docs: update based on current implementation

author: DanConwayDev <DanConwayDev@protonmail.com> 2025-12-04 12:34:20 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2025-12-04 13:02:59 +0000
commit: d9bc5ed7fddef3a26de8e69a7124e1dbe5b8602f (patch)
tree: c76ffcbf246c8bef7545337316c0afb90433bbf5 /docs/explanation
parent: 40831a9025d05fa354b7d8386eeebd902092ea86 (diff)
2 files changed, 231 insertions, 611 deletions
diff --git a/docs/explanation/architecture.md b/docs/explanation/architecture.md
index ebf7a74..3fb895c 100644
--- a/docs/explanation/architecture.md
+++ b/docs/explanation/architecture.md
@@ -2,16 +2,16 @@
 ## Executive Summary
-`ngit-grasp` implements the GRASP protocol in Rust with **inline authorization** rather than Git hooks. The key architectural insight is that the `git-http-backend` Rust crate provides sufficient flexibility to intercept and validate Git push operations before they reach the Git repository, eliminating the need for pre-receive hooks.
+`ngit-grasp` implements the GRASP protocol in Rust with **inline authorization** rather than Git hooks. The key architectural insight is that we can intercept and validate Git push operations at the HTTP handler level before reaching the Git repository, eliminating the need for pre-receive hooks.
 ## Architectural Decision: Inline vs. Hook-Based Authorization
 ### Investigation Summary
-After examining both the reference implementation and the `git-http-backend` Rust crate, we have two options:
+After examining both the reference implementation and HTTP server options, we have two options:
 #### Option 1: Hook-Based (Reference Implementation Approach)
- Use `git-http-backend` crate as-is
+- Use standard Git HTTP backend
 - Create pre-receive and post-receive hooks
 - Hooks query the Nostr relay and validate pushes
 - **Pros**: Follows reference implementation closely
@@ -28,7 +28,7 @@ After examining both the reference implementation and the `git-http-backend` Rus
 **Rationale:**
-1. **The `git-http-backend` crate is sufficiently flexible**: Examining `src/actix/git_receive_pack.rs` shows it spawns `git receive-pack` as a subprocess and streams data. We can intercept this.
+1. **Full control over HTTP layer**: Using Hyper directly gives us complete control over request handling, WebSocket upgrades, and CORS headers.
 2. **Better Developer Experience**: 
   - Validation errors can be returned as proper HTTP responses
@@ -56,7 +56,7 @@ After examining both the reference implementation and the `git-http-backend` Rus
 │                                                             │
 │  ┌──────────────────┐              ┌──────────────────┐   │
 │  │   HTTP Router    │              │  Nostr Relay     │   │
-│  │   (actix-web)    │              │  (nostr-relay-   │   │
+│  │     (Hyper)      │              │  (nostr-relay-   │   │
 │  │                  │              │   builder)       │   │
 │  └────────┬─────────┘              └────────┬─────────┘   │
 │           │                                 │             │
@@ -90,299 +90,149 @@ After examining both the reference implementation and the `git-http-backend` Rus
 ## Component Design
-### 1. Main Server (`src/main.rs`)
+### 1. Main Server ([`src/main.rs`](src/main.rs))
 **Responsibilities:**
- Initialize configuration from environment
+- Initialize configuration from environment (clap + dotenvy)
- Set up actix-web HTTP server
+- Set up Hyper HTTP server with request routing
- Initialize Nostr relay builder
+- Initialize Nostr relay builder with custom [`Nip34WritePolicy`](src/nostr/builder.rs:51)
- Set up shared storage
+- Set up shared storage (LMDB, NostrDB, or Memory)
- Configure routes for both Git and Nostr endpoints
+- Handle WebSocket upgrades for Nostr relay
 - Handle graceful shutdown
 **Key Dependencies:**
 ```rust
-actix-web = "4"
+hyper = "1"
 tokio = { version = "1", features = ["full"] }
 nostr-relay-builder = "0.43"
 nostr-sdk = "0.43"
+nostr-lmdb = "0.43"
 ```
-### 2. Git Module (`src/git/`)
+### 2. HTTP Module ([`src/http/mod.rs`](src/http/mod.rs))
-#### `handler.rs` - Git HTTP Handlers
+**Responsibilities:**
+- Route HTTP requests to appropriate handlers
+- WebSocket upgrade for Nostr relay at `/`
+- Git Smart HTTP endpoints at `/<npub>/<identifier>.git/*`
+- Landing pages and NIP-11 document serving
+- CORS headers on all responses (GRASP-01 requirement)
-Implements actix-web handlers for Git Smart HTTP protocol:
+**Key Implementation Details:**
 ```rust
-// GET /<npub>/<identifier>.git/info/refs?service=git-upload-pack
+// CORS headers required by GRASP-01 specification
-async fn info_refs_upload_pack(
+const CORS_ALLOW_ORIGIN: &str = "*";
-    req: HttpRequest,
+const CORS_ALLOW_METHODS: &str = "GET, POST";
-    state: web::Data<AppState>,
+const CORS_ALLOW_HEADERS: &str = "Content-Type";
-) -> Result<HttpResponse>
+/// Add CORS headers to a response builder
-// POST /<npub>/<identifier>.git/git-upload-pack
+fn add_cors_headers(builder: http::response::Builder) -> http::response::Builder {
-async fn git_upload_pack(
+    builder
-    req: HttpRequest,
+        .header("Access-Control-Allow-Origin", CORS_ALLOW_ORIGIN)
-    body: web::Payload,
+        .header("Access-Control-Allow-Methods", CORS_ALLOW_METHODS)
-    state: web::Data<AppState>,
+        .header("Access-Control-Allow-Headers", CORS_ALLOW_HEADERS)
-) -> Result<HttpResponse>
+}
-// GET /<npub>/<identifier>.git/info/refs?service=git-receive-pack
-async fn info_refs_receive_pack(
-    req: HttpRequest,
-    state: web::Data<AppState>,
-) -> Result<HttpResponse>
-// POST /<npub>/<identifier>.git/git-receive-pack
-// THIS IS WHERE THE MAGIC HAPPENS
-async fn git_receive_pack(
-    req: HttpRequest,
-    body: web::Payload,
-    state: web::Data<AppState>,
-) -> Result<HttpResponse>
 ```
-#### `authorization.rs` - Push Validation
+See [`src/http/mod.rs:29-84`](src/http/mod.rs:29-84) for the full CORS implementation.
