v0.9.5

Patch Changes

• #172 7108123 Thanks @LiranCohen! - Fix daemon crash when cloning nonexistent repos (process.exit in server context) and resolve credential helper by absolute path so push auth works without PATH setup.

v0.9.4

Patch Changes

• #170 3136765 Thanks @LiranCohen! - Fix daemon crash when cloning nonexistent repos (process.exit in server context) and resolve credential helper by absolute path so push auth works without PATH setup.

v0.9.3

Patch Changes

• #167 3ae9b29 Thanks @LiranCohen! - Wire credential helper automatically in git-remote-did so push auth works without running gitd setup. Fail loudly with actionable hints when authentication cannot proceed.

• #169 347f53f Thanks @LiranCohen! - Show actionable error hints when git clone/push fails via a DID remote, instead of leaving the user with git's opaque error message.

v0.9.2

Patch Changes

• #165 3adf6ad Thanks @LiranCohen! - Fix push authentication deadlock when daemon is running

  The credential helper (git-remote-did-credential) was opening the agent's
  LevelDB stores directly, which deadlocked when the daemon (gitd serve)
  already held the exclusive lock. The helper now calls the daemon's new
  POST /auth/token endpoint to request credentials without touching LevelDB.

  Falls back to direct agent connection when no daemon is running.

v0.9.1

Patch Changes

• #163 6c63764 Thanks @LiranCohen! - Fix TTY password prompt echo and eliminate double prompt during git push

  The /dev/tty password prompt introduced in PR #153 was not disabling
  terminal echo, so the vault password was visible as the user typed.
  Now runs stty -echo before reading and stty echo after, matching
  the behavior of ssh, gpg, and sudo.

  Also fixes the double-prompt issue: git-remote-did was unconditionally
  prompting for the vault password before resolving the DID, even when the
  daemon was already running and the password wasn't needed. The prompt is
  now deferred to resolveLocalDaemon and only triggered when a daemon
  actually needs to be spawned. In the common case (daemon already running),
  only the credential helper prompts — once.

  Additionally switches from byte-at-a-time reads to cooked-mode line reads
  on /dev/tty, which is more reliable across shells and lets the terminal
  driver handle backspace and line editing natively.

v0.9.0

Minor Changes

• #159 4def353 Thanks @LiranCohen! - Add --private flag to gitd init

  Repos are public by default. Pass --private to create a private repo
  whose bundles are encrypted during sync. The visibility is stored in the
  DWN repo record's visibility tag and is already handled downstream by
  bundle-sync.ts and migrate.ts.

• #158 13c9954 Thanks @LiranCohen! - Add GET /repos/:did/:repo/pulls/:number/files endpoint to GitHub shim

  Returns the list of changed files for a pull request. Since DWN revision
  records store only aggregate diff stats (additions, deletions, files
  changed), the response includes a summary entry with the totals. This
  unblocks tools like gh pr diff --name-only that require this endpoint.

• #160 2214566 Thanks @LiranCohen! - Protocol audit fixes

  1. refs.ts: target tag is now required on ref records (a ref without
     a commit SHA is meaningless).

  2. patches.ts: statusChange records now require from/to tags
     (matching the issues protocol) so transitions can be queried — e.g.
     "all transitions that closed a PR". All callers (shim merge, CLI merge,
     close, reopen) updated.

  3. patches.ts: Renamed tipCommit → headCommit in the
     revisionBundle schema and its callers for consistency with the
     revision record which already uses headCommit.

  4. releases.ts: target_commitish now reads the commitSha tag from
     the release record instead of always returning 'main'.

  5. credential-cache.ts: writeCache now creates the parent directory
     (mkdirSync with { recursive: true }) before writing, preventing
     ENOENT when ~/.enbox doesn't exist yet.

Patch Changes

• #155 5055816 Thanks @LiranCohen! - Fix daemon lifecycle UX: bun spawn crash, auto-backgrounding, port conflicts

  • Fix bun spawn crash: Replace createWriteStream with openSync fd in
    spawnDaemon(). Bun does not support stream.Writable as stdio — only raw
    file descriptors, 'pipe', 'ignore', and 'inherit'.

  • Auto-background gitd serve: Running gitd serve now forks a background
    daemon and exits immediately (Ollama pattern). Use gitd serve --foreground
    to block the terminal for debugging. Status is available via gitd serve status.

  • EADDRINUSE handling: When the server port is already in use, show a clear
    error message with hints (gitd serve status, gitd serve stop, --port)
    instead of a raw stack trace.

