a2bd3..60c75d9c 100644
--- a/internal/pushsync/register.go
+++ b/internal/pushsync/register.go
@@ -14,11 +14,22 @@ import (
 	localdrsobject "github.com/calypr/git-drs/internal/drsobject"
 	"github.com/calypr/git-drs/internal/lfs"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+	sycommon "github.com/calypr/syfon/client/common"
 	conf "github.com/calypr/syfon/client/config"
 	"github.com/calypr/syfon/client/hash"
+	syrequest "github.com/calypr/syfon/client/request"
+	"github.com/calypr/syfon/client/transfer"
 	syupload "github.com/calypr/syfon/client/transfer/upload"
 )
 
+var uploadBackendForRuntime = func(rt *pushRuntime) transfer.MultipartBackend {
+	if rt == nil || rt.API == nil || rt.API.Client == nil {
+		return nil
+	}
+	return rt.API.Client.Data()
+}
+
 type pushScope struct {
 	Organization string
 	Project      string
@@ -127,11 +138,6 @@ func resolveUploadSourcePath(oid string, worktreePath string, isPointer bool) (s
 	lfsObjPath, err := lfs.ObjectPath(localcommon.LFS_OBJS_PATH, oid)
 	if err == nil {
 		if st, statErr := os.Stat(lfsObjPath); statErr == nil && !st.IsDir() && st.Size() > 0 {
-			if isPointer {
-				if sentinel, sentinelErr := lfs.IsAddURLSentinelObject(lfsObjPath); sentinelErr == nil && sentinel {
-					return "", false, nil
-				}
-			}
 			return lfsObjPath, true, nil
 		}
 	}
@@ -153,7 +159,7 @@ func resolveUploadSourcePath(oid string, worktreePath string, isPointer bool) (s
 func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject, filePath string, skipIfDownloadable bool) error {
 	hInfo := hash.ConvertDrsChecksumsToHashInfo(drsObject.Checksums)
 	if skipIfDownloadable {
-		rt.Logger.InfoContext(ctx, fmt.Sprintf("checking if oid %s is already downloadable", hInfo.SHA256))
+		rt.Logger.DebugContext(ctx, fmt.Sprintf("checking if oid %s is already downloadable", hInfo.SHA256))
 		downloadable, err := isFileDownloadable(rt, ctx, drsObject)
 		if err != nil {
 			return fmt.Errorf("error checking if file is downloadable: oid %s %v", hInfo.SHA256, err)
@@ -164,7 +170,7 @@ func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi
 		}
 	}
 
-	rt.Logger.InfoContext(ctx, fmt.Sprintf("file %s is not downloadable, proceeding to upload", hInfo.SHA256))
+	rt.Logger.DebugContext(ctx, fmt.Sprintf("file %s is not downloadable, proceeding to upload", hInfo.SHA256))
 	multiPartThreshold := int64(5 * 1024 * 1024 * 1024)
 	if rt.Tuning.MultiPartThreshold > 0 {
 		multiPartThreshold = rt.Tuning.MultiPartThreshold
@@ -197,12 +203,74 @@ func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi
 		"threshold", multiPartThreshold,
 		"forceMultipart", forceMultipart,
 	)
-	if err := syupload.UploadObjectFile(ctx, rt.API.Client.Data(), filePath, objectKey, drsObject.Id, rt.Scope.Bucket, forceMultipart); err != nil {
+	backend := uploadBackendForRuntime(rt)
+	if backend == nil {
+		return fmt.Errorf("upload backend is required")
+	}
+	if forceMultipart {
+		if err := syupload.UploadObjectFile(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, true); err != nil {
+			return fmt.Errorf("upload error: %w", err)
+		}
+		return nil
+	}
+
+	signedURL, err := resolveScopedUploadURL(rt, ctx, backend, drsObject.Id, objectKey)
+	if err != nil {
+		return fmt.Errorf("upload error: failed to get upload URL: %w", err)
+	}
+
+	file, err := os.Open(filePath)
+	if err != nil {
+		return fmt.Errorf("upload error: open source: %w", err)
+	}
+	defer file.Close()
+	if err := backend.Upload(ctx, signedURL, file, fileSize); err != nil {
 		return fmt.Errorf("upload error: %w", err)
 	}
+	if cb := sycommon.GetProgress(ctx); cb != nil {
+		if err := cb(sycommon.ProgressEvent{Event: "progress", Oid: sycommon.GetOid(ctx), BytesSoFar: fileSize, BytesSinceLast: fileSize}); err != nil {
+			return fmt.Errorf("upload progress callback failed: %w", err)
+		}
+	}
 	return nil
 }
 
+func resolveScopedUploadURL(rt *pushRuntime, ctx context.Context, backend transfer.MultipartBackend, did, objectKey string) (string, error) {
+	organization := strings.TrimSpace(rt.Scope.Organization)
+	project := strings.TrimSpace(rt.Scope.Project)
+	if organization == "" || project == "" {
+		return "", fmt.Errorf("upload scope organization/project is required")
+	}
+
+	if rt.API != nil && rt.API.Client != nil && rt.API.Client.Requestor() != nil {
+		query := url.Values{}
+		query.Set("organization", organization)
+		query.Set("project", project)
+		query.Set("file_name", objectKey)
+		var out internalapi.InternalSignedURL
+		if err := rt.API.Client.Requestor().Do(ctx, http.MethodGet, "/data/upload/"+url.PathEscape(did), nil, &out, syrequest.WithQueryValues(query)); err != nil {
+			return "", err
+		}
+		if out.Url == nil || strings.TrimSpace(*out.Url) == "" {
+			return "", fmt.Errorf("response missing URL")
+		}
+		return *out.Url, nil
+	}
+
+	resolver, ok := backend.(interface {
+		ResolveUploadURL(context.Context, string, string, sycommon.FileMetadata, string) (string, error)
+	})
+	if !ok {
+		return "", fmt.Errorf("upload backend cannot resolve upload URLs")
+	}
+	metadata := sycommon.FileMetadata{
+		Authorizations: map[string][]string{
+			organization: {project},
+		},
+	}
+	return resolver.ResolveUploadURL(ctx, did, objectKey, metadata, "")
+}
+
 func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error {
 	httpClient := http.DefaultClient
 	if cl != nil && cl.Client != nil && cl.Client.HTTPClient() != nil {
@@ -214,10 +282,11 @@ func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error
 }
 
 func probeDownloadURL(ctx context.Context, httpClient *http.Client, rawURL string) error {
-	req, err := http.NewRequestWithContext(ctx, http.MethodHead, rawURL, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil)
 	if err != nil {
 		return err
 	}
+	req.Header.Set("Range", "bytes=0-0")
 	if httpClient == nil {
 		httpClient = http.DefaultClient
 	}
diff --git a/internal/pushsync/register_test.go b/internal/pushsync/register_test.go
index 36e57074..5eed7c2e 100644
--- a/internal/pushsync/register_test.go
+++ b/internal/pushsync/register_test.go
@@ -1,33 +1,40 @@
 package pushsync
 
 import (
-	"context"
-	"io"
-	"net/http"
-	"strings"
+	"os"
+	"path/filepath"
 	"testing"
-)
 
-func TestProbeDownloadURLUsesProvidedHTTPClient(t *testing.T) {
-	t.Parallel()
+	localcommon "github.com/calypr/git-drs/internal/common"
+)
 
-	client := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
-		if r.Method != http.MethodHead {
-			t.Fatalf("expected HEAD request, got %s", r.Method)
-		}
-		return &http.Response{
-			StatusCode: http.StatusOK,
-			Body:       io.NopCloser(strings.NewReader("")),
-			Header:     make(http.Header),
-			Request:    r,
-		}, nil
-	})}
+func TestResolveUploadSourcePath_NoSentinelObjectForPointer(t *testing.T) {
+	repo := t.TempDir()
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
 
-	if err := probeDownloadURL(context.Background(), client, "https://signed.example/object.bin"); err != nil {
-		t.Fatalf("probeDownloadURL returned error: %v", err)
+	oid := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+	worktreePath := filepath.Join(repo, "data.bin")
+	if err := os.WriteFile(worktreePath, []byte("version https://git-lfs.github.com/spec/v1\noid sha256:"+oid+"\nsize 1\n"), 0o644); err != nil {
+		t.Fatalf("write pointer: %v", err)
 	}
-}
 
-type roundTripFunc func(*http.Request) (*http.Response, error)
+	// Ensure the implicit cache root matches command behavior under the cwd.
+	if _, err := os.Stat(localcommon.LFS_OBJS_PATH); err == nil {
+		t.Fatalf("expected no local object cache at %s", localcommon.LFS_OBJS_PATH)
+	}
 
-func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
+	src, ok, err := resolveUploadSourcePath(oid, worktreePath, true)
+	if err != nil {
+		t.Fatalf("resolveUploadSourcePath: %v", err)
+	}
+	if ok || src != "" {
+		t.Fatalf("expected pointer without local payload to skip upload source, got src=%q ok=%v", src, ok)
+	}
+}
diff --git a/internal/testutils/config.go b/internal/testutils/config.go
index bc012cde..e8ab73bc 100644
--- a/internal/testutils/config.go
+++ b/internal/testutils/config.go
@@ -67,11 +67,17 @@ func CreateTestConfig(t *testing.T, tmpDir string, cfg *config.Config) {
 			setConfig(prefix+".endpoint", remote.Gen3.Endpoint)
 			setConfig(prefix+".project", remote.Gen3.ProjectID)
 			setConfig(prefix+".bucket", remote.Gen3.Bucket)
+			if remote.Gen3.Organization != "" {
+				setConfig(prefix+".organization", remote.Gen3.Organization)
+			}
 		} else if remote.Local != nil {
 			setConfig(prefix+".type", "local")
 			setConfig(prefix+".endpoint", remote.Local.BaseURL)
 			setConfig(prefix+".project", remote.Local.ProjectID)
 			setConfig(prefix+".bucket", remote.Local.Bucket)
+			if remote.Local.Organization != "" {
+				setConfig(prefix+".organization", remote.Local.Organization)
+			}
 		}
 	}
 }
diff --git a/tests/README.md b/tests/README.md
index 5a2c02ff..daf48d6d 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -66,7 +66,7 @@ TEST_STRICT_CLEANUP=true
   - multipart/resume checks
   - LFS compatibility path
 - `tests/e2e-gen3-remote-addurl.sh`
-  - add-url with known SHA and unknown SHA sentinel path
+  - add-url with known SHA and unknown SHA placeholder path
 - `tests/e2e-local-full.sh`
   - wrapper for full suite in `local` server mode
 - `tests/e2e-local-addurl.sh`
diff --git a/tests/coverage-test.sh b/tests/coverage-test.sh
index b2c57572..0bc980d1 100755
--- a/tests/coverage-test.sh
+++ b/tests/coverage-test.sh
@@ -276,7 +276,7 @@ export AWS_SECRET_ACCESS_KEY="$SECRET_KEY"
 export AWS_ENDPOINT_URL_S3="$ENDPOINT"
 export AWS_REGION="${AWS_REGION:-us-east-1}"
 
-# use add-url without --sha256 (experimental sentinel mode)
+# use add-url without --sha256
 git drs add-url s3://$PREFIX$BUCKET/simple_test_file.txt data/simple_test_file.txt
 
 # set the .gitattributes to track the file
@@ -305,7 +305,7 @@ if [ -z "$original_add_url_oid" ]; then
   exit 1
 fi
 if [ "$original_add_url_oid" = "$sha256" ]; then
-  err "expected sentinel/synthetic oid for unknown-sha add-url, but found real sha256"
+  err "expected placeholder oid for unknown-sha add-url, but found real sha256"
   exit 1
 fi
 
diff --git a/tests/e2e-gen3-remote-addurl.sh b/tests/e2e-gen3-remote-addurl.sh
index 7976a10c..b4b155e0 100755
--- a/tests/e2e-gen3-remote-addurl.sh
+++ b/tests/e2e-gen3-remote-addurl.sh
@@ -650,19 +650,15 @@ main() {
   if [[ "$SERVER_MODE" == "remote" ]]; then
     log "Configuring gen3 remote"
     run_cmd_with_timeout "$TEST_CMD_TIMEOUT_SECONDS" "git drs remote add gen3 (source repo)" \
-      git drs remote add gen3 "$REMOTE_NAME" \
-        --token "$GEN3_TOKEN" \
-        --bucket "$TEST_BUCKET_NAME" \
-        --organization "$ORGANIZATION" \
-        --project "$PROJECT_ID"
+      git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" \
+        --token "$GEN3_TOKEN"
   else
     log "Configuring local remote"
     local -a local_add_args
     local_add_args=(
       git drs remote add local "$REMOTE_NAME" "$DRS_URL"
+      "$ORGANIZATION/$PROJECT_ID"
       --bucket "$TEST_BUCKET_NAME"
-      --organization "$ORGANIZATION"
-      --project "$PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
@@ -717,7 +713,7 @@ main() {
     exit 1
   fi
   if [[ "$unknown_pointer_oid" == "$unknown_real_oid" ]]; then
-    echo "error: unknown-sha add-url unexpectedly used real sha256 (expected synthetic/sentinel oid)" >&2
+    echo "error: unknown-sha add-url unexpectedly used real sha256 (expected placeholder oid)" >&2
     exit 1
   fi
   ALL_OIDS+=("$unknown_pointer_oid")
@@ -755,18 +751,14 @@ main() {
   configure_lfs_endpoint_for_repo "$REMOTE_NAME"
   if [[ "$SERVER_MODE" == "remote" ]]; then
     run_cmd_with_timeout "$TEST_CMD_TIMEOUT_SECONDS" "git drs remote add gen3 (clone repo)" \
-      git drs remote add gen3 "$REMOTE_NAME" \
-        --token "$GEN3_TOKEN" \
-        --bucket "$TEST_BUCKET_NAME" \
-        --organization "$ORGANIZATION" \
-        --project "$PROJECT_ID"
+      git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" \
+        --token "$GEN3_TOKEN"
   else
     local -a local_add_args_clone
     local_add_args_clone=(
       git drs remote add local "$REMOTE_NAME" "$DRS_URL"
+      "$ORGANIZATION/$PROJECT_ID"
       --bucket "$TEST_BUCKET_NAME"
-      --organization "$ORGANIZATION"
-      --project "$PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args_clone+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
diff --git a/tests/e2e-gen3-remote-full.sh b/tests/e2e-gen3-remote-full.sh
index dea0572c..d1142f91 100755
--- a/tests/e2e-gen3-remote-full.sh
+++ b/tests/e2e-gen3-remote-full.sh
@@ -1416,10 +1416,10 @@ main() {
   configure_local_credential_helper
   git config --local lfs.basictransfersonly true
   if [[ "$SERVER_MODE" == "remote" ]]; then
-    git drs remote add gen3 "$REMOTE_NAME" --token "$GEN3_TOKEN" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID"
+    git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" --token "$GEN3_TOKEN"
   else
     local -a local_add_args
-    local_add_args=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID")
+    local_add_args=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" "$ORGANIZATION/$PROJECT_ID")
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
     fi
@@ -1544,10 +1544,10 @@ main() {
   configure_local_credential_helper
   git config --local lfs.basictransfersonly true
   if [[ "$SERVER_MODE" == "remote" ]]; then
-    git drs remote add gen3 "$REMOTE_NAME" --token "$GEN3_TOKEN" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID"
+    git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" --token "$GEN3_TOKEN"
   else
     local -a local_add_args_clone
-    local_add_args_clone=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID")
+    local_add_args_clone=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" "$ORGANIZATION/$PROJECT_ID")
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args_clone+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
     fi
@@ -1608,10 +1608,10 @@ main() {
     configure_local_credential_helper
     git config --local lfs.basictransfersonly true
     if [[ "$SERVER_MODE" == "remote" ]]; then
-      git drs remote add gen3 "$REMOTE_NAME" --token "$GEN3_TOKEN" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID"
+      git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" --token "$GEN3_TOKEN"
     else
       local -a local_add_args_lfs
-      local_add_args_lfs=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID")
+      local_add_args_lfs=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" "$ORGANIZATION/$PROJECT_ID")
       if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
         local_add_args_lfs+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
       fi
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go
index 58984c1a..7ca29110 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go
@@ -91,22 +91,14 @@ func normalizeDockerBucketMapKeyPart(v string) string {
 func upsertSyfonBucketScope(t *testing.T, serverURL string, minioEnv *minioContainer, org, project, path string) {
 	t.Helper()
 	body, err := json.Marshal(map[string]string{
-		"bucket":             minioEnv.bucket,
-		"provider":           "s3",
-		"region":             minioEnv.region,
-		"access_key":         minioEnv.accessKey,
-		"secret_key":         minioEnv.secretKey,
-		"endpoint":           minioEnv.endpoint,
-		"billing_log_bucket": minioEnv.bucket,
-		"billing_log_prefix": dockerE2EProviderLogPrefix,
-		"organization":       org,
-		"project_id":         project,
-		"path":               path,
+		"organization": org,
+		"project_id":   project,
+		"path":         path,
 	})
 	if err != nil {
 		t.Fatalf("marshal bucket scope request: %v", err)
 	}
-	req, err := http.NewRequest(http.MethodPut, strings.TrimRight(serverURL, "/")+"/data/buckets", bytes.NewReader(body))
+	req, err := http.NewRequest(http.MethodPost, strings.TrimRight(serverURL, "/")+"/data/buckets/"+minioEnv.bucket+"/scopes", bytes.NewReader(body))
 	if err != nil {
 		t.Fatalf("build bucket scope request: %v", err)
 	}
@@ -254,3 +246,33 @@ func assertMinIOObjectExists(t *testing.T, client *s3.Client, bucket, key string
 		t.Fatalf("expected MinIO object %s/%s to exist: %v", bucket, key, err)
 	}
 }
+
+func assertMinIOObjectMissing(t *testing.T, client *s3.Client, bucket, key string) {
+	t.Helper()
+	_, err := client.HeadObject(context.Background(), &s3.HeadObjectInput{
+		Bucket: aws.String(bucket),
+		Key:    aws.String(key),
+	})
+	if err == nil {
+		t.Fatalf("expected MinIO object %s/%s to be deleted", bucket, key)
+	}
+}
+
+func assertDRSRecordMissing(t *testing.T, serverURL, did string) {
+	t.Helper()
+	target := strings.TrimRight(serverURL, "/") + "/ga4gh/drs/v1/objects/" + did
+	req, err := http.NewRequest(http.MethodGet, target, nil)
+	if err != nil {
+		t.Fatalf("build GET %s: %v", target, err)
+	}
+	req.SetBasicAuth(dockerE2ELocalUser, dockerE2ELocalPassword)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("GET %s: %v", target, err)
+	}
+	defer resp.Body.Close()
+	body, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusNotFound {
+		t.Fatalf("expected DRS record %s to be deleted, got status=%d body=%s", did, resp.StatusCode, string(body))
+	}
+}
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go
index a77582e4..456ffca8 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go
@@ -149,10 +149,9 @@ func configureLocalRepo(t *testing.T, dir, credentialStore string) {
 func configureGitDrsRemote(t *testing.T, repoDir, serverURL string, minioEnv *minioContainer) {
 	t.Helper()
 	t.Logf("configuring git-drs remote: repo=%s server=%s bucket=%s org=%s project=%s", repoDir, serverURL, minioEnv.bucket, dockerE2EOrganization, dockerE2EProjectID)
+	setLocalBucketMapping(t, repoDir, dockerE2EOrganization, dockerE2EProjectID, minioEnv.bucket, "")
 	runCommand(t, repoDir, nil, "git", "drs", "remote", "add", "local", "origin", serverURL,
-		"--bucket", minioEnv.bucket,
-		"--organization", dockerE2EOrganization,
-		"--project", dockerE2EProjectID,
+		dockerE2EOrganization+"/"+dockerE2EProjectID,
 		"--username", dockerE2ELocalUser,
 		"--password", dockerE2ELocalPassword,
 	)
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_test.go
index 4d90ce32..40f604ef 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_test.go
@@ -65,6 +65,7 @@ func TestGitDrsDockerMinIOE2E(t *testing.T) {
 	runCommand(t, repoDir, nil, "git", "remote", "add", "origin", gogsEnv.repoCloneURL)
 	runCommand(t, repoDir, nil, "git", "drs", "init")
 	configureGitDrsRemote(t, repoDir, server.url, minioEnv)
+	upsertSyfonBucketScope(t, server.url, minioEnv, dockerE2EOrganization, dockerE2EProjectID, "s3://"+minioEnv.bucket)
 	logRepoSnapshot(t, repoDir, "post-init")
 
 	t.Logf("STEP 5: Uploading tracked files through git-drs push...")
@@ -105,6 +106,7 @@ func TestGitDrsDockerMinIOE2E(t *testing.T) {
 		t.Fatalf("restore git credential store: %v", err)
 	}
 	runCommand(t, repoDir, nil, "git", "drs", "push", "origin")
+	runCommand(t, repoDir, nil, "git", "branch", "--set-upstream-to=origin/main", "main")
 	logRepoSnapshot(t, repoDir, "post-push")
 	querySmall := runCommand(t, repoDir, nil, "git", "drs", "query", "--remote", "origin", "--pretty", smallDid)
 	if !strings.Contains(querySmall, smallDid) {
@@ -169,6 +171,14 @@ func TestGitDrsDockerMinIOE2E(t *testing.T) {
 		t.Fatalf("multipart file checksum lookup mismatch: expected DID %s and hash %s in output %q", largeDid, largeSumHex, largeHashOut)
 	}
 	t.Logf("hash verification complete for source.txt=%s multipart.bin=%s", smallSumHex, largeSumHex)
+
+	t.Logf("STEP 7: Deleting a tracked file via git drs rm and verifying remote record + bucket removal...")
+	runCommand(t, repoDir, nil, "git", "drs", "rm", "data/source.txt")
+	runCommand(t, repoDir, nil, "git", "commit", "-m", "remove source.txt through git drs rm")
+	runCommand(t, repoDir, nil, "git", "drs", "push", "origin")
+	logRepoSnapshot(t, repoDir, "post-delete-push")
+	assertMinIOObjectMissing(t, minioEnv.s3Client, minioEnv.bucket, smallDid)
+	assertDRSRecordMissing(t, server.url, smallDid)
 }
 
 func TestGitDrsDockerAddURLE2E(t *testing.T) {
@@ -355,6 +365,7 @@ func TestGitDrsDockerBucketScopePathsE2E(t *testing.T) {
 	runCommand(t, repoDir, nil, "git", "drs", "track", "*.bin")
 
 	t.Logf("STEP 5: Adding managed uploads for each bucket scope path case...")
+	upsertSyfonBucketScope(t, server.url, minioEnv, dockerE2EOrganization, dockerE2EProjectID, "s3://"+minioEnv.bucket)
 	defaultOID := addTrackedPayloadCommit(t, repoDir, "data/default-root.bin", []byte("default bucket root payload"), ".gitattributes")
 	defaultKey := defaultOID
 	runCommand(t, repoDir, nil, "git", "drs", "push", "origin")
diff --git a/tests/monorepos/e2e-monorepo-remote.sh b/tests/monorepos/e2e-monorepo-remote.sh
index a53dc5a2..d02bc19a 100755
--- a/tests/monorepos/e2e-monorepo-remote.sh
+++ b/tests/monorepos/e2e-monorepo-remote.sh
@@ -14,9 +14,10 @@ fi
 
 DRS_URL="${TEST_DRS_URL:-${DRS_URL:-https://caliper-training.ohsu.edu}}"
 SERVER_MODE="${TEST_SERVER_MODE:-${SERVER_MODE:-remote}}"
-GEN3_TOKEN="${TEST_GEN3_TOKEN:-${GEN3_TOKEN:-}}"
-GEN3_TOKEN_SOURCE="${TEST_GEN3_TOKEN:+env:TEST_GEN3_TOKEN}"
+GEN3_TOKEN=""
+GEN3_TOKEN_SOURCE=""
 GEN3_PROFILE="${TEST_GEN3_PROFILE:-${GEN3_PROFILE:-}}"
+USER_SUPPLIED_GEN3_TOKEN="${TEST_GEN3_TOKEN:-${GEN3_TOKEN:-}}"
 GEN3_CONFIG_PATH="${TEST_GEN3_CONFIG_PATH:-${GEN3_CONFIG_PATH:-$HOME/.gen3/gen3_client_config.ini}}"
 ADMIN_AUTH_HEADER="${TEST_ADMIN_AUTH_HEADER:-${ADMIN_AUTH_HEADER:-}}"
 LOCAL_USERNAME="${TEST_LOCAL_USERNAME:-${LOCAL_USERNAME:-${DRS_BASIC_AUTH_USER:-}}}"
@@ -259,15 +260,14 @@ resolve_auth_from_profile_if_needed() {
   if [[ "$SERVER_MODE" == "local" ]]; then
     return
   fi
-  if [[ -n "$GEN3_TOKEN" ]]; then
-    GEN3_TOKEN_SOURCE="${GEN3_TOKEN_SOURCE:-env:TEST_GEN3_TOKEN}"
-    return
-  fi
   require_env GEN3_PROFILE "$GEN3_PROFILE"
   if [[ ! -f "$GEN3_CONFIG_PATH" ]]; then
     echo "error: GEN3 profile config file not found at $GEN3_CONFIG_PATH" >&2
     exit 1
   fi
+  if [[ -n "$USER_SUPPLIED_GEN3_TOKEN" ]]; then
+    echo "warning: TEST_GEN3_TOKEN/GEN3_TOKEN is ignored by this script; using GEN3_PROFILE='$GEN3_PROFILE' from $GEN3_CONFIG_PATH" >&2
+  fi
 
   local profile_token profile_endpoint profile_api_key
   profile_token="$(load_profile_field "$GEN3_PROFILE" "access_token" "$GEN3_CONFIG_PATH")"
@@ -478,8 +478,8 @@ validate_config() {
       ;;
   esac
 
-  if [[ "$SERVER_MODE" == "remote" && -z "$GEN3_TOKEN" && -z "$GEN3_PROFILE" ]]; then
-    echo "error: remote mode requires TEST_GEN3_TOKEN or GEN3_PROFILE/TEST_GEN3_PROFILE" >&2
+  if [[ "$SERVER_MODE" == "remote" && -z "$GEN3_PROFILE" ]]; then
+    echo "error: remote mode requires GEN3_PROFILE/TEST_GEN3_PROFILE" >&2
     exit 1
   fi
   if [[ "$SERVER_MODE" == "local" ]]; then
@@ -651,18 +651,14 @@ setup_repo() {
   configure_local_credential_helper
   if [[ "$SERVER_MODE" == "remote" ]]; then
     git drs remote add gen3 "$MONO_REMOTE_NAME" \
-      --token "$GEN3_TOKEN" \
-      --bucket "$ACTIVE_BUCKET" \
-      --organization "$TEST_ORGANIZATION" \
-      --project "$TEST_PROJECT_ID"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
     ensure_repo_remote_token "$MONO_REMOTE_NAME"
   else
     local -a local_add_args
     local_add_args=(
       git drs remote add local "$MONO_REMOTE_NAME" "$DRS_URL"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
       --bucket "$ACTIVE_BUCKET"
-      --organization "$TEST_ORGANIZATION"
-      --project "$TEST_PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
@@ -730,18 +726,14 @@ clone_and_verify() {
   configure_local_credential_helper
   if [[ "$SERVER_MODE" == "remote" ]]; then
     git drs remote add gen3 "$MONO_REMOTE_NAME" \
-      --token "$GEN3_TOKEN" \
-      --bucket "$ACTIVE_BUCKET" \
-      --organization "$TEST_ORGANIZATION" \
-      --project "$TEST_PROJECT_ID"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
     ensure_repo_remote_token "$MONO_REMOTE_NAME"
   else
     local -a local_add_args_clone
     local_add_args_clone=(
       git drs remote add local "$MONO_REMOTE_NAME" "$DRS_URL"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
       --bucket "$ACTIVE_BUCKET"
-      --organization "$TEST_ORGANIZATION"
-      --project "$TEST_PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args_clone+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
diff --git a/tests/monorepos/run-test.sh b/tests/monorepos/run-test.sh
index 47a5835e..263d0993 100755
--- a/tests/monorepos/run-test.sh
+++ b/tests/monorepos/run-test.sh
@@ -211,7 +211,7 @@ if [ "$CLONE" = "true" ]; then
   fi
   echo "Pulling LFS objects from remote" >&2
   git drs init
-  git drs remote add gen3 "$PROFILE" --cred "$CREDENTIALS_PATH"  --bucket $BUCKET --project "$PROGRAM-$PROJECT" --url https://calypr-dev.ohsu.edu
+  git drs remote add gen3 "$PROFILE" "$PROGRAM/$PROJECT" --cred "$CREDENTIALS_PATH"
   git lfs pull origin main
   if grep -q 'https://git-lfs.github.com/spec/v1' ./TARGET-ALL-P2/sub-directory-1/*file-0001.dat; then
     echo "error: LFS pointer resolved and data in `TARGET-ALL-P2/sub-directory-1/file-0001.dat`" >&2
@@ -235,7 +235,7 @@ else
 
   # Initialize drs configuration for this repo
   git drs init -t 16
-  git drs remote add gen3 "$PROFILE" --cred "$CREDENTIALS_PATH"  --bucket $BUCKET --project "$PROGRAM-$PROJECT" --url https://calypr-dev.ohsu.edu
+  git drs remote add gen3 "$PROFILE" "$PROGRAM/$PROJECT" --cred "$CREDENTIALS_PATH"
   # Set multipart-threshold to 10 (MB) for testing purposes
   # Using a smaller threshold to force a multipart upload for testing
   # default is 500 (MB)

From 2784d9a69a45f340a386deb0dc12f23bc4c5ba70 Mon Sep 17 00:00:00 2001
From: matthewpeterkort <matthewpeterkort@gmail.com>
Date: Mon, 11 May 2026 15:53:04 -0700
Subject: [PATCH 5/7] pin versions to latest syfon release

---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 3096b9d6..b513958d 100644
--- a/go.mod
+++ b/go.mod
@@ -5,8 +5,8 @@ go 1.26.3
 require (
 	github.com/bytedance/sonic v1.15.0
 	github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f
-	github.com/calypr/syfon v0.2.9-0.20260511213931-ff4d5a467b3e
-	github.com/calypr/syfon/apigen v0.2.7-0.20260511213931-ff4d5a467b3e
+	github.com/calypr/syfon v0.2.9
+	github.com/calypr/syfon/apigen v0.2.7
 	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1
 	github.com/go-git/go-git/v5 v5.13.0
 	github.com/golang-jwt/jwt/v5 v5.3.1
@@ -141,7 +141,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.32.14
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.14
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0
-	github.com/calypr/syfon/client v0.2.8-0.20260511213931-ff4d5a467b3e
+	github.com/calypr/syfon/client v0.2.8
 	github.com/hashicorp/go-version v1.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
diff --git a/go.sum b/go.sum
index d823b2d1..73ae11d9 100644
--- a/go.sum
+++ b/go.sum
@@ -117,12 +117,12 @@ github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiD
 github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f h1:+jRjTLBjCjxbWvcbYIi9Oe+XBGlwLJnnk8mk1wHEamY=
 github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f/go.mod h1:cAKvEGQogXFM4Hz22/JNOH+l2bRaz+pjT3N2H5cC8D4=
-github.com/calypr/syfon v0.2.9-0.20260511213931-ff4d5a467b3e h1:VSCX3ZwQcOWCjrZ7WFP4TW9vGi9WPYZuuZsjEoRluwA=
-github.com/calypr/syfon v0.2.9-0.20260511213931-ff4d5a467b3e/go.mod h1:FMYmSy6rbUGbFcuNTlKtxIhWSlIRPbZfpauKMO0k1V4=
-github.com/calypr/syfon/apigen v0.2.7-0.20260511213931-ff4d5a467b3e h1:PtLxUIloatJGqZx/UkvG7wT9z8vh7R3N4CyDnc139Zk=
-github.com/calypr/syfon/apigen v0.2.7-0.20260511213931-ff4d5a467b3e/go.mod h1:VrRZ2A17YV91Zsm7CF/u1/Z+DfcZAk8Q4Pk1xklb5xU=
-github.com/calypr/syfon/client v0.2.8-0.20260511213931-ff4d5a467b3e h1:ycB0RN7nRdbU9gRynm8JC1pGsBSc4VmOxLkKGNPCLtg=
-github.com/calypr/syfon/client v0.2.8-0.20260511213931-ff4d5a467b3e/go.mod h1:9MTLDQ5clwDHcDuKCEuVaV7bebsCIUtUQxTegW3RDVo=
+github.com/calypr/syfon v0.2.9 h1:ZpcXCtlD6QxWTQKn5S1ulGEMh/tbnHv6kAIum1kQbCQ=
+github.com/calypr/syfon v0.2.9/go.mod h1:FMYmSy6rbUGbFcuNTlKtxIhWSlIRPbZfpauKMO0k1V4=
+github.com/calypr/syfon/apigen v0.2.7 h1:h5ZcxoLFPuLXt+8EUWICbKQgE/MMu2jym4oUshV3m8k=
+github.com/calypr/syfon/apigen v0.2.7/go.mod h1:VrRZ2A17YV91Zsm7CF/u1/Z+DfcZAk8Q4Pk1xklb5xU=
+github.com/calypr/syfon/client v0.2.8 h1:xMq5pZNnvkY9UnfrQVvJXe8Ic/Y0D2OLyreMaqNVP5U=
+github.com/calypr/syfon/client v0.2.8/go.mod h1:9MTLDQ5clwDHcDuKCEuVaV7bebsCIUtUQxTegW3RDVo=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=

From 21e4dcd050577705091282e1970a2388b15b7f7d Mon Sep 17 00:00:00 2001
From: Brian <brian@bwalsh.com>
Date: Tue, 12 May 2026 07:56:55 -0700
Subject: [PATCH 6/7] fix-unnecessary-introductory-text (#234)

Removed unnecessary introductory text from developer documentation.

Co-authored-by: Matthew Peterkort <33436238+matthewpeterkort@users.noreply.github.com>
---
 docs/precommit.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/docs/precommit.md b/docs/precommit.md
index 89bb318d..d99b4add 100644
--- a/docs/precommit.md
+++ b/docs/precommit.md
@@ -1,9 +1,3 @@
-Below is **developer-facing documentation** you can drop into your repo (e.g. `docs/precommit-cache.md` or `README-precommit.md`).
-It assumes:
-
-* `cmd/precommit` installs the **pre-commit hook**
-* `precommit_cache` is the **read-only helper library** used by pre-push (and other tooling)
-
 ---
 
 # Developer Documentation: `.git/drs/pre-commit` Cache & Helpers

From 17880ebadcf5ee0ac4dcd819ffe3503bb85c5721 Mon Sep 17 00:00:00 2001
From: Matthew Peterkort <33436238+matthewpeterkort@users.noreply.github.com>
Date: Tue, 12 May 2026 17:53:09 -0700
Subject: [PATCH 7/7] Fix/misc issues (#235)

* clean up progress upload

* add progress for git drs pull downloads, update docs

* fix tests

* fix coverage test

* fix bot issues

* bump library deps
---
 cmd/initialize/main.go                        |    14 +-
 cmd/initialize/main_test.go                   |    11 +
 cmd/lsfiles/main.go                           |   101 +-
 cmd/lsfiles/main_test.go                      |   126 +-
 cmd/pull/main.go                              |    54 +-
 cmd/pull/progress.go                          |   185 +
 cmd/pull/progress_test.go                     |    85 +
 cmd/push/main.go                              |     9 +
 cmd/push/progress.go                          |   174 +-
 cmd/push/progress_test.go                     |   120 +-
 cmd/remote/add/local_test.go                  |    14 +
 coverage/combined.html                        | 14839 +++++++++-------
 coverage/combined.out                         |  4567 +++--
 coverage/summary.txt                          |   720 +-
 docs/TODO/bug-checksum-match-upload-skip.md   |    17 +
 docs/bucket-mapping.md                        |   210 +
 docs/commands.md                              |    19 +-
 docs/getting-started.md                       |   426 +-
 docs/git-lfs.md                               |    37 +
 docs/installation.md                          |   142 +-
 docs/quickstart.md                            |   121 +
 docs/remove-files.md                          |    59 +
 go.mod                                        |    50 +-
 go.sum                                        |   116 +-
 internal/config/remote.go                     |     1 +
 internal/progressui/renderer.go               |   228 +
 internal/pushsync/batch_sync.go               |    88 +-
 internal/pushsync/batch_sync_test.go          |   164 +-
 internal/pushsync/register.go                 |    47 +-
 internal/pushsync/register_test.go            |   197 +
 .../docker_syfon_e2e_setup_test.go            |    38 +
 .../docker_syfon_e2e_syfon_test.go            |    32 +-
 32 files changed, 13656 insertions(+), 9355 deletions(-)
 create mode 100644 cmd/pull/progress.go
 create mode 100644 cmd/pull/progress_test.go
 create mode 100644 docs/TODO/bug-checksum-match-upload-skip.md
 create mode 100644 docs/bucket-mapping.md
 create mode 100644 docs/git-lfs.md
 create mode 100644 docs/quickstart.md
 create mode 100644 docs/remove-files.md
 create mode 100644 internal/progressui/renderer.go

diff --git a/cmd/initialize/main.go b/cmd/initialize/main.go
index 26a0738b..dd9d6fca 100644
--- a/cmd/initialize/main.go
+++ b/cmd/initialize/main.go
@@ -127,6 +127,15 @@ func isInitialized() (bool, error) {
 	if val, err := gitrepo.GetGitConfigString("filter.drs.process"); err != nil || strings.TrimSpace(val) != "git-drs filter" {
 		return false, err
 	}
+	if val, err := gitrepo.GetGitConfigString("filter.drs.clean"); err != nil || strings.TrimSpace(val) != "git-drs clean -- %f" {
+		return false, err
+	}
+	if val, err := gitrepo.GetGitConfigString("filter.drs.smudge"); err != nil || strings.TrimSpace(val) != "git-drs smudge -- %f" {
+		return false, err
+	}
+	if val, err := gitrepo.GetGitConfigString("filter.drs.required"); err != nil || strings.TrimSpace(val) != "true" {
+		return false, err
+	}
 
 	preCommitInstalled, err := hookContains("pre-commit", "git drs precommit")
 	if err != nil {
@@ -165,7 +174,10 @@ func initGitConfig() error {
 		// Use git-drs as the long-running filter-process handler.
 		// This replaces the default git-lfs smudge/clean per-invocation commands
 		// with a single persistent process that calls the DRS transfer stack directly.
-		"filter.drs.process": "git-drs filter",
+		"filter.drs.clean":    "git-drs clean -- %f",
+		"filter.drs.smudge":   "git-drs smudge -- %f",
+		"filter.drs.process":  "git-drs filter",
+		"filter.drs.required": "true",
 		// Canonical git-drs config keys consumed by clients.
 		"drs.upsert":                  strconv.FormatBool(upsert),
 		"drs.multipart-threshold":     strconv.Itoa(multiPartThreshold),
diff --git a/cmd/initialize/main_test.go b/cmd/initialize/main_test.go
index 04b02369..0c2beab3 100644
--- a/cmd/initialize/main_test.go
+++ b/cmd/initialize/main_test.go
@@ -106,6 +106,10 @@ func TestInitConfigValues(t *testing.T) {
 
 	check("lfs.concurrenttransfers", "8")
 	check("lfs.allowincompletepush", "false")
+	check("filter.drs.clean", "git-drs clean -- %f")
+	check("filter.drs.smudge", "git-drs smudge -- %f")
+	check("filter.drs.process", "git-drs filter")
+	check("filter.drs.required", "true")
 }
 
 func TestEnsureInitialized(t *testing.T) {
@@ -129,4 +133,11 @@ func TestEnsureInitialized(t *testing.T) {
 	if filterProcess != "git-drs filter" {
 		t.Fatalf("unexpected filter.drs.process: %q", filterProcess)
 	}
+	filterClean, err := gitrepo.GetGitConfigString("filter.drs.clean")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.clean): %v", err)
+	}
+	if filterClean != "git-drs clean -- %f" {
+		t.Fatalf("unexpected filter.drs.clean: %q", filterClean)
+	}
 }
diff --git a/cmd/lsfiles/main.go b/cmd/lsfiles/main.go
index 5da58516..d403a33e 100644
--- a/cmd/lsfiles/main.go
+++ b/cmd/lsfiles/main.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log/slog"
 	"os"
+	"os/exec"
 	"sort"
 	"strings"
 
@@ -35,8 +36,11 @@ var (
 		if len(branches) == 0 {
 			return lfs.GetTrackedLfsFiles(logger)
 		}
-		return lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
+		return lfs.GetLfsFilesForRefs(branches, logger)
 	}
+	listRemoteRefs           = defaultListRemoteRefs
+	listGitRemotes           = defaultListGitRemotes
+	resolveDefaultRemote     = defaultResolveDefaultRemote
 	lookupScopedObjectsBatch = drsremote.ObjectsByHashesForScope
 )
 
@@ -51,6 +55,73 @@ type fileRow struct {
 	Detail     string   `json:"detail,omitempty"`
 }
 
+func defaultListRemoteRefs(gitRemoteName string) ([]string, error) {
+	if strings.TrimSpace(gitRemoteName) == "" {
+		return nil, nil
+	}
+
+	cmd := exec.Command("git", "for-each-ref", "--format=%(refname)", "refs/remotes/"+gitRemoteName)
+	out, err := cmd.Output()
+	if err != nil {
+		return nil, fmt.Errorf("list refs for remote %s: %w", gitRemoteName, err)
+	}
+
+	lines := strings.Split(string(out), "\n")
+	refs := make([]string, 0, len(lines))
+	for _, line := range lines {
+		ref := strings.TrimSpace(line)
+		if ref == "" || strings.HasSuffix(ref, "/HEAD") {
+			continue
+		}
+		refs = append(refs, ref)
+	}
+	sort.Strings(refs)
+	return refs, nil
+}
+
+func defaultListGitRemotes() ([]string, error) {
+	cmd := exec.Command("git", "remote")
+	out, err := cmd.Output()
+	if err != nil {
+		return nil, fmt.Errorf("list git remotes: %w", err)
+	}
+
+	lines := strings.Split(string(out), "\n")
+	remotes := make([]string, 0, len(lines))
+	for _, line := range lines {
+		name := strings.TrimSpace(line)
+		if name == "" {
+			continue
+		}
+		remotes = append(remotes, name)
+	}
+	sort.Strings(remotes)
+	return remotes, nil
+}
+
+func defaultResolveDefaultRemote() string {
+	cfg, err := loadConfig()
+	if err == nil && cfg != nil {
+		if remote, err := cfg.GetRemoteOrDefault(""); err == nil {
+			return strings.TrimSpace(string(remote))
+		}
+	}
+
+	remotes, err := listGitRemotes()
+	if err != nil || len(remotes) == 0 {
+		return ""
+	}
+	for _, remote := range remotes {
+		if remote == config.ORIGIN {
+			return remote
+		}
+	}
+	if len(remotes) == 1 {
+		return remotes[0]
+	}
+	return ""
+}
+
 func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string, patterns []string, resolveDRS bool) ([]fileRow, error) {
 	logger := drslog.GetLogger()
 
@@ -73,10 +144,36 @@ func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string, patter
 		}
 	}
 
-	lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, []string{}, logger)
+	var (
+		refs []string
+		err  error
+	)
+	if strings.TrimSpace(gitRemoteName) != "" {
+		refs, err = listRemoteRefs(gitRemoteName)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, refs, logger)
 	if err != nil {
 		return nil, err
 	}
+	if len(lfsFiles) == 0 && strings.TrimSpace(gitRemoteName) == "" {
+		fallbackRemote := resolveDefaultRemote()
+		if fallbackRemote != "" {
+			refs, err = listRemoteRefs(fallbackRemote)
+			if err != nil {
+				return nil, err
+			}
+			if len(refs) > 0 {
+				lfsFiles, err = loadLFSInventory(fallbackRemote, drsRemoteName, refs, logger)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+	}
 
 	keys := make([]string, 0, len(lfsFiles))
 	for path := range lfsFiles {
diff --git a/cmd/lsfiles/main_test.go b/cmd/lsfiles/main_test.go
index 1daab41b..d4adf1a6 100644
--- a/cmd/lsfiles/main_test.go
+++ b/cmd/lsfiles/main_test.go
@@ -31,9 +31,11 @@ func TestCollectRowsLocalDefault(t *testing.T) {
 
 	oldLoadLFSInventory := loadLFSInventory
 	oldLookupScopedObjectsBatch := lookupScopedObjectsBatch
+	oldResolveDefaultRemote := resolveDefaultRemote
 	t.Cleanup(func() {
 		loadLFSInventory = oldLoadLFSInventory
 		lookupScopedObjectsBatch = oldLookupScopedObjectsBatch
+		resolveDefaultRemote = oldResolveDefaultRemote
 	})
 
 	tmpDir := t.TempDir()
@@ -74,6 +76,7 @@ func TestCollectRowsLocalDefault(t *testing.T) {
 		t.Fatalf("unexpected remote lookup for checksums %v", checksums)
 		return nil, nil
 	}
+	resolveDefaultRemote = func() string { return "" }
 
 	cmd := &cobra.Command{}
 	rows, err := collectRows(cmd, "", "", nil, false)
@@ -111,13 +114,17 @@ func TestCollectRowsWithDRSLookupAndFilters(t *testing.T) {
 	oldResolveRemote := resolveRemote
 	oldNewRemoteClient := newRemoteClient
 	oldLoadLFSInventory := loadLFSInventory
+	oldListRemoteRefs := listRemoteRefs
 	oldLookupScopedObjectsBatch := lookupScopedObjectsBatch
+	oldResolveDefaultRemote := resolveDefaultRemote
 	t.Cleanup(func() {
 		loadConfig = oldLoadConfig
 		resolveRemote = oldResolveRemote
 		newRemoteClient = oldNewRemoteClient
 		loadLFSInventory = oldLoadLFSInventory
+		listRemoteRefs = oldListRemoteRefs
 		lookupScopedObjectsBatch = oldLookupScopedObjectsBatch
+		resolveDefaultRemote = oldResolveDefaultRemote
 	})
 
 	loadConfig = func() (*config.Config, error) {
@@ -137,6 +144,12 @@ func TestCollectRowsWithDRSLookupAndFilters(t *testing.T) {
 			"data/file3.txt": {Name: "data/file3.txt", Oid: strings.Repeat("c", 64)},
 		}, nil
 	}
+	listRemoteRefs = func(remote string) ([]string, error) {
+		if remote == "" {
+			return nil, nil
+		}
+		return []string{"refs/remotes/dev/main"}, nil
+	}
 	lookupScopedObjectsBatch = func(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
 		got := map[string][]drsapi.DrsObject{}
 		for _, checksum := range checksums {
@@ -149,9 +162,10 @@ func TestCollectRowsWithDRSLookupAndFilters(t *testing.T) {
 		}
 		return got, nil
 	}
+	resolveDefaultRemote = func() string { return "" }
 
 	cmd := &cobra.Command{}
-	rows, err := collectRows(cmd, "", "", []string{"data/**"}, true)
+	rows, err := collectRows(cmd, "dev", "", []string{"data/**"}, true)
 	if err != nil {
 		t.Fatalf("collectRows returned error: %v", err)
 	}
@@ -188,13 +202,17 @@ func TestCollectRowsWithDRSLookupBatchError(t *testing.T) {
 	oldResolveRemote := resolveRemote
 	oldNewRemoteClient := newRemoteClient
 	oldLoadLFSInventory := loadLFSInventory
+	oldListRemoteRefs := listRemoteRefs
 	oldLookupScopedObjectsBatch := lookupScopedObjectsBatch
+	oldResolveDefaultRemote := resolveDefaultRemote
 	t.Cleanup(func() {
 		loadConfig = oldLoadConfig
 		resolveRemote = oldResolveRemote
 		newRemoteClient = oldNewRemoteClient
 		loadLFSInventory = oldLoadLFSInventory
+		listRemoteRefs = oldListRemoteRefs
 		lookupScopedObjectsBatch = oldLookupScopedObjectsBatch
+		resolveDefaultRemote = oldResolveDefaultRemote
 	})
 
 	loadConfig = func() (*config.Config, error) { return &config.Config{}, nil }
@@ -210,12 +228,19 @@ func TestCollectRowsWithDRSLookupBatchError(t *testing.T) {
 			"data/file3.txt": {Name: "data/file3.txt", Oid: strings.Repeat("c", 64)},
 		}, nil
 	}
+	listRemoteRefs = func(remote string) ([]string, error) {
+		if remote == "" {
+			return nil, nil
+		}
+		return []string{"refs/remotes/dev/main"}, nil
+	}
 	lookupScopedObjectsBatch = func(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
 		return nil, errors.New("lookup failed")
 	}
+	resolveDefaultRemote = func() string { return "" }
 
 	cmd := &cobra.Command{}
-	rows, err := collectRows(cmd, "", "", []string{"data/**"}, true)
+	rows, err := collectRows(cmd, "dev", "", []string{"data/**"}, true)
 	if err != nil {
 		t.Fatalf("collectRows returned error: %v", err)
 	}
@@ -229,6 +254,103 @@ func TestCollectRowsWithDRSLookupBatchError(t *testing.T) {
 	}
 }
 
+func TestCollectRowsUsesRemoteRefsWhenGitRemoteProvided(t *testing.T) {
+	resetFlagsForTest()
+
+	oldLoadLFSInventory := loadLFSInventory
+	oldListRemoteRefs := listRemoteRefs
+	oldResolveDefaultRemote := resolveDefaultRemote
+	t.Cleanup(func() {
+		loadLFSInventory = oldLoadLFSInventory
+		listRemoteRefs = oldListRemoteRefs
+		resolveDefaultRemote = oldResolveDefaultRemote
+	})
+
+	listRemoteRefs = func(remote string) ([]string, error) {
+		if remote != "dev" {
+			t.Fatalf("unexpected remote %q", remote)
+		}
+		return []string{"refs/remotes/dev/main", "refs/remotes/dev/release"}, nil
+	}
+
+	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		if gitRemoteName != "dev" {
+			t.Fatalf("unexpected git remote name %q", gitRemoteName)
+		}
+		if len(branches) != 2 || branches[0] != "refs/remotes/dev/main" || branches[1] != "refs/remotes/dev/release" {
+			t.Fatalf("unexpected refs %v", branches)
+		}
+		return map[string]lfs.LfsFileInfo{
+			"data/file.bam": {Name: "data/file.bam", Oid: strings.Repeat("a", 64)},
+		}, nil
+	}
+	resolveDefaultRemote = func() string {
+		t.Fatal("default remote fallback should not be used when --git-remote is set")
+		return ""
+	}
+
+	cmd := &cobra.Command{}
+	rows, err := collectRows(cmd, "dev", "", nil, false)
+	if err != nil {
+		t.Fatalf("collectRows returned error: %v", err)
+	}
+	if len(rows) != 1 || rows[0].Path != "data/file.bam" {
+		t.Fatalf("unexpected rows %+v", rows)
+	}
+}
+
+func TestCollectRowsFallsBackToDefaultRemoteWhenLocalInventoryEmpty(t *testing.T) {
+	resetFlagsForTest()
+
+	oldLoadLFSInventory := loadLFSInventory
+	oldListRemoteRefs := listRemoteRefs
+	oldResolveDefaultRemote := resolveDefaultRemote
+	t.Cleanup(func() {
+		loadLFSInventory = oldLoadLFSInventory
+		listRemoteRefs = oldListRemoteRefs
+		resolveDefaultRemote = oldResolveDefaultRemote
+	})
+
+	callCount := 0
+	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		callCount++
+		if callCount == 1 {
+			if gitRemoteName != "" || len(branches) != 0 {
+				t.Fatalf("first inventory call should be local-only, got remote=%q refs=%v", gitRemoteName, branches)
+			}
+			return map[string]lfs.LfsFileInfo{}, nil
+		}
+		if gitRemoteName != "dev" {
+			t.Fatalf("expected fallback remote dev, got %q", gitRemoteName)
+		}
+		if len(branches) != 1 || branches[0] != "refs/remotes/dev/main" {
+			t.Fatalf("unexpected fallback refs: %v", branches)
+		}
+		return map[string]lfs.LfsFileInfo{
+			"data/file2.bam": {Name: "data/file2.bam", Oid: strings.Repeat("b", 64)},
+		}, nil
+	}
+	resolveDefaultRemote = func() string { return "dev" }
+	listRemoteRefs = func(remote string) ([]string, error) {
+		if remote != "dev" {
+			t.Fatalf("expected fallback remote query for dev, got %q", remote)
+		}
+		return []string{"refs/remotes/dev/main"}, nil
+	}
+
+	cmd := &cobra.Command{}
+	rows, err := collectRows(cmd, "", "", nil, false)
+	if err != nil {
+		t.Fatalf("collectRows returned error: %v", err)
+	}
+	if len(rows) != 1 || rows[0].Path != "data/file2.bam" {
+		t.Fatalf("unexpected rows: %+v", rows)
+	}
+	if callCount != 2 {
+		t.Fatalf("expected 2 inventory calls, got %d", callCount)
+	}
+}
+
 func TestValidateOutputFlags(t *testing.T) {
 	resetFlagsForTest()
 
diff --git a/cmd/pull/main.go b/cmd/pull/main.go
index 75e1d75d..2019515c 100644
--- a/cmd/pull/main.go
+++ b/cmd/pull/main.go
@@ -3,9 +3,11 @@ package pull
 import (
 	"context"
 	"fmt"
+	"io"
 	"log/slog"
 	"net/url"
 	"os"
+	"path/filepath"
 	"sort"
 	"strings"
 
@@ -16,6 +18,7 @@ import (
 	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/calypr/git-drs/internal/pathspec"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	sycommon "github.com/calypr/syfon/client/common"
 	"github.com/spf13/cobra"
 )
 
@@ -77,6 +80,10 @@ var Cmd = &cobra.Command{
 			return nil
 		}
 
+		progress := newPullProgressRenderer(os.Stderr)
+		progress.OnPlan(pointers)
+		defer progress.Finish()
+
 		if dryRun {
 			for _, f := range pointers {
 				if _, err := fmt.Fprintln(cmd.OutOrStdout(), f.Name); err != nil {
@@ -144,17 +151,19 @@ var Cmd = &cobra.Command{
 				} else if !os.IsNotExist(err) {
 					return fmt.Errorf("failed to stat cache path %s: %w", dstPath, err)
 				}
+				progress.OnDownloadStart(f)
+				downloadCtx := progressContextForPointer(ctx, progress, f)
 				if obj, ok := prefetched[f.Oid]; ok {
 					if accessURL, ok := prefetchedAccess[obj.Id]; ok {
 						objCopy := obj
-						if err := drsremote.DownloadResolvedToCachePath(ctx, drsCtx, f.Oid, dstPath, &objCopy, &accessURL); err != nil {
+						if err := drsremote.DownloadResolvedToCachePath(downloadCtx, drsCtx, f.Oid, dstPath, &objCopy, &accessURL); err != nil {
 							debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
 							return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
 						}
 						continue
 					}
 				}
-				if err := drsremote.DownloadToCachePath(ctx, drsCtx, logg, f.Oid, dstPath); err != nil {
+				if err := drsremote.DownloadToCachePath(downloadCtx, drsCtx, logg, f.Oid, dstPath); err != nil {
 					debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
 					return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
 				}
@@ -163,7 +172,7 @@ var Cmd = &cobra.Command{
 			logg.Debug("no missing pointer objects to download")
 		}
 
-		if err := checkoutDownloadedFiles(pointers); err != nil {
+		if err := checkoutDownloadedFiles(pointers, progress); err != nil {
 			return err
 		}
 
@@ -195,7 +204,18 @@ func collectPointerFiles(inventory map[string]lfs.LfsFileInfo, patterns []string
 	return files
 }
 
-func checkoutDownloadedFiles(files []pointerFile) error {
+func progressContextForPointer(ctx context.Context, progress *pullProgressRenderer, file pointerFile) context.Context {
+	ctx = sycommon.WithOid(ctx, file.Name)
+	return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error {
+		if ev.Event != "progress" {
+			return nil
+		}
+		progress.OnDownloadProgress(file.Name, ev.BytesSoFar, file.Size)
+		return nil
+	})
+}
+
+func checkoutDownloadedFiles(files []pointerFile, progress *pullProgressRenderer) error {
 	for _, f := range files {
 		if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" {
 			continue
@@ -204,13 +224,35 @@ func checkoutDownloadedFiles(files []pointerFile) error {
 		if err != nil {
 			return fmt.Errorf("failed to resolve cached object for %s: %w", f.Oid, err)
 		}
-		payload, err := os.ReadFile(srcPath)
+		src, err := os.Open(srcPath)
 		if err != nil {
 			return fmt.Errorf("failed to read cached object %s: %w", srcPath, err)
 		}
-		if err := os.WriteFile(f.Name, payload, 0o644); err != nil {
+		progress.OnCheckoutStart(f)
+		if dir := filepath.Dir(f.Name); dir != "." {
+			if err := os.MkdirAll(dir, 0o755); err != nil {
+				src.Close()
+				return fmt.Errorf("failed to create directory for %s: %w", f.Name, err)
+			}
+		}
+		dst, err := os.OpenFile(f.Name, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
+		if err != nil {
+			src.Close()
+			return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
+		}
+		if _, err := io.Copy(dst, src); err != nil {
+			dst.Close()
+			src.Close()
 			return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
 		}
+		if err := dst.Close(); err != nil {
+			src.Close()
+			return fmt.Errorf("failed to finalize checkout for %s: %w", f.Name, err)
+		}
+		if err := src.Close(); err != nil {
+			return fmt.Errorf("failed to close cached object %s: %w", srcPath, err)
+		}
+		progress.OnCompleted(f)
 	}
 	return nil
 }
diff --git a/cmd/pull/progress.go b/cmd/pull/progress.go
new file mode 100644
index 00000000..f1a6d345
--- /dev/null
+++ b/cmd/pull/progress.go
@@ -0,0 +1,185 @@
+package pull
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/calypr/git-drs/internal/progressui"
+)
+
+const pullNonTTYProgressInterval = progressui.NonTTYProgressInterval
+
+type pullProgressPhase string
+
+const (
+	pullProgressPending     pullProgressPhase = "pending"
+	pullProgressDownloading pullProgressPhase = "downloading"
+	pullProgressCheckingOut pullProgressPhase = "checking_out"
+	pullProgressCompleted   pullProgressPhase = "completed"
+)
+
+type pullFileProgress struct {
+	path    string
+	total   int64
+	current int64
+	phase   pullProgressPhase
+}
+
+type pullProgressRenderer struct {
+	base      *progressui.Renderer
+	planned   bool
+	files     map[string]*pullFileProgress
+	fileOrder []string
+}
+
+func newPullProgressRenderer(out io.Writer) *pullProgressRenderer {
+	return &pullProgressRenderer{
+		base:  progressui.NewRenderer(out),
+		files: make(map[string]*pullFileProgress),
+	}
+}
+
+func isPullWriterTTY(w io.Writer) bool {
+	return progressui.IsWriterTTY(w)
+}
+
+func (r *pullProgressRenderer) render(force bool) {
+	lines := make([]string, 0, len(r.fileOrder))
+	for _, id := range r.fileOrder {
+		item := r.files[id]
+		if item == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(item))
+	}
+	r.base.Render(force, lines)
+}
+
+func (r *pullProgressRenderer) OnPlan(files []pointerFile) {
+	r.planned = len(files) > 0
+	r.files = make(map[string]*pullFileProgress, len(files))
+	r.fileOrder = r.fileOrder[:0]
+	for _, file := range files {
+		r.files[file.Name] = &pullFileProgress{
+			path:  file.Name,
+			total: file.Size,
+			phase: pullProgressPending,
+		}
+		r.fileOrder = append(r.fileOrder, file.Name)
+	}
+	if r.planned {
+		r.render(true)
+	}
+}
+
+func (r *pullProgressRenderer) OnDownloadStart(file pointerFile) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[file.Name]
+	if !ok {
+		return
+	}
+	item.path = file.Name
+	if file.Size > 0 {
+		item.total = file.Size
+	}
+	item.phase = pullProgressDownloading
+	r.render(false)
+}
+
+func (r *pullProgressRenderer) OnDownloadProgress(id string, bytesSoFar int64, total int64) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[id]
+	if !ok {
+		return
+	}
+	if total > 0 {
+		item.total = total
+	}
+	if bytesSoFar > item.current {
+		item.current = bytesSoFar
+	}
+	item.phase = pullProgressDownloading
+	r.render(false)
+}
+
+func (r *pullProgressRenderer) OnCheckoutStart(file pointerFile) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[file.Name]
+	if !ok {
+		return
+	}
+	item.phase = pullProgressCheckingOut
+	if item.total == 0 && file.Size > 0 {
+		item.total = file.Size
+	}
+	r.render(false)
+}
+
+func (r *pullProgressRenderer) OnCompleted(file pointerFile) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[file.Name]
+	if !ok {
+		return
+	}
+	if item.total == 0 && file.Size > 0 {
+		item.total = file.Size
+	}
+	if item.total > 0 {
+		item.current = item.total
+	}
+	item.phase = pullProgressCompleted
+	r.render(false)
+}
+
+func (r *pullProgressRenderer) Finish() {
+	if !r.planned {
+		return
+	}
+	lines := make([]string, 0, len(r.fileOrder))
+	for _, id := range r.fileOrder {
+		item := r.files[id]
+		if item == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(item))
+	}
+	r.base.Finish(lines)
+	r.planned = false
+}
+
+func (r *pullProgressRenderer) renderLine(file *pullFileProgress) string {
+	label := "preparing pull"
+	if file != nil && file.path != "" {
+		label = progressui.TrimLabel(file.path, 48)
+	}
+
+	prefix := ""
+	if file != nil {
+		switch file.phase {
+		case pullProgressDownloading, pullProgressCheckingOut:
+			if !(file.total > 0 && file.current >= file.total) {
+				prefix = r.base.Spinner() + " "
+			}
+		}
+	}
+
+	current := int64(0)
+	total := int64(0)
+	if file != nil {
+		current = file.current
+		total = file.total
+	}
+	bar := progressui.RenderProgressBar(current, total, 24)
+	pct := progressui.RenderPercent(current, total)
+	bytesLabel := progressui.RenderByteProgress(current, total, current >= total)
+
+	return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)
+}
diff --git a/cmd/pull/progress_test.go b/cmd/pull/progress_test.go
new file mode 100644
index 00000000..77682c71
--- /dev/null
+++ b/cmd/pull/progress_test.go
@@ -0,0 +1,85 @@
+package pull
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestPullProgressRendererTTY(t *testing.T) {
+	var out bytes.Buffer
+	r := newPullProgressRenderer(&out)
+	r.base.SetTTY(true)
+	r.base.SetClock(func() time.Time { return time.Unix(0, 0) })
+
+	files := []pointerFile{
+		{Name: "a.bin", Oid: "oid-1", Size: 100},
+		{Name: "b.bin", Oid: "oid-2", Size: 100},
+	}
+	r.OnPlan(files)
+	r.OnDownloadStart(files[0])
+	r.OnDownloadProgress("a.bin", 50, 100)
+	r.OnCheckoutStart(files[0])
+	r.OnCompleted(files[0])
+	r.OnCompleted(files[1])
+
+	got := out.String()
+	if !strings.Contains(got, "a.bin [============") {
+		t.Fatalf("expected progress bar output for a.bin, got %q", got)
+	}
+	if !strings.Contains(got, "100.0% 100 B/100 B") {
+		t.Fatalf("expected completed byte summary, got %q", got)
+	}
+}
+
+func TestPullProgressRendererNonTTYThrottles(t *testing.T) {
+	var out bytes.Buffer
+	now := time.Unix(0, 0)
+	r := newPullProgressRenderer(&out)
+	r.base.SetTTY(false)
+	r.base.SetClock(func() time.Time { return now })
+
+	file := pointerFile{Name: "a.bin", Oid: "oid-1", Size: 100}
+	r.OnPlan([]pointerFile{file})
+	initial := out.String()
+	if !strings.Contains(initial, "a.bin") {
+		t.Fatalf("expected initial non-tty progress line, got %q", initial)
+	}
+
+	r.OnDownloadStart(file)
+	r.OnDownloadProgress("a.bin", 10, 100)
+	if got := out.String(); got != initial {
+		t.Fatalf("expected throttled output before interval, got %q", got)
+	}
+
+	now = now.Add(pullNonTTYProgressInterval)
+	r.OnCompleted(file)
+	got := out.String()
+	if !strings.Contains(got, "100.0% 100 B/100 B") {
+		t.Fatalf("expected rendered completion after interval, got %q", got)
+	}
+}
+
+func TestPullProgressRendererNoSpinnerAtFullDownloadedBytes(t *testing.T) {
+	var out bytes.Buffer
+	r := newPullProgressRenderer(&out)
+	r.base.SetTTY(true)
+	r.base.SetClock(func() time.Time { return time.Unix(0, 0) })
+
+	file := pointerFile{Name: "a.bin", Oid: "oid-1", Size: 100}
+	r.OnPlan([]pointerFile{file})
+	r.OnDownloadStart(file)
+	r.OnDownloadProgress("a.bin", 100, 100)
+
+	got := out.String()
+	if strings.Contains(got, "/ a.bin [========================] 100.0% 100 B/100 B") ||
+		strings.Contains(got, "| a.bin [========================] 100.0% 100 B/100 B") ||
+		strings.Contains(got, "- a.bin [========================] 100.0% 100 B/100 B") ||
+		strings.Contains(got, "\\ a.bin [========================] 100.0% 100 B/100 B") {
+		t.Fatalf("expected no spinner prefix on fully downloaded file, got %q", got)
+	}
+	if !strings.Contains(got, "a.bin [========================] 100.0% 100 B/100 B") {
+		t.Fatalf("expected completed byte line without spinner, got %q", got)
+	}
+}
diff --git a/cmd/push/main.go b/cmd/push/main.go
index 2e04d189..e9877f3b 100644
--- a/cmd/push/main.go
+++ b/cmd/push/main.go
@@ -16,6 +16,7 @@ import (
 )
 
 var pushWithHooks bool
+var pushForceUpload bool
 
 var runCommand = func(name string, args ...string) ([]byte, error) {
 	cmd := exec.Command(name, args...)
@@ -59,6 +60,7 @@ var Cmd = &cobra.Command{
 			myLogger.Debug(fmt.Sprintf("Error creating DRS client: %s", err))
 			return err
 		}
+		drsClient.ForceUpload = pushForceUpload
 		lfsFiles, err := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, myLogger)
 		if err != nil {
 			return fmt.Errorf("failed to discover LFS files to push: %w", err)
@@ -78,6 +80,12 @@ var Cmd = &cobra.Command{
 			return fmt.Errorf("failed batch register/upload workflow: %w", err)
 		}
 		progress.Finish()
+		switch {
+		case len(lfsFiles) == 0:
+			fmt.Fprintln(os.Stdout, "No git-drs tracked files found; pushing Git refs only.")
+		case !progress.HadUploads():
+			fmt.Fprintln(os.Stdout, "No DRS payload uploads needed; all tracked objects are already available remotely.")
+		}
 
 		pushArgs := []string{"push"}
 		if !pushWithHooks {
@@ -98,6 +106,7 @@ var Cmd = &cobra.Command{
 
 func init() {
 	Cmd.Flags().BoolVar(&pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
+	Cmd.Flags().BoolVar(&pushForceUpload, "force-upload", false, "Upload payload bytes even when a matching downloadable object already exists remotely")
 }
 
 func currentDeleteRefUpdates(ctx context.Context) ([]drsdelete.RefUpdate, error) {
diff --git a/cmd/push/progress.go b/cmd/push/progress.go
index 2c6dd6fe..a22156ec 100644
--- a/cmd/push/progress.go
+++ b/cmd/push/progress.go
@@ -3,73 +3,62 @@ package push
 import (
 	"fmt"
 	"io"
-	"strings"
 	"sync"
-	"time"
 
+	"github.com/calypr/git-drs/internal/progressui"
 	"github.com/calypr/git-drs/internal/pushsync"
-	"github.com/mattn/go-isatty"
 )
 
-const nonTTYProgressInterval = 2 * time.Second
-
 type uploadFileProgress struct {
 	path      string
 	total     int64
-	uploaded  int64
+	current   int64
+	started   bool
 	completed bool
 }
 
 type uploadProgressRenderer struct {
-	out          io.Writer
-	isTTY        bool
-	now          func() time.Time
-	lastRender   time.Time
-	mu           sync.Mutex
-	planned      bool
-	plan         pushsync.UploadPlanSummary
-	files        map[string]*uploadFileProgress
-	totalBytes   int64
-	doneBytes    int64
-	doneFiles    int
-	currentLabel string
+	mu        sync.Mutex
+	base      *progressui.Renderer
+	planned   bool
+	plan      pushsync.UploadPlanSummary
+	files     map[string]*uploadFileProgress
+	fileOrder []string
 }
 
 func newUploadProgressRenderer(out io.Writer) *uploadProgressRenderer {
 	return &uploadProgressRenderer{
-		out:   out,
-		isTTY: isWriterTTY(out),
-		now:   time.Now,
+		base:  progressui.NewRenderer(out),
 		files: make(map[string]*uploadFileProgress),
 	}
 }
 
-func isWriterTTY(w io.Writer) bool {
-	type fdWriter interface{ Fd() uintptr }
-	f, ok := w.(fdWriter)
-	if !ok {
-		return false
+func (r *uploadProgressRenderer) renderLocked(force bool) {
+	lines := make([]string, 0, len(r.fileOrder))
+	for idx, oid := range r.fileOrder {
+		file := r.files[oid]
+		if file == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))
 	}
-	fd := f.Fd()
-	return isatty.IsTerminal(fd) || isatty.IsCygwinTerminal(fd)
+	r.base.Render(force, lines)
 }
 
 func (r *uploadProgressRenderer) OnUploadPlan(plan pushsync.UploadPlanSummary) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
+
 	r.plan = plan
 	r.planned = plan.TotalFiles > 0
-	r.totalBytes = 0
-	r.doneBytes = 0
-	r.doneFiles = 0
-	r.currentLabel = ""
 	r.files = make(map[string]*uploadFileProgress, len(plan.Files))
+	r.fileOrder = r.fileOrder[:0]
 	for _, file := range plan.Files {
 		r.files[file.OID] = &uploadFileProgress{
 			path:  file.Path,
 			total: file.Bytes,
 		}
-		r.totalBytes += file.Bytes
+		r.fileOrder = append(r.fileOrder, file.OID)
 	}
 	if r.planned {
 		r.renderLocked(true)
@@ -79,6 +68,7 @@ func (r *uploadProgressRenderer) OnUploadPlan(plan pushsync.UploadPlanSummary) {
 func (r *uploadProgressRenderer) OnUploadProgress(ev pushsync.UploadProgressEvent) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
+
 	if !r.planned {
 		return
 	}
@@ -92,24 +82,17 @@ func (r *uploadProgressRenderer) OnUploadProgress(ev pushsync.UploadProgressEven
 	if ev.TotalBytes > 0 {
 		file.total = ev.TotalBytes
 	}
-	if file.total > 0 && ev.BytesSoFar > file.total {
-		ev.BytesSoFar = file.total
+	if ev.BytesSoFar > file.current {
+		file.current = ev.BytesSoFar
 	}
-	if ev.BytesSoFar > file.uploaded {
-		r.doneBytes += ev.BytesSoFar - file.uploaded
-		file.uploaded = ev.BytesSoFar
-	}
-	if ev.Path != "" {
-		r.currentLabel = ev.Path
-	} else if file.path != "" {
-		r.currentLabel = file.path
+	if ev.Phase == pushsync.UploadProgressUploading {
+		file.started = true
 	}
 	if ev.Phase == pushsync.UploadProgressCompleted && !file.completed {
+		file.started = true
 		file.completed = true
-		r.doneFiles++
-		if file.total > 0 && file.uploaded < file.total {
-			r.doneBytes += file.total - file.uploaded
-			file.uploaded = file.total
+		if file.total > 0 {
+			file.current = file.total
 		}
 	}
 	r.renderLocked(false)
@@ -118,72 +101,55 @@ func (r *uploadProgressRenderer) OnUploadProgress(ev pushsync.UploadProgressEven
 func (r *uploadProgressRenderer) Finish() {
 	r.mu.Lock()
 	defer r.mu.Unlock()
+
 	if !r.planned {
 		return
 	}
-	r.renderLocked(true)
-	if r.isTTY {
-		_, _ = fmt.Fprintln(r.out)
+	lines := make([]string, 0, len(r.fileOrder))
+	for idx, oid := range r.fileOrder {
+		file := r.files[oid]
+		if file == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))
 	}
+	r.base.Finish(lines)
 	r.planned = false
 }
 
-func (r *uploadProgressRenderer) renderLocked(force bool) {
-	now := r.now()
-	if !force && !r.isTTY && !r.lastRender.IsZero() && now.Sub(r.lastRender) < nonTTYProgressInterval {
-		return
-	}
-	r.lastRender = now
-	totalBytes := r.totalBytes
-	doneBytes := r.doneBytes
-	doneFiles := r.doneFiles
-	totalFiles := r.plan.TotalFiles
-	percent := 0.0
-	if totalBytes > 0 {
-		percent = (float64(doneBytes) / float64(totalBytes)) * 100
-	}
-	current := r.currentLabel
-	if current == "" {
-		current = "preparing uploads"
-	}
-
-	if r.isTTY {
-		barWidth := 28
-		filled := 0
-		if totalBytes > 0 {
-			filled = int((float64(doneBytes) / float64(totalBytes)) * float64(barWidth))
-		}
-		if filled > barWidth {
-			filled = barWidth
-		}
-		bar := strings.Repeat("=", filled) + strings.Repeat(" ", barWidth-filled)
-		line := fmt.Sprintf("\rUploading %d/%d files [%s] %5.1f%% %s/%s current: %s",
-			doneFiles, totalFiles, bar, percent, humanBytes(doneBytes), humanBytes(totalBytes), trimProgressLabel(current, 48))
-		_, _ = fmt.Fprint(r.out, line)
-		return
-	}
-
-	line := fmt.Sprintf("Uploading %d/%d files (%.1f%%) %s/%s current=%s\n",
-		doneFiles, totalFiles, percent, humanBytes(doneBytes), humanBytes(totalBytes), current)
-	_, _ = fmt.Fprint(r.out, line)
+func (r *uploadProgressRenderer) HadUploads() bool {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	return r != nil && r.planned
 }
 
-func trimProgressLabel(s string, max int) string {
-	if max <= 3 || len(s) <= max {
-		return s
+func (r *uploadProgressRenderer) renderLine(idx int, total int, file *uploadFileProgress) string {
+	label := "preparing upload"
+	if file != nil && file.path != "" {
+		label = progressui.TrimLabel(file.path, 48)
+	}
+	prefix := ""
+	if file != nil {
+		switch {
+		case file.started && !file.completed:
+			prefix = r.base.Spinner() + " "
+		}
 	}
-	return "..." + s[len(s)-(max-3):]
-}
 
-func humanBytes(n int64) string {
-	const unit = 1024
-	if n < unit {
-		return fmt.Sprintf("%d B", n)
-	}
-	div, exp := int64(unit), 0
-	for v := n / unit; v >= unit; v /= unit {
-		div *= unit
-		exp++
-	}
-	return fmt.Sprintf("%.1f %ciB", float64(n)/float64(div), "KMGTPE"[exp])
+	current := int64(0)
+	totalBytes := int64(0)
+	completed := false
+	if file != nil {
+		current = file.current
+		totalBytes = file.total
+		completed = file.completed
+	}
+	displayCurrent := progressui.VisibleProgressBytes(current, totalBytes, completed)
+	bar := progressui.RenderProgressBar(displayCurrent, totalBytes, 24)
+	pct := progressui.RenderPercentCapped(displayCurrent, totalBytes, completed)
+	bytesLabel := progressui.RenderByteProgress(displayCurrent, totalBytes, completed)
+
+	_ = idx
+	_ = total
+	return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)
 }
diff --git a/cmd/push/progress_test.go b/cmd/push/progress_test.go
index a740822c..b9c66cb6 100644
--- a/cmd/push/progress_test.go
+++ b/cmd/push/progress_test.go
@@ -3,6 +3,7 @@ package push
 import (
 	"bytes"
 	"strings"
+	"sync"
 	"testing"
 	"time"
 
@@ -12,7 +13,7 @@ import (
 func TestUploadProgressRendererTTY(t *testing.T) {
 	var out bytes.Buffer
 	r := newUploadProgressRenderer(&out)
-	r.isTTY = true
+	r.base.SetTTY(true)
 
 	r.OnUploadPlan(pushsync.UploadPlanSummary{
 		Files: []pushsync.UploadPlanFile{
@@ -22,17 +23,25 @@ func TestUploadProgressRendererTTY(t *testing.T) {
 		TotalFiles: 2,
 		TotalBytes: 200,
 	})
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 0, TotalBytes: 100, Phase: pushsync.UploadProgressUploading})
 	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 50, BytesSinceLast: 50, TotalBytes: 100, Phase: pushsync.UploadProgressUploading})
 	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted})
+	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-2", Path: "b.bin", BytesSoFar: 0, TotalBytes: 100, Phase: pushsync.UploadProgressUploading})
 	r.OnUploadProgress(pushsync.UploadProgressEvent{OID: "oid-2", Path: "b.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted})
 	r.Finish()
 
 	got := out.String()
-	if !strings.Contains(got, "Uploading 2/2 files") {
-		t.Fatalf("expected final tty summary, got %q", got)
+	if !strings.Contains(got, "a.bin [============            ]  50.0% 50 B/100 B") {
+		t.Fatalf("expected first file uploading line, got %q", got)
 	}
-	if !strings.Contains(got, "100.0%") {
-		t.Fatalf("expected 100%% completion, got %q", got)
+	if !strings.Contains(got, "b.bin [                        ]   0.0% 0 B/100 B") {
+		t.Fatalf("expected second file pending line, got %q", got)
+	}
+	if !strings.Contains(got, "b.bin [========================] 100.0% 100 B/100 B") {
+		t.Fatalf("expected completed second file line, got %q", got)
+	}
+	if strings.Contains(got, "(uploading)") || strings.Contains(got, "(pending)") || strings.Contains(got, "(complete)") {
+		t.Fatalf("did not expect parenthesized state text, got %q", got)
 	}
 	if !strings.HasSuffix(got, "\n") {
 		t.Fatalf("expected trailing newline, got %q", got)
@@ -42,9 +51,9 @@ func TestUploadProgressRendererTTY(t *testing.T) {
 func TestUploadProgressRendererNonTTYThrottles(t *testing.T) {
 	var out bytes.Buffer
 	r := newUploadProgressRenderer(&out)
-	r.isTTY = false
+	r.base.SetTTY(false)
 	now := time.Unix(0, 0)
-	r.now = func() time.Time { return now }
+	r.base.SetClock(func() time.Time { return now })
 
 	r.OnUploadPlan(pushsync.UploadPlanSummary{
 		Files:      []pushsync.UploadPlanFile{{OID: "oid-1", Path: "a.bin", Bytes: 100}},
@@ -67,7 +76,102 @@ func TestUploadProgressRendererNonTTYThrottles(t *testing.T) {
 	if strings.Count(got, "\n") < 2 {
 		t.Fatalf("expected throttled summary updates, got %q", got)
 	}
-	if !strings.Contains(got, "Uploading 1/1 files") {
+	if !strings.Contains(got, "a.bin [========================] 100.0% 100 B/100 B") {
 		t.Fatalf("expected non-tty progress summary, got %q", got)
 	}
+	if strings.Contains(got, "1/1") || strings.Contains(got, "[*]") {
+		t.Fatalf("did not expect positional or completion prefix clutter, got %q", got)
+	}
+}
+
+func TestUploadProgressRendererDoesNotShowFullCompletionBeforeCompleteEvent(t *testing.T) {
+	var out bytes.Buffer
+	r := newUploadProgressRenderer(&out)
+	r.base.SetTTY(true)
+
+	total := int64(500 * 1024 * 1024)
+	r.OnUploadPlan(pushsync.UploadPlanSummary{
+		Files:      []pushsync.UploadPlanFile{{OID: "oid-1", Path: "large.bin", Bytes: total}},
+		TotalFiles: 1,
+		TotalBytes: total,
+	})
+	r.OnUploadProgress(pushsync.UploadProgressEvent{
+		OID:        "oid-1",
+		Path:       "large.bin",
+		BytesSoFar: total,
+		TotalBytes: total,
+		Phase:      pushsync.UploadProgressUploading,
+	})
+
+	got := out.String()
+	if !strings.Contains(got, "99.9%") {
+		t.Fatalf("expected in-flight upload to stay below 100%%, got %q", got)
+	}
+	if !strings.Contains(got, "<500.0 MiB/500.0 MiB") {
+		t.Fatalf("expected in-flight byte label to avoid full equality, got %q", got)
+	}
+	if strings.Contains(got, "100.0%") {
+		t.Fatalf("did not expect in-flight upload to render as 100%%, got %q", got)
+	}
+}
+
+func TestUploadProgressRendererHadUploads(t *testing.T) {
+	var out bytes.Buffer
+	r := newUploadProgressRenderer(&out)
+	if r.HadUploads() {
+		t.Fatal("expected fresh renderer to report no uploads")
+	}
+
+	r.OnUploadPlan(pushsync.UploadPlanSummary{
+		Files:      []pushsync.UploadPlanFile{{OID: "oid-1", Path: "a.bin", Bytes: 1}},
+		TotalFiles: 1,
+		TotalBytes: 1,
+	})
+	if !r.HadUploads() {
+		t.Fatal("expected renderer to report uploads after a non-empty plan")
+	}
+
+	r.Finish()
+	if r.HadUploads() {
+		t.Fatal("expected renderer to reset after finish")
+	}
+}
+
+func TestUploadProgressRendererConcurrentProgress(t *testing.T) {
+	var out bytes.Buffer
+	r := newUploadProgressRenderer(&out)
+	r.base.SetTTY(false)
+
+	r.OnUploadPlan(pushsync.UploadPlanSummary{
+		Files: []pushsync.UploadPlanFile{
+			{OID: "oid-1", Path: "a.bin", Bytes: 100},
+			{OID: "oid-2", Path: "b.bin", Bytes: 100},
+		},
+		TotalFiles: 2,
+		TotalBytes: 200,
+	})
+
+	events := []pushsync.UploadProgressEvent{
+		{OID: "oid-1", Path: "a.bin", BytesSoFar: 10, BytesSinceLast: 10, TotalBytes: 100, Phase: pushsync.UploadProgressUploading},
+		{OID: "oid-2", Path: "b.bin", BytesSoFar: 20, BytesSinceLast: 20, TotalBytes: 100, Phase: pushsync.UploadProgressUploading},
+		{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted},
+		{OID: "oid-2", Path: "b.bin", BytesSoFar: 100, TotalBytes: 100, Phase: pushsync.UploadProgressCompleted},
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(len(events))
+	for _, ev := range events {
+		ev := ev
+		go func() {
+			defer wg.Done()
+			r.OnUploadProgress(ev)
+		}()
+	}
+	wg.Wait()
+	r.Finish()
+
+	got := out.String()
+	if !strings.Contains(got, "a.bin") || !strings.Contains(got, "b.bin") {
+		t.Fatalf("expected both files in concurrent progress output, got %q", got)
+	}
 }
diff --git a/cmd/remote/add/local_test.go b/cmd/remote/add/local_test.go
index 67ba39e1..1f5c42a8 100644
--- a/cmd/remote/add/local_test.go
+++ b/cmd/remote/add/local_test.go
@@ -76,6 +76,20 @@ func TestLocalRemoteAddEnsuresInitialization(t *testing.T) {
 	if filterProcess != "git-drs filter" {
 		t.Fatalf("unexpected filter.drs.process: %q", filterProcess)
 	}
+	filterClean, err := gitrepo.GetGitConfigString("filter.drs.clean")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.clean): %v", err)
+	}
+	if filterClean != "git-drs clean -- %f" {
+		t.Fatalf("unexpected filter.drs.clean: %q", filterClean)
+	}
+	filterSmudge, err := gitrepo.GetGitConfigString("filter.drs.smudge")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.smudge): %v", err)
+	}
+	if filterSmudge != "git-drs smudge -- %f" {
+		t.Fatalf("unexpected filter.drs.smudge: %q", filterSmudge)
+	}
 
 	preCommit, err := os.ReadFile(filepath.Join(".git", "hooks", "pre-commit"))
 	if err != nil {
diff --git a/coverage/combined.html b/coverage/combined.html
index f00491d3..bcd8b776 100644
--- a/coverage/combined.html
+++ b/coverage/combined.html
@@ -61,109 +61,135 @@
 				
 				<option value="file2">github.com/calypr/git-drs/cmd/addurl/io.go (60.6%)</option>
 				
-				<option value="file3">github.com/calypr/git-drs/cmd/addurl/main.go (50.0%)</option>
+				<option value="file3">github.com/calypr/git-drs/cmd/addurl/main.go (55.6%)</option>
 				
-				<option value="file4">github.com/calypr/git-drs/cmd/addurl/params.go (78.9%)</option>
+				<option value="file4">github.com/calypr/git-drs/cmd/addurl/params.go (79.6%)</option>
 				
 				<option value="file5">github.com/calypr/git-drs/cmd/addurl/scope.go (75.0%)</option>
 				
-				<option value="file6">github.com/calypr/git-drs/cmd/addurl/service.go (68.9%)</option>
+				<option value="file6">github.com/calypr/git-drs/cmd/addurl/service.go (70.2%)</option>
 				
 				<option value="file7">github.com/calypr/git-drs/cmd/bucket/main.go (19.3%)</option>
 				
-				<option value="file8">github.com/calypr/git-drs/cmd/credentialhelper/main.go (27.6%)</option>
+				<option value="file8">github.com/calypr/git-drs/cmd/copyrecords/main.go (43.3%)</option>
 				
-				<option value="file9">github.com/calypr/git-drs/cmd/delete/main.go (27.5%)</option>
+				<option value="file9">github.com/calypr/git-drs/cmd/credentialhelper/main.go (27.6%)</option>
 				
-				<option value="file10">github.com/calypr/git-drs/cmd/deleteproject/main.go (4.3%)</option>
+				<option value="file10">github.com/calypr/git-drs/cmd/delete/main.go (27.5%)</option>
 				
-				<option value="file11">github.com/calypr/git-drs/cmd/fetch/main.go (62.1%)</option>
+				<option value="file11">github.com/calypr/git-drs/cmd/initialize/main.go (72.2%)</option>
 				
-				<option value="file12">github.com/calypr/git-drs/cmd/initialize/main.go (58.7%)</option>
+				<option value="file12">github.com/calypr/git-drs/cmd/install/main.go (47.4%)</option>
 				
-				<option value="file13">github.com/calypr/git-drs/cmd/install/main.go (47.4%)</option>
+				<option value="file13">github.com/calypr/git-drs/cmd/lsfiles/main.go (56.5%)</option>
 				
-				<option value="file14">github.com/calypr/git-drs/cmd/precommit/main.go (32.6%)</option>
+				<option value="file14">github.com/calypr/git-drs/cmd/ping/main.go (75.4%)</option>
 				
-				<option value="file15">github.com/calypr/git-drs/cmd/prepush/main.go (44.1%)</option>
+				<option value="file15">github.com/calypr/git-drs/cmd/precommit/main.go (48.3%)</option>
 				
-				<option value="file16">github.com/calypr/git-drs/cmd/pull/main.go (9.7%)</option>
+				<option value="file16">github.com/calypr/git-drs/cmd/prepush/io_helpers.go (50.0%)</option>
 				
-				<option value="file17">github.com/calypr/git-drs/cmd/push/main.go (35.0%)</option>
+				<option value="file17">github.com/calypr/git-drs/cmd/prepush/main.go (44.2%)</option>
 				
-				<option value="file18">github.com/calypr/git-drs/cmd/query/main.go (22.5%)</option>
+				<option value="file18">github.com/calypr/git-drs/cmd/prepush/pushed_refs.go (76.7%)</option>
 				
-				<option value="file19">github.com/calypr/git-drs/cmd/remote/add/gen3.go (0.0%)</option>
+				<option value="file19">github.com/calypr/git-drs/cmd/pull/main.go (20.1%)</option>
 				
-				<option value="file20">github.com/calypr/git-drs/cmd/remote/add/init.go (100.0%)</option>
+				<option value="file20">github.com/calypr/git-drs/cmd/pull/progress.go (83.5%)</option>
 				
-				<option value="file21">github.com/calypr/git-drs/cmd/remote/add/local.go (0.0%)</option>
+				<option value="file21">github.com/calypr/git-drs/cmd/push/main.go (32.3%)</option>
 				
-				<option value="file22">github.com/calypr/git-drs/cmd/remote/list.go (78.6%)</option>
+				<option value="file22">github.com/calypr/git-drs/cmd/push/progress.go (92.6%)</option>
 				
-				<option value="file23">github.com/calypr/git-drs/cmd/remote/root.go (100.0%)</option>
+				<option value="file23">github.com/calypr/git-drs/cmd/query/main.go (22.5%)</option>
 				
-				<option value="file24">github.com/calypr/git-drs/cmd/remote/set.go (20.0%)</option>
+				<option value="file24">github.com/calypr/git-drs/cmd/remote/add/gen3.go (34.1%)</option>
 				
-				<option value="file25">github.com/calypr/git-drs/cmd/smudge/main.go (65.0%)</option>
+				<option value="file25">github.com/calypr/git-drs/cmd/remote/add/init.go (100.0%)</option>
 				
-				<option value="file26">github.com/calypr/git-drs/cmd/track/main.go (81.8%)</option>
+				<option value="file26">github.com/calypr/git-drs/cmd/remote/add/local.go (63.9%)</option>
 				
-				<option value="file27">github.com/calypr/git-drs/cmd/untrack/main.go (78.9%)</option>
+				<option value="file27">github.com/calypr/git-drs/cmd/remote/list.go (72.2%)</option>
 				
-				<option value="file28">github.com/calypr/git-drs/cmd/version/main.go (57.9%)</option>
+				<option value="file28">github.com/calypr/git-drs/cmd/remote/remove.go (69.6%)</option>
 				
-				<option value="file29">github.com/calypr/git-drs/internal/cloud/inspect.go (46.8%)</option>
+				<option value="file29">github.com/calypr/git-drs/cmd/remote/root.go (100.0%)</option>
 				
-				<option value="file30">github.com/calypr/git-drs/internal/common/common.go (60.2%)</option>
+				<option value="file30">github.com/calypr/git-drs/cmd/remote/set.go (20.0%)</option>
 				
-				<option value="file31">github.com/calypr/git-drs/internal/common/confirmation.go (93.3%)</option>
+				<option value="file31">github.com/calypr/git-drs/cmd/rm/main.go (80.0%)</option>
 				
-				<option value="file32">github.com/calypr/git-drs/internal/common/jwt.go (96.0%)</option>
+				<option value="file32">github.com/calypr/git-drs/cmd/smudge/main.go (65.0%)</option>
 				
-				<option value="file33">github.com/calypr/git-drs/internal/config/config.go (65.1%)</option>
+				<option value="file33">github.com/calypr/git-drs/cmd/track/main.go (81.8%)</option>
 				
-				<option value="file34">github.com/calypr/git-drs/internal/config/remote.go (41.8%)</option>
+				<option value="file34">github.com/calypr/git-drs/cmd/untrack/main.go (78.9%)</option>
 				
-				<option value="file35">github.com/calypr/git-drs/internal/drslog/logger.go (74.3%)</option>
+				<option value="file35">github.com/calypr/git-drs/cmd/version/main.go (57.9%)</option>
 				
-				<option value="file36">github.com/calypr/git-drs/internal/drslookup/lookup.go (28.9%)</option>
+				<option value="file36">github.com/calypr/git-drs/internal/common/common.go (56.0%)</option>
 				
-				<option value="file37">github.com/calypr/git-drs/internal/drsmap/drs_map.go (13.5%)</option>
+				<option value="file37">github.com/calypr/git-drs/internal/common/confirmation.go (93.3%)</option>
 				
-				<option value="file38">github.com/calypr/git-drs/internal/gitrepo/bucket_map.go (84.9%)</option>
+				<option value="file38">github.com/calypr/git-drs/internal/common/jwt.go (96.0%)</option>
 				
-				<option value="file39">github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go (71.4%)</option>
+				<option value="file39">github.com/calypr/git-drs/internal/config/config.go (54.7%)</option>
 				
-				<option value="file40">github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go (23.1%)</option>
+				<option value="file40">github.com/calypr/git-drs/internal/config/remote.go (63.6%)</option>
 				
-				<option value="file41">github.com/calypr/git-drs/internal/gitrepo/repo.go (44.3%)</option>
+				<option value="file41">github.com/calypr/git-drs/internal/drsdelete/git_history.go (71.2%)</option>
 				
-				<option value="file42">github.com/calypr/git-drs/internal/lfs/clean.go (65.1%)</option>
+				<option value="file42">github.com/calypr/git-drs/internal/drsdelete/live_refs.go (81.8%)</option>
 				
-				<option value="file43">github.com/calypr/git-drs/internal/lfs/download.go (0.0%)</option>
+				<option value="file43">github.com/calypr/git-drs/internal/drsdelete/reconcile.go (66.0%)</option>
 				
-				<option value="file44">github.com/calypr/git-drs/internal/lfs/filter.go (63.1%)</option>
+				<option value="file44">github.com/calypr/git-drs/internal/drsfilter/clean.go (58.8%)</option>
 				
-				<option value="file45">github.com/calypr/git-drs/internal/lfs/gitattributes.go (83.9%)</option>
+				<option value="file45">github.com/calypr/git-drs/internal/drsfilter/smudge.go (81.1%)</option>
 				
-				<option value="file46">github.com/calypr/git-drs/internal/lfs/helpers.go (61.7%)</option>
+				<option value="file46">github.com/calypr/git-drs/internal/drslog/logger.go (74.3%)</option>
 				
-				<option value="file47">github.com/calypr/git-drs/internal/lfs/lfs.go (64.2%)</option>
+				<option value="file47">github.com/calypr/git-drs/internal/drsmap/drs_map.go (78.3%)</option>
 				
-				<option value="file48">github.com/calypr/git-drs/internal/lfs/lfs_tracked.go (40.7%)</option>
+				<option value="file48">github.com/calypr/git-drs/internal/drsobject/object.go (58.1%)</option>
 				
-				<option value="file49">github.com/calypr/git-drs/internal/lfs/sentinel.go (75.0%)</option>
+				<option value="file49">github.com/calypr/git-drs/internal/drsobject/store.go (72.0%)</option>
 				
-				<option value="file50">github.com/calypr/git-drs/internal/lfs/smudge.go (81.1%)</option>
+				<option value="file50">github.com/calypr/git-drs/internal/drsremote/bulk.go (80.0%)</option>
 				
-				<option value="file51">github.com/calypr/git-drs/internal/lfs/store.go (27.8%)</option>
+				<option value="file51">github.com/calypr/git-drs/internal/drsremote/remote.go (66.9%)</option>
 				
-				<option value="file52">github.com/calypr/git-drs/internal/lfs/util.go (80.0%)</option>
+				<option value="file52">github.com/calypr/git-drs/internal/drsremote/scope.go (90.0%)</option>
 				
-				<option value="file53">github.com/calypr/git-drs/internal/precommit_cache/helpers.go (70.9%)</option>
+				<option value="file53">github.com/calypr/git-drs/internal/drstrack/routes.go (84.1%)</option>
 				
-				<option value="file54">github.com/calypr/git-drs/internal/version/version.go (100.0%)</option>
+				<option value="file54">github.com/calypr/git-drs/internal/drstrack/tracking.go (64.2%)</option>
+				
+				<option value="file55">github.com/calypr/git-drs/internal/gitfilter/filter_process.go (63.1%)</option>
+				
+				<option value="file56">github.com/calypr/git-drs/internal/gitrepo/bucket_map.go (84.9%)</option>
+				
+				<option value="file57">github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go (68.6%)</option>
+				
+				<option value="file58">github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go (23.1%)</option>
+				
+				<option value="file59">github.com/calypr/git-drs/internal/gitrepo/repo.go (44.3%)</option>
+				
+				<option value="file60">github.com/calypr/git-drs/internal/lfs/inventory.go (66.7%)</option>
+				
+				<option value="file61">github.com/calypr/git-drs/internal/lfs/object_path.go (75.0%)</option>
+				
+				<option value="file62">github.com/calypr/git-drs/internal/lfs/repo_paths.go (64.8%)</option>
+				
+				<option value="file63">github.com/calypr/git-drs/internal/pathspec/match.go (63.6%)</option>
+				
+				<option value="file64">github.com/calypr/git-drs/internal/precommit_cache/helpers.go (36.3%)</option>
+				
+				<option value="file65">github.com/calypr/git-drs/internal/pushsync/batch_sync.go (58.1%)</option>
+				
+				<option value="file66">github.com/calypr/git-drs/internal/pushsync/register.go (57.3%)</option>
+				
+				<option value="file67">github.com/calypr/git-drs/internal/version/version.go (100.0%)</option>
 				
 				</select>
 			</div>
@@ -526,7 +552,7 @@
         "os"
         "path/filepath"
 
-        "github.com/calypr/git-drs/internal/cloud"
+        sycloud "github.com/calypr/syfon/client/cloud"
         "github.com/spf13/cobra"
 )
 
@@ -577,7 +603,7 @@
 
 // printResolvedInfo writes a human-readable summary of resolved Git/LFS and
 // cloud object information to the command's stdout for user confirmation.
-func printResolvedInfo(cmd *cobra.Command, gitCommonDir, lfsRoot string, objectInfo *cloud.ObjectInfo, pathArg string, isTracked bool, sha256 string) error <span class="cov1" title="1">{
+func printResolvedInfo(cmd *cobra.Command, gitCommonDir, lfsRoot string, objectInfo *sycloud.ObjectInfo, pathArg string, isTracked bool, sha256 string) error <span class="cov1" title="1">{
         if _, err := fmt.Fprintf(cmd.OutOrStdout(), `
 Resolved Git LFS Object Info
 ----------------------------
@@ -651,29 +677,34 @@
 
 // NewCommand constructs the Cobra command for the `add-url` subcommand,
 // wiring usage, argument validation and the RunE handler.
-func NewCommand() *cobra.Command <span class="cov10" title="4">{
+func NewCommand() *cobra.Command <span class="cov10" title="5">{
         cmd := &amp;cobra.Command{
-                Use:   "add-url &lt;cloud-url&gt; [path]",
-                Short: "Add a file to the Git DRS repo using a cloud object URL",
+                Use:   "add-url &lt;object-url-or-key&gt; [path]",
+                Short: "Add a file from a provider URL or configured bucket object key",
                 Args: func(cmd *cobra.Command, args []string) error </span><span class="cov0" title="0">{
                         if len(args) &lt; 1 || len(args) &gt; 2 </span><span class="cov0" title="0">{
-                                return errors.New("usage: add-url &lt;cloud-url&gt; [path]")
+                                return errors.New("usage: add-url &lt;object-url-or-key&gt; [path]")
                         }</span>
                         <span class="cov0" title="0">return nil</span>
                 },
                 RunE: runAddURL,
         }
-        <span class="cov10" title="4">addFlags(cmd)
+        <span class="cov10" title="5">addFlags(cmd)
         return cmd</span>
 }
 
 // addFlags registers optional expected SHA256 checksum.
-func addFlags(cmd *cobra.Command) <span class="cov10" title="4">{
+func addFlags(cmd *cobra.Command) <span class="cov10" title="5">{
         cmd.Flags().String(
                 "sha256",
                 "",
                 "Expected SHA256 checksum (optional)",
         )
+        cmd.Flags().String(
+                "scheme",
+                "",
+                "Storage scheme for object-key mode (for example: s3 or gs)",
+        )
 }</span>
 
 // runAddURL is the Cobra RunE wrapper that delegates execution to the service.
@@ -688,72 +719,132 @@
         "fmt"
         "net/url"
         "os"
+        "path"
         "strings"
 
-        "github.com/calypr/git-drs/internal/cloud"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        sycloud "github.com/calypr/syfon/client/cloud"
         "github.com/spf13/cobra"
 )
 
 // addURLInput holds the parsed CLI state for the add-url command.
 type addURLInput struct {
-        objectURL    string
-        path         string
-        sha256       string
-        objectParams cloud.ObjectParameters
+        sourceArg string
+        objectURL string
+        path      string
+        sha256    string
+        scheme    string
 }
 
-// parseAddURLInput parses CLI args and flags into an addURLInput and constructs
-// cloud.ObjectParameters for metadata inspection.
-func parseAddURLInput(cmd *cobra.Command, args []string) (addURLInput, error) <span class="cov3" title="3">{
-        objectURL := args[0]
+// parseAddURLInput parses CLI args and flags into an addURLInput.
+func parseAddURLInput(cmd *cobra.Command, args []string) (addURLInput, error) <span class="cov5" title="4">{
+        sourceArg := strings.TrimSpace(args[0])
 
-        pathArg, err := resolvePathArg(objectURL, args)
+        pathArg, err := resolvePathArg(sourceArg, args)
         if err != nil </span><span class="cov0" title="0">{
                 return addURLInput{}, err
         }</span>
 
-        <span class="cov3" title="3">sha256Param, err := cmd.Flags().GetString("sha256")
+        <span class="cov5" title="4">sha256Param, err := cmd.Flags().GetString("sha256")
         if err != nil </span><span class="cov0" title="0">{
                 return addURLInput{}, fmt.Errorf("read flag sha256: %w", err)
         }</span>
+        <span class="cov5" title="4">scheme, err := cmd.Flags().GetString("scheme")
+        if err != nil </span><span class="cov0" title="0">{
+                return addURLInput{}, fmt.Errorf("read flag scheme: %w", err)
+        }</span>
 
-        <span class="cov3" title="3">return addURLInput{
-                objectURL: objectURL,
+        <span class="cov5" title="4">return addURLInput{
+                sourceArg: sourceArg,
                 path:      pathArg,
                 sha256:    sha256Param,
-                objectParams: cloud.ObjectParameters{
-                        ObjectURL:       objectURL,
-                        S3Region:        firstNonEmpty(os.Getenv("AWS_REGION"), os.Getenv("AWS_DEFAULT_REGION"), os.Getenv("TEST_BUCKET_REGION")),
-                        S3Endpoint:      firstNonEmpty(os.Getenv("AWS_ENDPOINT_URL_S3"), os.Getenv("AWS_ENDPOINT_URL"), os.Getenv("TEST_BUCKET_ENDPOINT")),
-                        S3AccessKey:     firstNonEmpty(os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("TEST_BUCKET_ACCESS_KEY")),
-                        S3SecretKey:     firstNonEmpty(os.Getenv("AWS_SECRET_ACCESS_KEY"), os.Getenv("TEST_BUCKET_SECRET_KEY")),
-                        SHA256:          sha256Param,
-                        DestinationPath: pathArg,
-                },
+                scheme:    strings.ToLower(strings.TrimSpace(scheme)),
         }, nil</span>
 }
 
 // resolvePathArg returns the explicit destination path argument when provided,
-// otherwise derives the worktree path from the given cloud URL path component.
-func resolvePathArg(objectURL string, args []string) (string, error) <span class="cov3" title="3">{
+// otherwise derives the worktree path from the given cloud URL or object key.
+func resolvePathArg(sourceArg string, args []string) (string, error) <span class="cov5" title="4">{
         if len(args) == 2 </span><span class="cov0" title="0">{
                 return args[1], nil
         }</span>
-        <span class="cov3" title="3">u, err := url.Parse(objectURL)
+        <span class="cov5" title="4">if looksLikeCloudURL(sourceArg) </span><span class="cov4" title="3">{
+                u, err := url.Parse(sourceArg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov4" title="3">return strings.TrimPrefix(u.Path, "/"), nil</span>
+        }
+        <span class="cov1" title="1">return strings.Trim(strings.TrimSpace(sourceArg), "/"), nil</span>
+}
+
+func buildObjectParameters(objectURL, pathArg, sha256 string) sycloud.ObjectParameters <span class="cov3" title="2">{
+        return sycloud.ObjectParameters{
+                ObjectURL:       objectURL,
+                S3Region:        firstNonEmpty(os.Getenv("AWS_REGION"), os.Getenv("AWS_DEFAULT_REGION"), os.Getenv("TEST_BUCKET_REGION")),
+                S3Endpoint:      firstNonEmpty(os.Getenv("AWS_ENDPOINT_URL_S3"), os.Getenv("AWS_ENDPOINT_URL"), os.Getenv("TEST_BUCKET_ENDPOINT")),
+                S3AccessKey:     firstNonEmpty(os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("TEST_BUCKET_ACCESS_KEY")),
+                S3SecretKey:     firstNonEmpty(os.Getenv("AWS_SECRET_ACCESS_KEY"), os.Getenv("TEST_BUCKET_SECRET_KEY")),
+                SHA256:          sha256,
+                DestinationPath: pathArg,
+        }
+}</span>
+
+func looksLikeCloudURL(raw string) bool <span class="cov6" title="7">{
+        u, err := url.Parse(strings.TrimSpace(raw))
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return false
+        }</span>
+        <span class="cov6" title="7">if strings.TrimSpace(u.Scheme) == "" </span><span class="cov4" title="3">{
+                return false
+        }</span>
+        <span class="cov5" title="4">switch strings.ToLower(strings.TrimSpace(u.Scheme)) </span>{
+        case "s3", "gs", "gcs", "azblob", "http", "https":<span class="cov5" title="4">
+                return strings.TrimSpace(u.Host) != ""</span>
+        default:<span class="cov0" title="0">
+                return false</span>
+        }
+}
+
+func resolveObjectURL(input addURLInput, scope gitrepo.ResolvedBucketScope) (string, error) <span class="cov4" title="3">{
+        if looksLikeCloudURL(input.sourceArg) </span><span class="cov1" title="1">{
+                return input.sourceArg, nil
         }</span>
-        <span class="cov3" title="3">return strings.TrimPrefix(u.Path, "/"), nil</span>
+        <span class="cov3" title="2">if input.scheme == "" </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("object key mode requires --scheme because local bucket mappings store bucket/prefix but not provider scheme")
+        }</span>
+        <span class="cov1" title="1">key := joinObjectKey(scope.Prefix, input.sourceArg)
+        switch input.scheme </span>{
+        case "s3":<span class="cov1" title="1">
+                return fmt.Sprintf("s3://%s/%s", scope.Bucket, key), nil</span>
+        case "gs", "gcs":<span class="cov0" title="0">
+                return fmt.Sprintf("gs://%s/%s", scope.Bucket, key), nil</span>
+        case "azblob", "az":<span class="cov0" title="0">
+                return "", fmt.Errorf("object key mode for Azure requires a full azblob:// URL because the local mapping does not store account_name")</span>
+        default:<span class="cov0" title="0">
+                return "", fmt.Errorf("unsupported --scheme %q (expected s3 or gs, or pass a full object URL)", input.scheme)</span>
+        }
+}
+
+func joinObjectKey(prefix, key string) string <span class="cov1" title="1">{
+        parts := make([]string, 0, 2)
+        if p := strings.Trim(strings.TrimSpace(prefix), "/"); p != "" </span><span class="cov1" title="1">{
+                parts = append(parts, p)
+        }</span>
+        <span class="cov1" title="1">if k := strings.Trim(strings.TrimSpace(key), "/"); k != "" </span><span class="cov1" title="1">{
+                parts = append(parts, k)
+        }</span>
+        <span class="cov1" title="1">return path.Join(parts...)</span>
 }
 
-func firstNonEmpty(values ...string) string <span class="cov7" title="12">{
-        for _, v := range values </span><span class="cov10" title="30">{
+func firstNonEmpty(values ...string) string <span class="cov7" title="8">{
+        for _, v := range values </span><span class="cov10" title="20">{
                 v = strings.TrimSpace(v)
-                if v != "" </span><span class="cov4" title="4">{
+                if v != "" </span><span class="cov5" title="4">{
                         return v
                 }</span>
         }
-        <span class="cov6" title="8">return ""</span>
+        <span class="cov5" title="4">return ""</span>
 }
 </pre>
 		
@@ -790,16 +881,20 @@
 
 import (
         "context"
+        "crypto/sha256"
         "fmt"
         "log/slog"
-        "os"
+        "strings"
 
-        "github.com/calypr/git-drs/internal/cloud"
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drsmap"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/drstrack"
         "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        sycloud "github.com/calypr/syfon/client/cloud"
+        "github.com/google/uuid"
         "github.com/spf13/cobra"
 )
 
@@ -807,7 +902,7 @@
 // behavior (logger factory, object inspection, LFS helpers, config loader, etc.).
 type AddURLService struct {
         newLogger     func(string, bool) (*slog.Logger, error)
-        inspectObject func(ctx context.Context, input cloud.ObjectParameters) (*cloud.ObjectInfo, error)
+        inspectObject func(ctx context.Context, input sycloud.ObjectParameters) (*sycloud.ObjectInfo, error)
         isLFSTracked  func(path string) (bool, error)
         getGitRoots   func(ctx context.Context) (string, string, error)
         gitLFSTrack   func(ctx context.Context, path string) (bool, error)
@@ -816,131 +911,186 @@
 
 // NewAddURLService constructs an AddURLService populated with production
 // implementations of its dependencies.
-func NewAddURLService() *AddURLService <span class="cov8" title="1">{
+func NewAddURLService() *AddURLService <span class="cov1" title="1">{
         return &amp;AddURLService{
                 newLogger:     drslog.NewLogger,
-                inspectObject: cloud.InspectObjectForLFS,
+                inspectObject: sycloud.InspectObject,
                 isLFSTracked:  lfs.IsLFSTracked,
                 getGitRoots:   lfs.GetGitRootDirectories,
-                gitLFSTrack:   lfs.GitLFSTrackReadOnly,
+                gitLFSTrack:   drstrack.TrackReadOnly,
                 loadConfig:    config.LoadConfig,
         }
 }</span>
 
-// Run executes the add-url workflow: parse CLI input, inspect the cloud object,
+// Run executes the add-url workflow: parse CLI input, resolve the target bucket
+// scope, inspect the provider object through the client-owned cloud package,
 // ensure the LFS object exists in local storage, write a pointer file, update
 // the pre-commit cache (best-effort), optionally add a tracking entry, and
 // record the DRS mapping.
-func (s *AddURLService) Run(cmd *cobra.Command, args []string) error <span class="cov8" title="1">{
+func (s *AddURLService) Run(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
         ctx := cmd.Context()
-        if ctx == nil </span><span class="cov8" title="1">{
+        if ctx == nil </span><span class="cov1" title="1">{
                 ctx = context.Background()
         }</span>
 
-        <span class="cov8" title="1">logger, err := s.newLogger("", false)
+        <span class="cov1" title="1">logger, err := s.newLogger("", false)
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("error creating logger: %v", err)
         }</span>
 
-        <span class="cov8" title="1">input, err := parseAddURLInput(cmd, args)
+        <span class="cov1" title="1">input, err := parseAddURLInput(cmd, args)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">objectInfo, err := s.inspectObject(ctx, input.objectParams)
+        <span class="cov1" title="1">cfg, err := s.loadConfig()
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return fmt.Errorf("error getting config: %v", err)
         }</span>
 
-        <span class="cov8" title="1">isTracked, err := s.isLFSTracked(input.path)
+        <span class="cov1" title="1">remote, err := cfg.GetDefaultRemote()
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("check LFS tracking for %s: %w", input.path, err)
+                return err
         }</span>
 
-        <span class="cov8" title="1">gitCommonDir, lfsRoot, err := s.getGitRoots(ctx)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("get git root directories: %w", err)
+        <span class="cov1" title="1">remoteConfig := cfg.GetRemote(remote)
+        if remoteConfig == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error getting remote configuration for %s", remote)
         }</span>
 
-        <span class="cov8" title="1">if err := printResolvedInfo(cmd, gitCommonDir, lfsRoot, objectInfo, input.path, isTracked, input.sha256); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">org, project, scope, err := resolveTargetScope(remoteConfig)
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">oid, err := s.ensureLFSObject(ctx, objectInfo, input, lfsRoot)
+        <span class="cov1" title="1">input.objectURL, err = resolveObjectURL(input, scope)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">if err := writePointerFile(input.path, oid, objectInfo.SizeBytes); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">objectInfo, err := s.inspectObject(ctx, buildObjectParameters(input.objectURL, input.path, input.sha256))
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">if err := updatePrecommitCache(ctx, logger, input.path, oid, input.objectURL); err != nil </span><span class="cov0" title="0">{
-                logger.Warn("pre-commit cache update skipped", "error", err)
+        <span class="cov1" title="1">isTracked, err := s.isLFSTracked(input.path)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("check LFS tracking for %s: %w", input.path, err)
+        }</span>
+
+        <span class="cov1" title="1">gitCommonDir, lfsRoot, err := s.getGitRoots(ctx)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("get git root directories: %w", err)
         }</span>
 
-        <span class="cov8" title="1">if err := maybeTrackLFS(ctx, s.gitLFSTrack, input.path, isTracked); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if err := printResolvedInfo(cmd, gitCommonDir, lfsRoot, objectInfo, input.path, isTracked, input.sha256); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">cfg, err := s.loadConfig()
+        <span class="cov1" title="1">oid, err := s.ensureLFSObject(ctx, objectInfo, input, lfsRoot)
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting config: %v", err)
+                return err
         }</span>
 
-        <span class="cov8" title="1">remote, err := cfg.GetDefaultRemote()
-        if err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if err := writePointerFile(input.path, oid, objectInfo.SizeBytes); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">remoteConfig := cfg.GetRemote(remote)
-        if remoteConfig == nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting remote configuration for %s", remote)
+        <span class="cov1" title="1">if err := updatePrecommitCache(ctx, logger, input.path, oid, input.objectURL); err != nil </span><span class="cov0" title="0">{
+                logger.Warn("pre-commit cache update skipped", "error", err)
         }</span>
 
-        <span class="cov8" title="1">org, project, scope, err := resolveTargetScope(remoteConfig)
-        if err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if err := maybeTrackLFS(ctx, s.gitLFSTrack, input.path, isTracked); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">builder := common.NewObjectBuilder(scope.Bucket, project)
+        <span class="cov1" title="1">builder := drsobject.NewBuilder(scope.Bucket, project)
         builder.Organization = org
         builder.StoragePrefix = scope.Prefix
 
-        file := lfs.LfsFileInfo{
+        file := addURLDrsFile{
                 Name: input.path,
                 Size: objectInfo.SizeBytes,
                 Oid:  oid,
         }
-        if _, err := drsmap.WriteDrsFile(builder, file, &amp;input.objectURL); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error WriteDrsFile: %v", err)
+        if _, err := writeAddURLDrsObject(builder, file, input.objectURL); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("write local DRS object: %w", err)
         }</span>
 
-        <span class="cov8" title="1">return nil</span>
+        <span class="cov1" title="1">return nil</span>
+}
+
+type addURLDrsFile struct {
+        Name string
+        Size int64
+        Oid  string
+}
+
+func writeAddURLDrsObject(builder drsobject.Builder, file addURLDrsFile, objectPath string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
+        var drsObj *drsapi.DrsObject
+        if err == nil &amp;&amp; existing != nil </span><span class="cov0" title="0">{
+                drsObj = existing
+                name := file.Name
+                drsObj.Name = &amp;name
+                drsObj.Size = file.Size
+        }</span> else<span class="cov1" title="1"> {
+                drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
+                drsObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, fmt.Errorf("error building DRS object for oid %s: %w", file.Oid, err)
+                }</span>
+        }
+
+        <span class="cov1" title="1">if objectPath != "" </span><span class="cov1" title="1">{
+                if drsObj.AccessMethods != nil &amp;&amp; len(*drsObj.AccessMethods) &gt; 0 </span><span class="cov1" title="1">{
+                        am := &amp;(*drsObj.AccessMethods)[0]
+                        am.AccessUrl = &amp;struct {
+                                Headers *[]string `json:"headers,omitempty"`
+                                Url     string    `json:"url"`
+                        }{Url: objectPath}
+                }</span> else<span class="cov0" title="0"> {
+                        drsObj.AccessMethods = &amp;[]drsapi.AccessMethod{{
+                                Type: drsapi.AccessMethodTypeS3,
+                                AccessUrl: &amp;struct {
+                                        Headers *[]string `json:"headers,omitempty"`
+                                        Url     string    `json:"url"`
+                                }{Url: objectPath},
+                        }}
+                }</span>
+        }
+
+        <span class="cov1" title="1">if err := drsobject.WriteObject(common.DRS_OBJS_PATH, drsObj, file.Oid); err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error writing DRS object for oid %s: %w", file.Oid, err)
+        }</span>
+        <span class="cov1" title="1">return drsObj, nil</span>
 }
 
-// ensureLFSObject ensures the LFS object identified by objectInfo exists in the
-// repository's LFS storage. If SHA256 is provided, it is trusted and returned.
-// Otherwise we create a sentinel object and synthetic OID derived from ETag,
-// deferring true checksum validation to first real data use.
-func (s *AddURLService) ensureLFSObject(ctx context.Context, objectInfo *cloud.ObjectInfo, input addURLInput, lfsRoot string) (string, error) <span class="cov8" title="1">{
+// ensureLFSObject returns the LFS pointer OID to use for the add-url target.
+// If SHA256 is provided, it is trusted and returned. Otherwise we derive a
+// deterministic placeholder OID from provider identity without writing any
+// local LFS object payload.
+func (s *AddURLService) ensureLFSObject(ctx context.Context, objectInfo *sycloud.ObjectInfo, input addURLInput, lfsRoot string) (string, error) <span class="cov1" title="1">{
         _ = ctx
+        _ = lfsRoot
         if input.sha256 != "" </span><span class="cov0" title="0">{
                 return input.sha256, nil
         }</span>
 
-        <span class="cov8" title="1">oid, err := lfs.SyntheticOIDFromETag(objectInfo.ETag)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
-        }</span>
-        <span class="cov8" title="1">objPath, err := lfs.WriteAddURLSentinelObject(lfsRoot, oid, objectInfo.ETag, input.objectURL)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+        <span class="cov1" title="1">return placeholderOIDForUnknownSHA(objectInfo.ETag, input.objectURL)</span>
+}
+
+func placeholderOIDForUnknownSHA(etag string, sourceURL string) (string, error) <span class="cov10" title="5">{
+        e := strings.TrimSpace(strings.Trim(etag, `"`))
+        src := strings.TrimSpace(sourceURL)
+        if e == "" </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("etag is required for placeholder oid")
         }</span>
-        <span class="cov8" title="1">if _, err := fmt.Fprintf(os.Stderr, "Added add-url sentinel object at %s\n", objPath); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("stderr write: %w", err)
+        <span class="cov8" title="4">if src == "" </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("source URL is required for placeholder oid")
         }</span>
-        <span class="cov8" title="1">return oid, nil</span>
+        <span class="cov8" title="4">sum := sha256.Sum256([]byte("git-drs-add-url-placeholder:v2\netag=" + e + "\nsource=" + src + "\n"))
+        return fmt.Sprintf("%x", sum[:]), nil</span>
 }
 </pre>
 		
@@ -957,11 +1107,11 @@
         "strings"
         "time"
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
+        "github.com/calypr/data-client/credentials"
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/drslog"
         "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/syfon/client/conf"
+        conf "github.com/calypr/syfon/client/config"
         "github.com/spf13/cobra"
 )
 
@@ -1195,7 +1345,7 @@
                 if prof, err := configure.Load(remoteName); err == nil </span><span class="cov0" title="0">{
                         token = strings.TrimSpace(prof.AccessToken)
                         if token == "" </span><span class="cov0" title="0">{
-                                if ensureErr := gitauth.EnsureValidCredential(context.Background(), prof, drslog.GetLogger()); ensureErr == nil </span><span class="cov0" title="0">{
+                                if ensureErr := credentials.EnsureValidCredential(context.Background(), prof, drslog.GetLogger()); ensureErr == nil </span><span class="cov0" title="0">{
                                         _ = configure.Save(prof)
                                         token = strings.TrimSpace(prof.AccessToken)
                                 }</span>
@@ -1326,135 +1476,487 @@
 }
 </pre>
 		
-		<pre class="file" id="file8" style="display: none">package credentialhelper
+		<pre class="file" id="file8" style="display: none">package copyrecords
 
 import (
-        "bufio"
         "context"
+        "encoding/json"
         "fmt"
-        "io"
-        "net/url"
-        "os"
+        "log/slog"
         "strings"
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
+        "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/syfon/client/conf"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+        syservices "github.com/calypr/syfon/client/services"
         "github.com/spf13/cobra"
 )
 
-// Cmd implements a git credential helper bridge for git-drs over HTTP.
+var (
+        batchSize int
+)
+
+type copyStats struct {
+        SourceSeen int
+        Created    int
+        Updated    int
+        Unchanged  int
+        Written    int
+}
+
+type indexAPI interface {
+        List(ctx context.Context, opts syservices.ListRecordsOptions) (internalapi.ListRecordsResponse, error)
+        BulkDocuments(ctx context.Context, dids []string) ([]internalapi.InternalRecordResponse, error)
+        CreateBulk(ctx context.Context, req internalapi.BulkCreateRequest) (internalapi.ListRecordsResponse, error)
+}
+
 var Cmd = &amp;cobra.Command{
-        Use:    "credential-helper &lt;get|store|erase&gt;",
-        Hidden: true,
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                if len(args) != 1 </span><span class="cov0" title="0">{
-                        return fmt.Errorf("expected exactly one action: get, store, or erase")
-                }</span>
-                <span class="cov0" title="0">switch args[0] </span>{
-                case "get", "store", "erase":<span class="cov0" title="0">
-                        return nil</span>
-                default:<span class="cov0" title="0">
-                        return fmt.Errorf("unsupported action: %s", args[0])</span>
-                }
-        },
+        Use:   "copy-records [source-remote] &lt;target-remote&gt; &lt;organization/project&gt;",
+        Short: "Copy Syfon records between remotes for one organization/project scope",
+        Long:  "Read all Syfon records for a source organization/project scope and bulk load them into a target Syfon instance, only merging controlled_access and access_methods for records that already exist on the target.",
+        Args:  cobra.RangeArgs(2, 3),
         RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                action := args[0]
-                if action != "get" </span><span class="cov0" title="0">{
-                        // Stateless helper: no-op for store/erase.
-                        return nil
+                logger := drslog.GetLogger()
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error loading config: %w", err)
                 }</span>
 
-                <span class="cov0" title="0">req, err := readCredentialRequest(os.Stdin)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil
+                <span class="cov0" title="0">sourceRemote := ""
+                targetRemote := ""
+                scopeArg := ""
+                if len(args) == 2 </span><span class="cov0" title="0">{
+                        targetRemote = args[0]
+                        scopeArg = args[1]
+                }</span> else<span class="cov0" title="0"> {
+                        sourceRemote = args[0]
+                        targetRemote = args[1]
+                        scopeArg = args[2]
                 }</span>
 
-                <span class="cov0" title="0">logg := drslog.GetLogger()
-                remoteName, endpoint, err := resolveRemote()
+                <span class="cov0" title="0">srcRemoteName, err := cfg.GetRemoteOrDefault(sourceRemote)
                 if err != nil </span><span class="cov0" title="0">{
-                        return nil
+                        return fmt.Errorf("error resolving source remote: %w", err)
                 }</span>
-                <span class="cov0" title="0">if !requestMatchesEndpointHost(req, endpoint) </span><span class="cov0" title="0">{
-                        return nil
+                <span class="cov0" title="0">if strings.TrimSpace(targetRemote) == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("target remote is required")
                 }</span>
-
-                // Local/basic-auth remotes: prefer explicit repo credentials.
-                <span class="cov0" title="0">if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov0" title="0">{
-                        fmt.Fprintf(os.Stdout, "username=%s\npassword=%s\n\n", username, password)
-                        _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
-                        return nil
+                <span class="cov0" title="0">dstRemoteName := config.Remote(targetRemote)
+                if srcRemoteName == dstRemoteName </span><span class="cov0" title="0">{
+                        return fmt.Errorf("source and target remotes must be different")
                 }</span>
 
-                <span class="cov0" title="0">token := ""
-                // Prefer repo-local token first to keep git-drs local and deterministic.
-                if repoToken, err := gitrepo.GetRemoteToken(remoteName); err == nil &amp;&amp; strings.TrimSpace(repoToken) != "" </span><span class="cov0" title="0">{
-                        token = strings.TrimSpace(repoToken)
+                <span class="cov0" title="0">srcCfg := cfg.GetRemote(srcRemoteName)
+                if srcCfg == nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("source remote %q not found", srcRemoteName)
                 }</span>
 
-                // Try global profile to refresh/validate; fall back to repo token if unavailable.
-                <span class="cov0" title="0">manager := conf.NewConfigure(logg)
-                cred, err := manager.Load(remoteName)
-                if err == nil </span><span class="cov0" title="0">{
-                        if token != "" </span><span class="cov0" title="0">{
-                                cred.AccessToken = token
-                        }</span>
-                        <span class="cov0" title="0">if ensureErr := gitauth.EnsureValidCredential(context.Background(), cred, logg); ensureErr == nil </span><span class="cov0" title="0">{
-                                _ = manager.Save(cred)
-                                token = strings.TrimSpace(cred.AccessToken)
-                                if token != "" </span><span class="cov0" title="0">{
-                                        _ = gitrepo.SetRemoteToken(remoteName, token)
-                                }</span>
-                        }
-                }
+                <span class="cov0" title="0">org, proj, err := parseScopeArg(scopeArg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
 
-                <span class="cov0" title="0">if token == "" </span><span class="cov0" title="0">{
-                        return nil
+                <span class="cov0" title="0">srcCtx, err := cfg.GetRemoteClient(srcRemoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error creating source client: %w", err)
+                }</span>
+                <span class="cov0" title="0">dstCtx, err := cfg.GetRemoteClient(dstRemoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error creating target client: %w", err)
                 }</span>
 
-                // Username can be arbitrary for token-based Basic auth; server reads password token.
-                <span class="cov0" title="0">fmt.Fprintf(os.Stdout, "username=oauth2\npassword=%s\n\n", token)
+                <span class="cov0" title="0">stats, err := copyProjectRecords(cmd.Context(), logger, srcCtx.Client.Index(), dstCtx.Client.Index(), org, proj, batchSize)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
 
-                // Keep lfsurl synced for this remote.
-                _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+                <span class="cov0" title="0">logger.Info("copy-records complete",
+                        "source_remote", srcRemoteName,
+                        "target_remote", dstRemoteName,
+                        "organization", org,
+                        "project", proj,
+                        "source_seen", stats.SourceSeen,
+                        "created", stats.Created,
+                        "updated", stats.Updated,
+                        "unchanged", stats.Unchanged,
+                        "written", stats.Written,
+                )
                 return nil</span>
         },
 }
 
-type credentialRequest struct {
-        Protocol string
-        Host     string
-        Path     string
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().IntVar(&amp;batchSize, "batch-size", 250, "records per source page and target bulk write")
+}</span>
+
+func parseScopeArg(raw string) (string, string, error) <span class="cov0" title="0">{
+        raw = strings.TrimSpace(raw)
+        if raw == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("scope is required and must be in organization/project form")
+        }</span>
+        <span class="cov0" title="0">parts := strings.Split(raw, "/")
+        if len(parts) != 2 </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+        }</span>
+        <span class="cov0" title="0">org := strings.TrimSpace(parts[0])
+        project := strings.TrimSpace(parts[1])
+        if org == "" || project == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+        }</span>
+        <span class="cov0" title="0">return org, project, nil</span>
 }
 
-func readCredentialRequest(in io.Reader) (credentialRequest, error) <span class="cov1" title="1">{
-        req := credentialRequest{}
-        s := bufio.NewScanner(in)
-        for s.Scan() </span><span class="cov10" title="4">{
-                line := strings.TrimSpace(s.Text())
-                if line == "" </span><span class="cov1" title="1">{
+func copyProjectRecords(ctx context.Context, logger *slog.Logger, src indexAPI, dst indexAPI, org, project string, batchSize int) (copyStats, error) <span class="cov0" title="0">{
+        if batchSize &lt;= 0 </span><span class="cov0" title="0">{
+                batchSize = 250
+        }</span>
+
+        <span class="cov0" title="0">stats := copyStats{}
+        page := 1
+        for </span><span class="cov0" title="0">{
+                listResp, err := src.List(ctx, syservices.ListRecordsOptions{
+                        Organization: org,
+                        ProjectID:    project,
+                        Limit:        batchSize,
+                        Page:         page,
+                })
+                if err != nil </span><span class="cov0" title="0">{
+                        return stats, fmt.Errorf("source list failed for %s/%s page %d: %w", org, project, page, err)
+                }</span>
+                <span class="cov0" title="0">records := []internalapi.InternalRecord{}
+                if listResp.Records != nil </span><span class="cov0" title="0">{
+                        records = *listResp.Records
+                }</span>
+                <span class="cov0" title="0">if len(records) == 0 </span><span class="cov0" title="0">{
                         break</span>
                 }
-                <span class="cov8" title="3">parts := strings.SplitN(line, "=", 2)
-                if len(parts) != 2 </span><span class="cov0" title="0">{
-                        continue</span>
+                <span class="cov0" title="0">stats.SourceSeen += len(records)
+
+                toWrite, batchStats, err := buildMergedBatch(ctx, dst, records)
+                if err != nil </span><span class="cov0" title="0">{
+                        return stats, err
+                }</span>
+                <span class="cov0" title="0">stats.Created += batchStats.Created
+                stats.Updated += batchStats.Updated
+                stats.Unchanged += batchStats.Unchanged
+
+                if len(toWrite) &gt; 0 </span><span class="cov0" title="0">{
+                        resp, err := dst.CreateBulk(ctx, internalapi.BulkCreateRequest{Records: toWrite})
+                        if err != nil </span><span class="cov0" title="0">{
+                                return stats, fmt.Errorf("target bulk create failed on page %d: %w", page, err)
+                        }</span>
+                        <span class="cov0" title="0">if resp.Records != nil </span><span class="cov0" title="0">{
+                                stats.Written += len(*resp.Records)
+                        }</span> else<span class="cov0" title="0"> {
+                                stats.Written += len(toWrite)
+                        }</span>
                 }
-                <span class="cov8" title="3">key := strings.TrimSpace(parts[0])
-                val := strings.TrimSpace(parts[1])
-                switch key </span>{
-                case "protocol":<span class="cov1" title="1">
-                        req.Protocol = val</span>
-                case "host":<span class="cov1" title="1">
-                        req.Host = val</span>
-                case "path":<span class="cov1" title="1">
-                        req.Path = val</span>
+
+                <span class="cov0" title="0">if logger != nil </span><span class="cov0" title="0">{
+                        logger.Info("copy-records batch complete",
+                                "organization", org,
+                                "project", project,
+                                "page", page,
+                                "source_records", len(records),
+                                "created", batchStats.Created,
+                                "updated", batchStats.Updated,
+                                "unchanged", batchStats.Unchanged,
+                                "written", len(toWrite),
+                        )
+                }</span>
+
+                <span class="cov0" title="0">if len(records) &lt; batchSize </span><span class="cov0" title="0">{
+                        break</span>
                 }
+                <span class="cov0" title="0">page++</span>
         }
-        <span class="cov1" title="1">return req, s.Err()</span>
+
+        <span class="cov0" title="0">return stats, nil</span>
 }
 
