feat: integrate wolfeidau/content-cache for git and registry endpoints#138
Draft
feat: integrate wolfeidau/content-cache for git and registry endpoints#138
Conversation
lox
force-pushed
the
lachlan/content-cache-integration
branch
from
0f13db8 to
f2d2c36
Compare
Embed content-cache's CAFS, BoltDB metadata index, and protocol handlers to serve git and OCI registry requests through a shared content-addressed cache with singleflight deduplication across sandboxes. - Add ContentCache layer wrapping content-cache's git and OCI handlers with a shared CAFS blob store and BoltDB metadata index - Add cachedGitHandler: policy enforcement wrapper that validates sandbox scope, checks host allowlist, rejects pushes, then delegates to content-cache's git handler for caching and upstream proxying - Add cachedRegistryHandler: policy enforcement wrapper that rewrites /registry/ to /v2/, maps prefixes to upstream hosts for policy checks, and delegates to content-cache's OCI handler - Add credentialInjector RoundTripper to bridge per-sandbox credential resolution into content-cache's static-client upstream model - Wire into gateway server with fallback to existing mirror-backed git handler and registry stub when content cache is not configured - Upgrade Go 1.23 -> 1.26, GOTOOLCHAIN local -> auto Amp-Thread-ID: https://ampcode.com/threads/T-019d4351-d9c5-742f-8805-f909845b4f2b
lox
force-pushed
the
lachlan/content-cache-integration
branch
from
f2d2c36 to
17d1f78
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Embeds wolfeidau/content-cache to serve git and OCI registry requests through a shared content-addressed cache with singleflight deduplication across sandboxes.
What changed
New files
contentcache.gocontentcache_types.goContentCachestruct, accessors,credentialInjectorRoundTripper,registryHostnamehelpergit_cached.go/gitprefixoci_cached.go/registry/→/v2/*_test.goModified files
server.go:ContentCachefield onServerConfig; route setup prefers cached handlers with fallback to existing behaviourserve.go: CreatesContentCachewith git allowed hosts, wires into gateway config.mise.toml/go.mod: Go 1.23 → 1.26, addedcontent-cache@v1.2.0Architecture
git-upload-packresponses keyed by BLAKE3(request body).info/refsalways proxied fresh. Replaces full bare mirror clones for the HTTP serving path.credentialInjectorRoundTripper bridges per-sandboxCredentialProviderinto content-cache's static-client model.ContentCacheis nil, existing mirror-backed git handler and registry stub are used unchanged.Notes
GitMirrorStoreis preserved for the snapshot/control-service path (EnsureMirrorContains) — that's orthogonal to the HTTP cache.serve.go(only git allowed hosts) — registry config can be wired from runtime config in a follow-up.