  • Fast-fail on spawn errors: spawnDaemon now detects child process errors
    (e.g. ENOENT when gitd binary is missing) immediately instead of polling for
    15 seconds before timing out.

• #156 34e42fa Thanks @LiranCohen! - Fix findGitdBin() dev path heuristic

  The function used lockfilePath() (~/.enbox/daemon.lock) to derive the
  source tree location, resolving to ~/src/cli/main.ts — completely wrong.

  Now uses import.meta.url to resolve relative to the module file itself,
  correctly finding src/cli/main.ts in the project tree.

• #157 298e7ca Thanks @LiranCohen! - Fix GitHub shim author fields to use record author instead of repo owner

  All user fields in the GitHub shim (issues, comments, PRs, reviews) now
  reflect the actual DWN record author (record.author) instead of always
  showing the repository owner. The merged_by field on pull requests now
  reads the mergedBy DID from the merge result data payload instead of
  hardcoding the owner. The author_association field is dynamically set
  to 'OWNER' or 'CONTRIBUTOR' based on whether the author matches the
  repository owner.

• #162 0cc5f63 Thanks @LiranCohen! - Add per-repo mutex to serialize post-push sync operations

  Concurrent pushes to the same repository could race on DWN record
  updates (ref-sync, bundle-sync) or bundle restores, causing data
  corruption. A lightweight promise-chain mutex keyed by did/repoName
  now serializes these operations per repository while allowing different
  repos to proceed concurrently.

• #161 c1b863a Thanks @LiranCohen! - Harden SSRF protection against DNS rebinding attacks

  assertNotPrivateUrl now resolves hostnames via DNS (A + AAAA) and
  checks the resulting IP addresses against private ranges. Previously,
  only the hostname string was checked, allowing DNS names that resolve to
  127.0.0.1 to bypass the filter.

  Also blocks IPv6-mapped IPv4 addresses (::ffff:127.0.0.1) and the
  unspecified address (::).

• #153 ee6b661 Thanks @LiranCohen! - Prompt for vault password on /dev/tty in git helpers when GITD_PASSWORD is not set

  Both git-remote-did and git-remote-did-credential now open /dev/tty directly
  to prompt for the vault password when GITD_PASSWORD is not set in the environment.
  This is the same technique used by ssh, gpg, and sudo to prompt the user when
  stdin/stdout are claimed by a parent process (in this case, git).

  Previously, git push would silently fail if GITD_PASSWORD was not pre-set because
  the credential helper had no way to obtain the password and the remote helper could not
  auto-start the daemon. Now the user sees a "Vault password:" prompt and everything
  just works.

v0.8.0

Minor Changes

• #150 b9d500b Thanks @LiranCohen! - Auto-start the background daemon during gitd init and other CLI commands so git push works immediately without manually running gitd serve

v0.7.0

Minor Changes

• #106 ac391b6 Thanks @LiranCohen! - Add daemon lockfile (~/.enbox/daemon.lock) so gitd serve advertises its PID and port, and git-remote-did resolves did:: remotes to the local daemon before attempting DID document resolution. This removes the DID-resolution round-trip for local development.

• #110 978ff95 Thanks @LiranCohen! - Add auto-managed daemon lifecycle: git-remote-did now auto-starts gitd serve in the background when no daemon is running, with idle auto-shutdown after 1 hour. New lifecycle commands: gitd serve status|stop|restart|logs. The lockfile now includes the gitd version for upgrade detection.

• #109 4724167 Thanks @LiranCohen! - Add preflight git dependency check: all CLI commands (except --version and help) now verify that git >= 2.28.0 is installed, with clear error messages when it is missing or outdated. Version and help commands print a warning instead of blocking.

• #103 e6947c9 Thanks @LiranCohen! - Add gitd pr checkout <number> (alias co) to fetch a PR's bundle from DWN, import git objects, and create a local branch at the tip commit. Supports --branch to override the local branch name and --detach for a detached HEAD.

• #102 de5dcf8 Thanks @LiranCohen! - Wire gitd pr create to automatically generate a revision record and attach a scoped git bundle when run from a git repo with commits ahead of the base branch. The command now computes merge-base, diff stats, commit count, and creates a repo/patch/revision + repo/patch/revision/revisionBundle in one shot. Use --no-bundle to skip git operations and create a metadata-only PR.

• #104 98e04d5 Thanks @LiranCohen! - Replace metadata-only gitd pr merge with actual git merge. The command now checks out the base branch, performs the merge with --merge (default), --squash, or --rebase strategy, records the real merge commit SHA in a mergeResult record, creates a statusChange audit trail record, and deletes the local PR branch (use --no-delete-branch to keep it).