-**Core Logic:**
+### 3. Git Module ([`src/git/`](src/git/))
-```rust
+#### [`handlers.rs`](src/git/handlers.rs) - Git HTTP Handlers
-pub struct PushValidator {
-    nostr_client: Arc<Client>,
-    relay_url: String,
-}
-impl PushValidator {
+Implements handlers for Git Smart HTTP protocol:
-    /// Validate a push operation against Nostr state
-    pub async fn validate_push(
-        &self,
-        npub: &str,
-        identifier: &str,
-        ref_updates: Vec<RefUpdate>,
-    ) -> Result<ValidationResult> {
-        // 1. Fetch announcement and state events from local relay
-        let events = self.fetch_events(identifier).await?;
-        
-        // 2. Extract pubkey from npub
-        let pubkey = decode_npub(npub)?;
-        
-        // 3. Get recursive maintainer set
-        let maintainers = get_maintainers(&events, &pubkey, identifier);
-        
-        // 4. Get latest state from maintainers
-        let state = get_state_from_maintainers(&events, &maintainers)?;
-        
-        // 5. Validate each ref update
-        for ref_update in ref_updates {
-            if ref_update.ref_name.starts_with("refs/nostr/") {
-                // Allow refs/nostr/<event-id> for PRs
-                validate_pr_ref(&ref_update)?;
-            } else if ref_update.ref_name.starts_with("refs/heads/pr/") {
-                // Reject pr/* branches - should use refs/nostr/
-                return Err(Error::InvalidRef("pr/* branches must use refs/nostr/"));
-            } else {
-                // Validate against state event
-                validate_state_ref(&state, &ref_update)?;
-            }
-        }
-        
-        Ok(ValidationResult::Accept)
-    }
-}
-```
-**Key Functions:**
 ```rust
-/// Parse ref updates from git-receive-pack request body
+/// Handle GET /info/refs?service=git-{upload,receive}-pack
-fn parse_ref_updates(body: &[u8]) -> Result<Vec<RefUpdate>>
+pub async fn handle_info_refs(
+    repo_path: PathBuf,
-/// Recursively find all maintainers
+    service: GitService,
-fn get_maintainers(
+) -> Result<Response<Full<Bytes>>, GitError>
-    events: &[Event],
-    pubkey: &str,
+/// Handle POST /git-upload-pack (clone/fetch)
+pub async fn handle_upload_pack(
+    repo_path: PathBuf,
+    body: Bytes,
+) -> Result<Response<Full<Bytes>>, GitError>
+/// Handle POST /git-receive-pack (push)
+/// THIS IS WHERE THE MAGIC HAPPENS - validates against state before accepting
+pub async fn handle_receive_pack(
+    repo_path: PathBuf,
+    body: Bytes,
+    database: SharedDatabase,
+    npub: &str,
    identifier: &str,
-) -> Vec<String>
+) -> Result<Response<Full<Bytes>>, GitError>
-/// Get latest state from maintainer set
-fn get_state_from_maintainers(
-    events: &[Event],
-    maintainers: &[String],
-) -> Result<RepositoryState>
-/// Validate a ref matches the state event
-fn validate_state_ref(
-    state: &RepositoryState,
-    ref_update: &RefUpdate,
-) -> Result<()>
 ```
-### 3. Nostr Module (`src/nostr/`)
+See [`src/git/handlers.rs:22-98`](src/git/handlers.rs:22-98) for the info-refs implementation.