-func resolveRemote() (string, string, error) <span class="cov0" title="0">{
+func buildMergedBatch(ctx context.Context, dst indexAPI, source []internalapi.InternalRecord) ([]internalapi.InternalRecord, copyStats, error) <span class="cov1" title="1">{
+        stats := copyStats{}
+        if len(source) == 0 </span><span class="cov0" title="0">{
+                return nil, stats, nil
+        }</span>
+
+        <span class="cov1" title="1">dids := make([]string, 0, len(source))
+        for _, rec := range source </span><span class="cov4" title="2">{
+                did := strings.TrimSpace(rec.Did)
+                if did == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">dids = append(dids, did)</span>
+        }
+
+        <span class="cov1" title="1">existing, err := dst.BulkDocuments(ctx, dids)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, stats, fmt.Errorf("target bulk documents failed: %w", err)
+        }</span>
+        <span class="cov1" title="1">existingByDID := make(map[string]internalapi.InternalRecord, len(existing))
+        for _, rec := range existing </span><span class="cov1" title="1">{
+                existingByDID[strings.TrimSpace(rec.Did)] = recordResponseToRecord(rec)
+        }</span>
+
+        <span class="cov1" title="1">out := make([]internalapi.InternalRecord, 0, len(source))
+        for _, src := range source </span><span class="cov4" title="2">{
+                did := strings.TrimSpace(src.Did)
+                if did == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">if dstRec, ok := existingByDID[did]; ok </span><span class="cov1" title="1">{
+                        merged, changed := mergeExistingRecord(dstRec, src)
+                        if changed </span><span class="cov1" title="1">{
+                                out = append(out, merged)
+                                stats.Updated++
+                        }</span> else<span class="cov0" title="0"> {
+                                stats.Unchanged++
+                        }</span>
+                        <span class="cov1" title="1">continue</span>
+                }
+                <span class="cov1" title="1">out = append(out, src)
+                stats.Created++</span>
+        }
+
+        <span class="cov1" title="1">return out, stats, nil</span>
+}
+
+func mergeExistingRecord(dst, src internalapi.InternalRecord) (internalapi.InternalRecord, bool) <span class="cov4" title="2">{
+        merged := dst
+        changed := false
+
+        controlledAccess := mergeStringLists(dst.ControlledAccess, src.ControlledAccess)
+        if !equalStringPointers(merged.ControlledAccess, controlledAccess) </span><span class="cov4" title="2">{
+                merged.ControlledAccess = controlledAccess
+                changed = true
+        }</span>
+
+        <span class="cov4" title="2">accessMethods := mergeAccessMethods(dst.AccessMethods, src.AccessMethods)
+        if !equalAccessMethodPointers(merged.AccessMethods, accessMethods) </span><span class="cov4" title="2">{
+                merged.AccessMethods = accessMethods
+                changed = true
+        }</span>
+
+        <span class="cov4" title="2">return merged, changed</span>
+}
+
+func recordResponseToRecord(in internalapi.InternalRecordResponse) internalapi.InternalRecord <span class="cov1" title="1">{
+        return internalapi.InternalRecord{
+                Did:              in.Did,
+                AccessMethods:    in.AccessMethods,
+                ControlledAccess: in.ControlledAccess,
+                CreatedTime:      in.CreatedTime,
+                Description:      in.Description,
+                FileName:         in.FileName,
+                Hashes:           in.Hashes,
+                Organization:     in.Organization,
+                Project:          in.Project,
+                Size:             in.Size,
+                UpdatedTime:      in.UpdatedTime,
+                Version:          in.Version,
+        }
+}</span>
+
+func mergeStringLists(left, right *[]string) *[]string <span class="cov4" title="2">{
+        seen := map[string]struct{}{}
+        out := make([]string, 0)
+        for _, list := range []*[]string{left, right} </span><span class="cov8" title="4">{
+                if list == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="4">for _, raw := range *list </span><span class="cov10" title="5">{
+                        val := strings.TrimSpace(raw)
+                        if val == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov10" title="5">if _, ok := seen[val]; ok </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov8" title="4">seen[val] = struct{}{}
+                        out = append(out, val)</span>
+                }
+        }
+        <span class="cov4" title="2">if len(out) == 0 </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov4" title="2">return &amp;out</span>
+}
+
+func mergeAccessMethods(left, right *[]drsapi.AccessMethod) *[]drsapi.AccessMethod <span class="cov4" title="2">{
+        seen := map[string]struct{}{}
+        out := make([]drsapi.AccessMethod, 0)
+        for _, list := range []*[]drsapi.AccessMethod{left, right} </span><span class="cov8" title="4">{
+                if list == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="4">for _, method := range *list </span><span class="cov10" title="5">{
+                        key := canonicalAccessMethod(method)
+                        if _, ok := seen[key]; ok </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov8" title="4">seen[key] = struct{}{}
+                        out = append(out, method)</span>
+                }
+        }
+        <span class="cov4" title="2">if len(out) == 0 </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov4" title="2">return &amp;out</span>
+}
+
+func canonicalAccessMethod(method drsapi.AccessMethod) string <span class="cov10" title="5">{
+        b, err := json.Marshal(method)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Sprintf("%s|%v", method.Type, method.AccessId)
+        }</span>
+        <span class="cov10" title="5">return string(b)</span>
+}
+
+func equalStringPointers(a, b *[]string) bool <span class="cov4" title="2">{
+        return equalJSON(a, b)
+}</span>
+
+func equalAccessMethodPointers(a, b *[]drsapi.AccessMethod) bool <span class="cov4" title="2">{
+        return equalJSON(a, b)
+}</span>
+
+func equalJSON(a, b any) bool <span class="cov8" title="4">{
+        ab, _ := json.Marshal(a)
+        bb, _ := json.Marshal(b)
+        return string(ab) == string(bb)
+}</span>
+</pre>
+		
+		<pre class="file" id="file9" style="display: none">package credentialhelper
+
+import (
+        "bufio"
+        "context"
+        "fmt"
+        "io"
+        "net/url"
+        "os"
+        "strings"
+
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        conf "github.com/calypr/syfon/client/config"
+        "github.com/spf13/cobra"
+)
+
+// Cmd implements a git credential helper bridge for git-drs over HTTP.
+var Cmd = &amp;cobra.Command{
+        Use:    "credential-helper &lt;get|store|erase&gt;",
+        Hidden: true,
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) != 1 </span><span class="cov0" title="0">{
+                        return fmt.Errorf("expected exactly one action: get, store, or erase")
+                }</span>
+                <span class="cov0" title="0">switch args[0] </span>{
+                case "get", "store", "erase":<span class="cov0" title="0">
+                        return nil</span>
+                default:<span class="cov0" title="0">
+                        return fmt.Errorf("unsupported action: %s", args[0])</span>
+                }
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                action := args[0]
+                if action != "get" </span><span class="cov0" title="0">{
+                        // Stateless helper: no-op for store/erase.
+                        return nil
+                }</span>
+
+                <span class="cov0" title="0">req, err := readCredentialRequest(os.Stdin)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+
+                <span class="cov0" title="0">logg := drslog.GetLogger()
+                remoteName, endpoint, err := resolveRemote()
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+                <span class="cov0" title="0">if !requestMatchesEndpointHost(req, endpoint) </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+
+                // Local/basic-auth remotes: prefer explicit repo credentials.
+                <span class="cov0" title="0">if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov0" title="0">{
+                        fmt.Fprintf(os.Stdout, "username=%s\npassword=%s\n\n", username, password)
+                        _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+                        return nil
+                }</span>
+
+                <span class="cov0" title="0">token := ""
+                // Prefer repo-local token first to keep git-drs local and deterministic.
+                if repoToken, err := gitrepo.GetRemoteToken(remoteName); err == nil &amp;&amp; strings.TrimSpace(repoToken) != "" </span><span class="cov0" title="0">{
+                        token = strings.TrimSpace(repoToken)
+                }</span>
+
+                // Try global profile to refresh/validate; fall back to repo token if unavailable.
+                <span class="cov0" title="0">manager := conf.NewConfigure(logg)
+                cred, err := manager.Load(remoteName)
+                if err == nil </span><span class="cov0" title="0">{
+                        if token != "" </span><span class="cov0" title="0">{
+                                cred.AccessToken = token
+                        }</span>
+                        <span class="cov0" title="0">if ensureErr := credentials.EnsureValidCredential(context.Background(), cred, logg); ensureErr == nil </span><span class="cov0" title="0">{
+                                _ = manager.Save(cred)
+                                token = strings.TrimSpace(cred.AccessToken)
+                                if token != "" </span><span class="cov0" title="0">{
+                                        _ = gitrepo.SetRemoteToken(remoteName, token)
+                                }</span>
+                        }
+                }
+
+                <span class="cov0" title="0">if token == "" </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+
+                // Username can be arbitrary for token-based Basic auth; server reads password token.
+                <span class="cov0" title="0">fmt.Fprintf(os.Stdout, "username=oauth2\npassword=%s\n\n", token)
+
+                // Keep lfsurl synced for this remote.
+                _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+                return nil</span>
+        },
+}
+
+type credentialRequest struct {
+        Protocol string
+        Host     string
+        Path     string
+}
+
+func readCredentialRequest(in io.Reader) (credentialRequest, error) <span class="cov1" title="1">{
+        req := credentialRequest{}
+        s := bufio.NewScanner(in)
+        for s.Scan() </span><span class="cov10" title="4">{
+                line := strings.TrimSpace(s.Text())
+                if line == "" </span><span class="cov1" title="1">{
+                        break</span>
+                }
+                <span class="cov8" title="3">parts := strings.SplitN(line, "=", 2)
+                if len(parts) != 2 </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="3">key := strings.TrimSpace(parts[0])
+                val := strings.TrimSpace(parts[1])
+                switch key </span>{
+                case "protocol":<span class="cov1" title="1">
+                        req.Protocol = val</span>
+                case "host":<span class="cov1" title="1">
+                        req.Host = val</span>
+                case "path":<span class="cov1" title="1">
+                        req.Path = val</span>
+                }
+        }
+        <span class="cov1" title="1">return req, s.Err()</span>
+}
+
+func resolveRemote() (string, string, error) <span class="cov0" title="0">{
         remoteName, err := gitrepo.GetGitConfigString("drs.default-remote")
         if err != nil </span><span class="cov0" title="0">{
                 return "", "", err
@@ -1491,7 +1993,7 @@
 }
 </pre>
 		
-		<pre class="file" id="file9" style="display: none">package delete
+		<pre class="file" id="file10" style="display: none">package delete
 
 import (
         "context"
@@ -1501,7 +2003,7 @@
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drslookup"
+        "github.com/calypr/git-drs/internal/drsremote"
         "github.com/calypr/syfon/client/hash"
         "github.com/spf13/cobra"
 )
@@ -1546,7 +2048,7 @@
                 }</span>
 
                 // Get record details before deletion for confirmation
-                <span class="cov0" title="0">records, err := drslookup.ObjectsByHashForScope(context.Background(), drsClient, oid)
+                <span class="cov0" title="0">records, err := drsremote.ObjectsByHashForScope(context.Background(), drsClient, oid)
                 if err != nil </span><span class="cov0" title="0">{
                         return fmt.Errorf("error getting records for OID %s: %v", oid, err)
                 }</span>
@@ -1596,291 +2098,186 @@
 }</span>
 </pre>
 		
-		<pre class="file" id="file10" style="display: none">package deleteproject
+		<pre class="file" id="file11" style="display: none">package initialize
 
 import (
-        "context"
         "fmt"
+        "log/slog"
         "os"
+        "os/exec"
+        "path/filepath"
+        "strconv"
+        "strings"
+        "time"
 
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        syfonclient "github.com/calypr/syfon/client/syfonclient"
+        "github.com/calypr/git-drs/internal/gitrepo"
         "github.com/spf13/cobra"
 )
 
 var (
-        remote      string
-        confirmFlag string
+        transfers            = 1
+        upsert               bool
+        multiPartThreshold   = 5120
+        enableDataClientLogs bool
 )
 
 // Cmd line declaration
 var Cmd = &amp;cobra.Command{
-        Use:    "delete-project &lt;project_id&gt;",
-        Short:  "Delete all DRS objects for a given project",
-        Long:   "Delete all DRS objects for a given project",
-        Hidden: true,
-        Args:   cobra.ExactArgs(1),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                projectId := args[0]
-                logger := drslog.GetLogger()
-
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error loading config: %v", err)
-                }</span>
-
-                <span class="cov0" title="0">remoteName, err := cfg.GetRemoteOrDefault(remote)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error getting default remote: %v", err)
+        Use:   "init",
+        Short: "Initialize repo for git-drs",
+        Long: "Description:" +
+                "\n  Initialize repo for git-drs",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+                if len(args) != 0 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs init --help' for more details", len(args), cmd.UseLine())
                 }</span>
-
-                <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remoteName, logger)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("error creating DRS client: %s", err))
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                logg := drslog.GetLogger()
+                if err := InitializeRepo(logg); err != nil </span><span class="cov1" title="1">{
                         return err
                 }</span>
+                <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
+                return nil</span>
+        },
+}
 
-                <span class="cov0" title="0">remoteConfig := cfg.GetRemote(remoteName)
-                organization := ""
-                if remoteConfig != nil </span><span class="cov0" title="0">{
-                        organization = remoteConfig.GetOrganization()
-                }</span>
+// InitializeRepo applies git-drs repository-local setup to the current git repository.
+// It is safe to call repeatedly.
+func InitializeRepo(logg *slog.Logger) error <span class="cov6" title="2">{
+        // check if .git dir exists to ensure you're in a git repository
+        _, err := gitrepo.GitTopLevel()
+        if err != nil </span><span class="cov1" title="1">{
+                return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+        }</span>
 
-                // Get a sample record to show the user what will be deleted
-                <span class="cov0" title="0">sampleResp, err := drsClient.Client.Index().List(context.Background(), syfonclient.ListRecordsOptions{
-                        Organization: organization,
-                        ProjectID:    projectId,
-                        Limit:        1,
-                        Page:         1,
-                })
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error getting sample records for project %s: %v", projectId, err)
-                }</span>
+        // create config file if it doesn't exist
+        <span class="cov1" title="1">err = config.CreateEmptyConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error: unable to create config file: %v", err)
+        }</span>
 
-                // Show details and get confirmation unless --confirm flag matches project_id
-                <span class="cov0" title="0">if confirmFlag != "" &amp;&amp; confirmFlag != projectId </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: --confirm value '%s' does not match project ID '%s'", confirmFlag, projectId)
-                }</span>
-                <span class="cov0" title="0">if confirmFlag != projectId </span><span class="cov0" title="0">{
-                        common.DisplayWarningHeader(os.Stderr, "DELETE ALL RECORDS for a project")
-                        common.DisplayField(os.Stderr, "Remote", string(remoteName))
-                        common.DisplayField(os.Stderr, "Project ID", projectId)
-
-                        if sampleResp.Records != nil &amp;&amp; len(*sampleResp.Records) &gt; 0 </span><span class="cov0" title="0">{
-                                sample := (*sampleResp.Records)[0]
-                                fmt.Fprintf(os.Stderr, "\nSample record from this project:\n")
-                                common.DisplayField(os.Stderr, "  DID", sample.Did)
-                                if sample.FileName != nil &amp;&amp; *sample.FileName != "" </span><span class="cov0" title="0">{
-                                        common.DisplayField(os.Stderr, "  Filename", *sample.FileName)
-                                }</span>
-                                <span class="cov0" title="0">if sample.Size != nil </span><span class="cov0" title="0">{
-                                        common.DisplayField(os.Stderr, "  Size", fmt.Sprintf("%d bytes", *sample.Size))
-                                }</span>
-                        } else<span class="cov0" title="0"> {
-                                fmt.Fprintf(os.Stderr, "\nNo records found for this project.\n")
-                        }</span>
+        // load the config
+        <span class="cov1" title="1">_, err = config.LoadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
+                return fmt.Errorf("error: unable to load config file: %v", err)
+        }</span>
 
-                        <span class="cov0" title="0">fmt.Fprintf(os.Stderr, "\nThis will DELETE ALL records in project '%s'.\n", projectId)
-                        common.DisplayFooter(os.Stderr)
+        // create drs directories
+        <span class="cov1" title="1">drsDir := common.DRS_DIR
+        drsLfsObjsDir := common.DRS_OBJS_PATH
+        if err := os.MkdirAll(drsDir, 0755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error: unable to create drs directory: %v", err)
+        }</span>
+        <span class="cov1" title="1">if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
+        }</span>
 
-                        if err := common.PromptForConfirmation(os.Stderr, fmt.Sprintf("Type the project ID '%s' to confirm deletion", projectId), projectId, true); err != nil </span><span class="cov0" title="0">{
-                                return err
-                        }</span>
-                }
+        <span class="cov1" title="1">err = initGitConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error initializing git-drs repository config: %v", err)
+        }</span>
 
-                // Delete the matching records
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Deleting all records for project %s...", projectId))
-                _, err = drsClient.Client.Index().DeleteByQuery(context.Background(), syfonclient.DeleteByQueryOptions{
-                        Organization: organization,
-                        ProjectID:    projectId,
-                })
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error deleting project %s: %v", projectId, err)
-                }</span>
+        // install pre-push hook
+        <span class="cov1" title="1">err = installPrePushHook(logg)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error installing pre-push hook: %v", err)
+        }</span>
+        // install pre-commit hook
+        <span class="cov1" title="1">err = installPreCommitHook(logg)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error installing pre-commit hook: %v", err)
+        }</span>
 
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Successfully deleted all records for project %s", projectId))
-                return nil</span>
-        },
+        <span class="cov1" title="1">logg.Debug("Git DRS initialized")
+        return nil</span>
 }
 
-func init() <span class="cov8" title="1">{
-        Cmd.Flags().StringVarP(&amp;remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-        Cmd.Flags().StringVar(&amp;confirmFlag, "confirm", "", "skip interactive confirmation by providing the project_id (e.g., --confirm my-project)")
-}</span>
-</pre>
-		
-		<pre class="file" id="file11" style="display: none">package fetch
-
-import (
-        "fmt"
-        "os/exec"
-        "strings"
-
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/spf13/cobra"
-)
-
-var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
-        cmd := exec.Command(name, args...)
-        return cmd.CombinedOutput()
-}</span>
-
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "fetch [remote-name]",
-        Short: "Fetch LFS objects from remote via standard git-lfs",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) &gt; 1 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs fetch --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov6" title="2">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-                logger := drslog.GetLogger()
-
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error loading config: %v", err)
-                }</span>
-
-                <span class="cov6" title="2">var remote config.Remote
-                if len(args) &gt; 0 </span><span class="cov1" title="1">{
-                        remote = config.Remote(args[0])
-                }</span> else<span class="cov1" title="1"> {
-                        remote, err = cfg.GetDefaultRemote()
-                        if err != nil </span><span class="cov1" title="1">{
-                                logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-                                return err
-                        }</span>
-                }
-
-                <span class="cov1" title="1">drsClient, err := cfg.GetRemoteClient(remote, logger)
-                if err != nil </span><span class="cov1" title="1">{
-                        logger.Error(fmt.Sprintf("\nerror creating DRS client: %s", err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">_ = drsClient // Remote validation only.
-
-                out, err := runCommand("git", "lfs", "pull", string(remote))
-                if err != nil </span><span class="cov0" title="0">{
-                        msg := strings.TrimSpace(string(out))
-                        if msg == "" </span><span class="cov0" title="0">{
-                                msg = err.Error()
-                        }</span>
-                        <span class="cov0" title="0">return fmt.Errorf("git lfs pull failed for remote %q: %s", remote, msg)</span>
-                }
-
-                <span class="cov0" title="0">return nil</span>
-        },
+// EnsureInitialized applies initialization only when the repository does not
+// already appear to have git-drs local setup installed.
+func EnsureInitialized(logg *slog.Logger) error <span class="cov6" title="2">{
+        initialized, err := isInitialized()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov6" title="2">if initialized </span><span class="cov1" title="1">{
+                return nil
+        }</span>
+        <span class="cov1" title="1">return InitializeRepo(logg)</span>
 }
-</pre>
-		
-		<pre class="file" id="file12" style="display: none">package initialize
-
-import (
-        "fmt"
-        "log/slog"
-        "os"
-        "os/exec"
-        "path/filepath"
-        "strconv"
-        "strings"
-        "time"
-
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/spf13/cobra"
-)
-
-var (
-        transfers            = 1
-        upsert               bool
-        multiPartThreshold   = 5120
-        enableDataClientLogs bool
-)
-
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "init",
-        Short: "Initialize repo for git-drs",
-        Long: "Description:" +
-                "\n  Initialize repo for git-drs",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="2">{
-                if len(args) != 0 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs init --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov1" title="1">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
-                logg := drslog.GetLogger()
 
-                // check if .git dir exists to ensure you're in a git repository
-                _, err := gitrepo.GitTopLevel()
-                if err != nil </span><span class="cov1" title="1">{
-                        return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
-                }</span>
+func isInitialized() (bool, error) <span class="cov6" title="2">{
+        if _, err := gitrepo.GitTopLevel(); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+        }</span>
 
-                // create config file if it doesn't exist
-                <span class="cov0" title="0">err = config.CreateEmptyConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: unable to create config file: %v", err)
+        <span class="cov6" title="2">if _, err := os.Stat(common.DRS_DIR); err != nil </span><span class="cov1" title="1">{
+                if os.IsNotExist(err) </span><span class="cov1" title="1">{
+                        return false, nil
                 }</span>
+                <span class="cov0" title="0">return false, fmt.Errorf("error checking git-drs directory: %v", err)</span>
+        }
 
-                // load the config
-                <span class="cov0" title="0">_, err = config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
-                        return fmt.Errorf("error: unable to load config file: %v", err)
-                }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.process"); err != nil || strings.TrimSpace(val) != "git-drs filter" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.clean"); err != nil || strings.TrimSpace(val) != "git-drs clean -- %f" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.smudge"); err != nil || strings.TrimSpace(val) != "git-drs smudge -- %f" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.required"); err != nil || strings.TrimSpace(val) != "true" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
 
-                // create drs directories
-                <span class="cov0" title="0">drsDir := common.DRS_DIR
-                drsLfsObjsDir := common.DRS_OBJS_PATH
-                if err := os.MkdirAll(drsDir, 0755); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: unable to create drs directory: %v", err)
-                }</span>
-                <span class="cov0" title="0">if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
-                }</span>
+        <span class="cov1" title="1">preCommitInstalled, err := hookContains("pre-commit", "git drs precommit")
+        if err != nil </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if !preCommitInstalled </span><span class="cov0" title="0">{
+                return false, nil
+        }</span>
 
-                <span class="cov0" title="0">err = initGitConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error initializing git-drs repository config: %v", err)
-                }</span>
+        <span class="cov1" title="1">prePushInstalled, err := hookContains("pre-push", "git drs pre-push-prepare")
+        if err != nil </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">return prePushInstalled, nil</span>
+}
 
-                // install pre-push hook
-                <span class="cov0" title="0">err = installPrePushHook(logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error installing pre-push hook: %v", err)
-                }</span>
-                // install pre-commit hook
-                <span class="cov0" title="0">err = installPreCommitHook(logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error installing pre-commit hook: %v", err)
+func hookContains(name, marker string) (bool, error) <span class="cov6" title="2">{
+        hooksDir, err := gitrepo.GetGitHooksDir()
+        if err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("unable to get hooks directory: %w", err)
+        }</span>
+        <span class="cov6" title="2">content, err := os.ReadFile(filepath.Join(hooksDir, name))
+        if err != nil </span><span class="cov0" title="0">{
+                if os.IsNotExist(err) </span><span class="cov0" title="0">{
+                        return false, nil
                 }</span>
-
-                // final logs
-                <span class="cov0" title="0">logg.Debug("Git DRS initialized")
-                logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
-                return nil</span>
-        },
+                <span class="cov0" title="0">return false, err</span>
+        }
+        <span class="cov6" title="2">return strings.Contains(string(content), marker), nil</span>
 }
 
-func initGitConfig() error <span class="cov10" title="2">{
+func initGitConfig() error <span class="cov10" title="3">{
         configs := map[string]string{
                 "lfs.allowincompletepush": "false",
                 "lfs.concurrenttransfers": strconv.Itoa(transfers),
                 // Use git-drs as the long-running filter-process handler.
                 // This replaces the default git-lfs smudge/clean per-invocation commands
                 // with a single persistent process that calls the DRS transfer stack directly.
-                "filter.drs.process": "git-drs filter",
+                "filter.drs.clean":    "git-drs clean -- %f",
+                "filter.drs.smudge":   "git-drs smudge -- %f",
+                "filter.drs.process":  "git-drs filter",
+                "filter.drs.required": "true",
                 // Canonical git-drs config keys consumed by clients.
                 "drs.upsert":                  strconv.FormatBool(upsert),
                 "drs.multipart-threshold":     strconv.Itoa(multiPartThreshold),
@@ -1890,7 +2287,7 @@
         if err := gitrepo.SetGitConfigOptions(configs); err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to write git config: %w", err)
         }</span>
-        <span class="cov10" title="2">return nil</span>
+        <span class="cov10" title="3">return nil</span>
 }
 
 func init() <span class="cov1" title="1">{
@@ -1900,17 +2297,17 @@
         Cmd.Flags().BoolVar(&amp;enableDataClientLogs, "enable-data-client-logs", false, "Enable data-client internal logs")
 }</span>
 
-func installPrePushHook(logger *slog.Logger) error <span class="cov10" title="2">{
+func installPrePushHook(logger *slog.Logger) error <span class="cov10" title="3">{
         hooksDir, err := gitrepo.GetGitHooksDir()
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to get hooks directory: %w", err)
         }</span>
 
-        <span class="cov10" title="2">if err := os.MkdirAll(hooksDir, 0755); err != nil </span><span class="cov0" title="0">{
+        <span class="cov10" title="3">if err := os.MkdirAll(hooksDir, 0755); err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to create hooks directory: %w", err)
         }</span>
 
-        <span class="cov10" title="2">hookPath := filepath.Join(hooksDir, "pre-push")
+        <span class="cov10" title="3">hookPath := filepath.Join(hooksDir, "pre-push")
         hookBody := `
 # . git/hooks/pre-push
 remote="$1"
@@ -1944,31 +2341,31 @@
                 <span class="cov1" title="1">logger.Debug(fmt.Sprintf("pre-push hook updated; backup written to %s", backupPath))</span>
         }
         // If there was an error other than expected not existing, return it
-        <span class="cov10" title="2">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
+        <span class="cov10" title="3">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to read pre-push hook: %w", err)
         }</span>
 
-        <span class="cov10" title="2">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
+        <span class="cov10" title="3">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to write pre-push hook: %w", err)
         }</span>
-        <span class="cov10" title="2">logger.Debug("pre-push hook installed")
+        <span class="cov10" title="3">logger.Debug("pre-push hook installed")
         return nil</span>
 }
 
-func installPreCommitHook(logger *slog.Logger) error <span class="cov10" title="2">{
+func installPreCommitHook(logger *slog.Logger) error <span class="cov10" title="3">{
         cmd := exec.Command("git", "rev-parse", "--git-dir")
         cmdOut, err := cmd.Output()
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to locate git directory: %w", err)
         }</span>
-        <span class="cov10" title="2">gitDir := strings.TrimSpace(string(cmdOut))
+        <span class="cov10" title="3">gitDir := strings.TrimSpace(string(cmdOut))
         hooksDir := filepath.Join(gitDir, "hooks")
         if err := os.MkdirAll(hooksDir, 0755); err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to create hooks directory: %w", err)
         }</span>
 
-        <span class="cov10" title="2">hookPath := filepath.Join(hooksDir, "pre-commit")
+        <span class="cov10" title="3">hookPath := filepath.Join(hooksDir, "pre-commit")
         hookBody := `
 # .git/hooks/pre-commit
 exec git drs precommit
@@ -1990,20 +2387,20 @@
                 <span class="cov1" title="1">logger.Debug(fmt.Sprintf("pre-commit hook updated; backup written to %s", backupPath))</span>
         }
         // If there was an error other than expected not existing, return it
-        <span class="cov10" title="2">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
+        <span class="cov10" title="3">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to read pre-commit hook: %w", err)
         }</span>
 
-        <span class="cov10" title="2">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
+        <span class="cov10" title="3">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to write pre-commit hook: %w", err)
         }</span>
-        <span class="cov10" title="2">logger.Debug("pre-commit hook installed")
+        <span class="cov10" title="3">logger.Debug("pre-commit hook installed")
         return nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file13" style="display: none">package install
+		<pre class="file" id="file12" style="display: none">package install
 
 import (
         "fmt"
@@ -2072,6248 +2469,7719 @@
 }
 </pre>
 		
-		<pre class="file" id="file14" style="display: none">// Package precommit
-// -------------------------------------
-// LFS-only local cache updater for:
-//   - Path -&gt; OID  : .git/drs/pre-commit/v1/paths/&lt;encoded-path&gt;.json
-//   - OID  -&gt; Paths + S3 URL hint : .git/drs/pre-commit/v1/oids/&lt;oid&gt;.json
-//
-// This hook is intentionally:
-//   - LFS-only (non-LFS paths are ignored)
-//   - local-only (no network, no server index reads)
-//   - index-based (reads STAGED content via `git show :&lt;path&gt;`)
-//
-// Note: This is a reference implementation. Adjust logging/policy as desired.
-package precommit
+		<pre class="file" id="file13" style="display: none">package lsfiles
 
 import (
-        "bufio"
-        "bytes"
-        "context"
-        "crypto/sha256"
-        "encoding/base64"
         "encoding/json"
-        "errors"
         "fmt"
-        "io"
+        "log/slog"
         "os"
         "os/exec"
-        "path/filepath"
         "sort"
         "strings"
-        "time"
 
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/pathspec"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
         "github.com/spf13/cobra"
 )
 
-const (
-        cacheVersionDir = "drs/pre-commit/v1"
-        lfsSpecLine     = "version https://git-lfs.github.com/spec/v1"
-)
-
-type PathEntry struct {
-        Path      string `json:"path"`
-        LFSOID    string `json:"lfs_oid"`
-        UpdatedAt string `json:"updated_at"`
-}
-
-type OIDEntry struct {
-        LFSOID        string   `json:"lfs_oid"`
-        Paths         []string `json:"paths"`
-        S3URL         string   `json:"s3_url,omitempty"` // hint only; may be empty
-        UpdatedAt     string   `json:"updated_at"`
-        ContentChange bool     `json:"content_changed"`
-}
-
-type ChangeKind int
+var gitRemote string
+var drsRemote string
+var includePatterns []string
+var showLong bool
+var nameOnly bool
+var jsonOutput bool
+var drsStatus bool
 
-const (
-        KindAdd ChangeKind = iota
-        KindModify
-        KindDelete
-        KindRename
+var (
+        loadConfig      = config.LoadConfig
+        resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) <span class="cov0" title="0">{ return cfg.GetRemoteOrDefault(name) }</span>
+        newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) <span class="cov0" title="0">{
+                return cfg.GetRemoteClient(remote, logger)
+        }</span>
+        loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) <span class="cov0" title="0">{
+                if len(branches) == 0 </span><span class="cov0" title="0">{
+                        return lfs.GetTrackedLfsFiles(logger)
+                }</span>
+                <span class="cov0" title="0">return lfs.GetLfsFilesForRefs(branches, logger)</span>
+        }
+        listRemoteRefs           = defaultListRemoteRefs
+        listGitRemotes           = defaultListGitRemotes
+        resolveDefaultRemote     = defaultResolveDefaultRemote
+        lookupScopedObjectsBatch = drsremote.ObjectsByHashesForScope
 )
 
-type Change struct {
-        Kind    ChangeKind
-        OldPath string // for rename
-        NewPath string // for rename (and for add/modify/delete uses NewPath)
-        Status  string // raw status, e.g. "A", "M", "D", "R100"
+type fileRow struct {
+        OID        string   `json:"oid"`
+        ShortOID   string   `json:"short_oid"`
+        Status     string   `json:"status"`
+        Path       string   `json:"path"`
+        Localized  bool     `json:"localized"`
+        Registered bool     `json:"registered,omitempty"`
+        DRSIDs     []string `json:"drs_ids,omitempty"`
+        Detail     string   `json:"detail,omitempty"`
 }
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "precommit",
-        Short: "pre-commit hook to update local DRS cache",
-        Long:  "Pre-commit hook that updates the local DRS pre-commit cache",
-        Args:  cobra.ExactArgs(0),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                return run(context.Background())
-        }</span>,
-}
+func defaultListRemoteRefs(gitRemoteName string) ([]string, error) <span class="cov0" title="0">{
+        if strings.TrimSpace(gitRemoteName) == "" </span><span class="cov0" title="0">{
+                return nil, nil
+        }</span>
 
-func main() <span class="cov0" title="0">{
-        ctx := context.Background()
-        if err := run(ctx); err != nil </span><span class="cov0" title="0">{
-                // For a reference impl, treat errors as non-fatal unless you want strict enforcement.
-                // Exiting non-zero blocks the commit.
-                fmt.Fprintf(os.Stderr, "pre-commit drs cache: %v\n", err)
-                os.Exit(1)
+        <span class="cov0" title="0">cmd := exec.Command("git", "for-each-ref", "--format=%(refname)", "refs/remotes/"+gitRemoteName)
+        out, err := cmd.Output()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("list refs for remote %s: %w", gitRemoteName, err)
         }</span>
+
+        <span class="cov0" title="0">lines := strings.Split(string(out), "\n")
+        refs := make([]string, 0, len(lines))
+        for _, line := range lines </span><span class="cov0" title="0">{
+                ref := strings.TrimSpace(line)
+                if ref == "" || strings.HasSuffix(ref, "/HEAD") </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">refs = append(refs, ref)</span>
+        }
+        <span class="cov0" title="0">sort.Strings(refs)
+        return refs, nil</span>
 }
 
-func run(ctx context.Context) error <span class="cov0" title="0">{
-        gitDir, err := gitRevParseGitDir(ctx)
+func defaultListGitRemotes() ([]string, error) <span class="cov0" title="0">{
+        cmd := exec.Command("git", "remote")
+        out, err := cmd.Output()
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return nil, fmt.Errorf("list git remotes: %w", err)
         }</span>
 
-        <span class="cov0" title="0">cacheRoot := filepath.Join(gitDir, cacheVersionDir)
-        pathsDir := filepath.Join(cacheRoot, "paths")
-        oidsDir := filepath.Join(cacheRoot, "oids")
-        tombsDir := filepath.Join(cacheRoot, "tombstones")
+        <span class="cov0" title="0">lines := strings.Split(string(out), "\n")
+        remotes := make([]string, 0, len(lines))
+        for _, line := range lines </span><span class="cov0" title="0">{
+                name := strings.TrimSpace(line)
+                if name == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">remotes = append(remotes, name)</span>
+        }
+        <span class="cov0" title="0">sort.Strings(remotes)
+        return remotes, nil</span>
+}
 
-        if err := os.MkdirAll(pathsDir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return err
+func defaultResolveDefaultRemote() string <span class="cov0" title="0">{
+        cfg, err := loadConfig()
+        if err == nil &amp;&amp; cfg != nil </span><span class="cov0" title="0">{
+                if remote, err := cfg.GetRemoteOrDefault(""); err == nil </span><span class="cov0" title="0">{
+                        return strings.TrimSpace(string(remote))
+                }</span>
+        }
+
+        <span class="cov0" title="0">remotes, err := listGitRemotes()
+        if err != nil || len(remotes) == 0 </span><span class="cov0" title="0">{
+                return ""
         }</span>
-        <span class="cov0" title="0">if err := os.MkdirAll(oidsDir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov0" title="0">for _, remote := range remotes </span><span class="cov0" title="0">{
+                if remote == config.ORIGIN </span><span class="cov0" title="0">{
+                        return remote
+                }</span>
+        }
+        <span class="cov0" title="0">if len(remotes) == 1 </span><span class="cov0" title="0">{
+                return remotes[0]
         }</span>
-        <span class="cov0" title="0">_ = os.MkdirAll(tombsDir, 0o755) // optional
+        <span class="cov0" title="0">return ""</span>
+}
 
-        changes, err := stagedChanges(ctx)
+func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string, patterns []string, resolveDRS bool) ([]fileRow, error) <span class="cov7" title="5">{
+        logger := drslog.GetLogger()
+
+        var client *config.GitContext
+        if resolveDRS </span><span class="cov3" title="2">{
+                cfg, err := loadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+
+                <span class="cov3" title="2">remoteName, err := resolveRemote(cfg, drsRemoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Error(fmt.Sprintf("Error getting remote: %v", err))
+                        return nil, err
+                }</span>
+
+                <span class="cov3" title="2">client, err = newRemoteClient(cfg, remoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+
+        <span class="cov7" title="5">var (
+                refs []string
+                err  error
+        )
+        if strings.TrimSpace(gitRemoteName) != "" </span><span class="cov5" title="3">{
+                refs, err = listRemoteRefs(gitRemoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+
+        <span class="cov7" title="5">lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, refs, logger)
         if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">if len(changes) == 0 </span><span class="cov0" title="0">{
-                return nil
+                return nil, err
         }</span>
+        <span class="cov7" title="5">if len(lfsFiles) == 0 &amp;&amp; strings.TrimSpace(gitRemoteName) == "" </span><span class="cov1" title="1">{
+                fallbackRemote := resolveDefaultRemote()
+                if fallbackRemote != "" </span><span class="cov1" title="1">{
+                        refs, err = listRemoteRefs(fallbackRemote)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return nil, err
+                        }</span>
+                        <span class="cov1" title="1">if len(refs) &gt; 0 </span><span class="cov1" title="1">{
+                                lfsFiles, err = loadLFSInventory(fallbackRemote, drsRemoteName, refs, logger)
+                                if err != nil </span><span class="cov0" title="0">{
+                                        return nil, err
+                                }</span>
+                        }
+                }
+        }
 
-        <span class="cov0" title="0">now := time.Now().UTC().Format(time.RFC3339)
+        <span class="cov7" title="5">keys := make([]string, 0, len(lfsFiles))
+        for path := range lfsFiles </span><span class="cov10" title="9">{
+                keys = append(keys, path)
+        }</span>
+        <span class="cov7" title="5">sort.Strings(keys)
 
-        // Process renames first so subsequent add/modify logic sees the "new" path.
-        // This mirrors how we want cache paths to follow staged paths.
-        for _, ch := range changes </span><span class="cov0" title="0">{
-                if ch.Kind != KindRename </span><span class="cov0" title="0">{
-                        continue</span>
+        rows := make([]fileRow, 0, len(keys))
+        var drsResults map[string][]drsapi.DrsObject
+        var drsLookupErr error
+        if resolveDRS </span><span class="cov3" title="2">{
+                oids := make([]string, 0, len(keys))
+                seenOIDs := make(map[string]struct{}, len(keys))
+                for _, path := range keys </span><span class="cov7" title="5">{
+                        if !pathspec.MatchesAny(path, patterns) </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="4">oid := lfsFiles[path].Oid
+                        if oid == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="4">if _, exists := seenOIDs[oid]; exists </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="4">seenOIDs[oid] = struct{}{}
+                        oids = append(oids, oid)</span>
                 }
-                // Only act if BOTH old and new are LFS in scope? Prefer:
-                // - If the new path is LFS, we migrate.
-                // - If it isn't LFS, we remove old path entry (out of scope).
-                <span class="cov0" title="0">newOID, newIsLFS, err := stagedLFSOID(ctx, ch.NewPath)
-                if err != nil </span><span class="cov0" title="0">{
-                        // If file doesn't exist in index due to weird staging, skip.
+                <span class="cov3" title="2">drsResults, drsLookupErr = lookupScopedObjectsBatch(cmd.Context(), client, oids)</span>
+        }
+        <span class="cov7" title="5">for _, path := range keys </span><span class="cov10" title="9">{
+                if !pathspec.MatchesAny(path, patterns) </span><span class="cov1" title="1">{
                         continue</span>
                 }
+                <span class="cov9" title="8">info := lfsFiles[path]
+                row := fileRow{
+                        OID:       info.Oid,
+                        ShortOID:  shortOID(info.Oid),
+                        Path:      path,
+                        Localized: isLocalized(path),
+                }
+                row.Status = "-"
+                if row.Localized </span><span class="cov1" title="1">{
+                        row.Status = "*"
+                }</span>
+
+                <span class="cov9" title="8">if resolveDRS </span><span class="cov6" title="4">{
+                        switch </span>{
+                        case drsLookupErr != nil:<span class="cov3" title="2">
+                                row.Detail = drsLookupErr.Error()</span>
+                        default:<span class="cov3" title="2">
+                                results := drsResults[info.Oid]
+                                if len(results) == 0 </span><span class="cov1" title="1">{
+                                        row.Registered = false
+                                        break</span>
+                                }
+                                <span class="cov1" title="1">row.Registered = true
+                                row.DRSIDs = make([]string, 0, len(results))
+                                for _, res := range results </span><span class="cov1" title="1">{
+                                        row.DRSIDs = append(row.DRSIDs, "drs://"+res.Id)
+                                }</span>
+                                <span class="cov1" title="1">row.Detail = strings.Join(row.DRSIDs, ",")</span>
+                        }
+                }
 
-                <span class="cov0" title="0">oldPathFile := pathEntryFile(pathsDir, ch.OldPath)
-                newPathFile := pathEntryFile(pathsDir, ch.NewPath)
+                <span class="cov9" title="8">rows = append(rows, row)</span>
+        }
 
-                if newIsLFS </span><span class="cov0" title="0">{
-                        // Move/overwrite path entry file
-                        if err := moveFileBestEffort(oldPathFile, newPathFile); err != nil &amp;&amp; !errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
-                                return fmt.Errorf("rename migrate path entry: %w", err)
-                        }</span>
+        <span class="cov7" title="5">return rows, nil</span>
+}
 
-                        // Ensure path entry content correct
-                        <span class="cov0" title="0">if err := writeJSONAtomic(newPathFile, PathEntry{
-                                Path:      ch.NewPath,
-                                LFSOID:    newOID,
-                                UpdatedAt: now,
-                        }); err != nil </span><span class="cov0" title="0">{
+func printRows(cmd *cobra.Command, rows []fileRow) error <span class="cov3" title="2">{
+        if jsonOutput </span><span class="cov0" title="0">{
+                enc := json.NewEncoder(cmd.OutOrStdout())
+                enc.SetIndent("", "  ")
+                return enc.Encode(rows)
+        }</span>
+        <span class="cov3" title="2">for _, row := range rows </span><span class="cov6" title="4">{
+                switch </span>{
+                case nameOnly:<span class="cov0" title="0">
+                        if _, err := fmt.Fprintln(cmd.OutOrStdout(), row.Path); err != nil </span><span class="cov0" title="0">{
                                 return err
                         }</span>
-
-                        // Update oid entry: replace old path with new path for that OID
-                        <span class="cov0" title="0">if err := oidAddOrReplacePath(oidsDir, newOID, ch.OldPath, ch.NewPath, now, false); err != nil </span><span class="cov0" title="0">{
-                                return err
+                case drsStatus:<span class="cov3" title="2">
+                        oid := row.ShortOID
+                        if showLong </span><span class="cov3" title="2">{
+                                oid = row.OID
                         }</span>
-                } else<span class="cov0" title="0"> {
-                        // Out of scope now: remove any cached path entry.
-                        _ = os.Remove(oldPathFile)
-                }</span>
-        }
-
-        // Process adds/modifies/deletes (and renames again just to ensure content correctness on new path).
-        <span class="cov0" title="0">for _, ch := range changes </span><span class="cov0" title="0">{
-                switch ch.Kind </span>{
-                case KindAdd, KindModify:<span class="cov0" title="0">
-                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
-                                return err
+                        <span class="cov3" title="2">detail := row.Detail
+                        if detail == "" </span><span class="cov1" title="1">{
+                                detail = "-"
                         }</span>
-                case KindRename:<span class="cov0" title="0">
-                        // Treat like upsert on NewPath to ensure OID/path consistency if content also changed.
-                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                        <span class="cov3" title="2">if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\t%s\n", oid, row.Status, row.Path, detail); err != nil </span><span class="cov0" title="0">{
                                 return err
                         }</span>
-                        // Optionally also remove old path from *other* OID entry if rename+content-change changed OID.
-                        // We'll do it inside handleUpsert by checking previous cached OID for that path (after move).
-                case KindDelete:<span class="cov0" title="0">
-                        if err := handleDelete(ctx, pathsDir, oidsDir, tombsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                default:<span class="cov3" title="2">
+                        oid := row.ShortOID
+                        if showLong </span><span class="cov0" title="0">{
+                                oid = row.OID
+                        }</span>
+                        <span class="cov3" title="2">if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\n", oid, row.Status, row.Path); err != nil </span><span class="cov0" title="0">{
                                 return err
                         }</span>
                 }
         }
-
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov3" title="2">return nil</span>
 }
 
-func handleUpsert(ctx context.Context, pathsDir, oidsDir, path, now string) error <span class="cov6" title="2">{
-        oid, isLFS, err := stagedLFSOID(ctx, path)
-        if err != nil </span><span class="cov0" title="0">{
-                // If file isn't in index, ignore.
-                return nil
+func shortOID(oid string) string <span class="cov9" title="8">{
+        if len(oid) &lt;= 10 </span><span class="cov0" title="0">{
+                return oid
         }</span>
-        <span class="cov6" title="2">if !isLFS </span><span class="cov1" title="1">{
-                // Out of scope.
-                return nil
+        <span class="cov9" title="8">return oid[:10]</span>
+}
+
+func isLocalized(path string) bool <span class="cov9" title="8">{
+        payload, err := os.ReadFile(path)
+        if err != nil </span><span class="cov8" title="6">{
+                return false
         }</span>
+        <span class="cov3" title="2">_, _, ok := lfs.ParseLFSPointer(payload)
+        return !ok</span>
+}
 
-        <span class="cov1" title="1">pathFile := pathEntryFile(pathsDir, path)
+func validateOutputFlags() error <span class="cov3" title="2">{
+        if nameOnly &amp;&amp; jsonOutput </span><span class="cov1" title="1">{
+                return fmt.Errorf("--name-only and --json are mutually exclusive")
+        }</span>
+        <span class="cov1" title="1">if showLong &amp;&amp; nameOnly </span><span class="cov1" title="1">{
+                return fmt.Errorf("--long and --name-only are mutually exclusive")
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
 
-        // Load previous path entry if it exists to detect content changes.
-        var prev PathEntry
-        prevExists := false
-        if b, err := os.ReadFile(pathFile); err == nil </span><span class="cov0" title="0">{
-                _ = json.Unmarshal(b, &amp;prev)
-                if prev.Path != "" &amp;&amp; prev.LFSOID != "" </span><span class="cov0" title="0">{
-                        prevExists = true
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "ls-files [pathspec...]",
+        Short: "List tracked DRS/LFS pointer files in the repository",
+        Long:  "List tracked DRS/Git-LFS pointer files in the repository. By default this behaves like a local file inventory. Use --drs to also resolve DRS registration status.",
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if err := validateOutputFlags(); err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
-        }
+                <span class="cov0" title="0">patterns := append([]string{}, includePatterns...)
+                patterns = append(patterns, args...)
+                rows, err := collectRows(cmd, gitRemote, drsRemote, patterns, drsStatus)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov0" title="0">return printRows(cmd, rows)</span>
+        },
+}
 
-        // Write/update path entry.
-        <span class="cov1" title="1">if err := writeJSONAtomic(pathFile, PathEntry{
-                Path:      path,
-                LFSOID:    oid,
-                UpdatedAt: now,
-        }); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().StringVarP(&amp;gitRemote, "git-remote", "r", "", "target remote Git server (default: origin)")
+        Cmd.Flags().StringVarP(&amp;drsRemote, "drs-remote", "d", "", "target remote DRS server (default: origin)")
+        Cmd.Flags().StringArrayVarP(&amp;includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+        Cmd.Flags().BoolVarP(&amp;showLong, "long", "l", false, "show full object IDs")
+        Cmd.Flags().BoolVarP(&amp;nameOnly, "name-only", "n", false, "show only file paths")
+        Cmd.Flags().BoolVar(&amp;jsonOutput, "json", false, "emit JSON output")
+        Cmd.Flags().BoolVar(&amp;drsStatus, "drs", false, "include DRS registration lookup details")
+}</span>
+</pre>
+		
+		<pre class="file" id="file14" style="display: none">package ping
 
-        // Update OID entry for new oid: add path.
-        <span class="cov1" title="1">contentChanged := prevExists &amp;&amp; prev.LFSOID != oid
-        if err := oidAddOrReplacePath(oidsDir, oid, "", path, now, contentChanged); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+import (
+        "context"
+        "fmt"
+        "log/slog"
+        "strings"
 
-        // If content changed, remove path from the *old* oid entry (best effort).
-        <span class="cov1" title="1">if contentChanged </span><span class="cov0" title="0">{
-                _ = oidRemovePath(oidsDir, prev.LFSOID, path, now)
-        }</span>
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov1" title="1">return nil</span>
+type statusInfo struct {
+        Remote        config.Remote
+        IsDefault     bool
+        RemoteType    string
+        Endpoint      string
+        Organization  string
+        Project       string
+        Bucket        string
+        StoragePrefix string
+        AuthMode      string
 }
 
-func handleDelete(ctx context.Context, pathsDir, oidsDir, tombsDir, path, now string) error <span class="cov0" title="0">{
-        // Only consider deletion if it was previously an LFS entry (cache-driven).
-        pathFile := pathEntryFile(pathsDir, path)
-        b, err := os.ReadFile(pathFile)
+var pingHealth = func(ctx context.Context, gc *config.GitContext) error <span class="cov0" title="0">{
+        return gc.Client.Health().Ping(ctx)
+}</span>
+
+var Cmd = &amp;cobra.Command{
+        Use:   "ping [remote-name]",
+        Short: "Show effective remote setup and verify the remote responds",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov8" title="3">{
+                if len(args) &gt; 1 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs ping --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov5" title="2">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                logger := drslog.GetLogger()
+                status, gc, err := resolveStatus(args, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">printStatus(status)
+
+                if err := pingHealth(cmd.Context(), gc); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("remote health check failed for %q (%s): %w", status.Remote, status.Endpoint, err)
+                }</span>
+                <span class="cov1" title="1">fmt.Println("health: ok")
+                return nil</span>
+        },
+}
+
+func resolveStatus(args []string, logger *slog.Logger) (statusInfo, *config.GitContext, error) <span class="cov5" title="2">{
+        cfg, err := config.LoadConfig()
         if err != nil </span><span class="cov0" title="0">{
-                // nothing to do
-                return nil
-        }</span>
-        <span class="cov0" title="0">var pe PathEntry
-        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
-                // corrupted cache; remove it
-                _ = os.Remove(pathFile)
-                return nil
+                return statusInfo{}, nil, err
         }</span>
-        // Remove path entry.
-        <span class="cov0" title="0">_ = os.Remove(pathFile)
 
-        // Remove this path from the old oid entry (best effort).
-        if pe.LFSOID != "" </span><span class="cov0" title="0">{
-                _ = oidRemovePath(oidsDir, pe.LFSOID, path, now)
+        <span class="cov5" title="2">var remoteArg string
+        if len(args) == 1 </span><span class="cov0" title="0">{
+                remoteArg = args[0]
+        }</span>
+        <span class="cov5" title="2">remoteName, err := cfg.GetRemoteOrDefault(remoteArg)
+        if err != nil </span><span class="cov0" title="0">{
+                return statusInfo{}, nil, err
         }</span>
 
-        // Optional tombstone.
-        <span class="cov0" title="0">tombFile := filepath.Join(tombsDir, encodePath(path)+".json")
-        _ = writeJSONAtomic(tombFile, map[string]string{
-                "path":       path,
-                "deleted_at": now,
-        })
-
-        return nil</span>
-}
+        <span class="cov5" title="2">remoteCfg := cfg.GetRemote(remoteName)
+        if remoteCfg == nil </span><span class="cov0" title="0">{
+                return statusInfo{}, nil, fmt.Errorf("no remote configuration found for %q", remoteName)
+        }</span>
 
-// stagedChanges parses: git diff --cached --name-status -M
-// Formats:
-//
-//        A&lt;TAB&gt;path
-//        M&lt;TAB&gt;path
-//        D&lt;TAB&gt;path
-//        R100&lt;TAB&gt;old&lt;TAB&gt;new
-func stagedChanges(ctx context.Context) ([]Change, error) <span class="cov0" title="0">{
-        out, err := git(ctx, "diff", "--cached", "--name-status", "-M")
+        <span class="cov5" title="2">gc, err := cfg.GetRemoteClient(remoteName, logger)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return statusInfo{}, nil, err
         }</span>
-        <span class="cov0" title="0">var changes []Change
-        sc := bufio.NewScanner(bytes.NewReader(out))
-        for sc.Scan() </span><span class="cov0" title="0">{
-                line := sc.Text()
-                if strings.TrimSpace(line) == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">parts := strings.Split(line, "\t")
-                if len(parts) &lt; 2 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">status := parts[0]
-                switch </span>{
-                case status == "A":<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindAdd, NewPath: parts[1], Status: status})</span>
-                case status == "M":<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindModify, NewPath: parts[1], Status: status})</span>
-                case status == "D":<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindDelete, NewPath: parts[1], Status: status})</span>
-                case strings.HasPrefix(status, "R") &amp;&amp; len(parts) &gt;= 3:<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindRename, OldPath: parts[1], NewPath: parts[2], Status: status})</span>
-                default:<span class="cov0" title="0"></span>
-                        // ignore other statuses (C, T, U, etc) for this reference impl
-                }
+
+        <span class="cov5" title="2">status := statusInfo{
+                Remote:        remoteName,
+                IsDefault:     remoteName == cfg.DefaultRemote,
+                Endpoint:      remoteCfg.GetEndpoint(),
+                Organization:  remoteCfg.GetOrganization(),
+                Project:       remoteCfg.GetProjectId(),
+                Bucket:        gc.BucketName,
+                StoragePrefix: gc.StoragePrefix,
+                AuthMode:      authMode(gc),
         }
-        <span class="cov0" title="0">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        switch remoteCfg.(type) </span>{
+        case *config.Gen3Remote:<span class="cov0" title="0">
+                status.RemoteType = string(config.Gen3ServerType)</span>
+        case *config.LocalRemote:<span class="cov5" title="2">
+                status.RemoteType = string(config.LocalServerType)</span>
+        default:<span class="cov0" title="0">
+                status.RemoteType = "unknown"</span>
+        }
+
+        <span class="cov5" title="2">return status, gc, nil</span>
+}
+
+func printStatus(status statusInfo) <span class="cov1" title="1">{
+        def := ""
+        if status.IsDefault </span><span class="cov1" title="1">{
+                def = " (default)"
         }</span>
-        <span class="cov0" title="0">return changes, nil</span>
+        <span class="cov1" title="1">fmt.Printf("remote: %s%s\n", status.Remote, def)
+        fmt.Printf("type: %s\n", status.RemoteType)
+        fmt.Printf("endpoint: %s\n", status.Endpoint)
+        fmt.Printf("organization: %s\n", blankIfEmpty(status.Organization))
+        fmt.Printf("project: %s\n", blankIfEmpty(status.Project))
+        fmt.Printf("bucket: %s\n", blankIfEmpty(status.Bucket))
+        fmt.Printf("storage_prefix: %s\n", blankIfEmpty(status.StoragePrefix))
+        fmt.Printf("auth: %s\n", status.AuthMode)</span>
 }
 
-// stagedLFSOID returns (oid, isLFS, err) based on STAGED content.
-// isLFS is true only if the staged file is a valid LFS pointer with an oid sha256 line.
-func stagedLFSOID(ctx context.Context, path string) (string, bool, error) <span class="cov6" title="2">{
-        out, err := git(ctx, "show", ":"+path)
-        if err != nil </span><span class="cov0" title="0">{
-                // path may not exist in index (deleted/intent-to-add weirdness)
-                return "", false, err
+func authMode(gc *config.GitContext) string <span class="cov5" title="2">{
+        if gc == nil || gc.Credential == nil </span><span class="cov0" title="0">{
+                return "none"
         }</span>
-
-        // Fast parse: look for spec line and oid line near top.
-        // LFS pointer files are small; scanning full content is fine.
-        <span class="cov6" title="2">var hasSpec bool
-        var oid string
-
-        sc := bufio.NewScanner(bytes.NewReader(out))
-        for sc.Scan() </span><span class="cov10" title="3">{
-                line := sc.Text()
-                if line == lfsSpecLine </span><span class="cov1" title="1">{
-                        hasSpec = true
-                        continue</span>
-                }
-                <span class="cov6" title="2">if strings.HasPrefix(line, "oid sha256:") </span><span class="cov1" title="1">{
-                        hex := strings.TrimPrefix(line, "oid sha256:")
-                        hex = strings.TrimSpace(hex)
-                        if hex != "" </span><span class="cov1" title="1">{
-                                oid = "sha256:" + hex
-                        }</span>
-                        // keep scanning a bit in case spec is below (rare), but we can break once both are found.
-                }
-                // pointer usually has only a few lines; stop early after 10 lines
-                <span class="cov6" title="2">if hasSpec &amp;&amp; oid != "" </span><span class="cov1" title="1">{
-                        break</span>
-                }
-        }
-        <span class="cov6" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
-                return "", false, err
+        <span class="cov5" title="2">if strings.TrimSpace(gc.Credential.AccessToken) != "" </span><span class="cov0" title="0">{
+                return "bearer"
         }</span>
-
-        <span class="cov6" title="2">if hasSpec &amp;&amp; oid != "" </span><span class="cov1" title="1">{
-                return oid, true, nil
+        <span class="cov5" title="2">if strings.TrimSpace(gc.Credential.KeyID) != "" || strings.TrimSpace(gc.Credential.APIKey) != "" </span><span class="cov0" title="0">{
+                return "basic"
         }</span>
-        <span class="cov1" title="1">return "", false, nil</span>
+        <span class="cov5" title="2">return "none"</span>
 }
 
-func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov0" title="0">{
-        out, err := git(ctx, "rev-parse", "--git-dir")
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func blankIfEmpty(v string) string <span class="cov10" title="4">{
+        v = strings.TrimSpace(v)
+        if v == "" </span><span class="cov0" title="0">{
+                return "-"
         }</span>
-        <span class="cov0" title="0">gitDir := strings.TrimSpace(string(out))
-        if gitDir == "" </span><span class="cov0" title="0">{
-                return "", errors.New("could not determine .git dir")
-        }</span>
-        // If gitDir is relative, resolve relative to repo root
-        <span class="cov0" title="0">if !filepath.IsAbs(gitDir) </span><span class="cov0" title="0">{
-                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
-                if err != nil </span><span class="cov0" title="0">{
-                        return "", err
-                }</span>
-                <span class="cov0" title="0">root := strings.TrimSpace(string(rootOut))
-                gitDir = filepath.Join(root, gitDir)</span>
-        }
-        <span class="cov0" title="0">return gitDir, nil</span>
-}
-
-func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov6" title="2">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Env = os.Environ()
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
-        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
-                // include stderr for debugging; don’t leak massive output
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
-                }</span>
-                <span class="cov0" title="0">return nil, fmt.Errorf("git %s: %s", strings.Join(args, " "), msg)</span>
-        }
-        <span class="cov6" title="2">return stdout.Bytes(), nil</span>
+        <span class="cov10" title="4">return v</span>
 }
+</pre>
+		
+		<pre class="file" id="file15" style="display: none">// Package precommit
+// -------------------------------------
+// LFS-only local cache updater for:
+//   - Path -&gt; OID  : .git/drs/pre-commit/v1/paths/&lt;encoded-path&gt;.json
+//   - OID  -&gt; Paths + S3 URL hint : .git/drs/pre-commit/v1/oids/&lt;oid&gt;.json
+//
+// This hook is intentionally:
+//   - LFS-only (non-LFS paths are ignored)
+//   - local-only (no network, no server index reads)
+//   - index-based (reads STAGED content via `git show :&lt;path&gt;`)
+//
+// Note: This is a reference implementation. Adjust logging/policy as desired.
+package precommit
 
-// pathEntryFile maps a repo-relative path to a cache file location.
-// We keep a deterministic encoding so any path maps to exactly one file.
-func pathEntryFile(pathsDir, path string) string <span class="cov10" title="3">{
-        return filepath.Join(pathsDir, encodePath(path)+".json")
-}</span>
-
-func encodePath(path string) string <span class="cov10" title="3">{
-        // base64url encoding of the UTF-8 path string (no padding) is simple and safe.
-        return base64.RawURLEncoding.EncodeToString([]byte(path))
-}</span>
-
-func oidEntryFile(oidsDir, oid string) string <span class="cov6" title="2">{
-        // OID contains ":"; make it filesystem safe but still human readable.
-        // Use a stable transform; here: sha256 of oid string to avoid path length issues.
-        sum := sha256.Sum256([]byte(oid))
-        return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
-}</span>
-
-// oidAddOrReplacePath:
-// - loads oid entry (if exists)
-// - adds newPath to paths[]
-// - if oldPath != "" and present, replaces it with newPath
-// - sets ContentChange flag if requested (ORed into existing flag)
-// - preserves existing s3_url hint
-func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov1" title="1">{
-        f := oidEntryFile(oidsDir, oid)
+import (
+        "bufio"
+        "bytes"
+        "context"
+        "crypto/sha256"
+        "encoding/base64"
+        "encoding/json"
+        "errors"
+        "fmt"
+        "io"
+        "os"
+        "os/exec"
+        "path/filepath"
+        "sort"
+        "strconv"
+        "strings"
+        "time"
 
-        entry := OIDEntry{
-                LFSOID:    oid,
-                Paths:     []string{},
-                UpdatedAt: now,
-        }
-        if b, err := os.ReadFile(f); err == nil </span><span class="cov0" title="0">{
-                _ = json.Unmarshal(b, &amp;entry)
-                // ensure oid is set even if old file was incomplete
-                entry.LFSOID = oid
-        }</span>
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov1" title="1">paths := make(map[string]struct{}, len(entry.Paths)+1)
-        for _, p := range entry.Paths </span><span class="cov0" title="0">{
-                paths[p] = struct{}{}
-        }</span>
+const (
+        cacheVersionDir                     = "drs/pre-commit/v1"
+        lfsSpecLine                         = "version https://git-lfs.github.com/spec/v1"
+        defaultDirectCommitWarningThreshold = int64(10 * 1024 * 1024)
+)
 
-        <span class="cov1" title="1">if oldPath != "" </span><span class="cov0" title="0">{
-                delete(paths, oldPath)
-        }</span>
-        <span class="cov1" title="1">if newPath != "" </span><span class="cov1" title="1">{
-                paths[newPath] = struct{}{}
-        }</span>
+var (
+        directCommitWarningThresholdBytes = defaultDirectCommitWarningThreshold
+        confirmOversizedDirectGitCommit   = promptOversizedDirectGitCommit
+)
 
-        <span class="cov1" title="1">entry.Paths = keysSorted(paths)
-        entry.UpdatedAt = now
-        entry.ContentChange = entry.ContentChange || contentChanged
+type PathEntry struct {
+        Path      string `json:"path"`
+        LFSOID    string `json:"lfs_oid"`
+        UpdatedAt string `json:"updated_at"`
+}
 
-        return writeJSONAtomic(f, entry)</span>
+type OIDEntry struct {
+        LFSOID        string   `json:"lfs_oid"`
+        Paths         []string `json:"paths"`
+        S3URL         string   `json:"s3_url,omitempty"` // hint only; may be empty
+        UpdatedAt     string   `json:"updated_at"`
+        ContentChange bool     `json:"content_changed"`
 }
 
-func oidRemovePath(oidsDir, oid, path, now string) error <span class="cov0" title="0">{
-        f := oidEntryFile(oidsDir, oid)
+type ChangeKind int
 
-        b, err := os.ReadFile(f)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">var entry OIDEntry
-        if err := json.Unmarshal(b, &amp;entry); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">paths := make(map[string]struct{}, len(entry.Paths))
-        for _, p := range entry.Paths </span><span class="cov0" title="0">{
-                if p == path </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">paths[p] = struct{}{}</span>
-        }
-        <span class="cov0" title="0">entry.Paths = keysSorted(paths)
-        entry.UpdatedAt = now
+const (
+        KindAdd ChangeKind = iota
+        KindModify
+        KindDelete
+        KindRename
+)
 
-        // If no paths remain, keep the file (it may still hold s3_url hint) or delete it.
-        // This ADR allows stale entries; keeping is fine. Optionally delete when empty:
-        // if len(entry.Paths) == 0 &amp;&amp; entry.S3URL == "" { return os.Remove(f) }
+type Change struct {
+        Kind    ChangeKind
+        OldPath string // for rename
+        NewPath string // for rename (and for add/modify/delete uses NewPath)
+        Status  string // raw status, e.g. "A", "M", "D", "R100"
+}
 
-        return writeJSONAtomic(f, entry)</span>
+type OversizedStagedFile struct {
+        Path string
+        Size int64
 }
 
-func keysSorted(m map[string]struct{}) []string <span class="cov1" title="1">{
-        out := make([]string, 0, len(m))
-        for k := range m </span><span class="cov1" title="1">{
-                out = append(out, k)
-        }</span>
-        <span class="cov1" title="1">sort.Strings(out)
-        return out</span>
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "precommit",
+        Short: "pre-commit hook to update local DRS cache",
+        Long:  "Pre-commit hook that updates the local DRS pre-commit cache",
+        Args:  cobra.ExactArgs(0),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                return run(context.Background())
+        }</span>,
 }
 
-// writeJSONAtomic writes JSON to a temp file then renames it into place.
-// This avoids partially written cache files if the process is interrupted.
-func writeJSONAtomic(path string, v any) error <span class="cov6" title="2">{
-        dir := filepath.Dir(path)
-        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return err
+func main() <span class="cov0" title="0">{
+        ctx := context.Background()
+        if err := run(ctx); err != nil </span><span class="cov0" title="0">{
+                // For a reference impl, treat errors as non-fatal unless you want strict enforcement.
+                // Exiting non-zero blocks the commit.
+                fmt.Fprintf(os.Stderr, "pre-commit drs cache: %v\n", err)
+                os.Exit(1)
         }</span>
+}
 
-        <span class="cov6" title="2">tmp := path + ".tmp"
-        f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+func run(ctx context.Context) error <span class="cov1" title="1">{
+        gitDir, err := gitRevParseGitDir(ctx)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov6" title="2">defer func() </span><span class="cov6" title="2">{ _ = f.Close() }</span>()
 
-        <span class="cov6" title="2">enc := json.NewEncoder(f)
-        enc.SetIndent("", "  ")
-        if err := enc.Encode(v); err != nil </span><span class="cov0" title="0">{
-                _ = os.Remove(tmp)
-                return err
-        }</span>
-        <span class="cov6" title="2">if err := f.Sync(); err != nil </span><span class="cov0" title="0">{
-                _ = os.Remove(tmp)
+        <span class="cov1" title="1">cacheRoot := filepath.Join(gitDir, cacheVersionDir)
+        pathsDir := filepath.Join(cacheRoot, "paths")
+        oidsDir := filepath.Join(cacheRoot, "oids")
+        tombsDir := filepath.Join(cacheRoot, "tombstones")
+
+        if err := os.MkdirAll(pathsDir, 0o755); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov6" title="2">if err := f.Close(); err != nil </span><span class="cov0" title="0">{
-                _ = os.Remove(tmp)
+        <span class="cov1" title="1">if err := os.MkdirAll(oidsDir, 0o755); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov6" title="2">return os.Rename(tmp, path)</span>
-}
+        <span class="cov1" title="1">_ = os.MkdirAll(tombsDir, 0o755) // optional
 
-func moveFileBestEffort(src, dst string) error <span class="cov0" title="0">{
-        // Ensure destination directory exists.
-        if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil </span><span class="cov0" title="0">{
+        changes, err := stagedChanges(ctx)
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        // Rename will fail across devices; fall back to copy+remove.
-        <span class="cov0" title="0">if err := os.Rename(src, dst); err == nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if len(changes) == 0 </span><span class="cov0" title="0">{
                 return nil
-        }</span> else<span class="cov0" title="0"> if errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
-                return err
         }</span>
-
-        <span class="cov0" title="0">in, err := os.Open(src)
+        <span class="cov1" title="1">oversized, err := collectOversizedPlainGitStagedFiles(ctx, changes, directCommitWarningThresholdBytes)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">defer in.Close()
+        <span class="cov1" title="1">if len(oversized) &gt; 0 </span><span class="cov1" title="1">{
+                allowed, err := confirmOversizedDirectGitCommit(oversized)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">if !allowed </span><span class="cov1" title="1">{
+                        return fmt.Errorf("commit aborted so you can track large files before committing them directly to Git")
+                }</span>
+        }
 
-        out, err := os.OpenFile(dst, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+        <span class="cov0" title="0">now := time.Now().UTC().Format(time.RFC3339)
 
-        <span class="cov0" title="0">if _, err := io.Copy(out, in); err != nil </span><span class="cov0" title="0">{
-                _ = out.Close()
-                return err
-        }</span>
-        <span class="cov0" title="0">if err := out.Close(); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">return os.Remove(src)</span>
-}
-</pre>
-		
-		<pre class="file" id="file15" style="display: none">package prepush
-
-import (
-        "bufio"
-        "bytes"
-        "context"
-        "encoding/base64"
-        "encoding/json"
-        "fmt"
-        "io"
-        "log/slog"
-        "net/http"
-        "os"
-        "os/exec"
-        "sort"
-        "strings"
-        "time"
+        // Process renames first so subsequent add/modify logic sees the "new" path.
+        // This mirrors how we want cache paths to follow staged paths.
+        for _, ch := range changes </span><span class="cov0" title="0">{
+                if ch.Kind != KindRename </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                // Only act if BOTH old and new are LFS in scope? Prefer:
+                // - If the new path is LFS, we migrate.
+                // - If it isn't LFS, we remove old path entry (out of scope).
+                <span class="cov0" title="0">newOID, newIsLFS, err := stagedLFSOID(ctx, ch.NewPath)
+                if err != nil </span><span class="cov0" title="0">{
+                        // If file doesn't exist in index due to weird staging, skip.
+                        continue</span>
+                }
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drsmap"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/calypr/git-drs/internal/precommit_cache"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/spf13/cobra"
-)
+                <span class="cov0" title="0">oldPathFile := pathEntryFile(pathsDir, ch.OldPath)
+                newPathFile := pathEntryFile(pathsDir, ch.NewPath)
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "pre-push-prepare",
-        Short: "pre-push hook to update DRS objects",
-        Long:  "Pre-push hook that updates DRS objects before transfer",
-        Args:  cobra.RangeArgs(0, 2),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                return NewPrePushService().Run(args, os.Stdin)
-        }</span>,
-}
+                if newIsLFS </span><span class="cov0" title="0">{
+                        // Move/overwrite path entry file
+                        if err := moveFileBestEffort(oldPathFile, newPathFile); err != nil &amp;&amp; !errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
+                                return fmt.Errorf("rename migrate path entry: %w", err)
+                        }</span>
 
-type PrePushService struct {
-        newLogger        func(string, bool) (*slog.Logger, error)
-        loadConfig       func() (*config.Config, error)
-        updateDrsObjects func(common.ObjectBuilder, map[string]lfs.LfsFileInfo, drsmap.UpdateOptions) error
-        createTempFile   func(dir, pattern string) (*os.File, error)
-}
+                        // Ensure path entry content correct
+                        <span class="cov0" title="0">if err := writeJSONAtomic(newPathFile, PathEntry{
+                                Path:      ch.NewPath,
+                                LFSOID:    newOID,
+                                UpdatedAt: now,
+                        }); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
 
-func NewPrePushService() *PrePushService <span class="cov0" title="0">{
-        return &amp;PrePushService{
-                newLogger:        drslog.NewLogger,
-                loadConfig:       config.LoadConfig,
-                updateDrsObjects: drsmap.UpdateDrsObjectsWithFiles,
-                createTempFile:   os.CreateTemp,
+                        // Update oid entry: replace old path with new path for that OID
+                        <span class="cov0" title="0">if err := oidAddOrReplacePath(oidsDir, newOID, ch.OldPath, ch.NewPath, now, false); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                } else<span class="cov0" title="0"> {
+                        // Out of scope now: remove any cached path entry.
+                        _ = os.Remove(oldPathFile)
+                }</span>
         }
-}</span>
-
-func (s *PrePushService) Run(args []string, stdin io.Reader) error <span class="cov0" title="0">{
-        ctx := context.Background()
-        myLogger, err := s.newLogger("", false)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error creating logger: %v", err)
-        }</span>
-
-        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ START: pre-push ~~~~~~~~~~~~~")
 
-        cfg, err := s.loadConfig()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting config: %v", err)
-        }</span>
+        // Process adds/modifies/deletes (and renames again just to ensure content correctness on new path).
+        <span class="cov0" title="0">for _, ch := range changes </span><span class="cov0" title="0">{
+                switch ch.Kind </span>{
+                case KindAdd, KindModify:<span class="cov0" title="0">
+                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                case KindRename:<span class="cov0" title="0">
+                        // Treat like upsert on NewPath to ensure OID/path consistency if content also changed.
+                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                        // Optionally also remove old path from *other* OID entry if rename+content-change changed OID.
+                        // We'll do it inside handleUpsert by checking previous cached OID for that path (after move).
+                case KindDelete:<span class="cov0" title="0">
+                        if err := handleDelete(ctx, pathsDir, oidsDir, tombsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                }
+        }
 
-        <span class="cov0" title="0">gitRemoteName, gitRemoteLocation := parseRemoteArgs(args)
-        myLogger.Debug(fmt.Sprintf("git remote name: %s, git remote location: %s", gitRemoteName, gitRemoteLocation))
+        <span class="cov0" title="0">return nil</span>
+}
 
-        remote, err := cfg.GetDefaultRemote()
+func handleUpsert(ctx context.Context, pathsDir, oidsDir, path, now string) error <span class="cov3" title="2">{
+        oid, isLFS, err := stagedLFSOID(ctx, path)
         if err != nil </span><span class="cov0" title="0">{
-                myLogger.Debug(fmt.Sprintf("Warning. Error getting default remote: %v", err))
-                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting default remote:", err)
+                // If file isn't in index, ignore.
                 return nil
         }</span>
-
-        <span class="cov0" title="0">remoteConfig := cfg.GetRemote(remote)
-        if remoteConfig == nil </span><span class="cov0" title="0">{
-                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting remote configuration.")
-                myLogger.Debug("Warning. Skipping DRS preparation. Error getting remote configuration.")
+        <span class="cov3" title="2">if !isLFS </span><span class="cov1" title="1">{
+                // Out of scope.
                 return nil
         }</span>
 
-        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(
-                remoteConfig.GetOrganization(),
-                remoteConfig.GetProjectId(),
-                remoteConfig.GetBucketName(),
-                remoteConfig.GetStoragePrefix(),
-        )
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+        <span class="cov1" title="1">pathFile := pathEntryFile(pathsDir, path)
 
-        <span class="cov0" title="0">builder := common.NewObjectBuilder(scope.Bucket, remoteConfig.GetProjectId())
-        builder.Organization = remoteConfig.GetOrganization()
-        builder.StoragePrefix = scope.Prefix
-        myLogger.Debug(fmt.Sprintf("Current server project: %s (org: %s)", builder.Project, builder.Organization))
+        // Load previous path entry if it exists to detect content changes.
+        var prev PathEntry
+        prevExists := false
+        if b, err := os.ReadFile(pathFile); err == nil </span><span class="cov0" title="0">{
+                _ = json.Unmarshal(b, &amp;prev)
+                if prev.Path != "" &amp;&amp; prev.LFSOID != "" </span><span class="cov0" title="0">{
+                        prevExists = true
+                }</span>
+        }
 
-        tmp, err := bufferStdin(stdin, s.createTempFile)
-        if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("error buffering stdin: %v", err))
+        // Write/update path entry.
+        <span class="cov1" title="1">if err := writeJSONAtomic(pathFile, PathEntry{
+                Path:      path,
+                LFSOID:    oid,
+                UpdatedAt: now,
+        }); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">defer func() </span><span class="cov0" title="0">{
-                _ = tmp.Close()
-                _ = os.Remove(tmp.Name())
-        }</span>()
 
-        <span class="cov0" title="0">refs, err := readPushedRefs(tmp)
-        if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("error reading pushed refs: %v", err))
+        // Update OID entry for new oid: add path.
+        <span class="cov1" title="1">contentChanged := prevExists &amp;&amp; prev.LFSOID != oid
+        if err := oidAddOrReplacePath(oidsDir, oid, "", path, now, contentChanged); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">branches := branchesFromRefs(refs)
 
-        cache, cacheReady := openCache(ctx, myLogger)
-        lfsFiles, usedCache, err := collectLfsFiles(ctx, cache, cacheReady, gitRemoteName, gitRemoteLocation, branches, refs, myLogger)
-        if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("error collecting LFS files: %v", err))
-                return err
+        // If content changed, remove path from the *old* oid entry (best effort).
+        <span class="cov1" title="1">if contentChanged </span><span class="cov0" title="0">{
+                _ = oidRemovePath(oidsDir, prev.LFSOID, path, now)
         }</span>
 
-        <span class="cov0" title="0">myLogger.Debug(fmt.Sprintf("Preparing DRS objects for push branches: %v (cache=%v)", branches, usedCache))
-        err = s.updateDrsObjects(builder, lfsFiles, drsmap.UpdateOptions{
-                Cache:          cache,
-                PreferCacheURL: usedCache,
-                Logger:         myLogger,
-        })
+        <span class="cov1" title="1">return nil</span>
+}
+
+func handleDelete(ctx context.Context, pathsDir, oidsDir, tombsDir, path, now string) error <span class="cov0" title="0">{
+        // Only consider deletion if it was previously an LFS entry (cache-driven).
+        pathFile := pathEntryFile(pathsDir, path)
+        b, err := os.ReadFile(pathFile)
         if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("UpdateDrsObjects failed: %v", err))
-                return err
+                // nothing to do
+                return nil
         }</span>
-
-        // Stage metadata in one packet; server consumes it at LFS verify-time.
-        <span class="cov0" title="0">myLogger.Info(fmt.Sprintf("Staging %d DRS metadata records for LFS verify", len(lfsFiles)))
-        if err := submitPendingLFSMeta(ctx, remote, remoteConfig.GetEndpoint(), lfsFiles, myLogger); err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("DRS metadata staging failed: %v", err))
-                return fmt.Errorf("DRS metadata staging failed: %w", err)
+        <span class="cov0" title="0">var pe PathEntry
+        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
+                // corrupted cache; remove it
+                _ = os.Remove(pathFile)
+                return nil
         }</span>
+        // Remove path entry.
+        <span class="cov0" title="0">_ = os.Remove(pathFile)
 
-        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ COMPLETED: pre-push ~~~~~~~~~~~~~")
-        return nil</span>
-}
-
-type metadataSubmitRequest struct {
-        Candidates []metadataCandidate `json:"candidates"`
-        TTLSeconds int64               `json:"ttl_seconds,omitempty"`
-}
-
-type metadataChecksum struct {
-        Type     string `json:"type"`
-        Checksum string `json:"checksum"`
-}
+        // Remove this path from the old oid entry (best effort).
+        if pe.LFSOID != "" </span><span class="cov0" title="0">{
+                _ = oidRemovePath(oidsDir, pe.LFSOID, path, now)
+        }</span>
 
-type metadataAccessURL struct {
-        URL string `json:"url,omitempty"`
-}
+        // Optional tombstone.
+        <span class="cov0" title="0">tombFile := filepath.Join(tombsDir, encodePath(path)+".json")
+        _ = writeJSONAtomic(tombFile, map[string]string{
+                "path":       path,
+                "deleted_at": now,
+        })
 
-type metadataAccessMethod struct {
-        Type           string              `json:"type,omitempty"`
-        AccessURL      metadataAccessURL   `json:"access_url,omitempty"`
-        AccessID       string              `json:"access_id,omitempty"`
-        Region         string              `json:"region,omitempty"`
-        Authorizations map[string][]string `json:"authorizations,omitempty"`
+        return nil</span>
 }
 
-type metadataCandidate struct {
-        Id            string                 `json:"id,omitempty"`
-        Name          string                 `json:"name,omitempty"`
-        Size          int64                  `json:"size"`
-        Version       string                 `json:"version,omitempty"`
-        MimeType      string                 `json:"mime_type,omitempty"`
-        Checksums     []metadataChecksum     `json:"checksums"`
-        AccessMethods []metadataAccessMethod `json:"access_methods,omitempty"`
-        Description   string                 `json:"description,omitempty"`
-        Aliases       []string               `json:"aliases,omitempty"`
-}
-
-func toMetadataCandidate(c drsapi.DrsObjectCandidate) metadataCandidate <span class="cov8" title="9">{
-        name := ""
-        if c.Name != nil </span><span class="cov8" title="9">{
-                name = *c.Name
-        }</span>
-        <span class="cov8" title="9">mimeType := ""
-        if c.MimeType != nil </span><span class="cov0" title="0">{
-                mimeType = *c.MimeType
-        }</span>
-        <span class="cov8" title="9">description := ""
-        if c.Description != nil </span><span class="cov0" title="0">{
-                description = *c.Description
-        }</span>
-        <span class="cov8" title="9">aliases := []string(nil)
-        if c.Aliases != nil </span><span class="cov0" title="0">{
-                aliases = append([]string(nil), (*c.Aliases)...)
-        }</span>
-        <span class="cov8" title="9">out := metadataCandidate{
-                Name:        name,
-                Size:        c.Size,
-                Version:     "",
-                MimeType:    mimeType,
-                Description: description,
-                Aliases:     aliases,
-        }
-        if c.Version != nil </span><span class="cov0" title="0">{
-                out.Version = *c.Version
+// stagedChanges parses: git diff --cached --name-status -M
+// Formats:
+//
+//        A&lt;TAB&gt;path
+//        M&lt;TAB&gt;path
+//        D&lt;TAB&gt;path
+//        R100&lt;TAB&gt;old&lt;TAB&gt;new
+func stagedChanges(ctx context.Context) ([]Change, error) <span class="cov3" title="2">{
+        out, err := git(ctx, "diff", "--cached", "--name-status", "-M")
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
         }</span>
-
-        <span class="cov8" title="9">if len(c.Checksums) &gt; 0 </span><span class="cov8" title="9">{
-                out.Checksums = make([]metadataChecksum, 0, len(c.Checksums))
-                for _, cs := range c.Checksums </span><span class="cov8" title="9">{
-                        out.Checksums = append(out.Checksums, metadataChecksum{
-                                Type:     string(cs.Type),
-                                Checksum: cs.Checksum,
-                        })
-                }</span>
-        }
-
-        <span class="cov8" title="9">if c.AccessMethods != nil &amp;&amp; len(*c.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
-                out.AccessMethods = make([]metadataAccessMethod, 0, len(*c.AccessMethods))
-                for _, am := range *c.AccessMethods </span><span class="cov0" title="0">{
-                        accID := ""
-                        if am.AccessId != nil </span><span class="cov0" title="0">{
-                                accID = *am.AccessId
-                        }</span>
-                        <span class="cov0" title="0">region := ""
-                        if am.Region != nil </span><span class="cov0" title="0">{
-                                region = *am.Region
-                        }</span>
-                        <span class="cov0" title="0">accURL := ""
-                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
-                                accURL = am.AccessUrl.Url
-                        }</span>
-                        <span class="cov0" title="0">m := metadataAccessMethod{
-                                Type:     string(am.Type),
-                                AccessID: accID,
-                                Region:   region,
-                                AccessURL: metadataAccessURL{
-                                        URL: accURL,
-                                },
-                        }
-                        if am.Authorizations != nil &amp;&amp; len(*am.Authorizations) &gt; 0 </span><span class="cov0" title="0">{
-                                m.Authorizations = *am.Authorizations
-                        }</span>
-                        <span class="cov0" title="0">out.AccessMethods = append(out.AccessMethods, m)</span>
+        <span class="cov3" title="2">var changes []Change
+        sc := bufio.NewScanner(bytes.NewReader(out))
+        for sc.Scan() </span><span class="cov5" title="3">{
+                line := sc.Text()
+                if strings.TrimSpace(line) == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">parts := strings.Split(line, "\t")
+                if len(parts) &lt; 2 </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">status := parts[0]
+                switch </span>{
+                case status == "A":<span class="cov5" title="3">
+                        changes = append(changes, Change{Kind: KindAdd, NewPath: parts[1], Status: status})</span>
+                case status == "M":<span class="cov0" title="0">
+                        changes = append(changes, Change{Kind: KindModify, NewPath: parts[1], Status: status})</span>
+                case status == "D":<span class="cov0" title="0">
+                        changes = append(changes, Change{Kind: KindDelete, NewPath: parts[1], Status: status})</span>
+                case strings.HasPrefix(status, "R") &amp;&amp; len(parts) &gt;= 3:<span class="cov0" title="0">
+                        changes = append(changes, Change{Kind: KindRename, OldPath: parts[1], NewPath: parts[2], Status: status})</span>
+                default:<span class="cov0" title="0"></span>
+                        // ignore other statuses (C, T, U, etc) for this reference impl
                 }
         }
-
-        <span class="cov8" title="9">return out</span>
+        <span class="cov3" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov3" title="2">return changes, nil</span>
 }
 
-func submitPendingLFSMeta(ctx context.Context, remote config.Remote, endpoint string, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error <span class="cov8" title="9">{
-        base := strings.TrimRight(strings.TrimSpace(endpoint), "/")
-        if base == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote endpoint is empty")
+// stagedLFSOID returns (oid, isLFS, err) based on STAGED content.
+// isLFS is true only if the staged file is a valid LFS pointer with an oid sha256 line.
+func stagedLFSOID(ctx context.Context, path string) (string, bool, error) <span class="cov7" title="5">{
+        out, err := git(ctx, "show", ":"+path)
+        if err != nil </span><span class="cov0" title="0">{
+                // path may not exist in index (deleted/intent-to-add weirdness)
+                return "", false, err
         }</span>
-        <span class="cov8" title="9">url := base + "/info/lfs/objects/metadata"
 
-        candidates := make([]metadataCandidate, 0, len(lfsFiles))
-        for _, file := range lfsFiles </span><span class="cov8" title="9">{
-                obj, err := drsmap.DrsInfoFromOid(file.Oid)
-                if err != nil || obj == nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping oid %s: local DRS object not found", file.Oid))
+        // Fast parse: look for spec line and oid line near top.
+        // LFS pointer files are small; scanning full content is fine.
+        <span class="cov7" title="5">var hasSpec bool
+        var oid string
+
+        sc := bufio.NewScanner(bytes.NewReader(out))
+        for sc.Scan() </span><span class="cov8" title="7">{
+                line := sc.Text()
+                if line == lfsSpecLine </span><span class="cov3" title="2">{
+                        hasSpec = true
                         continue</span>
                 }
-                <span class="cov8" title="9">candidates = append(candidates, toMetadataCandidate(common.ConvertToCandidate(obj)))</span>
+                <span class="cov7" title="5">if strings.HasPrefix(line, "oid sha256:") </span><span class="cov3" title="2">{
+                        hex := strings.TrimPrefix(line, "oid sha256:")
+                        hex = strings.TrimSpace(hex)
+                        if hex != "" </span><span class="cov3" title="2">{
+                                oid = "sha256:" + hex
+                        }</span>
+                        // keep scanning a bit in case spec is below (rare), but we can break once both are found.
+                }
+                // pointer usually has only a few lines; stop early after 10 lines
+                <span class="cov7" title="5">if hasSpec &amp;&amp; oid != "" </span><span class="cov3" title="2">{
+                        break</span>
+                }
         }
-        <span class="cov8" title="9">if len(candidates) == 0 </span><span class="cov0" title="0">{
-                logger.Debug("no metadata candidates to stage")
-                return nil
+        <span class="cov7" title="5">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
+                return "", false, err
         }</span>
 
-        <span class="cov8" title="9">reqBody := metadataSubmitRequest{
-                Candidates: candidates,
-                TTLSeconds: int64((20 * time.Minute).Seconds()),
-        }
-        payload, err := json.Marshal(reqBody)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to encode pending metadata request: %w", err)
+        <span class="cov7" title="5">if hasSpec &amp;&amp; oid != "" </span><span class="cov3" title="2">{
+                return oid, true, nil
         }</span>
+        <span class="cov5" title="3">return "", false, nil</span>
+}
 
-        <span class="cov8" title="9">httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
+func stagedBlobSize(ctx context.Context, path string) (int64, error) <span class="cov3" title="2">{
+        out, err := git(ctx, "cat-file", "-s", ":"+path)
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to create pending metadata request: %w", err)
+                return 0, err
         }</span>
-        <span class="cov8" title="9">httpReq.Header.Set("Content-Type", "application/json")
-        httpReq.Header.Set("Accept", "application/vnd.git-lfs+json")
-        if authHeader, ok := resolveRemoteAuthHeader(string(remote)); ok </span><span class="cov3" title="2">{
-                httpReq.Header.Set("Authorization", authHeader)
+        <span class="cov3" title="2">size, err := strconv.ParseInt(strings.TrimSpace(string(out)), 10, 64)
+        if err != nil </span><span class="cov0" title="0">{
+                return 0, fmt.Errorf("parse staged blob size for %s: %w", path, err)
         }</span>
+        <span class="cov3" title="2">return size, nil</span>
+}
 
-        <span class="cov8" title="9">client := pendingMetadataClientFactory()
-        resp, err := client.Do(httpReq)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("pending metadata request failed: %w", err)
+func collectOversizedPlainGitStagedFiles(ctx context.Context, changes []Change, thresholdBytes int64) ([]OversizedStagedFile, error) <span class="cov3" title="2">{
+        if thresholdBytes &lt;= 0 </span><span class="cov0" title="0">{
+                return nil, nil
         }</span>
-        <span class="cov8" title="9">defer resp.Body.Close()
+        <span class="cov3" title="2">var oversized []OversizedStagedFile
+        seen := make(map[string]struct{})
+        for _, ch := range changes </span><span class="cov5" title="3">{
+                if ch.Kind != KindAdd &amp;&amp; ch.Kind != KindModify &amp;&amp; ch.Kind != KindRename </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">path := ch.NewPath
+                if path == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">if _, ok := seen[path]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">seen[path] = struct{}{}
 
-        if resp.StatusCode &lt; 200 || resp.StatusCode &gt;= 300 </span><span class="cov7" title="6">{
-                body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
-                bodyText := strings.TrimSpace(string(body))
-                // Some deployments do not yet expose /info/lfs/objects/metadata.
-                // Treat this as optional capability and continue with push flow.
-                switch resp.StatusCode </span>{
-                case http.StatusNotFound, http.StatusMethodNotAllowed, http.StatusNotImplemented:<span class="cov4" title="3">
-                        logger.Warn(fmt.Sprintf("metadata staging endpoint unavailable (status=%d); continuing without staged metadata", resp.StatusCode))
-                        return nil</span>
+                _, isLFS, err := stagedLFSOID(ctx, path)
+                if err != nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">if isLFS </span><span class="cov1" title="1">{
+                        continue</span>
                 }
-                // Some reverse proxies/frontends may return HTML 404/maintenance pages with 5xx.
-                // If this looks like non-API HTML and not a structured LFS error, degrade gracefully.
-                <span class="cov4" title="3">if strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "text/html") </span><span class="cov1" title="1">{
-                        logger.Warn(fmt.Sprintf("metadata staging returned HTML response (status=%d); continuing without staged metadata", resp.StatusCode))
-                        return nil
-                }</span>
-                <span class="cov3" title="2">return fmt.Errorf("pending metadata request failed: status=%d body=%s", resp.StatusCode, bodyText)</span>
-        }
-        <span class="cov4" title="3">return nil</span>
-}
 
-func resolveRemoteAuthHeader(remoteName string) (string, bool) <span class="cov10" title="12">{
-        if token, err := gitrepo.GetRemoteToken(remoteName); err == nil </span><span class="cov10" title="12">{
-                if token = strings.TrimSpace(token); token != "" </span><span class="cov3" title="2">{
-                        return "Bearer " + token, true
+                <span class="cov3" title="2">size, err := stagedBlobSize(ctx, path)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
                 }</span>
+                <span class="cov3" title="2">if size &lt;= thresholdBytes </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov3" title="2">oversized = append(oversized, OversizedStagedFile{Path: path, Size: size})</span>
         }
-        <span class="cov9" title="10">username, password, err := gitrepo.GetRemoteBasicAuth(remoteName)
-        if err != nil || username == "" || password == "" </span><span class="cov8" title="8">{
-                return "", false
-        }</span>
-        <span class="cov3" title="2">creds := username + ":" + password
-        return "Basic " + base64.StdEncoding.EncodeToString([]byte(creds)), true</span>
+        <span class="cov3" title="2">sort.Slice(oversized, func(i, j int) bool </span><span class="cov0" title="0">{ return oversized[i].Path &lt; oversized[j].Path }</span>)
+        <span class="cov3" title="2">return oversized, nil</span>
 }
 
-func parseRemoteArgs(args []string) (string, string) <span class="cov0" title="0">{
-        var gitRemoteName, gitRemoteLocation string
-        if len(args) &gt;= 1 </span><span class="cov0" title="0">{
-                gitRemoteName = args[0]
+func promptOversizedDirectGitCommit(files []OversizedStagedFile) (bool, error) <span class="cov0" title="0">{
+        if len(files) == 0 </span><span class="cov0" title="0">{
+                return true, nil
         }</span>
-        <span class="cov0" title="0">if len(args) &gt;= 2 </span><span class="cov0" title="0">{
-                gitRemoteLocation = args[1]
+
+        <span class="cov0" title="0">fmt.Fprintf(os.Stderr, "\nWarning: the following staged files are being committed directly to Git and exceed %s:\n\n", humanBytes(directCommitWarningThresholdBytes))
+        for _, f := range files </span><span class="cov0" title="0">{
+                fmt.Fprintf(os.Stderr, "  - %s (%s)\n", f.Path, humanBytes(f.Size))
         }</span>
-        <span class="cov0" title="0">if gitRemoteName == "" </span><span class="cov0" title="0">{
-                gitRemoteName = "origin"
+        <span class="cov0" title="0">fmt.Fprintln(os.Stderr, "\nIf these should be managed by git-drs, track them first and re-add them.")
+        fmt.Fprint(os.Stderr, "Continue committing these files directly to GitHub? [y/N]: ")
+
+        reader := bufio.NewReader(os.Stdin)
+        line, err := reader.ReadString('\n')
+        if err != nil &amp;&amp; !errors.Is(err, io.EOF) </span><span class="cov0" title="0">{
+                return false, err
         }</span>
-        <span class="cov0" title="0">return gitRemoteName, gitRemoteLocation</span>
+        <span class="cov0" title="0">answer := strings.ToLower(strings.TrimSpace(line))
+        return answer == "y" || answer == "yes", nil</span>
 }
 
-type pushedRef struct {
-        LocalRef  string
-        LocalSHA  string
-        RemoteRef string
-        RemoteSHA string
+func humanBytes(n int64) string <span class="cov0" title="0">{
+        const unit = int64(1024)
+        if n &lt; unit </span><span class="cov0" title="0">{
+                return fmt.Sprintf("%d B", n)
+        }</span>
+        <span class="cov0" title="0">div, exp := unit, 0
+        for q := n / unit; q &gt;= unit; q /= unit </span><span class="cov0" title="0">{
+                div *= unit
+                exp++
+        }</span>
+        <span class="cov0" title="0">return fmt.Sprintf("%.1f %ciB", float64(n)/float64(div), "KMGTPE"[exp])</span>
 }
 
-func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) <span class="cov1" title="1">{
-        tmp, err := createTempFile("", "prepush-stdin-*")
+func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov1" title="1">{
+        out, err := git(ctx, "rev-parse", "--git-dir")
         if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
-        }</span>
-
-        <span class="cov1" title="1">if _, err := io.Copy(tmp, stdin); err != nil </span><span class="cov1" title="1">{
-                _ = tmp.Close()
-                _ = os.Remove(tmp.Name())
-                return nil, fmt.Errorf("error buffering stdin: %w", err)
+                return "", err
         }</span>
-
-        <span class="cov0" title="0">if _, err := tmp.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                _ = tmp.Close()
-                _ = os.Remove(tmp.Name())
-                return nil, fmt.Errorf("error seeking temp stdin: %w", err)
+        <span class="cov1" title="1">gitDir := strings.TrimSpace(string(out))
+        if gitDir == "" </span><span class="cov0" title="0">{
+                return "", errors.New("could not determine .git dir")
         }</span>
-        <span class="cov0" title="0">return tmp, nil</span>
+        // If gitDir is relative, resolve relative to repo root
+        <span class="cov1" title="1">if !filepath.IsAbs(gitDir) </span><span class="cov1" title="1">{
+                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
+                if err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov1" title="1">root := strings.TrimSpace(string(rootOut))
+                gitDir = filepath.Join(root, gitDir)</span>
+        }
+        <span class="cov1" title="1">return gitDir, nil</span>
 }
 
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) <span class="cov0" title="0">{
-        // Ensure we read from start
-        // example:
-        // refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">scanner := bufio.NewScanner(f)
-        refs := make([]pushedRef, 0)
-        for scanner.Scan() </span><span class="cov0" title="0">{
-                line := scanner.Text()
-                fields := strings.Fields(line)
-                if len(fields) &lt; 4 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">refs = append(refs, pushedRef{
-                        LocalRef:  fields[0],
-                        LocalSHA:  fields[1],
-                        RemoteRef: fields[2],
-                        RemoteSHA: fields[3],
-                })</span>
+func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov10" title="11">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Env = os.Environ()
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                // include stderr for debugging; don’t leak massive output
+                msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
+                }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("git %s: %s", strings.Join(args, " "), msg)</span>
         }
-        <span class="cov0" title="0">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        // Rewind so caller can reuse the file
-        <span class="cov0" title="0">if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">return refs, nil</span>
+        <span class="cov10" title="11">return stdout.Bytes(), nil</span>
 }
 
-func branchesFromRefs(refs []pushedRef) []string <span class="cov0" title="0">{
-        const prefix = "refs/heads/"
-        set := make(map[string]struct{})
-        for _, ref := range refs </span><span class="cov0" title="0">{
-                if strings.HasPrefix(ref.LocalRef, prefix) </span><span class="cov0" title="0">{
-                        branch := strings.TrimPrefix(ref.LocalRef, prefix)
-                        if branch != "" </span><span class="cov0" title="0">{
-                                set[branch] = struct{}{}
-                        }</span>
-                }
+// pathEntryFile maps a repo-relative path to a cache file location.
+// We keep a deterministic encoding so any path maps to exactly one file.
+func pathEntryFile(pathsDir, path string) string <span class="cov5" title="3">{
+        return filepath.Join(pathsDir, encodePath(path)+".json")
+}</span>
+
+func encodePath(path string) string <span class="cov5" title="3">{
+        // base64url encoding of the UTF-8 path string (no padding) is simple and safe.
+        return base64.RawURLEncoding.EncodeToString([]byte(path))
+}</span>
+
+func oidEntryFile(oidsDir, oid string) string <span class="cov3" title="2">{
+        // OID contains ":"; make it filesystem safe but still human readable.
+        // Use a stable transform; here: sha256 of oid string to avoid path length issues.
+        sum := sha256.Sum256([]byte(oid))
+        return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
+}</span>
+
+// oidAddOrReplacePath:
+// - loads oid entry (if exists)
+// - adds newPath to paths[]
+// - if oldPath != "" and present, replaces it with newPath
+// - sets ContentChange flag if requested (ORed into existing flag)
+// - preserves existing s3_url hint
+func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov1" title="1">{
+        f := oidEntryFile(oidsDir, oid)
+
+        entry := OIDEntry{
+                LFSOID:    oid,
+                Paths:     []string{},
+                UpdatedAt: now,
         }
-        <span class="cov0" title="0">branches := make([]string, 0, len(set))
-        for b := range set </span><span class="cov0" title="0">{
-                branches = append(branches, b)
+        if b, err := os.ReadFile(f); err == nil </span><span class="cov0" title="0">{
+                _ = json.Unmarshal(b, &amp;entry)
+                // ensure oid is set even if old file was incomplete
+                entry.LFSOID = oid
         }</span>
-        <span class="cov0" title="0">sort.Strings(branches)
-        return branches</span>
-}
 
-func openCache(ctx context.Context, logger *slog.Logger) (*precommit_cache.Cache, bool) <span class="cov0" title="0">{
-        cache, err := precommit_cache.Open(ctx)
-        if err != nil </span><span class="cov0" title="0">{
-                logger.Debug(fmt.Sprintf("pre-commit cache unavailable: %v", err))
-                return nil, false
+        <span class="cov1" title="1">paths := make(map[string]struct{}, len(entry.Paths)+1)
+        for _, p := range entry.Paths </span><span class="cov0" title="0">{
+                paths[p] = struct{}{}
         }</span>
-        <span class="cov0" title="0">if _, err := os.Stat(cache.Root); err != nil </span><span class="cov0" title="0">{
-                if os.IsNotExist(err) </span><span class="cov0" title="0">{
-                        logger.Debug("pre-commit cache missing; continuing without cache")
-                }</span> else<span class="cov0" title="0"> {
-                        logger.Debug(fmt.Sprintf("pre-commit cache access error: %v", err))
-                }</span>
-                <span class="cov0" title="0">return nil, false</span>
-        }
-        <span class="cov0" title="0">return cache, true</span>
-}
 
-func collectLfsFiles(ctx context.Context, cache *precommit_cache.Cache, cacheReady bool, gitRemoteName, gitRemoteLocation string, branches []string, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov0" title="0">{
-        if cacheReady </span><span class="cov0" title="0">{
-                lfsFiles, ok, err := lfsFilesFromCache(ctx, cache, refs, logger)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("pre-commit cache read failed: %v", err))
-                }</span> else<span class="cov0" title="0"> if ok </span><span class="cov0" title="0">{
-                        return lfsFiles, true, nil
-                }</span>
-                <span class="cov0" title="0">logger.Debug("pre-commit cache incomplete or stale; falling back to LFS discovery")</span>
-        }
-        <span class="cov0" title="0">lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, false, err
+        <span class="cov1" title="1">if oldPath != "" </span><span class="cov0" title="0">{
+                delete(paths, oldPath)
+        }</span>
+        <span class="cov1" title="1">if newPath != "" </span><span class="cov1" title="1">{
+                paths[newPath] = struct{}{}
         }</span>
-        <span class="cov0" title="0">return lfsFiles, false, nil</span>
-}
-
-const cacheMaxAge = 24 * time.Hour
 
-var pendingMetadataClientFactory = func() *http.Client <span class="cov0" title="0">{
-        return &amp;http.Client{Timeout: 20 * time.Second}
-}</span>
+        <span class="cov1" title="1">entry.Paths = keysSorted(paths)
+        entry.UpdatedAt = now
+        entry.ContentChange = entry.ContentChange || contentChanged
 
-func normalizeCachedOID(oid string) string <span class="cov4" title="3">{
-        normalized := strings.TrimSpace(oid)
-        if len(normalized) &gt;= len("sha256:") &amp;&amp; strings.EqualFold(normalized[:len("sha256:")], "sha256:") </span><span class="cov1" title="1">{
-                normalized = normalized[len("sha256:"):]
-        }</span>
-        <span class="cov4" title="3">return strings.TrimSpace(normalized)</span>
+        return writeJSONAtomic(f, entry)</span>
 }
 
-func lfsFilesFromCache(ctx context.Context, cache *precommit_cache.Cache, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov4" title="3">{
-        if cache == nil </span><span class="cov0" title="0">{
-                return nil, false, nil
-        }</span>
-        <span class="cov4" title="3">paths, err := listPushedPaths(ctx, refs)
+func oidRemovePath(oidsDir, oid, path, now string) error <span class="cov0" title="0">{
+        f := oidEntryFile(oidsDir, oid)
+
+        b, err := os.ReadFile(f)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, false, err
+                return err
         }</span>
-        <span class="cov4" title="3">lfsFiles := make(map[string]lfs.LfsFileInfo, len(paths))
-        for _, path := range paths </span><span class="cov4" title="3">{
-                entry, ok, err := cache.ReadPathEntry(path)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, false, err
-                }</span>
-                <span class="cov4" title="3">if !ok </span><span class="cov0" title="0">{
-                        return nil, false, nil
-                }</span>
-                <span class="cov4" title="3">oid := normalizeCachedOID(entry.LFSOID)
-                if oid == "" </span><span class="cov0" title="0">{
-                        return nil, false, nil
-                }</span>
-                <span class="cov4" title="3">if entry.UpdatedAt == "" || precommit_cache.StaleAfter(entry.UpdatedAt, cacheMaxAge) </span><span class="cov1" title="1">{
-                        return nil, false, nil
-                }</span>
-                <span class="cov3" title="2">stat, err := os.Stat(path)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("cache path stat failed for %s: %v", path, err))
-                        return nil, false, nil
-                }</span>
-                <span class="cov3" title="2">lfsFiles[path] = lfs.LfsFileInfo{
-                        Name:    path,
-                        Size:    stat.Size(),
-                        OidType: "sha256",
-                        Oid:     oid,
-                        Version: "https://git-lfs.github.com/spec/v1",
-                }</span>
-        }
-        <span class="cov3" title="2">return lfsFiles, true, nil</span>
-}
-
-func listPushedPaths(ctx context.Context, refs []pushedRef) ([]string, error) <span class="cov4" title="3">{
-        const zeroSHA = "0000000000000000000000000000000000000000"
-        set := make(map[string]struct{})
-        for _, ref := range refs </span><span class="cov4" title="3">{
-                if ref.LocalSHA == "" || ref.LocalSHA == zeroSHA </span><span class="cov0" title="0">{
+        <span class="cov0" title="0">var entry OIDEntry
+        if err := json.Unmarshal(b, &amp;entry); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">paths := make(map[string]struct{}, len(entry.Paths))
+        for _, p := range entry.Paths </span><span class="cov0" title="0">{
+                if p == path </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov4" title="3">var args []string
-                if ref.RemoteSHA == "" || ref.RemoteSHA == zeroSHA </span><span class="cov1" title="1">{
-                        args = []string{"ls-tree", "-r", "--name-only", ref.LocalSHA}
-                }</span> else<span class="cov3" title="2"> {
-                        args = []string{"diff", "--name-only", ref.RemoteSHA, ref.LocalSHA}
-                }</span>
-                <span class="cov4" title="3">out, err := gitOutput(ctx, args...)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, err
-                }</span>
-                <span class="cov4" title="3">for _, line := range strings.Split(strings.TrimSpace(out), "\n") </span><span class="cov4" title="3">{
-                        line = strings.TrimSpace(line)
-                        if line == "" </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov4" title="3">set[line] = struct{}{}</span>
-                }
+                <span class="cov0" title="0">paths[p] = struct{}{}</span>
         }
-        <span class="cov4" title="3">paths := make([]string, 0, len(set))
-        for path := range set </span><span class="cov4" title="3">{
-                paths = append(paths, path)
-        }</span>
-        <span class="cov4" title="3">sort.Strings(paths)
-        return paths, nil</span>
+        <span class="cov0" title="0">entry.Paths = keysSorted(paths)
+        entry.UpdatedAt = now
+
+        // If no paths remain, keep the file (it may still hold s3_url hint) or delete it.
+        // This ADR allows stale entries; keeping is fine. Optionally delete when empty:
+        // if len(entry.Paths) == 0 &amp;&amp; entry.S3URL == "" { return os.Remove(f) }
+
+        return writeJSONAtomic(f, entry)</span>
 }
 
-func gitOutput(ctx context.Context, args ...string) (string, error) <span class="cov4" title="3">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Env = os.Environ()
-        out, err := cmd.CombinedOutput()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
+func keysSorted(m map[string]struct{}) []string <span class="cov1" title="1">{
+        out := make([]string, 0, len(m))
+        for k := range m </span><span class="cov1" title="1">{
+                out = append(out, k)
         }</span>
-        <span class="cov4" title="3">return string(out), nil</span>
+        <span class="cov1" title="1">sort.Strings(out)
+        return out</span>
 }
 
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedBranches(f *os.File) ([]string, error) <span class="cov6" title="5">{
-        // Ensure we read from start
-        // example:
-        // refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+// writeJSONAtomic writes JSON to a temp file then renames it into place.
+// This avoids partially written cache files if the process is interrupted.
+func writeJSONAtomic(path string, v any) error <span class="cov3" title="2">{
+        dir := filepath.Dir(path)
+        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov6" title="5">scanner := bufio.NewScanner(f)
-        set := make(map[string]struct{})
-        for scanner.Scan() </span><span class="cov7" title="6">{
-                line := scanner.Text()
-                fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov7" title="6">localRef := fields[0]
-                const prefix = "refs/heads/"
-                if strings.HasPrefix(localRef, prefix) </span><span class="cov6" title="4">{
-                        branch := strings.TrimPrefix(localRef, prefix)
-                        if branch != "" </span><span class="cov6" title="4">{
-                                set[branch] = struct{}{}
-                        }</span>
-                }
-        }
-        <span class="cov6" title="5">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+
+        <span class="cov3" title="2">tmp := path + ".tmp"
+        f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov3" title="2">defer func() </span><span class="cov3" title="2">{ _ = f.Close() }</span>()
+
+        <span class="cov3" title="2">enc := json.NewEncoder(f)
+        enc.SetIndent("", "  ")
+        if err := enc.Encode(v); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmp)
+                return err
         }</span>
-        <span class="cov6" title="5">branches := make([]string, 0, len(set))
-        for b := range set </span><span class="cov6" title="4">{
-                branches = append(branches, b)
+        <span class="cov3" title="2">if err := f.Sync(); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmp)
+                return err
         }</span>
-        <span class="cov6" title="5">sort.Strings(branches)
-        // Rewind so caller can reuse the file
-        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov3" title="2">if err := f.Close(); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmp)
+                return err
         }</span>
-        <span class="cov6" title="5">return branches, nil</span>
+        <span class="cov3" title="2">return os.Rename(tmp, path)</span>
 }
-</pre>
-		
-		<pre class="file" id="file16" style="display: none">package pull
 
-import (
-        "context"
-        "fmt"
-        "net/url"
-        "os"
-        "os/exec"
-        "strings"
-
-        "github.com/bytedance/sonic"
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drslookup"
-        "github.com/calypr/git-drs/internal/drsmap"
-        "github.com/calypr/git-drs/internal/lfs"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/spf13/cobra"
-)
-
-var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
-        cmd := exec.Command(name, args...)
-        return cmd.CombinedOutput()
-}</span>
-
-var Cmd = &amp;cobra.Command{
-        Use:   "pull [remote-name]",
-        Short: "Pull using the standard Git + Git LFS flow",
-        Long:  "Pull using the standard Git + Git LFS flow (git pull, git lfs pull, git lfs checkout).",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) &gt; 1 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs pull --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov6" title="2">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-                logg := drslog.GetLogger()
-
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error loading config: %v", err)
-                }</span>
-
-                <span class="cov6" title="2">var remote config.Remote
-                if len(args) &gt; 0 </span><span class="cov0" title="0">{
-                        remote = config.Remote(args[0])
-                }</span> else<span class="cov6" title="2"> {
-                        remote, err = cfg.GetDefaultRemote()
-                        if err != nil </span><span class="cov6" title="2">{
-                                logg.Error(fmt.Sprintf("Error getting remote: %v", err))
-                                return err
-                        }</span>
-                }
-
-                <span class="cov0" title="0">drsCtx, err := cfg.GetRemoteClient(remote, logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        logg.Error(fmt.Sprintf("error creating DRS client: %s", err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">_ = drsCtx // Remote validation only.
-
-                if out, err := runCommand("git", "pull", string(remote)); err != nil </span><span class="cov0" title="0">{
-                        msg := strings.TrimSpace(string(out))
-                        if msg == "" </span><span class="cov0" title="0">{
-                                msg = err.Error()
-                        }</span>
-                        <span class="cov0" title="0">return fmt.Errorf("git pull failed for remote %q: %s", remote, msg)</span>
-                }
-
-                <span class="cov0" title="0">var parsed struct {
-                        Files []lfs.LfsFileInfo `json:"files"`
-                }
-                out, err := runCommand("git", "lfs", "ls-files", "--json")
-                if err != nil </span><span class="cov0" title="0">{
-                        msg := commandMessage(out, err)
-                        if !isMissingGitLFS(msg) </span><span class="cov0" title="0">{
-                                return fmt.Errorf("git lfs ls-files failed: %s", msg)
-                        }</span>
-                        <span class="cov0" title="0">lfsFiles, inventoryErr := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, logg)
-                        if inventoryErr != nil </span><span class="cov0" title="0">{
-                                return fmt.Errorf("git lfs ls-files failed: %s; fallback inventory failed: %w", msg, inventoryErr)
-                        }</span>
-                        <span class="cov0" title="0">parsed.Files = make([]lfs.LfsFileInfo, 0, len(lfsFiles))
-                        for _, f := range lfsFiles </span><span class="cov0" title="0">{
-                                parsed.Files = append(parsed.Files, f)
-                        }</span>
-                } else<span class="cov0" title="0"> if err := lfsjsonUnmarshal(out, &amp;parsed); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to parse git lfs ls-files output: %w", err)
-                }</span>
-
-                <span class="cov0" title="0">ctx := context.Background()
-                missingOIDs := make([]string, 0, len(parsed.Files))
-                seenMissing := make(map[string]struct{}, len(parsed.Files))
-                for _, f := range parsed.Files </span><span class="cov0" title="0">{
-                        if f.Downloaded </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov0" title="0">if _, seen := seenMissing[f.Oid]; seen </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov0" title="0">seenMissing[f.Oid] = struct{}{}
-                        missingOIDs = append(missingOIDs, f.Oid)</span>
-                }
-
-                <span class="cov0" title="0">if len(missingOIDs) &gt; 0 </span><span class="cov0" title="0">{
-                        prefetched := make(map[string]drsapi.DrsObject, len(missingOIDs))
-                        for _, oid := range missingOIDs </span><span class="cov0" title="0">{
-                                recs, err := drslookup.ObjectsByHashForScope(ctx, drsCtx, oid)
-                                if err != nil || len(recs) == 0 </span><span class="cov0" title="0">{
-                                        continue</span>
-                                }
-                                <span class="cov0" title="0">prefetched[oid] = recs[0]</span>
-                        }
-                        <span class="cov0" title="0">if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
-                                logg.Debug(fmt.Sprintf("prefetched %d objects for pull", len(prefetched)))
-                        }</span> else<span class="cov0" title="0"> {
-                                logg.Debug("bulk prefetch found no scoped objects; continuing per-object")
-                        }</span>
-
-                        <span class="cov0" title="0">prefetchedAccess := make(map[string]drsapi.AccessURL, len(prefetched))
-                        if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
-                                objects := make([]drsapi.DrsObject, 0, len(prefetched))
-                                for _, obj := range prefetched </span><span class="cov0" title="0">{
-                                        objects = append(objects, obj)
-                                }</span>
-                                <span class="cov0" title="0">if resolved, err := drslookup.BulkAccessURLsForObjects(ctx, drsCtx, objects); err == nil </span><span class="cov0" title="0">{
-                                        prefetchedAccess = resolved
-                                        logg.Debug(fmt.Sprintf("bulk access resolved %d URLs for pull", len(prefetchedAccess)))
-                                }</span> else<span class="cov0" title="0"> {
-                                        logg.Debug(fmt.Sprintf("bulk access prefetch failed; continuing per-object: %v", err))
-                                }</span>
-                        }
-                        <span class="cov0" title="0">for _, f := range parsed.Files </span><span class="cov0" title="0">{
-                                if f.Downloaded </span><span class="cov0" title="0">{
-                                        continue</span>
-                                }
-                                <span class="cov0" title="0">dstPath, err := drsmap.GetObjectPath(common.LFS_OBJS_PATH, f.Oid)
-                                if err != nil </span><span class="cov0" title="0">{
-                                        return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
-                                }</span>
-                                <span class="cov0" title="0">if obj, ok := prefetched[f.Oid]; ok </span><span class="cov0" title="0">{
-                                        if accessURL, ok := prefetchedAccess[obj.Id]; ok </span><span class="cov0" title="0">{
-                                                objCopy := obj
-                                                if err := lfs.DownloadResolvedToCachePath(ctx, drsCtx, f.Oid, dstPath, &amp;objCopy, &amp;accessURL); err != nil </span><span class="cov0" title="0">{
-                                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
-                                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
-                                                }</span>
-                                                <span class="cov0" title="0">continue</span>
-                                        }
-                                }
-                                <span class="cov0" title="0">if err := lfs.DownloadToCachePath(ctx, drsCtx, logg, f.Oid, dstPath); err != nil </span><span class="cov0" title="0">{
-                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
-                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
-                                }</span>
-                        }
-                } else<span class="cov0" title="0"> {
-                        logg.Debug("no missing LFS objects to download")
-                }</span>
-
-                <span class="cov0" title="0">if out, err := runCommand("git", "lfs", "checkout"); err != nil </span><span class="cov0" title="0">{
-                        msg := commandMessage(out, err)
-                        if !isMissingGitLFS(msg) </span><span class="cov0" title="0">{
-                                return fmt.Errorf("git lfs checkout failed: %s", msg)
-                        }</span>
-                }
-                <span class="cov0" title="0">if err := checkoutDownloadedFiles(parsed.Files); err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-
-                <span class="cov0" title="0">return nil</span>
-        },
-}
+func moveFileBestEffort(src, dst string) error <span class="cov0" title="0">{
+        // Ensure destination directory exists.
+        if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        // Rename will fail across devices; fall back to copy+remove.
+        <span class="cov0" title="0">if err := os.Rename(src, dst); err == nil </span><span class="cov0" title="0">{
+                return nil
+        }</span> else<span class="cov0" title="0"> if errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-func commandMessage(out []byte, err error) string <span class="cov0" title="0">{
-        msg := strings.TrimSpace(string(out))
-        if msg == "" &amp;&amp; err != nil </span><span class="cov0" title="0">{
-                msg = err.Error()
+        <span class="cov0" title="0">in, err := os.Open(src)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">return msg</span>
-}
+        <span class="cov0" title="0">defer in.Close()
 
-func isMissingGitLFS(msg string) bool <span class="cov0" title="0">{
-        return strings.Contains(msg, "git: 'lfs' is not a git command")
-}</span>
+        out, err := os.OpenFile(dst, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-func checkoutDownloadedFiles(files []lfs.LfsFileInfo) error <span class="cov0" title="0">{
-        for _, f := range files </span><span class="cov0" title="0">{
-                if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">srcPath, err := drsmap.GetObjectPath(common.LFS_OBJS_PATH, f.Oid)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to resolve cached object for %s: %w", f.Oid, err)
-                }</span>
-                <span class="cov0" title="0">payload, err := os.ReadFile(srcPath)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to read cached object %s: %w", srcPath, err)
-                }</span>
-                <span class="cov0" title="0">if err := os.WriteFile(f.Name, payload, 0o644); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
-                }</span>
-        }
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov0" title="0">if _, err := io.Copy(out, in); err != nil </span><span class="cov0" title="0">{
+                _ = out.Close()
+                return err
+        }</span>
+        <span class="cov0" title="0">if err := out.Close(); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return os.Remove(src)</span>
 }
+</pre>
+		
+		<pre class="file" id="file16" style="display: none">package prepush
 
-var lfsjsonUnmarshal = func(data []byte, v any) error <span class="cov0" title="0">{
-        return sonic.ConfigFastest.Unmarshal(data, v)
-}</span>
+import (
+        "fmt"
+        "io"
+        "os"
+)
 
-func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContext, oid string) string <span class="cov0" title="0">{
-        recs, err := drslookup.ObjectsByHashForScope(ctx, drsCtx, oid)
+func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) <span class="cov8" title="1">{
+        tmp, err := createTempFile("", "prepush-stdin-*")
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Sprintf("oid=%s query_error=%v", oid, err)
-        }</span>
-        <span class="cov0" title="0">if len(recs) == 0 </span><span class="cov0" title="0">{
-                return fmt.Sprintf("oid=%s records=0", oid)
+                return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
         }</span>
 
-        <span class="cov0" title="0">match := &amp;recs[0]
+        <span class="cov8" title="1">if _, err := io.Copy(tmp, stdin); err != nil </span><span class="cov8" title="1">{
+                _ = tmp.Close()
+                _ = os.Remove(tmp.Name())
+                return nil, fmt.Errorf("error buffering stdin: %w", err)
+        }</span>
 
-        methods := make([]string, 0)
-        if match.AccessMethods != nil </span><span class="cov0" title="0">{
-                methods = make([]string, 0, len(*match.AccessMethods))
-                for _, am := range *match.AccessMethods </span><span class="cov0" title="0">{
-                        scheme := ""
-                        rawURL := ""
-                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
-                                rawURL = strings.TrimSpace(am.AccessUrl.Url)
-                        }</span>
-                        <span class="cov0" title="0">if rawURL != "" </span><span class="cov0" title="0">{
-                                if parsed, parseErr := url.Parse(rawURL); parseErr == nil </span><span class="cov0" title="0">{
-                                        scheme = parsed.Scheme
-                                }</span>
-                        }
-                        <span class="cov0" title="0">accessID := ""
-                        if am.AccessId != nil </span><span class="cov0" title="0">{
-                                accessID = strings.TrimSpace(*am.AccessId)
-                        }</span>
-                        <span class="cov0" title="0">methods = append(methods, fmt.Sprintf("{type=%s access_id=%s url_scheme=%s url=%s}", am.Type, accessID, scheme, rawURL))</span>
-                }
-        }
-        <span class="cov0" title="0">return fmt.Sprintf("oid=%s did=%s size=%d access_methods=%s", oid, strings.TrimSpace(match.Id), match.Size, strings.Join(methods, ", "))</span>
+        <span class="cov0" title="0">if _, err := tmp.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
+                _ = tmp.Close()
+                _ = os.Remove(tmp.Name())
+                return nil, fmt.Errorf("error seeking temp stdin: %w", err)
+        }</span>
+        <span class="cov0" title="0">return tmp, nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file17" style="display: none">package push
+		<pre class="file" id="file17" style="display: none">package prepush
 
 import (
+        "bytes"
         "context"
+        "encoding/base64"
+        "encoding/json"
         "fmt"
+        "io"
+        "log/slog"
+        "net/http"
+        "os"
         "os/exec"
+        "sort"
         "strings"
+        "time"
 
+        "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsdelete"
         "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsmap"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/gitrepo"
         "github.com/calypr/git-drs/internal/lfs"
-        "github.com/calypr/git-drs/internal/pushsync"
+        "github.com/calypr/git-drs/internal/precommit_cache"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
         "github.com/spf13/cobra"
 )
 
-var pushWithHooks bool
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "pre-push-prepare",
+        Short: "pre-push hook to update DRS objects",
+        Long:  "Pre-push hook that updates DRS objects before transfer",
+        Args:  cobra.RangeArgs(0, 2),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                return NewPrePushService().Run(args, os.Stdin)
+        }</span>,
+}
 
-var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
-        cmd := exec.Command(name, args...)
-        return cmd.CombinedOutput()
+type PrePushService struct {
+        newLogger       func(string, bool) (*slog.Logger, error)
+        loadConfig      func() (*config.Config, error)
+        writeDrsObjects func(drsobject.Builder, map[string]lfs.LfsFileInfo, drsmap.WriteOptions) error
+        createTempFile  func(dir, pattern string) (*os.File, error)
+}
+
+func NewPrePushService() *PrePushService <span class="cov0" title="0">{
+        return &amp;PrePushService{
+                newLogger:       drslog.NewLogger,
+                loadConfig:      config.LoadConfig,
+                writeDrsObjects: drsmap.WriteObjectsForLFSFiles,
+                createTempFile:  os.CreateTemp,
+        }
 }</span>
 
-var Cmd = &amp;cobra.Command{
-        Use:   "push [remote-name]",
-        Short: "Upload/register DRS objects and push Git refs",
-        Long:  "Performs git-drs managed upload/register flow (multipart for large files) and then runs git push (without pre-push hooks by default).",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) &gt; 1 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs push --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov6" title="2">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-                myLogger := drslog.GetLogger()
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        myLogger.Debug(fmt.Sprintf("Error loading config: %v", err))
-                        return err
-                }</span>
+func (s *PrePushService) Run(args []string, stdin io.Reader) error <span class="cov0" title="0">{
+        ctx := context.Background()
+        myLogger, err := s.newLogger("", false)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error creating logger: %v", err)
+        }</span>
 
-                <span class="cov6" title="2">var remote config.Remote
-                if len(args) &gt; 0 </span><span class="cov0" title="0">{
-                        remote = config.Remote(args[0])
-                }</span> else<span class="cov6" title="2"> {
-                        remote, err = cfg.GetDefaultRemote()
-                        if err != nil </span><span class="cov6" title="2">{
-                                myLogger.Debug(fmt.Sprintf("Error getting default remote: %v", err))
-                                return err
-                        }</span>
-                }
+        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ START: pre-push ~~~~~~~~~~~~~")
 
-                <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remote, myLogger)
-                if err != nil </span><span class="cov0" title="0">{
-                        myLogger.Debug(fmt.Sprintf("Error creating DRS client: %s", err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">lfsFiles, err := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, myLogger)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to discover LFS files to push: %w", err)
-                }</span>
+        cfg, err := s.loadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error getting config: %v", err)
+        }</span>
 
-                <span class="cov0" title="0">ctx := context.Background()
-                if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed batch register/upload workflow: %w", err)
-                }</span>
+        <span class="cov0" title="0">gitRemoteName, gitRemoteLocation := parseRemoteArgs(args)
+        myLogger.Debug(fmt.Sprintf("git remote name: %s, git remote location: %s", gitRemoteName, gitRemoteLocation))
 
-                <span class="cov0" title="0">pushArgs := []string{"push"}
-                if !pushWithHooks </span><span class="cov0" title="0">{
-                        pushArgs = append(pushArgs, "--no-verify")
-                }</span>
-                <span class="cov0" title="0">pushArgs = append(pushArgs, string(remote))
-                out, err := runCommand("git", pushArgs...)
-                if err != nil </span><span class="cov0" title="0">{
-                        msg := strings.TrimSpace(string(out))
-                        if msg == "" </span><span class="cov0" title="0">{
-                                msg = err.Error()
-                        }</span>
-                        <span class="cov0" title="0">return fmt.Errorf("git push failed for remote %q: %s", remote, msg)</span>
-                }
-                <span class="cov0" title="0">return nil</span>
-        },
-}
+        remote, err := cfg.GetDefaultRemote()
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Debug(fmt.Sprintf("Warning. Error getting default remote: %v", err))
+                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting default remote:", err)
+                return nil
+        }</span>
 
-func init() <span class="cov1" title="1">{
-        Cmd.Flags().BoolVar(&amp;pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
-}</span>
-</pre>
-		
-		<pre class="file" id="file18" style="display: none">package query
+        <span class="cov0" title="0">remoteConfig := cfg.GetRemote(remote)
+        if remoteConfig == nil </span><span class="cov0" title="0">{
+                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting remote configuration.")
+                myLogger.Debug("Warning. Skipping DRS preparation. Error getting remote configuration.")
+                return nil
+        }</span>
+        <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remote, myLogger)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-import (
-        "context"
-        "fmt"
-        "strings"
+        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(
+                remoteConfig.GetOrganization(),
+                remoteConfig.GetProjectId(),
+                remoteConfig.GetBucketName(),
+                remoteConfig.GetStoragePrefix(),
+        )
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drslookup"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
-        "github.com/spf13/cobra"
-)
+        <span class="cov0" title="0">builder := drsobject.NewBuilder(scope.Bucket, remoteConfig.GetProjectId())
+        builder.Organization = remoteConfig.GetOrganization()
+        builder.StoragePrefix = scope.Prefix
+        myLogger.Debug(fmt.Sprintf("Current server project: %s (org: %s)", builder.Project, builder.Organization))
 
-var remote string
-var checksum = false
-var pretty = false
+        tmp, err := bufferStdin(stdin, s.createTempFile)
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("error buffering stdin: %v", err))
+                return err
+        }</span>
+        <span class="cov0" title="0">defer func() </span><span class="cov0" title="0">{
+                _ = tmp.Close()
+                _ = os.Remove(tmp.Name())
+        }</span>()
 
-func queryByChecksum(ctx context.Context, gc *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
-        hashType := checksumTypeForString(checksum)
-        if hashType != hash.ChecksumTypeSHA256.String() </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("checksum lookup currently only supports sha256 (got %q); non-sha256 support is tracked in syfon DRSService.GetObjectsByChecksum", hashType)
+        <span class="cov0" title="0">refs, err := readPushedRefs(tmp)
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("error reading pushed refs: %v", err))
+                return err
         }</span>
-        <span class="cov0" title="0">return drslookup.ObjectsByHashForScope(ctx, gc, checksum)</span>
-}
+        <span class="cov0" title="0">if _, err := drsdelete.ReconcileCommittedDeletes(ctx, drsClient, drsDeleteRefs(refs), myLogger); err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("delete reconciliation failed: %v", err))
+                return err
+        }</span>
+        <span class="cov0" title="0">branches := branchesFromRefs(refs)
 
-func checksumTypeForString(sum string) string <span class="cov10" title="5">{
-        switch len(strings.TrimSpace(sum)) </span>{
-        case 32:<span class="cov1" title="1">
-                return "md5"</span>
-        case 40:<span class="cov1" title="1">
-                return "sha1"</span>
-        case 64:<span class="cov1" title="1">
-                return "sha256"</span>
-        case 128:<span class="cov1" title="1">
-                return "sha512"</span>
-        default:<span class="cov1" title="1">
-                return string(hash.NormalizeChecksumType(sum))</span>
-        }
-}
+        cache, cacheReady := openCache(ctx, myLogger)
+        lfsFiles, usedCache, err := collectLfsFiles(ctx, cache, cacheReady, gitRemoteName, gitRemoteLocation, branches, refs, myLogger)
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("error collecting LFS files: %v", err))
+                return err
+        }</span>
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "query &lt;drs_id&gt;",
-        Short: "Query DRS server by DRS ID",
-        Long:  "Query DRS server by DRS ID",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                if len(args) != 1 </span><span class="cov0" title="0">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: requires exactly 1 argument (DRS ID), received %d\n\nUsage: %s\n\nSee 'git drs query --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                logger := drslog.GetLogger()
+        <span class="cov0" title="0">myLogger.Debug(fmt.Sprintf("Preparing DRS objects for push branches: %v (cache=%v)", branches, usedCache))
+        err = s.writeDrsObjects(builder, lfsFiles, drsmap.WriteOptions{
+                Cache:          cache,
+                PreferCacheURL: usedCache,
+                Logger:         myLogger,
+        })
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("WriteObjectsForLFSFiles failed: %v", err))
+                return err
+        }</span>
 
