diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index de23db13..76e94efc 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -4,7 +4,6 @@ on:
   push:
     branches: [ main, master, develop ]
   pull_request:
-    branches: [ main, master, develop ]
   workflow_dispatch:
 
 concurrency:
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
index 4069d45f..6557835b 100644
--- a/.github/workflows/pr-checks.yaml
+++ b/.github/workflows/pr-checks.yaml
@@ -2,7 +2,6 @@ name: PR Checks
 
 on:
   pull_request:
-    branches: [ main, master, develop ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
diff --git a/.github/workflows/syfon-backend-e2e.yaml b/.github/workflows/syfon-backend-e2e.yaml
index 62bb839b..adffa94c 100644
--- a/.github/workflows/syfon-backend-e2e.yaml
+++ b/.github/workflows/syfon-backend-e2e.yaml
@@ -2,7 +2,6 @@ name: Syfon Backend E2E
 
 on:
   pull_request:
-    branches: [ main, master, develop ]
   workflow_dispatch:
 
 concurrency:
@@ -34,28 +33,25 @@ jobs:
         with:
           go-version-file: git-drs/go.mod
 
-      - name: Resolve Syfon ref from go.mod
+      - name: Resolve Syfon commit from pinned module version
         id: syfon-ref
         working-directory: git-drs
         shell: bash
         run: |
-          version="$(go list -m -f '{{ .Version }}' github.com/calypr/syfon 2>/dev/null || true)"
+          version="$(go list -m -f '{{ .Version }}' github.com/calypr/syfon)"
           if [[ -z "$version" || "$version" == "<nil>" ]]; then
-            version="$(go list -m -f '{{ .Version }}' github.com/calypr/syfon/client)"
+            echo "error: could not resolve pinned syfon version" >&2
+            exit 1
           fi
-          ref="$version"
-          if [[ "$version" =~ -([0-9a-f]{12,})$ ]]; then
-            short_ref="${BASH_REMATCH[1]}"
-            ref="$(git ls-remote https://github.com/calypr/syfon.git "refs/heads/*" "refs/tags/*" |
-              awk -v short="$short_ref" 'index($1, short) == 1 && ref == "" { ref = $1 } END { print ref }')"
-            if [[ -z "$ref" ]]; then
-              echo "Could not resolve Syfon pseudo-version commit $short_ref to a full Git SHA" >&2
-              exit 1
-            fi
+          short_ref="${version##*-}"
+          full_ref="$(git ls-remote https://github.com/calypr/syfon.git | awk -v short="$short_ref" '$1 ~ "^" short && first == "" { first = $1 } END { if (first != "") print first; else exit 1 }')"
+          if [[ -z "$full_ref" ]]; then
+            echo "error: could not resolve full syfon commit for $short_ref" >&2
+            exit 1
           fi
           echo "version=$version" >> "$GITHUB_OUTPUT"
-          echo "ref=$ref" >> "$GITHUB_OUTPUT"
-          echo "Using Syfon module version $version; checking out calypr/syfon ref $ref"
+          echo "ref=$full_ref" >> "$GITHUB_OUTPUT"
+          echo "Using Syfon module version $version; checking out calypr/syfon ref $full_ref"
 
       - name: Check out Syfon
         uses: actions/checkout@v4
@@ -65,13 +61,6 @@ jobs:
           path: syfon
           fetch-depth: 1
 
-      - name: Check out data-client
-        uses: actions/checkout@v4
-        with:
-          repository: calypr/data-client
-          path: data-client
-          fetch-depth: 1
-
       - name: Install test prerequisites
         working-directory: git-drs
         run: |
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 82d0ec2c..38b2fc29 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -4,7 +4,6 @@ on:
   push:
     branches: [ main, master, develop ]
   pull_request:
-    branches: [ main, master, develop ]
   workflow_dispatch:
 
 concurrency:
diff --git a/Makefile b/Makefile
index e5ed78dc..3d0f94eb 100644
--- a/Makefile
+++ b/Makefile
@@ -48,19 +48,29 @@ lint:
 	@echo "Running go vet..."
 	@go vet ./...
 	@echo "Running gofmt..."
-	@test -z "$$(gofmt -s -l . | tee /dev/stderr)" || (echo "Please run: gofmt -s -w ." && exit 1)
+	@files="$$(gofmt -s -l cmd/ internal/ tests/ git-drs.go)"; \
+	if [ -n "$$files" ]; then \
+		printf "%s\n" "$$files"; \
+		echo "Please run: gofmt -s -w cmd/ internal/ tests/ git-drs.go"; \
+		exit 1; \
+	fi
 	@echo "Running goimports..."
-	@test -z "$$(goimports -l . | tee /dev/stderr)" || (echo "Please run: goimports -w ." && exit 1)
+	@files="$$(goimports -l cmd/ internal/ tests/ git-drs.go)"; \
+	if [ -n "$$files" ]; then \
+		printf "%s\n" "$$files"; \
+		echo "Please run: goimports -w cmd/ internal/ tests/ git-drs.go"; \
+		exit 1; \
+	fi
 	@echo "Running misspell..."
-	@misspell -error .
+	@misspell -error cmd/ internal/ tests/ docs/ *.go *.md Makefile
 	@echo "✅ All lint checks passed!"
 
 # Auto-fix formatting issues
 fmt:
 	@echo "Formatting with gofmt..."
-	@gofmt -s -w .
+	@gofmt -s -w cmd/ internal/ tests/ git-drs.go
 	@echo "Formatting with goimports..."
-	@goimports -w .
+	@goimports -w cmd/ internal/ tests/ git-drs.go
 	@echo "✅ Formatting complete!"
 
 # Run all tests
@@ -117,4 +127,4 @@ full: proto install tidy lint test website webdash
 clean:
 	@rm -rf ./bin ./pkg ./test_tmp ./build ./buildtools
 
-.PHONY: proto proto-lint website docker webdash build debug coverage coverage-clients coverage-html-full
+.PHONY: proto proto-lint website docker webdash build debug coverage coverage-clients coverage-html-full test install
diff --git a/README.md b/README.md
index 9fa44367..eb3e5d91 100644
--- a/README.md
+++ b/README.md
@@ -3,143 +3,124 @@
 ---
 # NOTICE
 
-git-drs is not yet fully compliant with DRS. It currently works against Gen3 DRS server. Full GA4GH DRS support is expected once v1.6 of the specification has been published.
+`git-drs` is not a pure GA4GH DRS client. It targets Syfon/Gen3-style DRS workflows and uses extensions where repo-scale behavior requires them.
 
 ---
 
 [![Tests](https://github.com/calypr/git-drs/actions/workflows/test.yaml/badge.svg)](https://github.com/calypr/git-drs/actions/workflows/test.yaml)
 
-**Git/DRS orchestration with optional Git LFS compatibility**
+**Git/DRS orchestration with Git-compatible pointer workflows**
 
-Git DRS manages Git-facing DRS workflows: local metadata, Git hooks, filter behavior, lookup/register/push/pull orchestration, and optional Git LFS compatibility. Provider-specific transfer, signed URL behavior, and direct cloud inspection live in client code outside this repo.
+`git-drs` manages:
+
+- remote Gen3/Syfon configuration
+- local DRS metadata
+- pointer-aware push/pull orchestration
+- bucket-scoped object reference workflows
 
 ## Key Features
 
-- **Unified Workflow**: Manage both code and large data files using standard Git commands
-- **DRS Integration**: Built-in support for Gen3 DRS servers
-- **Multi-Remote Support**: Work with development, staging, and production servers in one repository
-- **Automatic Processing**: Files are processed automatically during commits and pushes
-- **Flexible Tracking**: Track individual files, patterns, or entire directories
+- unified Git/data workflow around DRS-backed pointers
+- Gen3/Syfon integration
+- multiple remotes in one repository
+- explicit file tracking and hydration
+- metadata-only reference support for existing bucket objects
 
 ## How It Works
 
-Git DRS works alongside Git LFS when you want LFS-compatible pointers and storage, while still supporting DRS-centric workflows:
+At a high level:
 
-1. **Initialization**: Set up repository and DRS server configuration
-2. **Automatic Commits**: Create DRS objects during pre-commit hooks
-3. **Automatic Pushes**: Register files with DRS servers and upload to configured storage
-4. **On-Demand Downloads**: Pull specific files or patterns as needed
+1. configure a remote for one `organization/project`
+2. let `remote add` bootstrap repo-local `git-drs` state if needed
+3. track file patterns with `git drs track`
+4. add and commit with normal Git
+5. remove tracked pointers with `git drs rm` when you want repository deletion to reconcile with remote DRS state
+6. run `git drs push` for managed metadata registration/upload plus Git push
+7. hydrate pointer files later with `git drs pull`
 
 ## Quick Start
 
-### Installation
-
 ```bash
-# Install Git LFS first
-brew install git-lfs  # macOS
-git lfs install --skip-smudge
-
-# Install Git DRS
-/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)" -- $GIT_DRS_VERSION
-
-# Install global Git filter configuration for git-drs
 git drs install
-```
-
-### Basic Usage
-
-```bash
-# Initialize repository (one-time Git repo setup)
-git drs init
-
-# Add DRS remote
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --organization my-program \
-    --project my-project \
-    --bucket my-bucket
-
-# Required prerequisite (usually steward/admin setup):
-# create bucket credentials, then map org/project to full storage roots before users run push/pull
-git drs bucket add production \
-    --bucket my-bucket \
-    --region us-east-1 \
-    --access-key "$AWS_ACCESS_KEY_ID" \
-    --secret-key "$AWS_SECRET_ACCESS_KEY" \
-    --s3-endpoint https://s3.amazonaws.com
-git drs bucket add-organization production \
-    --organization my-program \
-    --path s3://my-bucket/my-program
-git drs bucket add-project production \
-    --organization my-program \
-    --project my-project \
-    --path s3://my-bucket/my-program/my-project
-
-# Track files
-git lfs track "*.bam"
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+git drs track "*.bam"
 git add .gitattributes
-
-# Add and commit files
-git add my-file.bam
-git commit -m "Add data file"
-git push
-
-# Download files
-git lfs pull -I "*.bam"
+git add sample.bam
+git commit -m "Add sample"
+git drs push
+git drs ls-files
+git drs pull -I "*.bam"
 ```
 
-## Documentation
-
-For detailed setup and usage information:
+## Current CLI Shape
 
-- **[Getting Started](docs/getting-started.md)** - Repository setup and basic workflows
-- **[Commands Reference](docs/commands.md)** - Complete command documentation
-- **[Installation Guide](docs/installation.md)** - Platform-specific installation
-- **[Troubleshooting](docs/troubleshooting.md)** - Common issues and solutions
-- **[E2E Modes + Local Setup](docs/e2e-modes-and-local-setup.md)** - Local vs remote mode, server config, and end-to-end runbooks
-- **[Cloud/Object Integration](docs/adding-s3-files.md)** - Adding files from provider URLs or configured bucket object keys
-- **[Developer Guide](docs/developer-guide.md)** - Internals and development
+The cleaned CLI intentionally removed legacy commands:
 
-## Supported Servers
+- removed:
+  - `git drs fetch`
+  - `git drs list`
+  - `git drs upload`
+  - `git drs download`
+- `git drs pull` is hydration-only
+- `git drs ls-files` is the local file inventory command
+- `git drs remote add gen3` takes scope as `organization/project`
 
-- **Gen3 Data Commons** (e.g., CALYPR)
+Example:
 
-## Supported Environments
-
-- **Local Development** environments
-- **HPC Systems** (e.g., ARC)
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/credentials.json
+```
 
-## Commands Overview
+Current command split:
+
+- `git drs push` is the managed data push path
+- plain `git push` is plain Git only
+- `git drs pull` hydrates tracked pointer files already present in the checkout
+- `git drs ls-files` is the local tracked-file inventory command
+- `git drs add-url` prepares pointer plus local metadata for existing provider objects
+
+## Bucket Mapping Model
+
+End users should not need to know the bucket name.
+
+Push and pull depend on server-side bucket mapping for the requested scope. That mapping is normally provisioned once by a steward/admin using the bucket commands.
+
+## Common Commands
+
+| Command | Description |
+| --- | --- |
+| `git drs install` | Install global `git-drs` filter config |
+| `git drs init` | Explicitly initialize or repair repository-local `git-drs` state |
+| `git drs remote add gen3 [remote] <org/project>` | Add or refresh a Gen3/Syfon remote |
+| `git drs remote list` | List configured remotes |
+| `git drs remote remove <name>` | Remove a configured DRS remote |
+| `git drs remote set <name>` | Set the default remote |
+| `git drs track <pattern>` | Track files or globs |
+| `git drs untrack <pattern>` | Stop tracking files or globs |
+| `git drs rm <path>...` | Remove tracked DRS/LFS files from Git |
+| `git drs ls-files` | List tracked files and localization state |
+| `git drs pull` | Hydrate pointer files in the current checkout |
+| `git drs push` | Register/upload objects, reconcile committed deletes, and push refs |
+| `git drs add-url` | Add an existing provider object by URL or scoped key |
+| `git drs add-ref` | Add a local reference to an existing DRS object |
+| `git drs query` | Query a DRS object by ID |
+| `git drs copy-records` | Copy Syfon records between remotes for one scope |
 
-| Command                | Description                           |
-| ---------------------- | ------------------------------------- |
-| `git drs install`      | Install global git-drs filter config  |
-| `git drs init`         | Initialize repository                 |
-| `git drs remote add`   | Add a DRS remote server               |
-| `git drs remote list`  | List configured remotes               |
-| `git drs remote set`   | Set default remote                    |
-| `git drs add-url`      | Add files via provider URLs or configured bucket object keys |
-| `git lfs track`        | Track file patterns with LFS          |
-| `git lfs ls-files`     | List tracked files                    |
-| `git lfs pull`         | Download tracked files                |
-| `git drs fetch`        | Fetch metadata from DRS server        |
-| `git drs push`         | Push objects to DRS server            |
+## Documentation
 
-Use `--help` with any command for details. See [Commands Reference](docs/commands.md) for complete documentation.
+- [Getting Started](docs/getting-started.md)
+- [Commands Reference](docs/commands.md)
+- [Troubleshooting](docs/troubleshooting.md)
+- [Developer Guide](docs/developer-guide.md)
+- [GA4GH DRS Scalability Gaps](docs/ga4gh-drs-scalability-gaps.md)
 
 ## Requirements
 
-- Git LFS installed and configured
-- Access credentials for your DRS server
-- Go 1.24+ (for building from source)
+- Git
+- access credentials for the target Gen3/Syfon deployment
+- Go 1.26.2+ for local builds
 
 ## Support
 
-- **Issues**: [GitHub Issues](https://github.com/calypr/git-drs/issues)
-- **Releases**: [GitHub Releases](https://github.com/calypr/git-drs/releases)
-- **Documentation**: See `docs/` folder for detailed guides
-
-## License
-
-This project is part of the CALYPR data commons ecosystem.
+- [GitHub Issues](https://github.com/calypr/git-drs/issues)
+- [GitHub Releases](https://github.com/calypr/git-drs/releases)
diff --git a/attic/issue-add-include-pattern-to-git-drs-pull.md b/attic/issue-add-include-pattern-to-git-drs-pull.md
new file mode 100644
index 00000000..4217ab3b
--- /dev/null
+++ b/attic/issue-add-include-pattern-to-git-drs-pull.md
@@ -0,0 +1,51 @@
+# Add `-I "pattern"` include filter support to `git drs pull`
+
+## Summary
+Add include-pattern filtering to `git drs pull`, similar to legacy `git lfs pull -I "pattern"` workflows.
+
+## Motivation
+Current `git drs pull` behavior pulls based on repository resolution without a user-facing path pattern filter. Users migrating from `git lfs pull -I` expect selective hydration of files by glob/path.
+
+## Proposed UX
+Support:
+
+```bash
+git drs pull -I "results/*.txt"
+git drs pull -I "*.bam" -I "data/**"
+git drs pull --include "path/to/file"
+```
+
+Optional:
+- `--exclude` parity (if desired in same change or follow-up)
+
+## Proposed behavior
+1. Parse one or more include patterns (`-I`, `--include`).
+2. Resolve candidate pointers as usual.
+3. Filter by repo-relative path match before download.
+4. Download only matched objects; skip others with clear logging.
+5. If no pattern supplied, preserve current default behavior.
+
+## Scope
+- `cmd/pull/main.go` CLI flags and pull selection pipeline
+- pointer/path inventory layer (where path<->OID candidates are produced)
+- docs: `docs/commands.md`, `docs/getting-started.md`, `docs/troubleshooting.md`
+- tests for include filtering semantics
+
+## Acceptance criteria
+- [ ] `git drs pull -I "<pattern>"` works for a single pattern.
+- [ ] Repeated `-I` flags are supported.
+- [ ] Include matching is against repo-relative paths.
+- [ ] Default `git drs pull` behavior unchanged when no `-I` is passed.
+- [ ] Help text documents pattern syntax and examples.
+- [ ] Unit/integration tests cover positive and negative matches.
+
+## Testing matrix
+- Single file exact path include.
+- Wildcard include (`*.bam`, `data/**`).
+- Multiple `-I` values.
+- No matches (should no-op cleanly and return success unless policy says otherwise).
+- Mixed matched/unmatched objects in same pull run.
+
+## Notes
+This closes a usability gap for users transitioning from `git lfs` CLI habits to `git drs` commands while keeping pull behavior explicit and predictable.
+
diff --git a/cmd/addref/add-ref.go b/cmd/addref/add-ref.go
index 860d675f..84f3b7f0 100644
--- a/cmd/addref/add-ref.go
+++ b/cmd/addref/add-ref.go
@@ -9,6 +9,7 @@ import (
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	"github.com/spf13/cobra"
 )
 
@@ -37,7 +38,7 @@ var Cmd = &cobra.Command{
 			return err
 		}
 
-		client, err := cfg.GetRemoteClient(remoteName, logger)
+		client, err := remoteruntime.New(cfg, remoteName, logger)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/addurl/cache.go b/cmd/addurl/cache.go
deleted file mode 100644
index 54e64b3f..00000000
--- a/cmd/addurl/cache.go
+++ /dev/null
@@ -1,264 +0,0 @@
-package addurl
-
-import (
-	"context"
-	"crypto/sha256"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"log/slog"
-	"maps"
-	"os"
-	"path/filepath"
-	"slices"
-	"strings"
-	"time"
-
-	"github.com/calypr/git-drs/internal/gitrepo"
-	"github.com/calypr/git-drs/internal/precommit_cache"
-)
-
-// updatePrecommitCache updates the project's pre-commit cache with a mapping
-// from a repository-relative `pathArg` to the given LFS `oid` and records the
-// external source URL. It will:
-//   - require a non-nil `logger`
-//   - open the pre-commit cache (`precommit_cache.Open`)
-//   - ensure cache directories exist
-//   - convert the supplied worktree path to a repository-relative path
-//   - create or update the per-path JSON entry with the current OID and timestamp
-//   - create or update the per-OID JSON entry listing paths that reference it,
-//     the external URL, and a content-change flag when the path's OID changed
-//   - remove the path from the previous OID entry when the content changed
-//
-// Parameters:
-//   - ctx: context for operations that may be cancellable
-//   - logger: a non-nil `*slog.Logger` used for warnings; if nil the function
-//     returns an error
-//   - pathArg: the worktree path to record (absolute or relative); must not be empty
-//   - oid: the LFS object id (string) to associate with the path
-//   - externalURL: optional external source URL for the object; empty string is allowed
-//
-// Returns an error if any cache operation, path resolution, or I/O fails.
-func updatePrecommitCache(ctx context.Context, logger *slog.Logger, pathArg, oid, externalURL string) error {
-	if logger == nil {
-		return errors.New("logger is required")
-	}
-	// Open pre-commit cache. Returns a configured Cache or error.
-	cache, err := precommit_cache.Open(ctx)
-	if err != nil {
-		return err
-	}
-
-	// Ensure cache directories exist.
-	if err := ensureCacheDirs(cache, logger); err != nil {
-		return err
-	}
-
-	// Convert worktree path to repository-relative path.
-	relPath, err := repoRelativePath(pathArg)
-	if err != nil {
-		return err
-	}
-
-	// Current timestamp in RFC3339 format (UTC).
-	now := time.Now().UTC().Format(time.RFC3339)
-
-	// Read previous path entry, if any.
-	pathFile := cachePathEntryFile(cache, relPath)
-	prevEntry, prevExists, err := readPathEntry(pathFile)
-	if err != nil {
-		return err
-	}
-	// track whether content changed for this path
-	contentChanged := prevExists && prevEntry.LFSOID != "" && prevEntry.LFSOID != oid
-
-	if err := writeJSONAtomic(pathFile, precommit_cache.PathEntry{
-		Path:      relPath,
-		LFSOID:    oid,
-		UpdatedAt: now,
-	}); err != nil {
-		return err
-	}
-
-	if err := upsertOIDEntry(cache, oid, relPath, externalURL, now, contentChanged); err != nil {
-		return err
-	}
-
-	if contentChanged {
-		_ = removePathFromOID(cache, prevEntry.LFSOID, relPath, now)
-	}
-
-	return nil
-}
-
-// ensureCacheDirs verifies and creates the pre-commit cache directory layout
-// (paths and oids directories). It logs a warning when creating a missing
-// cache root.
-func ensureCacheDirs(cache *precommit_cache.Cache, logger *slog.Logger) error {
-	if cache == nil {
-		return errors.New("cache is nil")
-	}
-	if _, err := os.Stat(cache.Root); err != nil {
-		if os.IsNotExist(err) {
-			logger.Warn("pre-commit cache directory missing; creating", "path", cache.Root)
-		} else {
-			return err
-		}
-	}
-	if err := os.MkdirAll(cache.PathsDir, 0o755); err != nil {
-		return fmt.Errorf("create cache paths dir: %w", err)
-	}
-	if err := os.MkdirAll(cache.OIDsDir, 0o755); err != nil {
-		return fmt.Errorf("create cache oids dir: %w", err)
-	}
-	return nil
-}
-
-// repoRelativePath converts a worktree path (absolute or relative) to a
-// repository-relative path. It resolves symlinks and ensures the path is
-// contained within the repository root.
-func repoRelativePath(pathArg string) (string, error) {
-	if pathArg == "" {
-		return "", errors.New("empty worktree path")
-	}
-	root, err := gitrepo.GitTopLevel()
-	if err != nil {
-		return "", err
-	}
-	root, err = filepath.EvalSymlinks(root)
-	if err != nil {
-		return "", err
-	}
-	clean := filepath.Clean(pathArg)
-	if filepath.IsAbs(clean) {
-		clean, err = filepath.EvalSymlinks(clean)
-		if err != nil {
-			return "", err
-		}
-		rel, err := filepath.Rel(root, clean)
-		if err != nil {
-			return "", err
-		}
-		if strings.HasPrefix(rel, "..") {
-			return "", fmt.Errorf("path %s is outside repo root %s", clean, root)
-		}
-		return filepath.ToSlash(rel), nil
-	}
-	return filepath.ToSlash(clean), nil
-}
-
-// cachePathEntryFile returns the filesystem path to the JSON path-entry file
-// for the given repository-relative path within the provided Cache.
-func cachePathEntryFile(cache *precommit_cache.Cache, path string) string {
-	return filepath.Join(cache.PathsDir, precommit_cache.EncodePath(path)+".json")
-}
-
-// cacheOIDEntryFile returns the filesystem path to the JSON OID-entry file
-// for the given LFS OID. The file is named by sha256(oid) to avoid filesystem
-// restrictions and collisions.
-func cacheOIDEntryFile(cache *precommit_cache.Cache, oid string) string {
-	sum := sha256.Sum256([]byte(oid))
-	return filepath.Join(cache.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
-}
-
-// readPathEntry reads and parses a JSON PathEntry from disk. It returns the
-// parsed entry, a boolean indicating existence, or an error on I/O/parse
-// failure.
-func readPathEntry(path string) (*precommit_cache.PathEntry, bool, error) {
-	data, err := os.ReadFile(path)
-	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			return nil, false, nil
-		}
-		return nil, false, err
-	}
-	var entry precommit_cache.PathEntry
-	if err := json.Unmarshal(data, &entry); err != nil {
-		return nil, false, err
-	}
-	return &entry, true, nil
-}
-
-// readOIDEntry reads and parses a JSON OIDEntry from disk. If the file is
-// missing it returns a freshly initialized entry (with LFSOID set to the
-// supplied oid and UpdatedAt set to now).
-func readOIDEntry(path string, oid string, now string) (*precommit_cache.OIDEntry, error) {
-	entry := &precommit_cache.OIDEntry{
-		LFSOID:    oid,
-		Paths:     []string{},
-		UpdatedAt: now,
-	}
-	data, err := os.ReadFile(path)
-	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			return entry, nil
-		}
-		return nil, err
-	}
-	if err := json.Unmarshal(data, entry); err != nil {
-		return nil, err
-	}
-	entry.LFSOID = oid
-	return entry, nil
-}
-
-// upsertOIDEntry creates or updates the OID entry for `oid`, ensuring `path`
-// is listed among its Paths, updating ExternalURL when provided, and setting
-// content-change/state fields. The updated entry is written atomically.
-func upsertOIDEntry(cache *precommit_cache.Cache, oid, path, externalURL, now string, contentChanged bool) error {
-	if cache == nil {
-		return errors.New("cache is nil")
-	}
-	oidFile := cacheOIDEntryFile(cache, oid)
-	entry, err := readOIDEntry(oidFile, oid, now)
-	if err != nil {
-		return err
-	}
-
-	pathSet := make(map[string]struct{}, len(entry.Paths)+1)
-	for _, p := range entry.Paths {
-		pathSet[p] = struct{}{}
-	}
-	if path != "" {
-		pathSet[path] = struct{}{}
-	}
-	entry.Paths = sortedKeys(pathSet)
-	entry.UpdatedAt = now
-	entry.ContentChange = entry.ContentChange || contentChanged
-	if strings.TrimSpace(externalURL) != "" {
-		entry.ExternalURL = externalURL
-	}
-
-	return writeJSONAtomic(oidFile, entry)
-}
-
-// removePathFromOID removes `path` from the OID entry for `oid` and writes
-// the updated entry atomically. Missing entries are treated as empty.
-func removePathFromOID(cache *precommit_cache.Cache, oid, path, now string) error {
-	if cache == nil {
-		return errors.New("cache is nil")
-	}
-	oidFile := cacheOIDEntryFile(cache, oid)
-	entry, err := readOIDEntry(oidFile, oid, now)
-	if err != nil {
-		return err
-	}
-	pathSet := make(map[string]struct{}, len(entry.Paths))
-	for _, p := range entry.Paths {
-		if p == path {
-			continue
-		}
-		pathSet[p] = struct{}{}
-	}
-	entry.Paths = sortedKeys(pathSet)
-	entry.UpdatedAt = now
-
-	return writeJSONAtomic(oidFile, entry)
-}
-
-// sortedKeys returns a sorted slice of keys from the provided string-set map.
-func sortedKeys(set map[string]struct{}) []string {
-	keys := slices.Collect(maps.Keys(set))
-	slices.Sort(keys)
-	return keys
-}
diff --git a/cmd/addurl/params.go b/cmd/addurl/input.go
similarity index 50%
rename from cmd/addurl/params.go
rename to cmd/addurl/input.go
index 778485ca..bfcb0b79 100644
--- a/cmd/addurl/params.go
+++ b/cmd/addurl/input.go
@@ -3,12 +3,8 @@ package addurl
 import (
 	"fmt"
 	"net/url"
-	"os"
-	"path"
 	"strings"
 
-	"github.com/calypr/git-drs/internal/gitrepo"
-	sycloud "github.com/calypr/syfon/client/cloud"
 	"github.com/spf13/cobra"
 )
 
@@ -63,18 +59,6 @@ func resolvePathArg(sourceArg string, args []string) (string, error) {
 	return strings.Trim(strings.TrimSpace(sourceArg), "/"), nil
 }
 
-func buildObjectParameters(objectURL, pathArg, sha256 string) sycloud.ObjectParameters {
-	return sycloud.ObjectParameters{
-		ObjectURL:       objectURL,
-		S3Region:        firstNonEmpty(os.Getenv("AWS_REGION"), os.Getenv("AWS_DEFAULT_REGION"), os.Getenv("TEST_BUCKET_REGION")),
-		S3Endpoint:      firstNonEmpty(os.Getenv("AWS_ENDPOINT_URL_S3"), os.Getenv("AWS_ENDPOINT_URL"), os.Getenv("TEST_BUCKET_ENDPOINT")),
-		S3AccessKey:     firstNonEmpty(os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("TEST_BUCKET_ACCESS_KEY")),
-		S3SecretKey:     firstNonEmpty(os.Getenv("AWS_SECRET_ACCESS_KEY"), os.Getenv("TEST_BUCKET_SECRET_KEY")),
-		SHA256:          sha256,
-		DestinationPath: pathArg,
-	}
-}
-
 func looksLikeCloudURL(raw string) bool {
 	u, err := url.Parse(strings.TrimSpace(raw))
 	if err != nil {
@@ -91,37 +75,6 @@ func looksLikeCloudURL(raw string) bool {
 	}
 }
 
-func resolveObjectURL(input addURLInput, scope gitrepo.ResolvedBucketScope) (string, error) {
-	if looksLikeCloudURL(input.sourceArg) {
-		return input.sourceArg, nil
-	}
-	if input.scheme == "" {
-		return "", fmt.Errorf("object key mode requires --scheme because local bucket mappings store bucket/prefix but not provider scheme")
-	}
-	key := joinObjectKey(scope.Prefix, input.sourceArg)
-	switch input.scheme {
-	case "s3":
-		return fmt.Sprintf("s3://%s/%s", scope.Bucket, key), nil
-	case "gs", "gcs":
-		return fmt.Sprintf("gs://%s/%s", scope.Bucket, key), nil
-	case "azblob", "az":
-		return "", fmt.Errorf("object key mode for Azure requires a full azblob:// URL because the local mapping does not store account_name")
-	default:
-		return "", fmt.Errorf("unsupported --scheme %q (expected s3 or gs, or pass a full object URL)", input.scheme)
-	}
-}
-
-func joinObjectKey(prefix, key string) string {
-	parts := make([]string, 0, 2)
-	if p := strings.Trim(strings.TrimSpace(prefix), "/"); p != "" {
-		parts = append(parts, p)
-	}
-	if k := strings.Trim(strings.TrimSpace(key), "/"); k != "" {
-		parts = append(parts, k)
-	}
-	return path.Join(parts...)
-}
-
 func firstNonEmpty(values ...string) string {
 	for _, v := range values {
 		v = strings.TrimSpace(v)
diff --git a/cmd/addurl/inspect.go b/cmd/addurl/inspect.go
new file mode 100644
index 00000000..81a95824
--- /dev/null
+++ b/cmd/addurl/inspect.go
@@ -0,0 +1,141 @@
+package addurl
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	sycloud "github.com/calypr/syfon/client/cloud"
+	syrequest "github.com/calypr/syfon/client/request"
+)
+
+const internalInspectObjectPath = "/data/inspect"
+
+type inspectedObject struct {
+	objectURL string
+	info      *sycloud.ObjectInfo
+}
+
+type internalInspectObjectRequest struct {
+	Organization string `json:"organization,omitempty"`
+	Project      string `json:"project,omitempty"`
+	Key          string `json:"key,omitempty"`
+	Scheme       string `json:"scheme,omitempty"`
+	ObjectURL    string `json:"object_url,omitempty"`
+}
+
+type internalInspectObjectResponse struct {
+	ObjectURL   string `json:"object_url"`
+	Provider    string `json:"provider"`
+	Bucket      string `json:"bucket"`
+	Key         string `json:"key"`
+	Path        string `json:"path"`
+	SizeBytes   int64  `json:"size_bytes"`
+	MetaSHA256  string `json:"meta_sha256,omitempty"`
+	ETag        string `json:"etag,omitempty"`
+	LastModTime string `json:"last_modified,omitempty"`
+}
+
+func inspectRemoteObjectViaServer(ctx context.Context, drsCtx *remoteruntime.GitContext, input addURLInput) (*inspectedObject, error) {
+	if drsCtx == nil || drsCtx.Client == nil || drsCtx.Client.Requestor() == nil {
+		return nil, fmt.Errorf("remote-backed add-url inspection requires a configured syfon client")
+	}
+
+	req := internalInspectObjectRequest{}
+	target := strings.TrimSpace(input.sourceArg)
+	if looksLikeCloudURL(target) {
+		if !strings.HasPrefix(strings.ToLower(target), "s3://") {
+			return nil, fmt.Errorf("remote-backed add-url inspection currently supports only s3:// URLs")
+		}
+		req.ObjectURL = target
+	} else {
+		if strings.TrimSpace(input.scheme) == "" {
+			return nil, fmt.Errorf("object key mode requires --scheme because the remote must know which provider to inspect")
+		}
+		if strings.ToLower(strings.TrimSpace(input.scheme)) != "s3" {
+			return nil, fmt.Errorf("remote-backed add-url inspection currently supports only --scheme s3")
+		}
+		req.Organization = strings.TrimSpace(drsCtx.Organization)
+		req.Project = strings.TrimSpace(drsCtx.ProjectId)
+		req.Key = strings.Trim(target, "/")
+		req.Scheme = "s3"
+	}
+
+	var resp internalInspectObjectResponse
+	if err := drsCtx.Client.Requestor().Do(ctx, http.MethodPost, internalInspectObjectPath, req, &resp); err != nil {
+		return nil, mapInspectError(target, err)
+	}
+	return &inspectedObject{
+		objectURL: resp.ObjectURL,
+		info: &sycloud.ObjectInfo{
+			Bucket:      resp.Bucket,
+			Key:         resp.Key,
+			Path:        resp.Path,
+			SizeBytes:   resp.SizeBytes,
+			MetaSHA256:  resp.MetaSHA256,
+			ETag:        resp.ETag,
+			LastModTime: parseInspectLastModified(resp.LastModTime),
+		},
+	}, nil
+}
+
+func parseInspectLastModified(raw string) time.Time {
+	raw = strings.TrimSpace(raw)
+	if raw == "" {
+		return time.Time{}
+	}
+	t, err := time.Parse(time.RFC3339, raw)
+	if err != nil {
+		return time.Time{}
+	}
+	return t
+}
+
+func mapInspectError(target string, err error) error {
+	var respErr *syrequest.ResponseError
+	if !errorAsResponse(err, &respErr) {
+		return fmt.Errorf("remote-backed add-url inspection failed for %q: %w", target, err)
+	}
+
+	body := strings.TrimSpace(respErr.Body)
+	switch respErr.Status {
+	case http.StatusBadRequest:
+		return fmt.Errorf("remote-backed add-url inspection rejected %q: %s", target, fallbackInspectMessage(body, "invalid request"))
+	case http.StatusForbidden:
+		return fmt.Errorf("remote-backed add-url inspection was denied for %q: %s", target, fallbackInspectMessage(body, "permission denied"))
+	case http.StatusNotFound:
+		if looksLikeInspectRouteMissing(body) {
+			return fmt.Errorf("remote-backed add-url inspection is unavailable on this Syfon remote; upgrade Syfon to a version that implements %s", internalInspectObjectPath)
+		}
+		return fmt.Errorf("remote-backed add-url inspection could not find %q: %s", target, fallbackInspectMessage(body, "not found"))
+	default:
+		return fmt.Errorf("remote-backed add-url inspection failed for %q: %s", target, fallbackInspectMessage(body, err.Error()))
+	}
+}
+
+func looksLikeInspectRouteMissing(body string) bool {
+	body = strings.ToLower(strings.TrimSpace(body))
+	return body == "" ||
+		strings.Contains(body, "cannot post /data/inspect") ||
+		strings.Contains(body, "cannot post /data/inspect/") ||
+		strings.Contains(body, "not found")
+}
+
+func fallbackInspectMessage(body string, fallback string) string {
+	if strings.TrimSpace(body) != "" {
+		return strings.TrimSpace(body)
+	}
+	return fallback
+}
+
+func errorAsResponse(err error, target **syrequest.ResponseError) bool {
+	respErr, ok := err.(*syrequest.ResponseError)
+	if ok {
+		*target = respErr
+		return true
+	}
+	return false
+}
diff --git a/cmd/addurl/io.go b/cmd/addurl/io.go
deleted file mode 100644
index 22876e1b..00000000
--- a/cmd/addurl/io.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package addurl
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	sycloud "github.com/calypr/syfon/client/cloud"
-	"github.com/spf13/cobra"
-)
-
-// writePointerFile writes a Git LFS pointer file at the given worktree path
-// referencing the supplied oid and recording sizeBytes. It creates parent
-// directories as needed and validates the path is non-empty.
-func writePointerFile(pathArg, oid string, sizeBytes int64) error {
-	pointer := fmt.Sprintf(
-		"version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
-		oid, sizeBytes,
-	)
-	if pathArg == "" {
-		return fmt.Errorf("empty worktree path")
-	}
-	safePath := filepath.Clean(pathArg)
-	dir := filepath.Dir(safePath)
-	if dir != "." && dir != "/" {
-		if err := os.MkdirAll(dir, 0755); err != nil {
-			return fmt.Errorf("mkdir %s: %w", dir, err)
-		}
-	}
-	if err := os.WriteFile(safePath, []byte(pointer), 0644); err != nil {
-		return fmt.Errorf("write %s: %w", safePath, err)
-	}
-
-	if _, err := fmt.Fprintf(os.Stderr, "Added Git LFS pointer file at %s\n", safePath); err != nil {
-		return fmt.Errorf("stderr write: %w", err)
-	}
-	return nil
-}
-
-// maybeTrackLFS ensures the supplied path is tracked by Git LFS by invoking
-// the provided gitLFSTrack callback when the path is not already tracked.
-// It reports the addition to stderr for user guidance.
-func maybeTrackLFS(ctx context.Context, gitLFSTrack func(context.Context, string) (bool, error), pathArg string, isTracked bool) error {
-	if isTracked {
-		return nil
-	}
-	if _, err := gitLFSTrack(ctx, pathArg); err != nil {
-		return fmt.Errorf("git lfs track %s: %w", pathArg, err)
-	}
-
-	if _, err := fmt.Fprintf(os.Stderr, "Info: Added to Git LFS. Remember to `git add %s` and `git commit ...`", pathArg); err != nil {
-		return fmt.Errorf("stderr write: %w", err)
-	}
-	return nil
-}
-
-// printResolvedInfo writes a human-readable summary of resolved Git/LFS and
-// cloud object information to the command's stdout for user confirmation.
-func printResolvedInfo(cmd *cobra.Command, gitCommonDir, lfsRoot string, objectInfo *sycloud.ObjectInfo, pathArg string, isTracked bool, sha256 string) error {
-	if _, err := fmt.Fprintf(cmd.OutOrStdout(), `
-Resolved Git LFS Object Info
-----------------------------
-Git common dir : %s
-LFS storage    : %s
-
-Cloud object
-------------
-Bucket         : %s
-Key            : %s
-Worktree name  : %s
-Size (bytes)   : %d
-SHA256 (meta)  : %s
-ETag           : %s
-Last modified  : %s
-
-Worktree
--------------
-path           : %s
-tracked by LFS : %v
-sha256 param  : %s
-
-`,
-		gitCommonDir,
-		lfsRoot,
-		objectInfo.Bucket,
-		objectInfo.Key,
-		objectInfo.Path,
-		objectInfo.SizeBytes,
-		objectInfo.MetaSHA256,
-		objectInfo.ETag,
-		objectInfo.LastModTime.Format("2006-01-02T15:04:05Z07:00"),
-		pathArg,
-		isTracked,
-		sha256,
-	); err != nil {
-		return fmt.Errorf("print resolved object info: %w", err)
-	}
-	return nil
-}
-
-// writeJSONAtomic marshals `value` to JSON and writes it to `path` atomically
-// by writing to a temporary file in the same directory and renaming it. It
-// ensures parent directories exist.
-func writeJSONAtomic(path string, value any) error {
-	dir := filepath.Dir(path)
-	if err := os.MkdirAll(dir, 0o755); err != nil {
-		return err
-	}
-	tmp := path + ".tmp"
-	data, err := json.Marshal(value)
-	if err != nil {
-		return err
-	}
-	if err := os.WriteFile(tmp, data, 0o644); err != nil {
-		return err
-	}
-	return os.Rename(tmp, path)
-}
diff --git a/cmd/addurl/local_state.go b/cmd/addurl/local_state.go
new file mode 100644
index 00000000..d76d3a56
--- /dev/null
+++ b/cmd/addurl/local_state.go
@@ -0,0 +1,260 @@
+package addurl
+
+import (
+	"context"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"log/slog"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/precommit_cache"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	sycloud "github.com/calypr/syfon/client/cloud"
+	"github.com/google/uuid"
+	"github.com/spf13/cobra"
+)
+
+type addURLDrsFile struct {
+	Name string
+	Size int64
+	Oid  string
+}
+
+func drsobjectBuilder(bucket, organization, project, storagePrefix string) drsobject.Builder {
+	builder := drsobject.NewBuilder(bucket, project)
+	builder.Organization = organization
+	builder.StoragePrefix = storagePrefix
+	return builder
+}
+
+func writeAddURLDrsObject(builder drsobject.Builder, file addURLDrsFile, objectPath string) (*drsapi.DrsObject, error) {
+	existing, err := drsobject.ReadObject(gitrepo.DRSObjectsPath, file.Oid)
+	var drsObj *drsapi.DrsObject
+	if err == nil && existing != nil {
+		drsObj = existing
+		name := file.Name
+		drsObj.Name = &name
+		drsObj.Size = file.Size
+	} else {
+		drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
+		drsObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
+		if err != nil {
+			return nil, fmt.Errorf("error building DRS object for oid %s: %w", file.Oid, err)
+		}
+	}
+
+	if objectPath != "" {
+		if drsObj.AccessMethods != nil && len(*drsObj.AccessMethods) > 0 {
+			am := &(*drsObj.AccessMethods)[0]
+			am.AccessUrl = &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: objectPath}
+		} else {
+			drsObj.AccessMethods = &[]drsapi.AccessMethod{{
+				Type: drsapi.AccessMethodTypeS3,
+				AccessUrl: &struct {
+					Headers *[]string `json:"headers,omitempty"`
+					Url     string    `json:"url"`
+				}{Url: objectPath},
+			}}
+		}
+	}
+
+	if err := drsobject.WriteObject(gitrepo.DRSObjectsPath, drsObj, file.Oid); err != nil {
+		return nil, fmt.Errorf("error writing DRS object for oid %s: %w", file.Oid, err)
+	}
+	return drsObj, nil
+}
+
+func placeholderOIDForUnknownSHA(etag string, sourceURL string) (string, error) {
+	e := strings.TrimSpace(strings.Trim(etag, `"`))
+	src := strings.TrimSpace(sourceURL)
+	if e == "" {
+		return "", fmt.Errorf("etag is required for placeholder oid")
+	}
+	if src == "" {
+		return "", fmt.Errorf("source URL is required for placeholder oid")
+	}
+	sum := sha256.Sum256([]byte("git-drs-add-url-placeholder:v2\netag=" + e + "\nsource=" + src + "\n"))
+	return fmt.Sprintf("%x", sum[:]), nil
+}
+
+// updatePrecommitCache updates the project's pre-commit cache with a mapping
+// from a repository-relative `pathArg` to the given LFS `oid` and records the
+// external source URL.
+func updatePrecommitCache(ctx context.Context, logger *slog.Logger, pathArg, oid, externalURL string) error {
+	if logger == nil {
+		return errors.New("logger is required")
+	}
+	cache, err := precommit_cache.Open(ctx)
+	if err != nil {
+		return err
+	}
+	if err := ensureCacheDirs(cache, logger); err != nil {
+		return err
+	}
+
+	relPath, err := repoRelativePath(pathArg)
+	if err != nil {
+		return err
+	}
+
+	now := time.Now().UTC().Format(time.RFC3339)
+	prevEntry, prevExists, err := precommit_cache.ReadPathEntry(cache, relPath)
+	if err != nil {
+		return err
+	}
+	contentChanged := prevExists && prevEntry.LFSOID != "" && prevEntry.LFSOID != oid
+
+	if err := precommit_cache.WritePathEntry(cache, precommit_cache.PathEntry{
+		Path:      relPath,
+		LFSOID:    oid,
+		UpdatedAt: now,
+	}); err != nil {
+		return err
+	}
+	if err := precommit_cache.UpsertOIDPath(cache, oid, "", relPath, externalURL, now, contentChanged); err != nil {
+		return err
+	}
+	if contentChanged {
+		if err := precommit_cache.RemoveOIDPath(cache, prevEntry.LFSOID, relPath, now); err != nil {
+			return fmt.Errorf("remove stale OID path mapping for %s: %w", relPath, err)
+		}
+	}
+	return nil
+}
+
+func ensureCacheDirs(cache *precommit_cache.Cache, logger *slog.Logger) error {
+	if cache == nil {
+		return errors.New("cache is nil")
+	}
+	if _, err := os.Stat(cache.Root); err != nil {
+		if os.IsNotExist(err) {
+			logger.Warn("pre-commit cache directory missing; creating", "path", cache.Root)
+		} else {
+			return err
+		}
+	}
+	if err := precommit_cache.EnsureLayout(cache); err != nil {
+		return fmt.Errorf("create cache layout: %w", err)
+	}
+	return nil
+}
+
+func repoRelativePath(pathArg string) (string, error) {
+	if pathArg == "" {
+		return "", errors.New("empty worktree path")
+	}
+	root, err := gitrepo.GitTopLevel()
+	if err != nil {
+		return "", err
+	}
+	root, err = filepath.EvalSymlinks(root)
+	if err != nil {
+		return "", err
+	}
+	clean := filepath.Clean(pathArg)
+	if filepath.IsAbs(clean) {
+		clean, err = filepath.EvalSymlinks(clean)
+		if err != nil {
+			return "", err
+		}
+		rel, err := filepath.Rel(root, clean)
+		if err != nil {
+			return "", err
+		}
+		if strings.HasPrefix(rel, "..") {
+			return "", fmt.Errorf("path %s is outside repo root %s", clean, root)
+		}
+		return filepath.ToSlash(rel), nil
+	}
+	return filepath.ToSlash(clean), nil
+}
+
+func writePointerFile(pathArg, oid string, sizeBytes int64) error {
+	pointer := fmt.Sprintf(
+		"version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
+		oid, sizeBytes,
+	)
+	if pathArg == "" {
+		return fmt.Errorf("empty worktree path")
+	}
+	safePath := filepath.Clean(pathArg)
+	dir := filepath.Dir(safePath)
+	if dir != "." && dir != "/" {
+		if err := os.MkdirAll(dir, 0o755); err != nil {
+			return fmt.Errorf("mkdir %s: %w", dir, err)
+		}
+	}
+	if err := os.WriteFile(safePath, []byte(pointer), 0o644); err != nil {
+		return fmt.Errorf("write %s: %w", safePath, err)
+	}
+
+	if _, err := fmt.Fprintf(os.Stderr, "Added Git LFS pointer file at %s\n", safePath); err != nil {
+		return fmt.Errorf("stderr write: %w", err)
+	}
+	return nil
+}
+
+func maybeTrackLFS(ctx context.Context, gitLFSTrack func(context.Context, string) (bool, error), pathArg string, isTracked bool) error {
+	if isTracked {
+		return nil
+	}
+	if _, err := gitLFSTrack(ctx, pathArg); err != nil {
+		return fmt.Errorf("git lfs track %s: %w", pathArg, err)
+	}
+
+	if _, err := fmt.Fprintf(os.Stderr, "Info: Added to Git LFS. Remember to `git add %s` and `git commit ...`", pathArg); err != nil {
+		return fmt.Errorf("stderr write: %w", err)
+	}
+	return nil
+}
+
+func printResolvedInfo(cmd *cobra.Command, gitCommonDir, lfsRoot string, objectInfo *sycloud.ObjectInfo, pathArg string, isTracked bool, sha256 string) error {
+	if _, err := fmt.Fprintf(cmd.OutOrStdout(), `
+Resolved Git LFS Object Info
+----------------------------
+Git common dir : %s
+LFS storage    : %s
+
+Cloud object
+------------
+Bucket         : %s
+Key            : %s
+Worktree name  : %s
+Size (bytes)   : %d
+SHA256 (meta)  : %s
+ETag           : %s
+Last modified  : %s
+
+Worktree
+-------------
+path           : %s
+tracked by LFS : %v
+sha256 param  : %s
+
+`,
+		gitCommonDir,
+		lfsRoot,
+		objectInfo.Bucket,
+		objectInfo.Key,
+		objectInfo.Path,
+		objectInfo.SizeBytes,
+		objectInfo.MetaSHA256,
+		objectInfo.ETag,
+		objectInfo.LastModTime.Format("2006-01-02T15:04:05Z07:00"),
+		pathArg,
+		isTracked,
+		sha256,
+	); err != nil {
+		return fmt.Errorf("print resolved object info: %w", err)
+	}
+	return nil
+}
diff --git a/cmd/addurl/main_test.go b/cmd/addurl/main_test.go
index 26a6456a..175b85d8 100644
--- a/cmd/addurl/main_test.go
+++ b/cmd/addurl/main_test.go
@@ -3,7 +3,6 @@ package addurl
 import (
 	"bytes"
 	"context"
-	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -15,12 +14,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drsobject"
 	"github.com/calypr/git-drs/internal/gitrepo"
-	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/calypr/git-drs/internal/precommit_cache"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	sycloud "github.com/calypr/syfon/client/cloud"
 )
 
@@ -75,15 +73,26 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 
 	service := NewAddURLService()
 	resetStubs := stubAddURLDeps(t, service,
-		func(ctx context.Context, in sycloud.ObjectParameters) (*sycloud.ObjectInfo, error) {
-			return &sycloud.ObjectInfo{
-				Bucket:      "bucket",
-				Key:         "path/to/file.bin",
-				Path:        "file.bin",
-				SizeBytes:   int64(11),
-				MetaSHA256:  "",
-				ETag:        "abcd1234",
-				LastModTime: time.Date(2024, 1, 2, 3, 4, 5, 0, time.UTC),
+		func(ctx context.Context, drsCtx *remoteruntime.GitContext, in addURLInput) (*inspectedObject, error) {
+			return &inspectedObject{
+				objectURL: "s3://bucket/path/to/file.bin",
+				info: &sycloud.ObjectInfo{
+					Bucket:      "bucket",
+					Key:         "path/to/file.bin",
+					Path:        "file.bin",
+					SizeBytes:   int64(11),
+					MetaSHA256:  "",
+					ETag:        "abcd1234",
+					LastModTime: time.Date(2024, 1, 2, 3, 4, 5, 0, time.UTC),
+				},
+			}, nil
+		},
+		func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*remoteruntime.GitContext, error) {
+			return &remoteruntime.GitContext{
+				Organization:  "calypr",
+				ProjectId:     "calypr-dev",
+				BucketName:    "cbds",
+				StoragePrefix: "",
 			}, nil
 		},
 		func(path string) (bool, error) {
@@ -100,9 +109,9 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 		t.Fatalf("service.Run error: %v", err)
 	}
 
-	oid, err := lfs.SyntheticOIDFromETag("abcd1234")
+	oid, err := placeholderOIDForUnknownSHA("abcd1234", "s3://bucket/path/to/file.bin")
 	if err != nil {
-		t.Fatalf("SyntheticOIDFromETag: %v", err)
+		t.Fatalf("placeholderOIDForUnknownSHA: %v", err)
 	}
 
 	pointerPath := filepath.Join(tempDir, "path/to/file.bin")
@@ -120,18 +129,11 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 	}
 
 	lfsObject := filepath.Join(lfsRoot, "objects", oid[0:2], oid[2:4], oid)
-	if _, err := os.Stat(lfsObject); err != nil {
-		t.Fatalf("expected LFS object at %s: %v", lfsObject, err)
-	}
-	sentinel, err := os.ReadFile(lfsObject)
-	if err != nil {
-		t.Fatalf("read sentinel: %v", err)
-	}
-	if !lfs.IsAddURLSentinelBytes(sentinel) {
-		t.Fatalf("expected add-url sentinel payload, got: %q", string(sentinel))
+	if _, err := os.Stat(lfsObject); !os.IsNotExist(err) {
+		t.Fatalf("expected no local LFS object payload at %s, got err=%v", lfsObject, err)
 	}
 
-	drsObject, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid)
+	drsObject, err := drsobject.ReadObject(gitrepo.DRSObjectsPath, oid)
 	if err != nil {
 		t.Fatalf("read drs object: %v", err)
 	}
@@ -143,43 +145,37 @@ func TestRunAddURL_WritesPointerAndLFSObject(t *testing.T) {
 	}
 }
 
-func TestParseAddURLInput_DoesNotRequireAWSFlags(t *testing.T) {
-	cmd := NewCommand()
-	in, err := parseAddURLInput(cmd, []string{"gs://bucket/path/to/file.bin"})
+func TestPlaceholderOIDForUnknownSHA(t *testing.T) {
+	oid1, err := placeholderOIDForUnknownSHA("etag-abc", "s3://bucket/key")
 	if err != nil {
-		t.Fatalf("parseAddURLInput error: %v", err)
+		t.Fatalf("placeholderOIDForUnknownSHA: %v", err)
 	}
-	if in.sourceArg != "gs://bucket/path/to/file.bin" {
-		t.Fatalf("unexpected source url: %s", in.sourceArg)
+	oid2, err := placeholderOIDForUnknownSHA(`"etag-abc"`, "s3://bucket/key")
+	if err != nil {
+		t.Fatalf("placeholderOIDForUnknownSHA quoted: %v", err)
 	}
-	if in.path != "path/to/file.bin" {
-		t.Fatalf("unexpected path: %s", in.path)
+	if oid1 != oid2 {
+		t.Fatalf("expected trimmed etag handling to be stable: %s vs %s", oid1, oid2)
+	}
+	if len(oid1) != 64 {
+		t.Fatalf("expected 64-char oid, got %q", oid1)
+	}
+	if _, err := placeholderOIDForUnknownSHA("", "s3://bucket/key"); err == nil {
+		t.Fatal("expected empty etag error")
 	}
 }
 
