Fork N agent worktrees entirely in RAM.
A next-generation version control system built around a snapshot-and-tag model (Jujutsu-inspired), with in-memory virtual worktrees, native committed secrets, and per-file permissions as the long-term thesis.
A checkout assumes one developer, one directory, one disk. Agent fleets break all three: they want dozens of concurrent worktrees, forked in milliseconds, and gone without a trace when the run ends. Disk-bound worktrees leak state and don't scale to that.
The demo
Fork parallel worktrees off one snapshot, run against each, tear down — then prove nothing touched disk with an independent before/after filesystem diff.
# fork 4 parallel in-RAM worktrees, run and check out against each
$ cargo run --bin sc -- demo --agents 4
# force the bounded budget: LRU eviction + spill, auto-cleaned
$ cargo run --bin sc -- demo --agents 6 --budget-mb 4 --spill
# independent zero-residue proof (snapshots the filesystem before/after)
$ bash demo/run_demo.sh
# agent workspaces: fork N workspaces, run a command in each, harvest results
$ sc work --agents 4 -- cargo test
# seal an agent-session transcript and attach it to a commit, signed
$ sc transcript attach HEAD session.json --sign
# interoperate with Git: import a repo's HEAD, export history back,
# or use a Git repo (local or GitHub over https/ssh) as a remote
$ sc import --repo /path/to/git/repo
$ sc export --to /path/to/git/repo
$ sc clone https://github.com/org/repo.git ./mirror How it works
- A worktree is a copy-on-write overlay over an immutable base snapshot — forking N agents is O(overlay), not O(repo); base blobs are shared, never copied
- Content lives only in RAM and touches disk only on an explicit checkout — no FUSE mount, no kernel extension, which is what makes "zero residual artifacts" provable rather than aspirational
- Bounded blob budget with LRU eviction; optional spill to an auto-cleaned content-addressed temp dir keeps the zero-residue guarantee
- Native committed secrets: env vars and keys committed into repo state, encrypted at rest and in transit, decrypted only in an authorized execution context
- Durable
.sc/repos: branches, merge with real conflict ergonomics (sc conflicts/sc resolve), history editing (cherry-pick, rebase, amend, undo), sparse checkouts, accidental-secret scanning, per-path encryption, packfiles/GC - Provenance built in: Ed25519-signed commits with
sc verify --requireas a history-rewrite tripwire, and sealed agent-session transcripts attached to commits — plaintext never enters the object store; a keyless clone gets ciphertext only - sc-native transports over SSH and HTTP — token-based access control, connection caps, session timeouts, streaming packs that move multi-GiB repos in bounded RAM — plus partial clone
- Git interop via
gix, isolated in one crate — import a repo's HEAD in-process, export history back to Git commits, or sync bidirectionally with a Git remote, local or hosted (GitHub over https/ssh)
Status
Phases 1–31 are built and tested. The arc so far: in-RAM virtual
worktrees and committed secrets (P1–2); persistent repos, merge,
secret scanning, remotes, encrypted paths, packfiles/GC, Git
export (P3–9); bidirectional Git sync, secret/permission lifecycle
with rotation, revocation tombstones and bulk re-wrap, SSH transport,
agent workspaces and durable sessions with auto-merge, history
editing (P10–21); signed commits, merge ergonomics, sparse checkouts,
streaming pack transfer, sc-native HTTP transport with token access
control, partial clone, security hardening, sealed agent-session
transcripts, and listener resource limits (P22–31). Feature phases
ship with runnable proof scripts — see demo/ in the repo.
Docs: README · Architecture · ADRs