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
+        // Stage metadata in one packet; server consumes it at LFS verify-time.
+        <span class="cov0" title="0">myLogger.Info(fmt.Sprintf("Staging %d DRS metadata records for LFS verify", len(lfsFiles)))
+        if err := submitPendingLFSMeta(ctx, remote, remoteConfig.GetEndpoint(), lfsFiles, myLogger); err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("DRS metadata staging failed: %v", err))
+                return fmt.Errorf("DRS metadata staging failed: %w", err)
+        }</span>
 
-                <span class="cov0" title="0">remoteName, err := cfg.GetRemoteOrDefault(remote)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-                        return err
-                }</span>
+        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ COMPLETED: pre-push ~~~~~~~~~~~~~")
+        return nil</span>
+}
 
-                <span class="cov0" title="0">gc, err := cfg.GetRemoteClient(remoteName, logger)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
+type metadataSubmitRequest struct {
+        Candidates []metadataCandidate `json:"candidates"`
+        TTLSeconds int64               `json:"ttl_seconds,omitempty"`
+}
 
-                <span class="cov0" title="0">if checksum </span><span class="cov0" title="0">{
-                        objs, err := queryByChecksum(context.Background(), gc, args[0])
-                        if err != nil </span><span class="cov0" title="0">{
-                                return err
-                        }</span>
-                        <span class="cov0" title="0">for _, drsObj := range objs </span><span class="cov0" title="0">{
-                                if err := common.PrintDRSObject(drsObj, pretty); err != nil </span><span class="cov0" title="0">{
-                                        return err
-                                }</span>
-                        }
-                        <span class="cov0" title="0">return nil</span>
-                }
+type metadataChecksum struct {
+        Type     string `json:"type"`
+        Checksum string `json:"checksum"`
+}
 
-                <span class="cov0" title="0">obj, err := gc.Client.DRS().GetObject(context.Background(), args[0])
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">return common.PrintDRSObject(obj, pretty)</span>
-        },
+type metadataAccessURL struct {
+        URL string `json:"url,omitempty"`
 }
 
-func init() <span class="cov1" title="1">{
-        Cmd.Flags().StringVarP(&amp;remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-        Cmd.Flags().BoolVarP(&amp;checksum, "checksum", "c", checksum, "Find by checksum")
-        Cmd.Flags().BoolVarP(&amp;pretty, "pretty", "p", pretty, "Print indented JSON")
-}</span>
-</pre>
-		
-		<pre class="file" id="file19" style="display: none">package add
+type metadataAccessMethod struct {
+        Type           string              `json:"type,omitempty"`
+        AccessURL      metadataAccessURL   `json:"access_url,omitempty"`
+        AccessID       string              `json:"access_id,omitempty"`
+        Region         string              `json:"region,omitempty"`
+        Authorizations map[string][]string `json:"authorizations,omitempty"`
+}
 
-import (
-        "context"
-        "fmt"
-        "log/slog"
-        "strings"
+type metadataCandidate struct {
+        Id            string                 `json:"id,omitempty"`
+        Name          string                 `json:"name,omitempty"`
+        Size          int64                  `json:"size"`
+        Version       string                 `json:"version,omitempty"`
+        MimeType      string                 `json:"mime_type,omitempty"`
+        Checksums     []metadataChecksum     `json:"checksums"`
+        AccessMethods []metadataAccessMethod `json:"access_methods,omitempty"`
+        Description   string                 `json:"description,omitempty"`
+        Aliases       []string               `json:"aliases,omitempty"`
+}
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/syfon/client/conf"
-        "github.com/spf13/cobra"
-)
-
-var Gen3Cmd = &amp;cobra.Command{
-        Use: "gen3 [remote-name]",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                if len(args) &gt; 1 </span><span class="cov0" title="0">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                logg := drslog.GetLogger()
-
-                // make sure at least one of the credentials params is provided
-                if credFile == "" &amp;&amp; fenceToken == "" &amp;&amp; len(args) == 0 </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: Gen3 requires a credentials file or accessToken to setup project locally. Please provide either a --cred or --token flag. See 'git drs remote add gen3 --help' for more details")
-                }</span>
-
-                <span class="cov0" title="0">remoteName := config.ORIGIN
-                if len(args) &gt; 0 </span><span class="cov0" title="0">{
-                        remoteName = args[0]
-                }</span>
-
-                <span class="cov0" title="0">err := gen3Init(remoteName, credFile, fenceToken, project, organization, bucket, logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error configuring gen3 server: %v", err)
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        },
-}
-
-func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket string, logg *slog.Logger) error <span class="cov0" title="0">{
-        if remoteName == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
+func toMetadataCandidate(c drsapi.DrsObjectCandidate) metadataCandidate <span class="cov8" title="9">{
+        name := ""
+        if c.Name != nil </span><span class="cov8" title="9">{
+                name = *c.Name
         }</span>
-        <span class="cov0" title="0">if project == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("project is required for Gen3 remote")
+        <span class="cov8" title="9">mimeType := ""
+        if c.MimeType != nil </span><span class="cov0" title="0">{
+                mimeType = *c.MimeType
         }</span>
-
-        <span class="cov0" title="0">resolvedBucket := strings.TrimSpace(bucket)
-        resolvedStoragePrefix := ""
-        if strings.TrimSpace(organization) != "" </span><span class="cov0" title="0">{
-                scope, err := gitrepo.ResolveBucketScope(organization, project, resolvedBucket, "")
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
-                }</span>
-                <span class="cov0" title="0">resolvedBucket = strings.TrimSpace(scope.Bucket)
-                resolvedStoragePrefix = strings.TrimSpace(scope.Prefix)</span>
+        <span class="cov8" title="9">description := ""
+        if c.Description != nil </span><span class="cov0" title="0">{
+                description = *c.Description
+        }</span>
+        <span class="cov8" title="9">aliases := []string(nil)
+        if c.Aliases != nil </span><span class="cov0" title="0">{
+                aliases = append([]string(nil), (*c.Aliases)...)
+        }</span>
+        <span class="cov8" title="9">out := metadataCandidate{
+                Name:        name,
+                Size:        c.Size,
+                Version:     "",
+                MimeType:    mimeType,
+                Description: description,
+                Aliases:     aliases,
         }
-        <span class="cov0" title="0">if resolvedBucket == "" </span><span class="cov0" title="0">{
-                if strings.TrimSpace(organization) == "" </span><span class="cov0" title="0">{
-                        return fmt.Errorf("bucket is required when organization is empty")
-                }</span>
-                <span class="cov0" title="0">if strings.TrimSpace(resolvedBucket) == "" </span><span class="cov0" title="0">{
-                        return fmt.Errorf("bucket is required (or configure mapping first with `git drs bucket add-project --organization %s --project %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`)", organization, project)
+        if c.Version != nil </span><span class="cov0" title="0">{
+                out.Version = *c.Version
+        }</span>
+
+        <span class="cov8" title="9">if len(c.Checksums) &gt; 0 </span><span class="cov8" title="9">{
+                out.Checksums = make([]metadataChecksum, 0, len(c.Checksums))
+                for _, cs := range c.Checksums </span><span class="cov8" title="9">{
+                        out.Checksums = append(out.Checksums, metadataChecksum{
+                                Type:     string(cs.Type),
+                                Checksum: cs.Checksum,
+                        })
                 }</span>
         }
 
-        <span class="cov0" title="0">var accessToken, apiKey, keyID, apiEndpoint string
-        configure := conf.NewConfigure(logg)
-        switch </span>{
-        case fenceToken != "":<span class="cov0" title="0">
-                accessToken = fenceToken
-                var err error
-                apiEndpoint, err = common.ParseAPIEndpointFromToken(accessToken)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to parse API endpoint from provided access token: %w", err)
-                }</span>
+        <span class="cov8" title="9">if c.AccessMethods != nil &amp;&amp; len(*c.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
+                out.AccessMethods = make([]metadataAccessMethod, 0, len(*c.AccessMethods))
+                for _, am := range *c.AccessMethods </span><span class="cov0" title="0">{
+                        accID := ""
+                        if am.AccessId != nil </span><span class="cov0" title="0">{
+                                accID = *am.AccessId
+                        }</span>
+                        <span class="cov0" title="0">region := ""
+                        if am.Region != nil </span><span class="cov0" title="0">{
+                                region = *am.Region
+                        }</span>
+                        <span class="cov0" title="0">accURL := ""
+                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
+                                accURL = am.AccessUrl.Url
+                        }</span>
+                        <span class="cov0" title="0">m := metadataAccessMethod{
+                                Type:     string(am.Type),
+                                AccessID: accID,
+                                Region:   region,
+                                AccessURL: metadataAccessURL{
+                                        URL: accURL,
+                                },
+                        }
+                        out.AccessMethods = append(out.AccessMethods, m)</span>
+                }
+        }
 
-        case credFile != "":<span class="cov0" title="0">
-                cred, err := configure.Import(credFile, "")
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to read credentials file %s: %w", credFile, err)
-                }</span>
-                <span class="cov0" title="0">accessToken = cred.AccessToken
-                apiKey = cred.APIKey
-                keyID = cred.KeyID
+        <span class="cov8" title="9">return out</span>
+}
 
-                apiEndpoint, err = common.ParseAPIEndpointFromToken(cred.APIKey)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to parse API endpoint from API key in credentials file: %w", err)
-                }</span>
+func submitPendingLFSMeta(ctx context.Context, remote config.Remote, endpoint string, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error <span class="cov8" title="9">{
+        base := strings.TrimRight(strings.TrimSpace(endpoint), "/")
+        if base == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote endpoint is empty")
+        }</span>
+        <span class="cov8" title="9">url := base + "/info/lfs/objects/metadata"
 
-        default:<span class="cov0" title="0">
-                existing, err := configure.Load(remoteName)
-                if err == nil </span><span class="cov0" title="0">{
-                        accessToken = existing.AccessToken
-                        apiKey = existing.APIKey
-                        keyID = existing.KeyID
-                        apiEndpoint = existing.APIEndpoint
-                }</span> else<span class="cov0" title="0"> {
-                        return fmt.Errorf("must provide either --cred or --token (or have existing profile %s)", remoteName)
-                }</span>
+        candidates := make([]metadataCandidate, 0, len(lfsFiles))
+        for _, file := range lfsFiles </span><span class="cov8" title="9">{
+                obj, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
+                if err != nil || obj == nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("skipping oid %s: local DRS object not found", file.Oid))
+                        continue</span>
+                }
+                <span class="cov8" title="9">candidates = append(candidates, toMetadataCandidate(drsobject.ConvertToCandidate(obj)))</span>
         }
-
-        <span class="cov0" title="0">if apiEndpoint == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("could not determine Gen3 API endpoint")
+        <span class="cov8" title="9">if len(candidates) == 0 </span><span class="cov0" title="0">{
+                logger.Debug("no metadata candidates to stage")
+                return nil
         }</span>
 
-        <span class="cov0" title="0">remoteGen3 := config.RemoteSelect{
-                Gen3: &amp;config.Gen3Remote{
-                        Endpoint:      apiEndpoint,
-                        ProjectID:     project,
-                        Organization:  organization,
-                        Bucket:        resolvedBucket,
-                        StoragePrefix: resolvedStoragePrefix,
-                },
+        <span class="cov8" title="9">reqBody := metadataSubmitRequest{
+                Candidates: candidates,
+                TTLSeconds: int64((20 * time.Minute).Seconds()),
         }
+        payload, err := json.Marshal(reqBody)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to encode pending metadata request: %w", err)
+        }</span>
 
-        remote := config.Remote(remoteName)
-        if _, err := config.UpdateRemote(remote, remoteGen3); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to update remote config: %w", err)
+        <span class="cov8" title="9">httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to create pending metadata request: %w", err)
+        }</span>
+        <span class="cov8" title="9">httpReq.Header.Set("Content-Type", "application/vnd.git-lfs+json")
+        httpReq.Header.Set("Accept", "application/vnd.git-lfs+json")
+        if authHeader, ok := resolveRemoteAuthHeader(string(remote)); ok </span><span class="cov3" title="2">{
+                httpReq.Header.Set("Authorization", authHeader)
         }</span>
-        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
 
-        // Step 3: Ensure credential profile is up-to-date (refreshes token if needed)
-        cred := &amp;conf.Credential{
-                Profile:            remoteName,
-                APIEndpoint:        apiEndpoint,
-                APIKey:             apiKey,
-                KeyID:              keyID,
-                AccessToken:        accessToken, // may be stale
-                UseShepherd:        "false",     // or preserve from existing?
-                MinShepherdVersion: "",
+        <span class="cov8" title="9">client := pendingMetadataClientFactory()
+        resp, err := client.Do(httpReq)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("pending metadata request failed: %w", err)
+        }</span>
+        <span class="cov8" title="9">defer resp.Body.Close()
+
+        if resp.StatusCode &lt; 200 || resp.StatusCode &gt;= 300 </span><span class="cov7" title="6">{
+                body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
+                bodyText := strings.TrimSpace(string(body))
+                // Some deployments do not yet expose /info/lfs/objects/metadata.
+                // Treat this as optional capability and continue with push flow.
+                switch resp.StatusCode </span>{
+                case http.StatusNotFound, http.StatusMethodNotAllowed, http.StatusNotImplemented:<span class="cov4" title="3">
+                        logger.Warn(fmt.Sprintf("metadata staging endpoint unavailable (status=%d); continuing without staged metadata", resp.StatusCode))
+                        return nil</span>
+                }
+                // Some reverse proxies/frontends may return HTML 404/maintenance pages with 5xx.
+                // If this looks like non-API HTML and not a structured LFS error, degrade gracefully.
+                <span class="cov4" title="3">if strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "text/html") </span><span class="cov1" title="1">{
+                        logger.Warn(fmt.Sprintf("metadata staging returned HTML response (status=%d); continuing without staged metadata", resp.StatusCode))
+                        return nil
+                }</span>
+                <span class="cov3" title="2">return fmt.Errorf("pending metadata request failed: status=%d body=%s", resp.StatusCode, bodyText)</span>
         }
+        <span class="cov4" title="3">return nil</span>
+}
 
-        if err := gitauth.EnsureValidCredential(context.Background(), cred, logg); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", err)
+func resolveRemoteAuthHeader(remoteName string) (string, bool) <span class="cov10" title="12">{
+        if token, err := gitrepo.GetRemoteToken(remoteName); err == nil </span><span class="cov10" title="12">{
+                if token = strings.TrimSpace(token); token != "" </span><span class="cov3" title="2">{
+                        return "Bearer " + token, true
+                }</span>
+        }
+        <span class="cov9" title="10">username, password, err := gitrepo.GetRemoteBasicAuth(remoteName)
+        if err != nil || username == "" || password == "" </span><span class="cov8" title="8">{
+                return "", false
         }</span>
+        <span class="cov3" title="2">creds := username + ":" + password
+        return "Basic " + base64.StdEncoding.EncodeToString([]byte(creds)), true</span>
+}
 
-        <span class="cov0" title="0">if err := configure.Save(cred); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
+func parseRemoteArgs(args []string) (string, string) <span class="cov0" title="0">{
+        var gitRemoteName, gitRemoteLocation string
+        if len(args) &gt;= 1 </span><span class="cov0" title="0">{
+                gitRemoteName = args[0]
         }</span>
-        // Configure stock git credential plumbing for lfs + persist the refreshed token locally.
-        <span class="cov0" title="0">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to configure git credential helper: %w", err)
+        <span class="cov0" title="0">if len(args) &gt;= 2 </span><span class="cov0" title="0">{
+                gitRemoteLocation = args[1]
         }</span>
-        <span class="cov0" title="0">if err := gitrepo.SetRemoteLFSURL(remoteName, apiEndpoint); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to set lfs url for remote %s: %w", remoteName, err)
+        <span class="cov0" title="0">if gitRemoteName == "" </span><span class="cov0" title="0">{
+                gitRemoteName = "origin"
         }</span>
-        <span class="cov0" title="0">if strings.TrimSpace(cred.AccessToken) != "" </span><span class="cov0" title="0">{
-                if err := gitrepo.SetRemoteToken(remoteName, strings.TrimSpace(cred.AccessToken)); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to persist repo token for remote %s: %w", remoteName, err)
+        <span class="cov0" title="0">return gitRemoteName, gitRemoteLocation</span>
+}
+
+func openCache(ctx context.Context, logger *slog.Logger) (*precommit_cache.Cache, bool) <span class="cov0" title="0">{
+        cache, err := precommit_cache.Open(ctx)
+        if err != nil </span><span class="cov0" title="0">{
+                logger.Debug(fmt.Sprintf("pre-commit cache unavailable: %v", err))
+                return nil, false
+        }</span>
+        <span class="cov0" title="0">if _, err := os.Stat(cache.Root); err != nil </span><span class="cov0" title="0">{
+                if os.IsNotExist(err) </span><span class="cov0" title="0">{
+                        logger.Debug("pre-commit cache missing; continuing without cache")
+                }</span> else<span class="cov0" title="0"> {
+                        logger.Debug(fmt.Sprintf("pre-commit cache access error: %v", err))
                 }</span>
+                <span class="cov0" title="0">return nil, false</span>
         }
-
-        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Gen3 profile '%s' configured and token refreshed successfully", remoteName))
-        return nil</span>
+        <span class="cov0" title="0">return cache, true</span>
 }
-</pre>
-		
-		<pre class="file" id="file20" style="display: none">package add
-
-import "github.com/spf13/cobra"
 
-var (
-        apiEndpoint   string
-        bucket        string
-        credFile      string
-        fenceToken    string
-        localPassword string
-        localUsername string
-        project       string
-        organization  string
-)
-
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "add",
-        Short: "add server access for git-drs",
+func collectLfsFiles(ctx context.Context, cache *precommit_cache.Cache, cacheReady bool, gitRemoteName, gitRemoteLocation string, branches []string, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov0" title="0">{
+        if cacheReady </span><span class="cov0" title="0">{
+                lfsFiles, ok, err := lfsFilesFromCache(ctx, cache, refs, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("pre-commit cache read failed: %v", err))
+                }</span> else<span class="cov0" title="0"> if ok </span><span class="cov0" title="0">{
+                        return lfsFiles, true, nil
+                }</span>
+                <span class="cov0" title="0">logger.Debug("pre-commit cache incomplete or stale; falling back to LFS discovery")</span>
+        }
+        <span class="cov0" title="0">lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, false, err
+        }</span>
+        <span class="cov0" title="0">return lfsFiles, false, nil</span>
 }
 
-func init() <span class="cov8" title="1">{
-        Gen3Cmd.Flags().StringVar(&amp;apiEndpoint, "url", "", "[gen3] Specify the API endpoint of the data commons")
-        Gen3Cmd.Flags().StringVar(&amp;bucket, "bucket", "", "[gen3] Specify the bucket name")
-        Gen3Cmd.Flags().StringVar(&amp;credFile, "cred", "", "[gen3] Specify the gen3 credential file that you want to use")
-        Gen3Cmd.Flags().StringVar(&amp;fenceToken, "token", "", "[gen3] Specify the token to be used as a replacement for a credential file for temporary access")
-        Gen3Cmd.Flags().StringVar(&amp;project, "project", "", "[gen3] Specify the gen3 project ID in the format &lt;program&gt;-&lt;project&gt;")
-        Gen3Cmd.Flags().StringVar(&amp;organization, "organization", "", "[gen3] Optional organization/program scope (use with --project as project id)")
+const cacheMaxAge = 24 * time.Hour
 
-        Cmd.AddCommand(Gen3Cmd)
-        LocalCmd.Flags().StringVarP(&amp;project, "project", "p", "", "Project ID")
-        LocalCmd.Flags().StringVar(&amp;bucket, "bucket", "", "Bucket Name")
-        LocalCmd.Flags().StringVar(&amp;organization, "organization", "", "Organization Name")
-        LocalCmd.Flags().StringVar(&amp;localUsername, "username", "", "Username for local DRS HTTP basic auth")
-        LocalCmd.Flags().StringVar(&amp;localPassword, "password", "", "Password for local DRS HTTP basic auth")
-        Cmd.AddCommand(LocalCmd)
+var pendingMetadataClientFactory = func() *http.Client <span class="cov0" title="0">{
+        return &amp;http.Client{Timeout: 20 * time.Second}
 }</span>
+
+func normalizeCachedOID(oid string) string <span class="cov4" title="3">{
+        normalized := strings.TrimSpace(oid)
+        if len(normalized) &gt;= len("sha256:") &amp;&amp; strings.EqualFold(normalized[:len("sha256:")], "sha256:") </span><span class="cov1" title="1">{
+                normalized = normalized[len("sha256:"):]
+        }</span>
+        <span class="cov4" title="3">return strings.TrimSpace(normalized)</span>
+}
+
+func lfsFilesFromCache(ctx context.Context, cache *precommit_cache.Cache, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov4" title="3">{
+        if cache == nil </span><span class="cov0" title="0">{
+                return nil, false, nil
+        }</span>
+        <span class="cov4" title="3">paths, err := listPushedPaths(ctx, refs)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, false, err
+        }</span>
+        <span class="cov4" title="3">lfsFiles := make(map[string]lfs.LfsFileInfo, len(paths))
+        for _, path := range paths </span><span class="cov4" title="3">{
+                entry, ok, err := cache.ReadPathEntry(path)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, false, err
+                }</span>
+                <span class="cov4" title="3">if !ok </span><span class="cov0" title="0">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov4" title="3">oid := normalizeCachedOID(entry.LFSOID)
+                if oid == "" </span><span class="cov0" title="0">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov4" title="3">if entry.UpdatedAt == "" || precommit_cache.StaleAfter(entry.UpdatedAt, cacheMaxAge) </span><span class="cov1" title="1">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov3" title="2">stat, err := os.Stat(path)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("cache path stat failed for %s: %v", path, err))
+                        return nil, false, nil
+                }</span>
+                <span class="cov3" title="2">lfsFiles[path] = lfs.LfsFileInfo{
+                        Name:    path,
+                        Size:    stat.Size(),
+                        OidType: "sha256",
+                        Oid:     oid,
+                        Version: "https://git-lfs.github.com/spec/v1",
+                }</span>
+        }
+        <span class="cov3" title="2">return lfsFiles, true, nil</span>
+}
+
+func listPushedPaths(ctx context.Context, refs []pushedRef) ([]string, error) <span class="cov4" title="3">{
+        const zeroSHA = "0000000000000000000000000000000000000000"
+        set := make(map[string]struct{})
+        for _, ref := range refs </span><span class="cov4" title="3">{
+                if ref.LocalSHA == "" || ref.LocalSHA == zeroSHA </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="3">var args []string
+                if ref.RemoteSHA == "" || ref.RemoteSHA == zeroSHA </span><span class="cov1" title="1">{
+                        args = []string{"ls-tree", "-r", "--name-only", ref.LocalSHA}
+                }</span> else<span class="cov3" title="2"> {
+                        args = []string{"diff", "--name-only", ref.RemoteSHA, ref.LocalSHA}
+                }</span>
+                <span class="cov4" title="3">out, err := gitOutput(ctx, args...)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov4" title="3">for _, line := range strings.Split(strings.TrimSpace(out), "\n") </span><span class="cov4" title="3">{
+                        line = strings.TrimSpace(line)
+                        if line == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov4" title="3">set[line] = struct{}{}</span>
+                }
+        }
+        <span class="cov4" title="3">paths := make([]string, 0, len(set))
+        for path := range set </span><span class="cov4" title="3">{
+                paths = append(paths, path)
+        }</span>
+        <span class="cov4" title="3">sort.Strings(paths)
+        return paths, nil</span>
+}
+
+func gitOutput(ctx context.Context, args ...string) (string, error) <span class="cov4" title="3">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Env = os.Environ()
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
+        }</span>
+        <span class="cov4" title="3">return string(out), nil</span>
+}
 </pre>
 		
-		<pre class="file" id="file21" style="display: none">package add
+		<pre class="file" id="file18" style="display: none">package prepush
 
 import (
-        "fmt"
+        "bufio"
+        "io"
+        "sort"
         "strings"
 
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/spf13/cobra"
+        "github.com/calypr/git-drs/internal/drsdelete"
 )
 
-var LocalCmd = &amp;cobra.Command{
-        Use:   "local &lt;remote-name&gt; &lt;url&gt;",
-        Short: "Add a local DRS server",
-        Long:  "Add a local DRS server by specifying its base URL, e.g., http://localhost:8000. Optional --username/--password configures basic auth for git-lfs and helper flows.",
-        Args:  cobra.ExactArgs(2),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                remoteName := args[0]
-                url := args[1]
-
-                if url == "" </span><span class="cov0" title="0">{
-                        return fmt.Errorf("URL cannot be empty")
-                }</span>
+type pushedRef struct {
+        LocalRef  string
+        LocalSHA  string
+        RemoteRef string
+        RemoteSHA string
+}
 
-                <span class="cov0" title="0">remoteSelect := config.RemoteSelect{
-                        Local: &amp;config.LocalRemote{
-                                BaseURL:      url,
-                                ProjectID:    project,
-                                Bucket:       bucket,
-                                Organization: organization,
-                        },
+// readPushedRefs parses git's pre-push stdin format and rewinds the reader
+// before returning so callers can reuse the buffered input.
+func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) <span class="cov9" title="5">{
+        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov9" title="5">scanner := bufio.NewScanner(f)
+        refs := make([]pushedRef, 0)
+        for scanner.Scan() </span><span class="cov10" title="6">{
+                fields := strings.Fields(scanner.Text())
+                if len(fields) &lt; 4 </span><span class="cov1" title="1">{
+                        continue</span>
                 }
+                <span class="cov9" title="5">refs = append(refs, pushedRef{
+                        LocalRef:  fields[0],
+                        LocalSHA:  fields[1],
+                        RemoteRef: fields[2],
+                        RemoteSHA: fields[3],
+                })</span>
+        }
+        <span class="cov9" title="5">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov9" title="5">if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov9" title="5">return refs, nil</span>
+}
 
-                newConfig, err := config.UpdateRemote(config.Remote(remoteName), remoteSelect)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">if err := gitrepo.SetRemoteLFSURL(remoteName, url); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to configure lfs url for remote %q: %w", remoteName, err)
-                }</span>
-                <span class="cov0" title="0">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to configure git credential helper: %w", err)
-                }</span>
-                <span class="cov0" title="0">if strings.TrimSpace(localUsername) != "" || strings.TrimSpace(localPassword) != "" </span><span class="cov0" title="0">{
-                        if strings.TrimSpace(localUsername) == "" || strings.TrimSpace(localPassword) == "" </span><span class="cov0" title="0">{
-                                return fmt.Errorf("both --username and --password are required when configuring local basic auth")
-                        }</span>
-                        <span class="cov0" title="0">if err := gitrepo.SetRemoteBasicAuth(remoteName, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword)); err != nil </span><span class="cov0" title="0">{
-                                return fmt.Errorf("failed to configure local basic auth for remote %q: %w", remoteName, err)
+func branchesFromRefs(refs []pushedRef) []string <span class="cov9" title="5">{
+        const prefix = "refs/heads/"
+        set := make(map[string]struct{})
+        for _, ref := range refs </span><span class="cov9" title="5">{
+                if strings.HasPrefix(ref.LocalRef, prefix) </span><span class="cov7" title="4">{
+                        branch := strings.TrimPrefix(ref.LocalRef, prefix)
+                        if branch != "" </span><span class="cov7" title="4">{
+                                set[branch] = struct{}{}
                         }</span>
                 }
+        }
+        <span class="cov9" title="5">branches := make([]string, 0, len(set))
+        for branch := range set </span><span class="cov7" title="4">{
+                branches = append(branches, branch)
+        }</span>
+        <span class="cov9" title="5">sort.Strings(branches)
+        return branches</span>
+}
 
-                <span class="cov0" title="0">fmt.Printf("Added remote '%s'. Config: %v\n", remoteName, newConfig.GetRemote(config.Remote(remoteName)))
-                return nil</span>
-        },
+func drsDeleteRefs(refs []pushedRef) []drsdelete.RefUpdate <span class="cov0" title="0">{
+        out := make([]drsdelete.RefUpdate, 0, len(refs))
+        for _, ref := range refs </span><span class="cov0" title="0">{
+                out = append(out, drsdelete.RefUpdate{
+                        OldSHA: strings.TrimSpace(ref.RemoteSHA),
+                        NewSHA: strings.TrimSpace(ref.LocalSHA),
+                })
+        }</span>
+        <span class="cov0" title="0">return out</span>
 }
 </pre>
 		
-		<pre class="file" id="file22" style="display: none">package remote
+		<pre class="file" id="file19" style="display: none">package pull
 
 import (
+        "context"
         "fmt"
+        "io"
+        "log/slog"
+        "net/url"
+        "os"
+        "path/filepath"
+        "sort"
+        "strings"
 
+        "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/pathspec"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        sycommon "github.com/calypr/syfon/client/common"
         "github.com/spf13/cobra"
 )
 
-var ListCmd = &amp;cobra.Command{
-        Use:   "list",
-        Short: "List DRS repos",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="2">{
-                if len(args) != 0 </span><span class="cov1" title="1">{
+var includePatterns []string
+var dryRun bool
+
+var (
+        loadCfg         = config.LoadConfig
+        resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) <span class="cov0" title="0">{ return cfg.GetRemoteOrDefault(name) }</span>
+        newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) <span class="cov0" title="0">{
+                return cfg.GetRemoteClient(remote, logger)
+        }</span>
+        loadWorktreeInventory = lfs.GetWorktreeLfsFiles
+)
+
+var Cmd = &amp;cobra.Command{
+        Use:   "pull [remote-name]",
+        Short: "Download DRS pointer file content into the current checkout",
+        Long:  "Hydrate DRS/Git-LFS pointer files in the current checkout. By default this mirrors git lfs pull semantics for the worktree rather than running git pull.",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) &gt; 1 </span><span class="cov0" title="0">{
                         cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs remote list --help' for more details", len(args), cmd.UseLine())
+                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs pull --help' for more details", len(args), cmd.UseLine())
                 }</span>
-                <span class="cov1" title="1">return nil</span>
+                <span class="cov0" title="0">return nil</span>
         },
         RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
                 logg := drslog.GetLogger()
-                cfg, err := config.LoadConfig()
+
+                cfg, err := loadCfg()
                 if err != nil </span><span class="cov0" title="0">{
-                        logg.Debug(fmt.Sprintf("Error loading config: %s", err))
-                        return err
+                        return fmt.Errorf("error loading config: %v", err)
                 }</span>
 
-                <span class="cov1" title="1">for name, remoteSelect := range cfg.Remotes </span><span class="cov1" title="1">{
-                        // Determine if this is the default
-                        isDefault := name == cfg.DefaultRemote
-                        marker := " "
-                        if isDefault </span><span class="cov1" title="1">{
-                                marker = "*"
+                <span class="cov1" title="1">var remote config.Remote
+                if len(args) &gt; 0 </span><span class="cov0" title="0">{
+                        remote = config.Remote(args[0])
+                }</span> else<span class="cov1" title="1"> {
+                        remote, err = resolveRemote(cfg, "")
+                        if err != nil </span><span class="cov0" title="0">{
+                                logg.Error(fmt.Sprintf("Error getting remote: %v", err))
+                                return err
                         }</span>
+                }
 
-                        // Determine remote type and endpoint
-                        <span class="cov1" title="1">var remoteType string
-                        var remote config.DRSRemote
-                        if remoteSelect.Gen3 != nil </span><span class="cov1" title="1">{
-                                remoteType = string(config.Gen3ServerType)
-                                remote = remoteSelect.Gen3
-                        }</span> else<span class="cov0" title="0"> if remoteSelect.Local != nil </span><span class="cov0" title="0">{
-                                remoteType = string(config.LocalServerType)
-                                remote = remoteSelect.Local
-                        }</span> else<span class="cov0" title="0"> {
-                                remoteType = "unknown"
-                        }</span>
+                <span class="cov1" title="1">drsCtx, err := newRemoteClient(cfg, remote, logg)
+                if err != nil </span><span class="cov0" title="0">{
+                        logg.Error(fmt.Sprintf("error creating DRS client: %s", err))
+                        return err
+                }</span>
 
-                        <span class="cov1" title="1">endpoint := "N/A"
-                        if remote != nil </span><span class="cov1" title="1">{
-                                endpoint = remote.GetEndpoint()
-                        }</span>
+                <span class="cov1" title="1">inventory, err := loadWorktreeInventory(logg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to discover pointer files in worktree: %w", err)
+                }</span>
+                <span class="cov1" title="1">pointers := collectPointerFiles(inventory, includePatterns)
+                if len(pointers) == 0 </span><span class="cov0" title="0">{
+                        logg.Debug("no matching pointer files to hydrate")
+                        return nil
+                }</span>
 
-                        <span class="cov1" title="1">fmt.Printf("%s %-10s %-8s %s\n", marker, name, remoteType, endpoint)</span>
+                <span class="cov1" title="1">progress := newPullProgressRenderer(os.Stderr)
+                progress.OnPlan(pointers)
+                defer progress.Finish()
+
+                if dryRun </span><span class="cov1" title="1">{
+                        for _, f := range pointers </span><span class="cov1" title="1">{
+                                if _, err := fmt.Fprintln(cmd.OutOrStdout(), f.Name); err != nil </span><span class="cov0" title="0">{
+                                        return err
+                                }</span>
+                        }
+                        <span class="cov1" title="1">return nil</span>
                 }
-                <span class="cov1" title="1">return nil</span>
-        },
-}
-</pre>
-		
-		<pre class="file" id="file23" style="display: none">package remote
 
-import (
-        "github.com/calypr/git-drs/cmd/remote/add"
-        "github.com/spf13/cobra"
-)
+                <span class="cov0" title="0">ctx := context.Background()
+                missingOIDs := make([]string, 0, len(pointers))
+                seenMissing := make(map[string]struct{}, len(pointers))
+                for _, f := range pointers </span><span class="cov0" title="0">{
+                        cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
+                        }</span>
+                        <span class="cov0" title="0">if _, err := os.Stat(cachePath); err == nil </span><span class="cov0" title="0">{
+                                continue</span>
+                        } else<span class="cov0" title="0"> if !os.IsNotExist(err) </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed to stat cached object for %s: %w", f.Oid, err)
+                        }</span>
+                        <span class="cov0" title="0">if _, seen := seenMissing[f.Oid]; seen </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov0" title="0">seenMissing[f.Oid] = struct{}{}
+                        missingOIDs = append(missingOIDs, f.Oid)</span>
+                }
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "remote",
-        Short: "Manage remote DRS server configs",
+                <span class="cov0" title="0">if len(missingOIDs) &gt; 0 </span><span class="cov0" title="0">{
+                        prefetched := make(map[string]drsapi.DrsObject, len(missingOIDs))
+                        for _, oid := range missingOIDs </span><span class="cov0" title="0">{
+                                recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+                                if err != nil || len(recs) == 0 </span><span class="cov0" title="0">{
+                                        continue</span>
+                                }
+                                <span class="cov0" title="0">prefetched[oid] = recs[0]</span>
+                        }
+                        <span class="cov0" title="0">if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
+                                logg.Debug(fmt.Sprintf("prefetched %d objects for pull", len(prefetched)))
+                        }</span> else<span class="cov0" title="0"> {
+                                logg.Debug("bulk prefetch found no scoped objects; continuing per-object")
+                        }</span>
+
+                        <span class="cov0" title="0">prefetchedAccess := make(map[string]drsapi.AccessURL, len(prefetched))
+                        if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
+                                objects := make([]drsapi.DrsObject, 0, len(prefetched))
+                                for _, obj := range prefetched </span><span class="cov0" title="0">{
+                                        objects = append(objects, obj)
+                                }</span>
+                                <span class="cov0" title="0">if resolved, err := drsremote.BulkAccessURLsForObjects(ctx, drsCtx, objects); err == nil </span><span class="cov0" title="0">{
+                                        prefetchedAccess = resolved
+                                        logg.Debug(fmt.Sprintf("bulk access resolved %d URLs for pull", len(prefetchedAccess)))
+                                }</span> else<span class="cov0" title="0"> {
+                                        logg.Debug(fmt.Sprintf("bulk access prefetch failed; continuing per-object: %v", err))
+                                }</span>
+                        }
+                        <span class="cov0" title="0">for _, f := range pointers </span><span class="cov0" title="0">{
+                                dstPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+                                if err != nil </span><span class="cov0" title="0">{
+                                        return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
+                                }</span>
+                                <span class="cov0" title="0">if _, err := os.Stat(dstPath); err == nil </span><span class="cov0" title="0">{
+                                        continue</span>
+                                } else<span class="cov0" title="0"> if !os.IsNotExist(err) </span><span class="cov0" title="0">{
+                                        return fmt.Errorf("failed to stat cache path %s: %w", dstPath, err)
+                                }</span>
+                                <span class="cov0" title="0">progress.OnDownloadStart(f)
+                                downloadCtx := progressContextForPointer(ctx, progress, f)
+                                if obj, ok := prefetched[f.Oid]; ok </span><span class="cov0" title="0">{
+                                        if accessURL, ok := prefetchedAccess[obj.Id]; ok </span><span class="cov0" title="0">{
+                                                objCopy := obj
+                                                if err := drsremote.DownloadResolvedToCachePath(downloadCtx, drsCtx, f.Oid, dstPath, &amp;objCopy, &amp;accessURL); err != nil </span><span class="cov0" title="0">{
+                                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
+                                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
+                                                }</span>
+                                                <span class="cov0" title="0">continue</span>
+                                        }
+                                }
+                                <span class="cov0" title="0">if err := drsremote.DownloadToCachePath(downloadCtx, drsCtx, logg, f.Oid, dstPath); err != nil </span><span class="cov0" title="0">{
+                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
+                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
+                                }</span>
+                        }
+                } else<span class="cov0" title="0"> {
+                        logg.Debug("no missing pointer objects to download")
+                }</span>
+
+                <span class="cov0" title="0">if err := checkoutDownloadedFiles(pointers, progress); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+
+                <span class="cov0" title="0">return nil</span>
+        },
 }
 
-func init() <span class="cov8" title="1">{
-        Cmd.AddCommand(add.Cmd)
-        Cmd.AddCommand(ListCmd)
-        Cmd.AddCommand(SetCmd)
-}</span>
-</pre>
-		
-		<pre class="file" id="file24" style="display: none">package remote
+type pointerFile struct {
+        Name string
+        Oid  string
+        Size int64
+}
 
-import (
-        "fmt"
+func collectPointerFiles(inventory map[string]lfs.LfsFileInfo, patterns []string) []pointerFile <span class="cov4" title="2">{
+        keys := make([]string, 0, len(inventory))
+        for path := range inventory </span><span class="cov10" title="5">{
+                if !pathspec.MatchesAny(path, patterns) </span><span class="cov4" title="2">{
+                        continue</span>
+                }
+                <span class="cov7" title="3">keys = append(keys, path)</span>
+        }
+        <span class="cov4" title="2">sort.Strings(keys)
 
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/spf13/cobra"
-)
+        files := make([]pointerFile, 0, len(keys))
+        for _, path := range keys </span><span class="cov7" title="3">{
+                info := inventory[path]
+                files = append(files, pointerFile{Name: path, Oid: info.Oid, Size: info.Size})
+        }</span>
+        <span class="cov4" title="2">return files</span>
+}
 
-var SetCmd = &amp;cobra.Command{
-        Use:   "set &lt;remote-name&gt;",
-        Short: "Set the default DRS remote",
-        Long:  "Set which DRS remote to use by default for all operations",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) != 1 </span><span class="cov6" title="2">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote set --help' for more details", len(args), cmd.UseLine())
+func progressContextForPointer(ctx context.Context, progress *pullProgressRenderer, file pointerFile) context.Context <span class="cov0" title="0">{
+        ctx = sycommon.WithOid(ctx, file.Name)
+        return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error </span><span class="cov0" title="0">{
+                if ev.Event != "progress" </span><span class="cov0" title="0">{
+                        return nil
                 }</span>
-                <span class="cov1" title="1">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                remoteName := args[0]
-                logger := drslog.GetLogger()
+                <span class="cov0" title="0">progress.OnDownloadProgress(file.Name, ev.BytesSoFar, file.Size)
+                return nil</span>
+        })
+}
 
-                cfg, err := config.LoadConfig()
+func checkoutDownloadedFiles(files []pointerFile, progress *pullProgressRenderer) error <span class="cov0" title="0">{
+        for _, f := range files </span><span class="cov0" title="0">{
+                if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">srcPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
                 if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to load config: %w", err)
+                        return fmt.Errorf("failed to resolve cached object for %s: %w", f.Oid, err)
                 }</span>
-
-                // validate remote exists
-                <span class="cov0" title="0">remote := config.Remote(remoteName)
-                if _, ok := cfg.Remotes[remote]; !ok </span><span class="cov0" title="0">{
-                        availableRemotes := make([]string, 0, len(cfg.Remotes))
-                        for name := range cfg.Remotes </span><span class="cov0" title="0">{
-                                availableRemotes = append(availableRemotes, string(name))
+                <span class="cov0" title="0">src, err := os.Open(srcPath)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to read cached object %s: %w", srcPath, err)
+                }</span>
+                <span class="cov0" title="0">progress.OnCheckoutStart(f)
+                if dir := filepath.Dir(f.Name); dir != "." </span><span class="cov0" title="0">{
+                        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                                src.Close()
+                                return fmt.Errorf("failed to create directory for %s: %w", f.Name, err)
                         }</span>
-                        <span class="cov0" title="0">return fmt.Errorf(
-                                "remote '%s' not found.\nAvailable remotes: %v",
-                                remoteName,
-                                availableRemotes,
-                        )</span>
                 }
+                <span class="cov0" title="0">dst, err := os.OpenFile(f.Name, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
+                if err != nil </span><span class="cov0" title="0">{
+                        src.Close()
+                        return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
+                }</span>
+                <span class="cov0" title="0">if _, err := io.Copy(dst, src); err != nil </span><span class="cov0" title="0">{
+                        dst.Close()
+                        src.Close()
+                        return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
+                }</span>
+                <span class="cov0" title="0">if err := dst.Close(); err != nil </span><span class="cov0" title="0">{
+                        src.Close()
+                        return fmt.Errorf("failed to finalize checkout for %s: %w", f.Name, err)
+                }</span>
+                <span class="cov0" title="0">if err := src.Close(); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to close cached object %s: %w", srcPath, err)
+                }</span>
+                <span class="cov0" title="0">progress.OnCompleted(f)</span>
+        }
+        <span class="cov0" title="0">return nil</span>
+}
 
-                // save new default
-                <span class="cov0" title="0">cfg.DefaultRemote = remote
+func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContext, oid string) string <span class="cov0" title="0">{
+        recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Sprintf("oid=%s query_error=%v", oid, err)
+        }</span>
+        <span class="cov0" title="0">if len(recs) == 0 </span><span class="cov0" title="0">{
+                return fmt.Sprintf("oid=%s records=0", oid)
+        }</span>
 
-                if err := config.SaveConfig(cfg); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to save config: %w", err)
-                }</span>
+        <span class="cov0" title="0">match := &amp;recs[0]
 
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Default remote set to: %s", remoteName))
-                return nil</span>
-        },
+        methods := make([]string, 0)
+        if match.AccessMethods != nil </span><span class="cov0" title="0">{
+                methods = make([]string, 0, len(*match.AccessMethods))
+                for _, am := range *match.AccessMethods </span><span class="cov0" title="0">{
+                        scheme := ""
+                        rawURL := ""
+                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
+                                rawURL = strings.TrimSpace(am.AccessUrl.Url)
+                        }</span>
+                        <span class="cov0" title="0">if rawURL != "" </span><span class="cov0" title="0">{
+                                if parsed, parseErr := url.Parse(rawURL); parseErr == nil </span><span class="cov0" title="0">{
+                                        scheme = parsed.Scheme
+                                }</span>
+                        }
+                        <span class="cov0" title="0">accessID := ""
+                        if am.AccessId != nil </span><span class="cov0" title="0">{
+                                accessID = strings.TrimSpace(*am.AccessId)
+                        }</span>
+                        <span class="cov0" title="0">methods = append(methods, fmt.Sprintf("{type=%s access_id=%s url_scheme=%s url=%s}", am.Type, accessID, scheme, rawURL))</span>
+                }
+        }
+        <span class="cov0" title="0">return fmt.Sprintf("oid=%s did=%s size=%d access_methods=%s", oid, strings.TrimSpace(match.Id), match.Size, strings.Join(methods, ", "))</span>
 }
+
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().StringArrayVarP(&amp;includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+        Cmd.Flags().BoolVar(&amp;dryRun, "dry-run", false, "list matching pointer files without downloading them")
+}</span>
 </pre>
 		
-		<pre class="file" id="file25" style="display: none">package smudge
+		<pre class="file" id="file20" style="display: none">package pull
 
 import (
-        "context"
-        "errors"
         "fmt"
-        "os"
+        "io"
 
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/spf13/cobra"
+        "github.com/calypr/git-drs/internal/progressui"
 )
 
-// Cmd implements `git drs smudge`, which mirrors `git lfs smudge` behavior.
-var Cmd = &amp;cobra.Command{
-        Use:   "smudge -- &lt;path&gt;",
-        Short: "Smudge a file by converting an LFS pointer to file content (invoked by git)",
-        Long: `git drs smudge reads potential LFS pointer content from stdin. If the input
-is a valid LFS pointer, it restores file content from the local LFS object cache
-or downloads it from the configured DRS remote. If no DRS remote is configured,
-the pointer is passed through unchanged. If the input is not an LFS pointer,
-content is passed through unchanged.
+const pullNonTTYProgressInterval = progressui.NonTTYProgressInterval
 
-This command mirrors 'git lfs smudge' and is intended to be configured as the
-git smudge filter:
+type pullProgressPhase string
 
-  git config filter.drs.smudge 'git-drs smudge -- %f'`,
-        Hidden: true,
-        Args:   cobra.ExactArgs(1),
-        RunE:   runSmudge,
+const (
+        pullProgressPending     pullProgressPhase = "pending"
+        pullProgressDownloading pullProgressPhase = "downloading"
+        pullProgressCheckingOut pullProgressPhase = "checking_out"
+        pullProgressCompleted   pullProgressPhase = "completed"
+)
+
+type pullFileProgress struct {
+        path    string
+        total   int64
+        current int64
+        phase   pullProgressPhase
 }
 
-func runSmudge(cmd *cobra.Command, args []string) error <span class="cov8" title="1">{
-        ctx := cmd.Context()
-        if ctx == nil </span><span class="cov8" title="1">{
-                ctx = context.Background()
-        }</span>
+type pullProgressRenderer struct {
+        base      *progressui.Renderer
+        planned   bool
+        files     map[string]*pullFileProgress
+        fileOrder []string
+}
 
-        <span class="cov8" title="1">pathname := args[0]
-        logger := drslog.GetLogger()
-        logger.Debug("smudge: starting", "pathname", pathname)
+func newPullProgressRenderer(out io.Writer) *pullProgressRenderer <span class="cov5" title="4">{
+        return &amp;pullProgressRenderer{
+                base:  progressui.NewRenderer(out),
+                files: make(map[string]*pullFileProgress),
+        }
+}</span>
 
-        cfg, err := config.LoadConfig()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: load config: %w", err)
-        }</span>
+func isPullWriterTTY(w io.Writer) bool <span class="cov0" title="0">{
+        return progressui.IsWriterTTY(w)
+}</span>
 
-        <span class="cov8" title="1">remote, err := cfg.GetDefaultRemote()
-        if err != nil </span><span class="cov8" title="1">{
-                if errors.Is(err, config.ErrNoDefaultRemote) </span><span class="cov8" title="1">{
-                        logger.Debug("smudge: no default remote configured; passing through pointer", "pathname", pathname)
-                        return lfs.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, nil)
-                }</span>
-                <span class="cov0" title="0">return fmt.Errorf("smudge: get default remote: %w", err)</span>
+func (r *pullProgressRenderer) render(force bool) <span class="cov8" title="14">{
+        lines := make([]string, 0, len(r.fileOrder))
+        for _, id := range r.fileOrder </span><span class="cov9" title="20">{
+                item := r.files[id]
+                if item == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov9" title="20">lines = append(lines, r.renderLine(item))</span>
         }
+        <span class="cov8" title="14">r.base.Render(force, lines)</span>
+}
 
-        <span class="cov0" title="0">drsCtx, err := cfg.GetRemoteClient(remote, logger)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: create DRS client: %w", err)
+func (r *pullProgressRenderer) OnPlan(files []pointerFile) <span class="cov5" title="4">{
+        r.planned = len(files) &gt; 0
+        r.files = make(map[string]*pullFileProgress, len(files))
+        r.fileOrder = r.fileOrder[:0]
+        for _, file := range files </span><span class="cov5" title="5">{
+                r.files[file.Name] = &amp;pullFileProgress{
+                        path:  file.Name,
+                        total: file.Size,
+                        phase: pullProgressPending,
+                }
+                r.fileOrder = append(r.fileOrder, file.Name)
+        }</span>
+        <span class="cov5" title="4">if r.planned </span><span class="cov5" title="4">{
+                r.render(true)
         }</span>
-
-        <span class="cov0" title="0">return lfs.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, func(callCtx context.Context, oid, cachePath string) error </span><span class="cov0" title="0">{
-                return lfs.DownloadToCachePath(callCtx, drsCtx, logger, oid, cachePath)
-        }</span>)
 }
 
-func init() {<span class="cov8" title="1">}</span>
-</pre>
-		
-		<pre class="file" id="file26" style="display: none">package track
-
-import (
-        "context"
-        "fmt"
-
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/spf13/cobra"
-)
-
-var (
-        gitLFSTrackPatterns = lfs.GitLFSTrackPatterns
-        gitLFSListPatterns  = lfs.GitLFSListTrackedPatterns
-)
-
-var Cmd = NewCommand()
-
-func NewCommand() *cobra.Command <span class="cov10" title="3">{
-        cmd := &amp;cobra.Command{
-                Use:   "track [pattern ...]",
-                Short: "Track files with Git LFS",
-                Long:  "Manage Git LFS tracking patterns. With no patterns, this lists tracked patterns.",
-                Args:  cobra.ArbitraryArgs,
-                RunE:  runTrack,
-        }
-
-        cmd.Flags().Bool("verbose", false, "show detailed output")
-        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
+func (r *pullProgressRenderer) OnDownloadStart(file pointerFile) <span class="cov4" title="3">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item, ok := r.files[file.Name]
+        if !ok </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item.path = file.Name
+        if file.Size &gt; 0 </span><span class="cov4" title="3">{
+                item.total = file.Size
+        }</span>
+        <span class="cov4" title="3">item.phase = pullProgressDownloading
+        r.render(false)</span>
+}
 
-        return cmd
-}</span>
+func (r *pullProgressRenderer) OnDownloadProgress(id string, bytesSoFar int64, total int64) <span class="cov4" title="3">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item, ok := r.files[id]
+        if !ok </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">if total &gt; 0 </span><span class="cov4" title="3">{
+                item.total = total
+        }</span>
+        <span class="cov4" title="3">if bytesSoFar &gt; item.current </span><span class="cov4" title="3">{
+                item.current = bytesSoFar
+        }</span>
+        <span class="cov4" title="3">item.phase = pullProgressDownloading
+        r.render(false)</span>
+}
 
-func runTrack(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-        verbose, err := cmd.Flags().GetBool("verbose")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag verbose: %w", err)
+func (r *pullProgressRenderer) OnCheckoutStart(file pointerFile) <span class="cov1" title="1">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov6" title="2">dryRun, err := cmd.Flags().GetBool("dry-run")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag dry-run: %w", err)
+        <span class="cov1" title="1">item, ok := r.files[file.Name]
+        if !ok </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov1" title="1">item.phase = pullProgressCheckingOut
+        if item.total == 0 &amp;&amp; file.Size &gt; 0 </span><span class="cov0" title="0">{
+                item.total = file.Size
         }</span>
+        <span class="cov1" title="1">r.render(false)</span>
+}
 
-        <span class="cov6" title="2">ctx := cmd.Context()
-        if ctx == nil </span><span class="cov0" title="0">{
-                ctx = context.Background()
+func (r *pullProgressRenderer) OnCompleted(file pointerFile) <span class="cov4" title="3">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item, ok := r.files[file.Name]
+        if !ok </span><span class="cov0" title="0">{
+                return
         }</span>
+        <span class="cov4" title="3">if item.total == 0 &amp;&amp; file.Size &gt; 0 </span><span class="cov0" title="0">{
+                item.total = file.Size
+        }</span>
+        <span class="cov4" title="3">if item.total &gt; 0 </span><span class="cov4" title="3">{
+                item.current = item.total
+        }</span>
+        <span class="cov4" title="3">item.phase = pullProgressCompleted
+        r.render(false)</span>
+}
 
-        <span class="cov6" title="2">var out string
-        if len(args) == 0 </span><span class="cov1" title="1">{
-                out, err = gitLFSListPatterns(ctx, verbose)
-        }</span> else<span class="cov1" title="1"> {
-                out, err = gitLFSTrackPatterns(ctx, args, verbose, dryRun)
+func (r *pullProgressRenderer) Finish() <span class="cov1" title="1">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov6" title="2">if err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">lines := make([]string, 0, len(r.fileOrder))
+        for _, id := range r.fileOrder </span><span class="cov1" title="1">{
+                item := r.files[id]
+                if item == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">lines = append(lines, r.renderLine(item))</span>
+        }
+        <span class="cov1" title="1">r.base.Finish(lines)
+        r.planned = false</span>
+}
+
+func (r *pullProgressRenderer) renderLine(file *pullFileProgress) string <span class="cov10" title="21">{
+        label := "preparing pull"
+        if file != nil &amp;&amp; file.path != "" </span><span class="cov10" title="21">{
+                label = progressui.TrimLabel(file.path, 48)
         }</span>
 
-        <span class="cov6" title="2">if out != "" </span><span class="cov6" title="2">{
-                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+        <span class="cov10" title="21">prefix := ""
+        if file != nil </span><span class="cov10" title="21">{
+                switch file.phase </span>{
+                case pullProgressDownloading, pullProgressCheckingOut:<span class="cov6" title="7">
+                        if !(file.total &gt; 0 &amp;&amp; file.current &gt;= file.total) </span><span class="cov6" title="6">{
+                                prefix = r.base.Spinner() + " "
+                        }</span>
+                }
+        }
+
+        <span class="cov10" title="21">current := int64(0)
+        total := int64(0)
+        if file != nil </span><span class="cov10" title="21">{
+                current = file.current
+                total = file.total
         }</span>
-        <span class="cov6" title="2">return nil</span>
+        <span class="cov10" title="21">bar := progressui.RenderProgressBar(current, total, 24)
+        pct := progressui.RenderPercent(current, total)
+        bytesLabel := progressui.RenderByteProgress(current, total, current &gt;= total)
+
+        return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)</span>
 }
 </pre>
 		
-		<pre class="file" id="file27" style="display: none">package untrack
+		<pre class="file" id="file21" style="display: none">package push
 
 import (
         "context"
         "fmt"
+        "os"
+        "os/exec"
+        "strings"
 
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsdelete"
+        "github.com/calypr/git-drs/internal/drslog"
         "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/pushsync"
         "github.com/spf13/cobra"
 )
 
-var gitLFSUntrackPatterns = lfs.GitLFSUntrackPatterns
+var pushWithHooks bool
+var pushForceUpload bool
 
-var Cmd = NewCommand()
+var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
+        cmd := exec.Command(name, args...)
+        return cmd.CombinedOutput()
+}</span>
 
-func NewCommand() *cobra.Command <span class="cov10" title="3">{
-        cmd := &amp;cobra.Command{
-                Use:   "untrack &lt;pattern&gt; [pattern ...]",
-                Short: "Stop tracking files with Git LFS",
-                Long:  "Remove one or more Git LFS tracking patterns.",
-                Args:  cobra.MinimumNArgs(1),
-                RunE:  runUntrack,
-        }
+var gitOutputFn = gitOutput
 
-        cmd.Flags().Bool("verbose", false, "show detailed output")
-        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
+var Cmd = &amp;cobra.Command{
+        Use:   "push [remote-name]",
+        Short: "Upload/register DRS objects and push Git refs",
+        Long:  "Performs git-drs managed upload/register flow (multipart for large files) and then runs git push (without pre-push hooks by default).",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
+                if len(args) &gt; 1 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs push --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov6" title="2">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+                myLogger := drslog.GetLogger()
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        myLogger.Debug(fmt.Sprintf("Error loading config: %v", err))
+                        return err
+                }</span>
 
-        return cmd
+                <span class="cov6" title="2">var remote config.Remote
+                if len(args) &gt; 0 </span><span class="cov0" title="0">{
+                        remote = config.Remote(args[0])
+                }</span> else<span class="cov6" title="2"> {
+                        remote, err = cfg.GetDefaultRemote()
+                        if err != nil </span><span class="cov6" title="2">{
+                                myLogger.Debug(fmt.Sprintf("Error getting default remote: %v", err))
+                                return err
+                        }</span>
+                }
+
+                <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remote, myLogger)
+                if err != nil </span><span class="cov0" title="0">{
+                        myLogger.Debug(fmt.Sprintf("Error creating DRS client: %s", err))
+                        return err
+                }</span>
+                <span class="cov0" title="0">drsClient.ForceUpload = pushForceUpload
+                lfsFiles, err := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, myLogger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to discover LFS files to push: %w", err)
+                }</span>
+
+                <span class="cov0" title="0">ctx := context.Background()
+                deleteRefs, err := currentDeleteRefUpdates(ctx)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to resolve delete reconciliation base: %w", err)
+                }</span>
+                <span class="cov0" title="0">if _, err := drsdelete.ReconcileCommittedDeletes(ctx, drsClient, deleteRefs, myLogger); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to reconcile deletes: %w", err)
+                }</span>
+                <span class="cov0" title="0">progress := newUploadProgressRenderer(os.Stderr)
+                if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles, progress); err != nil </span><span class="cov0" title="0">{
+                        progress.Finish()
+                        return fmt.Errorf("failed batch register/upload workflow: %w", err)
+                }</span>
+                <span class="cov0" title="0">progress.Finish()
+                switch </span>{
+                case len(lfsFiles) == 0:<span class="cov0" title="0">
+                        fmt.Fprintln(os.Stdout, "No git-drs tracked files found; pushing Git refs only.")</span>
+                case !progress.HadUploads():<span class="cov0" title="0">
+                        fmt.Fprintln(os.Stdout, "No DRS payload uploads needed; all tracked objects are already available remotely.")</span>
+                }
+
+                <span class="cov0" title="0">pushArgs := []string{"push"}
+                if !pushWithHooks </span><span class="cov0" title="0">{
+                        pushArgs = append(pushArgs, "--no-verify")
+                }</span>
+                <span class="cov0" title="0">pushArgs = append(pushArgs, string(remote))
+                out, err := runCommand("git", pushArgs...)
+                if err != nil </span><span class="cov0" title="0">{
+                        msg := strings.TrimSpace(string(out))
+                        if msg == "" </span><span class="cov0" title="0">{
+                                msg = err.Error()
+                        }</span>
+                        <span class="cov0" title="0">return fmt.Errorf("git push failed for remote %q: %s", remote, msg)</span>
+                }
+                <span class="cov0" title="0">return nil</span>
+        },
+}
+
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().BoolVar(&amp;pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
+        Cmd.Flags().BoolVar(&amp;pushForceUpload, "force-upload", false, "Upload payload bytes even when a matching downloadable object already exists remotely")
 }</span>
 
-func runUntrack(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
-        verbose, err := cmd.Flags().GetBool("verbose")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag verbose: %w", err)
-        }</span>
-        <span class="cov1" title="1">dryRun, err := cmd.Flags().GetBool("dry-run")
+func currentDeleteRefUpdates(ctx context.Context) ([]drsdelete.RefUpdate, error) <span class="cov6" title="2">{
+        head, err := gitOutputFn(ctx, "rev-parse", "HEAD")
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag dry-run: %w", err)
+                return nil, err
         }</span>
-
-        <span class="cov1" title="1">ctx := cmd.Context()
-        if ctx == nil </span><span class="cov0" title="0">{
-                ctx = context.Background()
+        <span class="cov6" title="2">upstream, err := gitOutputFn(ctx, "rev-parse", "--verify", "@{upstream}")
+        if err != nil </span><span class="cov1" title="1">{
+                return nil, nil
         }</span>
+        <span class="cov1" title="1">return []drsdelete.RefUpdate{{
+                OldSHA: upstream,
+                NewSHA: head,
+        }}, nil</span>
+}
 
-        <span class="cov1" title="1">out, err := gitLFSUntrackPatterns(ctx, args, verbose, dryRun)
+func gitOutput(ctx context.Context, args ...string) (string, error) <span class="cov0" title="0">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        out, err := cmd.CombinedOutput()
         if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-
-        <span class="cov1" title="1">if out != "" </span><span class="cov1" title="1">{
-                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+                return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
         }</span>
-        <span class="cov1" title="1">return nil</span>
+        <span class="cov0" title="0">return strings.TrimSpace(string(out)), nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file28" style="display: none">package version
+		<pre class="file" id="file22" style="display: none">package push
 
 import (
         "fmt"
-        "runtime/debug"
+        "io"
 
-        "github.com/spf13/cobra"
+        "github.com/calypr/git-drs/internal/progressui"
+        "github.com/calypr/git-drs/internal/pushsync"
 )
 
-// Cmd represents the "version" command
-var Cmd = &amp;cobra.Command{
-        Use:   "version",
-        Short: "Get version",
-        Long:  ``,
-        Run: func(cmd *cobra.Command, args []string) <span class="cov4" title="5">{
-                fmt.Println("git-drs", buildVersion())
-        }</span>,
+type uploadFileProgress struct {
+        path      string
+        total     int64
+        current   int64
+        started   bool
+        completed bool
 }
 
-func buildVersion() string <span class="cov5" title="6">{
-        tag := ""
-        commit := ""
-        if info, ok := debug.ReadBuildInfo(); ok </span><span class="cov5" title="6">{
-                if info.Main.Version != "" &amp;&amp; info.Main.Version != "(devel)" </span><span class="cov0" title="0">{
-                        tag = info.Main.Version
-                }</span>
-                <span class="cov5" title="6">for _, setting := range info.Settings </span><span class="cov10" title="42">{
-                        switch setting.Key </span>{
-                        case "vcs.revision":<span class="cov0" title="0">
-                                commit = setting.Value</span>
-                        case "vcs.tag":<span class="cov0" title="0">
-                                if tag == "" </span><span class="cov0" title="0">{
-                                        tag = setting.Value
-                                }</span>
-                        }
+type uploadProgressRenderer struct {
+        base      *progressui.Renderer
+        planned   bool
+        plan      pushsync.UploadPlanSummary
+        files     map[string]*uploadFileProgress
+        fileOrder []string
+}
+
+func newUploadProgressRenderer(out io.Writer) *uploadProgressRenderer <span class="cov5" title="4">{
+        return &amp;uploadProgressRenderer{
+                base:  progressui.NewRenderer(out),
+                files: make(map[string]*uploadFileProgress),
+        }
+}</span>
+
+func (r *uploadProgressRenderer) render(force bool) <span class="cov8" title="12">{
+        lines := make([]string, 0, len(r.fileOrder))
+        for idx, oid := range r.fileOrder </span><span class="cov9" title="18">{
+                file := r.files[oid]
+                if file == nil </span><span class="cov0" title="0">{
+                        continue</span>
                 }
+                <span class="cov9" title="18">lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))</span>
         }
+        <span class="cov8" title="12">r.base.Render(force, lines)</span>
+}
 
-        <span class="cov5" title="6">commitShort := commit
-        if len(commitShort) &gt; 7 </span><span class="cov0" title="0">{
-                commitShort = commitShort[:7]
+func (r *uploadProgressRenderer) OnUploadPlan(plan pushsync.UploadPlanSummary) <span class="cov5" title="4">{
+        r.plan = plan
+        r.planned = plan.TotalFiles &gt; 0
+        r.files = make(map[string]*uploadFileProgress, len(plan.Files))
+        r.fileOrder = r.fileOrder[:0]
+        for _, file := range plan.Files </span><span class="cov5" title="5">{
+                r.files[file.OID] = &amp;uploadFileProgress{
+                        path:  file.Path,
+                        total: file.Bytes,
+                }
+                r.fileOrder = append(r.fileOrder, file.OID)
+        }</span>
+        <span class="cov5" title="4">if r.planned </span><span class="cov5" title="4">{
+                r.render(true)
         }</span>
-
-        <span class="cov5" title="6">switch </span>{
-        case tag != "" &amp;&amp; commitShort != "":<span class="cov0" title="0">
-                return fmt.Sprintf("%s-%s", tag, commitShort)</span>
-        case tag != "":<span class="cov0" title="0">
-                return tag</span>
-        case commitShort != "":<span class="cov0" title="0">
-                return fmt.Sprintf("dev-%s", commitShort)</span>
-        default:<span class="cov5" title="6">
-                return "dev-unknown"</span>
-        }
 }
-</pre>
-		
-		<pre class="file" id="file29" style="display: none">package cloud
 
-import (
-        "context"
-        "errors"
-        "fmt"
-        "net/url"
-        "path"
-        "regexp"
-        "strings"
-        "time"
-
-        "github.com/aws/aws-sdk-go-v2/aws"
-        awsconfig "github.com/aws/aws-sdk-go-v2/config"
-        "github.com/aws/aws-sdk-go-v2/credentials"
-        "github.com/aws/aws-sdk-go-v2/service/s3"
-        "gocloud.dev/blob"
-        _ "gocloud.dev/blob/azureblob"
-        _ "gocloud.dev/blob/gcsblob"
-        "gocloud.dev/blob/s3blob"
-)
-
-// ObjectParameters contains provider-agnostic object lookup settings for
-// go-cloud metadata inspection.
-type ObjectParameters struct {
-        ObjectURL       string
-        S3Region        string
-        S3Endpoint      string
-        S3AccessKey     string
-        S3SecretKey     string
-        SHA256          string // optional expected hex (64 chars). Can be "sha256:&lt;hex&gt;" or "&lt;hex&gt;"
-        DestinationPath string // optional override URL path (worktree filename)
-}
-
-// ObjectInfo is the resolved object metadata returned by inspection.
-type ObjectInfo struct {
-
-        // Object identity
-        Bucket string
-        Key    string
-        Path   string // basename of Key (filename), or override from input
-
-        // HEAD-derived info
-        SizeBytes   int64
-        MetaSHA256  string // from user-defined object metadata (if present)
-        ETag        string
-        LastModTime time.Time
-}
-
-type objectLocation struct {
-        bucketURL string
-        bucket    string
-        key       string
-        path      string
-}
-
-var (
-        virtualHostedS3RE  = regexp.MustCompile(`^(.+?)\.s3(?:[.-]|$)`)
-        virtualHostedGCSRE = regexp.MustCompile(`^(.+?)\.storage\.googleapis\.com$`)
-        azureBlobHostRE    = regexp.MustCompile(`^([^.]+)\.blob\.core\.windows\.net$`)
-)
-
-// InspectObjectForLFS inspects object metadata for add-url and supports
-// multiple cloud URL styles (s3, gs, azblob).
-func InspectObjectForLFS(ctx context.Context, in ObjectParameters) (*ObjectInfo, error) <span class="cov0" title="0">{
-        if strings.TrimSpace(in.ObjectURL) == "" </span><span class="cov0" title="0">{
-                return nil, errors.New("ObjectURL is required")
+func (r *uploadProgressRenderer) OnUploadProgress(ev pushsync.UploadProgressEvent) <span class="cov7" title="8">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
-
-        <span class="cov0" title="0">loc, err := parseObjectLocation(in.ObjectURL, in.DestinationPath, in)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov7" title="8">file, ok := r.files[ev.OID]
+        if !ok </span><span class="cov0" title="0">{
+                return
         }</span>
-
-        <span class="cov0" title="0">cloudBucket, err := openBucketForLocation(ctx, loc, in)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("failed to open bucket via go-cloud string %s: %w", loc.bucketURL, err)
+        <span class="cov7" title="8">if ev.Path != "" </span><span class="cov7" title="8">{
+                file.path = ev.Path
         }</span>
-        <span class="cov0" title="0">defer cloudBucket.Close()
-
-        attrs, err := cloudBucket.Attributes(ctx, loc.key)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("blob attributes failed (bucket=%q key=%q): %w", loc.bucketURL, loc.key, err)
+        <span class="cov7" title="8">if ev.TotalBytes &gt; 0 </span><span class="cov7" title="8">{
+                file.total = ev.TotalBytes
         }</span>
-
-        <span class="cov0" title="0">metaSHA := extractSHA256FromMetadata(attrs.Metadata)
-        expected := normalizeSHA256(in.SHA256)
-        if expected != "" &amp;&amp; metaSHA != "" &amp;&amp; !strings.EqualFold(expected, metaSHA) </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("sha256 mismatch: expected=%s head.meta=%s", expected, metaSHA)
+        <span class="cov7" title="8">if ev.BytesSoFar &gt; file.current </span><span class="cov6" title="6">{
+                file.current = ev.BytesSoFar
         }</span>
-
-        <span class="cov0" title="0">var lm time.Time
-        if !attrs.ModTime.IsZero() </span><span class="cov0" title="0">{
-                lm = attrs.ModTime
+        <span class="cov7" title="8">if ev.Phase == pushsync.UploadProgressUploading </span><span class="cov5" title="5">{
+                file.started = true
         }</span>
-
-        <span class="cov0" title="0">etag := strings.TrimSpace(attrs.ETag)
-        etag = strings.Trim(etag, `"`)
-
-        out := &amp;ObjectInfo{
-                Bucket:      loc.bucket,
-                Key:         loc.key,
-                Path:        loc.path,
-                SizeBytes:   attrs.Size,
-                MetaSHA256:  metaSHA,
-                ETag:        etag,
-                LastModTime: lm,
+        <span class="cov7" title="8">if ev.Phase == pushsync.UploadProgressCompleted &amp;&amp; !file.completed </span><span class="cov4" title="3">{
+                file.started = true
+                file.completed = true
+                if file.total &gt; 0 </span><span class="cov4" title="3">{
+                        file.current = file.total
+                }</span>
         }
-        return out, nil</span>
+        <span class="cov7" title="8">r.render(false)</span>
 }
 
-func openBucketForLocation(ctx context.Context, loc *objectLocation, in ObjectParameters) (*blob.Bucket, error) <span class="cov0" title="0">{
-        if !strings.HasPrefix(loc.bucketURL, "s3://") </span><span class="cov0" title="0">{
-                return blob.OpenBucket(ctx, loc.bucketURL)
-        }</span>
-
-        <span class="cov0" title="0">u, err := url.Parse(loc.bucketURL)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("parse s3 bucket URL %q: %w", loc.bucketURL, err)
-        }</span>
-        <span class="cov0" title="0">bucket := strings.TrimSpace(u.Host)
-        if bucket == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("missing bucket in s3 URL %q", loc.bucketURL)
+func (r *uploadProgressRenderer) Finish() <span class="cov3" title="2">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
+        <span class="cov3" title="2">lines := make([]string, 0, len(r.fileOrder))
+        for idx, oid := range r.fileOrder </span><span class="cov4" title="3">{
+                file := r.files[oid]
+                if file == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="3">lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))</span>
+        }
+        <span class="cov3" title="2">r.base.Finish(lines)
+        r.planned = false</span>
+}
 
-        <span class="cov0" title="0">q := u.Query()
-        region := strings.TrimSpace(firstNonEmpty(in.S3Region, q.Get("region")))
-        endpoint := strings.TrimRight(strings.TrimSpace(firstNonEmpty(in.S3Endpoint, q.Get("endpoint"))), "/")
-        accessKey := strings.TrimSpace(in.S3AccessKey)
-        secretKey := strings.TrimSpace(in.S3SecretKey)
+func (r *uploadProgressRenderer) HadUploads() bool <span class="cov4" title="3">{
+        return r != nil &amp;&amp; r.planned
+}</span>
 
-        loadOpts := make([]func(*awsconfig.LoadOptions) error, 0, 2)
-        if region != "" </span><span class="cov0" title="0">{
-                loadOpts = append(loadOpts, awsconfig.WithRegion(region))
+func (r *uploadProgressRenderer) renderLine(idx int, total int, file *uploadFileProgress) string <span class="cov10" title="21">{
+        label := "preparing upload"
+        if file != nil &amp;&amp; file.path != "" </span><span class="cov10" title="21">{
+                label = progressui.TrimLabel(file.path, 48)
         }</span>
-        <span class="cov0" title="0">if accessKey != "" || secretKey != "" </span><span class="cov0" title="0">{
-                if accessKey == "" || secretKey == "" </span><span class="cov0" title="0">{
-                        return nil, errors.New("both S3AccessKey and S3SecretKey are required when either is provided")
-                }</span>
-                <span class="cov0" title="0">loadOpts = append(loadOpts, awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")))</span>
+        <span class="cov10" title="21">prefix := ""
+        if file != nil </span><span class="cov10" title="21">{
+                switch </span>{
+                case file.started &amp;&amp; !file.completed:<span class="cov5" title="5">
+                        prefix = r.base.Spinner() + " "</span>
+                }
         }
 
-        <span class="cov0" title="0">awsCfg, err := awsconfig.LoadDefaultConfig(ctx, loadOpts...)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("load aws config: %w", err)
+        <span class="cov10" title="21">current := int64(0)
+        totalBytes := int64(0)
+        completed := false
+        if file != nil </span><span class="cov10" title="21">{
+                current = file.current
+                totalBytes = file.total
+                completed = file.completed
         }</span>
+        <span class="cov10" title="21">displayCurrent := progressui.VisibleProgressBytes(current, totalBytes, completed)
+        bar := progressui.RenderProgressBar(displayCurrent, totalBytes, 24)
+        pct := progressui.RenderPercentCapped(displayCurrent, totalBytes, completed)
+        bytesLabel := progressui.RenderByteProgress(displayCurrent, totalBytes, completed)
 
-        <span class="cov0" title="0">clientOpts := make([]func(*s3.Options), 0, 1)
-        if endpoint != "" </span><span class="cov0" title="0">{
-                clientOpts = append(clientOpts, func(o *s3.Options) </span><span class="cov0" title="0">{
-                        o.UsePathStyle = true
-                        o.BaseEndpoint = aws.String(endpoint)
-                }</span>)
-        }
-        <span class="cov0" title="0">client := s3.NewFromConfig(awsCfg, clientOpts...)
-        return s3blob.OpenBucketV2(ctx, client, bucket, nil)</span>
+        _ = idx
+        _ = total
+        return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)</span>
 }
+</pre>
+		
+		<pre class="file" id="file23" style="display: none">package query
 
-func parseObjectLocation(raw, destinationPath string, cfg ObjectParameters) (*objectLocation, error) <span class="cov8" title="6">{
-        u, err := url.Parse(raw)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+import (
+        "context"
+        "fmt"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        "github.com/calypr/syfon/client/hash"
+        "github.com/spf13/cobra"
+)
+
+var remote string
+var checksum = false
+var pretty = false
+
+func queryByChecksum(ctx context.Context, gc *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
+        hashType := checksumTypeForString(checksum)
+        if hashType != hash.ChecksumTypeSHA256.String() </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("checksum lookup currently only supports sha256 (got %q); non-sha256 support is tracked in syfon DRSService.GetObjectsByChecksum", hashType)
         }</span>
+        <span class="cov0" title="0">return drsremote.ObjectsByHashForScope(ctx, gc, checksum)</span>
+}
 
-        <span class="cov8" title="6">withPath := func(bucketURL, bucket, key string) (*objectLocation, error) </span><span class="cov8" title="6">{
-                worktreeName := strings.TrimSpace(destinationPath)
-                if worktreeName == "" </span><span class="cov8" title="6">{
-                        worktreeName = path.Base(key)
-                        if worktreeName == "." || worktreeName == "/" || worktreeName == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("could not derive worktree name from key %q", key)
-                        }</span>
-                } else<span class="cov0" title="0"> if worktreeName == "." || worktreeName == "/" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("invalid worktree name override %q", worktreeName)
-                }</span>
-                <span class="cov8" title="6">return &amp;objectLocation{
-                        bucketURL: bucketURL,
-                        bucket:    bucket,
-                        key:       key,
-                        path:      worktreeName,
-                }, nil</span>
+func checksumTypeForString(sum string) string <span class="cov10" title="5">{
+        switch len(strings.TrimSpace(sum)) </span>{
+        case 32:<span class="cov1" title="1">
+                return "md5"</span>
+        case 40:<span class="cov1" title="1">
+                return "sha1"</span>
+        case 64:<span class="cov1" title="1">
+                return "sha256"</span>
+        case 128:<span class="cov1" title="1">
+                return "sha512"</span>
+        default:<span class="cov1" title="1">
+                return string(hash.NormalizeChecksumType(sum))</span>
         }
+}
 
-        <span class="cov8" title="6">switch u.Scheme </span>{
-        case "s3", "gs", "azblob":<span class="cov5" title="3">
-                bucket := u.Host
-                key := strings.TrimPrefix(u.Path, "/")
-                if bucket == "" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("no bucket/container in URL: %s", raw)
-                }</span>
-                <span class="cov5" title="3">if key == "" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("no object key/path in URL: %s", raw)
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "query &lt;drs_id&gt;",
+        Short: "Query DRS server by DRS ID",
+        Long:  "Query DRS server by DRS ID",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) != 1 </span><span class="cov0" title="0">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: requires exactly 1 argument (DRS ID), received %d\n\nUsage: %s\n\nSee 'git drs query --help' for more details", len(args), cmd.UseLine())
                 }</span>
-                <span class="cov5" title="3">return withPath(normalizeCloudBucketURL(u, cfg), bucket, key)</span>
-        case "http", "https":<span class="cov5" title="3">
-                host := u.Hostname()
-                key := strings.TrimPrefix(u.Path, "/")
-                if key == "" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("no object path in URL: %s", raw)
+                <span class="cov0" title="0">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                logger := drslog.GetLogger()
+
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
 
-                <span class="cov5" title="3">if m := virtualHostedS3RE.FindStringSubmatch(host); m != nil </span><span class="cov1" title="1">{
-                        bucket := m[1]
-                        return withPath(fmt.Sprintf("s3://%s", bucket), bucket, key)
+                <span class="cov0" title="0">remoteName, err := cfg.GetRemoteOrDefault(remote)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Error(fmt.Sprintf("Error getting remote: %v", err))
+                        return err
                 }</span>
 
-                <span class="cov4" title="2">if m := virtualHostedGCSRE.FindStringSubmatch(host); m != nil </span><span class="cov0" title="0">{
-                        bucket := m[1]
-                        return withPath(fmt.Sprintf("gs://%s", bucket), bucket, key)
+                <span class="cov0" title="0">gc, err := cfg.GetRemoteClient(remoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
 
-                <span class="cov4" title="2">if host == "storage.googleapis.com" </span><span class="cov0" title="0">{
-                        parts := strings.SplitN(key, "/", 2)
-                        if len(parts) &lt; 2 || parts[0] == "" || parts[1] == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("invalid GCS path-style URL: %s", raw)
+                <span class="cov0" title="0">if checksum </span><span class="cov0" title="0">{
+                        objs, err := queryByChecksum(context.Background(), gc, args[0])
+                        if err != nil </span><span class="cov0" title="0">{
+                                return err
                         }</span>
-                        <span class="cov0" title="0">bucket := parts[0]
-                        return withPath(fmt.Sprintf("gs://%s", bucket), bucket, parts[1])</span>
+                        <span class="cov0" title="0">for _, drsObj := range objs </span><span class="cov0" title="0">{
+                                if err := common.PrintDRSObject(drsObj, pretty); err != nil </span><span class="cov0" title="0">{
+                                        return err
+                                }</span>
+                        }
+                        <span class="cov0" title="0">return nil</span>
                 }
 
-                <span class="cov4" title="2">if m := azureBlobHostRE.FindStringSubmatch(host); m != nil </span><span class="cov1" title="1">{
-                        account := m[1]
-                        parts := strings.SplitN(key, "/", 2)
-                        if len(parts) &lt; 2 || parts[0] == "" || parts[1] == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("invalid Azure blob URL: %s", raw)
-                        }</span>
-                        <span class="cov1" title="1">container := parts[0]
-                        blobPath := parts[1]
-                        bucketURL := fmt.Sprintf("azblob://%s?account_name=%s", container, account)
-                        return withPath(bucketURL, container, blobPath)</span>
-                }
+                <span class="cov0" title="0">obj, err := gc.Client.DRS().GetObject(context.Background(), args[0])
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov0" title="0">return common.PrintDRSObject(obj, pretty)</span>
+        },
+}
 
-                // Legacy S3 path-style compatibility for endpoints like s3.example.org.
-                <span class="cov1" title="1">if strings.Contains(host, "s3") </span><span class="cov1" title="1">{
-                        parts := strings.SplitN(key, "/", 2)
-                        if len(parts) &lt; 2 || parts[0] == "" || parts[1] == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("invalid S3 path-style URL: %s", raw)
-                        }</span>
-                        <span class="cov1" title="1">bucket := parts[0]
-                        endpointHint := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
-                        return withPath(buildS3BucketURL(bucket, cfg, endpointHint), bucket, parts[1])</span>
-                }
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().StringVarP(&amp;remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
+        Cmd.Flags().BoolVarP(&amp;checksum, "checksum", "c", checksum, "Find by checksum")
+        Cmd.Flags().BoolVarP(&amp;pretty, "pretty", "p", pretty, "Print indented JSON")
+}</span>
+</pre>
+		
+		<pre class="file" id="file24" style="display: none">package add
 
-                <span class="cov0" title="0">return nil, fmt.Errorf("unsupported http(s) cloud URL: %s", raw)</span>
-        default:<span class="cov0" title="0">
-                return nil, fmt.Errorf("unsupported scheme: %s", u.Scheme)</span>
-        }
-}
+import (
+        "context"
+        "encoding/json"
+        "fmt"
+        "log/slog"
+        "net/http"
+        "strings"
 
-func buildS3BucketURL(bucket string, cfg ObjectParameters, endpointHint string) string <span class="cov5" title="3">{
-        u := url.URL{
-                Scheme: "s3",
-                Host:   bucket,
-        }
-        q := url.Values{}
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/cmd/initialize"
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+        conf "github.com/calypr/syfon/client/config"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/spf13/cobra"
+)
 
-        region := strings.TrimSpace(cfg.S3Region)
-        if region != "" </span><span class="cov1" title="1">{
-                q.Set("region", region)
-        }</span>
+var Gen3Cmd = &amp;cobra.Command{
+        Use: "gen3 [remote-name] &lt;organization/project&gt;",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) &lt; 1 || len(args) &gt; 2 </span><span class="cov0" title="0">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: expected [remote-name] &lt;organization/project&gt;, received %d arguments\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                logg := drslog.GetLogger()
 
-        <span class="cov5" title="3">endpoint := strings.TrimRight(firstNonEmpty(endpointHint, cfg.S3Endpoint), "/")
-        if endpoint != "" </span><span class="cov4" title="2">{
-                q.Set("endpoint", endpoint)
-        }</span>
+                remoteName := config.ORIGIN
+                scopeArg := ""
+                if len(args) == 1 </span><span class="cov0" title="0">{
+                        scopeArg = args[0]
+                }</span> else<span class="cov0" title="0"> {
+                        remoteName = args[0]
+                        scopeArg = args[1]
+                }</span>
 
-        <span class="cov5" title="3">if len(q) &gt; 0 </span><span class="cov4" title="2">{
-                u.RawQuery = q.Encode()
-        }</span>
-        <span class="cov5" title="3">return u.String()</span>
+                <span class="cov0" title="0">err := gen3Init(remoteName, credFile, fenceToken, scopeArg, logg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error configuring gen3 server: %v", err)
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        },
 }
 
-func normalizeCloudBucketURL(u *url.URL, cfg ObjectParameters) string <span class="cov5" title="3">{
-        bucketURL := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
-        if u.Scheme == "s3" </span><span class="cov4" title="2">{
-                bucketURL = buildS3BucketURL(u.Host, cfg, "")
+func gen3Init(remoteName, credFile, fenceToken, scopeArg string, logg *slog.Logger) error <span class="cov0" title="0">{
+        if remoteName == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
         }</span>
-        <span class="cov5" title="3">if u.RawQuery == "" </span><span class="cov5" title="3">{
-                return bucketURL
+        <span class="cov0" title="0">if err := initialize.EnsureInitialized(logg); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to initialize repository: %w", err)
         }</span>
-
-        <span class="cov0" title="0">parsed, err := url.Parse(bucketURL)
+        <span class="cov0" title="0">organization, project, err := parseScopeArg(scopeArg)
         if err != nil </span><span class="cov0" title="0">{
-                return bucketURL
+                return err
         }</span>
-        <span class="cov0" title="0">q := parsed.Query()
-        for k, vs := range u.Query() </span><span class="cov0" title="0">{
-                q.Del(k)
-                for _, v := range vs </span><span class="cov0" title="0">{
-                        q.Add(k, v)
-                }</span>
-        }
-        <span class="cov0" title="0">parsed.RawQuery = q.Encode()
-        return parsed.String()</span>
-}
 
-func firstNonEmpty(values ...string) string <span class="cov5" title="3">{
-        for _, v := range values </span><span class="cov7" title="5">{
-                v = strings.TrimSpace(v)
-                if v != "" </span><span class="cov4" title="2">{
-                        return v
+        <span class="cov0" title="0">var accessToken, apiKey, keyID, apiEndpoint string
+        configure := conf.NewConfigure(logg)
+        switch </span>{
+        case fenceToken != "":<span class="cov0" title="0">
+                accessToken = fenceToken
+                var err error
+                apiEndpoint, err = common.ParseAPIEndpointFromToken(accessToken)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to parse API endpoint from provided access token: %w", err)
                 }</span>
-        }
-        <span class="cov1" title="1">return ""</span>
-}
 
-//
-// --- SHA256 metadata extraction ---
-//
+        case credFile != "":<span class="cov0" title="0">
+                cred, err := configure.Import(credFile, "")
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to read credentials file %s: %w", credFile, err)
+                }</span>
+                <span class="cov0" title="0">accessToken = cred.AccessToken
+                apiKey = cred.APIKey
+                keyID = cred.KeyID
 
-var sha256HexRe = regexp.MustCompile(`(?i)^[0-9a-f]{64}$`)
+                apiEndpoint, err = common.ParseAPIEndpointFromToken(cred.APIKey)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to parse API endpoint from API key in credentials file: %w", err)
+                }</span>
 
-func normalizeSHA256(s string) string <span class="cov8" title="6">{
-        s = strings.TrimSpace(s)
-        s = strings.TrimPrefix(strings.ToLower(s), "sha256:")
-        s = strings.TrimSpace(s)
-        if s == "" </span><span class="cov0" title="0">{
-                return ""
-        }</span>
-        <span class="cov8" title="6">if !sha256HexRe.MatchString(s) </span><span class="cov1" title="1">{
-                // If caller provided something malformed, treat as empty.
-                // Change this to a hard error if you prefer.
-                return ""
-        }</span>
-        <span class="cov7" title="5">return strings.ToLower(s)</span>
-}
+        default:<span class="cov0" title="0">
+                existing, err := configure.Load(remoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to load %s config: %w", remoteName, err)
+                }</span> else<span class="cov0" title="0"> {
+                        accessToken = existing.AccessToken
+                        apiKey = existing.APIKey
+                        keyID = existing.KeyID
+                        apiEndpoint = existing.APIEndpoint
+                }</span>
+        }
 
-func extractSHA256FromMetadata(md map[string]string) string <span class="cov5" title="3">{
-        if md == nil </span><span class="cov0" title="0">{
-                return ""
+        <span class="cov0" title="0">if apiEndpoint == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("could not determine Gen3 API endpoint")
         }</span>
 
-        // AWS SDK v2 exposes user-defined metadata WITHOUT the "x-amz-meta-" prefix,
-        // and normalizes keys to lower-case.
-        <span class="cov5" title="3">candidates := []string{
-                "sha256",
-                "checksum-sha256",
-                "content-sha256",
-                "oid-sha256",
-                "git-lfs-sha256",
+        <span class="cov0" title="0">cred := &amp;conf.Credential{
+                Profile:            remoteName,
+                APIEndpoint:        apiEndpoint,
+                APIKey:             apiKey,
+                KeyID:              keyID,
+                AccessToken:        accessToken, // may be stale
+                UseShepherd:        "false",
+                MinShepherdVersion: "",
         }
 
-        for _, k := range candidates </span><span class="cov10" title="8">{
-                if v, ok := md[k]; ok </span><span class="cov4" title="2">{
-                        n := normalizeSHA256(v)
-                        if n != "" </span><span class="cov4" title="2">{
-                                return n
-                        }</span>
-                }
-        }
+        if err := credentials.EnsureValidCredential(context.Background(), cred, logg); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", config.WrapCredentialValidationError(remoteName, err))
+        }</span>
 
-        // Sometimes people stash "sha256:&lt;hex&gt;"
-        <span class="cov1" title="1">for _, v := range md </span><span class="cov1" title="1">{
-                if n := normalizeSHA256(v); n != "" </span><span class="cov1" title="1">{
-                        return n
+        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+        if err != nil </span><span class="cov0" title="0">{
+                scope, err = resolveBucketScopeFromServer(context.Background(), apiEndpoint, strings.TrimSpace(cred.AccessToken), organization, project)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
                 }</span>
         }
+        <span class="cov0" title="0">resolvedBucket := strings.TrimSpace(scope.Bucket)
+        resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+        if resolvedBucket == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
+        }</span>
 
-        <span class="cov0" title="0">return ""</span>
-}
-</pre>
-		
-		<pre class="file" id="file30" style="display: none">package common
-
-import (
-        "crypto/sha256"
-        "encoding/hex"
-        "fmt"
-        "io"
-        "net/url"
-        "os"
-        "strings"
-
-        "github.com/bytedance/sonic"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-)
-
-// AddUnique appends items from 'toAdd' to 'existing' only if they're not already present.
-// Returns the updated slice with unique items.
-func AddUnique[T comparable](existing []T, toAdd []T) []T <span class="cov1" title="1">{
-        // seen map uses struct{} as the value for memory efficiency
-        seen := make(map[T]struct{}, len(existing))
+        <span class="cov0" title="0">remoteGen3 := config.RemoteSelect{
+                Gen3: &amp;config.Gen3Remote{
+                        Endpoint:      apiEndpoint,
+                        ProjectID:     project,
+                        Organization:  organization,
+                        Bucket:        resolvedBucket,
+                        StoragePrefix: resolvedStoragePrefix,
+                },
+        }
 
-        // Populate the set with existing items
-        for _, item := range existing </span><span class="cov4" title="2">{
-                seen[item] = struct{}{}
+        remote := config.Remote(remoteName)
+        if _, err := config.UpdateRemote(remote, remoteGen3); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to update remote config: %w", err)
         }</span>
+        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
 
-        <span class="cov1" title="1">for _, item := range toAdd </span><span class="cov4" title="2">{
-                // check if item not yet in the set
-                if _, found := seen[item]; !found </span><span class="cov1" title="1">{
-                        existing = append(existing, item)
-                        // Add the new unique item to the set
-                        seen[item] = struct{}{}
+        if err := configure.Save(cred); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
+        }</span>
+        // Configure stock git credential plumbing for lfs + persist the refreshed token locally.
+        <span class="cov0" title="0">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to configure git credential helper: %w", err)
+        }</span>
+        <span class="cov0" title="0">if err := gitrepo.SetRemoteLFSURL(remoteName, apiEndpoint); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to set lfs url for remote %s: %w", remoteName, err)
+        }</span>
+        <span class="cov0" title="0">if strings.TrimSpace(cred.AccessToken) != "" </span><span class="cov0" title="0">{
+                if err := gitrepo.SetRemoteToken(remoteName, strings.TrimSpace(cred.AccessToken)); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to persist repo token for remote %s: %w", remoteName, err)
                 }</span>
         }
-        <span class="cov1" title="1">return existing</span>
+
+        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Gen3 profile '%s' configured and token refreshed successfully", remoteName))
+        return nil</span>
 }
 
-// ProjectToResource converts a project ID and optional organization to a GA4GH resource path.
-// Kept for internal use only; the DRS wire format now uses AuthzMapFromOrgProject.
-func ProjectToResource(org, project string) (string, error) <span class="cov0" title="0">{
-        if org != "" </span><span class="cov0" title="0">{
-                return "/programs/" + org + "/projects/" + project, nil
+func parseScopeArg(raw string) (string, string, error) <span class="cov9" title="6">{
+        raw = strings.TrimSpace(raw)
+        if raw == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("organization/project scope is required")
         }</span>
-        <span class="cov0" title="0">if project == "" </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("project ID is empty")
+
+        <span class="cov9" title="6">parts := strings.Split(raw, "/")
+        if len(parts) != 2 </span><span class="cov4" title="2">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
         }</span>
-        <span class="cov0" title="0">if !strings.Contains(project, "-") </span><span class="cov0" title="0">{
-                return "/programs/default/projects/" + project, nil
+        <span class="cov7" title="4">organization := strings.TrimSpace(parts[0])
+        project := strings.TrimSpace(parts[1])
+        if organization == "" || project == "" </span><span class="cov4" title="2">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
         }</span>
-        <span class="cov0" title="0">projectIDParts := strings.SplitN(project, "-", 2)
-        return "/programs/" + projectIDParts[0] + "/projects/" + projectIDParts[1], nil</span>
+        <span class="cov4" title="2">return organization, project, nil</span>
 }
 
-// ParseOrgProject resolves the effective org and project from the conventional
-// arguments. When org is provided it is used directly. When org is empty the
-// project string is split on the first "-" to derive org and project (the same
-// convention that ProjectToResource applies).
-func ParseOrgProject(org, project string) (string, string) <span class="cov7" title="3">{
-        if org != "" </span><span class="cov1" title="1">{
-                return org, project
+func resolveBucketScopeFromServer(ctx context.Context, endpoint, token, organization, project string) (gitrepo.ResolvedBucketScope, error) <span class="cov6" title="3">{
+        if strings.TrimSpace(endpoint) == "" </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
         }</span>
-        <span class="cov4" title="2">if project == "" </span><span class="cov0" title="0">{
-                return "", ""
+        <span class="cov6" title="3">if strings.TrimSpace(token) == "" </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing access token for server bucket lookup")
         }</span>
-        <span class="cov4" title="2">if !strings.Contains(project, "-") </span><span class="cov1" title="1">{
-                return "default", project
+
+        <span class="cov6" title="3">req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
         }</span>
-        <span class="cov1" title="1">parts := strings.SplitN(project, "-", 2)
-        return parts[0], parts[1]</span>
-}
+        <span class="cov6" title="3">req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(token))
 
-// AuthzMapFromOrgProject builds the wire-format authorizations map from an
-// org and project. An empty project means org-wide access.
-func AuthzMapFromOrgProject(org, project string) map[string][]string <span class="cov10" title="5">{
-        org = strings.TrimSpace(org)
-        if org == "" </span><span class="cov1" title="1">{
-                return nil
+        resp, err := http.DefaultClient.Do(req)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
         }</span>
-        <span class="cov8" title="4">project = strings.TrimSpace(project)
-        if project == "" </span><span class="cov1" title="1">{
-                return map[string][]string{org: {}}
+        <span class="cov6" title="3">defer resp.Body.Close()
+        if resp.StatusCode != http.StatusOK </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
         }</span>
-        <span class="cov7" title="3">return map[string][]string{org: {project}}</span>
-}
 
-// AuthzMatchesScope reports whether the authz map grants access for the given
-// org and project. An empty project list in the map means org-wide access.
-func AuthzMatchesScope(authzMap map[string][]string, org, project string) bool <span class="cov8" title="4">{
-        if len(authzMap) == 0 || org == "" </span><span class="cov1" title="1">{
-                return false
+        <span class="cov6" title="3">var payload bucketapi.BucketsResponse
+        if err := json.NewDecoder(resp.Body).Decode(&amp;payload); err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
         }</span>
-        <span class="cov7" title="3">projects, ok := authzMap[org]
-        if !ok </span><span class="cov0" title="0">{
-                return false
+
+        <span class="cov6" title="3">projectResource, err := syfoncommon.ResourcePath(organization, project)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
         }</span>
-        <span class="cov7" title="3">if len(projects) == 0 </span><span class="cov1" title="1">{
-                return true // org-wide
+        <span class="cov6" title="3">orgResource, err := syfoncommon.ResourcePath(organization, "")
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
         }</span>
-        <span class="cov4" title="2">for _, p := range projects </span><span class="cov7" title="3">{
-                if p == project </span><span class="cov1" title="1">{
-                        return true
-                }</span>
-        }
-        <span class="cov1" title="1">return false</span>
-}
 
-// CalculateFileSHA256 returns the lowercase hex SHA256 checksum for a file.
-func CalculateFileSHA256(path string) (string, error) <span class="cov4" title="2">{
-        f, err := os.Open(path)
-        if err != nil </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("open file %s: %w", path, err)
+        <span class="cov6" title="3">if bucket, ok := findBucketByResource(payload, projectResource); ok </span><span class="cov1" title="1">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
-        <span class="cov1" title="1">defer f.Close()
-
-        h := sha256.New()
-        if _, err := io.Copy(h, f); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("hash file %s: %w", path, err)
+        <span class="cov4" title="2">if bucket, ok := findBucketByResource(payload, orgResource); ok </span><span class="cov1" title="1">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
 
-        <span class="cov1" title="1">return hex.EncodeToString(h.Sum(nil)), nil</span>
+        <span class="cov1" title="1">return gitrepo.ResolvedBucketScope{}, fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)</span>
 }
 
-func NormalizeChecksum(raw string) string <span class="cov4" title="2">{
-        raw = strings.TrimSpace(raw)
-        raw = strings.TrimPrefix(raw, "sha256:")
-        return strings.TrimSpace(raw)
-}</span>
+func findBucketByResource(payload bucketapi.BucketsResponse, resource string) (string, bool) <span class="cov10" title="7">{
+        resource = syfoncommon.NormalizeAccessResource(resource)
+        if resource == "" </span><span class="cov0" title="0">{
+                return "", false
+        }</span>
+        <span class="cov10" title="7">var match string
+        for bucket, meta := range payload.S3BUCKETS </span><span class="cov10" title="7">{
+                if meta.Programs == nil </span><span class="cov4" title="2">{
+                        continue</span>
+                }
+                <span class="cov8" title="5">for _, candidate := range *meta.Programs </span><span class="cov8" title="5">{
+                        if syfoncommon.NormalizeAccessResource(candidate) != resource </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov7" title="4">if match != "" &amp;&amp; match != bucket </span><span class="cov0" title="0">{
+                                return "", false
+                        }</span>
+                        <span class="cov7" title="4">match = bucket
+                        break</span>
+                }
+        }
+        <span class="cov10" title="7">if match == "" </span><span class="cov6" title="3">{
+                return "", false
+        }</span>
+        <span class="cov7" title="4">return match, true</span>
+}
+</pre>
+		
+		<pre class="file" id="file25" style="display: none">package add
 
-func NormalizeOid(raw string) string <span class="cov0" title="0">{
-        return NormalizeChecksum(raw)
-}</span>
+import "github.com/spf13/cobra"
 
-func StoragePrefix(org, project string) string <span class="cov0" title="0">{
-        _ = org
-        _ = project
-        return ""
-}</span>
+var (
+        credFile      string
+        fenceToken    string
+        localPassword string
+        localUsername string
+)
 
-type ObjectBuilder struct {
-        Bucket        string
-        Project       string
-        Organization  string
-        StoragePrefix string
-        Provider      string
-        AccessScheme  string
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "add",
+        Short: "add server access for git-drs",
 }
 
-func NewObjectBuilder(bucket, project string) ObjectBuilder <span class="cov0" title="0">{
-        return ObjectBuilder{Bucket: bucket, Project: project}
-}</span>
+func init() <span class="cov8" title="1">{
+        Gen3Cmd.Flags().StringVar(&amp;credFile, "cred", "", "[gen3] Import a Gen3 credential file into this profile")
+        Gen3Cmd.Flags().StringVar(&amp;fenceToken, "token", "", "[gen3] Use a temporary bearer token issued from fence")
 
-func (b ObjectBuilder) Build(fileName string, checksum string, size int64, drsID string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
-        prefix := strings.Trim(strings.TrimSpace(b.StoragePrefix), "/")
-        return BuildDrsObjWithPrefix(fileName, checksum, size, drsID, b.Bucket, b.Organization, b.Project, prefix)
+        Cmd.AddCommand(Gen3Cmd)
+        LocalCmd.Flags().StringVar(&amp;localUsername, "username", "", "Username for local DRS HTTP basic auth")
+        LocalCmd.Flags().StringVar(&amp;localPassword, "password", "", "Password for local DRS HTTP basic auth")
+        Cmd.AddCommand(LocalCmd)
 }</span>
+</pre>
+		
+		<pre class="file" id="file26" style="display: none">package add
 
-func BuildDrsObjWithPrefix(fileName string, checksum string, size int64, drsID string, bucket string, org string, project string, prefix string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
-        return BuildDrsObjWithOptions(fileName, checksum, size, drsID, ObjectLocationOptions{
-                Bucket:        bucket,
-                Organization:  org,
-                Project:       project,
-                StoragePrefix: prefix,
-        })
-}</span>
+import (
+        "context"
+        "encoding/json"
+        "fmt"
+        "net/http"
+        "strings"
 
-func ConvertToCandidate(obj *drsapi.DrsObject) drsapi.DrsObjectCandidate <span class="cov0" title="0">{
-        if obj == nil </span><span class="cov0" title="0">{
-                return drsapi.DrsObjectCandidate{}
-        }</span>
-        <span class="cov0" title="0">return drsapi.DrsObjectCandidate{
-                AccessMethods: obj.AccessMethods,
-                Aliases:       obj.Aliases,
-                Checksums:     obj.Checksums,
-                Contents:      obj.Contents,
-                Description:   obj.Description,
-                MimeType:      obj.MimeType,
-                Name:          obj.Name,
-                Size:          obj.Size,
-                Version:       obj.Version,
-        }</span>
-}
+        "github.com/calypr/git-drs/cmd/initialize"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/spf13/cobra"
+)
 
-type ObjectLocationOptions struct {
-        Bucket        string
-        Organization  string
-        Project       string
-        StoragePrefix string
-        Provider      string
-        AccessScheme  string
-}
+var LocalCmd = &amp;cobra.Command{
+        Use:   "local &lt;remote-name&gt; &lt;url&gt; &lt;organization/project&gt;",
+        Short: "Add a local DRS server",
+        Long:  "Add a local DRS server by specifying its base URL and scope. Optional --username/--password configures basic auth for helper flows.",
+        Args:  cobra.ExactArgs(3),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                remoteName := args[0]
+                url := args[1]
+                scopeArg := args[2]
 
-func BuildDrsObjWithOptions(fileName string, checksum string, size int64, drsID string, opts ObjectLocationOptions) (*drsapi.DrsObject, error) <span class="cov4" title="2">{
-        checksum = NormalizeChecksum(checksum)
-        if checksum == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("checksum is required")
-        }</span>
+                if err := initialize.EnsureInitialized(drslog.GetLogger()); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to initialize repository: %w", err)
+                }</span>
+                <span class="cov1" title="1">if url == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("URL cannot be empty")
+                }</span>
+                <span class="cov1" title="1">organization, project, err := parseScopeArg(scopeArg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+                if err != nil </span><span class="cov1" title="1">{
+                        scope, err = resolveBucketScopeFromLocalServer(context.Background(), url, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword), organization, project)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
+                        }</span>
+                }
+                <span class="cov1" title="1">resolvedBucket := strings.TrimSpace(scope.Bucket)
+                resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+                if resolvedBucket == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
+                }</span>
 
-        <span class="cov4" title="2">obj := &amp;drsapi.DrsObject{
-                Id:      drsID,
-                SelfUri: "drs://" + drsID,
-                Size:    size,
-                Name:    &amp;fileName,
-                Checksums: []drsapi.Checksum{
-                        {Type: "sha256", Checksum: checksum},
-                },
-        }
+                <span class="cov1" title="1">remoteSelect := config.RemoteSelect{
+                        Local: &amp;config.LocalRemote{
+                                BaseURL:       url,
+                                ProjectID:     project,
+                                Bucket:        resolvedBucket,
+                                Organization:  organization,
+                                StoragePrefix: resolvedStoragePrefix,
+                        },
+                }
 
-        if opts.Bucket == "" </span><span class="cov0" title="0">{
-                return obj, nil
-        }</span>
+                newConfig, err := config.UpdateRemote(config.Remote(remoteName), remoteSelect)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">if err := gitrepo.SetRemoteLFSURL(remoteName, url); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to configure lfs url for remote %q: %w", remoteName, err)
+                }</span>
+                <span class="cov1" title="1">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to configure git credential helper: %w", err)
+                }</span>
+                <span class="cov1" title="1">if strings.TrimSpace(localUsername) != "" || strings.TrimSpace(localPassword) != "" </span><span class="cov0" title="0">{
+                        if strings.TrimSpace(localUsername) == "" || strings.TrimSpace(localPassword) == "" </span><span class="cov0" title="0">{
+                                return fmt.Errorf("both --username and --password are required when configuring local basic auth")
+                        }</span>
+                        <span class="cov0" title="0">if err := gitrepo.SetRemoteBasicAuth(remoteName, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword)); err != nil </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed to configure local basic auth for remote %q: %w", remoteName, err)
+                        }</span>
+                }
 
-        <span class="cov4" title="2">prefix := strings.Trim(strings.TrimSpace(opts.StoragePrefix), "/")
+                <span class="cov1" title="1">fmt.Printf("Added remote '%s'. Config: %v\n", remoteName, newConfig.GetRemote(config.Remote(remoteName)))
+                return nil</span>
+        },
+}
 
-        accessURL, methodType, err := BuildAccessURL(opts.Bucket, prefix, checksum, opts.Provider, opts.AccessScheme)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+func resolveBucketScopeFromLocalServer(ctx context.Context, endpoint, username, password, organization, project string) (gitrepo.ResolvedBucketScope, error) <span class="cov10" title="2">{
+        if strings.TrimSpace(endpoint) == "" </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
         }</span>
 
-        <span class="cov4" title="2">am := drsapi.AccessMethod{
-                Type: drsapi.AccessMethodType(methodType),
-                AccessUrl: &amp;struct {
-                        Headers *[]string `json:"headers,omitempty"`
-                        Url     string    `json:"url"`
-                }{Url: accessURL},
-        }
-        if authzMap := AuthzMapFromOrgProject(opts.Organization, opts.Project); authzMap != nil </span><span class="cov4" title="2">{
-                am.Authorizations = &amp;authzMap
+        <span class="cov10" title="2">req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
+        }</span>
+        <span class="cov10" title="2">if username != "" || password != "" </span><span class="cov1" title="1">{
+                req.SetBasicAuth(username, password)
         }</span>
-        <span class="cov4" title="2">ams := []drsapi.AccessMethod{am}
-        obj.AccessMethods = &amp;ams
-        return obj, nil</span>
-}
 
-func BuildAccessURL(bucket string, prefix string, key string, provider string, accessScheme string) (string, string, error) <span class="cov4" title="2">{
-        bucket = strings.TrimSpace(bucket)
-        key = strings.Trim(strings.TrimSpace(key), "/")
-        if bucket == "" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("bucket is required")
+        <span class="cov10" title="2">resp, err := http.DefaultClient.Do(req)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
         }</span>
-        <span class="cov4" title="2">if key == "" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("key is required")
+        <span class="cov10" title="2">defer resp.Body.Close()
+        if resp.StatusCode != http.StatusOK </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
         }</span>
 
-        <span class="cov4" title="2">scheme := strings.TrimSuffix(strings.ToLower(strings.TrimSpace(accessScheme)), "://")
-        if scheme == "" </span><span class="cov4" title="2">{
-                scheme = schemeFromProvider(provider)
+        <span class="cov10" title="2">var payload bucketapi.BucketsResponse
+        if err := json.NewDecoder(resp.Body).Decode(&amp;payload); err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
         }</span>
 
-        <span class="cov4" title="2">if u, err := url.Parse(bucket); err == nil &amp;&amp; u.Scheme != "" </span><span class="cov0" title="0">{
-                scheme = strings.ToLower(u.Scheme)
-                bucket = u.Host
-                basePath := strings.Trim(u.Path, "/")
-                if basePath != "" </span><span class="cov0" title="0">{
-                        if prefix == "" </span><span class="cov0" title="0">{
-                                prefix = basePath
-                        }</span> else<span class="cov0" title="0"> {
-                                prefix = strings.Trim(basePath+"/"+strings.Trim(prefix, "/"), "/")
-                        }</span>
-                }
-        }
+        <span class="cov10" title="2">projectResource, err := syfoncommon.ResourcePath(organization, project)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
+        }</span>
+        <span class="cov10" title="2">orgResource, err := syfoncommon.ResourcePath(organization, "")
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
+        }</span>
 
-        <span class="cov4" title="2">if scheme == "" </span><span class="cov0" title="0">{
-                scheme = "s3"
+        <span class="cov10" title="2">if bucket, ok := findBucketByResource(payload, projectResource); ok </span><span class="cov10" title="2">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
-        <span class="cov4" title="2">methodType := accessMethodTypeForScheme(scheme)
-        path := key
-        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
-        if prefix != "" </span><span class="cov1" title="1">{
-                path = prefix + "/" + key
+        <span class="cov0" title="0">if bucket, ok := findBucketByResource(payload, orgResource); ok </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
-        <span class="cov4" title="2">return fmt.Sprintf("%s://%s/%s", scheme, bucket, path), methodType, nil</span>
+
+        <span class="cov0" title="0">return gitrepo.ResolvedBucketScope{}, fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)</span>
 }
+</pre>
+		
+		<pre class="file" id="file27" style="display: none">package remote
 
-func schemeFromProvider(provider string) string <span class="cov4" title="2">{
-        switch strings.ToLower(strings.TrimSpace(provider)) </span>{
-        case "", "s3", "aws", "minio":<span class="cov4" title="2">
-                return "s3"</span>
-        case "gcs", "gcp", "google", "gs":<span class="cov0" title="0">
-                return "gs"</span>
-        case "azure", "azblob", "blob":<span class="cov0" title="0">
-                return "az"</span>
-        default:<span class="cov0" title="0">
-                return strings.TrimSuffix(strings.ToLower(strings.TrimSpace(provider)), "://")</span>
-        }
-}
-
-func accessMethodTypeForScheme(scheme string) string <span class="cov4" title="2">{
-        switch strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://")) </span>{
-        case "gcs", "gs":<span class="cov0" title="0">
-                return string(drsapi.AccessMethodTypeGs)</span>
-        case "s3":<span class="cov4" title="2">
-                return string(drsapi.AccessMethodTypeS3)</span>
-        default:<span class="cov0" title="0">
-                return strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://"))</span>
-        }
-}
+import (
+        "fmt"
 
-// PrintDRSObject marshals and prints a DRS object as JSON.
-func PrintDRSObject(obj drsapi.DrsObject, pretty bool) error <span class="cov0" title="0">{
-        var out []byte
-        var err error
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        syconf "github.com/calypr/syfon/client/config"
+        "github.com/spf13/cobra"
+)
 
-        if pretty </span><span class="cov0" title="0">{
-                out, err = sonic.ConfigFastest.MarshalIndent(obj, "", "  ")
-        }</span> else<span class="cov0" title="0"> {
-                out, err = sonic.ConfigFastest.Marshal(obj)
+var (
+        loadConfig            = config.LoadConfig
+        loadProfileCredential = func(profile string) (*syconf.Credential, error) <span class="cov0" title="0">{
+                return syconf.NewConfigure(drslog.GetLogger()).Load(profile)
         }</span>
+        ensureValidCredential = credentials.EnsureValidCredential
+)
 
-        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+var ListCmd = &amp;cobra.Command{
+        Use:   "list",
+        Short: "List DRS repos",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="2">{
+                if len(args) != 0 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs remote list --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                logg := drslog.GetLogger()
+                cfg, err := loadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        logg.Debug(fmt.Sprintf("Error loading config: %s", err))
+                        return err
+                }</span>
 
-        <span class="cov0" title="0">fmt.Printf("%s\n", string(out))
-        return nil</span>
+                <span class="cov1" title="1">for name, remoteSelect := range cfg.Remotes </span><span class="cov1" title="1">{
+                        // Determine if this is the default
+                        isDefault := name == cfg.DefaultRemote
+                        marker := " "
+                        if isDefault </span><span class="cov1" title="1">{
+                                marker = "*"
+                        }</span>
+
+                        // Determine remote type and endpoint
+                        <span class="cov1" title="1">var remoteType string
+                        var remote config.DRSRemote
+                        if remoteSelect.Gen3 != nil </span><span class="cov1" title="1">{
+                                remoteType = string(config.Gen3ServerType)
+                                remote = remoteSelect.Gen3
+                        }</span> else<span class="cov0" title="0"> if remoteSelect.Local != nil </span><span class="cov0" title="0">{
+                                remoteType = string(config.LocalServerType)
+                                remote = remoteSelect.Local
+                        }</span> else<span class="cov0" title="0"> {
+                                remoteType = "unknown"
+                        }</span>
+
+                        <span class="cov1" title="1">endpoint := "N/A"
+                        if remote != nil </span><span class="cov1" title="1">{
+                                endpoint = remote.GetEndpoint()
+                        }</span>
+
+                        <span class="cov1" title="1">fmt.Printf("%s %-10s %-8s %s\n", marker, name, remoteType, endpoint)
+                        if remoteSelect.Gen3 != nil </span><span class="cov1" title="1">{
+                                cred, err := loadProfileCredential(string(name))
+                                if err != nil </span><span class="cov0" title="0">{
+                                        logg.Warn(fmt.Sprintf("remote %s credential check skipped: %v", name, err))
+                                        continue</span>
+                                }
+                                <span class="cov1" title="1">if err := ensureValidCredential(cmd.Context(), cred, logg); err != nil </span><span class="cov0" title="0">{
+                                        logg.Warn(config.WrapCredentialValidationError(string(name), err).Error())
+                                }</span>
+                        }
+                }
+                <span class="cov1" title="1">return nil</span>
+        },
 }
 </pre>
 		
-		<pre class="file" id="file31" style="display: none">package common
+		<pre class="file" id="file28" style="display: none">package remote
 
 import (
-        "bufio"
         "fmt"
-        "io"
-        "os"
-        "strings"
-)
-
-// PromptForConfirmation displays a prompt and reads user input to confirm an operation.
-// Returns nil if the response matches expectedResponse, error otherwise.
-// If caseSensitive is false, comparison is case-insensitive.
-func PromptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error <span class="cov10" title="2">{
-        fmt.Fprintf(w, "%s: ", prompt)
+        "sort"
 
-        reader := bufio.NewReader(os.Stdin)
-        response, err := reader.ReadString('\n')
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error reading confirmation: %v", err)
-        }</span>
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov10" title="2">response = strings.TrimSpace(response)
-        if !caseSensitive </span><span class="cov1" title="1">{
-                response = strings.ToLower(response)
-                expectedResponse = strings.ToLower(expectedResponse)
-        }</span>
+var RemoveCmd = &amp;cobra.Command{
+        Use:     "remove &lt;remote-name&gt;",
+        Aliases: []string{"rm"},
+        Short:   "Remove a DRS remote",
+        Long:    "Remove a configured DRS remote and repair the default remote if needed.",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
+                if len(args) != 1 </span><span class="cov6" title="2">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote remove --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+                remoteName := config.Remote(args[0])
+                logger := drslog.GetLogger()
 
-        <span class="cov10" title="2">if response != expectedResponse </span><span class="cov1" title="1">{
-                return fmt.Errorf("operation cancelled: confirmation did not match")
-        }</span>
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to load config: %w", err)
+                }</span>
 
-        <span class="cov1" title="1">return nil</span>
-}
+                <span class="cov6" title="2">if _, ok := cfg.Remotes[remoteName]; !ok </span><span class="cov0" title="0">{
+                        availableRemotes := make([]string, 0, len(cfg.Remotes))
+                        for name := range cfg.Remotes </span><span class="cov0" title="0">{
+                                availableRemotes = append(availableRemotes, string(name))
+                        }</span>
+                        <span class="cov0" title="0">sort.Strings(availableRemotes)
+                        return fmt.Errorf(
+                                "remote '%s' not found.\nAvailable remotes: %v",
+                                remoteName,
+                                availableRemotes,
+                        )</span>
+                }
 
-// DisplayWarningHeader writes a formatted warning header to the writer
-func DisplayWarningHeader(w io.Writer, operation string) <span class="cov1" title="1">{
-        fmt.Fprintf(w, "\n⚠️  WARNING: You are about to %s\n\n", operation)
-}</span>
+                <span class="cov6" title="2">updated, err := config.RemoveRemote(remoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to remove remote: %w", err)
+                }</span>
 
-// DisplayField writes a formatted key-value field to the writer
-func DisplayField(w io.Writer, key, value string) <span class="cov1" title="1">{
-        fmt.Fprintf(w, "%-11s %s\n", key+":", value)
-}</span>
+                <span class="cov6" title="2">if updated.DefaultRemote == "" </span><span class="cov1" title="1">{
+                        logger.Debug(fmt.Sprintf("Removed remote %s; no default remote remains", remoteName))
+                        return nil
+                }</span>
 
-// DisplayFooter writes the standard "cannot be undone" footer to the writer
-func DisplayFooter(w io.Writer) <span class="cov1" title="1">{
-        fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
-}</span>
+                <span class="cov1" title="1">logger.Debug(fmt.Sprintf("Removed remote %s; default remote is now %s", remoteName, updated.DefaultRemote))
+                return nil</span>
+        },
+}
 </pre>
 		
-		<pre class="file" id="file32" style="display: none">package common
+		<pre class="file" id="file29" style="display: none">package remote
 
 import (
-        "fmt"
-        "net/url"
-
-        "github.com/golang-jwt/jwt/v5"
+        "github.com/calypr/git-drs/cmd/remote/add"
+        "github.com/spf13/cobra"
 )
 
-func ParseEmailFromToken(tokenString string) (string, error) <span class="cov10" title="5">{
-        claims := jwt.MapClaims{}
-        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
-        if err != nil </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("failed to decode token in ParseEmailFromToken: '%s': %w", tokenString, err)
-        }</span>
-        <span class="cov8" title="4">context, ok := claims["context"].(map[string]any)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'context' claim structure")
-        }</span>
-        <span class="cov7" title="3">user, ok := context["user"].(map[string]any)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'context.user' claim structure")
-        }</span>
-        <span class="cov4" title="2">name, ok := user["name"].(string)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'context.user.name' claim")
-        }</span>
-        <span class="cov1" title="1">return name, nil</span>
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "remote",
+        Short: "Manage remote DRS server configs",
 }
 
-func ParseAPIEndpointFromToken(tokenString string) (string, error) <span class="cov7" title="3">{
-        claims := jwt.MapClaims{}
-        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("failed to decode token in ParseAPIEndpointFromToken: '%s': %w", tokenString, err)
-        }</span>
-        <span class="cov7" title="3">issUrl, ok := claims["iss"].(string)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'iss' claim")
-        }</span>
-        <span class="cov4" title="2">parsedURL, err := url.Parse(issUrl)
-        if err != nil </span><span class="cov1" title="1">{
-                return "", err
-        }</span>
-        <span class="cov1" title="1">return fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host), nil</span>
-}
+func init() <span class="cov8" title="1">{
+        Cmd.AddCommand(add.Cmd)
+        Cmd.AddCommand(ListCmd)
+        Cmd.AddCommand(RemoveCmd)
+        Cmd.AddCommand(SetCmd)
+}</span>
 </pre>
 		
-		<pre class="file" id="file33" style="display: none">package config
+		<pre class="file" id="file30" style="display: none">package remote
 
 import (
-        "errors"
         "fmt"
-        "log/slog"
-        "path/filepath"
-        "strings"
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/go-git/go-git/v5"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/spf13/cobra"
 )
 
-// RemoteType represents the type of server being initialized
-type RemoteType string
-type Remote string
-
-const (
-        ORIGIN = "origin"
-
-        Gen3ServerType  RemoteType = "gen3"
-        LocalServerType RemoteType = "local"
-
-        configSection          = "drs"
-        remoteSubsectionPrefix = "remote."
-)
+var SetCmd = &amp;cobra.Command{
+        Use:   "set &lt;remote-name&gt;",
+        Short: "Set the default DRS remote",
+        Long:  "Set which DRS remote to use by default for all operations",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
+                if len(args) != 1 </span><span class="cov6" title="2">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote set --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                remoteName := args[0]
+                logger := drslog.GetLogger()
 
-var ErrNoDefaultRemote = errors.New("no default remote configured")
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to load config: %w", err)
+                }</span>
 
-func AllRemoteTypes() []RemoteType <span class="cov4" title="8">{
-        return []RemoteType{Gen3ServerType, LocalServerType}
-}</span>
+                // validate remote exists
+                <span class="cov0" title="0">remote := config.Remote(remoteName)
+                if _, ok := cfg.Remotes[remote]; !ok </span><span class="cov0" title="0">{
+                        availableRemotes := make([]string, 0, len(cfg.Remotes))
+                        for name := range cfg.Remotes </span><span class="cov0" title="0">{
+                                availableRemotes = append(availableRemotes, string(name))
+                        }</span>
+                        <span class="cov0" title="0">return fmt.Errorf(
+                                "remote '%s' not found.\nAvailable remotes: %v",
+                                remoteName,
+                                availableRemotes,
+                        )</span>
+                }
 
-func IsValidRemoteType(mode string) error <span class="cov3" title="4">{
-        modeOptions := make([]string, len(AllRemoteTypes()))
-        for i, m := range AllRemoteTypes() </span><span class="cov4" title="8">{
-                modeOptions[i] = string(m)
-        }</span>
+                // save new default
+                <span class="cov0" title="0">cfg.DefaultRemote = remote
 
-        <span class="cov3" title="4">for _, validMode := range modeOptions </span><span class="cov4" title="7">{
-                if mode == string(validMode) </span><span class="cov2" title="2">{
-                        return nil
+                if err := config.SaveConfig(cfg); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to save config: %w", err)
                 }</span>
-        }
 
-        <span class="cov2" title="2">return fmt.Errorf("invalid mode '%s'. Valid options are: %s", mode, strings.Join(modeOptions, ", "))</span>
+                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Default remote set to: %s", remoteName))
+                return nil</span>
+        },
 }
+</pre>
+		
+		<pre class="file" id="file31" style="display: none">package rm
 
-// Config holds the overall config structure
-type Config struct {
-        DefaultRemote Remote
-        Remotes       map[Remote]RemoteSelect
+import (
+        "context"
+        "fmt"
+        "os/exec"
+        "path/filepath"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/spf13/cobra"
+)
+
+var runCommand = func(name string, args ...string) error <span class="cov8" title="1">{
+        cmd := exec.Command(name, args...)
+        return cmd.Run()
+}</span>
+
+var Cmd = &amp;cobra.Command{
+        Use:   "rm &lt;path&gt;...",
+        Short: "Remove tracked git-drs files",
+        Args:  cobra.MinimumNArgs(1),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                return run(cmd.Context(), args)
+        }</span>,
 }
 
-func (c Config) GetRemoteClient(remote Remote, logger *slog.Logger) (*GitContext, error) <span class="cov1" title="1">{
-        x, ok := c.Remotes[remote]
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("GetRemoteClient no remote configuration found for current remote: %s", remote)
-        }</span>
-        <span class="cov1" title="1">if x.Local != nil </span><span class="cov1" title="1">{
-                return x.Local.GetClient(string(remote), logger)
+func run(ctx context.Context, args []string) error <span class="cov8" title="1">{
+        tracked, err := lfs.GetTrackedLfsFiles(drslog.GetLogger())
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">if x.Gen3 != nil </span><span class="cov0" title="0">{
-                username, password, err := gitrepo.GetRemoteBasicAuth(string(remote))
-                if err == nil &amp;&amp; strings.TrimSpace(username) != "" &amp;&amp; strings.TrimSpace(password) != "" </span><span class="cov0" title="0">{
-                        // If repo-local basic auth is configured, prefer the local/basic-auth client
-                        // path even when the remote entry was parsed as Gen3.
-                        return localRemoteFromGen3(x.Gen3, username, password).GetClient(string(remote), logger)
+
+        <span class="cov8" title="1">type removal struct {
+                path string
+                oid  string
+        }
+        planned := make([]removal, 0, len(args))
+        for _, raw := range args </span><span class="cov8" title="1">{
+                path := filepath.ToSlash(filepath.Clean(raw))
+                info, ok := tracked[path]
+                if !ok || strings.TrimSpace(info.Oid) == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("%s is not a tracked git-drs/LFS file", raw)
                 }</span>
-                <span class="cov0" title="0">return x.Gen3.GetClient(string(remote), logger)</span>
+                <span class="cov8" title="1">planned = append(planned, removal{path: path, oid: "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")})</span>
         }
-        <span class="cov0" title="0">return nil, fmt.Errorf("no valid remote configuration found for current remote: %s", remote)</span>
-}
 
-func (c Config) GetRemote(remote Remote) DRSRemote <span class="cov2" title="2">{
-        x, ok := c.Remotes[remote]
-        if !ok </span><span class="cov0" title="0">{
-                return nil
+        <span class="cov8" title="1">gitArgs := []string{"rm", "--"}
+        for _, item := range planned </span><span class="cov8" title="1">{
+                gitArgs = append(gitArgs, item.path)
         }</span>
-        <span class="cov2" title="2">if x.Gen3 != nil </span><span class="cov0" title="0">{
-                return x.Gen3
-        }</span> else<span class="cov2" title="2"> if x.Local != nil </span><span class="cov2" title="2">{
-                return x.Local
+        <span class="cov8" title="1">if err := runCommand("git", gitArgs...); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">return nil</span>
+
+        <span class="cov8" title="1">return nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file32" style="display: none">package smudge
 
-// GetDefaultRemote returns the configured default remote with validation
-func (c Config) GetDefaultRemote() (Remote, error) <span class="cov1" title="1">{
-        if c.DefaultRemote == "" </span><span class="cov0" title="0">{
-                return "", fmt.Errorf(
-                        "%w.\n"+
-                                "Set one with: git drs remote set &lt;name&gt;\n"+
-                                "Available remotes: %v\n"+
-                                "Config: %v\n",
-                        ErrNoDefaultRemote,
-                        c.listRemoteNames(),
-                        c,
-                )
-        }</span>
+import (
+        "context"
+        "errors"
+        "fmt"
+        "os"
 
-        <span class="cov1" title="1">if _, ok := c.Remotes[c.DefaultRemote]; !ok </span><span class="cov0" title="0">{
-                return "", fmt.Errorf(
-                        "default remote '%s' not found in configuration.\n"+
-                                "Available remotes: %v",
-                        c.DefaultRemote,
-                        c.listRemoteNames(),
-                )
-        }</span>
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsfilter"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov1" title="1">return c.DefaultRemote, nil</span>
-}
+// Cmd implements `git drs smudge`, which mirrors `git lfs smudge` behavior.
+var Cmd = &amp;cobra.Command{
+        Use:   "smudge -- &lt;path&gt;",
+        Short: "Smudge a file by converting an LFS pointer to file content (invoked by git)",
+        Long: `git drs smudge reads potential LFS pointer content from stdin. If the input
+is a valid LFS pointer, it restores file content from the local LFS object cache
+or downloads it from the configured DRS remote. If no DRS remote is configured,
+the pointer is passed through unchanged. If the input is not an LFS pointer,
+content is passed through unchanged.
 