-func TestParseAddURLInput_PassesS3EnvHints(t *testing.T) {
-	t.Setenv("TEST_BUCKET_REGION", "us-east-1")
-	t.Setenv("TEST_BUCKET_ENDPOINT", "https://aced-storage.ohsu.edu")
-	t.Setenv("TEST_BUCKET_ACCESS_KEY", "cbds-user")
-	t.Setenv("TEST_BUCKET_SECRET_KEY", "cbds-secret")
-
+func TestParseAddURLInput_DoesNotRequireAWSFlags(t *testing.T) {
 	cmd := NewCommand()
-	in, err := parseAddURLInput(cmd, []string{"s3://cbds/path/to/file.bin"})
+	in, err := parseAddURLInput(cmd, []string{"gs://bucket/path/to/file.bin"})
 	if err != nil {
 		t.Fatalf("parseAddURLInput error: %v", err)
 	}
-	params := buildObjectParameters("s3://cbds/path/to/file.bin", in.path, in.sha256)
-	if params.S3Region != "us-east-1" {
-		t.Fatalf("unexpected S3Region: %s", params.S3Region)
-	}
-	if params.S3Endpoint != "https://aced-storage.ohsu.edu" {
-		t.Fatalf("unexpected S3Endpoint: %s", params.S3Endpoint)
-	}
-	if params.S3AccessKey != "cbds-user" {
-		t.Fatalf("unexpected S3AccessKey: %s", params.S3AccessKey)
+	if in.sourceArg != "gs://bucket/path/to/file.bin" {
+		t.Fatalf("unexpected source url: %s", in.sourceArg)
 	}
-	if params.S3SecretKey != "cbds-secret" {
-		t.Fatalf("unexpected S3SecretKey: %s", params.S3SecretKey)
+	if in.path != "path/to/file.bin" {
+		t.Fatalf("unexpected path: %s", in.path)
 	}
 }
 
@@ -204,38 +200,6 @@ func TestParseAddURLInput_ObjectKeyModeDefaultsPathToKey(t *testing.T) {
 	}
 }
 
-func TestResolveObjectURL_UsesConfiguredBucketScopeForObjectKeyMode(t *testing.T) {
-	input := addURLInput{
-		sourceArg: "nested/path/file.bin",
-		scheme:    "s3",
-	}
-	scope := gitrepo.ResolvedBucketScope{
-		Bucket: "mapped-bucket",
-		Prefix: "mapped/prefix",
-	}
-
-	got, err := resolveObjectURL(input, scope)
-	if err != nil {
-		t.Fatalf("resolveObjectURL: %v", err)
-	}
-	if got != "s3://mapped-bucket/mapped/prefix/nested/path/file.bin" {
-		t.Fatalf("unexpected object URL: %s", got)
-	}
-}
-
-func TestResolveObjectURL_RejectsObjectKeyModeWithoutScheme(t *testing.T) {
-	_, err := resolveObjectURL(addURLInput{sourceArg: "nested/path/file.bin"}, gitrepo.ResolvedBucketScope{
-		Bucket: "mapped-bucket",
-		Prefix: "mapped/prefix",
-	})
-	if err == nil {
-		t.Fatal("expected error")
-	}
-	if !strings.Contains(err.Error(), "requires --scheme") {
-		t.Fatalf("unexpected error: %v", err)
-	}
-}
-
 func TestUpdatePrecommitCacheWritesEntries(t *testing.T) {
 	repo := setupGitRepo(t)
 	path := filepath.Join(repo, "data", "file.bin")
@@ -280,8 +244,7 @@ func TestUpdatePrecommitCacheWritesEntries(t *testing.T) {
 		t.Fatalf("expected updated_at to be set")
 	}
 
-	oidSum := sha256.Sum256([]byte(oid))
-	oidEntryFile := filepath.Join(oidDir, fmt.Sprintf("%x.json", oidSum[:]))
+	oidEntryFile := precommit_cache.OIDEntryPath(&precommit_cache.Cache{OIDsDir: oidDir}, oid)
 	oidData, err := os.ReadFile(oidEntryFile)
 	if err != nil {
 		t.Fatalf("read oid entry: %v", err)
@@ -331,8 +294,8 @@ func TestUpdatePrecommitCacheContentChanged(t *testing.T) {
 	cacheRoot := filepath.Join(repo, ".git", "drs", "pre-commit", "v1")
 	oidDir := filepath.Join(cacheRoot, "oids")
 
-	firstSum := sha256.Sum256([]byte(firstOID))
-	firstEntryFile := filepath.Join(oidDir, fmt.Sprintf("%x.json", firstSum[:]))
+	cache := &precommit_cache.Cache{OIDsDir: oidDir}
+	firstEntryFile := precommit_cache.OIDEntryPath(cache, firstOID)
 	firstData, err := os.ReadFile(firstEntryFile)
 	if err != nil {
 		t.Fatalf("read first oid entry: %v", err)
@@ -345,8 +308,7 @@ func TestUpdatePrecommitCacheContentChanged(t *testing.T) {
 		t.Fatalf("expected old oid entry paths to be empty, got %v", firstEntry.Paths)
 	}
 
-	secondSum := sha256.Sum256([]byte(secondOID))
-	secondEntryFile := filepath.Join(oidDir, fmt.Sprintf("%x.json", secondSum[:]))
+	secondEntryFile := precommit_cache.OIDEntryPath(cache, secondOID)
 	secondData, err := os.ReadFile(secondEntryFile)
 	if err != nil {
 		t.Fatalf("read second oid entry: %v", err)
@@ -363,26 +325,25 @@ func TestUpdatePrecommitCacheContentChanged(t *testing.T) {
 	}
 }
 
-// deprecated test case: now that we always "trust" the client-provided SHA256, this case is not applicable
-//func TestRunAddURL_SHA256Mismatch(t *testing.T) {
-//	...
-//}
-
 func stubAddURLDeps(
 	t *testing.T,
 	service *AddURLService,
-	inspectFn func(context.Context, sycloud.ObjectParameters) (*sycloud.ObjectInfo, error),
+	inspectFn func(context.Context, *remoteruntime.GitContext, addURLInput) (*inspectedObject, error),
+	getRemoteClientFn func(*config.Config, config.Remote, *slog.Logger) (*remoteruntime.GitContext, error),
 	isTrackedFn func(string) (bool, error),
 ) func() {
 	t.Helper()
-	origInspect := service.inspectObject
+	origInspect := service.inspectRemoteObject
+	origGetRemoteClient := service.getRemoteClient
 	origIsTracked := service.isLFSTracked
 
-	service.inspectObject = inspectFn
+	service.inspectRemoteObject = inspectFn
+	service.getRemoteClient = getRemoteClientFn
 	service.isLFSTracked = isTrackedFn
 
 	return func() {
-		service.inspectObject = origInspect
+		service.inspectRemoteObject = origInspect
+		service.getRemoteClient = origGetRemoteClient
 		service.isLFSTracked = origIsTracked
 	}
 }
diff --git a/cmd/addurl/remote_inspect_test.go b/cmd/addurl/remote_inspect_test.go
new file mode 100644
index 00000000..21d5cf45
--- /dev/null
+++ b/cmd/addurl/remote_inspect_test.go
@@ -0,0 +1,33 @@
+package addurl
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	syrequest "github.com/calypr/syfon/client/request"
+)
+
+func TestMapInspectError_UpgradeMessageForMissingRoute(t *testing.T) {
+	err := mapInspectError("s3://bucket/key", &syrequest.ResponseError{
+		Method: http.MethodPost,
+		URL:    "https://example.test/data/inspect",
+		Status: http.StatusNotFound,
+		Body:   "Cannot POST /data/inspect",
+	})
+	if err == nil || !strings.Contains(err.Error(), "upgrade Syfon") {
+		t.Fatalf("expected upgrade message, got %v", err)
+	}
+}
+
+func TestMapInspectError_ActionableForbidden(t *testing.T) {
+	err := mapInspectError("s3://bucket/key", &syrequest.ResponseError{
+		Method: http.MethodPost,
+		URL:    "https://example.test/data/inspect",
+		Status: http.StatusForbidden,
+		Body:   "provider denied access to s3://bucket/key",
+	})
+	if err == nil || !strings.Contains(err.Error(), "was denied") {
+		t.Fatalf("expected denied message, got %v", err)
+	}
+}
diff --git a/cmd/addurl/run.go b/cmd/addurl/run.go
new file mode 100644
index 00000000..4c440557
--- /dev/null
+++ b/cmd/addurl/run.go
@@ -0,0 +1,157 @@
+package addurl
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	sycloud "github.com/calypr/syfon/client/cloud"
+	"github.com/spf13/cobra"
+)
+
+// AddURLService groups injectable dependencies used to implement the add-url
+// behavior (logger factory, object inspection, LFS helpers, config loader, etc.).
+type AddURLService struct {
+	newLogger           func(string, bool) (*slog.Logger, error)
+	inspectRemoteObject func(ctx context.Context, drsCtx *remoteruntime.GitContext, input addURLInput) (*inspectedObject, error)
+	getRemoteClient     func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*remoteruntime.GitContext, error)
+	isLFSTracked        func(path string) (bool, error)
+	getGitRoots         func(ctx context.Context) (string, string, error)
+	gitLFSTrack         func(ctx context.Context, path string) (bool, error)
+	loadConfig          func() (*config.Config, error)
+}
+
+// NewAddURLService constructs an AddURLService populated with production
+// implementations of its dependencies.
+func NewAddURLService() *AddURLService {
+	return &AddURLService{
+		newLogger:           drslog.NewLogger,
+		inspectRemoteObject: inspectRemoteObjectViaServer,
+		getRemoteClient: func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*remoteruntime.GitContext, error) {
+			return remoteruntime.New(cfg, remote, logger)
+		},
+		isLFSTracked: lfs.IsLFSTracked,
+		getGitRoots:  lfs.GetGitRootDirectories,
+		gitLFSTrack:  gitrepo.TrackReadOnly,
+		loadConfig:   config.LoadConfig,
+	}
+}
+
+// Run executes the add-url workflow: parse CLI input, inspect the provider
+// object through the configured Syfon remote, ensure the LFS object exists in
+// local storage, write a pointer file, update the pre-commit cache
+// (best-effort), optionally add a tracking entry, and record the DRS mapping.
+func (s *AddURLService) Run(cmd *cobra.Command, args []string) error {
+	ctx := cmd.Context()
+	if ctx == nil {
+		ctx = context.Background()
+	}
+
+	logger, err := s.newLogger("", false)
+	if err != nil {
+		return fmt.Errorf("error creating logger: %v", err)
+	}
+
+	input, err := parseAddURLInput(cmd, args)
+	if err != nil {
+		return err
+	}
+
+	cfg, err := s.loadConfig()
+	if err != nil {
+		return fmt.Errorf("error getting config: %v", err)
+	}
+
+	remote, err := cfg.GetDefaultRemote()
+	if err != nil {
+		return err
+	}
+
+	remoteConfig := cfg.GetRemote(remote)
+	if remoteConfig == nil {
+		return fmt.Errorf("error getting remote configuration for %s", remote)
+	}
+
+	drsCtx, err := s.getRemoteClient(cfg, remote, logger)
+	if err != nil {
+		return err
+	}
+
+	org, project, scope, err := resolveTargetScope(remoteConfig)
+	if err != nil {
+		return err
+	}
+
+	if drsCtx != nil {
+		org = firstNonEmpty(strings.TrimSpace(drsCtx.Organization), org)
+		project = firstNonEmpty(strings.TrimSpace(drsCtx.ProjectId), project)
+		scope = gitrepo.ResolvedBucketScope{
+			Bucket: firstNonEmpty(strings.TrimSpace(drsCtx.BucketName), scope.Bucket),
+			Prefix: firstNonEmpty(strings.TrimSpace(drsCtx.StoragePrefix), scope.Prefix),
+		}
+	}
+
+	inspected, err := s.inspectRemoteObject(ctx, drsCtx, input)
+	if err != nil {
+		return err
+	}
+	input.objectURL = inspected.objectURL
+	objectInfo := inspected.info
+
+	isTracked, err := s.isLFSTracked(input.path)
+	if err != nil {
+		return fmt.Errorf("check LFS tracking for %s: %w", input.path, err)
+	}
+
+	gitCommonDir, lfsRoot, err := s.getGitRoots(ctx)
+	if err != nil {
+		return fmt.Errorf("get git root directories: %w", err)
+	}
+
+	if err := printResolvedInfo(cmd, gitCommonDir, lfsRoot, objectInfo, input.path, isTracked, input.sha256); err != nil {
+		return err
+	}
+
+	oid, err := s.ensureLFSObject(ctx, objectInfo, input, lfsRoot)
+	if err != nil {
+		return err
+	}
+
+	if err := writePointerFile(input.path, oid, objectInfo.SizeBytes); err != nil {
+		return err
+	}
+
+	if err := updatePrecommitCache(ctx, logger, input.path, oid, input.objectURL); err != nil {
+		logger.Warn("pre-commit cache update skipped", "error", err)
+	}
+
+	if err := maybeTrackLFS(ctx, s.gitLFSTrack, input.path, isTracked); err != nil {
+		return err
+	}
+
+	builder := drsobjectBuilder(scope.Bucket, org, project, scope.Prefix)
+	file := addURLDrsFile{
+		Name: input.path,
+		Size: objectInfo.SizeBytes,
+		Oid:  oid,
+	}
+	if _, err := writeAddURLDrsObject(builder, file, input.objectURL); err != nil {
+		return fmt.Errorf("write local DRS object: %w", err)
+	}
+
+	return nil
+}
+
+func (s *AddURLService) ensureLFSObject(_ context.Context, objectInfo *sycloud.ObjectInfo, input addURLInput, _ string) (string, error) {
+	if input.sha256 != "" {
+		return input.sha256, nil
+	}
+
+	return placeholderOIDForUnknownSHA(objectInfo.ETag, input.objectURL)
+}
diff --git a/cmd/addurl/scope_test.go b/cmd/addurl/scope_test.go
index 9650bf5f..1a793a49 100644
--- a/cmd/addurl/scope_test.go
+++ b/cmd/addurl/scope_test.go
@@ -5,9 +5,6 @@ import (
 	"os/exec"
 	"testing"
 
-	"log/slog"
-
-	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/gitrepo"
 )
 
@@ -29,9 +26,6 @@ func (f fakeRemote) GetBucketName() string {
 func (f fakeRemote) GetStoragePrefix() string {
 	return f.prefix
 }
-func (f fakeRemote) GetClient(string, *slog.Logger) (*config.GitContext, error) {
-	return nil, nil
-}
 
 func TestResolveTargetScope_DefaultFallsBackToRemoteConfig(t *testing.T) {
 	remote := fakeRemote{
diff --git a/cmd/addurl/service.go b/cmd/addurl/service.go
deleted file mode 100644
index 79ad6195..00000000
--- a/cmd/addurl/service.go
+++ /dev/null
@@ -1,211 +0,0 @@
-package addurl
-
-import (
-	"context"
-	"fmt"
-	"log/slog"
-	"os"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/drstrack"
-	"github.com/calypr/git-drs/internal/lfs"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	sycloud "github.com/calypr/syfon/client/cloud"
-	"github.com/google/uuid"
-	"github.com/spf13/cobra"
-)
-
-// AddURLService groups injectable dependencies used to implement the add-url
-// behavior (logger factory, object inspection, LFS helpers, config loader, etc.).
-type AddURLService struct {
-	newLogger     func(string, bool) (*slog.Logger, error)
-	inspectObject func(ctx context.Context, input sycloud.ObjectParameters) (*sycloud.ObjectInfo, error)
-	isLFSTracked  func(path string) (bool, error)
-	getGitRoots   func(ctx context.Context) (string, string, error)
-	gitLFSTrack   func(ctx context.Context, path string) (bool, error)
-	loadConfig    func() (*config.Config, error)
-}
-
-// NewAddURLService constructs an AddURLService populated with production
-// implementations of its dependencies.
-func NewAddURLService() *AddURLService {
-	return &AddURLService{
-		newLogger:     drslog.NewLogger,
-		inspectObject: sycloud.InspectObject,
-		isLFSTracked:  lfs.IsLFSTracked,
-		getGitRoots:   lfs.GetGitRootDirectories,
-		gitLFSTrack:   drstrack.TrackReadOnly,
-		loadConfig:    config.LoadConfig,
-	}
-}
-
-// Run executes the add-url workflow: parse CLI input, resolve the target bucket
-// scope, inspect the provider object through the client-owned cloud package,
-// ensure the LFS object exists in local storage, write a pointer file, update
-// the pre-commit cache (best-effort), optionally add a tracking entry, and
-// record the DRS mapping.
-func (s *AddURLService) Run(cmd *cobra.Command, args []string) error {
-	ctx := cmd.Context()
-	if ctx == nil {
-		ctx = context.Background()
-	}
-
-	logger, err := s.newLogger("", false)
-	if err != nil {
-		return fmt.Errorf("error creating logger: %v", err)
-	}
-
-	input, err := parseAddURLInput(cmd, args)
-	if err != nil {
-		return err
-	}
-
-	cfg, err := s.loadConfig()
-	if err != nil {
-		return fmt.Errorf("error getting config: %v", err)
-	}
-
-	remote, err := cfg.GetDefaultRemote()
-	if err != nil {
-		return err
-	}
-
-	remoteConfig := cfg.GetRemote(remote)
-	if remoteConfig == nil {
-		return fmt.Errorf("error getting remote configuration for %s", remote)
-	}
-
-	org, project, scope, err := resolveTargetScope(remoteConfig)
-	if err != nil {
-		return err
-	}
-
-	input.objectURL, err = resolveObjectURL(input, scope)
-	if err != nil {
-		return err
-	}
-
-	objectInfo, err := s.inspectObject(ctx, buildObjectParameters(input.objectURL, input.path, input.sha256))
-	if err != nil {
-		return err
-	}
-
-	isTracked, err := s.isLFSTracked(input.path)
-	if err != nil {
-		return fmt.Errorf("check LFS tracking for %s: %w", input.path, err)
-	}
-
-	gitCommonDir, lfsRoot, err := s.getGitRoots(ctx)
-	if err != nil {
-		return fmt.Errorf("get git root directories: %w", err)
-	}
-
-	if err := printResolvedInfo(cmd, gitCommonDir, lfsRoot, objectInfo, input.path, isTracked, input.sha256); err != nil {
-		return err
-	}
-
-	oid, err := s.ensureLFSObject(ctx, objectInfo, input, lfsRoot)
-	if err != nil {
-		return err
-	}
-
-	if err := writePointerFile(input.path, oid, objectInfo.SizeBytes); err != nil {
-		return err
-	}
-
-	if err := updatePrecommitCache(ctx, logger, input.path, oid, input.objectURL); err != nil {
-		logger.Warn("pre-commit cache update skipped", "error", err)
-	}
-
-	if err := maybeTrackLFS(ctx, s.gitLFSTrack, input.path, isTracked); err != nil {
-		return err
-	}
-
-	builder := drsobject.NewBuilder(scope.Bucket, project)
-	builder.Organization = org
-	builder.StoragePrefix = scope.Prefix
-
-	file := addURLDrsFile{
-		Name: input.path,
-		Size: objectInfo.SizeBytes,
-		Oid:  oid,
-	}
-	if _, err := writeAddURLDrsObject(builder, file, input.objectURL); err != nil {
-		return fmt.Errorf("write local DRS object: %w", err)
-	}
-
-	return nil
-}
-
-type addURLDrsFile struct {
-	Name string
-	Size int64
-	Oid  string
-}
-
-func writeAddURLDrsObject(builder drsobject.Builder, file addURLDrsFile, objectPath string) (*drsapi.DrsObject, error) {
-	existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-	var drsObj *drsapi.DrsObject
-	if err == nil && existing != nil {
-		drsObj = existing
-		name := file.Name
-		drsObj.Name = &name
-		drsObj.Size = file.Size
-	} else {
-		drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
-		drsObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
-		if err != nil {
-			return nil, fmt.Errorf("error building DRS object for oid %s: %w", file.Oid, err)
-		}
-	}
-
-	if objectPath != "" {
-		if drsObj.AccessMethods != nil && len(*drsObj.AccessMethods) > 0 {
-			am := &(*drsObj.AccessMethods)[0]
-			am.AccessUrl = &struct {
-				Headers *[]string `json:"headers,omitempty"`
-				Url     string    `json:"url"`
-			}{Url: objectPath}
-		} else {
-			drsObj.AccessMethods = &[]drsapi.AccessMethod{{
-				Type: drsapi.AccessMethodTypeS3,
-				AccessUrl: &struct {
-					Headers *[]string `json:"headers,omitempty"`
-					Url     string    `json:"url"`
-				}{Url: objectPath},
-			}}
-		}
-	}
-
-	if err := drsobject.WriteObject(common.DRS_OBJS_PATH, drsObj, file.Oid); err != nil {
-		return nil, fmt.Errorf("error writing DRS object for oid %s: %w", file.Oid, err)
-	}
-	return drsObj, nil
-}
-
-// ensureLFSObject ensures the LFS object identified by objectInfo exists in the
-// repository's LFS storage. If SHA256 is provided, it is trusted and returned.
-// Otherwise we create a sentinel object and synthetic OID derived from ETag,
-// deferring true checksum validation to first real data use.
-func (s *AddURLService) ensureLFSObject(ctx context.Context, objectInfo *sycloud.ObjectInfo, input addURLInput, lfsRoot string) (string, error) {
-	_ = ctx
-	if input.sha256 != "" {
-		return input.sha256, nil
-	}
-
-	oid, err := lfs.SyntheticOIDFromETag(objectInfo.ETag)
-	if err != nil {
-		return "", err
-	}
-	objPath, err := lfs.WriteAddURLSentinelObject(lfsRoot, oid, objectInfo.ETag, input.objectURL)
-	if err != nil {
-		return "", err
-	}
-	if _, err := fmt.Fprintf(os.Stderr, "Added add-url sentinel object at %s\n", objPath); err != nil {
-		return "", fmt.Errorf("stderr write: %w", err)
-	}
-	return oid, nil
-}
diff --git a/cmd/bucket/main.go b/cmd/bucket/main.go
index 745c67be..70da858c 100644
--- a/cmd/bucket/main.go
+++ b/cmd/bucket/main.go
@@ -11,11 +11,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/calypr/data-client/credentials"
-	"github.com/calypr/git-drs/internal/common"
+	conf "github.com/calypr/calypr-cli/conf"
+	"github.com/calypr/calypr-cli/credentials"
+	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
-	conf "github.com/calypr/syfon/client/config"
 	"github.com/spf13/cobra"
 )
 
@@ -249,8 +249,13 @@ func resolveEndpointAndToken(remoteName string) (string, string, error) {
 		if prof, err := configure.Load(remoteName); err == nil {
 			token = strings.TrimSpace(prof.AccessToken)
 			if token == "" {
-				if ensureErr := credentials.EnsureValidCredential(context.Background(), prof, drslog.GetLogger()); ensureErr == nil {
-					_ = configure.Save(prof)
+				ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+				ensureErr := credentials.EnsureValidCredential(ctx, prof, drslog.GetLogger())
+				cancel()
+				if ensureErr == nil {
+					if err := configure.Save(prof); err != nil {
+						return "", "", fmt.Errorf("failed to save refreshed credential for remote %q: %w", remoteName, err)
+					}
 					token = strings.TrimSpace(prof.AccessToken)
 				}
 			}
@@ -270,7 +275,7 @@ func resolveEndpointAndToken(remoteName string) (string, string, error) {
 		endpoint = strings.TrimSpace(endpoint)
 	}
 	if endpoint == "" {
-		parsed, err := common.ParseAPIEndpointFromToken(token)
+		parsed, err := config.ParseAPIEndpointFromToken(token)
 		if err != nil {
 			return "", "", fmt.Errorf("unable to resolve API endpoint from token: %w", err)
 		}
diff --git a/cmd/clean/main.go b/cmd/clean/main.go
index 0f0c701a..fb895750 100644
--- a/cmd/clean/main.go
+++ b/cmd/clean/main.go
@@ -16,8 +16,8 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/calypr/git-drs/internal/drsfilter"
 	"github.com/calypr/git-drs/internal/drslog"
+	internalfilter "github.com/calypr/git-drs/internal/filter"
 	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/spf13/cobra"
 )
@@ -54,5 +54,5 @@ func runClean(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("clean: resolve LFS root: %w", err)
 	}
 
-	return drsfilter.CleanContent(ctx, lfsRoot, pathname, os.Stdin, os.Stdout, logger)
+	return internalfilter.CleanContent(ctx, lfsRoot, pathname, os.Stdin, os.Stdout, logger)
 }
diff --git a/cmd/copyrecords/api.go b/cmd/copyrecords/api.go
new file mode 100644
index 00000000..1280389c
--- /dev/null
+++ b/cmd/copyrecords/api.go
@@ -0,0 +1,121 @@
+package copyrecords
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	"github.com/calypr/syfon/client/request"
+	syservices "github.com/calypr/syfon/client/services"
+)
+
+type copyHashInfo map[string]string
+
+type copyRecord struct {
+	AccessMethods    *[]drsapi.AccessMethod `json:"access_methods,omitempty"`
+	ControlledAccess *[]string              `json:"controlled_access,omitempty"`
+	CreatedTime      *string                `json:"created_time,omitempty"`
+	Description      *string                `json:"description,omitempty"`
+	Did              string                 `json:"did"`
+	FileName         *string                `json:"file_name,omitempty"`
+	Name             *string                `json:"name,omitempty"`
+	Hashes           *copyHashInfo          `json:"hashes,omitempty"`
+	Organization     *string                `json:"organization,omitempty"`
+	Project          *string                `json:"project,omitempty"`
+	Size             *int64                 `json:"size,omitempty"`
+	UpdatedTime      *string                `json:"updated_time,omitempty"`
+	Version          *string                `json:"version,omitempty"`
+}
+
+type copyListRecordsResponse struct {
+	Records *[]copyRecord `json:"records,omitempty"`
+}
+
+type copyBulkCreateRequest struct {
+	Records []copyRecord `json:"records"`
+}
+
+type copyBulkHashesRequest struct {
+	Hashes []string `json:"hashes"`
+}
+
+type copyBulkHashesResponse struct {
+	Results map[string][]copyRecord `json:"results,omitempty"`
+}
+
+type indexAPI interface {
+	List(ctx context.Context, opts syservices.ListRecordsOptions) (copyListRecordsResponse, error)
+	BulkDocuments(ctx context.Context, dids []string) ([]copyRecord, error)
+	BulkHashes(ctx context.Context, hashes []string) (copyBulkHashesResponse, error)
+	CreateBulk(ctx context.Context, req copyBulkCreateRequest) (copyListRecordsResponse, error)
+}
+
+type rawIndexAPI struct {
+	requestor request.Requester
+}
+
+func newRawIndexAPI(requestor request.Requester) *rawIndexAPI {
+	return &rawIndexAPI{requestor: requestor}
+}
+
+func (r *rawIndexAPI) List(ctx context.Context, opts syservices.ListRecordsOptions) (copyListRecordsResponse, error) {
+	params := url.Values{}
+	if opts.Hash != "" {
+		params.Set("hash", opts.Hash)
+	}
+	if opts.URL != "" {
+		params.Set("url", opts.URL)
+	}
+	if opts.Organization != "" {
+		params.Set("organization", opts.Organization)
+	}
+	if opts.ProjectID != "" {
+		params.Set("project", opts.ProjectID)
+	}
+	if opts.Limit != 0 {
+		params.Set("limit", fmt.Sprintf("%d", opts.Limit))
+	}
+	if opts.Page != 0 {
+		params.Set("page", fmt.Sprintf("%d", opts.Page))
+	}
+	var out copyListRecordsResponse
+	if err := r.requestor.Do(ctx, http.MethodGet, "/index", nil, &out, request.WithQueryValues(params)); err != nil {
+		return copyListRecordsResponse{}, err
+	}
+	return out, nil
+}
+
+func (r *rawIndexAPI) BulkDocuments(ctx context.Context, dids []string) ([]copyRecord, error) {
+	var out []copyRecord
+	if err := r.requestor.Do(ctx, http.MethodPost, "/index/bulk/documents", dids, &out); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (r *rawIndexAPI) BulkHashes(ctx context.Context, hashes []string) (copyBulkHashesResponse, error) {
+	var out copyBulkHashesResponse
+	if err := r.requestor.Do(ctx, http.MethodPost, "/index/bulk/hashes", copyBulkHashesRequest{Hashes: hashes}, &out); err != nil {
+		return copyBulkHashesResponse{}, err
+	}
+	return out, nil
+}
+
+func (r *rawIndexAPI) CreateBulk(ctx context.Context, req copyBulkCreateRequest) (copyListRecordsResponse, error) {
+	var out copyListRecordsResponse
+	if err := r.requestor.Do(ctx, http.MethodPost, "/index/bulk", req, &out); err != nil {
+		return copyListRecordsResponse{}, err
+	}
+	return out, nil
+}
+
+func canonicalAccessMethod(method drsapi.AccessMethod) string {
+	b, err := json.Marshal(method)
+	if err != nil {
+		return fmt.Sprintf("%s|%v", method.Type, method.AccessId)
+	}
+	return string(b)
+}
diff --git a/cmd/copyrecords/main.go b/cmd/copyrecords/main.go
new file mode 100644
index 00000000..4445d1df
--- /dev/null
+++ b/cmd/copyrecords/main.go
@@ -0,0 +1,105 @@
+package copyrecords
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	"github.com/spf13/cobra"
+)
+
+var (
+	batchSize             int
+	overwriteNameFileName bool
+)
+
+var Cmd = &cobra.Command{
+	Use:   "copy-records [source-remote] <target-remote> <organization/project>",
+	Short: "Copy Syfon records between remotes for one organization/project scope",
+	Long:  "Read all Syfon records for a source organization/project scope and bulk load them into a target Syfon instance, only merging controlled_access and access_methods for records that already exist on the target.",
+	Args:  cobra.RangeArgs(2, 3),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		logger := drslog.GetLogger()
+		cfg, err := config.LoadConfig()
+		if err != nil {
+			return fmt.Errorf("error loading config: %w", err)
+		}
+
+		sourceRemote := ""
+		targetRemote := ""
+		scopeArg := ""
+		if len(args) == 2 {
+			targetRemote = args[0]
+			scopeArg = args[1]
+		} else {
+			sourceRemote = args[0]
+			targetRemote = args[1]
+			scopeArg = args[2]
+		}
+
+		srcRemoteName, err := cfg.GetRemoteOrDefault(sourceRemote)
+		if err != nil {
+			return fmt.Errorf("error resolving source remote: %w", err)
+		}
+		if strings.TrimSpace(targetRemote) == "" {
+			return fmt.Errorf("target remote is required")
+		}
+		dstRemoteName := config.Remote(targetRemote)
+		if srcRemoteName == dstRemoteName {
+			return fmt.Errorf("source and target remotes must be different")
+		}
+
+		srcCfg := cfg.GetRemote(srcRemoteName)
+		if srcCfg == nil {
+			return fmt.Errorf("source remote %q not found", srcRemoteName)
+		}
+
+		org, proj, err := parseScopeArg(scopeArg)
+		if err != nil {
+			return err
+		}
+
+		srcCtx, err := remoteruntime.New(cfg, srcRemoteName, logger)
+		if err != nil {
+			return fmt.Errorf("error creating source client: %w", err)
+		}
+		dstCtx, err := remoteruntime.New(cfg, dstRemoteName, logger)
+		if err != nil {
+			return fmt.Errorf("error creating target client: %w", err)
+		}
+
+		stats, err := copyProjectRecords(
+			cmd.Context(),
+			logger,
+			newRawIndexAPI(srcCtx.Client.Requestor()),
+			newRawIndexAPI(dstCtx.Client.Requestor()),
+			org,
+			proj,
+			batchSize,
+			overwriteNameFileName,
+		)
+		if err != nil {
+			return err
+		}
+
+		logger.Info("copy-records complete",
+			"source_remote", srcRemoteName,
+			"target_remote", dstRemoteName,
+			"organization", org,
+			"project", proj,
+			"source_seen", stats.SourceSeen,
+			"created", stats.Created,
+			"updated", stats.Updated,
+			"unchanged", stats.Unchanged,
+			"written", stats.Written,
+		)
+		return nil
+	},
+}
+
+func init() {
+	Cmd.Flags().IntVar(&batchSize, "batch-size", 250, "records per source page and target bulk write")
+	Cmd.Flags().BoolVar(&overwriteNameFileName, "overwrite-name-file-name", false, "for existing target records, replace target name and file_name with the source values")
+}
diff --git a/cmd/copyrecords/main_test.go b/cmd/copyrecords/main_test.go
new file mode 100644
index 00000000..e5718900
--- /dev/null
+++ b/cmd/copyrecords/main_test.go
@@ -0,0 +1,331 @@
+package copyrecords
+
+import (
+	"context"
+	"testing"
+
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	syservices "github.com/calypr/syfon/client/services"
+)
+
+type fakeIndexAPI struct {
+	listResp      copyListRecordsResponse
+	listFn        func(opts syservices.ListRecordsOptions) copyListRecordsResponse
+	bulkDocsResp  []copyRecord
+	bulkHashResp  copyBulkHashesResponse
+	createBulkReq []copyBulkCreateRequest
+}
+
+func (f *fakeIndexAPI) List(ctx context.Context, opts syservices.ListRecordsOptions) (copyListRecordsResponse, error) {
+	if f.listFn != nil {
+		return f.listFn(opts), nil
+	}
+	return f.listResp, nil
+}
+
+func (f *fakeIndexAPI) BulkDocuments(ctx context.Context, dids []string) ([]copyRecord, error) {
+	return f.bulkDocsResp, nil
+}
+
+func (f *fakeIndexAPI) BulkHashes(ctx context.Context, hashes []string) (copyBulkHashesResponse, error) {
+	return f.bulkHashResp, nil
+}
+
+func (f *fakeIndexAPI) CreateBulk(ctx context.Context, req copyBulkCreateRequest) (copyListRecordsResponse, error) {
+	f.createBulkReq = append(f.createBulkReq, req)
+	return copyListRecordsResponse{Records: &req.Records}, nil
+}
+
+func TestMergeExistingRecord_UnionsControlledAccessAndAccessMethodsOnly(t *testing.T) {
+	dstName := "target.bin"
+	srcName := "source.bin"
+	desc := "keep target description"
+	leftCA := []string{"/organization/A/project/P1"}
+	rightCA := []string{"/organization/A/project/P1", "/organization/A/project/P2"}
+	leftMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "s3://bucket/one"},
+	}}
+	rightMethods := []drsapi.AccessMethod{
+		leftMethods[0],
+		{
+			Type: drsapi.AccessMethodTypeHttps,
+			AccessUrl: &struct {
+				Headers *[]string `json:"headers,omitempty"`
+				Url     string    `json:"url"`
+			}{Url: "https://example.org/two"},
+		},
+	}
+
+	merged, changed := mergeExistingRecord(
+		copyRecord{
+			Did:              "did-1",
+			FileName:         &dstName,
+			Description:      &desc,
+			ControlledAccess: &leftCA,
+			AccessMethods:    &leftMethods,
+		},
+		copyRecord{
+			Did:              "did-1",
+			FileName:         &srcName,
+			ControlledAccess: &rightCA,
+			AccessMethods:    &rightMethods,
+		},
+		false,
+	)
+
+	if !changed {
+		t.Fatalf("expected merge to report a change")
+	}
+	if merged.FileName == nil || *merged.FileName != dstName {
+		t.Fatalf("expected target metadata to be preserved, got %+v", merged.FileName)
+	}
+	if merged.Description == nil || *merged.Description != desc {
+		t.Fatalf("expected target description to be preserved")
+	}
+	if merged.ControlledAccess == nil || len(*merged.ControlledAccess) != 2 {
+		t.Fatalf("expected merged controlled access union, got %+v", merged.ControlledAccess)
+	}
+	if merged.AccessMethods == nil || len(*merged.AccessMethods) != 2 {
+		t.Fatalf("expected merged access method union, got %+v", merged.AccessMethods)
+	}
+}
+
+func TestMergeExistingRecord_OverwritesFileNameWhenFlagEnabled(t *testing.T) {
+	dstName := "target.bin"
+	dstDisplayName := "target-display"
+	srcName := "nested/source.bin"
+	srcDisplayName := "source-display"
+
+	merged, changed := mergeExistingRecord(
+		copyRecord{
+			Did:      "did-1",
+			FileName: &dstName,
+			Name:     &dstDisplayName,
+		},
+		copyRecord{
+			Did:      "did-1",
+			FileName: &srcName,
+			Name:     &srcDisplayName,
+		},
+		true,
+	)
+
+	if !changed {
+		t.Fatalf("expected merge to report a change")
+	}
+	if merged.FileName == nil || *merged.FileName != srcName {
+		t.Fatalf("expected source file_name to win, got %+v", merged.FileName)
+	}
+	if merged.Name == nil || *merged.Name != srcDisplayName {
+		t.Fatalf("expected source name to win, got %+v", merged.Name)
+	}
+}
+
+func TestBuildMergedBatch_CreatesNewAndUpdatesExisting(t *testing.T) {
+	srcCA := []string{"/organization/A/project/P1"}
+	newCA := []string{"/organization/A/project/P2"}
+	existingHash := copyHashInfo{"sha256": "sha-existing"}
+	newHash := copyHashInfo{"sha256": "sha-new"}
+	srcMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "s3://bucket/a"},
+	}}
+	newMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeHttps,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "https://example.org/b"},
+	}}
+
+	target := &fakeIndexAPI{
+		bulkDocsResp: []copyRecord{
+			{
+				Did:              "did-existing",
+				Hashes:           &existingHash,
+				ControlledAccess: &srcCA,
+				AccessMethods:    &srcMethods,
+			},
+		},
+		bulkHashResp: copyBulkHashesResponse{
+			Results: map[string][]copyRecord{
+				"sha256:sha-existing": {{
+					Did:              "did-existing",
+					Hashes:           &existingHash,
+					ControlledAccess: &srcCA,
+					AccessMethods:    &srcMethods,
+				}},
+			},
+		},
+	}
+
+	source := []copyRecord{
+		{
+			Did:              "did-existing",
+			Hashes:           &existingHash,
+			ControlledAccess: &newCA,
+			AccessMethods:    &newMethods,
+		},
+		{
+			Did:              "did-new",
+			Hashes:           &newHash,
+			ControlledAccess: &srcCA,
+			AccessMethods:    &srcMethods,
+		},
+	}
+
+	out, stats, err := buildMergedBatch(context.Background(), target, source, false)
+	if err != nil {
+		t.Fatalf("buildMergedBatch error: %v", err)
+	}
+	if len(out) != 2 {
+		t.Fatalf("expected 2 output records, got %d", len(out))
+	}
+	if stats.Created != 1 || stats.Updated != 1 || stats.Unchanged != 0 {
+		t.Fatalf("unexpected stats: %+v", stats)
+	}
+}
+
+func TestBuildMergedBatch_MergesIntoExistingChecksumSiblingWhenDIDDiffers(t *testing.T) {
+	srcHash := copyHashInfo{"sha256": "same-sha"}
+	dstCA := []string{"/organization/A/project/P1"}
+	srcCA := []string{"/organization/A/project/P2"}
+	dstMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "s3://bucket/existing"},
+	}}
+	srcMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeHttps,
+		AccessUrl: &struct {
+			Headers *[]string `json:"headers,omitempty"`
+			Url     string    `json:"url"`
+		}{Url: "https://example.org/copied"},
+	}}
+
+	target := &fakeIndexAPI{
+		bulkDocsResp: nil,
+		bulkHashResp: copyBulkHashesResponse{
+			Results: map[string][]copyRecord{
+				"sha256:same-sha": {{
+					Did:              "did-target",
+					Hashes:           &srcHash,
+					ControlledAccess: &dstCA,
+					AccessMethods:    &dstMethods,
+				}},
+			},
+		},
+	}
+	source := []copyRecord{{
+		Did:              "did-source",
+		Hashes:           &srcHash,
+		ControlledAccess: &srcCA,
+		AccessMethods:    &srcMethods,
+	}}
+
+	out, stats, err := buildMergedBatch(context.Background(), target, source, false)
+	if err != nil {
+		t.Fatalf("buildMergedBatch error: %v", err)
+	}
+	if len(out) != 1 {
+		t.Fatalf("expected one merged output record, got %d", len(out))
+	}
+	if out[0].Did != "did-target" {
+		t.Fatalf("expected checksum sibling DID to be preserved, got %q", out[0].Did)
+	}
+	if out[0].ControlledAccess == nil || len(*out[0].ControlledAccess) != 2 {
+		t.Fatalf("expected merged controlled access, got %+v", out[0].ControlledAccess)
+	}
+	if out[0].AccessMethods == nil || len(*out[0].AccessMethods) != 2 {
+		t.Fatalf("expected merged access methods, got %+v", out[0].AccessMethods)
+	}
+	if stats.Created != 0 || stats.Updated != 1 || stats.Unchanged != 0 {
+		t.Fatalf("unexpected stats: %+v", stats)
+	}
+}
+
+func TestCopyProjectRecords_CopiesAllControlledAccessRecordsWhenScopedListIsEmpty(t *testing.T) {
+	scopeCA := []string{"/organization/HTAN_INT/project/BForePC"}
+	source := &fakeIndexAPI{
+		listFn: func(opts syservices.ListRecordsOptions) copyListRecordsResponse {
+			if opts.Organization == "HTAN_INT" && opts.ProjectID == "BForePC" {
+				return copyListRecordsResponse{Records: &[]copyRecord{}}
+			}
+			if opts.Organization == "" && opts.ProjectID == "" && opts.Page == 1 {
+				return copyListRecordsResponse{Records: &[]copyRecord{
+					{Did: "did-in-scope", ControlledAccess: &scopeCA},
+					{Did: "did-out-of-scope", ControlledAccess: &[]string{"/organization/OTHER/project/X"}},
+				}}
+			}
+			return copyListRecordsResponse{Records: &[]copyRecord{}}
+		},
+	}
+	target := &fakeIndexAPI{}
+
+	stats, err := copyProjectRecords(context.Background(), nil, source, target, "HTAN_INT", "BForePC", 100, false)
+	if err != nil {
+		t.Fatalf("copyProjectRecords error: %v", err)
+	}
+	if stats.SourceSeen != 1 || stats.Created != 1 || stats.Written != 1 {
+		t.Fatalf("unexpected stats: %+v", stats)
+	}
+	if len(target.createBulkReq) != 1 || len(target.createBulkReq[0].Records) != 1 {
+		t.Fatalf("expected one created record, got %+v", target.createBulkReq)
+	}
+	if target.createBulkReq[0].Records[0].Did != "did-in-scope" {
+		t.Fatalf("unexpected copied did: %+v", target.createBulkReq[0].Records[0])
+	}
+}
+
+func TestCopyProjectRecords_IgnoresPartialScopedListAndCopiesAllControlledAccessRecords(t *testing.T) {
+	scopeCA := []string{"/organization/HTAN_INT/project/BForePC"}
+	otherCA := []string{"/organization/OTHER/project/X"}
+	source := &fakeIndexAPI{
+		listFn: func(opts syservices.ListRecordsOptions) copyListRecordsResponse {
+			if opts.Organization == "HTAN_INT" && opts.ProjectID == "BForePC" {
+				return copyListRecordsResponse{Records: &[]copyRecord{
+					{Did: "did-scoped-partial", ControlledAccess: &scopeCA},
+				}}
+			}
+			if opts.Organization == "" && opts.ProjectID == "" && opts.Page == 1 {
+				return copyListRecordsResponse{Records: &[]copyRecord{
+					{Did: "did-scoped-partial", ControlledAccess: &scopeCA},
+					{Did: "did-missing-from-scoped-list", ControlledAccess: &scopeCA},
+					{Did: "did-out-of-scope", ControlledAccess: &otherCA},
+				}}
+			}
+			return copyListRecordsResponse{Records: &[]copyRecord{}}
+		},
+	}
+	target := &fakeIndexAPI{}
+
+	stats, err := copyProjectRecords(context.Background(), nil, source, target, "HTAN_INT", "BForePC", 100, false)
+	if err != nil {
+		t.Fatalf("copyProjectRecords error: %v", err)
+	}
+	if stats.SourceSeen != 2 || stats.Created != 2 || stats.Written != 2 {
+		t.Fatalf("unexpected stats: %+v", stats)
+	}
+	if len(target.createBulkReq) != 1 || len(target.createBulkReq[0].Records) != 2 {
+		t.Fatalf("expected two created records, got %+v", target.createBulkReq)
+	}
+	found := map[string]bool{}
+	for _, rec := range target.createBulkReq[0].Records {
+		found[rec.Did] = true
+	}
+	if !found["did-scoped-partial"] || !found["did-missing-from-scoped-list"] {
+		t.Fatalf("missing copied records: %+v", target.createBulkReq[0].Records)
+	}
+	if found["did-out-of-scope"] {
+		t.Fatalf("out-of-scope record should not be copied: %+v", target.createBulkReq[0].Records)
+	}
+}
diff --git a/cmd/copyrecords/merge.go b/cmd/copyrecords/merge.go
new file mode 100644
index 00000000..85d824d9
--- /dev/null
+++ b/cmd/copyrecords/merge.go
@@ -0,0 +1,249 @@
+package copyrecords
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+func buildMergedBatch(ctx context.Context, dst indexAPI, source []copyRecord, overwriteNameFileName bool) ([]copyRecord, copyStats, error) {
+	stats := copyStats{}
+	if len(source) == 0 {
+		return nil, stats, nil
+	}
+
+	dids := make([]string, 0, len(source))
+	hashQueries := make([]string, 0, len(source))
+	seenHashQueries := make(map[string]struct{}, len(source))
+	for _, rec := range source {
+		did := strings.TrimSpace(rec.Did)
+		if did == "" {
+			continue
+		}
+		dids = append(dids, did)
+		if sha := copyRecordSHA256(rec); sha != "" {
+			query := "sha256:" + sha
+			if _, ok := seenHashQueries[query]; !ok {
+				seenHashQueries[query] = struct{}{}
+				hashQueries = append(hashQueries, query)
+			}
+		}
+	}
+
+	existing, err := dst.BulkDocuments(ctx, dids)
+	if err != nil {
+		return nil, stats, fmt.Errorf("target bulk documents failed: %w", err)
+	}
+	existingByDID := make(map[string]copyRecord, len(existing))
+	for _, rec := range existing {
+		existingByDID[strings.TrimSpace(rec.Did)] = rec
+	}
+
+	existingByChecksum := make(map[string][]copyRecord)
+	if len(hashQueries) > 0 {
+		hashResp, err := dst.BulkHashes(ctx, hashQueries)
+		if err != nil {
+			return nil, stats, fmt.Errorf("target bulk hash lookup failed: %w", err)
+		}
+		for _, query := range hashQueries {
+			sha := strings.TrimSpace(strings.TrimPrefix(query, "sha256:"))
+			if sha == "" {
+				continue
+			}
+			existingByChecksum[sha] = dedupeCopyRecordsByDID(hashResp.Results[query])
+		}
+	}
+
+	created := make([]copyRecord, 0, len(source))
+	pendingUpdates := make(map[string]copyRecord, len(source))
+	updateOrder := make([]string, 0, len(source))
+	for _, src := range source {
+		match, found, err := targetRecordForSource(src, existingByDID, existingByChecksum)
+		if err != nil {
+			return nil, stats, err
+		}
+		if !found {
+			created = append(created, src)
+			stats.Created++
+			continue
+		}
+
+		base := match
+		targetDID := strings.TrimSpace(match.Did)
+		if pending, ok := pendingUpdates[targetDID]; ok {
+			base = pending
+		}
+		merged, changed := mergeExistingRecord(base, src, overwriteNameFileName)
+		if changed {
+			if _, ok := pendingUpdates[targetDID]; !ok {
+				updateOrder = append(updateOrder, targetDID)
+			}
+			pendingUpdates[targetDID] = merged
+			stats.Updated++
+		} else {
+			stats.Unchanged++
+		}
+	}
+
+	out := make([]copyRecord, 0, len(created)+len(pendingUpdates))
+	for _, did := range updateOrder {
+		out = append(out, pendingUpdates[did])
+	}
+	out = append(out, created...)
+	return out, stats, nil
+}
+
+func targetRecordForSource(src copyRecord, existingByDID map[string]copyRecord, existingByChecksum map[string][]copyRecord) (copyRecord, bool, error) {
+	did := strings.TrimSpace(src.Did)
+	if did == "" {
+		return copyRecord{}, false, nil
+	}
+	if dstRec, ok := existingByDID[did]; ok {
+		return dstRec, true, nil
+	}
+
+	sha := copyRecordSHA256(src)
+	if sha == "" {
+		return copyRecord{}, false, nil
+	}
+	matches := existingByChecksum[sha]
+	switch len(matches) {
+	case 0:
+		return copyRecord{}, false, nil
+	case 1:
+		return matches[0], true, nil
+	default:
+		dids := make([]string, 0, len(matches))
+		for _, match := range matches {
+			if did := strings.TrimSpace(match.Did); did != "" {
+				dids = append(dids, did)
+			}
+		}
+		return copyRecord{}, false, fmt.Errorf("target already has multiple records for sha256 %q under different DIDs: %s", sha, strings.Join(dids, ", "))
+	}
+}
+
+func copyRecordSHA256(rec copyRecord) string {
+	if rec.Hashes == nil {
+		return ""
+	}
+	return strings.TrimSpace((*rec.Hashes)["sha256"])
+}
+
+func dedupeCopyRecordsByDID(records []copyRecord) []copyRecord {
+	if len(records) == 0 {
+		return nil
+	}
+	out := make([]copyRecord, 0, len(records))
+	seen := make(map[string]struct{}, len(records))
+	for _, rec := range records {
+		did := strings.TrimSpace(rec.Did)
+		if did == "" {
+			continue
+		}
+		if _, ok := seen[did]; ok {
+			continue
+		}
+		seen[did] = struct{}{}
+		out = append(out, rec)
+	}
+	return out
+}
+
+func mergeExistingRecord(dst, src copyRecord, overwriteNameFileName bool) (copyRecord, bool) {
+	merged := dst
+	changed := false
+
+	if overwriteNameFileName {
+		if !equalStringValuePointers(merged.Name, src.Name) {
+			merged.Name = src.Name
+			changed = true
+		}
+		if !equalStringValuePointers(merged.FileName, src.FileName) {
+			merged.FileName = src.FileName
+			changed = true
+		}
+	}
+
+	controlledAccess := mergeStringLists(dst.ControlledAccess, src.ControlledAccess)
+	if !equalStringPointers(merged.ControlledAccess, controlledAccess) {
+		merged.ControlledAccess = controlledAccess
+		changed = true
+	}
+
+	accessMethods := mergeAccessMethods(dst.AccessMethods, src.AccessMethods)
+	if !equalAccessMethodPointers(merged.AccessMethods, accessMethods) {
+		merged.AccessMethods = accessMethods
+		changed = true
+	}
+
+	return merged, changed
+}
+
+func mergeStringLists(left, right *[]string) *[]string {
+	seen := map[string]struct{}{}
+	out := make([]string, 0)
+	for _, list := range []*[]string{left, right} {
+		if list == nil {
+			continue
+		}
+		for _, raw := range *list {
+			val := strings.TrimSpace(raw)
+			if val == "" {
+				continue
+			}
+			if _, ok := seen[val]; ok {
+				continue
+			}
+			seen[val] = struct{}{}
+			out = append(out, val)
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return &out
+}
+
+func mergeAccessMethods(left, right *[]drsapi.AccessMethod) *[]drsapi.AccessMethod {
+	seen := map[string]struct{}{}
+	out := make([]drsapi.AccessMethod, 0)
+	for _, list := range []*[]drsapi.AccessMethod{left, right} {
+		if list == nil {
+			continue
+		}
+		for _, method := range *list {
+			key := canonicalAccessMethod(method)
+			if _, ok := seen[key]; ok {
+				continue
+			}
+			seen[key] = struct{}{}
+			out = append(out, method)
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return &out
+}
+
+func equalStringPointers(a, b *[]string) bool {
+	return equalJSON(a, b)
+}
+
+func equalStringValuePointers(a, b *string) bool {
+	return equalJSON(a, b)
+}
+
+func equalAccessMethodPointers(a, b *[]drsapi.AccessMethod) bool {
+	return equalJSON(a, b)
+}
+
+func equalJSON(a, b any) bool {
+	ab, _ := json.Marshal(a)
+	bb, _ := json.Marshal(b)
+	return string(ab) == string(bb)
+}
diff --git a/cmd/copyrecords/run.go b/cmd/copyrecords/run.go
new file mode 100644
index 00000000..ddbd747c
--- /dev/null
+++ b/cmd/copyrecords/run.go
@@ -0,0 +1,85 @@
+package copyrecords
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"os"
+)
+
+type copyStats struct {
+	SourceSeen int
+	Created    int
+	Updated    int
+	Unchanged  int
+	Written    int
+}
+
+func copyProjectRecords(ctx context.Context, logger *slog.Logger, src indexAPI, dst indexAPI, org, project string, batchSize int, overwriteNameFileName bool) (copyStats, error) {
+	if batchSize <= 0 {
+		batchSize = 250
+	}
+
+	stats := copyStats{}
+	fmt.Fprintf(os.Stderr, "copy-records: scanning source records for %s/%s\n", org, project)
+	records, err := listSourceRecordsByControlledAccess(ctx, src, org, project, batchSize)
+	if err != nil {
+		return stats, err
+	}
+	stats.SourceSeen = len(records)
+	fmt.Fprintf(os.Stderr, "copy-records: source scan complete, %d records in scope\n", stats.SourceSeen)
+
+	for start := 0; start < len(records); start += batchSize {
+		end := start + batchSize
+		if end > len(records) {
+			end = len(records)
+		}
+
+		batch := records[start:end]
+		fmt.Fprintf(os.Stderr, "copy-records: reconciling batch %d-%d of %d\n", start+1, end, len(records))
+		toWrite, batchStats, err := buildMergedBatch(ctx, dst, batch, overwriteNameFileName)
+		if err != nil {
+			return stats, err
+		}
+		stats.Created += batchStats.Created
+		stats.Updated += batchStats.Updated
+		stats.Unchanged += batchStats.Unchanged
+
+		if len(toWrite) > 0 {
+			resp, err := dst.CreateBulk(ctx, copyBulkCreateRequest{Records: toWrite})
+			if err != nil {
+				return stats, fmt.Errorf("target bulk create failed for batch starting at %d: %w", start, err)
+			}
+			if resp.Records != nil {
+				stats.Written += len(*resp.Records)
+			} else {
+				stats.Written += len(toWrite)
+			}
+		}
+		fmt.Fprintf(
+			os.Stderr,
+			"copy-records: batch %d-%d complete, created=%d updated=%d unchanged=%d written=%d\n",
+			start+1,
+			end,
+			batchStats.Created,
+			batchStats.Updated,
+			batchStats.Unchanged,
+			len(toWrite),
+		)
+
+		if logger != nil {
+			logger.Info("copy-records batch complete",
+				"organization", org,
+				"project", project,
+				"batch_start", start,
+				"source_records", len(batch),
+				"created", batchStats.Created,
+				"updated", batchStats.Updated,
+				"unchanged", batchStats.Unchanged,
+				"written", len(toWrite),
+			)
+		}
+	}
+
+	return stats, nil
+}
diff --git a/cmd/copyrecords/scan.go b/cmd/copyrecords/scan.go
new file mode 100644
index 00000000..e04f13b5
--- /dev/null
+++ b/cmd/copyrecords/scan.go
@@ -0,0 +1,90 @@
+package copyrecords
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+
+	syservices "github.com/calypr/syfon/client/services"
+	sycommon "github.com/calypr/syfon/common"
+)
+
+func parseScopeArg(raw string) (string, string, error) {
+	raw = strings.TrimSpace(raw)
+	if raw == "" {
+		return "", "", fmt.Errorf("scope is required and must be in organization/project form")
+	}
+	parts := strings.Split(raw, "/")
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	org := strings.TrimSpace(parts[0])
+	project := strings.TrimSpace(parts[1])
+	if org == "" || project == "" {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	return org, project, nil
+}
+
+func listSourceRecordsByControlledAccess(ctx context.Context, src indexAPI, org, project string, batchSize int) ([]copyRecord, error) {
+	resource, err := sycommon.ResourcePath(org, project)
+	if err != nil {
+		return nil, fmt.Errorf("invalid scope %s/%s: %w", org, project, err)
+	}
+	if batchSize <= 0 {
+		batchSize = 250
+	}
+
+	page := 1
+	out := make([]copyRecord, 0)
+	seen := map[string]struct{}{}
+	for {
+		fmt.Fprintf(os.Stderr, "copy-records: scanning source index page %d, matched-so-far=%d\n", page, len(out))
+		listResp, err := src.List(ctx, syservices.ListRecordsOptions{
+			Limit: batchSize,
+			Page:  page,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("fallback source list failed for %s/%s page %d: %w", org, project, page, err)
+		}
+		records := []copyRecord{}
+		if listResp.Records != nil {
+			records = *listResp.Records
+		}
+		if len(records) == 0 {
+			break
+		}
+		for _, rec := range records {
+			if !recordHasControlledAccess(rec, resource) {
+				continue
+			}
+			did := strings.TrimSpace(rec.Did)
+			if did == "" {
+				continue
+			}
+			if _, ok := seen[did]; ok {
+				continue
+			}
+			seen[did] = struct{}{}
+			out = append(out, rec)
+		}
+		if len(records) < batchSize {
+			break
+		}
+		page++
+	}
+	return out, nil
+}
+
+func recordHasControlledAccess(rec copyRecord, resource string) bool {
+	if rec.ControlledAccess == nil {
+		return false
+	}
+	for _, candidate := range *rec.ControlledAccess {
+		if strings.TrimSpace(candidate) == resource {
+			return true
+		}
+	}
+	return false
+}
diff --git a/cmd/credentialhelper/main.go b/cmd/credentialhelper/main.go
index f9324a64..e377c8f3 100644
--- a/cmd/credentialhelper/main.go
+++ b/cmd/credentialhelper/main.go
@@ -8,11 +8,12 @@ import (
 	"net/url"
 	"os"
 	"strings"
+	"time"
 
