Trust Boundaries
CodeMesh augments Git and local filesystems. It does not replace either one.
#Local First
CodeMesh state is local machine metadata. The MVP uses a local SQLite database under CodeMesh home to store project registry rows, settings, and agent run metadata.
#Git Remains The Source Of Code Truth
CodeMesh records normalized remotes and clone URLs, then uses Git for clone, fetch, checkout, and hydration. It does not own Git history, source merges, conflict resolution, or uncommitted local work.
#Secret-Free Readiness
Env readiness checks names and paths:
- required env files are checked with filesystem metadata only
- required env keys are checked for presence only
- values are not read, stored, printed, or materialized
#Explicit Non-Goals
| Boundary | MVP stance |
|---|---|
| Git replacement | Out of scope. |
| Cloud sync | Out of scope. |
| Daemon or mount layer | Out of scope. |
| Automatic placeholders | Out of scope. |
| Secret materialization | Out of scope. |
| Build artifact sync | Out of scope by default. |
#Agent Handoff Safety
Agent Prep creates a temporary clone from the registered remote and requested base. It records handoff metadata so the run can be audited and cleaned, but it does not copy uncommitted source files or secret values into the prepared workspace.
For implementation details, see Local State Model and Project Policy Reference.