-// GetRemoteOrDefault returns the specified remote if provided, otherwise returns the default remote
-func (c Config) GetRemoteOrDefault(remote string) (Remote, error) <span class="cov2" title="2">{
-        if remote != "" </span><span class="cov1" title="1">{
-                return Remote(remote), nil
-        }</span>
-        <span class="cov1" title="1">return c.GetDefaultRemote()</span>
-}
+This command mirrors 'git lfs smudge' and is intended to be configured as the
+git smudge filter:
 
-// listRemoteNames returns a slice of all remote names for error messages
-func (c Config) listRemoteNames() []string <span class="cov0" title="0">{
-        names := make([]string, 0, len(c.Remotes))
-        for name := range c.Remotes </span><span class="cov0" title="0">{
-                names = append(names, string(name))
-        }</span>
-        <span class="cov0" title="0">return names</span>
+  git config filter.drs.smudge 'git-drs smudge -- %f'`,
+        Hidden: true,
+        Args:   cobra.ExactArgs(1),
+        RunE:   runSmudge,
 }
 
-// getRepo opens the current git repository
-func getRepo() (*git.Repository, error) <span class="cov6" title="15">{
-        return gitrepo.GetRepo()
-}</span>
-
-func (c Config) ConfigPath() (string, error) <span class="cov0" title="0">{
-        return getConfigPath()
-}</span>
-
-// updates and git adds a Git DRS config file
-// this should handle three cases:
-// 1. create a new config file if it does not exist / is empty
-// 2. return an error if the config file is invalid
-// 3. update the existing config file, making sure to combine the new serversMap with the existing one
-// UpdateRemote updates and saves configuration using go-git
-func UpdateRemote(name Remote, remote RemoteSelect) (*Config, error) <span class="cov3" title="3">{
-        repo, err := getRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+func runSmudge(cmd *cobra.Command, args []string) error <span class="cov8" title="1">{
+        ctx := cmd.Context()
+        if ctx == nil </span><span class="cov8" title="1">{
+                ctx = context.Background()
         }</span>
 
-        <span class="cov3" title="3">conf, err := repo.Config()
+        <span class="cov8" title="1">pathname := args[0]
+        logger := drslog.GetLogger()
+        logger.Debug("smudge: starting", "pathname", pathname)
+
+        cfg, err := config.LoadConfig()
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("smudge: load config: %w", err)
         }</span>
 
-        // Update drs.remote.&lt;name&gt; subsection
-        <span class="cov3" title="3">remoteSubsectionName := fmt.Sprintf("%s%s", remoteSubsectionPrefix, name)
-        remoteSubsection := conf.Raw.Section(configSection).Subsection(remoteSubsectionName)
-
-        if remote.Gen3 != nil </span><span class="cov1" title="1">{
-                remoteSubsection.SetOption("type", "gen3")
-                remoteSubsection.SetOption("endpoint", remote.Gen3.Endpoint)
-                remoteSubsection.SetOption("project", remote.Gen3.ProjectID)
-                remoteSubsection.SetOption("bucket", remote.Gen3.Bucket)
-                if remote.Gen3.Organization != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("organization", remote.Gen3.Organization)
-                }</span>
-                <span class="cov1" title="1">if remote.Gen3.StoragePrefix != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("storage_prefix", remote.Gen3.StoragePrefix)
-                }</span>
-        } else<span class="cov2" title="2"> if remote.Local != nil </span><span class="cov2" title="2">{
-                remoteSubsection.SetOption("type", "local")
-                remoteSubsection.SetOption("endpoint", remote.Local.BaseURL)
-                if remote.Local.ProjectID != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("project", remote.Local.ProjectID)
-                }</span>
-                <span class="cov2" title="2">if remote.Local.Bucket != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("bucket", remote.Local.Bucket)
-                }</span>
-                <span class="cov2" title="2">if remote.Local.Organization != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("organization", remote.Local.Organization)
-                }</span>
-                <span class="cov2" title="2">if remote.Local.StoragePrefix != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("storage_prefix", remote.Local.StoragePrefix)
+        <span class="cov8" title="1">remote, err := cfg.GetDefaultRemote()
+        if err != nil </span><span class="cov8" title="1">{
+                if errors.Is(err, config.ErrNoDefaultRemote) </span><span class="cov8" title="1">{
+                        logger.Debug("smudge: no default remote configured; passing through pointer", "pathname", pathname)
+                        return drsfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, nil)
                 }</span>
+                <span class="cov0" title="0">return fmt.Errorf("smudge: get default remote: %w", err)</span>
         }
 
-        // Set default remote if not set
-        <span class="cov3" title="3">configRoot := conf.Raw.Section(configSection)
-        defaultRemote := configRoot.Option("default-remote")
-        if defaultRemote == "" </span><span class="cov3" title="3">{
-                configRoot.SetOption("default-remote", string(name))
-        }</span>
-
-        // Save config
-        <span class="cov3" title="3">if err := repo.Storer.SetConfig(conf); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov0" title="0">drsCtx, err := cfg.GetRemoteClient(remote, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: create DRS client: %w", err)
         }</span>
 
-        <span class="cov3" title="3">return LoadConfig()</span>
+        <span class="cov0" title="0">return drsfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, func(callCtx context.Context, oid, cachePath string) error </span><span class="cov0" title="0">{
+                return drsremote.DownloadToCachePath(callCtx, drsCtx, logger, oid, cachePath)
+        }</span>)
 }
 
-func parseAndAddRemote(cfg *Config, subsectionName string, remoteType string, endpoint string, project string, bucket string, organization string, storagePrefix string) <span class="cov5" title="9">{
-        if !strings.HasPrefix(subsectionName, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
-                return
-        }</span>
+func init() {<span class="cov8" title="1">}</span>
+</pre>
+		
+		<pre class="file" id="file33" style="display: none">package track
 
-        <span class="cov5" title="9">remoteName := Remote(strings.TrimPrefix(subsectionName, remoteSubsectionPrefix))
-        rs := RemoteSelect{}
+import (
+        "context"
+        "fmt"
 
-        if remoteType == "gen3" || remoteType == "" </span><span class="cov4" title="5">{
-                rs.Gen3 = &amp;Gen3Remote{
-                        Endpoint:      endpoint,
-                        ProjectID:     project,
-                        Bucket:        bucket,
-                        Organization:  organization,
-                        StoragePrefix: storagePrefix,
-                }
-        }</span> else<span class="cov3" title="4"> if remoteType == "local" </span><span class="cov3" title="4">{
-                rs.Local = &amp;LocalRemote{
-                        BaseURL:       endpoint,
-                        ProjectID:     project,
-                        Bucket:        bucket,
-                        Organization:  organization,
-                        StoragePrefix: storagePrefix,
-                }
-        }</span>
+        "github.com/calypr/git-drs/internal/drstrack"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov5" title="9">cfg.Remotes[remoteName] = rs</span>
-}
+var (
+        gitLFSTrackPatterns = drstrack.TrackPatterns
+        gitLFSListPatterns  = drstrack.ListTrackedPatterns
+)
 
-// LoadConfig loads configuration using go-git
-func LoadConfig() (*Config, error) <span class="cov5" title="10">{
-        repo, err := getRepo()
+var Cmd = NewCommand()
+
+func NewCommand() *cobra.Command <span class="cov10" title="3">{
+        cmd := &amp;cobra.Command{
+                Use:   "track [pattern ...]",
+                Short: "Track files with Git LFS",
+                Long:  "Manage Git LFS tracking patterns. With no patterns, this lists tracked patterns.",
+                Args:  cobra.ArbitraryArgs,
+                RunE:  runTrack,
+        }
+
+        cmd.Flags().Bool("verbose", false, "show detailed output")
+        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
+
+        return cmd
+}</span>
+
+func runTrack(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+        verbose, err := cmd.Flags().GetBool("verbose")
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("read flag verbose: %w", err)
         }</span>
-
-        <span class="cov5" title="10">conf, err := repo.Config()
+        <span class="cov6" title="2">dryRun, err := cmd.Flags().GetBool("dry-run")
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("read flag dry-run: %w", err)
         }</span>
 
-        <span class="cov5" title="10">cfg := &amp;Config{
-                Remotes: make(map[Remote]RemoteSelect),
-        }
+        <span class="cov6" title="2">ctx := cmd.Context()
+        if ctx == nil </span><span class="cov0" title="0">{
+                ctx = context.Background()
+        }</span>
 
-        // Iterate over all sections to find 'drs' and its subsections
-        for _, section := range conf.Raw.Sections </span><span class="cov10" title="109">{
-                if section.Name != configSection </span><span class="cov9" title="100">{
-                        continue</span>
-                }
+        <span class="cov6" title="2">var out string
+        if len(args) == 0 </span><span class="cov1" title="1">{
+                out, err = gitLFSListPatterns(ctx, verbose)
+        }</span> else<span class="cov1" title="1"> {
+                out, err = gitLFSTrackPatterns(ctx, args, verbose, dryRun)
+        }</span>
+        <span class="cov6" title="2">if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-                // Check for default-remote in the section root.
-                <span class="cov5" title="9">dr := section.Option("default-remote")
-                if dr != "" </span><span class="cov5" title="9">{
-                        cfg.DefaultRemote = Remote(dr)
-                }</span>
+        <span class="cov6" title="2">if out != "" </span><span class="cov6" title="2">{
+                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+        }</span>
+        <span class="cov6" title="2">return nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file34" style="display: none">package untrack
 
-                <span class="cov5" title="9">for _, subsection := range section.Subsections </span><span class="cov5" title="9">{
-                        if !strings.HasPrefix(subsection.Name, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov5" title="9">parseAndAddRemote(
-                                cfg,
-                                subsection.Name,
-                                subsection.Option("type"),
-                                subsection.Option("endpoint"),
-                                subsection.Option("project"),
-                                subsection.Option("bucket"),
-                                subsection.Option("organization"),
-                                subsection.Option("storage_prefix"),
-                        )</span>
-                }
+import (
+        "context"
+        "fmt"
+
+        "github.com/calypr/git-drs/internal/drstrack"
+        "github.com/spf13/cobra"
+)
+
+var gitLFSUntrackPatterns = drstrack.UntrackPatterns
+
+var Cmd = NewCommand()
+
+func NewCommand() *cobra.Command <span class="cov10" title="3">{
+        cmd := &amp;cobra.Command{
+                Use:   "untrack &lt;pattern&gt; [pattern ...]",
+                Short: "Stop tracking files with Git LFS",
+                Long:  "Remove one or more Git LFS tracking patterns.",
+                Args:  cobra.MinimumNArgs(1),
+                RunE:  runUntrack,
         }
 
-        <span class="cov5" title="10">return cfg, nil</span>
-}
+        cmd.Flags().Bool("verbose", false, "show detailed output")
+        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
 
-func CreateEmptyConfig() error <span class="cov1" title="1">{
-        // With go-git, we just verify we are in a repo?
-        // Existing behavior was ensuring file existence.
-        // We can check if we can open the repo.
-        _, err := getRepo()
-        return err
+        return cmd
 }</span>
 
-func GetProjectId(remote Remote) (string, error) <span class="cov0" title="0">{
-        cfg, err := LoadConfig()
+func runUntrack(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+        verbose, err := cmd.Flags().GetBool("verbose")
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("error loading config: %v", err)
+                return fmt.Errorf("read flag verbose: %w", err)
         }</span>
-        <span class="cov0" title="0">rmt := cfg.GetRemote(remote)
-        if rmt == nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("no remote configuration found for current remote: %s", remote)
+        <span class="cov1" title="1">dryRun, err := cmd.Flags().GetBool("dry-run")
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("read flag dry-run: %w", err)
         }</span>
-        <span class="cov0" title="0">return rmt.GetProjectId(), nil</span>
-}
 
-// SaveConfig writes the configuration using go-git
-func SaveConfig(cfg *Config) error <span class="cov1" title="1">{
-        repo, err := getRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">ctx := cmd.Context()
+        if ctx == nil </span><span class="cov0" title="0">{
+                ctx = context.Background()
         }</span>
 
-        <span class="cov1" title="1">conf, err := repo.Config()
+        <span class="cov1" title="1">out, err := gitLFSUntrackPatterns(ctx, args, verbose, dryRun)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov1" title="1">if cfg.DefaultRemote != "" </span><span class="cov1" title="1">{
-                conf.Raw.Section(configSection).SetOption("default-remote", string(cfg.DefaultRemote))
+        <span class="cov1" title="1">if out != "" </span><span class="cov1" title="1">{
+                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
         }</span>
+        <span class="cov1" title="1">return nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file35" style="display: none">package version
 
-        <span class="cov1" title="1">return repo.Storer.SetConfig(conf)</span>
+import (
+        "fmt"
+        "runtime/debug"
+
+        "github.com/spf13/cobra"
+)
+
+// Cmd represents the "version" command
+var Cmd = &amp;cobra.Command{
+        Use:   "version",
+        Short: "Get version",
+        Long:  ``,
+        Run: func(cmd *cobra.Command, args []string) <span class="cov4" title="5">{
+                fmt.Println("git-drs", buildVersion())
+        }</span>,
 }
 
-// GetGitConfigInt reads an integer value from git config
-// getGitConfigValue retrieves a value from git config by key
-func getConfigPath() (string, error) <span class="cov0" title="0">{
-        topLevel, err := gitrepo.GitTopLevel()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func buildVersion() string <span class="cov5" title="6">{
+        tag := ""
+        commit := ""
+        if info, ok := debug.ReadBuildInfo(); ok </span><span class="cov5" title="6">{
+                if info.Main.Version != "" &amp;&amp; info.Main.Version != "(devel)" </span><span class="cov0" title="0">{
+                        tag = info.Main.Version
+                }</span>
+                <span class="cov5" title="6">for _, setting := range info.Settings </span><span class="cov10" title="42">{
+                        switch setting.Key </span>{
+                        case "vcs.revision":<span class="cov0" title="0">
+                                commit = setting.Value</span>
+                        case "vcs.tag":<span class="cov0" title="0">
+                                if tag == "" </span><span class="cov0" title="0">{
+                                        tag = setting.Value
+                                }</span>
+                        }
+                }
+        }
+
+        <span class="cov5" title="6">commitShort := commit
+        if len(commitShort) &gt; 7 </span><span class="cov0" title="0">{
+                commitShort = commitShort[:7]
         }</span>
 
-        <span class="cov0" title="0">configPath := filepath.Join(topLevel, common.DRS_DIR, common.CONFIG_YAML)
-        return configPath, nil</span>
+        <span class="cov5" title="6">switch </span>{
+        case tag != "" &amp;&amp; commitShort != "":<span class="cov0" title="0">
+                return fmt.Sprintf("%s-%s", tag, commitShort)</span>
+        case tag != "":<span class="cov0" title="0">
+                return tag</span>
+        case commitShort != "":<span class="cov0" title="0">
+                return fmt.Sprintf("dev-%s", commitShort)</span>
+        default:<span class="cov5" title="6">
+                return "dev-unknown"</span>
+        }
 }
 </pre>
 		
-		<pre class="file" id="file34" style="display: none">package config
+		<pre class="file" id="file36" style="display: none">package common
 
 import (
-        "context"
+        "crypto/sha256"
+        "encoding/hex"
         "fmt"
-        "log/slog"
-        "net/url"
+        "io"
+        "os"
         "strings"
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        syclient "github.com/calypr/syfon/client"
-        syconf "github.com/calypr/syfon/client/conf"
-        syrequest "github.com/calypr/syfon/client/request"
-        "github.com/calypr/syfon/client/syfonclient"
+        "github.com/bytedance/sonic"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
-type DRSRemote interface {
-        GetProjectId() string
-        GetOrganization() string
-        GetEndpoint() string
-        GetBucketName() string
-        GetStoragePrefix() string
-        GetClient(remoteName string, logger *slog.Logger) (*GitContext, error)
+// ParseOrgProject resolves the effective org and project from the conventional
+// arguments. When org is provided it is used directly. When org is empty the
+// project string is split on the first "-" to derive org and project.
+func ParseOrgProject(org, project string) (string, string) <span class="cov10" title="3">{
+        if org != "" </span><span class="cov1" title="1">{
+                return org, project
+        }</span>
+        <span class="cov6" title="2">if project == "" </span><span class="cov0" title="0">{
+                return "", ""
+        }</span>
+        <span class="cov6" title="2">if !strings.Contains(project, "-") </span><span class="cov1" title="1">{
+                return "default", project
+        }</span>
+        <span class="cov1" title="1">parts := strings.SplitN(project, "-", 2)
+        return parts[0], parts[1]</span>
 }
 
-type GitContext struct {
-        Client             syfonclient.SyfonClient
-        Requestor          syrequest.Requester
-        Organization       string
-        ProjectId          string
-        BucketName         string
-        StoragePrefix      string
-        Upsert             bool
-        MultiPartThreshold int64
-        UploadConcurrency  int
-        Logger             *slog.Logger
-        Credential         *syconf.Credential
+// CalculateFileSHA256 returns the lowercase hex SHA256 checksum for a file.
+func CalculateFileSHA256(path string) (string, error) <span class="cov6" title="2">{
+        f, err := os.Open(path)
+        if err != nil </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("open file %s: %w", path, err)
+        }</span>
+        <span class="cov1" title="1">defer f.Close()
+
+        h := sha256.New()
+        if _, err := io.Copy(h, f); err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("hash file %s: %w", path, err)
+        }</span>
+
+        <span class="cov1" title="1">return hex.EncodeToString(h.Sum(nil)), nil</span>
 }
 
-type RemoteSelect struct {
-        Gen3  *Gen3Remote
-        Local *LocalRemote
-}
+// PrintDRSObject marshals and prints a DRS object as JSON.
+func PrintDRSObject(obj drsapi.DrsObject, pretty bool) error <span class="cov0" title="0">{
+        var out []byte
+        var err error
 
-type Gen3Remote struct {
-        Endpoint      string `yaml:"endpoint"`
-        ProjectID     string `yaml:"project_id"`
-        Bucket        string `yaml:"bucket"`
-        Organization  string `yaml:"organization"`
-        StoragePrefix string `yaml:"storage_prefix"`
+        if pretty </span><span class="cov0" title="0">{
+                out, err = sonic.ConfigFastest.MarshalIndent(obj, "", "  ")
+        }</span> else<span class="cov0" title="0"> {
+                out, err = sonic.ConfigFastest.Marshal(obj)
+        }</span>
+        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+
+        <span class="cov0" title="0">fmt.Printf("%s\n", string(out))
+        return nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file37" style="display: none">package common
 
-func (s Gen3Remote) GetProjectId() string     <span class="cov0" title="0">{ return s.ProjectID }</span>
-func (s Gen3Remote) GetOrganization() string  <span class="cov0" title="0">{ return s.Organization }</span>
-func (s Gen3Remote) GetEndpoint() string      <span class="cov0" title="0">{ return s.Endpoint }</span>
-func (s Gen3Remote) GetBucketName() string    <span class="cov0" title="0">{ return s.Bucket }</span>
-func (s Gen3Remote) GetStoragePrefix() string <span class="cov0" title="0">{ return s.StoragePrefix }</span>
+import (
+        "bufio"
+        "fmt"
+        "io"
+        "os"
+        "strings"
+)
 
-func (s Gen3Remote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov0" title="0">{
-        manager := syconf.NewConfigure(logger)
-        cred, err := manager.Load(remoteName)
+// PromptForConfirmation displays a prompt and reads user input to confirm an operation.
+// Returns nil if the response matches expectedResponse, error otherwise.
+// If caseSensitive is false, comparison is case-insensitive.
+func PromptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error <span class="cov10" title="2">{
+        fmt.Fprintf(w, "%s: ", prompt)
+
+        reader := bufio.NewReader(os.Stdin)
+        response, err := reader.ReadString('\n')
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("error reading confirmation: %v", err)
         }</span>
-        <span class="cov0" title="0">if err := gitauth.EnsureValidCredential(context.Background(), cred, logger); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+
+        <span class="cov10" title="2">response = strings.TrimSpace(response)
+        if !caseSensitive </span><span class="cov1" title="1">{
+                response = strings.ToLower(response)
+                expectedResponse = strings.ToLower(expectedResponse)
         }</span>
-        <span class="cov0" title="0">return newGitContext(*cred, s, logger)</span>
+
+        <span class="cov10" title="2">if response != expectedResponse </span><span class="cov1" title="1">{
+                return fmt.Errorf("operation cancelled: confirmation did not match")
+        }</span>
+
+        <span class="cov1" title="1">return nil</span>
 }
 
-type LocalRemote struct {
-        BaseURL       string
-        ProjectID     string
-        Bucket        string
-        Organization  string
-        StoragePrefix string
-        BasicUsername string
-        BasicPassword string
+// DisplayWarningHeader writes a formatted warning header to the writer
+func DisplayWarningHeader(w io.Writer, operation string) <span class="cov1" title="1">{
+        fmt.Fprintf(w, "\n⚠️  WARNING: You are about to %s\n\n", operation)
+}</span>
+
+// DisplayField writes a formatted key-value field to the writer
+func DisplayField(w io.Writer, key, value string) <span class="cov1" title="1">{
+        fmt.Fprintf(w, "%-11s %s\n", key+":", value)
+}</span>
+
+// DisplayFooter writes the standard "cannot be undone" footer to the writer
+func DisplayFooter(w io.Writer) <span class="cov1" title="1">{
+        fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
+}</span>
+</pre>
+		
+		<pre class="file" id="file38" style="display: none">package common
+
+import (
+        "fmt"
+        "net/url"
+
+        "github.com/golang-jwt/jwt/v5"
+)
+
+func ParseEmailFromToken(tokenString string) (string, error) <span class="cov10" title="5">{
+        claims := jwt.MapClaims{}
+        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
+        if err != nil </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("failed to decode token in ParseEmailFromToken: '%s': %w", tokenString, err)
+        }</span>
+        <span class="cov8" title="4">context, ok := claims["context"].(map[string]any)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'context' claim structure")
+        }</span>
+        <span class="cov7" title="3">user, ok := context["user"].(map[string]any)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'context.user' claim structure")
+        }</span>
+        <span class="cov4" title="2">name, ok := user["name"].(string)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'context.user.name' claim")
+        }</span>
+        <span class="cov1" title="1">return name, nil</span>
 }
 
-func (l LocalRemote) GetProjectId() string <span class="cov4" title="2">{
-        if l.ProjectID != "" </span><span class="cov1" title="1">{
-                return l.ProjectID
+func ParseAPIEndpointFromToken(tokenString string) (string, error) <span class="cov7" title="3">{
+        claims := jwt.MapClaims{}
+        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("failed to decode token in ParseAPIEndpointFromToken: '%s': %w", tokenString, err)
         }</span>
-        <span class="cov1" title="1">return "local-project"</span>
+        <span class="cov7" title="3">issUrl, ok := claims["iss"].(string)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'iss' claim")
+        }</span>
+        <span class="cov4" title="2">parsedURL, err := url.Parse(issUrl)
+        if err != nil </span><span class="cov1" title="1">{
+                return "", err
+        }</span>
+        <span class="cov1" title="1">return fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host), nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file39" style="display: none">package config
 
-func (l LocalRemote) GetOrganization() string  <span class="cov10" title="5">{ return l.Organization }</span>
-func (l LocalRemote) GetEndpoint() string      <span class="cov0" title="0">{ return l.BaseURL }</span>
-func (l LocalRemote) GetBucketName() string    <span class="cov4" title="2">{ return l.Bucket }</span>
-func (l LocalRemote) GetStoragePrefix() string <span class="cov4" title="2">{ return l.StoragePrefix }</span>
+import (
+        "errors"
+        "fmt"
+        "log/slog"
+        "path/filepath"
+        "sort"
+        "strings"
 
-func (l LocalRemote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov4" title="2">{
-        if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov1" title="1">{
-                l.BasicUsername = username
-                l.BasicPassword = password
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        "github.com/go-git/go-git/v5"
+)
+
+// RemoteType represents the type of server being initialized
+type RemoteType string
+type Remote string
+
+const (
+        ORIGIN = "origin"
+
+        Gen3ServerType  RemoteType = "gen3"
+        LocalServerType RemoteType = "local"
+
+        configSection          = "drs"
+        remoteSubsectionPrefix = "remote."
+)
+
+var ErrNoDefaultRemote = errors.New("no default remote configured")
+
+func AllRemoteTypes() []RemoteType <span class="cov4" title="8">{
+        return []RemoteType{Gen3ServerType, LocalServerType}
+}</span>
+
+func IsValidRemoteType(mode string) error <span class="cov3" title="4">{
+        modeOptions := make([]string, len(AllRemoteTypes()))
+        for i, m := range AllRemoteTypes() </span><span class="cov4" title="8">{
+                modeOptions[i] = string(m)
         }</span>
-        <span class="cov4" title="2">projectID := l.GetProjectId()
-        bucketName := l.GetBucketName()
-        storagePrefix := l.GetStoragePrefix()
-        if strings.TrimSpace(l.GetOrganization()) != "" || strings.TrimSpace(bucketName) != "" || strings.TrimSpace(storagePrefix) != "" </span><span class="cov1" title="1">{
-                scope, err := gitrepo.ResolveBucketScope(
-                        l.GetOrganization(),
-                        projectID,
-                        bucketName,
-                        storagePrefix,
-                )
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, err
+
+        <span class="cov3" title="4">for _, validMode := range modeOptions </span><span class="cov4" title="7">{
+                if mode == string(validMode) </span><span class="cov2" title="2">{
+                        return nil
                 }</span>
-                <span class="cov1" title="1">bucketName = scope.Bucket
-                storagePrefix = scope.Prefix</span>
         }
 
-        <span class="cov4" title="2">cred := &amp;syconf.Credential{APIEndpoint: l.BaseURL}
-        if l.BasicUsername != "" || l.BasicPassword != "" </span><span class="cov1" title="1">{
-                cred.KeyID = l.BasicUsername
-                cred.APIKey = l.BasicPassword
-        }</span>
+        <span class="cov2" title="2">return fmt.Errorf("invalid mode '%s'. Valid options are: %s", mode, strings.Join(modeOptions, ", "))</span>
+}
+
+// Config holds the overall config structure
+type Config struct {
+        DefaultRemote Remote
+        Remotes       map[Remote]RemoteSelect
+}
+
+func (c Config) GetRemoteClient(remote Remote, logger *slog.Logger) (*GitContext, error) <span class="cov1" title="1">{
+        x, ok := c.Remotes[remote]
+        if !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("GetRemoteClient no remote configuration found for current remote: %s", remote)
+        }</span>
+        <span class="cov1" title="1">if x.Local != nil </span><span class="cov1" title="1">{
+                return x.Local.GetClient(string(remote), logger)
+        }</span>
+        <span class="cov0" title="0">if x.Gen3 != nil </span><span class="cov0" title="0">{
+                username, password, err := gitrepo.GetRemoteBasicAuth(string(remote))
+                if err == nil &amp;&amp; strings.TrimSpace(username) != "" &amp;&amp; strings.TrimSpace(password) != "" </span><span class="cov0" title="0">{
+                        // If repo-local basic auth is configured, prefer the local/basic-auth client
+                        // path even when the remote entry was parsed as Gen3.
+                        return localRemoteFromGen3(x.Gen3, username, password).GetClient(string(remote), logger)
+                }</span>
+                <span class="cov0" title="0">return x.Gen3.GetClient(string(remote), logger)</span>
+        }
+        <span class="cov0" title="0">return nil, fmt.Errorf("no valid remote configuration found for current remote: %s", remote)</span>
+}
+
+func (c Config) GetRemote(remote Remote) DRSRemote <span class="cov2" title="2">{
+        x, ok := c.Remotes[remote]
+        if !ok </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov2" title="2">if x.Gen3 != nil </span><span class="cov0" title="0">{
+                return x.Gen3
+        }</span> else<span class="cov2" title="2"> if x.Local != nil </span><span class="cov2" title="2">{
+                return x.Local
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
+
+// GetDefaultRemote returns the configured default remote with validation
+func (c Config) GetDefaultRemote() (Remote, error) <span class="cov1" title="1">{
+        if c.DefaultRemote == "" </span><span class="cov0" title="0">{
+                return "", fmt.Errorf(
+                        "%w.\n"+
+                                "Set one with: git drs remote set &lt;name&gt;\n"+
+                                "Available remotes: %v\n"+
+                                "Config: %v\n",
+                        ErrNoDefaultRemote,
+                        c.listRemoteNames(),
+                        c,
+                )
+        }</span>
+
+        <span class="cov1" title="1">if _, ok := c.Remotes[c.DefaultRemote]; !ok </span><span class="cov0" title="0">{
+                return "", fmt.Errorf(
+                        "default remote '%s' not found in configuration.\n"+
+                                "Available remotes: %v",
+                        c.DefaultRemote,
+                        c.listRemoteNames(),
+                )
+        }</span>
+
+        <span class="cov1" title="1">return c.DefaultRemote, nil</span>
+}
+
+// GetRemoteOrDefault returns the specified remote if provided, otherwise returns the default remote
+func (c Config) GetRemoteOrDefault(remote string) (Remote, error) <span class="cov2" title="2">{
+        if remote != "" </span><span class="cov1" title="1">{
+                return Remote(remote), nil
+        }</span>
+        <span class="cov1" title="1">return c.GetDefaultRemote()</span>
+}
+
+// listRemoteNames returns a slice of all remote names for error messages
+func (c Config) listRemoteNames() []string <span class="cov0" title="0">{
+        names := make([]string, 0, len(c.Remotes))
+        for name := range c.Remotes </span><span class="cov0" title="0">{
+                names = append(names, string(name))
+        }</span>
+        <span class="cov0" title="0">return names</span>
+}
+
+// getRepo opens the current git repository
+func getRepo() (*git.Repository, error) <span class="cov6" title="15">{
+        return gitrepo.GetRepo()
+}</span>
+
+func (c Config) ConfigPath() (string, error) <span class="cov0" title="0">{
+        return getConfigPath()
+}</span>
+
+// updates and git adds a Git DRS config file
+// this should handle three cases:
+// 1. create a new config file if it does not exist / is empty
+// 2. return an error if the config file is invalid
+// 3. update the existing config file, making sure to combine the new serversMap with the existing one
+// UpdateRemote updates and saves configuration using go-git
+func UpdateRemote(name Remote, remote RemoteSelect) (*Config, error) <span class="cov3" title="3">{
+        repo, err := getRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov3" title="3">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        // Update drs.remote.&lt;name&gt; subsection
+        <span class="cov3" title="3">remoteSubsectionName := fmt.Sprintf("%s%s", remoteSubsectionPrefix, name)
+        remoteSubsection := conf.Raw.Section(configSection).Subsection(remoteSubsectionName)
+
+        if remote.Gen3 != nil </span><span class="cov1" title="1">{
+                remoteSubsection.SetOption("type", "gen3")
+                remoteSubsection.SetOption("endpoint", remote.Gen3.Endpoint)
+                remoteSubsection.SetOption("project", remote.Gen3.ProjectID)
+                remoteSubsection.SetOption("bucket", remote.Gen3.Bucket)
+                if remote.Gen3.Organization != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("organization", remote.Gen3.Organization)
+                }</span>
+                <span class="cov1" title="1">if remote.Gen3.StoragePrefix != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("storage_prefix", remote.Gen3.StoragePrefix)
+                }</span>
+        } else<span class="cov2" title="2"> if remote.Local != nil </span><span class="cov2" title="2">{
+                remoteSubsection.SetOption("type", "local")
+                remoteSubsection.SetOption("endpoint", remote.Local.BaseURL)
+                if remote.Local.ProjectID != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("project", remote.Local.ProjectID)
+                }</span>
+                <span class="cov2" title="2">if remote.Local.Bucket != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("bucket", remote.Local.Bucket)
+                }</span>
+                <span class="cov2" title="2">if remote.Local.Organization != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("organization", remote.Local.Organization)
+                }</span>
+                <span class="cov2" title="2">if remote.Local.StoragePrefix != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("storage_prefix", remote.Local.StoragePrefix)
+                }</span>
+        }
+
+        // Set default remote if not set
+        <span class="cov3" title="3">configRoot := conf.Raw.Section(configSection)
+        defaultRemote := configRoot.Option("default-remote")
+        if defaultRemote == "" </span><span class="cov3" title="3">{
+                configRoot.SetOption("default-remote", string(name))
+        }</span>
+
+        // Save config
+        <span class="cov3" title="3">if err := repo.Storer.SetConfig(conf); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov3" title="3">return LoadConfig()</span>
+}
+
+func parseAndAddRemote(cfg *Config, subsectionName string, remoteType string, endpoint string, project string, bucket string, organization string, storagePrefix string) <span class="cov5" title="9">{
+        if !strings.HasPrefix(subsectionName, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
+                return
+        }</span>
+
+        <span class="cov5" title="9">remoteName := Remote(strings.TrimPrefix(subsectionName, remoteSubsectionPrefix))
+        rs := RemoteSelect{}
+
+        if remoteType == "gen3" || remoteType == "" </span><span class="cov4" title="5">{
+                rs.Gen3 = &amp;Gen3Remote{
+                        Endpoint:      endpoint,
+                        ProjectID:     project,
+                        Bucket:        bucket,
+                        Organization:  organization,
+                        StoragePrefix: storagePrefix,
+                }
+        }</span> else<span class="cov3" title="4"> if remoteType == "local" </span><span class="cov3" title="4">{
+                rs.Local = &amp;LocalRemote{
+                        BaseURL:       endpoint,
+                        ProjectID:     project,
+                        Bucket:        bucket,
+                        Organization:  organization,
+                        StoragePrefix: storagePrefix,
+                }
+        }</span>
+
+        <span class="cov5" title="9">cfg.Remotes[remoteName] = rs</span>
+}
+
+// LoadConfig loads configuration using go-git
+func LoadConfig() (*Config, error) <span class="cov5" title="10">{
+        repo, err := getRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov5" title="10">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov5" title="10">cfg := &amp;Config{
+                Remotes: make(map[Remote]RemoteSelect),
+        }
+
+        // Iterate over all sections to find 'drs' and its subsections
+        for _, section := range conf.Raw.Sections </span><span class="cov10" title="109">{
+                if section.Name != configSection </span><span class="cov9" title="100">{
+                        continue</span>
+                }
+
+                // Check for default-remote in the section root.
+                <span class="cov5" title="9">dr := section.Option("default-remote")
+                if dr != "" </span><span class="cov5" title="9">{
+                        cfg.DefaultRemote = Remote(dr)
+                }</span>
+
+                <span class="cov5" title="9">for _, subsection := range section.Subsections </span><span class="cov5" title="9">{
+                        if !strings.HasPrefix(subsection.Name, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov5" title="9">parseAndAddRemote(
+                                cfg,
+                                subsection.Name,
+                                subsection.Option("type"),
+                                subsection.Option("endpoint"),
+                                subsection.Option("project"),
+                                subsection.Option("bucket"),
+                                subsection.Option("organization"),
+                                subsection.Option("storage_prefix"),
+                        )</span>
+                }
+        }
+
+        <span class="cov5" title="10">return cfg, nil</span>
+}
+
+func CreateEmptyConfig() error <span class="cov1" title="1">{
+        // With go-git, we just verify we are in a repo?
+        // Existing behavior was ensuring file existence.
+        // We can check if we can open the repo.
+        _, err := getRepo()
+        return err
+}</span>
+
+func GetProjectId(remote Remote) (string, error) <span class="cov0" title="0">{
+        cfg, err := LoadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("error loading config: %v", err)
+        }</span>
+        <span class="cov0" title="0">rmt := cfg.GetRemote(remote)
+        if rmt == nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("no remote configuration found for current remote: %s", remote)
+        }</span>
+        <span class="cov0" title="0">return rmt.GetProjectId(), nil</span>
+}
+
+// SaveConfig writes the configuration using go-git
+func SaveConfig(cfg *Config) error <span class="cov1" title="1">{
+        repo, err := getRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+
+        <span class="cov1" title="1">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+
+        <span class="cov1" title="1">if cfg.DefaultRemote != "" </span><span class="cov1" title="1">{
+                conf.Raw.Section(configSection).SetOption("default-remote", string(cfg.DefaultRemote))
+        }</span>
+
+        <span class="cov1" title="1">return repo.Storer.SetConfig(conf)</span>
+}
+
+func RemoveRemote(name Remote) (*Config, error) <span class="cov0" title="0">{
+        cfg, err := LoadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov0" title="0">if _, ok := cfg.Remotes[name]; !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("remote '%s' not found", name)
+        }</span>
+
+        <span class="cov0" title="0">delete(cfg.Remotes, name)
+
+        keys := []string{
+                fmt.Sprintf("drs.remote.%s.type", name),
+                fmt.Sprintf("drs.remote.%s.endpoint", name),
+                fmt.Sprintf("drs.remote.%s.project", name),
+                fmt.Sprintf("drs.remote.%s.bucket", name),
+                fmt.Sprintf("drs.remote.%s.organization", name),
+                fmt.Sprintf("drs.remote.%s.storage_prefix", name),
+                fmt.Sprintf("drs.remote.%s.token", name),
+                fmt.Sprintf("drs.remote.%s.username", name),
+                fmt.Sprintf("drs.remote.%s.password", name),
+                fmt.Sprintf("remote.%s.lfsurl", name),
+        }
+        if err := gitrepo.UnsetGitConfigOptions(keys); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov0" title="0">if cfg.DefaultRemote == name </span><span class="cov0" title="0">{
+                cfg.DefaultRemote = firstRemote(cfg)
+        }</span>
+
+        <span class="cov0" title="0">if err := SaveConfig(cfg); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov0" title="0">if cfg.DefaultRemote == "" </span><span class="cov0" title="0">{
+                if err := gitrepo.UnsetGitConfigOptions([]string{"drs.default-remote"}); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+
+        <span class="cov0" title="0">return LoadConfig()</span>
+}
+
+func firstRemote(cfg *Config) Remote <span class="cov0" title="0">{
+        if cfg == nil || len(cfg.Remotes) == 0 </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+
+        <span class="cov0" title="0">names := make([]string, 0, len(cfg.Remotes))
+        for name := range cfg.Remotes </span><span class="cov0" title="0">{
+                names = append(names, string(name))
+        }</span>
+        <span class="cov0" title="0">sort.Strings(names)
+        return Remote(names[0])</span>
+}
+
+// GetGitConfigInt reads an integer value from git config
+// getGitConfigValue retrieves a value from git config by key
+func getConfigPath() (string, error) <span class="cov0" title="0">{
+        topLevel, err := gitrepo.GitTopLevel()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+
+        <span class="cov0" title="0">configPath := filepath.Join(topLevel, common.DRS_DIR, common.CONFIG_YAML)
+        return configPath, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file40" style="display: none">package config
+
+import (
+        "context"
+        "fmt"
+        "log/slog"
+        "net/url"
+        "strings"
+
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        syclient "github.com/calypr/syfon/client"
+        syconf "github.com/calypr/syfon/client/config"
+)
+
+const credentialHelpSuffix = "Refresh credentials with `git drs remote add gen3 &lt;remote-name&gt; &lt;organization/project&gt; --cred &lt;path&gt;` or `--token &lt;token&gt;`. See docs/getting-started.md."
+
+type DRSRemote interface {
+        GetProjectId() string
+        GetOrganization() string
+        GetEndpoint() string
+        GetBucketName() string
+        GetStoragePrefix() string
+        GetClient(remoteName string, logger *slog.Logger) (*GitContext, error)
+}
+
+type GitContext struct {
+        Client             *syclient.Client
+        Organization       string
+        ProjectId          string
+        BucketName         string
+        StoragePrefix      string
+        Upsert             bool
+        ForceUpload        bool
+        MultiPartThreshold int64
+        UploadConcurrency  int
+        Logger             *slog.Logger
+        Credential         *syconf.Credential
+}
+
+type RemoteSelect struct {
+        Gen3  *Gen3Remote
+        Local *LocalRemote
+}
+
+type Gen3Remote struct {
+        Endpoint      string `yaml:"endpoint"`
+        ProjectID     string `yaml:"project_id"`
+        Bucket        string `yaml:"bucket"`
+        Organization  string `yaml:"organization"`
+        StoragePrefix string `yaml:"storage_prefix"`
+}
+
+func (s Gen3Remote) GetProjectId() string     <span class="cov1" title="1">{ return s.ProjectID }</span>
+func (s Gen3Remote) GetOrganization() string  <span class="cov4" title="2">{ return s.Organization }</span>
+func (s Gen3Remote) GetEndpoint() string      <span class="cov0" title="0">{ return s.Endpoint }</span>
+func (s Gen3Remote) GetBucketName() string    <span class="cov1" title="1">{ return s.Bucket }</span>
+func (s Gen3Remote) GetStoragePrefix() string <span class="cov1" title="1">{ return s.StoragePrefix }</span>
+
+func (s Gen3Remote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov0" title="0">{
+        manager := syconf.NewConfigure(logger)
+        cred, err := manager.Load(remoteName)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov0" title="0">if err := credentials.EnsureValidCredential(context.Background(), cred, logger); err != nil </span><span class="cov0" title="0">{
+                return nil, WrapCredentialValidationError(remoteName, err)
+        }</span>
+        <span class="cov0" title="0">return newGitContext(*cred, s, logger)</span>
+}
+
+type LocalRemote struct {
+        BaseURL       string
+        ProjectID     string
+        Bucket        string
+        Organization  string
+        StoragePrefix string
+        BasicUsername string
+        BasicPassword string
+}
+
+func (l LocalRemote) GetProjectId() string <span class="cov4" title="2">{
+        if l.ProjectID != "" </span><span class="cov1" title="1">{
+                return l.ProjectID
+        }</span>
+        <span class="cov1" title="1">return "local-project"</span>
+}
+
+func (l LocalRemote) GetOrganization() string  <span class="cov10" title="5">{ return l.Organization }</span>
+func (l LocalRemote) GetEndpoint() string      <span class="cov0" title="0">{ return l.BaseURL }</span>
+func (l LocalRemote) GetBucketName() string    <span class="cov4" title="2">{ return l.Bucket }</span>
+func (l LocalRemote) GetStoragePrefix() string <span class="cov4" title="2">{ return l.StoragePrefix }</span>
+
+func (l LocalRemote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov4" title="2">{
+        if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov1" title="1">{
+                l.BasicUsername = username
+                l.BasicPassword = password
+        }</span>
+        <span class="cov4" title="2">projectID := l.GetProjectId()
+        bucketName := l.GetBucketName()
+        storagePrefix := l.GetStoragePrefix()
+        if strings.TrimSpace(l.GetOrganization()) != "" || strings.TrimSpace(bucketName) != "" || strings.TrimSpace(storagePrefix) != "" </span><span class="cov1" title="1">{
+                scope, err := gitrepo.ResolveBucketScope(
+                        l.GetOrganization(),
+                        projectID,
+                        bucketName,
+                        storagePrefix,
+                )
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov1" title="1">bucketName = scope.Bucket
+                storagePrefix = scope.Prefix</span>
+        }
+
+        <span class="cov4" title="2">cred := &amp;syconf.Credential{APIEndpoint: l.BaseURL}
+        if l.BasicUsername != "" || l.BasicPassword != "" </span><span class="cov1" title="1">{
+                cred.KeyID = l.BasicUsername
+                cred.APIKey = l.BasicPassword
+        }</span>
+
+        <span class="cov4" title="2">raw, err := syclient.New(l.BaseURL, syclient.WithBasicAuth(cred.KeyID, cred.APIKey))
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov4" title="2">client, ok := raw.(*syclient.Client)
+        if !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("unexpected syfon client type %T", raw)
+        }</span>
+
+        <span class="cov4" title="2">return &amp;GitContext{
+                Client:        client,
+                Organization:  l.GetOrganization(),
+                ProjectId:     projectID,
+                BucketName:    bucketName,
+                StoragePrefix: storagePrefix,
+                Logger:        logger,
+                Credential:    cred,
+        }, nil</span>
+}
+
+func newGitContext(profileConfig syconf.Credential, remote Gen3Remote, logger *slog.Logger) (*GitContext, error) <span class="cov1" title="1">{
+        if _, err := url.Parse(profileConfig.APIEndpoint); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">projectID := remote.GetProjectId()
+        if projectID == "" </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("no gen3 project specified")
+        }</span>
+
+        <span class="cov1" title="1">scope, err := gitrepo.ResolveBucketScope(
+                remote.GetOrganization(),
+                projectID,
+                remote.GetBucketName(),
+                remote.GetStoragePrefix(),
+        )
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov1" title="1">raw, err := syclient.New(profileConfig.APIEndpoint, syclient.WithBearerToken(profileConfig.AccessToken))
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">client, ok := raw.(*syclient.Client)
+        if !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("unexpected syfon client type %T", raw)
+        }</span>
+
+        <span class="cov1" title="1">uploadConcurrency := int(gitrepo.GetGitConfigInt("lfs.concurrenttransfers", 4))
+        if uploadConcurrency &lt; 1 </span><span class="cov0" title="0">{
+                uploadConcurrency = 1
+        }</span>
+
+        <span class="cov1" title="1">return &amp;GitContext{
+                Client:             client,
+                ProjectId:          projectID,
+                BucketName:         scope.Bucket,
+                Organization:       remote.GetOrganization(),
+                StoragePrefix:      scope.Prefix,
+                Upsert:             gitrepo.GetGitConfigBool("drs.upsert", false),
+                MultiPartThreshold: int64(gitrepo.GetGitConfigInt("drs.multipart-threshold", 5120)) * 1024 * 1024,
+                UploadConcurrency:  uploadConcurrency,
+                Logger:             logger,
+                Credential:         &amp;profileConfig,
+        }, nil</span>
+}
+
+func localRemoteFromGen3(gen3 *Gen3Remote, username string, password string) *LocalRemote <span class="cov0" title="0">{
+        return &amp;LocalRemote{
+                BaseURL:       gen3.Endpoint,
+                ProjectID:     gen3.ProjectID,
+                Bucket:        gen3.Bucket,
+                Organization:  gen3.Organization,
+                StoragePrefix: gen3.StoragePrefix,
+                BasicUsername: strings.TrimSpace(username),
+                BasicPassword: strings.TrimSpace(password),
+        }
+}</span>
+
+func WrapCredentialValidationError(remoteName string, err error) error <span class="cov0" title="0">{
+        if err == nil </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov0" title="0">if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("%w. %s", err, credentialHelpSuffix)
+        }</span>
+        <span class="cov0" title="0">return fmt.Errorf("%w. Remote %q requires refreshed credentials. %s", err, remoteName, credentialHelpSuffix)</span>
+}
+</pre>
+		
+		<pre class="file" id="file41" style="display: none">package drsdelete
+
+import (
+        "context"
+        "fmt"
+        "os/exec"
+        "sort"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/lfs"
+)
+
+type deletedPointer struct {
+        Path string
+        OID  string
+}
+
+func collectDeletedPointers(ctx context.Context, refs []RefUpdate) (map[string][]deletedPointer, error) <span class="cov5" title="3">{
+        grouped := make(map[string][]deletedPointer)
+        seen := make(map[string]struct{})
+        for _, ref := range refs </span><span class="cov5" title="3">{
+                oldSHA := strings.TrimSpace(ref.OldSHA)
+                newSHA := strings.TrimSpace(ref.NewSHA)
+                if oldSHA == "" || newSHA == "" || isZeroSHA(oldSHA) || isZeroSHA(newSHA) </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">paths, err := gitDeletedPaths(ctx, oldSHA, newSHA)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov5" title="3">for _, path := range paths </span><span class="cov5" title="3">{
+                        key := oldSHA + "\x00" + path
+                        if _, ok := seen[key]; ok </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov5" title="3">seen[key] = struct{}{}
+
+                        oid, ok, err := gitPointerOID(ctx, oldSHA, path)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return nil, err
+                        }</span>
+                        <span class="cov5" title="3">if !ok </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov5" title="3">grouped[oid] = append(grouped[oid], deletedPointer{Path: path, OID: oid})</span>
+                }
+        }
+        <span class="cov5" title="3">return grouped, nil</span>
+}
+
+func deletedPaths(items []deletedPointer) []string <span class="cov0" title="0">{
+        out := make([]string, 0, len(items))
+        for _, item := range items </span><span class="cov0" title="0">{
+                out = append(out, item.Path)
+        }</span>
+        <span class="cov0" title="0">sort.Strings(out)
+        return out</span>
+}
+
+func gitDeletedPaths(ctx context.Context, oldSHA, newSHA string) ([]string, error) <span class="cov5" title="3">{
+        cmd := exec.CommandContext(ctx, "git", "diff", "--name-status", "--diff-filter=D", "-M", oldSHA, newSHA)
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("git diff deleted paths %s..%s: %s", oldSHA, newSHA, strings.TrimSpace(string(out)))
+        }</span>
+        <span class="cov5" title="3">lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+        paths := make([]string, 0, len(lines))
+        for _, line := range lines </span><span class="cov5" title="3">{
+                line = strings.TrimSpace(line)
+                if line == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">parts := strings.Split(line, "\t")
+                if len(parts) &lt; 2 || parts[0] != "D" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">paths = append(paths, parts[1])</span>
+        }
+        <span class="cov5" title="3">return paths, nil</span>
+}
+
+func gitPointerOID(ctx context.Context, ref, path string) (string, bool, error) <span class="cov5" title="3">{
+        spec := ref + ":" + path
+        cmd := exec.CommandContext(ctx, "git", "show", spec)
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("git show %s: %s", spec, strings.TrimSpace(string(out)))
+        }</span>
+        <span class="cov5" title="3">oid, _, ok := lfs.ParseLFSPointer(out)
+        if !ok </span><span class="cov0" title="0">{
+                return "", false, nil
+        }</span>
+        <span class="cov5" title="3">return "sha256:" + strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), true, nil</span>
+}
+
+func isZeroSHA(sha string) bool <span class="cov10" title="9">{
+        return strings.TrimSpace(sha) == "0000000000000000000000000000000000000000"
+}</span>
+</pre>
+		
+		<pre class="file" id="file42" style="display: none">package drsdelete
+
+import (
+        "log/slog"
+        "sort"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/lfs"
+)
+
+func collectLivePathsByOID(refs []RefUpdate, logger *slog.Logger) (map[string][]string, error) <span class="cov10" title="3">{
+        targets := make([]string, 0, len(refs))
+        seen := make(map[string]struct{}, len(refs))
+        for _, ref := range refs </span><span class="cov10" title="3">{
+                newSHA := strings.TrimSpace(ref.NewSHA)
+                if newSHA == "" || isZeroSHA(newSHA) </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov10" title="3">if _, ok := seen[newSHA]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov10" title="3">seen[newSHA] = struct{}{}
+                targets = append(targets, newSHA)</span>
+        }
+        <span class="cov10" title="3">if len(targets) == 0 </span><span class="cov0" title="0">{
+                return map[string][]string{}, nil
+        }</span>
+
+        <span class="cov10" title="3">files, err := lfs.GetLfsFilesForRefs(targets, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov10" title="3">liveByOID := make(map[string][]string)
+        for path, info := range files </span><span class="cov1" title="1">{
+                oid := "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")
+                liveByOID[oid] = append(liveByOID[oid], path)
+        }</span>
+        <span class="cov10" title="3">for oid := range liveByOID </span><span class="cov1" title="1">{
+                sort.Strings(liveByOID[oid])
+        }</span>
+        <span class="cov10" title="3">return liveByOID, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file43" style="display: none">package drsdelete
+
+import (
+        "context"
+        "fmt"
+        "io"
+        "log/slog"
+
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsremote"
+        sycommon "github.com/calypr/syfon/common"
+)
+
+type RefUpdate struct {
+        OldSHA string
+        NewSHA string
+}
+
+type Summary struct {
+        DeletedRecords   int
+        RemovedResources int
+        ClearedLocalOnly int
+        PendingMissing   int
+        PendingAmbiguous int
+}
+
+func ReconcileCommittedDeletes(ctx context.Context, drsCtx *config.GitContext, refs []RefUpdate, logger *slog.Logger) (Summary, error) <span class="cov10" title="3">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
+                return Summary{}, fmt.Errorf("DRS client unavailable")
+        }</span>
+        <span class="cov10" title="3">if logger == nil </span><span class="cov10" title="3">{
+                logger = slog.New(slog.NewTextHandler(io.Discard, nil))
+        }</span>
+        <span class="cov10" title="3">if len(refs) == 0 </span><span class="cov0" title="0">{
+                return Summary{}, nil
+        }</span>
+
+        <span class="cov10" title="3">deletedByOID, err := collectDeletedPointers(ctx, refs)
+        if err != nil </span><span class="cov0" title="0">{
+                return Summary{}, err
+        }</span>
+        <span class="cov10" title="3">if len(deletedByOID) == 0 </span><span class="cov0" title="0">{
+                return Summary{}, nil
+        }</span>
+
+        <span class="cov10" title="3">liveByOID, err := collectLivePathsByOID(refs, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return Summary{}, err
+        }</span>
+
+        <span class="cov10" title="3">resource, err := sycommon.ResourcePath(drsCtx.Organization, drsCtx.ProjectId)
+        if err != nil </span><span class="cov0" title="0">{
+                return Summary{}, err
+        }</span>
+
+        <span class="cov10" title="3">summary := Summary{}
+        for oid, deletions := range deletedByOID </span><span class="cov10" title="3">{
+                if livePaths := liveByOID[oid]; len(livePaths) &gt; 0 </span><span class="cov1" title="1">{
+                        summary.ClearedLocalOnly += len(deletions)
+                        continue</span>
+                }
+
+                <span class="cov6" title="2">records, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return summary, err
+                }</span>
+                <span class="cov6" title="2">switch len(records) </span>{
+                case 0:<span class="cov0" title="0">
+                        summary.PendingMissing += len(deletions)
+                        if logger != nil </span><span class="cov0" title="0">{
+                                logger.Warn("deleted pointer has no scoped DRS match", "oid", oid, "paths", deletedPaths(deletions))
+                        }</span>
+                        <span class="cov0" title="0">continue</span>
+                case 1:<span class="cov6" title="2"></span>
+                default:<span class="cov0" title="0">
+                        summary.PendingAmbiguous += len(deletions)
+                        if logger != nil </span><span class="cov0" title="0">{
+                                logger.Warn("deleted pointer matched multiple scoped DRS records", "oid", oid, "count", len(records), "paths", deletedPaths(deletions))
+                        }</span>
+                        <span class="cov0" title="0">continue</span>
+                }
+
+                <span class="cov6" title="2">record := records[0]
+                controlled := []string(nil)
+                if record.ControlledAccess != nil </span><span class="cov6" title="2">{
+                        controlled = sycommon.NormalizeAccessResources(*record.ControlledAccess)
+                }</span>
+                <span class="cov6" title="2">if len(controlled) &lt;= 1 </span><span class="cov1" title="1">{
+                        if err := drsCtx.Client.DRS().DeleteObject(ctx, record.Id, true); err != nil </span><span class="cov0" title="0">{
+                                return summary, err
+                        }</span>
+                        <span class="cov1" title="1">summary.DeletedRecords++
+                        continue</span>
+                }
+
+                <span class="cov1" title="1">var out map[string]any
+                if err := drsCtx.Client.Requestor().Do(ctx, "POST", "/index/"+record.Id+"/controlled-access/remove", map[string]string{
+                        "resource": resource,
+                }, &amp;out); err != nil </span><span class="cov0" title="0">{
+                        return summary, err
+                }</span>
+                <span class="cov1" title="1">summary.RemovedResources++</span>
+        }
+
+        <span class="cov10" title="3">if logger != nil &amp;&amp; (summary.DeletedRecords &gt; 0 || summary.RemovedResources &gt; 0 || summary.ClearedLocalOnly &gt; 0 || summary.PendingMissing &gt; 0 || summary.PendingAmbiguous &gt; 0) </span><span class="cov10" title="3">{
+                logger.Info("delete reconciliation complete",
+                        "deleted_records", summary.DeletedRecords,
+                        "removed_resources", summary.RemovedResources,
+                        "cleared_local_only", summary.ClearedLocalOnly,
+                        "pending_missing", summary.PendingMissing,
+                        "pending_ambiguous", summary.PendingAmbiguous,
+                )
+        }</span>
+        <span class="cov10" title="3">return summary, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file44" style="display: none">package drsfilter
+
+import (
+        "context"
+        "crypto/sha256"
+        "encoding/hex"
+        "fmt"
+        "io"
+        "log/slog"
+        "os"
+        "path/filepath"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+// writeDrsMap records a local DRS object entry in .git/drs/lfs/objects so that
+// the pre-push workflow can discover and upload the file.
+func writeDrsMap(pathname string, oid string, size int64) error <span class="cov8" title="1">{
+        name := filepath.Base(pathname)
+        drsObj := &amp;drsapi.DrsObject{
+                Name: &amp;name,
+                Size: size,
+                Checksums: []drsapi.Checksum{
+                        {Type: "sha256", Checksum: oid},
+                },
+        }
+        if existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid); err == nil &amp;&amp; existing != nil </span><span class="cov8" title="1">{
+                drsObj = existing
+                drsObj.Name = &amp;name
+                drsObj.Size = size
+                drsObj.Checksums = []drsapi.Checksum{
+                        {Type: "sha256", Checksum: oid},
+                }
+        }</span>
+        <span class="cov8" title="1">return drsobject.WriteObject(common.DRS_OBJS_PATH, drsObj, oid)</span>
+}
+
+// CleanContent reads raw file content from content, hashes it with SHA-256,
+// stores the content in the git-lfs local object cache under lfsRoot, and
+// writes an LFS pointer to dst. It also records a DRS map entry so that
+// `git drs push` can discover the file.
+//
+// pathname is the repo-relative path of the file being cleaned; it is used
+// only for the DRS map entry name and log messages.
+func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Reader, dst io.Writer, logger *slog.Logger) error <span class="cov8" title="1">{
+        _ = ctx // reserved for future cancellation propagation
+
+        objDir := filepath.Join(lfsRoot, "objects")
+        if err := os.MkdirAll(objDir, 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: mkdir LFS objects: %w", err)
+        }</span>
+
+        // Buffer the content into a temp file while computing its SHA-256.
+        <span class="cov8" title="1">tmp, err := os.CreateTemp(objDir, "git-drs-clean-*")
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: create temp file: %w", err)
+        }</span>
+        <span class="cov8" title="1">tmpPath := tmp.Name()
+        defer func() </span><span class="cov8" title="1">{
+                if _, statErr := os.Stat(tmpPath); statErr == nil </span><span class="cov8" title="1">{
+                        _ = os.Remove(tmpPath)
+                }</span>
+        }()
+
+        <span class="cov8" title="1">h := sha256.New()
+        written, err := io.Copy(tmp, io.TeeReader(content, h))
+        if err != nil </span><span class="cov0" title="0">{
+                tmp.Close()
+                return fmt.Errorf("clean: write temp file: %w", err)
+        }</span>
+        <span class="cov8" title="1">if err := tmp.Close(); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: close temp file: %w", err)
+        }</span>
+        <span class="cov8" title="1">size := written
+        oid := hex.EncodeToString(h.Sum(nil))
+
+        if size &gt; 0 &amp;&amp; size &lt; 2048 </span><span class="cov8" title="1">{
+                if data, readErr := os.ReadFile(tmpPath); readErr == nil </span><span class="cov8" title="1">{
+                        if pointerOID, pointerSize, ok := lfs.ParseLFSPointer(data); ok </span><span class="cov8" title="1">{
+                                if _, err := dst.Write(data); err != nil </span><span class="cov0" title="0">{
+                                        return fmt.Errorf("clean: write existing pointer: %w", err)
+                                }</span>
+                                <span class="cov8" title="1">if mapErr := writeDrsMap(pathname, pointerOID, pointerSize); mapErr != nil </span><span class="cov0" title="0">{
+                                        logger.Warn("clean: failed to write DRS map entry for existing pointer", "pathname", pathname, "error", mapErr)
+                                }</span>
+                                <span class="cov8" title="1">logger.Debug("clean: passed through existing LFS pointer", "pathname", pathname, "oid", pointerOID, "size", pointerSize)
+                                return nil</span>
+                        }
+                }
+        }
+
+        // Move temp file to the final content-addressed location.
+        <span class="cov0" title="0">cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: resolve cache path: %w", err)
+        }</span>
+        <span class="cov0" title="0">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: mkdir for cache path: %w", err)
+        }</span>
+        <span class="cov0" title="0">if err := os.Rename(tmpPath, cachePath); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: move to cache: %w", err)
+        }</span>
+
+        <span class="cov0" title="0">logger.Debug("clean: stored LFS object", "pathname", pathname, "oid", oid, "size", size)
+
+        // Write the LFS pointer to dst.
+        pointer := fmt.Sprintf(
+                "version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
+                oid, size,
+        )
+        if _, err := io.WriteString(dst, pointer); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: write pointer: %w", err)
+        }</span>
+
+        // Record a DRS map entry so `git drs push` can find the file.
+        <span class="cov0" title="0">if mapErr := writeDrsMap(pathname, oid, size); mapErr != nil </span><span class="cov0" title="0">{
+                logger.Warn("clean: failed to write DRS map entry", "pathname", pathname, "error", mapErr)
+        }</span>
+
+        <span class="cov0" title="0">return nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file45" style="display: none">package drsfilter
+
+import (
+        "context"
+        "errors"
+        "fmt"
+        "io"
+        "io/fs"
+        "log/slog"
+        "os"
+        "path/filepath"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/lfs"
+)
+
+// SmudgeDownloadFunc downloads the object identified by oid into cachePath.
+type SmudgeDownloadFunc func(ctx context.Context, oid, cachePath string) error
+
+// SmudgeContent reads pointer content from ptr and writes smudged content to dst.
+// If the payload is not an LFS pointer, it passes data through unchanged.
+func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.Writer, logger *slog.Logger, download SmudgeDownloadFunc) error <span class="cov10" title="4">{
+        ptrBytes, err := io.ReadAll(ptr)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: read pointer: %w", err)
+        }</span>
+
+        <span class="cov10" title="4">oid, size, ok := lfs.ParseLFSPointer(ptrBytes)
+        if !ok </span><span class="cov1" title="1">{
+                _, err := dst.Write(ptrBytes)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("smudge: passthrough write: %w", err)
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        }
+
+        <span class="cov8" title="3">if logger != nil </span><span class="cov8" title="3">{
+                logger.Debug("smudge", "pathname", pathname, "oid", oid, "size", size)
+        }</span>
+
+        <span class="cov8" title="3">cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: resolve cache path: %w", err)
+        }</span>
+
+        <span class="cov8" title="3">err = copyObjectToWriter(cachePath, dst)
+        if err == nil </span><span class="cov1" title="1">{
+                return nil
+        }</span>
+        <span class="cov5" title="2">if !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: read cache: %w", err)
+        }</span>
+
+        <span class="cov5" title="2">if download == nil </span><span class="cov1" title="1">{
+                // No remote configured — write the pointer back to the working tree
+                // unchanged, matching git-lfs --skip-smudge behaviour.
+                if logger != nil </span><span class="cov1" title="1">{
+                        logger.Debug("smudge: no downloader configured, writing pointer", "oid", oid)
+                }</span>
+                <span class="cov1" title="1">_, err := dst.Write(ptrBytes)
+                return err</span>
+        }
+
+        <span class="cov1" title="1">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: mkdir for cache path: %w", err)
+        }</span>
+
+        <span class="cov1" title="1">if err := download(ctx, oid, cachePath); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: download oid %s: %w", oid, err)
+        }</span>
+
+        <span class="cov1" title="1">if err := copyObjectToWriter(cachePath, dst); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: open downloaded file: %w", err)
+        }</span>
+
+        <span class="cov1" title="1">return nil</span>
+}
+
+func copyObjectToWriter(path string, dst io.Writer) error <span class="cov10" title="4">{
+        f, err := os.Open(path)
+        if err != nil </span><span class="cov5" title="2">{
+                return err
+        }</span>
+        <span class="cov5" title="2">defer f.Close()
+
+        _, err = io.Copy(dst, f)
+        return err</span>
+}
+</pre>
+		
+		<pre class="file" id="file46" style="display: none">// go
+package drslog
+
+import (
+        "io"
+        "log/slog"
+        "os"
+        "path/filepath"
+        "runtime/debug"
+        "strconv"
+        "strings"
+        "sync"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/gitrepo"
+
+        "github.com/calypr/syfon/client/logs"
+)
+
+var globalLogger *slog.Logger
+var globalLogFile io.Closer
+var globalLoggerOnce sync.Once
+var globalLoggerMu sync.RWMutex
+var GIT_TRANSFER_TRACE int
+var modulePathSuffixOnce sync.Once
+var modulePathSuffixValue string
+var repoRootOnce sync.Once
+var repoRootValue string
+
+const (
+        levelDebugStr   = "DEBUG"
+        levelInfoStr    = "INFO"
+        levelWarnStr    = "WARN"
+        levelWarningStr = "WARNING"
+        levelErrorStr   = "ERROR"
+)
+
+// init initializes package-level settings from the environment.
+//
+// Documented calls inside:
+//   - os.Getenv("GIT_TRANSFER_TRACE")
+//     Reads environment variable to optionally enable trace logging.
+//   - strconv.Atoi(envValue)
+//     Parses the numeric env value.
+//
+// Side-effects:
+// - sets package variable GIT_TRANSFER_TRACE.
+// Typical callers:
+// - runtime automatically invokes init(); no external callers needed.
+func init() <span class="cov1" title="1">{
+        GIT_TRANSFER_TRACE = 0
+        if envValue := os.Getenv("GIT_TRANSFER_TRACE"); envValue != "" </span><span class="cov0" title="0">{
+                if parsed, err := strconv.Atoi(envValue); err == nil </span><span class="cov0" title="0">{
+                        GIT_TRANSFER_TRACE = parsed
+                }</span>
+        }
+}
+
+// TraceEnabled returns whether transfer trace logging is enabled.
+//
+// Documented calls inside:
+// - reads package variable GIT_TRANSFER_TRACE.
+// Typical callers:
+// - logging setup and callsites that want to be verbose only when trace is enabled.
+func TraceEnabled() bool <span class="cov4" title="2">{
+        return GIT_TRANSFER_TRACE == 1
+}</span>
+
+// NewLogger creates and installs a global slog.Logger that writes to the specified file
+// and optionally to stderr. It is safe to call multiple times; the first successful call
+// establishes the global logger.
+//
+// Documented calls inside:
+//   - projectdir.DRS_DIR usage
+//     Uses projectdir.DRS_DIR to create log directory.
+//   - os.MkdirAll(projectdir.DRS_DIR, 0755)
+//     Ensures the directory exists; returns error on failure.
+//   - filepath.Join(projectdir.DRS_DIR, "git-drs.log")
+//     Constructs default filename when none provided.
+//   - os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+//     Opens/creates the log file (returns *os.File).
+//   - io.MultiWriter(writers...)
+//     Combines file and optionally os.Stderr into a single Writer.
+//   - slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{...})
+//     Creates the text handler for slog that writes to the combined writer.
+//   - slog.New(handler).With("pid", os.Getpid())
+//     Builds the logger and attaches pid attribute.
+//   - globalLoggerMu.Lock()/Unlock()
+//     Protects globalLogFile and globalLogger assignment.
+//
+// Side-effects:
+// - sets package-level globalLogger and globalLogFile.
+// Typical callers:
+// - application startup code that wants to initialize logging (e.g. main).
+func NewLogger(filename string, logToStderr bool) (*slog.Logger, error) <span class="cov4" title="2">{
+        var writers []io.Writer
+
+        if filename == "" </span><span class="cov1" title="1">{
+                // create drs dir if it doesn't exist
+                if err := os.MkdirAll(common.DRS_DIR, 0755); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+
+                <span class="cov1" title="1">filename = filepath.Join(common.DRS_DIR, "git-drs.log")</span>
+        }
+
+        <span class="cov4" title="2">file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov4" title="2">writers = append(writers, file)
+
+        if logToStderr </span><span class="cov0" title="0">{
+                writers = append(writers, os.Stderr)
+        }</span>
+
+        <span class="cov4" title="2">multiWriter := io.MultiWriter(writers...)
+
+        handler := slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{
+                AddSource:   true,
+                Level:       resolveLogLevel(),
+                ReplaceAttr: replaceSourceAttr,
+        })
+        core := slog.New(logs.NewProgressHandler(handler)).With("pid", os.Getpid())
+
+        globalLoggerMu.Lock()
+        globalLogFile = file
+        globalLogger = core
+        globalLoggerMu.Unlock()
+
+        return globalLogger, nil</span>
+}
+
+// GetLogger returns the global logger, initializing a no-op logger on first access.
+//
+// Documented calls inside:
+//   - globalLoggerOnce.Do(func() { ... })
+//     Ensures initialization runs only once.
+//   - NewNoOpLogger()
+//     Creates a logger that discards output if no global logger was set.
+//
+// Typical callers:
+// - any package code that needs access to the package-level logger.
+func GetLogger() *slog.Logger <span class="cov1" title="1">{
+        globalLoggerOnce.Do(func() </span><span class="cov1" title="1">{
+                if globalLogger == nil </span><span class="cov0" title="0">{
+                        globalLogger = NewNoOpLogger()
+                }</span>
+        })
+        <span class="cov1" title="1">return globalLogger</span>
+}
+
+// Close closes the active log file if one was opened.
+//
+// Documented calls inside:
+//   - globalLoggerMu.Lock()/Unlock()
+//     Protects access to globalLogFile.
+//   - globalLogFile.Close()
+//     Closes the underlying file and returns any error.
+//
+// Side-effects:
+// - sets globalLogFile to nil.
+// Typical callers:
+// - application shutdown code or tests that want to release file handles.
+func Close() error <span class="cov4" title="2">{
+        globalLoggerMu.Lock()
+        defer globalLoggerMu.Unlock()
+        if globalLogFile != nil </span><span class="cov4" title="2">{
+                err := globalLogFile.Close()
+
+                globalLogFile = nil
+                return err
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
+
+// NewNoOpLogger returns a logger that discards all output.
+//
+// Documented calls inside:
+//   - slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{Level: slog.LevelDebug})
+//     Creates a text handler writing to io.Discard.
+//   - slog.New(handler)
+//     Builds the logger.
+//
+// Typical callers:
+// - GetLogger on first access when no global logger was configured.
+// - tests that need a deterministic logger that produces no output.
+func NewNoOpLogger() *slog.Logger <span class="cov1" title="1">{
+        handler := slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{
+                Level: slog.LevelDebug,
+        })
+        return slog.New(logs.NewProgressHandler(handler))
+}</span>
+
+// resolveLogLevel determines the effective log level.
+//
+// Documented calls inside:
+//   - TraceEnabled()
+//     If trace is enabled, returns Debug level immediately.
+//   - readLogLevelFromGitConfig()
+//     Attempts to read configured level from git config; returns level and ok.
+//   - defaults to slog.LevelInfo when nothing else matches.
+//
+// Typical callers:
+// - NewLogger -&gt; used when creating slog.HandlerOptions.Level.
+func resolveLogLevel() slog.Level <span class="cov4" title="2">{
+        if TraceEnabled() </span><span class="cov0" title="0">{
+                return slog.LevelDebug
+        }</span>
+
+        <span class="cov4" title="2">level, ok := readLogLevelFromGitConfig()
+        if ok </span><span class="cov0" title="0">{
+                return level
+        }</span>
+
+        <span class="cov4" title="2">return slog.LevelInfo</span>
+}
+
+// readLogLevelFromGitConfig queries git configuration for a custom log level.
+//
+// Documented calls inside:
+//   - exec.Command("git", "config", "--get", "drs.loglevel")
+//     Constructs the command to query git config.
+//   - cmd.Output()
+//     Executes the command and returns raw output or an error.
+//   - strings.TrimSpace(string(output))
+//     Trims whitespace/newlines from git output.
+//   - parseLogLevel(value)
+//     Parses the trimmed value into a slog.Level.
+//
+// Behavior:
+// - On any error or empty output, returns (slog.LevelInfo, false) to indicate no valid config was found.
+// Typical callers:
+// - resolveLogLevel when initializing a logger.
+func readLogLevelFromGitConfig() (slog.Level, bool) <span class="cov4" title="2">{
+        val, err := gitrepo.GetGitConfigString("drs.loglevel")
+        if err != nil || val == "" </span><span class="cov4" title="2">{
+                return slog.LevelInfo, false
+        }</span>
+
+        <span class="cov0" title="0">parsed, ok := parseLogLevel(val)
+        if !ok </span><span class="cov0" title="0">{
+                return slog.LevelInfo, false
+        }</span>
+        <span class="cov0" title="0">return parsed, true</span>
+}
+
+// parseLogLevel maps textual level names to slog.Level.
+//
+// Documented calls inside:
+//   - strings.ToUpper(strings.TrimSpace(value))
+//     Normalizes the input for comparison.
+//   - switch on normalized value to return corresponding slog.Level constants.
+//
+// Typical callers:
+// - readLogLevelFromGitConfig
+// - resolveLogLevel indirectly.
+
+func parseLogLevel(value string) (slog.Level, bool) <span class="cov0" title="0">{
+        switch strings.ToUpper(strings.TrimSpace(value)) </span>{
+        case levelDebugStr:<span class="cov0" title="0">
+                return slog.LevelDebug, true</span>
+        case levelInfoStr:<span class="cov0" title="0">
+                return slog.LevelInfo, true</span>
+        case levelWarnStr, levelWarningStr:<span class="cov0" title="0">
+                return slog.LevelWarn, true</span>
+        case levelErrorStr:<span class="cov0" title="0">
+                return slog.LevelError, true</span>
+        default:<span class="cov0" title="0">
+                return slog.LevelDebug, false</span>
+        }
+}
+
+// replaceSourceAttr rewrites the slog.Source attr to a shorter path suitable for logs.
+//
+// Documented calls inside:
+//   - attr.Key comparison with slog.SourceKey
+//     Determines whether the attribute is the source attribute.
+//   - attr.Value.Any().(*slog.Source)
+//     Retrieves and type-asserts the attribute value to *slog.Source.
+//   - formatSourcePath(source.File)
+//     Formats the file path according to module or repo root heuristics.
+//   - attr.Value = slog.AnyValue(source)
+//     Replaces attribute value with modified source.
+//
+// Typical callers:
+// - passed as ReplaceAttr to slog.HandlerOptions in NewLogger.
+func replaceSourceAttr(_ []string, attr slog.Attr) slog.Attr <span class="cov10" title="6">{
+        if attr.Key != slog.SourceKey </span><span class="cov9" title="5">{
+                return attr
+        }</span>
+        <span class="cov1" title="1">source, ok := attr.Value.Any().(*slog.Source)
+        if !ok || source == nil </span><span class="cov0" title="0">{
+                return attr
+        }</span>
+        <span class="cov1" title="1">source.File = formatSourcePath(source.File)
+        attr.Value = slog.AnyValue(source)
+        return attr</span>
+}
+
+// formatSourcePath shortens file paths using module suffix or repo root heuristics.
+//
+// Documented calls inside:
+//   - filepath.ToSlash(path)
+//     Normalizes OS-specific separators to forward slashes.
+//   - modulePathSuffix()
+//     Gets the module path suffix (derived from build info).
+//   - strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
+//     Normalizes module suffix.
+//   - strings.Index(pathSlash, "/"+moduleSuffixSlash+"/")
+//     Searches for module suffix within the path to trim leading segments.
+//   - strings.HasPrefix(pathSlash, moduleSuffixSlash+"/")
+//     Handles case where path already starts with module suffix.
+//   - repoRootPath()
+//     Attempts to resolve the repository root (by locating go.mod).
+//   - strings.HasPrefix(pathSlash, repoRootSlash+"/")
+//     Trims repository-root prefix to produce a relative path.
+//   - filepath.ToSlash(filepath.Join(moduleSuffix, rel))
+//     Reconstructs path when combining module suffix and relative path.
+//
+// Typical callers:
+// - replaceSourceAttr when rewriting source file paths for log output.
+func formatSourcePath(path string) string <span class="cov1" title="1">{
+        pathSlash := filepath.ToSlash(path)
+        moduleSuffix := modulePathSuffix()
+        if moduleSuffix != "" </span><span class="cov1" title="1">{
+                moduleSuffixSlash := strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
+                if idx := strings.Index(pathSlash, "/"+moduleSuffixSlash+"/"); idx &gt;= 0 </span><span class="cov0" title="0">{
+                        return pathSlash[idx+1:]
+                }</span>
+                <span class="cov1" title="1">if strings.HasPrefix(pathSlash, moduleSuffixSlash+"/") </span><span class="cov0" title="0">{
+                        return pathSlash
+                }</span>
+        }
+        <span class="cov1" title="1">repoRoot := repoRootPath()
+        if repoRoot != "" </span><span class="cov1" title="1">{
+                repoRootSlash := filepath.ToSlash(repoRoot)
+                if strings.HasPrefix(pathSlash, repoRootSlash+"/") </span><span class="cov1" title="1">{
+                        rel := strings.TrimPrefix(pathSlash, repoRootSlash+"/")
+                        if moduleSuffix != "" </span><span class="cov1" title="1">{
+                                return filepath.ToSlash(filepath.Join(moduleSuffix, rel))
+                        }</span>
+                        <span class="cov0" title="0">return rel</span>
+                }
+        }
+        <span class="cov0" title="0">return pathSlash</span>
+}
+
+// modulePathSuffix returns the module path suffix derived from build info.
+//
+// Documented calls inside:
+//   - runtime/debug.ReadBuildInfo()
+//     Reads build info at runtime; used to extract Main.Path.
+//   - strings.Split(info.Main.Path, "/")
+//     Splits module path to drop the first element (typically hostname).
+//
+// Side-effects:
+// - caches computed value via modulePathSuffixOnce.
+// Typical callers:
+// - formatSourcePath to help shorten file paths.
+func modulePathSuffix() string <span class="cov1" title="1">{
+        modulePathSuffixOnce.Do(func() </span><span class="cov1" title="1">{
+                if info, ok := debug.ReadBuildInfo(); ok &amp;&amp; info.Main.Path != "" </span><span class="cov1" title="1">{
+                        parts := strings.Split(info.Main.Path, "/")
+                        if len(parts) &gt; 1 </span><span class="cov1" title="1">{
+                                modulePathSuffixValue = strings.Join(parts[1:], "/")
+                        }</span>
+                }
+        })
+        <span class="cov1" title="1">return modulePathSuffixValue</span>
+}
+
+// repoRootPath attempts to locate the repository root by searching for go.mod upward.
+//
+// Documented calls inside:
+//   - os.Getwd()
+//     Retrieves current working directory as a starting point.
+//   - os.Stat(filepath.Join(dir, "go.mod"))
+//     Checks for presence of go.mod in each directory while walking up.
+//   - filepath.Dir(dir)
+//     Moves up one directory level on each iteration.
+//
+// Side-effects:
+// - caches resolved repo root via repoRootOnce.
+// Typical callers:
+// - formatSourcePath when computing shorter file paths for logs.
+func repoRootPath() string <span class="cov1" title="1">{
+        repoRootOnce.Do(func() </span><span class="cov1" title="1">{
+                cwd, err := os.Getwd()
+                if err != nil </span><span class="cov0" title="0">{
+                        return
+                }</span>
+                <span class="cov1" title="1">dir := cwd
+                for </span><span class="cov6" title="3">{
+                        if _, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil </span><span class="cov1" title="1">{
+                                repoRootValue = dir
+                                return
+                        }</span>
+                        <span class="cov4" title="2">parent := filepath.Dir(dir)
+                        if parent == dir </span><span class="cov0" title="0">{
+                                return
+                        }</span>
+                        <span class="cov4" title="2">dir = parent</span>
+                }
+        })
+        <span class="cov1" title="1">return repoRootValue</span>
+}
+</pre>
+		
+		<pre class="file" id="file47" style="display: none">package drsmap
+
+import (
+        "fmt"
+        "log/slog"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/precommit_cache"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/google/uuid"
+)
+
+type WriteOptions struct {
+        Cache          *precommit_cache.Cache
+        PreferCacheURL bool
+        Logger         *slog.Logger
+}
 
-        <span class="cov4" title="2">rawClient, err := syclient.New(l.BaseURL, syclient.WithBasicAuth(cred.KeyID, cred.APIKey))
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.LfsFileInfo, opts WriteOptions) error <span class="cov6" title="3">{
+        if opts.Logger == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("logger is required")
         }</span>
-        <span class="cov4" title="2">reqClient, ok := rawClient.(interface{ Requestor() syrequest.Requester })
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not expose requestor")
+        <span class="cov6" title="3">opts.Logger.Debug("writing local DRS objects for LFS files")
+
+        if builder.Project == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("no project configured")
         }</span>
-        <span class="cov4" title="2">syfonClient, ok := rawClient.(syfonclient.SyfonClient)
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not implement syfonclient.SyfonClient")
+        <span class="cov6" title="3">if len(lfsFiles) == 0 </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        <span class="cov4" title="2">return &amp;GitContext{
-                Client:        syfonClient,
-                Requestor:     reqClient.Requestor(),
-                Organization:  l.GetOrganization(),
-                ProjectId:     projectID,
-                BucketName:    bucketName,
-                StoragePrefix: storagePrefix,
-                Logger:        logger,
-                Credential:    cred,
-        }, nil</span>
-}
+        <span class="cov6" title="3">for _, file := range lfsFiles </span><span class="cov6" title="3">{
+                var authoritativeObj *drsapi.DrsObject
+                existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
+                if err == nil &amp;&amp; existing != nil </span><span class="cov4" title="2">{
+                        authoritativeObj = existing
+                        name := file.Name
+                        authoritativeObj.Name = &amp;name
+                        authoritativeObj.Size = file.Size
+                        ensureControlledAccess(authoritativeObj, builder.Organization, builder.Project)
+                }</span> else<span class="cov1" title="1"> {
+                        drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
+                        authoritativeObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
+                        if err != nil </span><span class="cov0" title="0">{
+                                opts.Logger.Error(fmt.Sprintf("Could not build DRS object for %s OID %s %v", file.Name, file.Oid, err))
+                                continue</span>
+                        }
+                }
 
-func newGitContext(profileConfig syconf.Credential, remote Gen3Remote, logger *slog.Logger) (*GitContext, error) <span class="cov0" title="0">{
-        if _, err := url.Parse(profileConfig.APIEndpoint); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">projectID := remote.GetProjectId()
-        if projectID == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("no gen3 project specified")
-        }</span>
+                <span class="cov6" title="3">authoritativeURL := ""
+                if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 &amp;&amp; (*authoritativeObj.AccessMethods)[0].AccessUrl != nil </span><span class="cov4" title="2">{
+                        authoritativeURL = (*authoritativeObj.AccessMethods)[0].AccessUrl.Url
+                }</span>
 
-        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(
-                remote.GetOrganization(),
-                projectID,
-                remote.GetBucketName(),
-                remote.GetStoragePrefix(),
-        )
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
+                <span class="cov6" title="3">var hint string
+                if opts.Cache != nil </span><span class="cov1" title="1">{
+                        externalURL, ok, err := opts.Cache.LookupExternalURLByOID(file.Oid)
+                        if err != nil </span><span class="cov0" title="0">{
+                                opts.Logger.Debug(fmt.Sprintf("cache lookup failed for %s: %v", file.Oid, err))
+                        }</span> else<span class="cov1" title="1"> if ok </span><span class="cov1" title="1">{
+                                hint = externalURL
+                        }</span>
+                }
 
-        <span class="cov0" title="0">rawClient, err := syclient.New(profileConfig.APIEndpoint, syclient.WithBearerToken(profileConfig.AccessToken))
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                <span class="cov6" title="3">if hint != "" </span><span class="cov1" title="1">{
+                        if err := precommit_cache.CheckExternalURLMismatch(hint, authoritativeURL); err != nil </span><span class="cov1" title="1">{
+                                opts.Logger.Warn(fmt.Sprintf("Warning. %s (path=%s oid=%s)", err.Error(), file.Name, file.Oid))
+                        }</span>
+                }
+
+                <span class="cov6" title="3">if opts.PreferCacheURL &amp;&amp; hint != "" </span><span class="cov1" title="1">{
+                        if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 </span><span class="cov1" title="1">{
+                                am := &amp;(*authoritativeObj.AccessMethods)[0]
+                                am.AccessUrl = &amp;struct {
+                                        Headers *[]string `json:"headers,omitempty"`
+                                        Url     string    `json:"url"`
+                                }{Url: hint}
+                        }</span> else<span class="cov0" title="0"> {
+                                newAm := drsapi.AccessMethod{
+                                        Type: drsapi.AccessMethodTypeS3,
+                                        AccessUrl: &amp;struct {
+                                                Headers *[]string `json:"headers,omitempty"`
+                                                Url     string    `json:"url"`
+                                        }{Url: hint},
+                                }
+                                authoritativeObj.AccessMethods = &amp;[]drsapi.AccessMethod{newAm}
+                        }</span>
+                        <span class="cov1" title="1">ensureControlledAccess(authoritativeObj, builder.Organization, builder.Project)</span>
+                }
+
+                <span class="cov6" title="3">if err := drsobject.WriteObject(common.DRS_OBJS_PATH, authoritativeObj, file.Oid); err != nil </span><span class="cov0" title="0">{
+                        opts.Logger.Error(fmt.Sprintf("could not write local DRS object for %s OID %s: %v", file.Name, file.Oid, err))
+                        continue</span>
+                }
+                <span class="cov6" title="3">opts.Logger.Info(fmt.Sprintf("Prepared File %s OID %s with DRS ID %s for commit", file.Name, file.Oid, authoritativeObj.Id))</span>
+        }
+
+        <span class="cov6" title="3">return nil</span>
+}
+
+func ensureControlledAccess(obj *drsapi.DrsObject, org, project string) <span class="cov6" title="3">{
+        if obj == nil </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov0" title="0">reqClient, ok := rawClient.(interface{ Requestor() syrequest.Requester })
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not expose requestor")
+        <span class="cov6" title="3">authzMap := syfoncommon.AuthzMapFromScope(org, project)
+        if len(authzMap) == 0 </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov0" title="0">syfonClient, ok := rawClient.(syfonclient.SyfonClient)
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not implement syfonclient.SyfonClient")
+        <span class="cov6" title="3">next := append([]string(nil), derefStringSlice(obj.ControlledAccess)...)
+        next = append(next, syfoncommon.AuthzMapToControlledAccess(authzMap)...)
+        normalized := syfoncommon.NormalizeAccessResources(next)
+        if len(normalized) == 0 </span><span class="cov0" title="0">{
+                return
         }</span>
+        <span class="cov6" title="3">obj.ControlledAccess = &amp;normalized</span>
+}
 
-        <span class="cov0" title="0">uploadConcurrency := int(gitrepo.GetGitConfigInt("lfs.concurrenttransfers", 4))
-        if uploadConcurrency &lt; 1 </span><span class="cov0" title="0">{
-                uploadConcurrency = 1
+func derefStringSlice(ptr *[]string) []string <span class="cov10" title="6">{
+        if ptr == nil </span><span class="cov1" title="1">{
+                return nil
         }</span>
-
-        <span class="cov0" title="0">return &amp;GitContext{
-                Client:             syfonClient,
-                Requestor:          reqClient.Requestor(),
-                ProjectId:          projectID,
-                BucketName:         scope.Bucket,
-                Organization:       remote.GetOrganization(),
-                StoragePrefix:      scope.Prefix,
-                Upsert:             gitrepo.GetGitConfigBool("drs.upsert", false),
-                MultiPartThreshold: int64(gitrepo.GetGitConfigInt("drs.multipart-threshold", 5120)) * 1024 * 1024,
-                UploadConcurrency:  uploadConcurrency,
-                Logger:             logger,
-                Credential:         &amp;profileConfig,
-        }, nil</span>
+        <span class="cov9" title="5">return append([]string(nil), (*ptr)...)</span>
 }
-
-func localRemoteFromGen3(gen3 *Gen3Remote, username string, password string) *LocalRemote <span class="cov0" title="0">{
-        return &amp;LocalRemote{
-                BaseURL:       gen3.Endpoint,
-                ProjectID:     gen3.ProjectID,
-                Bucket:        gen3.Bucket,
-                Organization:  gen3.Organization,
-                StoragePrefix: gen3.StoragePrefix,
-                BasicUsername: strings.TrimSpace(username),
-                BasicPassword: strings.TrimSpace(password),
-        }
-}</span>
 </pre>
 		
-		<pre class="file" id="file35" style="display: none">// go
-package drslog
+		<pre class="file" id="file48" style="display: none">package drsobject
 
 import (
-        "io"
-        "log/slog"
-        "os"
-        "path/filepath"
-        "runtime/debug"
-        "strconv"
+        "fmt"
+        "net/url"
         "strings"
-        "sync"
-
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/gitrepo"
 
-        "github.com/calypr/syfon/client/logs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/google/uuid"
 )
 
-var globalLogger *slog.Logger
-var globalLogFile io.Closer
-var globalLoggerOnce sync.Once
-var globalLoggerMu sync.RWMutex
-var GIT_TRANSFER_TRACE int
-var modulePathSuffixOnce sync.Once
-var modulePathSuffixValue string
-var repoRootOnce sync.Once
-var repoRootValue string
+// UUIDNamespace is the legacy deterministic UUID namespace used to derive
+// local DRS IDs from "&lt;projectID&gt;:&lt;sha256&gt;". It intentionally uses the DNS
+// namespace UUID value because existing deployed git-drs records were generated
+// with this exact namespace. Do not change it without a DRS ID migration plan.
+var UUIDNamespace = uuid.MustParse("6ba7b810-9dad-11d1-80b4-00c04fd430c8")
 
-const (
-        levelDebugStr   = "DEBUG"
-        levelInfoStr    = "INFO"
-        levelWarnStr    = "WARN"
-        levelWarningStr = "WARNING"
-        levelErrorStr   = "ERROR"
-)
+func NormalizeChecksum(raw string) string <span class="cov10" title="2">{
+        raw = strings.TrimSpace(raw)
+        raw = strings.TrimPrefix(raw, "sha256:")
+        return strings.TrimSpace(raw)
+}</span>
 
-// init initializes package-level settings from the environment.
-//
-// Documented calls inside:
-//   - os.Getenv("GIT_TRANSFER_TRACE")
-//     Reads environment variable to optionally enable trace logging.
-//   - strconv.Atoi(envValue)
-//     Parses the numeric env value.
-//
-// Side-effects:
-// - sets package variable GIT_TRANSFER_TRACE.
-// Typical callers:
-// - runtime automatically invokes init(); no external callers needed.
-func init() <span class="cov1" title="1">{
-        GIT_TRANSFER_TRACE = 0
-        if envValue := os.Getenv("GIT_TRANSFER_TRACE"); envValue != "" </span><span class="cov0" title="0">{
-                if parsed, err := strconv.Atoi(envValue); err == nil </span><span class="cov0" title="0">{
-                        GIT_TRANSFER_TRACE = parsed
-                }</span>
-        }
+func NormalizeOid(raw string) string <span class="cov0" title="0">{
+        return NormalizeChecksum(raw)
+}</span>
+
+type Builder struct {
+        Bucket        string
+        Project       string
+        Organization  string
+        StoragePrefix string
+        Provider      string
+        AccessScheme  string
 }
 
-// TraceEnabled returns whether transfer trace logging is enabled.
-//
-// Documented calls inside:
-// - reads package variable GIT_TRANSFER_TRACE.
-// Typical callers:
-// - logging setup and callsites that want to be verbose only when trace is enabled.
-func TraceEnabled() bool <span class="cov4" title="2">{
-        return GIT_TRANSFER_TRACE == 1
+func NewBuilder(bucket, project string) Builder <span class="cov0" title="0">{
+        return Builder{Bucket: bucket, Project: project}
 }</span>
 
-// NewLogger creates and installs a global slog.Logger that writes to the specified file
-// and optionally to stderr. It is safe to call multiple times; the first successful call
-// establishes the global logger.
-//
-// Documented calls inside:
-//   - projectdir.DRS_DIR usage
-//     Uses projectdir.DRS_DIR to create log directory.
-//   - os.MkdirAll(projectdir.DRS_DIR, 0755)
-//     Ensures the directory exists; returns error on failure.
-//   - filepath.Join(projectdir.DRS_DIR, "git-drs.log")
-//     Constructs default filename when none provided.
-//   - os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
-//     Opens/creates the log file (returns *os.File).
-//   - io.MultiWriter(writers...)
-//     Combines file and optionally os.Stderr into a single Writer.
-//   - slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{...})
-//     Creates the text handler for slog that writes to the combined writer.
-//   - slog.New(handler).With("pid", os.Getpid())
-//     Builds the logger and attaches pid attribute.
-//   - globalLoggerMu.Lock()/Unlock()
-//     Protects globalLogFile and globalLogger assignment.
-//
-// Side-effects:
-// - sets package-level globalLogger and globalLogFile.
-// Typical callers:
-// - application startup code that wants to initialize logging (e.g. main).
-func NewLogger(filename string, logToStderr bool) (*slog.Logger, error) <span class="cov4" title="2">{
-        var writers []io.Writer
+func (b Builder) Build(fileName string, checksum string, size int64, drsID string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
+        prefix := strings.Trim(strings.TrimSpace(b.StoragePrefix), "/")
+        return BuildWithPrefix(fileName, checksum, size, drsID, b.Bucket, b.Organization, b.Project, prefix)
+}</span>
 
-        if filename == "" </span><span class="cov1" title="1">{
-                // create drs dir if it doesn't exist
-                if err := os.MkdirAll(common.DRS_DIR, 0755); err != nil </span><span class="cov0" title="0">{
-                        return nil, err
-                }</span>
+func BuildWithPrefix(fileName string, checksum string, size int64, drsID string, bucket string, org string, project string, prefix string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
+        return BuildWithOptions(fileName, checksum, size, drsID, LocationOptions{
+                Bucket:        bucket,
+                Organization:  org,
+                Project:       project,
+                StoragePrefix: prefix,
+        })
+}</span>
+
+func ConvertToCandidate(obj *drsapi.DrsObject) drsapi.DrsObjectCandidate <span class="cov0" title="0">{
+        if obj == nil </span><span class="cov0" title="0">{
+                return drsapi.DrsObjectCandidate{}
+        }</span>
+        <span class="cov0" title="0">return drsapi.DrsObjectCandidate{
+                AccessMethods:    obj.AccessMethods,
+                Aliases:          obj.Aliases,
+                Checksums:        obj.Checksums,
+                Contents:         obj.Contents,
+                ControlledAccess: obj.ControlledAccess,
+                Description:      obj.Description,
+                MimeType:         obj.MimeType,
+                Name:             obj.Name,
+                Size:             obj.Size,
+                Version:          obj.Version,
+        }</span>
+}
+
+type LocationOptions struct {
+        Bucket        string
+        Organization  string
+        Project       string
+        StoragePrefix string
+        Provider      string
+        AccessScheme  string
+}
 
-                <span class="cov1" title="1">filename = filepath.Join(common.DRS_DIR, "git-drs.log")</span>
+func BuildWithOptions(fileName string, checksum string, size int64, drsID string, opts LocationOptions) (*drsapi.DrsObject, error) <span class="cov10" title="2">{
+        checksum = NormalizeChecksum(checksum)
+        if checksum == "" </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("checksum is required")
+        }</span>
+
+        <span class="cov10" title="2">obj := &amp;drsapi.DrsObject{
+                Id:      drsID,
+                SelfUri: "drs://" + drsID,
+                Size:    size,
+                Name:    &amp;fileName,
+                Checksums: []drsapi.Checksum{
+                        {Type: "sha256", Checksum: checksum},
+                },
         }
 
-        <span class="cov4" title="2">file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+        if opts.Bucket == "" </span><span class="cov0" title="0">{
+                return obj, nil
+        }</span>
+
+        <span class="cov10" title="2">prefix := strings.Trim(strings.TrimSpace(opts.StoragePrefix), "/")
+
+        accessURL, methodType, err := BuildAccessURL(opts.Bucket, prefix, checksum, opts.Provider, opts.AccessScheme)
         if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
-        <span class="cov4" title="2">writers = append(writers, file)
 
-        if logToStderr </span><span class="cov0" title="0">{
-                writers = append(writers, os.Stderr)
+        <span class="cov10" title="2">am := drsapi.AccessMethod{
+                Type: drsapi.AccessMethodType(methodType),
+                AccessUrl: &amp;struct {
+                        Headers *[]string `json:"headers,omitempty"`
+                        Url     string    `json:"url"`
+                }{Url: accessURL},
+        }
+        ams := []drsapi.AccessMethod{am}
+        obj.AccessMethods = &amp;ams
+        if authzMap := syfoncommon.AuthzMapFromScope(opts.Organization, opts.Project); authzMap != nil </span><span class="cov10" title="2">{
+                controlled := syfoncommon.AuthzMapToControlledAccess(authzMap)
+                obj.ControlledAccess = &amp;controlled
         }</span>
+        <span class="cov10" title="2">return obj, nil</span>
+}
 
-        <span class="cov4" title="2">multiWriter := io.MultiWriter(writers...)
+func BuildAccessURL(bucket string, prefix string, key string, provider string, accessScheme string) (string, string, error) <span class="cov10" title="2">{
+        bucket = strings.TrimSpace(bucket)
+        key = strings.Trim(strings.TrimSpace(key), "/")
+        if bucket == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("bucket is required")
+        }</span>
+        <span class="cov10" title="2">if key == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("key is required")
+        }</span>
 
-        handler := slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{
-                AddSource:   true,
-                Level:       resolveLogLevel(),
-                ReplaceAttr: replaceSourceAttr,
-        })
-        core := slog.New(logs.NewProgressHandler(handler)).With("pid", os.Getpid())
+        <span class="cov10" title="2">scheme := strings.TrimSuffix(strings.ToLower(strings.TrimSpace(accessScheme)), "://")
+        if scheme == "" </span><span class="cov10" title="2">{
+                scheme = schemeFromProvider(provider)
+        }</span>
 
-        globalLoggerMu.Lock()
-        globalLogFile = file
-        globalLogger = core
-        globalLoggerMu.Unlock()
+        <span class="cov10" title="2">if u, err := url.Parse(bucket); err == nil &amp;&amp; u.Scheme != "" </span><span class="cov0" title="0">{
+                scheme = strings.ToLower(u.Scheme)
+                bucket = u.Host
+                basePath := strings.Trim(u.Path, "/")
+                if basePath != "" </span><span class="cov0" title="0">{
+                        if prefix == "" </span><span class="cov0" title="0">{
+                                prefix = basePath
+                        }</span> else<span class="cov0" title="0"> {
+                                prefix = strings.Trim(basePath+"/"+strings.Trim(prefix, "/"), "/")
+                        }</span>
+                }
+        }
 
-        return globalLogger, nil</span>
+        <span class="cov10" title="2">if scheme == "" </span><span class="cov0" title="0">{
+                scheme = "s3"
+        }</span>
+        <span class="cov10" title="2">methodType := accessMethodTypeForScheme(scheme)
+        path := key
+        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
+        if prefix != "" </span><span class="cov1" title="1">{
+                path = prefix + "/" + key
+        }</span>
+        <span class="cov10" title="2">return fmt.Sprintf("%s://%s/%s", scheme, bucket, path), methodType, nil</span>
 }
 
-// GetLogger returns the global logger, initializing a no-op logger on first access.
-//
-// Documented calls inside:
-//   - globalLoggerOnce.Do(func() { ... })
-//     Ensures initialization runs only once.
-//   - NewNoOpLogger()
-//     Creates a logger that discards output if no global logger was set.
-//
-// Typical callers:
-// - any package code that needs access to the package-level logger.
-func GetLogger() *slog.Logger <span class="cov1" title="1">{
-        globalLoggerOnce.Do(func() </span><span class="cov1" title="1">{
-                if globalLogger == nil </span><span class="cov0" title="0">{
-                        globalLogger = NewNoOpLogger()
-                }</span>
-        })
-        <span class="cov1" title="1">return globalLogger</span>
+func schemeFromProvider(provider string) string <span class="cov10" title="2">{
+        switch strings.ToLower(strings.TrimSpace(provider)) </span>{
+        case "", "s3", "aws", "minio":<span class="cov10" title="2">
+                return "s3"</span>
+        case "gcs", "gcp", "google", "gs":<span class="cov0" title="0">
+                return "gs"</span>
+        case "azure", "azblob", "blob":<span class="cov0" title="0">
+                return "az"</span>
+        default:<span class="cov0" title="0">
+                return strings.TrimSuffix(strings.ToLower(strings.TrimSpace(provider)), "://")</span>
+        }
 }
 
-// Close closes the active log file if one was opened.
-//
-// Documented calls inside:
-//   - globalLoggerMu.Lock()/Unlock()
-//     Protects access to globalLogFile.
-//   - globalLogFile.Close()
-//     Closes the underlying file and returns any error.
-//
-// Side-effects:
-// - sets globalLogFile to nil.
-// Typical callers:
-// - application shutdown code or tests that want to release file handles.
-func Close() error <span class="cov4" title="2">{
-        globalLoggerMu.Lock()
-        defer globalLoggerMu.Unlock()
-        if globalLogFile != nil </span><span class="cov4" title="2">{
-                err := globalLogFile.Close()
-
-                globalLogFile = nil
-                return err
-        }</span>
-        <span class="cov0" title="0">return nil</span>
+func accessMethodTypeForScheme(scheme string) string <span class="cov10" title="2">{
+        switch strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://")) </span>{
+        case "gcs", "gs":<span class="cov0" title="0">
+                return string(drsapi.AccessMethodTypeGs)</span>
+        case "s3":<span class="cov10" title="2">
+                return string(drsapi.AccessMethodTypeS3)</span>
+        default:<span class="cov0" title="0">
+                return strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://"))</span>
+        }
 }
+</pre>
+		
+		<pre class="file" id="file49" style="display: none">package drsobject
 
-// NewNoOpLogger returns a logger that discards all output.
-//
-// Documented calls inside:
-//   - slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{Level: slog.LevelDebug})
-//     Creates a text handler writing to io.Discard.
-//   - slog.New(handler)
-//     Builds the logger.
-//
-// Typical callers:
-// - GetLogger on first access when no global logger was configured.
-// - tests that need a deterministic logger that produces no output.
-func NewNoOpLogger() *slog.Logger <span class="cov1" title="1">{
-        handler := slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{
-                Level: slog.LevelDebug,
-        })
-        return slog.New(logs.NewProgressHandler(handler))
-}</span>
+import (
+        "fmt"
+        "os"
+        "path/filepath"
+        "strings"
 
-// resolveLogLevel determines the effective log level.
-//
-// Documented calls inside:
-//   - TraceEnabled()
-//     If trace is enabled, returns Debug level immediately.
-//   - readLogLevelFromGitConfig()
-//     Attempts to read configured level from git config; returns level and ok.
-//   - defaults to slog.LevelInfo when nothing else matches.
-//
-// Typical callers:
-// - NewLogger -&gt; used when creating slog.HandlerOptions.Level.
-func resolveLogLevel() slog.Level <span class="cov4" title="2">{
-        if TraceEnabled() </span><span class="cov0" title="0">{
-                return slog.LevelDebug
-        }</span>
+        "github.com/bytedance/sonic"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
 
-        <span class="cov4" title="2">level, ok := readLogLevelFromGitConfig()
-        if ok </span><span class="cov0" title="0">{
-                return level
+func objectPath(basePath string, oid string) (string, error) <span class="cov10" title="3">{
+        oid = strings.TrimPrefix(oid, "sha256:")
+        if len(oid) != 64 </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("error: %s is not a valid sha256 hash", oid)
         }</span>
-
-        <span class="cov4" title="2">return slog.LevelInfo</span>
+        <span class="cov6" title="2">return filepath.Join(basePath, oid[:2], oid[2:4], oid), nil</span>
 }
 
-// readLogLevelFromGitConfig queries git configuration for a custom log level.
-//
-// Documented calls inside:
-//   - exec.Command("git", "config", "--get", "drs.loglevel")
-//     Constructs the command to query git config.
-//   - cmd.Output()
-//     Executes the command and returns raw output or an error.
-//   - strings.TrimSpace(string(output))
-//     Trims whitespace/newlines from git output.
-//   - parseLogLevel(value)
-//     Parses the trimmed value into a slog.Level.
-//
-// Behavior:
-// - On any error or empty output, returns (slog.LevelInfo, false) to indicate no valid config was found.
-// Typical callers:
-// - resolveLogLevel when initializing a logger.
-func readLogLevelFromGitConfig() (slog.Level, bool) <span class="cov4" title="2">{
-        val, err := gitrepo.GetGitConfigString("drs.loglevel")
-        if err != nil || val == "" </span><span class="cov4" title="2">{
-                return slog.LevelInfo, false
+func WriteObject(basePath string, drsObj *drsapi.DrsObject, oid string) error <span class="cov1" title="1">{
+        drsObjBytes, err := sonic.ConfigFastest.Marshal(drsObj)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error marshalling DRS object for oid %s: %v", oid, err)
         }</span>
 
-        <span class="cov0" title="0">parsed, ok := parseLogLevel(val)
-        if !ok </span><span class="cov0" title="0">{
-                return slog.LevelInfo, false
+        <span class="cov1" title="1">drsObjPath, err := objectPath(basePath, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov1" title="1">if err := os.MkdirAll(filepath.Dir(drsObjPath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error creating directory for %s: %v", drsObjPath, err)
         }</span>
-        <span class="cov0" title="0">return parsed, true</span>
-}
-
-// parseLogLevel maps textual level names to slog.Level.
-//
-// Documented calls inside:
-//   - strings.ToUpper(strings.TrimSpace(value))
-//     Normalizes the input for comparison.
-//   - switch on normalized value to return corresponding slog.Level constants.
-//
-// Typical callers:
-// - readLogLevelFromGitConfig
-// - resolveLogLevel indirectly.
 
-func parseLogLevel(value string) (slog.Level, bool) <span class="cov0" title="0">{
-        switch strings.ToUpper(strings.TrimSpace(value)) </span>{
-        case levelDebugStr:<span class="cov0" title="0">
-                return slog.LevelDebug, true</span>
-        case levelInfoStr:<span class="cov0" title="0">
-                return slog.LevelInfo, true</span>
-        case levelWarnStr, levelWarningStr:<span class="cov0" title="0">
-                return slog.LevelWarn, true</span>
-        case levelErrorStr:<span class="cov0" title="0">
-                return slog.LevelError, true</span>
-        default:<span class="cov0" title="0">
-                return slog.LevelDebug, false</span>
-        }
+        <span class="cov1" title="1">if err := os.WriteFile(drsObjPath, drsObjBytes, 0o644); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error writing %s: %v", drsObjPath, err)
+        }</span>
+        <span class="cov1" title="1">return nil</span>
 }
 
-// replaceSourceAttr rewrites the slog.Source attr to a shorter path suitable for logs.
-//
-// Documented calls inside:
-//   - attr.Key comparison with slog.SourceKey
-//     Determines whether the attribute is the source attribute.
-//   - attr.Value.Any().(*slog.Source)
-//     Retrieves and type-asserts the attribute value to *slog.Source.
-//   - formatSourcePath(source.File)
-//     Formats the file path according to module or repo root heuristics.
-//   - attr.Value = slog.AnyValue(source)
-//     Replaces attribute value with modified source.
-//
-// Typical callers:
-// - passed as ReplaceAttr to slog.HandlerOptions in NewLogger.
-func replaceSourceAttr(_ []string, attr slog.Attr) slog.Attr <span class="cov10" title="6">{
-        if attr.Key != slog.SourceKey </span><span class="cov9" title="5">{
-                return attr
+func ReadObject(basePath string, oid string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        path, err := objectPath(basePath, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error getting object path for oid %s: %v", oid, err)
+        }</span>
+
+        <span class="cov1" title="1">drsObjBytes, err := os.ReadFile(path)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error reading DRS object for oid %s: %v", oid, err)
         }</span>
-        <span class="cov1" title="1">source, ok := attr.Value.Any().(*slog.Source)
-        if !ok || source == nil </span><span class="cov0" title="0">{
-                return attr
+
+        <span class="cov1" title="1">var drsObject drsapi.DrsObject
+        if err := sonic.ConfigFastest.Unmarshal(drsObjBytes, &amp;drsObject); err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error unmarshaling DRS object for oid %s: %v", oid, err)
         }</span>
-        <span class="cov1" title="1">source.File = formatSourcePath(source.File)
-        attr.Value = slog.AnyValue(source)
-        return attr</span>
-}
 
-// formatSourcePath shortens file paths using module suffix or repo root heuristics.
-//
-// Documented calls inside:
-//   - filepath.ToSlash(path)
-//     Normalizes OS-specific separators to forward slashes.
-//   - modulePathSuffix()
-//     Gets the module path suffix (derived from build info).
-//   - strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
-//     Normalizes module suffix.
-//   - strings.Index(pathSlash, "/"+moduleSuffixSlash+"/")
-//     Searches for module suffix within the path to trim leading segments.
-//   - strings.HasPrefix(pathSlash, moduleSuffixSlash+"/")
-//     Handles case where path already starts with module suffix.
-//   - repoRootPath()
-//     Attempts to resolve the repository root (by locating go.mod).
-//   - strings.HasPrefix(pathSlash, repoRootSlash+"/")
-//     Trims repository-root prefix to produce a relative path.
-//   - filepath.ToSlash(filepath.Join(moduleSuffix, rel))
-//     Reconstructs path when combining module suffix and relative path.
-//
-// Typical callers:
-// - replaceSourceAttr when rewriting source file paths for log output.
-func formatSourcePath(path string) string <span class="cov1" title="1">{
-        pathSlash := filepath.ToSlash(path)
-        moduleSuffix := modulePathSuffix()
-        if moduleSuffix != "" </span><span class="cov1" title="1">{
-                moduleSuffixSlash := strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
-                if idx := strings.Index(pathSlash, "/"+moduleSuffixSlash+"/"); idx &gt;= 0 </span><span class="cov0" title="0">{
-                        return pathSlash[idx+1:]
-                }</span>
-                <span class="cov1" title="1">if strings.HasPrefix(pathSlash, moduleSuffixSlash+"/") </span><span class="cov0" title="0">{
-                        return pathSlash
-                }</span>
-        }
-        <span class="cov1" title="1">repoRoot := repoRootPath()
-        if repoRoot != "" </span><span class="cov1" title="1">{
-                repoRootSlash := filepath.ToSlash(repoRoot)
-                if strings.HasPrefix(pathSlash, repoRootSlash+"/") </span><span class="cov1" title="1">{
-                        rel := strings.TrimPrefix(pathSlash, repoRootSlash+"/")
-                        if moduleSuffix != "" </span><span class="cov1" title="1">{
-                                return filepath.ToSlash(filepath.Join(moduleSuffix, rel))
-                        }</span>
-                        <span class="cov0" title="0">return rel</span>
-                }
-        }
-        <span class="cov0" title="0">return pathSlash</span>
+        <span class="cov1" title="1">return &amp;drsObject, nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file50" style="display: none">package drsremote
 
-// modulePathSuffix returns the module path suffix derived from build info.
-//
-// Documented calls inside:
-//   - runtime/debug.ReadBuildInfo()
-//     Reads build info at runtime; used to extract Main.Path.
-//   - strings.Split(info.Main.Path, "/")
-//     Splits module path to drop the first element (typically hostname).
-//
-// Side-effects:
-// - caches computed value via modulePathSuffixOnce.
-// Typical callers:
-// - formatSourcePath to help shorten file paths.
-func modulePathSuffix() string <span class="cov1" title="1">{
-        modulePathSuffixOnce.Do(func() </span><span class="cov1" title="1">{
-                if info, ok := debug.ReadBuildInfo(); ok &amp;&amp; info.Main.Path != "" </span><span class="cov1" title="1">{
-                        parts := strings.Split(info.Main.Path, "/")
-                        if len(parts) &gt; 1 </span><span class="cov1" title="1">{
-                                modulePathSuffixValue = strings.Join(parts[1:], "/")
-                        }</span>
+import (
+        "strings"
+
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+func bulkAccessRequest(objects []drsapi.DrsObject) (drsapi.BulkObjectAccessId, bool) <span class="cov8" title="1">{
+        req := drsapi.BulkObjectAccessId{}
+        items := make([]struct {
+                BulkAccessIds *[]string `json:"bulk_access_ids,omitempty"`
+                BulkObjectId  *string   `json:"bulk_object_id,omitempty"`
+        }, 0, len(objects))
+
+        for _, obj := range objects </span><span class="cov8" title="1">{
+                objectID := strings.TrimSpace(obj.Id)
+                accessID := accessIDForBulkRequest(obj)
+                if objectID == "" || accessID == "" </span><span class="cov0" title="0">{
+                        continue</span>
                 }
-        })
-        <span class="cov1" title="1">return modulePathSuffixValue</span>
+                <span class="cov8" title="1">objID := objectID
+                accessIDs := []string{accessID}
+                items = append(items, struct {
+                        BulkAccessIds *[]string `json:"bulk_access_ids,omitempty"`
+                        BulkObjectId  *string   `json:"bulk_object_id,omitempty"`
+                }{
+                        BulkAccessIds: &amp;accessIDs,
+                        BulkObjectId:  &amp;objID,
+                })</span>
+        }
+        <span class="cov8" title="1">if len(items) == 0 </span><span class="cov0" title="0">{
+                return req, false
+        }</span>
+        <span class="cov8" title="1">req.BulkObjectAccessIds = &amp;items
+        return req, true</span>
 }
 
-// repoRootPath attempts to locate the repository root by searching for go.mod upward.
-//
-// Documented calls inside:
-//   - os.Getwd()
-//     Retrieves current working directory as a starting point.
-//   - os.Stat(filepath.Join(dir, "go.mod"))
-//     Checks for presence of go.mod in each directory while walking up.
-//   - filepath.Dir(dir)
-//     Moves up one directory level on each iteration.
-//
-// Side-effects:
-// - caches resolved repo root via repoRootOnce.
-// Typical callers:
-// - formatSourcePath when computing shorter file paths for logs.
-func repoRootPath() string <span class="cov1" title="1">{
-        repoRootOnce.Do(func() </span><span class="cov1" title="1">{
-                cwd, err := os.Getwd()
-                if err != nil </span><span class="cov0" title="0">{
-                        return
+func accessIDForBulkRequest(obj drsapi.DrsObject) string <span class="cov8" title="1">{
+        if obj.AccessMethods == nil </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+        <span class="cov8" title="1">for _, method := range *obj.AccessMethods </span><span class="cov8" title="1">{
+                if method.AccessId != nil &amp;&amp; strings.TrimSpace(*method.AccessId) != "" </span><span class="cov8" title="1">{
+                        return strings.TrimSpace(*method.AccessId)
                 }</span>
-                <span class="cov1" title="1">dir := cwd
-                for </span><span class="cov6" title="3">{
-                        if _, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil </span><span class="cov1" title="1">{
-                                repoRootValue = dir
-                                return
-                        }</span>
-                        <span class="cov4" title="2">parent := filepath.Dir(dir)
-                        if parent == dir </span><span class="cov0" title="0">{
-                                return
-                        }</span>
-                        <span class="cov4" title="2">dir = parent</span>
-                }
-        })
-        <span class="cov1" title="1">return repoRootValue</span>
+        }
+        <span class="cov0" title="0">return ""</span>
 }
 </pre>
 		
-		<pre class="file" id="file36" style="display: none">package drslookup
+		<pre class="file" id="file51" style="display: none">package drsremote
 
 import (
         "context"
         "fmt"
+        "io"
+        "log/slog"
         "net/http"
-        "net/url"
+        "os"
+        "path/filepath"
         "strings"
 
-        "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsobject"
         drsapi "github.com/calypr/syfon/apigen/client/drs"
+        "github.com/calypr/syfon/client/request"
+        "github.com/calypr/syfon/client/transfer"
+        sydownload "github.com/calypr/syfon/client/transfer/download"
 )
 
-func ObjectsByHash(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
-        if drsCtx == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
+func ObjectsByHash(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov4" title="2">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
                 return nil, fmt.Errorf("DRS client unavailable")
         }</span>
-        <span class="cov0" title="0">checksum = normalizeChecksum(checksum)
+        <span class="cov4" title="2">checksum = drsobject.NormalizeChecksum(checksum)
         if checksum == "" </span><span class="cov0" title="0">{
                 return nil, nil
         }</span>
-        <span class="cov0" title="0">var out drsapi.N200OkDrsObjects
-        path := "/ga4gh/drs/v1/objects/checksum/" + url.PathEscape(checksum)
-        if err := drsCtx.Requestor.Do(ctx, http.MethodGet, path, nil, &amp;out); err != nil </span><span class="cov0" title="0">{
+        <span class="cov4" title="2">page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, []string{checksum})
+        if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
-        <span class="cov0" title="0">if out.ResolvedDrsObject == nil </span><span class="cov0" title="0">{
-                return nil, nil
+        <span class="cov4" title="2">return page.DrsObjects, nil</span>
+}
+
+func ObjectsByHashes(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) <span class="cov1" title="1">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("DRS client unavailable")
+        }</span>
+        <span class="cov1" title="1">normalizedToOriginal := make(map[string]string, len(checksums))
+        queryChecksums := make([]string, 0, len(checksums))
+        for _, checksum := range checksums </span><span class="cov4" title="2">{
+                normalized := drsobject.NormalizeChecksum(checksum)
+                if normalized == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">if _, exists := normalizedToOriginal[normalized]; exists </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">normalizedToOriginal[normalized] = checksum
+                queryChecksums = append(queryChecksums, normalized)</span>
+        }
+        <span class="cov1" title="1">if len(queryChecksums) == 0 </span><span class="cov0" title="0">{
+                return map[string][]drsapi.DrsObject{}, nil
+        }</span>
+
+        <span class="cov1" title="1">page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, queryChecksums)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov1" title="1">results := make(map[string][]drsapi.DrsObject, len(normalizedToOriginal))
+        for normalized, original := range normalizedToOriginal </span><span class="cov4" title="2">{
+                results[original] = nil
+                results[normalized] = nil
         }</span>
-        <span class="cov0" title="0">return *out.ResolvedDrsObject, nil</span>
+        <span class="cov1" title="1">for _, obj := range page.DrsObjects </span><span class="cov6" title="3">{
+                for _, checksum := range obj.Checksums </span><span class="cov6" title="3">{
+                        if checksum.Type == "" || checksum.Checksum == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="3">normalized := drsobject.NormalizeChecksum(fmt.Sprintf("%s:%s", checksum.Type, checksum.Checksum))
+                        if normalized == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="3">original, ok := normalizedToOriginal[normalized]
+                        if !ok </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="3">results[original] = append(results[original], obj)
+                        if original != normalized </span><span class="cov6" title="3">{
+                                results[normalized] = append(results[normalized], obj)
+                        }</span>
+                }
+        }
+
+        <span class="cov1" title="1">return results, nil</span>
 }
 
-func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
+func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov4" title="2">{
         objects, err := ObjectsByHash(ctx, drsCtx, checksum)
         if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
-        <span class="cov0" title="0">result := make([]drsapi.DrsObject, 0, len(objects))
-        for _, obj := range objects </span><span class="cov0" title="0">{
-                if MatchesScope(&amp;obj, drsCtx.Organization, drsCtx.ProjectId) </span><span class="cov0" title="0">{
+        <span class="cov4" title="2">result := make([]drsapi.DrsObject, 0, len(objects))
+        for _, obj := range objects </span><span class="cov7" title="4">{
+                if MatchesScope(&amp;obj, drsCtx.Organization, drsCtx.ProjectId) </span><span class="cov7" title="4">{
                         result = append(result, obj)
                 }</span>
         }
-        <span class="cov0" title="0">return result, nil</span>
+        <span class="cov4" title="2">return result, nil</span>
+}
+
+func ObjectsByHashesForScope(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) <span class="cov1" title="1">{
+        objectsByChecksum, err := ObjectsByHashes(ctx, drsCtx, checksums)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">results := make(map[string][]drsapi.DrsObject, len(objectsByChecksum))
+        for checksum, objects := range objectsByChecksum </span><span class="cov7" title="4">{
+                filtered := make([]drsapi.DrsObject, 0, len(objects))
+                for _, obj := range objects </span><span class="cov10" title="6">{
+                        if MatchesScope(&amp;obj, drsCtx.Organization, drsCtx.ProjectId) </span><span class="cov7" title="4">{
+                                filtered = append(filtered, obj)
+                        }</span>
+                }
+                <span class="cov7" title="4">results[checksum] = filtered</span>
+        }
+        <span class="cov1" title="1">return results, nil</span>
 }
 
-func AccessURLForHashScope(ctx context.Context, drsCtx *config.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) <span class="cov0" title="0">{
+func AccessURLForHashScope(ctx context.Context, drsCtx *config.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) <span class="cov1" title="1">{
         records, err := ObjectsByHashForScope(ctx, drsCtx, checksum)
         if err != nil </span><span class="cov0" title="0">{
                 return nil, nil, err
         }</span>
-        <span class="cov0" title="0">if len(records) == 0 </span><span class="cov0" title="0">{
-                return nil, nil, fmt.Errorf("no matching DRS record found for oid %s", normalizeChecksum(checksum))
+        <span class="cov1" title="1">if len(records) == 0 </span><span class="cov0" title="0">{
+                return nil, nil, fmt.Errorf("no matching DRS record found for oid %s", drsobject.NormalizeChecksum(checksum))
         }</span>
-        <span class="cov0" title="0">match := records[0]
+        <span class="cov1" title="1">match := records[0]
         if match.AccessMethods == nil || len(*match.AccessMethods) == 0 </span><span class="cov0" title="0">{
                 return nil, nil, fmt.Errorf("no access methods available for DRS object %s", match.Id)
         }</span>
-        <span class="cov0" title="0">accessType := (*match.AccessMethods)[0].Type
+        <span class="cov1" title="1">accessType := (*match.AccessMethods)[0].Type
         if accessType == "" </span><span class="cov0" title="0">{
                 return nil, nil, fmt.Errorf("no access type found in access method for DRS object %s", match.Id)
         }</span>
-        <span class="cov0" title="0">accessURL, err := drsCtx.Client.DRS().GetAccessURL(ctx, match.Id, string(accessType))
+        <span class="cov1" title="1">accessURL, err := drsCtx.Client.DRS().GetAccessURL(ctx, match.Id, string(accessType))
         if err != nil </span><span class="cov0" title="0">{
                 return nil, nil, err
         }</span>
-        <span class="cov0" title="0">return &amp;accessURL, &amp;match, nil</span>
+        <span class="cov1" title="1">return &amp;accessURL, &amp;match, nil</span>
 }
 
-func BulkAccessURLsForObjects(ctx context.Context, drsCtx *config.GitContext, objects []drsapi.DrsObject) (map[string]drsapi.AccessURL, error) <span class="cov8" title="1">{
-        if drsCtx == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
+func BulkAccessURLsForObjects(ctx context.Context, drsCtx *config.GitContext, objects []drsapi.DrsObject) (map[string]drsapi.AccessURL, error) <span class="cov1" title="1">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
                 return nil, fmt.Errorf("DRS client unavailable")
         }</span>
-
-        <span class="cov8" title="1">type bulkObjectAccessID struct {
-                BulkObjectID  string   `json:"bulk_object_id"`
-                BulkAccessIDs []string `json:"bulk_access_ids"`
-        }
-        req := struct {
-                BulkObjectAccessIDs []bulkObjectAccessID `json:"bulk_object_access_ids"`
-        }{}
-
-        for _, obj := range objects </span><span class="cov8" title="1">{
-                accessID := firstAccessID(obj)
-                if strings.TrimSpace(obj.Id) == "" || accessID == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov8" title="1">req.BulkObjectAccessIDs = append(req.BulkObjectAccessIDs, bulkObjectAccessID{
-                        BulkObjectID: strings.TrimSpace(obj.Id),
-                        BulkAccessIDs: []string{
-                                accessID,
-                        },
-                })</span>
-        }
-        <span class="cov8" title="1">if len(req.BulkObjectAccessIDs) == 0 </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">req, ok := bulkAccessRequest(objects)
+        if !ok </span><span class="cov0" title="0">{
                 return map[string]drsapi.AccessURL{}, nil
         }</span>
 
-        <span class="cov8" title="1">var resp struct {
-                ResolvedDrsObjectAccessURLs []drsapi.BulkAccessURL `json:"resolved_drs_object_access_urls"`
-        }
-        if err := drsCtx.Requestor.Do(ctx, http.MethodPost, "/ga4gh/drs/v1/objects/access", req, &amp;resp); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">resp, err := drsCtx.Client.DRSAPI().GetBulkAccessURLWithResponse(ctx, req)
+        if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
+        <span class="cov1" title="1">if resp.JSON200 == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("unexpected response: %d", resp.StatusCode())
+        }</span>
 
-        <span class="cov8" title="1">out := make(map[string]drsapi.AccessURL, len(resp.ResolvedDrsObjectAccessURLs))
-        for _, resolved := range resp.ResolvedDrsObjectAccessURLs </span><span class="cov8" title="1">{
-                objectID := strings.TrimSpace(stringPtrValue(resolved.DrsObjectId))
-                if objectID == "" || strings.TrimSpace(resolved.Url) == "" </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">out := map[string]drsapi.AccessURL{}
+        if resp.JSON200.ResolvedDrsObjectAccessUrls == nil </span><span class="cov0" title="0">{
+                return out, nil
+        }</span>
+        <span class="cov1" title="1">for _, resolved := range *resp.JSON200.ResolvedDrsObjectAccessUrls </span><span class="cov1" title="1">{
+                if resolved.DrsObjectId == nil </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov8" title="1">out[objectID] = drsapi.AccessURL{
-                        Headers: resolved.Headers,
-                        Url:     resolved.Url,
-                }</span>
+                <span class="cov1" title="1">objectID := *resolved.DrsObjectId
+                if strings.TrimSpace(objectID) == "" || strings.TrimSpace(resolved.Url) == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">out[strings.TrimSpace(objectID)] = drsapi.AccessURL{Headers: resolved.Headers, Url: resolved.Url}</span>
         }
-        <span class="cov8" title="1">return out, nil</span>
+        <span class="cov1" title="1">return out, nil</span>
 }
 
-func firstAccessID(obj drsapi.DrsObject) string <span class="cov8" title="1">{
-        if obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 </span><span class="cov0" title="0">{
-                return ""
+// DownloadToCachePath downloads the DRS object identified by oid to cachePath
+// using the project-scoped URL resolution preferred by git-drs.
+func DownloadToCachePath(ctx context.Context, drsCtx *config.GitContext, logger *slog.Logger, oid, cachePath string) error <span class="cov0" title="0">{
+        _ = logger
+        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("mkdir for cache path: %w", err)
         }</span>
-        <span class="cov8" title="1">method := (*obj.AccessMethods)[0]
-        if method.AccessId != nil &amp;&amp; strings.TrimSpace(*method.AccessId) != "" </span><span class="cov8" title="1">{
-                return strings.TrimSpace(*method.AccessId)
+
+        <span class="cov0" title="0">accessURL, match, err := AccessURLForHashScope(ctx, drsCtx, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">return strings.TrimSpace(string(method.Type))</span>
+        <span class="cov0" title="0">return downloadResolved(ctx, drsCtx, oid, cachePath, match, accessURL)</span>
 }
 
-func stringPtrValue(v *string) string <span class="cov8" title="1">{
-        if v == nil </span><span class="cov0" title="0">{
-                return ""
+func DownloadResolvedToCachePath(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error <span class="cov0" title="0">{
+        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("mkdir for cache path: %w", err)
+        }</span>
+        <span class="cov0" title="0">if obj == nil || accessURL == nil || accessURL.Url == "" </span><span class="cov0" title="0">{
+                return DownloadToCachePath(ctx, drsCtx, nil, oid, cachePath)
         }</span>
-        <span class="cov8" title="1">return *v</span>
+        <span class="cov0" title="0">return downloadResolved(ctx, drsCtx, oid, cachePath, obj, accessURL)</span>
 }
 
-func MatchesScope(obj *drsapi.DrsObject, organization, project string) bool <span class="cov0" title="0">{
-        if obj == nil || obj.AccessMethods == nil </span><span class="cov0" title="0">{
-                return false
+func DownloadResolvedToPath(ctx context.Context, drsCtx *config.GitContext, oid, dstPath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL, opts sydownload.DownloadOptions) error <span class="cov1" title="1">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("DRS client unavailable")
         }</span>
-        <span class="cov0" title="0">for _, method := range *obj.AccessMethods </span><span class="cov0" title="0">{
-                if method.Authorizations == nil </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">if common.AuthzMatchesScope(*method.Authorizations, organization, project) </span><span class="cov0" title="0">{
-                        return true
+        <span class="cov1" title="1">if obj == nil || accessURL == nil || strings.TrimSpace(accessURL.Url) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("resolved DRS object and access URL are required")
+        }</span>
+        <span class="cov1" title="1">src := &amp;resolvedSource{
+                requestor:    drsCtx.Client.Requestor(),
+                accessURL:    strings.TrimSpace(accessURL.Url),
+                expectedSize: obj.Size,
+        }
+        return sydownload.DownloadToPathWithOptions(ctx, src, oid, dstPath, opts)</span>
+}
+
+func downloadResolved(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error <span class="cov0" title="0">{
+        return DownloadResolvedToPath(ctx, drsCtx, oid, cachePath, obj, accessURL, sydownload.DownloadOptions{
+                MultipartThreshold: 5 * 1024 * 1024,
+                Concurrency:        2,
+                ChunkSize:          64 * 1024 * 1024,
+        })
+}</span>
+
+type resolvedSource struct {
+        requestor    request.Requester
+        accessURL    string
+        expectedSize int64
+}
+
+func (s *resolvedSource) Name() string <span class="cov0" title="0">{
+        return "resolved-url"
+}</span>
+
+func (s *resolvedSource) Logger() transfer.TransferLogger <span class="cov0" title="0">{
+        return transfer.NoOpLogger{}
+}</span>
+
+func (s *resolvedSource) Stat(ctx context.Context, guid string) (*transfer.ObjectMetadata, error) <span class="cov1" title="1">{
+        return &amp;transfer.ObjectMetadata{
+                Size:         s.expectedSize,
+                AcceptRanges: s.expectedSize &gt; 0,
+                Provider:     "drs",
+        }, nil
+}</span>
+
+func (s *resolvedSource) GetReader(ctx context.Context, guid string) (io.ReadCloser, error) <span class="cov1" title="1">{
+        return s.download(ctx, nil, nil)
+}</span>
+
+func (s *resolvedSource) GetRangeReader(ctx context.Context, guid string, offset, length int64) (io.ReadCloser, error) <span class="cov1" title="1">{
+        if length &lt;= 0 </span><span class="cov0" title="0">{
+                return s.download(ctx, nil, nil)
+        }</span>
+        <span class="cov1" title="1">end := offset + length - 1
+        return s.download(ctx, &amp;offset, &amp;end)</span>
+}
+
+func (s *resolvedSource) download(ctx context.Context, start, end *int64) (io.ReadCloser, error) <span class="cov4" title="2">{
+        resp, err := transfer.GenericDownload(ctx, s.requestor, s.accessURL, start, end)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov4" title="2">if start != nil &amp;&amp; resp.StatusCode == http.StatusOK </span><span class="cov1" title="1">{
+                resp.Body.Close()
+                return nil, transfer.ErrRangeIgnored
+        }</span>
+        <span class="cov1" title="1">return resp.Body, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file52" style="display: none">package drsremote
+
+import (
+        "fmt"
+        "strings"
+
+        drscommon "github.com/calypr/git-drs/internal/common"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        syfoncommon "github.com/calypr/syfon/common"
+)
+
+func MatchesScope(obj *drsapi.DrsObject, organization, project string) bool <span class="cov10" title="13">{
+        return syfoncommon.DrsObjectMatchesScope(obj, organization, project)
+}</span>
+
+func FindMatchingRecord(records []drsapi.DrsObject, organization, projectID string) (*drsapi.DrsObject, error) <span class="cov5" title="4">{
+        if len(records) == 0 </span><span class="cov3" title="2">{
+                return nil, nil
+        }</span>
+
+        <span class="cov3" title="2">org, project := drscommon.ParseOrgProject(strings.TrimSpace(organization), strings.TrimSpace(projectID))
+        if org == "" </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("could not determine organization from inputs org=%q project=%q", organization, projectID)
+        }</span>
+
+        <span class="cov3" title="2">for _, record := range records </span><span class="cov4" title="3">{
+                if MatchesScope(&amp;record, org, project) </span><span class="cov1" title="1">{
+                        return &amp;record, nil
                 }</span>
         }
-        <span class="cov0" title="0">return false</span>
+        <span class="cov1" title="1">return nil, nil</span>
 }
-
-func normalizeChecksum(raw string) string <span class="cov0" title="0">{
-        raw = strings.TrimSpace(raw)
-        raw = strings.TrimPrefix(raw, "sha256:")
-        return strings.TrimSpace(raw)
-}</span>
 </pre>
 		
-		<pre class="file" id="file37" style="display: none">package drsmap
-
-// Utilities to map between Git LFS files and DRS objects
+		<pre class="file" id="file53" style="display: none">package drstrack
 
 import (
-        "bytes"
-        "context"
-        "errors"
+        "bufio"
         "fmt"
-        "log/slog"
         "os"
-        "os/exec"
         "path/filepath"
         "strings"
-
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslookup"
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/calypr/git-drs/internal/precommit_cache"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
-        "github.com/google/uuid"
 )
 
-var drsUUIDNamespace = uuid.MustParse("6ba7b810-9dad-11d1-80b4-00c04fd430c8")
-
-// execCommand is a variable to allow mocking in tests
-var execCommandContext = exec.CommandContext
-
-func PushLocalDrsObjects(drsClient *config.GitContext, myLogger *slog.Logger) error <span class="cov0" title="0">{
-        // Gather all objects in .git/drs/lfs/objects store
-        drsLfsObjs, err := lfs.GetDrsLfsObjects(myLogger)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+// UpsertDRSRouteLines adds or updates .gitattributes lines of the form:
+//
+//        &lt;pattern&gt; drs.route=&lt;ro|rw&gt;
+func UpsertDRSRouteLines(gitattributesPath string, mode string, patterns []string) (changed bool, err error) <span class="cov8" title="3">{
+        mode = strings.ToLower(strings.TrimSpace(mode))
+        if mode != "ro" &amp;&amp; mode != "rw" </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("invalid mode %q", mode)
         }</span>
 