-#### `relay.rs` - Relay Configuration
+#### [`authorization.rs`](src/git/authorization.rs) - Push Validation
-```rust
+**Core Logic:**
-pub async fn build_relay(config: &Config) -> Result<LocalRelay> {
-    let builder = RelayBuilder::default()
-        .write_policy(RepositoryAnnouncementPolicy::new(config.domain.clone()))
-        .write_policy(RelatedEventsPolicy::new())
-        .query_policy(StandardQueryPolicy::new())
-        .on_event_saved(create_repository_hook(config.git_data_path.clone()));
-    
-    // Configure storage backend (LMDB or NDB)
-    let relay = LocalRelay::run(builder).await?;
-    
-    Ok(relay)
-}
-```
-#### `events.rs` - Event Handlers
 ```rust
-/// Hook called when events are saved
+/// Get authorization info for a repository owner
-pub fn create_repository_hook(
+pub async fn get_authorization_for_owner(
-    git_data_path: PathBuf,
+    database: &SharedDatabase,
-) -> impl Fn(&Event) -> BoxFuture<'static, ()> {
+    pubkey: &PublicKey,
-    move |event: &Event| {
+    identifier: &str,
-        let git_path = git_data_path.clone();
+) -> Result<AuthorizationResult, AuthorizationError>
-        Box::pin(async move {
-            if event.kind == Kind::RepositoryAnnouncement {
-                handle_repository_announcement(event, &git_path).await;
-            } else if event.kind == Kind::RepositoryState {
-                handle_repository_state(event, &git_path).await;
-            }
-        })
-    }
-}
-async fn handle_repository_announcement(event: &Event, git_path: &Path) {
+/// Validate that pushed refs match the authorized state
-    // 1. Parse repository from event
+pub fn validate_push_refs(
-    // 2. Check if listed in clone and relays tags
+    pushed_refs: &[PushedRef],
-    // 3. Create empty bare Git repository
+    state: &RepositoryState,
-    // 4. Configure uploadpack.allowTipSHA1InWant
+) -> Result<(), AuthorizationError>
-    // 5. Configure uploadpack.allowUnreachable
-    // 6. Configure http.receivepack
-}
-async fn handle_repository_state(event: &Event, git_path: &Path) {
+/// Validate refs/nostr/<event-id> pushes
-    // 1. Parse state from event
+pub fn validate_nostr_ref_pushes(
-    // 2. Update repository HEAD if needed
+    pushed_refs: &[PushedRef],
-    // 3. Trigger proactive sync (GRASP-02)
+    database: &SharedDatabase,
-}
+) -> Result<(), AuthorizationError>
 ```
-**Write Policies:**
+### 4. Nostr Module ([`src/nostr/`](src/nostr/))
-```rust
+#### [`builder.rs`](src/nostr/builder.rs) - Relay Configuration
-/// Accept repository announcements that list this instance
-pub struct RepositoryAnnouncementPolicy {
-    domain: String,
-}
-impl WritePolicy for RepositoryAnnouncementPolicy {
-    fn admit_event(&self, event: &Event, _addr: &SocketAddr) 
-        -> BoxFuture<PolicyResult> 
-    {
-        Box::pin(async move {
-            if event.kind != Kind::RepositoryAnnouncement {
-                return PolicyResult::Accept; // Not our concern
-            }
-            
-            // Check if this instance is in clone and relays tags
-            let has_clone = event.tags.iter()
-                .any(|t| t.kind() == "clone" && t.content() == Some(&self.domain));
-            let has_relay = event.tags.iter()
-                .any(|t| t.kind() == "relays" && t.content() == Some(&self.domain));
-            
-            if has_clone && has_relay {
-                PolicyResult::Accept
-            } else {
-                PolicyResult::Reject("instance not listed in clone and relays".into())
-            }
-        })
-    }
-}
-/// Accept events related to stored announcements/issues/patches
+The [`Nip34WritePolicy`](src/nostr/builder.rs:51) is the core event validation logic:
-pub struct RelatedEventsPolicy;
-impl WritePolicy for RelatedEventsPolicy {
+```rust
-    fn admit_event(&self, event: &Event, _addr: &SocketAddr) 
+/// NIP-34 Write Policy with Full GRASP-01 Event Validation
-        -> BoxFuture<PolicyResult> 
+///
-    {
+/// Validates all events according to GRASP-01 specification:
-        // Accept if event tags or is tagged by stored events
+/// - Repository announcements must list service in clone and relays tags
-        // Implementation requires querying the event store
+///   EXCEPTION: Recursive maintainer announcements are accepted even without
-    }
+///   listing the service, to enable maintainer chain discovery and GRASP-02 sync
+/// - Repository state announcements must have valid structure
+/// - Other events must reference accepted repositories or events
+/// - Forward references are supported (events referenced by accepted events)
+/// - Orphan events with no valid references are rejected
+pub struct Nip34WritePolicy {
+    domain: String,
+    database: SharedDatabase,
+    git_data_path: PathBuf,
 }
 ```
-### 4. Storage Module (`src/storage/`)
+See [`src/nostr/builder.rs:38-78`](src/nostr/builder.rs:38-78) for the full policy struct.