-	"github.com/calypr/data-client/credentials"
+	conf "github.com/calypr/calypr-cli/conf"
+	"github.com/calypr/calypr-cli/credentials"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
-	conf "github.com/calypr/syfon/client/config"
 	"github.com/spf13/cobra"
 )
 
@@ -54,8 +55,12 @@ var Cmd = &cobra.Command{
 
 		// Local/basic-auth remotes: prefer explicit repo credentials.
 		if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil && username != "" && password != "" {
-			fmt.Fprintf(os.Stdout, "username=%s\npassword=%s\n\n", username, password)
-			_ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+			if _, err := fmt.Fprintf(os.Stdout, "username=%s\npassword=%s\n\n", username, password); err != nil {
+				return fmt.Errorf("write credential helper response: %w", err)
+			}
+			if err := gitrepo.SetRemoteLFSURL(remoteName, endpoint); err != nil {
+				return fmt.Errorf("sync LFS URL for remote %q: %w", remoteName, err)
+			}
 			return nil
 		}
 
@@ -72,12 +77,14 @@ var Cmd = &cobra.Command{
 			if token != "" {
 				cred.AccessToken = token
 			}
-			if ensureErr := credentials.EnsureValidCredential(context.Background(), cred, logg); ensureErr == nil {
-				_ = manager.Save(cred)
-				token = strings.TrimSpace(cred.AccessToken)
-				if token != "" {
-					_ = gitrepo.SetRemoteToken(remoteName, token)
+			ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+			ensureErr := credentials.EnsureValidCredential(ctx, cred, logg)
+			cancel()
+			if ensureErr == nil {
+				if err := manager.Save(cred); err != nil {
+					return fmt.Errorf("save refreshed credential for remote %q: %w", remoteName, err)
 				}
+				token = strings.TrimSpace(cred.AccessToken)
 			}
 		}
 
@@ -86,10 +93,14 @@ var Cmd = &cobra.Command{
 		}
 
 		// Username can be arbitrary for token-based Basic auth; server reads password token.
-		fmt.Fprintf(os.Stdout, "username=oauth2\npassword=%s\n\n", token)
+		if _, err := fmt.Fprintf(os.Stdout, "username=oauth2\npassword=%s\n\n", token); err != nil {
+			return fmt.Errorf("write credential helper response: %w", err)
+		}
 
 		// Keep lfsurl synced for this remote.
-		_ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+		if err := gitrepo.SetRemoteLFSURL(remoteName, endpoint); err != nil {
+			return fmt.Errorf("sync LFS URL for remote %q: %w", remoteName, err)
+		}
 		return nil
 	},
 }
diff --git a/cmd/delete/main.go b/cmd/delete/main.go
index 9fe38764..9932f1eb 100644
--- a/cmd/delete/main.go
+++ b/cmd/delete/main.go
@@ -1,14 +1,17 @@
 package delete
 
 import (
+	"bufio"
 	"context"
 	"fmt"
+	"io"
 	"os"
+	"strings"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	"github.com/calypr/syfon/client/hash"
 	"github.com/spf13/cobra"
 )
@@ -18,6 +21,8 @@ var (
 	confirmFlag bool
 )
 
+const confirmYes = "yes"
+
 // Cmd line declaration
 // Cmd line declaration
 var Cmd = &cobra.Command{
@@ -46,14 +51,14 @@ var Cmd = &cobra.Command{
 			return fmt.Errorf("error getting default remote: %v", err)
 		}
 
-		drsClient, err := cfg.GetRemoteClient(remoteName, logger)
+		drsClient, err := remoteruntime.New(cfg, remoteName, logger)
 		if err != nil {
 			logger.Error(fmt.Sprintf("error creating DRS client: %s", err))
 			return err
 		}
 
 		// Get record details before deletion for confirmation
-		records, err := drsremote.ObjectsByHashForScope(context.Background(), drsClient, oid)
+		records, err := lookup.ObjectsByHashForScope(context.Background(), drsClient, oid)
 		if err != nil {
 			return fmt.Errorf("error getting records for OID %s: %v", oid, err)
 		}
@@ -64,22 +69,40 @@ var Cmd = &cobra.Command{
 		// Show details and get confirmation unless --confirm flag is set
 		if !confirmFlag {
 			projectId := drsClient.ProjectId
-			common.DisplayWarningHeader(os.Stderr, "DELETE a DRS record")
-			common.DisplayField(os.Stderr, "Remote", string(remoteName))
-			common.DisplayField(os.Stderr, "Project", projectId)
-			common.DisplayField(os.Stderr, "OID", oid)
-			common.DisplayField(os.Stderr, "Hash Type", hashType)
-			common.DisplayField(os.Stderr, "Matched DIDs", fmt.Sprintf("%d", len(records)))
+			if err := displayWarningHeader(os.Stderr, "DELETE a DRS record"); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "Remote", string(remoteName)); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "Project", projectId); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "OID", oid); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "Hash Type", hashType); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "Matched DIDs", fmt.Sprintf("%d", len(records))); err != nil {
+				return err
+			}
 			if len(records) > 0 {
-				common.DisplayField(os.Stderr, "Example DID", records[0].Id)
+				if err := displayField(os.Stderr, "Example DID", records[0].Id); err != nil {
+					return err
+				}
+			}
+			if err := displayField(os.Stderr, "Warning", "This deletes all DIDs (pointers) resolved by this SHA256 in this backend"); err != nil {
+				return err
+			}
+			if err := displayFooter(os.Stderr); err != nil {
+				return err
 			}
-			common.DisplayField(os.Stderr, "Warning", "This deletes all DIDs (pointers) resolved by this SHA256 in this backend")
-			common.DisplayFooter(os.Stderr)
 
-			if err := common.PromptForConfirmation(
+			if err := promptForConfirmation(
 				os.Stderr,
 				"Type 'yes' to confirm deletion",
-				common.ConfirmationYes,
+				confirmYes,
 				false,
 			); err != nil {
 				return err
@@ -101,3 +124,42 @@ func init() {
 	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
 	Cmd.Flags().BoolVar(&confirmFlag, "confirm", false, "skip interactive confirmation prompt")
 }
+
+func promptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error {
+	if _, err := fmt.Fprintf(w, "%s: ", prompt); err != nil {
+		return err
+	}
+
+	reader := bufio.NewReader(os.Stdin)
+	response, err := reader.ReadString('\n')
+	if err != nil {
+		return fmt.Errorf("error reading confirmation: %v", err)
+	}
+
+	response = strings.TrimSpace(response)
+	if !caseSensitive {
+		response = strings.ToLower(response)
+		expectedResponse = strings.ToLower(expectedResponse)
+	}
+
+	if response != expectedResponse {
+		return fmt.Errorf("operation cancelled: confirmation did not match")
+	}
+
+	return nil
+}
+
+func displayWarningHeader(w io.Writer, operation string) error {
+	_, err := fmt.Fprintf(w, "\nWARNING: You are about to %s\n\n", operation)
+	return err
+}
+
+func displayField(w io.Writer, key, value string) error {
+	_, err := fmt.Fprintf(w, "%-11s %s\n", key+":", value)
+	return err
+}
+
+func displayFooter(w io.Writer) error {
+	_, err := fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
+	return err
+}
diff --git a/cmd/deleteproject/main.go b/cmd/deleteproject/main.go
index b35606ff..1a43675f 100644
--- a/cmd/deleteproject/main.go
+++ b/cmd/deleteproject/main.go
@@ -1,13 +1,16 @@
 package deleteproject
 
 import (
+	"bufio"
 	"context"
 	"fmt"
+	"io"
 	"os"
+	"strings"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	syservices "github.com/calypr/syfon/client/services"
 	"github.com/spf13/cobra"
 )
@@ -38,7 +41,7 @@ var Cmd = &cobra.Command{
 			return fmt.Errorf("error getting default remote: %v", err)
 		}
 
-		drsClient, err := cfg.GetRemoteClient(remoteName, logger)
+		drsClient, err := remoteruntime.New(cfg, remoteName, logger)
 		if err != nil {
 			logger.Error(fmt.Sprintf("error creating DRS client: %s", err))
 			return err
@@ -66,28 +69,42 @@ var Cmd = &cobra.Command{
 			return fmt.Errorf("error: --confirm value '%s' does not match project ID '%s'", confirmFlag, projectId)
 		}
 		if confirmFlag != projectId {
-			common.DisplayWarningHeader(os.Stderr, "DELETE ALL RECORDS for a project")
-			common.DisplayField(os.Stderr, "Remote", string(remoteName))
-			common.DisplayField(os.Stderr, "Project ID", projectId)
+			if err := displayWarningHeader(os.Stderr, "DELETE ALL RECORDS for a project"); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "Remote", string(remoteName)); err != nil {
+				return err
+			}
+			if err := displayField(os.Stderr, "Project ID", projectId); err != nil {
+				return err
+			}
 
 			if listResp.Records != nil && len(*listResp.Records) > 0 {
 				sample := (*listResp.Records)[0]
 				fmt.Fprintf(os.Stderr, "\nSample record from this project:\n")
-				common.DisplayField(os.Stderr, "  DID", sample.Did)
+				if err := displayField(os.Stderr, "  DID", sample.Did); err != nil {
+					return err
+				}
 				if sample.FileName != nil && *sample.FileName != "" {
-					common.DisplayField(os.Stderr, "  Filename", *sample.FileName)
+					if err := displayField(os.Stderr, "  Filename", *sample.FileName); err != nil {
+						return err
+					}
 				}
 				if sample.Size != nil {
-					common.DisplayField(os.Stderr, "  Size", fmt.Sprintf("%d bytes", *sample.Size))
+					if err := displayField(os.Stderr, "  Size", fmt.Sprintf("%d bytes", *sample.Size)); err != nil {
+						return err
+					}
 				}
 			} else {
 				fmt.Fprintf(os.Stderr, "\nNo records found for this project.\n")
 			}
 
 			fmt.Fprintf(os.Stderr, "\nThis will DELETE ALL records in project '%s'.\n", projectId)
-			common.DisplayFooter(os.Stderr)
+			if err := displayFooter(os.Stderr); err != nil {
+				return err
+			}
 
-			if err := common.PromptForConfirmation(os.Stderr, fmt.Sprintf("Type the project ID '%s' to confirm deletion", projectId), projectId, true); err != nil {
+			if err := promptForConfirmation(os.Stderr, fmt.Sprintf("Type the project ID '%s' to confirm deletion", projectId), projectId, true); err != nil {
 				return err
 			}
 		}
@@ -110,3 +127,42 @@ func init() {
 	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
 	Cmd.Flags().StringVar(&confirmFlag, "confirm", "", "skip interactive confirmation by providing the project_id (e.g., --confirm my-project)")
 }
+
+func promptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error {
+	if _, err := fmt.Fprintf(w, "%s: ", prompt); err != nil {
+		return err
+	}
+
+	reader := bufio.NewReader(os.Stdin)
+	response, err := reader.ReadString('\n')
+	if err != nil {
+		return fmt.Errorf("error reading confirmation: %v", err)
+	}
+
+	response = strings.TrimSpace(response)
+	if !caseSensitive {
+		response = strings.ToLower(response)
+		expectedResponse = strings.ToLower(expectedResponse)
+	}
+
+	if response != expectedResponse {
+		return fmt.Errorf("operation cancelled: confirmation did not match")
+	}
+
+	return nil
+}
+
+func displayWarningHeader(w io.Writer, operation string) error {
+	_, err := fmt.Fprintf(w, "\nWARNING: You are about to %s\n\n", operation)
+	return err
+}
+
+func displayField(w io.Writer, key, value string) error {
+	_, err := fmt.Fprintf(w, "%-11s %s\n", key+":", value)
+	return err
+}
+
+func displayFooter(w io.Writer) error {
+	_, err := fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
+	return err
+}
diff --git a/cmd/download/main.go b/cmd/download/main.go
deleted file mode 100644
index 599cd2e0..00000000
--- a/cmd/download/main.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package download
-
-import (
-	"context"
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	sydownload "github.com/calypr/syfon/client/transfer/download"
-	"github.com/spf13/cobra"
-)
-
-var remote string
-var outdir string
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "download <DRS ID>",
-	Short: "Download a file from a DRS server",
-	Long:  "Download a file from a DRS server, without creating an LFS pointer",
-	Args:  cobra.MinimumNArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		logger := drslog.GetLogger()
-
-		config, err := config.LoadConfig()
-		if err != nil {
-			return err
-		}
-
-		remoteName, err := config.GetRemoteOrDefault(remote)
-		if err != nil {
-			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-			return err
-		}
-
-		client, err := config.GetRemoteClient(remoteName, logger)
-		if err != nil {
-			return err
-		}
-		for _, src := range args {
-			obj, err := client.Client.DRS().GetObject(context.Background(), src)
-			if err != nil {
-				logger.Error(fmt.Sprintf("Error downloading object %s: %v", src, err))
-			} else {
-				common.PrintDRSObject(obj, false)
-				dstName := src
-				if obj.Name != nil && *obj.Name != "" {
-					dstName = filepath.Base(*obj.Name)
-				}
-				dstPath := filepath.Join(outdir, dstName)
-				logger.Info(fmt.Sprintf("Downloading object %s to path %s", src, dstPath))
-				accessURL, err := resolveAccessURL(cmd.Context(), client, obj)
-				if err != nil {
-					logger.Error(fmt.Sprintf("Error resolving access URL for object %s: %v", src, err))
-					continue
-				}
-				if err := drsremote.DownloadResolvedToPath(cmd.Context(), client, obj.Id, dstPath, &obj, accessURL, sydownload.DownloadOptions{
-					MultipartThreshold: 5 * 1024 * 1024,
-					Concurrency:        2,
-					ChunkSize:          64 * 1024 * 1024,
-				}); err != nil {
-					logger.Error(fmt.Sprintf("Error downloading object %s to path %s: %v", src, dstPath, err))
-				} else {
-					logger.Info(fmt.Sprintf("Successfully downloaded object %s to path %s", src, dstPath))
-				}
-			}
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-	Cmd.Flags().StringVarP(&outdir, "outdir", "o", ".", "output directory for downloaded files")
-}
-
-func resolveAccessURL(ctx context.Context, remote *config.GitContext, obj drsapi.DrsObject) (*drsapi.AccessURL, error) {
-	if remote == nil || remote.Client == nil {
-		return nil, fmt.Errorf("DRS client unavailable")
-	}
-	if obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 {
-		return nil, fmt.Errorf("no access methods available for DRS object %s", obj.Id)
-	}
-	accessType := strings.TrimSpace(string((*obj.AccessMethods)[0].Type))
-	if accessType == "" {
-		return nil, fmt.Errorf("no access type found in access method for DRS object %s", obj.Id)
-	}
-	accessURL, err := remote.Client.DRS().GetAccessURL(ctx, obj.Id, accessType)
-	if err != nil {
-		return nil, err
-	}
-	return &accessURL, nil
-}
diff --git a/cmd/fetch/fetch_test.go b/cmd/fetch/fetch_test.go
deleted file mode 100644
index 37766718..00000000
--- a/cmd/fetch/fetch_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package fetch
-
-import (
-	"testing"
-
-	"github.com/calypr/git-drs/internal/testutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFetchCmdArgs(t *testing.T) {
-	// Test with no arguments (valid)
-	err := Cmd.Args(Cmd, []string{})
-	assert.NoError(t, err)
-
-	// Test with 1 argument (valid)
-	err = Cmd.Args(Cmd, []string{"origin"})
-	assert.NoError(t, err)
-
-	// Test with multiple arguments (invalid)
-	err = Cmd.Args(Cmd, []string{"origin", "extra"})
-	assert.Error(t, err)
-}
-
-func TestFetchRun_Error(t *testing.T) {
-	_ = testutils.SetupTestGitRepo(t)
-	// No config, should error
-	err := Cmd.RunE(Cmd, []string{})
-	assert.Error(t, err)
-}
-
-func TestFetchRun_InvalidRemote(t *testing.T) {
-	tmpDir := testutils.SetupTestGitRepo(t)
-	testutils.CreateDefaultTestConfig(t, tmpDir)
-	// Fetch from non-existent remote
-	err := Cmd.RunE(Cmd, []string{"no-remote"})
-	assert.Error(t, err)
-}
diff --git a/cmd/fetch/main.go b/cmd/fetch/main.go
deleted file mode 100644
index 0acf089a..00000000
--- a/cmd/fetch/main.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package fetch
-
-import (
-	"fmt"
-	"os/exec"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/spf13/cobra"
-)
-
-var runCommand = func(name string, args ...string) ([]byte, error) {
-	cmd := exec.Command(name, args...)
-	return cmd.CombinedOutput()
-}
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "fetch [remote-name]",
-	Short: "Fetch LFS objects from remote via standard git-lfs",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 1 {
-			cmd.SilenceUsage = false
-			return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs fetch --help' for more details", len(args), cmd.UseLine())
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		logger := drslog.GetLogger()
-
-		cfg, err := config.LoadConfig()
-		if err != nil {
-			return fmt.Errorf("error loading config: %v", err)
-		}
-
-		var remote config.Remote
-		if len(args) > 0 {
-			remote = config.Remote(args[0])
-		} else {
-			remote, err = cfg.GetDefaultRemote()
-			if err != nil {
-				logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-				return err
-			}
-		}
-
-		drsClient, err := cfg.GetRemoteClient(remote, logger)
-		if err != nil {
-			logger.Error(fmt.Sprintf("\nerror creating DRS client: %s", err))
-			return err
-		}
-		_ = drsClient // Remote validation only.
-
-		out, err := runCommand("git", "lfs", "pull", string(remote))
-		if err != nil {
-			msg := strings.TrimSpace(string(out))
-			if msg == "" {
-				msg = err.Error()
-			}
-			return fmt.Errorf("git lfs pull failed for remote %q: %s", remote, msg)
-		}
-
-		return nil
-	},
-}
diff --git a/cmd/filter/main.go b/cmd/filter/main.go
index 7f5ebd04..cc70f45b 100644
--- a/cmd/filter/main.go
+++ b/cmd/filter/main.go
@@ -19,11 +19,11 @@ import (
 	"os"
 
 	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drsfilter"
 	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
-	"github.com/calypr/git-drs/internal/gitfilter"
+	internalfilter "github.com/calypr/git-drs/internal/filter"
 	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	internaltransfer "github.com/calypr/git-drs/internal/transfer"
 	"github.com/spf13/cobra"
 )
 
@@ -51,13 +51,13 @@ func runFilter(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("filter: load config: %w", err)
 	}
 
-	var drsCtx *config.GitContext
+	var drsCtx *remoteruntime.GitContext
 
 	remote, err := cfg.GetDefaultRemote()
 	if err != nil {
 		logger.Info("filter: no default remote", "err", err)
 	} else {
-		drsCtx, err = cfg.GetRemoteClient(remote, logger)
+		drsCtx, err = remoteruntime.New(cfg, remote, logger)
 		if err != nil {
 			logger.Info("DRS server not configured or unreachable", "err", err)
 		}
@@ -69,7 +69,7 @@ func runFilter(cmd *cobra.Command, _ []string) error {
 	}
 	logger.Debug("Resolved LFS root directory", "lfsRoot", lfsRoot)
 	// Build the filter and register handlers.
-	f := gitfilter.NewGitFilter(os.Stdin, os.Stdout, logger).
+	f := internalfilter.NewGitFilter(os.Stdin, os.Stdout, logger).
 		OnSmudge(makeSmudgeHandler(drsCtx, logger)).
 		OnClean(makeCleanHandler(lfsRoot, logger))
 
@@ -80,16 +80,16 @@ func runFilter(cmd *cobra.Command, _ []string) error {
 // Smudge handler — checkout: LFS pointer → real file content
 // --------------------------------------------------------------------------
 
-func makeSmudgeHandler(drsCtx *config.GitContext, logger *slog.Logger) gitfilter.SmudgeFunc {
-	return func(ctx context.Context, req gitfilter.FilterRequest, ptr io.Reader, dst io.Writer) error {
+func makeSmudgeHandler(drsCtx *remoteruntime.GitContext, logger *slog.Logger) internalfilter.SmudgeFunc {
+	return func(ctx context.Context, req internalfilter.FilterRequest, ptr io.Reader, dst io.Writer) error {
 		logger.Debug("smudge handler invoked", "pathname", req.Pathname)
-		var downloadFn drsfilter.SmudgeDownloadFunc
-		if drsCtx != nil {
+		var downloadFn internalfilter.SmudgeDownloadFunc
+		if drsCtx != nil && !internalfilter.ShouldSkipSmudge() {
 			downloadFn = func(callCtx context.Context, oid, cachePath string) error {
-				return drsremote.DownloadToCachePath(callCtx, drsCtx, logger, oid, cachePath)
+				return internaltransfer.DownloadToCachePath(callCtx, drsCtx, oid, cachePath)
 			}
 		}
-		return drsfilter.SmudgeContent(ctx, req.Pathname, ptr, dst, logger, downloadFn)
+		return internalfilter.SmudgeContent(ctx, req.Pathname, ptr, dst, logger, downloadFn)
 	}
 }
 
@@ -97,10 +97,10 @@ func makeSmudgeHandler(drsCtx *config.GitContext, logger *slog.Logger) gitfilter
 // Clean handler — stage: real file content → LFS pointer
 // --------------------------------------------------------------------------
 
-func makeCleanHandler(lfsRoot string, logger *slog.Logger) gitfilter.CleanFunc {
-	return func(ctx context.Context, req gitfilter.FilterRequest, content io.Reader, dst io.Writer) error {
+func makeCleanHandler(lfsRoot string, logger *slog.Logger) internalfilter.CleanFunc {
+	return func(ctx context.Context, req internalfilter.FilterRequest, content io.Reader, dst io.Writer) error {
 		logger.Debug("clean", "pathname", req.Pathname)
-		return drsfilter.CleanContent(ctx, lfsRoot, req.Pathname, content, dst, logger)
+		return internalfilter.CleanContent(ctx, lfsRoot, req.Pathname, content, dst, logger)
 	}
 }
 
diff --git a/cmd/initialize/main.go b/cmd/initialize/main.go
index 95fcdf65..304609c2 100644
--- a/cmd/initialize/main.go
+++ b/cmd/initialize/main.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
@@ -39,73 +38,152 @@ var Cmd = &cobra.Command{
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
-
-		// check if .git dir exists to ensure you're in a git repository
-		_, err := gitrepo.GitTopLevel()
-		if err != nil {
-			return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+		if err := InitializeRepo(logg); err != nil {
+			return err
 		}
+		logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
+		return nil
+	},
+}
 
-		// create config file if it doesn't exist
-		err = config.CreateEmptyConfig()
-		if err != nil {
-			return fmt.Errorf("error: unable to create config file: %v", err)
-		}
+// InitializeRepo applies git-drs repository-local setup to the current git repository.
+// It is safe to call repeatedly.
+func InitializeRepo(logg *slog.Logger) error {
+	// check if .git dir exists to ensure you're in a git repository
+	_, err := gitrepo.GitTopLevel()
+	if err != nil {
+		return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+	}
 
-		// load the config
-		_, err = config.LoadConfig()
-		if err != nil {
-			logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
-			return fmt.Errorf("error: unable to load config file: %v", err)
-		}
+	// create config file if it doesn't exist
+	err = config.CreateEmptyConfig()
+	if err != nil {
+		return fmt.Errorf("error: unable to create config file: %v", err)
+	}
 
-		// create drs directories
-		drsDir := common.DRS_DIR
-		drsLfsObjsDir := common.DRS_OBJS_PATH
-		if err := os.MkdirAll(drsDir, 0755); err != nil {
-			return fmt.Errorf("error: unable to create drs directory: %v", err)
-		}
-		if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil {
-			return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
-		}
+	// load the config
+	_, err = config.LoadConfig()
+	if err != nil {
+		logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
+		return fmt.Errorf("error: unable to load config file: %v", err)
+	}
 
-		err = initGitConfig()
-		if err != nil {
-			return fmt.Errorf("error initializing git-drs repository config: %v", err)
-		}
+	// create drs directories
+	drsDir := gitrepo.DRSDir
+	drsLfsObjsDir := gitrepo.DRSObjectsPath
+	if err := os.MkdirAll(drsDir, 0755); err != nil {
+		return fmt.Errorf("error: unable to create drs directory: %v", err)
+	}
+	if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil {
+		return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
+	}
 
-		// install pre-push hook
-		err = installPrePushHook(logg)
-		if err != nil {
-			return fmt.Errorf("error installing pre-push hook: %v", err)
-		}
-		// install pre-commit hook
-		err = installPreCommitHook(logg)
-		if err != nil {
-			return fmt.Errorf("error installing pre-commit hook: %v", err)
+	err = initGitConfig()
+	if err != nil {
+		return fmt.Errorf("error initializing git-drs repository config: %v", err)
+	}
+
+	// install pre-commit hook
+	err = installPreCommitHook(logg)
+	if err != nil {
+		return fmt.Errorf("error installing pre-commit hook: %v", err)
+	}
+	if err := removeLegacyPrePushHook(logg); err != nil {
+		return fmt.Errorf("error repairing legacy pre-push hook: %v", err)
+	}
+
+	logg.Debug("Git DRS initialized")
+	return nil
+}
+
+// EnsureInitialized applies initialization only when the repository does not
+// already appear to have git-drs local setup installed.
+func EnsureInitialized(logg *slog.Logger) error {
+	initialized, err := isInitialized()
+	if err != nil {
+		return err
+	}
+	if initialized {
+		return removeLegacyPrePushHook(logg)
+	}
+	return InitializeRepo(logg)
+}
+
+func isInitialized() (bool, error) {
+	if _, err := gitrepo.GitTopLevel(); err != nil {
+		return false, fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+	}
+
+	if _, err := os.Stat(gitrepo.DRSDir); err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
 		}
+		return false, fmt.Errorf("error checking git-drs directory: %v", err)
+	}
 
-		// final logs
-		logg.Debug("Git DRS initialized")
-		logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
-		return nil
-	},
+	if val, err := gitrepo.GetGitConfigString("filter.drs.process"); err != nil || strings.TrimSpace(val) != "git-drs filter" {
+		return false, err
+	}
+	if val, err := gitrepo.GetGitConfigString("filter.drs.clean"); err != nil || strings.TrimSpace(val) != "git-drs clean -- %f" {
+		return false, err
+	}
+	if val, err := gitrepo.GetGitConfigString("filter.drs.smudge"); err != nil || strings.TrimSpace(val) != "git-drs smudge -- %f" {
+		return false, err
+	}
+	if val, err := gitrepo.GetGitConfigString("filter.drs.required"); err != nil || strings.TrimSpace(val) != "true" {
+		return false, err
+	}
+
+	preCommitInstalled, err := hookContains("pre-commit", "git drs precommit")
+	if err != nil {
+		return false, err
+	}
+	if !preCommitInstalled {
+		return false, nil
+	}
+
+	return true, nil
+}
+
+func hookContains(name, marker string) (bool, error) {
+	hooksDir, err := gitrepo.GetGitHooksDir()
+	if err != nil {
+		return false, fmt.Errorf("unable to get hooks directory: %w", err)
+	}
+	content, err := os.ReadFile(filepath.Join(hooksDir, name))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	return strings.Contains(string(content), marker), nil
 }
 
+var noSkipSmudge bool
+
 func initGitConfig() error {
 	configs := map[string]string{
+		"push.autoSetupRemote":    "true",
 		"lfs.allowincompletepush": "false",
 		"lfs.concurrenttransfers": strconv.Itoa(transfers),
 		// Use git-drs as the long-running filter-process handler.
 		// This replaces the default git-lfs smudge/clean per-invocation commands
 		// with a single persistent process that calls the DRS transfer stack directly.
-		"filter.drs.process": "git-drs filter",
+		"filter.drs.clean":    "git-drs clean -- %f",
+		"filter.drs.smudge":   "git-drs smudge -- %f",
+		"filter.drs.process":  "git-drs filter",
+		"filter.drs.required": "true",
 		// Canonical git-drs config keys consumed by clients.
 		"drs.upsert":                  strconv.FormatBool(upsert),
 		"drs.multipart-threshold":     strconv.Itoa(multiPartThreshold),
 		"drs.enable-data-client-logs": strconv.FormatBool(enableDataClientLogs),
 	}
 
+	if noSkipSmudge {
+		configs["drs.skipsmudge"] = "false"
+	}
+
 	if err := gitrepo.SetGitConfigOptions(configs); err != nil {
 		return fmt.Errorf("unable to write git config: %w", err)
 	}
@@ -117,62 +195,7 @@ func init() {
 	Cmd.Flags().BoolVarP(&upsert, "upsert", "u", false, "Enable upsert for DRS objects")
 	Cmd.Flags().IntVarP(&multiPartThreshold, "multipart-threshold", "m", 5120, "Multipart threshold in MB")
 	Cmd.Flags().BoolVar(&enableDataClientLogs, "enable-data-client-logs", false, "Enable data-client internal logs")
-}
-
-func installPrePushHook(logger *slog.Logger) error {
-	hooksDir, err := gitrepo.GetGitHooksDir()
-	if err != nil {
-		return fmt.Errorf("unable to get hooks directory: %w", err)
-	}
-
-	if err := os.MkdirAll(hooksDir, 0755); err != nil {
-		return fmt.Errorf("unable to create hooks directory: %w", err)
-	}
-
-	hookPath := filepath.Join(hooksDir, "pre-push")
-	hookBody := `
-# . git/hooks/pre-push
-remote="$1"
-url="$2"
-
-# Buffer stdin for both commands
-TMPFILE="${TMPDIR:-/tmp}/git-drs-$$"
-trap "rm -f $TMPFILE" EXIT
-cat > "$TMPFILE"
-
-# Run DRS preparation
-git drs pre-push-prepare "$remote" "$url" < "$TMPFILE" || exit 1
-
-# The managed git-drs push command handles upload/register directly.
-# The hook only stages metadata before the Git push proceeds.
-`
-	hookScript := "#!/bin/sh\n" + hookBody
-
-	existingContent, err := os.ReadFile(hookPath)
-	if err == nil {
-		// there is an existing hook, rename it, and let the user know
-		// Backup existing hook with timestamp
-		timestamp := time.Now().Format("20060102T150405")
-		backupPath := hookPath + "." + timestamp
-		if err := os.WriteFile(backupPath, existingContent, 0644); err != nil {
-			return fmt.Errorf("unable to back up existing pre-push hook: %w", err)
-		}
-		if err := os.Remove(hookPath); err != nil {
-			return fmt.Errorf("unable to remove hook after backing up: %w", err)
-		}
-		logger.Debug(fmt.Sprintf("pre-push hook updated; backup written to %s", backupPath))
-	}
-	// If there was an error other than expected not existing, return it
-	if err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("unable to read pre-push hook: %w", err)
-	}
-
-	err = os.WriteFile(hookPath, []byte(hookScript), 0755)
-	if err != nil {
-		return fmt.Errorf("unable to write pre-push hook: %w", err)
-	}
-	logger.Debug("pre-push hook installed")
-	return nil
+	Cmd.Flags().BoolVar(&noSkipSmudge, "no-skip-smudge", false, "Disable skipping smudge filter (force downloading file contents during checkout)")
 }
 
 func installPreCommitHook(logger *slog.Logger) error {
@@ -220,3 +243,32 @@ exec git drs precommit
 	logger.Debug("pre-commit hook installed")
 	return nil
 }
+
+func removeLegacyPrePushHook(logger *slog.Logger) error {
+	hooksDir, err := gitrepo.GetGitHooksDir()
+	if err != nil {
+		return fmt.Errorf("unable to get hooks directory: %w", err)
+	}
+	hookPath := filepath.Join(hooksDir, "pre-push")
+	content, err := os.ReadFile(hookPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("unable to read pre-push hook: %w", err)
+	}
+	if !strings.Contains(string(content), "git drs pre-push-prepare") {
+		return nil
+	}
+
+	timestamp := time.Now().Format("20060102T150405")
+	backupPath := hookPath + "." + timestamp
+	if err := os.WriteFile(backupPath, content, 0o644); err != nil {
+		return fmt.Errorf("unable to back up legacy pre-push hook: %w", err)
+	}
+	if err := os.Remove(hookPath); err != nil {
+		return fmt.Errorf("unable to remove legacy pre-push hook: %w", err)
+	}
+	logger.Debug(fmt.Sprintf("legacy pre-push hook removed; backup written to %s", backupPath))
+	return nil
+}
diff --git a/cmd/initialize/main_test.go b/cmd/initialize/main_test.go
index 1126a2dd..65e98062 100644
--- a/cmd/initialize/main_test.go
+++ b/cmd/initialize/main_test.go
@@ -11,28 +11,6 @@ import (
 	"github.com/calypr/git-drs/internal/testutils"
 )
 
-func TestInstallPrePushHook(t *testing.T) {
-	testutils.SetupTestGitRepo(t)
-	logger := drslog.NewNoOpLogger()
-
-	if err := installPrePushHook(logger); err != nil {
-		t.Fatalf("installPrePushHook error: %v", err)
-	}
-
-	hookPath := filepath.Join(".git", "hooks", "pre-push")
-	content, err := os.ReadFile(hookPath)
-	if err != nil {
-		t.Fatalf("read hook: %v", err)
-	}
-	if !strings.Contains(string(content), "git drs pre-push") {
-		t.Fatalf("expected hook to contain git drs pre-push")
-	}
-
-	if err := installPrePushHook(logger); err != nil {
-		t.Fatalf("installPrePushHook second call error: %v", err)
-	}
-}
-
 func TestInstallPreCommitHook(t *testing.T) {
 	testutils.SetupTestGitRepo(t)
 	logger := drslog.NewNoOpLogger()
@@ -105,4 +83,66 @@ func TestInitConfigValues(t *testing.T) {
 
 	check("lfs.concurrenttransfers", "8")
 	check("lfs.allowincompletepush", "false")
+	check("push.autoSetupRemote", "true")
+	check("filter.drs.clean", "git-drs clean -- %f")
+	check("filter.drs.smudge", "git-drs smudge -- %f")
+	check("filter.drs.process", "git-drs filter")
+	check("filter.drs.required", "true")
+}
+
+func TestEnsureInitialized(t *testing.T) {
+	testutils.SetupTestGitRepo(t)
+	logger := drslog.NewNoOpLogger()
+
+	if err := EnsureInitialized(logger); err != nil {
+		t.Fatalf("EnsureInitialized error: %v", err)
+	}
+	if err := EnsureInitialized(logger); err != nil {
+		t.Fatalf("EnsureInitialized second call error: %v", err)
+	}
+
+	if _, err := os.Stat(gitrepo.DRSDir); err != nil {
+		t.Fatalf("expected %s to exist: %v", gitrepo.DRSDir, err)
+	}
+	filterProcess, err := gitrepo.GetGitConfigString("filter.drs.process")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.process): %v", err)
+	}
+	if filterProcess != "git-drs filter" {
+		t.Fatalf("unexpected filter.drs.process: %q", filterProcess)
+	}
+	filterClean, err := gitrepo.GetGitConfigString("filter.drs.clean")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.clean): %v", err)
+	}
+	if filterClean != "git-drs clean -- %f" {
+		t.Fatalf("unexpected filter.drs.clean: %q", filterClean)
+	}
+}
+
+func TestEnsureInitializedRemovesLegacyPrePushHook(t *testing.T) {
+	testutils.SetupTestGitRepo(t)
+	logger := drslog.NewNoOpLogger()
+
+	hookPath := filepath.Join(".git", "hooks", "pre-push")
+	legacyHook := "#!/bin/sh\nexec git drs pre-push-prepare\n"
+	if err := os.WriteFile(hookPath, []byte(legacyHook), 0o755); err != nil {
+		t.Fatalf("write legacy pre-push hook: %v", err)
+	}
+
+	if err := EnsureInitialized(logger); err != nil {
+		t.Fatalf("EnsureInitialized error: %v", err)
+	}
+
+	if _, err := os.Stat(hookPath); !os.IsNotExist(err) {
+		t.Fatalf("expected legacy pre-push hook to be removed, got err=%v", err)
+	}
+
+	matches, err := filepath.Glob(hookPath + ".*")
+	if err != nil {
+		t.Fatalf("glob hook backups: %v", err)
+	}
+	if len(matches) == 0 {
+		t.Fatal("expected legacy pre-push hook backup to be created")
+	}
 }
diff --git a/cmd/list/main.go b/cmd/list/main.go
deleted file mode 100644
index dfcf7a7c..00000000
--- a/cmd/list/main.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package list
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/spf13/cobra"
-)
-
-var remote string
-var pretty = false
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "list",
-	Short: "List DRS objects in a DRS server",
-	Long:  "List DRS objects in a DRS server",
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		logger := drslog.GetLogger()
-
-		config, err := config.LoadConfig()
-		if err != nil {
-			return err
-		}
-
-		remoteName, err := config.GetRemoteOrDefault(remote)
-		if err != nil {
-			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-			return err
-		}
-
-		client, err := config.GetRemoteClient(remoteName, logger)
-		if err != nil {
-			return err
-		}
-
-		objs, err := client.Client.DRS().ListObjects(context.Background(), 1000, 1)
-		if err != nil {
-			return err
-		}
-
-		for _, drsObj := range objs.DrsObjects {
-			if err := common.PrintDRSObject(drsObj, pretty); err != nil {
-				return err
-			}
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-	Cmd.Flags().BoolVarP(&pretty, "pretty", "p", false, "pretty print JSON output")
-}
diff --git a/cmd/lsfiles/main.go b/cmd/lsfiles/main.go
index 96c3dfd1..e796e599 100644
--- a/cmd/lsfiles/main.go
+++ b/cmd/lsfiles/main.go
@@ -1,117 +1,41 @@
 package lsfiles
 
 import (
+	"context"
 	"fmt"
-	"log/slog"
-	"sort"
-	"strings"
 
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
-	"github.com/calypr/git-drs/internal/lfs"
 	"github.com/spf13/cobra"
 )
 
 var gitRemote string
 var drsRemote string
+var includePatterns []string
+var showLong bool
+var nameOnly bool
+var jsonOutput bool
+var drsStatus bool
 
-var (
-	loadConfig      = config.LoadConfig
-	resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) { return cfg.GetRemoteOrDefault(name) }
-	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
-		return cfg.GetRemoteClient(remote, logger)
+func validateOutputFlags() error {
+	if nameOnly && jsonOutput {
+		return fmt.Errorf("--name-only and --json are mutually exclusive")
 	}
-	loadLFSInventory    = lfs.GetAllLfsFiles
-	lookupScopedObjects = drsremote.ObjectsByHashForScope
-)
-
-type fileRow struct {
-	OID    string
-	Status string
-	Path   string
-	Detail string
-}
-
-func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string) ([]fileRow, error) {
-	logger := drslog.GetLogger()
-
-	cfg, err := loadConfig()
-	if err != nil {
-		return nil, err
-	}
-
-	remoteName, err := resolveRemote(cfg, drsRemoteName)
-	if err != nil {
-		logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-		return nil, err
-	}
-
-	client, err := newRemoteClient(cfg, remoteName, logger)
-	if err != nil {
-		return nil, err
-	}
-
-	lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, []string{}, logger)
-	if err != nil {
-		return nil, err
-	}
-
-	keys := make([]string, 0, len(lfsFiles))
-	for path := range lfsFiles {
-		keys = append(keys, path)
-	}
-	sort.Strings(keys)
-
-	rows := make([]fileRow, 0, len(keys))
-	for _, path := range keys {
-		info := lfsFiles[path]
-		row := fileRow{
-			OID:  info.Oid,
-			Path: path,
-		}
-
-		results, err := lookupScopedObjects(cmd.Context(), client, info.Oid)
-		switch {
-		case err != nil:
-			row.Status = "error"
-			row.Detail = err.Error()
-		case len(results) == 0:
-			row.Status = "missing"
-			row.Detail = "-"
-		default:
-			row.Status = "present"
-			ids := make([]string, 0, len(results))
-			for _, res := range results {
-				ids = append(ids, "drs://"+res.Id)
-			}
-			row.Detail = strings.Join(ids, ",")
-		}
-
-		rows = append(rows, row)
-	}
-
-	return rows, nil
-}
-
-func printRows(cmd *cobra.Command, rows []fileRow) error {
-	if _, err := fmt.Fprintf(cmd.OutOrStdout(), "OID\tSTATUS\tPATH\tDETAIL\n"); err != nil {
-		return err
-	}
-	for _, row := range rows {
-		if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s\t%s\t%s\t%s\n", row.OID, row.Status, row.Path, row.Detail); err != nil {
-			return err
-		}
+	if showLong && nameOnly {
+		return fmt.Errorf("--long and --name-only are mutually exclusive")
 	}
 	return nil
 }
 
-// Cmd line declaration
 var Cmd = &cobra.Command{
-	Use:   "ls-files",
-	Short: "List local LFS-tracked files and their DRS registration status",
+	Use:   "ls-files [pathspec...]",
+	Short: "List tracked DRS/LFS pointer files in the repository",
+	Long:  "List tracked DRS/Git-LFS pointer files in the repository. By default this behaves like a local file inventory. Use --drs to also resolve DRS registration status.",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		rows, err := collectRows(cmd, gitRemote, drsRemote)
+		if err := validateOutputFlags(); err != nil {
+			return err
+		}
+		patterns := append([]string{}, includePatterns...)
+		patterns = append(patterns, args...)
+		rows, err := collectRows(context.Background(), gitRemote, drsRemote, patterns, drsStatus)
 		if err != nil {
 			return err
 		}
@@ -122,4 +46,9 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.Flags().StringVarP(&gitRemote, "git-remote", "r", "", "target remote Git server (default: origin)")
 	Cmd.Flags().StringVarP(&drsRemote, "drs-remote", "d", "", "target remote DRS server (default: origin)")
+	Cmd.Flags().StringArrayVarP(&includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+	Cmd.Flags().BoolVarP(&showLong, "long", "l", false, "show full object IDs")
+	Cmd.Flags().BoolVarP(&nameOnly, "name-only", "n", false, "show only file paths")
+	Cmd.Flags().BoolVar(&jsonOutput, "json", false, "emit JSON output")
+	Cmd.Flags().BoolVar(&drsStatus, "drs", false, "include DRS registration lookup details")
 }
diff --git a/cmd/lsfiles/main_test.go b/cmd/lsfiles/main_test.go
index 492b0b4f..12d66154 100644
--- a/cmd/lsfiles/main_test.go
+++ b/cmd/lsfiles/main_test.go
@@ -1,94 +1,30 @@
 package lsfiles
 
-import (
-	"bytes"
-	"context"
-	"errors"
-	"log/slog"
-	"strings"
-	"testing"
+import "testing"
 
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/lfs"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	"github.com/spf13/cobra"
-)
+func resetFlagsForTest() {
+	gitRemote = ""
+	drsRemote = ""
+	includePatterns = nil
+	showLong = false
+	nameOnly = false
+	jsonOutput = false
+	drsStatus = false
+}
 
-func TestCollectRowsAndPrintRows(t *testing.T) {
-	oldLoadConfig := loadConfig
-	oldResolveRemote := resolveRemote
-	oldNewRemoteClient := newRemoteClient
-	oldLoadLFSInventory := loadLFSInventory
-	oldLookupScopedObjects := lookupScopedObjects
-	t.Cleanup(func() {
-		loadConfig = oldLoadConfig
-		resolveRemote = oldResolveRemote
-		newRemoteClient = oldNewRemoteClient
-		loadLFSInventory = oldLoadLFSInventory
-		lookupScopedObjects = oldLookupScopedObjects
-	})
+func TestValidateOutputFlags(t *testing.T) {
+	resetFlagsForTest()
 
-	loadConfig = func() (*config.Config, error) {
-		return &config.Config{}, nil
-	}
-	resolveRemote = func(cfg *config.Config, name string) (config.Remote, error) {
-		return config.Remote("origin"), nil
-	}
-	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) {
-		return &config.GitContext{}, nil
-	}
-	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
-		return map[string]lfs.LfsFileInfo{
-			"b/file2.bin": {Name: "b/file2.bin", Oid: strings.Repeat("b", 64)},
-			"a/file1.bin": {Name: "a/file1.bin", Oid: strings.Repeat("a", 64)},
-			"c/file3.bin": {Name: "c/file3.bin", Oid: strings.Repeat("c", 64)},
-		}, nil
-	}
-	lookupScopedObjects = func(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) {
-		switch checksum {
-		case strings.Repeat("a", 64):
-			return []drsapi.DrsObject{{Id: "did-1"}}, nil
-		case strings.Repeat("b", 64):
-			return nil, nil
-		default:
-			return nil, errors.New("lookup failed")
-		}
+	nameOnly = true
+	jsonOutput = true
+	if err := validateOutputFlags(); err == nil {
+		t.Fatal("expected name-only/json conflict")
 	}
 