-        <span class="cov0" title="0">return SyncObjectsWithServer(drsClient, drsLfsObjs, myLogger)</span>
-}
-
-func SyncObjectsWithServer(drsClient *config.GitContext, drsObjects map[string]*drsapi.DrsObject, myLogger *slog.Logger) error <span class="cov0" title="0">{
-        if len(drsObjects) == 0 </span><span class="cov0" title="0">{
-                return nil
+        <span class="cov8" title="3">want := make(map[string]string, len(patterns))
+        order := make([]string, 0, len(patterns))
+        for _, p := range patterns </span><span class="cov8" title="3">{
+                p = strings.TrimSpace(p)
+                if p == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="3">if _, ok := want[p]; !ok </span><span class="cov8" title="3">{
+                        want[p] = p
+                        order = append(order, p)
+                }</span>
+        }
+        <span class="cov8" title="3">if len(order) == 0 </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("no patterns provided")
         }</span>
 
-        // 1. Bulk lookup all hashes on server.
-        <span class="cov0" title="0">hashes := make([]string, 0, len(drsObjects))
-        for h := range drsObjects </span><span class="cov0" title="0">{
-                hashes = append(hashes, h)
-        }</span>
-        <span class="cov0" title="0">bulkByHash := make(map[string][]drsapi.DrsObject, len(hashes))
-        for _, h := range hashes </span><span class="cov0" title="0">{
-                objects, err := drslookup.ObjectsByHash(context.Background(), drsClient, h)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("hash lookup failed for %s: %w", h, err)
-                }</span>
-                <span class="cov0" title="0">for _, obj := range objects </span><span class="cov0" title="0">{
-                        hInfo := hash.ConvertDrsChecksumsToHashInfo(obj.Checksums)
-                        if hInfo.SHA256 == "" </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov0" title="0">bulkByHash[hInfo.SHA256] = append(bulkByHash[hInfo.SHA256], obj)</span>
-                }
-        }
-
-        // 2. Identify missing records by hash.
-        <span class="cov0" title="0">missingRecords := make([]*drsapi.DrsObject, 0)
-        for h, localObj := range drsObjects </span><span class="cov0" title="0">{
-                foundOnServer := false
-                recs := bulkByHash[h]
-                if len(recs) &gt; 0 </span><span class="cov0" title="0">{
-                        // Check if any record matches our project.
-                        matched, _ := FindMatchingRecord(recs, drsClient.Organization, drsClient.ProjectId)
-                        foundOnServer = matched != nil
-                }</span>
-
-                <span class="cov0" title="0">if !foundOnServer </span><span class="cov0" title="0">{
-                        myLogger.Debug(fmt.Sprintf("Record missing on server for hash %s, adding to registration queue", h))
-                        missingRecords = append(missingRecords, localObj)
-                }</span>
-        }
-
-        // 3. Register missing records in one bulk request when possible.
-        <span class="cov0" title="0">if len(missingRecords) &gt; 0 </span><span class="cov0" title="0">{
-                myLogger.Info(fmt.Sprintf("Registering %d missing records", len(missingRecords)))
-                req := drsapi.RegisterObjectsJSONRequestBody{}
-                req.Candidates = make([]drsapi.DrsObjectCandidate, 0, len(missingRecords))
-                for _, obj := range missingRecords </span><span class="cov0" title="0">{
-                        candidate := drsapi.DrsObjectCandidate{
-                                AccessMethods: obj.AccessMethods,
-                                Aliases:       obj.Aliases,
-                                Checksums:     obj.Checksums,
-                                Contents:      obj.Contents,
-                                Description:   obj.Description,
-                                MimeType:      obj.MimeType,
-                                Name:          obj.Name,
-                                Size:          obj.Size,
-                                Version:       obj.Version,
-                        }
-                        req.Candidates = append(req.Candidates, candidate)
+        <span class="cov8" title="3">var lines []string
+        data, readErr := os.ReadFile(gitattributesPath)
+        if readErr == nil </span><span class="cov5" title="2">{
+                sc := bufio.NewScanner(strings.NewReader(string(data)))
+                for sc.Scan() </span><span class="cov8" title="3">{
+                        lines = append(lines, sc.Text())
                 }</span>
-                <span class="cov0" title="0">if _, err := drsClient.Client.DRS().RegisterObjects(context.Background(), req); err != nil </span><span class="cov0" title="0">{
-                        myLogger.Error(fmt.Sprintf("Failed to register records in bulk: %v", err))
-                        return fmt.Errorf("error in bulk registration: %v", err)
+                <span class="cov5" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
+                        return false, fmt.Errorf("read %s: %w", gitattributesPath, err)
                 }</span>
-        }
-
-        <span class="cov0" title="0">myLogger.Info(fmt.Sprintf("Successfully synced %d objects with server (registered %d new)", len(drsObjects), len(missingRecords)))
-        return nil</span>
-}
+        } else<span class="cov1" title="1"> if !os.IsNotExist(readErr) </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("read %s: %w", gitattributesPath, readErr)
+        }</span>
 
-func SyncFilesWithServer(drsClient *config.GitContext, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error <span class="cov0" title="0">{
-        objectsToSync := make(map[string]*drsapi.DrsObject)
-        for _, file := range lfsFiles </span><span class="cov0" title="0">{
-                obj, err := lfs.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-                if err == nil &amp;&amp; obj != nil </span><span class="cov0" title="0">{
-                        objectsToSync[file.Oid] = obj
+        <span class="cov8" title="3">seen := make(map[string]int)
+        for i, line := range lines </span><span class="cov8" title="3">{
+                pat, _, ok := parseRouteLine(line)
+                if ok </span><span class="cov5" title="2">{
+                        seen[pat] = i
                 }</span>
         }
-        <span class="cov0" title="0">return SyncObjectsWithServer(drsClient, objectsToSync, logger)</span>
-}
 
-func PullRemoteDrsObjects(drsClient *config.GitContext, logger *slog.Logger) error <span class="cov0" title="0">{
-        const pageSize = 1000
-        writtenObjs := 0
-        for pageNum := 1; ; pageNum++ </span><span class="cov0" title="0">{
-                page, err := drsClient.Client.DRS().ListObjectsByProject(context.Background(), drsClient.ProjectId, pageSize, pageNum)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">for _, obj := range page.DrsObjects </span><span class="cov0" title="0">{
-                        hashInfo := hash.ConvertDrsChecksumsToHashInfo(obj.Checksums)
-                        if hashInfo.SHA256 == "" </span><span class="cov0" title="0">{
-                                return fmt.Errorf("error: drs Object '%s' does not contain a sha256 checksum", obj.Id)
-                        }</span>
-                        <span class="cov0" title="0">oid := hashInfo.SHA256
-                        drsObjPath, err := GetObjectPath(common.DRS_OBJS_PATH, oid)
-                        if err != nil </span><span class="cov0" title="0">{
-                                return fmt.Errorf("error getting object path for oid %s: %v", oid, err)
+        <span class="cov8" title="3">for _, pat := range order </span><span class="cov8" title="3">{
+                newLine := fmt.Sprintf("%s drs.route=%s", pat, mode)
+                if idx, ok := seen[pat]; ok </span><span class="cov5" title="2">{
+                        if strings.TrimSpace(lines[idx]) != newLine </span><span class="cov1" title="1">{
+                                lines[idx] = newLine
+                                changed = true
                         }</span>
-                        <span class="cov0" title="0">if drsObjPath != "" &amp;&amp; oid != "" </span><span class="cov0" title="0">{
-                                writtenObjs++
-                                err = WriteDrsObj(&amp;obj, oid, drsObjPath)
-                                if err != nil </span><span class="cov0" title="0">{
-                                        return fmt.Errorf("error writing DRS object for oid %s: %v", oid, err)
-                                }</span>
-                        }
-                }
-                <span class="cov0" title="0">if len(page.DrsObjects) &lt; pageSize </span><span class="cov0" title="0">{
-                        break</span>
+                        <span class="cov5" title="2">continue</span>
                 }
+                <span class="cov1" title="1">lines = append(lines, newLine)
+                changed = true</span>
         }
-        <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Wrote %d new objs to object store", writtenObjs))
-        return nil</span>
-}
-func UpdateDrsObjects(builder common.ObjectBuilder, gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) error <span class="cov0" title="0">{
 
-        logger.Debug("Update to DRS objects started")
-
-        // get all lfs files
-        lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting all LFS files: %v", err)
+        <span class="cov8" title="3">if !changed &amp;&amp; readErr == nil </span><span class="cov1" title="1">{
+                return false, nil
         }</span>
 
-        // get project
-        <span class="cov0" title="0">if builder.Project == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("no project configured")
+        <span class="cov5" title="2">if err := os.MkdirAll(filepath.Dir(gitattributesPath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("mkdir %s: %w", filepath.Dir(gitattributesPath), err)
         }</span>
 
-        <span class="cov0" title="0">return UpdateDrsObjectsWithFiles(builder, lfsFiles, UpdateOptions{Logger: logger})</span>
-}
-
-type UpdateOptions struct {
-        Cache          *precommit_cache.Cache
-        PreferCacheURL bool
-        Logger         *slog.Logger
+        <span class="cov5" title="2">out := strings.Join(lines, "\n")
+        if !strings.HasSuffix(out, "\n") </span><span class="cov5" title="2">{
+                out += "\n"
+        }</span>
+        <span class="cov5" title="2">if err := os.WriteFile(gitattributesPath, []byte(out), 0o644); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("write %s: %w", gitattributesPath, err)
+        }</span>
+        <span class="cov5" title="2">return true, nil</span>
 }
 
-func UpdateDrsObjectsWithFiles(builder common.ObjectBuilder, lfsFiles map[string]lfs.LfsFileInfo, opts UpdateOptions) error <span class="cov0" title="0">{
-        if opts.Logger == nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("logger is required")
+func parseRouteLine(line string) (pattern string, mode string, ok bool) <span class="cov10" title="4">{
+        s := strings.TrimSpace(line)
+        if s == "" || strings.HasPrefix(s, "#") </span><span class="cov1" title="1">{
+                return "", "", false
         }</span>
-        <span class="cov0" title="0">opts.Logger.Debug("Update to DRS objects started")
 
-        // get project
-        if builder.Project == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("no project configured")
-        }</span>
-        <span class="cov0" title="0">if len(lfsFiles) == 0 </span><span class="cov0" title="0">{
-                return nil
+        <span class="cov8" title="3">parts := strings.Fields(s)
+        if len(parts) &lt; 2 </span><span class="cov0" title="0">{
+                return "", "", false
         }</span>
 
-        <span class="cov0" title="0">for _, file := range lfsFiles </span><span class="cov0" title="0">{
-                var authoritativeObj *drsapi.DrsObject
-                existing, err := lfs.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-                if err == nil &amp;&amp; existing != nil </span><span class="cov0" title="0">{
-                        authoritativeObj = existing
-                        // Update basic info if necessary
-                        name := file.Name
-                        authoritativeObj.Name = &amp;name
-                        authoritativeObj.Size = file.Size
-
-                        // Ensure Authorizations are populated (backwards compatibility for old local records).
-                        // Existing access URLs are authoritative, especially for add-url records
-                        // that point to an already existing cloud object.
-                        authzMap := common.AuthzMapFromOrgProject(builder.Organization, builder.Project)
-                        if authoritativeObj.AccessMethods == nil </span><span class="cov0" title="0">{
-                                authoritativeObj.AccessMethods = &amp;[]drsapi.AccessMethod{}
-                        }</span>
-                        <span class="cov0" title="0">for i := range *authoritativeObj.AccessMethods </span><span class="cov0" title="0">{
-                                am := &amp;(*authoritativeObj.AccessMethods)[i]
-                                if am.Authorizations == nil || len(*am.Authorizations) == 0 </span><span class="cov0" title="0">{
-                                        if authzMap != nil </span><span class="cov0" title="0">{
-                                                am.Authorizations = &amp;authzMap
-                                        }</span>
-                                }
-                        }
-                } else<span class="cov0" title="0"> {
-                        drsID := DrsUUID(builder.Project, file.Oid)
-                        authoritativeObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
-                        if err != nil </span><span class="cov0" title="0">{
-                                opts.Logger.Error(fmt.Sprintf("Could not build DRS object for %s OID %s %v", file.Name, file.Oid, err))
-                                continue</span>
-                        }
-                }
-
-                <span class="cov0" title="0">authoritativeURL := ""
-                if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 &amp;&amp; (*authoritativeObj.AccessMethods)[0].AccessUrl != nil </span><span class="cov0" title="0">{
-                        authoritativeURL = (*authoritativeObj.AccessMethods)[0].AccessUrl.Url
-                }</span>
-
-                <span class="cov0" title="0">var hint string
-                if opts.Cache != nil </span><span class="cov0" title="0">{
-                        externalURL, ok, err := opts.Cache.LookupExternalURLByOID(file.Oid)
-                        if err != nil </span><span class="cov0" title="0">{
-                                opts.Logger.Debug(fmt.Sprintf("cache lookup failed for %s: %v", file.Oid, err))
-                        }</span> else<span class="cov0" title="0"> if ok </span><span class="cov0" title="0">{
-                                hint = externalURL
-                        }</span>
-                }
-
-                <span class="cov0" title="0">if hint != "" </span><span class="cov0" title="0">{
-                        if err := precommit_cache.CheckExternalURLMismatch(hint, authoritativeURL); err != nil </span><span class="cov0" title="0">{
-                                opts.Logger.Warn(fmt.Sprintf("Warning. %s (path=%s oid=%s)", err.Error(), file.Name, file.Oid))
-                                fmt.Fprintln(os.Stderr, "Warning.", err.Error())
+        <span class="cov8" title="3">pat := parts[0]
+        for _, tok := range parts[1:] </span><span class="cov8" title="3">{
+                if strings.HasPrefix(tok, "drs.route=") </span><span class="cov8" title="3">{
+                        val := strings.TrimPrefix(tok, "drs.route=")
+                        val = strings.ToLower(strings.TrimSpace(val))
+                        if val == "ro" || val == "rw" </span><span class="cov8" title="3">{
+                                return pat, val, true
                         }</span>
+                        <span class="cov0" title="0">return "", "", false</span>
                 }
-
-                <span class="cov0" title="0">if opts.PreferCacheURL &amp;&amp; hint != "" </span><span class="cov0" title="0">{
-                        cacheAuthzMap := common.AuthzMapFromOrgProject(builder.Organization, builder.Project)
-                        if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
-                                am := &amp;(*authoritativeObj.AccessMethods)[0]
-                                am.AccessUrl = &amp;struct {
-                                        Headers *[]string `json:"headers,omitempty"`
-                                        Url     string    `json:"url"`
-                                }{Url: hint}
-                                if cacheAuthzMap != nil </span><span class="cov0" title="0">{
-                                        am.Authorizations = &amp;cacheAuthzMap
-                                }</span>
-                        } else<span class="cov0" title="0"> {
-                                newAm := drsapi.AccessMethod{
-                                        Type: drsapi.AccessMethodTypeS3,
-                                        AccessUrl: &amp;struct {
-                                                Headers *[]string `json:"headers,omitempty"`
-                                                Url     string    `json:"url"`
-                                        }{Url: hint},
-                                }
-                                if cacheAuthzMap != nil </span><span class="cov0" title="0">{
-                                        newAm.Authorizations = &amp;cacheAuthzMap
-                                }</span>
-                                <span class="cov0" title="0">authoritativeObj.AccessMethods = &amp;[]drsapi.AccessMethod{newAm}</span>
-                        }
-                }
-
-                <span class="cov0" title="0">if err := lfs.WriteObject(common.DRS_OBJS_PATH, authoritativeObj, file.Oid); err != nil </span><span class="cov0" title="0">{
-                        opts.Logger.Error(fmt.Sprintf("Could not WriteDrsFile for %s OID %s %v", file.Name, file.Oid, err))
-                        continue</span>
-                }
-                <span class="cov0" title="0">opts.Logger.Info(fmt.Sprintf("Prepared File %s OID %s with DRS ID %s for commit", file.Name, file.Oid, authoritativeObj.Id))</span>
         }
-
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov0" title="0">return "", "", false</span>
 }
+</pre>
+		
+		<pre class="file" id="file54" style="display: none">package drstrack
 
-// WriteDrsFile creates drsObject record from LFS file info
-func WriteDrsFile(builder common.ObjectBuilder, file lfs.LfsFileInfo, objectPath *string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
-
-        // determine drs object path: use provided objectPath if non-nil/non-empty, otherwise compute default
+import (
+        "bufio"
+        "bytes"
+        "context"
+        "fmt"
+        "os"
+        "path/filepath"
+        "runtime"
+        "strings"
 
-        // if file is in cache, hasn't been committed to git or pushed to DRS server
-        // create a local DRS object for it
-        // TODO: determine git to gen3 project hierarchy mapping (eg repo name to project ID)
-        // If objectPath is provided, we use it. Otherwise compute default.
-        existing, err := lfs.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-        var drsObj *drsapi.DrsObject
-        if err == nil &amp;&amp; existing != nil </span><span class="cov0" title="0">{
-                drsObj = existing
-                name := file.Name
-                drsObj.Name = &amp;name
-                drsObj.Size = file.Size
-        }</span> else<span class="cov1" title="1"> {
-                drsId := DrsUUID(builder.Project, file.Oid)
-                drsObj, err = builder.Build(file.Name, file.Oid, file.Size, drsId)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("error building DRS object for oid %s: %v", file.Oid, err)
-                }</span>
-        }
+        "github.com/calypr/git-drs/internal/gitrepo"
+)
 
-        <span class="cov1" title="1">if objectPath != nil &amp;&amp; *objectPath != "" </span><span class="cov0" title="0">{
-                if drsObj.AccessMethods != nil &amp;&amp; len(*drsObj.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
-                        am := &amp;(*drsObj.AccessMethods)[0]
-                        am.AccessUrl = &amp;struct {
-                                Headers *[]string `json:"headers,omitempty"`
-                                Url     string    `json:"url"`
-                        }{Url: *objectPath}
-                }</span> else<span class="cov0" title="0"> {
-                        ams := []drsapi.AccessMethod{
-                                {
-                                        Type: drsapi.AccessMethodTypeS3,
-                                        AccessUrl: &amp;struct {
-                                                Headers *[]string `json:"headers,omitempty"`
-                                                Url     string    `json:"url"`
-                                        }{Url: *objectPath},
-                                },
-                        }
-                        drsObj.AccessMethods = &amp;ams
-                }</span>
-        }
+func TrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
+        _ = ctx
+        changedAttribLines := make(map[string]string, len(patterns))
+        var output strings.Builder
 
-        // write drs objects to DRS_OBJS_PATH
-        <span class="cov1" title="1">err = lfs.WriteObject(common.DRS_OBJS_PATH, drsObj, file.Oid)
+        attribContents, err := readLocalGitAttributes()
         if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error writing DRS object for oid %s: %v", file.Oid, err)
+                return "", fmt.Errorf("git drs track failed: %w", err)
         }</span>
-        <span class="cov1" title="1">return drsObj, nil</span>
-}
 
-func WriteDrsObj(drsObj *drsapi.DrsObject, oid string, drsObjPath string) error <span class="cov1" title="1">{
-        basePath := filepath.Dir(filepath.Dir(filepath.Dir(drsObjPath)))
-        return lfs.WriteObject(basePath, drsObj, oid)
-}</span>
+        <span class="cov3" title="2">knownPatterns := parseKnownLFSPatterns(attribContents)
 
-func DrsUUID(projectId string, hash string) string <span class="cov10" title="5">{
-        // normalize hash - strip sha256: prefix if present
-        hash = strings.TrimPrefix(hash, "sha256:")
+        for _, unsanitizedPattern := range patterns </span><span class="cov4" title="3">{
+                pattern := trimCurrentPrefix(cleanRootPath(unsanitizedPattern))
+                encodedArg := escapeAttrPattern(pattern)
 
-        // create UUID based on project ID and hash
-        hashStr := fmt.Sprintf("%s:%s", projectId, hash)
-        return uuid.NewSHA1(drsUUIDNamespace, []byte(hashStr)).String()
-}</span>
+                if knownLine, ok := knownPatterns[pattern]; ok </span><span class="cov0" title="0">{
+                        if strings.Contains(knownLine, "filter=drs") &amp;&amp; strings.Contains(knownLine, "diff=drs") &amp;&amp; strings.Contains(knownLine, "merge=drs") &amp;&amp; strings.Contains(knownLine, "-text") </span><span class="cov0" title="0">{
+                                output.WriteString(fmt.Sprintf("%q already supported\n", pattern))
+                                continue</span>
+                        }
+                }
 
-// creates drsObject record from file
-func DrsInfoFromOid(oid string) (*drsapi.DrsObject, error) <span class="cov4" title="2">{
-        return lfs.ReadObject(common.DRS_OBJS_PATH, oid)
-}</span>
+                <span class="cov4" title="3">changedAttribLines[pattern] = fmt.Sprintf("%s filter=drs diff=drs merge=drs -text", encodedArg)
+                output.WriteString(fmt.Sprintf("Tracking %q\n", unescapeAttrPattern(encodedArg)))
 
-func GetObjectPath(basePath string, oid string) (string, error) <span class="cov7" title="3">{
-        return lfs.ObjectPath(basePath, oid)
-}</span>
+                if verbose </span><span class="cov0" title="0">{
+                        output.WriteString(fmt.Sprintf("Searching for files matching pattern: %s\n", pattern))
+                        output.WriteString(fmt.Sprintf("Found %d files previously added to Git matching pattern: %s\n", 0, pattern))
+                }</span>
+        }
 
-// CreateCustomPath creates a custom path based on the DRS URI
-// For example, DRS URI drs://&lt;namespace&gt;:&lt;drs_id&gt;
-// create custom path &lt;baseDir&gt;/&lt;namespace&gt;/&lt;drs_id&gt;
-func CreateCustomPath(baseDir, drsURI string) (string, error) <span class="cov0" title="0">{
-        const prefix = "drs://"
-        if len(drsURI) &lt;= len(prefix) || drsURI[:len(prefix)] != prefix </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("invalid DRS URI: %s", drsURI)
-        }</span>
-        <span class="cov0" title="0">rest := drsURI[len(prefix):]
-
-        // Split by first colon
-        colonIdx := -1
-        for i, c := range rest </span><span class="cov0" title="0">{
-                if c == ':' </span><span class="cov0" title="0">{
-                        colonIdx = i
-                        break</span>
-                }
+        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
+                if err := writeMergedGitAttributes(attribContents, changedAttribLines, false); err != nil </span><span class="cov0" title="0">{
+                        return "", fmt.Errorf("git drs track failed: %w", err)
+                }</span>
         }
-        <span class="cov0" title="0">if colonIdx == -1 </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("DRS URI missing colon: %s", drsURI)
-        }</span>
-        <span class="cov0" title="0">namespace := rest[:colonIdx]
-        drsId := rest[colonIdx+1:]
-        return filepath.Join(baseDir, namespace, drsId), nil</span>
+
+        <span class="cov3" title="2">return output.String(), nil</span>
 }
 
-// FindMatchingRecord finds a record from the list that matches the given project ID authz.
-// If no matching record is found return nil.
-func FindMatchingRecord(records []drsapi.DrsObject, organization, projectId string) (*drsapi.DrsObject, error) <span class="cov8" title="4">{
-        if len(records) == 0 </span><span class="cov4" title="2">{
-                return nil, nil
-        }</span>
+func ListTrackedPatterns(ctx context.Context, verbose bool) (string, error) <span class="cov1" title="1">{
+        _ = ctx
+        _ = verbose
 
-        <span class="cov4" title="2">org, project := common.ParseOrgProject(organization, projectId)
-        if org == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("could not determine organization from inputs org=%q project=%q", organization, projectId)
+        attribContents, err := readLocalGitAttributes()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git drs track failed: %w", err)
         }</span>
 
-        <span class="cov4" title="2">for _, record := range records </span><span class="cov7" title="3">{
-                if record.AccessMethods == nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">scanner := bufio.NewScanner(bytes.NewReader(attribContents))
+        var patterns []string
+        for scanner.Scan() </span><span class="cov3" title="2">{
+                line := scanner.Text()
+                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov7" title="3">for _, access := range *record.AccessMethods </span><span class="cov7" title="3">{
-                        if access.Authorizations == nil || len(*access.Authorizations) == 0 </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov7" title="3">if common.AuthzMatchesScope(*access.Authorizations, org, project) </span><span class="cov1" title="1">{
-                                return &amp;record, nil
-                        }</span>
+                <span class="cov3" title="2">fields := strings.Fields(line)
+                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                        continue</span>
                 }
+                <span class="cov3" title="2">patterns = append(patterns, unescapeAttrPattern(fields[0]))</span>
         }
-        <span class="cov1" title="1">return nil, nil</span>
-}
-
-// output of git lfs ls-files
-type LfsLsOutput struct {
-        Files []lfs.LfsFileInfo `json:"files"`
-}
-
-type LfsDryRunSpec struct {
-        Remote string // e.g. "origin"
-        Ref    string // e.g. "refs/heads/main" or "HEAD"
-}
-
-// RunLfsPushDryRun executes: git lfs push --dry-run &lt;remote&gt; &lt;ref&gt;
-func RunLfsPushDryRun(ctx context.Context, repoDir string, spec LfsDryRunSpec, logger *slog.Logger) (string, error) <span class="cov0" title="0">{
-        if spec.Remote == "" || spec.Ref == "" </span><span class="cov0" title="0">{
-                return "", errors.New("missing remote or ref")
+        <span class="cov1" title="1">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git drs track failed: parse .gitattributes: %w", err)
         }</span>
 
-        // Debug-print the command to stderr
-        <span class="cov0" title="0">fullCmd := []string{"git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref}
-        logger.Debug(fmt.Sprintf("running command: %v", fullCmd))
-
-        cmd := execCommandContext(ctx, "git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref)
-        cmd.Dir = repoDir
-
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
+        <span class="cov1" title="1">if len(patterns) == 0 </span><span class="cov0" title="0">{
+                return "", nil
+        }</span>
 
-        err := cmd.Run()
-        out := stdout.String()
-        if err != nil </span><span class="cov0" title="0">{
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
-                }</span>
-                <span class="cov0" title="0">return out, fmt.Errorf("git lfs push --dry-run failed: %s", msg)</span>
-        }
-        <span class="cov0" title="0">return out, nil</span>
+        <span class="cov1" title="1">var out strings.Builder
+        out.WriteString("Listing tracked patterns\n")
+        for _, p := range patterns </span><span class="cov3" title="2">{
+                out.WriteString(fmt.Sprintf("    %s (.gitattributes)\n", p))
+        }</span>
+        <span class="cov1" title="1">return out.String(), nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file38" style="display: none">package gitrepo
 
-import (
-        "fmt"
-        "regexp"
-        "strings"
-)
+func UntrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
+        _ = ctx
+        _ = verbose
 
-type BucketMapping struct {
-        Bucket string
-        Prefix string
-}
+        attribContents, err := readLocalGitAttributes()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git drs untrack failed: %w", err)
+        }</span>
+        <span class="cov3" title="2">if len(attribContents) == 0 </span><span class="cov0" title="0">{
+                return "", nil
+        }</span>
 
-var bucketMapKeyPartSanitizer = regexp.MustCompile(`[^a-z0-9_-]+`)
+        <span class="cov3" title="2">removeSet := make(map[string]struct{}, len(patterns))
+        for _, p := range patterns </span><span class="cov3" title="2">{
+                escaped := escapeAttrPattern(trimCurrentPrefix(p))
+                removeSet[escaped] = struct{}{}
+        }</span>
 
-func normalizeBucketMapKeyPart(v string) string <span class="cov10" title="61">{
-        v = strings.ToLower(strings.TrimSpace(v))
-        v = strings.ReplaceAll(v, ".", "_")
-        v = bucketMapKeyPartSanitizer.ReplaceAllString(v, "_")
-        v = strings.Trim(v, "_")
-        return v
-}</span>
+        <span class="cov3" title="2">var out strings.Builder
+        var keptLines []string
+        scanner := bufio.NewScanner(bytes.NewReader(attribContents))
+        for scanner.Scan() </span><span class="cov4" title="3">{
+                line := scanner.Text()
+                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
+                        keptLines = append(keptLines, line)
+                        continue</span>
+                }
 
-func orgBucketKey(org, field string) string <span class="cov7" title="23">{
-        return fmt.Sprintf("drs.bucketmap.orgs.%s.%s", normalizeBucketMapKeyPart(org), field)
-}</span>
+                <span class="cov4" title="3">fields := strings.Fields(line)
+                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                        keptLines = append(keptLines, line)
+                        continue</span>
+                }
 
-func projectBucketKey(org, project, field string) string <span class="cov7" title="19">{
-        return fmt.Sprintf("drs.bucketmap.projects.%s.%s.%s", normalizeBucketMapKeyPart(org), normalizeBucketMapKeyPart(project), field)
-}</span>
+                <span class="cov4" title="3">path := trimCurrentPrefix(fields[0])
+                if _, ok := removeSet[path]; ok </span><span class="cov3" title="2">{
+                        out.WriteString(fmt.Sprintf("Untracking %q\n", unescapeAttrPattern(path)))
+                        continue</span>
+                }
 
-func SetBucketMapping(org, project, bucket, prefix string) error <span class="cov6" title="10">{
-        org = strings.TrimSpace(org)
-        project = strings.TrimSpace(project)
-        bucket = strings.TrimSpace(bucket)
-        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
-        if org == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("organization is required")
-        }</span>
-        <span class="cov6" title="10">if bucket == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("bucket is required")
+                <span class="cov1" title="1">keptLines = append(keptLines, line)</span>
+        }
+        <span class="cov3" title="2">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git lfs untrack failed: parse .gitattributes: %w", err)
         }</span>
 
-        <span class="cov6" title="10">configs := map[string]string{}
-        prefixKey := ""
-        if project != "" </span><span class="cov4" title="4">{
-                configs[projectBucketKey(org, project, "bucket")] = bucket
-                prefixKey = projectBucketKey(org, project, "prefix")
-                if prefix != "" </span><span class="cov3" title="3">{
-                        configs[prefixKey] = prefix
+        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
+                content := strings.Join(keptLines, "\n")
+                if content != "" </span><span class="cov1" title="1">{
+                        content += "\n"
                 }</span>
-        } else<span class="cov4" title="6"> {
-                configs[orgBucketKey(org, "bucket")] = bucket
-                prefixKey = orgBucketKey(org, "prefix")
-                if prefix != "" </span><span class="cov4" title="4">{
-                        configs[prefixKey] = prefix
+                <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
+                        return "", fmt.Errorf("git lfs untrack failed: write .gitattributes: %w", err)
                 }</span>
         }
-        <span class="cov6" title="10">if err := SetGitConfigOptions(configs); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov6" title="10">if prefix == "" &amp;&amp; prefixKey != "" </span><span class="cov3" title="3">{
-                return UnsetGitConfigOptions([]string{prefixKey})
-        }</span>
-        <span class="cov5" title="7">return nil</span>
+
+        <span class="cov3" title="2">return out.String(), nil</span>
 }
 
-func GetBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov5" title="8">{
-        org = strings.TrimSpace(org)
-        project = strings.TrimSpace(project)
-        if org == "" </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, nil
+func readLocalGitAttributes() ([]byte, error) <span class="cov6" title="5">{
+        data, err := os.ReadFile(".gitattributes")
+        if err != nil </span><span class="cov3" title="2">{
+                if os.IsNotExist(err) </span><span class="cov3" title="2">{
+                        return nil, nil
+                }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("read .gitattributes: %w", err)</span>
+        }
+        <span class="cov4" title="3">return data, nil</span>
+}
+
+func parseKnownLFSPatterns(content []byte) map[string]string <span class="cov3" title="2">{
+        known := make(map[string]string)
+        scanner := bufio.NewScanner(bytes.NewReader(content))
+        for scanner.Scan() </span><span class="cov0" title="0">{
+                line := scanner.Text()
+                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">fields := strings.Fields(line)
+                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">known[unescapeAttrPattern(fields[0])] = line</span>
+        }
+        <span class="cov3" title="2">return known</span>
+}
+
+func writeMergedGitAttributes(existing []byte, changed map[string]string, dryRun bool) error <span class="cov1" title="1">{
+        if dryRun </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        // Project-specific mapping takes precedence.
-        <span class="cov5" title="8">if project != "" </span><span class="cov4" title="4">{
-                bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
-                if err != nil </span><span class="cov0" title="0">{
-                        return BucketMapping{}, false, err
-                }</span>
-                <span class="cov4" title="4">if strings.TrimSpace(bucket) != "" </span><span class="cov2" title="2">{
-                        prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
-                        if err != nil </span><span class="cov0" title="0">{
-                                return BucketMapping{}, false, err
-                        }</span>
-                        <span class="cov2" title="2">return BucketMapping{
-                                Bucket: strings.TrimSpace(bucket),
-                                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
-                        }, true, nil</span>
+        <span class="cov1" title="1">var merged []string
+        if len(existing) &gt; 0 </span><span class="cov0" title="0">{
+                scanner := bufio.NewScanner(bytes.NewReader(existing))
+                for scanner.Scan() </span><span class="cov0" title="0">{
+                        line := scanner.Text()
+                        fields := strings.Fields(line)
+                        if len(fields) &gt;= 1 </span><span class="cov0" title="0">{
+                                pat := unescapeAttrPattern(fields[0])
+                                if newline, ok := changed[pat]; ok </span><span class="cov0" title="0">{
+                                        merged = append(merged, newline)
+                                        delete(changed, pat)
+                                        continue</span>
+                                }
+                        }
+                        <span class="cov0" title="0">merged = append(merged, line)</span>
                 }
+                <span class="cov0" title="0">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("parse .gitattributes: %w", err)
+                }</span>
         }
 
-        // Fallback: organization-level mapping.
-        <span class="cov4" title="6">bucket, err := GetGitConfigString(orgBucketKey(org, "bucket"))
-        if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
+        <span class="cov1" title="1">for _, newline := range changed </span><span class="cov3" title="2">{
+                merged = append(merged, newline)
         }</span>
-        <span class="cov4" title="6">if strings.TrimSpace(bucket) == "" </span><span class="cov1" title="1">{
-                return BucketMapping{}, false, nil
+
+        <span class="cov1" title="1">content := strings.Join(merged, "\n")
+        if content != "" </span><span class="cov1" title="1">{
+                content += "\n"
         }</span>
-        <span class="cov4" title="5">prefix, err := GetGitConfigString(orgBucketKey(org, "prefix"))
-        if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
+        <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("write .gitattributes: %w", err)
         }</span>
-        <span class="cov4" title="5">return BucketMapping{
-                Bucket: strings.TrimSpace(bucket),
-                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
-        }, true, nil</span>
+        <span class="cov1" title="1">return nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file39" style="display: none">package gitrepo
 
-import (
-        "fmt"
-        "strings"
-)
+func cleanRootPath(pattern string) string <span class="cov4" title="3">{
+        return strings.TrimPrefix(pattern, "/")
+}</span>
 
-type ResolvedBucketScope struct {
-        Bucket string
-        Prefix string
-}
+func trimCurrentPrefix(path string) string <span class="cov8" title="8">{
+        return strings.TrimPrefix(path, "./")
+}</span>
 
-// ResolveBucketScope returns the effective bucket/prefix for an org+project.
-// It prefers explicit bucket-map entries and validates conflicts with any
-// configured fallback values.
-func ResolveBucketScope(organization, project, configuredBucket, configuredPrefix string) (ResolvedBucketScope, error) <span class="cov7" title="4">{
-        organization = strings.TrimSpace(organization)
-        project = strings.TrimSpace(project)
-        configuredBucket = strings.TrimSpace(configuredBucket)
-        configuredPrefix = strings.Trim(strings.TrimSpace(configuredPrefix), "/")
+var trackEscapePatterns = map[string]string{
+        " ": "[[:space:]]",
+        "#": "\\#",
+}
 
-        if organization == "" </span><span class="cov0" title="0">{
-                if configuredBucket == "" </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("bucket is required when organization is empty")
-                }</span>
-                <span class="cov0" title="0">return ResolvedBucketScope{
-                        Bucket: configuredBucket,
-                        Prefix: configuredPrefix,
-                }, nil</span>
-        }
+func escapeAttrPattern(s string) string <span class="cov6" title="5">{
+        var escaped string
+        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
+                escaped = strings.ReplaceAll(s, `\\`, "/")
+        }</span> else<span class="cov6" title="5"> {
+                escaped = strings.ReplaceAll(s, `\\`, `\\\\`)
+        }</span>
 
-        <span class="cov7" title="4">orgMapping, hasOrgMapping, err := GetBucketMapping(organization, "")
-        if err != nil </span><span class="cov0" title="0">{
-                return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q: %w", organization, err)
+        <span class="cov6" title="5">for from, to := range trackEscapePatterns </span><span class="cov8" title="10">{
+                escaped = strings.ReplaceAll(escaped, from, to)
         }</span>
 
-        <span class="cov7" title="4">var projectMapping BucketMapping
-        hasProjectMapping := false
-        if project != "" </span><span class="cov7" title="4">{
-                projectMapping, hasProjectMapping, err = getExactBucketMapping(organization, project)
-                if err != nil </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q project=%q: %w", organization, project, err)
-                }</span>
-        }
+        <span class="cov6" title="5">return escaped</span>
+}
 
-        <span class="cov7" title="4">if hasOrgMapping </span><span class="cov6" title="3">{
-                bucket := strings.TrimSpace(orgMapping.Bucket)
-                if bucket == "" </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q is missing bucket", organization)
-                }</span>
-                <span class="cov6" title="3">return ResolvedBucketScope{
-                        Bucket: bucket,
-                        Prefix: joinBucketPrefixes(orgMapping.Prefix, projectMapping.Prefix),
-                }, nil</span>
-        }
+func unescapeAttrPattern(escaped string) string <span class="cov7" title="7">{
+        unescaped := escaped
 
-        <span class="cov1" title="1">if hasProjectMapping </span><span class="cov0" title="0">{
-                bucket := strings.TrimSpace(projectMapping.Bucket)
-                if bucket == "" </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q project=%q is missing bucket", organization, project)
-                }</span>
-                <span class="cov0" title="0">return ResolvedBucketScope{
-                        Bucket: bucket,
-                        Prefix: strings.Trim(strings.TrimSpace(projectMapping.Prefix), "/"),
-                }, nil</span>
-        }
+        for to, from := range trackEscapePatterns </span><span class="cov10" title="14">{
+                unescaped = strings.ReplaceAll(unescaped, from, to)
+        }</span>
 
-        <span class="cov1" title="1">if configuredBucket == "" </span><span class="cov0" title="0">{
-                return ResolvedBucketScope{}, fmt.Errorf("bucket is required (or configure mapping with `git drs bucket add-organization --organization %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`)", organization)
+        <span class="cov7" title="7">if runtime.GOOS != "windows" </span><span class="cov7" title="7">{
+                unescaped = strings.ReplaceAll(unescaped, `\\\\`, `\\`)
         }</span>
-        <span class="cov1" title="1">return ResolvedBucketScope{
-                Bucket: configuredBucket,
-                Prefix: configuredPrefix,
-        }, nil</span>
+
+        <span class="cov7" title="7">return unescaped</span>
 }
 
-func getExactBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov7" title="4">{
-        org = strings.TrimSpace(org)
-        project = strings.TrimSpace(project)
-        if org == "" || project == "" </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, nil
+func TrackReadOnly(ctx context.Context, path string) (bool, error) <span class="cov0" title="0">{
+        if _, err := TrackPatterns(ctx, []string{path}, false, false); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("git lfs track failed: %w", err)
         }</span>
-        <span class="cov7" title="4">bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
+
+        <span class="cov0" title="0">repoRoot, err := gitrepo.GitTopLevel()
         if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
-        }</span>
-        <span class="cov7" title="4">if strings.TrimSpace(bucket) == "" </span><span class="cov6" title="3">{
-                return BucketMapping{}, false, nil
+                return false, err
         }</span>
-        <span class="cov1" title="1">prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
+
+        <span class="cov0" title="0">attrPath := filepath.Join(repoRoot, ".gitattributes")
+        changed, err := UpsertDRSRouteLines(attrPath, "ro", []string{path})
         if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
+                return false, err
         }</span>
-        <span class="cov1" title="1">return BucketMapping{
-                Bucket: strings.TrimSpace(bucket),
-                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
-        }, true, nil</span>
-}
 
-func joinBucketPrefixes(parts ...string) string <span class="cov6" title="3">{
-        joined := make([]string, 0, len(parts))
-        for _, part := range parts </span><span class="cov10" title="6">{
-                part = strings.Trim(strings.TrimSpace(part), "/")
-                if part != "" </span><span class="cov6" title="3">{
-                        joined = append(joined, part)
-                }</span>
-        }
-        <span class="cov6" title="3">return strings.Join(joined, "/")</span>
+        <span class="cov0" title="0">return changed, nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file40" style="display: none">package gitrepo
+		<pre class="file" id="file55" style="display: none">package gitfilter
 
 import (
+        "bytes"
+        "context"
         "fmt"
+        "io"
+        "log/slog"
+        "slices"
         "strings"
 
-        gitconfig "github.com/go-git/go-git/v5/plumbing/format/config"
+        "github.com/git-lfs/pktline"
 )
 
-func remoteTokenKey(remoteName string) string <span class="cov0" title="0">{
-        return fmt.Sprintf("drs.remote.%s.token", remoteName)
-}</span>
-
-func remoteUsernameKey(remoteName string) string <span class="cov10" title="2">{
-        return fmt.Sprintf("drs.remote.%s.username", remoteName)
-}</span>
-
-func remotePasswordKey(remoteName string) string <span class="cov10" title="2">{
-        return fmt.Sprintf("drs.remote.%s.password", remoteName)
-}</span>
-
-func remoteLFSURL(endpoint string) string <span class="cov0" title="0">{
-        base := strings.TrimSpace(strings.TrimRight(endpoint, "/"))
-        if base == "" </span><span class="cov0" title="0">{
-                return ""
-        }</span>
-        <span class="cov0" title="0">return base + "/info/lfs"</span>
-}
+// SmudgeFunc is called for each smudge (checkout) request.
+// req contains the pathname and command metadata.
+// ptr is the LFS pointer payload received from git (may be non-LFS content for untracked files).
+// dst is where the real file content must be written.
+type SmudgeFunc func(ctx context.Context, req FilterRequest, ptr io.Reader, dst io.Writer) error
 
-// GetRemoteToken reads a remote-specific bearer token from repo-local git config.
-func GetRemoteToken(remoteName string) (string, error) <span class="cov0" title="0">{
-        return GetGitConfigString(remoteTokenKey(remoteName))
-}</span>
+// CleanFunc is called for each clean (stage) request.
+// req contains the pathname and command metadata.
+// content is the full file content received from git.
+// dst is where the LFS pointer must be written.
+type CleanFunc func(ctx context.Context, req FilterRequest, content io.Reader, dst io.Writer) error
 
-// SetRemoteToken stores a remote-specific bearer token in repo-local git config.
-func SetRemoteToken(remoteName, token string) error <span class="cov0" title="0">{
-        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
-        }</span>
-        <span class="cov0" title="0">if strings.TrimSpace(token) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("token is required")
-        }</span>
-        <span class="cov0" title="0">configs := map[string]string{remoteTokenKey(remoteName): token}
-        return SetGitConfigOptions(configs)</span>
+// FilterRequest describes a single filter request from git.
+type FilterRequest struct {
+        // Command is "smudge" or "clean".
+        Command string
+        // Pathname is the repo-relative file path being processed.
+        Pathname string
 }
 
-func GetRemoteBasicAuth(remoteName string) (string, string, error) <span class="cov1" title="1">{
-        username, err := GetGitConfigString(remoteUsernameKey(remoteName))
-        if err != nil </span><span class="cov0" title="0">{
-                return "", "", err
-        }</span>
-        <span class="cov1" title="1">password, err := GetGitConfigString(remotePasswordKey(remoteName))
-        if err != nil </span><span class="cov0" title="0">{
-                return "", "", err
-        }</span>
-        <span class="cov1" title="1">return strings.TrimSpace(username), strings.TrimSpace(password), nil</span>
+// GitFilter implements the git long-running filter process protocol v2.
+//
+// Protocol reference:
+//
+//        https://git-scm.com/docs/gitattributes#_long_running_filter_process
+//
+// Usage:
+//
+//        f := NewGitFilter(os.Stdin, os.Stdout).
+//            OnSmudge(smudgeFn).
+//            OnClean(cleanFn)
+//        err := f.Run(ctx)
+type GitFilter struct {
+        pl     *pktline.Pktline
+        out    io.Writer
+        smudge SmudgeFunc
+        clean  CleanFunc
+        logger *slog.Logger
 }
 
-func SetRemoteBasicAuth(remoteName, username, password string) error <span class="cov1" title="1">{
-        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
-        }</span>
-        <span class="cov1" title="1">if strings.TrimSpace(username) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("username is required")
-        }</span>
-        <span class="cov1" title="1">if strings.TrimSpace(password) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("password is required")
-        }</span>
-        <span class="cov1" title="1">configs := map[string]string{
-                remoteUsernameKey(remoteName): username,
-                remotePasswordKey(remoteName): password,
+// NewGitFilter creates a GitFilter that reads from in and writes to out.
+func NewGitFilter(in io.Reader, out io.Writer, logger *slog.Logger) *GitFilter <span class="cov1" title="1">{
+        return &amp;GitFilter{
+                pl:     pktline.NewPktline(in, out),
+                out:    out,
+                logger: logger,
         }
-        return SetGitConfigOptions(configs)</span>
-}
-
-// ConfigureCredentialHelperForRepo installs repo-local git credential helper wiring
-// so git-lfs uses standard git credential resolution.
-//
-// credential.helper is a multi-valued git config key: using SetOption would
-// overwrite any pre-existing helpers (e.g. a credential store with other remote
-// credentials).  We use AddOption instead, guarded by a presence check to avoid
-// accumulating duplicate entries on repeated calls.
-func ConfigureCredentialHelperForRepo() error <span class="cov0" title="0">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">conf, err := repo.Config()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-
-        <span class="cov0" title="0">const helperValue = "!git drs credential-helper"
-        credSection := conf.Raw.Section("credential")
-
-        if !containsOption(credSection.Options, "helper", helperValue) </span><span class="cov0" title="0">{
-                credSection.AddOption("helper", helperValue)
-        }</span>
-        <span class="cov0" title="0">credSection.SetOption("useHttpPath", "true")
+}</span>
 
-        return repo.Storer.SetConfig(conf)</span>
-}
+// OnSmudge registers the smudge handler and returns the receiver for chaining.
+func (f *GitFilter) OnSmudge(fn SmudgeFunc) *GitFilter <span class="cov1" title="1">{
+        f.smudge = fn
+        return f
+}</span>
 
-func containsOption(opts gitconfig.Options, key, value string) bool <span class="cov0" title="0">{
-        for _, v := range opts.GetAll(key) </span><span class="cov0" title="0">{
-                if v == value </span><span class="cov0" title="0">{
-                        return true
-                }</span>
-        }
-        <span class="cov0" title="0">return false</span>
-}
+// OnClean registers the clean handler and returns the receiver for chaining.
+func (f *GitFilter) OnClean(fn CleanFunc) *GitFilter <span class="cov0" title="0">{
+        f.clean = fn
+        return f
+}</span>
 
-// SetRemoteLFSURL stores the LFS API endpoint for the provided git remote.
-func SetRemoteLFSURL(remoteName, endpoint string) error <span class="cov0" title="0">{
-        lfsURL := remoteLFSURL(endpoint)
-        if lfsURL == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("endpoint is required")
-        }</span>
-        <span class="cov0" title="0">if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
+// Run performs the capability handshake and then processes filter requests
+// until the underlying reader is exhausted or the context is cancelled.
+func (f *GitFilter) Run(ctx context.Context) error <span class="cov1" title="1">{
+        f.logger.Debug("Starting git filter process")
+        if err := f.handshake(); err != nil </span><span class="cov0" title="0">{
+                f.logger.Debug(fmt.Sprintf("Handshake failed: %v", err))
+                return fmt.Errorf("git-filter: handshake: %w", err)
         }</span>
-        <span class="cov0" title="0">configs := map[string]string{
-                fmt.Sprintf("remote.%s.lfsurl", remoteName): lfsURL,
+        <span class="cov1" title="1">for </span><span class="cov10" title="2">{
+                if err := ctx.Err(); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov10" title="2">if err := f.processOne(ctx); err != nil </span><span class="cov1" title="1">{
+                        if err == io.EOF </span><span class="cov1" title="1">{
+                                return nil
+                        }</span>
+                        <span class="cov0" title="0">return err</span>
+                }
         }
-        return SetGitConfigOptions(configs)</span>
 }
-</pre>
-		
-		<pre class="file" id="file41" style="display: none">package gitrepo
-
-import (
-        "os"
-        "os/exec"
-        "path/filepath"
-        "strconv"
-        "strings"
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/go-git/go-git/v5"
-)
+// --------------------------------------------------------------------------
+// Handshake
+// --------------------------------------------------------------------------
 
-func DrsTopLevel() (string, error) <span class="cov0" title="0">{
-        base, err := GitTopLevel()
+// handshake implements the git filter v2 capability exchange.
+//
+// git → filter:
+//
+//        PKT-LINE("git-filter-client\n")
+//        PKT-LINE("version=2\n")
+//        flush-pkt
+//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
+//
+// filter → git:
+//
+//        PKT-LINE("git-filter-server\n")
+//        PKT-LINE("version=2\n")
+//        flush-pkt
+//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
+func (f *GitFilter) handshake() error <span class="cov1" title="1">{
+        // --- version negotiation from git ---
+        initMsg, err := f.pl.ReadPacketText()
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return fmt.Errorf("reading welcome: %w", err)
         }</span>
-        <span class="cov0" title="0">return filepath.Join(base, common.DRS_DIR), nil</span>
-}
-
-// GetRepo opens the current git repository
-func GetRepo() (*git.Repository, error) <span class="cov8" title="12">{
-        cwd, err := os.Getwd()
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov1" title="1">if initMsg != "git-filter-client" </span><span class="cov0" title="0">{
+                return fmt.Errorf("expected 'git-filter-client', got %q", initMsg)
         }</span>
-        <span class="cov8" title="12">return git.PlainOpenWithOptions(cwd, &amp;git.PlainOpenOptions{DetectDotGit: true})</span>
-}
 
-// GitTopLevel returns the absolute path of the git repository root
-func GitTopLevel() (string, error) <span class="cov0" title="0">{
-        repo, err := GetRepo()
+        <span class="cov1" title="1">versions, err := f.pl.ReadPacketList()
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return fmt.Errorf("reading versions: %w", err)
         }</span>
-        <span class="cov0" title="0">wt, err := repo.Worktree()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+        <span class="cov1" title="1">if !slices.Contains(versions, "version=2") </span><span class="cov0" title="0">{
+                return fmt.Errorf("unsupported filter protocol versions %v (requires version=2)", versions)
         }</span>
-        <span class="cov0" title="0">return wt.Filesystem.Root(), nil</span>
-}
 
-// GetGitConfigString reads a string value from git config using the git command
-// to ensure we pick up values from all scopes (system, global, local).
-func GetGitConfigString(key string) (string, error) <span class="cov10" title="24">{
-        cmd := exec.Command("git", "config", "--get", key)
-        out, err := cmd.Output()
-        if err != nil </span><span class="cov7" title="9">{
-                // git config returns exit code 1 if the key is not found
-                return "", nil
+        // --- send our identity ---
+        <span class="cov1" title="1">if err := f.pl.WritePacketList([]string{"git-filter-server", "version=2"}); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov8" title="15">return strings.TrimSpace(string(out)), nil</span>
-}
 
-// GetGitConfigInt reads an integer value from git config
-func GetGitConfigInt(key string, defaultValue int64) int64 <span class="cov0" title="0">{
-        valStr, err := GetGitConfigString(key)
-        if err != nil || valStr == "" </span><span class="cov0" title="0">{
-                return defaultValue
-        }</span>
-        <span class="cov0" title="0">val, err := strconv.ParseInt(valStr, 10, 64)
-        if err != nil </span><span class="cov0" title="0">{
-                return defaultValue
+        // --- read capabilities from git ---
+        <span class="cov1" title="1">if _, err := f.pl.ReadPacketList(); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("reading capabilities: %w", err)
         }</span>
-        <span class="cov0" title="0">return val</span>
-}
 
-// GetGitConfigBool reads a boolean value from git config
-func GetGitConfigBool(key string, defaultValue bool) bool <span class="cov0" title="0">{
-        valStr, err := GetGitConfigString(key)
-        if err != nil || valStr == "" </span><span class="cov0" title="0">{
-                return defaultValue
-        }</span>
-        <span class="cov0" title="0">val, err := strconv.ParseBool(valStr)
-        if err != nil </span><span class="cov0" title="0">{
-                return defaultValue
-        }</span>
-        <span class="cov0" title="0">return val</span>
+        // --- advertise our capabilities ---
+        <span class="cov1" title="1">return f.pl.WritePacketList([]string{"capability=clean", "capability=smudge"})</span>
 }
 
-func SetGitConfigOptions(configs map[string]string) error <span class="cov7" title="11">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
+// --------------------------------------------------------------------------
+// Per-request processing
+// --------------------------------------------------------------------------
+
+func (f *GitFilter) processOne(ctx context.Context) error <span class="cov10" title="2">{
+        f.logger.Debug("Waiting for next filter request...")
+        req, err := f.readRequest()
+        if err != nil </span><span class="cov1" title="1">{
+                f.logger.Debug(fmt.Sprintf("Error reading filter request: %v", err))
                 return err
         }</span>
-        <span class="cov7" title="11">conf, err := repo.Config()
+        <span class="cov1" title="1">f.logger.Debug("Received filter request", "command", req.Command, "pathname", req.Pathname)
+        // Read content (between the delimiter and the trailing flush).
+        content, err := f.readContent()
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return fmt.Errorf("reading content for %s %s: %w", req.Command, req.Pathname, err)
         }</span>
 
-        <span class="cov7" title="11">for key, value := range configs </span><span class="cov9" title="19">{
-                parts := strings.Split(key, ".")
-                if len(parts) == 2 </span><span class="cov0" title="0">{
-                        conf.Raw.Section(parts[0]).SetOption(parts[1], value)
-                }</span> else<span class="cov9" title="19"> if len(parts) &gt; 2 </span><span class="cov9" title="19">{
-                        // Handle subsections e.g. lfs.customtransfer.drs.path or drs.remote.origin.type
-                        section := parts[0]
-                        subsection := strings.Join(parts[1:len(parts)-1], ".")
-                        key := parts[len(parts)-1]
-                        conf.Raw.Section(section).Subsection(subsection).SetOption(key, value)
-                }</span>
+        <span class="cov1" title="1">var handlerErr error
+        switch req.Command </span>{
+        case "smudge":<span class="cov1" title="1">
+                handlerErr = f.handleSmudge(ctx, req, content)</span>
+        case "clean":<span class="cov0" title="0">
+                handlerErr = f.handleClean(ctx, req, content)</span>
+        default:<span class="cov0" title="0">
+                // Unknown command: respond with error status and empty content.
+                handlerErr = fmt.Errorf("unknown command %q", req.Command)</span>
         }
 
-        <span class="cov7" title="11">return repo.Storer.SetConfig(conf)</span>
+        <span class="cov1" title="1">if handlerErr != nil </span><span class="cov0" title="0">{
+                // Send error status; git will use the pointer/raw bytes itself.
+                if err := f.pl.WritePacketList([]string{"status=error"}); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        }
+        <span class="cov1" title="1">return nil</span>
 }
 
-// UnsetGitConfigOptions removes git config keys from local repo config.
-// Missing keys are ignored.
-func UnsetGitConfigOptions(keys []string) error <span class="cov4" title="3">{
-        for _, key := range keys </span><span class="cov4" title="3">{
-                cmd := exec.Command("git", "config", "--unset-all", key)
-                if err := cmd.Run(); err != nil </span><span class="cov1" title="1">{
-                        // git exits non-zero when the key doesn't exist; this is safe to ignore.
-                        continue</span>
-                }
-        }
-        <span class="cov4" title="3">return nil</span>
+func (f *GitFilter) handleSmudge(ctx context.Context, req FilterRequest, content []byte) error <span class="cov1" title="1">{
+        if f.smudge == nil </span><span class="cov0" title="0">{
+                return f.passthroughSmudge(content)
+        }</span>
+
+        <span class="cov1" title="1">var dst bytes.Buffer
+        if err := f.smudge(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov1" title="1">return f.writeSuccessResponse(dst.Bytes())</span>
 }
 
-// GetGitHooksDir returns the absolute path to the .git/hooks directory
-func GetGitHooksDir() (string, error) <span class="cov1" title="1">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func (f *GitFilter) handleClean(ctx context.Context, req FilterRequest, content []byte) error <span class="cov0" title="0">{
+        if f.clean == nil </span><span class="cov0" title="0">{
+                return f.passthroughClean(content)
         }</span>
-        <span class="cov1" title="1">wt, err := repo.Worktree()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+
+        <span class="cov0" title="0">var dst bytes.Buffer
+        if err := f.clean(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        // This is a simplification; for complex setups (submodules, worktrees),
-        // we might need more robust logic, but this matches previous behavior.
-        <span class="cov1" title="1">return filepath.Join(wt.Filesystem.Root(), ".git", "hooks"), nil</span>
+        <span class="cov0" title="0">return f.writeSuccessResponse(dst.Bytes())</span>
 }
 
-// AddFile adds a file to the git staging area (index)
-func AddFile(path string) error <span class="cov0" title="0">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
+// passthroughSmudge sends content as-is (smudge no-op).
+func (f *GitFilter) passthroughSmudge(content []byte) error <span class="cov0" title="0">{
+        return f.writeSuccessResponse(content)
+}</span>
+
+// passthroughClean sends content as-is (clean no-op).
+func (f *GitFilter) passthroughClean(content []byte) error <span class="cov0" title="0">{
+        return f.writeSuccessResponse(content)
+}</span>
+
+// writeSuccessResponse writes the success response including pkt-line framed content.
+//
+// Format:
+//
+//        PKT-LINE("status=success\n")
+//        flush-pkt
+//        [PKT-LINE(content chunks)]
+//        flush-pkt
+//        flush-pkt  (second flush signals end of command)
+func (f *GitFilter) writeSuccessResponse(data []byte) error <span class="cov1" title="1">{
+        if err := f.pl.WritePacketList([]string{"status=success"}); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">wt, err := repo.Worktree()
-        if err != nil </span><span class="cov0" title="0">{
+
+        <span class="cov1" title="1">w := pktline.NewPktlineWriter(f.out, pktline.MaxPacketLength)
+        if len(data) &gt; 0 </span><span class="cov1" title="1">{
+                if _, err := w.Write(data); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+        }
+        <span class="cov1" title="1">if err := w.Flush(); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">_, err = wt.Add(path)
-        return err</span>
+
+        // Send trailing key=value list (empty) terminated with flush.
+        <span class="cov1" title="1">return f.pl.WritePacketList(nil)</span>
+}
+
+// --------------------------------------------------------------------------
+// Helpers
+// --------------------------------------------------------------------------
+
+// readRequest reads the command header section terminated by a delimiter packet.
+// Returns (FilterRequest, nil) on success, or (_, io.EOF) if the stream is done.
+func (f *GitFilter) readRequest() (FilterRequest, error) <span class="cov10" title="2">{
+        requestList, err := f.pl.ReadPacketList()
+        if err != nil </span><span class="cov1" title="1">{
+                return FilterRequest{}, err
+        }</span>
+
+        <span class="cov1" title="1">var req FilterRequest
+        for _, line := range requestList </span><span class="cov10" title="2">{
+                if kv := strings.SplitN(line, "=", 2); len(kv) == 2 </span><span class="cov10" title="2">{
+                        switch kv[0] </span>{
+                        case "command":<span class="cov1" title="1">
+                                req.Command = kv[1]</span>
+                        case "pathname":<span class="cov1" title="1">
+                                req.Pathname = kv[1]</span>
+                        }
+                }
+        }
+        <span class="cov1" title="1">return req, nil</span>
 }
+
+// readContent reads pkt-line data packets until a flush packet, returning all
+// data concatenated. git sends content flush-terminated.
+func (f *GitFilter) readContent() ([]byte, error) <span class="cov1" title="1">{
+        return io.ReadAll(pktline.NewPktlineReaderFromPktline(f.pl, pktline.MaxPacketLength))
+}</span>
 </pre>
 		
-		<pre class="file" id="file42" style="display: none">package lfs
-
-// Package filterops contains the shared logic for the git-drs clean and
-// filter-process sub commands. Both sub commands need to convert raw file
-// content into an LFS pointer (the "clean" side of the LFS filter pair), so
-// the implementation lives here and is imported by each command rather than
-// being duplicated.
+		<pre class="file" id="file56" style="display: none">package gitrepo
 
 import (
-        "context"
-        "crypto/sha256"
-        "encoding/hex"
         "fmt"
-        "io"
-        "log/slog"
-        "os"
-        "path/filepath"
+        "regexp"
         "strings"
-
-        "github.com/calypr/git-drs/internal/common"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
-// ParseLFSPointer extracts the oid and size from an LFS pointer payload.
-// Returns ("", 0, false) if data is not a valid LFS pointer.
-func ParseLFSPointer(data []byte) (oid string, size int64, ok bool) <span class="cov6" title="5">{
-        text := string(data)
-        if !strings.Contains(text, "version https://git-lfs.github.com/spec/v1") </span><span class="cov1" title="1">{
-                return "", 0, false
+type BucketMapping struct {
+        Bucket string
+        Prefix string
+}
+
+var bucketMapKeyPartSanitizer = regexp.MustCompile(`[^a-z0-9_-]+`)
+
+func normalizeBucketMapKeyPart(v string) string <span class="cov10" title="61">{
+        v = strings.ToLower(strings.TrimSpace(v))
+        v = strings.ReplaceAll(v, ".", "_")
+        v = bucketMapKeyPartSanitizer.ReplaceAllString(v, "_")
+        v = strings.Trim(v, "_")
+        return v
+}</span>
+
+func orgBucketKey(org, field string) string <span class="cov7" title="23">{
+        return fmt.Sprintf("drs.bucketmap.orgs.%s.%s", normalizeBucketMapKeyPart(org), field)
+}</span>
+
+func projectBucketKey(org, project, field string) string <span class="cov7" title="19">{
+        return fmt.Sprintf("drs.bucketmap.projects.%s.%s.%s", normalizeBucketMapKeyPart(org), normalizeBucketMapKeyPart(project), field)
+}</span>
+
+func SetBucketMapping(org, project, bucket, prefix string) error <span class="cov6" title="10">{
+        org = strings.TrimSpace(org)
+        project = strings.TrimSpace(project)
+        bucket = strings.TrimSpace(bucket)
+        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
+        if org == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("organization is required")
         }</span>
-        <span class="cov5" title="4">for _, line := range strings.Split(text, "\n") </span><span class="cov10" title="16">{
-                line = strings.TrimSpace(line)
-                if strings.HasPrefix(line, "oid sha256:") </span><span class="cov5" title="4">{
-                        oid = strings.TrimPrefix(line, "oid sha256:")
+        <span class="cov6" title="10">if bucket == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("bucket is required")
+        }</span>
+
+        <span class="cov6" title="10">configs := map[string]string{}
+        prefixKey := ""
+        if project != "" </span><span class="cov4" title="4">{
+                configs[projectBucketKey(org, project, "bucket")] = bucket
+                prefixKey = projectBucketKey(org, project, "prefix")
+                if prefix != "" </span><span class="cov3" title="3">{
+                        configs[prefixKey] = prefix
                 }</span>
-                <span class="cov10" title="16">if strings.HasPrefix(line, "size ") </span><span class="cov5" title="4">{
-                        fmt.Sscanf(strings.TrimPrefix(line, "size "), "%d", &amp;size)
+        } else<span class="cov4" title="6"> {
+                configs[orgBucketKey(org, "bucket")] = bucket
+                prefixKey = orgBucketKey(org, "prefix")
+                if prefix != "" </span><span class="cov4" title="4">{
+                        configs[prefixKey] = prefix
                 }</span>
         }
-        <span class="cov5" title="4">if oid == "" </span><span class="cov0" title="0">{
-                return "", 0, false
+        <span class="cov6" title="10">if err := SetGitConfigOptions(configs); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov5" title="4">return oid, size, true</span>
-}
-
-// WriteDrsMap records a local DRS object entry in .git/drs/lfs/objects so that
-// the pre-push workflow can discover and upload the file. This mirrors the
-// ObjectStore.WriteObject pattern.
-func WriteDrsMap(pathname string, oid string, size int64) error <span class="cov1" title="1">{
-        name := filepath.Base(pathname)
-        drsObj := &amp;drsapi.DrsObject{
-                Name: &amp;name,
-                Size: size,
-                Checksums: []drsapi.Checksum{
-                        {Type: "sha256", Checksum: oid},
-                },
-        }
-        if existing, err := ReadObject(common.DRS_OBJS_PATH, oid); err == nil &amp;&amp; existing != nil </span><span class="cov1" title="1">{
-                drsObj = existing
-                drsObj.Name = &amp;name
-                drsObj.Size = size
-                drsObj.Checksums = []drsapi.Checksum{
-                        {Type: "sha256", Checksum: oid},
-                }
+        <span class="cov6" title="10">if prefix == "" &amp;&amp; prefixKey != "" </span><span class="cov3" title="3">{
+                return UnsetGitConfigOptions([]string{prefixKey})
         }</span>
-        <span class="cov1" title="1">return WriteObject(common.DRS_OBJS_PATH, drsObj, oid)</span>
+        <span class="cov5" title="7">return nil</span>
 }
 
-// CleanContent reads raw file content from content, hashes it with SHA-256,
-// stores the content in the git-lfs local object cache under lfsRoot, and
-// writes an LFS pointer to dst. It also records a DRS map entry so that
-// `git drs push` can discover the file.
-//
-// pathname is the repo-relative path of the file being cleaned; it is used
-// only for the DRS map entry name and log messages.
-func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Reader, dst io.Writer, logger *slog.Logger) error <span class="cov1" title="1">{
-        _ = ctx // reserved for future cancellation propagation
-
-        objDir := filepath.Join(lfsRoot, "objects")
-        if err := os.MkdirAll(objDir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: mkdir LFS objects: %w", err)
+func GetBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov5" title="8">{
+        org = strings.TrimSpace(org)
+        project = strings.TrimSpace(project)
+        if org == "" </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, nil
         }</span>
 
-        // Buffer the content into a temp file while computing its SHA-256.
-        <span class="cov1" title="1">tmp, err := os.CreateTemp(objDir, "git-drs-clean-*")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: create temp file: %w", err)
-        }</span>
-        <span class="cov1" title="1">tmpPath := tmp.Name()
-        defer func() </span><span class="cov1" title="1">{
-                if _, statErr := os.Stat(tmpPath); statErr == nil </span><span class="cov1" title="1">{
-                        _ = os.Remove(tmpPath)
+        // Project-specific mapping takes precedence.
+        <span class="cov5" title="8">if project != "" </span><span class="cov4" title="4">{
+                bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
+                if err != nil </span><span class="cov0" title="0">{
+                        return BucketMapping{}, false, err
                 }</span>
-        }()
-
-        <span class="cov1" title="1">h := sha256.New()
-        written, err := io.Copy(tmp, io.TeeReader(content, h))
-        if err != nil </span><span class="cov0" title="0">{
-                tmp.Close()
-                return fmt.Errorf("clean: write temp file: %w", err)
-        }</span>
-        <span class="cov1" title="1">if err := tmp.Close(); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: close temp file: %w", err)
-        }</span>
-        <span class="cov1" title="1">size := written
-        oid := hex.EncodeToString(h.Sum(nil))
-
-        if size &gt; 0 &amp;&amp; size &lt; 2048 </span><span class="cov1" title="1">{
-                if data, readErr := os.ReadFile(tmpPath); readErr == nil </span><span class="cov1" title="1">{
-                        if pointerOID, pointerSize, ok := ParseLFSPointer(data); ok </span><span class="cov1" title="1">{
-                                if _, err := dst.Write(data); err != nil </span><span class="cov0" title="0">{
-                                        return fmt.Errorf("clean: write existing pointer: %w", err)
-                                }</span>
-                                <span class="cov1" title="1">if mapErr := WriteDrsMap(pathname, pointerOID, pointerSize); mapErr != nil </span><span class="cov0" title="0">{
-                                        logger.Warn("clean: failed to write DRS map entry for existing pointer", "pathname", pathname, "error", mapErr)
-                                }</span>
-                                <span class="cov1" title="1">logger.Debug("clean: passed through existing LFS pointer", "pathname", pathname, "oid", pointerOID, "size", pointerSize)
-                                return nil</span>
-                        }
+                <span class="cov4" title="4">if strings.TrimSpace(bucket) != "" </span><span class="cov2" title="2">{
+                        prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
+                        if err != nil </span><span class="cov0" title="0">{
+                                return BucketMapping{}, false, err
+                        }</span>
+                        <span class="cov2" title="2">return BucketMapping{
+                                Bucket: strings.TrimSpace(bucket),
+                                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
+                        }, true, nil</span>
                 }
         }
 
-        // Move temp file to the final content-addressed location.
-        <span class="cov0" title="0">cachePath, err := ObjectPath(common.LFS_OBJS_PATH, oid)
+        // Fallback: organization-level mapping.
+        <span class="cov4" title="6">bucket, err := GetGitConfigString(orgBucketKey(org, "bucket"))
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: resolve cache path: %w", err)
-        }</span>
-        <span class="cov0" title="0">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: mkdir for cache path: %w", err)
-        }</span>
-        <span class="cov0" title="0">if err := os.Rename(tmpPath, cachePath); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: move to cache: %w", err)
+                return BucketMapping{}, false, err
         }</span>
-
-        <span class="cov0" title="0">logger.Debug("clean: stored LFS object", "pathname", pathname, "oid", oid, "size", size)
-
-        // Write the LFS pointer to dst.
-        pointer := fmt.Sprintf(
-                "version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
-                oid, size,
-        )
-        if _, err := io.WriteString(dst, pointer); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: write pointer: %w", err)
+        <span class="cov4" title="6">if strings.TrimSpace(bucket) == "" </span><span class="cov1" title="1">{
+                return BucketMapping{}, false, nil
         }</span>
-
-        // Record a DRS map entry so `git drs push` can find the file.
-        <span class="cov0" title="0">if mapErr := WriteDrsMap(pathname, oid, size); mapErr != nil </span><span class="cov0" title="0">{
-                logger.Warn("clean: failed to write DRS map entry", "pathname", pathname, "error", mapErr)
+        <span class="cov4" title="5">prefix, err := GetGitConfigString(orgBucketKey(org, "prefix"))
+        if err != nil </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, err
         }</span>
-
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov4" title="5">return BucketMapping{
+                Bucket: strings.TrimSpace(bucket),
+                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
+        }, true, nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file43" style="display: none">package lfs
+		<pre class="file" id="file57" style="display: none">package gitrepo
 
 import (
-        "context"
         "fmt"
-        "io"
-        "log/slog"
-        "net/http"
-        "os"
-        "path/filepath"
         "strings"
-
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslookup"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        sycommon "github.com/calypr/syfon/client/common"
-        syrequest "github.com/calypr/syfon/client/request"
-        "github.com/calypr/syfon/client/transfer"
-        "github.com/calypr/syfon/client/xfer/download"
 )
 
-// DownloadToCachePath downloads the DRS object identified by oid to cachePath
-// using the project-scoped URL resolution preferred by git-drs.
-func DownloadToCachePath(ctx context.Context, drsCtx *config.GitContext, logger *slog.Logger, oid, cachePath string) error <span class="cov0" title="0">{
-        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("mkdir for cache path: %w", err)
-        }</span>
+type ResolvedBucketScope struct {
+        Bucket string
+        Prefix string
+}
+
+// ResolveBucketScope returns the effective bucket/prefix for an org+project.
+// It prefers explicit bucket-map entries and validates conflicts with any
+// configured fallback values.
+func ResolveBucketScope(organization, project, configuredBucket, configuredPrefix string) (ResolvedBucketScope, error) <span class="cov7" title="4">{
+        organization = strings.TrimSpace(organization)
+        project = strings.TrimSpace(project)
+        configuredBucket = strings.TrimSpace(configuredBucket)
+        configuredPrefix = strings.Trim(strings.TrimSpace(configuredPrefix), "/")
+
+        if organization == "" </span><span class="cov0" title="0">{
+                if configuredBucket == "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("bucket is required when organization is empty")
+                }</span>
+                <span class="cov0" title="0">return ResolvedBucketScope{
+                        Bucket: configuredBucket,
+                        Prefix: configuredPrefix,
+                }, nil</span>
+        }
 
-        <span class="cov0" title="0">backend, err := newScopedBackend(ctx, drsCtx, oid)
+        <span class="cov7" title="4">orgMapping, hasOrgMapping, err := GetBucketMapping(organization, "")
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q: %w", organization, err)
         }</span>
 
-        <span class="cov0" title="0">opts := download.DownloadOptions{
-                MultipartThreshold: 5 * 1024 * 1024,
-                Concurrency:        2,
-                ChunkSize:          64 * 1024 * 1024,
+        <span class="cov7" title="4">var projectMapping BucketMapping
+        hasProjectMapping := false
+        if project != "" </span><span class="cov7" title="4">{
+                projectMapping, hasProjectMapping, err = getExactBucketMapping(organization, project)
+                if err != nil </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q project=%q: %w", organization, project, err)
+                }</span>
         }
-        return download.DownloadToPathWithOptions(ctx, backend, oid, cachePath, opts)</span>
-}
 
-func DownloadResolvedToCachePath(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error <span class="cov0" title="0">{
-        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("mkdir for cache path: %w", err)
-        }</span>
-        <span class="cov0" title="0">if obj == nil || accessURL == nil || strings.TrimSpace(accessURL.Url) == "" </span><span class="cov0" title="0">{
-                return DownloadToCachePath(ctx, drsCtx, nil, oid, cachePath)
-        }</span>
-        <span class="cov0" title="0">backend, err := newScopedBackendFromResolved(drsCtx, obj, strings.TrimSpace(accessURL.Url))
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+        <span class="cov7" title="4">if hasOrgMapping </span><span class="cov6" title="3">{
+                bucket := strings.TrimSpace(orgMapping.Bucket)
+                if bucket == "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q is missing bucket", organization)
+                }</span>
+                <span class="cov6" title="3">return ResolvedBucketScope{
+                        Bucket: bucket,
+                        Prefix: joinBucketPrefixes(orgMapping.Prefix, projectMapping.Prefix),
+                }, nil</span>
+        }
 
-        <span class="cov0" title="0">opts := download.DownloadOptions{
-                MultipartThreshold: 5 * 1024 * 1024,
-                Concurrency:        2,
-                ChunkSize:          64 * 1024 * 1024,
+        <span class="cov1" title="1">if hasProjectMapping </span><span class="cov0" title="0">{
+                bucket := strings.TrimSpace(projectMapping.Bucket)
+                if bucket == "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q project=%q is missing bucket", organization, project)
+                }</span>
+                <span class="cov0" title="0">return ResolvedBucketScope{
+                        Bucket: bucket,
+                        Prefix: strings.Trim(strings.TrimSpace(projectMapping.Prefix), "/"),
+                }, nil</span>
         }
-        return download.DownloadToPathWithOptions(ctx, backend, oid, cachePath, opts)</span>
-}
 
-type scopedBackend struct {
-        base      transfer.Backend
-        requestor syrequest.Requester
-        object    *drsapi.DrsObject
-        accessURL string
+        <span class="cov1" title="1">if configuredBucket == "" </span><span class="cov0" title="0">{
+                if project != "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q project=%q; configure one first with `git drs bucket add-organization --organization %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;` or `git drs bucket add-project --organization %s --project %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`", organization, project, organization, organization, project)
+                }</span>
+                <span class="cov0" title="0">return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q; configure one first with `git drs bucket add-organization --organization %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`", organization, organization)</span>
+        }
+        <span class="cov1" title="1">return ResolvedBucketScope{
+                Bucket: configuredBucket,
+                Prefix: configuredPrefix,
+        }, nil</span>
 }
 
-func newScopedBackend(ctx context.Context, drsCtx *config.GitContext, oid string) (*scopedBackend, error) <span class="cov0" title="0">{
-        if drsCtx == nil || drsCtx.Client == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("DRS client unavailable")
+func getExactBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov7" title="4">{
+        org = strings.TrimSpace(org)
+        project = strings.TrimSpace(project)
+        if org == "" || project == "" </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, nil
         }</span>
-
-        <span class="cov0" title="0">accessURL, match, err := drslookup.AccessURLForHashScope(ctx, drsCtx, oid)
+        <span class="cov7" title="4">bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-
-        <span class="cov0" title="0">return &amp;scopedBackend{
-                base:      drsCtx.Client.Data(),
-                requestor: drsCtx.Requestor,
-                object:    match,
-                accessURL: strings.TrimSpace(accessURL.Url),
-        }, nil</span>
-}
-
-func newScopedBackendFromResolved(drsCtx *config.GitContext, obj *drsapi.DrsObject, accessURL string) (*scopedBackend, error) <span class="cov0" title="0">{
-        if drsCtx == nil || drsCtx.Client == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("DRS client unavailable")
+                return BucketMapping{}, false, err
         }</span>
-        <span class="cov0" title="0">return &amp;scopedBackend{
-                base:      drsCtx.Client.Data(),
-                requestor: drsCtx.Requestor,
-                object:    obj,
-                accessURL: strings.TrimSpace(accessURL),
-        }, nil</span>
-}
-
-func (b *scopedBackend) Name() string <span class="cov0" title="0">{ return b.base.Name() }</span>
-
-func (b *scopedBackend) Logger() transfer.TransferLogger <span class="cov0" title="0">{ return b.base.Logger() }</span>
-
-func (b *scopedBackend) Validate(ctx context.Context, bucket string) error <span class="cov0" title="0">{
-        return b.base.Validate(ctx, bucket)
-}</span>
-
-func (b *scopedBackend) Stat(ctx context.Context, guid string) (*transfer.ObjectMetadata, error) <span class="cov0" title="0">{
-        if b.object == nil </span><span class="cov0" title="0">{
-                return b.base.Stat(ctx, guid)
+        <span class="cov7" title="4">if strings.TrimSpace(bucket) == "" </span><span class="cov6" title="3">{
+                return BucketMapping{}, false, nil
         }</span>
-        <span class="cov0" title="0">md := &amp;transfer.ObjectMetadata{
-                Size:         b.object.Size,
-                AcceptRanges: true,
-                Provider:     "drs",
-        }
-        return md, nil</span>
-}
-
-func (b *scopedBackend) GetReader(ctx context.Context, guid string) (io.ReadCloser, error) <span class="cov0" title="0">{
-        return b.download(ctx, nil, nil)
-}</span>
-
-func (b *scopedBackend) GetRangeReader(ctx context.Context, guid string, offset, length int64) (io.ReadCloser, error) <span class="cov0" title="0">{
-        if length &lt;= 0 </span><span class="cov0" title="0">{
-                return b.download(ctx, nil, nil)
+        <span class="cov1" title="1">prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
+        if err != nil </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, err
         }</span>
-        <span class="cov0" title="0">end := offset + length - 1
-        return b.download(ctx, &amp;offset, &amp;end)</span>
+        <span class="cov1" title="1">return BucketMapping{
+                Bucket: strings.TrimSpace(bucket),
+                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
+        }, true, nil</span>
 }
 
-func (b *scopedBackend) GetWriter(ctx context.Context, guid string) (io.WriteCloser, error) <span class="cov0" title="0">{
-        return b.base.GetWriter(ctx, guid)
-}</span>
-
-func (b *scopedBackend) Upload(ctx context.Context, guid string, body io.Reader, size int64) error <span class="cov0" title="0">{
-        return b.base.Upload(ctx, guid, body, size)
-}</span>
-
-func (b *scopedBackend) MultipartInit(ctx context.Context, guid string) (string, error) <span class="cov0" title="0">{
-        return b.base.MultipartInit(ctx, guid)
-}</span>
-
-func (b *scopedBackend) MultipartPart(ctx context.Context, guid string, uploadID string, partNum int, body io.Reader) (string, error) <span class="cov0" title="0">{
-        return b.base.MultipartPart(ctx, guid, uploadID, partNum, body)
-}</span>
-
-func (b *scopedBackend) MultipartComplete(ctx context.Context, guid string, uploadID string, parts []transfer.MultipartPart) error <span class="cov0" title="0">{
-        return b.base.MultipartComplete(ctx, guid, uploadID, parts)
-}</span>
-
-func (b *scopedBackend) Delete(ctx context.Context, guid string) error <span class="cov0" title="0">{
-        return b.base.Delete(ctx, guid)
-}</span>
-
-func (b *scopedBackend) download(ctx context.Context, rangeStart, rangeEnd *int64) (io.ReadCloser, error) <span class="cov0" title="0">{
-        if b.accessURL == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("empty download URL")
-        }</span>
-        <span class="cov0" title="0">var opts []syrequest.RequestOption
-        if rangeStart != nil </span><span class="cov0" title="0">{
-                rangeHeader := "bytes=" + fmt.Sprintf("%d-", *rangeStart)
-                if rangeEnd != nil </span><span class="cov0" title="0">{
-                        rangeHeader += fmt.Sprintf("%d", *rangeEnd)
+func joinBucketPrefixes(parts ...string) string <span class="cov6" title="3">{
+        joined := make([]string, 0, len(parts))
+        for _, part := range parts </span><span class="cov10" title="6">{
+                part = strings.Trim(strings.TrimSpace(part), "/")
+                if part != "" </span><span class="cov6" title="3">{
+                        joined = append(joined, part)
                 }</span>
-                <span class="cov0" title="0">opts = append(opts, syrequest.WithHeader("Range", rangeHeader))</span>
         }
-        <span class="cov0" title="0">if sycommon.IsCloudPresignedURL(b.accessURL) </span><span class="cov0" title="0">{
-                opts = append(opts, syrequest.WithSkipAuth(true))
-        }</span>
-        <span class="cov0" title="0">var resp *http.Response
-        if err := b.requestor.Do(ctx, http.MethodGet, b.accessURL, nil, &amp;resp, opts...); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">if resp.StatusCode &gt;= http.StatusBadRequest </span><span class="cov0" title="0">{
-                body, _ := io.ReadAll(resp.Body)
-                _ = resp.Body.Close()
-                return nil, fmt.Errorf("download failed: status=%d body=%s", resp.StatusCode, strings.TrimSpace(string(body)))
-        }</span>
-        <span class="cov0" title="0">return resp.Body, nil</span>
+        <span class="cov6" title="3">return strings.Join(joined, "/")</span>
 }
 </pre>
 		
-		<pre class="file" id="file44" style="display: none">package lfs
+		<pre class="file" id="file58" style="display: none">package gitrepo
 
 import (
-        "bytes"
-        "context"
         "fmt"
-        "io"
-        "log/slog"
-        "slices"
         "strings"
 
-        "github.com/git-lfs/pktline"
+        gitconfig "github.com/go-git/go-git/v5/plumbing/format/config"
 )
 
-// SmudgeFunc is called for each smudge (checkout) request.
-// req contains the pathname and command metadata.
-// ptr is the LFS pointer payload received from git (may be non-LFS content for untracked files).
-// dst is where the real file content must be written.
-type SmudgeFunc func(ctx context.Context, req FilterRequest, ptr io.Reader, dst io.Writer) error
-
-// CleanFunc is called for each clean (stage) request.
-// req contains the pathname and command metadata.
-// content is the full file content received from git.
-// dst is where the LFS pointer must be written.
-type CleanFunc func(ctx context.Context, req FilterRequest, content io.Reader, dst io.Writer) error
-
-// FilterRequest describes a single filter request from git.
-type FilterRequest struct {
-        // Command is "smudge" or "clean".
-        Command string
-        // Pathname is the repo-relative file path being processed.
-        Pathname string
-}
-
-// GitFilter implements the git long-running filter process protocol v2.
-//
-// Protocol reference:
-//
-//        https://git-scm.com/docs/gitattributes#_long_running_filter_process
-//
-// Usage:
-//
-//        f := NewGitFilter(os.Stdin, os.Stdout).
-//            OnSmudge(smudgeFn).
-//            OnClean(cleanFn)
-//        err := f.Run(ctx)
-type GitFilter struct {
-        pl     *pktline.Pktline
-        out    io.Writer
-        smudge SmudgeFunc
-        clean  CleanFunc
-        logger *slog.Logger
-}
-
-// NewGitFilter creates a GitFilter that reads from in and writes to out.
-func NewGitFilter(in io.Reader, out io.Writer, logger *slog.Logger) *GitFilter <span class="cov1" title="1">{
-        return &amp;GitFilter{
-                pl:     pktline.NewPktline(in, out),
-                out:    out,
-                logger: logger,
-        }
+func remoteTokenKey(remoteName string) string <span class="cov0" title="0">{
+        return fmt.Sprintf("drs.remote.%s.token", remoteName)
 }</span>
 
-// OnSmudge registers the smudge handler and returns the receiver for chaining.
-func (f *GitFilter) OnSmudge(fn SmudgeFunc) *GitFilter <span class="cov1" title="1">{
-        f.smudge = fn
-        return f
+func remoteUsernameKey(remoteName string) string <span class="cov10" title="2">{
+        return fmt.Sprintf("drs.remote.%s.username", remoteName)
 }</span>
 
-// OnClean registers the clean handler and returns the receiver for chaining.
-func (f *GitFilter) OnClean(fn CleanFunc) *GitFilter <span class="cov0" title="0">{
-        f.clean = fn
-        return f
+func remotePasswordKey(remoteName string) string <span class="cov10" title="2">{
+        return fmt.Sprintf("drs.remote.%s.password", remoteName)
 }</span>
 
-// Run performs the capability handshake and then processes filter requests
-// until the underlying reader is exhausted or the context is cancelled.
-func (f *GitFilter) Run(ctx context.Context) error <span class="cov1" title="1">{
-        f.logger.Debug("Starting git filter process")
-        if err := f.handshake(); err != nil </span><span class="cov0" title="0">{
-                f.logger.Debug(fmt.Sprintf("Handshake failed: %v", err))
-                return fmt.Errorf("git-filter: handshake: %w", err)
+func remoteLFSURL(endpoint string) string <span class="cov0" title="0">{
+        base := strings.TrimSpace(strings.TrimRight(endpoint, "/"))
+        if base == "" </span><span class="cov0" title="0">{
+                return ""
         }</span>
-        <span class="cov1" title="1">for </span><span class="cov10" title="2">{
-                if err := ctx.Err(); err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov10" title="2">if err := f.processOne(ctx); err != nil </span><span class="cov1" title="1">{
-                        if err == io.EOF </span><span class="cov1" title="1">{
-                                return nil
-                        }</span>
-                        <span class="cov0" title="0">return err</span>
-                }
-        }
+        <span class="cov0" title="0">return base + "/info/lfs"</span>
 }
 
-// --------------------------------------------------------------------------
-// Handshake
-// --------------------------------------------------------------------------
-
-// handshake implements the git filter v2 capability exchange.
-//
-// git → filter:
-//
-//        PKT-LINE("git-filter-client\n")
-//        PKT-LINE("version=2\n")
-//        flush-pkt
-//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
-//
-// filter → git:
-//
-//        PKT-LINE("git-filter-server\n")
-//        PKT-LINE("version=2\n")
-//        flush-pkt
-//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
-func (f *GitFilter) handshake() error <span class="cov1" title="1">{
-        // --- version negotiation from git ---
-        initMsg, err := f.pl.ReadPacketText()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading welcome: %w", err)
-        }</span>
-        <span class="cov1" title="1">if initMsg != "git-filter-client" </span><span class="cov0" title="0">{
-                return fmt.Errorf("expected 'git-filter-client', got %q", initMsg)
-        }</span>
-
-        <span class="cov1" title="1">versions, err := f.pl.ReadPacketList()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading versions: %w", err)
-        }</span>
-        <span class="cov1" title="1">if !slices.Contains(versions, "version=2") </span><span class="cov0" title="0">{
-                return fmt.Errorf("unsupported filter protocol versions %v (requires version=2)", versions)
-        }</span>
+// GetRemoteToken reads a remote-specific bearer token from repo-local git config.
+func GetRemoteToken(remoteName string) (string, error) <span class="cov0" title="0">{
+        return GetGitConfigString(remoteTokenKey(remoteName))
+}</span>
 
-        // --- send our identity ---
-        <span class="cov1" title="1">if err := f.pl.WritePacketList([]string{"git-filter-server", "version=2"}); err != nil </span><span class="cov0" title="0">{
-                return err
+// SetRemoteToken stores a remote-specific bearer token in repo-local git config.
+func SetRemoteToken(remoteName, token string) error <span class="cov0" title="0">{
+        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
         }</span>
-
-        // --- read capabilities from git ---
-        <span class="cov1" title="1">if _, err := f.pl.ReadPacketList(); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading capabilities: %w", err)
+        <span class="cov0" title="0">if strings.TrimSpace(token) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("token is required")
         }</span>
-
-        // --- advertise our capabilities ---
-        <span class="cov1" title="1">return f.pl.WritePacketList([]string{"capability=clean", "capability=smudge"})</span>
+        <span class="cov0" title="0">configs := map[string]string{remoteTokenKey(remoteName): token}
+        return SetGitConfigOptions(configs)</span>
 }
 
-// --------------------------------------------------------------------------
-// Per-request processing
-// --------------------------------------------------------------------------
-
-func (f *GitFilter) processOne(ctx context.Context) error <span class="cov10" title="2">{
-        f.logger.Debug("Waiting for next filter request...")
-        req, err := f.readRequest()
-        if err != nil </span><span class="cov1" title="1">{
-                f.logger.Debug(fmt.Sprintf("Error reading filter request: %v", err))
-                return err
+func GetRemoteBasicAuth(remoteName string) (string, string, error) <span class="cov1" title="1">{
+        username, err := GetGitConfigString(remoteUsernameKey(remoteName))
+        if err != nil </span><span class="cov0" title="0">{
+                return "", "", err
         }</span>
-        <span class="cov1" title="1">f.logger.Debug("Received filter request", "command", req.Command, "pathname", req.Pathname)
-        // Read content (between the delimiter and the trailing flush).
-        content, err := f.readContent()
+        <span class="cov1" title="1">password, err := GetGitConfigString(remotePasswordKey(remoteName))
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading content for %s %s: %w", req.Command, req.Pathname, err)
+                return "", "", err
         }</span>
-
-        <span class="cov1" title="1">var handlerErr error
-        switch req.Command </span>{
-        case "smudge":<span class="cov1" title="1">
-                handlerErr = f.handleSmudge(ctx, req, content)</span>
-        case "clean":<span class="cov0" title="0">
-                handlerErr = f.handleClean(ctx, req, content)</span>
-        default:<span class="cov0" title="0">
-                // Unknown command: respond with error status and empty content.
-                handlerErr = fmt.Errorf("unknown command %q", req.Command)</span>
-        }
-
-        <span class="cov1" title="1">if handlerErr != nil </span><span class="cov0" title="0">{
-                // Send error status; git will use the pointer/raw bytes itself.
-                if err := f.pl.WritePacketList([]string{"status=error"}); err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        }
-        <span class="cov1" title="1">return nil</span>
+        <span class="cov1" title="1">return strings.TrimSpace(username), strings.TrimSpace(password), nil</span>
 }
 
-func (f *GitFilter) handleSmudge(ctx context.Context, req FilterRequest, content []byte) error <span class="cov1" title="1">{
-        if f.smudge == nil </span><span class="cov0" title="0">{
-                return f.passthroughSmudge(content)
+func SetRemoteBasicAuth(remoteName, username, password string) error <span class="cov1" title="1">{
+        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
         }</span>
-
-        <span class="cov1" title="1">var dst bytes.Buffer
-        if err := f.smudge(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">if strings.TrimSpace(username) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("username is required")
         }</span>
-        <span class="cov1" title="1">return f.writeSuccessResponse(dst.Bytes())</span>
+        <span class="cov1" title="1">if strings.TrimSpace(password) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("password is required")
+        }</span>
+        <span class="cov1" title="1">configs := map[string]string{
+                remoteUsernameKey(remoteName): username,
+                remotePasswordKey(remoteName): password,
+        }
+        return SetGitConfigOptions(configs)</span>
 }
 
-func (f *GitFilter) handleClean(ctx context.Context, req FilterRequest, content []byte) error <span class="cov0" title="0">{
-        if f.clean == nil </span><span class="cov0" title="0">{
-                return f.passthroughClean(content)
+// ConfigureCredentialHelperForRepo installs repo-local git credential helper wiring
+// so git-lfs uses standard git credential resolution.
+//
+// credential.helper is a multi-valued git config key: using SetOption would
+// overwrite any pre-existing helpers (e.g. a credential store with other remote
+// credentials).  We use AddOption instead, guarded by a presence check to avoid
+// accumulating duplicate entries on repeated calls.
+func ConfigureCredentialHelperForRepo() error <span class="cov0" title="0">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        <span class="cov0" title="0">var dst bytes.Buffer
-        if err := f.clean(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
+        <span class="cov0" title="0">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">return f.writeSuccessResponse(dst.Bytes())</span>
-}
-
-// passthroughSmudge sends content as-is (smudge no-op).
-func (f *GitFilter) passthroughSmudge(content []byte) error <span class="cov0" title="0">{
-        return f.writeSuccessResponse(content)
-}</span>
 
-// passthroughClean sends content as-is (clean no-op).
-func (f *GitFilter) passthroughClean(content []byte) error <span class="cov0" title="0">{
-        return f.writeSuccessResponse(content)
-}</span>
+        <span class="cov0" title="0">const helperValue = "!git drs credential-helper"
+        credSection := conf.Raw.Section("credential")
 
-// writeSuccessResponse writes the success response including pkt-line framed content.
-//
-// Format:
-//
-//        PKT-LINE("status=success\n")
-//        flush-pkt
-//        [PKT-LINE(content chunks)]
-//        flush-pkt
-//        flush-pkt  (second flush signals end of command)
-func (f *GitFilter) writeSuccessResponse(data []byte) error <span class="cov1" title="1">{
-        if err := f.pl.WritePacketList([]string{"status=success"}); err != nil </span><span class="cov0" title="0">{
-                return err
+        if !containsOption(credSection.Options, "helper", helperValue) </span><span class="cov0" title="0">{
+                credSection.AddOption("helper", helperValue)
         }</span>
+        <span class="cov0" title="0">credSection.SetOption("useHttpPath", "true")
 
-        <span class="cov1" title="1">w := pktline.NewPktlineWriter(f.out, pktline.MaxPacketLength)
-        if len(data) &gt; 0 </span><span class="cov1" title="1">{
-                if _, err := w.Write(data); err != nil </span><span class="cov0" title="0">{
-                        return err
+        return repo.Storer.SetConfig(conf)</span>
+}
+
+func containsOption(opts gitconfig.Options, key, value string) bool <span class="cov0" title="0">{
+        for _, v := range opts.GetAll(key) </span><span class="cov0" title="0">{
+                if v == value </span><span class="cov0" title="0">{
+                        return true
                 }</span>
         }
-        <span class="cov1" title="1">if err := w.Flush(); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-
-        // Send trailing key=value list (empty) terminated with flush.
-        <span class="cov1" title="1">return f.pl.WritePacketList(nil)</span>
+        <span class="cov0" title="0">return false</span>
 }
 
-// --------------------------------------------------------------------------
-// Helpers
-// --------------------------------------------------------------------------
-
-// readRequest reads the command header section terminated by a delimiter packet.
-// Returns (FilterRequest, nil) on success, or (_, io.EOF) if the stream is done.
-func (f *GitFilter) readRequest() (FilterRequest, error) <span class="cov10" title="2">{
-        requestList, err := f.pl.ReadPacketList()
-        if err != nil </span><span class="cov1" title="1">{
-                return FilterRequest{}, err
+// SetRemoteLFSURL stores the LFS API endpoint for the provided git remote.
+func SetRemoteLFSURL(remoteName, endpoint string) error <span class="cov0" title="0">{
+        lfsURL := remoteLFSURL(endpoint)
+        if lfsURL == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("endpoint is required")
         }</span>
-
-        <span class="cov1" title="1">var req FilterRequest
-        for _, line := range requestList </span><span class="cov10" title="2">{
-                if kv := strings.SplitN(line, "=", 2); len(kv) == 2 </span><span class="cov10" title="2">{
-                        switch kv[0] </span>{
-                        case "command":<span class="cov1" title="1">
-                                req.Command = kv[1]</span>
-                        case "pathname":<span class="cov1" title="1">
-                                req.Pathname = kv[1]</span>
-                        }
-                }
+        <span class="cov0" title="0">if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
+        }</span>
+        <span class="cov0" title="0">configs := map[string]string{
+                fmt.Sprintf("remote.%s.lfsurl", remoteName): lfsURL,
         }
-        <span class="cov1" title="1">return req, nil</span>
+        return SetGitConfigOptions(configs)</span>
 }
-
-// readContent reads pkt-line data packets until a flush packet, returning all
-// data concatenated. git sends content flush-terminated.
-func (f *GitFilter) readContent() ([]byte, error) <span class="cov1" title="1">{
-        return io.ReadAll(pktline.NewPktlineReaderFromPktline(f.pl, pktline.MaxPacketLength))
-}</span>
 </pre>
 		
-		<pre class="file" id="file45" style="display: none">package lfs
+		<pre class="file" id="file59" style="display: none">package gitrepo
 
 import (
-        "bufio"
-        "fmt"
         "os"
+        "os/exec"
         "path/filepath"
+        "strconv"
         "strings"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/go-git/go-git/v5"
 )
 
-// UpsertDRSRouteLines adds or updates .gitattributes lines of the form:
-//
-//        &lt;pattern&gt; drs.route=&lt;ro|rw&gt;
-//
-// Returns changed=true if the file was modified.
-func UpsertDRSRouteLines(gitattributesPath string, mode string, patterns []string) (changed bool, err error) <span class="cov8" title="3">{
-        mode = strings.ToLower(strings.TrimSpace(mode))
-        if mode != "ro" &amp;&amp; mode != "rw" </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("invalid mode %q", mode)
+func DrsTopLevel() (string, error) <span class="cov0" title="0">{
+        base, err := GitTopLevel()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
         }</span>
+        <span class="cov0" title="0">return filepath.Join(base, common.DRS_DIR), nil</span>
+}
 
-        // Normalize patterns (preserve original spelling except trim).
-        <span class="cov8" title="3">want := make(map[string]string, len(patterns))
-        order := make([]string, 0, len(patterns))
-        for _, p := range patterns </span><span class="cov8" title="3">{
-                p = strings.TrimSpace(p)
-                if p == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov8" title="3">if _, ok := want[p]; !ok </span><span class="cov8" title="3">{
-                        want[p] = p
-                        order = append(order, p)
-                }</span>
-        }
-        <span class="cov8" title="3">if len(order) == 0 </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("no patterns provided")
+// GetRepo opens the current git repository
+func GetRepo() (*git.Repository, error) <span class="cov8" title="12">{
+        cwd, err := os.Getwd()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov8" title="12">return git.PlainOpenWithOptions(cwd, &amp;git.PlainOpenOptions{DetectDotGit: true})</span>
+}
+
+// GitTopLevel returns the absolute path of the git repository root
+func GitTopLevel() (string, error) <span class="cov0" title="0">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov0" title="0">wt, err := repo.Worktree()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov0" title="0">return wt.Filesystem.Root(), nil</span>
+}
+
+// GetGitConfigString reads a string value from git config using the git command
+// to ensure we pick up values from all scopes (system, global, local).
+func GetGitConfigString(key string) (string, error) <span class="cov10" title="24">{
+        cmd := exec.Command("git", "config", "--get", key)
+        out, err := cmd.Output()
+        if err != nil </span><span class="cov7" title="9">{
+                // git config returns exit code 1 if the key is not found
+                return "", nil
+        }</span>
+        <span class="cov8" title="15">return strings.TrimSpace(string(out)), nil</span>
+}
+
+// GetGitConfigInt reads an integer value from git config
+func GetGitConfigInt(key string, defaultValue int64) int64 <span class="cov0" title="0">{
+        valStr, err := GetGitConfigString(key)
+        if err != nil || valStr == "" </span><span class="cov0" title="0">{
+                return defaultValue
+        }</span>
+        <span class="cov0" title="0">val, err := strconv.ParseInt(valStr, 10, 64)
+        if err != nil </span><span class="cov0" title="0">{
+                return defaultValue
         }</span>
+        <span class="cov0" title="0">return val</span>
+}
 
-        // Read existing file if present.
-        <span class="cov8" title="3">var lines []string
-        data, readErr := os.ReadFile(gitattributesPath)
-        if readErr == nil </span><span class="cov5" title="2">{
-                sc := bufio.NewScanner(strings.NewReader(string(data)))
-                for sc.Scan() </span><span class="cov8" title="3">{
-                        lines = append(lines, sc.Text())
-                }</span>
-                <span class="cov5" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
-                        return false, fmt.Errorf("read %s: %w", gitattributesPath, err)
-                }</span>
-        } else<span class="cov1" title="1"> if !os.IsNotExist(readErr) </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("read %s: %w", gitattributesPath, readErr)
+// GetGitConfigBool reads a boolean value from git config
+func GetGitConfigBool(key string, defaultValue bool) bool <span class="cov0" title="0">{
+        valStr, err := GetGitConfigString(key)
+        if err != nil || valStr == "" </span><span class="cov0" title="0">{
+                return defaultValue
         }</span>
+        <span class="cov0" title="0">val, err := strconv.ParseBool(valStr)
+        if err != nil </span><span class="cov0" title="0">{
+                return defaultValue
+        }</span>
+        <span class="cov0" title="0">return val</span>
+}
 
-        // Build index of existing drs.route lines.
-        // We match "pattern ... drs.route=&lt;x&gt;" in a whitespace-tolerant way, but only update
-        // if the first token equals the pattern exactly.
-        <span class="cov8" title="3">seen := make(map[string]int) // pattern -&gt; line index
-        for i, line := range lines </span><span class="cov8" title="3">{
-                pat, _, ok := parseRouteLine(line)
-                if ok </span><span class="cov5" title="2">{
-                        seen[pat] = i
-                }</span>
-        }
-
-        // Apply upserts.
-        <span class="cov8" title="3">for _, pat := range order </span><span class="cov8" title="3">{
-                newLine := fmt.Sprintf("%s drs.route=%s", pat, mode)
+func SetGitConfigOptions(configs map[string]string) error <span class="cov7" title="11">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov7" title="11">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-                if idx, ok := seen[pat]; ok </span><span class="cov5" title="2">{
-                        // Update only if different
-                        if strings.TrimSpace(lines[idx]) != newLine </span><span class="cov1" title="1">{
-                                lines[idx] = newLine
-                                changed = true
-                        }</span>
-                } else<span class="cov1" title="1"> {
-                        lines = append(lines, newLine)
-                        changed = true
+        <span class="cov7" title="11">for key, value := range configs </span><span class="cov9" title="19">{
+                parts := strings.Split(key, ".")
+                if len(parts) == 2 </span><span class="cov0" title="0">{
+                        conf.Raw.Section(parts[0]).SetOption(parts[1], value)
+                }</span> else<span class="cov9" title="19"> if len(parts) &gt; 2 </span><span class="cov9" title="19">{
+                        // Handle subsections e.g. lfs.customtransfer.drs.path or drs.remote.origin.type
+                        section := parts[0]
+                        subsection := strings.Join(parts[1:len(parts)-1], ".")
+                        key := parts[len(parts)-1]
+                        conf.Raw.Section(section).Subsection(subsection).SetOption(key, value)
                 }</span>
         }
 
-        <span class="cov8" title="3">if !changed &amp;&amp; readErr == nil </span><span class="cov1" title="1">{
-                return false, nil
-        }</span>
+        <span class="cov7" title="11">return repo.Storer.SetConfig(conf)</span>
+}
 
-        // Ensure directory exists (it should, but be safe).
-        <span class="cov5" title="2">if err := os.MkdirAll(filepath.Dir(gitattributesPath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("mkdir %s: %w", filepath.Dir(gitattributesPath), err)
-        }</span>
+// UnsetGitConfigOptions removes git config keys from local repo config.
+// Missing keys are ignored.
+func UnsetGitConfigOptions(keys []string) error <span class="cov4" title="3">{
+        for _, key := range keys </span><span class="cov4" title="3">{
+                cmd := exec.Command("git", "config", "--unset-all", key)
+                if err := cmd.Run(); err != nil </span><span class="cov1" title="1">{
+                        // git exits non-zero when the key doesn't exist; this is safe to ignore.
+                        continue</span>
+                }
+        }
+        <span class="cov4" title="3">return nil</span>
+}
 
-        // Write back with trailing newline.
-        <span class="cov5" title="2">out := strings.Join(lines, "\n")
-        if !strings.HasSuffix(out, "\n") </span><span class="cov5" title="2">{
-                out += "\n"
+// GetGitHooksDir returns the absolute path to the .git/hooks directory
+func GetGitHooksDir() (string, error) <span class="cov1" title="1">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
         }</span>
-        <span class="cov5" title="2">if err := os.WriteFile(gitattributesPath, []byte(out), 0o644); err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("write %s: %w", gitattributesPath, err)
+        <span class="cov1" title="1">wt, err := repo.Worktree()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
         }</span>
-        <span class="cov5" title="2">return true, nil</span>
+        // This is a simplification; for complex setups (submodules, worktrees),
+        // we might need more robust logic, but this matches previous behavior.
+        <span class="cov1" title="1">return filepath.Join(wt.Filesystem.Root(), ".git", "hooks"), nil</span>
 }
 
-// parseRouteLine returns (pattern, mode, ok) for lines like:
-//
-//        scratch/** drs.route=rw
-//
-// It ignores comments and blank lines.
-func parseRouteLine(line string) (pattern string, mode string, ok bool) <span class="cov10" title="4">{
-        s := strings.TrimSpace(line)
-        if s == "" || strings.HasPrefix(s, "#") </span><span class="cov1" title="1">{
-                return "", "", false
+// AddFile adds a file to the git staging area (index)
+func AddFile(path string) error <span class="cov0" title="0">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        // Tokenize by whitespace.
-        <span class="cov8" title="3">parts := strings.Fields(s)
-        if len(parts) &lt; 2 </span><span class="cov0" title="0">{
-                return "", "", false
+        <span class="cov0" title="0">wt, err := repo.Worktree()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        <span class="cov8" title="3">pat := parts[0]
-        for _, tok := range parts[1:] </span><span class="cov8" title="3">{
-                if strings.HasPrefix(tok, "drs.route=") </span><span class="cov8" title="3">{
-                        val := strings.TrimPrefix(tok, "drs.route=")
-                        val = strings.ToLower(strings.TrimSpace(val))
-                        if val == "ro" || val == "rw" </span><span class="cov8" title="3">{
-                                return pat, val, true
-                        }</span>
-                        // present but invalid -&gt; treat as not-ok to avoid “fixing” unknown formats silently
-                        <span class="cov0" title="0">return "", "", false</span>
-                }
-        }
-        <span class="cov0" title="0">return "", "", false</span>
+        <span class="cov0" title="0">_, err = wt.Add(path)
+        return err</span>
 }
 </pre>
 		
-		<pre class="file" id="file46" style="display: none">package lfs
+		<pre class="file" id="file60" style="display: none">package lfs
 
 import (
-        "bufio"
         "bytes"
         "context"
         "errors"
         "fmt"
+        "log/slog"
         "os"
         "os/exec"
         "path/filepath"
-        "runtime"
+        "regexp"
+        "strconv"
         "strings"
 
-        "github.com/calypr/git-drs/internal/gitrepo"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        "github.com/calypr/syfon/client/hash"
 )
 
-// runGitAllowMissing treats "key not found" as empty output, not an error.
-func runGitAllowMissing(ctx context.Context, args ...string) (string, error) <span class="cov5" title="4">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        // Use Output() to get stdout only.
-        // GIT_TRACE et al go to stderr.
-        b, err := cmd.Output()
-        //if err != nil {
-        //        // "git config --get missing.key" exits 1 with empty output.
-        //        var exitErr *exec.ExitError
-        //        if errors.As(err, &amp;exitErr) &amp;&amp; exitErr.ExitCode() == 1 {
-        //                return "", nil
-        //        }
-        //}
-        if err != nil </span><span class="cov1" title="1">{
-                // "git config --get missing.key" exits 1 with empty output.
-                s := strings.TrimSpace(string(b))
-                if s == "" </span><span class="cov1" title="1">{
-                        return "", nil
-                }</span>
-                <span class="cov0" title="0">return "", fmt.Errorf("%v: &gt;%s&lt;", err, s)</span>
-        }
-        <span class="cov4" title="3">return string(b), nil</span>
+// LfsFileInfo represents a Git LFS pointer discovered in Git history or CLI output.
+type LfsFileInfo struct {
+        Name       string `json:"name"`
+        Size       int64  `json:"size"`
+        Checkout   bool   `json:"checkout"`
+        Downloaded bool   `json:"downloaded"`
+        IsPointer  bool   `json:"is_pointer,omitempty"`
+        OidType    string `json:"oid_type"`
+        Oid        string `json:"oid"`
+        Version    string `json:"version"`
 }
 
-// resolveLFSRoot implements:
-// - if `git config --get lfs.storage` is set: use it
-//   - if relative: resolve relative to GitCommonDir (this is how git-lfs treats it in practice)
-//
-// - else: &lt;GitCommonDir&gt;/lfs
-func resolveLFSRoot(ctx context.Context, gitCommonDir string) (string, error) <span class="cov5" title="4">{
-        // NOTE: git config --get returns exit status 1 if key not found.
-        out, err := runGitAllowMissing(ctx, "config", "--get", "lfs.storage")
+func IsLFSTracked(path string) (bool, error) <span class="cov2" title="2">{
+        if path == "" </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("path is empty")
+        }</span>
+
+        <span class="cov2" title="2">cmd := exec.Command("git", "check-attr", "filter", "--", filepath.ToSlash(path))
+        var out bytes.Buffer
+        cmd.Stdout = &amp;out
+        cmd.Stderr = &amp;out
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("git check-attr failed: %w (%s)", err, out.String())
+        }</span>
+
+        <span class="cov2" title="2">fields := strings.Split(out.String(), ":")
+        if len(fields) &lt; 3 </span><span class="cov0" title="0">{
+                return false, nil
+        }</span>
+        <span class="cov2" title="2">return isTrackedFilter(strings.TrimSpace(fields[2])), nil</span>
+}
+
+func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov1" title="1">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
+        }</span>
+        <span class="cov1" title="1">repoDir, err := os.Getwd()
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git config --get lfs.storage failed: %w", err)
+                return nil, err
         }</span>
-        <span class="cov5" title="4">val := strings.TrimSpace(out)
 
-        if val == "" </span><span class="cov1" title="1">{
-                return filepath.Clean(filepath.Join(gitCommonDir, "lfs")), nil
+        <span class="cov1" title="1">if gitRemoteName == "" </span><span class="cov0" title="0">{
+                gitRemoteName = "origin"
         }</span>
+        <span class="cov1" title="1">if gitRemoteLocation != "" </span><span class="cov0" title="0">{
+                logger.Debug(fmt.Sprintf("Using git remote %s at %s for LFS inventory", gitRemoteName, gitRemoteLocation))
+        }</span> else<span class="cov1" title="1"> {
+                logger.Debug(fmt.Sprintf("Using git remote %s for LFS inventory", gitRemoteName))
+        }</span>
+        <span class="cov1" title="1">logger.Debug("Scanning Git refs for LFS pointer files (no git lfs CLI required)")
 
-        // Expand ~ if present (nice-to-have).
-        <span class="cov4" title="3">if strings.HasPrefix(val, "~") &amp;&amp; (len(val) == 1 || val[1] == '/' || val[1] == '\\') </span><span class="cov1" title="1">{
-                home, herr := userHomeDir()
-                if herr == nil &amp;&amp; home != "" </span><span class="cov1" title="1">{
-                        val = filepath.Join(home, strings.TrimPrefix(val, "~"))
+        // no timeout for now
+        ctx := context.Background()
+        refs := buildRefs(branches)
+        lfsFileMap := make(map[string]LfsFileInfo)
+        for _, ref := range refs </span><span class="cov2" title="2">{
+                if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
                 }</span>
         }
 
-        <span class="cov4" title="3">if !filepath.IsAbs(val) </span><span class="cov1" title="1">{
-                val = filepath.Join(gitCommonDir, val)
-        }</span>
-        <span class="cov4" title="3">return filepath.Clean(val), nil</span>
+        <span class="cov1" title="1">return lfsFileMap, nil</span>
 }
 
-func runGit(ctx context.Context, args ...string) (string, error) <span class="cov5" title="4">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        b, err := cmd.CombinedOutput()
+// GetLfsFilesForRefs scans arbitrary refs or SHAs and returns the LFS pointer
+// files present in those trees.
+func GetLfsFilesForRefs(refs []string, logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov0" title="0">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
+        }</span>
+        <span class="cov0" title="0">repoDir, err := os.Getwd()
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("%v: %s", err, strings.TrimSpace(string(b)))
+                return nil, err
         }</span>
-        <span class="cov5" title="4">return string(b), nil</span>
+
+        <span class="cov0" title="0">ctx := context.Background()
+        lfsFileMap := make(map[string]LfsFileInfo)
+        seen := make(map[string]struct{}, len(refs))
+        for _, ref := range refs </span><span class="cov0" title="0">{
+                ref = strings.TrimSpace(ref)
+                if ref == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">if _, ok := seen[ref]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">seen[ref] = struct{}{}
+                if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+        <span class="cov0" title="0">return lfsFileMap, nil</span>
 }
 
-func userHomeDir() (string, error) <span class="cov1" title="1">{
-        // Avoid os/user on some cross-compile scenarios; keep it simple.
-        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
-                // Not your target, but safe fallback.
-                return "", errors.New("home expansion not supported on windows in this helper")
+// GetWorktreeLfsFiles scans the current checkout and returns tracked files whose
+// worktree content is currently a valid Git LFS pointer. This is the fast path
+// for interactive commands like `git-drs ls-files`.
+func GetWorktreeLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov2" title="2">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
         }</span>
-        <span class="cov1" title="1">if home := strings.TrimSpace(os.Getenv("HOME")); home != "" </span><span class="cov1" title="1">{
-                return home, nil
+        <span class="cov2" title="2">repoDir, err := os.Getwd()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
         }</span>
-        // macOS/Linux
-        <span class="cov0" title="0">out, err := exec.Command("sh", "-lc", "printf %s \"$HOME\"").CombinedOutput()
+        <span class="cov2" title="2">logger.Debug("Scanning current worktree for LFS pointer files")
+        ctx := context.Background()
+        paths, err := listTrackedWorktreeFiles(ctx, repoDir)
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return nil, err
         }</span>
-        <span class="cov0" title="0">return strings.TrimSpace(string(out)), nil</span>
+        <span class="cov2" title="2">files := make(map[string]LfsFileInfo)
+        for _, path := range paths </span><span class="cov4" title="4">{
+                payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
+                if err != nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="4">pointer, ok := parseLFSPointer(string(payload))
+                if !ok </span><span class="cov4" title="3">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">files[path] = LfsFileInfo{
+                        Name:      path,
+                        Size:      pointer.Size,
+                        IsPointer: true,
+                        OidType:   pointer.OidType,
+                        Oid:       pointer.Oid,
+                        Version:   pointer.Version,
+                }</span>
+        }
+        <span class="cov2" title="2">return files, nil</span>
 }
 
-func GetGitAttribute(ctx context.Context, attr string, path string) (string, error) <span class="cov0" title="0">{
-        out, err := runGit(ctx, "check-attr", attr, "--", path)
+// GetTrackedLfsFiles scans the current checkout and returns files that are LFS
+// tracked according to Git attributes. Pointer metadata is taken from the
+// worktree when still present, or from the index when the worktree has already
+// been hydrated.
+func GetTrackedLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov1" title="1">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
+        }</span>
+        <span class="cov1" title="1">repoDir, err := os.Getwd()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">logger.Debug("Scanning current worktree for LFS-tracked files")
+        ctx := context.Background()
+        paths, err := listTrackedWorktreeFiles(ctx, repoDir)
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git check-attr failed: %w", err)
+                return nil, err
         }</span>
-        <span class="cov0" title="0">return out, nil</span>
-}
-
-//
-// --- Git helpers ---
-//
-
-func GitLFSTrack(ctx context.Context, path string) (bool, error) <span class="cov0" title="0">{
-        out, err := GitLFSTrackPatterns(ctx, []string{path}, false, false)
+        <span class="cov1" title="1">tracked, err := filterLfsTrackedPaths(ctx, repoDir, paths)
         if err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("git drs track failed: %w", err)
+                return nil, err
         }</span>
-        <span class="cov0" title="0">return strings.Contains(out, "Tracking \""), nil</span>
+        <span class="cov1" title="1">files := make(map[string]LfsFileInfo, len(tracked))
+        for _, path := range tracked </span><span class="cov1" title="1">{
+                if info, ok := readWorktreePointerInfo(repoDir, path); ok </span><span class="cov0" title="0">{
+                        files[path] = info
+                        continue</span>
+                }
+                <span class="cov1" title="1">if info, ok := readIndexPointerInfo(ctx, repoDir, path); ok </span><span class="cov1" title="1">{
+                        files[path] = info
+                }</span>
+        }
+        <span class="cov1" title="1">return files, nil</span>
 }
 
-func GitLFSTrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
-        _ = ctx
-        changedAttribLines := make(map[string]string, len(patterns))
-        var output strings.Builder
-
-        attribContents, err := readLocalGitAttributes()
+func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error <span class="cov2" title="2">{
+        paths, err := grepPointerPaths(ctx, repoDir, ref)
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs track failed: %w", err)
+                return fmt.Errorf("git grep failed for %s: %w", ref, err)
         }</span>
-
-        <span class="cov3" title="2">knownPatterns := parseKnownLFSPatterns(attribContents)
-
-        for _, unsanitizedPattern := range patterns </span><span class="cov4" title="3">{
-                pattern := trimCurrentPrefix(cleanRootPath(unsanitizedPattern))
-                encodedArg := escapeAttrPattern(pattern)
-
-                if knownLine, ok := knownPatterns[pattern]; ok </span><span class="cov0" title="0">{
-                        if strings.Contains(knownLine, "filter=drs") &amp;&amp; strings.Contains(knownLine, "diff=drs") &amp;&amp; strings.Contains(knownLine, "merge=drs") &amp;&amp; strings.Contains(knownLine, "-text") </span><span class="cov0" title="0">{
-                                output.WriteString(fmt.Sprintf("%q already supported\n", pattern))
-                                continue</span>
-                        }
+        <span class="cov2" title="2">for _, path := range paths </span><span class="cov4" title="3">{
+                blob, err := runGitCommand(ctx, repoDir, "show", fmt.Sprintf("%s:%s", ref, path))
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob", path, ref))
+                        continue</span>
                 }
 
-                <span class="cov4" title="3">changedAttribLines[pattern] = fmt.Sprintf("%s filter=drs diff=drs merge=drs -text", encodedArg)
-                output.WriteString(fmt.Sprintf("Tracking %q\n", unescapeAttrPattern(encodedArg)))
-
-                if verbose </span><span class="cov0" title="0">{
-                        output.WriteString(fmt.Sprintf("Searching for files matching pattern: %s\n", pattern))
-                        output.WriteString(fmt.Sprintf("Found %d files previously added to Git matching pattern: %s\n", 0, pattern))
-                }</span>
-        }
+                <span class="cov4" title="3">pointer, ok := parseLFSPointer(blob)
+                if !ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
 
-        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
-                if err := writeMergedGitAttributes(attribContents, changedAttribLines, false); err != nil </span><span class="cov0" title="0">{
-                        return "", fmt.Errorf("git drs track failed: %w", err)
+                <span class="cov4" title="3">lfsFileMap[path] = LfsFileInfo{
+                        Name:      path,
+                        Size:      pointer.Size,
+                        IsPointer: true,
+                        OidType:   pointer.OidType,
+                        Oid:       pointer.Oid,
+                        Version:   pointer.Version,
                 }</span>
         }
 
-        <span class="cov3" title="2">return output.String(), nil</span>
+        <span class="cov2" title="2">return nil</span>
 }
 
-func GitLFSListTrackedPatterns(ctx context.Context, verbose bool) (string, error) <span class="cov1" title="1">{
-        _ = ctx
-        _ = verbose
-
-        attribContents, err := readLocalGitAttributes()
+func listTrackedWorktreeFiles(ctx context.Context, repoDir string) ([]string, error) <span class="cov4" title="3">{
+        out, err := runGitCommand(ctx, repoDir, "ls-files", "-z")
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs track failed: %w", err)
+                return nil, fmt.Errorf("git ls-files failed: %w", err)
         }</span>
-
-        <span class="cov1" title="1">scanner := bufio.NewScanner(bytes.NewReader(attribContents))
-        var patterns []string
-        for scanner.Scan() </span><span class="cov3" title="2">{
-                line := scanner.Text()
-                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov3" title="2">fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+        <span class="cov4" title="3">raw := strings.Split(out, "\x00")
+        paths := make([]string, 0, len(raw))
+        for _, entry := range raw </span><span class="cov7" title="9">{
+                entry = strings.TrimSpace(entry)
+                if entry == "" </span><span class="cov4" title="3">{
                         continue</span>
                 }
-                <span class="cov3" title="2">patterns = append(patterns, unescapeAttrPattern(fields[0]))</span>
+                <span class="cov6" title="6">paths = append(paths, entry)</span>
         }
-        <span class="cov1" title="1">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs track failed: parse .gitattributes: %w", err)
-        }</span>
+        <span class="cov4" title="3">return paths, nil</span>
+}
 
-        <span class="cov1" title="1">if len(patterns) == 0 </span><span class="cov0" title="0">{
-                return "", nil
+func filterLfsTrackedPaths(ctx context.Context, repoDir string, paths []string) ([]string, error) <span class="cov1" title="1">{
+        if len(paths) == 0 </span><span class="cov0" title="0">{
+                return nil, nil
         }</span>
 
-        <span class="cov1" title="1">var out strings.Builder
-        out.WriteString("Listing tracked patterns\n")
-        for _, p := range patterns </span><span class="cov3" title="2">{
-                out.WriteString(fmt.Sprintf("    %s (.gitattributes)\n", p))
-        }</span>
-        <span class="cov1" title="1">return out.String(), nil</span>
+        <span class="cov1" title="1">cmd := exec.CommandContext(ctx, "git", "check-attr", "-z", "--stdin", "filter")
+        cmd.Dir = repoDir
+        cmd.Stdin = strings.NewReader(strings.Join(paths, "\x00") + "\x00")
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
+                }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("git check-attr failed: %s", msg)</span>
+        }
+
+        <span class="cov1" title="1">raw := strings.Split(stdout.String(), "\x00")
+        filtered := make([]string, 0, len(paths))
+        for i := 0; i+2 &lt; len(raw); i += 3 </span><span class="cov2" title="2">{
+                path := strings.TrimSpace(raw[i])
+                attr := strings.TrimSpace(raw[i+1])
+                value := strings.TrimSpace(raw[i+2])
+                if path == "" || attr != "filter" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov2" title="2">if isTrackedFilter(value) </span><span class="cov1" title="1">{
+                        filtered = append(filtered, path)
+                }</span>
+        }
+        <span class="cov1" title="1">return filtered, nil</span>
 }
 
-func GitLFSUntrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
-        _ = ctx
-        _ = verbose
+func isTrackedFilter(value string) bool <span class="cov4" title="4">{
+        switch strings.TrimSpace(value) </span>{
+        case "lfs", "drs":<span class="cov2" title="2">
+                return true</span>
+        default:<span class="cov2" title="2">
+                return false</span>
+        }
+}
 
-        attribContents, err := readLocalGitAttributes()
+func readWorktreePointerInfo(repoDir, path string) (LfsFileInfo, bool) <span class="cov1" title="1">{
+        payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs untrack failed: %w", err)
+                return LfsFileInfo{}, false
         }</span>
-        <span class="cov3" title="2">if len(attribContents) == 0 </span><span class="cov0" title="0">{
-                return "", nil
+        <span class="cov1" title="1">pointer, ok := parseLFSPointer(string(payload))
+        if !ok </span><span class="cov1" title="1">{
+                return LfsFileInfo{}, false
         }</span>
+        <span class="cov0" title="0">return LfsFileInfo{
+                Name:      path,
+                Size:      pointer.Size,
+                IsPointer: true,
+                OidType:   pointer.OidType,
+                Oid:       pointer.Oid,
+                Version:   pointer.Version,
+        }, true</span>
+}
 
-        <span class="cov3" title="2">removeSet := make(map[string]struct{}, len(patterns))
-        for _, p := range patterns </span><span class="cov3" title="2">{
-                escaped := escapeAttrPattern(trimCurrentPrefix(p))
-                removeSet[escaped] = struct{}{}
+func readIndexPointerInfo(ctx context.Context, repoDir, path string) (LfsFileInfo, bool) <span class="cov1" title="1">{
+        blob, err := runGitCommand(ctx, repoDir, "show", ":"+path)
+        if err != nil </span><span class="cov0" title="0">{
+                return LfsFileInfo{}, false
         }</span>
-
-        <span class="cov3" title="2">var out strings.Builder
-        var keptLines []string
-        scanner := bufio.NewScanner(bytes.NewReader(attribContents))
-        for scanner.Scan() </span><span class="cov4" title="3">{
-                line := scanner.Text()
-                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
-                        keptLines = append(keptLines, line)
-                        continue</span>
-                }
-
-                <span class="cov4" title="3">fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
-                        keptLines = append(keptLines, line)
-                        continue</span>
-                }
-
-                <span class="cov4" title="3">path := trimCurrentPrefix(fields[0])
-                if _, ok := removeSet[path]; ok </span><span class="cov3" title="2">{
-                        out.WriteString(fmt.Sprintf("Untracking %q\n", unescapeAttrPattern(path)))
-                        continue</span>
-                }
-
-                <span class="cov1" title="1">keptLines = append(keptLines, line)</span>
-        }
-        <span class="cov3" title="2">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git lfs untrack failed: parse .gitattributes: %w", err)
+        <span class="cov1" title="1">pointer, ok := parseLFSPointer(blob)
+        if !ok </span><span class="cov0" title="0">{
+                return LfsFileInfo{}, false
         }</span>
+        <span class="cov1" title="1">return LfsFileInfo{
+                Name:      path,
+                Size:      pointer.Size,
+                IsPointer: false,
+                OidType:   pointer.OidType,
+                Oid:       pointer.Oid,
+                Version:   pointer.Version,
+        }, true</span>
+}
 
-        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
-                content := strings.Join(keptLines, "\n")
-                if content != "" </span><span class="cov1" title="1">{
-                        content += "\n"
+func grepPointerPaths(ctx context.Context, repoDir, ref string) ([]string, error) <span class="cov2" title="2">{
+        cmd := exec.CommandContext(ctx, "git", "grep", "-z", "-l", "https://git-lfs.github.com/spec/v1", ref, "--")
+        cmd.Dir = repoDir
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        err := cmd.Run()
+        if err != nil </span><span class="cov0" title="0">{
+                var exitErr *exec.ExitError
+                if errors.As(err, &amp;exitErr) &amp;&amp; exitErr.ExitCode() == 1 </span><span class="cov0" title="0">{
+                        return nil, nil
                 }</span>
-                <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
-                        return "", fmt.Errorf("git lfs untrack failed: write .gitattributes: %w", err)
+                <span class="cov0" title="0">msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
                 }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("%s", msg)</span>
         }
 
-        <span class="cov3" title="2">return out.String(), nil</span>
+        <span class="cov2" title="2">raw := strings.Split(stdout.String(), "\x00")
+        paths := make([]string, 0, len(raw))
+        prefix := ref + ":"
+        for _, entry := range raw </span><span class="cov5" title="5">{
+                entry = strings.TrimSpace(entry)
+                if entry == "" </span><span class="cov2" title="2">{
+                        continue</span>
+                }
+                <span class="cov4" title="3">path := entry
+                if strings.HasPrefix(path, prefix) </span><span class="cov4" title="3">{
+                        path = strings.TrimPrefix(path, prefix)
+                }</span>
+                <span class="cov4" title="3">paths = append(paths, path)</span>
+        }
+        <span class="cov2" title="2">return paths, nil</span>
 }
 
-func readLocalGitAttributes() ([]byte, error) <span class="cov6" title="5">{
-        data, err := os.ReadFile(".gitattributes")
-        if err != nil </span><span class="cov3" title="2">{
-                if os.IsNotExist(err) </span><span class="cov3" title="2">{
-                        return nil, nil
+func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) <span class="cov6" title="7">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Dir = repoDir
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
                 }</span>
-                <span class="cov0" title="0">return nil, fmt.Errorf("read .gitattributes: %w", err)</span>
+                <span class="cov0" title="0">return "", fmt.Errorf("%s", msg)</span>
         }
-        <span class="cov4" title="3">return data, nil</span>
+        <span class="cov6" title="7">return stdout.String(), nil</span>
 }
 
-func parseKnownLFSPatterns(content []byte) map[string]string <span class="cov3" title="2">{
-        known := make(map[string]string)
-        scanner := bufio.NewScanner(bytes.NewReader(content))
-        for scanner.Scan() </span><span class="cov0" title="0">{
-                line := scanner.Text()
-                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
+type lfsPointer struct {
+        Version string
+        OidType string
+        Oid     string
+        Size    int64
+}
+
+func parseLFSPointer(content string) (lfsPointer, bool) <span class="cov7" title="9">{
+        var p lfsPointer
+        sha256Re := regexp.MustCompile(`(?i)^[a-f0-9]{64}$`)
+
+        for _, line := range strings.Split(strings.ReplaceAll(content, "\r\n", "\n"), "\n") </span><span class="cov10" title="24">{
+                line = strings.TrimSpace(line)
+                if line == "" </span><span class="cov5" title="5">{
                         continue</span>
                 }
-                <span class="cov0" title="0">fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                <span class="cov9" title="19">if strings.HasPrefix(line, "version ") </span><span class="cov5" title="5">{
+                        p.Version = strings.TrimSpace(strings.TrimPrefix(line, "version "))
                         continue</span>
                 }
-                <span class="cov0" title="0">known[unescapeAttrPattern(fields[0])] = line</span>
+                <span class="cov8" title="14">if strings.HasPrefix(line, "oid ") </span><span class="cov5" title="5">{
+                        oidSpec := strings.TrimSpace(strings.TrimPrefix(line, "oid "))
+                        parts := strings.SplitN(oidSpec, ":", 2)
+                        if len(parts) != 2 </span><span class="cov0" title="0">{
+                                return lfsPointer{}, false
+                        }</span>
+                        <span class="cov5" title="5">p.OidType = strings.TrimSpace(parts[0])
+                        p.Oid = strings.TrimSpace(parts[1])
+                        continue</span>
+                }
+                <span class="cov7" title="9">if strings.HasPrefix(line, "size ") </span><span class="cov5" title="5">{
+                        szStr := strings.TrimSpace(strings.TrimPrefix(line, "size "))
+                        sz, err := strconv.ParseInt(szStr, 10, 64)
+                        if err != nil || sz &lt; 0 </span><span class="cov0" title="0">{
+                                return lfsPointer{}, false
+                        }</span>
+                        <span class="cov5" title="5">p.Size = sz</span>
+                }
         }
-        <span class="cov3" title="2">return known</span>
+
+        <span class="cov7" title="9">if p.Version == "" || p.OidType == "" || p.Oid == "" </span><span class="cov4" title="4">{
+                return lfsPointer{}, false
+        }</span>
+        <span class="cov5" title="5">if p.OidType != "sha256" || !sha256Re.MatchString(p.Oid) </span><span class="cov0" title="0">{
+                return lfsPointer{}, false
+        }</span>
+
+        <span class="cov5" title="5">return p, true</span>
 }
 
