Skip to content

Releases: v-code01/ledge

v0.1.0 — first tagged release

Choose a tag to compare

@v-code01 v-code01 released this 01 Jul 18:48

First tagged release of Ledge — Git-compatible, content-addressed storage infrastructure for agent-scale workloads. A stock git client clones/pushes/fetches against it over HTTP and SSH.

Install

Signed, multi-arch (linux/amd64 + linux/arm64) image:

docker run -p 3000:3000 ghcr.io/v-code01/ledge:0.1.0

Verify the cosign signature (keyless — GitHub OIDC via Fulcio/Rekor, no keys):

cosign verify ghcr.io/v-code01/ledge:0.1.0 \
  --certificate-identity-regexp 'https://github.com/v-code01/ledge/.github/workflows/release.yml@.*' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

What's here

  • Git smart-HTTP + SSH: clone / fetch / push, shallow + partial clone, LFS
  • BLAKE3 content addressing; native git packfiles (OFS_DELTA, window-250)
  • Sharded Raft replication: linearizable CAS, self-bootstrapping, TLA+-verified core
  • Workspaces (lease-backed + GC), multi-tenancy, auth / quotas / TLS + mTLS with hot cert rotation
  • S3 cold tier + disaster recovery; filesystem backup/restore runbook; webhooks; bidirectional GitHub sync
  • Prometheus metrics + alerting rules + Grafana dashboard; native SDK over Cap'n Proto (Rust / TS / Python / Go)
  • SBOM + SLSA build-provenance attestations on the image

Status (honest)

Early and source-available under BSL 1.1 (converts to Apache-2.0 in 2030) — not OSI "open source". Good for single-node / trusted-tenant deployments you operate; not yet for hosting untrusted multi-tenant code. See AUDIT.md for the first-party security & production-readiness review and the ranked residual risks (tracked as issues #1#5).