-	cmd := &cobra.Command{}
-	rows, err := collectRows(cmd, "", "")
-	if err != nil {
-		t.Fatalf("collectRows returned error: %v", err)
-	}
-	if len(rows) != 3 {
-		t.Fatalf("expected 3 rows, got %d", len(rows))
-	}
-	if rows[0].Path != "a/file1.bin" || rows[0].Status != "present" || rows[0].Detail != "drs://did-1" {
-		t.Fatalf("unexpected first row: %+v", rows[0])
-	}
-	if rows[1].Path != "b/file2.bin" || rows[1].Status != "missing" || rows[1].Detail != "-" {
-		t.Fatalf("unexpected second row: %+v", rows[1])
-	}
-	if rows[2].Path != "c/file3.bin" || rows[2].Status != "error" || rows[2].Detail != "lookup failed" {
-		t.Fatalf("unexpected third row: %+v", rows[2])
-	}
-
-	var out bytes.Buffer
-	cmd.SetOut(&out)
-	if err := printRows(cmd, rows); err != nil {
-		t.Fatalf("printRows returned error: %v", err)
-	}
-	got := out.String()
-	if !strings.Contains(got, "OID\tSTATUS\tPATH\tDETAIL\n") {
-		t.Fatalf("missing header in output: %q", got)
-	}
-	if !strings.Contains(got, rows[0].OID+"\tpresent\ta/file1.bin\tdrs://did-1\n") {
-		t.Fatalf("missing present row: %q", got)
-	}
-	if !strings.Contains(got, rows[1].OID+"\tmissing\tb/file2.bin\t-\n") {
-		t.Fatalf("missing missing row: %q", got)
-	}
-	if !strings.Contains(got, rows[2].OID+"\terror\tc/file3.bin\tlookup failed\n") {
-		t.Fatalf("missing error row: %q", got)
+	resetFlagsForTest()
+	nameOnly = true
+	showLong = true
+	if err := validateOutputFlags(); err == nil {
+		t.Fatal("expected long/name-only conflict")
 	}
 }
diff --git a/cmd/lsfiles/output.go b/cmd/lsfiles/output.go
new file mode 100644
index 00000000..f855b9f5
--- /dev/null
+++ b/cmd/lsfiles/output.go
@@ -0,0 +1,45 @@
+package lsfiles
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+func printRows(cmd *cobra.Command, rows []fileRow) error {
+	if jsonOutput {
+		enc := json.NewEncoder(cmd.OutOrStdout())
+		enc.SetIndent("", "  ")
+		return enc.Encode(rows)
+	}
+	for _, row := range rows {
+		switch {
+		case nameOnly:
+			if _, err := fmt.Fprintln(cmd.OutOrStdout(), row.Path); err != nil {
+				return err
+			}
+		case drsStatus:
+			oid := row.ShortOID
+			if showLong {
+				oid = row.OID
+			}
+			detail := row.Detail
+			if detail == "" {
+				detail = "-"
+			}
+			if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\t%s\n", oid, row.Status, row.Path, detail); err != nil {
+				return err
+			}
+		default:
+			oid := row.ShortOID
+			if showLong {
+				oid = row.OID
+			}
+			if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\n", oid, row.Status, row.Path); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
diff --git a/cmd/lsfiles/service.go b/cmd/lsfiles/service.go
new file mode 100644
index 00000000..91b5d172
--- /dev/null
+++ b/cmd/lsfiles/service.go
@@ -0,0 +1,309 @@
+package lsfiles
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+type fileRow struct {
+	OID        string   `json:"oid"`
+	ShortOID   string   `json:"short_oid"`
+	Status     string   `json:"status"`
+	Path       string   `json:"path"`
+	Localized  bool     `json:"localized"`
+	Registered bool     `json:"registered,omitempty"`
+	DRSIDs     []string `json:"drs_ids,omitempty"`
+	Detail     string   `json:"detail,omitempty"`
+}
+
+var (
+	loadConfig      = config.LoadConfig
+	resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) { return cfg.GetRemoteOrDefault(name) }
+	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*remoteruntime.GitContext, error) {
+		return remoteruntime.New(cfg, remote, logger)
+	}
+	loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		if len(branches) == 0 {
+			return lfs.GetTrackedLfsFiles(logger)
+		}
+		return lfs.GetLfsFilesForRefs(branches, logger)
+	}
+	listRemoteRefs           = defaultListRemoteRefs
+	listGitRemotes           = defaultListGitRemotes
+	resolveDefaultRemote     = defaultResolveDefaultRemote
+	lookupScopedObjectsBatch = lookup.ObjectsByHashesForScope
+)
+
+func defaultListRemoteRefs(gitRemoteName string) ([]string, error) {
+	if strings.TrimSpace(gitRemoteName) == "" {
+		return nil, nil
+	}
+
+	cmd := exec.Command("git", "for-each-ref", "--format=%(refname)", "refs/remotes/"+gitRemoteName)
+	out, err := cmd.Output()
+	if err != nil {
+		return nil, fmt.Errorf("list refs for remote %s: %w", gitRemoteName, err)
+	}
+
+	lines := strings.Split(string(out), "\n")
+	refs := make([]string, 0, len(lines))
+	for _, line := range lines {
+		ref := strings.TrimSpace(line)
+		if ref == "" || strings.HasSuffix(ref, "/HEAD") {
+			continue
+		}
+		refs = append(refs, ref)
+	}
+	sort.Strings(refs)
+	return refs, nil
+}
+
+func defaultListGitRemotes() ([]string, error) {
+	cmd := exec.Command("git", "remote")
+	out, err := cmd.Output()
+	if err != nil {
+		return nil, fmt.Errorf("list git remotes: %w", err)
+	}
+
+	lines := strings.Split(string(out), "\n")
+	remotes := make([]string, 0, len(lines))
+	for _, line := range lines {
+		name := strings.TrimSpace(line)
+		if name == "" {
+			continue
+		}
+		remotes = append(remotes, name)
+	}
+	sort.Strings(remotes)
+	return remotes, nil
+}
+
+func defaultResolveDefaultRemote() string {
+	cfg, err := loadConfig()
+	if err == nil && cfg != nil {
+		if remote, err := cfg.GetRemoteOrDefault(""); err == nil {
+			return strings.TrimSpace(string(remote))
+		}
+	}
+
+	remotes, err := listGitRemotes()
+	if err != nil || len(remotes) == 0 {
+		return ""
+	}
+	for _, remote := range remotes {
+		if remote == config.ORIGIN {
+			return remote
+		}
+	}
+	if len(remotes) == 1 {
+		return remotes[0]
+	}
+	return ""
+}
+
+func collectRows(ctx context.Context, gitRemoteName, drsRemoteName string, patterns []string, resolveDRS bool) ([]fileRow, error) {
+	logger := drslog.GetLogger()
+
+	var client *remoteruntime.GitContext
+	if resolveDRS {
+		cfg, err := loadConfig()
+		if err != nil {
+			return nil, err
+		}
+
+		remoteName, err := resolveRemote(cfg, drsRemoteName)
+		if err != nil {
+			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
+			return nil, err
+		}
+
+		client, err = newRemoteClient(cfg, remoteName, logger)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var (
+		refs []string
+		err  error
+	)
+	if strings.TrimSpace(gitRemoteName) != "" {
+		refs, err = listRemoteRefs(gitRemoteName)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, refs, logger)
+	if err != nil {
+		return nil, err
+	}
+	if len(lfsFiles) == 0 && strings.TrimSpace(gitRemoteName) == "" {
+		fallbackRemote := resolveDefaultRemote()
+		if fallbackRemote != "" {
+			refs, err = listRemoteRefs(fallbackRemote)
+			if err != nil {
+				return nil, err
+			}
+			if len(refs) > 0 {
+				lfsFiles, err = loadLFSInventory(fallbackRemote, drsRemoteName, refs, logger)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+	}
+
+	keys := make([]string, 0, len(lfsFiles))
+	for path := range lfsFiles {
+		keys = append(keys, path)
+	}
+	sort.Strings(keys)
+
+	rows := make([]fileRow, 0, len(keys))
+	var drsResults map[string][]drsapi.DrsObject
+	var drsLookupErr error
+	if resolveDRS {
+		oids := make([]string, 0, len(keys))
+		seenOIDs := make(map[string]struct{}, len(keys))
+		for _, path := range keys {
+			if !matchesAnyPattern(path, patterns) {
+				continue
+			}
+			oid := lfsFiles[path].Oid
+			if oid == "" {
+				continue
+			}
+			if _, exists := seenOIDs[oid]; exists {
+				continue
+			}
+			seenOIDs[oid] = struct{}{}
+			oids = append(oids, oid)
+		}
+		drsResults, drsLookupErr = lookupScopedObjectsBatch(ctx, client, oids)
+	}
+	for _, path := range keys {
+		if !matchesAnyPattern(path, patterns) {
+			continue
+		}
+		info := lfsFiles[path]
+		row := fileRow{
+			OID:       info.Oid,
+			ShortOID:  shortOID(info.Oid),
+			Path:      path,
+			Localized: isLocalized(path),
+		}
+		row.Status = "-"
+		if row.Localized {
+			row.Status = "*"
+		}
+
+		if resolveDRS {
+			switch {
+			case drsLookupErr != nil:
+				row.Detail = drsLookupErr.Error()
+			default:
+				results := drsResults[info.Oid]
+				if len(results) == 0 {
+					row.Registered = false
+					break
+				}
+				row.Registered = true
+				row.DRSIDs = make([]string, 0, len(results))
+				for _, res := range results {
+					row.DRSIDs = append(row.DRSIDs, "drs://"+res.Id)
+				}
+				row.Detail = strings.Join(row.DRSIDs, ",")
+			}
+		}
+
+		rows = append(rows, row)
+	}
+
+	return rows, nil
+}
+
+func shortOID(oid string) string {
+	if len(oid) <= 10 {
+		return oid
+	}
+	return oid[:10]
+}
+
+func matchesAnyPattern(path string, patterns []string) bool {
+	if len(patterns) == 0 {
+		return true
+	}
+	normalized := filepath.ToSlash(filepath.Clean(path))
+	for _, pattern := range patterns {
+		pattern = strings.TrimSpace(pattern)
+		if pattern == "" {
+			continue
+		}
+		if matchesPattern(normalized, pattern) {
+			return true
+		}
+	}
+	return false
+}
+
+func matchesPattern(path, pattern string) bool {
+	pattern = filepath.ToSlash(filepath.Clean(pattern))
+	if !strings.ContainsAny(pattern, "*?[") {
+		return path == pattern
+	}
+	re, err := regexp.Compile(globToRegexp(pattern))
+	if err != nil {
+		return false
+	}
+	return re.MatchString(path)
+}
+
+func globToRegexp(pattern string) string {
+	var b strings.Builder
+	b.WriteString("^")
+	for i := 0; i < len(pattern); i++ {
+		ch := pattern[i]
+		switch ch {
+		case '*':
+			if i+1 < len(pattern) && pattern[i+1] == '*' {
+				b.WriteString(".*")
+				i++
+				continue
+			}
+			b.WriteString(`[^/]*`)
+		case '?':
+			b.WriteString(`[^/]`)
+		case '.', '+', '(', ')', '|', '^', '$', '{', '}', '[', ']', '\\':
+			b.WriteByte('\\')
+			b.WriteByte(ch)
+		default:
+			b.WriteByte(ch)
+		}
+	}
+	b.WriteString("$")
+	return b.String()
+}
+
+func isLocalized(path string) bool {
+	payload, err := os.ReadFile(path)
+	if err != nil {
+		return false
+	}
+	_, _, ok := lfs.ParseLFSPointer(payload)
+	return !ok
+}
diff --git a/cmd/ping/main.go b/cmd/ping/main.go
new file mode 100644
index 00000000..e4136aae
--- /dev/null
+++ b/cmd/ping/main.go
@@ -0,0 +1,248 @@
+package ping
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+	syfoncommon "github.com/calypr/syfon/common"
+	"github.com/spf13/cobra"
+)
+
+type statusInfo struct {
+	Remote        config.Remote
+	IsDefault     bool
+	RemoteType    string
+	Endpoint      string
+	Organization  string
+	Project       string
+	Bucket        string
+	StoragePrefix string
+	AuthMode      string
+}
+
+var pingHealth = func(ctx context.Context, gc *remoteruntime.GitContext) error {
+	return gc.Client.Health().Ping(ctx)
+}
+
+var pingScopeAccess = func(ctx context.Context, gc *remoteruntime.GitContext) (scopeAccessInfo, error) {
+	return checkScopeAccess(ctx, gc)
+}
+
+type scopeAccessInfo struct {
+	Checked         bool
+	VisibleBucket   string
+	ProjectReadable bool
+}
+
+var Cmd = &cobra.Command{
+	Use:   "ping [remote-name]",
+	Short: "Show effective remote setup and verify the remote responds",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) > 1 {
+			cmd.SilenceUsage = false
+			return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs ping --help' for more details", len(args), cmd.UseLine())
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		logger := drslog.GetLogger()
+		status, gc, err := resolveStatus(args, logger)
+		if err != nil {
+			return err
+		}
+		printStatus(status)
+
+		if err := pingHealth(cmd.Context(), gc); err != nil {
+			return fmt.Errorf("remote health check failed for %q (%s): %w", status.Remote, status.Endpoint, err)
+		}
+		fmt.Println("health: ok")
+
+		scopeInfo, err := pingScopeAccess(cmd.Context(), gc)
+		if err != nil {
+			return fmt.Errorf("configured scope access check failed for remote %q (organization=%s project=%s bucket=%s): %w",
+				status.Remote,
+				blankIfEmpty(status.Organization),
+				blankIfEmpty(status.Project),
+				blankIfEmpty(status.Bucket),
+				err,
+			)
+		}
+		if scopeInfo.Checked {
+			fmt.Println("scope_access: ok")
+			if strings.TrimSpace(scopeInfo.VisibleBucket) != "" {
+				fmt.Printf("visible_bucket: %s\n", scopeInfo.VisibleBucket)
+			}
+			if scopeInfo.ProjectReadable {
+				fmt.Println("project_access: readable")
+			}
+		}
+		return nil
+	},
+}
+
+func resolveStatus(args []string, logger *slog.Logger) (statusInfo, *remoteruntime.GitContext, error) {
+	cfg, err := config.LoadConfig()
+	if err != nil {
+		return statusInfo{}, nil, err
+	}
+
+	var remoteArg string
+	if len(args) == 1 {
+		remoteArg = args[0]
+	}
+	remoteName, err := cfg.GetRemoteOrDefault(remoteArg)
+	if err != nil {
+		return statusInfo{}, nil, err
+	}
+
+	remoteCfg := cfg.GetRemote(remoteName)
+	if remoteCfg == nil {
+		return statusInfo{}, nil, fmt.Errorf("no remote configuration found for %q", remoteName)
+	}
+
+	gc, err := remoteruntime.New(cfg, remoteName, logger)
+	if err != nil {
+		return statusInfo{}, nil, err
+	}
+
+	status := statusInfo{
+		Remote:        remoteName,
+		IsDefault:     remoteName == cfg.DefaultRemote,
+		Endpoint:      remoteCfg.GetEndpoint(),
+		Organization:  remoteCfg.GetOrganization(),
+		Project:       remoteCfg.GetProjectId(),
+		Bucket:        gc.BucketName,
+		StoragePrefix: gc.StoragePrefix,
+		AuthMode:      authMode(gc),
+	}
+	switch remoteCfg.(type) {
+	case *config.Gen3Remote:
+		status.RemoteType = string(config.Gen3ServerType)
+	case *config.LocalRemote:
+		status.RemoteType = string(config.LocalServerType)
+	default:
+		status.RemoteType = "unknown"
+	}
+
+	return status, gc, nil
+}
+
+func printStatus(status statusInfo) {
+	def := ""
+	if status.IsDefault {
+		def = " (default)"
+	}
+	fmt.Printf("remote: %s%s\n", status.Remote, def)
+	fmt.Printf("type: %s\n", status.RemoteType)
+	fmt.Printf("endpoint: %s\n", status.Endpoint)
+	fmt.Printf("organization: %s\n", blankIfEmpty(status.Organization))
+	fmt.Printf("project: %s\n", blankIfEmpty(status.Project))
+	fmt.Printf("bucket: %s\n", blankIfEmpty(status.Bucket))
+	fmt.Printf("storage_prefix: %s\n", blankIfEmpty(status.StoragePrefix))
+	fmt.Printf("auth: %s\n", status.AuthMode)
+}
+
+func authMode(gc *remoteruntime.GitContext) string {
+	if gc == nil || gc.Credential == nil {
+		return "none"
+	}
+	if strings.TrimSpace(gc.Credential.AccessToken) != "" {
+		return "bearer"
+	}
+	if strings.TrimSpace(gc.Credential.KeyID) != "" || strings.TrimSpace(gc.Credential.APIKey) != "" {
+		return "basic"
+	}
+	return "none"
+}
+
+func blankIfEmpty(v string) string {
+	v = strings.TrimSpace(v)
+	if v == "" {
+		return "-"
+	}
+	return v
+}
+
+func checkScopeAccess(ctx context.Context, gc *remoteruntime.GitContext) (scopeAccessInfo, error) {
+	if gc == nil || gc.Client == nil {
+		return scopeAccessInfo{}, fmt.Errorf("DRS client unavailable")
+	}
+
+	info := scopeAccessInfo{}
+	organization := strings.TrimSpace(gc.Organization)
+	project := strings.TrimSpace(gc.ProjectId)
+	bucket := strings.TrimSpace(gc.BucketName)
+
+	if organization == "" && project == "" && bucket == "" {
+		return info, nil
+	}
+	info.Checked = true
+
+	if organization != "" && project != "" {
+		visibleBucket, err := visibleBucketForScope(ctx, gc, organization, project)
+		if err != nil {
+			return scopeAccessInfo{}, err
+		}
+		info.VisibleBucket = visibleBucket
+		if bucket != "" && !strings.EqualFold(strings.TrimSpace(visibleBucket), bucket) {
+			return scopeAccessInfo{}, fmt.Errorf("server exposes bucket %q for configured scope, but repo is configured for bucket %q", visibleBucket, bucket)
+		}
+	}
+
+	if project != "" {
+		if _, err := gc.Client.DRS().GetProjectSample(ctx, project, 1); err != nil {
+			return scopeAccessInfo{}, fmt.Errorf("project listing failed: %w", err)
+		}
+		info.ProjectReadable = true
+	}
+
+	return info, nil
+}
+
+func visibleBucketForScope(ctx context.Context, gc *remoteruntime.GitContext, organization, project string) (string, error) {
+	payload, err := gc.Client.Buckets().List(ctx)
+	if err != nil {
+		return "", fmt.Errorf("bucket visibility lookup failed: %w", err)
+	}
+
+	resource, err := syfoncommon.ResourcePath(organization, project)
+	if err != nil {
+		return "", fmt.Errorf("build scope resource path: %w", err)
+	}
+
+	matches := findBucketsByResource(payload, resource)
+	if len(matches) == 0 {
+		return "", fmt.Errorf("no visible server bucket matched configured scope %s", resource)
+	}
+	if len(matches) > 1 {
+		return "", fmt.Errorf("multiple visible server buckets matched configured scope %s: %s", resource, strings.Join(matches, ", "))
+	}
+	return matches[0], nil
+}
+
+func findBucketsByResource(payload bucketapi.BucketsResponse, resource string) []string {
+	resource = syfoncommon.NormalizeAccessResource(resource)
+	if resource == "" {
+		return nil
+	}
+
+	matches := make([]string, 0)
+	for bucket, meta := range payload.S3BUCKETS {
+		if meta.Programs == nil {
+			continue
+		}
+		for _, candidate := range *meta.Programs {
+			if syfoncommon.NormalizeAccessResource(candidate) == resource {
+				matches = append(matches, bucket)
+				break
+			}
+		}
+	}
+	return matches
+}
diff --git a/cmd/ping/main_test.go b/cmd/ping/main_test.go
new file mode 100644
index 00000000..eb1c8141
--- /dev/null
+++ b/cmd/ping/main_test.go
@@ -0,0 +1,197 @@
+package ping
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"io"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	"github.com/calypr/git-drs/internal/testutils"
+)
+
+func TestPingCmdArgs(t *testing.T) {
+	if err := Cmd.Args(Cmd, nil); err != nil {
+		t.Fatalf("unexpected error with no args: %v", err)
+	}
+	if err := Cmd.Args(Cmd, []string{"origin"}); err != nil {
+		t.Fatalf("unexpected error with one arg: %v", err)
+	}
+	if err := Cmd.Args(Cmd, []string{"origin", "extra"}); err == nil {
+		t.Fatal("expected error for extra args")
+	}
+}
+
+func TestResolveStatusLocalRemote(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: config.Remote(config.ORIGIN),
+		Remotes: map[config.Remote]config.RemoteSelect{
+			config.Remote(config.ORIGIN): {
+				Local: &config.LocalRemote{
+					BaseURL:       "http://127.0.0.1:8080",
+					ProjectID:     "end_to_end_test",
+					Bucket:        "cbds",
+					Organization:  "calypr",
+					BasicUsername: "drs-user",
+					BasicPassword: "drs-pass",
+				},
+			},
+		},
+	})
+	if err := gitrepo.SetBucketMapping("calypr", "end_to_end_test", "cbds", "prefix"); err != nil {
+		t.Fatalf("SetBucketMapping failed: %v", err)
+	}
+
+	status, _, err := resolveStatus(nil, drslog.NewNoOpLogger())
+	if err != nil {
+		t.Fatalf("resolveStatus returned error: %v", err)
+	}
+	if status.Remote != "origin" || !status.IsDefault {
+		t.Fatalf("unexpected remote selection: %+v", status)
+	}
+	if status.RemoteType != "local" || status.Endpoint != "http://127.0.0.1:8080" {
+		t.Fatalf("unexpected remote type/endpoint: %+v", status)
+	}
+	if status.Organization != "calypr" || status.Project != "end_to_end_test" {
+		t.Fatalf("unexpected scope: %+v", status)
+	}
+	if status.Bucket != "cbds" || status.StoragePrefix != "prefix" {
+		t.Fatalf("unexpected bucket scope: %+v", status)
+	}
+	if status.AuthMode != "none" {
+		t.Fatalf("expected auth mode none from client credential shape, got %+v", status)
+	}
+}
+
+func TestPingRunEPrintsStatusAndHealth(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: config.Remote(config.ORIGIN),
+		Remotes: map[config.Remote]config.RemoteSelect{
+			config.Remote(config.ORIGIN): {
+				Local: &config.LocalRemote{
+					BaseURL:      "http://127.0.0.1:8080",
+					ProjectID:    "end_to_end_test",
+					Bucket:       "cbds",
+					Organization: "calypr",
+				},
+			},
+		},
+	})
+	if err := gitrepo.SetBucketMapping("calypr", "end_to_end_test", "cbds", "prefix"); err != nil {
+		t.Fatalf("SetBucketMapping failed: %v", err)
+	}
+
+	oldHealth := pingHealth
+	pingHealth = func(ctx context.Context, gc *remoteruntime.GitContext) error {
+		if gc == nil || gc.ProjectId != "end_to_end_test" {
+			t.Fatalf("unexpected git context: %+v", gc)
+		}
+		return nil
+	}
+	t.Cleanup(func() { pingHealth = oldHealth })
+
+	oldScopeAccess := pingScopeAccess
+	pingScopeAccess = func(ctx context.Context, gc *remoteruntime.GitContext) (scopeAccessInfo, error) {
+		if gc == nil || gc.ProjectId != "end_to_end_test" {
+			t.Fatalf("unexpected git context for scope probe: %+v", gc)
+		}
+		return scopeAccessInfo{
+			Checked:         true,
+			VisibleBucket:   "cbds",
+			ProjectReadable: true,
+		}, nil
+	}
+	t.Cleanup(func() { pingScopeAccess = oldScopeAccess })
+
+	oldStdout := os.Stdout
+	r, w, err := os.Pipe()
+	if err != nil {
+		t.Fatalf("pipe: %v", err)
+	}
+	os.Stdout = w
+	t.Cleanup(func() { os.Stdout = oldStdout })
+
+	runErr := Cmd.RunE(Cmd, nil)
+	_ = w.Close()
+	if runErr != nil {
+		t.Fatalf("Cmd.RunE returned error: %v", runErr)
+	}
+
+	var buf bytes.Buffer
+	if _, err := io.Copy(&buf, r); err != nil {
+		t.Fatalf("read stdout: %v", err)
+	}
+	got := buf.String()
+	for _, want := range []string{
+		"remote: origin (default)",
+		"type: local",
+		"endpoint: http://127.0.0.1:8080",
+		"organization: calypr",
+		"project: end_to_end_test",
+		"bucket: cbds",
+		"storage_prefix: prefix",
+		"health: ok",
+		"scope_access: ok",
+		"visible_bucket: cbds",
+		"project_access: readable",
+	} {
+		if !strings.Contains(got, want) {
+			t.Fatalf("expected output to contain %q, got %q", want, got)
+		}
+	}
+}
+
+func TestPingRunEReturnsReadableScopeError(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: config.Remote(config.ORIGIN),
+		Remotes: map[config.Remote]config.RemoteSelect{
+			config.Remote(config.ORIGIN): {
+				Local: &config.LocalRemote{
+					BaseURL:      "http://127.0.0.1:8080",
+					ProjectID:    "end_to_end_test",
+					Bucket:       "cbds",
+					Organization: "calypr",
+				},
+			},
+		},
+	})
+	if err := gitrepo.SetBucketMapping("calypr", "end_to_end_test", "cbds", "prefix"); err != nil {
+		t.Fatalf("SetBucketMapping failed: %v", err)
+	}
+
+	oldHealth := pingHealth
+	pingHealth = func(ctx context.Context, gc *remoteruntime.GitContext) error { return nil }
+	t.Cleanup(func() { pingHealth = oldHealth })
+
+	oldScopeAccess := pingScopeAccess
+	pingScopeAccess = func(ctx context.Context, gc *remoteruntime.GitContext) (scopeAccessInfo, error) {
+		return scopeAccessInfo{}, errors.New("bucket visibility lookup failed: unexpected response: 403: denied")
+	}
+	t.Cleanup(func() { pingScopeAccess = oldScopeAccess })
+
+	err := Cmd.RunE(Cmd, nil)
+	if err == nil {
+		t.Fatal("expected scope access error")
+	}
+	got := err.Error()
+	for _, want := range []string{
+		"configured scope access check failed",
+		"organization=calypr",
+		"project=end_to_end_test",
+		"bucket=cbds",
+		"bucket visibility lookup failed: unexpected response: 403: denied",
+	} {
+		if !strings.Contains(got, want) {
+			t.Fatalf("expected error to contain %q, got %q", want, got)
+		}
+	}
+}
diff --git a/cmd/precommit/cache_apply.go b/cmd/precommit/cache_apply.go
new file mode 100644
index 00000000..cb72d610
--- /dev/null
+++ b/cmd/precommit/cache_apply.go
@@ -0,0 +1,102 @@
+package precommit
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/calypr/git-drs/internal/precommit_cache"
+)
+
+func handleUpsert(ctx context.Context, cache *precommit_cache.Cache, path, now string) error {
+	oid, isLFS, err := stagedLFSOID(ctx, path)
+	if err != nil {
+		return nil
+	}
+	if !isLFS {
+		return nil
+	}
+
+	prev, prevExists, err := precommit_cache.ReadPathEntry(cache, path)
+	if err != nil {
+		return err
+	}
+
+	if err := precommit_cache.WritePathEntry(cache, precommit_cache.PathEntry{
+		Path:      path,
+		LFSOID:    oid,
+		UpdatedAt: now,
+	}); err != nil {
+		return err
+	}
+
+	contentChanged := prevExists && prev != nil && prev.LFSOID != oid
+	if err := precommit_cache.UpsertOIDPath(cache, oid, "", path, "", now, contentChanged); err != nil {
+		return err
+	}
+	if contentChanged {
+		if err := precommit_cache.RemoveOIDPath(cache, prev.LFSOID, path, now); err != nil {
+			return fmt.Errorf("remove stale OID path mapping for %s: %w", path, err)
+		}
+	}
+
+	return nil
+}
+
+func handleDelete(_ context.Context, cache *precommit_cache.Cache, tombsDir, path, now string) error {
+	entry, ok, err := precommit_cache.ReadPathEntry(cache, path)
+	if err != nil || !ok {
+		return nil
+	}
+	if err := removeIfExists(precommit_cache.PathEntryPath(cache, path)); err != nil {
+		return fmt.Errorf("remove path entry for %s: %w", path, err)
+	}
+	if entry.LFSOID != "" {
+		if err := precommit_cache.RemoveOIDPath(cache, entry.LFSOID, path, now); err != nil {
+			return fmt.Errorf("remove OID path mapping for %s: %w", path, err)
+		}
+	}
+
+	tombFile := filepath.Join(tombsDir, precommit_cache.EncodePath(path)+".json")
+	if err := writeJSONAtomic(tombFile, map[string]string{
+		"path":       path,
+		"deleted_at": now,
+	}); err != nil {
+		return fmt.Errorf("write tombstone for %s: %w", path, err)
+	}
+
+	return nil
+}
+
+func writeJSONAtomic(path string, v any) error {
+	dir := filepath.Dir(path)
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return err
+	}
+
+	tmp := path + ".tmp"
+	f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+	if err != nil {
+		return err
+	}
+
+	enc := json.NewEncoder(f)
+	enc.SetIndent("", "  ")
+	if err := enc.Encode(v); err != nil {
+		_ = f.Close()
+		_ = removeIfExists(tmp)
+		return err
+	}
+	if err := f.Sync(); err != nil {
+		_ = f.Close()
+		_ = removeIfExists(tmp)
+		return err
+	}
+	if err := f.Close(); err != nil {
+		_ = removeIfExists(tmp)
+		return err
+	}
+	return os.Rename(tmp, path)
+}
diff --git a/cmd/precommit/changes.go b/cmd/precommit/changes.go
new file mode 100644
index 00000000..e3d804a9
--- /dev/null
+++ b/cmd/precommit/changes.go
@@ -0,0 +1,91 @@
+package precommit
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// stagedChanges parses: git diff --cached --name-status -M
+func stagedChanges(ctx context.Context) ([]Change, error) {
+	out, err := git(ctx, "diff", "--cached", "--name-status", "-M")
+	if err != nil {
+		return nil, err
+	}
+	var changes []Change
+	sc := bufio.NewScanner(bytes.NewReader(out))
+	for sc.Scan() {
+		line := sc.Text()
+		if strings.TrimSpace(line) == "" {
+			continue
+		}
+		parts := strings.Split(line, "\t")
+		if len(parts) < 2 {
+			continue
+		}
+		status := parts[0]
+		switch {
+		case status == "A":
+			changes = append(changes, Change{Kind: KindAdd, NewPath: parts[1], Status: status})
+		case status == "M":
+			changes = append(changes, Change{Kind: KindModify, NewPath: parts[1], Status: status})
+		case status == "D":
+			changes = append(changes, Change{Kind: KindDelete, NewPath: parts[1], Status: status})
+		case strings.HasPrefix(status, "R") && len(parts) >= 3:
+			changes = append(changes, Change{Kind: KindRename, OldPath: parts[1], NewPath: parts[2], Status: status})
+		}
+	}
+	if err := sc.Err(); err != nil {
+		return nil, err
+	}
+	return changes, nil
+}
+
+func stagedLFSOID(ctx context.Context, path string) (string, bool, error) {
+	out, err := git(ctx, "show", ":"+path)
+	if err != nil {
+		return "", false, err
+	}
+
+	var hasSpec bool
+	var oid string
+	sc := bufio.NewScanner(bytes.NewReader(out))
+	for sc.Scan() {
+		line := sc.Text()
+		if line == lfsSpecLine {
+			hasSpec = true
+			continue
+		}
+		if strings.HasPrefix(line, "oid sha256:") {
+			hex := strings.TrimSpace(strings.TrimPrefix(line, "oid sha256:"))
+			if hex != "" {
+				oid = "sha256:" + hex
+			}
+		}
+		if hasSpec && oid != "" {
+			break
+		}
+	}
+	if err := sc.Err(); err != nil {
+		return "", false, err
+	}
+	if hasSpec && oid != "" {
+		return oid, true, nil
+	}
+	return "", false, nil
+}
+
+func stagedBlobSize(ctx context.Context, path string) (int64, error) {
+	out, err := git(ctx, "cat-file", "-s", ":"+path)
+	if err != nil {
+		return 0, err
+	}
+	size, err := strconv.ParseInt(strings.TrimSpace(string(out)), 10, 64)
+	if err != nil {
+		return 0, fmt.Errorf("parse staged blob size for %s: %w", path, err)
+	}
+	return size, nil
+}
diff --git a/cmd/precommit/git.go b/cmd/precommit/git.go
new file mode 100644
index 00000000..f2d29599
--- /dev/null
+++ b/cmd/precommit/git.go
@@ -0,0 +1,64 @@
+package precommit
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+func git(ctx context.Context, args ...string) ([]byte, error) {
+	cmd := exec.CommandContext(ctx, "git", args...)
+	cmd.Env = os.Environ()
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	if err := cmd.Run(); err != nil {
+		msg := strings.TrimSpace(stderr.String())
+		if msg == "" {
+			msg = err.Error()
+		}
+		return nil, fmt.Errorf("git %s: %s", strings.Join(args, " "), msg)
+	}
+	return stdout.Bytes(), nil
+}
+
+func moveFileBestEffort(src, dst string) error {
+	if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {
+		return err
+	}
+	if err := os.Rename(src, dst); err == nil {
+		return nil
+	}
+
+	in, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+
+	out, err := os.OpenFile(dst, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+	if err != nil {
+		return err
+	}
+	if _, err := io.Copy(out, in); err != nil {
+		_ = out.Close()
+		return err
+	}
+	if err := out.Close(); err != nil {
+		return err
+	}
+	return os.Remove(src)
+}
+
+func removeIfExists(path string) error {
+	err := os.Remove(path)
+	if err == nil || os.IsNotExist(err) {
+		return nil
+	}
+	return err
+}
diff --git a/cmd/precommit/main.go b/cmd/precommit/main.go
index ac2f3047..77dadb70 100644
--- a/cmd/precommit/main.go
+++ b/cmd/precommit/main.go
@@ -1,72 +1,17 @@
-// Package precommit
-// -------------------------------------
-// LFS-only local cache updater for:
-//   - Path -> OID  : .git/drs/pre-commit/v1/paths/<encoded-path>.json
-//   - OID  -> Paths + S3 URL hint : .git/drs/pre-commit/v1/oids/<oid>.json
-//
-// This hook is intentionally:
-//   - LFS-only (non-LFS paths are ignored)
-//   - local-only (no network, no server index reads)
-//   - index-based (reads STAGED content via `git show :<path>`)
-//
-// Note: This is a reference implementation. Adjust logging/policy as desired.
 package precommit
 
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"sort"
-	"strings"
-	"time"
-
-	"github.com/spf13/cobra"
-)
+import "github.com/spf13/cobra"
 
 const (
-	cacheVersionDir = "drs/pre-commit/v1"
-	lfsSpecLine     = "version https://git-lfs.github.com/spec/v1"
+	lfsSpecLine                         = "version https://git-lfs.github.com/spec/v1"
+	defaultDirectCommitWarningThreshold = int64(10 * 1024 * 1024)
 )
 
-type PathEntry struct {
-	Path      string `json:"path"`
-	LFSOID    string `json:"lfs_oid"`
-	UpdatedAt string `json:"updated_at"`
-}
-
-type OIDEntry struct {
-	LFSOID        string   `json:"lfs_oid"`
-	Paths         []string `json:"paths"`
-	S3URL         string   `json:"s3_url,omitempty"` // hint only; may be empty
-	UpdatedAt     string   `json:"updated_at"`
-	ContentChange bool     `json:"content_changed"`
-}
-
-type ChangeKind int
-
-const (
-	KindAdd ChangeKind = iota
-	KindModify
-	KindDelete
-	KindRename
+var (
+	directCommitWarningThresholdBytes = defaultDirectCommitWarningThreshold
+	confirmOversizedDirectGitCommit   = promptOversizedDirectGitCommit
 )
 
-type Change struct {
-	Kind    ChangeKind
-	OldPath string // for rename
-	NewPath string // for rename (and for add/modify/delete uses NewPath)
-	Status  string // raw status, e.g. "A", "M", "D", "R100"
-}
-
 // Cmd line declaration
 var Cmd = &cobra.Command{
 	Use:   "precommit",
@@ -74,474 +19,6 @@ var Cmd = &cobra.Command{
 	Long:  "Pre-commit hook that updates the local DRS pre-commit cache",
 	Args:  cobra.ExactArgs(0),
 	RunE: func(cmd *cobra.Command, args []string) error {
-		return run(context.Background())
+		return run(cmd.Context())
 	},
 }
-
-func main() {
-	ctx := context.Background()
-	if err := run(ctx); err != nil {
-		// For a reference impl, treat errors as non-fatal unless you want strict enforcement.
-		// Exiting non-zero blocks the commit.
-		fmt.Fprintf(os.Stderr, "pre-commit drs cache: %v\n", err)
-		os.Exit(1)
-	}
-}
-
-func run(ctx context.Context) error {
-	gitDir, err := gitRevParseGitDir(ctx)
-	if err != nil {
-		return err
-	}
-
-	cacheRoot := filepath.Join(gitDir, cacheVersionDir)
-	pathsDir := filepath.Join(cacheRoot, "paths")
-	oidsDir := filepath.Join(cacheRoot, "oids")
-	tombsDir := filepath.Join(cacheRoot, "tombstones")
-
-	if err := os.MkdirAll(pathsDir, 0o755); err != nil {
-		return err
-	}
-	if err := os.MkdirAll(oidsDir, 0o755); err != nil {
-		return err
-	}
-	_ = os.MkdirAll(tombsDir, 0o755) // optional
-
-	changes, err := stagedChanges(ctx)
-	if err != nil {
-		return err
-	}
-	if len(changes) == 0 {
-		return nil
-	}
-
-	now := time.Now().UTC().Format(time.RFC3339)
-
-	// Process renames first so subsequent add/modify logic sees the "new" path.
-	// This mirrors how we want cache paths to follow staged paths.
-	for _, ch := range changes {
-		if ch.Kind != KindRename {
-			continue
-		}
-		// Only act if BOTH old and new are LFS in scope? Prefer:
-		// - If the new path is LFS, we migrate.
-		// - If it isn't LFS, we remove old path entry (out of scope).
-		newOID, newIsLFS, err := stagedLFSOID(ctx, ch.NewPath)
-		if err != nil {
-			// If file doesn't exist in index due to weird staging, skip.
-			continue
-		}
-
-		oldPathFile := pathEntryFile(pathsDir, ch.OldPath)
-		newPathFile := pathEntryFile(pathsDir, ch.NewPath)
-
-		if newIsLFS {
-			// Move/overwrite path entry file
-			if err := moveFileBestEffort(oldPathFile, newPathFile); err != nil && !errors.Is(err, os.ErrNotExist) {
-				return fmt.Errorf("rename migrate path entry: %w", err)
-			}
-
-			// Ensure path entry content correct
-			if err := writeJSONAtomic(newPathFile, PathEntry{
-				Path:      ch.NewPath,
-				LFSOID:    newOID,
-				UpdatedAt: now,
-			}); err != nil {
-				return err
-			}
-
-			// Update oid entry: replace old path with new path for that OID
-			if err := oidAddOrReplacePath(oidsDir, newOID, ch.OldPath, ch.NewPath, now, false); err != nil {
-				return err
-			}
-		} else {
-			// Out of scope now: remove any cached path entry.
-			_ = os.Remove(oldPathFile)
-		}
-	}
-
-	// Process adds/modifies/deletes (and renames again just to ensure content correctness on new path).
-	for _, ch := range changes {
-		switch ch.Kind {
-		case KindAdd, KindModify:
-			if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil {
-				return err
-			}
-		case KindRename:
-			// Treat like upsert on NewPath to ensure OID/path consistency if content also changed.
-			if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil {
-				return err
-			}
-			// Optionally also remove old path from *other* OID entry if rename+content-change changed OID.
-			// We'll do it inside handleUpsert by checking previous cached OID for that path (after move).
-		case KindDelete:
-			if err := handleDelete(ctx, pathsDir, oidsDir, tombsDir, ch.NewPath, now); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func handleUpsert(ctx context.Context, pathsDir, oidsDir, path, now string) error {
-	oid, isLFS, err := stagedLFSOID(ctx, path)
-	if err != nil {
-		// If file isn't in index, ignore.
-		return nil
-	}
-	if !isLFS {
-		// Out of scope.
-		return nil
-	}
-
-	pathFile := pathEntryFile(pathsDir, path)
-
-	// Load previous path entry if it exists to detect content changes.
-	var prev PathEntry
-	prevExists := false
-	if b, err := os.ReadFile(pathFile); err == nil {
-		_ = json.Unmarshal(b, &prev)
-		if prev.Path != "" && prev.LFSOID != "" {
-			prevExists = true
-		}
-	}
-
-	// Write/update path entry.
-	if err := writeJSONAtomic(pathFile, PathEntry{
-		Path:      path,
-		LFSOID:    oid,
-		UpdatedAt: now,
-	}); err != nil {
-		return err
-	}
-
-	// Update OID entry for new oid: add path.
-	contentChanged := prevExists && prev.LFSOID != oid
-	if err := oidAddOrReplacePath(oidsDir, oid, "", path, now, contentChanged); err != nil {
-		return err
-	}
-
-	// If content changed, remove path from the *old* oid entry (best effort).
-	if contentChanged {
-		_ = oidRemovePath(oidsDir, prev.LFSOID, path, now)
-	}
-
-	return nil
-}
-
-func handleDelete(ctx context.Context, pathsDir, oidsDir, tombsDir, path, now string) error {
-	// Only consider deletion if it was previously an LFS entry (cache-driven).
-	pathFile := pathEntryFile(pathsDir, path)
-	b, err := os.ReadFile(pathFile)
-	if err != nil {
-		// nothing to do
-		return nil
-	}
-	var pe PathEntry
-	if err := json.Unmarshal(b, &pe); err != nil {
-		// corrupted cache; remove it
-		_ = os.Remove(pathFile)
-		return nil
-	}
-	// Remove path entry.
-	_ = os.Remove(pathFile)
-
-	// Remove this path from the old oid entry (best effort).
-	if pe.LFSOID != "" {
-		_ = oidRemovePath(oidsDir, pe.LFSOID, path, now)
-	}
-
-	// Optional tombstone.
-	tombFile := filepath.Join(tombsDir, encodePath(path)+".json")
-	_ = writeJSONAtomic(tombFile, map[string]string{
-		"path":       path,
-		"deleted_at": now,
-	})
-
-	return nil
-}
-
-// stagedChanges parses: git diff --cached --name-status -M
-// Formats:
-//
-//	A<TAB>path
-//	M<TAB>path
-//	D<TAB>path
-//	R100<TAB>old<TAB>new
-func stagedChanges(ctx context.Context) ([]Change, error) {
-	out, err := git(ctx, "diff", "--cached", "--name-status", "-M")
-	if err != nil {
-		return nil, err
-	}
-	var changes []Change
-	sc := bufio.NewScanner(bytes.NewReader(out))
-	for sc.Scan() {
-		line := sc.Text()
-		if strings.TrimSpace(line) == "" {
-			continue
-		}
-		parts := strings.Split(line, "\t")
-		if len(parts) < 2 {
-			continue
-		}
-		status := parts[0]
-		switch {
-		case status == "A":
-			changes = append(changes, Change{Kind: KindAdd, NewPath: parts[1], Status: status})
-		case status == "M":
-			changes = append(changes, Change{Kind: KindModify, NewPath: parts[1], Status: status})
-		case status == "D":
-			changes = append(changes, Change{Kind: KindDelete, NewPath: parts[1], Status: status})
-		case strings.HasPrefix(status, "R") && len(parts) >= 3:
-			changes = append(changes, Change{Kind: KindRename, OldPath: parts[1], NewPath: parts[2], Status: status})
-		default:
-			// ignore other statuses (C, T, U, etc) for this reference impl
-		}
-	}
-	if err := sc.Err(); err != nil {
-		return nil, err
-	}
-	return changes, nil
-}
-
-// stagedLFSOID returns (oid, isLFS, err) based on STAGED content.
-// isLFS is true only if the staged file is a valid LFS pointer with an oid sha256 line.
-func stagedLFSOID(ctx context.Context, path string) (string, bool, error) {
-	out, err := git(ctx, "show", ":"+path)
-	if err != nil {
-		// path may not exist in index (deleted/intent-to-add weirdness)
-		return "", false, err
-	}
-
-	// Fast parse: look for spec line and oid line near top.
-	// LFS pointer files are small; scanning full content is fine.
-	var hasSpec bool
-	var oid string
-
-	sc := bufio.NewScanner(bytes.NewReader(out))
-	for sc.Scan() {
-		line := sc.Text()
-		if line == lfsSpecLine {
-			hasSpec = true
-			continue
-		}
-		if strings.HasPrefix(line, "oid sha256:") {
-			hex := strings.TrimPrefix(line, "oid sha256:")
-			hex = strings.TrimSpace(hex)
-			if hex != "" {
-				oid = "sha256:" + hex
-			}
-			// keep scanning a bit in case spec is below (rare), but we can break once both are found.
-		}
-		// pointer usually has only a few lines; stop early after 10 lines
-		if hasSpec && oid != "" {
-			break
-		}
-	}
-	if err := sc.Err(); err != nil {
-		return "", false, err
-	}
-
-	if hasSpec && oid != "" {
-		return oid, true, nil
-	}
-	return "", false, nil
-}
-
-func gitRevParseGitDir(ctx context.Context) (string, error) {
-	out, err := git(ctx, "rev-parse", "--git-dir")
-	if err != nil {
-		return "", err
-	}
-	gitDir := strings.TrimSpace(string(out))
-	if gitDir == "" {
-		return "", errors.New("could not determine .git dir")
-	}
-	// If gitDir is relative, resolve relative to repo root
-	if !filepath.IsAbs(gitDir) {
-		rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
-		if err != nil {
-			return "", err
-		}
-		root := strings.TrimSpace(string(rootOut))
-		gitDir = filepath.Join(root, gitDir)
-	}
-	return gitDir, nil
-}
-
-func git(ctx context.Context, args ...string) ([]byte, error) {
-	cmd := exec.CommandContext(ctx, "git", args...)
-	cmd.Env = os.Environ()
-	var stdout, stderr bytes.Buffer
-	cmd.Stdout = &stdout
-	cmd.Stderr = &stderr
-	if err := cmd.Run(); err != nil {
-		// include stderr for debugging; don’t leak massive output
-		msg := strings.TrimSpace(stderr.String())
-		if msg == "" {
-			msg = err.Error()
-		}
-		return nil, fmt.Errorf("git %s: %s", strings.Join(args, " "), msg)
-	}
-	return stdout.Bytes(), nil
-}
-
-// pathEntryFile maps a repo-relative path to a cache file location.
-// We keep a deterministic encoding so any path maps to exactly one file.
-func pathEntryFile(pathsDir, path string) string {
-	return filepath.Join(pathsDir, encodePath(path)+".json")
-}
-
-func encodePath(path string) string {
-	// base64url encoding of the UTF-8 path string (no padding) is simple and safe.
-	return base64.RawURLEncoding.EncodeToString([]byte(path))
-}
-
-func oidEntryFile(oidsDir, oid string) string {
-	// OID contains ":"; make it filesystem safe but still human readable.
-	// Use a stable transform; here: sha256 of oid string to avoid path length issues.
-	sum := sha256.Sum256([]byte(oid))
-	return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
-}
-
-// oidAddOrReplacePath:
-// - loads oid entry (if exists)
-// - adds newPath to paths[]
-// - if oldPath != "" and present, replaces it with newPath
-// - sets ContentChange flag if requested (ORed into existing flag)
-// - preserves existing s3_url hint
-func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error {
-	f := oidEntryFile(oidsDir, oid)
-
-	entry := OIDEntry{
-		LFSOID:    oid,
-		Paths:     []string{},
-		UpdatedAt: now,
-	}
-	if b, err := os.ReadFile(f); err == nil {
-		_ = json.Unmarshal(b, &entry)
-		// ensure oid is set even if old file was incomplete
-		entry.LFSOID = oid
-	}
-
-	paths := make(map[string]struct{}, len(entry.Paths)+1)
-	for _, p := range entry.Paths {
-		paths[p] = struct{}{}
-	}
-
-	if oldPath != "" {
-		delete(paths, oldPath)
-	}
-	if newPath != "" {
-		paths[newPath] = struct{}{}
-	}
-
-	entry.Paths = keysSorted(paths)
-	entry.UpdatedAt = now
-	entry.ContentChange = entry.ContentChange || contentChanged
-
-	return writeJSONAtomic(f, entry)
-}
-
-func oidRemovePath(oidsDir, oid, path, now string) error {
-	f := oidEntryFile(oidsDir, oid)
-
-	b, err := os.ReadFile(f)
-	if err != nil {
-		return err
-	}
-	var entry OIDEntry
-	if err := json.Unmarshal(b, &entry); err != nil {
-		return err
-	}
-	paths := make(map[string]struct{}, len(entry.Paths))
-	for _, p := range entry.Paths {
-		if p == path {
-			continue
-		}
-		paths[p] = struct{}{}
-	}
-	entry.Paths = keysSorted(paths)
-	entry.UpdatedAt = now
-
-	// If no paths remain, keep the file (it may still hold s3_url hint) or delete it.
-	// This ADR allows stale entries; keeping is fine. Optionally delete when empty:
-	// if len(entry.Paths) == 0 && entry.S3URL == "" { return os.Remove(f) }
-
-	return writeJSONAtomic(f, entry)
-}
-
-func keysSorted(m map[string]struct{}) []string {
-	out := make([]string, 0, len(m))
-	for k := range m {
-		out = append(out, k)
-	}
-	sort.Strings(out)
-	return out
-}
-
-// writeJSONAtomic writes JSON to a temp file then renames it into place.
-// This avoids partially written cache files if the process is interrupted.
-func writeJSONAtomic(path string, v any) error {
-	dir := filepath.Dir(path)
-	if err := os.MkdirAll(dir, 0o755); err != nil {
-		return err
-	}
-
-	tmp := path + ".tmp"
-	f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
-	if err != nil {
-		return err
-	}
-	defer func() { _ = f.Close() }()
-
-	enc := json.NewEncoder(f)
-	enc.SetIndent("", "  ")
-	if err := enc.Encode(v); err != nil {
-		_ = os.Remove(tmp)
-		return err
-	}
-	if err := f.Sync(); err != nil {
-		_ = os.Remove(tmp)
-		return err
-	}
-	if err := f.Close(); err != nil {
-		_ = os.Remove(tmp)
-		return err
-	}
-	return os.Rename(tmp, path)
-}
-
-func moveFileBestEffort(src, dst string) error {
-	// Ensure destination directory exists.
-	if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil {
-		return err
-	}
-	// Rename will fail across devices; fall back to copy+remove.
-	if err := os.Rename(src, dst); err == nil {
-		return nil
-	} else if errors.Is(err, os.ErrNotExist) {
-		return err
-	}
-
-	in, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer in.Close()
-
-	out, err := os.OpenFile(dst, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
-	if err != nil {
-		return err
-	}
-
-	if _, err := io.Copy(out, in); err != nil {
-		_ = out.Close()
-		return err
-	}
-	if err := out.Close(); err != nil {
-		return err
-	}
-	return os.Remove(src)
-}
diff --git a/cmd/precommit/main_test.go b/cmd/precommit/main_test.go
index 8a0fb0c6..909b8566 100644
--- a/cmd/precommit/main_test.go
+++ b/cmd/precommit/main_test.go
@@ -9,6 +9,8 @@ import (
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/calypr/git-drs/internal/precommit_cache"
 )
 
 func TestHandleUpsertIgnoresNonLFSFile(t *testing.T) {
@@ -35,12 +37,13 @@ func TestHandleUpsertIgnoresNonLFSFile(t *testing.T) {
 		t.Fatalf("mkdir oids: %v", err)
 	}
 
+	cache := &precommit_cache.Cache{Root: cacheRoot, PathsDir: pathsDir, OIDsDir: oidsDir}
 	now := time.Now().UTC().Format(time.RFC3339)
-	if err := handleUpsert(context.Background(), pathsDir, oidsDir, "data/file.txt", now); err != nil {
+	if err := handleUpsert(context.Background(), cache, "data/file.txt", now); err != nil {
 		t.Fatalf("handleUpsert: %v", err)
 	}
 
-	pathEntry := pathEntryFile(pathsDir, "data/file.txt")
+	pathEntry := precommit_cache.PathEntryPath(cache, "data/file.txt")
 	if _, err := os.Stat(pathEntry); !os.IsNotExist(err) {
 		t.Fatalf("expected no cache entry for non-LFS file, got err=%v", err)
 	}
@@ -76,17 +79,18 @@ func TestHandleUpsertWritesLFSPointerCache(t *testing.T) {
 		t.Fatalf("mkdir oids: %v", err)
 	}
 
+	cache := &precommit_cache.Cache{Root: cacheRoot, PathsDir: pathsDir, OIDsDir: oidsDir}
 	now := time.Now().UTC().Format(time.RFC3339)
-	if err := handleUpsert(context.Background(), pathsDir, oidsDir, "data/file.bin", now); err != nil {
+	if err := handleUpsert(context.Background(), cache, "data/file.bin", now); err != nil {
 		t.Fatalf("handleUpsert: %v", err)
 	}
 
-	pathEntry := pathEntryFile(pathsDir, "data/file.bin")
+	pathEntry := precommit_cache.PathEntryPath(cache, "data/file.bin")
 	pathData, err := os.ReadFile(pathEntry)
 	if err != nil {
 		t.Fatalf("read path entry: %v", err)
 	}
-	var pathCache PathEntry
+	var pathCache precommit_cache.PathEntry
 	if err := json.Unmarshal(pathData, &pathCache); err != nil {
 		t.Fatalf("unmarshal path entry: %v", err)
 	}
@@ -97,12 +101,12 @@ func TestHandleUpsertWritesLFSPointerCache(t *testing.T) {
 		t.Fatalf("expected lfs oid sha256:deadbeef, got %q", pathCache.LFSOID)
 	}
 
-	oidEntry := oidEntryFile(oidsDir, "sha256:deadbeef")
+	oidEntry := precommit_cache.OIDEntryPath(cache, "sha256:deadbeef")
 	oidData, err := os.ReadFile(oidEntry)
 	if err != nil {
 		t.Fatalf("read oid entry: %v", err)
 	}
-	var oidCache OIDEntry
+	var oidCache precommit_cache.OIDEntry
 	if err := json.Unmarshal(oidData, &oidCache); err != nil {
 		t.Fatalf("unmarshal oid entry: %v", err)
 	}
@@ -114,6 +118,85 @@ func TestHandleUpsertWritesLFSPointerCache(t *testing.T) {
 	}
 }
 