-func writeMergedGitAttributes(existing []byte, changed map[string]string, dryRun bool) error <span class="cov1" title="1">{
-        if dryRun </span><span class="cov0" title="0">{
-                return nil
+// ParseLFSPointer extracts the sha256 object ID and size from an LFS pointer
+// payload. It returns ok=false when data is not a valid Git LFS pointer.
+func ParseLFSPointer(data []byte) (oid string, size int64, ok bool) <span class="cov0" title="0">{
+        pointer, ok := parseLFSPointer(string(data))
+        if !ok </span><span class="cov0" title="0">{
+                return "", 0, false
         }</span>
+        <span class="cov0" title="0">return pointer.Oid, pointer.Size, true</span>
+}
 
-        <span class="cov1" title="1">var merged []string
-        if len(existing) &gt; 0 </span><span class="cov0" title="0">{
-                scanner := bufio.NewScanner(bytes.NewReader(existing))
-                for scanner.Scan() </span><span class="cov0" title="0">{
-                        line := scanner.Text()
-                        fields := strings.Fields(line)
-                        if len(fields) &gt;= 1 </span><span class="cov0" title="0">{
-                                pat := unescapeAttrPattern(fields[0])
-                                if newline, ok := changed[pat]; ok </span><span class="cov0" title="0">{
-                                        merged = append(merged, newline)
-                                        delete(changed, pat)
-                                        continue</span>
-                                }
-                        }
-                        <span class="cov0" title="0">merged = append(merged, line)</span>
+func buildRefs(branches []string) []string <span class="cov1" title="1">{
+        if len(branches) == 0 </span><span class="cov0" title="0">{
+                return []string{"HEAD"}
+        }</span>
+        <span class="cov1" title="1">refs := make([]string, 0, len(branches))
+        seen := make(map[string]struct{})
+        for _, branch := range branches </span><span class="cov2" title="2">{
+                branch = strings.TrimSpace(branch)
+                if branch == "" </span><span class="cov0" title="0">{
+                        continue</span>
                 }
-                <span class="cov0" title="0">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("parse .gitattributes: %w", err)
+                <span class="cov2" title="2">ref := branch
+                if branch != "HEAD" &amp;&amp; !strings.HasPrefix(branch, "refs/") </span><span class="cov2" title="2">{
+                        ref = fmt.Sprintf("refs/heads/%s", branch)
                 }</span>
+                <span class="cov2" title="2">if _, ok := seen[ref]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov2" title="2">seen[ref] = struct{}{}
+                refs = append(refs, ref)</span>
         }
-
-        <span class="cov1" title="1">for _, newline := range changed </span><span class="cov3" title="2">{
-                merged = append(merged, newline)
+        <span class="cov1" title="1">if len(refs) == 0 </span><span class="cov0" title="0">{
+                return []string{"HEAD"}
         }</span>
+        <span class="cov1" title="1">return refs</span>
+}
 
-        <span class="cov1" title="1">content := strings.Join(merged, "\n")
-        if content != "" </span><span class="cov1" title="1">{
-                content += "\n"
-        }</span>
-        <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("write .gitattributes: %w", err)
+// CreateLfsPointer creates a Git LFS pointer file for the given DRS object.
+func CreateLfsPointer(drsObj *drsapi.DrsObject, dst string) error <span class="cov0" title="0">{
+        hashInfo := hash.ConvertDrsChecksumsToHashInfo(drsObj.Checksums)
+        shaSum := hashInfo.SHA256
+        if shaSum == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("no sha256 checksum found for DRS object")
         }</span>
-        <span class="cov1" title="1">return nil</span>
-}
 
-func cleanRootPath(pattern string) string <span class="cov4" title="3">{
-        return strings.TrimPrefix(pattern, "/")
-}</span>
+        // create pointer file content
+        <span class="cov0" title="0">pointerContent := "version https://git-lfs.github.com/spec/v1\n"
+        pointerContent += fmt.Sprintf("oid sha256:%s\n", shaSum)
+        pointerContent += fmt.Sprintf("size %d\n", drsObj.Size)
 
-func trimCurrentPrefix(path string) string <span class="cov8" title="8">{
-        return strings.TrimPrefix(path, "./")
-}</span>
+        // write to file
+        err := os.WriteFile(dst, []byte(pointerContent), 0644)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to write LFS pointer file: %w", err)
+        }</span>
 
-var trackEscapePatterns = map[string]string{
-        " ": "[[:space:]]",
-        "#": "\\#",
+        <span class="cov0" title="0">return nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file61" style="display: none">package lfs
 
-func escapeAttrPattern(s string) string <span class="cov6" title="5">{
-        var escaped string
-        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
-                escaped = strings.ReplaceAll(s, `\\`, "/")
-        }</span> else<span class="cov6" title="5"> {
-                escaped = strings.ReplaceAll(s, `\\`, `\\\\`)
-        }</span>
+import (
+        "fmt"
+        "path/filepath"
+        "strings"
+)
 
-        <span class="cov6" title="5">for from, to := range trackEscapePatterns </span><span class="cov8" title="10">{
-                escaped = strings.ReplaceAll(escaped, from, to)
+// ObjectPath returns the Git LFS fanout path for a sha256 object ID.
+func ObjectPath(basePath string, oid string) (string, error) <span class="cov8" title="1">{
+        oid = strings.TrimPrefix(oid, "sha256:")
+        if len(oid) != 64 </span><span class="cov8" title="1">{
+                return "", fmt.Errorf("error: %s is not a valid sha256 hash", oid)
         }</span>
 
-        <span class="cov6" title="5">return escaped</span>
+        <span class="cov0" title="0">return filepath.Join(basePath, oid[:2], oid[2:4], oid), nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file62" style="display: none">package lfs
 
-func unescapeAttrPattern(escaped string) string <span class="cov7" title="7">{
-        unescaped := escaped
+import (
+        "context"
+        "errors"
+        "fmt"
+        "os"
+        "os/exec"
+        "path/filepath"
+        "runtime"
+        "strings"
+)
 
-        for to, from := range trackEscapePatterns </span><span class="cov10" title="14">{
-                unescaped = strings.ReplaceAll(unescaped, from, to)
+// runGitAllowMissing treats "key not found" as empty output, not an error.
+func runGitAllowMissing(ctx context.Context, args ...string) (string, error) <span class="cov10" title="4">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        b, err := cmd.Output()
+        if err != nil </span><span class="cov1" title="1">{
+                s := strings.TrimSpace(string(b))
+                if s == "" </span><span class="cov1" title="1">{
+                        return "", nil
+                }</span>
+                <span class="cov0" title="0">return "", fmt.Errorf("%v: &gt;%s&lt;", err, s)</span>
+        }
+        <span class="cov8" title="3">return string(b), nil</span>
+}
+
+// resolveLFSRoot mirrors git-lfs storage resolution:
+// - if lfs.storage is set, use it relative to GitCommonDir when needed
+// - otherwise use &lt;GitCommonDir&gt;/lfs
+func resolveLFSRoot(ctx context.Context, gitCommonDir string) (string, error) <span class="cov10" title="4">{
+        out, err := runGitAllowMissing(ctx, "config", "--get", "lfs.storage")
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git config --get lfs.storage failed: %w", err)
         }</span>
+        <span class="cov10" title="4">val := strings.TrimSpace(out)
 
-        <span class="cov7" title="7">if runtime.GOOS != "windows" </span><span class="cov7" title="7">{
-                unescaped = strings.ReplaceAll(unescaped, `\\\\`, `\\`)
+        if val == "" </span><span class="cov1" title="1">{
+                return filepath.Clean(filepath.Join(gitCommonDir, "lfs")), nil
         }</span>
 
-        <span class="cov7" title="7">return unescaped</span>
-}
+        <span class="cov8" title="3">if strings.HasPrefix(val, "~") &amp;&amp; (len(val) == 1 || val[1] == '/' || val[1] == '\\') </span><span class="cov1" title="1">{
+                home, herr := userHomeDir()
+                if herr == nil &amp;&amp; home != "" </span><span class="cov1" title="1">{
+                        val = filepath.Join(home, strings.TrimPrefix(val, "~"))
+                }</span>
+        }
 
-func GitLFSTrackReadOnly(ctx context.Context, path string) (bool, error) <span class="cov0" title="0">{
-        _, err := GitLFSTrack(ctx, path)
-        if err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("git lfs track failed: %w", err)
+        <span class="cov8" title="3">if !filepath.IsAbs(val) </span><span class="cov1" title="1">{
+                val = filepath.Join(gitCommonDir, val)
         }</span>
+        <span class="cov8" title="3">return filepath.Clean(val), nil</span>
+}
 
-        <span class="cov0" title="0">repoRoot, err := gitrepo.GitTopLevel()
+func runGit(ctx context.Context, args ...string) (string, error) <span class="cov10" title="4">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        b, err := cmd.CombinedOutput()
         if err != nil </span><span class="cov0" title="0">{
-                return false, err
+                return "", fmt.Errorf("%v: %s", err, strings.TrimSpace(string(b)))
         }</span>
+        <span class="cov10" title="4">return string(b), nil</span>
+}
 
-        <span class="cov0" title="0">attrPath := filepath.Join(repoRoot, ".gitattributes")
-        changed, err := UpsertDRSRouteLines(attrPath, "ro", []string{path})
+func userHomeDir() (string, error) <span class="cov1" title="1">{
+        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
+                return "", errors.New("home expansion not supported on windows in this helper")
+        }</span>
+        <span class="cov1" title="1">if home := strings.TrimSpace(os.Getenv("HOME")); home != "" </span><span class="cov1" title="1">{
+                return home, nil
+        }</span>
+        <span class="cov0" title="0">out, err := exec.Command("sh", "-lc", "printf %s \"$HOME\"").CombinedOutput()
         if err != nil </span><span class="cov0" title="0">{
-                return false, err
+                return "", err
         }</span>
-
-        <span class="cov0" title="0">return changed, nil</span>
+        <span class="cov0" title="0">return strings.TrimSpace(string(out)), nil</span>
 }
 
-func gitRevParseGitCommonDir(ctx context.Context) (string, error) <span class="cov5" title="4">{
+func gitRevParseGitCommonDir(ctx context.Context) (string, error) <span class="cov10" title="4">{
         out, err := runGit(ctx, "rev-parse", "--git-common-dir")
         if err != nil </span><span class="cov0" title="0">{
                 return "", fmt.Errorf("git rev-parse --git-common-dir failed: %w", err)
         }</span>
-        <span class="cov5" title="4">dir := strings.TrimSpace(out)
+        <span class="cov10" title="4">dir := strings.TrimSpace(out)
         if dir == "" </span><span class="cov0" title="0">{
                 return "", errors.New("git rev-parse returned empty --git-common-dir")
         }</span>
-        // If relative, resolve it against current working directory.
-        <span class="cov5" title="4">if !filepath.IsAbs(dir) </span><span class="cov5" title="4">{
+        <span class="cov10" title="4">if !filepath.IsAbs(dir) </span><span class="cov10" title="4">{
                 abs, err := filepath.Abs(dir)
-                if err == nil </span><span class="cov5" title="4">{
+                if err == nil </span><span class="cov10" title="4">{
                         dir = abs
                 }</span>
         }
-        <span class="cov5" title="4">return dir, nil</span>
+        <span class="cov10" title="4">return dir, nil</span>
 }
 
-// GetGitRootDirectories
-// returns (gitCommonDir, lfsRoot, error).
+// GetGitRootDirectories returns the Git common directory and LFS object root.
 func GetGitRootDirectories(ctx context.Context) (string, string, error) <span class="cov0" title="0">{
         gitCommonDir, err := gitRevParseGitCommonDir(ctx)
         if err != nil </span><span class="cov0" title="0">{
@@ -8330,1154 +10198,1309 @@
 }
 </pre>
 		
-		<pre class="file" id="file47" style="display: none">package lfs
+		<pre class="file" id="file63" style="display: none">package pathspec
+
+import (
+        "path/filepath"
+        "regexp"
+        "strings"
+)
+
+func MatchesAny(path string, patterns []string) bool <span class="cov0" title="0">{
+        if len(patterns) == 0 </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov0" title="0">normalized := filepath.ToSlash(filepath.Clean(path))
+        for _, pattern := range patterns </span><span class="cov0" title="0">{
+                pattern = strings.TrimSpace(pattern)
+                if pattern == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">if Matches(normalized, pattern) </span><span class="cov0" title="0">{
+                        return true
+                }</span>
+        }
+        <span class="cov0" title="0">return false</span>
+}
+
+func Matches(path, pattern string) bool <span class="cov5" title="5">{
+        pattern = filepath.ToSlash(filepath.Clean(pattern))
+        if !strings.ContainsAny(pattern, "*?[") </span><span class="cov3" title="2">{
+                return path == pattern
+        }</span>
+        <span class="cov4" title="3">re, err := regexp.Compile(globToRegexp(pattern))
+        if err != nil </span><span class="cov0" title="0">{
+                return false
+        }</span>
+        <span class="cov4" title="3">return re.MatchString(path)</span>
+}
+
+func globToRegexp(pattern string) string <span class="cov4" title="3">{
+        var b strings.Builder
+        b.WriteString("^")
+        for i := 0; i &lt; len(pattern); i++ </span><span class="cov10" title="21">{
+                ch := pattern[i]
+                switch ch </span>{
+                case '*':<span class="cov4" title="3">
+                        if i+1 &lt; len(pattern) &amp;&amp; pattern[i+1] == '*' </span><span class="cov1" title="1">{
+                                b.WriteString(".*")
+                                i++
+                                continue</span>
+                        }
+                        <span class="cov3" title="2">b.WriteString(`[^/]*`)</span>
+                case '?':<span class="cov0" title="0">
+                        b.WriteString(`[^/]`)</span>
+                case '.', '+', '(', ')', '|', '^', '$', '{', '}', '[', ']', '\\':<span class="cov3" title="2">
+                        b.WriteByte('\\')
+                        b.WriteByte(ch)</span>
+                default:<span class="cov9" title="16">
+                        b.WriteByte(ch)</span>
+                }
+        }
+        <span class="cov4" title="3">b.WriteString("$")
+        return b.String()</span>
+}
+</pre>
+		
+		<pre class="file" id="file64" style="display: none">package precommit_cache
 
 import (
-        "bytes"
         "context"
+        "crypto/sha256"
+        "encoding/base64"
+        "encoding/json"
         "errors"
         "fmt"
-        "log/slog"
+        "io/fs"
         "os"
         "os/exec"
         "path/filepath"
-        "regexp"
-        "strconv"
+        "sort"
         "strings"
+        "time"
+)
 
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
+const (
+        // cacheVersionDir is the repository-relative directory under `.git`
+        // containing the pre-commit cache layout (paths and oids).
+        cacheVersionDir = "drs/pre-commit/v1"
 )
 
-type DryRunSpec struct {
-        Remote string // e.g. "origin"
-        Ref    string // e.g. "refs/heads/main" or "HEAD"
+// PathEntry represents the per-path cache file format.
+// It maps a repository-relative path to the last recorded LFS OID and
+// a timestamp when the entry was updated.
+type PathEntry struct {
+        Path      string `json:"path"`
+        LFSOID    string `json:"lfs_oid"`
+        UpdatedAt string `json:"updated_at"`
+}
+
+// OIDEntry represents the per-OID cache file format.
+// It lists repository paths that referenced the OID, an optional
+// non-authoritative external URL hint, a timestamp and a flag that
+// indicates whether content changed for a path update.
+type OIDEntry struct {
+        LFSOID        string   `json:"lfs_oid"`
+        Paths         []string `json:"paths"`
+        ExternalURL   string   `json:"external_url,omitempty"` // non-authoritative hint
+        UpdatedAt     string   `json:"updated_at"`
+        ContentChange bool     `json:"content_changed"`
+}
+
+// Cache provides read-only access to the `.git/drs/pre-commit` cache.
+// Use Open to construct an instance with correct paths resolved.
+type Cache struct {
+        GitDir    string
+        Root      string
+        PathsDir  string
+        OIDsDir   string
+        StatePath string
+}
+
+// Open discovers the repository `.git` directory and returns a Cache
+// configured to read the repository's pre-commit cache layout.
+// Returns an error if git metadata cannot be resolved.
+func Open(ctx context.Context) (*Cache, error) <span class="cov1" title="1">{
+        gitDir, err := gitRevParseGitDir(ctx)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">root := filepath.Join(gitDir, cacheVersionDir)
+        return &amp;Cache{
+                GitDir:    gitDir,
+                Root:      root,
+                PathsDir:  filepath.Join(root, "paths"),
+                OIDsDir:   filepath.Join(root, "oids"),
+                StatePath: filepath.Join(root, "state.json"),
+        }, nil</span>
+}
+
+//
+// Primary lookup helpers
+//
+
+// LookupOIDByPath returns the cached LFS OID for a repo-relative path.
+// It returns (oid, true, nil) when present, (\"\", false, nil) when absent,
+// and an error if the underlying read failed.
+func (c *Cache) LookupOIDByPath(path string) (string, bool, error) <span class="cov1" title="1">{
+        pe, ok, err := c.ReadPathEntry(path)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return "", ok, err
+        }</span>
+        <span class="cov1" title="1">if pe.LFSOID == "" </span><span class="cov0" title="0">{
+                return "", false, nil
+        }</span>
+        <span class="cov1" title="1">return pe.LFSOID, true, nil</span>
+}
+
+// LookupPathsByOID returns advisory repository-relative paths that recently
+// referenced the given LFS OID. Paths are returned sorted. Absent OID yields
+// (nil, false, nil).
+func (c *Cache) LookupPathsByOID(oid string) ([]string, bool, error) <span class="cov0" title="0">{
+        oe, ok, err := c.ReadOIDEntry(oid)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return nil, ok, err
+        }</span>
+        <span class="cov0" title="0">paths := append([]string(nil), oe.Paths...)
+        sort.Strings(paths)
+        return paths, true, nil</span>
+}
+
+// LookupExternalURLByOID returns the cached external URL hint for an OID.
+// Returns (\"\", false, nil) if the entry is missing or the hint is empty.
+func (c *Cache) LookupExternalURLByOID(oid string) (string, bool, error) <span class="cov5" title="2">{
+        oe, ok, err := c.ReadOIDEntry(oid)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return "", ok, err
+        }</span>
+        <span class="cov5" title="2">u := strings.TrimSpace(oe.ExternalURL)
+        if u == "" </span><span class="cov0" title="0">{
+                return "", false, nil
+        }</span>
+        <span class="cov5" title="2">return u, true, nil</span>
 }
 
-// RunPushDryRun executes: git lfs push --dry-run &lt;remote&gt; &lt;ref&gt;
-func RunPushDryRun(ctx context.Context, repoDir string, spec DryRunSpec, logger *slog.Logger) (string, error) <span class="cov0" title="0">{
-        if spec.Remote == "" || spec.Ref == "" </span><span class="cov0" title="0">{
-                return "", errors.New("missing remote or ref")
+// ResolveExternalURLByPath resolves a path -&gt; oid -&gt; external_url (hint).
+// Returns the external URL hint when available. Missing data yields
+// (\"\", false, nil).
+func (c *Cache) ResolveExternalURLByPath(path string) (string, bool, error) <span class="cov1" title="1">{
+        oid, ok, err := c.LookupOIDByPath(path)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return "", false, err
         }</span>
+        <span class="cov1" title="1">return c.LookupExternalURLByOID(oid)</span>
+}
 
-        // Debug-print the command to stderr
-        <span class="cov0" title="0">fullCmd := []string{"git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref}
-        logger.Debug(fmt.Sprintf("running command: %v", fullCmd))
-
-        cmd := exec.CommandContext(ctx, "git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref)
-        cmd.Dir = repoDir
-
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
+//
+// Lower-level file access
+//
 
-        err := cmd.Run()
-        out := stdout.String()
+// ReadPathEntry reads and parses the JSON path entry for a repository-relative
+// path. Returns (entry, true, nil) on success, (nil, false, nil) if the file
+// does not exist, or an error on I/O/parse failure.
+func (c *Cache) ReadPathEntry(path string) (*PathEntry, bool, error) <span class="cov1" title="1">{
+        f := c.pathEntryFile(path)
+        b, err := os.ReadFile(f)
         if err != nil </span><span class="cov0" title="0">{
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
+                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return nil, false, nil
                 }</span>
-                <span class="cov0" title="0">return out, fmt.Errorf("git lfs push --dry-run failed: %s", msg)</span>
+                <span class="cov0" title="0">return nil, false, fmt.Errorf("read path entry %q: %w", f, err)</span>
         }
-        <span class="cov0" title="0">return out, nil</span>
+        <span class="cov1" title="1">var pe PathEntry
+        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
+                return nil, false, fmt.Errorf("parse path entry %q: %w", f, err)
+        }</span>
+        <span class="cov1" title="1">return &amp;pe, true, nil</span>
 }
 
-func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov1" title="1">{
-        if logger == nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("logger is required")
-        }</span>
-        <span class="cov1" title="1">repoDir, err := os.Getwd()
+// ReadOIDEntry reads and parses the JSON OID entry for an LFS OID string.
+// Returns (entry, true, nil) on success, (nil, false, nil) if missing,
+// or an error on I/O/parse failure.
+func (c *Cache) ReadOIDEntry(oid string) (*OIDEntry, bool, error) <span class="cov5" title="2">{
+        f := c.oidEntryFile(oid)
+        b, err := os.ReadFile(f)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-
-        <span class="cov1" title="1">if gitRemoteName == "" </span><span class="cov0" title="0">{
-                gitRemoteName = "origin"
-        }</span>
-        <span class="cov1" title="1">if gitRemoteLocation != "" </span><span class="cov0" title="0">{
-                logger.Debug(fmt.Sprintf("Using git remote %s at %s for LFS inventory", gitRemoteName, gitRemoteLocation))
-        }</span> else<span class="cov1" title="1"> {
-                logger.Debug(fmt.Sprintf("Using git remote %s for LFS inventory", gitRemoteName))
+                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov0" title="0">return nil, false, fmt.Errorf("read oid entry %q: %w", f, err)</span>
+        }
+        <span class="cov5" title="2">var oe OIDEntry
+        if err := json.Unmarshal(b, &amp;oe); err != nil </span><span class="cov0" title="0">{
+                return nil, false, fmt.Errorf("parse oid entry %q: %w", f, err)
         }</span>
-        <span class="cov1" title="1">logger.Debug("Scanning Git refs for LFS pointer files (no git lfs CLI required)")
+        <span class="cov5" title="2">return &amp;oe, true, nil</span>
+}
 
-        // no timeout for now
-        ctx := context.Background()
-        refs := buildRefs(branches)
-        lfsFileMap := make(map[string]LfsFileInfo)
-        for _, ref := range refs </span><span class="cov3" title="2">{
-                if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil </span><span class="cov0" title="0">{
-                        return nil, err
+func (c *Cache) EnsureLayout() error <span class="cov0" title="0">{
+        for _, dir := range []string{c.Root, c.PathsDir, c.OIDsDir} </span><span class="cov0" title="0">{
+                if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
         }
-
-        <span class="cov1" title="1">return lfsFileMap, nil</span>
+        <span class="cov0" title="0">return nil</span>
 }
 
-func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error <span class="cov3" title="2">{
-        out, err := runGitCommand(ctx, repoDir, "ls-tree", "-r", "-z", "--long", ref)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("git ls-tree failed for %s: %w", ref, err)
+func (c *Cache) UpsertPathEntry(entry PathEntry) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
+        <span class="cov0" title="0">return writeJSONAtomic(c.pathEntryFile(entry.Path), entry)</span>
+}
 
-        <span class="cov3" title="2">entries := strings.Split(out, "\x00")
-        for _, entry := range entries </span><span class="cov7" title="7">{
-                entry = strings.TrimSpace(entry)
-                if entry == "" </span><span class="cov3" title="2">{
-                        continue</span>
-                }
-
-                <span class="cov6" title="5">oid, path, err := parseLsTreeEntry(entry)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping unparseable ls-tree entry for %s: %q", ref, entry))
-                        continue</span>
-                }
-
-                <span class="cov6" title="5">blob, err := runGitCommand(ctx, repoDir, "cat-file", "-p", oid)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob %s", path, ref, oid))
-                        continue</span>
-                }
-
-                <span class="cov6" title="5">pointer, ok := parseLFSPointer(blob)
-                if !ok </span><span class="cov3" title="2">{
-                        continue</span>
-                }
-
-                <span class="cov4" title="3">lfsFileMap[path] = LfsFileInfo{
-                        Name:      path,
-                        Size:      pointer.Size,
-                        IsPointer: true,
-                        OidType:   pointer.OidType,
-                        Oid:       pointer.Oid,
-                        Version:   pointer.Version,
-                }</span>
-        }
-
-        <span class="cov3" title="2">return nil</span>
+func (c *Cache) AddOrReplaceOIDPath(oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return oidAddOrReplacePath(c.OIDsDir, oid, oldPath, newPath, now, contentChanged)</span>
 }
 
-func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) <span class="cov7" title="7">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Dir = repoDir
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
-        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
-                }</span>
-                <span class="cov0" title="0">return "", fmt.Errorf("%s", msg)</span>
-        }
-        <span class="cov7" title="7">return stdout.String(), nil</span>
+func (c *Cache) RemovePathFromOID(oid, path, now string) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return oidRemovePath(c.OIDsDir, oid, path, now)</span>
 }
 
-func parseLsTreeEntry(entry string) (string, string, error) <span class="cov6" title="5">{
-        tab := strings.Index(entry, "\t")
-        if tab &lt; 0 </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("missing tab separator")
+func (c *Cache) DeletePathEntry(path string) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
+        <span class="cov0" title="0">if err := os.Remove(c.pathEntryFile(path)); err != nil &amp;&amp; !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
 
-        <span class="cov6" title="5">meta := strings.Fields(entry[:tab])
-        if len(meta) &lt; 3 </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("invalid ls-tree metadata")
+//
+// Validation helpers (optional)
+//
+
+// CheckExternalURLMismatch compares a cached external URL hint against an
+// authoritative URL. If either value is empty this is a no-op. When both are
+// non-empty and differ an error describing the mismatch is returned.
+func CheckExternalURLMismatch(localHint, authoritative string) error <span class="cov8" title="3">{
+        l := strings.TrimSpace(localHint)
+        a := strings.TrimSpace(authoritative)
+        if l == "" || a == "" </span><span class="cov1" title="1">{
+                return nil
         }</span>
-        <span class="cov6" title="5">if meta[1] != "blob" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("not a blob entry")
+        <span class="cov5" title="2">if l != a </span><span class="cov1" title="1">{
+                return fmt.Errorf(
+                        "external URL mismatch: cache=%q authoritative=%q",
+                        l, a,
+                )
         }</span>
+        <span class="cov1" title="1">return nil</span>
+}
 
-        <span class="cov6" title="5">oid := strings.TrimSpace(meta[2])
-        path := strings.TrimSpace(entry[tab+1:])
-        if oid == "" || path == "" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("missing oid or path")
+// StaleAfter reports whether a JSON entry with the given updatedAt RFC3339
+// timestamp is older than maxAge. Returns false if the timestamp cannot be parsed.
+func StaleAfter(updatedAt string, maxAge time.Duration) bool <span class="cov5" title="2">{
+        t, err := time.Parse(time.RFC3339, updatedAt)
+        if err != nil </span><span class="cov1" title="1">{
+                return false
         }</span>
-        <span class="cov6" title="5">return oid, path, nil</span>
+        <span class="cov1" title="1">return time.Since(t) &gt; maxAge</span>
 }
 
-type lfsPointer struct {
-        Version string
-        OidType string
-        Oid     string
-        Size    int64
+//
+// Filename / encoding helpers
+//
+
+// pathEntryFile returns the filesystem path to the JSON file for the given
+// repository-relative path within the Cache.PathsDir.
+func (c *Cache) pathEntryFile(path string) string <span class="cov5" title="2">{
+        return filepath.Join(c.PathsDir, EncodePath(path)+".json")
+}</span>
+
+// oidEntryFile returns the filesystem path to the JSON file for the given
+// LFS OID. Files are named by sha256(oid) to avoid filesystem restrictions.
+func (c *Cache) oidEntryFile(oid string) string <span class="cov10" title="4">{
+        sum := sha256.Sum256([]byte(oid))
+        return filepath.Join(c.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
+}</span>
+
+// EncodePath returns a filesystem-safe base64 raw-URL encoding for a path.
+// The encoding is reversible by DecodePath.
+func EncodePath(path string) string <span class="cov8" title="3">{
+        return base64.RawURLEncoding.EncodeToString([]byte(path))
+}</span>
+
+// DecodePath decodes a value produced by EncodePath back to the original path.
+// Returns an error if the input is not valid base64 raw-URL.
+func DecodePath(encoded string) (string, error) <span class="cov1" title="1">{
+        b, err := base64.RawURLEncoding.DecodeString(encoded)
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov1" title="1">return string(b), nil</span>
 }
 
-func parseLFSPointer(content string) (lfsPointer, bool) <span class="cov6" title="5">{
-        var p lfsPointer
-        sha256Re := regexp.MustCompile(`(?i)^[a-f0-9]{64}$`)
+//
+// Git helpers
+//
 
-        for _, line := range strings.Split(strings.ReplaceAll(content, "\r\n", "\n"), "\n") </span><span class="cov10" title="14">{
-                line = strings.TrimSpace(line)
-                if line == "" </span><span class="cov4" title="3">{
-                        continue</span>
-                }
-                <span class="cov9" title="11">if strings.HasPrefix(line, "version ") </span><span class="cov4" title="3">{
-                        p.Version = strings.TrimSpace(strings.TrimPrefix(line, "version "))
-                        continue</span>
-                }
-                <span class="cov8" title="8">if strings.HasPrefix(line, "oid ") </span><span class="cov4" title="3">{
-                        oidSpec := strings.TrimSpace(strings.TrimPrefix(line, "oid "))
-                        parts := strings.SplitN(oidSpec, ":", 2)
-                        if len(parts) != 2 </span><span class="cov0" title="0">{
-                                return lfsPointer{}, false
-                        }</span>
-                        <span class="cov4" title="3">p.OidType = strings.TrimSpace(parts[0])
-                        p.Oid = strings.TrimSpace(parts[1])
-                        continue</span>
-                }
-                <span class="cov6" title="5">if strings.HasPrefix(line, "size ") </span><span class="cov4" title="3">{
-                        szStr := strings.TrimSpace(strings.TrimPrefix(line, "size "))
-                        sz, err := strconv.ParseInt(szStr, 10, 64)
-                        if err != nil || sz &lt; 0 </span><span class="cov0" title="0">{
-                                return lfsPointer{}, false
-                        }</span>
-                        <span class="cov4" title="3">p.Size = sz</span>
-                }
+// gitRevParseGitDir runs `git rev-parse --git-dir` (and `--show-toplevel` if
+// necessary) to return an absolute path to the repository `.git` directory.
+// Returns an error when git fails or the result cannot be resolved.
+func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov1" title="1">{
+        out, err := git(ctx, "rev-parse", "--git-dir")
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov1" title="1">gitDir := strings.TrimSpace(string(out))
+        if gitDir == "" </span><span class="cov0" title="0">{
+                return "", errors.New("could not determine .git dir")
+        }</span>
+        <span class="cov1" title="1">if !filepath.IsAbs(gitDir) </span><span class="cov1" title="1">{
+                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
+                if err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov1" title="1">root := strings.TrimSpace(string(rootOut))
+                gitDir = filepath.Join(root, gitDir)</span>
         }
+        <span class="cov1" title="1">return gitDir, nil</span>
+}
+
+// git executes a git command and returns combined output. If git exits with
+// a non-zero status the returned error includes the command and stderr/stdout.
+func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov5" title="2">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Env = os.Environ()
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf(
+                        "git %s: %s",
+                        strings.Join(args, " "),
+                        strings.TrimSpace(string(out)),
+                )
+        }</span>
+        <span class="cov5" title="2">return out, nil</span>
+}
 
-        <span class="cov6" title="5">if p.Version == "" || p.OidType == "" || p.Oid == "" </span><span class="cov3" title="2">{
-                return lfsPointer{}, false
+func writeJSONAtomic(path string, v any) error <span class="cov0" title="0">{
+        dir := filepath.Dir(path)
+        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov4" title="3">if p.OidType != "sha256" || !sha256Re.MatchString(p.Oid) </span><span class="cov0" title="0">{
-                return lfsPointer{}, false
+        <span class="cov0" title="0">tmp, err := os.CreateTemp(dir, ".tmp-*.json")
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        <span class="cov4" title="3">return p, true</span>
+        <span class="cov0" title="0">tmpName := tmp.Name()
+        enc := json.NewEncoder(tmp)
+        enc.SetIndent("", "  ")
+        if err := enc.Encode(v); err != nil </span><span class="cov0" title="0">{
+                _ = tmp.Close()
+                _ = os.Remove(tmpName)
+                return err
+        }</span>
+        <span class="cov0" title="0">if err := tmp.Close(); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmpName)
+                return err
+        }</span>
+        <span class="cov0" title="0">return os.Rename(tmpName, path)</span>
 }
 
-func buildRefs(branches []string) []string <span class="cov1" title="1">{
-        if len(branches) == 0 </span><span class="cov0" title="0">{
-                return []string{"HEAD"}
+func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov0" title="0">{
+        f := oidEntryFilePath(oidsDir, oid)
+        var oe OIDEntry
+        if b, err := os.ReadFile(f); err == nil </span><span class="cov0" title="0">{
+                _ = json.Unmarshal(b, &amp;oe)
         }</span>
-        <span class="cov1" title="1">refs := make([]string, 0, len(branches))
-        seen := make(map[string]struct{})
-        for _, branch := range branches </span><span class="cov3" title="2">{
-                branch = strings.TrimSpace(branch)
-                if branch == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov3" title="2">ref := branch
-                if branch != "HEAD" &amp;&amp; !strings.HasPrefix(branch, "refs/") </span><span class="cov3" title="2">{
-                        ref = fmt.Sprintf("refs/heads/%s", branch)
-                }</span>
-                <span class="cov3" title="2">if _, ok := seen[ref]; ok </span><span class="cov0" title="0">{
+        <span class="cov0" title="0">if oe.LFSOID == "" </span><span class="cov0" title="0">{
+                oe.LFSOID = oid
+        }</span>
+        <span class="cov0" title="0">pathsSet := make(map[string]struct{}, len(oe.Paths)+1)
+        for _, p := range oe.Paths </span><span class="cov0" title="0">{
+                p = strings.TrimSpace(p)
+                if p == "" || p == oldPath </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov3" title="2">seen[ref] = struct{}{}
-                refs = append(refs, ref)</span>
+                <span class="cov0" title="0">pathsSet[p] = struct{}{}</span>
         }
-        <span class="cov1" title="1">if len(refs) == 0 </span><span class="cov0" title="0">{
-                return []string{"HEAD"}
+        <span class="cov0" title="0">if strings.TrimSpace(newPath) != "" </span><span class="cov0" title="0">{
+                pathsSet[newPath] = struct{}{}
         }</span>
-        <span class="cov1" title="1">return refs</span>
+        <span class="cov0" title="0">oe.Paths = oe.Paths[:0]
+        for p := range pathsSet </span><span class="cov0" title="0">{
+                oe.Paths = append(oe.Paths, p)
+        }</span>
+        <span class="cov0" title="0">sort.Strings(oe.Paths)
+        oe.UpdatedAt = now
+        oe.ContentChange = contentChanged
+        return writeJSONAtomic(f, oe)</span>
 }
 
-func addFilesFromDryRun(out, repoDir string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error <span class="cov3" title="2">{
-        // Log when dry-run returns no output to help with debugging
-        if strings.TrimSpace(out) == "" </span><span class="cov0" title="0">{
-                logger.Debug("No LFS files to push (dry-run returned no output)")
+func oidRemovePath(oidsDir, oid, path, now string) error <span class="cov0" title="0">{
+        if strings.TrimSpace(oid) == "" || strings.TrimSpace(path) == "" </span><span class="cov0" title="0">{
                 return nil
         }</span>
-
-        // accept lowercase or uppercase hex
-        <span class="cov3" title="2">sha256Re := regexp.MustCompile(`(?i)^[a-f0-9]{64}$`)
-
-        for _, line := range strings.Split(strings.TrimSpace(string(out)), "\n") </span><span class="cov7" title="7">{
-                line = strings.TrimSpace(line)
-                if line == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov7" title="7">parts := strings.Fields(line)
-                if len(parts) &lt; 2 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-
-                <span class="cov7" title="7">oid := ""
-                oidIndex := -1
-                for i, p := range parts </span><span class="cov8" title="9">{
-                        if sha256Re.MatchString(p) </span><span class="cov7" title="7">{
-                                oid = p
-                                oidIndex = i
-                                break</span>
-                        }
-                }
-                <span class="cov7" title="7">if oid == "" </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping LFS line with no oid: %q", line))
-                        continue</span>
-                }
-
-                // Preserve full path text (including spaces) by slicing from the first oid occurrence.
-                <span class="cov7" title="7">path := ""
-                if idx := strings.Index(line, oid); idx &gt;= 0 </span><span class="cov7" title="7">{
-                        path = strings.TrimSpace(line[idx+len(oid):])
-                }</span>
-                <span class="cov7" title="7">if path == "" &amp;&amp; oidIndex+1 &lt; len(parts) </span><span class="cov0" title="0">{
-                        path = strings.Join(parts[oidIndex+1:], " ")
-                }</span>
-                <span class="cov7" title="7">path = strings.TrimSpace(strings.TrimPrefix(strings.TrimPrefix(path, "=&gt;"), "-&gt;"))
-                path = strings.TrimSpace(strings.TrimPrefix(path, "=&gt;"))
-                path = strings.TrimSpace(strings.TrimPrefix(path, "-&gt;"))
-                if path == "" </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping LFS line with empty path: %q", line))
-                        continue</span>
-                }
-
-                // Validate OID looks like a SHA256 hex string.
-                // (kept as a guard in case extraction logic changes)
-                <span class="cov7" title="7">if !sha256Re.MatchString(oid) </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping LFS line with invalid oid %q: %q", oid, line))
-                        continue</span>
-                }
-
-                // see https://github.com/calypr/git-drs/issues/124#issuecomment-3721837089
-                <span class="cov7" title="7">if oid == "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" &amp;&amp; strings.Contains(path, ".gitattributes") </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping empty LFS pointer for %s", path))
-                        continue</span>
-                }
-                // Remove a trailing parenthetical suffix from p, e.g.:
-                // "path/to/file.dat (100 KB)" -&gt; "path/to/file.dat"
-                <span class="cov7" title="7">if idx := strings.LastIndex(path, " ("); idx != -1 &amp;&amp; strings.HasSuffix(path, ")") </span><span class="cov0" title="0">{
-                        path = strings.TrimSpace(path[:idx])
-                }</span>
-                <span class="cov7" title="7">size := int64(0)
-                absPath := path
-                if repoDir != "" &amp;&amp; !filepath.IsAbs(path) </span><span class="cov7" title="7">{
-                        absPath = filepath.Join(repoDir, path)
+        <span class="cov0" title="0">f := oidEntryFilePath(oidsDir, oid)
+        b, err := os.ReadFile(f)
+        if err != nil </span><span class="cov0" title="0">{
+                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return nil
                 }</span>
-                <span class="cov7" title="7">if stat, err := os.Stat(absPath); err == nil </span><span class="cov7" title="7">{
-                        size = stat.Size()
-                }</span> else<span class="cov0" title="0"> {
-                        logger.Error(fmt.Sprintf("could not stat file %s: %v", path, err))
+                <span class="cov0" title="0">return err</span>
+        }
+        <span class="cov0" title="0">var oe OIDEntry
+        if err := json.Unmarshal(b, &amp;oe); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">filtered := oe.Paths[:0]
+        for _, existing := range oe.Paths </span><span class="cov0" title="0">{
+                if strings.TrimSpace(existing) == "" || existing == path </span><span class="cov0" title="0">{
                         continue</span>
                 }
-
-                <span class="cov7" title="7">isPointer := false
-                // If the file is small, read it and detect LFS pointer signature.
-                // Pointer files are textual and include the LFS spec version + an oid line.
-                if size &gt; 0 &amp;&amp; size &lt; 2048 </span><span class="cov1" title="1">{
-                        if data, readErr := os.ReadFile(absPath); readErr == nil </span><span class="cov1" title="1">{
-                                s := strings.TrimSpace(string(data))
-                                if strings.Contains(s, "version https://git-lfs.github.com/spec/v1") &amp;&amp; strings.Contains(s, "oid sha256:") </span><span class="cov1" title="1">{
-                                        isPointer = true
-                                }</span>
-                        }
-                }
-
-                <span class="cov7" title="7">lfsFileMap[path] = LfsFileInfo{
-                        Name:      path,
-                        Size:      size,
-                        IsPointer: isPointer,
-                        OidType:   "sha256",
-                        Oid:       oid,
-                        Version:   "https://git-lfs.github.com/spec/v1",
+                <span class="cov0" title="0">filtered = append(filtered, existing)</span>
+        }
+        <span class="cov0" title="0">oe.Paths = filtered
+        oe.UpdatedAt = now
+        if len(oe.Paths) == 0 </span><span class="cov0" title="0">{
+                if err := os.Remove(f); err != nil &amp;&amp; !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return err
                 }</span>
+                <span class="cov0" title="0">return nil</span>
         }
-
-        <span class="cov3" title="2">return nil</span>
+        <span class="cov0" title="0">sort.Strings(oe.Paths)
+        return writeJSONAtomic(f, oe)</span>
 }
 
-// CreateLfsPointer creates a Git LFS pointer file for the given DRS object.
-func CreateLfsPointer(drsObj *drsapi.DrsObject, dst string) error <span class="cov0" title="0">{
-        hashInfo := hash.ConvertDrsChecksumsToHashInfo(drsObj.Checksums)
-        shaSum := hashInfo.SHA256
-        if shaSum == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("no sha256 checksum found for DRS object")
-        }</span>
-
-        // create pointer file content
-        <span class="cov0" title="0">pointerContent := "version https://git-lfs.github.com/spec/v1\n"
-        pointerContent += fmt.Sprintf("oid sha256:%s\n", shaSum)
-        pointerContent += fmt.Sprintf("size %d\n", drsObj.Size)
-
-        // write to file
-        err := os.WriteFile(dst, []byte(pointerContent), 0644)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to write LFS pointer file: %w", err)
-        }</span>
-
-        <span class="cov0" title="0">return nil</span>
-}
+func oidEntryFilePath(oidsDir, oid string) string <span class="cov0" title="0">{
+        sum := sha256.Sum256([]byte(oid))
+        return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
+}</span>
 </pre>
 		
-		<pre class="file" id="file48" style="display: none">package lfs
+		<pre class="file" id="file65" style="display: none">package pushsync
 
 import (
-        "bytes"
+        "context"
         "fmt"
-        "os/exec"
+        "net/url"
+        "os"
         "path/filepath"
+        "sort"
         "strings"
 
-        "github.com/bytedance/sonic"
+        localcommon "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        localdrsobject "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        sycommon "github.com/calypr/syfon/client/common"
+        "github.com/calypr/syfon/client/hash"
+        "github.com/google/uuid"
+        "golang.org/x/sync/errgroup"
 )
 
-// IsLFSTracked returns true if the given path is tracked by Git LFS
-// (i.e. has `filter=lfs` via git attributes).
-func IsLFSTracked(path string) (bool, error) <span class="cov10" title="2">{
-        if path == "" </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("path is empty")
-        }</span>
-
-        // Git prefers forward slashes, even on macOS/Linux
-        <span class="cov10" title="2">cleanPath := filepath.ToSlash(path)
-
-        cmd := exec.Command(
-                "git",
-                "check-attr",
-                "filter",
-                "--",
-                cleanPath,
-        )
-
-        var out bytes.Buffer
-        cmd.Stdout = &amp;out
-        cmd.Stderr = &amp;out
-
-        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("git check-attr failed: %w (%s)", err, out.String())
-        }</span>
-
-        // Expected output:
-        // path: filter: lfs
-        // path: filter: unspecified
-        //
-        // Format is stable and documented.
-        <span class="cov10" title="2">fields := strings.Split(out.String(), ":")
-        if len(fields) &lt; 3 </span><span class="cov0" title="0">{
-                return false, nil
+type batchSyncSession struct {
+        ctx            context.Context
+        rt             *pushRuntime
+        reporter       UploadProgressReporter
+        filesByOID     map[string]lfs.LfsFileInfo
+        oids           []string
+        drsObjByOID    map[string]*drsapi.DrsObject
+        existingByHash map[string][]drsapi.DrsObject
+        uploadRequired map[string]bool
+}
+
+type uploadCandidate struct {
+        oid  string
+        obj  *drsapi.DrsObject
+        file lfs.LfsFileInfo
+        size int64
+        src  string
+}
+
+// BatchSyncForPush performs checksum-first push preparation.
+func BatchSyncForPush(cl *config.GitContext, ctx context.Context, files map[string]lfs.LfsFileInfo, reporter UploadProgressReporter) error <span class="cov0" title="0">{
+        session := &amp;batchSyncSession{
+                ctx:            ctx,
+                rt:             newPushRuntime(cl),
+                reporter:       reporter,
+                drsObjByOID:    make(map[string]*drsapi.DrsObject),
+                existingByHash: make(map[string][]drsapi.DrsObject),
+                uploadRequired: make(map[string]bool),
+        }
+        if len(files) == 0 </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        <span class="cov10" title="2">value := strings.TrimSpace(fields[2])
-        return value == "lfs", nil</span>
-}
-
-// LfsFileInfo represents the information about an LFS file
-type LfsFileInfo struct {
-        Name       string `json:"name"`
-        Size       int64  `json:"size"`
-        Checkout   bool   `json:"checkout"`
-        Downloaded bool   `json:"downloaded"`
-        IsPointer  bool   `json:"is_pointer,omitempty"`
-        OidType    string `json:"oid_type"`
-        Oid        string `json:"oid"`
-        Version    string `json:"version"`
-}
-
-type lfsLsOutput struct {
-        Files []LfsFileInfo `json:"files"`
-}
-
-// CheckIfLfsFile checks if a given file is tracked by Git LFS.
-// Returns true and file info if it's an LFS file, false otherwise.
-func CheckIfLfsFile(fileName string) (bool, *LfsFileInfo, error) <span class="cov0" title="0">{
-        // Use git lfs ls-files -I to check if specific file is LFS tracked
-        cmd := exec.Command("git", "lfs", "ls-files", "-I", fileName, "--json")
-        out, err := cmd.Output()
-        if err != nil </span><span class="cov0" title="0">{
-                // If git lfs ls-files returns error, the file is not LFS tracked
-                return false, nil, nil
+        <span class="cov0" title="0">session.normalizeFiles(files)
+        if err := session.lookupMetadata(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        // If output is empty, file is not LFS tracked
-        <span class="cov0" title="0">if len(strings.TrimSpace(string(out))) == 0 </span><span class="cov0" title="0">{
-                return false, nil, nil
+        <span class="cov0" title="0">if err := session.ensureMetadataRegistered(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
 
-        // Parse the JSON output
-        <span class="cov0" title="0">var output lfsLsOutput
-        err = sonic.ConfigFastest.Unmarshal(out, &amp;output)
+        <span class="cov0" title="0">candidates, err := session.identifyUploadCandidates()
         if err != nil </span><span class="cov0" title="0">{
-                return false, nil, fmt.Errorf("error unmarshaling git lfs ls-files output for %s: %v", fileName, err)
+                return err
         }</span>
-
-        // If no files in output, not LFS tracked
-        <span class="cov0" title="0">if len(output.Files) == 0 </span><span class="cov0" title="0">{
-                return false, nil, nil
+        <span class="cov0" title="0">if len(candidates) == 0 </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        <span class="cov0" title="0">return true, &amp;output.Files[0], nil</span>
+        <span class="cov0" title="0">return session.executeUploadPlan(candidates)</span>
 }
-</pre>
-		
-		<pre class="file" id="file49" style="display: none">package lfs
-
-import (
-        "crypto/sha256"
-        "fmt"
-        "os"
-        "path/filepath"
-        "strings"
-)
-
-const addURLSentinelHeader = "git-drs-add-url-sentinel:v1\n"
 
-func SyntheticOIDFromETag(etag string) (string, error) <span class="cov6" title="2">{
-        e := strings.TrimSpace(strings.Trim(etag, `"`))
-        if e == "" </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("etag is required for synthetic oid")
-        }</span>
-        <span class="cov6" title="2">sum := sha256.Sum256([]byte(e))
-        return fmt.Sprintf("%x", sum[:]), nil</span>
+func (s *batchSyncSession) normalizeFiles(files map[string]lfs.LfsFileInfo) <span class="cov0" title="0">{
+        s.filesByOID = make(map[string]lfs.LfsFileInfo, len(files))
+        for _, f := range files </span><span class="cov0" title="0">{
+                oid := localdrsobject.NormalizeOid(f.Oid)
+                if oid == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">if _, exists := s.filesByOID[oid]; exists </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">f.Oid = oid
+                s.filesByOID[oid] = f
+                s.oids = append(s.oids, oid)</span>
+        }
+        <span class="cov0" title="0">sort.Strings(s.oids)</span>
 }
 
-func BuildAddURLSentinel(etag string, sourceURL string) ([]byte, error) <span class="cov10" title="3">{
-        e := strings.TrimSpace(strings.Trim(etag, `"`))
-        if e == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("etag is required for sentinel")
-        }</span>
-        <span class="cov10" title="3">return []byte(addURLSentinelHeader + "etag=" + e + "\nsource=" + strings.TrimSpace(sourceURL) + "\n"), nil</span>
+func (s *batchSyncSession) lookupMetadata() error <span class="cov0" title="0">{
+        s.existingByHash = make(map[string][]drsapi.DrsObject, len(s.oids))
+        for _, oid := range s.oids </span><span class="cov0" title="0">{
+                objects, err := drsremote.ObjectsByHash(s.ctx, s.rt.API, oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("hash lookup failed for oid %s: %w", oid, err)
+                }</span>
+                <span class="cov0" title="0">for _, obj := range objects </span><span class="cov0" title="0">{
+                        objOID := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
+                        if objOID == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov0" title="0">s.existingByHash[objOID] = append(s.existingByHash[objOID], obj)</span>
+                }
+        }
+        <span class="cov0" title="0">return nil</span>
 }
 
-func IsAddURLSentinelBytes(data []byte) bool <span class="cov10" title="3">{
-        return strings.HasPrefix(string(data), addURLSentinelHeader)
-}</span>
-
-func IsAddURLSentinelObject(path string) (bool, error) <span class="cov1" title="1">{
-        f, err := os.Open(path)
-        if err != nil </span><span class="cov0" title="0">{
-                return false, err
-        }</span>
-        <span class="cov1" title="1">defer f.Close()
+func (s *batchSyncSession) ensureMetadataRegistered() error <span class="cov1" title="1">{
+        toRegister := make([]drsapi.DrsObjectCandidate, 0)
 
-        buf := make([]byte, len(addURLSentinelHeader))
-        n, err := f.Read(buf)
-        if err != nil &amp;&amp; n == 0 </span><span class="cov0" title="0">{
-                return false, err
-        }</span>
-        <span class="cov1" title="1">return IsAddURLSentinelBytes(buf[:n]), nil</span>
-}
+        for _, oid := range s.oids </span><span class="cov1" title="1">{
+                obj, err := s.getOrCreateDRSObjectCandidate(oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">s.drsObjByOID[oid] = obj
 
-func WriteAddURLSentinelObject(lfsRoot string, oid string, etag string, sourceURL string) (string, error) <span class="cov6" title="2">{
-        objPath := filepath.Join(lfsRoot, "objects", oid[:2], oid[2:4], oid)
-        if err := os.MkdirAll(filepath.Dir(objPath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("mkdir %s: %w", filepath.Dir(objPath), err)
-        }</span>
-        <span class="cov6" title="2">payload, err := BuildAddURLSentinel(etag, sourceURL)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
-        }</span>
-        <span class="cov6" title="2">if err := os.WriteFile(objPath, payload, 0o644); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("write sentinel %s: %w", objPath, err)
-        }</span>
-        <span class="cov6" title="2">return objPath, nil</span>
-}
-</pre>
-		
-		<pre class="file" id="file50" style="display: none">package lfs
+                recs := s.existingByHash[oid]
+                if len(recs) == 0 </span><span class="cov0" title="0">{
+                        toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
+                        s.uploadRequired[oid] = true
+                        continue</span>
+                }
+                <span class="cov1" title="1">if match, err := drsremote.FindMatchingRecord(recs, s.rt.Scope.Organization, s.rt.Scope.Project); err == nil &amp;&amp; match != nil </span><span class="cov0" title="0">{
+                        s.drsObjByOID[oid] = match
+                        if s.rt.Tuning.ForceUpload </span><span class="cov0" title="0">{
+                                s.uploadRequired[oid] = true
+                        }</span>
+                        <span class="cov0" title="0">continue</span>
+                }
 
-import (
-        "context"
-        "errors"
-        "fmt"
-        "io"
-        "io/fs"
-        "log/slog"
-        "os"
-        "path/filepath"
+                <span class="cov1" title="1">reusable := s.findReusableRecord(recs)
+                if reusable != nil &amp;&amp; !s.rt.Tuning.ForceUpload </span><span class="cov1" title="1">{
+                        reuseObj, err := s.buildReusableScopedObject(oid, reusable)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                        <span class="cov1" title="1">s.drsObjByOID[oid] = reuseObj
+                        toRegister = append(toRegister, localdrsobject.ConvertToCandidate(reuseObj))
+                        continue</span>
+                }
 
-        "github.com/calypr/git-drs/internal/common"
-)
+                <span class="cov0" title="0">toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
+                s.uploadRequired[oid] = true</span>
+        }
 
-// SmudgeDownloadFunc downloads the object identified by oid into cachePath.
-type SmudgeDownloadFunc func(ctx context.Context, oid, cachePath string) error
+        <span class="cov1" title="1">if len(toRegister) == 0 </span><span class="cov0" title="0">{
+                return nil
+        }</span>
 
-// SmudgeContent reads pointer content from ptr and writes smudged content to dst.
-// If the payload is not an LFS pointer, it passes data through unchanged.
-func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.Writer, logger *slog.Logger, download SmudgeDownloadFunc) error <span class="cov10" title="4">{
-        ptrBytes, err := io.ReadAll(ptr)
+        <span class="cov1" title="1">s.rt.Logger.InfoContext(s.ctx, fmt.Sprintf("bulk registering %d missing records", len(toRegister)))
+        registered, err := s.rt.API.Client.DRS().RegisterObjects(s.ctx, drsapi.RegisterObjectsJSONRequestBody{
+                Candidates: toRegister,
+        })
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: read pointer: %w", err)
+                return fmt.Errorf("bulk register failed: %w", err)
         }</span>
+        <span class="cov1" title="1">for i := range registered.Objects </span><span class="cov1" title="1">{
+                obj := registered.Objects[i]
+                oid := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
+                if oid != "" </span><span class="cov1" title="1">{
+                        copyObj := obj
+                        s.drsObjByOID[oid] = &amp;copyObj
+                }</span>
+        }
+        <span class="cov1" title="1">return nil</span>
+}
 
-        <span class="cov10" title="4">oid, size, ok := ParseLFSPointer(ptrBytes)
-        if !ok </span><span class="cov1" title="1">{
-                _, err := dst.Write(ptrBytes)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("smudge: passthrough write: %w", err)
+func (s *batchSyncSession) findReusableRecord(records []drsapi.DrsObject) *drsapi.DrsObject <span class="cov1" title="1">{
+        for i := range records </span><span class="cov1" title="1">{
+                record := records[i]
+                if hasResolvableAccessMethod(&amp;record) </span><span class="cov1" title="1">{
+                        return &amp;record
                 }</span>
-                <span class="cov1" title="1">return nil</span>
         }
+        <span class="cov0" title="0">return nil</span>
+}
 
-        <span class="cov8" title="3">if logger != nil </span><span class="cov8" title="3">{
-                logger.Debug("smudge", "pathname", pathname, "oid", oid, "size", size)
+func (s *batchSyncSession) buildReusableScopedObject(oid string, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        file := s.filesByOID[oid]
+        obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, existing)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("failed to build scoped reusable object for oid %s: %w", oid, err)
         }</span>
+        <span class="cov1" title="1">if existing != nil &amp;&amp; existing.AccessMethods != nil </span><span class="cov1" title="1">{
+                obj.AccessMethods = existing.AccessMethods
+        }</span>
+        <span class="cov1" title="1">return obj, nil</span>
+}
 
-        <span class="cov8" title="3">cachePath, err := ObjectPath(common.LFS_OBJS_PATH, oid)
+func (s *batchSyncSession) getOrCreateDRSObjectCandidate(oid string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        file := s.filesByOID[oid]
+        if localObj, err := localdrsobject.ReadObject(localcommon.DRS_OBJS_PATH, oid); err == nil &amp;&amp; localObj != nil </span><span class="cov0" title="0">{
+                return scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, localObj)
+        }</span>
+        <span class="cov1" title="1">stat, err := os.Stat(file.Name)
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: resolve cache path: %w", err)
+                return nil, fmt.Errorf("failed to stat file %s for oid %s: %w", file.Name, oid, err)
+        }</span>
+        <span class="cov1" title="1">obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, stat.Size(), nil)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("failed to build drs object for oid %s: %w", oid, err)
         }</span>
+        <span class="cov1" title="1">return obj, nil</span>
+}
 
-        <span class="cov8" title="3">err = copyObjectToWriter(cachePath, dst)
-        if err == nil </span><span class="cov1" title="1">{
-                return nil
+func scopedDRSObjectForPush(rt *pushRuntime, oid string, path string, size int64, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) <span class="cov7" title="5">{
+        if rt == nil </span><span class="cov0" title="0">{
+                return existing, nil
         }</span>
-        <span class="cov5" title="2">if !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: read cache: %w", err)
+        <span class="cov7" title="5">if existing != nil &amp;&amp; size &lt;= 0 </span><span class="cov0" title="0">{
+                size = existing.Size
         }</span>
-
-        <span class="cov5" title="2">if download == nil </span><span class="cov1" title="1">{
-                // No remote configured — write the pointer back to the working tree
-                // unchanged, matching git-lfs --skip-smudge behaviour.
-                if logger != nil </span><span class="cov1" title="1">{
-                        logger.Debug("smudge: no downloader configured, writing pointer", "oid", oid)
+        <span class="cov7" title="5">if size &lt;= 0 </span><span class="cov0" title="0">{
+                if stat, err := os.Stat(path); err == nil </span><span class="cov0" title="0">{
+                        size = stat.Size()
                 }</span>
-                <span class="cov1" title="1">_, err := dst.Write(ptrBytes)
-                return err</span>
         }
 
-        <span class="cov1" title="1">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: mkdir for cache path: %w", err)
+        <span class="cov7" title="5">name := filepath.Base(path)
+        if existing != nil &amp;&amp; existing.Name != nil &amp;&amp; *existing.Name != "" </span><span class="cov7" title="4">{
+                name = *existing.Name
         }</span>
-
-        <span class="cov1" title="1">if err := download(ctx, oid, cachePath); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: download oid %s: %w", oid, err)
+        <span class="cov7" title="5">if name == "" || name == "." </span><span class="cov0" title="0">{
+                name = oid
         }</span>
 
-        <span class="cov1" title="1">if err := copyObjectToWriter(cachePath, dst); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: open downloaded file: %w", err)
+        <span class="cov7" title="5">did := uuid.NewSHA1(localdrsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", rt.Scope.Project, localdrsobject.NormalizeOid(oid)))).String()
+        if existing != nil &amp;&amp; existing.Id != "" </span><span class="cov7" title="4">{
+                did = existing.Id
         }</span>
 
-        <span class="cov1" title="1">return nil</span>
-}
+        <span class="cov7" title="5">obj, err := localdrsobject.BuildWithPrefix(name, oid, size, did, rt.Scope.Bucket, rt.Scope.Organization, rt.Scope.Project, rt.Scope.StoragePref)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov7" title="5">if existing == nil </span><span class="cov1" title="1">{
+                return obj, nil
+        }</span>
 
-func copyObjectToWriter(path string, dst io.Writer) error <span class="cov10" title="4">{
-        f, err := os.Open(path)
-        if err != nil </span><span class="cov5" title="2">{
-                return err
+        <span class="cov7" title="4">if shouldPreserveExistingAccessMethodsForPush(existing, obj, oid) </span><span class="cov4" title="2">{
+                obj.AccessMethods = existing.AccessMethods
         }</span>
-        <span class="cov5" title="2">defer f.Close()
 
-        _, err = io.Copy(dst, f)
-        return err</span>
+        <span class="cov7" title="4">obj.Aliases = existing.Aliases
+        obj.Contents = existing.Contents
+        obj.Description = existing.Description
+        obj.MimeType = existing.MimeType
+        if existing.Version != nil </span><span class="cov0" title="0">{
+                obj.Version = existing.Version
+        }</span>
+        <span class="cov7" title="4">if !existing.CreatedTime.IsZero() </span><span class="cov0" title="0">{
+                obj.CreatedTime = existing.CreatedTime
+        }</span>
+        <span class="cov7" title="4">if existing.UpdatedTime != nil </span><span class="cov0" title="0">{
+                obj.UpdatedTime = existing.UpdatedTime
+        }</span>
+        <span class="cov7" title="4">return obj, nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file51" style="display: none">package lfs
-
-import (
-        "fmt"
-        "log/slog"
-        "os"
-        "path/filepath"
-        "strings"
-
-        "github.com/bytedance/sonic"
-        "github.com/calypr/git-drs/internal/common"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
-)
 
-// This file contains functions that pertain to .git/drs/lfs/objects directory walk
-type PendingObject struct {
-        OID  string
-        Path string
+func shouldPreserveExistingAccessMethodsForPush(existing *drsapi.DrsObject, generated *drsapi.DrsObject, oid string) bool <span class="cov7" title="4">{
+        existingURL := firstAccessURL(existing)
+        if existingURL == "" </span><span class="cov0" title="0">{
+                return false
+        }</span>
+        <span class="cov7" title="4">generatedURL := firstAccessURL(generated)
+        if existingURL == generatedURL </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov7" title="4">existingBucket, existingKey, existingOK := parseStorageURL(existingURL)
+        if !existingOK </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov7" title="4">generatedBucket, generatedKey, generatedOK := parseStorageURL(generatedURL)
+        normalizedOID := strings.Trim(strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), "/")
+        existingKey = strings.Trim(existingKey, "/")
+        if strings.EqualFold(existingBucket, "objects") </span><span class="cov1" title="1">{
+                return false
+        }</span>
+        <span class="cov5" title="3">if generatedOK &amp;&amp; existingKey == "" </span><span class="cov1" title="1">{
+                return false
+        }</span>
+        <span class="cov4" title="2">if generatedOK &amp;&amp; !strings.EqualFold(existingBucket, generatedBucket) &amp;&amp; existingKey == normalizedOID </span><span class="cov0" title="0">{
+                return false
+        }</span>
+        <span class="cov4" title="2">if generatedOK &amp;&amp; existingKey == generatedKey &amp;&amp; strings.EqualFold(existingBucket, generatedBucket) </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov4" title="2">return true</span>
 }
 
-type ObjectStore struct {
-        BasePath string
-        Logger   *slog.Logger
+func firstAccessURL(obj *drsapi.DrsObject) string <span class="cov10" title="8">{
+        if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+        <span class="cov10" title="8">am := (*obj.AccessMethods)[0]
+        if am.AccessUrl == nil </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+        <span class="cov10" title="8">return strings.TrimSpace(am.AccessUrl.Url)</span>
 }
 
-func NewObjectStore(basePath string, logger *slog.Logger) *ObjectStore <span class="cov9" title="12">{
-        return &amp;ObjectStore{
-                BasePath: basePath,
-                Logger:   logger,
+func parseStorageURL(raw string) (bucket string, key string, ok bool) <span class="cov10" title="8">{
+        u, err := url.Parse(strings.TrimSpace(raw))
+        if err != nil || u.Scheme == "" || u.Host == "" </span><span class="cov0" title="0">{
+                return "", "", false
+        }</span>
+        <span class="cov10" title="8">switch strings.ToLower(u.Scheme) </span>{
+        case "s3", "gs", "azblob":<span class="cov10" title="8">
+                return u.Host, strings.Trim(u.Path, "/"), true</span>
+        default:<span class="cov0" title="0">
+                return "", "", false</span>
         }
-}</span>
-
-func ObjectPath(basePath string, oid string) (string, error) <span class="cov7" title="7">{
-        store := NewObjectStore(basePath, nil)
-        return store.ObjectPath(oid)
-}</span>
-
-func WriteObject(basePath string, drsObj *drsapi.DrsObject, oid string) error <span class="cov3" title="2">{
-        store := NewObjectStore(basePath, nil)
-        return store.WriteObject(drsObj, oid)
-}</span>
+}
 
-func ReadObject(basePath string, oid string) (*drsapi.DrsObject, error) <span class="cov3" title="2">{
-        store := NewObjectStore(basePath, nil)
-        return store.ReadObject(oid)
-}</span>
+func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error) <span class="cov0" title="0">{
+        candidates := make([]uploadCandidate, 0)
+        for _, oid := range s.oids </span><span class="cov0" title="0">{
+                needsUpload, err := s.needsUpload(oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov0" title="0">if !needsUpload </span><span class="cov0" title="0">{
+                        continue</span>
+                }
 
-func (s *ObjectStore) ObjectPath(oid string) (string, error) <span class="cov10" title="13">{
-        // normalize oid - strip sha256: prefix if present
-        oid = strings.TrimPrefix(oid, "sha256:")
+                <span class="cov0" title="0">file := s.filesByOID[oid]
+                srcPath, canUpload, err := resolveUploadSourcePath(oid, file.Name, file.IsPointer)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, fmt.Errorf("failed to resolve upload source for oid %s: %w", oid, err)
+                }</span>
+                <span class="cov0" title="0">if !canUpload </span><span class="cov0" title="0">{
+                        s.rt.Logger.WarnContext(s.ctx, "no local payload available; skipping upload", "oid", oid, "path", file.Name)
+                        continue</span>
+                }
 
-        // check that oid is a valid sha256 hash
-        if len(oid) != 64 </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("error: %s is not a valid sha256 hash", oid)
-        }</span>
+                <span class="cov0" title="0">stat, err := os.Stat(srcPath)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, fmt.Errorf("failed to stat upload source %s: %w", srcPath, err)
+                }</span>
 
-        <span class="cov9" title="12">return filepath.Join(s.BasePath, oid[:2], oid[2:4], oid), nil</span>
+                <span class="cov0" title="0">candidates = append(candidates, uploadCandidate{
+                        oid:  oid,
+                        obj:  s.drsObjByOID[oid],
+                        file: file,
+                        size: stat.Size(),
+                        src:  srcPath,
+                })</span>
+        }
+        <span class="cov0" title="0">return candidates, nil</span>
 }
 
-func (s *ObjectStore) WriteObject(drsObj *drsapi.DrsObject, oid string) error <span class="cov4" title="3">{
-        drsObjBytes, err := sonic.ConfigFastest.Marshal(drsObj)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error marshalling DRS object for oid %s: %v", oid, err)
+func (s *batchSyncSession) needsUpload(oid string) (bool, error) <span class="cov4" title="2">{
+        if s.rt.Tuning.ForceUpload </span><span class="cov1" title="1">{
+                return true, nil
         }</span>
-
-        <span class="cov4" title="3">drsObjPath, err := s.ObjectPath(oid)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">if s.uploadRequired[oid] </span><span class="cov0" title="0">{
+                return true, nil
         }</span>
-        <span class="cov4" title="3">if err := os.MkdirAll(filepath.Dir(drsObjPath), 0755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error creating directory for %s: %v", drsObjPath, err)
+        <span class="cov1" title="1">if len(s.existingByHash[oid]) == 0 </span><span class="cov0" title="0">{
+                return true, nil
         }</span>
+        <span class="cov1" title="1">return false, nil</span>
+}
 
-        <span class="cov4" title="3">if err := os.WriteFile(drsObjPath, drsObjBytes, 0644); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error writing %s: %v", drsObjPath, err)
+func hasResolvableAccessMethod(obj *drsapi.DrsObject) bool <span class="cov1" title="1">{
+        if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 </span><span class="cov0" title="0">{
+                return false
         }</span>
-        <span class="cov4" title="3">return nil</span>
+        <span class="cov1" title="1">for _, am := range *obj.AccessMethods </span><span class="cov1" title="1">{
+                if strings.TrimSpace(string(am.Type)) == "" || am.AccessUrl == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">if strings.TrimSpace(am.AccessUrl.Url) != "" </span><span class="cov1" title="1">{
+                        return true
+                }</span>
+        }
+        <span class="cov0" title="0">return false</span>
 }
 
-func (s *ObjectStore) ReadObject(oid string) (*drsapi.DrsObject, error) <span class="cov4" title="3">{
-        path, err := s.ObjectPath(oid)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error getting object path for oid %s: %v", oid, err)
+func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error <span class="cov4" title="2">{
+        threshold := s.rt.Tuning.MultiPartThreshold
+        if threshold &lt;= 0 </span><span class="cov0" title="0">{
+                threshold = 5 * 1024 * 1024 * 1024
         }</span>
-
-        <span class="cov4" title="3">drsObjBytes, err := os.ReadFile(path)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error reading DRS object for oid %s: %v", oid, err)
+        <span class="cov4" title="2">concurrency := s.rt.Tuning.UploadConcurrency
+        if concurrency &lt;= 0 </span><span class="cov0" title="0">{
+                concurrency = 1
         }</span>
 
-        <span class="cov4" title="3">var drsObject drsapi.DrsObject
-        if err := sonic.ConfigFastest.Unmarshal(drsObjBytes, &amp;drsObject); err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error unmarshaling DRS object for oid %s: %v", oid, err)
+        <span class="cov4" title="2">small, large := splitCandidatesByThreshold(candidates, threshold)
+        s.rt.Logger.InfoContext(s.ctx, "upload plan prepared", "total", len(candidates), "parallel_small", len(small), "sequential_large", len(large))
+        if s.reporter != nil </span><span class="cov1" title="1">{
+                s.reporter.OnUploadPlan(buildUploadPlanSummary(candidates))
         }</span>
 
-        <span class="cov4" title="3">return &amp;drsObject, nil</span>
-}
-
-// getPendingObjects walks .git/drs/lfs/objects/ to find all pending records
-func GetPendingObjects(logger *slog.Logger) ([]*PendingObject, error) <span class="cov0" title="0">{
-        var objects []*PendingObject
-        objectsDir := common.DRS_OBJS_PATH
-
-        if _, err := os.Stat(objectsDir); os.IsNotExist(err) </span><span class="cov0" title="0">{
-                return nil, nil
-        }</span>
-        <span class="cov0" title="0">err := filepath.Walk(objectsDir, func(path string, info os.FileInfo, err error) error </span><span class="cov0" title="0">{
-                if err != nil </span><span class="cov0" title="0">{
+        <span class="cov4" title="2">if len(small) &gt; 0 </span><span class="cov4" title="2">{
+                eg, egCtx := errgroup.WithContext(s.ctx)
+                eg.SetLimit(concurrency)
+                for _, c := range small </span><span class="cov7" title="4">{
+                        c := c
+                        eg.Go(func() error </span><span class="cov7" title="4">{
+                                s.reportUploadStarted(c)
+                                uploadCtx := s.progressContextForCandidate(egCtx, c)
+                                if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil </span><span class="cov0" title="0">{
+                                        return err
+                                }</span>
+                                <span class="cov7" title="4">s.reportUploadCompleted(c)
+                                return nil</span>
+                        })
+                }
+                <span class="cov4" title="2">if err := eg.Wait(); err != nil </span><span class="cov0" title="0">{
                         return err
                 }</span>
-                <span class="cov0" title="0">if info.IsDir() </span><span class="cov0" title="0">{
-                        return nil
-                }</span>
-                <span class="cov0" title="0">rel, err := filepath.Rel(objectsDir, path)
-                if err != nil </span><span class="cov0" title="0">{
+        }
+
+        <span class="cov4" title="2">for _, c := range large </span><span class="cov0" title="0">{
+                s.reportUploadStarted(c)
+                uploadCtx := s.progressContextForCandidate(s.ctx, c)
+                if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil </span><span class="cov0" title="0">{
                         return err
                 }</span>
-                <span class="cov0" title="0">parts := strings.SplitN(rel, string(os.PathSeparator), 3)
-                if len(parts) != 3 </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("Skipping malformed path: %s", path))
-                        return nil
-                }</span>
-                <span class="cov0" title="0">oid := parts[2] // GetObjectPath stores full OID in the 3rd directory level
-                objects = append(objects, &amp;PendingObject{
-                        OID: oid,
+                <span class="cov0" title="0">s.reportUploadCompleted(c)</span>
+        }
+        <span class="cov4" title="2">return nil</span>
+}
+
+func buildUploadPlanSummary(candidates []uploadCandidate) UploadPlanSummary <span class="cov1" title="1">{
+        files := make([]UploadPlanFile, 0, len(candidates))
+        var totalBytes int64
+        for _, c := range candidates </span><span class="cov1" title="1">{
+                files = append(files, UploadPlanFile{
+                        OID:   c.oid,
+                        Path:  c.file.Name,
+                        Bytes: c.size,
                 })
-                return nil</span>
-        })
-        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                totalBytes += c.size
+        }</span>
+        <span class="cov1" title="1">return UploadPlanSummary{
+                Files:      files,
+                TotalFiles: len(files),
+                TotalBytes: totalBytes,
         }</span>
-        <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Found %d pending objects in %s", len(objects), objectsDir))
-        return objects, nil</span>
 }
 
-func GetDrsLfsObjects(logger *slog.Logger) (map[string]*drsapi.DrsObject, error) <span class="cov0" title="0">{
-        objects := map[string]*drsapi.DrsObject{}
-        objectsDir := common.DRS_OBJS_PATH
-        if _, err := os.Stat(objectsDir); os.IsNotExist(err) </span><span class="cov0" title="0">{
-                logger.Debug(fmt.Sprintf("DRS objects directory not found: %s", objectsDir))
-                return nil, nil
+func (s *batchSyncSession) progressContextForCandidate(ctx context.Context, c uploadCandidate) context.Context <span class="cov7" title="4">{
+        if s.reporter == nil </span><span class="cov5" title="3">{
+                return ctx
         }</span>
-
-        <span class="cov0" title="0">err := filepath.Walk(objectsDir, func(path string, info os.FileInfo, err error) error </span><span class="cov0" title="0">{
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error accessing path %s: %v", path, err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">if info.IsDir() </span><span class="cov0" title="0">{
-                        return nil
-                }</span>
-                <span class="cov0" title="0">rel, err := filepath.Rel(objectsDir, path)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">parts := strings.SplitN(rel, string(os.PathSeparator), 3)
-                if len(parts) != 3 </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("Skipping malformed path: %s", path))
-                        return nil
-                }</span>
-                <span class="cov0" title="0">data, err := os.ReadFile(path)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error reading file %s: %v", path, err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">var drsObject drsapi.DrsObject
-                if err := sonic.ConfigFastest.Unmarshal(data, &amp;drsObject); err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error unmarshalling JSON from %s: %v", path, err))
+        <span class="cov1" title="1">ctx = sycommon.WithOid(ctx, c.oid)
+        return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error </span><span class="cov9" title="7">{
+                if ev.Event != "progress" </span><span class="cov7" title="4">{
                         return nil
                 }</span>
-
-                // This could be problematic
-                <span class="cov0" title="0">hInfo := hash.ConvertDrsChecksumsToHashInfo(drsObject.Checksums)
-                if hInfo.SHA256 != "" </span><span class="cov0" title="0">{
-                        objects[hInfo.SHA256] = &amp;drsObject
-                }</span>
-
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Successfully unmarshaled drsapi.DrsObject from %s:\n%+v", path, drsObject))
+                <span class="cov5" title="3">s.reporter.OnUploadProgress(UploadProgressEvent{
+                        OID:            c.oid,
+                        Path:           c.file.Name,
+                        BytesSoFar:     ev.BytesSoFar,
+                        BytesSinceLast: ev.BytesSinceLast,
+                        TotalBytes:     c.size,
+                        Phase:          UploadProgressUploading,
+                })
                 return nil</span>
         })
-        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Found and unmarshaled %d DRS objects.", len(objects)))
-        return objects, nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file52" style="display: none">package lfs
-
-import (
-        "io/fs"
-        "os"
-        "path/filepath"
-
-        "github.com/bytedance/sonic"
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-)
-
-type DrsWalkFunc func(path string, d *drsapi.DrsObject) error
 
-func BaseDir() (string, error) <span class="cov1" title="1">{
-        gitTopLevel, err := gitrepo.GitTopLevel()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func (s *batchSyncSession) reportUploadStarted(c uploadCandidate) <span class="cov7" title="4">{
+        if s.reporter == nil </span><span class="cov5" title="3">{
+                return
         }</span>
-        <span class="cov1" title="1">return filepath.Join(gitTopLevel, common.DRS_DIR), nil</span>
-}
-
-type dirWalker struct {
-        baseDir  string
-        userFunc DrsWalkFunc
+        <span class="cov1" title="1">s.reporter.OnUploadProgress(UploadProgressEvent{
+                OID:            c.oid,
+                Path:           c.file.Name,
+                BytesSoFar:     0,
+                BytesSinceLast: 0,
+                TotalBytes:     c.size,
+                Phase:          UploadProgressUploading,
+        })</span>
 }
 
-func (d *dirWalker) call(path string, dir fs.DirEntry, cErr error) error <span class="cov10" title="3">{
-        data, err := os.ReadFile(path)
-        if err != nil </span><span class="cov6" title="2">{
-                return nil
-        }</span>
-        <span class="cov1" title="1">obj := drsapi.DrsObject{}
-        err = sonic.ConfigFastest.Unmarshal(data, &amp;obj)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov1" title="1">relPath, err := filepath.Rel(d.baseDir, path)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+func (s *batchSyncSession) reportUploadCompleted(c uploadCandidate) <span class="cov7" title="4">{
+        if s.reporter == nil </span><span class="cov5" title="3">{
+                return
         }</span>
-        <span class="cov1" title="1">return d.userFunc(relPath, &amp;obj)</span>
+        <span class="cov1" title="1">s.reporter.OnUploadProgress(UploadProgressEvent{
+                OID:            c.oid,
+                Path:           c.file.Name,
+                BytesSoFar:     c.size,
+                BytesSinceLast: 0,
+                TotalBytes:     c.size,
+                Phase:          UploadProgressCompleted,
+        })</span>
 }
 
-func ObjectWalk(f DrsWalkFunc) error <span class="cov1" title="1">{
-        baseDir, err := BaseDir()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov1" title="1">ud := dirWalker{baseDir, f}
-        return filepath.WalkDir(baseDir, ud.call)</span>
+func splitCandidatesByThreshold(candidates []uploadCandidate, threshold int64) (small, large []uploadCandidate) <span class="cov4" title="2">{
+        for _, c := range candidates </span><span class="cov7" title="4">{
+                if c.size &lt; threshold </span><span class="cov7" title="4">{
+                        small = append(small, c)
+                }</span> else<span class="cov0" title="0"> {
+                        large = append(large, c)
+                }</span>
+        }
+        <span class="cov4" title="2">return</span>
 }
 </pre>
 		
-		<pre class="file" id="file53" style="display: none">package precommit_cache
+		<pre class="file" id="file66" style="display: none">package pushsync
 
 import (
         "context"
-        "crypto/sha256"
-        "encoding/base64"
-        "encoding/json"
-        "errors"
         "fmt"
-        "io/fs"
+        "log/slog"
+        "net/http"
+        "net/url"
         "os"
-        "os/exec"
-        "path/filepath"
-        "sort"
         "strings"
-        "time"
-)
-
-const (
-        // cacheVersionDir is the repository-relative directory under `.git`
-        // containing the pre-commit cache layout (paths and oids).
-        cacheVersionDir = "drs/pre-commit/v1"
-)
-
-// PathEntry represents the per-path cache file format.
-// It maps a repository-relative path to the last recorded LFS OID and
-// a timestamp when the entry was updated.
-type PathEntry struct {
-        Path      string `json:"path"`
-        LFSOID    string `json:"lfs_oid"`
-        UpdatedAt string `json:"updated_at"`
-}
 
-// OIDEntry represents the per-OID cache file format.
-// It lists repository paths that referenced the OID, an optional
-// non-authoritative external URL hint, a timestamp and a flag that
-// indicates whether content changed for a path update.
-type OIDEntry struct {
-        LFSOID        string   `json:"lfs_oid"`
-        Paths         []string `json:"paths"`
-        ExternalURL   string   `json:"external_url,omitempty"` // non-authoritative hint
-        UpdatedAt     string   `json:"updated_at"`
-        ContentChange bool     `json:"content_changed"`
-}
+        localcommon "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        localdrsobject "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+        sycommon "github.com/calypr/syfon/client/common"
+        conf "github.com/calypr/syfon/client/config"
+        "github.com/calypr/syfon/client/hash"
+        syrequest "github.com/calypr/syfon/client/request"
+        "github.com/calypr/syfon/client/transfer"
+        syupload "github.com/calypr/syfon/client/transfer/upload"
+)
 
-// Cache provides read-only access to the `.git/drs/pre-commit` cache.
-// Use Open to construct an instance with correct paths resolved.
-type Cache struct {
-        GitDir    string
-        Root      string
-        PathsDir  string
-        OIDsDir   string
-        StatePath string
+var uploadBackendForRuntime = func(rt *pushRuntime) transfer.MultipartBackend <span class="cov0" title="0">{
+        if rt == nil || rt.API == nil || rt.API.Client == nil </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov0" title="0">return rt.API.Client.Data()</span>
 }
 
-// Open discovers the repository `.git` directory and returns a Cache
-// configured to read the repository's pre-commit cache layout.
-// Returns an error if git metadata cannot be resolved.
-func Open(ctx context.Context) (*Cache, error) <span class="cov1" title="1">{
-        gitDir, err := gitRevParseGitDir(ctx)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov1" title="1">root := filepath.Join(gitDir, cacheVersionDir)
-        return &amp;Cache{
-                GitDir:    gitDir,
-                Root:      root,
-                PathsDir:  filepath.Join(root, "paths"),
-                OIDsDir:   filepath.Join(root, "oids"),
-                StatePath: filepath.Join(root, "state.json"),
-        }, nil</span>
+type scopedUploadURLBackend struct {
+        transfer.MultipartBackend
+        rt *pushRuntime
 }
 
-//
-// Primary lookup helpers
-//
+func (b *scopedUploadURLBackend) ResolveUploadURL(ctx context.Context, guid string, filename string, metadata sycommon.FileMetadata, bucket string) (string, error) <span class="cov10" title="7">{
+        return resolveScopedUploadURL(b.rt, ctx, b.MultipartBackend, guid, filename)
+}</span>
 
-// LookupOIDByPath returns the cached LFS OID for a repo-relative path.
-// It returns (oid, true, nil) when present, (\"\", false, nil) when absent,
-// and an error if the underlying read failed.
-func (c *Cache) LookupOIDByPath(path string) (string, bool, error) <span class="cov1" title="1">{
-        pe, ok, err := c.ReadPathEntry(path)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return "", ok, err
-        }</span>
-        <span class="cov1" title="1">if pe.LFSOID == "" </span><span class="cov0" title="0">{
-                return "", false, nil
-        }</span>
-        <span class="cov1" title="1">return pe.LFSOID, true, nil</span>
+type pushScope struct {
+        Organization string
+        Project      string
+        Bucket       string
+        StoragePref  string
 }
 
-// LookupPathsByOID returns advisory repository-relative paths that recently
-// referenced the given LFS OID. Paths are returned sorted. Absent OID yields
-// (nil, false, nil).
-func (c *Cache) LookupPathsByOID(oid string) ([]string, bool, error) <span class="cov0" title="0">{
-        oe, ok, err := c.ReadOIDEntry(oid)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return nil, ok, err
-        }</span>
-        <span class="cov0" title="0">paths := append([]string(nil), oe.Paths...)
-        sort.Strings(paths)
-        return paths, true, nil</span>
+type pushTuning struct {
+        Upsert             bool
+        ForceUpload        bool
+        MultiPartThreshold int64
+        UploadConcurrency  int
 }
 
-// LookupExternalURLByOID returns the cached external URL hint for an OID.
-// Returns (\"\", false, nil) if the entry is missing or the hint is empty.
-func (c *Cache) LookupExternalURLByOID(oid string) (string, bool, error) <span class="cov5" title="2">{
-        oe, ok, err := c.ReadOIDEntry(oid)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return "", ok, err
-        }</span>
-        <span class="cov5" title="2">u := strings.TrimSpace(oe.ExternalURL)
-        if u == "" </span><span class="cov0" title="0">{
-                return "", false, nil
+type pushRuntime struct {
+        API        *config.GitContext
+        Credential *conf.Credential
+        Logger     *slog.Logger
+        Scope      pushScope
+        Tuning     pushTuning
+        ProbeURL   func(context.Context, string) error
+}
+
+func newPushRuntime(cl *config.GitContext) *pushRuntime <span class="cov6" title="3">{
+        if cl == nil </span><span class="cov4" title="2">{
+                return &amp;pushRuntime{}
+        }</span>
+        <span class="cov1" title="1">return &amp;pushRuntime{
+                API:        cl,
+                Credential: cl.Credential,
+                Logger:     cl.Logger,
+                Scope: pushScope{
+                        Organization: cl.Organization,
+                        Project:      cl.ProjectId,
+                        Bucket:       cl.BucketName,
+                        StoragePref:  cl.StoragePrefix,
+                },
+                Tuning: pushTuning{
+                        Upsert:             cl.Upsert,
+                        ForceUpload:        cl.ForceUpload,
+                        MultiPartThreshold: cl.MultiPartThreshold,
+                        UploadConcurrency:  cl.UploadConcurrency,
+                },
+                ProbeURL: newDownloadProbe(cl),
         }</span>
-        <span class="cov5" title="2">return u, true, nil</span>
 }
 
-// ResolveExternalURLByPath resolves a path -&gt; oid -&gt; external_url (hint).
-// Returns the external URL hint when available. Missing data yields
-// (\"\", false, nil).
-func (c *Cache) ResolveExternalURLByPath(path string) (string, bool, error) <span class="cov1" title="1">{
-        oid, ok, err := c.LookupOIDByPath(path)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return "", false, err
+// isFileDownloadable checks if a file is already available for download
+func isFileDownloadable(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject) (bool, error) <span class="cov0" title="0">{
+        // Try to get a download URL - if successful, file is downloadable
+        if drsObject.AccessMethods == nil || len(*drsObject.AccessMethods) == 0 </span><span class="cov0" title="0">{
+                return false, nil
         }</span>
-        <span class="cov1" title="1">return c.LookupExternalURLByOID(oid)</span>
+        <span class="cov0" title="0">accessType := (*drsObject.AccessMethods)[0].Type
+        res, err := rt.API.Client.DRS().GetAccessURL(ctx, drsObject.Id, string(accessType))
+        if err != nil </span><span class="cov0" title="0">{
+                // If we can't get a download URL, assume file is not downloadable
+                return false, nil
+        }</span>
+        <span class="cov0" title="0">if rt.ProbeURL == nil </span><span class="cov0" title="0">{
+                rt.ProbeURL = newDownloadProbe(rt.API)
+        }</span>
+        <span class="cov0" title="0">err = rt.ProbeURL(ctx, res.Url)
+        return err == nil, nil</span>
 }
 
-//
-// Lower-level file access
-//
+func uploadKeyFromObject(obj *drsapi.DrsObject, bucket string, storagePrefix string) string <span class="cov10" title="7">{
+        prefix := strings.Trim(strings.TrimSpace(storagePrefix), "/")
+        applyPrefix := func(key string) string </span><span class="cov10" title="7">{
+                key = strings.Trim(strings.TrimSpace(key), "/")
+                if key == "" </span><span class="cov0" title="0">{
+                        return ""
+                }</span>
+                <span class="cov10" title="7">if prefix == "" || key == prefix || strings.HasPrefix(key, prefix+"/") </span><span class="cov8" title="5">{
+                        return key
+                }</span>
+                <span class="cov4" title="2">return prefix + "/" + key</span>
+        }
 
-// ReadPathEntry reads and parses the JSON path entry for a repository-relative
-// path. Returns (entry, true, nil) on success, (nil, false, nil) if the file
-// does not exist, or an error on I/O/parse failure.
-func (c *Cache) ReadPathEntry(path string) (*PathEntry, bool, error) <span class="cov1" title="1">{
-        f := c.pathEntryFile(path)
-        b, err := os.ReadFile(f)
-        if err != nil </span><span class="cov0" title="0">{
-                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
-                        return nil, false, nil
+        <span class="cov10" title="7">if obj != nil &amp;&amp; obj.AccessMethods != nil &amp;&amp; len(*obj.AccessMethods) &gt; 0 </span><span class="cov1" title="1">{
+                raw := ""
+                if (*obj.AccessMethods)[0].AccessUrl != nil </span><span class="cov1" title="1">{
+                        raw = strings.TrimSpace((*obj.AccessMethods)[0].AccessUrl.Url)
                 }</span>
-                <span class="cov0" title="0">return nil, false, fmt.Errorf("read path entry %q: %w", f, err)</span>
+                <span class="cov1" title="1">if raw != "" </span><span class="cov1" title="1">{
+                        if u, err := url.Parse(raw); err == nil &amp;&amp; strings.EqualFold(u.Scheme, "s3") </span><span class="cov1" title="1">{
+                                // Preserve the full object key path from DRS metadata.
+                                // Taking only filepath.Base(...) loses CAS/storage prefixes and causes 404 downloads.
+                                key := strings.TrimSpace(strings.TrimPrefix(u.Path, "/"))
+                                if key != "" &amp;&amp; (bucket == "" || strings.EqualFold(strings.TrimSpace(u.Host), strings.TrimSpace(bucket))) </span><span class="cov0" title="0">{
+                                        return key
+                                }</span>
+                        }
+                }
         }
-        <span class="cov1" title="1">var pe PathEntry
-        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
-                return nil, false, fmt.Errorf("parse path entry %q: %w", f, err)
+        <span class="cov10" title="7">if obj != nil </span><span class="cov10" title="7">{
+                return applyPrefix(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
         }</span>
-        <span class="cov1" title="1">return &amp;pe, true, nil</span>
+        <span class="cov0" title="0">return ""</span>
 }
 
-// ReadOIDEntry reads and parses the JSON OID entry for an LFS OID string.
-// Returns (entry, true, nil) on success, (nil, false, nil) if missing,
-// or an error on I/O/parse failure.
-func (c *Cache) ReadOIDEntry(oid string) (*OIDEntry, bool, error) <span class="cov5" title="2">{
-        f := c.oidEntryFile(oid)
-        b, err := os.ReadFile(f)
-        if err != nil </span><span class="cov0" title="0">{
-                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
-                        return nil, false, nil
+func resolveUploadSourcePath(oid string, worktreePath string, isPointer bool) (string, bool, error) <span class="cov1" title="1">{
+        oid = localdrsobject.NormalizeOid(oid)
+        if oid == "" </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("empty oid")
+        }</span>
+
+        <span class="cov1" title="1">lfsObjPath, err := lfs.ObjectPath(localcommon.LFS_OBJS_PATH, oid)
+        if err == nil </span><span class="cov1" title="1">{
+                if st, statErr := os.Stat(lfsObjPath); statErr == nil &amp;&amp; !st.IsDir() &amp;&amp; st.Size() &gt; 0 </span><span class="cov0" title="0">{
+                        return lfsObjPath, true, nil
                 }</span>
-                <span class="cov0" title="0">return nil, false, fmt.Errorf("read oid entry %q: %w", f, err)</span>
         }
-        <span class="cov5" title="2">var oe OIDEntry
-        if err := json.Unmarshal(b, &amp;oe); err != nil </span><span class="cov0" title="0">{
-                return nil, false, fmt.Errorf("parse oid entry %q: %w", f, err)
+
+        <span class="cov1" title="1">if isPointer </span><span class="cov1" title="1">{
+                return "", false, nil
         }</span>
-        <span class="cov5" title="2">return &amp;oe, true, nil</span>
+
+        <span class="cov0" title="0">st, statErr := os.Stat(worktreePath)
+        if statErr != nil </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("stat worktree path %s: %w", worktreePath, statErr)
+        }</span>
+        <span class="cov0" title="0">if st.IsDir() </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("worktree path %s is a directory", worktreePath)
+        }</span>
+        <span class="cov0" title="0">return worktreePath, true, nil</span>
 }
 
-//
-// Validation helpers (optional)
-//
+func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject, filePath string, skipIfDownloadable bool) error <span class="cov10" title="7">{
+        hInfo := hash.ConvertDrsChecksumsToHashInfo(drsObject.Checksums)
+        if skipIfDownloadable </span><span class="cov0" title="0">{
+                rt.Logger.DebugContext(ctx, fmt.Sprintf("checking if oid %s is already downloadable", hInfo.SHA256))
+                downloadable, err := isFileDownloadable(rt, ctx, drsObject)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error checking if file is downloadable: oid %s %v", hInfo.SHA256, err)
+                }</span>
+                <span class="cov0" title="0">if downloadable </span><span class="cov0" title="0">{
+                        rt.Logger.DebugContext(ctx, fmt.Sprintf("file %s is already available for download, skipping upload", hInfo.SHA256))
+                        return nil
+                }</span>
+        }
 
-// CheckExternalURLMismatch compares a cached external URL hint against an
-// authoritative URL. If either value is empty this is a no-op. When both are
-// non-empty and differ an error describing the mismatch is returned.
-func CheckExternalURLMismatch(localHint, authoritative string) error <span class="cov8" title="3">{
-        l := strings.TrimSpace(localHint)
-        a := strings.TrimSpace(authoritative)
-        if l == "" || a == "" </span><span class="cov1" title="1">{
-                return nil
+        <span class="cov10" title="7">rt.Logger.DebugContext(ctx, fmt.Sprintf("file %s is not downloadable, proceeding to upload", hInfo.SHA256))
+        multiPartThreshold := int64(5 * 1024 * 1024 * 1024)
+        if rt.Tuning.MultiPartThreshold &gt; 0 </span><span class="cov10" title="7">{
+                multiPartThreshold = rt.Tuning.MultiPartThreshold
         }</span>
-        <span class="cov5" title="2">if l != a </span><span class="cov1" title="1">{
-                return fmt.Errorf(
-                        "external URL mismatch: cache=%q authoritative=%q",
-                        l, a,
+        <span class="cov10" title="7">fileStat, statErr := os.Stat(filePath)
+        if statErr != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error stat file %s: %v", filePath, statErr)
+        }</span>
+        <span class="cov10" title="7">fileSize := fileStat.Size()
+        drsSize := drsObject.Size
+        if drsSize != fileSize </span><span class="cov7" title="4">{
+                rt.Logger.WarnContext(ctx, "drs metadata size differs from local source size; using local file size for upload mode decision",
+                        "did", drsObject.Id,
+                        "path", filePath,
+                        "drs_size", drsSize,
+                        "file_size", fileSize,
                 )
         }</span>
-        <span class="cov1" title="1">return nil</span>
-}
 
-// StaleAfter reports whether a JSON entry with the given updatedAt RFC3339
-// timestamp is older than maxAge. Returns false if the timestamp cannot be parsed.
-func StaleAfter(updatedAt string, maxAge time.Duration) bool <span class="cov5" title="2">{
-        t, err := time.Parse(time.RFC3339, updatedAt)
-        if err != nil </span><span class="cov1" title="1">{
-                return false
+        <span class="cov10" title="7">objectKey := uploadKeyFromObject(drsObject, rt.Scope.Bucket, rt.Scope.StoragePref)
+        rt.Logger.DebugContext(ctx, "uploading via data-client orchestrator",
+                "size", fileSize,
+                "path", filePath,
+                "threshold", multiPartThreshold,
+        )
+        forceMultipart := fileSize &gt;= multiPartThreshold
+        rt.Logger.DebugContext(ctx, "uploading via syfon transfer engine",
+                "did", drsObject.Id,
+                "size", fileSize,
+                "threshold", multiPartThreshold,
+                "forceMultipart", forceMultipart,
+        )
+        backend := uploadBackendForRuntime(rt)
+        if backend == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("upload backend is required")
         }</span>
-        <span class="cov1" title="1">return time.Since(t) &gt; maxAge</span>
+        <span class="cov10" title="7">if strings.TrimSpace(rt.Scope.Organization) != "" &amp;&amp; strings.TrimSpace(rt.Scope.Project) != "" </span><span class="cov10" title="7">{
+                backend = &amp;scopedUploadURLBackend{MultipartBackend: backend, rt: rt}
+        }</span>
+        <span class="cov10" title="7">if forceMultipart </span><span class="cov0" title="0">{
+                if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, true); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("upload error: %w", err)
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        }
+        <span class="cov10" title="7">if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, false); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("upload error: %w", err)
+        }</span>
+        <span class="cov10" title="7">return nil</span>
 }
 
-//
-// Filename / encoding helpers
-//
-
-// pathEntryFile returns the filesystem path to the JSON file for the given
-// repository-relative path within the Cache.PathsDir.
-func (c *Cache) pathEntryFile(path string) string <span class="cov5" title="2">{
-        return filepath.Join(c.PathsDir, EncodePath(path)+".json")
-}</span>
-
-// oidEntryFile returns the filesystem path to the JSON file for the given
-// LFS OID. Files are named by sha256(oid) to avoid filesystem restrictions.
-func (c *Cache) oidEntryFile(oid string) string <span class="cov10" title="4">{
-        sum := sha256.Sum256([]byte(oid))
-        return filepath.Join(c.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
-}</span>
+func resolveScopedUploadURL(rt *pushRuntime, ctx context.Context, backend transfer.MultipartBackend, did, objectKey string) (string, error) <span class="cov10" title="7">{
+        organization := strings.TrimSpace(rt.Scope.Organization)
+        project := strings.TrimSpace(rt.Scope.Project)
+        if organization == "" || project == "" </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("upload scope organization/project is required")
+        }</span>
 
-// EncodePath returns a filesystem-safe base64 raw-URL encoding for a path.
-// The encoding is reversible by DecodePath.
-func EncodePath(path string) string <span class="cov8" title="3">{
-        return base64.RawURLEncoding.EncodeToString([]byte(path))
-}</span>
+        <span class="cov10" title="7">if rt.API != nil &amp;&amp; rt.API.Client != nil &amp;&amp; rt.API.Client.Requestor() != nil </span><span class="cov1" title="1">{
+                query := url.Values{}
+                query.Set("organization", organization)
+                query.Set("project", project)
+                query.Set("file_name", objectKey)
+                var out internalapi.InternalSignedURL
+                if err := rt.API.Client.Requestor().Do(ctx, http.MethodGet, "/data/upload/"+url.PathEscape(did), nil, &amp;out, syrequest.WithQueryValues(query)); err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov1" title="1">if out.Url == nil || strings.TrimSpace(*out.Url) == "" </span><span class="cov0" title="0">{
+                        return "", fmt.Errorf("response missing URL")
+                }</span>
+                <span class="cov1" title="1">return *out.Url, nil</span>
+        }
 
-// DecodePath decodes a value produced by EncodePath back to the original path.
-// Returns an error if the input is not valid base64 raw-URL.
-func DecodePath(encoded string) (string, error) <span class="cov1" title="1">{
-        b, err := base64.RawURLEncoding.DecodeString(encoded)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+        <span class="cov9" title="6">resolver, ok := backend.(interface {
+                ResolveUploadURL(context.Context, string, string, sycommon.FileMetadata, string) (string, error)
+        })
+        if !ok </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("upload backend cannot resolve upload URLs")
         }</span>
-        <span class="cov1" title="1">return string(b), nil</span>
+        <span class="cov9" title="6">metadata := sycommon.FileMetadata{
+                Authorizations: map[string][]string{
+                        organization: {project},
+                },
+        }
+        return resolver.ResolveUploadURL(ctx, did, objectKey, metadata, "")</span>
 }
 
-//
-// Git helpers
-//
+func scopedUploadMetadata(rt *pushRuntime) sycommon.FileMetadata <span class="cov10" title="7">{
+        organization := strings.TrimSpace(rt.Scope.Organization)
+        project := strings.TrimSpace(rt.Scope.Project)
+        if organization == "" || project == "" </span><span class="cov0" title="0">{
+                return sycommon.FileMetadata{}
+        }</span>
+        <span class="cov10" title="7">return sycommon.FileMetadata{
+                Authorizations: map[string][]string{
+                        organization: {project},
+                },
+        }</span>
+}
 
-// gitRevParseGitDir runs `git rev-parse --git-dir` (and `--show-toplevel` if
-// necessary) to return an absolute path to the repository `.git` directory.
-// Returns an error when git fails or the result cannot be resolved.
-func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov1" title="1">{
-        out, err := git(ctx, "rev-parse", "--git-dir")
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error <span class="cov1" title="1">{
+        httpClient := http.DefaultClient
+        if cl != nil &amp;&amp; cl.Client != nil &amp;&amp; cl.Client.HTTPClient() != nil </span><span class="cov1" title="1">{
+                httpClient = cl.Client.HTTPClient()
         }</span>
-        <span class="cov1" title="1">gitDir := strings.TrimSpace(string(out))
-        if gitDir == "" </span><span class="cov0" title="0">{
-                return "", errors.New("could not determine .git dir")
+        <span class="cov1" title="1">return func(ctx context.Context, rawURL string) error </span><span class="cov0" title="0">{
+                return probeDownloadURL(ctx, httpClient, rawURL)
         }</span>
-        <span class="cov1" title="1">if !filepath.IsAbs(gitDir) </span><span class="cov1" title="1">{
-                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
-                if err != nil </span><span class="cov0" title="0">{
-                        return "", err
-                }</span>
-                <span class="cov1" title="1">root := strings.TrimSpace(string(rootOut))
-                gitDir = filepath.Join(root, gitDir)</span>
-        }
-        <span class="cov1" title="1">return gitDir, nil</span>
 }
 
-// git executes a git command and returns combined output. If git exits with
-// a non-zero status the returned error includes the command and stderr/stdout.
-func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov5" title="2">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Env = os.Environ()
-        out, err := cmd.CombinedOutput()
+func probeDownloadURL(ctx context.Context, httpClient *http.Client, rawURL string) error <span class="cov0" title="0">{
+        req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf(
-                        "git %s: %s",
-                        strings.Join(args, " "),
-                        strings.TrimSpace(string(out)),
-                )
+                return err
         }</span>
-        <span class="cov5" title="2">return out, nil</span>
+        <span class="cov0" title="0">req.Header.Set("Range", "bytes=0-0")
+        if httpClient == nil </span><span class="cov0" title="0">{
+                httpClient = http.DefaultClient
+        }</span>
+        <span class="cov0" title="0">resp, err := httpClient.Do(req)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">defer resp.Body.Close()
+        if resp.StatusCode &gt;= 400 </span><span class="cov0" title="0">{
+                return fmt.Errorf("download probe failed with status %d", resp.StatusCode)
+        }</span>
+        <span class="cov0" title="0">return nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file54" style="display: none">// Package version reports the Git-DRS version.
+		<pre class="file" id="file67" style="display: none">// Package version reports the Git-DRS version.
 package version
 
