Problem
The current backend crosses the client/backend boundary.
Today the backend requires a bind mount of the client host filesystem, effectively /Users/<username>, so it can resolve absolute local paths persisted as provenance.source_uri.
That is the wrong abstraction.
A backend should not depend on:
- client HOME
- client absolute paths
- host filesystem visibility
- path mirroring inside the container
This is both:
- a privacy/security issue — mounting HOME is far too broad
- an architecture issue — the backend is not client-agnostic
Why this matters
The CLI is the client. The backend should only deal with:
- API payloads
- graph persistence
- query/analysis
It should not know where a repo lives on a user machine, how files are read, or what local path layout the client uses.
Right now we have path-coupled persistence and path-coupled backend behavior. That makes the system fragile, privacy-invasive, and harder to support across environments, runtimes, and future clients.
Proposed direction
Separate responsibilities cleanly.
Client responsibilities
- file discovery
- file reads
- hashing / caching
- parsing / patch generation
- absolute → workspace-relative path conversion
Backend responsibilities
- revisions
- persistence
- graph query
- conflict / map / analysis services
The backend should ingest structured facts, not read client files.
Required changes
- Stop using host absolute paths as canonical source identity
- Introduce workspace-scoped relative identity:
workspace_idworkspace_relative_path
- Move ingestion/file access fully to the client side
- Remove backend reliance on HOME bind mounts
- Refactor backend joins and lookups away from absolute
source_uri
Acceptance criteria
- backend runs without HOME or broad host bind mounts
- ingestion works from client-provided payloads only
- persisted source identity is workspace-scoped and relative
- backend query/analysis paths do not require filesystem access
Problem
The current backend crosses the client/backend boundary.
Today the backend requires a bind mount of the client host filesystem, effectively
/Users/<username>, so it can resolve absolute local paths persisted asprovenance.source_uri.That is the wrong abstraction.
A backend should not depend on:
This is both:
Why this matters
The CLI is the client. The backend should only deal with:
It should not know where a repo lives on a user machine, how files are read, or what local path layout the client uses.
Right now we have path-coupled persistence and path-coupled backend behavior. That makes the system fragile, privacy-invasive, and harder to support across environments, runtimes, and future clients.
Proposed direction
Separate responsibilities cleanly.
Client responsibilities
Backend responsibilities
The backend should ingest structured facts, not read client files.
Required changes
workspace_idworkspace_relative_pathsource_uriAcceptance criteria