+func TestCollectOversizedPlainGitStagedFiles(t *testing.T) {
+	repo := setupGitRepo(t)
+	oldwd := mustChdir(t, repo)
+	t.Cleanup(func() { _ = os.Chdir(oldwd) })
+
+	plainPath := filepath.Join(repo, "data", "large.bin")
+	if err := os.MkdirAll(filepath.Dir(plainPath), 0o755); err != nil {
+		t.Fatalf("mkdir: %v", err)
+	}
+	if err := os.WriteFile(plainPath, []byte("plain oversized payload"), 0o644); err != nil {
+		t.Fatalf("write plain file: %v", err)
+	}
+	gitCmd(t, repo, "add", "data/large.bin")
+
+	pointerPath := filepath.Join(repo, "data", "pointer.bin")
+	lfsPointer := strings.Join([]string{
+		"version https://git-lfs.github.com/spec/v1",
+		"oid sha256:deadbeef",
+		"size 999",
+		"",
+	}, "\n")
+	if err := os.WriteFile(pointerPath, []byte(lfsPointer), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+	gitCmd(t, repo, "add", "data/pointer.bin")
+
+	changes, err := stagedChanges(context.Background())
+	if err != nil {
+		t.Fatalf("stagedChanges: %v", err)
+	}
+	files, err := collectOversizedPlainGitStagedFiles(context.Background(), changes, 1)
+	if err != nil {
+		t.Fatalf("collectOversizedPlainGitStagedFiles: %v", err)
+	}
+	if len(files) != 1 {
+		t.Fatalf("expected 1 oversized plain file, got %d: %+v", len(files), files)
+	}
+	if files[0].Path != "data/large.bin" {
+		t.Fatalf("unexpected oversized file path: %+v", files[0])
+	}
+}
+
+func TestRunAbortsWhenOversizedPlainGitCommitIsRejected(t *testing.T) {
+	repo := setupGitRepo(t)
+	oldwd := mustChdir(t, repo)
+	t.Cleanup(func() { _ = os.Chdir(oldwd) })
+
+	path := filepath.Join(repo, "data", "large.bin")
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		t.Fatalf("mkdir: %v", err)
+	}
+	if err := os.WriteFile(path, []byte("plain oversized payload"), 0o644); err != nil {
+		t.Fatalf("write file: %v", err)
+	}
+	gitCmd(t, repo, "add", "data/large.bin")
+
+	oldThreshold := directCommitWarningThresholdBytes
+	oldPrompt := confirmOversizedDirectGitCommit
+	t.Cleanup(func() {
+		directCommitWarningThresholdBytes = oldThreshold
+		confirmOversizedDirectGitCommit = oldPrompt
+	})
+	directCommitWarningThresholdBytes = 1
+	confirmOversizedDirectGitCommit = func(files []OversizedStagedFile) (bool, error) {
+		if len(files) != 1 || files[0].Path != "data/large.bin" {
+			t.Fatalf("unexpected prompt files: %+v", files)
+		}
+		return false, nil
+	}
+
+	err := run(context.Background())
+	if err == nil {
+		t.Fatal("expected run to abort when oversized file warning is rejected")
+	}
+	if !strings.Contains(err.Error(), "commit aborted") {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
 func setupGitRepo(t *testing.T) string {
 	t.Helper()
 	dir := t.TempDir()
diff --git a/cmd/precommit/run.go b/cmd/precommit/run.go
new file mode 100644
index 00000000..1dcad053
--- /dev/null
+++ b/cmd/precommit/run.go
@@ -0,0 +1,124 @@
+// Package precommit updates the local `.git/drs/pre-commit` cache from staged
+// pointer changes. The cache is rebuildable local bookkeeping, distinct from
+// the authoritative local DRS metadata stored under `.git/drs/lfs/objects`.
+package precommit
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/calypr/git-drs/internal/precommit_cache"
+)
+
+type ChangeKind int
+
+const (
+	KindAdd ChangeKind = iota
+	KindModify
+	KindDelete
+	KindRename
+)
+
+type Change struct {
+	Kind    ChangeKind
+	OldPath string
+	NewPath string
+	Status  string
+}
+
+func run(ctx context.Context) error {
+	if ctx == nil {
+		ctx = context.Background()
+	}
+
+	cache, err := precommit_cache.Open(ctx)
+	if err != nil {
+		return err
+	}
+	if err := precommit_cache.EnsureLayout(cache); err != nil {
+		return err
+	}
+	tombsDir := filepath.Join(cache.Root, "tombstones")
+	if err := os.MkdirAll(tombsDir, 0o755); err != nil {
+		return fmt.Errorf("create tombstones directory: %w", err)
+	}
+
+	changes, err := stagedChanges(ctx)
+	if err != nil {
+		return err
+	}
+	if len(changes) == 0 {
+		return nil
+	}
+	oversized, err := collectOversizedPlainGitStagedFiles(ctx, changes, directCommitWarningThresholdBytes)
+	if err != nil {
+		return err
+	}
+	if len(oversized) > 0 {
+		allowed, err := confirmOversizedDirectGitCommit(oversized)
+		if err != nil {
+			return err
+		}
+		if !allowed {
+			return fmt.Errorf("commit aborted so you can track large files before committing them directly to Git")
+		}
+	}
+
+	now := time.Now().UTC().Format(time.RFC3339)
+	for _, ch := range changes {
+		if ch.Kind != KindRename {
+			continue
+		}
+		newOID, newIsLFS, err := stagedLFSOID(ctx, ch.NewPath)
+		if err != nil {
+			continue
+		}
+
+		oldPathFile := precommit_cache.PathEntryPath(cache, ch.OldPath)
+		newPathFile := precommit_cache.PathEntryPath(cache, ch.NewPath)
+
+		if newIsLFS {
+			if err := moveFileBestEffort(oldPathFile, newPathFile); err != nil && !os.IsNotExist(err) {
+				return fmt.Errorf("rename migrate path entry: %w", err)
+			}
+
+			if err := precommit_cache.WritePathEntry(cache, precommit_cache.PathEntry{
+				Path:      ch.NewPath,
+				LFSOID:    newOID,
+				UpdatedAt: now,
+			}); err != nil {
+				return err
+			}
+
+			if err := precommit_cache.UpsertOIDPath(cache, newOID, ch.OldPath, ch.NewPath, "", now, false); err != nil {
+				return err
+			}
+		} else {
+			if err := removeIfExists(oldPathFile); err != nil {
+				return fmt.Errorf("remove stale path entry for %s: %w", ch.OldPath, err)
+			}
+		}
+	}
+
+	for _, ch := range changes {
+		switch ch.Kind {
+		case KindAdd, KindModify:
+			if err := handleUpsert(ctx, cache, ch.NewPath, now); err != nil {
+				return err
+			}
+		case KindRename:
+			if err := handleUpsert(ctx, cache, ch.NewPath, now); err != nil {
+				return err
+			}
+		case KindDelete:
+			if err := handleDelete(ctx, cache, tombsDir, ch.NewPath, now); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/cmd/precommit/warnings.go b/cmd/precommit/warnings.go
new file mode 100644
index 00000000..1088132f
--- /dev/null
+++ b/cmd/precommit/warnings.go
@@ -0,0 +1,91 @@
+package precommit
+
+import (
+	"bufio"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"sort"
+	"strings"
+)
+
+type OversizedStagedFile struct {
+	Path string
+	Size int64
+}
+
+func collectOversizedPlainGitStagedFiles(ctx context.Context, changes []Change, thresholdBytes int64) ([]OversizedStagedFile, error) {
+	if thresholdBytes <= 0 {
+		return nil, nil
+	}
+	var oversized []OversizedStagedFile
+	seen := make(map[string]struct{})
+	for _, ch := range changes {
+		if ch.Kind != KindAdd && ch.Kind != KindModify && ch.Kind != KindRename {
+			continue
+		}
+		path := ch.NewPath
+		if path == "" {
+			continue
+		}
+		if _, ok := seen[path]; ok {
+			continue
+		}
+		seen[path] = struct{}{}
+
+		_, isLFS, err := stagedLFSOID(ctx, path)
+		if err != nil {
+			continue
+		}
+		if isLFS {
+			continue
+		}
+
+		size, err := stagedBlobSize(ctx, path)
+		if err != nil {
+			return nil, err
+		}
+		if size <= thresholdBytes {
+			continue
+		}
+		oversized = append(oversized, OversizedStagedFile{Path: path, Size: size})
+	}
+	sort.Slice(oversized, func(i, j int) bool { return oversized[i].Path < oversized[j].Path })
+	return oversized, nil
+}
+
+func promptOversizedDirectGitCommit(files []OversizedStagedFile) (bool, error) {
+	if len(files) == 0 {
+		return true, nil
+	}
+
+	fmt.Fprintf(os.Stderr, "\nWarning: the following staged files are being committed directly to Git and exceed %s:\n\n", humanBytes(directCommitWarningThresholdBytes))
+	for _, f := range files {
+		fmt.Fprintf(os.Stderr, "  - %s (%s)\n", f.Path, humanBytes(f.Size))
+	}
+	fmt.Fprintln(os.Stderr, "\nIf these should be managed by git-drs, track them first and re-add them.")
+	fmt.Fprint(os.Stderr, "Continue committing these files directly to GitHub? [y/N]: ")
+
+	reader := bufio.NewReader(os.Stdin)
+	line, err := reader.ReadString('\n')
+	if err != nil && !errors.Is(err, io.EOF) {
+		return false, err
+	}
+	answer := strings.ToLower(strings.TrimSpace(line))
+	return answer == "y" || answer == "yes", nil
+}
+
+func humanBytes(n int64) string {
+	const unit = int64(1024)
+	if n < unit {
+		return fmt.Sprintf("%d B", n)
+	}
+	div, exp := unit, 0
+	for q := n / unit; q >= unit; q /= unit {
+		div *= unit
+		exp++
+	}
+	return fmt.Sprintf("%.1f %ciB", float64(n)/float64(div), "KMGTPE"[exp])
+}
diff --git a/cmd/prepush/main.go b/cmd/prepush/main.go
deleted file mode 100644
index 9e2e841e..00000000
--- a/cmd/prepush/main.go
+++ /dev/null
@@ -1,605 +0,0 @@
-package prepush
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"log/slog"
-	"net/http"
-	"os"
-	"os/exec"
-	"sort"
-	"strings"
-	"time"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsmap"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/gitrepo"
-	"github.com/calypr/git-drs/internal/lfs"
-	"github.com/calypr/git-drs/internal/precommit_cache"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	syfoncommon "github.com/calypr/syfon/common"
-	"github.com/spf13/cobra"
-)
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "pre-push-prepare",
-	Short: "pre-push hook to update DRS objects",
-	Long:  "Pre-push hook that updates DRS objects before transfer",
-	Args:  cobra.RangeArgs(0, 2),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return NewPrePushService().Run(args, os.Stdin)
-	},
-}
-
-type PrePushService struct {
-	newLogger       func(string, bool) (*slog.Logger, error)
-	loadConfig      func() (*config.Config, error)
-	writeDrsObjects func(drsobject.Builder, map[string]lfs.LfsFileInfo, drsmap.WriteOptions) error
-	createTempFile  func(dir, pattern string) (*os.File, error)
-}
-
-func NewPrePushService() *PrePushService {
-	return &PrePushService{
-		newLogger:       drslog.NewLogger,
-		loadConfig:      config.LoadConfig,
-		writeDrsObjects: drsmap.WriteObjectsForLFSFiles,
-		createTempFile:  os.CreateTemp,
-	}
-}
-
-func (s *PrePushService) Run(args []string, stdin io.Reader) error {
-	ctx := context.Background()
-	myLogger, err := s.newLogger("", false)
-	if err != nil {
-		return fmt.Errorf("error creating logger: %v", err)
-	}
-
-	myLogger.Info("~~~~~~~~~~~~~ START: pre-push ~~~~~~~~~~~~~")
-
-	cfg, err := s.loadConfig()
-	if err != nil {
-		return fmt.Errorf("error getting config: %v", err)
-	}
-
-	gitRemoteName, gitRemoteLocation := parseRemoteArgs(args)
-	myLogger.Debug(fmt.Sprintf("git remote name: %s, git remote location: %s", gitRemoteName, gitRemoteLocation))
-
-	remote, err := cfg.GetDefaultRemote()
-	if err != nil {
-		myLogger.Debug(fmt.Sprintf("Warning. Error getting default remote: %v", err))
-		fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting default remote:", err)
-		return nil
-	}
-
-	remoteConfig := cfg.GetRemote(remote)
-	if remoteConfig == nil {
-		fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting remote configuration.")
-		myLogger.Debug("Warning. Skipping DRS preparation. Error getting remote configuration.")
-		return nil
-	}
-
-	scope, err := gitrepo.ResolveBucketScope(
-		remoteConfig.GetOrganization(),
-		remoteConfig.GetProjectId(),
-		remoteConfig.GetBucketName(),
-		remoteConfig.GetStoragePrefix(),
-	)
-	if err != nil {
-		return err
-	}
-
-	builder := drsobject.NewBuilder(scope.Bucket, remoteConfig.GetProjectId())
-	builder.Organization = remoteConfig.GetOrganization()
-	builder.StoragePrefix = scope.Prefix
-	myLogger.Debug(fmt.Sprintf("Current server project: %s (org: %s)", builder.Project, builder.Organization))
-
-	tmp, err := bufferStdin(stdin, s.createTempFile)
-	if err != nil {
-		myLogger.Error(fmt.Sprintf("error buffering stdin: %v", err))
-		return err
-	}
-	defer func() {
-		_ = tmp.Close()
-		_ = os.Remove(tmp.Name())
-	}()
-
-	refs, err := readPushedRefs(tmp)
-	if err != nil {
-		myLogger.Error(fmt.Sprintf("error reading pushed refs: %v", err))
-		return err
-	}
-	branches := branchesFromRefs(refs)
-
-	cache, cacheReady := openCache(ctx, myLogger)
-	lfsFiles, usedCache, err := collectLfsFiles(ctx, cache, cacheReady, gitRemoteName, gitRemoteLocation, branches, refs, myLogger)
-	if err != nil {
-		myLogger.Error(fmt.Sprintf("error collecting LFS files: %v", err))
-		return err
-	}
-
-	myLogger.Debug(fmt.Sprintf("Preparing DRS objects for push branches: %v (cache=%v)", branches, usedCache))
-	err = s.writeDrsObjects(builder, lfsFiles, drsmap.WriteOptions{
-		Cache:          cache,
-		PreferCacheURL: usedCache,
-		Logger:         myLogger,
-	})
-	if err != nil {
-		myLogger.Error(fmt.Sprintf("WriteObjectsForLFSFiles failed: %v", err))
-		return err
-	}
-
-	// Stage metadata in one packet; server consumes it at LFS verify-time.
-	myLogger.Info(fmt.Sprintf("Staging %d DRS metadata records for LFS verify", len(lfsFiles)))
-	if err := submitPendingLFSMeta(ctx, remote, remoteConfig.GetEndpoint(), lfsFiles, myLogger); err != nil {
-		myLogger.Error(fmt.Sprintf("DRS metadata staging failed: %v", err))
-		return fmt.Errorf("DRS metadata staging failed: %w", err)
-	}
-
-	myLogger.Info("~~~~~~~~~~~~~ COMPLETED: pre-push ~~~~~~~~~~~~~")
-	return nil
-}
-
-type metadataSubmitRequest struct {
-	Candidates []metadataCandidate `json:"candidates"`
-	TTLSeconds int64               `json:"ttl_seconds,omitempty"`
-}
-
-type metadataChecksum struct {
-	Type     string `json:"type"`
-	Checksum string `json:"checksum"`
-}
-
-type metadataAccessURL struct {
-	URL string `json:"url,omitempty"`
-}
-
-type metadataAccessMethod struct {
-	Type           string              `json:"type,omitempty"`
-	AccessURL      metadataAccessURL   `json:"access_url,omitempty"`
-	AccessID       string              `json:"access_id,omitempty"`
-	Region         string              `json:"region,omitempty"`
-	Authorizations map[string][]string `json:"authorizations,omitempty"`
-}
-
-type metadataCandidate struct {
-	Id            string                 `json:"id,omitempty"`
-	Name          string                 `json:"name,omitempty"`
-	Size          int64                  `json:"size"`
-	Version       string                 `json:"version,omitempty"`
-	MimeType      string                 `json:"mime_type,omitempty"`
-	Checksums     []metadataChecksum     `json:"checksums"`
-	AccessMethods []metadataAccessMethod `json:"access_methods,omitempty"`
-	Description   string                 `json:"description,omitempty"`
-	Aliases       []string               `json:"aliases,omitempty"`
-}
-
-func toMetadataCandidate(c drsapi.DrsObjectCandidate) metadataCandidate {
-	name := ""
-	if c.Name != nil {
-		name = *c.Name
-	}
-	mimeType := ""
-	if c.MimeType != nil {
-		mimeType = *c.MimeType
-	}
-	description := ""
-	if c.Description != nil {
-		description = *c.Description
-	}
-	aliases := []string(nil)
-	if c.Aliases != nil {
-		aliases = append([]string(nil), (*c.Aliases)...)
-	}
-	out := metadataCandidate{
-		Name:        name,
-		Size:        c.Size,
-		Version:     "",
-		MimeType:    mimeType,
-		Description: description,
-		Aliases:     aliases,
-	}
-	if c.Version != nil {
-		out.Version = *c.Version
-	}
-
-	if len(c.Checksums) > 0 {
-		out.Checksums = make([]metadataChecksum, 0, len(c.Checksums))
-		for _, cs := range c.Checksums {
-			out.Checksums = append(out.Checksums, metadataChecksum{
-				Type:     string(cs.Type),
-				Checksum: cs.Checksum,
-			})
-		}
-	}
-
-	if c.AccessMethods != nil && len(*c.AccessMethods) > 0 {
-		out.AccessMethods = make([]metadataAccessMethod, 0, len(*c.AccessMethods))
-		for _, am := range *c.AccessMethods {
-			accID := ""
-			if am.AccessId != nil {
-				accID = *am.AccessId
-			}
-			region := ""
-			if am.Region != nil {
-				region = *am.Region
-			}
-			accURL := ""
-			if am.AccessUrl != nil {
-				accURL = am.AccessUrl.Url
-			}
-			m := metadataAccessMethod{
-				Type:     string(am.Type),
-				AccessID: accID,
-				Region:   region,
-				AccessURL: metadataAccessURL{
-					URL: accURL,
-				},
-			}
-			if authzMap := syfoncommon.AuthzMapFromAccessMethodAuthorizations(am.Authorizations); len(authzMap) > 0 {
-				m.Authorizations = authzMap
-			}
-			out.AccessMethods = append(out.AccessMethods, m)
-		}
-	}
-
-	return out
-}
-
-func submitPendingLFSMeta(ctx context.Context, remote config.Remote, endpoint string, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error {
-	base := strings.TrimRight(strings.TrimSpace(endpoint), "/")
-	if base == "" {
-		return fmt.Errorf("remote endpoint is empty")
-	}
-	url := base + "/info/lfs/objects/metadata"
-
-	candidates := make([]metadataCandidate, 0, len(lfsFiles))
-	for _, file := range lfsFiles {
-		obj, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-		if err != nil || obj == nil {
-			logger.Debug(fmt.Sprintf("skipping oid %s: local DRS object not found", file.Oid))
-			continue
-		}
-		candidates = append(candidates, toMetadataCandidate(drsobject.ConvertToCandidate(obj)))
-	}
-	if len(candidates) == 0 {
-		logger.Debug("no metadata candidates to stage")
-		return nil
-	}
-
-	reqBody := metadataSubmitRequest{
-		Candidates: candidates,
-		TTLSeconds: int64((20 * time.Minute).Seconds()),
-	}
-	payload, err := json.Marshal(reqBody)
-	if err != nil {
-		return fmt.Errorf("failed to encode pending metadata request: %w", err)
-	}
-
-	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
-	if err != nil {
-		return fmt.Errorf("failed to create pending metadata request: %w", err)
-	}
-	httpReq.Header.Set("Content-Type", "application/json")
-	httpReq.Header.Set("Accept", "application/vnd.git-lfs+json")
-	if authHeader, ok := resolveRemoteAuthHeader(string(remote)); ok {
-		httpReq.Header.Set("Authorization", authHeader)
-	}
-
-	client := pendingMetadataClientFactory()
-	resp, err := client.Do(httpReq)
-	if err != nil {
-		return fmt.Errorf("pending metadata request failed: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
-		bodyText := strings.TrimSpace(string(body))
-		// Some deployments do not yet expose /info/lfs/objects/metadata.
-		// Treat this as optional capability and continue with push flow.
-		switch resp.StatusCode {
-		case http.StatusNotFound, http.StatusMethodNotAllowed, http.StatusNotImplemented:
-			logger.Warn(fmt.Sprintf("metadata staging endpoint unavailable (status=%d); continuing without staged metadata", resp.StatusCode))
-			return nil
-		}
-		// Some reverse proxies/frontends may return HTML 404/maintenance pages with 5xx.
-		// If this looks like non-API HTML and not a structured LFS error, degrade gracefully.
-		if strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "text/html") {
-			logger.Warn(fmt.Sprintf("metadata staging returned HTML response (status=%d); continuing without staged metadata", resp.StatusCode))
-			return nil
-		}
-		return fmt.Errorf("pending metadata request failed: status=%d body=%s", resp.StatusCode, bodyText)
-	}
-	return nil
-}
-
-func resolveRemoteAuthHeader(remoteName string) (string, bool) {
-	if token, err := gitrepo.GetRemoteToken(remoteName); err == nil {
-		if token = strings.TrimSpace(token); token != "" {
-			return "Bearer " + token, true
-		}
-	}
-	username, password, err := gitrepo.GetRemoteBasicAuth(remoteName)
-	if err != nil || username == "" || password == "" {
-		return "", false
-	}
-	creds := username + ":" + password
-	return "Basic " + base64.StdEncoding.EncodeToString([]byte(creds)), true
-}
-
-func parseRemoteArgs(args []string) (string, string) {
-	var gitRemoteName, gitRemoteLocation string
-	if len(args) >= 1 {
-		gitRemoteName = args[0]
-	}
-	if len(args) >= 2 {
-		gitRemoteLocation = args[1]
-	}
-	if gitRemoteName == "" {
-		gitRemoteName = "origin"
-	}
-	return gitRemoteName, gitRemoteLocation
-}
-
-type pushedRef struct {
-	LocalRef  string
-	LocalSHA  string
-	RemoteRef string
-	RemoteSHA string
-}
-
-func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) {
-	tmp, err := createTempFile("", "prepush-stdin-*")
-	if err != nil {
-		return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
-	}
-
-	if _, err := io.Copy(tmp, stdin); err != nil {
-		_ = tmp.Close()
-		_ = os.Remove(tmp.Name())
-		return nil, fmt.Errorf("error buffering stdin: %w", err)
-	}
-
-	if _, err := tmp.Seek(0, 0); err != nil {
-		_ = tmp.Close()
-		_ = os.Remove(tmp.Name())
-		return nil, fmt.Errorf("error seeking temp stdin: %w", err)
-	}
-	return tmp, nil
-}
-
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) {
-	// Ensure we read from start
-	// example:
-	// refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	scanner := bufio.NewScanner(f)
-	refs := make([]pushedRef, 0)
-	for scanner.Scan() {
-		line := scanner.Text()
-		fields := strings.Fields(line)
-		if len(fields) < 4 {
-			continue
-		}
-		refs = append(refs, pushedRef{
-			LocalRef:  fields[0],
-			LocalSHA:  fields[1],
-			RemoteRef: fields[2],
-			RemoteSHA: fields[3],
-		})
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-	// Rewind so caller can reuse the file
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	return refs, nil
-}
-
-func branchesFromRefs(refs []pushedRef) []string {
-	const prefix = "refs/heads/"
-	set := make(map[string]struct{})
-	for _, ref := range refs {
-		if strings.HasPrefix(ref.LocalRef, prefix) {
-			branch := strings.TrimPrefix(ref.LocalRef, prefix)
-			if branch != "" {
-				set[branch] = struct{}{}
-			}
-		}
-	}
-	branches := make([]string, 0, len(set))
-	for b := range set {
-		branches = append(branches, b)
-	}
-	sort.Strings(branches)
-	return branches
-}
-
-func openCache(ctx context.Context, logger *slog.Logger) (*precommit_cache.Cache, bool) {
-	cache, err := precommit_cache.Open(ctx)
-	if err != nil {
-		logger.Debug(fmt.Sprintf("pre-commit cache unavailable: %v", err))
-		return nil, false
-	}
-	if _, err := os.Stat(cache.Root); err != nil {
-		if os.IsNotExist(err) {
-			logger.Debug("pre-commit cache missing; continuing without cache")
-		} else {
-			logger.Debug(fmt.Sprintf("pre-commit cache access error: %v", err))
-		}
-		return nil, false
-	}
-	return cache, true
-}
-
-func collectLfsFiles(ctx context.Context, cache *precommit_cache.Cache, cacheReady bool, gitRemoteName, gitRemoteLocation string, branches []string, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) {
-	if cacheReady {
-		lfsFiles, ok, err := lfsFilesFromCache(ctx, cache, refs, logger)
-		if err != nil {
-			logger.Debug(fmt.Sprintf("pre-commit cache read failed: %v", err))
-		} else if ok {
-			return lfsFiles, true, nil
-		}
-		logger.Debug("pre-commit cache incomplete or stale; falling back to LFS discovery")
-	}
-	lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
-	if err != nil {
-		return nil, false, err
-	}
-	return lfsFiles, false, nil
-}
-
-const cacheMaxAge = 24 * time.Hour
-
-var pendingMetadataClientFactory = func() *http.Client {
-	return &http.Client{Timeout: 20 * time.Second}
-}
-
-func normalizeCachedOID(oid string) string {
-	normalized := strings.TrimSpace(oid)
-	if len(normalized) >= len("sha256:") && strings.EqualFold(normalized[:len("sha256:")], "sha256:") {
-		normalized = normalized[len("sha256:"):]
-	}
-	return strings.TrimSpace(normalized)
-}
-
-func lfsFilesFromCache(ctx context.Context, cache *precommit_cache.Cache, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) {
-	if cache == nil {
-		return nil, false, nil
-	}
-	paths, err := listPushedPaths(ctx, refs)
-	if err != nil {
-		return nil, false, err
-	}
-	lfsFiles := make(map[string]lfs.LfsFileInfo, len(paths))
-	for _, path := range paths {
-		entry, ok, err := cache.ReadPathEntry(path)
-		if err != nil {
-			return nil, false, err
-		}
-		if !ok {
-			return nil, false, nil
-		}
-		oid := normalizeCachedOID(entry.LFSOID)
-		if oid == "" {
-			return nil, false, nil
-		}
-		if entry.UpdatedAt == "" || precommit_cache.StaleAfter(entry.UpdatedAt, cacheMaxAge) {
-			return nil, false, nil
-		}
-		stat, err := os.Stat(path)
-		if err != nil {
-			logger.Debug(fmt.Sprintf("cache path stat failed for %s: %v", path, err))
-			return nil, false, nil
-		}
-		lfsFiles[path] = lfs.LfsFileInfo{
-			Name:    path,
-			Size:    stat.Size(),
-			OidType: "sha256",
-			Oid:     oid,
-			Version: "https://git-lfs.github.com/spec/v1",
-		}
-	}
-	return lfsFiles, true, nil
-}
-
-func listPushedPaths(ctx context.Context, refs []pushedRef) ([]string, error) {
-	const zeroSHA = "0000000000000000000000000000000000000000"
-	set := make(map[string]struct{})
-	for _, ref := range refs {
-		if ref.LocalSHA == "" || ref.LocalSHA == zeroSHA {
-			continue
-		}
-		var args []string
-		if ref.RemoteSHA == "" || ref.RemoteSHA == zeroSHA {
-			args = []string{"ls-tree", "-r", "--name-only", ref.LocalSHA}
-		} else {
-			args = []string{"diff", "--name-only", ref.RemoteSHA, ref.LocalSHA}
-		}
-		out, err := gitOutput(ctx, args...)
-		if err != nil {
-			return nil, err
-		}
-		for _, line := range strings.Split(strings.TrimSpace(out), "\n") {
-			line = strings.TrimSpace(line)
-			if line == "" {
-				continue
-			}
-			set[line] = struct{}{}
-		}
-	}
-	paths := make([]string, 0, len(set))
-	for path := range set {
-		paths = append(paths, path)
-	}
-	sort.Strings(paths)
-	return paths, nil
-}
-
-func gitOutput(ctx context.Context, args ...string) (string, error) {
-	cmd := exec.CommandContext(ctx, "git", args...)
-	cmd.Env = os.Environ()
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
-	}
-	return string(out), nil
-}
-
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedBranches(f *os.File) ([]string, error) {
-	// Ensure we read from start
-	// example:
-	// refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	scanner := bufio.NewScanner(f)
-	set := make(map[string]struct{})
-	for scanner.Scan() {
-		line := scanner.Text()
-		fields := strings.Fields(line)
-		if len(fields) < 1 {
-			continue
-		}
-		localRef := fields[0]
-		const prefix = "refs/heads/"
-		if strings.HasPrefix(localRef, prefix) {
-			branch := strings.TrimPrefix(localRef, prefix)
-			if branch != "" {
-				set[branch] = struct{}{}
-			}
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, err
-	}
-	branches := make([]string, 0, len(set))
-	for b := range set {
-		branches = append(branches, b)
-	}
-	sort.Strings(branches)
-	// Rewind so caller can reuse the file
-	if _, err := f.Seek(0, 0); err != nil {
-		return nil, err
-	}
-	return branches, nil
-}
diff --git a/cmd/prepush/main_test.go b/cmd/prepush/main_test.go
deleted file mode 100644
index 5fad785b..00000000
--- a/cmd/prepush/main_test.go
+++ /dev/null
@@ -1,622 +0,0 @@
-package prepush
-
-import (
-	"context"
-	"encoding/base64"
-	"encoding/json"
-	"io"
-	"log/slog"
-	"net/http"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/lfs"
-	"github.com/calypr/git-drs/internal/precommit_cache"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-)
-
-func TestLfsFilesFromCache(t *testing.T) {
-	repo := setupGitRepo(t)
-	filePath := filepath.Join(repo, "data", "file.bin")
-	if err := os.MkdirAll(filepath.Dir(filePath), 0o755); err != nil {
-		t.Fatalf("mkdir: %v", err)
-	}
-	if err := os.WriteFile(filePath, []byte("first"), 0o644); err != nil {
-		t.Fatalf("write: %v", err)
-	}
-	gitCmd(t, repo, "add", "data/file.bin")
-	gitCmd(t, repo, "commit", "-m", "first")
-	oldSHA := gitOutputString(t, repo, "rev-parse", "HEAD")
-
-	if err := os.WriteFile(filePath, []byte("second"), 0o644); err != nil {
-		t.Fatalf("write: %v", err)
-	}
-	gitCmd(t, repo, "add", "data/file.bin")
-	gitCmd(t, repo, "commit", "-m", "second")
-	newSHA := gitOutputString(t, repo, "rev-parse", "HEAD")
-
-	cacheRoot := filepath.Join(repo, ".git", "drs", "pre-commit", "v1")
-	cache := &precommit_cache.Cache{
-		GitDir:    filepath.Join(repo, ".git"),
-		Root:      cacheRoot,
-		PathsDir:  filepath.Join(cacheRoot, "paths"),
-		OIDsDir:   filepath.Join(cacheRoot, "oids"),
-		StatePath: filepath.Join(cacheRoot, "state.json"),
-	}
-	if err := os.MkdirAll(cache.PathsDir, 0o755); err != nil {
-		t.Fatalf("mkdir paths dir: %v", err)
-	}
-	if err := os.MkdirAll(cache.OIDsDir, 0o755); err != nil {
-		t.Fatalf("mkdir oids dir: %v", err)
-	}
-	pathEntry := precommit_cache.PathEntry{
-		Path:      "data/file.bin",
-		LFSOID:    "oid-123",
-		UpdatedAt: time.Now().UTC().Format(time.RFC3339),
-	}
-	pathEntryFile := filepath.Join(cache.PathsDir, precommit_cache.EncodePath(pathEntry.Path)+".json")
-	writeJSON(t, pathEntryFile, pathEntry)
-
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	refs := []pushedRef{{
-		LocalRef:  "refs/heads/main",
-		LocalSHA:  newSHA,
-		RemoteRef: "refs/heads/main",
-		RemoteSHA: oldSHA,
-	}}
-
-	lfsFiles, ok, err := lfsFilesFromCache(context.Background(), cache, refs, logger)
-	if err != nil {
-		t.Fatalf("lfsFilesFromCache: %v", err)
-	}
-	if !ok {
-		t.Fatalf("expected cache to be usable")
-	}
-	info, exists := lfsFiles["data/file.bin"]
-	if !exists {
-		t.Fatalf("expected lfs info for data/file.bin")
-	}
-	if info.Oid != "oid-123" {
-		t.Fatalf("expected oid to be oid-123, got %s", info.Oid)
-	}
-	if info.OidType != "sha256" {
-		t.Fatalf("expected oid type sha256, got %s", info.OidType)
-	}
-	stat, err := os.Stat(filePath)
-	if err != nil {
-		t.Fatalf("stat: %v", err)
-	}
-	if info.Size != stat.Size() {
-		t.Fatalf("expected size %d, got %d", stat.Size(), info.Size)
-	}
-}
-
-func TestReadPushedBranches(t *testing.T) {
-	tests := []struct {
-		name     string
-		input    string
-		expected []string // Sorted
-	}{
-		{
-			name:     "single branch",
-			input:    "refs/heads/main 1234 oid123 refs/heads/main 1234 oid456",
-			expected: []string{"main"},
-		},
-		{
-			name:     "multiple branches",
-			input:    "refs/heads/main 123 oid refs/heads/main 456 oid\nrefs/heads/feature/foo 789 oid remote 000 oid",
-			expected: []string{"feature/foo", "main"},
-		},
-		{
-			name:     "ignore tags",
-			input:    "refs/tags/v1.0 123 oid refs/tags/v1.0 123 oid",
-			expected: []string{},
-		},
-		{
-			name:     "empty input",
-			input:    "",
-			expected: []string{},
-		},
-		{
-			name:     "malformed lines",
-			input:    "just-garbage\nrefs/heads/ok 1 2 3",
-			expected: []string{"ok"},
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			tmp, err := os.CreateTemp("", "test-stdin")
-			if err != nil {
-				t.Fatalf("create temp: %v", err)
-			}
-			defer os.Remove(tmp.Name())
-
-			if _, err := tmp.WriteString(tt.input); err != nil {
-				t.Fatalf("write temp: %v", err)
-			}
-
-			// readPushedBranches seeks to 0 itself, but we pass the *os.File
-			// which must be valid.
-			branches, err := readPushedBranches(tmp)
-			if err != nil {
-				t.Fatalf("readPushedBranches error: %v", err)
-			}
-
-			if len(branches) != len(tt.expected) {
-				t.Errorf("expected %d branches, got %d: %v", len(tt.expected), len(branches), branches)
-				return
-			}
-			for i := range branches {
-				if branches[i] != tt.expected[i] {
-					t.Errorf("branch mismatch at %d: got %s, want %s", i, branches[i], tt.expected[i])
-				}
-			}
-
-			tmp.Close()
-		})
-	}
-}
-
-func TestLfsFilesFromCacheStale(t *testing.T) {
-	repo := setupGitRepo(t)
-	filePath := filepath.Join(repo, "data", "file.bin")
-	if err := os.MkdirAll(filepath.Dir(filePath), 0o755); err != nil {
-		t.Fatalf("mkdir: %v", err)
-	}
-	if err := os.WriteFile(filePath, []byte("data"), 0o644); err != nil {
-		t.Fatalf("write: %v", err)
-	}
-	gitCmd(t, repo, "add", "data/file.bin")
-	gitCmd(t, repo, "commit", "-m", "first")
-	sha := gitOutputString(t, repo, "rev-parse", "HEAD")
-
-	cacheRoot := filepath.Join(repo, ".git", "drs", "pre-commit", "v1")
-	cache := &precommit_cache.Cache{
-		GitDir:    filepath.Join(repo, ".git"),
-		Root:      cacheRoot,
-		PathsDir:  filepath.Join(cacheRoot, "paths"),
-		OIDsDir:   filepath.Join(cacheRoot, "oids"),
-		StatePath: filepath.Join(cacheRoot, "state.json"),
-	}
-	if err := os.MkdirAll(cache.PathsDir, 0o755); err != nil {
-		t.Fatalf("mkdir paths dir: %v", err)
-	}
-
-	pathEntry := precommit_cache.PathEntry{
-		Path:      "data/file.bin",
-		LFSOID:    "oid-123",
-		UpdatedAt: time.Now().Add(-48 * time.Hour).UTC().Format(time.RFC3339),
-	}
-	pathEntryFile := filepath.Join(cache.PathsDir, precommit_cache.EncodePath(pathEntry.Path)+".json")
-	writeJSON(t, pathEntryFile, pathEntry)
-
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	refs := []pushedRef{{
-		LocalRef:  "refs/heads/main",
-		LocalSHA:  sha,
-		RemoteRef: "refs/heads/main",
-		RemoteSHA: "0000000000000000000000000000000000000000",
-	}}
-
-	_, ok, err := lfsFilesFromCache(context.Background(), cache, refs, logger)
-	if err != nil {
-		t.Fatalf("lfsFilesFromCache: %v", err)
-	}
-	if ok {
-		t.Fatalf("expected cache to be stale")
-	}
-}
-
-func TestLfsFilesFromCacheNormalizesOID(t *testing.T) {
-	repo := setupGitRepo(t)
-	filePath := filepath.Join(repo, "data", "file.bin")
-	if err := os.MkdirAll(filepath.Dir(filePath), 0o755); err != nil {
-		t.Fatalf("mkdir: %v", err)
-	}
-	if err := os.WriteFile(filePath, []byte("first"), 0o644); err != nil {
-		t.Fatalf("write: %v", err)
-	}
-	gitCmd(t, repo, "add", "data/file.bin")
-	gitCmd(t, repo, "commit", "-m", "first")
-	oldSHA := gitOutputString(t, repo, "rev-parse", "HEAD")
-
-	if err := os.WriteFile(filePath, []byte("second"), 0o644); err != nil {
-		t.Fatalf("write: %v", err)
-	}
-	gitCmd(t, repo, "add", "data/file.bin")
-	gitCmd(t, repo, "commit", "-m", "second")
-	newSHA := gitOutputString(t, repo, "rev-parse", "HEAD")
-
-	cacheRoot := filepath.Join(repo, ".git", "drs", "pre-commit", "v1")
-	cache := &precommit_cache.Cache{
-		GitDir:    filepath.Join(repo, ".git"),
-		Root:      cacheRoot,
-		PathsDir:  filepath.Join(cacheRoot, "paths"),
-		OIDsDir:   filepath.Join(cacheRoot, "oids"),
-		StatePath: filepath.Join(cacheRoot, "state.json"),
-	}
-	if err := os.MkdirAll(cache.PathsDir, 0o755); err != nil {
-		t.Fatalf("mkdir paths dir: %v", err)
-	}
-
-	rawOID := strings.Repeat("a", 64)
-	pathEntry := precommit_cache.PathEntry{
-		Path:      "data/file.bin",
-		LFSOID:    " sha256:" + rawOID + " ",
-		UpdatedAt: time.Now().UTC().Format(time.RFC3339),
-	}
-	pathEntryFile := filepath.Join(cache.PathsDir, precommit_cache.EncodePath(pathEntry.Path)+".json")
-	writeJSON(t, pathEntryFile, pathEntry)
-
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	refs := []pushedRef{{
-		LocalRef:  "refs/heads/main",
-		LocalSHA:  newSHA,
-		RemoteRef: "refs/heads/main",
-		RemoteSHA: oldSHA,
-	}}
-
-	lfsFiles, ok, err := lfsFilesFromCache(context.Background(), cache, refs, logger)
-	if err != nil {
-		t.Fatalf("lfsFilesFromCache: %v", err)
-	}
-	if !ok {
-		t.Fatalf("expected cache to be usable")
-	}
-	info, exists := lfsFiles["data/file.bin"]
-	if !exists {
-		t.Fatalf("expected lfs info for data/file.bin")
-	}
-	if info.Oid != rawOID {
-		t.Fatalf("expected normalized oid %q, got %q", rawOID, info.Oid)
-	}
-}
-
-func TestBufferStdinCleansUpTempFileOnCopyError(t *testing.T) {
-	tmpDir := t.TempDir()
-	tmpPath := ""
-	_, err := bufferStdin(errReader{}, func(dir, pattern string) (*os.File, error) {
-		f, createErr := os.CreateTemp(tmpDir, pattern)
-		if createErr != nil {
-			return nil, createErr
-		}
-		tmpPath = f.Name()
-		return f, nil
-	})
-	if err == nil {
-		t.Fatalf("expected bufferStdin error")
-	}
-	if _, statErr := os.Stat(tmpPath); !os.IsNotExist(statErr) {
-		t.Fatalf("expected temp file to be removed, stat err=%v", statErr)
-	}
-}
-
-func TestSubmitPendingLFSMetaRequestWiring(t *testing.T) {
-	repo := setupGitRepo(t)
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-	gitCmd(t, repo, "config", "drs.remote.origin.token", "test-token")
-
-	oid := strings.Repeat("b", 64)
-	name := "obj-name"
-	if err := drsobject.WriteObject(".git/drs/lfs/objects", &drsapi.DrsObject{
-		Id:   "drs://local:obj-id",
-		Name: ptrString(name),
-		Size: 123,
-		Checksums: []drsapi.Checksum{
-			{Type: "sha256", Checksum: oid},
-		},
-	}, oid); err != nil {
-		t.Fatalf("write drs object: %v", err)
-	}
-
-	var gotPath, gotAuth, gotContentType, gotAccept string
-	var gotBody metadataSubmitRequest
-	restoreClient := stubPendingMetadataClient(t, func(req *http.Request) (*http.Response, error) {
-		gotPath = req.URL.Path
-		gotAuth = req.Header.Get("Authorization")
-		gotContentType = req.Header.Get("Content-Type")
-		gotAccept = req.Header.Get("Accept")
-		defer req.Body.Close()
-		if err := json.NewDecoder(req.Body).Decode(&gotBody); err != nil {
-			t.Fatalf("decode request body: %v", err)
-		}
-		return &http.Response{
-			StatusCode: http.StatusOK,
-			Header:     make(http.Header),
-			Body:       io.NopCloser(strings.NewReader("{}")),
-			Request:    req,
-		}, nil
-	})
-	t.Cleanup(restoreClient)
-
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	err := submitPendingLFSMeta(
-		context.Background(),
-		config.Remote("origin"),
-		"https://example.test/  ",
-		map[string]lfs.LfsFileInfo{"file.bin": {Oid: oid}},
-		logger,
-	)
-	if err != nil {
-		t.Fatalf("submitPendingLFSMeta: %v", err)
-	}
-	if gotPath != "/info/lfs/objects/metadata" {
-		t.Fatalf("expected metadata endpoint path, got %q", gotPath)
-	}
-	if gotAuth != "Bearer test-token" {
-		t.Fatalf("expected auth header, got %q", gotAuth)
-	}
-	if gotContentType != "application/json" {
-		t.Fatalf("expected content-type application/json, got %q", gotContentType)
-	}
-	if gotAccept != "application/vnd.git-lfs+json" {
-		t.Fatalf("expected accept header application/vnd.git-lfs+json, got %q", gotAccept)
-	}
-	if len(gotBody.Candidates) != 1 {
-		t.Fatalf("expected 1 candidate, got %d", len(gotBody.Candidates))
-	}
-	if len(gotBody.Candidates[0].Checksums) == 0 {
-		t.Fatalf("expected candidate checksums to be populated")
-	}
-}
-
-func TestSubmitPendingLFSMetaStatusHandling(t *testing.T) {
-	repo := setupGitRepo(t)
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-
-	oid := strings.Repeat("c", 64)
-	name := "obj-name"
-	if err := drsobject.WriteObject(".git/drs/lfs/objects", &drsapi.DrsObject{
-		Id:   "drs://local:obj-id",
-		Name: ptrString(name),
-		Size: 123,
-		Checksums: []drsapi.Checksum{
-			{Type: "sha256", Checksum: oid},
-		},
-	}, oid); err != nil {
-		t.Fatalf("write drs object: %v", err)
-	}
-
-	tests := []struct {
-		name        string
-		status      int
-		contentType string
-		body        string
-		wantErr     bool
-	}{
-		{name: "ok", status: http.StatusOK, contentType: "application/json", body: "{}", wantErr: false},
-		{name: "degrade 404", status: http.StatusNotFound, contentType: "application/json", body: "{}", wantErr: false},
-		{name: "degrade 405", status: http.StatusMethodNotAllowed, contentType: "application/json", body: "{}", wantErr: false},
-		{name: "degrade 501", status: http.StatusNotImplemented, contentType: "application/json", body: "{}", wantErr: false},
-		{name: "degrade html", status: http.StatusInternalServerError, contentType: "text/html; charset=utf-8", body: "<html>error</html>", wantErr: false},
-		{name: "hard fail 401", status: http.StatusUnauthorized, contentType: "application/json", body: "{\"error\":\"unauthorized\"}", wantErr: true},
-		{name: "hard fail 500", status: http.StatusInternalServerError, contentType: "application/json", body: "{\"error\":\"server\"}", wantErr: true},
-	}
-
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			restoreClient := stubPendingMetadataClient(t, func(req *http.Request) (*http.Response, error) {
-				return &http.Response{
-					StatusCode: tc.status,
-					Header:     http.Header{"Content-Type": []string{tc.contentType}},
-					Body:       io.NopCloser(strings.NewReader(tc.body)),
-					Request:    req,
-				}, nil
-			})
-			t.Cleanup(restoreClient)
-
-			err := submitPendingLFSMeta(
-				context.Background(),
-				config.Remote("origin"),
-				"https://example.test",
-				map[string]lfs.LfsFileInfo{"file.bin": {Oid: oid}},
-				logger,
-			)
-			if tc.wantErr && err == nil {
-				t.Fatalf("expected error, got nil")
-			}
-			if !tc.wantErr && err != nil {
-				t.Fatalf("expected nil error, got %v", err)
-			}
-		})
-	}
-}
-
-func TestResolveRemoteAuthHeaderBasicAuth(t *testing.T) {
-	repo := setupGitRepo(t)
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-	gitCmd(t, repo, "config", "drs.remote.origin.username", "alice")
-	gitCmd(t, repo, "config", "drs.remote.origin.password", "secret")
-
-	header, ok := resolveRemoteAuthHeader("origin")
-	if !ok {
-		t.Fatalf("expected auth header")
-	}
-	want := "Basic " + base64.StdEncoding.EncodeToString([]byte("alice:secret"))
-	if header != want {
-		t.Fatalf("expected %q, got %q", want, header)
-	}
-}
-
-func TestResolveRemoteAuthHeaderPrefersBearerTokenOverBasicAuth(t *testing.T) {
-	repo := setupGitRepo(t)
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-	gitCmd(t, repo, "config", "drs.remote.origin.token", "test-token")
-	gitCmd(t, repo, "config", "drs.remote.origin.username", "alice")
-	gitCmd(t, repo, "config", "drs.remote.origin.password", "secret")
-
-	header, ok := resolveRemoteAuthHeader("origin")
-	if !ok {
-		t.Fatalf("expected auth header")
-	}
-	if header != "Bearer test-token" {
-		t.Fatalf("expected bearer token to win, got %q", header)
-	}
-}
-
-func TestResolveRemoteAuthHeaderBasicAuthRequiresBothFields(t *testing.T) {
-	repo := setupGitRepo(t)
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-	gitCmd(t, repo, "config", "drs.remote.origin.username", "alice")
-
-	header, ok := resolveRemoteAuthHeader("origin")
-	if ok {
-		t.Fatalf("expected no auth header, got %q", header)
-	}
-	if header != "" {
-		t.Fatalf("expected empty header, got %q", header)
-	}
-}
-
-func TestSubmitPendingLFSMetaRequestWiringBasicAuth(t *testing.T) {
-	repo := setupGitRepo(t)
-	oldwd := mustChdir(t, repo)
-	t.Cleanup(func() { _ = os.Chdir(oldwd) })
-	gitCmd(t, repo, "config", "drs.remote.origin.username", "alice")
-	gitCmd(t, repo, "config", "drs.remote.origin.password", "secret")
-
-	oid := strings.Repeat("d", 64)
-	name := "obj-name"
-	if err := drsobject.WriteObject(".git/drs/lfs/objects", &drsapi.DrsObject{
-		Id:   "drs://local:obj-id",
-		Name: ptrString(name),
-		Size: 123,
-		Checksums: []drsapi.Checksum{
-			{Type: "sha256", Checksum: oid},
-		},
-	}, oid); err != nil {
-		t.Fatalf("write drs object: %v", err)
-	}
-
-	var gotAuth string
-	restoreClient := stubPendingMetadataClient(t, func(req *http.Request) (*http.Response, error) {
-		gotAuth = req.Header.Get("Authorization")
-		return &http.Response{
-			StatusCode: http.StatusOK,
-			Header:     make(http.Header),
-			Body:       io.NopCloser(strings.NewReader("{}")),
-			Request:    req,
-		}, nil
-	})
-	t.Cleanup(restoreClient)
-
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	err := submitPendingLFSMeta(
-		context.Background(),
-		config.Remote("origin"),
-		"https://example.test",
-		map[string]lfs.LfsFileInfo{"file.bin": {Oid: oid}},
-		logger,
-	)
-	if err != nil {
-		t.Fatalf("submitPendingLFSMeta: %v", err)
-	}
-
-	want := "Basic " + base64.StdEncoding.EncodeToString([]byte("alice:secret"))
-	if gotAuth != want {
-		t.Fatalf("expected basic auth header %q, got %q", want, gotAuth)
-	}
-}
-
-type errReader struct{}
-
-func (errReader) Read([]byte) (int, error) {
-	return 0, io.ErrUnexpectedEOF
-}
-
-func setupGitRepo(t *testing.T) string {
-	t.Helper()
-	dir := t.TempDir()
-	gitCmd(t, dir, "init")
-	gitCmd(t, dir, "config", "user.email", "test@example.com")
-	gitCmd(t, dir, "config", "user.name", "Test User")
-	return dir
-}
-
-func gitCmd(t *testing.T, dir string, args ...string) {
-	t.Helper()
-	cmd := exec.Command("git", args...)
-	cmd.Dir = dir
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		t.Fatalf("git %s failed: %v (%s)", strings.Join(args, " "), err, string(out))
-	}
-}
-
-func gitOutputString(t *testing.T, dir string, args ...string) string {
-	t.Helper()
-	cmd := exec.Command("git", args...)
-	cmd.Dir = dir
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		t.Fatalf("git %s failed: %v (%s)", strings.Join(args, " "), err, string(out))
-	}
-	return strings.TrimSpace(string(out))
-}
-
-func writeJSON(t *testing.T, path string, value any) {
-	t.Helper()
-	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
-		t.Fatalf("mkdir: %v", err)
-	}
-	data, err := json.Marshal(value)
-	if err != nil {
-		t.Fatalf("marshal: %v", err)
-	}
-	if err := os.WriteFile(path, data, 0o644); err != nil {
-		t.Fatalf("write: %v", err)
-	}
-}
-
-func mustChdir(t *testing.T, dir string) string {
-	t.Helper()
-	old, err := os.Getwd()
-	if err != nil {
-		t.Fatalf("Getwd: %v", err)
-	}
-	if err := os.Chdir(dir); err != nil {
-		t.Fatalf("Chdir(%s): %v", dir, err)
-	}
-	return old
-}
-
-func stubPendingMetadataClient(t *testing.T, respond func(*http.Request) (*http.Response, error)) func() {
-	t.Helper()
-	orig := pendingMetadataClientFactory
-	pendingMetadataClientFactory = func() *http.Client {
-		return &http.Client{Transport: roundTripperFunc(respond)}
-	}
-	return func() {
-		pendingMetadataClientFactory = orig
-	}
-}
-
-type roundTripperFunc func(*http.Request) (*http.Response, error)
-
-func (f roundTripperFunc) RoundTrip(req *http.Request) (*http.Response, error) {
-	return f(req)
-}
-
-func ptrString(s string) *string { return &s }
diff --git a/cmd/pull/main.go b/cmd/pull/main.go
index cf352d73..76553da1 100644
--- a/cmd/pull/main.go
+++ b/cmd/pull/main.go
@@ -2,31 +2,46 @@ package pull
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
+	"io"
+	"log/slog"
 	"net/url"
 	"os"
-	"os/exec"
+	"path/filepath"
+	"regexp"
+	"sort"
 	"strings"
 
-	"github.com/bytedance/sonic"
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	internaltransfer "github.com/calypr/git-drs/internal/transfer"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	sycommon "github.com/calypr/syfon/client/common"
 	"github.com/spf13/cobra"
 )
 
-var runCommand = func(name string, args ...string) ([]byte, error) {
-	cmd := exec.Command(name, args...)
-	return cmd.CombinedOutput()
-}
+var includePatterns []string
+var dryRun bool
+
+var (
+	loadCfg         = config.LoadConfig
+	resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) { return cfg.GetRemoteOrDefault(name) }
+	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*remoteruntime.GitContext, error) {
+		return remoteruntime.New(cfg, remote, logger)
+	}
+	loadWorktreeInventory = lfs.GetTrackedLfsFiles
+)
 
 var Cmd = &cobra.Command{
 	Use:   "pull [remote-name]",
-	Short: "Pull using the standard Git + Git LFS flow",
-	Long:  "Pull using the standard Git + Git LFS flow (git pull, git lfs pull, git lfs checkout).",
+	Short: "Download DRS pointer file content into the current checkout",
+	Long:  "Hydrate DRS/Git-LFS pointer files in the current checkout. By default this mirrors git lfs pull semantics for the worktree rather than running git pull.",
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) > 1 {
 			cmd.SilenceUsage = false
@@ -34,10 +49,10 @@ var Cmd = &cobra.Command{
 		}
 		return nil
 	},
-	RunE: func(cmd *cobra.Command, args []string) error {
+	RunE: func(cmd *cobra.Command, args []string) (retErr error) {
 		logg := drslog.GetLogger()
 
-		cfg, err := config.LoadConfig()
+		cfg, err := loadCfg()
 		if err != nil {
 			return fmt.Errorf("error loading config: %v", err)
 		}
@@ -46,55 +61,59 @@ var Cmd = &cobra.Command{
 		if len(args) > 0 {
 			remote = config.Remote(args[0])
 		} else {
-			remote, err = cfg.GetDefaultRemote()
+			remote, err = resolveRemote(cfg, "")
 			if err != nil {
 				logg.Error(fmt.Sprintf("Error getting remote: %v", err))
 				return err
 			}
 		}
 
-		drsCtx, err := cfg.GetRemoteClient(remote, logg)
+		drsCtx, err := newRemoteClient(cfg, remote, logg)
 		if err != nil {
 			logg.Error(fmt.Sprintf("error creating DRS client: %s", err))
 			return err
 		}
-		_ = drsCtx // Remote validation only.
 