-#### `repository.rs` - Repository Management
+#### [`events.rs`](src/nostr/events.rs) - Event Parsing
+Provides structures for parsing NIP-34 events:
 ```rust
-pub struct RepositoryManager {
+/// Parsed repository announcement (Kind 30617)
-    git_data_path: PathBuf,
+pub struct RepositoryAnnouncement { ... }
-}
-impl RepositoryManager {
+/// Parsed repository state (Kind 30618)  
-    /// Create a new bare Git repository
+pub struct RepositoryState { ... }
-    pub async fn create_repository(
-        &self,
-        npub: &str,
-        identifier: &str,
-    ) -> Result<PathBuf> {
-        let repo_path = self.git_data_path
-            .join(npub)
-            .join(format!("{}.git", identifier));
-        
-        // Create directory
-        tokio::fs::create_dir_all(&repo_path).await?;
-        
-        // Initialize bare repo
-        Command::new("git")
-            .args(&["init", "--bare"])
-            .arg(&repo_path)
-            .output()
-            .await?;
-        
-        // Configure
-        self.configure_repository(&repo_path).await?;
-        
-        Ok(repo_path)
-    }
-    
-    async fn configure_repository(&self, repo_path: &Path) -> Result<()> {
-        // Enable unauthenticated push (we handle auth ourselves)
-        git_config(repo_path, "http.receivepack", "true").await?;
-        
-        // Enable tip SHA1 fetching (required for ngit)
-        git_config(repo_path, "uploadpack.allowTipSHA1InWant", "true").await?;
-        
-        // Enable unreachable object fetching
-        git_config(repo_path, "uploadpack.allowUnreachable", "true").await?;
-        
-        Ok(())
-    }
-    
-    /// Check if repository exists
-    pub async fn repository_exists(
-        &self,
-        npub: &str,
-        identifier: &str,
-    ) -> bool {
-        let repo_path = self.git_data_path
-            .join(npub)
-            .join(format!("{}.git", identifier));
-        
-        repo_path.join("HEAD").exists() && 
-        repo_path.join("config").exists()
-    }
-}
 ```
-### 5. Configuration (`src/config.rs`)
+### 5. Configuration ([`src/config.rs`](src/config.rs))
 ```rust
 pub struct Config {
@@ -393,34 +243,18 @@ pub struct Config {
    pub git_data_path: PathBuf,
    pub relay_data_path: PathBuf,
    pub bind_address: SocketAddr,
-    pub log_level: String,
+    pub database_backend: DatabaseBackend,
 }
-impl Config {
+pub enum DatabaseBackend {
-    pub fn from_env() -> Result<Self> {
+    Lmdb,    // Default, production use
-        Ok(Config {
+    NostrDb, // Alternative
-            domain: env::var("NGIT_DOMAIN")?,
+    Memory,  // Testing
-            owner_npub: env::var("NGIT_OWNER_NPUB")?,
-            relay_name: env::var("NGIT_RELAY_NAME")?,
-            relay_description: env::var("NGIT_RELAY_DESCRIPTION")?,
-            git_data_path: PathBuf::from(
-                env::var("NGIT_GIT_DATA_PATH")
-                    .unwrap_or_else(|_| "./data/git".to_string())
-            ),
-            relay_data_path: PathBuf::from(
-                env::var("NGIT_RELAY_DATA_PATH")
-                    .unwrap_or_else(|_| "./data/relay".to_string())
-            ),
-            bind_address: env::var("NGIT_BIND_ADDRESS")
-                .unwrap_or_else(|_| "127.0.0.1:8080".to_string())
-                .parse()?,
-            log_level: env::var("RUST_LOG")
-                .unwrap_or_else(|_| "info".to_string()),
-        })
-    }
 }
 ```
+Configuration is loaded via **clap CLI > environment variables > .env > defaults**.
 ## Data Flow
 ### Push Operation Flow
@@ -428,327 +262,120 @@ impl Config {
 ```
 1. Git Client → POST /<npub>/<id>.git/git-receive-pack
                ↓
-2. git_receive_pack handler receives request
+2. HttpService routes to git::handlers::handle_receive_pack()
                ↓
-3. Parse ref updates from request body
+3. Parse ref updates from request body (pkt-line format)
                ↓
 4. Extract npub and identifier from URL
                ↓
-5. PushValidator::validate_push()
+5. authorization::get_authorization_for_owner()
-   ├─ Fetch events from local Nostr relay
+   ├─ Query database for announcements
-   ├─ Get maintainers recursively
+   ├─ Build recursive maintainer set
-   ├─ Get latest state from maintainers
+   └─ Get latest authorized state
-   └─ Validate each ref update
+                ↓
+6. authorization::validate_push_refs()
+   ├─ Check each ref matches state
+   └─ Validate refs/nostr/ pushes
                ↓
-6. If VALID:
+7. If VALID:
   ├─ Spawn git-receive-pack subprocess
   ├─ Stream request body to git stdin
   └─ Stream git stdout back to client
                ↓
-7. If INVALID:
+8. If INVALID:
   └─ Return HTTP 403 with error message
 ```