 import "fmt"
diff --git a/coverage/combined.out b/coverage/combined.out
index 73a84998..663fda70 100644
--- a/coverage/combined.out
+++ b/coverage/combined.out
@@ -92,8 +92,8 @@ github.com/calypr/git-drs/cmd/bucket/main.go:244.71,246.4 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:248.2,248.17 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:248.17,249.58 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:249.58,251.19 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:251.19,252.117 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:252.117,255.6 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:251.19,252.121 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:252.121,255.6 2 0
 github.com/calypr/git-drs/cmd/bucket/main.go:259.2,259.17 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:259.17,261.3 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:263.2,264.20 2 0
@@ -136,20 +136,113 @@ github.com/calypr/git-drs/cmd/bucket/main.go:354.2,354.12 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:357.13,367.79 9 1
 github.com/calypr/git-drs/cmd/bucket/main.go:367.79,375.3 7 2
 github.com/calypr/git-drs/cmd/bucket/main.go:377.2,379.31 3 1
-github.com/calypr/git-drs/cmd/install/main.go:17.34,23.55 1 2
-github.com/calypr/git-drs/cmd/install/main.go:23.55,24.22 1 1
-github.com/calypr/git-drs/cmd/install/main.go:24.22,27.5 2 1
-github.com/calypr/git-drs/cmd/install/main.go:28.4,28.14 1 0
-github.com/calypr/git-drs/cmd/install/main.go:30.55,32.4 1 0
-github.com/calypr/git-drs/cmd/install/main.go:36.62,47.35 2 2
-github.com/calypr/git-drs/cmd/install/main.go:47.35,48.82 1 5
-github.com/calypr/git-drs/cmd/install/main.go:48.82,50.4 1 1
-github.com/calypr/git-drs/cmd/install/main.go:53.2,53.12 1 1
-github.com/calypr/git-drs/cmd/install/main.go:56.51,59.16 3 0
-github.com/calypr/git-drs/cmd/install/main.go:59.16,61.20 2 0
-github.com/calypr/git-drs/cmd/install/main.go:61.20,63.4 1 0
-github.com/calypr/git-drs/cmd/install/main.go:64.3,64.84 1 0
-github.com/calypr/git-drs/cmd/install/main.go:66.2,66.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:41.54,44.17 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:44.17,46.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:48.3,51.21 4 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:51.21,54.4 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:54.9,58.4 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:60.3,61.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:61.17,63.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:64.3,64.44 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:64.44,66.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:67.3,68.37 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:68.37,70.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:72.3,73.20 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:73.20,75.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:77.3,78.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:78.17,80.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:82.3,83.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:83.17,85.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:86.3,87.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:87.17,89.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:91.3,92.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:92.17,94.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:96.3,107.13 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:111.13,113.2 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:115.56,117.15 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:117.15,119.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:120.2,121.21 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:121.21,123.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:124.2,126.32 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:126.32,128.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:129.2,129.26 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:132.150,133.20 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:133.20,135.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:137.2,139.6 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:139.6,146.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:146.17,148.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:149.3,150.30 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:150.30,152.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:153.3,153.24 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:153.24,154.9 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:156.3,159.17 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:159.17,161.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:162.3,166.23 4 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:166.23,168.18 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:168.18,170.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:171.4,171.27 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:171.27,173.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:173.10,175.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:178.3,178.20 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:178.20,189.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:191.3,191.31 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:191.31,192.9 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:194.3,194.9 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:197.2,197.19 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:200.144,202.22 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:202.22,204.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:206.2,207.29 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:207.29,209.16 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:209.16,210.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:212.3,212.27 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:215.2,216.16 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:216.16,218.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:219.2,220.31 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:220.31,222.3 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:224.2,225.29 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:225.29,227.16 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:227.16,228.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:230.3,230.43 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:230.43,232.15 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:232.15,235.5 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:235.10,237.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:238.4,238.12 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:240.3,241.18 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:244.2,244.24 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:247.98,252.69 4 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:252.69,255.3 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:257.2,258.69 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:258.69,261.3 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:263.2,263.24 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:266.95,281.2 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:283.56,286.48 3 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:286.48,287.18 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:287.18,288.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:290.3,290.29 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:290.29,292.17 2 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:292.17,293.13 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:295.4,295.30 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:295.30,296.13 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:298.4,299.26 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:302.2,302.19 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:302.19,304.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:305.2,305.13 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:308.84,311.61 3 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:311.61,312.18 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:312.18,313.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:315.3,315.32 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:315.32,317.30 2 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:317.30,318.13 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:320.4,321.29 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:324.2,324.19 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:324.19,326.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:327.2,327.13 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:330.63,332.16 2 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:332.16,334.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:335.2,335.18 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:338.47,340.2 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:342.66,344.2 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:346.31,350.2 3 4
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:23.54,24.21 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:24.21,26.4 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:27.3,27.18 1 0
@@ -170,8 +263,8 @@ github.com/calypr/git-drs/cmd/credentialhelper/main.go:64.109,66.4 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:69.3,71.17 3 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:71.17,72.19 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:72.19,74.5 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:75.4,75.102 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:75.102,78.20 3 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:75.4,75.106 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:75.106,78.20 3 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:78.20,80.6 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:84.3,84.18 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:84.18,86.4 1 0
@@ -202,159 +295,41 @@ github.com/calypr/git-drs/cmd/credentialhelper/main.go:155.16,157.3 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:158.2,158.42 1 3
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:158.42,160.3 1 0
 github.com/calypr/git-drs/cmd/credentialhelper/main.go:162.2,162.49 1 3
-github.com/calypr/git-drs/cmd/precommit/main.go:76.54,78.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:81.13,83.33 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:83.33,88.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:91.37,93.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:93.16,95.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:97.2,102.53 5 0
-github.com/calypr/git-drs/cmd/precommit/main.go:102.53,104.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:105.2,105.52 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:105.52,107.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:108.2,111.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:111.16,113.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:114.2,114.23 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:114.23,116.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:118.2,122.29 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:122.29,123.28 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:123.28,124.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:129.3,130.17 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:130.17,132.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:135.3,138.15 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:138.15,140.106 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:140.106,142.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:145.4,149.19 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:149.19,151.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:154.4,154.99 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:154.99,156.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:157.9,160.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:164.2,164.29 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:164.29,165.18 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:166.28,167.80 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:167.80,169.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:170.19,172.80 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:172.80,174.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:177.19,178.90 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:178.90,180.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:184.2,184.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:187.83,189.16 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:189.16,192.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:193.2,193.12 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:193.12,196.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:198.2,203.49 4 1
-github.com/calypr/git-drs/cmd/precommit/main.go:203.49,205.43 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:205.43,207.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:211.2,215.17 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:215.17,217.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:220.2,221.89 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:221.89,223.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:226.2,226.20 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:226.20,228.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:230.2,230.12 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:233.93,237.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:237.16,240.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:241.2,242.47 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:242.47,246.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:248.2,251.21 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:251.21,253.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:256.2,262.12 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:272.59,274.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:274.16,276.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:277.2,279.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:279.16,281.36 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:281.36,282.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:284.3,285.21 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:285.21,286.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:288.3,289.10 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:290.22,291.87 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:292.22,293.90 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:294.22,295.90 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:296.58,297.109 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:298.11,298.11 0 0
-github.com/calypr/git-drs/cmd/precommit/main.go:302.2,302.33 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:302.33,304.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:305.2,305.21 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:310.75,312.16 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:312.16,315.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:319.2,323.16 4 2
-github.com/calypr/git-drs/cmd/precommit/main.go:323.16,325.26 2 3
-github.com/calypr/git-drs/cmd/precommit/main.go:325.26,327.12 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:329.3,329.45 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:329.45,332.17 3 1
-github.com/calypr/git-drs/cmd/precommit/main.go:332.17,334.5 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:338.3,338.27 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:338.27,339.9 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:342.2,342.33 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:342.33,344.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:346.2,346.26 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:346.26,348.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:349.2,349.23 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:352.61,354.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:354.16,356.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:357.2,358.18 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:358.18,360.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:362.2,362.29 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:362.29,364.17 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:364.17,366.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:367.3,368.39 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:370.2,370.20 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:373.63,379.34 6 2
-github.com/calypr/git-drs/cmd/precommit/main.go:379.34,382.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:382.16,384.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:385.3,385.69 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:387.2,387.28 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:392.50,394.2 1 3
-github.com/calypr/git-drs/cmd/precommit/main.go:396.37,399.2 1 3
-github.com/calypr/git-drs/cmd/precommit/main.go:401.47,406.2 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:414.97,422.42 3 1
-github.com/calypr/git-drs/cmd/precommit/main.go:422.42,426.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:428.2,429.32 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:429.32,431.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:433.2,433.19 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:433.19,435.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:436.2,436.19 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:436.19,438.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:440.2,444.34 4 1
-github.com/calypr/git-drs/cmd/precommit/main.go:447.58,451.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:451.16,453.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:454.2,455.50 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:455.50,457.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:458.2,459.32 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:459.32,460.16 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:460.16,461.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:463.3,463.24 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:465.2,472.34 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:475.49,477.19 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:477.19,479.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:480.2,481.12 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:486.48,488.48 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:488.48,490.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:492.2,494.16 3 2
-github.com/calypr/git-drs/cmd/precommit/main.go:494.16,496.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:497.2,497.15 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:497.15,497.32 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:499.2,501.38 3 2
-github.com/calypr/git-drs/cmd/precommit/main.go:501.38,504.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:505.2,505.33 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:505.33,508.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:509.2,509.34 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:509.34,512.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:513.2,513.29 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:516.48,518.62 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:518.62,520.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:522.2,522.44 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:522.44,524.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:524.8,524.43 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:524.43,526.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:528.2,529.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:529.16,531.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:532.2,535.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:535.16,537.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:539.2,539.44 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:539.44,542.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:543.2,543.36 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:543.36,545.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:546.2,546.23 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:29.54,33.51 2 2
+github.com/calypr/git-drs/cmd/delete/main.go:33.51,35.4 1 1
+github.com/calypr/git-drs/cmd/delete/main.go:37.3,40.17 3 1
+github.com/calypr/git-drs/cmd/delete/main.go:40.17,42.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:44.3,45.17 2 1
+github.com/calypr/git-drs/cmd/delete/main.go:45.17,47.4 1 1
+github.com/calypr/git-drs/cmd/delete/main.go:49.3,50.17 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:50.17,53.4 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:56.3,57.17 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:57.17,59.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:60.3,60.24 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:60.24,62.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:65.3,65.19 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:65.19,73.24 8 0
+github.com/calypr/git-drs/cmd/delete/main.go:73.24,75.5 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:76.4,84.18 3 0
+github.com/calypr/git-drs/cmd/delete/main.go:84.18,86.5 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:90.3,91.17 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:91.17,93.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:95.3,96.13 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:100.13,103.2 2 1
+github.com/calypr/git-drs/cmd/install/main.go:17.34,23.55 1 2
+github.com/calypr/git-drs/cmd/install/main.go:23.55,24.22 1 1
+github.com/calypr/git-drs/cmd/install/main.go:24.22,27.5 2 1
+github.com/calypr/git-drs/cmd/install/main.go:28.4,28.14 1 0
+github.com/calypr/git-drs/cmd/install/main.go:30.55,32.4 1 0
+github.com/calypr/git-drs/cmd/install/main.go:36.62,47.35 2 2
+github.com/calypr/git-drs/cmd/install/main.go:47.35,48.82 1 5
+github.com/calypr/git-drs/cmd/install/main.go:48.82,50.4 1 1
+github.com/calypr/git-drs/cmd/install/main.go:53.2,53.12 1 1
+github.com/calypr/git-drs/cmd/install/main.go:56.51,59.16 3 0
+github.com/calypr/git-drs/cmd/install/main.go:59.16,61.20 2 0
+github.com/calypr/git-drs/cmd/install/main.go:61.20,63.4 1 0
+github.com/calypr/git-drs/cmd/install/main.go:64.3,64.84 1 0
+github.com/calypr/git-drs/cmd/install/main.go:66.2,66.12 1 0
 github.com/calypr/git-drs/cmd/addurl/cache.go:42.109,43.19 1 4
 github.com/calypr/git-drs/cmd/addurl/cache.go:43.19,45.3 1 0
 github.com/calypr/git-drs/cmd/addurl/cache.go:47.2,48.16 2 4
@@ -452,7 +427,7 @@ github.com/calypr/git-drs/cmd/addurl/io.go:49.53,51.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:53.2,53.132 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:53.132,55.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:56.2,56.12 1 0
-github.com/calypr/git-drs/cmd/addurl/io.go:61.157,97.16 1 1
+github.com/calypr/git-drs/cmd/addurl/io.go:61.159,97.16 1 1
 github.com/calypr/git-drs/cmd/addurl/io.go:97.16,99.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:100.2,100.12 1 1
 github.com/calypr/git-drs/cmd/addurl/io.go:106.52,108.48 2 9
@@ -462,37 +437,61 @@ github.com/calypr/git-drs/cmd/addurl/io.go:113.16,115.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:116.2,116.55 1 9
 github.com/calypr/git-drs/cmd/addurl/io.go:116.55,118.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:119.2,119.29 1 9
-github.com/calypr/git-drs/cmd/addurl/main.go:13.34,17.55 1 4
+github.com/calypr/git-drs/cmd/addurl/main.go:13.34,17.55 1 5
 github.com/calypr/git-drs/cmd/addurl/main.go:17.55,18.38 1 0
 github.com/calypr/git-drs/cmd/addurl/main.go:18.38,20.5 1 0
 github.com/calypr/git-drs/cmd/addurl/main.go:21.4,21.14 1 0
-github.com/calypr/git-drs/cmd/addurl/main.go:25.2,26.12 2 4
-github.com/calypr/git-drs/cmd/addurl/main.go:30.35,36.2 1 4
-github.com/calypr/git-drs/cmd/addurl/main.go:39.63,41.2 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:23.79,27.16 3 3
-github.com/calypr/git-drs/cmd/addurl/params.go:27.16,29.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:31.2,32.16 2 3
-github.com/calypr/git-drs/cmd/addurl/params.go:32.16,34.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:36.2,49.8 1 3
-github.com/calypr/git-drs/cmd/addurl/params.go:54.70,55.20 1 3
-github.com/calypr/git-drs/cmd/addurl/params.go:55.20,57.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:58.2,59.16 2 3
-github.com/calypr/git-drs/cmd/addurl/params.go:59.16,61.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:62.2,62.45 1 3
-github.com/calypr/git-drs/cmd/addurl/params.go:65.45,66.27 1 12
-github.com/calypr/git-drs/cmd/addurl/params.go:66.27,68.14 2 30
-github.com/calypr/git-drs/cmd/addurl/params.go:68.14,70.4 1 4
-github.com/calypr/git-drs/cmd/addurl/params.go:72.2,72.11 1 8
+github.com/calypr/git-drs/cmd/addurl/main.go:25.2,26.12 2 5
+github.com/calypr/git-drs/cmd/addurl/main.go:30.35,41.2 2 5
+github.com/calypr/git-drs/cmd/addurl/main.go:44.63,46.2 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:25.79,29.16 3 4
+github.com/calypr/git-drs/cmd/addurl/params.go:29.16,31.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:33.2,34.16 2 4
+github.com/calypr/git-drs/cmd/addurl/params.go:34.16,36.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:37.2,38.16 2 4
+github.com/calypr/git-drs/cmd/addurl/params.go:38.16,40.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:42.2,47.8 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:52.70,53.20 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:53.20,55.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:56.2,56.34 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:56.34,58.17 2 3
+github.com/calypr/git-drs/cmd/addurl/params.go:58.17,60.4 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:61.3,61.46 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:63.2,63.61 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:66.88,76.2 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:78.41,80.16 2 7
+github.com/calypr/git-drs/cmd/addurl/params.go:80.16,82.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:83.2,83.39 1 7
+github.com/calypr/git-drs/cmd/addurl/params.go:83.39,85.3 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:86.2,86.54 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:87.52,88.41 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:89.10,90.15 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:94.93,95.40 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:95.40,97.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:98.2,98.24 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:98.24,100.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:101.2,102.22 2 1
+github.com/calypr/git-drs/cmd/addurl/params.go:103.12,104.59 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:105.19,106.59 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:107.22,108.137 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:109.10,110.112 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:114.47,116.64 2 1
+github.com/calypr/git-drs/cmd/addurl/params.go:116.64,118.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:119.2,119.61 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:119.61,121.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:122.2,122.28 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:125.45,126.27 1 8
+github.com/calypr/git-drs/cmd/addurl/params.go:126.27,128.14 2 20
+github.com/calypr/git-drs/cmd/addurl/params.go:128.14,130.4 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:132.2,132.11 1 4
 github.com/calypr/git-drs/cmd/addurl/scope.go:10.140,13.19 3 3
 github.com/calypr/git-drs/cmd/addurl/scope.go:13.19,15.3 1 0
 github.com/calypr/git-drs/cmd/addurl/scope.go:17.2,23.16 2 3
 github.com/calypr/git-drs/cmd/addurl/scope.go:23.16,25.3 1 0
 github.com/calypr/git-drs/cmd/addurl/scope.go:26.2,26.42 1 3
-github.com/calypr/git-drs/cmd/addurl/service.go:31.40,40.2 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:46.70,48.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:48.16,50.3 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:52.2,53.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:53.16,55.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:35.40,44.2 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:51.70,53.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:53.16,55.3 1 1
 github.com/calypr/git-drs/cmd/addurl/service.go:57.2,58.16 2 1
 github.com/calypr/git-drs/cmd/addurl/service.go:58.16,60.3 1 0
 github.com/calypr/git-drs/cmd/addurl/service.go:62.2,63.16 2 1
@@ -501,247 +500,422 @@ github.com/calypr/git-drs/cmd/addurl/service.go:67.2,68.16 2 1
 github.com/calypr/git-drs/cmd/addurl/service.go:68.16,70.3 1 0
 github.com/calypr/git-drs/cmd/addurl/service.go:72.2,73.16 2 1
 github.com/calypr/git-drs/cmd/addurl/service.go:73.16,75.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:77.2,77.119 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:77.119,79.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:81.2,82.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:82.16,84.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:86.2,86.80 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:86.80,88.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:90.2,90.92 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:90.92,92.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:94.2,94.81 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:94.81,96.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:98.2,99.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:99.16,101.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:103.2,104.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:104.16,106.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:108.2,109.25 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:109.25,111.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:113.2,114.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:114.16,116.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:118.2,127.80 5 1
-github.com/calypr/git-drs/cmd/addurl/service.go:127.80,129.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:131.2,131.12 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:138.143,140.24 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:140.24,142.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:144.2,145.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:145.16,147.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:148.2,149.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:149.16,151.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:152.2,152.100 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:152.100,154.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:155.2,155.17 1 1
-github.com/calypr/git-drs/cmd/fetch/main.go:13.68,16.2 2 0
-github.com/calypr/git-drs/cmd/fetch/main.go:22.54,23.20 1 3
-github.com/calypr/git-drs/cmd/fetch/main.go:23.20,26.4 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:27.3,27.13 1 2
-github.com/calypr/git-drs/cmd/fetch/main.go:29.54,33.17 3 2
-github.com/calypr/git-drs/cmd/fetch/main.go:33.17,35.4 1 0
-github.com/calypr/git-drs/cmd/fetch/main.go:37.3,38.20 2 2
-github.com/calypr/git-drs/cmd/fetch/main.go:38.20,40.4 1 1
-github.com/calypr/git-drs/cmd/fetch/main.go:40.9,42.18 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:42.18,45.5 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:48.3,49.17 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:49.17,52.4 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:53.3,56.17 3 0
-github.com/calypr/git-drs/cmd/fetch/main.go:56.17,58.17 2 0
-github.com/calypr/git-drs/cmd/fetch/main.go:58.17,60.5 1 0
-github.com/calypr/git-drs/cmd/fetch/main.go:61.4,61.75 1 0
-github.com/calypr/git-drs/cmd/fetch/main.go:64.3,64.13 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:27.54,32.17 4 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:32.17,34.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:36.3,37.17 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:37.17,39.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:41.3,42.17 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:42.17,45.4 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:47.3,49.26 3 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:49.26,51.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:54.3,60.17 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:60.17,62.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:65.3,65.52 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:65.52,67.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:68.3,68.31 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:68.31,73.65 4 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:73.65,77.57 4 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:77.57,79.6 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:80.5,80.27 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:80.27,82.6 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:83.10,85.5 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:87.4,90.155 3 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:90.155,92.5 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:96.3,101.17 3 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:101.17,103.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:105.3,106.13 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:110.13,113.2 2 1
-github.com/calypr/git-drs/cmd/delete/main.go:29.54,33.51 2 2
-github.com/calypr/git-drs/cmd/delete/main.go:33.51,35.4 1 1
-github.com/calypr/git-drs/cmd/delete/main.go:37.3,40.17 3 1
-github.com/calypr/git-drs/cmd/delete/main.go:40.17,42.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:44.3,45.17 2 1
-github.com/calypr/git-drs/cmd/delete/main.go:45.17,47.4 1 1
-github.com/calypr/git-drs/cmd/delete/main.go:49.3,50.17 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:50.17,53.4 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:56.3,57.17 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:57.17,59.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:60.3,60.24 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:60.24,62.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:65.3,65.19 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:65.19,73.24 8 0
-github.com/calypr/git-drs/cmd/delete/main.go:73.24,75.5 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:76.4,84.18 3 0
-github.com/calypr/git-drs/cmd/delete/main.go:84.18,86.5 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:90.3,91.17 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:91.17,93.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:95.3,96.13 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:100.13,103.2 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:77.2,78.25 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:78.25,80.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:82.2,83.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:83.16,85.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:87.2,88.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:88.16,90.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:92.2,93.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:93.16,95.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:97.2,98.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:98.16,100.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:102.2,103.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:103.16,105.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:107.2,107.119 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:107.119,109.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:111.2,112.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:112.16,114.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:116.2,116.80 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:116.80,118.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:120.2,120.92 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:120.92,122.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:124.2,124.81 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:124.81,126.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:128.2,137.80 5 1
+github.com/calypr/git-drs/cmd/addurl/service.go:137.80,139.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:141.2,141.12 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:150.120,153.35 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:153.35,158.3 4 0
+github.com/calypr/git-drs/cmd/addurl/service.go:158.8,161.17 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:161.17,163.4 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:166.2,166.22 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:166.22,167.68 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:167.68,173.4 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:173.9,181.4 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:184.2,184.86 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:184.86,186.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:187.2,187.20 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:194.145,197.24 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:197.24,199.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:201.2,201.70 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:204.81,207.13 3 5
+github.com/calypr/git-drs/cmd/addurl/service.go:207.13,209.3 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:210.2,210.15 1 4
+github.com/calypr/git-drs/cmd/addurl/service.go:210.15,212.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:213.2,214.39 2 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:31.81,31.120 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:32.116,34.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:35.143,36.25 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:36.25,38.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:39.3,39.50 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:58.68,59.44 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:59.44,61.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:63.2,65.16 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:65.16,67.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:69.2,71.29 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:71.29,73.51 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:73.51,74.12 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:76.3,76.27 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:78.2,79.18 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:82.48,85.16 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:85.16,87.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:89.2,91.29 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:91.29,93.17 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:93.17,94.12 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:96.3,96.34 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:98.2,99.21 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:102.43,104.30 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:104.30,105.60 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:105.60,107.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:110.2,111.37 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:111.37,113.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:114.2,114.33 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:114.33,115.30 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:115.30,117.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:119.2,119.23 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:119.23,121.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:122.2,122.11 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:125.130,129.16 3 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:129.16,131.17 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:131.17,133.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:135.3,136.17 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:136.17,139.4 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:141.3,142.17 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:142.17,144.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:147.2,151.44 2 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:151.44,153.17 2 3
+github.com/calypr/git-drs/cmd/lsfiles/main.go:153.17,155.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:158.2,159.16 2 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:159.16,161.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:162.2,162.66 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:162.66,164.27 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:164.27,166.18 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:166.18,168.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:169.4,169.21 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:169.21,171.19 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:171.19,173.6 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:178.2,179.29 2 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:179.29,181.3 1 9
+github.com/calypr/git-drs/cmd/lsfiles/main.go:182.2,187.16 5 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:187.16,190.29 3 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:190.29,191.44 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:191.44,192.13 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:194.4,195.17 2 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:195.17,196.13 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:198.4,198.42 1 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:198.42,199.13 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:201.4,202.28 2 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:204.3,204.83 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:206.2,206.28 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:206.28,207.43 1 9
+github.com/calypr/git-drs/cmd/lsfiles/main.go:207.43,208.12 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:210.3,218.20 4 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:218.20,220.4 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:222.3,222.17 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:222.17,223.11 1 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:224.29,225.38 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:226.12,228.26 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:228.26,230.11 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:232.5,234.33 3 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:234.33,236.6 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:237.5,237.47 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:241.3,241.27 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:244.2,244.18 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:247.58,248.16 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:248.16,252.3 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:253.2,253.27 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:253.27,254.10 1 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:255.17,256.71 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:256.71,258.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:259.18,261.16 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:261.16,263.5 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:264.4,265.20 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:265.20,267.5 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:268.4,268.113 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:268.113,270.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:271.11,273.16 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:273.16,275.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:276.4,276.101 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:276.101,278.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:281.2,281.12 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:284.34,285.20 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:285.20,287.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:288.2,288.17 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:291.36,293.16 2 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:293.16,295.3 1 6
+github.com/calypr/git-drs/cmd/lsfiles/main.go:296.2,297.12 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:300.34,301.28 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:301.28,303.3 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:304.2,304.26 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:304.26,306.3 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:307.2,307.12 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:315.54,316.47 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:316.47,318.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:319.3,322.17 4 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:322.17,324.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:325.3,325.30 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:329.13,337.2 7 1
 github.com/calypr/git-drs/cmd/initialize/main.go:33.54,34.21 1 2
 github.com/calypr/git-drs/cmd/initialize/main.go:34.21,37.4 2 1
 github.com/calypr/git-drs/cmd/initialize/main.go:38.3,38.13 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:40.54,45.17 3 1
-github.com/calypr/git-drs/cmd/initialize/main.go:45.17,47.4 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:50.3,51.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:51.17,53.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:56.3,57.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:57.17,60.4 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:63.3,65.51 3 0
-github.com/calypr/git-drs/cmd/initialize/main.go:65.51,67.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:68.3,68.58 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:68.58,70.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:72.3,73.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:73.17,75.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:78.3,79.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:79.17,81.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:83.3,84.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:84.17,86.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:89.3,91.13 3 0
-github.com/calypr/git-drs/cmd/initialize/main.go:95.28,109.61 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:109.61,111.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:112.2,112.12 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:115.13,120.2 4 1
-github.com/calypr/git-drs/cmd/initialize/main.go:122.52,124.16 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:124.16,126.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:128.2,128.52 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:128.52,130.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:132.2,152.16 5 2
-github.com/calypr/git-drs/cmd/initialize/main.go:152.16,157.73 3 1
-github.com/calypr/git-drs/cmd/initialize/main.go:157.73,159.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:160.3,160.45 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:160.45,162.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:163.3,163.87 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:166.2,166.39 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:166.39,168.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:170.2,171.16 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:171.16,173.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:174.2,175.12 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:178.54,181.16 3 2
-github.com/calypr/git-drs/cmd/initialize/main.go:181.16,183.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:184.2,186.52 3 2
-github.com/calypr/git-drs/cmd/initialize/main.go:186.52,188.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:190.2,198.16 5 2
-github.com/calypr/git-drs/cmd/initialize/main.go:198.16,203.73 3 1
-github.com/calypr/git-drs/cmd/initialize/main.go:203.73,205.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:206.3,206.45 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:206.45,208.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:209.3,209.89 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:212.2,212.39 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:212.39,214.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:216.2,217.16 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:217.16,219.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:220.2,221.12 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:22.68,25.2 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:31.54,32.20 1 3
-github.com/calypr/git-drs/cmd/pull/main.go:32.20,35.4 2 1
-github.com/calypr/git-drs/cmd/pull/main.go:36.3,36.13 1 2
-github.com/calypr/git-drs/cmd/pull/main.go:38.54,42.17 3 2
-github.com/calypr/git-drs/cmd/pull/main.go:42.17,44.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:46.3,47.20 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:47.20,49.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:49.9,51.18 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:51.18,54.5 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:57.3,58.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:58.17,61.4 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:62.3,64.72 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:64.72,66.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:66.17,68.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:69.4,69.71 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:72.3,76.17 3 0
-github.com/calypr/git-drs/cmd/pull/main.go:76.17,78.29 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:78.29,80.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:81.4,82.27 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:82.27,84.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:85.4,86.31 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:86.31,88.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:89.9,89.63 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:89.63,91.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:93.3,96.34 4 0
-github.com/calypr/git-drs/cmd/pull/main.go:96.34,97.20 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:97.20,98.13 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:100.4,100.43 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:100.43,101.13 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:103.4,104.44 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:107.3,107.27 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:107.27,109.36 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:109.36,111.37 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:111.37,112.14 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:114.5,114.30 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:116.4,116.27 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:116.27,118.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:118.10,120.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:122.4,123.27 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:123.27,125.36 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:125.36,127.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:128.5,128.94 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:128.94,131.6 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:131.11,133.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:135.4,135.35 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:135.35,136.21 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:136.21,137.14 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:139.5,140.19 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:140.19,142.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:143.5,143.41 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:143.41,144.55 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:144.55,146.112 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:146.112,149.8 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:150.7,150.15 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:153.5,153.86 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:153.86,156.6 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:158.9,160.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:162.3,162.67 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:162.67,164.29 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:164.29,166.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:168.3,168.63 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:168.63,170.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:172.3,172.13 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:176.51,178.29 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:178.29,180.3 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:181.2,181.12 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:184.39,186.2 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:188.61,189.26 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:189.26,190.72 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:190.72,191.12 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:193.3,194.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:194.17,196.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:197.3,198.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:198.17,200.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:201.3,201.62 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:201.62,203.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:205.2,205.12 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:208.55,210.2 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:212.103,214.16 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:214.16,216.3 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:217.2,217.20 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:217.20,219.3 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:221.2,224.32 3 0
-github.com/calypr/git-drs/cmd/pull/main.go:224.32,226.43 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:226.43,229.27 3 0
-github.com/calypr/git-drs/cmd/pull/main.go:229.27,231.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:232.4,232.20 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:232.20,233.63 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:233.63,235.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:237.4,238.26 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:238.26,240.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:241.4,241.124 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:244.2,244.138 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:40.54,42.46 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:42.46,44.4 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:45.3,46.13 2 0
+github.com/calypr/git-drs/cmd/initialize/main.go:52.46,55.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:55.16,57.3 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:60.2,61.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:61.16,63.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:66.2,67.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:67.16,70.3 2 0
+github.com/calypr/git-drs/cmd/initialize/main.go:73.2,75.50 3 1
+github.com/calypr/git-drs/cmd/initialize/main.go:75.50,77.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:78.2,78.57 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:78.57,80.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:82.2,83.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:83.16,85.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:88.2,89.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:89.16,91.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:93.2,94.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:94.16,96.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:98.2,99.12 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:104.49,106.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:106.16,108.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:109.2,109.17 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:109.17,111.3 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:112.2,112.29 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:115.36,116.49 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:116.49,118.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:120.2,120.51 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:120.51,121.25 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:121.25,123.4 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:124.3,124.72 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:127.2,127.124 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:127.124,129.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:130.2,130.127 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:130.127,132.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:133.2,133.129 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:133.129,135.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:136.2,136.115 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:136.115,138.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:140.2,141.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:141.16,143.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:144.2,144.25 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:144.25,146.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:148.2,149.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:149.16,151.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:152.2,152.30 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:155.54,157.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:157.16,159.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:160.2,161.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:161.16,162.25 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:162.25,164.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:165.3,165.20 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:167.2,167.55 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:170.28,187.61 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:187.61,189.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:190.2,190.12 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:193.13,198.2 4 1
+github.com/calypr/git-drs/cmd/initialize/main.go:200.52,202.16 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:202.16,204.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:206.2,206.52 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:206.52,208.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:210.2,230.16 5 3
+github.com/calypr/git-drs/cmd/initialize/main.go:230.16,235.73 3 1
+github.com/calypr/git-drs/cmd/initialize/main.go:235.73,237.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:238.3,238.45 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:238.45,240.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:241.3,241.87 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:244.2,244.39 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:244.39,246.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:248.2,249.16 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:249.16,251.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:252.2,253.12 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:256.54,259.16 3 3
+github.com/calypr/git-drs/cmd/initialize/main.go:259.16,261.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:262.2,264.52 3 3
+github.com/calypr/git-drs/cmd/initialize/main.go:264.52,266.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:268.2,276.16 5 3
+github.com/calypr/git-drs/cmd/initialize/main.go:276.16,281.73 3 1
+github.com/calypr/git-drs/cmd/initialize/main.go:281.73,283.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:284.3,284.45 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:284.45,286.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:287.3,287.89 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:290.2,290.39 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:290.39,292.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:294.2,295.16 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:295.16,297.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:298.2,299.12 2 3
+github.com/calypr/git-drs/cmd/pull/main.go:30.81,30.120 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:31.116,33.3 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:41.54,42.20 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:42.20,45.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:46.3,46.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:48.54,52.17 3 1
+github.com/calypr/git-drs/cmd/pull/main.go:52.17,54.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:56.3,57.20 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:57.20,59.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:59.9,61.18 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:61.18,64.5 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:67.3,68.17 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:68.17,71.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:73.3,74.17 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:74.17,76.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:77.3,78.25 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:78.25,81.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:83.3,87.13 4 1
+github.com/calypr/git-drs/cmd/pull/main.go:87.13,88.31 1 1
+github.com/calypr/git-drs/cmd/pull/main.go:88.31,89.70 1 1
+github.com/calypr/git-drs/cmd/pull/main.go:89.70,91.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:93.4,93.14 1 1
+github.com/calypr/git-drs/cmd/pull/main.go:96.3,99.30 4 0
+github.com/calypr/git-drs/cmd/pull/main.go:99.30,101.18 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:101.18,103.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:104.4,104.48 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:104.48,105.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:106.10,106.34 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:106.34,108.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:109.4,109.43 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:109.43,110.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:112.4,113.44 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:116.3,116.27 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:116.27,118.36 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:118.36,120.37 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:120.37,121.14 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:123.5,123.30 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:125.4,125.27 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:125.27,127.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:127.10,129.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:131.4,132.27 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:132.27,134.36 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:134.36,136.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:137.5,137.94 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:137.94,140.6 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:140.11,142.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:144.4,144.31 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:144.31,146.19 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:146.19,148.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:149.5,149.47 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:149.47,150.14 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:151.11,151.35 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:151.35,153.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:154.5,156.41 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:156.41,157.55 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:157.55,159.126 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:159.126,162.8 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:163.7,163.15 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:166.5,166.100 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:166.100,169.6 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:171.9,173.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:175.3,175.69 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:175.69,177.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:179.3,179.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:189.97,191.30 2 2
+github.com/calypr/git-drs/cmd/pull/main.go:191.30,192.43 1 5
+github.com/calypr/git-drs/cmd/pull/main.go:192.43,193.12 1 2
+github.com/calypr/git-drs/cmd/pull/main.go:195.3,195.28 1 3
+github.com/calypr/git-drs/cmd/pull/main.go:197.2,200.28 3 2
+github.com/calypr/git-drs/cmd/pull/main.go:200.28,203.3 2 3
+github.com/calypr/git-drs/cmd/pull/main.go:204.2,204.14 1 2
+github.com/calypr/git-drs/cmd/pull/main.go:207.119,209.74 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:209.74,210.29 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:210.29,212.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:213.3,214.13 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:218.89,219.26 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:219.26,220.72 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:220.72,221.12 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:223.3,224.17 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:224.17,226.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:227.3,228.17 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:228.17,230.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:231.3,232.46 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:232.46,233.50 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:233.50,236.5 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:238.3,239.17 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:239.17,242.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:243.3,243.46 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:243.46,247.4 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:248.3,248.37 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:248.37,251.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:252.3,252.37 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:252.37,254.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:255.3,255.26 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:257.2,257.12 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:260.103,262.16 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:262.16,264.3 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:265.2,265.20 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:265.20,267.3 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:269.2,272.32 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:272.32,274.43 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:274.43,277.27 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:277.27,279.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:280.4,280.20 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:280.20,281.63 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:281.63,283.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:285.4,286.26 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:286.26,288.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:289.4,289.124 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:292.2,292.138 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:295.13,298.2 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:35.67,40.2 1 4
+github.com/calypr/git-drs/cmd/pull/progress.go:42.40,44.2 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:46.51,48.33 2 14
+github.com/calypr/git-drs/cmd/pull/progress.go:48.33,50.18 2 20
+github.com/calypr/git-drs/cmd/pull/progress.go:50.18,51.12 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:53.3,53.44 1 20
+github.com/calypr/git-drs/cmd/pull/progress.go:55.2,55.29 1 14
+github.com/calypr/git-drs/cmd/pull/progress.go:58.60,62.29 4 4
+github.com/calypr/git-drs/cmd/pull/progress.go:62.29,69.3 2 5
+github.com/calypr/git-drs/cmd/pull/progress.go:70.2,70.15 1 4
+github.com/calypr/git-drs/cmd/pull/progress.go:70.15,72.3 1 4
+github.com/calypr/git-drs/cmd/pull/progress.go:75.66,76.16 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:76.16,78.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:79.2,80.9 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:80.9,82.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:83.2,84.19 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:84.19,86.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:87.2,88.17 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:91.93,92.16 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:92.16,94.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:95.2,96.9 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:96.9,98.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:99.2,99.15 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:99.15,101.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:102.2,102.31 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:102.31,104.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:105.2,106.17 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:109.66,110.16 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:110.16,112.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:113.2,114.9 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:114.9,116.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:117.2,118.38 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:118.38,120.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:121.2,121.17 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:124.62,125.16 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:125.16,127.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:128.2,129.9 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:129.9,131.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:132.2,132.38 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:132.38,134.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:135.2,135.20 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:135.20,137.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:138.2,139.17 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:142.41,143.16 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:143.16,145.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:146.2,147.33 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:147.33,149.18 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:149.18,150.12 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:152.3,152.44 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:154.2,155.19 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:158.74,160.36 2 21
+github.com/calypr/git-drs/cmd/pull/progress.go:160.36,162.3 1 21
+github.com/calypr/git-drs/cmd/pull/progress.go:164.2,165.17 2 21
+github.com/calypr/git-drs/cmd/pull/progress.go:165.17,166.21 1 21
+github.com/calypr/git-drs/cmd/pull/progress.go:167.57,168.55 1 7
+github.com/calypr/git-drs/cmd/pull/progress.go:168.55,170.5 1 6
+github.com/calypr/git-drs/cmd/pull/progress.go:174.2,176.17 3 21
+github.com/calypr/git-drs/cmd/pull/progress.go:176.17,179.3 2 21
+github.com/calypr/git-drs/cmd/pull/progress.go:180.2,184.74 4 21
 github.com/calypr/git-drs/cmd/query/main.go:21.111,23.50 2 0
 github.com/calypr/git-drs/cmd/query/main.go:23.50,25.3 1 0
 github.com/calypr/git-drs/cmd/query/main.go:26.2,26.59 1 0
@@ -771,137 +945,468 @@ github.com/calypr/git-drs/cmd/query/main.go:88.3,89.17 2 0
 github.com/calypr/git-drs/cmd/query/main.go:89.17,91.4 1 0
 github.com/calypr/git-drs/cmd/query/main.go:92.3,92.44 1 0
 github.com/calypr/git-drs/cmd/query/main.go:96.13,100.2 3 1
-github.com/calypr/git-drs/cmd/push/main.go:18.68,21.2 2 0
-github.com/calypr/git-drs/cmd/push/main.go:27.54,28.20 1 3
-github.com/calypr/git-drs/cmd/push/main.go:28.20,31.4 2 1
-github.com/calypr/git-drs/cmd/push/main.go:32.3,32.13 1 2
-github.com/calypr/git-drs/cmd/push/main.go:34.54,37.17 3 2
-github.com/calypr/git-drs/cmd/push/main.go:37.17,40.4 2 0
-github.com/calypr/git-drs/cmd/push/main.go:42.3,43.20 2 2
-github.com/calypr/git-drs/cmd/push/main.go:43.20,45.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:45.9,47.18 2 2
-github.com/calypr/git-drs/cmd/push/main.go:47.18,50.5 2 2
-github.com/calypr/git-drs/cmd/push/main.go:53.3,54.17 2 0
-github.com/calypr/git-drs/cmd/push/main.go:54.17,57.4 2 0
+github.com/calypr/git-drs/cmd/ping/main.go:26.73,28.2 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:33.54,34.20 1 3
+github.com/calypr/git-drs/cmd/ping/main.go:34.20,37.4 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:38.3,38.13 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:40.54,43.17 3 1
+github.com/calypr/git-drs/cmd/ping/main.go:43.17,45.4 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:46.3,48.55 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:48.55,50.4 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:51.3,52.13 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:56.96,58.16 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:58.16,60.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:62.2,63.20 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:63.20,65.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:66.2,67.16 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:67.16,69.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:71.2,72.22 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:72.22,74.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:76.2,77.16 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:77.16,79.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:81.2,91.26 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:92.26,93.52 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:94.27,95.53 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:96.10,97.32 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:100.2,100.24 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:103.37,105.22 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:105.22,107.3 1 1
+github.com/calypr/git-drs/cmd/ping/main.go:108.2,115.43 8 1
+github.com/calypr/git-drs/cmd/ping/main.go:118.45,119.39 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:119.39,121.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:122.2,122.56 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:122.56,124.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:125.2,125.99 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:125.99,127.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:128.2,128.15 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:131.36,133.13 2 4
+github.com/calypr/git-drs/cmd/ping/main.go:133.13,135.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:136.2,136.10 1 4
+github.com/calypr/git-drs/cmd/push/main.go:21.68,24.2 2 0
+github.com/calypr/git-drs/cmd/push/main.go:32.54,33.20 1 3
+github.com/calypr/git-drs/cmd/push/main.go:33.20,36.4 2 1
+github.com/calypr/git-drs/cmd/push/main.go:37.3,37.13 1 2
+github.com/calypr/git-drs/cmd/push/main.go:39.54,42.17 3 2
+github.com/calypr/git-drs/cmd/push/main.go:42.17,45.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:47.3,48.20 2 2
+github.com/calypr/git-drs/cmd/push/main.go:48.20,50.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:50.9,52.18 2 2
+github.com/calypr/git-drs/cmd/push/main.go:52.18,55.5 2 2
 github.com/calypr/git-drs/cmd/push/main.go:58.3,59.17 2 0
-github.com/calypr/git-drs/cmd/push/main.go:59.17,61.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:63.3,64.77 2 0
-github.com/calypr/git-drs/cmd/push/main.go:64.77,66.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:68.3,69.21 2 0
-github.com/calypr/git-drs/cmd/push/main.go:69.21,71.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:72.3,74.17 3 0
-github.com/calypr/git-drs/cmd/push/main.go:74.17,76.17 2 0
-github.com/calypr/git-drs/cmd/push/main.go:76.17,78.5 1 0
-github.com/calypr/git-drs/cmd/push/main.go:79.4,79.71 1 0
-github.com/calypr/git-drs/cmd/push/main.go:81.3,81.13 1 0
-github.com/calypr/git-drs/cmd/push/main.go:85.13,87.2 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:14.54,15.21 1 2
-github.com/calypr/git-drs/cmd/remote/list.go:15.21,18.4 2 1
-github.com/calypr/git-drs/cmd/remote/list.go:19.3,19.13 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:21.54,24.17 3 1
-github.com/calypr/git-drs/cmd/remote/list.go:24.17,27.4 2 0
-github.com/calypr/git-drs/cmd/remote/list.go:29.3,29.47 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:29.47,33.17 3 1
-github.com/calypr/git-drs/cmd/remote/list.go:33.17,35.5 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:38.4,40.32 3 1
-github.com/calypr/git-drs/cmd/remote/list.go:40.32,43.5 2 1
-github.com/calypr/git-drs/cmd/remote/list.go:43.10,43.40 1 0
-github.com/calypr/git-drs/cmd/remote/list.go:43.40,46.5 2 0
-github.com/calypr/git-drs/cmd/remote/list.go:46.10,48.5 1 0
-github.com/calypr/git-drs/cmd/remote/list.go:50.4,51.21 2 1
-github.com/calypr/git-drs/cmd/remote/list.go:51.21,53.5 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:55.4,55.72 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:57.3,57.13 1 1
-github.com/calypr/git-drs/cmd/remote/root.go:14.13,18.2 3 1
-github.com/calypr/git-drs/cmd/remote/set.go:15.54,16.21 1 3
-github.com/calypr/git-drs/cmd/remote/set.go:16.21,19.4 2 2
-github.com/calypr/git-drs/cmd/remote/set.go:20.3,20.13 1 1
-github.com/calypr/git-drs/cmd/remote/set.go:22.54,27.17 4 0
-github.com/calypr/git-drs/cmd/remote/set.go:27.17,29.4 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:32.3,33.40 2 0
-github.com/calypr/git-drs/cmd/remote/set.go:33.40,35.34 2 0
-github.com/calypr/git-drs/cmd/remote/set.go:35.34,37.5 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:38.4,42.5 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:46.3,48.48 2 0
-github.com/calypr/git-drs/cmd/remote/set.go:48.48,50.4 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:52.3,53.13 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:20.54,21.20 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:21.20,24.4 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:25.3,25.13 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:27.54,31.59 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:31.59,33.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:35.3,36.20 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:36.20,38.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:40.3,41.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:41.17,43.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:44.3,44.13 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:48.112,49.22 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:49.22,51.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:52.2,52.19 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:52.19,54.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:56.2,58.43 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:58.43,60.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:60.17,62.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:63.3,64.58 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:66.2,66.26 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:66.26,67.44 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:67.44,69.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:70.3,70.46 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:70.46,72.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:75.2,77.9 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:78.24,82.17 4 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:82.17,84.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:86.22,88.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:88.17,90.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:91.3,96.17 5 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:96.17,98.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:100.10,102.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:102.17,107.4 4 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:107.9,109.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:112.2,112.23 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:112.23,114.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:116.2,127.67 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:127.67,129.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:130.2,143.88 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:143.88,145.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:147.2,147.45 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:147.45,149.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:151.2,151.67 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:151.67,153.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:154.2,154.73 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:154.73,156.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:157.2,157.47 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:157.47,158.97 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:158.97,160.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:163.2,164.12 2 0
-github.com/calypr/git-drs/cmd/remote/add/init.go:22.13,37.2 13 1
-github.com/calypr/git-drs/cmd/remote/add/local.go:17.54,21.16 3 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:21.16,23.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:25.3,35.17 3 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:35.17,37.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:38.3,38.66 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:38.66,40.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:41.3,41.68 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:41.68,43.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:44.3,44.87 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:44.87,45.88 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:45.88,47.5 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:48.4,48.133 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:48.133,50.5 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:53.3,54.13 2 0
-github.com/calypr/git-drs/cmd/smudge/main.go:34.57,36.16 2 1
-github.com/calypr/git-drs/cmd/smudge/main.go:36.16,38.3 1 1
-github.com/calypr/git-drs/cmd/smudge/main.go:40.2,45.16 5 1
-github.com/calypr/git-drs/cmd/smudge/main.go:45.16,47.3 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:49.2,50.16 2 1
-github.com/calypr/git-drs/cmd/smudge/main.go:50.16,51.48 1 1
-github.com/calypr/git-drs/cmd/smudge/main.go:51.48,54.4 2 1
-github.com/calypr/git-drs/cmd/smudge/main.go:55.3,55.59 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:58.2,59.16 2 0
-github.com/calypr/git-drs/cmd/smudge/main.go:59.16,61.3 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:63.2,63.130 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:63.130,65.3 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:68.14,68.15 0 1
+github.com/calypr/git-drs/cmd/push/main.go:59.17,62.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:63.3,65.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:65.17,67.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:69.3,71.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:71.17,73.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:74.3,74.102 1 0
+github.com/calypr/git-drs/cmd/push/main.go:74.102,76.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:77.3,78.87 2 0
+github.com/calypr/git-drs/cmd/push/main.go:78.87,81.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:82.3,83.10 2 0
+github.com/calypr/git-drs/cmd/push/main.go:84.27,85.85 1 0
+github.com/calypr/git-drs/cmd/push/main.go:86.31,87.113 1 0
+github.com/calypr/git-drs/cmd/push/main.go:90.3,91.21 2 0
+github.com/calypr/git-drs/cmd/push/main.go:91.21,93.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:94.3,96.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:96.17,98.17 2 0
+github.com/calypr/git-drs/cmd/push/main.go:98.17,100.5 1 0
+github.com/calypr/git-drs/cmd/push/main.go:101.4,101.71 1 0
+github.com/calypr/git-drs/cmd/push/main.go:103.3,103.13 1 0
+github.com/calypr/git-drs/cmd/push/main.go:107.13,110.2 2 1
+github.com/calypr/git-drs/cmd/push/main.go:112.82,114.16 2 2
+github.com/calypr/git-drs/cmd/push/main.go:114.16,116.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:117.2,118.16 2 2
+github.com/calypr/git-drs/cmd/push/main.go:118.16,120.3 1 1
+github.com/calypr/git-drs/cmd/push/main.go:121.2,124.9 1 1
+github.com/calypr/git-drs/cmd/push/main.go:127.69,130.16 3 0
+github.com/calypr/git-drs/cmd/push/main.go:130.16,132.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:133.2,133.44 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:27.71,32.2 1 4
+github.com/calypr/git-drs/cmd/push/progress.go:34.53,36.36 2 12
+github.com/calypr/git-drs/cmd/push/progress.go:36.36,38.18 2 18
+github.com/calypr/git-drs/cmd/push/progress.go:38.18,39.12 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:41.3,41.67 1 18
+github.com/calypr/git-drs/cmd/push/progress.go:43.2,43.29 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:46.80,51.34 5 4
+github.com/calypr/git-drs/cmd/push/progress.go:51.34,57.3 2 5
+github.com/calypr/git-drs/cmd/push/progress.go:58.2,58.15 1 4
+github.com/calypr/git-drs/cmd/push/progress.go:58.15,60.3 1 4
+github.com/calypr/git-drs/cmd/push/progress.go:63.84,64.16 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:64.16,66.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:67.2,68.9 2 8
+github.com/calypr/git-drs/cmd/push/progress.go:68.9,70.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:71.2,71.19 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:71.19,73.3 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:74.2,74.23 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:74.23,76.3 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:77.2,77.34 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:77.34,79.3 1 6
+github.com/calypr/git-drs/cmd/push/progress.go:80.2,80.50 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:80.50,82.3 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:83.2,83.69 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:83.69,86.21 3 3
+github.com/calypr/git-drs/cmd/push/progress.go:86.21,88.4 1 3
+github.com/calypr/git-drs/cmd/push/progress.go:90.2,90.17 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:93.43,94.16 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:94.16,96.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:97.2,98.36 2 2
+github.com/calypr/git-drs/cmd/push/progress.go:98.36,100.18 2 3
+github.com/calypr/git-drs/cmd/push/progress.go:100.18,101.12 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:103.3,103.67 1 3
+github.com/calypr/git-drs/cmd/push/progress.go:105.2,106.19 2 2
+github.com/calypr/git-drs/cmd/push/progress.go:109.52,111.2 1 3
+github.com/calypr/git-drs/cmd/push/progress.go:113.98,115.36 2 21
+github.com/calypr/git-drs/cmd/push/progress.go:115.36,117.3 1 21
+github.com/calypr/git-drs/cmd/push/progress.go:118.2,119.17 2 21
+github.com/calypr/git-drs/cmd/push/progress.go:119.17,120.10 1 21
+github.com/calypr/git-drs/cmd/push/progress.go:121.40,122.35 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:126.2,129.17 4 21
+github.com/calypr/git-drs/cmd/push/progress.go:129.17,133.3 3 21
+github.com/calypr/git-drs/cmd/push/progress.go:134.2,141.74 7 21
+github.com/calypr/git-drs/cmd/precommit/main.go:88.54,90.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:93.13,95.33 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:95.33,100.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:103.37,105.16 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:105.16,107.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:109.2,114.53 5 1
+github.com/calypr/git-drs/cmd/precommit/main.go:114.53,116.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:117.2,117.52 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:117.52,119.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:120.2,123.16 3 1
+github.com/calypr/git-drs/cmd/precommit/main.go:123.16,125.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:126.2,126.23 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:126.23,128.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:129.2,130.16 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:130.16,132.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:133.2,133.24 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:133.24,135.17 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:135.17,137.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:138.3,138.15 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:138.15,140.4 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:143.2,147.29 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:147.29,148.28 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:148.28,149.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:154.3,155.17 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:155.17,157.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:160.3,163.15 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:163.15,165.106 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:165.106,167.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:170.4,174.19 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:174.19,176.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:179.4,179.99 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:179.99,181.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:182.9,185.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:189.2,189.29 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:189.29,190.18 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:191.28,192.80 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:192.80,194.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:195.19,197.80 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:197.80,199.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:202.19,203.90 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:203.90,205.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:209.2,209.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:212.83,214.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:214.16,217.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:218.2,218.12 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:218.12,221.3 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:223.2,228.49 4 1
+github.com/calypr/git-drs/cmd/precommit/main.go:228.49,230.43 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:230.43,232.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:236.2,240.17 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:240.17,242.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:245.2,246.89 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:246.89,248.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:251.2,251.20 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:251.20,253.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:255.2,255.12 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:258.93,262.16 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:262.16,265.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:266.2,267.47 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:267.47,271.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:273.2,276.21 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:276.21,278.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:281.2,287.12 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:297.59,299.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:299.16,301.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:302.2,304.16 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:304.16,306.36 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:306.36,307.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:309.3,310.21 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:310.21,311.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:313.3,314.10 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:315.22,316.87 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:317.22,318.90 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:319.22,320.90 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:321.58,322.109 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:323.11,323.11 0 0
+github.com/calypr/git-drs/cmd/precommit/main.go:327.2,327.33 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:327.33,329.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:330.2,330.21 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:335.75,337.16 2 5
+github.com/calypr/git-drs/cmd/precommit/main.go:337.16,340.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:344.2,348.16 4 5
+github.com/calypr/git-drs/cmd/precommit/main.go:348.16,350.26 2 7
+github.com/calypr/git-drs/cmd/precommit/main.go:350.26,352.12 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:354.3,354.45 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:354.45,357.17 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:357.17,359.5 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:363.3,363.27 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:363.27,364.9 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:367.2,367.33 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:367.33,369.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:371.2,371.26 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:371.26,373.3 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:374.2,374.23 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:377.70,379.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:379.16,381.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:382.2,383.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:383.16,385.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:386.2,386.18 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:389.134,390.25 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:390.25,392.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:393.2,395.29 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:395.29,396.75 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:396.75,397.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:399.3,400.17 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:400.17,401.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:403.3,403.30 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:403.30,404.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:406.3,409.17 3 3
+github.com/calypr/git-drs/cmd/precommit/main.go:409.17,410.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:412.3,412.12 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:412.12,413.12 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:416.3,417.17 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:417.17,419.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:420.3,420.29 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:420.29,421.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:423.3,423.77 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:425.2,425.44 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:425.44,425.92 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:426.2,426.23 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:429.80,430.21 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:430.21,432.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:434.2,435.26 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:435.26,437.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:438.2,443.43 5 0
+github.com/calypr/git-drs/cmd/precommit/main.go:443.43,445.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:446.2,447.46 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:450.33,452.14 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:452.14,454.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:455.2,456.42 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:456.42,459.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:460.2,460.73 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:463.61,465.16 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:465.16,467.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:468.2,469.18 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:469.18,471.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:473.2,473.29 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:473.29,475.17 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:475.17,477.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:478.3,479.39 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:481.2,481.20 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:484.63,490.34 6 11
+github.com/calypr/git-drs/cmd/precommit/main.go:490.34,493.16 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:493.16,495.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:496.3,496.69 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:498.2,498.28 1 11
+github.com/calypr/git-drs/cmd/precommit/main.go:503.50,505.2 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:507.37,510.2 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:512.47,517.2 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:525.97,533.42 3 1
+github.com/calypr/git-drs/cmd/precommit/main.go:533.42,537.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:539.2,540.32 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:540.32,542.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:544.2,544.19 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:544.19,546.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:547.2,547.19 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:547.19,549.3 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:551.2,555.34 4 1
+github.com/calypr/git-drs/cmd/precommit/main.go:558.58,562.16 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:562.16,564.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:565.2,566.50 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:566.50,568.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:569.2,570.32 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:570.32,571.16 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:571.16,572.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:574.3,574.24 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:576.2,583.34 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:586.49,588.19 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:588.19,590.3 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:591.2,592.12 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:597.48,599.48 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:599.48,601.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:603.2,605.16 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:605.16,607.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:608.2,608.15 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:608.15,608.32 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:610.2,612.38 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:612.38,615.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:616.2,616.33 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:616.33,619.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:620.2,620.34 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:620.34,623.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:624.2,624.29 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:627.48,629.62 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:629.62,631.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:633.2,633.44 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:633.44,635.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:635.8,635.43 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:635.43,637.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:639.2,640.16 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:640.16,642.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:643.2,646.16 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:646.16,648.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:650.2,650.44 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:650.44,653.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:654.2,654.36 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:654.36,656.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:657.2,657.23 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:25.54,26.37 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:26.37,29.4 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:30.3,30.13 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:32.54,37.21 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:37.21,39.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:39.9,42.4 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:44.3,45.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:45.17,47.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:48.3,48.13 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:52.91,53.22 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:53.22,55.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:56.2,56.59 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:56.59,58.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:59.2,60.16 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:60.16,62.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:64.2,66.9 3 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:67.24,71.17 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:71.17,73.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:75.22,77.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:77.17,79.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:80.3,85.17 5 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:85.17,87.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:89.10,91.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:91.17,93.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:93.9,98.4 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:101.2,101.23 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:101.23,103.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:105.2,115.92 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:115.92,117.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:119.2,120.16 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:120.16,122.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:122.17,124.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:126.2,128.26 3 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:128.26,130.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:132.2,143.67 3 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:143.67,145.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:146.2,148.45 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:148.45,150.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:152.2,152.67 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:152.67,154.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:155.2,155.73 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:155.73,157.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:158.2,158.47 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:158.47,159.97 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:159.97,161.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:164.2,165.12 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:168.56,170.15 2 6
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:170.15,172.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:174.2,175.21 2 6
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:175.21,177.3 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:178.2,180.41 3 4
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:180.41,182.3 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:183.2,183.35 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:186.140,187.39 1 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:187.39,189.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:190.2,190.36 1 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:190.36,192.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:194.2,195.16 2 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:195.16,197.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:198.2,201.16 3 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:201.16,203.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:204.2,205.38 2 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:205.38,207.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:209.2,210.68 2 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:210.68,212.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:214.2,215.16 2 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:215.16,217.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:218.2,219.16 2 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:219.16,221.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:223.2,223.70 1 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:223.70,225.3 1 1
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:226.2,226.66 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:226.66,228.3 1 1
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:230.2,230.136 1 1
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:233.94,235.20 2 7
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:235.20,237.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:238.2,239.46 2 7
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:239.46,240.27 1 7
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:240.27,241.12 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:243.3,243.44 1 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:243.44,244.66 1 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:244.66,245.13 1 1
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:247.4,247.38 1 4
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:247.38,249.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:250.4,251.9 2 4
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:254.2,254.17 1 7
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:254.17,256.3 1 3
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:257.2,257.20 1 4
+github.com/calypr/git-drs/cmd/remote/add/init.go:18.13,26.2 6 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:24.54,29.74 4 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:29.74,31.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:32.3,32.16 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:32.16,34.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:35.3,36.17 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:36.17,38.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:39.3,40.17 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:40.17,42.18 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:42.18,44.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:46.3,48.27 3 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:48.27,50.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:52.3,63.17 3 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:63.17,65.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:66.3,66.66 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:66.66,68.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:69.3,69.68 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:69.68,71.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:72.3,72.87 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:72.87,73.88 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:73.88,75.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:76.4,76.133 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:76.133,78.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:81.3,82.13 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:86.158,87.39 1 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:87.39,89.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:91.2,92.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:92.16,94.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:95.2,95.38 1 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:95.38,97.3 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:99.2,100.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:100.16,102.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:103.2,104.38 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:104.38,106.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:108.2,109.68 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:109.68,111.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:113.2,114.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:114.16,116.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:117.2,118.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:118.16,120.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:122.2,122.70 1 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:122.70,124.3 1 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:125.2,125.66 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:125.66,127.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:129.2,129.136 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:35.57,37.16 2 1
+github.com/calypr/git-drs/cmd/smudge/main.go:37.16,39.3 1 1
+github.com/calypr/git-drs/cmd/smudge/main.go:41.2,46.16 5 1
+github.com/calypr/git-drs/cmd/smudge/main.go:46.16,48.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:50.2,51.16 2 1
+github.com/calypr/git-drs/cmd/smudge/main.go:51.16,52.48 1 1
+github.com/calypr/git-drs/cmd/smudge/main.go:52.48,55.4 2 1
+github.com/calypr/git-drs/cmd/smudge/main.go:56.3,56.59 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:59.2,60.16 2 0
+github.com/calypr/git-drs/cmd/smudge/main.go:60.16,62.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:64.2,64.136 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:64.136,66.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:69.14,69.15 0 1
 github.com/calypr/git-drs/cmd/track/main.go:18.34,31.2 4 3
 github.com/calypr/git-drs/cmd/track/main.go:33.56,35.16 2 2
 github.com/calypr/git-drs/cmd/track/main.go:35.16,37.3 1 0
@@ -929,188 +1434,19 @@ github.com/calypr/git-drs/cmd/untrack/main.go:46.16,48.3 1 0
 github.com/calypr/git-drs/cmd/untrack/main.go:50.2,50.15 1 1
 github.com/calypr/git-drs/cmd/untrack/main.go:50.15,52.3 1 1
 github.com/calypr/git-drs/cmd/untrack/main.go:53.2,53.12 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:36.54,38.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:48.42,55.2 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:57.68,60.16 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:60.16,62.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:64.2,67.16 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:67.16,69.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:71.2,75.16 4 0
-github.com/calypr/git-drs/cmd/prepush/main.go:75.16,79.3 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:81.2,82.25 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:82.25,86.3 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:88.2,94.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:94.16,96.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:98.2,104.16 6 0
-github.com/calypr/git-drs/cmd/prepush/main.go:104.16,107.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:108.2,108.15 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:108.15,111.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:113.2,114.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:114.16,117.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:118.2,122.16 4 0
-github.com/calypr/git-drs/cmd/prepush/main.go:122.16,125.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:127.2,133.16 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:133.16,136.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:139.2,140.106 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:140.106,143.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:145.2,146.12 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:183.73,185.19 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:185.19,187.3 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:188.2,189.23 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:189.23,191.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:192.2,193.26 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:193.26,195.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:196.2,197.22 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:197.22,199.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:200.2,208.22 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:208.22,210.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:212.2,212.26 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:212.26,214.34 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:214.34,219.4 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:222.2,222.57 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:222.57,224.39 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:224.39,226.26 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:226.26,228.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:229.4,230.24 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:230.24,232.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:233.4,234.27 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:234.27,236.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:237.4,245.63 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:245.63,247.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:248.4,248.52 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:252.2,252.12 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:255.151,257.16 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:257.16,259.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:260.2,263.32 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:263.32,265.31 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:265.31,267.12 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:269.3,269.87 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:271.2,271.26 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:271.26,274.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:276.2,281.16 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:281.16,283.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:285.2,286.16 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:286.16,288.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:289.2,291.67 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:291.67,293.3 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:295.2,297.16 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:297.16,299.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:300.2,302.53 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:302.53,307.26 3 6
-github.com/calypr/git-drs/cmd/prepush/main.go:308.84,310.14 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:314.3,314.86 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:314.86,317.4 2 1
-github.com/calypr/git-drs/cmd/prepush/main.go:318.3,318.101 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:320.2,320.12 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:323.64,324.66 1 12
-github.com/calypr/git-drs/cmd/prepush/main.go:324.66,325.52 1 12
-github.com/calypr/git-drs/cmd/prepush/main.go:325.52,327.4 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:329.2,330.52 2 10
-github.com/calypr/git-drs/cmd/prepush/main.go:330.52,332.3 1 8
-github.com/calypr/git-drs/cmd/prepush/main.go:333.2,334.74 2 2
-github.com/calypr/git-drs/cmd/prepush/main.go:337.54,339.20 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:339.20,341.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:342.2,342.20 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:342.20,344.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:345.2,345.25 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:345.25,347.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:348.2,348.41 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:358.113,360.16 2 1
-github.com/calypr/git-drs/cmd/prepush/main.go:360.16,362.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:364.2,364.47 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:364.47,368.3 3 1
-github.com/calypr/git-drs/cmd/prepush/main.go:370.2,370.42 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:370.42,374.3 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:375.2,375.17 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:381.59,385.40 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:385.40,387.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:388.2,390.21 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:390.21,393.22 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:393.22,394.12 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:396.3,401.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:403.2,403.38 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:403.38,405.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:407.2,407.40 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:407.40,409.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:410.2,410.18 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:413.50,416.27 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:416.27,417.46 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:417.46,419.20 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:419.20,421.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:424.2,425.21 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:425.21,427.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:428.2,429.17 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:432.89,434.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:434.16,437.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:438.2,438.47 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:438.47,439.25 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:439.25,441.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:441.9,443.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:444.3,444.20 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:446.2,446.20 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:449.231,450.16 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:450.16,452.17 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:452.17,454.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:454.9,454.16 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:454.16,456.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:457.3,457.86 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:459.2,460.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:460.16,462.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:463.2,463.29 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:468.56,470.2 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:472.44,474.100 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:474.100,476.3 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:477.2,477.38 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:480.156,481.18 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:481.18,483.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:484.2,485.16 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:485.16,487.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:488.2,489.29 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:489.29,491.17 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:491.17,493.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:494.3,494.10 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:494.10,496.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:497.3,498.16 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:498.16,500.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:501.3,501.88 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:501.88,503.4 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:504.3,505.17 2 2
-github.com/calypr/git-drs/cmd/prepush/main.go:505.17,508.4 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:509.3,515.4 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:517.2,517.28 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:520.79,523.27 3 3
-github.com/calypr/git-drs/cmd/prepush/main.go:523.27,524.52 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:524.52,525.12 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:527.3,528.54 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:528.54,530.4 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:530.9,532.4 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:533.3,534.17 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:534.17,536.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:537.3,537.68 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:537.68,539.18 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:539.18,540.13 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:542.4,542.26 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:545.2,546.24 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:546.24,548.3 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:549.2,550.19 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:553.69,557.16 4 3
-github.com/calypr/git-drs/cmd/prepush/main.go:557.16,559.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:560.2,560.25 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:566.55,570.40 1 5
-github.com/calypr/git-drs/cmd/prepush/main.go:570.40,572.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:573.2,575.21 3 5
-github.com/calypr/git-drs/cmd/prepush/main.go:575.21,578.22 3 6
-github.com/calypr/git-drs/cmd/prepush/main.go:578.22,579.12 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:581.3,583.42 3 6
-github.com/calypr/git-drs/cmd/prepush/main.go:583.42,585.20 2 4
-github.com/calypr/git-drs/cmd/prepush/main.go:585.20,587.5 1 4
-github.com/calypr/git-drs/cmd/prepush/main.go:590.2,590.38 1 5
-github.com/calypr/git-drs/cmd/prepush/main.go:590.38,592.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:593.2,594.21 2 5
-github.com/calypr/git-drs/cmd/prepush/main.go:594.21,596.3 1 4
-github.com/calypr/git-drs/cmd/prepush/main.go:597.2,599.40 2 5
-github.com/calypr/git-drs/cmd/prepush/main.go:599.40,601.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:602.2,602.22 1 5
+github.com/calypr/git-drs/cmd/rm/main.go:15.58,18.2 2 1
+github.com/calypr/git-drs/cmd/rm/main.go:24.54,26.3 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:29.52,31.16 2 1
+github.com/calypr/git-drs/cmd/rm/main.go:31.16,33.3 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:35.2,40.27 3 1
+github.com/calypr/git-drs/cmd/rm/main.go:40.27,43.47 3 1
+github.com/calypr/git-drs/cmd/rm/main.go:43.47,45.4 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:46.3,46.126 1 1
+github.com/calypr/git-drs/cmd/rm/main.go:49.2,50.31 2 1
+github.com/calypr/git-drs/cmd/rm/main.go:50.31,52.3 1 1
+github.com/calypr/git-drs/cmd/rm/main.go:53.2,53.54 1 1
+github.com/calypr/git-drs/cmd/rm/main.go:53.54,55.3 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:57.2,57.12 1 1
 github.com/calypr/git-drs/cmd/version/main.go:15.47,17.3 1 5
 github.com/calypr/git-drs/cmd/version/main.go:20.28,23.43 3 6
 github.com/calypr/git-drs/cmd/version/main.go:23.43,24.64 1 6
@@ -1127,197 +1463,24 @@ github.com/calypr/git-drs/cmd/version/main.go:45.38,46.48 1 0
 github.com/calypr/git-drs/cmd/version/main.go:47.17,48.13 1 0
 github.com/calypr/git-drs/cmd/version/main.go:49.25,50.44 1 0
 github.com/calypr/git-drs/cmd/version/main.go:51.10,52.23 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:65.89,66.43 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:66.43,68.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:70.2,71.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:71.16,73.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:75.2,76.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:76.16,78.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:79.2,82.16 3 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:82.16,84.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:86.2,88.78 3 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:88.78,90.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:92.2,93.29 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:93.29,95.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:97.2,109.17 4 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:112.113,113.48 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:113.48,115.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:117.2,118.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:118.16,120.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:121.2,122.18 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:122.18,124.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:126.2,133.18 7 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:133.18,135.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:136.2,136.40 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:136.40,137.41 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:137.41,139.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:140.3,140.133 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:143.2,144.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:144.16,146.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:148.2,149.20 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:149.20,150.55 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:150.55,153.4 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:155.2,156.54 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:159.102,161.16 2 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:161.16,163.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:165.2,165.75 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:165.75,167.25 2 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:167.25,169.72 2 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:169.72,171.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:172.9,172.56 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:172.56,174.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:175.3,180.9 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:183.2,183.18 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:184.28,187.19 3 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:187.19,189.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:190.3,190.16 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:190.16,192.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:193.3,193.64 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:194.23,197.16 3 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:197.16,199.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:201.3,201.64 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:201.64,204.4 2 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:206.3,206.65 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:206.65,209.4 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:211.3,211.39 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:211.39,213.58 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:213.58,215.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:216.4,217.69 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:220.3,220.62 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:220.62,223.58 3 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:223.58,225.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:226.4,229.51 4 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:233.3,233.35 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:233.35,235.58 2 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:235.58,237.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:238.4,240.82 3 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:243.3,243.67 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:244.10,245.61 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:249.88,257.18 4 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:257.18,259.3 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:261.2,262.20 2 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:262.20,264.3 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:266.2,266.16 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:266.16,268.3 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:269.2,269.19 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:272.71,274.22 2 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:274.22,276.3 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:277.2,277.22 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:277.22,279.3 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:281.2,282.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:282.16,284.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:285.2,286.31 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:286.31,288.24 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:288.24,290.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:292.2,293.24 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:296.45,297.27 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:297.27,299.14 2 5
-github.com/calypr/git-drs/internal/cloud/inspect.go:299.14,301.4 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:303.2,303.11 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:312.39,316.13 4 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:316.13,318.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:319.2,319.33 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:319.33,323.3 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:324.2,324.27 1 5
-github.com/calypr/git-drs/internal/cloud/inspect.go:327.61,328.15 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:328.15,330.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:334.2,342.31 2 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:342.31,343.25 1 8
-github.com/calypr/git-drs/internal/cloud/inspect.go:343.25,345.15 2 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:345.15,347.5 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:352.2,352.23 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:352.23,353.39 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:353.39,355.4 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:358.2,358.11 1 0
-github.com/calypr/git-drs/internal/common/common.go:18.59,23.32 2 1
-github.com/calypr/git-drs/internal/common/common.go:23.32,25.3 1 2
-github.com/calypr/git-drs/internal/common/common.go:27.2,27.29 1 1
-github.com/calypr/git-drs/internal/common/common.go:27.29,29.37 1 2
-github.com/calypr/git-drs/internal/common/common.go:29.37,33.4 2 1
-github.com/calypr/git-drs/internal/common/common.go:35.2,35.17 1 1
-github.com/calypr/git-drs/internal/common/common.go:40.61,41.15 1 0
-github.com/calypr/git-drs/internal/common/common.go:41.15,43.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:44.2,44.19 1 0
-github.com/calypr/git-drs/internal/common/common.go:44.19,46.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:47.2,47.37 1 0
-github.com/calypr/git-drs/internal/common/common.go:47.37,49.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:50.2,51.81 2 0
-github.com/calypr/git-drs/internal/common/common.go:58.60,59.15 1 3
-github.com/calypr/git-drs/internal/common/common.go:59.15,61.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:62.2,62.19 1 2
-github.com/calypr/git-drs/internal/common/common.go:62.19,64.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:65.2,65.37 1 2
-github.com/calypr/git-drs/internal/common/common.go:65.37,67.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:68.2,69.27 2 1
-github.com/calypr/git-drs/internal/common/common.go:74.70,76.15 2 5
-github.com/calypr/git-drs/internal/common/common.go:76.15,78.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:79.2,80.19 2 4
-github.com/calypr/git-drs/internal/common/common.go:80.19,82.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:83.2,83.44 1 3
-github.com/calypr/git-drs/internal/common/common.go:88.80,89.37 1 4
-github.com/calypr/git-drs/internal/common/common.go:89.37,91.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:92.2,93.9 2 3
-github.com/calypr/git-drs/internal/common/common.go:93.9,95.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:96.2,96.24 1 3
-github.com/calypr/git-drs/internal/common/common.go:96.24,98.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:99.2,99.29 1 2
-github.com/calypr/git-drs/internal/common/common.go:99.29,100.19 1 3
-github.com/calypr/git-drs/internal/common/common.go:100.19,102.4 1 1
-github.com/calypr/git-drs/internal/common/common.go:104.2,104.14 1 1
-github.com/calypr/git-drs/internal/common/common.go:108.55,110.16 2 2
-github.com/calypr/git-drs/internal/common/common.go:110.16,112.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:113.2,116.41 3 1
-github.com/calypr/git-drs/internal/common/common.go:116.41,118.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:120.2,120.44 1 1
-github.com/calypr/git-drs/internal/common/common.go:123.43,127.2 3 2
-github.com/calypr/git-drs/internal/common/common.go:129.38,131.2 1 0
-github.com/calypr/git-drs/internal/common/common.go:133.48,137.2 3 0
-github.com/calypr/git-drs/internal/common/common.go:148.61,150.2 1 0
-github.com/calypr/git-drs/internal/common/common.go:152.117,155.2 2 0
-github.com/calypr/git-drs/internal/common/common.go:157.173,164.2 1 0
-github.com/calypr/git-drs/internal/common/common.go:166.74,167.16 1 0
-github.com/calypr/git-drs/internal/common/common.go:167.16,169.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:170.2,180.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:192.144,194.20 2 2
-github.com/calypr/git-drs/internal/common/common.go:194.20,196.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:198.2,208.23 2 2
-github.com/calypr/git-drs/internal/common/common.go:208.23,210.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:212.2,215.16 3 2
-github.com/calypr/git-drs/internal/common/common.go:215.16,217.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:219.2,226.90 2 2
-github.com/calypr/git-drs/internal/common/common.go:226.90,228.3 1 2
-github.com/calypr/git-drs/internal/common/common.go:229.2,231.17 3 2
-github.com/calypr/git-drs/internal/common/common.go:234.125,237.18 3 2
-github.com/calypr/git-drs/internal/common/common.go:237.18,239.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:240.2,240.15 1 2
-github.com/calypr/git-drs/internal/common/common.go:240.15,242.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:244.2,245.18 2 2
-github.com/calypr/git-drs/internal/common/common.go:245.18,247.3 1 2
-github.com/calypr/git-drs/internal/common/common.go:249.2,249.63 1 2
-github.com/calypr/git-drs/internal/common/common.go:249.63,253.21 4 0
-github.com/calypr/git-drs/internal/common/common.go:253.21,254.20 1 0
-github.com/calypr/git-drs/internal/common/common.go:254.20,256.5 1 0
-github.com/calypr/git-drs/internal/common/common.go:256.10,258.5 1 0
-github.com/calypr/git-drs/internal/common/common.go:262.2,262.18 1 2
-github.com/calypr/git-drs/internal/common/common.go:262.18,264.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:265.2,268.18 4 2
-github.com/calypr/git-drs/internal/common/common.go:268.18,270.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:271.2,271.73 1 2
-github.com/calypr/git-drs/internal/common/common.go:274.49,275.54 1 2
-github.com/calypr/git-drs/internal/common/common.go:276.32,277.14 1 2
-github.com/calypr/git-drs/internal/common/common.go:278.36,279.14 1 0
-github.com/calypr/git-drs/internal/common/common.go:280.33,281.14 1 0
-github.com/calypr/git-drs/internal/common/common.go:282.10,283.81 1 0
-github.com/calypr/git-drs/internal/common/common.go:287.54,288.79 1 2
-github.com/calypr/git-drs/internal/common/common.go:289.19,290.43 1 0
-github.com/calypr/git-drs/internal/common/common.go:291.12,292.43 1 2
-github.com/calypr/git-drs/internal/common/common.go:293.10,294.79 1 0
-github.com/calypr/git-drs/internal/common/common.go:299.62,303.12 3 0
-github.com/calypr/git-drs/internal/common/common.go:303.12,305.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:305.8,307.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:309.2,309.16 1 0
-github.com/calypr/git-drs/internal/common/common.go:309.16,311.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:313.2,314.12 2 0
+github.com/calypr/git-drs/internal/common/common.go:18.60,19.15 1 3
+github.com/calypr/git-drs/internal/common/common.go:19.15,21.3 1 1
+github.com/calypr/git-drs/internal/common/common.go:22.2,22.19 1 2
+github.com/calypr/git-drs/internal/common/common.go:22.19,24.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:25.2,25.37 1 2
+github.com/calypr/git-drs/internal/common/common.go:25.37,27.3 1 1
+github.com/calypr/git-drs/internal/common/common.go:28.2,29.27 2 1
+github.com/calypr/git-drs/internal/common/common.go:33.55,35.16 2 2
+github.com/calypr/git-drs/internal/common/common.go:35.16,37.3 1 1
+github.com/calypr/git-drs/internal/common/common.go:38.2,41.41 3 1
+github.com/calypr/git-drs/internal/common/common.go:41.41,43.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:45.2,45.44 1 1
+github.com/calypr/git-drs/internal/common/common.go:49.62,53.12 3 0
+github.com/calypr/git-drs/internal/common/common.go:53.12,55.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:55.8,57.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:58.2,58.16 1 0
+github.com/calypr/git-drs/internal/common/common.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:62.2,63.12 2 0
 github.com/calypr/git-drs/internal/common/confirmation.go:14.107,19.16 4 2
 github.com/calypr/git-drs/internal/common/confirmation.go:19.16,21.3 1 0
 github.com/calypr/git-drs/internal/common/confirmation.go:23.2,24.20 2 2
@@ -1344,6 +1507,67 @@ github.com/calypr/git-drs/internal/common/jwt.go:38.9,40.3 1 1
 github.com/calypr/git-drs/internal/common/jwt.go:41.2,42.16 2 2
 github.com/calypr/git-drs/internal/common/jwt.go:42.16,44.3 1 1
 github.com/calypr/git-drs/internal/common/jwt.go:45.2,45.70 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:21.65,30.101 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:30.101,37.3 4 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:38.2,38.65 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:48.127,52.51 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:52.51,54.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:57.2,58.16 2 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:61.2,62.15 2 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:62.15,63.53 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:63.53,65.4 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:68.2,70.16 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:70.16,73.3 2 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:74.2,74.36 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:74.36,76.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:77.2,80.29 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:80.29,81.60 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:81.60,82.68 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:82.68,83.46 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:83.46,85.6 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:86.5,86.80 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:86.80,88.6 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:89.5,90.15 2 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:96.2,97.16 2 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:97.16,99.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:100.2,100.68 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:100.68,102.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:103.2,103.54 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:103.54,105.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:107.2,114.56 3 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:114.56,116.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:119.2,119.63 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:119.63,121.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:123.2,123.12 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:22.144,24.16 2 4
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:24.16,26.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:28.2,29.9 2 4
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:29.9,31.17 2 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:31.17,33.4 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:34.3,34.13 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:37.2,37.19 1 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:37.19,39.3 1 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:41.2,42.16 2 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:42.16,44.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:46.2,47.16 2 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:47.16,49.3 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:50.2,50.37 1 2
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:50.37,52.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:54.2,54.21 1 2
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:54.21,57.20 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:57.20,59.4 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:60.3,61.13 2 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:64.2,64.68 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:64.68,66.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:68.2,68.54 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:68.54,70.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:72.2,72.59 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:72.59,74.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:76.2,76.12 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:79.59,81.16 2 4
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:81.16,83.3 1 2
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:84.2,87.12 3 2
 github.com/calypr/git-drs/internal/drslog/logger.go:50.13,52.65 2 1
 github.com/calypr/git-drs/internal/drslog/logger.go:52.65,53.56 1 0
 github.com/calypr/git-drs/internal/drslog/logger.go:53.56,55.4 1 0
@@ -1412,336 +1636,683 @@ github.com/calypr/git-drs/internal/drslog/logger.go:399.4,400.21 2 2
 github.com/calypr/git-drs/internal/drslog/logger.go:400.21,402.5 1 0
 github.com/calypr/git-drs/internal/drslog/logger.go:403.4,403.16 1 2
 github.com/calypr/git-drs/internal/drslog/logger.go:406.2,406.22 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:15.113,16.46 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:16.46,18.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:19.2,20.20 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:20.20,22.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:23.2,25.82 3 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:25.82,27.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:28.2,28.34 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:28.34,30.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:31.2,31.36 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:34.121,36.16 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:36.16,38.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:39.2,40.30 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:40.30,41.64 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:41.64,43.4 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:45.2,45.20 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:48.139,50.16 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:50.16,52.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:53.2,53.23 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:53.23,55.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:56.2,57.66 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:57.66,59.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:60.2,61.22 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:61.22,63.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:64.2,65.16 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:65.16,67.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:68.2,68.32 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:71.144,72.46 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:72.46,74.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:76.2,84.30 3 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:84.30,86.56 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:86.56,87.12 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:89.3,94.5 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:96.2,96.39 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:96.39,98.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:100.2,103.110 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:103.110,105.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:107.2,108.60 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:108.60,110.62 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:110.62,111.12 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:113.3,116.4 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:118.2,118.17 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:121.49,122.62 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:122.62,124.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:125.2,126.73 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:126.73,128.3 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:129.2,129.47 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:132.39,133.14 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:133.14,135.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:136.2,136.11 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:139.77,140.44 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:140.44,142.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:143.2,143.44 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:143.44,144.35 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:144.35,145.12 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:147.3,147.78 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:147.78,149.4 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:151.2,151.14 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:154.43,158.2 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:31.85,34.16 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:34.16,36.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:38.2,38.63 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:41.128,42.26 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:42.26,44.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:47.2,48.28 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:48.28,50.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:51.2,52.27 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:52.27,54.17 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:54.17,56.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:57.3,57.31 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:57.31,59.26 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:59.26,60.13 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:62.4,62.68 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:67.2,68.38 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:68.38,71.20 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:71.20,75.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:77.3,77.21 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:77.21,80.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:84.2,84.29 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:84.29,88.38 4 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:88.38,101.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:102.3,102.94 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:102.94,105.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:108.2,109.12 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:112.120,114.32 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:114.32,116.31 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:116.31,118.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:120.2,120.64 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:123.84,126.32 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:126.32,128.17 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:128.17,130.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:131.3,131.39 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:131.39,133.29 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:133.29,135.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:136.4,138.18 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:138.18,140.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:141.4,141.37 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:141.37,144.19 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:144.19,146.6 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:149.3,149.38 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:149.38,150.9 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:153.2,154.12 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:156.140,162.16 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:162.16,164.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:167.2,167.27 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:167.27,169.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:171.2,171.84 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:180.125,181.24 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:181.24,183.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:184.2,187.27 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:187.27,189.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:190.2,190.24 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:190.24,192.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:194.2,194.32 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:194.32,197.36 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:197.36,208.45 6 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:208.45,210.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:211.4,211.51 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:211.51,213.65 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:213.65,214.25 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:214.25,216.7 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:219.9,222.18 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:222.18,224.13 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:228.3,229.145 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:229.145,231.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:233.3,234.24 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:234.24,236.18 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:236.18,238.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:238.10,238.17 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:238.17,240.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:243.3,243.17 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:243.17,244.91 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:244.91,247.5 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:250.3,250.40 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:250.40,252.89 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:252.89,258.29 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:258.29,260.6 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:261.10,269.29 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:269.29,271.6 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:272.5,272.67 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:276.3,276.91 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:276.91,278.12 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:280.3,280.127 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:283.2,283.12 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:287.118,297.35 3 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:297.35,302.3 4 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:302.8,305.17 3 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:305.17,307.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:310.2,310.44 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:310.44,311.68 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:311.68,317.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:317.9,328.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:332.2,333.16 2 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:333.16,335.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:336.2,336.20 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:339.81,342.2 2 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:344.52,351.2 3 5
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:354.60,356.2 1 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:358.65,360.2 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:365.63,367.66 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:367.66,369.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:370.2,374.25 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:374.25,375.15 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:375.15,377.9 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:380.2,380.20 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:380.20,382.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:383.2,385.54 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:390.112,391.23 1 4
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:391.23,393.3 1 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:395.2,396.15 2 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:396.15,398.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:400.2,400.33 1 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:400.33,401.34 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:401.34,402.12 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:404.3,404.48 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:404.48,405.72 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:405.72,406.13 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:408.4,408.70 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:408.70,410.5 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:413.2,413.17 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:427.117,428.41 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:428.41,430.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:433.2,445.16 10 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:445.16,447.16 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:447.16,449.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:450.3,450.67 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:452.2,452.17 1 0
-github.com/calypr/git-drs/internal/config/config.go:31.36,33.2 1 8
-github.com/calypr/git-drs/internal/config/config.go:35.43,37.37 2 4
-github.com/calypr/git-drs/internal/config/config.go:37.37,39.3 1 8
-github.com/calypr/git-drs/internal/config/config.go:41.2,41.40 1 4
-github.com/calypr/git-drs/internal/config/config.go:41.40,42.32 1 7
-github.com/calypr/git-drs/internal/config/config.go:42.32,44.4 1 2
-github.com/calypr/git-drs/internal/config/config.go:47.2,47.102 1 2
-github.com/calypr/git-drs/internal/config/config.go:56.90,58.9 2 1
-github.com/calypr/git-drs/internal/config/config.go:58.9,60.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:61.2,61.20 1 1
-github.com/calypr/git-drs/internal/config/config.go:61.20,63.3 1 1
-github.com/calypr/git-drs/internal/config/config.go:64.2,64.19 1 0
-github.com/calypr/git-drs/internal/config/config.go:64.19,66.91 2 0
-github.com/calypr/git-drs/internal/config/config.go:66.91,70.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:71.3,71.50 1 0
-github.com/calypr/git-drs/internal/config/config.go:73.2,73.94 1 0
-github.com/calypr/git-drs/internal/config/config.go:76.52,78.9 2 2
-github.com/calypr/git-drs/internal/config/config.go:78.9,80.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:81.2,81.19 1 2
-github.com/calypr/git-drs/internal/config/config.go:81.19,83.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:83.8,83.27 1 2
-github.com/calypr/git-drs/internal/config/config.go:83.27,85.3 1 2
-github.com/calypr/git-drs/internal/config/config.go:86.2,86.12 1 0
-github.com/calypr/git-drs/internal/config/config.go:90.52,91.27 1 1
-github.com/calypr/git-drs/internal/config/config.go:91.27,101.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:103.2,103.46 1 1
-github.com/calypr/git-drs/internal/config/config.go:103.46,110.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:112.2,112.29 1 1
-github.com/calypr/git-drs/internal/config/config.go:116.67,117.18 1 2
-github.com/calypr/git-drs/internal/config/config.go:117.18,119.3 1 1
-github.com/calypr/git-drs/internal/config/config.go:120.2,120.29 1 1
-github.com/calypr/git-drs/internal/config/config.go:124.44,126.30 2 0
-github.com/calypr/git-drs/internal/config/config.go:126.30,128.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:129.2,129.14 1 0
-github.com/calypr/git-drs/internal/config/config.go:133.41,135.2 1 15
-github.com/calypr/git-drs/internal/config/config.go:137.46,139.2 1 0
-github.com/calypr/git-drs/internal/config/config.go:147.70,149.16 2 3
-github.com/calypr/git-drs/internal/config/config.go:149.16,151.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:153.2,154.16 2 3
-github.com/calypr/git-drs/internal/config/config.go:154.16,156.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:159.2,162.24 3 3
-github.com/calypr/git-drs/internal/config/config.go:162.24,167.37 5 1
-github.com/calypr/git-drs/internal/config/config.go:167.37,169.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:170.3,170.38 1 1
-github.com/calypr/git-drs/internal/config/config.go:170.38,172.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:173.8,173.32 1 2
-github.com/calypr/git-drs/internal/config/config.go:173.32,176.35 3 2
-github.com/calypr/git-drs/internal/config/config.go:176.35,178.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:179.3,179.32 1 2
-github.com/calypr/git-drs/internal/config/config.go:179.32,181.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:182.3,182.38 1 2
-github.com/calypr/git-drs/internal/config/config.go:182.38,184.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:185.3,185.39 1 2
-github.com/calypr/git-drs/internal/config/config.go:185.39,187.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:191.2,193.25 3 3
-github.com/calypr/git-drs/internal/config/config.go:193.25,195.3 1 3
-github.com/calypr/git-drs/internal/config/config.go:198.2,198.52 1 3
-github.com/calypr/git-drs/internal/config/config.go:198.52,200.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:202.2,202.21 1 3
-github.com/calypr/git-drs/internal/config/config.go:205.170,206.64 1 9
-github.com/calypr/git-drs/internal/config/config.go:206.64,208.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:210.2,213.46 3 9
-github.com/calypr/git-drs/internal/config/config.go:213.46,221.3 1 5
-github.com/calypr/git-drs/internal/config/config.go:221.8,221.34 1 4
-github.com/calypr/git-drs/internal/config/config.go:221.34,229.3 1 4
-github.com/calypr/git-drs/internal/config/config.go:231.2,231.30 1 9
-github.com/calypr/git-drs/internal/config/config.go:235.36,237.16 2 10
-github.com/calypr/git-drs/internal/config/config.go:237.16,239.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:241.2,242.16 2 10
-github.com/calypr/git-drs/internal/config/config.go:242.16,244.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:246.2,251.44 2 10
-github.com/calypr/git-drs/internal/config/config.go:251.44,252.36 1 109
-github.com/calypr/git-drs/internal/config/config.go:252.36,253.12 1 100
-github.com/calypr/git-drs/internal/config/config.go:257.3,258.15 2 9
-github.com/calypr/git-drs/internal/config/config.go:258.15,260.4 1 9
-github.com/calypr/git-drs/internal/config/config.go:262.3,262.50 1 9
-github.com/calypr/git-drs/internal/config/config.go:262.50,263.67 1 9
-github.com/calypr/git-drs/internal/config/config.go:263.67,264.13 1 0
-github.com/calypr/git-drs/internal/config/config.go:266.4,275.5 1 9
-github.com/calypr/git-drs/internal/config/config.go:279.2,279.17 1 10
-github.com/calypr/git-drs/internal/config/config.go:282.32,288.2 2 1
-github.com/calypr/git-drs/internal/config/config.go:290.50,292.16 2 0
-github.com/calypr/git-drs/internal/config/config.go:292.16,294.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:295.2,296.16 2 0
-github.com/calypr/git-drs/internal/config/config.go:296.16,298.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:299.2,299.32 1 0
-github.com/calypr/git-drs/internal/config/config.go:303.36,305.16 2 1
-github.com/calypr/git-drs/internal/config/config.go:305.16,307.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:309.2,310.16 2 1
-github.com/calypr/git-drs/internal/config/config.go:310.16,312.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:314.2,314.29 1 1
-github.com/calypr/git-drs/internal/config/config.go:314.29,316.3 1 1
-github.com/calypr/git-drs/internal/config/config.go:318.2,318.36 1 1
-github.com/calypr/git-drs/internal/config/config.go:323.38,325.16 2 0
-github.com/calypr/git-drs/internal/config/config.go:325.16,327.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:329.2,330.24 2 0
-github.com/calypr/git-drs/internal/config/remote.go:54.47,54.69 1 0
-github.com/calypr/git-drs/internal/config/remote.go:55.47,55.72 1 0
-github.com/calypr/git-drs/internal/config/remote.go:56.47,56.68 1 0
-github.com/calypr/git-drs/internal/config/remote.go:57.47,57.66 1 0
-github.com/calypr/git-drs/internal/config/remote.go:58.47,58.73 1 0
-github.com/calypr/git-drs/internal/config/remote.go:60.92,63.16 3 0
-github.com/calypr/git-drs/internal/config/remote.go:63.16,65.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:66.2,66.90 1 0
-github.com/calypr/git-drs/internal/config/remote.go:66.90,68.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:69.2,69.40 1 0
-github.com/calypr/git-drs/internal/config/remote.go:82.44,83.23 1 2
-github.com/calypr/git-drs/internal/config/remote.go:83.23,85.3 1 1
-github.com/calypr/git-drs/internal/config/remote.go:86.2,86.24 1 1
-github.com/calypr/git-drs/internal/config/remote.go:89.48,89.73 1 5
-github.com/calypr/git-drs/internal/config/remote.go:90.48,90.68 1 0
-github.com/calypr/git-drs/internal/config/remote.go:91.48,91.67 1 2
-github.com/calypr/git-drs/internal/config/remote.go:92.48,92.74 1 2
-github.com/calypr/git-drs/internal/config/remote.go:94.93,95.119 1 2
-github.com/calypr/git-drs/internal/config/remote.go:95.119,98.3 2 1
-github.com/calypr/git-drs/internal/config/remote.go:99.2,102.131 4 2
-github.com/calypr/git-drs/internal/config/remote.go:102.131,109.17 2 1
-github.com/calypr/git-drs/internal/config/remote.go:109.17,111.4 1 0
-github.com/calypr/git-drs/internal/config/remote.go:112.3,113.31 2 1
-github.com/calypr/git-drs/internal/config/remote.go:116.2,117.52 2 2
-github.com/calypr/git-drs/internal/config/remote.go:117.52,120.3 2 1
-github.com/calypr/git-drs/internal/config/remote.go:122.2,123.16 2 2
-github.com/calypr/git-drs/internal/config/remote.go:123.16,125.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:126.2,127.9 2 2
-github.com/calypr/git-drs/internal/config/remote.go:127.9,129.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:130.2,131.9 2 2
-github.com/calypr/git-drs/internal/config/remote.go:131.9,133.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:135.2,144.8 1 2
-github.com/calypr/git-drs/internal/config/remote.go:147.114,148.64 1 0
-github.com/calypr/git-drs/internal/config/remote.go:148.64,150.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:151.2,152.21 2 0
-github.com/calypr/git-drs/internal/config/remote.go:152.21,154.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:156.2,162.16 2 0
-github.com/calypr/git-drs/internal/config/remote.go:162.16,164.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:166.2,167.16 2 0
-github.com/calypr/git-drs/internal/config/remote.go:167.16,169.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:170.2,171.9 2 0
-github.com/calypr/git-drs/internal/config/remote.go:171.9,173.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:174.2,175.9 2 0
-github.com/calypr/git-drs/internal/config/remote.go:175.9,177.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:179.2,180.27 2 0
-github.com/calypr/git-drs/internal/config/remote.go:180.27,182.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:184.2,196.8 1 0
-github.com/calypr/git-drs/internal/config/remote.go:199.91,209.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:19.43,23.2 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:25.38,27.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:38.49,40.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:42.111,45.2 2 0
+github.com/calypr/git-drs/internal/drsobject/object.go:47.167,54.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:56.74,57.16 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:57.16,59.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:60.2,71.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:83.132,85.20 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:85.20,87.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:89.2,99.23 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:99.23,101.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:103.2,106.16 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:106.16,108.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:110.2,119.97 4 2
+github.com/calypr/git-drs/internal/drsobject/object.go:119.97,122.3 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:123.2,123.17 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:126.125,129.18 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:129.18,131.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:132.2,132.15 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:132.15,134.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:136.2,137.18 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:137.18,139.3 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:141.2,141.63 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:141.63,145.21 4 0
+github.com/calypr/git-drs/internal/drsobject/object.go:145.21,146.20 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:146.20,148.5 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:148.10,150.5 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:154.2,154.18 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:154.18,156.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:157.2,160.18 4 2
+github.com/calypr/git-drs/internal/drsobject/object.go:160.18,162.3 1 1
+github.com/calypr/git-drs/internal/drsobject/object.go:163.2,163.73 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:166.49,167.54 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:168.32,169.14 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:170.36,171.14 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:172.33,173.14 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:174.10,175.81 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:179.54,180.79 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:181.19,182.43 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:183.12,184.43 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:185.10,186.79 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:13.62,15.20 2 3
+github.com/calypr/git-drs/internal/drsobject/store.go:15.20,17.3 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:18.2,18.61 1 2
+github.com/calypr/git-drs/internal/drsobject/store.go:21.79,23.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:23.16,25.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:27.2,28.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:28.16,30.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:31.2,31.69 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:31.69,33.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:35.2,35.69 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:35.69,37.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:38.2,38.12 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:41.73,43.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:43.16,45.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:47.2,48.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:48.16,50.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:52.2,53.79 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:53.79,55.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:57.2,57.24 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:9.86,16.30 3 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:16.30,19.39 3 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:19.39,20.12 1 0
+github.com/calypr/git-drs/internal/drsremote/bulk.go:22.3,30.5 3 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:32.2,32.21 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:32.21,34.3 1 0
+github.com/calypr/git-drs/internal/drsremote/bulk.go:35.2,36.18 2 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:39.58,40.30 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:40.30,42.3 1 0
+github.com/calypr/git-drs/internal/drsremote/bulk.go:43.2,43.44 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:43.44,44.74 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:44.74,46.4 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:48.2,48.11 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:21.113,22.43 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:22.43,24.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:25.2,26.20 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:26.20,28.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:29.2,30.16 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:30.16,32.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:33.2,33.29 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:36.129,37.43 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:37.43,39.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:40.2,42.37 3 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:42.37,44.23 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:44.23,45.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:47.3,47.60 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:47.60,48.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:50.3,51.54 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:53.2,53.30 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:53.30,55.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:57.2,58.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:62.2,63.57 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:63.57,66.3 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:67.2,67.38 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:67.38,68.42 1 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:68.42,69.54 1 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:69.54,70.13 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:72.4,73.24 2 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:73.24,74.13 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:76.4,77.11 2 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:77.11,78.13 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:80.4,81.30 2 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:81.30,83.5 1 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:87.2,87.21 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:90.121,92.16 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:92.16,94.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:95.2,96.30 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:96.30,97.64 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:97.64,99.4 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:101.2,101.20 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:104.137,106.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:106.16,108.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:109.2,110.51 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:110.51,112.31 2 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:112.31,113.65 1 6
+github.com/calypr/git-drs/internal/drsremote/remote.go:113.65,115.5 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:117.3,117.31 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:119.2,119.21 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:122.139,124.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:124.16,126.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:127.2,127.23 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:127.23,129.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:130.2,131.66 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:131.66,133.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:134.2,135.22 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:135.22,137.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:138.2,139.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:139.16,141.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:142.2,142.32 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:145.144,146.43 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:146.43,148.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:149.2,150.9 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:150.9,152.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:154.2,155.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:155.16,157.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:158.2,158.25 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:158.25,160.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:162.2,163.53 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:163.53,165.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:166.2,166.69 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:166.69,167.34 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:167.34,168.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:170.3,171.81 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:171.81,172.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:174.3,174.100 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:176.2,176.17 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:181.124,183.68 2 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:183.68,185.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:187.2,188.16 2 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:188.16,190.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:191.2,191.72 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:194.163,195.68 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:195.68,197.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:198.2,198.59 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:198.59,200.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:201.2,201.70 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:204.189,205.43 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:205.43,207.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:208.2,208.78 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:208.78,210.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:211.2,216.75 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:219.152,225.2 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:233.40,235.2 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:237.59,239.2 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:241.99,247.2 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:249.93,251.2 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:253.120,254.17 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:254.17,256.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:257.2,258.39 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:261.98,263.16 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:263.16,265.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:266.2,266.54 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:266.54,269.3 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:270.2,270.23 1 1
+github.com/calypr/git-drs/internal/drsremote/scope.go:12.77,14.2 1 13
+github.com/calypr/git-drs/internal/drsremote/scope.go:16.112,17.23 1 4
+github.com/calypr/git-drs/internal/drsremote/scope.go:17.23,19.3 1 2
+github.com/calypr/git-drs/internal/drsremote/scope.go:21.2,22.15 2 2
+github.com/calypr/git-drs/internal/drsremote/scope.go:22.15,24.3 1 0
+github.com/calypr/git-drs/internal/drsremote/scope.go:26.2,26.33 1 2
+github.com/calypr/git-drs/internal/drsremote/scope.go:26.33,27.42 1 3
+github.com/calypr/git-drs/internal/drsremote/scope.go:27.42,29.4 1 1
+github.com/calypr/git-drs/internal/drsremote/scope.go:31.2,31.17 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:56.80,62.2 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:65.56,68.2 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:71.54,74.2 2 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:78.52,80.38 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:80.38,83.3 2 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:84.2,84.6 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:84.6,85.35 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:85.35,87.4 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:88.3,88.43 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:88.43,89.21 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:89.21,91.5 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:92.4,92.14 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:116.39,119.16 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:119.16,121.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:122.2,122.36 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:122.36,124.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:126.2,127.16 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:127.16,129.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:130.2,130.45 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:130.45,132.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:135.2,135.89 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:135.89,137.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:140.2,140.49 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:140.49,142.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:145.2,145.80 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:152.59,155.16 3 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:155.16,158.3 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:159.2,162.16 3 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:162.16,164.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:166.2,167.21 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:168.16,169.49 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:170.15,171.48 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:172.10,174.61 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:177.2,177.23 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:177.23,179.72 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:179.72,181.4 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:182.3,182.13 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:184.2,184.12 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:187.96,188.21 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:188.21,190.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:192.2,193.75 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:193.75,195.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:196.2,196.44 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:199.95,200.20 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:200.20,202.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:204.2,205.74 2 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:205.74,207.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:208.2,208.44 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:212.61,214.2 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:217.60,219.2 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:230.61,231.73 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:231.73,233.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:235.2,236.19 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:236.19,237.42 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:237.42,239.4 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:241.2,241.34 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:241.34,243.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:246.2,246.34 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:255.58,257.16 2 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:257.16,259.3 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:261.2,262.35 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:262.35,263.55 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:263.55,264.17 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:265.19,266.24 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:267.20,268.25 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:272.2,272.17 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:277.51,279.2 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:14.110,16.34 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:16.34,18.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:20.2,22.29 3 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:22.29,24.14 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:24.14,25.12 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:27.3,27.28 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:27.28,30.4 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:32.2,32.21 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:32.21,34.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:36.2,38.20 3 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:38.20,40.17 2 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:40.17,42.4 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:43.3,43.34 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:43.34,45.4 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:46.8,46.36 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:46.36,48.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:50.2,51.29 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:51.29,53.9 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:53.9,55.4 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:58.2,58.28 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:58.28,60.31 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:60.31,61.48 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:61.48,64.5 2 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:65.4,65.12 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:67.3,68.17 2 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:71.2,71.32 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:71.32,73.3 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:75.2,75.76 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:75.76,77.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:79.2,80.35 2 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:80.35,82.3 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:83.2,83.76 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:83.76,85.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:86.2,86.18 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:89.73,91.42 2 4
+github.com/calypr/git-drs/internal/drstrack/routes.go:91.42,93.3 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:95.2,96.20 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:96.20,98.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:100.2,101.32 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:101.32,102.43 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:102.43,105.34 3 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:105.34,107.5 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:108.4,108.24 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:111.2,111.22 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:16.103,22.16 5 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:22.16,24.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:26.2,28.46 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:28.46,32.50 3 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:32.50,33.176 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:33.176,35.13 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:39.3,42.14 3 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:42.14,45.4 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:48.2,48.13 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:48.13,49.93 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:49.93,51.4 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:54.2,54.29 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:57.77,62.16 4 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:62.16,64.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:66.2,68.21 3 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:68.21,70.44 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:70.44,71.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:73.3,74.22 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:74.22,75.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:77.3,77.62 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:79.2,79.38 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:79.38,81.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:83.2,83.24 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:83.24,85.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:87.2,89.29 3 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:89.29,91.3 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:92.2,92.26 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:95.105,100.16 4 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:100.16,102.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:103.2,103.30 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:103.30,105.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:107.2,108.29 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:108.29,111.3 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:113.2,116.21 4 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:116.21,118.44 2 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:118.44,120.12 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:123.3,124.22 2 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:124.22,126.12 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:129.3,130.35 2 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:130.35,132.12 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:135.3,135.38 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:137.2,137.38 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:137.38,139.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:141.2,141.13 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:141.13,143.20 2 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:143.20,145.4 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:146.3,146.80 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:146.80,148.4 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:151.2,151.26 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:154.47,156.16 2 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:156.16,157.25 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:157.25,159.4 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:160.3,160.57 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:162.2,162.18 1 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:165.62,168.21 3 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:168.21,170.44 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:170.44,171.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:173.3,174.22 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:174.22,175.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:177.3,177.47 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:179.2,179.14 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:182.94,183.12 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:183.12,185.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:187.2,188.23 2 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:188.23,190.22 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:190.22,193.24 3 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:193.24,195.40 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:195.40,198.14 3 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:201.4,201.33 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:203.3,203.39 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:203.39,205.4 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:208.2,208.34 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:208.34,210.3 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:212.2,213.19 2 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:213.19,215.3 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:216.2,216.79 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:216.79,218.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:219.2,219.12 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:222.43,224.2 1 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:226.44,228.2 1 8
+github.com/calypr/git-drs/internal/drstrack/tracking.go:235.41,237.31 2 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:237.31,239.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:239.8,241.3 1 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:243.2,243.44 1 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:243.44,245.3 1 10
+github.com/calypr/git-drs/internal/drstrack/tracking.go:247.2,247.16 1 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:250.49,253.44 2 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:253.44,255.3 1 14
+github.com/calypr/git-drs/internal/drstrack/tracking.go:257.2,257.31 1 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:257.31,259.3 1 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:261.2,261.18 1 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:264.68,265.76 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:265.76,267.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:269.2,270.16 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:270.16,272.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:274.2,276.16 3 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:276.16,278.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:280.2,280.21 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:22.119,23.24 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:23.24,25.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:26.2,28.27 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:28.27,30.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:31.2,31.24 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:31.24,33.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:35.2,35.32 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:35.32,38.36 3 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:38.36,44.4 5 2
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:44.9,47.18 3 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:47.18,49.13 2 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:53.3,54.145 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:54.145,56.4 1 2
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:58.3,59.24 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:59.24,61.18 2 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:61.18,63.5 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:63.10,63.17 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:63.17,65.5 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:68.3,68.17 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:68.17,69.91 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:69.91,71.5 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:74.3,74.40 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:74.40,75.89 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:75.89,81.5 2 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:81.10,90.5 2 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:91.4,91.83 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:94.3,94.97 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:94.97,96.12 2 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:98.3,98.127 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:101.2,101.12 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:104.73,105.16 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:105.16,107.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:108.2,109.24 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:109.24,111.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:112.2,115.26 4 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:115.26,117.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:118.2,118.36 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:121.47,122.16 1 6
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:122.16,124.3 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:125.2,125.41 1 5
+github.com/calypr/git-drs/cmd/remote/list.go:15.75,17.3 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:24.54,25.21 1 2
+github.com/calypr/git-drs/cmd/remote/list.go:25.21,28.4 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:29.3,29.13 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:31.54,34.17 3 1
+github.com/calypr/git-drs/cmd/remote/list.go:34.17,37.4 2 0
+github.com/calypr/git-drs/cmd/remote/list.go:39.3,39.47 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:39.47,43.17 3 1
+github.com/calypr/git-drs/cmd/remote/list.go:43.17,45.5 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:48.4,50.32 3 1
+github.com/calypr/git-drs/cmd/remote/list.go:50.32,53.5 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:53.10,53.40 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:53.40,56.5 2 0
+github.com/calypr/git-drs/cmd/remote/list.go:56.10,58.5 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:60.4,61.21 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:61.21,63.5 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:65.4,66.32 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:66.32,68.19 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:68.19,70.14 2 0
+github.com/calypr/git-drs/cmd/remote/list.go:72.5,72.76 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:72.76,74.6 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:77.3,77.13 1 1
+github.com/calypr/git-drs/cmd/remote/remove.go:17.54,18.21 1 3
+github.com/calypr/git-drs/cmd/remote/remove.go:18.21,21.4 2 2
+github.com/calypr/git-drs/cmd/remote/remove.go:22.3,22.13 1 1
+github.com/calypr/git-drs/cmd/remote/remove.go:24.54,29.17 4 2
+github.com/calypr/git-drs/cmd/remote/remove.go:29.17,31.4 1 0
+github.com/calypr/git-drs/cmd/remote/remove.go:33.3,33.44 1 2
+github.com/calypr/git-drs/cmd/remote/remove.go:33.44,35.34 2 0
+github.com/calypr/git-drs/cmd/remote/remove.go:35.34,37.5 1 0
+github.com/calypr/git-drs/cmd/remote/remove.go:38.4,43.5 2 0
+github.com/calypr/git-drs/cmd/remote/remove.go:46.3,47.17 2 2
+github.com/calypr/git-drs/cmd/remote/remove.go:47.17,49.4 1 0
+github.com/calypr/git-drs/cmd/remote/remove.go:51.3,51.34 1 2
+github.com/calypr/git-drs/cmd/remote/remove.go:51.34,54.4 2 1
+github.com/calypr/git-drs/cmd/remote/remove.go:56.3,57.13 2 1
+github.com/calypr/git-drs/cmd/remote/root.go:14.13,19.2 4 1
+github.com/calypr/git-drs/cmd/remote/set.go:15.54,16.21 1 3
+github.com/calypr/git-drs/cmd/remote/set.go:16.21,19.4 2 2
+github.com/calypr/git-drs/cmd/remote/set.go:20.3,20.13 1 1
+github.com/calypr/git-drs/cmd/remote/set.go:22.54,27.17 4 0
+github.com/calypr/git-drs/cmd/remote/set.go:27.17,29.4 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:32.3,33.40 2 0
+github.com/calypr/git-drs/cmd/remote/set.go:33.40,35.34 2 0
+github.com/calypr/git-drs/cmd/remote/set.go:35.34,37.5 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:38.4,42.5 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:46.3,48.48 2 0
+github.com/calypr/git-drs/cmd/remote/set.go:48.48,50.4 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:52.3,53.13 2 0
+github.com/calypr/git-drs/internal/pathspec/match.go:9.54,10.24 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:10.24,12.3 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:13.2,14.35 2 0
+github.com/calypr/git-drs/internal/pathspec/match.go:14.35,16.20 2 0
+github.com/calypr/git-drs/internal/pathspec/match.go:16.20,17.12 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:19.3,19.35 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:19.35,21.4 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:23.2,23.14 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:26.41,28.42 2 5
+github.com/calypr/git-drs/internal/pathspec/match.go:28.42,30.3 1 2
+github.com/calypr/git-drs/internal/pathspec/match.go:31.2,32.16 2 3
+github.com/calypr/git-drs/internal/pathspec/match.go:32.16,34.3 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:35.2,35.29 1 3
+github.com/calypr/git-drs/internal/pathspec/match.go:38.42,41.36 3 3
+github.com/calypr/git-drs/internal/pathspec/match.go:41.36,43.13 2 21
+github.com/calypr/git-drs/internal/pathspec/match.go:44.12,45.49 1 3
+github.com/calypr/git-drs/internal/pathspec/match.go:45.49,48.13 3 1
+github.com/calypr/git-drs/internal/pathspec/match.go:50.4,50.26 1 2
+github.com/calypr/git-drs/internal/pathspec/match.go:51.12,52.25 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:53.68,55.19 2 2
+github.com/calypr/git-drs/internal/pathspec/match.go:56.11,57.19 1 16
+github.com/calypr/git-drs/internal/pathspec/match.go:60.2,61.19 2 3
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:9.113,11.16 2 1
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:11.16,13.3 1 0
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:15.2,15.47 1 1
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:15.47,19.3 3 1
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:21.2,21.42 1 0
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:21.42,25.3 3 0
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:26.2,26.17 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:37.54,39.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:49.42,56.2 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:58.68,61.16 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:61.16,63.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:65.2,68.16 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:68.16,70.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:72.2,76.16 4 0
+github.com/calypr/git-drs/cmd/prepush/main.go:76.16,80.3 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:82.2,83.25 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:83.25,87.3 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:88.2,89.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:89.16,91.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:93.2,99.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:99.16,101.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:103.2,109.16 6 0
+github.com/calypr/git-drs/cmd/prepush/main.go:109.16,112.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:113.2,113.15 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:113.15,116.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:118.2,119.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:119.16,122.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:123.2,123.110 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:123.110,126.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:127.2,131.16 4 0
+github.com/calypr/git-drs/cmd/prepush/main.go:131.16,134.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:136.2,142.16 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:142.16,145.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:148.2,149.106 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:149.106,152.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:154.2,155.12 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:192.73,194.19 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:194.19,196.3 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:197.2,198.23 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:198.23,200.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:201.2,202.26 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:202.26,204.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:205.2,206.22 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:206.22,208.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:209.2,217.22 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:217.22,219.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:221.2,221.26 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:221.26,223.34 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:223.34,228.4 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:231.2,231.57 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:231.57,233.39 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:233.39,235.26 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:235.26,237.5 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:238.4,239.24 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:239.24,241.5 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:242.4,243.27 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:243.27,245.5 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:246.4,254.52 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:258.2,258.12 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:261.151,263.16 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:263.16,265.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:266.2,269.32 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:269.32,271.31 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:271.31,273.12 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:275.3,275.90 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:277.2,277.26 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:277.26,280.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:282.2,287.16 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:287.16,289.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:291.2,292.16 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:292.16,294.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:295.2,297.67 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:297.67,299.3 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:301.2,303.16 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:303.16,305.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:306.2,308.53 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:308.53,313.26 3 6
+github.com/calypr/git-drs/cmd/prepush/main.go:314.84,316.14 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:320.3,320.86 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:320.86,323.4 2 1
+github.com/calypr/git-drs/cmd/prepush/main.go:324.3,324.101 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:326.2,326.12 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:329.64,330.66 1 12
+github.com/calypr/git-drs/cmd/prepush/main.go:330.66,331.52 1 12
+github.com/calypr/git-drs/cmd/prepush/main.go:331.52,333.4 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:335.2,336.52 2 10
+github.com/calypr/git-drs/cmd/prepush/main.go:336.52,338.3 1 8
+github.com/calypr/git-drs/cmd/prepush/main.go:339.2,340.74 2 2
+github.com/calypr/git-drs/cmd/prepush/main.go:343.54,345.20 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:345.20,347.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:348.2,348.20 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:348.20,350.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:351.2,351.25 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:351.25,353.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:354.2,354.41 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:357.89,359.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:359.16,362.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:363.2,363.47 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:363.47,364.25 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:364.25,366.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:366.9,368.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:369.3,369.20 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:371.2,371.20 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:374.231,375.16 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:375.16,377.17 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:377.17,379.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:379.9,379.16 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:379.16,381.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:382.3,382.86 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:384.2,385.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:385.16,387.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:388.2,388.29 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:393.56,395.2 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:397.44,399.100 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:399.100,401.3 1 1
+github.com/calypr/git-drs/cmd/prepush/main.go:402.2,402.38 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:405.156,406.18 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:406.18,408.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:409.2,410.16 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:410.16,412.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:413.2,414.29 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:414.29,416.17 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:416.17,418.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:419.3,419.10 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:419.10,421.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:422.3,423.16 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:423.16,425.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:426.3,426.88 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:426.88,428.4 1 1
+github.com/calypr/git-drs/cmd/prepush/main.go:429.3,430.17 2 2
+github.com/calypr/git-drs/cmd/prepush/main.go:430.17,433.4 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:434.3,440.4 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:442.2,442.28 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:445.79,448.27 3 3
+github.com/calypr/git-drs/cmd/prepush/main.go:448.27,449.52 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:449.52,450.12 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:452.3,453.54 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:453.54,455.4 1 1
+github.com/calypr/git-drs/cmd/prepush/main.go:455.9,457.4 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:458.3,459.17 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:459.17,461.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:462.3,462.68 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:462.68,464.18 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:464.18,465.13 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:467.4,467.26 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:470.2,471.24 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:471.24,473.3 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:474.2,475.19 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:478.69,482.16 4 3
+github.com/calypr/git-drs/cmd/prepush/main.go:482.16,484.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:485.2,485.25 1 3
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:21.59,22.40 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:22.40,24.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:25.2,27.21 3 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:27.21,29.22 2 6
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:29.22,30.12 1 1
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:32.3,37.5 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:39.2,39.38 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:39.38,41.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:42.2,42.40 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:42.40,44.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:45.2,45.18 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:48.50,51.27 3 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:51.27,52.46 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:52.46,54.20 2 4
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:54.20,56.5 1 4
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:59.2,60.26 2 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:60.26,62.3 1 4
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:63.2,64.17 2 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:67.60,69.27 2 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:69.27,74.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:75.2,75.12 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:59.48,61.16 2 1
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:61.16,63.3 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:64.2,71.8 2 1
@@ -1775,34 +2346,615 @@ github.com/calypr/git-drs/internal/precommit_cache/helpers.go:163.3,163.65 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:165.2,166.47 2 2
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:166.47,168.3 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:169.2,169.23 1 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:179.70,182.24 3 3
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:182.24,184.3 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:185.2,185.12 1 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:185.12,190.3 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:191.2,191.12 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:196.62,198.16 2 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:198.16,200.3 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:201.2,201.31 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:210.51,212.2 1 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:216.49,219.2 2 4
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:223.37,225.2 1 3
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:229.49,231.16 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:231.16,233.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:234.2,234.23 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:244.61,246.16 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:246.16,248.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:249.2,250.18 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:250.18,252.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:253.2,253.29 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:253.29,255.17 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:255.17,257.4 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:258.3,259.39 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:261.2,261.20 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:266.63,270.16 4 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:270.16,276.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:277.2,277.17 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:172.38,173.62 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:173.62,174.49 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:174.49,176.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:178.2,178.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:181.56,182.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:182.41,184.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:185.2,185.60 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:188.99,189.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:189.41,191.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:192.2,192.83 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:195.64,196.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:196.41,198.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:199.2,199.49 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:202.52,203.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:203.41,205.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:206.2,206.92 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:206.92,208.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:209.2,209.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:219.70,222.24 3 3
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:222.24,224.3 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:225.2,225.12 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:225.12,230.3 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:231.2,231.12 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:236.62,238.16 2 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:238.16,240.3 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:241.2,241.31 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:250.51,252.2 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:256.49,259.2 2 4
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:263.37,265.2 1 3
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:269.49,271.16 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:271.16,273.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:274.2,274.23 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:284.61,286.16 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:286.16,288.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:289.2,290.18 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:290.18,292.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:293.2,293.29 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:293.29,295.17 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:295.17,297.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:298.3,299.39 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:301.2,301.20 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:306.63,310.16 4 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:310.16,316.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:317.2,317.17 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:320.48,322.48 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:322.48,324.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:325.2,326.16 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:326.16,328.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:329.2,332.38 4 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:332.38,336.3 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:337.2,337.36 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:337.36,340.3 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:341.2,341.33 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:344.97,347.42 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:347.42,349.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:350.2,350.21 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:350.21,352.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:353.2,354.29 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:354.29,356.30 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:356.30,357.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:359.3,359.27 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:361.2,361.38 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:361.38,363.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:364.2,365.26 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:365.26,367.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:368.2,371.31 4 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:374.58,375.67 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:375.67,377.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:378.2,380.16 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:380.16,381.37 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:381.37,383.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:384.3,384.13 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:386.2,387.47 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:387.47,389.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:390.2,391.36 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:391.36,392.60 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:392.60,393.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:395.3,395.40 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:397.2,399.24 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:399.24,400.73 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:400.73,402.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:403.3,403.13 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:405.2,406.31 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:409.51,412.2 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:44.140,53.21 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:53.21,55.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:57.2,58.49 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:58.49,60.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:61.2,61.59 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:61.59,63.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:65.2,66.16 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:66.16,68.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:69.2,69.26 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:69.26,71.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:73.2,73.46 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:76.77,78.26 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:78.26,80.16 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:80.16,81.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:83.3,83.45 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:83.45,84.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:86.3,88.31 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:90.2,90.22 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:93.51,95.29 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:95.29,97.17 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:97.17,99.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:100.3,100.31 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:100.31,102.20 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:102.20,103.13 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:105.4,105.68 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:108.2,108.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:111.61,114.29 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:114.29,116.17 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:116.17,118.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:119.3,122.21 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:122.21,125.12 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:127.3,127.128 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:127.128,129.31 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:129.31,131.5 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:132.4,132.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:135.3,136.50 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:136.50,138.18 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:138.18,140.5 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:141.4,143.12 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:146.3,147.31 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:150.2,150.26 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:150.26,152.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:154.2,158.16 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:158.16,160.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:161.2,161.36 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:161.36,164.16 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:164.16,167.4 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:169.2,169.12 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:172.93,173.25 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:173.25,175.41 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:175.41,177.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:179.2,179.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:182.121,185.16 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:185.16,187.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:188.2,188.54 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:188.54,190.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:191.2,191.17 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:194.97,196.111 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:196.111,198.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:199.2,200.16 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:200.16,202.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:203.2,204.16 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:204.16,206.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:207.2,207.17 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:210.138,211.15 1 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:211.15,213.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:214.2,214.34 1 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:214.34,216.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:217.2,217.15 1 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:217.15,218.45 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:218.45,220.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:223.2,224.69 2 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:224.69,226.3 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:227.2,227.31 1 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:227.31,229.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:231.2,232.42 2 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:232.42,234.3 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:236.2,237.16 2 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:237.16,239.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:240.2,240.21 1 5
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:240.21,242.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:244.2,244.68 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:244.68,246.3 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:248.2,252.29 5 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:252.29,254.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:255.2,255.36 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:255.36,257.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:258.2,258.33 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:258.33,260.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:261.2,261.17 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:264.123,266.23 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:266.23,268.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:269.2,270.33 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:270.33,272.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:273.2,274.17 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:274.17,276.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:277.2,280.50 4 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:280.50,282.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:283.2,283.38 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:283.38,285.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:286.2,286.104 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:286.104,288.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:289.2,289.102 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:289.102,291.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:292.2,292.13 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:295.51,296.76 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:296.76,298.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:299.2,300.25 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:300.25,302.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:303.2,303.44 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:306.71,308.50 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:308.50,310.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:311.2,311.35 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:312.28,313.49 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:314.10,315.23 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:319.82,321.29 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:321.29,323.17 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:323.17,325.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:326.3,326.19 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:326.19,327.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:330.3,332.17 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:332.17,334.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:335.3,335.17 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:335.17,337.12 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:340.3,341.17 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:341.17,343.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:345.3,351.5 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:353.2,353.24 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:356.66,357.29 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:357.29,359.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:360.2,360.27 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:360.27,362.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:363.2,363.37 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:363.37,365.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:366.2,366.19 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:369.60,370.76 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:370.76,372.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:373.2,373.40 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:373.40,374.70 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:374.70,375.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:377.3,377.48 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:377.48,379.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:381.2,381.14 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:384.82,386.20 2 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:386.20,388.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:389.2,390.22 2 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:390.22,392.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:394.2,396.23 3 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:396.23,398.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:400.2,400.20 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:400.20,403.27 3 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:403.27,405.23 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:405.23,408.85 3 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:408.85,410.6 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:411.5,412.15 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:415.3,415.35 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:415.35,417.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:420.2,420.26 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:420.26,423.83 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:423.83,425.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:426.3,426.29 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:428.2,428.12 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:431.77,434.31 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:434.31,441.3 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:442.2,446.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:449.112,450.23 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:450.23,452.3 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:453.2,454.74 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:454.74,455.29 1 7
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:455.29,457.4 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:458.3,466.13 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:470.67,471.23 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:471.23,473.3 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:474.2,481.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:484.69,485.23 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:485.23,487.3 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:488.2,495.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:498.113,499.31 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:499.31,500.25 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:500.25,502.4 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:502.9,504.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:506.2,506.8 1 2
+github.com/calypr/git-drs/internal/pushsync/register.go:26.79,27.56 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:27.56,29.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:30.2,30.29 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:38.165,40.2 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:65.57,66.15 1 3
+github.com/calypr/git-drs/internal/pushsync/register.go:66.15,68.3 1 2
+github.com/calypr/git-drs/internal/pushsync/register.go:69.2,86.3 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:90.106,92.74 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:92.74,94.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:95.2,97.16 3 0
+github.com/calypr/git-drs/internal/pushsync/register.go:97.16,100.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:101.2,101.24 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:101.24,103.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:104.2,105.24 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:108.93,110.41 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:110.41,112.16 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:112.16,114.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:115.3,115.74 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:115.74,117.4 1 5
+github.com/calypr/git-drs/internal/pushsync/register.go:118.3,118.28 1 2
+github.com/calypr/git-drs/internal/pushsync/register.go:121.2,121.75 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:121.75,123.47 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:123.47,125.4 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:126.3,126.16 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:126.16,127.81 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:127.81,131.111 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:131.111,133.6 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:137.2,137.16 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:137.16,139.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:140.2,140.11 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:143.101,145.15 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:145.15,147.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:149.2,150.16 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:150.16,151.89 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:151.89,153.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:156.2,156.15 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:156.15,158.3 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:160.2,161.20 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:161.20,163.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:164.2,164.16 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:164.16,166.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:167.2,167.32 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:170.141,172.24 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:172.24,175.17 3 0
+github.com/calypr/git-drs/internal/pushsync/register.go:175.17,177.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:178.3,178.19 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:178.19,181.4 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:184.2,186.38 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:186.38,188.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:189.2,190.20 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:190.20,192.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:193.2,195.25 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:195.25,202.3 1 4
+github.com/calypr/git-drs/internal/pushsync/register.go:204.2,218.20 6 7
+github.com/calypr/git-drs/internal/pushsync/register.go:218.20,220.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:221.2,221.97 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:221.97,223.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:224.2,224.20 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:224.20,225.146 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:225.146,227.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:228.3,228.13 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:230.2,230.146 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:230.146,232.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:233.2,233.12 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:236.141,239.41 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:239.41,241.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:243.2,243.79 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:243.79,249.157 6 1
+github.com/calypr/git-drs/internal/pushsync/register.go:249.157,251.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:252.3,252.58 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:252.58,254.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:255.3,255.23 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:258.2,261.9 2 6
+github.com/calypr/git-drs/internal/pushsync/register.go:261.9,263.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:264.2,269.69 2 6
+github.com/calypr/git-drs/internal/pushsync/register.go:272.66,275.41 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:275.41,277.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:278.2,282.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:285.82,287.68 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:287.68,289.3 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:290.2,290.56 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:290.56,292.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:295.90,297.16 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:297.16,299.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:300.2,301.23 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:301.23,303.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:304.2,305.16 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:305.16,307.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:308.2,309.28 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:309.28,311.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:312.2,312.12 1 0
 github.com/calypr/git-drs/internal/version/version.go:22.22,24.2 1 1
 github.com/calypr/git-drs/internal/version/version.go:27.24,35.2 1 1
+github.com/calypr/git-drs/internal/config/config.go:32.36,34.2 1 8
+github.com/calypr/git-drs/internal/config/config.go:36.43,38.37 2 4
+github.com/calypr/git-drs/internal/config/config.go:38.37,40.3 1 8
+github.com/calypr/git-drs/internal/config/config.go:42.2,42.40 1 4
+github.com/calypr/git-drs/internal/config/config.go:42.40,43.32 1 7
+github.com/calypr/git-drs/internal/config/config.go:43.32,45.4 1 2
+github.com/calypr/git-drs/internal/config/config.go:48.2,48.102 1 2
+github.com/calypr/git-drs/internal/config/config.go:57.90,59.9 2 1
+github.com/calypr/git-drs/internal/config/config.go:59.9,61.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:62.2,62.20 1 1
+github.com/calypr/git-drs/internal/config/config.go:62.20,64.3 1 1
+github.com/calypr/git-drs/internal/config/config.go:65.2,65.19 1 0
+github.com/calypr/git-drs/internal/config/config.go:65.19,67.91 2 0
+github.com/calypr/git-drs/internal/config/config.go:67.91,71.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:72.3,72.50 1 0
+github.com/calypr/git-drs/internal/config/config.go:74.2,74.94 1 0
+github.com/calypr/git-drs/internal/config/config.go:77.52,79.9 2 2
+github.com/calypr/git-drs/internal/config/config.go:79.9,81.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:82.2,82.19 1 2
+github.com/calypr/git-drs/internal/config/config.go:82.19,84.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:84.8,84.27 1 2
+github.com/calypr/git-drs/internal/config/config.go:84.27,86.3 1 2
+github.com/calypr/git-drs/internal/config/config.go:87.2,87.12 1 0
+github.com/calypr/git-drs/internal/config/config.go:91.52,92.27 1 1
+github.com/calypr/git-drs/internal/config/config.go:92.27,102.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:104.2,104.46 1 1
+github.com/calypr/git-drs/internal/config/config.go:104.46,111.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:113.2,113.29 1 1
+github.com/calypr/git-drs/internal/config/config.go:117.67,118.18 1 2
+github.com/calypr/git-drs/internal/config/config.go:118.18,120.3 1 1
+github.com/calypr/git-drs/internal/config/config.go:121.2,121.29 1 1
+github.com/calypr/git-drs/internal/config/config.go:125.44,127.30 2 0
+github.com/calypr/git-drs/internal/config/config.go:127.30,129.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:130.2,130.14 1 0
+github.com/calypr/git-drs/internal/config/config.go:134.41,136.2 1 15
+github.com/calypr/git-drs/internal/config/config.go:138.46,140.2 1 0
+github.com/calypr/git-drs/internal/config/config.go:148.70,150.16 2 3
+github.com/calypr/git-drs/internal/config/config.go:150.16,152.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:154.2,155.16 2 3
+github.com/calypr/git-drs/internal/config/config.go:155.16,157.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:160.2,163.24 3 3
+github.com/calypr/git-drs/internal/config/config.go:163.24,168.37 5 1
+github.com/calypr/git-drs/internal/config/config.go:168.37,170.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:171.3,171.38 1 1
+github.com/calypr/git-drs/internal/config/config.go:171.38,173.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:174.8,174.32 1 2
+github.com/calypr/git-drs/internal/config/config.go:174.32,177.35 3 2
+github.com/calypr/git-drs/internal/config/config.go:177.35,179.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:180.3,180.32 1 2
+github.com/calypr/git-drs/internal/config/config.go:180.32,182.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:183.3,183.38 1 2
+github.com/calypr/git-drs/internal/config/config.go:183.38,185.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:186.3,186.39 1 2
+github.com/calypr/git-drs/internal/config/config.go:186.39,188.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:192.2,194.25 3 3
+github.com/calypr/git-drs/internal/config/config.go:194.25,196.3 1 3
+github.com/calypr/git-drs/internal/config/config.go:199.2,199.52 1 3
+github.com/calypr/git-drs/internal/config/config.go:199.52,201.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:203.2,203.21 1 3
+github.com/calypr/git-drs/internal/config/config.go:206.170,207.64 1 9
+github.com/calypr/git-drs/internal/config/config.go:207.64,209.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:211.2,214.46 3 9
+github.com/calypr/git-drs/internal/config/config.go:214.46,222.3 1 5
+github.com/calypr/git-drs/internal/config/config.go:222.8,222.34 1 4
+github.com/calypr/git-drs/internal/config/config.go:222.34,230.3 1 4
+github.com/calypr/git-drs/internal/config/config.go:232.2,232.30 1 9
+github.com/calypr/git-drs/internal/config/config.go:236.36,238.16 2 10
+github.com/calypr/git-drs/internal/config/config.go:238.16,240.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:242.2,243.16 2 10
+github.com/calypr/git-drs/internal/config/config.go:243.16,245.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:247.2,252.44 2 10
+github.com/calypr/git-drs/internal/config/config.go:252.44,253.36 1 109
+github.com/calypr/git-drs/internal/config/config.go:253.36,254.12 1 100
+github.com/calypr/git-drs/internal/config/config.go:258.3,259.15 2 9
+github.com/calypr/git-drs/internal/config/config.go:259.15,261.4 1 9
+github.com/calypr/git-drs/internal/config/config.go:263.3,263.50 1 9
+github.com/calypr/git-drs/internal/config/config.go:263.50,264.67 1 9
+github.com/calypr/git-drs/internal/config/config.go:264.67,265.13 1 0
+github.com/calypr/git-drs/internal/config/config.go:267.4,276.5 1 9
+github.com/calypr/git-drs/internal/config/config.go:280.2,280.17 1 10
+github.com/calypr/git-drs/internal/config/config.go:283.32,289.2 2 1
+github.com/calypr/git-drs/internal/config/config.go:291.50,293.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:293.16,295.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:296.2,297.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:297.16,299.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:300.2,300.32 1 0
+github.com/calypr/git-drs/internal/config/config.go:304.36,306.16 2 1
+github.com/calypr/git-drs/internal/config/config.go:306.16,308.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:310.2,311.16 2 1
+github.com/calypr/git-drs/internal/config/config.go:311.16,313.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:315.2,315.29 1 1
+github.com/calypr/git-drs/internal/config/config.go:315.29,317.3 1 1
+github.com/calypr/git-drs/internal/config/config.go:319.2,319.36 1 1
+github.com/calypr/git-drs/internal/config/config.go:322.49,324.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:324.16,326.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:328.2,328.37 1 0
+github.com/calypr/git-drs/internal/config/config.go:328.37,330.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:332.2,346.60 3 0
+github.com/calypr/git-drs/internal/config/config.go:346.60,348.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:350.2,350.31 1 0
+github.com/calypr/git-drs/internal/config/config.go:350.31,352.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:354.2,354.40 1 0
+github.com/calypr/git-drs/internal/config/config.go:354.40,356.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:358.2,358.29 1 0
+github.com/calypr/git-drs/internal/config/config.go:358.29,359.87 1 0
+github.com/calypr/git-drs/internal/config/config.go:359.87,361.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:364.2,364.21 1 0
+github.com/calypr/git-drs/internal/config/config.go:367.38,368.41 1 0
+github.com/calypr/git-drs/internal/config/config.go:368.41,370.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:372.2,373.32 2 0
+github.com/calypr/git-drs/internal/config/config.go:373.32,375.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:376.2,377.25 2 0
+github.com/calypr/git-drs/internal/config/config.go:382.38,384.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:384.16,386.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:388.2,389.24 2 0
+github.com/calypr/git-drs/internal/config/remote.go:54.47,54.69 1 1
+github.com/calypr/git-drs/internal/config/remote.go:55.47,55.72 1 2
+github.com/calypr/git-drs/internal/config/remote.go:56.47,56.68 1 0
+github.com/calypr/git-drs/internal/config/remote.go:57.47,57.66 1 1
+github.com/calypr/git-drs/internal/config/remote.go:58.47,58.73 1 1
+github.com/calypr/git-drs/internal/config/remote.go:60.92,63.16 3 0
+github.com/calypr/git-drs/internal/config/remote.go:63.16,65.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:66.2,66.94 1 0
+github.com/calypr/git-drs/internal/config/remote.go:66.94,68.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:69.2,69.40 1 0
+github.com/calypr/git-drs/internal/config/remote.go:82.44,83.23 1 2
+github.com/calypr/git-drs/internal/config/remote.go:83.23,85.3 1 1
+github.com/calypr/git-drs/internal/config/remote.go:86.2,86.24 1 1
+github.com/calypr/git-drs/internal/config/remote.go:89.48,89.73 1 5
+github.com/calypr/git-drs/internal/config/remote.go:90.48,90.68 1 0
+github.com/calypr/git-drs/internal/config/remote.go:91.48,91.67 1 2
+github.com/calypr/git-drs/internal/config/remote.go:92.48,92.74 1 2
+github.com/calypr/git-drs/internal/config/remote.go:94.93,95.119 1 2
+github.com/calypr/git-drs/internal/config/remote.go:95.119,98.3 2 1
+github.com/calypr/git-drs/internal/config/remote.go:99.2,102.131 4 2
+github.com/calypr/git-drs/internal/config/remote.go:102.131,109.17 2 1
+github.com/calypr/git-drs/internal/config/remote.go:109.17,111.4 1 0
+github.com/calypr/git-drs/internal/config/remote.go:112.3,113.31 2 1
+github.com/calypr/git-drs/internal/config/remote.go:116.2,117.52 2 2
+github.com/calypr/git-drs/internal/config/remote.go:117.52,120.3 2 1
+github.com/calypr/git-drs/internal/config/remote.go:122.2,123.16 2 2
+github.com/calypr/git-drs/internal/config/remote.go:123.16,125.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:126.2,127.9 2 2
+github.com/calypr/git-drs/internal/config/remote.go:127.9,129.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:131.2,139.8 1 2
+github.com/calypr/git-drs/internal/config/remote.go:142.114,143.64 1 1
+github.com/calypr/git-drs/internal/config/remote.go:143.64,145.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:146.2,147.21 2 1
+github.com/calypr/git-drs/internal/config/remote.go:147.21,149.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:151.2,157.16 2 1
+github.com/calypr/git-drs/internal/config/remote.go:157.16,159.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:161.2,162.16 2 1
+github.com/calypr/git-drs/internal/config/remote.go:162.16,164.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:165.2,166.9 2 1
+github.com/calypr/git-drs/internal/config/remote.go:166.9,168.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:170.2,171.27 2 1
+github.com/calypr/git-drs/internal/config/remote.go:171.27,173.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:175.2,186.8 1 1
+github.com/calypr/git-drs/internal/config/remote.go:189.91,199.2 1 0
+github.com/calypr/git-drs/internal/config/remote.go:201.72,202.16 1 0
+github.com/calypr/git-drs/internal/config/remote.go:202.16,204.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:205.2,205.41 1 0
+github.com/calypr/git-drs/internal/config/remote.go:205.41,207.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:208.2,208.110 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:18.105,21.27 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:21.27,24.77 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:24.77,25.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:27.3,28.17 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:28.17,30.4 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:31.3,31.30 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:31.30,33.30 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:33.30,34.13 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:36.4,39.18 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:39.18,41.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:42.4,42.11 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:42.11,43.13 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:45.4,45.77 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:48.2,48.21 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:51.52,53.29 2 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:53.29,55.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:56.2,57.12 2 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:60.84,63.16 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:63.16,65.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:66.2,68.29 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:68.29,70.17 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:70.17,71.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:73.3,74.40 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:74.40,75.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:77.3,77.34 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:79.2,79.19 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:82.81,86.16 4 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:86.16,88.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:89.2,90.9 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:90.9,92.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:93.2,93.85 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:96.33,98.2 1 9
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:11.96,14.27 3 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:14.27,16.40 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:16.40,17.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:19.3,19.32 1 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:19.32,20.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:22.3,23.36 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:25.2,25.23 1 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:25.23,27.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:29.2,30.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:30.16,32.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:33.2,34.32 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:34.32,37.3 2 1
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:38.2,38.29 1 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:38.29,40.3 1 1
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:41.2,41.23 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:27.136,28.43 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:28.43,30.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:31.2,31.19 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:31.19,33.3 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:34.2,34.20 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:34.20,36.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:38.2,39.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:39.16,41.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:42.2,42.28 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:42.28,44.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:46.2,47.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:47.16,49.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:51.2,52.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:52.16,54.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:56.2,57.43 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:57.43,58.54 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:58.54,60.12 2 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:63.3,64.17 2 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:64.17,66.4 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:67.3,67.23 1 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:68.10,70.21 2 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:70.21,72.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:73.4,73.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:74.10,74.10 0 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:75.11,77.21 2 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:77.21,79.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:80.4,80.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:83.3,85.37 3 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:85.37,87.4 1 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:88.3,88.27 1 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:88.27,89.81 1 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:89.81,91.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:92.4,93.12 2 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:96.3,99.24 2 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:99.24,101.4 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:102.3,102.29 1 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:105.2,105.177 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:105.177,113.3 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:114.2,114.21 1 3
 github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:16.49,22.2 5 61
 github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:24.45,26.2 1 23
 github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:28.58,30.2 1 19
@@ -1854,21 +3006,23 @@ github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:57.23,59.19 2 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:59.19,61.4 1 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:62.3,65.9 1 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:68.2,68.28 1 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:68.28,70.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:71.2,74.8 1 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:77.78,80.32 3 4
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:80.32,82.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:83.2,84.16 2 4
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:84.16,86.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:87.2,87.37 1 4
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:87.37,89.3 1 3
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:90.2,91.16 2 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:91.16,93.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:94.2,97.14 1 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:100.49,102.29 2 3
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:102.29,104.17 2 6
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:104.17,106.4 1 3
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:108.2,108.34 1 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:68.28,69.20 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:69.20,71.4 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:72.3,72.232 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:74.2,77.8 1 1
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:80.78,83.32 3 4
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:83.32,85.3 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:86.2,87.16 2 4
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:87.16,89.3 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:90.2,90.37 1 4
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:90.37,92.3 1 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:93.2,94.16 2 1
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:94.16,96.3 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:97.2,100.14 1 1
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:103.49,105.29 2 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:105.29,107.17 2 6
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:107.17,109.4 1 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:111.2,111.34 1 3
 github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:10.47,12.2 1 0
 github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:14.50,16.2 1 2
 github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:18.50,20.2 1 2
@@ -1957,602 +3111,203 @@ github.com/calypr/git-drs/internal/gitrepo/repo.go:139.16,141.3 1 0
 github.com/calypr/git-drs/internal/gitrepo/repo.go:142.2,143.16 2 0
 github.com/calypr/git-drs/internal/gitrepo/repo.go:143.16,145.3 1 0
 github.com/calypr/git-drs/internal/gitrepo/repo.go:146.2,147.12 2 0
-github.com/calypr/git-drs/internal/lfs/clean.go:26.69,28.75 2 5
-github.com/calypr/git-drs/internal/lfs/clean.go:28.75,30.3 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:31.2,31.49 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:31.49,33.45 2 16
-github.com/calypr/git-drs/internal/lfs/clean.go:33.45,35.4 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:36.3,36.39 1 16
-github.com/calypr/git-drs/internal/lfs/clean.go:36.39,38.4 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:40.2,40.15 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:40.15,42.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:43.2,43.24 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:49.65,58.91 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:58.91,65.3 4 1
-github.com/calypr/git-drs/internal/lfs/clean.go:66.2,66.55 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:76.127,80.51 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:80.51,82.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:85.2,86.16 2 1
-github.com/calypr/git-drs/internal/lfs/clean.go:86.16,88.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:89.2,90.15 2 1
-github.com/calypr/git-drs/internal/lfs/clean.go:90.15,91.53 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:91.53,93.4 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:96.2,98.16 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:98.16,101.3 2 0
-github.com/calypr/git-drs/internal/lfs/clean.go:102.2,102.36 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:102.36,104.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:105.2,108.29 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:108.29,109.60 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:109.60,110.64 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:110.64,111.46 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:111.46,113.6 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:114.5,114.80 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:114.80,116.6 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:117.5,118.15 2 1
-github.com/calypr/git-drs/internal/lfs/clean.go:124.2,125.16 2 0
-github.com/calypr/git-drs/internal/lfs/clean.go:125.16,127.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:128.2,128.68 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:128.68,130.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:131.2,131.54 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:131.54,133.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:135.2,142.56 3 0
-github.com/calypr/git-drs/internal/lfs/clean.go:142.56,144.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:147.2,147.63 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:147.63,149.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:151.2,151.12 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:24.124,25.68 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:25.68,27.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:29.2,30.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:30.16,32.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:34.2,39.79 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:42.163,43.68 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:43.68,45.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:46.2,46.78 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:46.78,48.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:49.2,50.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:50.16,52.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:54.2,59.79 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:69.107,70.70 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:70.70,72.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:74.2,75.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:75.16,77.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:79.2,84.8 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:87.127,88.70 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:88.70,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:91.2,96.8 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:99.39,99.63 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:101.58,101.84 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:103.76,105.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:107.98,108.21 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:108.21,110.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:111.2,116.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:119.92,121.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:123.119,124.17 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:124.17,126.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:127.2,128.39 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:131.93,133.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:135.100,137.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:139.89,141.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:143.135,145.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:147.132,149.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:151.72,153.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:155.107,156.23 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:156.23,158.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:159.2,160.23 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:160.23,162.22 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:162.22,164.4 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:165.3,165.66 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:167.2,167.47 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:167.47,169.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:170.2,171.94 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:171.94,173.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:174.2,174.46 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:174.46,178.3 3 0
-github.com/calypr/git-drs/internal/lfs/download.go:179.2,179.23 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:56.80,62.2 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:65.56,68.2 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:71.54,74.2 2 0
-github.com/calypr/git-drs/internal/lfs/filter.go:78.52,80.38 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:80.38,83.3 2 0
-github.com/calypr/git-drs/internal/lfs/filter.go:84.2,84.6 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:84.6,85.35 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:85.35,87.4 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:88.3,88.43 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:88.43,89.21 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:89.21,91.5 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:92.4,92.14 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:116.39,119.16 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:119.16,121.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:122.2,122.36 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:122.36,124.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:126.2,127.16 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:127.16,129.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:130.2,130.45 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:130.45,132.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:135.2,135.89 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:135.89,137.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:140.2,140.49 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:140.49,142.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:145.2,145.80 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:152.59,155.16 3 2
-github.com/calypr/git-drs/internal/lfs/filter.go:155.16,158.3 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:159.2,162.16 3 1
-github.com/calypr/git-drs/internal/lfs/filter.go:162.16,164.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:166.2,167.21 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:168.16,169.49 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:170.15,171.48 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:172.10,174.61 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:177.2,177.23 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:177.23,179.72 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:179.72,181.4 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:182.3,182.13 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:184.2,184.12 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:187.96,188.21 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:188.21,190.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:192.2,193.75 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:193.75,195.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:196.2,196.44 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:199.95,200.20 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:200.20,202.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:204.2,205.74 2 0
-github.com/calypr/git-drs/internal/lfs/filter.go:205.74,207.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:208.2,208.44 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:212.61,214.2 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:217.60,219.2 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:230.61,231.73 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:231.73,233.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:235.2,236.19 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:236.19,237.42 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:237.42,239.4 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:241.2,241.34 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:241.34,243.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:246.2,246.34 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:255.58,257.16 2 2
-github.com/calypr/git-drs/internal/lfs/filter.go:257.16,259.3 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:261.2,262.35 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:262.35,263.55 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:263.55,264.17 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:265.19,266.24 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:267.20,268.25 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:272.2,272.17 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:277.51,279.2 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:16.110,18.34 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:18.34,20.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:23.2,25.29 3 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:25.29,27.14 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:27.14,28.12 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:30.3,30.28 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:30.28,33.4 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:35.2,35.21 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:35.21,37.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:40.2,42.20 3 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:42.20,44.17 2 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:44.17,46.4 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:47.3,47.34 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:47.34,49.4 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:50.8,50.36 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:50.36,52.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:57.2,58.29 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:58.29,60.9 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:60.9,62.4 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:66.2,66.28 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:66.28,69.31 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:69.31,71.48 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:71.48,74.5 2 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:75.9,78.4 2 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:81.2,81.32 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:81.32,83.3 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:86.2,86.76 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:86.76,88.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:91.2,92.35 2 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:92.35,94.3 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:95.2,95.76 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:95.76,97.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:98.2,98.18 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:106.73,108.42 2 4
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:108.42,110.3 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:113.2,114.20 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:114.20,116.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:118.2,119.32 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:119.32,120.43 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:120.43,123.34 3 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:123.34,125.5 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:127.4,127.24 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:130.2,130.22 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:19.78,31.16 3 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:31.16,34.14 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:34.14,36.4 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:37.3,37.44 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:39.2,39.23 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:47.79,50.16 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:50.16,52.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:53.2,55.15 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:55.15,57.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:60.2,60.87 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:60.87,62.32 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:62.32,64.4 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:67.2,67.26 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:67.26,69.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:70.2,70.33 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:73.66,76.16 3 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:76.16,78.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:79.2,79.23 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:82.36,84.31 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:84.31,87.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:88.2,88.62 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:88.62,90.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:92.2,93.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:93.16,95.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:96.2,96.44 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:99.85,101.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:101.16,103.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:104.2,104.17 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:111.66,113.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:113.16,115.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:116.2,116.50 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:119.109,125.16 5 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:125.16,127.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:129.2,131.46 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:131.46,135.50 3 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:135.50,136.176 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:136.176,138.13 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:142.3,145.14 3 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:145.14,148.4 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:151.2,151.13 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:151.13,152.93 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:152.93,154.4 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:157.2,157.29 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:160.83,165.16 4 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:165.16,167.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:169.2,171.21 3 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:171.21,173.44 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:173.44,174.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:176.3,177.22 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:177.22,178.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:180.3,180.62 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:182.2,182.38 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:182.38,184.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:186.2,186.24 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:186.24,188.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:190.2,192.29 3 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:192.29,194.3 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:195.2,195.26 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:198.111,203.16 4 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:203.16,205.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:206.2,206.30 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:206.30,208.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:210.2,211.29 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:211.29,214.3 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:216.2,219.21 4 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:219.21,221.44 2 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:221.44,223.12 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:226.3,227.22 2 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:227.22,229.12 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:232.3,233.35 2 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:233.35,235.12 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:238.3,238.38 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:240.2,240.38 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:240.38,242.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:244.2,244.13 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:244.13,246.20 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:246.20,248.4 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:249.3,249.80 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:249.80,251.4 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:254.2,254.26 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:257.47,259.16 2 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:259.16,260.25 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:260.25,262.4 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:263.3,263.57 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:265.2,265.18 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:268.62,271.21 3 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:271.21,273.44 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:273.44,274.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:276.3,277.22 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:277.22,278.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:280.3,280.47 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:282.2,282.14 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:285.94,286.12 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:286.12,288.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:290.2,291.23 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:291.23,293.22 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:293.22,296.24 3 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:296.24,298.40 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:298.40,301.14 3 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:304.4,304.33 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:306.3,306.39 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:306.39,308.4 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:311.2,311.34 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:311.34,313.3 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:315.2,316.19 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:316.19,318.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:319.2,319.79 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:319.79,321.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:322.2,322.12 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:325.43,327.2 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:329.44,331.2 1 8
-github.com/calypr/git-drs/internal/lfs/helpers.go:338.41,340.31 2 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:340.31,342.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:342.8,344.3 1 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:346.2,346.44 1 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:346.44,348.3 1 10
-github.com/calypr/git-drs/internal/lfs/helpers.go:350.2,350.16 1 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:353.49,356.44 2 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:356.44,358.3 1 14
-github.com/calypr/git-drs/internal/lfs/helpers.go:360.2,360.31 1 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:360.31,362.3 1 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:364.2,364.18 1 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:367.74,369.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:369.16,371.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:373.2,374.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:374.16,376.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:378.2,380.16 3 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:380.16,382.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:384.2,384.21 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:387.67,389.16 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:389.16,391.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:392.2,393.15 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:393.15,395.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:397.2,397.26 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:397.26,399.17 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:399.17,401.4 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:403.2,403.17 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:408.73,410.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:410.16,412.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:413.2,414.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:414.16,416.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:417.2,417.19 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:417.19,419.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:420.2,420.35 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:26.111,27.41 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:27.41,29.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:32.2,44.16 10 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:44.16,46.16 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:46.16,48.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:49.3,49.67 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:51.2,51.17 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:54.134,55.19 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:55.19,57.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:58.2,59.16 2 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:59.16,61.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:63.2,63.25 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:63.25,65.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:66.2,66.29 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:66.29,68.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:68.8,70.3 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:71.2,77.27 5 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:77.27,78.80 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:78.80,80.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:83.2,83.24 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:86.126,88.16 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:88.16,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:92.2,93.32 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:93.32,95.18 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:95.18,96.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:99.3,100.17 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:100.17,102.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:105.3,106.17 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:106.17,108.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:111.3,112.10 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:112.10,113.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:116.3,123.4 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:126.2,126.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:129.89,135.34 6 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:135.34,137.16 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:137.16,139.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:140.3,140.35 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:142.2,142.29 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:145.61,147.13 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:147.13,149.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:151.2,152.19 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:152.19,154.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:155.2,155.23 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:155.23,157.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:159.2,161.29 3 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:161.29,163.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:164.2,164.23 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:174.57,178.86 3 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:178.86,180.17 2 14
-github.com/calypr/git-drs/internal/lfs/lfs.go:180.17,181.12 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:183.3,183.42 1 11
-github.com/calypr/git-drs/internal/lfs/lfs.go:183.42,185.12 2 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:187.3,187.38 1 8
-github.com/calypr/git-drs/internal/lfs/lfs.go:187.38,190.23 3 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:190.23,192.5 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:193.4,195.12 3 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:197.3,197.39 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:197.39,200.28 3 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:200.28,202.5 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:203.4,203.15 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:207.2,207.55 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:207.55,209.3 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:210.2,210.59 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:210.59,212.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:214.2,214.16 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:217.44,218.24 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:218.24,220.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:221.2,223.34 3 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:223.34,225.19 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:225.19,226.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:228.3,229.62 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:229.62,231.4 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:232.3,232.29 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:232.29,233.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:235.3,236.27 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:238.2,238.20 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:238.20,240.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:241.2,241.13 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:244.108,246.34 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:246.34,249.3 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:252.2,254.75 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:254.75,256.17 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:256.17,257.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:259.3,260.21 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:260.21,261.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:264.3,266.27 3 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:266.27,267.31 1 9
-github.com/calypr/git-drs/internal/lfs/lfs.go:267.31,270.10 3 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:273.3,273.16 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:273.16,275.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:279.3,280.48 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:280.48,282.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:283.3,283.44 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:283.44,285.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:286.3,289.17 4 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:289.17,291.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:296.3,296.33 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:296.33,298.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:302.3,302.124 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:302.124,304.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:308.3,308.86 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:308.86,310.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:311.3,313.45 3 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:313.45,315.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:316.3,316.48 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:316.48,318.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:318.9,320.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:323.3,326.30 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:326.30,327.61 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:327.61,329.112 2 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:329.112,331.6 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:335.3,342.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:345.2,345.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:349.67,352.18 3 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:352.18,354.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:357.2,363.16 5 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:363.16,365.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:367.2,367.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:15.46,16.16 1 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:16.16,18.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:21.2,35.34 6 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:35.34,37.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:44.2,45.21 2 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:45.21,47.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:49.2,50.28 2 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:71.66,75.16 3 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:75.16,78.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:81.2,81.46 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:81.46,83.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:86.2,88.16 3 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:88.16,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:93.2,93.28 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:93.28,95.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:97.2,97.36 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:13.56,15.13 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:15.13,17.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:18.2,19.39 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:22.73,24.13 2 3
-github.com/calypr/git-drs/internal/lfs/sentinel.go:24.13,26.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:27.2,27.108 1 3
-github.com/calypr/git-drs/internal/lfs/sentinel.go:30.46,32.2 1 3
-github.com/calypr/git-drs/internal/lfs/sentinel.go:34.56,36.16 2 1
-github.com/calypr/git-drs/internal/lfs/sentinel.go:36.16,38.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:39.2,43.26 4 1
-github.com/calypr/git-drs/internal/lfs/sentinel.go:43.26,45.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:46.2,46.44 1 1
-github.com/calypr/git-drs/internal/lfs/sentinel.go:49.107,51.66 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:51.66,53.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:54.2,55.16 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:55.16,57.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:58.2,58.62 1 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:58.62,60.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:61.2,61.21 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:21.144,23.16 2 4
-github.com/calypr/git-drs/internal/lfs/smudge.go:23.16,25.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:27.2,28.9 2 4
-github.com/calypr/git-drs/internal/lfs/smudge.go:28.9,30.17 2 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:30.17,32.4 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:33.3,33.13 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:36.2,36.19 1 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:36.19,38.3 1 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:40.2,41.16 2 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:41.16,43.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:45.2,46.16 2 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:46.16,48.3 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:49.2,49.37 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:49.37,51.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:53.2,53.21 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:53.21,56.20 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:56.20,58.4 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:59.3,60.13 2 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:63.2,63.68 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:63.68,65.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:67.2,67.54 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:67.54,69.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:71.2,71.59 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:71.59,73.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:75.2,75.12 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:78.59,80.16 2 4
-github.com/calypr/git-drs/internal/lfs/smudge.go:80.16,82.3 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:83.2,86.12 3 2
-github.com/calypr/git-drs/internal/lfs/store.go:27.72,32.2 1 12
-github.com/calypr/git-drs/internal/lfs/store.go:34.62,37.2 2 7
-github.com/calypr/git-drs/internal/lfs/store.go:39.79,42.2 2 2
-github.com/calypr/git-drs/internal/lfs/store.go:44.73,47.2 2 2
-github.com/calypr/git-drs/internal/lfs/store.go:49.62,54.20 2 13
-github.com/calypr/git-drs/internal/lfs/store.go:54.20,56.3 1 1
-github.com/calypr/git-drs/internal/lfs/store.go:58.2,58.63 1 12
-github.com/calypr/git-drs/internal/lfs/store.go:61.79,63.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:63.16,65.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:67.2,68.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:68.16,70.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:71.2,71.68 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:71.68,73.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:75.2,75.68 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:75.68,77.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:78.2,78.12 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:81.73,83.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:83.16,85.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:87.2,88.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:88.16,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:92.2,93.79 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:93.79,95.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:97.2,97.24 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:101.71,105.55 3 0
-github.com/calypr/git-drs/internal/lfs/store.go:105.55,107.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:108.2,108.88 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:108.88,109.17 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:109.17,111.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:112.3,112.19 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:112.19,114.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:115.3,116.17 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:116.17,118.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:119.3,120.22 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:120.22,123.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:124.3,128.13 3 0
-github.com/calypr/git-drs/internal/lfs/store.go:130.2,130.16 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:130.16,132.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:133.2,134.21 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:137.82,140.55 3 0
-github.com/calypr/git-drs/internal/lfs/store.go:140.55,143.3 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:145.2,145.88 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:145.88,146.17 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:146.17,149.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:150.3,150.19 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:150.19,152.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:153.3,154.17 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:154.17,156.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:157.3,158.22 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:158.22,161.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:162.3,163.17 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:163.17,166.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:167.3,168.73 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:168.73,171.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:174.3,175.25 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:175.25,177.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:179.3,180.13 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:182.2,182.16 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:182.16,184.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:185.2,186.21 2 0
-github.com/calypr/git-drs/internal/lfs/util.go:16.32,18.16 2 1
-github.com/calypr/git-drs/internal/lfs/util.go:18.16,20.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:21.2,21.56 1 1
-github.com/calypr/git-drs/internal/lfs/util.go:29.74,31.16 2 3
-github.com/calypr/git-drs/internal/lfs/util.go:31.16,33.3 1 2
-github.com/calypr/git-drs/internal/lfs/util.go:34.2,36.16 3 1
-github.com/calypr/git-drs/internal/lfs/util.go:36.16,38.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:39.2,40.16 2 1
-github.com/calypr/git-drs/internal/lfs/util.go:40.16,42.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:43.2,43.34 1 1
-github.com/calypr/git-drs/internal/lfs/util.go:46.38,48.16 2 1
-github.com/calypr/git-drs/internal/lfs/util.go:48.16,50.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:51.2,52.43 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:32.46,33.16 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:33.16,35.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:37.2,41.34 5 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:41.34,43.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:45.2,46.21 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:46.21,48.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:49.2,49.59 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:52.134,53.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:53.19,55.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:56.2,57.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:57.16,59.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:61.2,61.25 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:61.25,63.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:64.2,64.29 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:64.29,66.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:66.8,68.3 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:69.2,75.27 5 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:75.27,76.80 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:76.80,78.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:81.2,81.24 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:86.93,87.19 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:87.19,89.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:90.2,91.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:91.16,93.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:95.2,98.27 4 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:98.27,100.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:100.16,101.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:103.3,103.29 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:103.29,104.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:106.3,107.80 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:107.80,109.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:111.2,111.24 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:117.79,118.19 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:118.19,120.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:121.2,122.16 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:122.16,124.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:125.2,128.16 4 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:128.16,130.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:131.2,132.29 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:132.29,134.17 2 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:134.17,135.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:137.3,138.10 2 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:138.10,139.12 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:141.3,148.4 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:150.2,150.19 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:157.78,158.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:158.19,160.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:161.2,162.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:162.16,164.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:165.2,168.16 4 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:168.16,170.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:171.2,172.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:172.16,174.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:175.2,176.31 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:176.31,177.61 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:177.61,179.12 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:181.3,181.63 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:181.63,183.4 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:185.2,185.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:188.126,190.16 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:190.16,192.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:193.2,193.29 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:193.29,195.17 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:195.17,197.12 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:200.3,201.10 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:201.10,202.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:205.3,212.4 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:215.2,215.12 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:218.86,220.16 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:220.16,222.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:223.2,225.28 3 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:225.28,227.18 2 9
+github.com/calypr/git-drs/internal/lfs/inventory.go:227.18,228.12 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:230.3,230.31 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:232.2,232.19 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:235.99,236.21 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:236.21,238.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:240.2,246.34 7 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:246.34,248.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:248.16,250.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:251.3,251.59 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:254.2,256.37 3 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:256.37,260.37 4 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:260.37,261.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:263.3,263.29 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:263.29,265.4 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:267.2,267.22 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:270.41,271.34 1 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:272.20,273.14 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:274.10,275.15 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:279.72,281.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:281.16,283.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:284.2,285.9 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:285.9,287.3 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:288.2,295.9 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:298.90,300.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:300.16,302.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:303.2,304.9 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:304.9,306.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:307.2,314.9 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:317.83,324.16 7 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:324.16,326.58 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:326.58,328.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:329.3,330.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:330.16,332.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:333.3,333.36 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:336.2,339.28 4 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:339.28,341.18 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:341.18,342.12 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:344.3,345.38 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:345.38,347.4 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:348.3,348.30 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:350.2,350.19 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:353.89,359.34 6 7
+github.com/calypr/git-drs/internal/lfs/inventory.go:359.34,361.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:361.16,363.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:364.3,364.35 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:366.2,366.29 1 7
+github.com/calypr/git-drs/internal/lfs/inventory.go:376.57,380.86 3 9
+github.com/calypr/git-drs/internal/lfs/inventory.go:380.86,382.17 2 24
+github.com/calypr/git-drs/internal/lfs/inventory.go:382.17,383.12 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:385.3,385.42 1 19
+github.com/calypr/git-drs/internal/lfs/inventory.go:385.42,387.12 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:389.3,389.38 1 14
+github.com/calypr/git-drs/internal/lfs/inventory.go:389.38,392.23 3 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:392.23,394.5 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:395.4,397.12 3 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:399.3,399.39 1 9
+github.com/calypr/git-drs/internal/lfs/inventory.go:399.39,402.28 3 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:402.28,404.5 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:405.4,405.15 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:409.2,409.55 1 9
+github.com/calypr/git-drs/internal/lfs/inventory.go:409.55,411.3 1 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:412.2,412.59 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:412.59,414.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:416.2,416.16 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:421.69,423.9 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:423.9,425.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:426.2,426.40 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:429.44,430.24 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:430.24,432.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:433.2,435.34 3 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:435.34,437.19 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:437.19,438.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:440.3,441.62 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:441.62,443.4 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:444.3,444.29 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:444.29,445.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:447.3,448.27 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:450.2,450.20 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:450.20,452.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:453.2,453.13 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:457.67,460.18 3 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:460.18,462.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:465.2,471.16 5 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:471.16,473.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:475.2,475.12 1 0
+github.com/calypr/git-drs/internal/lfs/object_path.go:10.62,12.20 2 1
+github.com/calypr/git-drs/internal/lfs/object_path.go:12.20,14.3 1 1
+github.com/calypr/git-drs/internal/lfs/object_path.go:16.2,16.61 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:15.78,18.16 3 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:18.16,20.14 2 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:20.14,22.4 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:23.3,23.44 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:25.2,25.23 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:31.79,33.16 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:33.16,35.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:36.2,38.15 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:38.15,40.3 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:42.2,42.87 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:42.87,44.32 2 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:44.32,46.4 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:49.2,49.26 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:49.26,51.3 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:52.2,52.33 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:55.66,58.16 3 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:61.2,61.23 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:64.36,65.31 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:65.31,67.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:68.2,68.62 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:68.62,70.3 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:71.2,72.16 2 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:72.16,74.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:75.2,75.44 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:78.67,80.16 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:80.16,82.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:83.2,84.15 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:84.15,86.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:87.2,87.26 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:87.26,89.17 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:89.17,91.4 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:93.2,93.17 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:97.73,99.16 2 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:99.16,101.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:102.2,103.16 2 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:103.16,105.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:106.2,106.19 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:106.19,108.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:109.2,109.35 1 0
diff --git a/coverage/summary.txt b/coverage/summary.txt
index bca1b049..4e2419ef 100644
--- a/coverage/summary.txt
+++ b/coverage/summary.txt
@@ -1,322 +1,398 @@
-github.com/calypr/git-drs/cmd/addref/add-ref.go:61:			init					100.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:42:			updatePrecommitCache			69.6%
-github.com/calypr/git-drs/cmd/addurl/cache.go:97:			ensureCacheDirs				63.6%
-github.com/calypr/git-drs/cmd/addurl/cache.go:120:			repoRelativePath			70.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:152:			cachePathEntryFile			100.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:159:			cacheOIDEntryFile			100.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:167:			readPathEntry				77.8%
-github.com/calypr/git-drs/cmd/addurl/cache.go:185:			readOIDEntry				80.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:208:			upsertOIDEntry				82.4%
-github.com/calypr/git-drs/cmd/addurl/cache.go:237:			removePathFromOID			78.6%
-github.com/calypr/git-drs/cmd/addurl/cache.go:260:			sortedKeys				100.0%
-github.com/calypr/git-drs/cmd/addurl/io.go:17:				writePointerFile			69.2%
-github.com/calypr/git-drs/cmd/addurl/io.go:45:				maybeTrackLFS				28.6%
-github.com/calypr/git-drs/cmd/addurl/io.go:61:				printResolvedInfo			66.7%
-github.com/calypr/git-drs/cmd/addurl/io.go:106:				writeJSONAtomic				70.0%
-github.com/calypr/git-drs/cmd/addurl/main.go:13:			NewCommand				50.0%
-github.com/calypr/git-drs/cmd/addurl/main.go:30:			addFlags				100.0%
-github.com/calypr/git-drs/cmd/addurl/main.go:39:			runAddURL				0.0%
-github.com/calypr/git-drs/cmd/addurl/params.go:23:			parseAddURLInput			75.0%
-github.com/calypr/git-drs/cmd/addurl/params.go:54:			resolvePathArg				66.7%
-github.com/calypr/git-drs/cmd/addurl/params.go:65:			firstNonEmpty				100.0%
-github.com/calypr/git-drs/cmd/addurl/scope.go:10:			resolveTargetScope			75.0%
-github.com/calypr/git-drs/cmd/addurl/service.go:31:			NewAddURLService			100.0%
-github.com/calypr/git-drs/cmd/addurl/service.go:46:			Run					68.8%
-github.com/calypr/git-drs/cmd/addurl/service.go:138:			ensureLFSObject				66.7%
-github.com/calypr/git-drs/cmd/bucket/main.go:53:			normalizeStoragePath			78.6%
-github.com/calypr/git-drs/cmd/bucket/main.go:77:			bucketFromStoragePath			77.8%
-github.com/calypr/git-drs/cmd/bucket/main.go:178:			addScope				0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:228:			resolveEndpointAndToken			0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:285:			upsertServerBucket			0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:321:			addServerBucketScope			0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:357:			init					100.0%
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:103:		readCredentialRequest			93.8%
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:129:		resolveRemote				0.0%
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:149:		requestMatchesEndpointHost		75.0%
-github.com/calypr/git-drs/cmd/delete/main.go:100:			init					100.0%
-github.com/calypr/git-drs/cmd/deleteproject/main.go:110:		init					100.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:95:			initGitConfig				75.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:115:			init					100.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:122:			installPrePushHook			75.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:178:			installPreCommitHook			77.8%
-github.com/calypr/git-drs/cmd/install/main.go:17:			NewCommand				66.7%
-github.com/calypr/git-drs/cmd/install/main.go:36:			installGlobalFilterConfig		100.0%
-github.com/calypr/git-drs/cmd/install/main.go:56:			defaultGitConfigRunner			0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:81:			main					0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:91:			run					0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:187:			handleUpsert				65.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:233:			handleDelete				0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:272:			stagedChanges				0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:310:			stagedLFSOID				91.3%
-github.com/calypr/git-drs/cmd/precommit/main.go:352:			gitRevParseGitDir			0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:373:			git					63.6%
-github.com/calypr/git-drs/cmd/precommit/main.go:392:			pathEntryFile				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:396:			encodePath				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:401:			oidEntryFile				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:414:			oidAddOrReplacePath			75.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:447:			oidRemovePath				0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:475:			keysSorted				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:486:			writeJSONAtomic				61.9%
-github.com/calypr/git-drs/cmd/precommit/main.go:516:			moveFileBestEffort			0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:48:			NewPrePushService			0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:57:			Run					0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:183:			toMetadataCandidate			47.2%
-github.com/calypr/git-drs/cmd/prepush/main.go:255:			submitPendingLFSMeta			80.5%
-github.com/calypr/git-drs/cmd/prepush/main.go:323:			resolveRemoteAuthHeader			100.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:337:			parseRemoteArgs				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:358:			bufferStdin				50.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:381:			readPushedRefs				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:413:			branchesFromRefs			0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:432:			openCache				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:449:			collectLfsFiles				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:472:			normalizeCachedOID			100.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:480:			lfsFilesFromCache			69.6%
-github.com/calypr/git-drs/cmd/prepush/main.go:520:			listPushedPaths				86.4%
-github.com/calypr/git-drs/cmd/prepush/main.go:553:			gitOutput				83.3%
-github.com/calypr/git-drs/cmd/prepush/main.go:566:			readPushedBranches			83.3%
-github.com/calypr/git-drs/cmd/pull/main.go:176:				commandMessage				0.0%
-github.com/calypr/git-drs/cmd/pull/main.go:184:				isMissingGitLFS				0.0%
-github.com/calypr/git-drs/cmd/pull/main.go:188:				checkoutDownloadedFiles			0.0%
-github.com/calypr/git-drs/cmd/pull/main.go:212:				buildPullDownloadDebugContext		0.0%
-github.com/calypr/git-drs/cmd/push/main.go:85:				init					100.0%
-github.com/calypr/git-drs/cmd/query/main.go:21:				queryByChecksum				0.0%
-github.com/calypr/git-drs/cmd/query/main.go:29:				checksumTypeForString			100.0%
-github.com/calypr/git-drs/cmd/query/main.go:96:				init					100.0%
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:48:			gen3Init				0.0%
-github.com/calypr/git-drs/cmd/remote/add/init.go:22:			init					100.0%
-github.com/calypr/git-drs/cmd/remote/root.go:14:			init					100.0%
-github.com/calypr/git-drs/cmd/smudge/main.go:34:			runSmudge				65.0%
-github.com/calypr/git-drs/cmd/smudge/main.go:68:			init					0.0%
-github.com/calypr/git-drs/cmd/track/main.go:18:				NewCommand				100.0%
-github.com/calypr/git-drs/cmd/track/main.go:33:				runTrack				77.8%
-github.com/calypr/git-drs/cmd/untrack/main.go:15:			NewCommand				100.0%
-github.com/calypr/git-drs/cmd/untrack/main.go:30:			runUntrack				73.3%
-github.com/calypr/git-drs/cmd/version/main.go:20:			buildVersion				55.6%
-github.com/calypr/git-drs/internal/cloud/inspect.go:65:			InspectObjectForLFS			0.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:112:		openBucketForLocation			0.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:159:		parseObjectLocation			66.7%
-github.com/calypr/git-drs/internal/cloud/inspect.go:249:		buildS3BucketURL			100.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:272:		normalizeCloudBucketURL			33.3%
-github.com/calypr/git-drs/internal/cloud/inspect.go:296:		firstNonEmpty				100.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:312:		normalizeSHA256				87.5%
-github.com/calypr/git-drs/internal/cloud/inspect.go:327:		extractSHA256FromMetadata		83.3%
-github.com/calypr/git-drs/internal/common/common.go:18:			AddUnique				100.0%
-github.com/calypr/git-drs/internal/common/common.go:40:			ProjectToResource			0.0%
-github.com/calypr/git-drs/internal/common/common.go:58:			ParseOrgProject				87.5%
-github.com/calypr/git-drs/internal/common/common.go:74:			AuthzMapFromOrgProject			100.0%
-github.com/calypr/git-drs/internal/common/common.go:88:			AuthzMatchesScope			90.9%
-github.com/calypr/git-drs/internal/common/common.go:108:		CalculateFileSHA256			87.5%
-github.com/calypr/git-drs/internal/common/common.go:123:		NormalizeChecksum			100.0%
-github.com/calypr/git-drs/internal/common/common.go:129:		NormalizeOid				0.0%
-github.com/calypr/git-drs/internal/common/common.go:133:		StoragePrefix				0.0%
-github.com/calypr/git-drs/internal/common/common.go:148:		NewObjectBuilder			0.0%
-github.com/calypr/git-drs/internal/common/common.go:152:		Build					0.0%
-github.com/calypr/git-drs/internal/common/common.go:157:		BuildDrsObjWithPrefix			0.0%
-github.com/calypr/git-drs/internal/common/common.go:166:		ConvertToCandidate			0.0%
-github.com/calypr/git-drs/internal/common/common.go:192:		BuildDrsObjWithOptions			81.2%
-github.com/calypr/git-drs/internal/common/common.go:234:		BuildAccessURL				60.0%
-github.com/calypr/git-drs/internal/common/common.go:274:		schemeFromProvider			40.0%
-github.com/calypr/git-drs/internal/common/common.go:287:		accessMethodTypeForScheme		50.0%
-github.com/calypr/git-drs/internal/common/common.go:299:		PrintDRSObject				0.0%
-github.com/calypr/git-drs/internal/common/confirmation.go:14:		PromptForConfirmation			91.7%
-github.com/calypr/git-drs/internal/common/confirmation.go:37:		DisplayWarningHeader			100.0%
-github.com/calypr/git-drs/internal/common/confirmation.go:42:		DisplayField				100.0%
-github.com/calypr/git-drs/internal/common/confirmation.go:47:		DisplayFooter				100.0%
-github.com/calypr/git-drs/internal/common/jwt.go:10:			ParseEmailFromToken			100.0%
-github.com/calypr/git-drs/internal/common/jwt.go:31:			ParseAPIEndpointFromToken		90.9%
-github.com/calypr/git-drs/internal/config/config.go:31:			AllRemoteTypes				100.0%
-github.com/calypr/git-drs/internal/config/config.go:35:			IsValidRemoteType			100.0%
-github.com/calypr/git-drs/internal/config/config.go:56:			GetRemoteClient				36.4%
-github.com/calypr/git-drs/internal/config/config.go:76:			GetRemote				62.5%
-github.com/calypr/git-drs/internal/config/config.go:90:			GetDefaultRemote			60.0%
-github.com/calypr/git-drs/internal/config/config.go:116:		GetRemoteOrDefault			100.0%
-github.com/calypr/git-drs/internal/config/config.go:124:		listRemoteNames				0.0%
-github.com/calypr/git-drs/internal/config/config.go:133:		getRepo					100.0%
-github.com/calypr/git-drs/internal/config/config.go:137:		ConfigPath				0.0%
-github.com/calypr/git-drs/internal/config/config.go:147:		UpdateRemote				74.3%
-github.com/calypr/git-drs/internal/config/config.go:205:		parseAndAddRemote			88.9%
-github.com/calypr/git-drs/internal/config/config.go:235:		LoadConfig				83.3%
-github.com/calypr/git-drs/internal/config/config.go:282:		CreateEmptyConfig			100.0%
-github.com/calypr/git-drs/internal/config/config.go:290:		GetProjectId				0.0%
-github.com/calypr/git-drs/internal/config/config.go:303:		SaveConfig				77.8%
-github.com/calypr/git-drs/internal/config/config.go:323:		getConfigPath				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:54:			GetProjectId				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:55:			GetOrganization				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:56:			GetEndpoint				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:57:			GetBucketName				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:58:			GetStoragePrefix			0.0%
-github.com/calypr/git-drs/internal/config/remote.go:60:			GetClient				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:82:			GetProjectId				100.0%
-github.com/calypr/git-drs/internal/config/remote.go:89:			GetOrganization				100.0%
-github.com/calypr/git-drs/internal/config/remote.go:90:			GetEndpoint				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:91:			GetBucketName				100.0%
-github.com/calypr/git-drs/internal/config/remote.go:92:			GetStoragePrefix			100.0%
-github.com/calypr/git-drs/internal/config/remote.go:94:			GetClient				84.6%
-github.com/calypr/git-drs/internal/config/remote.go:147:		newGitContext				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:199:		localRemoteFromGen3			0.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:50:			init					50.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:65:			TraceEnabled				100.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:95:			NewLogger				84.2%
-github.com/calypr/git-drs/internal/drslog/logger.go:144:		GetLogger				75.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:165:		Close					85.7%
-github.com/calypr/git-drs/internal/drslog/logger.go:188:		NewNoOpLogger				100.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:206:		resolveLogLevel				66.7%
-github.com/calypr/git-drs/internal/drslog/logger.go:235:		readLogLevelFromGitConfig		42.9%
-github.com/calypr/git-drs/internal/drslog/logger.go:259:		parseLogLevel				0.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:288:		replaceSourceAttr			87.5%
-github.com/calypr/git-drs/internal/drslog/logger.go:323:		formatSourcePath			76.5%
-github.com/calypr/git-drs/internal/drslog/logger.go:361:		modulePathSuffix			100.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:387:		repoRootPath				85.7%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:15:		ObjectsByHash				0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:34:		ObjectsByHashForScope			0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:48:		AccessURLForHashScope			0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:71:		BulkAccessURLsForObjects		76.2%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:121:		firstAccessID				66.7%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:132:		stringPtrValue				66.7%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:139:		MatchesScope				0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:154:		normalizeChecksum			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:31:		PushLocalDrsObjects			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:41:		SyncObjectsWithServer			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:112:		SyncFilesWithServer			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:123:		PullRemoteDrsObjects			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:156:		UpdateDrsObjects			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:180:		UpdateDrsObjectsWithFiles		0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:287:		WriteDrsFile				47.6%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:339:		WriteDrsObj				100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:344:		DrsUUID					100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:354:		DrsInfoFromOid				100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:358:		GetObjectPath				100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:365:		CreateCustomPath			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:390:		FindMatchingRecord			78.6%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:427:		RunLfsPushDryRun			0.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:16:		normalizeBucketMapKeyPart		100.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:24:		orgBucketKey				100.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:28:		projectBucketKey			100.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:32:		SetBucketMapping			87.5%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:68:		GetBucketMapping			77.3%
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:16:		ResolveBucketScope			63.3%
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:77:		getExactBucketMapping			76.9%
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:100:		joinBucketPrefixes			100.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:10:		remoteTokenKey				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:14:		remoteUsernameKey			100.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:18:		remotePasswordKey			100.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:22:		remoteLFSURL				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:31:		GetRemoteToken				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:36:		SetRemoteToken				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:47:		GetRemoteBasicAuth			71.4%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:59:		SetRemoteBasicAuth			62.5%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:83:		ConfigureCredentialHelperForRepo	0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:104:		containsOption				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:114:		SetRemoteLFSURL				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:14:			DrsTopLevel				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:23:			GetRepo					75.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:32:			GitTopLevel				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:46:			GetGitConfigString			100.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:57:			GetGitConfigInt				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:70:			GetGitConfigBool			0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:82:			SetGitConfigOptions			81.2%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:110:			UnsetGitConfigOptions			100.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:122:			GetGitHooksDir				71.4%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:137:			AddFile					0.0%
-github.com/calypr/git-drs/internal/lfs/clean.go:26:			ParseLFSPointer				91.7%
-github.com/calypr/git-drs/internal/lfs/clean.go:49:			WriteDrsMap				100.0%
-github.com/calypr/git-drs/internal/lfs/clean.go:76:			CleanContent				51.2%
-github.com/calypr/git-drs/internal/lfs/download.go:24:			DownloadToCachePath			0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:42:			DownloadResolvedToCachePath		0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:69:			newScopedBackend			0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:87:			newScopedBackendFromResolved		0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:99:			Name					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:101:			Logger					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:103:			Validate				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:107:			Stat					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:119:			GetReader				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:123:			GetRangeReader				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:131:			GetWriter				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:135:			Upload					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:139:			MultipartInit				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:143:			MultipartPart				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:147:			MultipartComplete			0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:151:			Delete					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:155:			download				0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:56:			NewGitFilter				100.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:65:			OnSmudge				100.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:71:			OnClean					0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:78:			Run					63.6%
-github.com/calypr/git-drs/internal/lfs/filter.go:116:			handshake				60.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:152:			processOne				68.4%
-github.com/calypr/git-drs/internal/lfs/filter.go:187:			handleSmudge				66.7%
-github.com/calypr/git-drs/internal/lfs/filter.go:199:			handleClean				0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:212:			passthroughSmudge			0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:217:			passthroughClean			0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:230:			writeSuccessResponse			66.7%
-github.com/calypr/git-drs/internal/lfs/filter.go:255:			readRequest				100.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:277:			readContent				100.0%
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:16:		UpsertDRSRouteLines			85.1%
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:106:		parseRouteLine				80.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:19:			runGitAllowMissing			87.5%
-github.com/calypr/git-drs/internal/lfs/helpers.go:47:			resolveLFSRoot				92.3%
-github.com/calypr/git-drs/internal/lfs/helpers.go:73:			runGit					80.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:82:			userHomeDir				37.5%
-github.com/calypr/git-drs/internal/lfs/helpers.go:99:			GetGitAttribute				0.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:111:			GitLFSTrack				0.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:119:			GitLFSTrackPatterns			69.6%
-github.com/calypr/git-drs/internal/lfs/helpers.go:160:			GitLFSListTrackedPatterns		79.2%
-github.com/calypr/git-drs/internal/lfs/helpers.go:198:			GitLFSUntrackPatterns			78.4%
-github.com/calypr/git-drs/internal/lfs/helpers.go:257:			readLocalGitAttributes			83.3%
-github.com/calypr/git-drs/internal/lfs/helpers.go:268:			parseKnownLFSPatterns			36.4%
-github.com/calypr/git-drs/internal/lfs/helpers.go:285:			writeMergedGitAttributes		40.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:325:			cleanRootPath				100.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:329:			trimCurrentPrefix			100.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:338:			escapeAttrPattern			85.7%
-github.com/calypr/git-drs/internal/lfs/helpers.go:353:			unescapeAttrPattern			100.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:367:			GitLFSTrackReadOnly			0.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:387:			gitRevParseGitCommonDir			81.8%
-github.com/calypr/git-drs/internal/lfs/helpers.go:408:			GetGitRootDirectories			0.0%
-github.com/calypr/git-drs/internal/lfs/lfs.go:26:			RunPushDryRun				0.0%
-github.com/calypr/git-drs/internal/lfs/lfs.go:54:			GetAllLfsFiles				72.2%
-github.com/calypr/git-drs/internal/lfs/lfs.go:86:			addFilesFromRef				76.2%
-github.com/calypr/git-drs/internal/lfs/lfs.go:129:			runGitCommand				63.6%
-github.com/calypr/git-drs/internal/lfs/lfs.go:145:			parseLsTreeEntry			69.2%
-github.com/calypr/git-drs/internal/lfs/lfs.go:174:			parseLFSPointer				89.3%
-github.com/calypr/git-drs/internal/lfs/lfs.go:217:			buildRefs				77.8%
-github.com/calypr/git-drs/internal/lfs/lfs.go:244:			addFilesFromDryRun			71.4%
-github.com/calypr/git-drs/internal/lfs/lfs.go:349:			CreateLfsPointer			0.0%
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:15:		IsLFSTracked				78.6%
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:71:		CheckIfLfsFile				0.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:13:			SyntheticOIDFromETag			80.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:22:			BuildAddURLSentinel			75.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:30:			IsAddURLSentinelBytes			100.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:34:			IsAddURLSentinelObject			77.8%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:49:			WriteAddURLSentinelObject		66.7%
-github.com/calypr/git-drs/internal/lfs/smudge.go:21:			SmudgeContent				77.4%
-github.com/calypr/git-drs/internal/lfs/smudge.go:78:			copyObjectToWriter			100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:27:			NewObjectStore				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:34:			ObjectPath				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:39:			WriteObject				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:44:			ReadObject				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:49:			ObjectPath				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:61:			WriteObject				63.6%
-github.com/calypr/git-drs/internal/lfs/store.go:81:			ReadObject				70.0%
-github.com/calypr/git-drs/internal/lfs/store.go:101:			GetPendingObjects			0.0%
-github.com/calypr/git-drs/internal/lfs/store.go:137:			GetDrsLfsObjects			0.0%
-github.com/calypr/git-drs/internal/lfs/util.go:16:			BaseDir					75.0%
-github.com/calypr/git-drs/internal/lfs/util.go:29:			call					81.8%
-github.com/calypr/git-drs/internal/lfs/util.go:46:			ObjectWalk				80.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:59:	Open					80.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:81:	LookupOIDByPath				66.7%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:95:	LookupPathsByOID			0.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:107:	LookupExternalURLByOID			71.4%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:122:	ResolveExternalURLByPath		75.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:137:	ReadPathEntry				60.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:156:	ReadOIDEntry				60.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:179:	CheckExternalURLMismatch		100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:196:	StaleAfter				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:210:	pathEntryFile				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:216:	oidEntryFile				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:223:	EncodePath				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:229:	DecodePath				75.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:244:	gitRevParseGitDir			76.9%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:266:	git					83.3%
-github.com/calypr/git-drs/internal/version/version.go:22:		String					100.0%
-github.com/calypr/git-drs/internal/version/version.go:27:		LogFields				100.0%
-total:									(statements)				50.5%
+github.com/calypr/git-drs/cmd/addref/add-ref.go:61:			init						100.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:42:			updatePrecommitCache				69.6%
+github.com/calypr/git-drs/cmd/addurl/cache.go:97:			ensureCacheDirs					63.6%
+github.com/calypr/git-drs/cmd/addurl/cache.go:120:			repoRelativePath				70.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:152:			cachePathEntryFile				100.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:159:			cacheOIDEntryFile				100.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:167:			readPathEntry					77.8%
+github.com/calypr/git-drs/cmd/addurl/cache.go:185:			readOIDEntry					80.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:208:			upsertOIDEntry					82.4%
+github.com/calypr/git-drs/cmd/addurl/cache.go:237:			removePathFromOID				78.6%
+github.com/calypr/git-drs/cmd/addurl/cache.go:260:			sortedKeys					100.0%
+github.com/calypr/git-drs/cmd/addurl/io.go:17:				writePointerFile				69.2%
+github.com/calypr/git-drs/cmd/addurl/io.go:45:				maybeTrackLFS					28.6%
+github.com/calypr/git-drs/cmd/addurl/io.go:61:				printResolvedInfo				66.7%
+github.com/calypr/git-drs/cmd/addurl/io.go:106:				writeJSONAtomic					70.0%
+github.com/calypr/git-drs/cmd/addurl/main.go:13:			NewCommand					50.0%
+github.com/calypr/git-drs/cmd/addurl/main.go:30:			addFlags					100.0%
+github.com/calypr/git-drs/cmd/addurl/main.go:44:			runAddURL					0.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:25:			parseAddURLInput				72.7%
+github.com/calypr/git-drs/cmd/addurl/params.go:52:			resolvePathArg					75.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:66:			buildObjectParameters				100.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:78:			looksLikeCloudURL				75.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:94:			resolveObjectURL				70.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:114:			joinObjectKey					100.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:125:			firstNonEmpty					100.0%
+github.com/calypr/git-drs/cmd/addurl/scope.go:10:			resolveTargetScope				75.0%
+github.com/calypr/git-drs/cmd/addurl/service.go:35:			NewAddURLService				100.0%
+github.com/calypr/git-drs/cmd/addurl/service.go:51:			Run						68.6%
+github.com/calypr/git-drs/cmd/addurl/service.go:150:			writeAddURLDrsObject				63.2%
+github.com/calypr/git-drs/cmd/addurl/service.go:194:			ensureLFSObject					80.0%
+github.com/calypr/git-drs/cmd/addurl/service.go:204:			placeholderOIDForUnknownSHA			87.5%
+github.com/calypr/git-drs/cmd/bucket/main.go:53:			normalizeStoragePath				78.6%
+github.com/calypr/git-drs/cmd/bucket/main.go:77:			bucketFromStoragePath				77.8%
+github.com/calypr/git-drs/cmd/bucket/main.go:178:			addScope					0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:228:			resolveEndpointAndToken				0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:285:			upsertServerBucket				0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:321:			addServerBucketScope				0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:357:			init						100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:111:			init						100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:115:			parseScopeArg					0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:132:			copyProjectRecords				0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:200:			buildMergedBatch				83.3%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:247:			mergeExistingRecord				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:266:			recordResponseToRecord				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:283:			mergeStringLists				81.2%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:308:			mergeAccessMethods				85.7%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:330:			canonicalAccessMethod				75.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:338:			equalStringPointers				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:342:			equalAccessMethodPointers			100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:346:			equalJSON					100.0%
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:103:		readCredentialRequest				93.8%
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:129:		resolveRemote					0.0%
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:149:		requestMatchesEndpointHost			75.0%
+github.com/calypr/git-drs/cmd/delete/main.go:100:			init						100.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:52:			InitializeRepo					70.4%
+github.com/calypr/git-drs/cmd/initialize/main.go:104:			EnsureInitialized				83.3%
+github.com/calypr/git-drs/cmd/initialize/main.go:115:			isInitialized					60.9%
+github.com/calypr/git-drs/cmd/initialize/main.go:155:			hookContains					55.6%
+github.com/calypr/git-drs/cmd/initialize/main.go:170:			initGitConfig					75.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:193:			init						100.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:200:			installPrePushHook				75.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:256:			installPreCommitHook				77.8%
+github.com/calypr/git-drs/cmd/install/main.go:17:			NewCommand					66.7%
+github.com/calypr/git-drs/cmd/install/main.go:36:			installGlobalFilterConfig			100.0%
+github.com/calypr/git-drs/cmd/install/main.go:56:			defaultGitConfigRunner				0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:58:			defaultListRemoteRefs				0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:82:			defaultListGitRemotes				0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:102:			defaultResolveDefaultRemote			0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:125:			collectRows					86.5%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:247:			printRows					63.6%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:284:			shortOID					66.7%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:291:			isLocalized					100.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:300:			validateOutputFlags				80.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:329:			init						100.0%
+github.com/calypr/git-drs/cmd/ping/main.go:56:				resolveStatus					66.7%
+github.com/calypr/git-drs/cmd/ping/main.go:103:				printStatus					100.0%
+github.com/calypr/git-drs/cmd/ping/main.go:118:				authMode					57.1%
+github.com/calypr/git-drs/cmd/ping/main.go:131:				blankIfEmpty					75.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:93:			main						0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:103:			run						36.5%
+github.com/calypr/git-drs/cmd/precommit/main.go:212:			handleUpsert					65.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:258:			handleDelete					0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:297:			stagedChanges					66.7%
+github.com/calypr/git-drs/cmd/precommit/main.go:335:			stagedLFSOID					91.3%
+github.com/calypr/git-drs/cmd/precommit/main.go:377:			stagedBlobSize					71.4%
+github.com/calypr/git-drs/cmd/precommit/main.go:389:			collectOversizedPlainGitStagedFiles		70.4%
+github.com/calypr/git-drs/cmd/precommit/main.go:429:			promptOversizedDirectGitCommit			0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:450:			humanBytes					0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:463:			gitRevParseGitDir				76.9%
+github.com/calypr/git-drs/cmd/precommit/main.go:484:			git						63.6%
+github.com/calypr/git-drs/cmd/precommit/main.go:503:			pathEntryFile					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:507:			encodePath					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:512:			oidEntryFile					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:525:			oidAddOrReplacePath				75.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:558:			oidRemovePath					0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:586:			keysSorted					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:597:			writeJSONAtomic					61.9%
+github.com/calypr/git-drs/cmd/precommit/main.go:627:			moveFileBestEffort				0.0%
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:9:			bufferStdin					50.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:49:			NewPrePushService				0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:58:			Run						0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:192:			toMetadataCandidate				50.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:261:			submitPendingLFSMeta				80.5%
+github.com/calypr/git-drs/cmd/prepush/main.go:329:			resolveRemoteAuthHeader				100.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:343:			parseRemoteArgs					0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:357:			openCache					0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:374:			collectLfsFiles					0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:397:			normalizeCachedOID				100.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:405:			lfsFilesFromCache				69.6%
+github.com/calypr/git-drs/cmd/prepush/main.go:445:			listPushedPaths					86.4%
+github.com/calypr/git-drs/cmd/prepush/main.go:478:			gitOutput					83.3%
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:21:		readPushedRefs					78.6%
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:48:		branchesFromRefs				100.0%
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:67:		drsDeleteRefs					0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:189:				collectPointerFiles				100.0%
+github.com/calypr/git-drs/cmd/pull/main.go:207:				progressContextForPointer			0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:218:				checkoutDownloadedFiles				0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:260:				buildPullDownloadDebugContext			0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:295:				init						100.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:35:			newPullProgressRenderer				100.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:42:			isPullWriterTTY					0.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:46:			render						85.7%
+github.com/calypr/git-drs/cmd/pull/progress.go:58:			OnPlan						100.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:75:			OnDownloadStart					80.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:91:			OnDownloadProgress				81.8%
+github.com/calypr/git-drs/cmd/pull/progress.go:109:			OnCheckoutStart					66.7%
+github.com/calypr/git-drs/cmd/pull/progress.go:124:			OnCompleted					72.7%
+github.com/calypr/git-drs/cmd/pull/progress.go:142:			Finish						80.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:158:			renderLine					100.0%
+github.com/calypr/git-drs/cmd/push/main.go:107:				init						100.0%
+github.com/calypr/git-drs/cmd/push/main.go:112:				currentDeleteRefUpdates				85.7%
+github.com/calypr/git-drs/cmd/push/main.go:127:				gitOutput					0.0%
+github.com/calypr/git-drs/cmd/push/progress.go:27:			newUploadProgressRenderer			100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:34:			render						85.7%
+github.com/calypr/git-drs/cmd/push/progress.go:46:			OnUploadPlan					100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:63:			OnUploadProgress				89.5%
+github.com/calypr/git-drs/cmd/push/progress.go:93:			Finish						80.0%
+github.com/calypr/git-drs/cmd/push/progress.go:109:			HadUploads					100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:113:			renderLine					100.0%
+github.com/calypr/git-drs/cmd/query/main.go:21:				queryByChecksum					0.0%
+github.com/calypr/git-drs/cmd/query/main.go:29:				checksumTypeForString				100.0%
+github.com/calypr/git-drs/cmd/query/main.go:96:				init						100.0%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:52:			gen3Init					0.0%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:168:			parseScopeArg					90.9%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:186:			resolveBucketScopeFromServer			71.4%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:233:			findBucketByResource				88.2%
+github.com/calypr/git-drs/cmd/remote/add/init.go:18:			init						100.0%
+github.com/calypr/git-drs/cmd/remote/add/local.go:86:			resolveBucketScopeFromLocalServer		63.0%
+github.com/calypr/git-drs/cmd/remote/root.go:14:			init						100.0%
+github.com/calypr/git-drs/cmd/rm/main.go:29:				run						82.4%
+github.com/calypr/git-drs/cmd/smudge/main.go:35:			runSmudge					65.0%
+github.com/calypr/git-drs/cmd/smudge/main.go:69:			init						0.0%
+github.com/calypr/git-drs/cmd/track/main.go:18:				NewCommand					100.0%
+github.com/calypr/git-drs/cmd/track/main.go:33:				runTrack					77.8%
+github.com/calypr/git-drs/cmd/untrack/main.go:15:			NewCommand					100.0%
+github.com/calypr/git-drs/cmd/untrack/main.go:30:			runUntrack					73.3%
+github.com/calypr/git-drs/cmd/version/main.go:20:			buildVersion					55.6%
+github.com/calypr/git-drs/internal/common/common.go:18:			ParseOrgProject					87.5%
+github.com/calypr/git-drs/internal/common/common.go:33:			CalculateFileSHA256				87.5%
+github.com/calypr/git-drs/internal/common/common.go:49:			PrintDRSObject					0.0%
+github.com/calypr/git-drs/internal/common/confirmation.go:14:		PromptForConfirmation				91.7%
+github.com/calypr/git-drs/internal/common/confirmation.go:37:		DisplayWarningHeader				100.0%
+github.com/calypr/git-drs/internal/common/confirmation.go:42:		DisplayField					100.0%
+github.com/calypr/git-drs/internal/common/confirmation.go:47:		DisplayFooter					100.0%
+github.com/calypr/git-drs/internal/common/jwt.go:10:			ParseEmailFromToken				100.0%
+github.com/calypr/git-drs/internal/common/jwt.go:31:			ParseAPIEndpointFromToken			90.9%
+github.com/calypr/git-drs/internal/config/config.go:32:			AllRemoteTypes					100.0%
+github.com/calypr/git-drs/internal/config/config.go:36:			IsValidRemoteType				100.0%
+github.com/calypr/git-drs/internal/config/config.go:57:			GetRemoteClient					36.4%
+github.com/calypr/git-drs/internal/config/config.go:77:			GetRemote					62.5%
+github.com/calypr/git-drs/internal/config/config.go:91:			GetDefaultRemote				60.0%
+github.com/calypr/git-drs/internal/config/config.go:117:		GetRemoteOrDefault				100.0%
+github.com/calypr/git-drs/internal/config/config.go:125:		listRemoteNames					0.0%
+github.com/calypr/git-drs/internal/config/config.go:134:		getRepo						100.0%
+github.com/calypr/git-drs/internal/config/config.go:138:		ConfigPath					0.0%
+github.com/calypr/git-drs/internal/config/config.go:148:		UpdateRemote					74.3%
+github.com/calypr/git-drs/internal/config/config.go:206:		parseAndAddRemote				88.9%
+github.com/calypr/git-drs/internal/config/config.go:236:		LoadConfig					83.3%
+github.com/calypr/git-drs/internal/config/config.go:283:		CreateEmptyConfig				100.0%
+github.com/calypr/git-drs/internal/config/config.go:291:		GetProjectId					0.0%
+github.com/calypr/git-drs/internal/config/config.go:304:		SaveConfig					77.8%
+github.com/calypr/git-drs/internal/config/config.go:322:		RemoveRemote					0.0%
+github.com/calypr/git-drs/internal/config/config.go:367:		firstRemote					0.0%
+github.com/calypr/git-drs/internal/config/config.go:382:		getConfigPath					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:54:			GetProjectId					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:55:			GetOrganization					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:56:			GetEndpoint					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:57:			GetBucketName					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:58:			GetStoragePrefix				100.0%
+github.com/calypr/git-drs/internal/config/remote.go:60:			GetClient					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:82:			GetProjectId					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:89:			GetOrganization					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:90:			GetEndpoint					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:91:			GetBucketName					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:92:			GetStoragePrefix				100.0%
+github.com/calypr/git-drs/internal/config/remote.go:94:			GetClient					87.0%
+github.com/calypr/git-drs/internal/config/remote.go:142:		newGitContext					66.7%
+github.com/calypr/git-drs/internal/config/remote.go:189:		localRemoteFromGen3				0.0%
+github.com/calypr/git-drs/internal/config/remote.go:201:		WrapCredentialValidationError			0.0%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:18:		collectDeletedPointers				77.3%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:51:		deletedPaths					0.0%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:60:		gitDeletedPaths					80.0%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:82:		gitPointerOID					77.8%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:96:		isZeroSHA					100.0%
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:11:		collectLivePathsByOID				81.8%
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:27:		ReconcileCommittedDeletes			66.0%
+github.com/calypr/git-drs/internal/drsfilter/clean.go:21:		writeDrsMap					100.0%
+github.com/calypr/git-drs/internal/drsfilter/clean.go:48:		CleanContent					51.2%
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:22:		SmudgeContent					77.4%
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:79:		copyObjectToWriter				100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:50:			init						50.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:65:			TraceEnabled					100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:95:			NewLogger					84.2%
+github.com/calypr/git-drs/internal/drslog/logger.go:144:		GetLogger					75.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:165:		Close						85.7%
+github.com/calypr/git-drs/internal/drslog/logger.go:188:		NewNoOpLogger					100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:206:		resolveLogLevel					66.7%
+github.com/calypr/git-drs/internal/drslog/logger.go:235:		readLogLevelFromGitConfig			42.9%
+github.com/calypr/git-drs/internal/drslog/logger.go:259:		parseLogLevel					0.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:288:		replaceSourceAttr				87.5%
+github.com/calypr/git-drs/internal/drslog/logger.go:323:		formatSourcePath				76.5%
+github.com/calypr/git-drs/internal/drslog/logger.go:361:		modulePathSuffix				100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:387:		repoRootPath					85.7%
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:22:		WriteObjectsForLFSFiles				78.3%
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:104:		ensureControlledAccess				72.7%
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:121:		derefStringSlice				100.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:19:		NormalizeChecksum				100.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:25:		NormalizeOid					0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:38:		NewBuilder					0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:42:		Build						0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:47:		BuildWithPrefix					0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:56:		ConvertToCandidate				0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:83:		BuildWithOptions				82.4%
+github.com/calypr/git-drs/internal/drsobject/object.go:126:		BuildAccessURL					60.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:166:		schemeFromProvider				40.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:179:		accessMethodTypeForScheme			50.0%
+github.com/calypr/git-drs/internal/drsobject/store.go:13:		objectPath					100.0%
+github.com/calypr/git-drs/internal/drsobject/store.go:21:		WriteObject					63.6%
+github.com/calypr/git-drs/internal/drsobject/store.go:41:		ReadObject					70.0%
+github.com/calypr/git-drs/internal/drsremote/bulk.go:9:			bulkAccessRequest				85.7%
+github.com/calypr/git-drs/internal/drsremote/bulk.go:39:		accessIDForBulkRequest				66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:21:		ObjectsByHash					66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:36:		ObjectsByHashes					77.1%
+github.com/calypr/git-drs/internal/drsremote/remote.go:90:		ObjectsByHashForScope				87.5%
+github.com/calypr/git-drs/internal/drsremote/remote.go:104:		ObjectsByHashesForScope				90.9%
+github.com/calypr/git-drs/internal/drsremote/remote.go:122:		AccessURLForHashScope				66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:145:		BulkAccessURLsForObjects			66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:181:		DownloadToCachePath				0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:194:		DownloadResolvedToCachePath			0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:204:		DownloadResolvedToPath				66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:219:		downloadResolved				0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:233:		Name						0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:237:		Logger						0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:241:		Stat						100.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:249:		GetReader					100.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:253:		GetRangeReader					75.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:261:		download					85.7%
+github.com/calypr/git-drs/internal/drsremote/scope.go:12:		MatchesScope					100.0%
+github.com/calypr/git-drs/internal/drsremote/scope.go:16:		FindMatchingRecord				88.9%
+github.com/calypr/git-drs/internal/drstrack/routes.go:14:		UpsertDRSRouteLines				85.4%
+github.com/calypr/git-drs/internal/drstrack/routes.go:89:		parseRouteLine					80.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:16:		TrackPatterns					69.6%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:57:		ListTrackedPatterns				79.2%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:95:		UntrackPatterns					78.4%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:154:		readLocalGitAttributes				83.3%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:165:		parseKnownLFSPatterns				36.4%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:182:		writeMergedGitAttributes			40.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:222:		cleanRootPath					100.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:226:		trimCurrentPrefix				100.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:235:		escapeAttrPattern				85.7%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:250:		unescapeAttrPattern				100.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:264:		TrackReadOnly					0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:56:	NewGitFilter					100.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:65:	OnSmudge					100.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:71:	OnClean						0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:78:	Run						63.6%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:116:	handshake					60.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:152:	processOne					68.4%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:187:	handleSmudge					66.7%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:199:	handleClean					0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:212:	passthroughSmudge				0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:217:	passthroughClean				0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:230:	writeSuccessResponse				66.7%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:255:	readRequest					100.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:277:	readContent					100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:16:		normalizeBucketMapKeyPart			100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:24:		orgBucketKey					100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:28:		projectBucketKey				100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:32:		SetBucketMapping				87.5%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:68:		GetBucketMapping				77.3%
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:16:		ResolveBucketScope				59.4%
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:80:		getExactBucketMapping				76.9%
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:103:		joinBucketPrefixes				100.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:10:		remoteTokenKey					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:14:		remoteUsernameKey				100.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:18:		remotePasswordKey				100.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:22:		remoteLFSURL					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:31:		GetRemoteToken					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:36:		SetRemoteToken					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:47:		GetRemoteBasicAuth				71.4%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:59:		SetRemoteBasicAuth				62.5%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:83:		ConfigureCredentialHelperForRepo		0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:104:		containsOption					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:114:		SetRemoteLFSURL					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:14:			DrsTopLevel					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:23:			GetRepo						75.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:32:			GitTopLevel					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:46:			GetGitConfigString				100.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:57:			GetGitConfigInt					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:70:			GetGitConfigBool				0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:82:			SetGitConfigOptions				81.2%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:110:			UnsetGitConfigOptions				100.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:122:			GetGitHooksDir					71.4%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:137:			AddFile						0.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:32:			IsLFSTracked					75.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:52:			GetAllLfsFiles					72.2%
+github.com/calypr/git-drs/internal/lfs/inventory.go:86:			GetLfsFilesForRefs				0.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:117:		GetWorktreeLfsFiles				80.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:157:		GetTrackedLfsFiles				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:188:		addFilesFromRef					69.2%
+github.com/calypr/git-drs/internal/lfs/inventory.go:218:		listTrackedWorktreeFiles			90.9%
+github.com/calypr/git-drs/internal/lfs/inventory.go:235:		filterLfsTrackedPaths				75.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:270:		isTrackedFilter					100.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:279:		readWorktreePointerInfo				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:298:		readIndexPointerInfo				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:317:		grepPointerPaths				73.1%
+github.com/calypr/git-drs/internal/lfs/inventory.go:353:		runGitCommand					63.6%
+github.com/calypr/git-drs/internal/lfs/inventory.go:376:		parseLFSPointer					89.3%
+github.com/calypr/git-drs/internal/lfs/inventory.go:421:		ParseLFSPointer					0.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:429:		buildRefs					77.8%
+github.com/calypr/git-drs/internal/lfs/inventory.go:457:		CreateLfsPointer				0.0%
+github.com/calypr/git-drs/internal/lfs/object_path.go:10:		ObjectPath					75.0%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:15:		runGitAllowMissing				87.5%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:31:		resolveLFSRoot					92.3%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:55:		runGit						80.0%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:64:		userHomeDir					37.5%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:78:		gitRevParseGitCommonDir				81.8%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:97:		GetGitRootDirectories				0.0%
+github.com/calypr/git-drs/internal/pathspec/match.go:9:			MatchesAny					0.0%
+github.com/calypr/git-drs/internal/pathspec/match.go:26:		Matches						85.7%
+github.com/calypr/git-drs/internal/pathspec/match.go:38:		globToRegexp					93.8%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:59:	Open						80.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:81:	LookupOIDByPath					66.7%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:95:	LookupPathsByOID				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:107:	LookupExternalURLByOID				71.4%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:122:	ResolveExternalURLByPath			75.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:137:	ReadPathEntry					60.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:156:	ReadOIDEntry					60.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:172:	EnsureLayout					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:181:	UpsertPathEntry					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:188:	AddOrReplaceOIDPath				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:195:	RemovePathFromOID				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:202:	DeletePathEntry					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:219:	CheckExternalURLMismatch			100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:236:	StaleAfter					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:250:	pathEntryFile					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:256:	oidEntryFile					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:263:	EncodePath					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:269:	DecodePath					75.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:284:	gitRevParseGitDir				76.9%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:306:	git						83.3%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:320:	writeJSONAtomic					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:344:	oidAddOrReplacePath				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:374:	oidRemovePath					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:409:	oidEntryFilePath				0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:44:		BatchSyncForPush				0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:76:		normalizeFiles					0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:93:		lookupMetadata					0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:111:		ensureMetadataRegistered			66.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:172:		findReusableRecord				80.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:182:		buildReusableScopedObject			85.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:194:		getOrCreateDRSObjectCandidate			70.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:210:		scopedDRSObjectForPush				72.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:264:		shouldPreserveExistingAccessMethodsForPush	76.2%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:295:		firstAccessURL					66.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:306:		parseStorageURL					66.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:319:		identifyUploadCandidates			0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:356:		needsUpload					71.4%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:369:		hasResolvableAccessMethod			62.5%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:384:		executeUploadPlan				71.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:431:		buildUploadPlanSummary				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:449:		progressContextForCandidate			100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:470:		reportUploadStarted				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:484:		reportUploadCompleted				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:498:		splitCandidatesByThreshold			80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:38:		ResolveUploadURL				100.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:65:		newPushRuntime					100.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:90:		isFileDownloadable				0.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:108:		uploadKeyFromObject				85.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:143:		resolveUploadSourcePath				46.7%
+github.com/calypr/git-drs/internal/pushsync/register.go:170:		uploadFileForObject				63.9%
+github.com/calypr/git-drs/internal/pushsync/register.go:236:		resolveScopedUploadURL				80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:272:		scopedUploadMetadata				80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:285:		newDownloadProbe				80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:295:		probeDownloadURL				0.0%
+github.com/calypr/git-drs/internal/version/version.go:22:		String						100.0%
+github.com/calypr/git-drs/internal/version/version.go:27:		LogFields					100.0%
+total:									(statements)					59.8%
diff --git a/docs/TODO/bug-checksum-match-upload-skip.md b/docs/TODO/bug-checksum-match-upload-skip.md
new file mode 100644
index 00000000..97e1563b
--- /dev/null
+++ b/docs/TODO/bug-checksum-match-upload-skip.md
@@ -0,0 +1,17 @@
+# Bug Doc: Checksum Match Can Suppress Required Upload
+
+## Current behavior
+
+`internal/pushsync` currently treats an existing checksum match as reusable without proving that the referenced payload is still downloadable. This is intentional for now because it avoids extra probe traffic during `git drs push`, but it weakens the older availability guarantee.
+
+In practice, a stale metadata record, broken backing blob, or bad access URL can still cause push preparation to skip upload and proceed to `git push`, leaving refs that later cannot be pulled successfully.
+
+## Why this is still a bug
+
+The behavior is currently accepted as a tradeoff, but it is still a bug from a data-availability perspective because checksum metadata alone is not enough to prove that the payload bytes remain recoverable.
+
+## Follow-up
+
+- Decide whether to restore downloadability probes for same-scope matches and reusable cross-scope matches.
+- If probes remain disabled, document the weaker availability guarantee in user-facing push and troubleshooting docs.
+- Add a focused regression test once the long-term policy is chosen.
diff --git a/docs/bucket-mapping.md b/docs/bucket-mapping.md
new file mode 100644
index 00000000..ef68dbe1
--- /dev/null
+++ b/docs/bucket-mapping.md
@@ -0,0 +1,210 @@
+# Bucket Mapping
+
+Bucket mapping controls where a given `organization/project` scope stores object bytes.
+
+This is usually steward or admin setup, not normal end-user setup.
+
+## What You Configure
+
+There are three related layers:
+
+1. Bucket credentials on the server
+2. Organization-wide storage mapping
+3. Project-specific storage mapping
+
+The usual flow is:
+
+```bash
+git drs bucket add production \
+  --bucket cbds \
+  --region us-east-1 \
+  --access-key "$AWS_ACCESS_KEY_ID" \
+  --secret-key "$AWS_SECRET_ACCESS_KEY" \
+  --s3-endpoint https://s3.amazonaws.com
+
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc
+```
+
+## 1. Add Bucket Credentials
+
+Declare the storage credential on the target server:
+
+```bash
+git drs bucket add production \
+  --bucket cbds \
+  --region us-east-1 \
+  --access-key "$AWS_ACCESS_KEY_ID" \
+  --secret-key "$AWS_SECRET_ACCESS_KEY" \
+  --s3-endpoint https://s3.amazonaws.com
+```
+
+Notes:
+
+- this stores the bucket credential on the remote Syfon server
+- `production` is an optional remote name; if omitted, `origin` is used
+- `--s3-endpoint` is required by the current command surface
+
+## 2. Add an Organization Mapping
+
+Map an organization to a bucket path:
+
+```bash
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+```
+
+This means:
+
+- bucket: `cbds`
+- base prefix for the organization: `htan-int`
+
+Every project in that organization can inherit this mapping.
+
+## 3. Add a Project Mapping
+
+Map a project to a path:
+
+```bash
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc
+```
+
+This adds a project-specific mapping for `HTAN_INT/BForePC`.
+
+## Path Format
+
+Both `add-organization` and `add-project` require `--path` in storage URL form:
+
+```bash
+s3://bucket/prefix
+gs://bucket/prefix
+azblob://bucket/prefix
+```
+
+Important behavior:
+
+- the bucket name is taken from the URL host
+- the persisted prefix is the path portion after the bucket
+- the bucket embedded in `--path` must match the resolved bucket
+
+## How Resolution Works
+
+When `git-drs` resolves the effective storage scope for an `organization/project`, it uses these rules:
+
+### If an organization mapping exists
+
+The organization mapping wins for the bucket.
+
+Then:
+
+- the organization prefix is used as the base
+- if a project mapping also exists, its prefix is appended
+
+Conceptually:
+
+```text
+effective_prefix = org_prefix + "/" + project_prefix
+```
+
+Example:
+
+- organization mapping: `s3://cbds/htan-int`
+- project mapping prefix: `bforepc`
+- effective result: bucket `cbds`, prefix `htan-int/bforepc`
+
+### If no organization mapping exists
+
+An exact project mapping can be used directly.
+
+Example:
+
+- project mapping: `s3://cbds/htan-int/bforepc`
+- effective result: bucket `cbds`, prefix `htan-int/bforepc`
+
+### If neither mapping exists
+
+Remote add and scoped upload setup will fail until a mapping is configured.
+
+## Choosing a Layout
+
+There are two common patterns.
+
+### Hierarchical organization-first layout
+
+```bash
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc
+```
+
+Result:
+
+- organization root: `htan-int`
+- project subpath: `bforepc`
+- effective project path: `htan-int/bforepc`
+
+Use this when all projects in an organization should live under one org root.
+
+### Exact project-only layout
+
+```bash
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/htan-int/bforepc
+```
+
+Use this when you do not want a separate organization-level mapping.
+
+## Overwriting Existing Mappings
+
+If a mapping already exists, the command fails unless you pass `--force`.
+
+Example:
+
+```bash
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc-v2 \
+  --force
+```
+
+## What End Users Usually Need To Know
+
+Usually, end users do not need to know the real bucket name.
+
+They only need:
+
+- the target `organization/project`
+- valid credentials
+- a configured remote
+
+Then they can run:
+
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred ~/.gen3/credentials.json
+```
+
+That remote setup resolves the bucket mapping from the server-side scope configuration.
+
+## Related Commands
+
+- [Getting Started](getting-started.md)
+- [Commands Reference](commands.md)
+- [Troubleshooting](troubleshooting.md)
diff --git a/docs/commands.md b/docs/commands.md
index 7e5dc492..a351837a 100644
--- a/docs/commands.md
+++ b/docs/commands.md
@@ -6,23 +6,6 @@ Git DRS owns Git/DRS orchestration and local metadata. Provider access, signed U
 