-		if out, err := runCommand("git", "pull", string(remote)); err != nil {
-			msg := strings.TrimSpace(string(out))
-			if msg == "" {
-				msg = err.Error()
-			}
-			return fmt.Errorf("git pull failed for remote %q: %s", remote, msg)
+		inventory, err := loadWorktreeInventory(logg)
+		if err != nil {
+			return fmt.Errorf("failed to discover pointer files in worktree: %w", err)
 		}
-
-		var parsed struct {
-			Files []lfs.LfsFileInfo `json:"files"`
+		pointers := collectPointerFiles(inventory, includePatterns)
+		if len(pointers) == 0 {
+			logg.Debug("no matching pointer files to hydrate")
+			return nil
 		}
-		out, err := runCommand("git", "lfs", "ls-files", "--json")
-		if err != nil {
-			msg := commandMessage(out, err)
-			if !isMissingGitLFS(msg) {
-				return fmt.Errorf("git lfs ls-files failed: %s", msg)
-			}
-			lfsFiles, inventoryErr := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, logg)
-			if inventoryErr != nil {
-				return fmt.Errorf("git lfs ls-files failed: %s; fallback inventory failed: %w", msg, inventoryErr)
+
+		progress := internaltransfer.NewPullProgressRenderer(os.Stderr)
+		progress.OnPlan(toPullFiles(pointers))
+		defer func() {
+			if finishErr := progress.Finish(); retErr == nil && finishErr != nil {
+				retErr = fmt.Errorf("finalize pull progress: %w", finishErr)
 			}
-			parsed.Files = make([]lfs.LfsFileInfo, 0, len(lfsFiles))
-			for _, f := range lfsFiles {
-				parsed.Files = append(parsed.Files, f)
+		}()
+
+		if dryRun {
+			for _, f := range pointers {
+				if _, err := fmt.Fprintln(cmd.OutOrStdout(), f.Name); err != nil {
+					return err
+				}
 			}
-		} else if err := lfsjsonUnmarshal(out, &parsed); err != nil {
-			return fmt.Errorf("failed to parse git lfs ls-files output: %w", err)
+			return nil
 		}
 
 		ctx := context.Background()
-		missingOIDs := make([]string, 0, len(parsed.Files))
-		seenMissing := make(map[string]struct{}, len(parsed.Files))
-		for _, f := range parsed.Files {
-			if f.Downloaded {
+		missingOIDs := make([]string, 0, len(pointers))
+		seenMissing := make(map[string]struct{}, len(pointers))
+		for _, f := range pointers {
+			cachePath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, f.Oid)
+			if err != nil {
+				return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
+			}
+			state, err := inspectCachedObject(cachePath, f.Oid, f.Size)
+			if err == nil && state.complete {
 				continue
+			} else if err != nil {
+				return fmt.Errorf("failed to stat cached object for %s: %w", f.Oid, err)
 			}
 			if _, seen := seenMissing[f.Oid]; seen {
 				continue
@@ -106,7 +125,7 @@ var Cmd = &cobra.Command{
 		if len(missingOIDs) > 0 {
 			prefetched := make(map[string]drsapi.DrsObject, len(missingOIDs))
 			for _, oid := range missingOIDs {
-				recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+				recs, err := lookup.ObjectsByHashForScope(ctx, drsCtx, oid)
 				if err != nil || len(recs) == 0 {
 					continue
 				}
@@ -124,47 +143,51 @@ var Cmd = &cobra.Command{
 				for _, obj := range prefetched {
 					objects = append(objects, obj)
 				}
-				if resolved, err := drsremote.BulkAccessURLsForObjects(ctx, drsCtx, objects); err == nil {
+				if resolved, err := internaltransfer.BulkAccessURLsForObjects(ctx, drsCtx, objects); err == nil {
 					prefetchedAccess = resolved
 					logg.Debug(fmt.Sprintf("bulk access resolved %d URLs for pull", len(prefetchedAccess)))
 				} else {
 					logg.Debug(fmt.Sprintf("bulk access prefetch failed; continuing per-object: %v", err))
 				}
 			}
-			for _, f := range parsed.Files {
-				if f.Downloaded {
-					continue
-				}
-				dstPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+			for _, f := range pointers {
+				dstPath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, f.Oid)
 				if err != nil {
 					return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
 				}
+				state, err := inspectCachedObject(dstPath, f.Oid, f.Size)
+				if err == nil && state.complete {
+					continue
+				} else if err != nil {
+					return fmt.Errorf("failed to stat cache path %s: %w", dstPath, err)
+				}
+				if state.exists {
+					if err := os.Remove(dstPath); err != nil && !os.IsNotExist(err) {
+						return fmt.Errorf("failed to remove incomplete cached object %s: %w", dstPath, err)
+					}
+				}
+				progress.OnDownloadStart(toPullFile(f))
+				downloadCtx := progressContextForPointer(ctx, progress, f)
 				if obj, ok := prefetched[f.Oid]; ok {
 					if accessURL, ok := prefetchedAccess[obj.Id]; ok {
 						objCopy := obj
-						if err := drsremote.DownloadResolvedToCachePath(ctx, drsCtx, f.Oid, dstPath, &objCopy, &accessURL); err != nil {
+						if err := internaltransfer.DownloadResolvedToCachePath(downloadCtx, drsCtx, f.Oid, dstPath, &objCopy, &accessURL); err != nil {
 							debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
 							return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
 						}
 						continue
 					}
 				}
-				if err := drsremote.DownloadToCachePath(ctx, drsCtx, logg, f.Oid, dstPath); err != nil {
+				if err := internaltransfer.DownloadToCachePath(downloadCtx, drsCtx, f.Oid, dstPath); err != nil {
 					debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
 					return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
 				}
 			}
 		} else {
-			logg.Debug("no missing LFS objects to download")
+			logg.Debug("no missing pointer objects to download")
 		}
 
-		if out, err := runCommand("git", "lfs", "checkout"); err != nil {
-			msg := commandMessage(out, err)
-			if !isMissingGitLFS(msg) {
-				return fmt.Errorf("git lfs checkout failed: %s", msg)
-			}
-		}
-		if err := checkoutDownloadedFiles(parsed.Files); err != nil {
+		if err := checkoutDownloadedFiles(pointers, progress); err != nil {
 			return err
 		}
 
@@ -172,44 +195,203 @@ var Cmd = &cobra.Command{
 	},
 }
 
-func commandMessage(out []byte, err error) string {
-	msg := strings.TrimSpace(string(out))
-	if msg == "" && err != nil {
-		msg = err.Error()
+type pointerFile struct {
+	Name string
+	Oid  string
+	Size int64
+}
+
+func collectPointerFiles(inventory map[string]lfs.LfsFileInfo, patterns []string) []pointerFile {
+	keys := make([]string, 0, len(inventory))
+	for path := range inventory {
+		if !matchesAnyPattern(path, patterns) {
+			continue
+		}
+		keys = append(keys, path)
+	}
+	sort.Strings(keys)
+
+	files := make([]pointerFile, 0, len(keys))
+	for _, path := range keys {
+		info := inventory[path]
+		files = append(files, pointerFile{Name: path, Oid: info.Oid, Size: info.Size})
+	}
+	return files
+}
+
+func progressContextForPointer(ctx context.Context, progress *internaltransfer.PullProgressRenderer, file pointerFile) context.Context {
+	ctx = sycommon.WithOid(ctx, file.Name)
+	return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error {
+		if ev.Event != "progress" {
+			return nil
+		}
+		progress.OnDownloadProgress(file.Name, ev.BytesSoFar, file.Size)
+		return nil
+	})
+}
+
+func toPullFiles(files []pointerFile) []internaltransfer.PullFile {
+	out := make([]internaltransfer.PullFile, 0, len(files))
+	for _, file := range files {
+		out = append(out, toPullFile(file))
+	}
+	return out
+}
+
+func toPullFile(file pointerFile) internaltransfer.PullFile {
+	return internaltransfer.PullFile{Name: file.Name, Oid: file.Oid, Size: file.Size}
+}
+
+func matchesAnyPattern(path string, patterns []string) bool {
+	if len(patterns) == 0 {
+		return true
+	}
+	normalized := filepath.ToSlash(filepath.Clean(path))
+	for _, pattern := range patterns {
+		pattern = strings.TrimSpace(pattern)
+		if pattern == "" {
+			continue
+		}
+		if matchesPattern(normalized, pattern) {
+			return true
+		}
+	}
+	return false
+}
+
+type cachedObjectState struct {
+	exists   bool
+	complete bool
+}
+
+func inspectCachedObject(path, expectedOID string, expectedSize int64) (cachedObjectState, error) {
+	var state cachedObjectState
+	info, err := os.Stat(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return state, nil
+		}
+		return state, err
+	}
+	state.exists = true
+	if info.IsDir() {
+		return state, fmt.Errorf("cached object path is a directory: %s", path)
+	}
+	if expectedSize > 0 && info.Size() != expectedSize {
+		return state, nil
+	}
+	if expectedSize <= 0 && info.Size() <= 0 {
+		return state, nil
+	}
+	if strings.TrimSpace(expectedOID) == "" {
+		state.complete = true
+		return state, nil
+	}
+
+	actualOID, err := calculateFileSHA256(path)
+	if err != nil {
+		return state, err
+	}
+	state.complete = strings.EqualFold(strings.TrimPrefix(expectedOID, "sha256:"), actualOID)
+	return state, nil
+}
+
+func calculateFileSHA256(path string) (string, error) {
+	file, err := os.Open(path)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	hasher := sha256.New()
+	if _, err := io.Copy(hasher, file); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(hasher.Sum(nil)), nil
+}
+
+func matchesPattern(path, pattern string) bool {
+	pattern = filepath.ToSlash(filepath.Clean(pattern))
+	if !strings.ContainsAny(pattern, "*?[") {
+		return path == pattern
+	}
+	re, err := regexp.Compile(globToRegexp(pattern))
+	if err != nil {
+		return false
 	}
-	return msg
+	return re.MatchString(path)
 }
 
-func isMissingGitLFS(msg string) bool {
-	return strings.Contains(msg, "git: 'lfs' is not a git command")
+func globToRegexp(pattern string) string {
+	var b strings.Builder
+	b.WriteString("^")
+	for i := 0; i < len(pattern); i++ {
+		ch := pattern[i]
+		switch ch {
+		case '*':
+			if i+1 < len(pattern) && pattern[i+1] == '*' {
+				b.WriteString(".*")
+				i++
+				continue
+			}
+			b.WriteString(`[^/]*`)
+		case '?':
+			b.WriteString(`[^/]`)
+		case '.', '+', '(', ')', '|', '^', '$', '{', '}', '[', ']', '\\':
+			b.WriteByte('\\')
+			b.WriteByte(ch)
+		default:
+			b.WriteByte(ch)
+		}
+	}
+	b.WriteString("$")
+	return b.String()
 }
 
-func checkoutDownloadedFiles(files []lfs.LfsFileInfo) error {
+func checkoutDownloadedFiles(files []pointerFile, progress *internaltransfer.PullProgressRenderer) error {
 	for _, f := range files {
 		if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" {
 			continue
 		}
-		srcPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+		srcPath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, f.Oid)
 		if err != nil {
 			return fmt.Errorf("failed to resolve cached object for %s: %w", f.Oid, err)
 		}
-		payload, err := os.ReadFile(srcPath)
+		src, err := os.Open(srcPath)
 		if err != nil {
 			return fmt.Errorf("failed to read cached object %s: %w", srcPath, err)
 		}
-		if err := os.WriteFile(f.Name, payload, 0o644); err != nil {
+		progress.OnCheckoutStart(toPullFile(f))
+		if dir := filepath.Dir(f.Name); dir != "." {
+			if err := os.MkdirAll(dir, 0o755); err != nil {
+				src.Close()
+				return fmt.Errorf("failed to create directory for %s: %w", f.Name, err)
+			}
+		}
+		dst, err := os.OpenFile(f.Name, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
+		if err != nil {
+			src.Close()
 			return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
 		}
+		if _, err := io.Copy(dst, src); err != nil {
+			dst.Close()
+			src.Close()
+			return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
+		}
+		if err := dst.Close(); err != nil {
+			src.Close()
+			return fmt.Errorf("failed to finalize checkout for %s: %w", f.Name, err)
+		}
+		if err := src.Close(); err != nil {
+			return fmt.Errorf("failed to close cached object %s: %w", srcPath, err)
+		}
+		progress.OnCompleted(toPullFile(f))
 	}
 	return nil
 }
 
-var lfsjsonUnmarshal = func(data []byte, v any) error {
-	return sonic.ConfigFastest.Unmarshal(data, v)
-}
-
-func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContext, oid string) string {
-	recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+func buildPullDownloadDebugContext(ctx context.Context, drsCtx *remoteruntime.GitContext, oid string) string {
+	recs, err := lookup.ObjectsByHashForScope(ctx, drsCtx, oid)
 	if err != nil {
 		return fmt.Sprintf("oid=%s query_error=%v", oid, err)
 	}
@@ -242,3 +424,8 @@ func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContex
 	}
 	return fmt.Sprintf("oid=%s did=%s size=%d access_methods=%s", oid, strings.TrimSpace(match.Id), match.Size, strings.Join(methods, ", "))
 }
+
+func init() {
+	Cmd.Flags().StringArrayVarP(&includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+	Cmd.Flags().BoolVar(&dryRun, "dry-run", false, "list matching pointer files without downloading them")
+}
diff --git a/cmd/pull/pull_test.go b/cmd/pull/pull_test.go
index 41c999ac..b44f2298 100644
--- a/cmd/pull/pull_test.go
+++ b/cmd/pull/pull_test.go
@@ -1,34 +1,213 @@
 package pull
 
 import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"log/slog"
+	"os"
+	"os/exec"
+	"path/filepath"
 	"testing"
 
 	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/testutils"
-	"github.com/stretchr/testify/assert"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 )
 
-func TestPullCmdArgs(t *testing.T) {
-	err := Cmd.Args(Cmd, []string{})
-	assert.NoError(t, err)
+func resetPullFlagsForTest() {
+	includePatterns = nil
+	dryRun = false
+}
+
+func TestCollectPointerFilesFiltersAndSorts(t *testing.T) {
+	resetPullFlagsForTest()
 
-	err = Cmd.Args(Cmd, []string{"origin"})
-	assert.NoError(t, err)
+	inventory := map[string]lfs.LfsFileInfo{
+		"data/b.bin": {Name: "data/b.bin", Oid: "bbbb", Size: 2},
+		"data/a.bin": {Name: "data/a.bin", Oid: "aaaa", Size: 1},
+		"misc/c.bin": {Name: "misc/c.bin", Oid: "cccc", Size: 3},
+	}
 
-	err = Cmd.Args(Cmd, []string{"origin", "extra"})
-	assert.Error(t, err)
+	files := collectPointerFiles(inventory, []string{"data/**"})
+	if len(files) != 2 {
+		t.Fatalf("expected 2 files, got %d", len(files))
+	}
+	if files[0].Name != "data/a.bin" || files[1].Name != "data/b.bin" {
+		t.Fatalf("unexpected file order: %+v", files)
+	}
 }
 
-func TestPullRun_LoadConfigError(t *testing.T) {
-	_ = testutils.SetupTestGitRepo(t)
-	err := Cmd.RunE(Cmd, []string{})
-	assert.Error(t, err)
+func TestPullDryRunListsMatchingPaths(t *testing.T) {
+	resetPullFlagsForTest()
+
+	oldLoadCfg := loadCfg
+	oldResolveRemote := resolveRemote
+	oldNewRemoteClient := newRemoteClient
+	oldInventory := loadWorktreeInventory
+	t.Cleanup(func() {
+		loadCfg = oldLoadCfg
+		resolveRemote = oldResolveRemote
+		newRemoteClient = oldNewRemoteClient
+		loadWorktreeInventory = oldInventory
+	})
+
+	loadCfg = func() (*config.Config, error) { return &config.Config{}, nil }
+	resolveRemote = func(cfg *config.Config, name string) (config.Remote, error) { return config.Remote("origin"), nil }
+	newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*remoteruntime.GitContext, error) {
+		return &remoteruntime.GitContext{}, nil
+	}
+	loadWorktreeInventory = func(_ *slog.Logger) (map[string]lfs.LfsFileInfo, error) {
+		return map[string]lfs.LfsFileInfo{
+			"data/a.bin": {Name: "data/a.bin", Oid: "aaaa", Size: 1},
+			"misc/b.bin": {Name: "misc/b.bin", Oid: "bbbb", Size: 2},
+		}, nil
+	}
+
+	includePatterns = []string{"data/**"}
+	dryRun = true
+
+	var out bytes.Buffer
+	Cmd.SetOut(&out)
+	Cmd.SetErr(&out)
+	Cmd.SetArgs([]string{"--dry-run"})
+	t.Cleanup(func() {
+		Cmd.SetOut(nil)
+		Cmd.SetErr(nil)
+		Cmd.SetArgs(nil)
+		resetPullFlagsForTest()
+	})
+
+	if err := Cmd.RunE(Cmd, []string{}); err != nil {
+		t.Fatalf("RunE returned error: %v", err)
+	}
+	if got := out.String(); got != "data/a.bin\n" {
+		t.Fatalf("unexpected dry-run output: %q", got)
+	}
 }
 
-func TestPullRun_DefaultRemoteError(t *testing.T) {
-	tmpDir := testutils.SetupTestGitRepo(t)
-	testutils.CreateTestConfig(t, tmpDir, &config.Config{})
+func TestPullUsesTrackedInventoryForHydratedFiles(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmdTest(t, repo, "init")
+	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
+	runGitCmdTest(t, repo, "config", "user.name", "Test User")
+	runGitCmdTest(t, repo, "config", "filter.drs.clean", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.smudge", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.process", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.required", "false")
+
+	attrPath := filepath.Join(repo, ".gitattributes")
+	if err := os.WriteFile(attrPath, []byte("*.dat filter=drs diff=drs merge=drs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+
+	oid := "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
+	pointerPath := filepath.Join(repo, "data", "hydrated.dat")
+	writePointerFile(t, pointerPath, oid, "321")
+
+	runGitCmdTest(t, repo, "add", ".")
+	runGitCmdTest(t, repo, "commit", "-m", "commit tracked pointer")
+
+	if err := os.WriteFile(pointerPath, []byte("localized payload"), 0o644); err != nil {
+		t.Fatalf("hydrate tracked file: %v", err)
+	}
+
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() {
+		_ = os.Chdir(oldWD)
+	})
+
+	files, err := loadWorktreeInventory(drslog.NewNoOpLogger())
+	if err != nil {
+		t.Fatalf("loadWorktreeInventory error: %v", err)
+	}
+
+	info, ok := files["data/hydrated.dat"]
+	if !ok {
+		t.Fatal("expected hydrated tracked file in pull inventory")
+	}
+	if info.Oid != oid || info.Size != 321 {
+		t.Fatalf("unexpected hydrated tracked info: %+v", info)
+	}
+}
+
+func TestInspectCachedObject(t *testing.T) {
+	tmpDir := t.TempDir()
+	objectPath := filepath.Join(tmpDir, "obj")
+
+	state, err := inspectCachedObject(objectPath, "abc", 10)
+	if err != nil {
+		t.Fatalf("missing file returned error: %v", err)
+	}
+	if state.exists || state.complete {
+		t.Fatal("missing file should not be complete")
+	}
+
+	if err := os.WriteFile(objectPath, []byte("12345"), 0o644); err != nil {
+		t.Fatalf("write partial object: %v", err)
+	}
+	state, err = inspectCachedObject(objectPath, "abc", 10)
+	if err != nil {
+		t.Fatalf("partial file returned error: %v", err)
+	}
+	if !state.exists {
+		t.Fatal("partial file should exist")
+	}
+	if state.complete {
+		t.Fatal("partial file should not be complete")
+	}
+
+	fullContent := []byte("1234567890")
+	sum := sha256.Sum256(fullContent)
+	oid := hex.EncodeToString(sum[:])
+	if err := os.WriteFile(objectPath, fullContent, 0o644); err != nil {
+		t.Fatalf("write full object: %v", err)
+	}
+	state, err = inspectCachedObject(objectPath, oid, 10)
+	if err != nil {
+		t.Fatalf("complete file returned error: %v", err)
+	}
+	if !state.complete {
+		t.Fatal("full file should be complete")
+	}
+
+	if err := os.WriteFile(objectPath, []byte("abcdefghij"), 0o644); err != nil {
+		t.Fatalf("write same-size corrupt object: %v", err)
+	}
+	state, err = inspectCachedObject(objectPath, oid, 10)
+	if err != nil {
+		t.Fatalf("same-size corrupt file returned error: %v", err)
+	}
+	if state.complete {
+		t.Fatal("same-size corrupt file should not be complete")
+	}
+}
+
+func writePointerFile(t *testing.T, path, oid, size string) {
+	t.Helper()
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		t.Fatalf("mkdir pointer dir: %v", err)
+	}
+	content := "version https://git-lfs.github.com/spec/v1\n" +
+		"oid sha256:" + oid + "\n" +
+		"size " + size + "\n"
+	if err := os.WriteFile(path, []byte(content), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+}
 
-	err := Cmd.RunE(Cmd, []string{})
-	assert.Error(t, err)
+func runGitCmdTest(t *testing.T, dir string, args ...string) {
+	t.Helper()
+	cmd := exec.Command("git", args...)
+	cmd.Dir = dir
+	if out, err := cmd.CombinedOutput(); err != nil {
+		t.Fatalf("git %v failed: %v\n%s", args, err, string(out))
+	}
 }
diff --git a/cmd/push/main.go b/cmd/push/main.go
index 4d0445ca..05654c25 100644
--- a/cmd/push/main.go
+++ b/cmd/push/main.go
@@ -3,27 +3,34 @@ package push
 import (
 	"context"
 	"fmt"
+	"os"
 	"os/exec"
+	"sort"
 	"strings"
 
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/lfs"
-	"github.com/calypr/git-drs/internal/pushsync"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	internaltransfer "github.com/calypr/git-drs/internal/transfer"
 	"github.com/spf13/cobra"
 )
 
 var pushWithHooks bool
+var pushForceUpload bool
 
 var runCommand = func(name string, args ...string) ([]byte, error) {
 	cmd := exec.Command(name, args...)
 	return cmd.CombinedOutput()
 }
 
+var gitOutputFn = gitOutput
+var getRemoteMergeBaseFn = getRemoteMergeBase
+
 var Cmd = &cobra.Command{
 	Use:   "push [remote-name]",
 	Short: "Upload/register DRS objects and push Git refs",
-	Long:  "Performs git-drs managed upload/register flow (multipart for large files) and then runs git push (without pre-push hooks by default).",
+	Long:  "Performs git-drs managed upload/register flow (multipart for large files) and then runs git push.",
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) > 1 {
 			cmd.SilenceUsage = false
@@ -31,13 +38,18 @@ var Cmd = &cobra.Command{
 		}
 		return nil
 	},
-	RunE: func(cmd *cobra.Command, args []string) error {
+	RunE: func(cmd *cobra.Command, args []string) (retErr error) {
+		fmt.Fprintln(os.Stderr, "DEBUG: ENTERING RunE for push")
 		myLogger := drslog.GetLogger()
+		ctx := context.Background()
+		fmt.Fprintln(os.Stderr, "DEBUG: Loading config...")
 		cfg, err := config.LoadConfig()
 		if err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Failed to load config:", err)
 			myLogger.Debug(fmt.Sprintf("Error loading config: %v", err))
 			return err
 		}
+		fmt.Fprintln(os.Stderr, "DEBUG: Config loaded successfully")
 
 		var remote config.Remote
 		if len(args) > 0 {
@@ -50,38 +62,174 @@ var Cmd = &cobra.Command{
 			}
 		}
 
-		drsClient, err := cfg.GetRemoteClient(remote, myLogger)
+		fmt.Fprintln(os.Stderr, "DEBUG: Getting remote client for remote:", remote)
+		drsClient, err := remoteruntime.New(cfg, remote, myLogger)
 		if err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Failed to get remote client:", err)
 			myLogger.Debug(fmt.Sprintf("Error creating DRS client: %s", err))
 			return err
 		}
-		lfsFiles, err := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, myLogger)
+		fmt.Fprintln(os.Stderr, "DEBUG: Remote client retrieved. Resolving push refs...")
+		drsClient.ForceUpload = pushForceUpload
+		pushRefs, err := currentPushRefUpdates(ctx, string(remote))
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Failed to resolve push refs:", err)
+			return fmt.Errorf("failed to resolve pushed refs: %w", err)
+		}
+		fmt.Fprintln(os.Stderr, "DEBUG: Push refs resolved. Resolving pushed paths...")
+		pushedPaths, err := listRefUpdatePaths(ctx, pushRefs)
 		if err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Failed to resolve pushed paths:", err)
+			return fmt.Errorf("failed to resolve pushed paths: %w", err)
+		}
+		fmt.Fprintln(os.Stderr, "DEBUG: Pushed paths resolved. Discovering LFS files...")
+		lfsFiles, err := lfs.GetLfsFilesForRefPaths("HEAD", pushedPaths, myLogger)
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Failed to discover LFS files:", err)
 			return fmt.Errorf("failed to discover LFS files to push: %w", err)
 		}
+		fmt.Fprintln(os.Stderr, "DEBUG: LFS files to push resolved. Total files:", len(lfsFiles))
 
-		ctx := context.Background()
-		if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles); err != nil {
+		fmt.Fprintln(os.Stderr, "DEBUG: Reconciling committed deletes...")
+		if _, err := internaltransfer.ReconcileCommittedDeletes(ctx, drsClient, pushRefs, myLogger); err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Failed to reconcile deletes:", err)
+			return fmt.Errorf("failed to reconcile deletes: %w", err)
+		}
+		fmt.Fprintln(os.Stderr, "DEBUG: Deletes reconciled. Starting BatchSyncForPush...")
+		progress := internaltransfer.NewUploadProgressRenderer(os.Stderr)
+		if err := internaltransfer.BatchSyncForPush(drsClient, ctx, lfsFiles, progress); err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: BatchSyncForPush failed:", err)
+			if finishErr := progress.Finish(); finishErr != nil {
+				return fmt.Errorf("failed batch register/upload workflow: %w (progress finalize error: %v)", err, finishErr)
+			}
 			return fmt.Errorf("failed batch register/upload workflow: %w", err)
 		}
+		if err := progress.Finish(); err != nil {
+			return fmt.Errorf("finalize upload progress: %w", err)
+		}
+		fmt.Fprintln(os.Stderr, "DEBUG: BatchSyncForPush completed successfully")
+		switch {
+		case len(lfsFiles) == 0:
+			fmt.Fprintln(os.Stdout, "No git-drs tracked files found; pushing Git refs only.")
+		case !progress.HadUploads():
+			fmt.Fprintln(os.Stdout, "No DRS payload uploads needed; all tracked objects are already available remotely.")
+		}
 
 		pushArgs := []string{"push"}
 		if !pushWithHooks {
 			pushArgs = append(pushArgs, "--no-verify")
 		}
 		pushArgs = append(pushArgs, string(remote))
+		fmt.Fprintln(os.Stderr, "DEBUG: Invoking git push with args:", pushArgs)
 		out, err := runCommand("git", pushArgs...)
 		if err != nil {
+			fmt.Fprintln(os.Stderr, "DEBUG: Git push failed:", err)
 			msg := strings.TrimSpace(string(out))
 			if msg == "" {
 				msg = err.Error()
 			}
 			return fmt.Errorf("git push failed for remote %q: %s", remote, msg)
 		}
+		fmt.Fprintln(os.Stderr, "DEBUG: Git push completed successfully")
 		return nil
 	},
 }
 
 func init() {
-	Cmd.Flags().BoolVar(&pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
+	Cmd.Flags().BoolVar(&pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled")
+	Cmd.Flags().BoolVar(&pushForceUpload, "force-upload", false, "Upload payload bytes even when a matching downloadable object already exists remotely")
+}
+
+func currentPushRefUpdates(ctx context.Context, remote string) ([]internaltransfer.RefUpdate, error) {
+	const zeroSHA = "0000000000000000000000000000000000000000"
+	head, err := gitOutputFn(ctx, "rev-parse", "HEAD")
+	if err != nil {
+		return nil, err
+	}
+	var oldSHA string
+	upstream, err := gitOutputFn(ctx, "rev-parse", "--verify", "@{upstream}")
+	if err == nil {
+		oldSHA = upstream
+	} else {
+		mb, err := getRemoteMergeBaseFn(ctx, remote, head)
+		if err == nil && mb != "" {
+			oldSHA = mb
+		} else {
+			oldSHA = zeroSHA
+		}
+	}
+	return []internaltransfer.RefUpdate{{
+		OldSHA: oldSHA,
+		NewSHA: head,
+	}}, nil
+}
+
+func getRemoteMergeBase(ctx context.Context, remote string, head string) (string, error) {
+	cmd := exec.CommandContext(ctx, "git", "for-each-ref", "--format=%(refname)", "refs/remotes/"+remote+"/")
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", err
+	}
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	var refs []string
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line != "" && !strings.HasSuffix(line, "/HEAD") {
+			refs = append(refs, line)
+		}
+	}
+	if len(refs) == 0 {
+		return "", nil
+	}
+	args := append([]string{"merge-base", head}, refs...)
+	cmdMerge := exec.CommandContext(ctx, "git", args...)
+	outMerge, err := cmdMerge.CombinedOutput()
+	if err != nil {
+		return "", nil
+	}
+	return strings.TrimSpace(string(outMerge)), nil
+}
+
+func listRefUpdatePaths(ctx context.Context, refs []internaltransfer.RefUpdate) ([]string, error) {
+	const zeroSHA = "0000000000000000000000000000000000000000"
+	set := make(map[string]struct{})
+	for _, ref := range refs {
+		newSHA := strings.TrimSpace(ref.NewSHA)
+		oldSHA := strings.TrimSpace(ref.OldSHA)
+		if newSHA == "" || newSHA == zeroSHA {
+			continue
+		}
+		var args []string
+		if oldSHA == "" || oldSHA == zeroSHA {
+			args = []string{"ls-tree", "-r", "--name-only", newSHA}
+		} else {
+			args = []string{"diff", "--name-only", oldSHA, newSHA}
+		}
+		out, err := gitOutputFn(ctx, args...)
+		if err != nil {
+			return nil, err
+		}
+		for _, line := range strings.Split(strings.TrimSpace(out), "\n") {
+			line = strings.TrimSpace(line)
+			if line == "" {
+				continue
+			}
+			set[line] = struct{}{}
+		}
+	}
+	paths := make([]string, 0, len(set))
+	for path := range set {
+		paths = append(paths, path)
+	}
+	sort.Strings(paths)
+	return paths, nil
+}
+
+func gitOutput(ctx context.Context, args ...string) (string, error) {
+	cmd := exec.CommandContext(ctx, "git", args...)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
+	}
+	return strings.TrimSpace(string(out)), nil
 }
diff --git a/cmd/push/main_test.go b/cmd/push/main_test.go
new file mode 100644
index 00000000..9504d83b
--- /dev/null
+++ b/cmd/push/main_test.go
@@ -0,0 +1,110 @@
+package push
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	internaltransfer "github.com/calypr/git-drs/internal/transfer"
+)
+
+func TestCurrentPushRefUpdatesUsesZeroBaseWhenUpstreamMissing(t *testing.T) {
+	oldFn := gitOutputFn
+	gitOutputFn = func(ctx context.Context, args ...string) (string, error) {
+		switch fmt.Sprint(args) {
+		case "[rev-parse HEAD]":
+			return "head-sha", nil
+		case "[rev-parse --verify @{upstream}]":
+			return "", fmt.Errorf("git rev-parse --verify @{upstream}: fatal: no upstream configured")
+		default:
+			t.Fatalf("unexpected git args: %v", args)
+			return "", nil
+		}
+	}
+	t.Cleanup(func() { gitOutputFn = oldFn })
+
+	oldMbFn := getRemoteMergeBaseFn
+	getRemoteMergeBaseFn = func(ctx context.Context, remote string, head string) (string, error) {
+		return "", nil
+	}
+	t.Cleanup(func() { getRemoteMergeBaseFn = oldMbFn })
+
+	got, err := currentPushRefUpdates(context.Background(), "origin")
+	if err != nil {
+		t.Fatalf("currentPushRefUpdates returned error: %v", err)
+	}
+	if len(got) != 1 || got[0].OldSHA != "0000000000000000000000000000000000000000" || got[0].NewSHA != "head-sha" {
+		t.Fatalf("unexpected push refs: %+v", got)
+	}
+}
+
+func TestCurrentPushRefUpdatesUsesRemoteMergeBaseWhenUpstreamMissing(t *testing.T) {
+	oldFn := gitOutputFn
+	gitOutputFn = func(ctx context.Context, args ...string) (string, error) {
+		switch fmt.Sprint(args) {
+		case "[rev-parse HEAD]":
+			return "head-sha", nil
+		case "[rev-parse --verify @{upstream}]":
+			return "", fmt.Errorf("git rev-parse --verify @{upstream}: fatal: no upstream configured")
+		default:
+			t.Fatalf("unexpected git args: %v", args)
+			return "", nil
+		}
+	}
+	t.Cleanup(func() { gitOutputFn = oldFn })
+
+	oldMbFn := getRemoteMergeBaseFn
+	getRemoteMergeBaseFn = func(ctx context.Context, remote string, head string) (string, error) {
+		if remote != "origin" || head != "head-sha" {
+			t.Fatalf("unexpected getRemoteMergeBase args: remote=%s, head=%s", remote, head)
+		}
+		return "merge-base-sha", nil
+	}
+	t.Cleanup(func() { getRemoteMergeBaseFn = oldMbFn })
+
+	got, err := currentPushRefUpdates(context.Background(), "origin")
+	if err != nil {
+		t.Fatalf("currentPushRefUpdates returned error: %v", err)
+	}
+	if len(got) != 1 || got[0].OldSHA != "merge-base-sha" || got[0].NewSHA != "head-sha" {
+		t.Fatalf("unexpected push refs: %+v", got)
+	}
+}
+
+func TestListRefUpdatePathsUsesDiffForExistingBranch(t *testing.T) {
+	oldFn := gitOutputFn
+	gitOutputFn = func(ctx context.Context, args ...string) (string, error) {
+		if fmt.Sprint(args) != "[diff --name-only old-sha new-sha]" {
+			t.Fatalf("unexpected git args: %v", args)
+		}
+		return "a.dat\nb.txt\n", nil
+	}
+	t.Cleanup(func() { gitOutputFn = oldFn })
+
+	got, err := listRefUpdatePaths(context.Background(), []internaltransfer.RefUpdate{{OldSHA: "old-sha", NewSHA: "new-sha"}})
+	if err != nil {
+		t.Fatalf("listRefUpdatePaths returned error: %v", err)
+	}
+	if len(got) != 2 || got[0] != "a.dat" || got[1] != "b.txt" {
+		t.Fatalf("unexpected paths: %+v", got)
+	}
+}
+
+func TestListRefUpdatePathsUsesLsTreeForFirstPush(t *testing.T) {
+	oldFn := gitOutputFn
+	gitOutputFn = func(ctx context.Context, args ...string) (string, error) {
+		if fmt.Sprint(args) != "[ls-tree -r --name-only new-sha]" {
+			t.Fatalf("unexpected git args: %v", args)
+		}
+		return "a.dat\nb.txt\n", nil
+	}
+	t.Cleanup(func() { gitOutputFn = oldFn })
+
+	got, err := listRefUpdatePaths(context.Background(), []internaltransfer.RefUpdate{{OldSHA: "0000000000000000000000000000000000000000", NewSHA: "new-sha"}})
+	if err != nil {
+		t.Fatalf("listRefUpdatePaths returned error: %v", err)
+	}
+	if len(got) != 2 || got[0] != "a.dat" || got[1] != "b.txt" {
+		t.Fatalf("unexpected paths: %+v", got)
+	}
+}
diff --git a/cmd/query/main.go b/cmd/query/main.go
index dbda1a26..79028979 100644
--- a/cmd/query/main.go
+++ b/cmd/query/main.go
@@ -5,10 +5,11 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/calypr/git-drs/internal/common"
+	"github.com/bytedance/sonic"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 	"github.com/calypr/syfon/client/hash"
 	"github.com/spf13/cobra"
@@ -18,12 +19,12 @@ var remote string
 var checksum = false
 var pretty = false
 
-func queryByChecksum(ctx context.Context, gc *config.GitContext, checksum string) ([]drsapi.DrsObject, error) {
+func queryByChecksum(ctx context.Context, gc *remoteruntime.GitContext, checksum string) ([]drsapi.DrsObject, error) {
 	hashType := checksumTypeForString(checksum)
 	if hashType != hash.ChecksumTypeSHA256.String() {
 		return nil, fmt.Errorf("checksum lookup currently only supports sha256 (got %q); non-sha256 support is tracked in syfon DRSService.GetObjectsByChecksum", hashType)
 	}
-	return drsremote.ObjectsByHashForScope(ctx, gc, checksum)
+	return lookup.ObjectsByHashForScope(ctx, gc, checksum)
 }
 
 func checksumTypeForString(sum string) string {
@@ -41,6 +42,23 @@ func checksumTypeForString(sum string) string {
 	}
 }
 
+func printDRSObject(obj drsapi.DrsObject, pretty bool) error {
+	var out []byte
+	var err error
+
+	if pretty {
+		out, err = sonic.ConfigFastest.MarshalIndent(obj, "", "  ")
+	} else {
+		out, err = sonic.ConfigFastest.Marshal(obj)
+	}
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("%s\n", string(out))
+	return nil
+}
+
 // Cmd line declaration
 var Cmd = &cobra.Command{
 	Use:   "query <drs_id>",
@@ -67,7 +85,7 @@ var Cmd = &cobra.Command{
 			return err
 		}
 
-		gc, err := cfg.GetRemoteClient(remoteName, logger)
+		gc, err := remoteruntime.New(cfg, remoteName, logger)
 		if err != nil {
 			return err
 		}
@@ -78,7 +96,7 @@ var Cmd = &cobra.Command{
 				return err
 			}
 			for _, drsObj := range objs {
-				if err := common.PrintDRSObject(drsObj, pretty); err != nil {
+				if err := printDRSObject(drsObj, pretty); err != nil {
 					return err
 				}
 			}
@@ -89,7 +107,7 @@ var Cmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
-		return common.PrintDRSObject(obj, pretty)
+		return printDRSObject(obj, pretty)
 	},
 }
 
diff --git a/cmd/query/main_test.go b/cmd/query/main_test.go
index 25a05808..5f1444c7 100644
--- a/cmd/query/main_test.go
+++ b/cmd/query/main_test.go
@@ -3,7 +3,6 @@ package query
 import (
 	"testing"
 
-	"github.com/calypr/git-drs/internal/common"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
@@ -27,10 +26,10 @@ func TestChecksumTypeForString(t *testing.T) {
 
 func TestPrintDRSObject(t *testing.T) {
 	obj := drsapi.DrsObject{Id: "test-id"}
-	if err := common.PrintDRSObject(obj, false); err != nil {
-		t.Fatalf("common.PrintDRSObject failed: %v", err)
+	if err := printDRSObject(obj, false); err != nil {
+		t.Fatalf("printDRSObject failed: %v", err)
 	}
-	if err := common.PrintDRSObject(obj, true); err != nil {
-		t.Fatalf("common.PrintDRSObject pretty failed: %v", err)
+	if err := printDRSObject(obj, true); err != nil {
+		t.Fatalf("printDRSObject pretty failed: %v", err)
 	}
 }
diff --git a/cmd/remote/add/add_test.go b/cmd/remote/add/add_test.go
index 2923b5d8..7e7f2d94 100644
--- a/cmd/remote/add/add_test.go
+++ b/cmd/remote/add/add_test.go
@@ -1,8 +1,14 @@
 package add
 
 import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
 	"testing"
 
+	bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -12,5 +18,136 @@ func TestAddCmd(t *testing.T) {
 }
 
 func TestGen3Cmd(t *testing.T) {
-	assert.Equal(t, "gen3 [remote-name]", Gen3Cmd.Use)
+	assert.Equal(t, "gen3 [remote-name] <organization/project>", Gen3Cmd.Use)
+}
+
+func TestParseScopeArg(t *testing.T) {
+	t.Run("splits org and project on slash", func(t *testing.T) {
+		org, project, err := parseScopeArg("HTAN_INT/BForePC")
+		if err != nil {
+			t.Fatalf("parseScopeArg returned error: %v", err)
+		}
+		if org != "HTAN_INT" || project != "BForePC" {
+			t.Fatalf("unexpected scope parse result: %q/%q", org, project)
+		}
+	})
+
+	t.Run("rejects legacy single token input", func(t *testing.T) {
+		_, _, err := parseScopeArg("BForePC")
+		if err == nil {
+			t.Fatal("expected invalid scope error")
+		}
+	})
+
+	t.Run("rejects empty org or project", func(t *testing.T) {
+		for _, raw := range []string{"/BForePC", "HTAN_INT/", "HTAN_INT//BForePC"} {
+			_, _, err := parseScopeArg(raw)
+			if err == nil {
+				t.Fatalf("expected invalid scope error for %q", raw)
+			}
+		}
+	})
+}
+
+func TestResolveBucketScopeFromServer(t *testing.T) {
+	t.Run("matches project resource", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path != "/data/buckets" {
+				t.Fatalf("unexpected path: %s", r.URL.Path)
+			}
+			if got := r.Header.Get("Authorization"); got != "Bearer test-token" {
+				t.Fatalf("unexpected auth header: %q", got)
+			}
+			_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/HTAN_INT/project/BForePC"]}}}`))
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "HTAN_INT", "BForePC", "")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
+
+	t.Run("falls back to org resource", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/HTAN_INT"]}}}`))
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "HTAN_INT", "BForePC", "")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
+
+	t.Run("no match", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			resp := bucketapi.BucketsResponse{S3BUCKETS: map[string]bucketapi.BucketMetadata{
+				"cbds": {},
+			}}
+			w.Header().Set("Content-Type", "application/json")
+			if err := json.NewEncoder(w).Encode(resp); err != nil {
+				t.Fatalf("encode response: %v", err)
+			}
+		}))
+		defer srv.Close()
+
+		_, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "HTAN_INT", "BForePC", "")
+		if err == nil {
+			t.Fatal("expected error when no matching bucket is visible")
+		}
+	})
+
+	t.Run("reports ambiguity with candidate buckets", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			resp := bucketapi.BucketsResponse{S3BUCKETS: map[string]bucketapi.BucketMetadata{
+				"EllrottLab": {Programs: &[]string{"/organization/Ellrott_Lab/project/hla2vec"}},
+				"cbds":       {Programs: &[]string{"/organization/Ellrott_Lab/project/hla2vec"}},
+			}}
+			w.Header().Set("Content-Type", "application/json")
+			if err := json.NewEncoder(w).Encode(resp); err != nil {
+				t.Fatalf("encode response: %v", err)
+			}
+		}))
+		defer srv.Close()
+
+		_, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "Ellrott_Lab", "hla2vec", "")
+		if err == nil {
+			t.Fatal("expected ambiguity error")
+		}
+		if !strings.Contains(err.Error(), "multiple visible server buckets matched") {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if !strings.Contains(err.Error(), "EllrottLab, cbds") {
+			t.Fatalf("expected candidate list in error, got: %v", err)
+		}
+	})
+
+	t.Run("uses selected bucket when ambiguity exists", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			resp := bucketapi.BucketsResponse{S3BUCKETS: map[string]bucketapi.BucketMetadata{
+				"EllrottLab": {Programs: &[]string{"/organization/Ellrott_Lab/project/hla2vec"}},
+				"cbds":       {Programs: &[]string{"/organization/Ellrott_Lab/project/hla2vec"}},
+			}}
+			w.Header().Set("Content-Type", "application/json")
+			if err := json.NewEncoder(w).Encode(resp); err != nil {
+				t.Fatalf("encode response: %v", err)
+			}
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromServer(context.Background(), srv.URL, "test-token", "Ellrott_Lab", "hla2vec", "cbds")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
 }
diff --git a/cmd/remote/add/bucket_lookup.go b/cmd/remote/add/bucket_lookup.go
new file mode 100644
index 00000000..4721fe49
--- /dev/null
+++ b/cmd/remote/add/bucket_lookup.go
@@ -0,0 +1,147 @@
+package add
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"slices"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/gitrepo"
+	bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+	syfoncommon "github.com/calypr/syfon/common"
+)
+
+func resolveBucketFromPayload(payload bucketapi.BucketsResponse, organization, project, preferredBucket string) (string, error) {
+	projectResource, err := syfoncommon.ResourcePath(organization, project)
+	if err != nil {
+		return "", err
+	}
+	orgResource, err := syfoncommon.ResourcePath(organization, "")
+	if err != nil {
+		return "", err
+	}
+
+	if bucket, err := chooseVisibleBucket(payload, projectResource, preferredBucket); err != nil || bucket != "" {
+		return bucket, err
+	}
+	if bucket, err := chooseVisibleBucket(payload, orgResource, preferredBucket); err != nil || bucket != "" {
+		return bucket, err
+	}
+
+	return "", fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)
+}
+
+func chooseVisibleBucket(payload bucketapi.BucketsResponse, resource, preferredBucket string) (string, error) {
+	matches := findBucketsByResource(payload, resource)
+	if len(matches) == 0 {
+		return "", nil
+	}
+
+	preferredBucket = strings.TrimSpace(preferredBucket)
+	if preferredBucket != "" {
+		for _, bucket := range matches {
+			if strings.EqualFold(bucket, preferredBucket) {
+				return bucket, nil
+			}
+		}
+		return "", fmt.Errorf("selected bucket %q does not match resource %q; choose one of: %s", preferredBucket, resource, strings.Join(matches, ", "))
+	}
+
+	if len(matches) == 1 {
+		return matches[0], nil
+	}
+	return "", fmt.Errorf("multiple visible server buckets matched resource %q: %s; rerun with --bucket <bucket>", resource, strings.Join(matches, ", "))
+}
+
+func findBucketsByResource(payload bucketapi.BucketsResponse, resource string) []string {
+	resource = syfoncommon.NormalizeAccessResource(resource)
+	if resource == "" {
+		return nil
+	}
+
+	matches := make([]string, 0)
+	for bucket, meta := range payload.S3BUCKETS {
+		if meta.Programs == nil {
+			continue
+		}
+		for _, candidate := range *meta.Programs {
+			if syfoncommon.NormalizeAccessResource(candidate) == resource {
+				matches = append(matches, bucket)
+				break
+			}
+		}
+	}
+	slices.Sort(matches)
+	return slices.Compact(matches)
+}
+
+func resolveBucketScopeFromServer(ctx context.Context, endpoint, token, organization, project, preferredBucket string) (gitrepo.ResolvedBucketScope, error) {
+	if strings.TrimSpace(endpoint) == "" {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
+	}
+	if strings.TrimSpace(token) == "" {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing access token for server bucket lookup")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(token))
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
+	}
+
+	var payload bucketapi.BucketsResponse
+	if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
+	}
+
+	bucket, err := resolveBucketFromPayload(payload, organization, project, preferredBucket)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, err
+	}
+	return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
+}
+
+func resolveBucketScopeFromLocalServer(ctx context.Context, endpoint, username, password, organization, project, preferredBucket string) (gitrepo.ResolvedBucketScope, error) {
+	if strings.TrimSpace(endpoint) == "" {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
+	}
+	if username != "" || password != "" {
+		req.SetBasicAuth(username, password)
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
+	}
+
+	var payload bucketapi.BucketsResponse
+	if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
+		return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
+	}
+
+	bucket, err := resolveBucketFromPayload(payload, organization, project, preferredBucket)
+	if err != nil {
+		return gitrepo.ResolvedBucketScope{}, err
+	}
+	return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
+}
diff --git a/cmd/remote/add/gen3.go b/cmd/remote/add/gen3.go
index 9f9ceed7..504cd1ad 100644
--- a/cmd/remote/add/gen3.go
+++ b/cmd/remote/add/gen3.go
@@ -5,71 +5,62 @@ import (
 	"fmt"
 	"log/slog"
 	"strings"
+	"time"
 
-	"github.com/calypr/data-client/credentials"
-	"github.com/calypr/git-drs/internal/common"
+	"github.com/calypr/calypr-cli/conf"
+	"github.com/calypr/calypr-cli/credentials"
+	"github.com/calypr/git-drs/cmd/initialize"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
-	conf "github.com/calypr/syfon/client/config"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	"github.com/spf13/cobra"
 )
 
 var Gen3Cmd = &cobra.Command{
-	Use: "gen3 [remote-name]",
+	Use: "gen3 [remote-name] <organization/project>",
 	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 1 {
+		if len(args) < 1 || len(args) > 2 {
 			cmd.SilenceUsage = false
-			return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
+			return fmt.Errorf("error: expected [remote-name] <organization/project>, received %d arguments\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
 		}
 		return nil
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
 
-		// make sure at least one of the credentials params is provided
-		if credFile == "" && fenceToken == "" && len(args) == 0 {
-			return fmt.Errorf("error: Gen3 requires a credentials file or accessToken to setup project locally. Please provide either a --cred or --token flag. See 'git drs remote add gen3 --help' for more details")
-		}
-
 		remoteName := config.ORIGIN
-		if len(args) > 0 {
+		scopeArg := ""
+		if len(args) == 1 {
+			scopeArg = args[0]
+		} else {
 			remoteName = args[0]
+			scopeArg = args[1]
 		}
 
-		err := gen3Init(remoteName, credFile, fenceToken, project, organization, bucket, logg)
+		err := gen3Init(remoteName, credFile, fenceToken, scopeArg, logg)
 		if err != nil {
 			return fmt.Errorf("error configuring gen3 server: %v", err)
 		}
+		if noSkipSmudge {
+			if err := gitrepo.SetGitConfigOptions(map[string]string{"drs.skipsmudge": "false"}); err != nil {
+				return fmt.Errorf("failed to configure skipsmudge: %w", err)
+			}
+		}
 		return nil
 	},
 }
 
-func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket string, logg *slog.Logger) error {
+func gen3Init(remoteName, credFile, fenceToken, scopeArg string, logg *slog.Logger) error {
 	if remoteName == "" {
 		return fmt.Errorf("remote name is required")
 	}
-	if project == "" {
-		return fmt.Errorf("project is required for Gen3 remote")
-	}
-
-	resolvedBucket := strings.TrimSpace(bucket)
-	resolvedStoragePrefix := ""
-	if strings.TrimSpace(organization) != "" {
-		scope, err := gitrepo.ResolveBucketScope(organization, project, resolvedBucket, "")
-		if err != nil {
-			return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
-		}
-		resolvedBucket = strings.TrimSpace(scope.Bucket)
-		resolvedStoragePrefix = strings.TrimSpace(scope.Prefix)
+	if err := initialize.EnsureInitialized(logg); err != nil {
+		return fmt.Errorf("failed to initialize repository: %w", err)
 	}
-	if resolvedBucket == "" {
-		if strings.TrimSpace(organization) == "" {
-			return fmt.Errorf("bucket is required when organization is empty")
-		}
-		if strings.TrimSpace(resolvedBucket) == "" {
-			return fmt.Errorf("bucket is required (or configure mapping first with `git drs bucket add-project --organization %s --project %s --path <scheme>://<bucket>/<prefix>`)", organization, project)
-		}
+	organization, project, err := parseScopeArg(scopeArg)
+	if err != nil {
+		return err
 	}
 
 	var accessToken, apiKey, keyID, apiEndpoint string
@@ -78,7 +69,7 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 	case fenceToken != "":
 		accessToken = fenceToken
 		var err error
-		apiEndpoint, err = common.ParseAPIEndpointFromToken(accessToken)
+		apiEndpoint, err = config.ParseAPIEndpointFromToken(accessToken)
 		if err != nil {
 			return fmt.Errorf("failed to parse API endpoint from provided access token: %w", err)
 		}
@@ -92,20 +83,20 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 		apiKey = cred.APIKey
 		keyID = cred.KeyID
 
-		apiEndpoint, err = common.ParseAPIEndpointFromToken(cred.APIKey)
+		apiEndpoint, err = config.ParseAPIEndpointFromToken(cred.APIKey)
 		if err != nil {
 			return fmt.Errorf("failed to parse API endpoint from API key in credentials file: %w", err)
 		}
 
 	default:
 		existing, err := configure.Load(remoteName)
-		if err == nil {
+		if err != nil {
+			return fmt.Errorf("failed to load %s config: %w", remoteName, err)
+		} else {
 			accessToken = existing.AccessToken
 			apiKey = existing.APIKey
 			keyID = existing.KeyID
 			apiEndpoint = existing.APIEndpoint
-		} else {
-			return fmt.Errorf("must provide either --cred or --token (or have existing profile %s)", remoteName)
 		}
 	}
 
@@ -113,52 +104,41 @@ func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket st
 		return fmt.Errorf("could not determine Gen3 API endpoint")
 	}
 
-	remoteGen3 := config.RemoteSelect{
-		Gen3: &config.Gen3Remote{
-			Endpoint:      apiEndpoint,
-			ProjectID:     project,
-			Organization:  organization,
-			Bucket:        resolvedBucket,
-			StoragePrefix: resolvedStoragePrefix,
-		},
-	}
-
-	remote := config.Remote(remoteName)
-	if _, err := config.UpdateRemote(remote, remoteGen3); err != nil {
-		return fmt.Errorf("failed to update remote config: %w", err)
-	}
-	logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
-
-	// Step 3: Ensure credential profile is up-to-date (refreshes token if needed)
 	cred := &conf.Credential{
 		Profile:            remoteName,
 		APIEndpoint:        apiEndpoint,
 		APIKey:             apiKey,
 		KeyID:              keyID,
 		AccessToken:        accessToken, // may be stale
-		UseShepherd:        "false",     // or preserve from existing?
+		UseShepherd:        "false",
 		MinShepherdVersion: "",
 	}
 
-	if err := credentials.EnsureValidCredential(context.Background(), cred, logg); err != nil {
-		return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", err)
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+	if err := credentials.EnsureValidCredential(ctx, cred, logg); err != nil {
+		return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", remoteruntime.WrapCredentialValidationError(remoteName, err))
 	}
 
-	if err := configure.Save(cred); err != nil {
-		return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
-	}
-	// Configure stock git credential plumbing for lfs + persist the refreshed token locally.
-	if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil {
-		return fmt.Errorf("failed to configure git credential helper: %w", err)
+	scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+	if err != nil {
+		scope, err = resolveBucketScopeFromServer(context.Background(), apiEndpoint, strings.TrimSpace(cred.AccessToken), organization, project, selectedBucket)
+		if err != nil {
+			return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
+		}
 	}
-	if err := gitrepo.SetRemoteLFSURL(remoteName, apiEndpoint); err != nil {
-		return fmt.Errorf("failed to set lfs url for remote %s: %w", remoteName, err)
+	resolvedBucket := strings.TrimSpace(scope.Bucket)
+	resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+	if resolvedBucket == "" {
+		return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
 	}
-	if strings.TrimSpace(cred.AccessToken) != "" {
-		if err := gitrepo.SetRemoteToken(remoteName, strings.TrimSpace(cred.AccessToken)); err != nil {
-			return fmt.Errorf("failed to persist repo token for remote %s: %w", remoteName, err)
-		}
+
+	if err := persistGen3Remote(remoteName, organization, project, apiEndpoint, scope, func() error {
+		return configure.Save(cred)
+	}); err != nil {
+		return err
 	}
+	logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
 
 	logg.Debug(fmt.Sprintf("Gen3 profile '%s' configured and token refreshed successfully", remoteName))
 	return nil
diff --git a/cmd/remote/add/init.go b/cmd/remote/add/init.go
index 55f848f2..4248b546 100644
--- a/cmd/remote/add/init.go
+++ b/cmd/remote/add/init.go
@@ -3,14 +3,12 @@ package add
 import "github.com/spf13/cobra"
 
 var (
-	apiEndpoint   string
-	bucket        string
-	credFile      string
-	fenceToken    string
-	localPassword string
-	localUsername string
-	project       string
-	organization  string
+	credFile       string
+	fenceToken     string
+	selectedBucket string
+	localPassword  string
+	localUsername  string
+	noSkipSmudge   bool
 )
 