 ### Repository Announcement Flow
 ```
-1. Nostr Client → EVENT (Kind 30317)
+1. Nostr Client → EVENT (Kind 30617)
                ↓
 2. Nostr relay receives event
                ↓
-3. RepositoryAnnouncementPolicy::admit_event()
+3. Nip34WritePolicy::admit_event()
   ├─ Check if instance in clone tags
   ├─ Check if instance in relays tags
+   ├─ OR: Check if recursive maintainer
   └─ Accept or reject
                ↓
 4. If ACCEPTED:
-   ├─ Event saved to store
+   ├─ Event saved to database
-   └─ on_event_saved hook triggered
+   └─ ensure_bare_repository() called
                ↓
-5. handle_repository_announcement()
+5. Bare Git repository created at
-   ├─ Parse repository details
+   <git_data_path>/<npub>/<identifier>.git
-   ├─ Create Git repository directory
-   ├─ Initialize bare Git repo
-   └─ Configure Git settings
-```
-## Key Implementation Details
-### 1. Parsing Git Receive-Pack Protocol
-The Git receive-pack protocol uses a pkt-line format. We need to parse:
-```
-0000-0000-0000-0000 0000-0000-0000-0000 refs/heads/main\0 report-status
-0000-0000-0000-0000 0000-0000-0000-0000 refs/heads/dev
-```
-Each line has:
- Old SHA (40 hex chars)
- Space
- New SHA (40 hex chars)
- Space
- Ref name
- Optional capabilities (first line only, after \0)
-```rust
-pub struct RefUpdate {
-    pub old_sha: String,
-    pub new_sha: String,
-    pub ref_name: String,
-}
-pub fn parse_ref_updates(body: &[u8]) -> Result<Vec<RefUpdate>> {
-    // Parse pkt-line format
-    // Extract ref updates
-    // Return structured data
-}
 ```
-### 2. Maintainer Recursion
+### State Event Flow
-The maintainer resolution must handle cycles and correctly build the set:
-```rust
-fn get_maintainers_recursive(
-    events: &[Event],
-    pubkey: &str,
-    identifier: &str,
-    visited: &mut HashSet<String>,
-) -> HashSet<String> {
-    if visited.contains(pubkey) {
-        return HashSet::new();
-    }
-    
-    visited.insert(pubkey.to_string());
-    
-    let announcement = find_announcement(events, pubkey, identifier);
-    if announcement.is_none() {
-        return HashSet::new();
-    }
-    
-    let repo = parse_repository(announcement.unwrap());
-    
-    for maintainer in repo.maintainers {
-        get_maintainers_recursive(events, &maintainer, identifier, visited);
-    }
-    
-    visited.clone()
-}
 ```
+1. Nostr Client → EVENT (Kind 30618)
-### 3. State Event Validation
+                ↓
+2. Nostr relay receives event
-```rust
+                ↓
-fn validate_state_ref(
+3. Nip34WritePolicy::admit_event()
-    state: &RepositoryState,
+   ├─ Check author is in maintainer set
-    ref_update: &RefUpdate,
+   ├─ Validate state structure
-) -> Result<()> {
+   └─ Accept or reject
-    if ref_update.ref_name.starts_with("refs/heads/") {
+                ↓
-        let branch_name = &ref_update.ref_name[11..];
+4. If ACCEPTED and is latest state:
-        if let Some(commit) = state.branches.get(branch_name) {
+   ├─ Align repository refs to match state
-            if commit == &ref_update.new_sha {
+   ├─ Create/update/delete refs as needed
-                return Ok(());
+   └─ Set HEAD if commit available
-            }
-            return Err(Error::StateMismatch {
-                ref_name: ref_update.ref_name.clone(),
-                expected: commit.clone(),
-                got: ref_update.new_sha.clone(),
-            });
-        }
-        return Err(Error::RefNotInState(ref_update.ref_name.clone()));
-    }
-    
-    if ref_update.ref_name.starts_with("refs/tags/") {
-        let tag_name = &ref_update.ref_name[10..];
-        if let Some(commit) = state.tags.get(tag_name) {
-            if commit == &ref_update.new_sha {
-                return Ok(());
-            }
-            return Err(Error::StateMismatch {
-                ref_name: ref_update.ref_name.clone(),
-                expected: commit.clone(),
-                got: ref_update.new_sha.clone(),
-            });
-        }
-        return Err(Error::RefNotInState(ref_update.ref_name.clone()));
-    }
-    
-    Err(Error::InvalidRef(ref_update.ref_name.clone()))
-}
-```
-### 4. CORS Support
-As per GRASP-01, we must support CORS:
-```rust
-use actix_cors::Cors;
-fn configure_cors() -> Cors {
-    Cors::default()
-        .allow_any_origin()
-        .allowed_methods(vec!["GET", "POST", "OPTIONS"])
-        .allowed_headers(vec!["Content-Type"])
-        .max_age(3600)
-}
-// In main.rs
-App::new()
-    .wrap(configure_cors())
-    .configure(git_routes)
-    .configure(nostr_routes)
 ```
 ## Testing Strategy
-See [TEST_STRATEGY.md](TEST_STRATEGY.md) for comprehensive testing documentation, including:
+See [test-strategy.md](../reference/test-strategy.md) for comprehensive testing documentation.