 > **Navigation:** [Getting Started](getting-started.md) -> **Commands Reference** -> [Troubleshooting](troubleshooting.md)
 
-## Command Model
-
-`git-drs` is intentionally smaller now.
-
-- Removed legacy commands:
-  - `git drs fetch`
-  - `git drs list`
-  - `git drs upload`
-  - `git drs download`
-- `git drs pull` now mirrors `git lfs pull` semantics:
-  - it hydrates tracked pointer files in the current checkout
-  - it does not run `git pull`
-- `git drs ls-files` is the `git lfs ls-files` analog:
-  - local-first inventory
-  - optional DRS registration checks
-- `git drs remote add gen3` now takes scope as a positional `organization/project`
-
 ## Core Setup
 
 ### `git drs install`
@@ -171,6 +154,8 @@ git drs push production
 - Reconciles committed tracked-file deletions against the pushed Git ref delta
 - This enables cross-remote promotion workflows
 
+For tracked data changes, `git drs push` is the normal top-level push command.
+
 **Cross-Remote Promotion:**
 
 Transfer DRS records from one remote to another (eg staging to production) without re-uploading files:
diff --git a/docs/getting-started.md b/docs/getting-started.md
index 4151b627..c906f646 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -1,429 +1,139 @@
 # Getting Started
 
-This guide walks through the current `git-drs` workflow on the cleaned CLI path.
+This page assumes you already completed [Quick Start](quickstart.md).
 
-> **Navigation:** [Installation](installation.md) -> **Getting Started** -> [Commands Reference](commands.md) -> [Troubleshooting](troubleshooting.md)
+Quick Start gets you running. This page explains how to think about `git-drs` once the repo is connected and usable.
 
-## What `git-drs` Does
+## The Mental Model
 
-`git-drs` manages:
+Use the tools at the right layer:
 
-- Git-compatible pointer files
-- local DRS metadata
-- remote Syfon/Gen3 configuration
-- pointer hydration and object registration workflows
+- use `git` for commits, branches, merges, and `git pull`
+- use `git-drs` for remote configuration, tracking rules, object hydration, upload/registration, and tracked-file delete reconciliation
 
-It no longer tries to be a mixed bag of Git, Git LFS, and DRS transport wrappers.
+The most important distinction is:
 
-## Cloning an Existing Repository
+- `git pull` updates commits and checkout state
+- `git drs pull` hydrates tracked pointer files already present in the checkout
 
-1. Clone the repository:
+## The Setup Command
 
-   ```bash
-   git clone <repo-clone-url>.git
-   cd <name-of-repo>
-   ```
-
-2. If you use SSH remotes, make sure your SSH setup is already working for that host.
-
-   A typical keepalive configuration looks like:
-
-   ```
-   Host github.com
-       TCPKeepAlive yes
-       ServerAliveInterval 30
-   ```
-
-3. If the repo does not yet have a `git-drs` remote configured, add one now. `remote add` will bootstrap the repo-local hooks/config automatically if needed.
-
-4. Hydrate tracked files if needed:
-
-   ```bash
-   git drs pull
-   ```
-
-This is the normal onboarding flow for an existing repo. `git drs pull` hydrates pointer files already present in the checkout. It does not replace `git pull`.
-
-## One-Time Machine Setup
-
-Install `git-drs` and the global Git filter configuration:
+The standard setup command is:
 
 ```bash
-git drs install
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
 ```
 
-## One-Time Repository Setup
-
-After cloning or creating a repository, the normal first step is adding a remote:
-
-```bash
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
-```
-
-That command now sets up repository-local `git-drs` state and hooks automatically if they are missing.
-
-You can still run `git drs init` directly when you want to initialize the repo explicitly before configuring any remote, or when you want to repair the hook/config wiring.
-
-## Add a Gen3 Remote
+That command:
 
-The current shape is:
+- stores the remote configuration
+- imports or refreshes credentials
+- bootstraps repo-local `git-drs` wiring when it is missing
 
-```bash
-git drs remote add gen3 [remote-name] <organization/project> [--cred <file> | --token <token>]
-```
+## The Two Common Workflows
 
-Example:
+### Existing Repository
 
 ```bash
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+git clone <repo-url>
+cd <repo-name>
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs pull
 ```
 
-Notes:
-
-- scope is one positional argument: `organization/project`
-- if repo-local `git-drs` setup is missing, this command initializes it first
-- users do not provide `--bucket`
-- users do not provide `--url`
-- bucket resolution is scope-based and server-backed
-
-Verify:
+### New Repository
 
 ```bash
-git drs remote list
+mkdir my-data-repo
+cd my-data-repo
+git init
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs track "*.bam"
+git add .gitattributes
+git commit -m "Configure tracked files"
 ```
 
-## New Repository Setup
+## Typical Workflow
 
-For a new repository or a repository that has not yet been configured with `git-drs`:
+Most work reduces to this loop:
 
-1. Initialize the repository:
+1. update Git history
 
    ```bash
-   git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+   git pull
    ```
 
-   This bootstraps the repo-local `git-drs` hooks/config if needed.
-
-2. Verify the configuration:
+2. hydrate tracked files when needed
 
    ```bash
-   git drs remote list
+   git drs pull
    ```
 
-## Steward/Admin Prerequisite
-
-Push and pull depend on server-side bucket mapping for the target scope.
-
-That usually means a steward/admin has already done something like:
-
-```bash
-git drs bucket add production \
-  --bucket cbds \
-  --region us-east-1 \
-  --access-key "$AWS_ACCESS_KEY_ID" \
-  --secret-key "$AWS_SECRET_ACCESS_KEY"
-
-git drs bucket add-organization production \
-  --organization HTAN_INT \
-  --path s3://cbds/htan-int
-
-git drs bucket add-project production \
-  --organization HTAN_INT \
-  --project BForePC \
-  --path s3://cbds/htan-int/bforepc
-```
-
-End users generally should not need to know the bucket name.
-
-## Credentials
-
-For Gen3-backed deployments:
-
-- obtain a credential JSON or token from the target data commons
-- the common path is: log in -> profile -> create API key -> download JSON
-- refresh it when it expires
-- re-run `git drs remote add gen3 ... --cred ...` when you need to refresh the stored profile
-
-Example:
-
-```bash
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
-```
-
-### When a key expires or is replaced
-
-The supported recovery path is:
-
-```bash
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
-```
-
-Practical answers to the common questions:
+   To hydrate only part of a repository instead of everything, use include filters:
 
-- do you need to run `git drs init` again?
-  - no
-- do you need to run `git drs remote add gen3` again?
-  - yes, if the API key itself was replaced or you want to import a new credential file/token
-- does `git-drs` detect token expiry automatically?
-  - partially
-  - if the stored access token is expired but the stored API key is still valid, `git-drs` will try to refresh the access token automatically
-  - if the API key itself is expired, revoked, or replaced, rerun `git drs remote add gen3 ...`
-- how do you check what remote/profile is in use?
-  - `git drs remote list` shows the configured remotes
-  - the Gen3 profile data lives in `~/.gen3/gen3_client_config.ini`
+   ```bash
+   git drs pull -I "data/sample.bam"
+   git drs pull -I "*.vcf.gz"
+   ```
 
-As a rule, if credentials changed and you want a predictable fix, re-run `git drs remote add gen3 ...` for that remote. That updates the stored profile and repo token plumbing without requiring repo re-initialization.
+3. edit or add files normally
 
-## Managing Additional Remotes
+   ```bash
+   git add ...
+   git commit -m "..."
+   ```
 
-You can add multiple remotes for multi-environment workflows.
+4. push data changes
 
-```bash
-git drs remote add gen3 staging HTAN_INT/BForePC --cred /path/to/staging-credentials.json
-git drs remote list
-git drs remote set staging
-```
+   ```bash
+   git drs push
+   ```
 
-Or target a non-default remote for a single command:
+`git drs push` handles the DRS upload flow and the Git push flow together.
 
-```bash
-git drs push production
-git drs copy-records staging production HTAN_INT/BForePC
-```
+Use plain `git push` when you only want to push Git-only changes and do not want the `git-drs` upload stage.
 
-## Track Files
+## The Core Tasks
 
-Track file types or paths you want managed by `git-drs`:
+### Track files
 
 ```bash
 git drs track "*.bam"
-git add .gitattributes
-```
-
-You can also track explicit paths or path globs:
-
-```bash
 git drs track "data/**"
-git add .gitattributes
-```
-
-View current tracking:
-
-```bash
-git drs track
 ```
 
-Stop tracking patterns:
+Always review and stage `.gitattributes` after changing tracking rules.
 
-```bash
-git drs untrack "*.bam"
-git add .gitattributes
-```
-
-## Add, Commit, and Push
-
-```bash
-git add sample.bam
-git commit -m "Add sample"
-git drs push
-```
-
-`git-drs` handles pointer/object registration behavior around the Git workflow.
-
-## Remove a Tracked File
-
-Use `git drs rm` for tracked DRS/LFS files:
-
-```bash
-git drs rm sample.bam
-git commit -m "Remove sample"
-git drs push
-```
-
-This removes the pointer from Git immediately. The remote DRS mutation happens only when that deletion is committed and pushed:
-
-- if the scoped record has one `controlled_access` entry, the record is deleted
-- if it has multiple `controlled_access` entries, only the current `organization/project` resource is removed
-- underlying object bytes are not deleted by default
-
-## Inspect Tracked Files
-
-Use `ls-files` as the local inventory command:
+### Inspect local state
 
 ```bash
 git drs ls-files
 git drs ls-files -l
 git drs ls-files --drs
-git drs ls-files -I "*.bam"
 ```
 
 Interpretation:
 
-- `*` means localized/hydrated in the worktree
-- `-` means the worktree still contains a pointer
-
-## Hydrate Files
-
-Use `git drs pull` only for hydration.
-
-```bash
-git drs pull
-git drs pull -I "*.bam"
-git drs pull -I "results/**" -I "*.txt"
-```
-
-Important:
-
-- `git drs pull` does not run `git pull`
-- run plain `git pull` yourself when you want new commits/trees
-- then run `git drs pull` if you need to hydrate pointer files in the checkout
-
-## Add Existing Bucket Objects
-
-If the object already exists in provider storage, use `add-url`:
-
-```bash
-# Track the file pattern first
-git drs track "myfile.txt"
-git add .gitattributes
-
-# Add object reference (known sha256 path)
-git drs add-url s3://bucket/path/to/file myfile.txt \
-  --sha256 <file-hash>
-
-# Or use unknown-sha
-git drs add-url s3://bucket/path/to/file myfile.txt
-
-# Commit and push
-git add myfile.txt
-git commit -m "Add S3 file reference"
-git push
-```
-
-Scoped bucket-key mode also works:
-
-```bash
-git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
-git commit -m "Add bucket-backed object reference"
-git push
-```
+- `*` means the worktree has localized bytes
+- `-` means the worktree still has a pointer
 
-Explicit provider URL mode also works:
+### Remove tracked files
 
 ```bash
-git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
-```
-
-## Session Workflow
-
-> **Note:** You do not need to run `git drs init` again. Remote configuration bootstraps repo-local setup when needed, and explicit `git drs init` is mainly for manual setup or repair.
-
-For a normal work session:
-
-1. Refresh credentials if needed
-
-   ```bash
-   git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
-   ```
-
-   You do not need to run `git drs init` again for this. Refreshing credentials is a `remote add` operation, not a repo reinitialization step.
-
-2. Update Git history if needed
-
-   ```bash
-   git pull
-   ```
-
-3. Hydrate tracked files if needed
-
-   ```bash
-   git drs pull
-   ```
-
-4. Work with files normally
-
-   ```bash
-   git add ...
-   git commit -m "..."
-   git push
-   ```
-
-## Configuration Management
-
-View current remote configuration:
-
-```bash
-git drs remote list
-```
-
-Refresh or update credentials by re-adding the remote:
-
-```bash
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
+git drs rm sample.bam
+git commit -m "Remove sample"
+git drs push
 ```
 
-## Local DRS Server Setup
+That is the supported delete flow for tracked `git-drs` objects. For the fuller decision tree, see [Removing Files](remove-files.md).
 
-Use this flow when developing against a local Syfon/DRS server instead of a hosted Gen3 deployment.
-
-1. Add the local remote:
-
-   ```bash
-   git drs remote add local origin http://localhost:8080 \
-       calypr/end_to_end_test \
-       --username drs-user \
-       --password drs-pass
-   ```
-
-   This bootstraps the repo-local `git-drs` hooks/config if needed.
-
-   If your local server requires basic auth, include the local auth flags supported by that command.
-
-2. Track and push:
-
-   ```bash
-   git drs track "*.bin"
-   git add .gitattributes data/example.bin
-   git commit -m "Add local DRS test file"
-   git drs push
-   ```
-
-3. Verify hydration:
-
-   ```bash
-   git drs pull
-   ```
-
-For full local/remote runbooks, see [E2E Modes + Local Setup](e2e-modes-and-local-setup.md).
-
-## Copy Metadata Between Remotes
-
-Use `copy-records` to copy Syfon metadata records between remotes for a single scope:
+### Refresh credentials
 
 ```bash
-git drs copy-records dev prod HTAN_INT/BForePC
+git drs remote add gen3 production <organization/project> --cred /path/to/new-credentials.json
 ```
 
-Or let the default remote be the source:
-
-```bash
-git drs copy-records prod HTAN_INT/BForePC
-```
-
-This copies metadata only. It does not copy object bytes between buckets.
-
-## Common Flow Summary
-
-```bash
-git drs install
-git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
-git drs track "*.bam"
-git add .gitattributes
-git add sample.bam
-git commit -m "Add sample"
-git push
-git drs ls-files
-git drs pull -I "*.bam"
-```
+## Read Next
 
-For command details, see [commands.md](commands.md).
+- [Commands Reference](commands.md) for exact command syntax
+- [Troubleshooting](troubleshooting.md) when a real workflow breaks
diff --git a/docs/git-lfs.md b/docs/git-lfs.md
new file mode 100644
index 00000000..f7796019
--- /dev/null
+++ b/docs/git-lfs.md
@@ -0,0 +1,37 @@
+# Git LFS Compatibility
+
+`git-drs` supports Git LFS compatibility, but Git LFS is not required for normal `git-drs` workflows.
+
+Use this page if you are working with an older repository, a mixed environment, or a team workflow that still expects Git LFS concepts.
+
+## What Is Optional
+
+You do **not** need Git LFS installed in order to:
+
+- install `git-drs`
+- add a `git-drs` remote
+- track files with `git drs track`
+- upload with `git push` or `git drs push`
+- hydrate data with `git drs pull`
+
+## When Git LFS Still Matters
+
+Git LFS compatibility can still be useful when:
+
+- a repository already contains Git LFS-style pointer files
+- your team already understands Git LFS tracking patterns
+- you need to reason about clean/smudge filter behavior
+- you are debugging interoperability with older tooling
+
+`git-drs` uses a Git-compatible pointer workflow and fits into the same general filter architecture, but the day-to-day commands should come from `git-drs`, not from Git LFS.
+
+## Preferred Commands
+
+For current workflows, prefer:
+
+| Task | Use |
+|---|---|
+| Track files | `git drs track "*.bam"` |
+| See tracked files | `git drs ls-files` |
+| Hydrate file content | `git drs pull` |
+| Upload/register data | `git push` or `git drs push` |
diff --git a/docs/installation.md b/docs/installation.md
index 0f111459..3dcc3a10 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -1,117 +1,93 @@
 # Installation Guide
 
-This guide covers installation of Git DRS across different environments and target DRS servers.
+This page is only about getting the `git-drs` binary onto a machine. It does not teach the repository workflow.
 
-## Prerequisites
+If you want the shortest onboarding path, use [Quick Start](quickstart.md). If you want the workflow explained, use [Getting Started](getting-started.md).
 
-Git DRS requires Git to be installed. Install Git DRS using the steps below, then run `git drs install` to configure Git filters.
+## Release Install
 
-## Local Installation (Gen3 Server)
+This guide uses release `v0.6.0`.
 
-**Target Environment**: Local development machine targeting Gen3 data commons (e.g., CALYPR)
+- [GitHub Releases](https://github.com/calypr/git-drs/releases)
 
-### Steps
+=== "macOS (Apple Silicon)"
 
-1. **Install Git DRS**
-   ```bash
-   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)"
-   ```
+    ```bash
+    curl -L -o git-drs-darwin-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
 
-2. **Update PATH**
-   ```bash
-   # Add to your shell startup file (for example ~/.zshrc, ~/.bashrc, or ~/.profile)
-   export PATH="$PATH:$HOME/.local/bin"
-   source ~/.zshrc  # or source your shell startup file
-   ```
+=== "macOS (Intel)"
 
-3. **Verify Installation**
-   ```bash
-   git-drs --help
-   ```
+    ```bash
+    curl -L -o git-drs-darwin-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
 
-4. **Install Global Git Filters for git-drs**
-   ```bash
-   git drs install
-   ```
+=== "Linux (x86_64)"
 
-   This writes the `filter.drs` settings to your `~/.gitconfig`.
+    ```bash
+    curl -L -o git-drs-linux-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
 
-5. **Get Credentials**
-   - Log in to your data commons (e.g., https://calypr-public.ohsu.edu/)
-   - Click your email → Profile → Create API Key → Download JSON
-   - Note the download path for later configuration
+=== "Linux (arm64)"
 
-## HPC Installation (Gen3 Server)
+    ```bash
+    curl -L -o git-drs-linux-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
 
-**Target Environment**: High-performance computing systems targeting Gen3 servers
+=== "Windows"
 
-### Steps
+    There is no packaged Windows release in this flow. Build `git-drs` from source instead.
 
-1. **Configure Git/SSH (if needed)**
-   ```bash
-   # Generate SSH key
-   ssh-keygen -t ed25519 -C "your_email@example.com"
-   
-   # Add to ssh-agent
-   eval "$(ssh-agent -s)"
-   ssh-add ~/.ssh/id_ed25519
-   
-   # Add public key to GitHub/GitLab
-   cat ~/.ssh/id_ed25519.pub
-   ```
+## PATH
 
-2. **Install Git DRS**
-   ```bash
-   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)"
-   
-   # Update PATH
-   echo 'export PATH="$PATH:$HOME/.local/bin"' >> ~/.bash_profile
-   source ~/.bash_profile
-   ```
+If `$HOME/.local/bin` is not already in your shell path, add it in your shell startup file.
 
-3. **Verify Installation**
-   ```bash
-   git-drs version
-   git drs install
-   ```
-
-## Build from Source
-
-For development or custom builds:
+Example:
 
 ```bash
-# Clone repository
-git clone https://github.com/calypr/git-drs.git
-cd git-drs
-
-# Build
-go build
-
-# Make accessible
-export PATH=$PATH:$(pwd)
+export PATH="$PATH:$HOME/.local/bin"
 ```
 
-## Post-Installation
-
-After installation, verify your setup:
+## Verify The Install
 
 ```bash
-# Check Git DRS version
 git-drs version
+git drs version
+```
 
+## Build From Source
 
-# View configured remotes (after setup)
-git drs remote list
+Use this when you need a local development build or a platform without a packaged release.
 
-# Verify git-drs global filter configuration
-git config --global --get filter.drs.process
+```bash
+git clone https://github.com/calypr/git-drs.git
+cd git-drs
+go build
 ```
 
-## Next Steps
+Then move or copy the built binary somewhere on your `PATH`.
 
-After installation, see:
+## What Installation Does Not Do
+
+Installing the binary does not configure a repository. Repository-local setup now happens when you run:
+
+```bash
+git drs remote add ...
+```
 
-> **Navigation:** [Installation](installation.md) → [Getting Started](getting-started.md) → [Commands Reference](commands.md)
+## Read Next
 
-- **[Getting Started](getting-started.md)** - Repository setup and basic workflows
-- **[Commands Reference](commands.md)** - Complete command documentation
+- [Quick Start](quickstart.md) for first setup on a real repo
+- [Getting Started](getting-started.md) for the workflow model
diff --git a/docs/quickstart.md b/docs/quickstart.md
new file mode 100644
index 00000000..94e6d664
--- /dev/null
+++ b/docs/quickstart.md
@@ -0,0 +1,121 @@
+# Quick Start
+
+This page is intentionally minimal. It gets a new user from zero to a working `git-drs` repository with as little explanation as possible.
+
+If you want the workflow explained after setup, continue to [Getting Started](getting-started.md).
+
+## 1. Install `git-drs`
+
+This quick start uses release `v0.6.0`.
+
+- [GitHub Releases](https://github.com/calypr/git-drs/releases)
+
+=== "macOS (Apple Silicon)"
+
+    ```bash
+    curl -L -o git-drs-darwin-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "macOS (Intel)"
+
+    ```bash
+    curl -L -o git-drs-darwin-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Linux (x86_64)"
+
+    ```bash
+    curl -L -o git-drs-linux-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Linux (arm64)"
+
+    ```bash
+    curl -L -o git-drs-linux-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Windows"
+
+    There is no packaged Windows release in this flow. Build `git-drs` from source instead.
+
+Verify:
+
+```bash
+git-drs version
+```
+
+## 2. Get Credentials
+
+Download your Gen3 API credentials JSON from your commons profile page and save it somewhere stable, for example:
+
+```bash
+~/.gen3/credentials.json
+```
+
+Typical flow:
+
+1. Sign in to the Gen3 portal.
+2. Open your profile page.
+3. Click `Create API Key`.
+4. Download the JSON file.
+5. Save it somewhere stable.
+
+## 3. Connect An Existing Repository
+
+```bash
+git clone <repo-url>
+cd <repo-name>
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs pull
+```
+
+Use this path when the repository already contains tracked pointers and you want local file contents.
+
+## 4. Start A New Repository
+
+```bash
+mkdir my-data-repo
+cd my-data-repo
+git init
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs track "*.bam"
+git add .gitattributes
+git commit -m "Configure tracked files"
+```
+
+## 5. Day-One Commands
+
+Pull Git history:
+
+```bash
+git pull
+```
+
+Hydrate tracked files:
+
+```bash
+git drs pull
+```
+
+Upload/register tracked objects:
+
+```bash
+git drs push
+```
+
+## Read Next
+
+- [Getting Started](getting-started.md) for the workflow model
+- [Commands Reference](commands.md) for exact command behavior
diff --git a/docs/remove-files.md b/docs/remove-files.md
new file mode 100644
index 00000000..88d2ef67
--- /dev/null
+++ b/docs/remove-files.md
@@ -0,0 +1,59 @@
+# Removing Files
+
+There are two different questions when you remove a file from a `git-drs` repository:
+
+1. Do you just want to remove the path from Git?
+2. Do you also want the pushed deletion to reconcile remote DRS state for that object?
+
+For tracked `git-drs` files, the recommended command is `git drs rm`.
+
+## Which Command To Use
+
+### Use `git drs rm` for tracked `git-drs` files
+
+```bash
+git drs rm DATA/subject-123/vcf/sample1.vcf.gz
+```
+
+Use this when you want the supported Git-DRS delete workflow.
+
+What it does immediately:
+
+- validates that the path is a tracked `git-drs` file
+- removes the path from the worktree and index
+- stages the deletion through normal Git
+
+What happens later, when the deletion is committed and pushed:
+
+- `git-drs` derives deleted pointers from the pushed Git commit delta
+- if the object is still live somewhere else in the pushed repo state, only the local path deletion is reconciled
+- if the scoped record has exactly one `controlled_access` resource, the remote record is deleted
+- if the record has multiple `controlled_access` resources, only the current `organization/project` resource is removed
+
+### Use `git rm` for ordinary Git-managed files
+
+```bash
+git rm README.md
+```
+
+Use this for files that are not tracked by `git-drs`.
+
+## Typical Tracked-File Removal Flow
+
+```bash
+git drs rm DATA/subject-123/vcf/sample1.vcf.gz
+git commit -m "Remove sample"
+git drs push
+```
+
+That is the supported tracked-object delete flow.
+
+## Best Practice
+
+For data objects managed by `git-drs`, prefer:
+
+```bash
+git drs rm <path>
+git commit -m "Remove tracked object"
+git drs push
+```
diff --git a/go.mod b/go.mod
index b513958d..f4dd07a7 100644
--- a/go.mod
+++ b/go.mod
@@ -5,13 +5,13 @@ go 1.26.3
 require (
 	github.com/bytedance/sonic v1.15.0
 	github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f
-	github.com/calypr/syfon v0.2.9
-	github.com/calypr/syfon/apigen v0.2.7
+	github.com/calypr/syfon v0.3.1-0.20260513001653-406639e16d27
+	github.com/calypr/syfon/apigen v0.2.8-0.20260513001653-406639e16d27
 	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1
-	github.com/go-git/go-git/v5 v5.13.0
+	github.com/go-git/go-git/v5 v5.19.0
 	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/google/uuid v1.6.0
-	github.com/mattn/go-isatty v0.0.21
+	github.com/mattn/go-isatty v0.0.22
 	github.com/spf13/cobra v1.10.2
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/sync v0.20.0
@@ -38,10 +38,10 @@ require (
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.56.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.56.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.3 // indirect
+	github.com/ProtonMail/go-crypto v1.4.1 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
-	github.com/andybalholm/brotli v1.2.0 // indirect
+	github.com/andybalholm/brotli v1.2.1 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect
@@ -63,24 +63,24 @@ require (
 	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
+	github.com/cyphar/filepath-securejoin v0.6.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/envoyproxy/go-control-plane/envoy v1.37.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.3.3 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.0 // indirect
+	github.com/go-git/go-billy/v5 v5.9.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gofiber/fiber/v3 v3.1.0 // indirect
-	github.com/gofiber/schema v1.7.0 // indirect
-	github.com/gofiber/utils/v2 v2.0.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/gofiber/fiber/v3 v3.2.0 // indirect
+	github.com/gofiber/schema v1.7.1 // indirect
+	github.com/gofiber/utils/v2 v2.0.5 // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/wire v0.7.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
@@ -88,25 +88,25 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.18.5 // indirect
+	github.com/kevinburke/ssh_config v1.6.0 // indirect
+	github.com/klauspost/compress v1.18.6 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-runewidth v0.0.23 // indirect
 	github.com/oapi-codegen/runtime v1.4.0 // indirect
 	github.com/philhofer/fwd v1.2.0 // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pjbgf/sha1cd v0.6.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20250313105119-ba97887b0a25 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
+	github.com/sergi/go-diff v1.4.0 // indirect
+	github.com/skeema/knownhosts v1.3.2 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
-	github.com/tinylib/msgp v1.6.3 // indirect
+	github.com/tinylib/msgp v1.6.4 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fasthttp v1.69.0 // indirect
+	github.com/valyala/fasthttp v1.71.0 // indirect
 	github.com/vbauerster/mpb/v8 v8.12.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
@@ -120,10 +120,10 @@ require (
 	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	gocloud.dev v0.45.0 // indirect
 	golang.org/x/arch v0.20.0 // indirect
-	golang.org/x/crypto v0.50.0 // indirect
-	golang.org/x/net v0.53.0 // indirect
+	golang.org/x/crypto v0.51.0 // indirect
+	golang.org/x/net v0.54.0 // indirect
 	golang.org/x/oauth2 v0.36.0 // indirect
-	golang.org/x/text v0.36.0 // indirect
+	golang.org/x/text v0.37.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
 	google.golang.org/api v0.276.0 // indirect
@@ -141,10 +141,10 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.32.14
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.14
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0
-	github.com/calypr/syfon/client v0.2.8
+	github.com/calypr/syfon/client v0.2.10-0.20260513001653-406639e16d27
 	github.com/hashicorp/go-version v1.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
-	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/sys v0.44.0 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 73ae11d9..dc5f597a 100644
--- a/go.sum
+++ b/go.sum
@@ -53,15 +53,15 @@ github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapp
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
-github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67IQOfM=
+github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
-github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
+github.com/andybalholm/brotli v1.2.1 h1:R+f5xP285VArJDRgowrfb9DqL18yVK0gKAW/F+eTWro=
+github.com/andybalholm/brotli v1.2.1/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
@@ -117,31 +117,31 @@ github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiD
 github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f h1:+jRjTLBjCjxbWvcbYIi9Oe+XBGlwLJnnk8mk1wHEamY=
 github.com/calypr/data-client v0.0.0-20260506231822-6a4689d4201f/go.mod h1:cAKvEGQogXFM4Hz22/JNOH+l2bRaz+pjT3N2H5cC8D4=
-github.com/calypr/syfon v0.2.9 h1:ZpcXCtlD6QxWTQKn5S1ulGEMh/tbnHv6kAIum1kQbCQ=
-github.com/calypr/syfon v0.2.9/go.mod h1:FMYmSy6rbUGbFcuNTlKtxIhWSlIRPbZfpauKMO0k1V4=
-github.com/calypr/syfon/apigen v0.2.7 h1:h5ZcxoLFPuLXt+8EUWICbKQgE/MMu2jym4oUshV3m8k=
-github.com/calypr/syfon/apigen v0.2.7/go.mod h1:VrRZ2A17YV91Zsm7CF/u1/Z+DfcZAk8Q4Pk1xklb5xU=
-github.com/calypr/syfon/client v0.2.8 h1:xMq5pZNnvkY9UnfrQVvJXe8Ic/Y0D2OLyreMaqNVP5U=
-github.com/calypr/syfon/client v0.2.8/go.mod h1:9MTLDQ5clwDHcDuKCEuVaV7bebsCIUtUQxTegW3RDVo=
+github.com/calypr/syfon v0.3.1-0.20260513001653-406639e16d27 h1:Rid6vVH+kfic0g/50A5/cM7lidaLe+hOF71isno43AQ=
+github.com/calypr/syfon v0.3.1-0.20260513001653-406639e16d27/go.mod h1:N1JGIHUuNBuWWstzBNj6DiI6Ol6WUm2uh/hGtbzzdy8=
+github.com/calypr/syfon/apigen v0.2.8-0.20260513001653-406639e16d27 h1:oSiBa4Bzh6s+q+SwnN+QbQK5te3SLGNvH2sj8o2JZLg=
+github.com/calypr/syfon/apigen v0.2.8-0.20260513001653-406639e16d27/go.mod h1:VrRZ2A17YV91Zsm7CF/u1/Z+DfcZAk8Q4Pk1xklb5xU=
+github.com/calypr/syfon/client v0.2.10-0.20260513001653-406639e16d27 h1:ku2td3MeohM54TCVaGrvGUQfdjX79motMXZs+G3D29U=
+github.com/calypr/syfon/client v0.2.10-0.20260513001653-406639e16d27/go.mod h1:GZXxej6x5tW+N7F+YeZEpbBaRuWoeI3JxVuirdt9vrU=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
 github.com/clipperhouse/uax29/v2 v2.7.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
+github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
 github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik=
 github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
-github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE=
+github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/elazarl/goproxy v1.2.1 h1:njjgvO6cRG9rIqN2ebkqy6cQz2Njkx7Fsfv/zIZqgug=
-github.com/elazarl/goproxy v1.2.1/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64=
+github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
+github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA=
@@ -156,20 +156,20 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78=
+github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1 h1:mtDjlmloH7ytdblogrMz1/8Hqua1y8B4ID+bh3rvod0=
 github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1/go.mod h1:fenKRzpXDjNpsIBhuhUzvjCKlDjKam0boRAenTE0Q6A=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
-github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
+github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA=
+github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E=
-github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw=
+github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkMtc=
+github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
 github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
 github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -177,16 +177,16 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/gofiber/fiber/v3 v3.1.0 h1:1p4I820pIa+FGxfwWuQZ5rAyX0WlGZbGT6Hnuxt6hKY=
-github.com/gofiber/fiber/v3 v3.1.0/go.mod h1:n2nYQovvL9z3Too/FGOfgtERjW3GQcAUqgfoezGBZdU=
-github.com/gofiber/schema v1.7.0 h1:yNM+FNRZjyYEli9Ey0AXRBrAY9jTnb+kmGs3lJGPvKg=
-github.com/gofiber/schema v1.7.0/go.mod h1:A/X5Ffyru4p9eBdp99qu+nzviHzQiZ7odLT+TwxWhbk=
-github.com/gofiber/utils/v2 v2.0.2 h1:ShRRssz0F3AhTlAQcuEj54OEDtWF7+HJDwEi/aa6QLI=
-github.com/gofiber/utils/v2 v2.0.2/go.mod h1:+9Ub4NqQ+IaJoTliq5LfdmOJAA/Hzwf4pXOxOa3RrJ0=
+github.com/gofiber/fiber/v3 v3.2.0 h1:g9+09D320foINPpCnR3ibQ5oBEFHjAWRRfDG1te54u8=
+github.com/gofiber/fiber/v3 v3.2.0/go.mod h1:FHOsc2Db7HhHpsE62QAaJlXVV1pNkbZEptZ4jtti7m4=
+github.com/gofiber/schema v1.7.1 h1:oSJBKdgP8JeIME4TQSAqlNKTU2iBB+2RNmKi8Nsc+TI=
+github.com/gofiber/schema v1.7.1/go.mod h1:A/X5Ffyru4p9eBdp99qu+nzviHzQiZ7odLT+TwxWhbk=
+github.com/gofiber/utils/v2 v2.0.5 h1:IMXoI2A5Dao/aMMBURTNxnhbtQO4kUwUFOgcwFSIjLU=
+github.com/gofiber/utils/v2 v2.0.5/go.mod h1:FwwopfzwAQsoXLCHhOT24eH2jQfBgrrra9S5p0+luxg=
 github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
 github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
@@ -220,12 +220,12 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
-github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
-github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kevinburke/ssh_config v1.6.0 h1:J1FBfmuVosPHf5GRdltRLhPJtJpTlMdKTBjRgTaQBFY=
+github.com/kevinburke/ssh_config v1.6.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
-github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
+github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao=
+github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -239,8 +239,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
-github.com/mattn/go-isatty v0.0.21 h1:xYae+lCNBP7QuW4PUnNG61ffM4hVIfm+zUzDuSzYLGs=
-github.com/mattn/go-isatty v0.0.21/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
+github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
+github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
 github.com/mattn/go-runewidth v0.0.23 h1:7ykA0T0jkPpzSvMS5i9uoNn2Xy3R383f9HDx3RybWcw=
 github.com/mattn/go-runewidth v0.0.23/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/oapi-codegen/runtime v1.4.0 h1:KLOSFOp7UzkbS7Cs1ms6NBEKYr0WmH2wZG0KKbd2er4=
@@ -249,8 +249,8 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
 github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
-github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
-github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pjbgf/sha1cd v0.6.0 h1:3WJ8Wz8gvDz29quX1OcEmkAlUg9diU4GxJHqs0/XiwU=
+github.com/pjbgf/sha1cd v0.6.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -263,13 +263,13 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
-github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
+github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
+github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shamaton/msgpack/v3 v3.1.0 h1:jsk0vEAqVvvS9+fTZ5/EcQ9tz860c9pWxJ4Iwecz8gU=
 github.com/shamaton/msgpack/v3 v3.1.0/go.mod h1:DcQG8jrdrQCIxr3HlMYkiXdMhK+KfN2CitkyzsQV4uc=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
-github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
+github.com/skeema/knownhosts v1.3.2 h1:EDL9mgf4NzwMXCTfaxSD/o/a5fxDw/xL9nkU28JjdBg=
+github.com/skeema/knownhosts v1.3.2/go.mod h1:bEg3iQAuw+jyiw+484wwFJoKSLwcfd7fqRy+N0QTiow=
 github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
 github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -291,14 +291,14 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/tinylib/msgp v1.6.3 h1:bCSxiTz386UTgyT1i0MSCvdbWjVW+8sG3PjkGsZQt4s=
-github.com/tinylib/msgp v1.6.3/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
+github.com/tinylib/msgp v1.6.4 h1:mOwYbyYDLPj35mkA2BjjYejgJk9BuHxDdvRnb6v2ZcQ=
+github.com/tinylib/msgp v1.6.4/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.69.0 h1:fNLLESD2SooWeh2cidsuFtOcrEi4uB4m1mPrkJMZyVI=
-github.com/valyala/fasthttp v1.69.0/go.mod h1:4wA4PfAraPlAsJ5jMSqCE2ug5tqUPwKXxVj8oNECGcw=
+github.com/valyala/fasthttp v1.71.0 h1:tepR7H+Guh9VUqxxcPggYi8R3lGUu2Rsdh+z7/FCY3k=
+github.com/valyala/fasthttp v1.71.0/go.mod h1:z1sDUvOShhXq/C9mwH/fSm1Vb71tUJwmQdgkBrBNwnA=
 github.com/vbauerster/mpb/v8 v8.12.0 h1:+gneY3ifzc88tKDzOtfG8k8gfngCx615S2ZmFM4liWg=
 github.com/vbauerster/mpb/v8 v8.12.0/go.mod h1:V02YIuMVo301Y1VE9VtZlD8s84OMsk+EKN6mwvf/588=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -333,13 +333,13 @@ gocloud.dev v0.45.0/go.mod h1:0kXKmkCLG6d31N7NyLZWzt7jDSQura9zD/mWgiB6THI=
 golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
 golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
-golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI=
+golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8=
+golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM=
+golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
-golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
+golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
+golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
 golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
 golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
@@ -351,14 +351,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
+golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
-golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
+golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
+golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
 golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
 golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/internal/config/remote.go b/internal/config/remote.go
index 3245d372..79cf5085 100644
--- a/internal/config/remote.go
+++ b/internal/config/remote.go
@@ -31,6 +31,7 @@ type GitContext struct {
 	BucketName         string
 	StoragePrefix      string
 	Upsert             bool
+	ForceUpload        bool
 	MultiPartThreshold int64
 	UploadConcurrency  int
 	Logger             *slog.Logger
diff --git a/internal/progressui/renderer.go b/internal/progressui/renderer.go
new file mode 100644
index 00000000..e7907dfa
--- /dev/null
+++ b/internal/progressui/renderer.go
@@ -0,0 +1,228 @@
+package progressui
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/mattn/go-isatty"
+)
+
+const NonTTYProgressInterval = 2 * time.Second
+
+var SpinnerFrames = []string{"|", "/", "-", `\`}
+
+type Renderer struct {
+	out           io.Writer
+	isTTY         bool
+	now           func() time.Time
+	lastRender    time.Time
+	mu            sync.Mutex
+	active        bool
+	renderedLines int
+	spinnerIndex  int
+}
+
+func NewRenderer(out io.Writer) *Renderer {
+	return &Renderer{
+		out:   out,
+		isTTY: IsWriterTTY(out),
+		now:   time.Now,
+	}
+}
+
+func IsWriterTTY(w io.Writer) bool {
+	type fdWriter interface{ Fd() uintptr }
+	f, ok := w.(fdWriter)
+	if !ok {
+		return false
+	}
+	fd := f.Fd()
+	return isatty.IsTerminal(fd) || isatty.IsCygwinTerminal(fd)
+}
+
+func (r *Renderer) SetClock(now func() time.Time) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.now = now
+}
+
+func (r *Renderer) SetTTY(isTTY bool) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.isTTY = isTTY
+}
+
+func (r *Renderer) Render(force bool, lines []string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if len(lines) == 0 {
+		return
+	}
+
+	now := r.now()
+	if !force && !r.isTTY && !r.lastRender.IsZero() && now.Sub(r.lastRender) < NonTTYProgressInterval {
+		return
+	}
+	r.lastRender = now
+	r.spinnerIndex = (r.spinnerIndex + 1) % len(SpinnerFrames)
+	r.active = true
+
+	if r.isTTY {
+		if r.renderedLines > 0 {
+			_, _ = fmt.Fprintf(r.out, "\x1b[%dA", r.renderedLines)
+		}
+		for _, line := range lines {
+			_, _ = fmt.Fprintf(r.out, "\r\x1b[2K%s\n", line)
+		}
+		r.renderedLines = len(lines)
+		return
+	}
+
+	for _, line := range lines {
+		_, _ = fmt.Fprintln(r.out, line)
+	}
+}
+
+func (r *Renderer) Finish(lines []string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if !r.active {
+		return
+	}
+	r.lastRender = r.now()
+	if len(lines) > 0 {
+		if r.isTTY {
+			if r.renderedLines > 0 {
+				_, _ = fmt.Fprintf(r.out, "\x1b[%dA", r.renderedLines)
+			}
+			for _, line := range lines {
+				_, _ = fmt.Fprintf(r.out, "\r\x1b[2K%s\n", line)
+			}
+			r.renderedLines = len(lines)
+		} else {
+			for _, line := range lines {
+				_, _ = fmt.Fprintln(r.out, line)
+			}
+		}
+	}
+	_, _ = fmt.Fprintln(r.out)
+	r.active = false
+	r.renderedLines = 0
+}
+
+func (r *Renderer) Spinner() string {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	return SpinnerFrames[r.spinnerIndex]
+}
+
+func TrimLabel(s string, max int) string {
+	if max <= 3 || len(s) <= max {
+		return s
+	}
+	return "..." + s[len(s)-(max-3):]
+}
+
+func RenderProgressBar(current, total int64, width int) string {
+	if width <= 0 {
+		return "[]"
+	}
+	if total <= 0 {
+		return "[" + Spaces(width) + "]"
+	}
+	if current < 0 {
+		current = 0
+	}
+	if current > total {
+		current = total
+	}
+	filled := int((current * int64(width)) / total)
+	if filled > width {
+		filled = width
+	}
+	return "[" + strings.Repeat("=", filled) + Spaces(width-filled) + "]"
+}
+
+func RenderPercent(current, total int64) string {
+	if total <= 0 {
+		return "  0.0%"
+	}
+	if current < 0 {
+		current = 0
+	}
+	if current > total {
+		current = total
+	}
+	value := (float64(current) * 100.0) / float64(total)
+	return fmt.Sprintf("%5.1f%%", value)
+}
+
+func RenderPercentCapped(current, total int64, completed bool) string {
+	if total <= 0 {
+		return "  0.0%"
+	}
+	if current < 0 {
+		current = 0
+	}
+	if current > total {
+		current = total
+	}
+	value := (float64(current) * 100.0) / float64(total)
+	if !completed && current < total && value > 99.9 {
+		value = 99.9
+	}
+	return fmt.Sprintf("%5.1f%%", value)
+}
+
+func FormatBinaryBytes(n int64) string {
+	if n <= 0 {
+		return "0 B"
+	}
+	const unit = 1024
+	if n < unit {
+		return fmt.Sprintf("%d B", n)
+	}
+	div, exp := int64(unit), 0
+	for value := n / unit; value >= unit && exp < 5; value /= unit {
+		div *= unit
+		exp++
+	}
+	suffix := []string{"KiB", "MiB", "GiB", "TiB", "PiB", "EiB"}[exp]
+	return fmt.Sprintf("%.1f %s", float64(n)/float64(div), suffix)
+}
+
+func VisibleProgressBytes(current, total int64, completed bool) int64 {
+	if current < 0 {
+		current = 0
+	}
+	if total <= 0 {
+		return current
+	}
+	if current > total {
+		current = total
+	}
+	if !completed && current >= total {
+		return total - 1
+	}
+	return current
+}
+
+func RenderByteProgress(current, total int64, completed bool) string {
+	formattedTotal := FormatBinaryBytes(total)
+	formattedCurrent := FormatBinaryBytes(current)
+	if !completed && total > 0 && current < total && formattedCurrent == formattedTotal {
+		formattedCurrent = "<" + formattedTotal
+	}
+	return fmt.Sprintf("%s/%s", formattedCurrent, formattedTotal)
+}
+
+func Spaces(count int) string {
+	if count <= 0 {
+		return ""
+	}
+	return strings.Repeat(" ", count)
+}
diff --git a/internal/pushsync/batch_sync.go b/internal/pushsync/batch_sync.go
index 8a783cf7..2af9dcb1 100644
--- a/internal/pushsync/batch_sync.go
+++ b/internal/pushsync/batch_sync.go
@@ -29,7 +29,7 @@ type batchSyncSession struct {
 	oids           []string
 	drsObjByOID    map[string]*drsapi.DrsObject
 	existingByHash map[string][]drsapi.DrsObject
-	registeredOids map[string]bool
+	uploadRequired map[string]bool
 }
 
 type uploadCandidate struct {
@@ -48,7 +48,7 @@ func BatchSyncForPush(cl *config.GitContext, ctx context.Context, files map[stri
 		reporter:       reporter,
 		drsObjByOID:    make(map[string]*drsapi.DrsObject),
 		existingByHash: make(map[string][]drsapi.DrsObject),
-		registeredOids: make(map[string]bool),
+		uploadRequired: make(map[string]bool),
 	}
 	if len(files) == 0 {
 		return nil
@@ -121,12 +121,30 @@ func (s *batchSyncSession) ensureMetadataRegistered() error {
 		recs := s.existingByHash[oid]
 		if len(recs) == 0 {
 			toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
-			s.registeredOids[oid] = true
+			s.uploadRequired[oid] = true
 			continue
 		}
 		if match, err := drsremote.FindMatchingRecord(recs, s.rt.Scope.Organization, s.rt.Scope.Project); err == nil && match != nil {
 			s.drsObjByOID[oid] = match
+			if s.rt.Tuning.ForceUpload {
+				s.uploadRequired[oid] = true
+			}
+			continue
+		}
+
+		reusable := s.findReusableRecord(recs)
+		if reusable != nil && !s.rt.Tuning.ForceUpload {
+			reuseObj, err := s.buildReusableScopedObject(oid, reusable)
+			if err != nil {
+				return err
+			}
+			s.drsObjByOID[oid] = reuseObj
+			toRegister = append(toRegister, localdrsobject.ConvertToCandidate(reuseObj))
+			continue
 		}
+
+		toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
+		s.uploadRequired[oid] = true
 	}
 
 	if len(toRegister) == 0 {
@@ -151,6 +169,28 @@ func (s *batchSyncSession) ensureMetadataRegistered() error {
 	return nil
 }
 
+func (s *batchSyncSession) findReusableRecord(records []drsapi.DrsObject) *drsapi.DrsObject {
+	for i := range records {
+		record := records[i]
+		if hasResolvableAccessMethod(&record) {
+			return &record
+		}
+	}
+	return nil
+}
+
+func (s *batchSyncSession) buildReusableScopedObject(oid string, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) {
+	file := s.filesByOID[oid]
+	obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, existing)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build scoped reusable object for oid %s: %w", oid, err)
+	}
+	if existing != nil && existing.AccessMethods != nil {
+		obj.AccessMethods = existing.AccessMethods
+	}
+	return obj, nil
+}
+
 func (s *batchSyncSession) getOrCreateDRSObjectCandidate(oid string) (*drsapi.DrsObject, error) {
 	file := s.filesByOID[oid]
 	if localObj, err := localdrsobject.ReadObject(localcommon.DRS_OBJS_PATH, oid); err == nil && localObj != nil {
@@ -314,21 +354,31 @@ func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error)
 }
 
 func (s *batchSyncSession) needsUpload(oid string) (bool, error) {
-	if s.registeredOids[oid] {
+	if s.rt.Tuning.ForceUpload {
+		return true, nil
+	}
+	if s.uploadRequired[oid] {
 		return true, nil
 	}
 	if len(s.existingByHash[oid]) == 0 {
 		return true, nil
 	}
-	obj := s.drsObjByOID[oid]
-	if obj == nil {
-		return false, nil
+	return false, nil
+}
+
+func hasResolvableAccessMethod(obj *drsapi.DrsObject) bool {
+	if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 {
+		return false
 	}
-	downloadable, err := isFileDownloadable(s.rt, s.ctx, obj)
-	if err != nil {
-		return false, fmt.Errorf("failed to check remote object availability for oid %s: %w", oid, err)
+	for _, am := range *obj.AccessMethods {
+		if strings.TrimSpace(string(am.Type)) == "" || am.AccessUrl == nil {
+			continue
+		}
+		if strings.TrimSpace(am.AccessUrl.Url) != "" {
+			return true
+		}
 	}
-	return !downloadable, nil
+	return false
 }
 
 func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error {
@@ -353,6 +403,7 @@ func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error
 		for _, c := range small {
 			c := c
 			eg.Go(func() error {
+				s.reportUploadStarted(c)
 				uploadCtx := s.progressContextForCandidate(egCtx, c)
 				if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil {
 					return err
@@ -367,6 +418,7 @@ func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error
 	}
 
 	for _, c := range large {
+		s.reportUploadStarted(c)
 		uploadCtx := s.progressContextForCandidate(s.ctx, c)
 		if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil {
 			return err
@@ -415,6 +467,20 @@ func (s *batchSyncSession) progressContextForCandidate(ctx context.Context, c up
 	})
 }
 
+func (s *batchSyncSession) reportUploadStarted(c uploadCandidate) {
+	if s.reporter == nil {
+		return
+	}
+	s.reporter.OnUploadProgress(UploadProgressEvent{
+		OID:            c.oid,
+		Path:           c.file.Name,
+		BytesSoFar:     0,
+		BytesSinceLast: 0,
+		TotalBytes:     c.size,
+		Phase:          UploadProgressUploading,
+	})
+}
+
 func (s *batchSyncSession) reportUploadCompleted(c uploadCandidate) {
 	if s.reporter == nil {
 		return
diff --git a/internal/pushsync/batch_sync_test.go b/internal/pushsync/batch_sync_test.go
index 96fbdb21..682c4d5a 100644
--- a/internal/pushsync/batch_sync_test.go
+++ b/internal/pushsync/batch_sync_test.go
@@ -2,7 +2,9 @@ package pushsync
 
 import (
 	"context"
+	"encoding/json"
 	"io"
+	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
@@ -14,6 +16,7 @@ import (
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/lfs"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	syclient "github.com/calypr/syfon/client"
 	sycommon "github.com/calypr/syfon/client/common"
 	"github.com/calypr/syfon/client/transfer"
 )
@@ -23,6 +26,10 @@ type recordingReporter struct {
 	events []UploadProgressEvent
 }
 
+type roundTripFunc func(*http.Request) (*http.Response, error)
+
+func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
+
 func (r *recordingReporter) OnUploadPlan(plan UploadPlanSummary) {
 	r.plan = plan
 }
@@ -164,6 +171,161 @@ func TestExecuteUploadPlanReportsProgress(t *testing.T) {
 	}
 }
 
+func TestEnsureMetadataRegisteredReusesExistingDownloadableRecordWithoutUpload(t *testing.T) {
+	tmp := t.TempDir()
+	oid := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+	filePath := filepath.Join(tmp, "sample.bin")
+	if err := os.WriteFile(filePath, []byte("hello world"), 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	reusableURL := "s3://existing-bucket/cas/" + oid
+	var registerReq drsapi.RegisterObjectsJSONRequestBody
+	httpClient := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/existing-id/access/s3":
+			fallthrough
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/scoped-id/access/s3":
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(strings.NewReader(`{"url":"https://signed.example/existing-id"}`)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		case r.Method == http.MethodPost && r.URL.Path == "/ga4gh/drs/v1/objects/register":
+			body, err := io.ReadAll(r.Body)
+			if err != nil {
+				t.Fatalf("read register request body: %v", err)
+			}
+			if err := json.Unmarshal(body, &registerReq); err != nil {
+				t.Fatalf("unmarshal register request: %v", err)
+			}
+			if len(registerReq.Candidates) != 1 {
+				t.Fatalf("expected one registration candidate, got %+v", registerReq)
+			}
+			candidate := registerReq.Candidates[0]
+			respBody, err := json.Marshal(drsapi.N201ObjectsCreated{
+				Objects: []drsapi.DrsObject{{
+					Id:               "scoped-id",
+					Name:             candidate.Name,
+					Size:             candidate.Size,
+					Checksums:        candidate.Checksums,
+					ControlledAccess: candidate.ControlledAccess,
+					AccessMethods:    candidate.AccessMethods,
+				}},
+			})
+			if err != nil {
+				t.Fatalf("marshal register response: %v", err)
+			}
+			return &http.Response{
+				StatusCode: http.StatusCreated,
+				Body:       io.NopCloser(strings.NewReader(string(respBody))),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		default:
+			return nil, io.EOF
+		}
+	})}
+
+	raw, err := syclient.New("http://example.test", syclient.WithHTTPClient(httpClient))
+	if err != nil {
+		t.Fatalf("syclient.New: %v", err)
+	}
+	client := raw.(*syclient.Client)
+
+	rt := newPushRuntime(&config.GitContext{
+		Client:       client,
+		Organization: "syfon",
+		ProjectId:    "e2e",
+		BucketName:   "syfon-e2e-bucket",
+		Logger:       drslog.NewNoOpLogger(),
+	})
+	setTestPushScope(rt)
+	rt.ProbeURL = func(context.Context, string) error { return nil }
+
+	existing := drsapi.DrsObject{
+		Id:   "existing-id",
+		Name: ptrString("sample.bin"),
+		Size: 11,
+		Checksums: []drsapi.Checksum{{
+			Type:     "sha256",
+			Checksum: oid,
+		}},
+		ControlledAccess: &[]string{"/organization/other/project/other"},
+		AccessMethods: &[]drsapi.AccessMethod{{
+			Type: drsapi.AccessMethodTypeS3,
+			AccessUrl: &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: reusableURL},
+		}},
+	}
+
+	session := &batchSyncSession{
+		ctx: context.Background(),
+		rt:  rt,
+		filesByOID: map[string]lfs.LfsFileInfo{
+			oid: {Oid: oid, Name: filePath, Size: 11},
+		},
+		oids:           []string{oid},
+		drsObjByOID:    map[string]*drsapi.DrsObject{},
+		existingByHash: map[string][]drsapi.DrsObject{oid: {existing}},
+		uploadRequired: map[string]bool{},
+	}
+
+	if err := session.ensureMetadataRegistered(); err != nil {
+		t.Fatalf("ensureMetadataRegistered returned error: %v", err)
+	}
+	if session.uploadRequired[oid] {
+		t.Fatalf("expected metadata-only scoped registration, but upload was marked required")
+	}
+	if len(registerReq.Candidates) != 1 {
+		t.Fatalf("expected a scoped registration request, got %+v", registerReq)
+	}
+	if registerReq.Candidates[0].AccessMethods == nil || len(*registerReq.Candidates[0].AccessMethods) != 1 {
+		t.Fatalf("expected preserved access methods in scoped registration: %+v", registerReq.Candidates[0])
+	}
+	if got := (*registerReq.Candidates[0].AccessMethods)[0].AccessUrl.Url; got != reusableURL {
+		t.Fatalf("scoped registration access url = %q, want reused %q", got, reusableURL)
+	}
+	if session.drsObjByOID[oid] == nil {
+		t.Fatalf("expected resolved scoped object after registration")
+	}
+	needsUpload, err := session.needsUpload(oid)
+	if err != nil {
+		t.Fatalf("needsUpload returned error: %v", err)
+	}
+	if needsUpload {
+		t.Fatalf("expected reusable downloadable record to skip upload")
+	}
+}
+
+func TestNeedsUploadHonorsForceUpload(t *testing.T) {
+	oid := "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
+	session := &batchSyncSession{
+		ctx: context.Background(),
+		rt: &pushRuntime{
+			Tuning: pushTuning{ForceUpload: true},
+		},
+		drsObjByOID: map[string]*drsapi.DrsObject{
+			oid: {},
+		},
+		existingByHash: map[string][]drsapi.DrsObject{
+			oid: {{}},
+		},
+		uploadRequired: map[string]bool{},
+	}
+
+	needsUpload, err := session.needsUpload(oid)
+	if err != nil {
+		t.Fatalf("needsUpload returned error: %v", err)
+	}
+	if !needsUpload {
+		t.Fatalf("expected force upload to require upload even with existing records")
+	}
+}
+
 func TestExecuteUploadPlanHonorsUploadConcurrency(t *testing.T) {
 	tmp := t.TempDir()
 	rt := newPushRuntime(nil)
@@ -329,7 +491,7 @@ func TestUploadFileForObjectUsesScopedKeyForMalformedRegisteredAccessURL(t *test
 		t.Fatalf("upload guid = %q, want DID %q", backend.lastResolve.guid, obj.Id)
 	}
 	if backend.lastResolve.bucket != "" {
-		t.Fatalf("upload bucket hint = %q, want empty scoped upload hint", backend.lastResolve.bucket)
+		t.Fatalf("upload bucket hint = %q, want empty bucket hint for scoped URL resolution", backend.lastResolve.bucket)
 	}
 	if got := backend.lastResolve.metadata.Authorizations["syfon"]; len(got) != 1 || got[0] != "e2e" {
 		t.Fatalf("upload scope metadata = %+v, want syfon/e2e", backend.lastResolve.metadata.Authorizations)
diff --git a/internal/pushsync/register.go b/internal/pushsync/register.go
index 60c75d9c..630b1bd7 100644
--- a/internal/pushsync/register.go
+++ b/internal/pushsync/register.go
@@ -30,6 +30,15 @@ var uploadBackendForRuntime = func(rt *pushRuntime) transfer.MultipartBackend {
 	return rt.API.Client.Data()
 }
 
+type scopedUploadURLBackend struct {
+	transfer.MultipartBackend
+	rt *pushRuntime
+}
+
+func (b *scopedUploadURLBackend) ResolveUploadURL(ctx context.Context, guid string, filename string, metadata sycommon.FileMetadata, bucket string) (string, error) {
+	return resolveScopedUploadURL(b.rt, ctx, b.MultipartBackend, guid, filename)
+}
+
 type pushScope struct {
 	Organization string
 	Project      string
@@ -39,6 +48,7 @@ type pushScope struct {
 
 type pushTuning struct {
 	Upsert             bool
+	ForceUpload        bool
 	MultiPartThreshold int64
 	UploadConcurrency  int
 }
@@ -68,6 +78,7 @@ func newPushRuntime(cl *config.GitContext) *pushRuntime {
 		},
 		Tuning: pushTuning{
 			Upsert:             cl.Upsert,
+			ForceUpload:        cl.ForceUpload,
 			MultiPartThreshold: cl.MultiPartThreshold,
 			UploadConcurrency:  cl.UploadConcurrency,
 		},
@@ -207,31 +218,18 @@ func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi
 	if backend == nil {
 		return fmt.Errorf("upload backend is required")
 	}
+	if strings.TrimSpace(rt.Scope.Organization) != "" && strings.TrimSpace(rt.Scope.Project) != "" {
+		backend = &scopedUploadURLBackend{MultipartBackend: backend, rt: rt}
+	}
 	if forceMultipart {
-		if err := syupload.UploadObjectFile(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, true); err != nil {
+		if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, true); err != nil {
 			return fmt.Errorf("upload error: %w", err)
 		}
 		return nil
 	}
-
-	signedURL, err := resolveScopedUploadURL(rt, ctx, backend, drsObject.Id, objectKey)
-	if err != nil {
-		return fmt.Errorf("upload error: failed to get upload URL: %w", err)
-	}
-
-	file, err := os.Open(filePath)
-	if err != nil {
-		return fmt.Errorf("upload error: open source: %w", err)
-	}
-	defer file.Close()
-	if err := backend.Upload(ctx, signedURL, file, fileSize); err != nil {
+	if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, false); err != nil {
 		return fmt.Errorf("upload error: %w", err)
 	}
-	if cb := sycommon.GetProgress(ctx); cb != nil {
-		if err := cb(sycommon.ProgressEvent{Event: "progress", Oid: sycommon.GetOid(ctx), BytesSoFar: fileSize, BytesSinceLast: fileSize}); err != nil {
-			return fmt.Errorf("upload progress callback failed: %w", err)
-		}
-	}
 	return nil
 }
 
@@ -271,6 +269,19 @@ func resolveScopedUploadURL(rt *pushRuntime, ctx context.Context, backend transf
 	return resolver.ResolveUploadURL(ctx, did, objectKey, metadata, "")
 }
 
+func scopedUploadMetadata(rt *pushRuntime) sycommon.FileMetadata {
+	organization := strings.TrimSpace(rt.Scope.Organization)
+	project := strings.TrimSpace(rt.Scope.Project)
+	if organization == "" || project == "" {
+		return sycommon.FileMetadata{}
+	}
+	return sycommon.FileMetadata{
+		Authorizations: map[string][]string{
+			organization: {project},
+		},
+	}
+}
+
 func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error {
 	httpClient := http.DefaultClient
 	if cl != nil && cl.Client != nil && cl.Client.HTTPClient() != nil {
diff --git a/internal/pushsync/register_test.go b/internal/pushsync/register_test.go
index 5eed7c2e..ad904b2f 100644
--- a/internal/pushsync/register_test.go
+++ b/internal/pushsync/register_test.go
@@ -1,13 +1,61 @@
 package pushsync
 
 import (
+	"context"
+	"io"
+	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	localcommon "github.com/calypr/git-drs/internal/common"
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	syclient "github.com/calypr/syfon/client"
+	sycommon "github.com/calypr/syfon/client/common"
+	"github.com/calypr/syfon/client/transfer"
 )
 
+type chunkedUploadBackend struct {
+	uploaded int64
+}
+
+func (b *chunkedUploadBackend) Name() string { return "chunked-upload-backend" }
+
+func (b *chunkedUploadBackend) Logger() transfer.TransferLogger { return transfer.NoOpLogger{} }
+
+func (b *chunkedUploadBackend) Upload(_ context.Context, _ string, body io.Reader, _ int64) error {
+	buf := make([]byte, 64*1024)
+	for {
+		n, err := body.Read(buf)
+		b.uploaded += int64(n)
+		if err == io.EOF {
+			return nil
+		}
+		if err != nil {
+			return err
+		}
+	}
+}
+
+func (b *chunkedUploadBackend) ResolveUploadURL(context.Context, string, string, sycommon.FileMetadata, string) (string, error) {
+	return "https://upload.example/object", nil
+}
+
+func (b *chunkedUploadBackend) MultipartInit(context.Context, string) (string, error) {
+	return "upload-id", nil
+}
+
+func (b *chunkedUploadBackend) MultipartPart(context.Context, string, string, int, io.Reader) (string, error) {
+	return "etag", nil
+}
+
+func (b *chunkedUploadBackend) MultipartComplete(context.Context, string, string, []transfer.MultipartPart) error {
+	return nil
+}
+
 func TestResolveUploadSourcePath_NoSentinelObjectForPointer(t *testing.T) {
 	repo := t.TempDir()
 	oldWD, err := os.Getwd()
@@ -38,3 +86,152 @@ func TestResolveUploadSourcePath_NoSentinelObjectForPointer(t *testing.T) {
 		t.Fatalf("expected pointer without local payload to skip upload source, got src=%q ok=%v", src, ok)
 	}
 }
+
+func TestUploadFileForObjectSinglePartStreamsProgress(t *testing.T) {
+	tmp := t.TempDir()
+	filePath := filepath.Join(tmp, "large.bin")
+	payload := make([]byte, sycommon.OnProgressThreshold+257)
+	for i := range payload {
+		payload[i] = 'a'
+	}
+	if err := os.WriteFile(filePath, payload, 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	rt := &pushRuntime{
+		Logger: drslog.NewNoOpLogger(),
+		Scope: pushScope{
+			Organization: "syfon",
+			Project:      "e2e",
+			Bucket:       "syfon-e2e-bucket",
+		},
+		Tuning: pushTuning{MultiPartThreshold: int64(len(payload) + 1024)},
+	}
+
+	obj := &drsapi.DrsObject{
+		Id:   "object-did",
+		Size: int64(len(payload)),
+		Checksums: []drsapi.Checksum{{
+			Type:     "sha256",
+			Checksum: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+		}},
+	}
+
+	backend := &chunkedUploadBackend{}
+	oldBackend := uploadBackendForRuntime
+	uploadBackendForRuntime = func(*pushRuntime) transfer.MultipartBackend { return backend }
+	t.Cleanup(func() { uploadBackendForRuntime = oldBackend })
+
+	var events []sycommon.ProgressEvent
+	progressEventsSeenDuringUpload := 0
+	ctx := sycommon.WithOid(context.Background(), obj.Checksums[0].Checksum)
+	ctx = sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error {
+		events = append(events, ev)
+		return nil
+	})
+
+	if err := uploadFileForObject(rt, ctx, obj, filePath, false); err != nil {
+		t.Fatalf("uploadFileForObject returned error: %v", err)
+	}
+	if len(events) < 2 {
+		t.Fatalf("expected streamed progress events, got %+v", events)
+	}
+
+	for _, ev := range events {
+		if ev.Event == "progress" {
+			progressEventsSeenDuringUpload++
+		}
+	}
+	if progressEventsSeenDuringUpload < 2 {
+		t.Fatalf("expected threshold and finalize progress events, got %+v", events)
+	}
+	last := events[len(events)-1]
+	if last.BytesSoFar != int64(len(payload)) {
+		t.Fatalf("final progress bytes = %d, want %d", last.BytesSoFar, len(payload))
+	}
+	if backend.uploaded != int64(len(payload)) {
+		t.Fatalf("uploaded size = %d, want %d", backend.uploaded, len(payload))
+	}
+}
+
+func TestUploadFileForObjectSinglePartUsesScopedUploadURLResolution(t *testing.T) {
+	tmp := t.TempDir()
+	filePath := filepath.Join(tmp, "project-subpath.bin")
+	if err := os.WriteFile(filePath, []byte("project subpath payload"), 0o644); err != nil {
+		t.Fatalf("write temp file: %v", err)
+	}
+
+	oid := "412f8568bfb0e62937ee40c6fcdeaa1cf55910c558c0152250340356c8829a47"
+	var uploadQuery map[string]string
+
+	httpClient := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/data/upload/f781273b-52eb-5ac2-a484-775235eef303":
+			uploadQuery = map[string]string{
+				"organization": r.URL.Query().Get("organization"),
+				"project":      r.URL.Query().Get("project"),
+				"file_name":    r.URL.Query().Get("file_name"),
+			}
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(strings.NewReader(`{"url":"https://upload.example/scoped"}`)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		default:
+			return nil, io.EOF
+		}
+	})}
+
+	raw, err := syclient.New("http://example.test", syclient.WithHTTPClient(httpClient))
+	if err != nil {
+		t.Fatalf("syclient.New: %v", err)
+	}
+	client := raw.(*syclient.Client)
+
+	rt := &pushRuntime{
+		API: &config.GitContext{
+			Client:       client,
+			Organization: "syfon",
+			ProjectId:    "e2e",
+			BucketName:   "syfon-e2e-bucket",
+			Logger:       drslog.NewNoOpLogger(),
+		},
+		Logger: drslog.NewNoOpLogger(),
+		Scope: pushScope{
+			Organization: "syfon",
+			Project:      "e2e",
+			Bucket:       "syfon-e2e-bucket",
+			StoragePref:  "program-root/project-subpath",
+		},
+		Tuning: pushTuning{MultiPartThreshold: 1024},
+	}
+
+	obj := &drsapi.DrsObject{
+		Id:   "f781273b-52eb-5ac2-a484-775235eef303",
+		Size: 23,
+		Checksums: []drsapi.Checksum{{
+			Type:     "sha256",
+			Checksum: oid,
+		}},
+	}
+
+	backend := &pushUploadBackendStub{}
+	oldBackend := uploadBackendForRuntime
+	uploadBackendForRuntime = func(*pushRuntime) transfer.MultipartBackend { return backend }
+	t.Cleanup(func() { uploadBackendForRuntime = oldBackend })
+
+	if err := uploadFileForObject(rt, context.Background(), obj, filePath, false); err != nil {
+		t.Fatalf("uploadFileForObject returned error: %v", err)
+	}
+	if uploadQuery["organization"] != "syfon" || uploadQuery["project"] != "e2e" {
+		t.Fatalf("scoped upload query = %+v, want syfon/e2e", uploadQuery)
+	}
+	wantKey := "program-root/project-subpath/" + oid
+	if uploadQuery["file_name"] != wantKey {
+		t.Fatalf("scoped upload file_name = %q, want %q", uploadQuery["file_name"], wantKey)
+	}
+	if backend.lastUpload.url != "https://upload.example/scoped" {
+		t.Fatalf("upload URL = %q, want scoped upload URL", backend.lastUpload.url)
+	}
+}
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go
index 942cc263..63a87da9 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go
@@ -41,6 +41,7 @@ const (
 
 var gitDrsBinDir string
 var gitDrsTestHomeDir string
+var syfonBinPath string
 
 type minioContainer struct {
 	containerID string
@@ -86,6 +87,11 @@ func TestMain(m *testing.M) {
 		os.Stderr.WriteString(fmt.Sprintf("could not find git-drs root: %v\n", err))
 		os.Exit(2)
 	}
+	syfonRoot, err := resolveSyfonRoot()
+	if err != nil {
+		os.Stderr.WriteString(fmt.Sprintf("could not find syfon root: %v\n", err))
+		os.Exit(2)
+	}
 
 	gitDrsBinDir, err = os.MkdirTemp("", "git-drs-docker-e2e-bin-")
 	if err != nil {
@@ -115,6 +121,21 @@ func TestMain(m *testing.M) {
 		os.Exit(2)
 	}
 
+	if envBin := strings.TrimSpace(os.Getenv("TEST_SYFON_BIN")); envBin != "" {
+		syfonBinPath = envBin
+	} else {
+		syfonBinPath = filepath.Join(gitDrsBinDir, "syfon-docker-e2e")
+		buildSyfon := exec.Command("go", "build", "-o", syfonBinPath, ".")
+		buildSyfon.Dir = syfonRoot
+		os.Stderr.WriteString(fmt.Sprintf("building syfon integration binary into %s from %s\n", syfonBinPath, syfonRoot))
+		if out, err := buildSyfon.CombinedOutput(); err != nil {
+			os.Stderr.Write(out)
+			os.Stderr.WriteString(fmt.Sprintf("syfon build error: %v\n", err))
+			_ = os.RemoveAll(gitDrsBinDir)
+			os.Exit(2)
+		}
+	}
+
 	code := m.Run()
 	_ = os.RemoveAll(gitDrsBinDir)
 	_ = os.RemoveAll(gitDrsTestHomeDir)
@@ -139,3 +160,20 @@ func findGitDrsRoot() (string, error) {
 		dir = parent
 	}
 }
+
+func resolveSyfonRoot() (string, error) {
+	if root := strings.TrimSpace(os.Getenv("TEST_SYFON_ROOT")); root != "" {
+		return root, nil
+	}
+
+	root, err := findGitDrsRoot()
+	if err != nil {
+		return "", err
+	}
+	candidate := filepath.Join(filepath.Dir(root), "syfon")
+	info, statErr := os.Stat(candidate)
+	if statErr == nil && info.IsDir() {
+		return candidate, nil
+	}
+	return "", fmt.Errorf("could not find syfon checkout at %s", candidate)
+}
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go
index 38cb9fcd..feeb9cbf 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go
@@ -188,14 +188,11 @@ s3_credentials:
 func buildSyfonBinary(t *testing.T, rootDir string) string {
 	t.Helper()
 
-	binaryPath := filepath.Join(t.TempDir(), "syfon-docker-e2e")
-	t.Logf("building syfon binary from %s into %s", rootDir, binaryPath)
-	cmd := exec.Command("go", "build", "-o", binaryPath, ".")
-	cmd.Dir = rootDir
-	if out, err := cmd.CombinedOutput(); err != nil {
-		t.Fatalf("build syfon binary: %v\n%s", err, string(out))
+	if strings.TrimSpace(syfonBinPath) == "" {
+		t.Fatalf("shared syfon binary path is not initialized")
 	}
-	return binaryPath
+	t.Logf("using prebuilt syfon binary %s from %s", syfonBinPath, rootDir)
+	return syfonBinPath
 }
 
 func reserveTCPPort(t *testing.T) int {
@@ -212,26 +209,11 @@ func reserveTCPPort(t *testing.T) int {
 func findSyfonRoot(t *testing.T) string {
 	t.Helper()
 
-	if root := strings.TrimSpace(os.Getenv("TEST_SYFON_ROOT")); root != "" {
-		return root
-	}
-
-	dir, err := os.Getwd()
+	root, err := resolveSyfonRoot()
 	if err != nil {
-		t.Fatalf("get working directory: %v", err)
-	}
-
-	for {
-		candidate := filepath.Join(dir, "..", "syfon")
-		if info, statErr := os.Stat(candidate); statErr == nil && info.IsDir() {
-			return candidate
-		}
-		parent := filepath.Dir(dir)
-		if parent == dir {
-			t.Fatalf("could not find syfon checkout from %s", dir)
-		}
-		dir = parent
+		t.Fatalf("resolve syfon root: %v", err)
 	}
+	return root
 }
 
 func logServerProcessOutput(t *testing.T, serverURL string, stdoutBuf, stderrBuf *bytes.Buffer) {