 // Cmd line declaration
@@ -20,18 +18,15 @@ var Cmd = &cobra.Command{
 }
 
 func init() {
-	Gen3Cmd.Flags().StringVar(&apiEndpoint, "url", "", "[gen3] Specify the API endpoint of the data commons")
-	Gen3Cmd.Flags().StringVar(&bucket, "bucket", "", "[gen3] Specify the bucket name")
-	Gen3Cmd.Flags().StringVar(&credFile, "cred", "", "[gen3] Specify the gen3 credential file that you want to use")
-	Gen3Cmd.Flags().StringVar(&fenceToken, "token", "", "[gen3] Specify the token to be used as a replacement for a credential file for temporary access")
-	Gen3Cmd.Flags().StringVar(&project, "project", "", "[gen3] Specify the gen3 project ID in the format <program>-<project>")
-	Gen3Cmd.Flags().StringVar(&organization, "organization", "", "[gen3] Optional organization/program scope (use with --project as project id)")
+	Gen3Cmd.Flags().StringVar(&credFile, "cred", "", "[gen3] Import a Gen3 credential file into this profile")
+	Gen3Cmd.Flags().StringVar(&fenceToken, "token", "", "[gen3] Use a temporary bearer token issued from fence")
+	Gen3Cmd.Flags().StringVar(&selectedBucket, "bucket", "", "[gen3] Select a specific visible bucket when multiple buckets match the scope")
+	Gen3Cmd.Flags().BoolVar(&noSkipSmudge, "no-skip-smudge", false, "Disable skipping smudge filter (force downloading file contents during checkout)")
 
 	Cmd.AddCommand(Gen3Cmd)
-	LocalCmd.Flags().StringVarP(&project, "project", "p", "", "Project ID")
-	LocalCmd.Flags().StringVar(&bucket, "bucket", "", "Bucket Name")
-	LocalCmd.Flags().StringVar(&organization, "organization", "", "Organization Name")
+	LocalCmd.Flags().StringVar(&selectedBucket, "bucket", "", "Select a specific visible bucket when multiple buckets match the scope")
 	LocalCmd.Flags().StringVar(&localUsername, "username", "", "Username for local DRS HTTP basic auth")
 	LocalCmd.Flags().StringVar(&localPassword, "password", "", "Password for local DRS HTTP basic auth")
+	LocalCmd.Flags().BoolVar(&noSkipSmudge, "no-skip-smudge", false, "Disable skipping smudge filter (force downloading file contents during checkout)")
 	Cmd.AddCommand(LocalCmd)
 }
diff --git a/cmd/remote/add/local.go b/cmd/remote/add/local.go
index c0d61b29..8a34b330 100644
--- a/cmd/remote/add/local.go
+++ b/cmd/remote/add/local.go
@@ -1,56 +1,63 @@
 package add
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
+	"github.com/calypr/git-drs/cmd/initialize"
 	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
 	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/spf13/cobra"
 )
 
 var LocalCmd = &cobra.Command{
-	Use:   "local <remote-name> <url>",
+	Use:   "local <remote-name> <url> <organization/project>",
 	Short: "Add a local DRS server",
-	Long:  "Add a local DRS server by specifying its base URL, e.g., http://localhost:8000. Optional --username/--password configures basic auth for git-lfs and helper flows.",
-	Args:  cobra.ExactArgs(2),
+	Long:  "Add a local DRS server by specifying its base URL and scope. Optional --username/--password configures basic auth for helper flows.",
+	Args:  cobra.ExactArgs(3),
 	RunE: func(cmd *cobra.Command, args []string) error {
 		remoteName := args[0]
 		url := args[1]
+		scopeArg := args[2]
 
+		if err := initialize.EnsureInitialized(drslog.GetLogger()); err != nil {
+			return fmt.Errorf("failed to initialize repository: %w", err)
+		}
 		if url == "" {
 			return fmt.Errorf("URL cannot be empty")
 		}
-
-		remoteSelect := config.RemoteSelect{
-			Local: &config.LocalRemote{
-				BaseURL:      url,
-				ProjectID:    project,
-				Bucket:       bucket,
-				Organization: organization,
-			},
-		}
-
-		newConfig, err := config.UpdateRemote(config.Remote(remoteName), remoteSelect)
+		organization, project, err := parseScopeArg(scopeArg)
 		if err != nil {
 			return err
 		}
-		if err := gitrepo.SetRemoteLFSURL(remoteName, url); err != nil {
-			return fmt.Errorf("failed to configure lfs url for remote %q: %w", remoteName, err)
+		scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+		if err != nil {
+			scope, err = resolveBucketScopeFromLocalServer(context.Background(), url, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword), organization, project, selectedBucket)
+			if err != nil {
+				return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
+			}
 		}
-		if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil {
-			return fmt.Errorf("failed to configure git credential helper: %w", err)
+		resolvedBucket := strings.TrimSpace(scope.Bucket)
+		if resolvedBucket == "" {
+			return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
 		}
-		if strings.TrimSpace(localUsername) != "" || strings.TrimSpace(localPassword) != "" {
-			if strings.TrimSpace(localUsername) == "" || strings.TrimSpace(localPassword) == "" {
-				return fmt.Errorf("both --username and --password are required when configuring local basic auth")
-			}
-			if err := gitrepo.SetRemoteBasicAuth(remoteName, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword)); err != nil {
-				return fmt.Errorf("failed to configure local basic auth for remote %q: %w", remoteName, err)
-			}
+
+		newConfig, err := persistLocalRemote(remoteName, url, organization, project, scope)
+		if err != nil {
+			return err
+		}
+		if err := configureLocalBasicAuth(remoteName, localUsername, localPassword); err != nil {
+			return err
 		}
 
 		fmt.Printf("Added remote '%s'. Config: %v\n", remoteName, newConfig.GetRemote(config.Remote(remoteName)))
+		if noSkipSmudge {
+			if err := gitrepo.SetGitConfigOptions(map[string]string{"drs.skipsmudge": "false"}); err != nil {
+				return fmt.Errorf("failed to configure skipsmudge: %w", err)
+			}
+		}
 		return nil
 	},
 }
diff --git a/cmd/remote/add/local_test.go b/cmd/remote/add/local_test.go
index 80e908a6..23c3ded3 100644
--- a/cmd/remote/add/local_test.go
+++ b/cmd/remote/add/local_test.go
@@ -1,14 +1,100 @@
 package add
 
 import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
 	"testing"
 
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/testutils"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestAddLocalRemote(t *testing.T) {
 	assert.NotNil(t, LocalCmd)
-	assert.Equal(t, "local <remote-name> <url>", LocalCmd.Use)
+	assert.Equal(t, "local <remote-name> <url> <organization/project>", LocalCmd.Use)
 	assert.NotNil(t, LocalCmd.Flag("username"))
 	assert.NotNil(t, LocalCmd.Flag("password"))
+	assert.NotNil(t, LocalCmd.Flag("bucket"))
+	assert.Nil(t, LocalCmd.Flag("organization"))
+	assert.Nil(t, LocalCmd.Flag("project"))
+}
+
+func TestResolveBucketScopeFromLocalServer(t *testing.T) {
+	t.Run("matches project resource", func(t *testing.T) {
+		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path != "/data/buckets" {
+				t.Fatalf("unexpected path: %s", r.URL.Path)
+			}
+			user, pass, ok := r.BasicAuth()
+			if !ok || user != "drs-user" || pass != "drs-pass" {
+				t.Fatalf("unexpected basic auth: ok=%v user=%q pass=%q", ok, user, pass)
+			}
+			_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/calypr/project/end_to_end_test"]}}}`))
+		}))
+		defer srv.Close()
+
+		scope, err := resolveBucketScopeFromLocalServer(context.Background(), srv.URL, "drs-user", "drs-pass", "calypr", "end_to_end_test", "")
+		if err != nil {
+			t.Fatalf("resolveBucketScopeFromLocalServer returned error: %v", err)
+		}
+		if scope.Bucket != "cbds" {
+			t.Fatalf("unexpected bucket: %+v", scope)
+		}
+	})
+}
+
+func TestLocalRemoteAddEnsuresInitialization(t *testing.T) {
+	testutils.SetupTestGitRepo(t)
+	localUsername = ""
+	localPassword = ""
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/data/buckets" {
+			t.Fatalf("unexpected path: %s", r.URL.Path)
+		}
+		_, _ = w.Write([]byte(`{"S3_BUCKETS":{"cbds":{"programs":["/organization/calypr/project/end_to_end_test"]}}}`))
+	}))
+	defer srv.Close()
+
+	if err := LocalCmd.RunE(LocalCmd, []string{"origin", srv.URL, "calypr/end_to_end_test"}); err != nil {
+		t.Fatalf("LocalCmd.RunE returned error: %v", err)
+	}
+
+	if _, err := os.Stat(gitrepo.DRSDir); err != nil {
+		t.Fatalf("expected %s to exist: %v", gitrepo.DRSDir, err)
+	}
+
+	filterProcess, err := gitrepo.GetGitConfigString("filter.drs.process")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.process): %v", err)
+	}
+	if filterProcess != "git-drs filter" {
+		t.Fatalf("unexpected filter.drs.process: %q", filterProcess)
+	}
+	filterClean, err := gitrepo.GetGitConfigString("filter.drs.clean")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.clean): %v", err)
+	}
+	if filterClean != "git-drs clean -- %f" {
+		t.Fatalf("unexpected filter.drs.clean: %q", filterClean)
+	}
+	filterSmudge, err := gitrepo.GetGitConfigString("filter.drs.smudge")
+	if err != nil {
+		t.Fatalf("GetGitConfigString(filter.drs.smudge): %v", err)
+	}
+	if filterSmudge != "git-drs smudge -- %f" {
+		t.Fatalf("unexpected filter.drs.smudge: %q", filterSmudge)
+	}
+
+	preCommit, err := os.ReadFile(filepath.Join(".git", "hooks", "pre-commit"))
+	if err != nil {
+		t.Fatalf("read pre-commit hook: %v", err)
+	}
+	if string(preCommit) == "" {
+		t.Fatalf("expected pre-commit hook to be installed")
+	}
 }
diff --git a/cmd/remote/add/persist.go b/cmd/remote/add/persist.go
new file mode 100644
index 00000000..bec1e5b5
--- /dev/null
+++ b/cmd/remote/add/persist.go
@@ -0,0 +1,79 @@
+package add
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/gitrepo"
+)
+
+func persistGen3Remote(remoteName, organization, project, endpoint string, scope gitrepo.ResolvedBucketScope, saveCredential func() error) error {
+	remote := config.Remote(remoteName)
+	remoteGen3 := config.RemoteSelect{
+		Gen3: &config.Gen3Remote{
+			Endpoint:      endpoint,
+			ProjectID:     project,
+			Organization:  organization,
+			Bucket:        strings.TrimSpace(scope.Bucket),
+			StoragePrefix: strings.TrimSpace(scope.Prefix),
+		},
+	}
+
+	if _, err := config.UpdateRemote(remote, remoteGen3); err != nil {
+		return fmt.Errorf("failed to update remote config: %w", err)
+	}
+	if err := saveCredential(); err != nil {
+		return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
+	}
+	if err := configureRepoRemote(remoteName, endpoint); err != nil {
+		return err
+	}
+	return nil
+}
+
+func persistLocalRemote(remoteName, url, organization, project string, scope gitrepo.ResolvedBucketScope) (*config.Config, error) {
+	remoteSelect := config.RemoteSelect{
+		Local: &config.LocalRemote{
+			BaseURL:       url,
+			ProjectID:     project,
+			Bucket:        strings.TrimSpace(scope.Bucket),
+			Organization:  organization,
+			StoragePrefix: strings.TrimSpace(scope.Prefix),
+		},
+	}
+
+	newConfig, err := config.UpdateRemote(config.Remote(remoteName), remoteSelect)
+	if err != nil {
+		return nil, err
+	}
+	if err := configureRepoRemote(remoteName, url); err != nil {
+		return nil, err
+	}
+	return newConfig, nil
+}
+
+func configureRepoRemote(remoteName, endpoint string) error {
+	if err := gitrepo.SetRemoteLFSURL(remoteName, endpoint); err != nil {
+		return fmt.Errorf("failed to configure lfs url for remote %q: %w", remoteName, err)
+	}
+	if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil {
+		return fmt.Errorf("failed to configure git credential helper: %w", err)
+	}
+	return nil
+}
+
+func configureLocalBasicAuth(remoteName, username, password string) error {
+	username = strings.TrimSpace(username)
+	password = strings.TrimSpace(password)
+	if username == "" && password == "" {
+		return nil
+	}
+	if username == "" || password == "" {
+		return fmt.Errorf("both --username and --password are required when configuring local basic auth")
+	}
+	if err := gitrepo.SetRemoteBasicAuth(remoteName, username, password); err != nil {
+		return fmt.Errorf("failed to configure local basic auth for remote %q: %w", remoteName, err)
+	}
+	return nil
+}
diff --git a/cmd/remote/add/scope.go b/cmd/remote/add/scope.go
new file mode 100644
index 00000000..cc1ef92f
--- /dev/null
+++ b/cmd/remote/add/scope.go
@@ -0,0 +1,24 @@
+package add
+
+import (
+	"fmt"
+	"strings"
+)
+
+func parseScopeArg(raw string) (string, string, error) {
+	raw = strings.TrimSpace(raw)
+	if raw == "" {
+		return "", "", fmt.Errorf("organization/project scope is required")
+	}
+
+	parts := strings.Split(raw, "/")
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	organization := strings.TrimSpace(parts[0])
+	project := strings.TrimSpace(parts[1])
+	if organization == "" || project == "" {
+		return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+	}
+	return organization, project, nil
+}
diff --git a/cmd/remote/list.go b/cmd/remote/list.go
index 8723bc97..a7a3035d 100644
--- a/cmd/remote/list.go
+++ b/cmd/remote/list.go
@@ -3,11 +3,22 @@ package remote
 import (
 	"fmt"
 
+	calyprconf "github.com/calypr/calypr-cli/conf"
+	"github.com/calypr/calypr-cli/credentials"
 	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	"github.com/spf13/cobra"
 )
 
+var (
+	loadConfig            = config.LoadConfig
+	loadProfileCredential = func(profile string) (*calyprconf.Credential, error) {
+		return calyprconf.NewConfigure(drslog.GetLogger()).Load(profile)
+	}
+	ensureValidCredential = credentials.EnsureValidCredential
+)
+
 var ListCmd = &cobra.Command{
 	Use:   "list",
 	Short: "List DRS repos",
@@ -20,7 +31,7 @@ var ListCmd = &cobra.Command{
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logg := drslog.GetLogger()
-		cfg, err := config.LoadConfig()
+		cfg, err := loadConfig()
 		if err != nil {
 			logg.Debug(fmt.Sprintf("Error loading config: %s", err))
 			return err
@@ -53,6 +64,16 @@ var ListCmd = &cobra.Command{
 			}
 
 			fmt.Printf("%s %-10s %-8s %s\n", marker, name, remoteType, endpoint)
+			if remoteSelect.Gen3 != nil {
+				cred, err := loadProfileCredential(string(name))
+				if err != nil {
+					logg.Warn(fmt.Sprintf("remote %s credential check skipped: %v", name, err))
+					continue
+				}
+				if err := ensureValidCredential(cmd.Context(), cred, logg); err != nil {
+					logg.Warn(remoteruntime.WrapCredentialValidationError(string(name), err).Error())
+				}
+			}
 		}
 		return nil
 	},
diff --git a/cmd/remote/remote_test.go b/cmd/remote/remote_test.go
index b03b3121..c1d33aab 100644
--- a/cmd/remote/remote_test.go
+++ b/cmd/remote/remote_test.go
@@ -1,9 +1,14 @@
 package remote
 
 import (
+	"context"
+	"log/slog"
+	"os/exec"
 	"testing"
 
+	"github.com/calypr/git-drs/internal/config"
 	"github.com/calypr/git-drs/internal/testutils"
+	syconf "github.com/calypr/syfon/client/config"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -21,6 +26,22 @@ func TestRemoteListRun(t *testing.T) {
 	tmpDir := testutils.SetupTestGitRepo(t)
 	testutils.CreateDefaultTestConfig(t, tmpDir)
 
+	oldLoadProfileCredential := loadProfileCredential
+	oldEnsureValidCredential := ensureValidCredential
+	t.Cleanup(func() {
+		loadProfileCredential = oldLoadProfileCredential
+		ensureValidCredential = oldEnsureValidCredential
+	})
+
+	loadProfileCredential = func(profile string) (*syconf.Credential, error) {
+		return &syconf.Credential{Profile: profile, AccessToken: "token", APIEndpoint: "https://example.test"}, nil
+	}
+	called := false
+	ensureValidCredential = func(ctx context.Context, cred *syconf.Credential, _ *slog.Logger) error {
+		called = true
+		return nil
+	}
+
 	// Capture stdout
 	output := testutils.CaptureStdout(t, func() {
 		err := ListCmd.RunE(ListCmd, []string{})
@@ -29,6 +50,7 @@ func TestRemoteListRun(t *testing.T) {
 
 	assert.Contains(t, output, "origin")
 	assert.Contains(t, output, "gen3")
+	assert.True(t, called, "expected remote list to validate the configured credential")
 }
 
 func TestRemoteSetArgs(t *testing.T) {
@@ -44,3 +66,89 @@ func TestRemoteSetArgs(t *testing.T) {
 	err = SetCmd.Args(SetCmd, []string{"origin", "extra"})
 	assert.Error(t, err)
 }
+
+func TestRemoteRemoveArgs(t *testing.T) {
+	err := RemoveCmd.Args(RemoveCmd, []string{"origin"})
+	assert.NoError(t, err)
+
+	err = RemoveCmd.Args(RemoveCmd, []string{})
+	assert.Error(t, err)
+
+	err = RemoveCmd.Args(RemoveCmd, []string{"origin", "extra"})
+	assert.Error(t, err)
+}
+
+func TestRemoteRemoveRunReassignsDefaultAndCleansKeys(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateTestConfig(t, tmpDir, &config.Config{
+		DefaultRemote: "origin",
+		Remotes: map[config.Remote]config.RemoteSelect{
+			"origin": {
+				Gen3: &config.Gen3Remote{
+					Endpoint:  "https://origin.example",
+					ProjectID: "origin-proj",
+					Bucket:    "origin-bucket",
+				},
+			},
+			"backup": {
+				Gen3: &config.Gen3Remote{
+					Endpoint:  "https://backup.example",
+					ProjectID: "backup-proj",
+					Bucket:    "backup-bucket",
+				},
+			},
+		},
+	})
+
+	for _, args := range [][]string{
+		{"config", "drs.remote.origin.token", "token"},
+		{"config", "drs.remote.origin.username", "alice"},
+		{"config", "drs.remote.origin.password", "secret"},
+		{"config", "remote.origin.lfsurl", "https://origin.example/info/lfs"},
+	} {
+		cmd := exec.Command("git", args...)
+		cmd.Dir = tmpDir
+		err := cmd.Run()
+		assert.NoError(t, err)
+	}
+
+	err := RemoveCmd.RunE(RemoveCmd, []string{"origin"})
+	assert.NoError(t, err)
+
+	cfg, err := config.LoadConfig()
+	assert.NoError(t, err)
+	assert.NotContains(t, cfg.Remotes, config.Remote("origin"))
+	assert.Equal(t, config.Remote("backup"), cfg.DefaultRemote)
+
+	for _, key := range []string{
+		"drs.remote.origin.type",
+		"drs.remote.origin.endpoint",
+		"drs.remote.origin.project",
+		"drs.remote.origin.bucket",
+		"drs.remote.origin.token",
+		"drs.remote.origin.username",
+		"drs.remote.origin.password",
+		"remote.origin.lfsurl",
+	} {
+		val, err := exec.Command("git", "config", "--get", key).CombinedOutput()
+		assert.Empty(t, string(val))
+		assert.Error(t, err)
+	}
+}
+
+func TestRemoteRemoveRunClearsDefaultWhenLastRemoteRemoved(t *testing.T) {
+	tmpDir := testutils.SetupTestGitRepo(t)
+	testutils.CreateDefaultTestConfig(t, tmpDir)
+
+	err := RemoveCmd.RunE(RemoveCmd, []string{"origin"})
+	assert.NoError(t, err)
+
+	cfg, err := config.LoadConfig()
+	assert.NoError(t, err)
+	assert.Empty(t, cfg.Remotes)
+	assert.Equal(t, config.Remote(""), cfg.DefaultRemote)
+
+	val, err := exec.Command("git", "config", "--get", "drs.default-remote").CombinedOutput()
+	assert.Empty(t, string(val))
+	assert.Error(t, err)
+}
diff --git a/cmd/remote/remove.go b/cmd/remote/remove.go
new file mode 100644
index 00000000..a5f5dbdc
--- /dev/null
+++ b/cmd/remote/remove.go
@@ -0,0 +1,59 @@
+package remote
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/spf13/cobra"
+)
+
+var RemoveCmd = &cobra.Command{
+	Use:     "remove <remote-name>",
+	Aliases: []string{"rm"},
+	Short:   "Remove a DRS remote",
+	Long:    "Remove a configured DRS remote and repair the default remote if needed.",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) != 1 {
+			cmd.SilenceUsage = false
+			return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote remove --help' for more details", len(args), cmd.UseLine())
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		remoteName := config.Remote(args[0])
+		logger := drslog.GetLogger()
+
+		cfg, err := config.LoadConfig()
+		if err != nil {
+			return fmt.Errorf("failed to load config: %w", err)
+		}
+
+		if _, ok := cfg.Remotes[remoteName]; !ok {
+			availableRemotes := make([]string, 0, len(cfg.Remotes))
+			for name := range cfg.Remotes {
+				availableRemotes = append(availableRemotes, string(name))
+			}
+			sort.Strings(availableRemotes)
+			return fmt.Errorf(
+				"remote '%s' not found.\nAvailable remotes: %v",
+				remoteName,
+				availableRemotes,
+			)
+		}
+
+		updated, err := config.RemoveRemote(remoteName)
+		if err != nil {
+			return fmt.Errorf("failed to remove remote: %w", err)
+		}
+
+		if updated.DefaultRemote == "" {
+			logger.Debug(fmt.Sprintf("Removed remote %s; no default remote remains", remoteName))
+			return nil
+		}
+
+		logger.Debug(fmt.Sprintf("Removed remote %s; default remote is now %s", remoteName, updated.DefaultRemote))
+		return nil
+	},
+}
diff --git a/cmd/remote/root.go b/cmd/remote/root.go
index 7d865720..45a1963d 100644
--- a/cmd/remote/root.go
+++ b/cmd/remote/root.go
@@ -14,5 +14,6 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.AddCommand(add.Cmd)
 	Cmd.AddCommand(ListCmd)
+	Cmd.AddCommand(RemoveCmd)
 	Cmd.AddCommand(SetCmd)
 }
diff --git a/cmd/rm/main.go b/cmd/rm/main.go
new file mode 100644
index 00000000..a58124d1
--- /dev/null
+++ b/cmd/rm/main.go
@@ -0,0 +1,58 @@
+package rm
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/spf13/cobra"
+)
+
+var runCommand = func(name string, args ...string) error {
+	cmd := exec.Command(name, args...)
+	return cmd.Run()
+}
+
+var Cmd = &cobra.Command{
+	Use:   "rm <path>...",
+	Short: "Remove tracked git-drs files",
+	Args:  cobra.MinimumNArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return run(cmd.Context(), args)
+	},
+}
+
+func run(ctx context.Context, args []string) error {
+	tracked, err := lfs.GetTrackedLfsFiles(drslog.GetLogger())
+	if err != nil {
+		return err
+	}
+
+	type removal struct {
+		path string
+		oid  string
+	}
+	planned := make([]removal, 0, len(args))
+	for _, raw := range args {
+		path := filepath.ToSlash(filepath.Clean(raw))
+		info, ok := tracked[path]
+		if !ok || strings.TrimSpace(info.Oid) == "" {
+			return fmt.Errorf("%s is not a tracked git-drs/LFS file", raw)
+		}
+		planned = append(planned, removal{path: path, oid: "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")})
+	}
+
+	gitArgs := []string{"rm", "--"}
+	for _, item := range planned {
+		gitArgs = append(gitArgs, item.path)
+	}
+	if err := runCommand("git", gitArgs...); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/cmd/rm/main_test.go b/cmd/rm/main_test.go
new file mode 100644
index 00000000..16c51f28
--- /dev/null
+++ b/cmd/rm/main_test.go
@@ -0,0 +1,54 @@
+package rm
+
+import (
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+)
+
+func TestRunRemovesTrackedFile(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmd(t, repo, "init")
+	runGitCmd(t, repo, "config", "user.email", "test@example.com")
+	runGitCmd(t, repo, "config", "user.name", "Test User")
+	runGitCmd(t, repo, "config", "filter.drs.clean", "cat")
+	runGitCmd(t, repo, "config", "filter.drs.smudge", "cat")
+	runGitCmd(t, repo, "config", "filter.drs.process", "cat")
+	runGitCmd(t, repo, "config", "filter.drs.required", "false")
+
+	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), []byte("*.dat filter=drs diff=drs merge=drs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+	path := filepath.Join(repo, "data.dat")
+	if err := os.WriteFile(path, []byte("version https://git-lfs.github.com/spec/v1\noid sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\nsize 12\n"), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+	runGitCmd(t, repo, "add", ".")
+	runGitCmd(t, repo, "commit", "-m", "add pointer")
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	if err := run(context.Background(), []string{"data.dat"}); err != nil {
+		t.Fatalf("run returned error: %v", err)
+	}
+
+	if _, err := os.Stat(path); !os.IsNotExist(err) {
+		t.Fatalf("expected file removed from worktree, stat err=%v", err)
+	}
+}
+
+func runGitCmd(t *testing.T, dir string, args ...string) {
+	t.Helper()
+	cmd := exec.Command("git", args...)
+	cmd.Dir = dir
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("git %v failed: %v\n%s", args, err, string(out))
+	}
+}
diff --git a/cmd/root.go b/cmd/root.go
index ddfc95ac..320592f8 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -5,28 +5,23 @@ import (
 	"github.com/calypr/git-drs/cmd/addurl"
 	"github.com/calypr/git-drs/cmd/bucket"
 	"github.com/calypr/git-drs/cmd/clean"
+	"github.com/calypr/git-drs/cmd/copyrecords"
 	deleteCmd "github.com/calypr/git-drs/cmd/delete"
 	"github.com/calypr/git-drs/cmd/deleteproject"
-
-	"github.com/calypr/git-drs/cmd/download"
-	"github.com/calypr/git-drs/cmd/fetch"
 	"github.com/calypr/git-drs/cmd/filter"
 	"github.com/calypr/git-drs/cmd/initialize"
 	"github.com/calypr/git-drs/cmd/install"
-
-	"github.com/calypr/git-drs/cmd/list"
 	"github.com/calypr/git-drs/cmd/lsfiles"
+	"github.com/calypr/git-drs/cmd/ping"
 	"github.com/calypr/git-drs/cmd/precommit"
-	"github.com/calypr/git-drs/cmd/prepush"
 	"github.com/calypr/git-drs/cmd/pull"
 	"github.com/calypr/git-drs/cmd/push"
 	"github.com/calypr/git-drs/cmd/query"
 	"github.com/calypr/git-drs/cmd/remote"
+	"github.com/calypr/git-drs/cmd/rm"
 	"github.com/calypr/git-drs/cmd/smudge"
 	"github.com/calypr/git-drs/cmd/track"
 	"github.com/calypr/git-drs/cmd/untrack"
-
-	"github.com/calypr/git-drs/cmd/upload"
 	"github.com/calypr/git-drs/cmd/version"
 	"github.com/spf13/cobra"
 )
@@ -41,20 +36,20 @@ var RootCmd = &cobra.Command{
 func init() {
 	// Hide internal commands
 	precommit.Cmd.Hidden = true
-	prepush.Cmd.Hidden = true
 	filter.Cmd.Hidden = true
 
 	RootCmd.AddCommand(initialize.Cmd)
 	RootCmd.AddCommand(version.Cmd)
+	RootCmd.AddCommand(ping.Cmd)
 	RootCmd.AddCommand(filter.Cmd)
 	RootCmd.AddCommand(clean.Cmd)
+	RootCmd.AddCommand(copyrecords.Cmd)
 	RootCmd.AddCommand(smudge.Cmd)
 	RootCmd.AddCommand(remote.Cmd)
-	RootCmd.AddCommand(fetch.Cmd)
+	RootCmd.AddCommand(rm.Cmd)
 	RootCmd.AddCommand(pull.Cmd)
 	RootCmd.AddCommand(push.Cmd)
 	RootCmd.AddCommand(precommit.Cmd)
-	RootCmd.AddCommand(prepush.Cmd)
 	RootCmd.AddCommand(addref.Cmd)
 	RootCmd.AddCommand(addurl.Cmd)
 	RootCmd.AddCommand(deleteCmd.Cmd)
@@ -63,10 +58,7 @@ func init() {
 	RootCmd.AddCommand(bucket.Cmd)
 	RootCmd.AddCommand(track.Cmd)
 	RootCmd.AddCommand(untrack.Cmd)
-	RootCmd.AddCommand(list.Cmd)
 	RootCmd.AddCommand(lsfiles.Cmd)
-	RootCmd.AddCommand(upload.Cmd)
-	RootCmd.AddCommand(download.Cmd)
 	RootCmd.AddCommand(install.Cmd)
 
 	RootCmd.CompletionOptions.HiddenDefaultCmd = true
diff --git a/cmd/smudge/main.go b/cmd/smudge/main.go
index 9964769c..faebd995 100644
--- a/cmd/smudge/main.go
+++ b/cmd/smudge/main.go
@@ -7,9 +7,10 @@ import (
 	"os"
 
 	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drsfilter"
 	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsremote"
+	internalfilter "github.com/calypr/git-drs/internal/filter"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	internaltransfer "github.com/calypr/git-drs/internal/transfer"
 	"github.com/spf13/cobra"
 )
 
@@ -51,19 +52,24 @@ func runSmudge(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		if errors.Is(err, config.ErrNoDefaultRemote) {
 			logger.Debug("smudge: no default remote configured; passing through pointer", "pathname", pathname)
-			return drsfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, nil)
+			return internalfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, nil)
 		}
 		return fmt.Errorf("smudge: get default remote: %w", err)
 	}
 
-	drsCtx, err := cfg.GetRemoteClient(remote, logger)
+	drsCtx, err := remoteruntime.New(cfg, remote, logger)
 	if err != nil {
 		return fmt.Errorf("smudge: create DRS client: %w", err)
 	}
 
-	return drsfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, func(callCtx context.Context, oid, cachePath string) error {
-		return drsremote.DownloadToCachePath(callCtx, drsCtx, logger, oid, cachePath)
-	})
+	var downloadFn internalfilter.SmudgeDownloadFunc
+	if !internalfilter.ShouldSkipSmudge() {
+		downloadFn = func(callCtx context.Context, oid, cachePath string) error {
+			return internaltransfer.DownloadToCachePath(callCtx, drsCtx, oid, cachePath)
+		}
+	}
+
+	return internalfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, downloadFn)
 }
 
 func init() {}
diff --git a/cmd/track/main.go b/cmd/track/main.go
index d0721d79..868b3352 100644
--- a/cmd/track/main.go
+++ b/cmd/track/main.go
@@ -4,13 +4,13 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/calypr/git-drs/internal/drstrack"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/spf13/cobra"
 )
 
 var (
-	gitLFSTrackPatterns = drstrack.TrackPatterns
-	gitLFSListPatterns  = drstrack.ListTrackedPatterns
+	gitLFSTrackPatterns = gitrepo.TrackPatterns
+	gitLFSListPatterns  = gitrepo.ListTrackedPatterns
 )
 
 var Cmd = NewCommand()
@@ -56,7 +56,9 @@ func runTrack(cmd *cobra.Command, args []string) error {
 	}
 
 	if out != "" {
-		_, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+		if _, err := fmt.Fprint(cmd.OutOrStdout(), out); err != nil {
+			return fmt.Errorf("write track output: %w", err)
+		}
 	}
 	return nil
 }
diff --git a/cmd/untrack/main.go b/cmd/untrack/main.go
index 5e498f51..fa22f4e5 100644
--- a/cmd/untrack/main.go
+++ b/cmd/untrack/main.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/calypr/git-drs/internal/drstrack"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/spf13/cobra"
 )
 
-var gitLFSUntrackPatterns = drstrack.UntrackPatterns
+var gitLFSUntrackPatterns = gitrepo.UntrackPatterns
 
 var Cmd = NewCommand()
 
@@ -48,7 +48,9 @@ func runUntrack(cmd *cobra.Command, args []string) error {
 	}
 
 	if out != "" {
-		_, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+		if _, err := fmt.Fprint(cmd.OutOrStdout(), out); err != nil {
+			return fmt.Errorf("write untrack output: %w", err)
+		}
 	}
 	return nil
 }
diff --git a/cmd/upload/main.go b/cmd/upload/main.go
deleted file mode 100644
index 992b8f52..00000000
--- a/cmd/upload/main.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package upload
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/drsremote"
-	syupload "github.com/calypr/syfon/client/transfer/upload"
-	"github.com/spf13/cobra"
-)
-
-var remote string
-
-// Cmd line declaration
-var Cmd = &cobra.Command{
-	Use:   "upload <src file>",
-	Short: "Upload a file to a DRS server",
-	Long:  "Upload a file to a DRS server, without creating an LFS pointer",
-	Args:  cobra.MinimumNArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		logger := drslog.GetLogger()
-
-		config, err := config.LoadConfig()
-		if err != nil {
-			return err
-		}
-
-		remoteName, err := config.GetRemoteOrDefault(remote)
-		if err != nil {
-			logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-			return err
-		}
-
-		client, err := config.GetRemoteClient(remoteName, logger)
-		if err != nil {
-			return err
-		}
-
-		remoteConfig := config.GetRemote(remoteName)
-		organization := ""
-		project := ""
-		storagePrefix := ""
-		bucketName := ""
-		if remoteConfig != nil {
-			organization = remoteConfig.GetOrganization()
-			project = remoteConfig.GetProjectId()
-			storagePrefix = remoteConfig.GetStoragePrefix()
-			bucketName = remoteConfig.GetBucketName()
-		}
-
-		for _, src := range args {
-			if s, err := os.Stat(src); err != nil {
-				logger.Error(fmt.Sprintf("Error stating file %s: %v", src, err))
-				return err
-			} else if s.IsDir() {
-				logger.Error(fmt.Sprintf("Skipping directory %s", src))
-				continue
-			} else {
-				sha256, err := common.CalculateFileSHA256(src)
-				if err != nil {
-					logger.Error(fmt.Sprintf("Error calculating SHA256 for file %s: %v", src, err))
-					return err
-				}
-
-				objs, err := drsremote.ObjectsByHashForScope(cmd.Context(), client, sha256)
-				if err != nil || len(objs) == 0 {
-					did := sha256
-					name := filepath.Base(src)
-					drsObj, err := drsobject.BuildWithPrefix(name, sha256, s.Size(), did, bucketName, organization, project, storagePrefix)
-					if err != nil {
-						return fmt.Errorf("build DRS object for %s: %w", src, err)
-					}
-					registered, err := syupload.RegisterFile(cmd.Context(), client.Client.Data(), client.Client.DRS(), drsObj, src, bucketName)
-					if err != nil {
-						return fmt.Errorf("error uploading %s: %v", src, err)
-					}
-					if registered != nil {
-						logger.Info(fmt.Sprintf("Successfully uploaded %s to server with DRS ID %s", src, registered.Id))
-					}
-				} else {
-					logger.Info(fmt.Sprintf("File %s already exists on server with DRS ID %s, skipping upload", src, strings.TrimSpace(objs[0].Id)))
-				}
-			}
-		}
-
-		return nil
-	},
-}
-
-func init() {
-	Cmd.Flags().StringVarP(&remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-}
diff --git a/coverage/combined.html b/coverage/combined.html
index f00491d3..bcd8b776 100644
--- a/coverage/combined.html
+++ b/coverage/combined.html
@@ -61,109 +61,135 @@
 				
 				<option value="file2">github.com/calypr/git-drs/cmd/addurl/io.go (60.6%)</option>
 				
-				<option value="file3">github.com/calypr/git-drs/cmd/addurl/main.go (50.0%)</option>
+				<option value="file3">github.com/calypr/git-drs/cmd/addurl/main.go (55.6%)</option>
 				
-				<option value="file4">github.com/calypr/git-drs/cmd/addurl/params.go (78.9%)</option>
+				<option value="file4">github.com/calypr/git-drs/cmd/addurl/params.go (79.6%)</option>
 				
 				<option value="file5">github.com/calypr/git-drs/cmd/addurl/scope.go (75.0%)</option>
 				
-				<option value="file6">github.com/calypr/git-drs/cmd/addurl/service.go (68.9%)</option>
+				<option value="file6">github.com/calypr/git-drs/cmd/addurl/service.go (70.2%)</option>
 				
 				<option value="file7">github.com/calypr/git-drs/cmd/bucket/main.go (19.3%)</option>
 				
-				<option value="file8">github.com/calypr/git-drs/cmd/credentialhelper/main.go (27.6%)</option>
+				<option value="file8">github.com/calypr/git-drs/cmd/copyrecords/main.go (43.3%)</option>
 				
-				<option value="file9">github.com/calypr/git-drs/cmd/delete/main.go (27.5%)</option>
+				<option value="file9">github.com/calypr/git-drs/cmd/credentialhelper/main.go (27.6%)</option>
 				
-				<option value="file10">github.com/calypr/git-drs/cmd/deleteproject/main.go (4.3%)</option>
+				<option value="file10">github.com/calypr/git-drs/cmd/delete/main.go (27.5%)</option>
 				
-				<option value="file11">github.com/calypr/git-drs/cmd/fetch/main.go (62.1%)</option>
+				<option value="file11">github.com/calypr/git-drs/cmd/initialize/main.go (72.2%)</option>
 				
-				<option value="file12">github.com/calypr/git-drs/cmd/initialize/main.go (58.7%)</option>
+				<option value="file12">github.com/calypr/git-drs/cmd/install/main.go (47.4%)</option>
 				
-				<option value="file13">github.com/calypr/git-drs/cmd/install/main.go (47.4%)</option>
+				<option value="file13">github.com/calypr/git-drs/cmd/lsfiles/main.go (56.5%)</option>
 				
-				<option value="file14">github.com/calypr/git-drs/cmd/precommit/main.go (32.6%)</option>
+				<option value="file14">github.com/calypr/git-drs/cmd/ping/main.go (75.4%)</option>
 				
-				<option value="file15">github.com/calypr/git-drs/cmd/prepush/main.go (44.1%)</option>
+				<option value="file15">github.com/calypr/git-drs/cmd/precommit/main.go (48.3%)</option>
 				
-				<option value="file16">github.com/calypr/git-drs/cmd/pull/main.go (9.7%)</option>
+				<option value="file16">github.com/calypr/git-drs/cmd/prepush/io_helpers.go (50.0%)</option>
 				
-				<option value="file17">github.com/calypr/git-drs/cmd/push/main.go (35.0%)</option>
+				<option value="file17">github.com/calypr/git-drs/cmd/prepush/main.go (44.2%)</option>
 				
-				<option value="file18">github.com/calypr/git-drs/cmd/query/main.go (22.5%)</option>
+				<option value="file18">github.com/calypr/git-drs/cmd/prepush/pushed_refs.go (76.7%)</option>
 				
-				<option value="file19">github.com/calypr/git-drs/cmd/remote/add/gen3.go (0.0%)</option>
+				<option value="file19">github.com/calypr/git-drs/cmd/pull/main.go (20.1%)</option>
 				
-				<option value="file20">github.com/calypr/git-drs/cmd/remote/add/init.go (100.0%)</option>
+				<option value="file20">github.com/calypr/git-drs/cmd/pull/progress.go (83.5%)</option>
 				
-				<option value="file21">github.com/calypr/git-drs/cmd/remote/add/local.go (0.0%)</option>
+				<option value="file21">github.com/calypr/git-drs/cmd/push/main.go (32.3%)</option>
 				
-				<option value="file22">github.com/calypr/git-drs/cmd/remote/list.go (78.6%)</option>
+				<option value="file22">github.com/calypr/git-drs/cmd/push/progress.go (92.6%)</option>
 				
-				<option value="file23">github.com/calypr/git-drs/cmd/remote/root.go (100.0%)</option>
+				<option value="file23">github.com/calypr/git-drs/cmd/query/main.go (22.5%)</option>
 				
-				<option value="file24">github.com/calypr/git-drs/cmd/remote/set.go (20.0%)</option>
+				<option value="file24">github.com/calypr/git-drs/cmd/remote/add/gen3.go (34.1%)</option>
 				
-				<option value="file25">github.com/calypr/git-drs/cmd/smudge/main.go (65.0%)</option>
+				<option value="file25">github.com/calypr/git-drs/cmd/remote/add/init.go (100.0%)</option>
 				
-				<option value="file26">github.com/calypr/git-drs/cmd/track/main.go (81.8%)</option>
+				<option value="file26">github.com/calypr/git-drs/cmd/remote/add/local.go (63.9%)</option>
 				
-				<option value="file27">github.com/calypr/git-drs/cmd/untrack/main.go (78.9%)</option>
+				<option value="file27">github.com/calypr/git-drs/cmd/remote/list.go (72.2%)</option>
 				
-				<option value="file28">github.com/calypr/git-drs/cmd/version/main.go (57.9%)</option>
+				<option value="file28">github.com/calypr/git-drs/cmd/remote/remove.go (69.6%)</option>
 				
-				<option value="file29">github.com/calypr/git-drs/internal/cloud/inspect.go (46.8%)</option>
+				<option value="file29">github.com/calypr/git-drs/cmd/remote/root.go (100.0%)</option>
 				
-				<option value="file30">github.com/calypr/git-drs/internal/common/common.go (60.2%)</option>
+				<option value="file30">github.com/calypr/git-drs/cmd/remote/set.go (20.0%)</option>
 				
-				<option value="file31">github.com/calypr/git-drs/internal/common/confirmation.go (93.3%)</option>
+				<option value="file31">github.com/calypr/git-drs/cmd/rm/main.go (80.0%)</option>
 				
-				<option value="file32">github.com/calypr/git-drs/internal/common/jwt.go (96.0%)</option>
+				<option value="file32">github.com/calypr/git-drs/cmd/smudge/main.go (65.0%)</option>
 				
-				<option value="file33">github.com/calypr/git-drs/internal/config/config.go (65.1%)</option>
+				<option value="file33">github.com/calypr/git-drs/cmd/track/main.go (81.8%)</option>
 				
-				<option value="file34">github.com/calypr/git-drs/internal/config/remote.go (41.8%)</option>
+				<option value="file34">github.com/calypr/git-drs/cmd/untrack/main.go (78.9%)</option>
 				
-				<option value="file35">github.com/calypr/git-drs/internal/drslog/logger.go (74.3%)</option>
+				<option value="file35">github.com/calypr/git-drs/cmd/version/main.go (57.9%)</option>
 				
-				<option value="file36">github.com/calypr/git-drs/internal/drslookup/lookup.go (28.9%)</option>
+				<option value="file36">github.com/calypr/git-drs/internal/common/common.go (56.0%)</option>
 				
-				<option value="file37">github.com/calypr/git-drs/internal/drsmap/drs_map.go (13.5%)</option>
+				<option value="file37">github.com/calypr/git-drs/internal/common/confirmation.go (93.3%)</option>
 				
-				<option value="file38">github.com/calypr/git-drs/internal/gitrepo/bucket_map.go (84.9%)</option>
+				<option value="file38">github.com/calypr/git-drs/internal/common/jwt.go (96.0%)</option>
 				
-				<option value="file39">github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go (71.4%)</option>
+				<option value="file39">github.com/calypr/git-drs/internal/config/config.go (54.7%)</option>
 				
-				<option value="file40">github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go (23.1%)</option>
+				<option value="file40">github.com/calypr/git-drs/internal/config/remote.go (63.6%)</option>
 				
-				<option value="file41">github.com/calypr/git-drs/internal/gitrepo/repo.go (44.3%)</option>
+				<option value="file41">github.com/calypr/git-drs/internal/drsdelete/git_history.go (71.2%)</option>
 				
-				<option value="file42">github.com/calypr/git-drs/internal/lfs/clean.go (65.1%)</option>
+				<option value="file42">github.com/calypr/git-drs/internal/drsdelete/live_refs.go (81.8%)</option>
 				
-				<option value="file43">github.com/calypr/git-drs/internal/lfs/download.go (0.0%)</option>
+				<option value="file43">github.com/calypr/git-drs/internal/drsdelete/reconcile.go (66.0%)</option>
 				
-				<option value="file44">github.com/calypr/git-drs/internal/lfs/filter.go (63.1%)</option>
+				<option value="file44">github.com/calypr/git-drs/internal/drsfilter/clean.go (58.8%)</option>
 				
-				<option value="file45">github.com/calypr/git-drs/internal/lfs/gitattributes.go (83.9%)</option>
+				<option value="file45">github.com/calypr/git-drs/internal/drsfilter/smudge.go (81.1%)</option>
 				
-				<option value="file46">github.com/calypr/git-drs/internal/lfs/helpers.go (61.7%)</option>
+				<option value="file46">github.com/calypr/git-drs/internal/drslog/logger.go (74.3%)</option>
 				
-				<option value="file47">github.com/calypr/git-drs/internal/lfs/lfs.go (64.2%)</option>
+				<option value="file47">github.com/calypr/git-drs/internal/drsmap/drs_map.go (78.3%)</option>
 				
-				<option value="file48">github.com/calypr/git-drs/internal/lfs/lfs_tracked.go (40.7%)</option>
+				<option value="file48">github.com/calypr/git-drs/internal/drsobject/object.go (58.1%)</option>
 				
-				<option value="file49">github.com/calypr/git-drs/internal/lfs/sentinel.go (75.0%)</option>
+				<option value="file49">github.com/calypr/git-drs/internal/drsobject/store.go (72.0%)</option>
 				
-				<option value="file50">github.com/calypr/git-drs/internal/lfs/smudge.go (81.1%)</option>
+				<option value="file50">github.com/calypr/git-drs/internal/drsremote/bulk.go (80.0%)</option>
 				
-				<option value="file51">github.com/calypr/git-drs/internal/lfs/store.go (27.8%)</option>
+				<option value="file51">github.com/calypr/git-drs/internal/drsremote/remote.go (66.9%)</option>
 				
-				<option value="file52">github.com/calypr/git-drs/internal/lfs/util.go (80.0%)</option>
+				<option value="file52">github.com/calypr/git-drs/internal/drsremote/scope.go (90.0%)</option>
 				
-				<option value="file53">github.com/calypr/git-drs/internal/precommit_cache/helpers.go (70.9%)</option>
+				<option value="file53">github.com/calypr/git-drs/internal/drstrack/routes.go (84.1%)</option>
 				
-				<option value="file54">github.com/calypr/git-drs/internal/version/version.go (100.0%)</option>
+				<option value="file54">github.com/calypr/git-drs/internal/drstrack/tracking.go (64.2%)</option>
+				
+				<option value="file55">github.com/calypr/git-drs/internal/gitfilter/filter_process.go (63.1%)</option>
+				
+				<option value="file56">github.com/calypr/git-drs/internal/gitrepo/bucket_map.go (84.9%)</option>
+				
+				<option value="file57">github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go (68.6%)</option>
+				
+				<option value="file58">github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go (23.1%)</option>
+				
+				<option value="file59">github.com/calypr/git-drs/internal/gitrepo/repo.go (44.3%)</option>
+				
+				<option value="file60">github.com/calypr/git-drs/internal/lfs/inventory.go (66.7%)</option>
+				
+				<option value="file61">github.com/calypr/git-drs/internal/lfs/object_path.go (75.0%)</option>
+				
+				<option value="file62">github.com/calypr/git-drs/internal/lfs/repo_paths.go (64.8%)</option>
+				
+				<option value="file63">github.com/calypr/git-drs/internal/pathspec/match.go (63.6%)</option>
+				
+				<option value="file64">github.com/calypr/git-drs/internal/precommit_cache/helpers.go (36.3%)</option>
+				
+				<option value="file65">github.com/calypr/git-drs/internal/pushsync/batch_sync.go (58.1%)</option>
+				
+				<option value="file66">github.com/calypr/git-drs/internal/pushsync/register.go (57.3%)</option>
+				
+				<option value="file67">github.com/calypr/git-drs/internal/version/version.go (100.0%)</option>
 				
 				</select>
 			</div>
@@ -526,7 +552,7 @@
         "os"
         "path/filepath"
 
-        "github.com/calypr/git-drs/internal/cloud"
+        sycloud "github.com/calypr/syfon/client/cloud"
         "github.com/spf13/cobra"
 )
 
@@ -577,7 +603,7 @@
 
 // printResolvedInfo writes a human-readable summary of resolved Git/LFS and
 // cloud object information to the command's stdout for user confirmation.
-func printResolvedInfo(cmd *cobra.Command, gitCommonDir, lfsRoot string, objectInfo *cloud.ObjectInfo, pathArg string, isTracked bool, sha256 string) error <span class="cov1" title="1">{
+func printResolvedInfo(cmd *cobra.Command, gitCommonDir, lfsRoot string, objectInfo *sycloud.ObjectInfo, pathArg string, isTracked bool, sha256 string) error <span class="cov1" title="1">{
         if _, err := fmt.Fprintf(cmd.OutOrStdout(), `
 Resolved Git LFS Object Info
 ----------------------------
@@ -651,29 +677,34 @@
 
 // NewCommand constructs the Cobra command for the `add-url` subcommand,
 // wiring usage, argument validation and the RunE handler.
-func NewCommand() *cobra.Command <span class="cov10" title="4">{
+func NewCommand() *cobra.Command <span class="cov10" title="5">{
         cmd := &amp;cobra.Command{
-                Use:   "add-url &lt;cloud-url&gt; [path]",
-                Short: "Add a file to the Git DRS repo using a cloud object URL",
+                Use:   "add-url &lt;object-url-or-key&gt; [path]",
+                Short: "Add a file from a provider URL or configured bucket object key",
                 Args: func(cmd *cobra.Command, args []string) error </span><span class="cov0" title="0">{
                         if len(args) &lt; 1 || len(args) &gt; 2 </span><span class="cov0" title="0">{
-                                return errors.New("usage: add-url &lt;cloud-url&gt; [path]")
+                                return errors.New("usage: add-url &lt;object-url-or-key&gt; [path]")
                         }</span>
                         <span class="cov0" title="0">return nil</span>
                 },
                 RunE: runAddURL,
         }
-        <span class="cov10" title="4">addFlags(cmd)
+        <span class="cov10" title="5">addFlags(cmd)
         return cmd</span>
 }
 
 // addFlags registers optional expected SHA256 checksum.
-func addFlags(cmd *cobra.Command) <span class="cov10" title="4">{
+func addFlags(cmd *cobra.Command) <span class="cov10" title="5">{
         cmd.Flags().String(
                 "sha256",
                 "",
                 "Expected SHA256 checksum (optional)",
         )
+        cmd.Flags().String(
+                "scheme",
+                "",
+                "Storage scheme for object-key mode (for example: s3 or gs)",
+        )
 }</span>
 
 // runAddURL is the Cobra RunE wrapper that delegates execution to the service.
@@ -688,72 +719,132 @@
         "fmt"
         "net/url"
         "os"
+        "path"
         "strings"
 
-        "github.com/calypr/git-drs/internal/cloud"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        sycloud "github.com/calypr/syfon/client/cloud"
         "github.com/spf13/cobra"
 )
 
 // addURLInput holds the parsed CLI state for the add-url command.
 type addURLInput struct {
-        objectURL    string
-        path         string
-        sha256       string
-        objectParams cloud.ObjectParameters
+        sourceArg string
+        objectURL string
+        path      string
+        sha256    string
+        scheme    string
 }
 
-// parseAddURLInput parses CLI args and flags into an addURLInput and constructs
-// cloud.ObjectParameters for metadata inspection.
-func parseAddURLInput(cmd *cobra.Command, args []string) (addURLInput, error) <span class="cov3" title="3">{
-        objectURL := args[0]
+// parseAddURLInput parses CLI args and flags into an addURLInput.
+func parseAddURLInput(cmd *cobra.Command, args []string) (addURLInput, error) <span class="cov5" title="4">{
+        sourceArg := strings.TrimSpace(args[0])
 
-        pathArg, err := resolvePathArg(objectURL, args)
+        pathArg, err := resolvePathArg(sourceArg, args)
         if err != nil </span><span class="cov0" title="0">{
                 return addURLInput{}, err
         }</span>
 