- **GRASP Compliance Testing Tool**: Reusable test suite that validates any GRASP implementation against the spec
- **Spec-Mirrored Tests**: Test structure matches GRASP protocol documents exactly
- **Clear Failure Messages**: Test failures cite exact spec lines (e.g., "GRASP-01:12-13")
- **Multiple Test Levels**: Unit, integration, compliance, and end-to-end tests
 ### Quick Overview
-```rust
+**Integration Tests** ([`tests/`](tests/)):
-// Unit Tests - Individual functions
+- Use [`TestRelay`](tests/common/relay.rs:14) fixture for automatic relay lifecycle
-#[test]
+- Each test file in [`tests/`](tests/) covers a GRASP-01 requirement
-fn test_parse_ref_updates() {
-    let body = b"0000... 0000... refs/heads/main\0report-status\n";
-    let updates = parse_ref_updates(body).unwrap();
-    assert_eq!(updates.len(), 1);
-    assert_eq!(updates[0].ref_name, "refs/heads/main");
-}
-// Integration Tests - Component interaction
+**Audit Tests** ([`grasp-audit/`](grasp-audit/)):
-#[tokio::test]
+- Reusable compliance testing for any GRASP implementation
-async fn test_full_push_flow() {
+- Spec-mirrored structure in [`grasp-audit/src/specs/grasp01/`](grasp-audit/src/specs/grasp01/)
-    let app = test_app().await;
-    let (announcement, state) = app.create_repo_with_state()
-        .branch("main", "commit-123")
-        .build()
-        .await;
-    
-    let result = app.git_push("main", "commit-123").await;
-    assert!(result.success);
-}
-// Compliance Tests - GRASP spec validation
+```rust
+// Example: tests/nip01_compliance.rs
 #[tokio::test]
-async fn test_grasp_01_compliance() {
+async fn test_nip01_websocket_connection() {
-    use grasp_compliance_tests::{TestContext, Grasp01Spec};
+    let relay = TestRelay::start().await;
-    
+    // Test NIP-01 compliance...
-    let ctx = TestContext::builder()
+    relay.stop().await;
-        .base_url(&server.url())
-        .build();
-    
-    let results = Grasp01Spec::test_compliance(&ctx).await;
-    assert!(results.all_passed(), "{}", results.report());
 }
 ```
-The compliance testing tool is designed as a **standalone crate** that can be:
- Used by ngit-grasp for self-validation
- Published for other GRASP implementations to use
- Updated as new GRASP specs are released
- Run in CI/CD for continuous compliance verification
 ## Performance Considerations
 ### 1. Async All The Way
 - Use `tokio` for all I/O
- Non-blocking Git subprocess spawning
+- Non-blocking Git subprocess spawning via [`GitSubprocess`](src/git/subprocess.rs)
 - Stream large pack files without buffering
-### 2. Connection Pooling
+### 2. Shared Database
- Reuse Nostr relay connections
- Connection pool for internal relay queries
-### 3. Caching
- Cache parsed state events (with TTL)
+- Single database instance shared between relay and Git handlers
- Cache maintainer sets
+- Direct queries for push authorization (no WebSocket round-trip)
- Invalidate on new state events
-```rust
+### 3. Write Policy Caching
-pub struct StateCache {
-    cache: Arc<RwLock<HashMap<String, CachedState>>>,
-}
-struct CachedState {
-    state: RepositoryState,
-    maintainers: Vec<String>,
-    timestamp: Instant,
-}
-impl StateCache {
+- Maintainer sets computed once per event validation
-    pub async fn get_or_fetch(
+- State lookups use database indexes
-        &self,
-        identifier: &str,
-        fetcher: impl Future<Output = Result<(RepositoryState, Vec<String>)>>,
-    ) -> Result<(RepositoryState, Vec<String>)> {
-        // Check cache
-        // Return if fresh
-        // Otherwise fetch and cache
-    }
-}
-```
 ## Future Extensions
 ### GRASP-02: Proactive Sync
-Add background tasks:
+See [grasp-02-proactive-sync.md](grasp-02-proactive-sync.md) for detailed design.
-```rust
-pub struct ProactiveSyncTask {
-    relay_client: Client,
-    git_manager: RepositoryManager,
-}
-impl ProactiveSyncTask {
-    pub async fn run(&self) {
-        loop {
-            tokio::time::sleep(Duration::from_secs(3600)).await;
-            
-            // Fetch all announcements from our relay
-            let announcements = self.fetch_announcements().await;
-            
-            for ann in announcements {
-                // Sync events from listed relays
-                self.sync_events(&ann).await;
-                
-                // Sync git data from listed clones
-                self.sync_git_data(&ann).await;
-                
-                // Fetch PR data
-                self.sync_pr_data(&ann).await;
-            }
-        }
-    }
-}
-```
 ### GRASP-05: Archive
-Relax the policy:
+Relax the write policy to accept all repository announcements regardless of clone/relays tags.
-```rust
-pub struct ArchiveAnnouncementPolicy;
-impl WritePolicy for ArchiveAnnouncementPolicy {
-    fn admit_event(&self, event: &Event, _addr: &SocketAddr) 
-        -> BoxFuture<PolicyResult> 
-    {
-        // Accept all repository announcements
-        // Don't check clone/relays tags
-        PolicyResult::Accept
-    }
-}
-```
 ## Deployment
@@ -756,7 +383,7 @@ impl WritePolicy for ArchiveAnnouncementPolicy {
 ```bash
 cargo build --release
-./target/release/ngit-grasp
+./target/release/ngit-grasp --domain example.com --owner-npub npub1...