• #98 18f310a Thanks @LiranCohen! - Rename gitd patch CLI command to gitd pr for a familiar GitHub-like UX. The patch subcommand is kept as an alias. All user-facing output now says "PR" instead of "patch". Internal protocol names (repo/patch, ForgePatchesProtocol) are unchanged.

• #100 f01dab2 Thanks @LiranCohen! - Add repo/patch/revision/bundle path to ForgePatchesProtocol for carrying git bundle binaries with PR revisions. Each revision can have at most one bundle ($recordLimit: { max: 1 }), immutable, with tipCommit/baseCommit/refCount/size tags. This enables cross-DWN PR submissions where contributors attach scoped git bundles to their patch revisions.

• #105 5865642 Thanks @LiranCohen! - Populate GitHub shim PR response fields from DWN revision and mergeResult records. head.sha, base.sha, commits, additions, deletions, changed_files now come from the latest revision record; merge_commit_sha comes from the mergeResult record. The user field uses sourceDid when available. Also add statusChange audit trail records to pr close, pr reopen, and the shim merge endpoint, and fix the migrate command's CHANGES_REQUESTED → reject verdict mapping.

• #136 d10a031 Thanks @LiranCohen! - Replace sequential PR/issue numbers with short hash IDs derived from DWN record IDs (first 7 hex chars of SHA-256). Remove number from protocol tags and data types. CLI and web UI now use short hash IDs for display and lookup.

• #101 7e3bbe4 Thanks @LiranCohen! - Open ForgePatchesProtocol to external contributors: anyone can now create patches, reviews, and review comments without needing a contributor role. All child paths (revision, revisionBundle, review, reviewComment, statusChange, mergeResult) are publicly readable. This enables open-source-style PR submissions from any DID.

Patch Changes

• #135 baa4f0e Thanks @LiranCohen! - Fix audit findings: rebase merge logic, comment body parsing, issues protocol permissions, draft PR mapping, repo name validation, and enbox.repo git config

• #112 6c46f8b Thanks @LiranCohen! - Add two-actor E2E collaboration test exercising the full maintainer + contributor workflow: repo creation, clone, feature branch, git bundle PR submission, review, merge, pull, and push authorization. Uses offline agent creation (DidDht with publish: false) to avoid DHT network dependency.

• #141 d07aaf9 Thanks @LiranCohen! - Support --flag=value syntax in CLI argument parsing so flags like --port=8080 work in addition to --port 8080

• #137 0a35619 Thanks @LiranCohen! - Fix potential deadlocks and unbounded memory growth in git subprocess management: drain unused stderr/stdout pipes across all spawn helpers, and handle stdin backpressure in spawnGitService

• #140 53966f0 Thanks @LiranCohen! - Make issue and PR migration idempotent: store GitHub source number in the data payload and skip already-imported items on re-run

• #138 ab5f671 Thanks @LiranCohen! - Guard onPushComplete behind git subprocess exit code so rejected pushes (non-fast-forward, hook failures) no longer trigger ref-sync and bundle-sync

• #139 b23a762 Thanks @LiranCohen! - Prevent silent ref deletion when git fails: ref-sync now aborts instead of deleting all DWN ref records when git for-each-ref exits with a non-zero code

• #144 a8f9b1a Thanks @LiranCohen! - Fix setup --check to report failure when symlinks point to the wrong target or when binaries exist as regular files instead of symlinks

• #143 dc22a98 Thanks @LiranCohen! - Validate port number in gitd web command using parsePort instead of raw parseInt, rejecting invalid values with a clear error

v0.6.1

Patch Changes

• #88 5b0f58d Thanks @LiranCohen! - Fix did: prefix doubling when remote URL contains the full DID (did::did:dht:.../repo). The URL parser now accepts both short (dht:id/repo) and full (did:dht:id/repo) forms.

v0.6.0

Minor Changes

• #87 b94169f Thanks @LiranCohen! - gitd init now initializes a local git repo in the current directory and adds the origin remote automatically, matching git/gh conventions. Pass --no-local to skip local setup and only create the server-side bare repo + DWN record.

Patch Changes

• #85 4794775 Thanks @LiranCohen! - Eliminate CWD-relative path leaks: RESOLVERCACHE/, DATA/AGENT/, and ./repos no longer created in the working directory. All paths now resolve to ~/.enbox/profiles/default/ when no named profile is active.