 ```
 ### Docker
@@ -799,10 +426,17 @@ WantedBy=multi-user.target
 2. **Path Traversal**: Prevent directory traversal in repository paths
 3. **DoS Protection**: Rate limiting on both HTTP and WebSocket
 4. **Resource Limits**: Limit pack file sizes, event sizes
-5. **Nostr Event Validation**: Strict signature verification
+5. **Nostr Event Validation**: Strict signature verification (handled by nostr-relay-builder)
 ## Conclusion
-The inline authorization approach provides a cleaner, more maintainable architecture than hook-based authorization while maintaining full GRASP-01 compliance. The Rust ecosystem provides excellent libraries for both Git and Nostr protocols, enabling a high-performance, type-safe implementation.
+The inline authorization approach provides a cleaner, more maintainable architecture than hook-based authorization while maintaining full GRASP-01 compliance. Using Hyper for the HTTP layer gives us complete control over request handling, WebSocket upgrades, and CORS headers.
 The key insight is that we don't need to rely on Git's hook mechanism when we have full control over the HTTP layer that Git operates through. By intercepting at the HTTP handler level, we gain better error handling, easier testing, and tighter integration between the Git and Nostr components.
+## Related Documentation
+- [Inline Authorization Explanation](inline-authorization.md) - Why we chose this approach
+- [GRASP-02 Proactive Sync](grasp-02-proactive-sync.md) - Future work design
+- [Test Strategy](../reference/test-strategy.md) - Comprehensive testing documentation
+- [GRASP-01 Implementation Learnings](../learnings/grasp-01-implementation.md) - Patterns and lessons learned
+\ No newline at end of file
diff --git a/docs/explanation/inline-authorization.md b/docs/explanation/inline-authorization.md
index 98f6e5a..4538602 100644
--- a/docs/explanation/inline-authorization.md
+++ b/docs/explanation/inline-authorization.md
@@ -150,14 +150,17 @@ rm -rf /tmp/test-repo
 ```rust
 #[tokio::test]
 async fn test_unauthorized_push() {
-    let state = create_test_state().await;
+    let relay = TestRelay::start().await;
    let result = validate_push(&state, "refs/heads/main", alice_pubkey).await;
    assert!(result.is_err());
+    relay.stop().await;
 }
 ```
 **Result:** Pure Rust unit tests, no shell scripts, no Git setup.
+See [`tests/push_authorization.rs`](tests/push_authorization.rs) for actual test examples.
 ### 4. Shared State and Types
 **With hooks:**
@@ -168,19 +171,17 @@ async fn test_unauthorized_push() {
 **With inline authorization:**
 ```rust
-pub struct GitHandler {
+// From src/git/handlers.rs
-    nostr_relay: Arc<NostrRelay>,  // Shared!
+pub async fn handle_receive_pack(
-    state_cache: Arc<StateCache>,   // Shared!
+    repo_path: PathBuf,
-}
+    body: Bytes,
+    database: SharedDatabase,  // Shared with Nostr relay!
-impl GitHandler {
+    npub: &str,
-    async fn validate_push(&self, refs: &[RefUpdate]) -> Result<()> {
+    identifier: &str,
-        // Direct access to Nostr state
+) -> Result<Response<Full<Bytes>>, GitError> {
-        let state = self.state_cache.get_latest().await?;
+    // Direct database access for authorization
-        // Validate using shared types
+    let auth = get_authorization_for_owner(&database, pubkey, identifier).await?;
-        state.validate_refs(refs)?;
+    // ...
-        Ok(())
-    }
 }
 ```
@@ -208,9 +209,9 @@ Setup steps:
 **With inline authorization (ngit-grasp):**
 ```
 Single Rust binary:
-  - HTTP server (actix-web)
+  - HTTP server (Hyper)
  - Git protocol handler
-  - Nostr relay
+  - Nostr relay (nostr-relay-builder)
  - Authorization logic
  
 Setup steps:
@@ -235,44 +236,38 @@ Content-Type: application/x-git-receive-pack-request
 0000000000000000000000000000000000000000 abc123... refs/heads/main\0 report-status
 ```
-We parse this **before** spawning Git:
+We parse this **before** spawning Git. See [`src/git/authorization.rs`](src/git/authorization.rs) for the implementation:
 ```rust
-pub async fn git_receive_pack(
+/// Parse ref updates from git-receive-pack request body
-    req: HttpRequest,
+pub fn parse_pushed_refs(body: &[u8]) -> Result<Vec<PushedRef>, AuthorizationError> {
-    body: web::Bytes,
+    // Parse pkt-line format
-) -> Result<HttpResponse, Error> {
+    // Extract ref updates
-    // 1. Parse ref updates from request body
+    // Return structured data
-    let ref_updates = parse_ref_updates(&body)?;
-    
-    // 2. Validate against Nostr state
-    let state = get_latest_state(&repo).await?;
-    validate_push(&state, &ref_updates).await?;
-    
-    // 3. If valid, spawn git-receive-pack
-    spawn_git_receive_pack(req, body).await
 }
 ```
 ### How We Validate
-Validation checks:
+Validation checks (from [`src/git/authorization.rs`](src/git/authorization.rs)):
 1. Does pusher's pubkey have write access?
 2. Are they listed as a maintainer in the latest state event?
-3. Do maintainer sets form a valid chain?
+3. Do the refs match the state event?
 ```rust
-async fn validate_push(
+/// Validate that pushed refs match the authorized state
-    state: &RepoState,
+pub fn validate_push_refs(
-    refs: &[RefUpdate],
+    pushed_refs: &[PushedRef],
-) -> Result<()> {
+    state: &RepositoryState,
-    for ref_update in refs {
+) -> Result<(), AuthorizationError> {
-        // Check if pusher is authorized for this ref
+    for pushed_ref in pushed_refs {
-        if !state.is_authorized(&ref_update.name, pusher_pubkey) {
+        if pushed_ref.ref_name.starts_with("refs/heads/") {
-            return Err(Error::Unauthorized {
+            // Validate branch against state
-                ref_name: ref_update.name.clone(),
+        } else if pushed_ref.ref_name.starts_with("refs/tags/") {
-                pubkey: pusher_pubkey,
+            // Validate tag against state
-            });
+        } else if pushed_ref.ref_name.starts_with("refs/nostr/") {
+            // Allow refs/nostr/<event-id> for PRs
        }
    }
    Ok(())
@@ -291,7 +286,7 @@ async fn validate_push(
 | **Performance** | Spawns Git first | Validates first |
 | **Testing** | Shell scripts + Go tests | Pure Rust tests |
 | **Deployment** | Docker + supervisord | Single binary |
-| **State sharing** | WebSocket query | Direct memory access |
+| **State sharing** | WebSocket query | Direct database access |
 Both are GRASP-compliant, but inline authorization is simpler and more efficient.
@@ -314,34 +309,25 @@ Both are GRASP-compliant, but inline authorization is simpler and more efficient
 ### Is It Worth It?
 **Yes**, because:
-1. The `git-http-backend` crate handles protocol parsing
+1. We handle protocol parsing in [`src/git/protocol.rs`](src/git/protocol.rs)
 2. GRASP is already non-standard (Nostr authorization)
 3. Benefits far outweigh the coupling cost
 4. We can still add hook support later if needed
 ---
-## Alternative Considered: Hybrid Approach
+## Implementation References
-We could use **both** inline validation and hooks:
-```rust
-// Inline: Fast path for common cases
-if !quick_validate(pusher).await? {
-    return Err(Error::Unauthorized);
-}
-// Hook: Detailed validation
-spawn_git_with_hook().await?;
-```
-**Why we didn't choose this:**
+Key files in the ngit-grasp implementation:
- Added complexity
- Redundant validation
- Slower (two validation steps)
- Harder to maintain
-If inline validation is sufficient, why add hooks?
+| Component | Location |
+|-----------|----------|
+| HTTP routing | [`src/http/mod.rs`](src/http/mod.rs) |
+| Git handlers | [`src/git/handlers.rs`](src/git/handlers.rs) |
+| Push authorization | [`src/git/authorization.rs`](src/git/authorization.rs) |
+| Git protocol parsing | [`src/git/protocol.rs`](src/git/protocol.rs) |
+| Subprocess management | [`src/git/subprocess.rs`](src/git/subprocess.rs) |
+| Event acceptance policy | [`src/nostr/builder.rs:51`](src/nostr/builder.rs:51) - `Nip34WritePolicy` |
 ---
@@ -365,9 +351,8 @@ This would allow:
 ### If Git Protocol Changes
-The `git-http-backend` crate abstracts protocol details. If the Git protocol changes:
+The protocol parsing is isolated in [`src/git/protocol.rs`](src/git/protocol.rs). If the Git protocol changes:
- Update the crate dependency
+- Update the protocol module
- Adjust our ref parsing if needed
 - Tests will catch any breakage
 ---
@@ -380,11 +365,11 @@ The `git-http-backend` crate abstracts protocol details. If the Git protocol cha
 2. It's more performant (early rejection)
 3. It's easier to test (pure Rust)
 4. It's simpler to deploy (single binary)
-5. It enables better integration (shared state)
+5. It enables better integration (shared database)
 The trade-off (coupling to Git HTTP protocol) is acceptable because:
 - The protocol is stable and well-specified
- The `git-http-backend` crate abstracts details
+- Protocol handling is isolated in one module
 - Benefits far outweigh the cost
 This decision aligns with our goal of creating a **developer-friendly, production-ready GRASP implementation**.
@@ -397,7 +382,8 @@ This decision aligns with our goal of creating a **developer-friendly, productio
 - [Design Decisions](decisions.md) - All architectural choices
 - [Comparison with ngit-relay](comparison.md) - Detailed comparison
 - [Git Protocol Reference](../reference/git-protocol.md) - Protocol details
+- [Test Strategy](../reference/test-strategy.md) - How we test this
 ---
-*Part of the [ngit-grasp explanation docs](./)*
+*Part of the [ngit-grasp explanation docs](./)*
+\ No newline at end of file
author	DanConwayDev <DanConwayDev@protonmail.com>	2025-12-04 12:34:20 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2025-12-04 13:02:59 +0000
commit	d9bc5ed7fddef3a26de8e69a7124e1dbe5b8602f (patch)
tree	c76ffcbf246c8bef7545337316c0afb90433bbf5 /docs/explanation
parent	40831a9025d05fa354b7d8386eeebd902092ea86 (diff)