-        <span class="cov3" title="3">sha256Param, err := cmd.Flags().GetString("sha256")
+        <span class="cov5" title="4">sha256Param, err := cmd.Flags().GetString("sha256")
         if err != nil </span><span class="cov0" title="0">{
                 return addURLInput{}, fmt.Errorf("read flag sha256: %w", err)
         }</span>
+        <span class="cov5" title="4">scheme, err := cmd.Flags().GetString("scheme")
+        if err != nil </span><span class="cov0" title="0">{
+                return addURLInput{}, fmt.Errorf("read flag scheme: %w", err)
+        }</span>
 
-        <span class="cov3" title="3">return addURLInput{
-                objectURL: objectURL,
+        <span class="cov5" title="4">return addURLInput{
+                sourceArg: sourceArg,
                 path:      pathArg,
                 sha256:    sha256Param,
-                objectParams: cloud.ObjectParameters{
-                        ObjectURL:       objectURL,
-                        S3Region:        firstNonEmpty(os.Getenv("AWS_REGION"), os.Getenv("AWS_DEFAULT_REGION"), os.Getenv("TEST_BUCKET_REGION")),
-                        S3Endpoint:      firstNonEmpty(os.Getenv("AWS_ENDPOINT_URL_S3"), os.Getenv("AWS_ENDPOINT_URL"), os.Getenv("TEST_BUCKET_ENDPOINT")),
-                        S3AccessKey:     firstNonEmpty(os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("TEST_BUCKET_ACCESS_KEY")),
-                        S3SecretKey:     firstNonEmpty(os.Getenv("AWS_SECRET_ACCESS_KEY"), os.Getenv("TEST_BUCKET_SECRET_KEY")),
-                        SHA256:          sha256Param,
-                        DestinationPath: pathArg,
-                },
+                scheme:    strings.ToLower(strings.TrimSpace(scheme)),
         }, nil</span>
 }
 
 // resolvePathArg returns the explicit destination path argument when provided,
-// otherwise derives the worktree path from the given cloud URL path component.
-func resolvePathArg(objectURL string, args []string) (string, error) <span class="cov3" title="3">{
+// otherwise derives the worktree path from the given cloud URL or object key.
+func resolvePathArg(sourceArg string, args []string) (string, error) <span class="cov5" title="4">{
         if len(args) == 2 </span><span class="cov0" title="0">{
                 return args[1], nil
         }</span>
-        <span class="cov3" title="3">u, err := url.Parse(objectURL)
+        <span class="cov5" title="4">if looksLikeCloudURL(sourceArg) </span><span class="cov4" title="3">{
+                u, err := url.Parse(sourceArg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov4" title="3">return strings.TrimPrefix(u.Path, "/"), nil</span>
+        }
+        <span class="cov1" title="1">return strings.Trim(strings.TrimSpace(sourceArg), "/"), nil</span>
+}
+
+func buildObjectParameters(objectURL, pathArg, sha256 string) sycloud.ObjectParameters <span class="cov3" title="2">{
+        return sycloud.ObjectParameters{
+                ObjectURL:       objectURL,
+                S3Region:        firstNonEmpty(os.Getenv("AWS_REGION"), os.Getenv("AWS_DEFAULT_REGION"), os.Getenv("TEST_BUCKET_REGION")),
+                S3Endpoint:      firstNonEmpty(os.Getenv("AWS_ENDPOINT_URL_S3"), os.Getenv("AWS_ENDPOINT_URL"), os.Getenv("TEST_BUCKET_ENDPOINT")),
+                S3AccessKey:     firstNonEmpty(os.Getenv("AWS_ACCESS_KEY_ID"), os.Getenv("TEST_BUCKET_ACCESS_KEY")),
+                S3SecretKey:     firstNonEmpty(os.Getenv("AWS_SECRET_ACCESS_KEY"), os.Getenv("TEST_BUCKET_SECRET_KEY")),
+                SHA256:          sha256,
+                DestinationPath: pathArg,
+        }
+}</span>
+
+func looksLikeCloudURL(raw string) bool <span class="cov6" title="7">{
+        u, err := url.Parse(strings.TrimSpace(raw))
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return false
+        }</span>
+        <span class="cov6" title="7">if strings.TrimSpace(u.Scheme) == "" </span><span class="cov4" title="3">{
+                return false
+        }</span>
+        <span class="cov5" title="4">switch strings.ToLower(strings.TrimSpace(u.Scheme)) </span>{
+        case "s3", "gs", "gcs", "azblob", "http", "https":<span class="cov5" title="4">
+                return strings.TrimSpace(u.Host) != ""</span>
+        default:<span class="cov0" title="0">
+                return false</span>
+        }
+}
+
+func resolveObjectURL(input addURLInput, scope gitrepo.ResolvedBucketScope) (string, error) <span class="cov4" title="3">{
+        if looksLikeCloudURL(input.sourceArg) </span><span class="cov1" title="1">{
+                return input.sourceArg, nil
         }</span>
-        <span class="cov3" title="3">return strings.TrimPrefix(u.Path, "/"), nil</span>
+        <span class="cov3" title="2">if input.scheme == "" </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("object key mode requires --scheme because local bucket mappings store bucket/prefix but not provider scheme")
+        }</span>
+        <span class="cov1" title="1">key := joinObjectKey(scope.Prefix, input.sourceArg)
+        switch input.scheme </span>{
+        case "s3":<span class="cov1" title="1">
+                return fmt.Sprintf("s3://%s/%s", scope.Bucket, key), nil</span>
+        case "gs", "gcs":<span class="cov0" title="0">
+                return fmt.Sprintf("gs://%s/%s", scope.Bucket, key), nil</span>
+        case "azblob", "az":<span class="cov0" title="0">
+                return "", fmt.Errorf("object key mode for Azure requires a full azblob:// URL because the local mapping does not store account_name")</span>
+        default:<span class="cov0" title="0">
+                return "", fmt.Errorf("unsupported --scheme %q (expected s3 or gs, or pass a full object URL)", input.scheme)</span>
+        }
+}
+
+func joinObjectKey(prefix, key string) string <span class="cov1" title="1">{
+        parts := make([]string, 0, 2)
+        if p := strings.Trim(strings.TrimSpace(prefix), "/"); p != "" </span><span class="cov1" title="1">{
+                parts = append(parts, p)
+        }</span>
+        <span class="cov1" title="1">if k := strings.Trim(strings.TrimSpace(key), "/"); k != "" </span><span class="cov1" title="1">{
+                parts = append(parts, k)
+        }</span>
+        <span class="cov1" title="1">return path.Join(parts...)</span>
 }
 
-func firstNonEmpty(values ...string) string <span class="cov7" title="12">{
-        for _, v := range values </span><span class="cov10" title="30">{
+func firstNonEmpty(values ...string) string <span class="cov7" title="8">{
+        for _, v := range values </span><span class="cov10" title="20">{
                 v = strings.TrimSpace(v)
-                if v != "" </span><span class="cov4" title="4">{
+                if v != "" </span><span class="cov5" title="4">{
                         return v
                 }</span>
         }
-        <span class="cov6" title="8">return ""</span>
+        <span class="cov5" title="4">return ""</span>
 }
 </pre>
 		
@@ -790,16 +881,20 @@
 
 import (
         "context"
+        "crypto/sha256"
         "fmt"
         "log/slog"
-        "os"
+        "strings"
 
-        "github.com/calypr/git-drs/internal/cloud"
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drsmap"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/drstrack"
         "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        sycloud "github.com/calypr/syfon/client/cloud"
+        "github.com/google/uuid"
         "github.com/spf13/cobra"
 )
 
@@ -807,7 +902,7 @@
 // behavior (logger factory, object inspection, LFS helpers, config loader, etc.).
 type AddURLService struct {
         newLogger     func(string, bool) (*slog.Logger, error)
-        inspectObject func(ctx context.Context, input cloud.ObjectParameters) (*cloud.ObjectInfo, error)
+        inspectObject func(ctx context.Context, input sycloud.ObjectParameters) (*sycloud.ObjectInfo, error)
         isLFSTracked  func(path string) (bool, error)
         getGitRoots   func(ctx context.Context) (string, string, error)
         gitLFSTrack   func(ctx context.Context, path string) (bool, error)
@@ -816,131 +911,186 @@
 
 // NewAddURLService constructs an AddURLService populated with production
 // implementations of its dependencies.
-func NewAddURLService() *AddURLService <span class="cov8" title="1">{
+func NewAddURLService() *AddURLService <span class="cov1" title="1">{
         return &amp;AddURLService{
                 newLogger:     drslog.NewLogger,
-                inspectObject: cloud.InspectObjectForLFS,
+                inspectObject: sycloud.InspectObject,
                 isLFSTracked:  lfs.IsLFSTracked,
                 getGitRoots:   lfs.GetGitRootDirectories,
-                gitLFSTrack:   lfs.GitLFSTrackReadOnly,
+                gitLFSTrack:   drstrack.TrackReadOnly,
                 loadConfig:    config.LoadConfig,
         }
 }</span>
 
-// Run executes the add-url workflow: parse CLI input, inspect the cloud object,
+// Run executes the add-url workflow: parse CLI input, resolve the target bucket
+// scope, inspect the provider object through the client-owned cloud package,
 // ensure the LFS object exists in local storage, write a pointer file, update
 // the pre-commit cache (best-effort), optionally add a tracking entry, and
 // record the DRS mapping.
-func (s *AddURLService) Run(cmd *cobra.Command, args []string) error <span class="cov8" title="1">{
+func (s *AddURLService) Run(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
         ctx := cmd.Context()
-        if ctx == nil </span><span class="cov8" title="1">{
+        if ctx == nil </span><span class="cov1" title="1">{
                 ctx = context.Background()
         }</span>
 
-        <span class="cov8" title="1">logger, err := s.newLogger("", false)
+        <span class="cov1" title="1">logger, err := s.newLogger("", false)
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("error creating logger: %v", err)
         }</span>
 
-        <span class="cov8" title="1">input, err := parseAddURLInput(cmd, args)
+        <span class="cov1" title="1">input, err := parseAddURLInput(cmd, args)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">objectInfo, err := s.inspectObject(ctx, input.objectParams)
+        <span class="cov1" title="1">cfg, err := s.loadConfig()
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return fmt.Errorf("error getting config: %v", err)
         }</span>
 
-        <span class="cov8" title="1">isTracked, err := s.isLFSTracked(input.path)
+        <span class="cov1" title="1">remote, err := cfg.GetDefaultRemote()
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("check LFS tracking for %s: %w", input.path, err)
+                return err
         }</span>
 
-        <span class="cov8" title="1">gitCommonDir, lfsRoot, err := s.getGitRoots(ctx)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("get git root directories: %w", err)
+        <span class="cov1" title="1">remoteConfig := cfg.GetRemote(remote)
+        if remoteConfig == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error getting remote configuration for %s", remote)
         }</span>
 
-        <span class="cov8" title="1">if err := printResolvedInfo(cmd, gitCommonDir, lfsRoot, objectInfo, input.path, isTracked, input.sha256); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">org, project, scope, err := resolveTargetScope(remoteConfig)
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">oid, err := s.ensureLFSObject(ctx, objectInfo, input, lfsRoot)
+        <span class="cov1" title="1">input.objectURL, err = resolveObjectURL(input, scope)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">if err := writePointerFile(input.path, oid, objectInfo.SizeBytes); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">objectInfo, err := s.inspectObject(ctx, buildObjectParameters(input.objectURL, input.path, input.sha256))
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">if err := updatePrecommitCache(ctx, logger, input.path, oid, input.objectURL); err != nil </span><span class="cov0" title="0">{
-                logger.Warn("pre-commit cache update skipped", "error", err)
+        <span class="cov1" title="1">isTracked, err := s.isLFSTracked(input.path)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("check LFS tracking for %s: %w", input.path, err)
+        }</span>
+
+        <span class="cov1" title="1">gitCommonDir, lfsRoot, err := s.getGitRoots(ctx)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("get git root directories: %w", err)
         }</span>
 
-        <span class="cov8" title="1">if err := maybeTrackLFS(ctx, s.gitLFSTrack, input.path, isTracked); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if err := printResolvedInfo(cmd, gitCommonDir, lfsRoot, objectInfo, input.path, isTracked, input.sha256); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">cfg, err := s.loadConfig()
+        <span class="cov1" title="1">oid, err := s.ensureLFSObject(ctx, objectInfo, input, lfsRoot)
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting config: %v", err)
+                return err
         }</span>
 
-        <span class="cov8" title="1">remote, err := cfg.GetDefaultRemote()
-        if err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if err := writePointerFile(input.path, oid, objectInfo.SizeBytes); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">remoteConfig := cfg.GetRemote(remote)
-        if remoteConfig == nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting remote configuration for %s", remote)
+        <span class="cov1" title="1">if err := updatePrecommitCache(ctx, logger, input.path, oid, input.objectURL); err != nil </span><span class="cov0" title="0">{
+                logger.Warn("pre-commit cache update skipped", "error", err)
         }</span>
 
-        <span class="cov8" title="1">org, project, scope, err := resolveTargetScope(remoteConfig)
-        if err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if err := maybeTrackLFS(ctx, s.gitLFSTrack, input.path, isTracked); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov8" title="1">builder := common.NewObjectBuilder(scope.Bucket, project)
+        <span class="cov1" title="1">builder := drsobject.NewBuilder(scope.Bucket, project)
         builder.Organization = org
         builder.StoragePrefix = scope.Prefix
 
-        file := lfs.LfsFileInfo{
+        file := addURLDrsFile{
                 Name: input.path,
                 Size: objectInfo.SizeBytes,
                 Oid:  oid,
         }
-        if _, err := drsmap.WriteDrsFile(builder, file, &amp;input.objectURL); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error WriteDrsFile: %v", err)
+        if _, err := writeAddURLDrsObject(builder, file, input.objectURL); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("write local DRS object: %w", err)
         }</span>
 
-        <span class="cov8" title="1">return nil</span>
+        <span class="cov1" title="1">return nil</span>
+}
+
+type addURLDrsFile struct {
+        Name string
+        Size int64
+        Oid  string
+}
+
+func writeAddURLDrsObject(builder drsobject.Builder, file addURLDrsFile, objectPath string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
+        var drsObj *drsapi.DrsObject
+        if err == nil &amp;&amp; existing != nil </span><span class="cov0" title="0">{
+                drsObj = existing
+                name := file.Name
+                drsObj.Name = &amp;name
+                drsObj.Size = file.Size
+        }</span> else<span class="cov1" title="1"> {
+                drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
+                drsObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, fmt.Errorf("error building DRS object for oid %s: %w", file.Oid, err)
+                }</span>
+        }
+
+        <span class="cov1" title="1">if objectPath != "" </span><span class="cov1" title="1">{
+                if drsObj.AccessMethods != nil &amp;&amp; len(*drsObj.AccessMethods) &gt; 0 </span><span class="cov1" title="1">{
+                        am := &amp;(*drsObj.AccessMethods)[0]
+                        am.AccessUrl = &amp;struct {
+                                Headers *[]string `json:"headers,omitempty"`
+                                Url     string    `json:"url"`
+                        }{Url: objectPath}
+                }</span> else<span class="cov0" title="0"> {
+                        drsObj.AccessMethods = &amp;[]drsapi.AccessMethod{{
+                                Type: drsapi.AccessMethodTypeS3,
+                                AccessUrl: &amp;struct {
+                                        Headers *[]string `json:"headers,omitempty"`
+                                        Url     string    `json:"url"`
+                                }{Url: objectPath},
+                        }}
+                }</span>
+        }
+
+        <span class="cov1" title="1">if err := drsobject.WriteObject(common.DRS_OBJS_PATH, drsObj, file.Oid); err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error writing DRS object for oid %s: %w", file.Oid, err)
+        }</span>
+        <span class="cov1" title="1">return drsObj, nil</span>
 }
 
-// ensureLFSObject ensures the LFS object identified by objectInfo exists in the
-// repository's LFS storage. If SHA256 is provided, it is trusted and returned.
-// Otherwise we create a sentinel object and synthetic OID derived from ETag,
-// deferring true checksum validation to first real data use.
-func (s *AddURLService) ensureLFSObject(ctx context.Context, objectInfo *cloud.ObjectInfo, input addURLInput, lfsRoot string) (string, error) <span class="cov8" title="1">{
+// ensureLFSObject returns the LFS pointer OID to use for the add-url target.
+// If SHA256 is provided, it is trusted and returned. Otherwise we derive a
+// deterministic placeholder OID from provider identity without writing any
+// local LFS object payload.
+func (s *AddURLService) ensureLFSObject(ctx context.Context, objectInfo *sycloud.ObjectInfo, input addURLInput, lfsRoot string) (string, error) <span class="cov1" title="1">{
         _ = ctx
+        _ = lfsRoot
         if input.sha256 != "" </span><span class="cov0" title="0">{
                 return input.sha256, nil
         }</span>
 
-        <span class="cov8" title="1">oid, err := lfs.SyntheticOIDFromETag(objectInfo.ETag)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
-        }</span>
-        <span class="cov8" title="1">objPath, err := lfs.WriteAddURLSentinelObject(lfsRoot, oid, objectInfo.ETag, input.objectURL)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+        <span class="cov1" title="1">return placeholderOIDForUnknownSHA(objectInfo.ETag, input.objectURL)</span>
+}
+
+func placeholderOIDForUnknownSHA(etag string, sourceURL string) (string, error) <span class="cov10" title="5">{
+        e := strings.TrimSpace(strings.Trim(etag, `"`))
+        src := strings.TrimSpace(sourceURL)
+        if e == "" </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("etag is required for placeholder oid")
         }</span>
-        <span class="cov8" title="1">if _, err := fmt.Fprintf(os.Stderr, "Added add-url sentinel object at %s\n", objPath); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("stderr write: %w", err)
+        <span class="cov8" title="4">if src == "" </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("source URL is required for placeholder oid")
         }</span>
-        <span class="cov8" title="1">return oid, nil</span>
+        <span class="cov8" title="4">sum := sha256.Sum256([]byte("git-drs-add-url-placeholder:v2\netag=" + e + "\nsource=" + src + "\n"))
+        return fmt.Sprintf("%x", sum[:]), nil</span>
 }
 </pre>
 		
@@ -957,11 +1107,11 @@
         "strings"
         "time"
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
+        "github.com/calypr/data-client/credentials"
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/drslog"
         "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/syfon/client/conf"
+        conf "github.com/calypr/syfon/client/config"
         "github.com/spf13/cobra"
 )
 
@@ -1195,7 +1345,7 @@
                 if prof, err := configure.Load(remoteName); err == nil </span><span class="cov0" title="0">{
                         token = strings.TrimSpace(prof.AccessToken)
                         if token == "" </span><span class="cov0" title="0">{
-                                if ensureErr := gitauth.EnsureValidCredential(context.Background(), prof, drslog.GetLogger()); ensureErr == nil </span><span class="cov0" title="0">{
+                                if ensureErr := credentials.EnsureValidCredential(context.Background(), prof, drslog.GetLogger()); ensureErr == nil </span><span class="cov0" title="0">{
                                         _ = configure.Save(prof)
                                         token = strings.TrimSpace(prof.AccessToken)
                                 }</span>
@@ -1326,135 +1476,487 @@
 }
 </pre>
 		
-		<pre class="file" id="file8" style="display: none">package credentialhelper
+		<pre class="file" id="file8" style="display: none">package copyrecords
 
 import (
-        "bufio"
         "context"
+        "encoding/json"
         "fmt"
-        "io"
-        "net/url"
-        "os"
+        "log/slog"
         "strings"
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
+        "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/syfon/client/conf"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+        syservices "github.com/calypr/syfon/client/services"
         "github.com/spf13/cobra"
 )
 
-// Cmd implements a git credential helper bridge for git-drs over HTTP.
+var (
+        batchSize int
+)
+
+type copyStats struct {
+        SourceSeen int
+        Created    int
+        Updated    int
+        Unchanged  int
+        Written    int
+}
+
+type indexAPI interface {
+        List(ctx context.Context, opts syservices.ListRecordsOptions) (internalapi.ListRecordsResponse, error)
+        BulkDocuments(ctx context.Context, dids []string) ([]internalapi.InternalRecordResponse, error)
+        CreateBulk(ctx context.Context, req internalapi.BulkCreateRequest) (internalapi.ListRecordsResponse, error)
+}
+
 var Cmd = &amp;cobra.Command{
-        Use:    "credential-helper &lt;get|store|erase&gt;",
-        Hidden: true,
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                if len(args) != 1 </span><span class="cov0" title="0">{
-                        return fmt.Errorf("expected exactly one action: get, store, or erase")
-                }</span>
-                <span class="cov0" title="0">switch args[0] </span>{
-                case "get", "store", "erase":<span class="cov0" title="0">
-                        return nil</span>
-                default:<span class="cov0" title="0">
-                        return fmt.Errorf("unsupported action: %s", args[0])</span>
-                }
-        },
+        Use:   "copy-records [source-remote] &lt;target-remote&gt; &lt;organization/project&gt;",
+        Short: "Copy Syfon records between remotes for one organization/project scope",
+        Long:  "Read all Syfon records for a source organization/project scope and bulk load them into a target Syfon instance, only merging controlled_access and access_methods for records that already exist on the target.",
+        Args:  cobra.RangeArgs(2, 3),
         RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                action := args[0]
-                if action != "get" </span><span class="cov0" title="0">{
-                        // Stateless helper: no-op for store/erase.
-                        return nil
+                logger := drslog.GetLogger()
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error loading config: %w", err)
                 }</span>
 
-                <span class="cov0" title="0">req, err := readCredentialRequest(os.Stdin)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil
+                <span class="cov0" title="0">sourceRemote := ""
+                targetRemote := ""
+                scopeArg := ""
+                if len(args) == 2 </span><span class="cov0" title="0">{
+                        targetRemote = args[0]
+                        scopeArg = args[1]
+                }</span> else<span class="cov0" title="0"> {
+                        sourceRemote = args[0]
+                        targetRemote = args[1]
+                        scopeArg = args[2]
                 }</span>
 
-                <span class="cov0" title="0">logg := drslog.GetLogger()
-                remoteName, endpoint, err := resolveRemote()
+                <span class="cov0" title="0">srcRemoteName, err := cfg.GetRemoteOrDefault(sourceRemote)
                 if err != nil </span><span class="cov0" title="0">{
-                        return nil
+                        return fmt.Errorf("error resolving source remote: %w", err)
                 }</span>
-                <span class="cov0" title="0">if !requestMatchesEndpointHost(req, endpoint) </span><span class="cov0" title="0">{
-                        return nil
+                <span class="cov0" title="0">if strings.TrimSpace(targetRemote) == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("target remote is required")
                 }</span>
-
-                // Local/basic-auth remotes: prefer explicit repo credentials.
-                <span class="cov0" title="0">if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov0" title="0">{
-                        fmt.Fprintf(os.Stdout, "username=%s\npassword=%s\n\n", username, password)
-                        _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
-                        return nil
+                <span class="cov0" title="0">dstRemoteName := config.Remote(targetRemote)
+                if srcRemoteName == dstRemoteName </span><span class="cov0" title="0">{
+                        return fmt.Errorf("source and target remotes must be different")
                 }</span>
 
-                <span class="cov0" title="0">token := ""
-                // Prefer repo-local token first to keep git-drs local and deterministic.
-                if repoToken, err := gitrepo.GetRemoteToken(remoteName); err == nil &amp;&amp; strings.TrimSpace(repoToken) != "" </span><span class="cov0" title="0">{
-                        token = strings.TrimSpace(repoToken)
+                <span class="cov0" title="0">srcCfg := cfg.GetRemote(srcRemoteName)
+                if srcCfg == nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("source remote %q not found", srcRemoteName)
                 }</span>
 
-                // Try global profile to refresh/validate; fall back to repo token if unavailable.
-                <span class="cov0" title="0">manager := conf.NewConfigure(logg)
-                cred, err := manager.Load(remoteName)
-                if err == nil </span><span class="cov0" title="0">{
-                        if token != "" </span><span class="cov0" title="0">{
-                                cred.AccessToken = token
-                        }</span>
-                        <span class="cov0" title="0">if ensureErr := gitauth.EnsureValidCredential(context.Background(), cred, logg); ensureErr == nil </span><span class="cov0" title="0">{
-                                _ = manager.Save(cred)
-                                token = strings.TrimSpace(cred.AccessToken)
-                                if token != "" </span><span class="cov0" title="0">{
-                                        _ = gitrepo.SetRemoteToken(remoteName, token)
-                                }</span>
-                        }
-                }
+                <span class="cov0" title="0">org, proj, err := parseScopeArg(scopeArg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
 
-                <span class="cov0" title="0">if token == "" </span><span class="cov0" title="0">{
-                        return nil
+                <span class="cov0" title="0">srcCtx, err := cfg.GetRemoteClient(srcRemoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error creating source client: %w", err)
+                }</span>
+                <span class="cov0" title="0">dstCtx, err := cfg.GetRemoteClient(dstRemoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error creating target client: %w", err)
                 }</span>
 
-                // Username can be arbitrary for token-based Basic auth; server reads password token.
-                <span class="cov0" title="0">fmt.Fprintf(os.Stdout, "username=oauth2\npassword=%s\n\n", token)
+                <span class="cov0" title="0">stats, err := copyProjectRecords(cmd.Context(), logger, srcCtx.Client.Index(), dstCtx.Client.Index(), org, proj, batchSize)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
 
-                // Keep lfsurl synced for this remote.
-                _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+                <span class="cov0" title="0">logger.Info("copy-records complete",
+                        "source_remote", srcRemoteName,
+                        "target_remote", dstRemoteName,
+                        "organization", org,
+                        "project", proj,
+                        "source_seen", stats.SourceSeen,
+                        "created", stats.Created,
+                        "updated", stats.Updated,
+                        "unchanged", stats.Unchanged,
+                        "written", stats.Written,
+                )
                 return nil</span>
         },
 }
 
-type credentialRequest struct {
-        Protocol string
-        Host     string
-        Path     string
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().IntVar(&amp;batchSize, "batch-size", 250, "records per source page and target bulk write")
+}</span>
+
+func parseScopeArg(raw string) (string, string, error) <span class="cov0" title="0">{
+        raw = strings.TrimSpace(raw)
+        if raw == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("scope is required and must be in organization/project form")
+        }</span>
+        <span class="cov0" title="0">parts := strings.Split(raw, "/")
+        if len(parts) != 2 </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+        }</span>
+        <span class="cov0" title="0">org := strings.TrimSpace(parts[0])
+        project := strings.TrimSpace(parts[1])
+        if org == "" || project == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
+        }</span>
+        <span class="cov0" title="0">return org, project, nil</span>
 }
 
-func readCredentialRequest(in io.Reader) (credentialRequest, error) <span class="cov1" title="1">{
-        req := credentialRequest{}
-        s := bufio.NewScanner(in)
-        for s.Scan() </span><span class="cov10" title="4">{
-                line := strings.TrimSpace(s.Text())
-                if line == "" </span><span class="cov1" title="1">{
+func copyProjectRecords(ctx context.Context, logger *slog.Logger, src indexAPI, dst indexAPI, org, project string, batchSize int) (copyStats, error) <span class="cov0" title="0">{
+        if batchSize &lt;= 0 </span><span class="cov0" title="0">{
+                batchSize = 250
+        }</span>
+
+        <span class="cov0" title="0">stats := copyStats{}
+        page := 1
+        for </span><span class="cov0" title="0">{
+                listResp, err := src.List(ctx, syservices.ListRecordsOptions{
+                        Organization: org,
+                        ProjectID:    project,
+                        Limit:        batchSize,
+                        Page:         page,
+                })
+                if err != nil </span><span class="cov0" title="0">{
+                        return stats, fmt.Errorf("source list failed for %s/%s page %d: %w", org, project, page, err)
+                }</span>
+                <span class="cov0" title="0">records := []internalapi.InternalRecord{}
+                if listResp.Records != nil </span><span class="cov0" title="0">{
+                        records = *listResp.Records
+                }</span>
+                <span class="cov0" title="0">if len(records) == 0 </span><span class="cov0" title="0">{
                         break</span>
                 }
-                <span class="cov8" title="3">parts := strings.SplitN(line, "=", 2)
-                if len(parts) != 2 </span><span class="cov0" title="0">{
-                        continue</span>
+                <span class="cov0" title="0">stats.SourceSeen += len(records)
+
+                toWrite, batchStats, err := buildMergedBatch(ctx, dst, records)
+                if err != nil </span><span class="cov0" title="0">{
+                        return stats, err
+                }</span>
+                <span class="cov0" title="0">stats.Created += batchStats.Created
+                stats.Updated += batchStats.Updated
+                stats.Unchanged += batchStats.Unchanged
+
+                if len(toWrite) &gt; 0 </span><span class="cov0" title="0">{
+                        resp, err := dst.CreateBulk(ctx, internalapi.BulkCreateRequest{Records: toWrite})
+                        if err != nil </span><span class="cov0" title="0">{
+                                return stats, fmt.Errorf("target bulk create failed on page %d: %w", page, err)
+                        }</span>
+                        <span class="cov0" title="0">if resp.Records != nil </span><span class="cov0" title="0">{
+                                stats.Written += len(*resp.Records)
+                        }</span> else<span class="cov0" title="0"> {
+                                stats.Written += len(toWrite)
+                        }</span>
                 }
-                <span class="cov8" title="3">key := strings.TrimSpace(parts[0])
-                val := strings.TrimSpace(parts[1])
-                switch key </span>{
-                case "protocol":<span class="cov1" title="1">
-                        req.Protocol = val</span>
-                case "host":<span class="cov1" title="1">
-                        req.Host = val</span>
-                case "path":<span class="cov1" title="1">
-                        req.Path = val</span>
+
+                <span class="cov0" title="0">if logger != nil </span><span class="cov0" title="0">{
+                        logger.Info("copy-records batch complete",
+                                "organization", org,
+                                "project", project,
+                                "page", page,
+                                "source_records", len(records),
+                                "created", batchStats.Created,
+                                "updated", batchStats.Updated,
+                                "unchanged", batchStats.Unchanged,
+                                "written", len(toWrite),
+                        )
+                }</span>
+
+                <span class="cov0" title="0">if len(records) &lt; batchSize </span><span class="cov0" title="0">{
+                        break</span>
                 }
+                <span class="cov0" title="0">page++</span>
         }
-        <span class="cov1" title="1">return req, s.Err()</span>
+
+        <span class="cov0" title="0">return stats, nil</span>
 }
 
-func resolveRemote() (string, string, error) <span class="cov0" title="0">{
+func buildMergedBatch(ctx context.Context, dst indexAPI, source []internalapi.InternalRecord) ([]internalapi.InternalRecord, copyStats, error) <span class="cov1" title="1">{
+        stats := copyStats{}
+        if len(source) == 0 </span><span class="cov0" title="0">{
+                return nil, stats, nil
+        }</span>
+
+        <span class="cov1" title="1">dids := make([]string, 0, len(source))
+        for _, rec := range source </span><span class="cov4" title="2">{
+                did := strings.TrimSpace(rec.Did)
+                if did == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">dids = append(dids, did)</span>
+        }
+
+        <span class="cov1" title="1">existing, err := dst.BulkDocuments(ctx, dids)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, stats, fmt.Errorf("target bulk documents failed: %w", err)
+        }</span>
+        <span class="cov1" title="1">existingByDID := make(map[string]internalapi.InternalRecord, len(existing))
+        for _, rec := range existing </span><span class="cov1" title="1">{
+                existingByDID[strings.TrimSpace(rec.Did)] = recordResponseToRecord(rec)
+        }</span>
+
+        <span class="cov1" title="1">out := make([]internalapi.InternalRecord, 0, len(source))
+        for _, src := range source </span><span class="cov4" title="2">{
+                did := strings.TrimSpace(src.Did)
+                if did == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">if dstRec, ok := existingByDID[did]; ok </span><span class="cov1" title="1">{
+                        merged, changed := mergeExistingRecord(dstRec, src)
+                        if changed </span><span class="cov1" title="1">{
+                                out = append(out, merged)
+                                stats.Updated++
+                        }</span> else<span class="cov0" title="0"> {
+                                stats.Unchanged++
+                        }</span>
+                        <span class="cov1" title="1">continue</span>
+                }
+                <span class="cov1" title="1">out = append(out, src)
+                stats.Created++</span>
+        }
+
+        <span class="cov1" title="1">return out, stats, nil</span>
+}
+
+func mergeExistingRecord(dst, src internalapi.InternalRecord) (internalapi.InternalRecord, bool) <span class="cov4" title="2">{
+        merged := dst
+        changed := false
+
+        controlledAccess := mergeStringLists(dst.ControlledAccess, src.ControlledAccess)
+        if !equalStringPointers(merged.ControlledAccess, controlledAccess) </span><span class="cov4" title="2">{
+                merged.ControlledAccess = controlledAccess
+                changed = true
+        }</span>
+
+        <span class="cov4" title="2">accessMethods := mergeAccessMethods(dst.AccessMethods, src.AccessMethods)
+        if !equalAccessMethodPointers(merged.AccessMethods, accessMethods) </span><span class="cov4" title="2">{
+                merged.AccessMethods = accessMethods
+                changed = true
+        }</span>
+
+        <span class="cov4" title="2">return merged, changed</span>
+}
+
+func recordResponseToRecord(in internalapi.InternalRecordResponse) internalapi.InternalRecord <span class="cov1" title="1">{
+        return internalapi.InternalRecord{
+                Did:              in.Did,
+                AccessMethods:    in.AccessMethods,
+                ControlledAccess: in.ControlledAccess,
+                CreatedTime:      in.CreatedTime,
+                Description:      in.Description,
+                FileName:         in.FileName,
+                Hashes:           in.Hashes,
+                Organization:     in.Organization,
+                Project:          in.Project,
+                Size:             in.Size,
+                UpdatedTime:      in.UpdatedTime,
+                Version:          in.Version,
+        }
+}</span>
+
+func mergeStringLists(left, right *[]string) *[]string <span class="cov4" title="2">{
+        seen := map[string]struct{}{}
+        out := make([]string, 0)
+        for _, list := range []*[]string{left, right} </span><span class="cov8" title="4">{
+                if list == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="4">for _, raw := range *list </span><span class="cov10" title="5">{
+                        val := strings.TrimSpace(raw)
+                        if val == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov10" title="5">if _, ok := seen[val]; ok </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov8" title="4">seen[val] = struct{}{}
+                        out = append(out, val)</span>
+                }
+        }
+        <span class="cov4" title="2">if len(out) == 0 </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov4" title="2">return &amp;out</span>
+}
+
+func mergeAccessMethods(left, right *[]drsapi.AccessMethod) *[]drsapi.AccessMethod <span class="cov4" title="2">{
+        seen := map[string]struct{}{}
+        out := make([]drsapi.AccessMethod, 0)
+        for _, list := range []*[]drsapi.AccessMethod{left, right} </span><span class="cov8" title="4">{
+                if list == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="4">for _, method := range *list </span><span class="cov10" title="5">{
+                        key := canonicalAccessMethod(method)
+                        if _, ok := seen[key]; ok </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov8" title="4">seen[key] = struct{}{}
+                        out = append(out, method)</span>
+                }
+        }
+        <span class="cov4" title="2">if len(out) == 0 </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov4" title="2">return &amp;out</span>
+}
+
+func canonicalAccessMethod(method drsapi.AccessMethod) string <span class="cov10" title="5">{
+        b, err := json.Marshal(method)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Sprintf("%s|%v", method.Type, method.AccessId)
+        }</span>
+        <span class="cov10" title="5">return string(b)</span>
+}
+
+func equalStringPointers(a, b *[]string) bool <span class="cov4" title="2">{
+        return equalJSON(a, b)
+}</span>
+
+func equalAccessMethodPointers(a, b *[]drsapi.AccessMethod) bool <span class="cov4" title="2">{
+        return equalJSON(a, b)
+}</span>
+
+func equalJSON(a, b any) bool <span class="cov8" title="4">{
+        ab, _ := json.Marshal(a)
+        bb, _ := json.Marshal(b)
+        return string(ab) == string(bb)
+}</span>
+</pre>
+		
+		<pre class="file" id="file9" style="display: none">package credentialhelper
+
+import (
+        "bufio"
+        "context"
+        "fmt"
+        "io"
+        "net/url"
+        "os"
+        "strings"
+
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        conf "github.com/calypr/syfon/client/config"
+        "github.com/spf13/cobra"
+)
+
+// Cmd implements a git credential helper bridge for git-drs over HTTP.
+var Cmd = &amp;cobra.Command{
+        Use:    "credential-helper &lt;get|store|erase&gt;",
+        Hidden: true,
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) != 1 </span><span class="cov0" title="0">{
+                        return fmt.Errorf("expected exactly one action: get, store, or erase")
+                }</span>
+                <span class="cov0" title="0">switch args[0] </span>{
+                case "get", "store", "erase":<span class="cov0" title="0">
+                        return nil</span>
+                default:<span class="cov0" title="0">
+                        return fmt.Errorf("unsupported action: %s", args[0])</span>
+                }
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                action := args[0]
+                if action != "get" </span><span class="cov0" title="0">{
+                        // Stateless helper: no-op for store/erase.
+                        return nil
+                }</span>
+
+                <span class="cov0" title="0">req, err := readCredentialRequest(os.Stdin)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+
+                <span class="cov0" title="0">logg := drslog.GetLogger()
+                remoteName, endpoint, err := resolveRemote()
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+                <span class="cov0" title="0">if !requestMatchesEndpointHost(req, endpoint) </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+
+                // Local/basic-auth remotes: prefer explicit repo credentials.
+                <span class="cov0" title="0">if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov0" title="0">{
+                        fmt.Fprintf(os.Stdout, "username=%s\npassword=%s\n\n", username, password)
+                        _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+                        return nil
+                }</span>
+
+                <span class="cov0" title="0">token := ""
+                // Prefer repo-local token first to keep git-drs local and deterministic.
+                if repoToken, err := gitrepo.GetRemoteToken(remoteName); err == nil &amp;&amp; strings.TrimSpace(repoToken) != "" </span><span class="cov0" title="0">{
+                        token = strings.TrimSpace(repoToken)
+                }</span>
+
+                // Try global profile to refresh/validate; fall back to repo token if unavailable.
+                <span class="cov0" title="0">manager := conf.NewConfigure(logg)
+                cred, err := manager.Load(remoteName)
+                if err == nil </span><span class="cov0" title="0">{
+                        if token != "" </span><span class="cov0" title="0">{
+                                cred.AccessToken = token
+                        }</span>
+                        <span class="cov0" title="0">if ensureErr := credentials.EnsureValidCredential(context.Background(), cred, logg); ensureErr == nil </span><span class="cov0" title="0">{
+                                _ = manager.Save(cred)
+                                token = strings.TrimSpace(cred.AccessToken)
+                                if token != "" </span><span class="cov0" title="0">{
+                                        _ = gitrepo.SetRemoteToken(remoteName, token)
+                                }</span>
+                        }
+                }
+
+                <span class="cov0" title="0">if token == "" </span><span class="cov0" title="0">{
+                        return nil
+                }</span>
+
+                // Username can be arbitrary for token-based Basic auth; server reads password token.
+                <span class="cov0" title="0">fmt.Fprintf(os.Stdout, "username=oauth2\npassword=%s\n\n", token)
+
+                // Keep lfsurl synced for this remote.
+                _ = gitrepo.SetRemoteLFSURL(remoteName, endpoint)
+                return nil</span>
+        },
+}
+
+type credentialRequest struct {
+        Protocol string
+        Host     string
+        Path     string
+}
+
+func readCredentialRequest(in io.Reader) (credentialRequest, error) <span class="cov1" title="1">{
+        req := credentialRequest{}
+        s := bufio.NewScanner(in)
+        for s.Scan() </span><span class="cov10" title="4">{
+                line := strings.TrimSpace(s.Text())
+                if line == "" </span><span class="cov1" title="1">{
+                        break</span>
+                }
+                <span class="cov8" title="3">parts := strings.SplitN(line, "=", 2)
+                if len(parts) != 2 </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="3">key := strings.TrimSpace(parts[0])
+                val := strings.TrimSpace(parts[1])
+                switch key </span>{
+                case "protocol":<span class="cov1" title="1">
+                        req.Protocol = val</span>
+                case "host":<span class="cov1" title="1">
+                        req.Host = val</span>
+                case "path":<span class="cov1" title="1">
+                        req.Path = val</span>
+                }
+        }
+        <span class="cov1" title="1">return req, s.Err()</span>
+}
+
+func resolveRemote() (string, string, error) <span class="cov0" title="0">{
         remoteName, err := gitrepo.GetGitConfigString("drs.default-remote")
         if err != nil </span><span class="cov0" title="0">{
                 return "", "", err
@@ -1491,7 +1993,7 @@
 }
 </pre>
 		
-		<pre class="file" id="file9" style="display: none">package delete
+		<pre class="file" id="file10" style="display: none">package delete
 
 import (
         "context"
@@ -1501,7 +2003,7 @@
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drslookup"
+        "github.com/calypr/git-drs/internal/drsremote"
         "github.com/calypr/syfon/client/hash"
         "github.com/spf13/cobra"
 )
@@ -1546,7 +2048,7 @@
                 }</span>
 
                 // Get record details before deletion for confirmation
-                <span class="cov0" title="0">records, err := drslookup.ObjectsByHashForScope(context.Background(), drsClient, oid)
+                <span class="cov0" title="0">records, err := drsremote.ObjectsByHashForScope(context.Background(), drsClient, oid)
                 if err != nil </span><span class="cov0" title="0">{
                         return fmt.Errorf("error getting records for OID %s: %v", oid, err)
                 }</span>
@@ -1596,291 +2098,186 @@
 }</span>
 </pre>
 		
-		<pre class="file" id="file10" style="display: none">package deleteproject
+		<pre class="file" id="file11" style="display: none">package initialize
 
 import (
-        "context"
         "fmt"
+        "log/slog"
         "os"
+        "os/exec"
+        "path/filepath"
+        "strconv"
+        "strings"
+        "time"
 
         "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
-        syfonclient "github.com/calypr/syfon/client/syfonclient"
+        "github.com/calypr/git-drs/internal/gitrepo"
         "github.com/spf13/cobra"
 )
 
 var (
-        remote      string
-        confirmFlag string
+        transfers            = 1
+        upsert               bool
+        multiPartThreshold   = 5120
+        enableDataClientLogs bool
 )
 
 // Cmd line declaration
 var Cmd = &amp;cobra.Command{
-        Use:    "delete-project &lt;project_id&gt;",
-        Short:  "Delete all DRS objects for a given project",
-        Long:   "Delete all DRS objects for a given project",
-        Hidden: true,
-        Args:   cobra.ExactArgs(1),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                projectId := args[0]
-                logger := drslog.GetLogger()
-
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error loading config: %v", err)
-                }</span>
-
-                <span class="cov0" title="0">remoteName, err := cfg.GetRemoteOrDefault(remote)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error getting default remote: %v", err)
+        Use:   "init",
+        Short: "Initialize repo for git-drs",
+        Long: "Description:" +
+                "\n  Initialize repo for git-drs",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+                if len(args) != 0 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs init --help' for more details", len(args), cmd.UseLine())
                 }</span>
-
-                <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remoteName, logger)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("error creating DRS client: %s", err))
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                logg := drslog.GetLogger()
+                if err := InitializeRepo(logg); err != nil </span><span class="cov1" title="1">{
                         return err
                 }</span>
+                <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
+                return nil</span>
+        },
+}
 
-                <span class="cov0" title="0">remoteConfig := cfg.GetRemote(remoteName)
-                organization := ""
-                if remoteConfig != nil </span><span class="cov0" title="0">{
-                        organization = remoteConfig.GetOrganization()
-                }</span>
+// InitializeRepo applies git-drs repository-local setup to the current git repository.
+// It is safe to call repeatedly.
+func InitializeRepo(logg *slog.Logger) error <span class="cov6" title="2">{
+        // check if .git dir exists to ensure you're in a git repository
+        _, err := gitrepo.GitTopLevel()
+        if err != nil </span><span class="cov1" title="1">{
+                return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+        }</span>
 
-                // Get a sample record to show the user what will be deleted
-                <span class="cov0" title="0">sampleResp, err := drsClient.Client.Index().List(context.Background(), syfonclient.ListRecordsOptions{
-                        Organization: organization,
-                        ProjectID:    projectId,
-                        Limit:        1,
-                        Page:         1,
-                })
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error getting sample records for project %s: %v", projectId, err)
-                }</span>
+        // create config file if it doesn't exist
+        <span class="cov1" title="1">err = config.CreateEmptyConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error: unable to create config file: %v", err)
+        }</span>
 
-                // Show details and get confirmation unless --confirm flag matches project_id
-                <span class="cov0" title="0">if confirmFlag != "" &amp;&amp; confirmFlag != projectId </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: --confirm value '%s' does not match project ID '%s'", confirmFlag, projectId)
-                }</span>
-                <span class="cov0" title="0">if confirmFlag != projectId </span><span class="cov0" title="0">{
-                        common.DisplayWarningHeader(os.Stderr, "DELETE ALL RECORDS for a project")
-                        common.DisplayField(os.Stderr, "Remote", string(remoteName))
-                        common.DisplayField(os.Stderr, "Project ID", projectId)
-
-                        if sampleResp.Records != nil &amp;&amp; len(*sampleResp.Records) &gt; 0 </span><span class="cov0" title="0">{
-                                sample := (*sampleResp.Records)[0]
-                                fmt.Fprintf(os.Stderr, "\nSample record from this project:\n")
-                                common.DisplayField(os.Stderr, "  DID", sample.Did)
-                                if sample.FileName != nil &amp;&amp; *sample.FileName != "" </span><span class="cov0" title="0">{
-                                        common.DisplayField(os.Stderr, "  Filename", *sample.FileName)
-                                }</span>
-                                <span class="cov0" title="0">if sample.Size != nil </span><span class="cov0" title="0">{
-                                        common.DisplayField(os.Stderr, "  Size", fmt.Sprintf("%d bytes", *sample.Size))
-                                }</span>
-                        } else<span class="cov0" title="0"> {
-                                fmt.Fprintf(os.Stderr, "\nNo records found for this project.\n")
-                        }</span>
+        // load the config
+        <span class="cov1" title="1">_, err = config.LoadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
+                return fmt.Errorf("error: unable to load config file: %v", err)
+        }</span>
 
-                        <span class="cov0" title="0">fmt.Fprintf(os.Stderr, "\nThis will DELETE ALL records in project '%s'.\n", projectId)
-                        common.DisplayFooter(os.Stderr)
+        // create drs directories
+        <span class="cov1" title="1">drsDir := common.DRS_DIR
+        drsLfsObjsDir := common.DRS_OBJS_PATH
+        if err := os.MkdirAll(drsDir, 0755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error: unable to create drs directory: %v", err)
+        }</span>
+        <span class="cov1" title="1">if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
+        }</span>
 
-                        if err := common.PromptForConfirmation(os.Stderr, fmt.Sprintf("Type the project ID '%s' to confirm deletion", projectId), projectId, true); err != nil </span><span class="cov0" title="0">{
-                                return err
-                        }</span>
-                }
+        <span class="cov1" title="1">err = initGitConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error initializing git-drs repository config: %v", err)
+        }</span>
 
-                // Delete the matching records
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Deleting all records for project %s...", projectId))
-                _, err = drsClient.Client.Index().DeleteByQuery(context.Background(), syfonclient.DeleteByQueryOptions{
-                        Organization: organization,
-                        ProjectID:    projectId,
-                })
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error deleting project %s: %v", projectId, err)
-                }</span>
+        // install pre-push hook
+        <span class="cov1" title="1">err = installPrePushHook(logg)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error installing pre-push hook: %v", err)
+        }</span>
+        // install pre-commit hook
+        <span class="cov1" title="1">err = installPreCommitHook(logg)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error installing pre-commit hook: %v", err)
+        }</span>
 
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Successfully deleted all records for project %s", projectId))
-                return nil</span>
-        },
+        <span class="cov1" title="1">logg.Debug("Git DRS initialized")
+        return nil</span>
 }
 
-func init() <span class="cov8" title="1">{
-        Cmd.Flags().StringVarP(&amp;remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-        Cmd.Flags().StringVar(&amp;confirmFlag, "confirm", "", "skip interactive confirmation by providing the project_id (e.g., --confirm my-project)")
-}</span>
-</pre>
-		
-		<pre class="file" id="file11" style="display: none">package fetch
-
-import (
-        "fmt"
-        "os/exec"
-        "strings"
-
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/spf13/cobra"
-)
-
-var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
-        cmd := exec.Command(name, args...)
-        return cmd.CombinedOutput()
-}</span>
-
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "fetch [remote-name]",
-        Short: "Fetch LFS objects from remote via standard git-lfs",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) &gt; 1 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs fetch --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov6" title="2">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-                logger := drslog.GetLogger()
-
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error loading config: %v", err)
-                }</span>
-
-                <span class="cov6" title="2">var remote config.Remote
-                if len(args) &gt; 0 </span><span class="cov1" title="1">{
-                        remote = config.Remote(args[0])
-                }</span> else<span class="cov1" title="1"> {
-                        remote, err = cfg.GetDefaultRemote()
-                        if err != nil </span><span class="cov1" title="1">{
-                                logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-                                return err
-                        }</span>
-                }
-
-                <span class="cov1" title="1">drsClient, err := cfg.GetRemoteClient(remote, logger)
-                if err != nil </span><span class="cov1" title="1">{
-                        logger.Error(fmt.Sprintf("\nerror creating DRS client: %s", err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">_ = drsClient // Remote validation only.
-
-                out, err := runCommand("git", "lfs", "pull", string(remote))
-                if err != nil </span><span class="cov0" title="0">{
-                        msg := strings.TrimSpace(string(out))
-                        if msg == "" </span><span class="cov0" title="0">{
-                                msg = err.Error()
-                        }</span>
-                        <span class="cov0" title="0">return fmt.Errorf("git lfs pull failed for remote %q: %s", remote, msg)</span>
-                }
-
-                <span class="cov0" title="0">return nil</span>
-        },
+// EnsureInitialized applies initialization only when the repository does not
+// already appear to have git-drs local setup installed.
+func EnsureInitialized(logg *slog.Logger) error <span class="cov6" title="2">{
+        initialized, err := isInitialized()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov6" title="2">if initialized </span><span class="cov1" title="1">{
+                return nil
+        }</span>
+        <span class="cov1" title="1">return InitializeRepo(logg)</span>
 }
-</pre>
-		
-		<pre class="file" id="file12" style="display: none">package initialize
-
-import (
-        "fmt"
-        "log/slog"
-        "os"
-        "os/exec"
-        "path/filepath"
-        "strconv"
-        "strings"
-        "time"
-
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/spf13/cobra"
-)
-
-var (
-        transfers            = 1
-        upsert               bool
-        multiPartThreshold   = 5120
-        enableDataClientLogs bool
-)
-
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "init",
-        Short: "Initialize repo for git-drs",
-        Long: "Description:" +
-                "\n  Initialize repo for git-drs",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="2">{
-                if len(args) != 0 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs init --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov1" title="1">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
-                logg := drslog.GetLogger()
 
-                // check if .git dir exists to ensure you're in a git repository
-                _, err := gitrepo.GitTopLevel()
-                if err != nil </span><span class="cov1" title="1">{
-                        return fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
-                }</span>
+func isInitialized() (bool, error) <span class="cov6" title="2">{
+        if _, err := gitrepo.GitTopLevel(); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("error: not in a git repository. Please run this command in the root of your git repository")
+        }</span>
 
-                // create config file if it doesn't exist
-                <span class="cov0" title="0">err = config.CreateEmptyConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: unable to create config file: %v", err)
+        <span class="cov6" title="2">if _, err := os.Stat(common.DRS_DIR); err != nil </span><span class="cov1" title="1">{
+                if os.IsNotExist(err) </span><span class="cov1" title="1">{
+                        return false, nil
                 }</span>
+                <span class="cov0" title="0">return false, fmt.Errorf("error checking git-drs directory: %v", err)</span>
+        }
 
-                // load the config
-                <span class="cov0" title="0">_, err = config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        logg.Debug(fmt.Sprintf("We should probably fix this: %v", err))
-                        return fmt.Errorf("error: unable to load config file: %v", err)
-                }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.process"); err != nil || strings.TrimSpace(val) != "git-drs filter" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.clean"); err != nil || strings.TrimSpace(val) != "git-drs clean -- %f" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.smudge"); err != nil || strings.TrimSpace(val) != "git-drs smudge -- %f" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if val, err := gitrepo.GetGitConfigString("filter.drs.required"); err != nil || strings.TrimSpace(val) != "true" </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
 
-                // create drs directories
-                <span class="cov0" title="0">drsDir := common.DRS_DIR
-                drsLfsObjsDir := common.DRS_OBJS_PATH
-                if err := os.MkdirAll(drsDir, 0755); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: unable to create drs directory: %v", err)
-                }</span>
-                <span class="cov0" title="0">if err := os.MkdirAll(drsLfsObjsDir, 0755); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: unable to create drs lfs objects directory: %v", err)
-                }</span>
+        <span class="cov1" title="1">preCommitInstalled, err := hookContains("pre-commit", "git drs precommit")
+        if err != nil </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">if !preCommitInstalled </span><span class="cov0" title="0">{
+                return false, nil
+        }</span>
 
-                <span class="cov0" title="0">err = initGitConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error initializing git-drs repository config: %v", err)
-                }</span>
+        <span class="cov1" title="1">prePushInstalled, err := hookContains("pre-push", "git drs pre-push-prepare")
+        if err != nil </span><span class="cov0" title="0">{
+                return false, err
+        }</span>
+        <span class="cov1" title="1">return prePushInstalled, nil</span>
+}
 
-                // install pre-push hook
-                <span class="cov0" title="0">err = installPrePushHook(logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error installing pre-push hook: %v", err)
-                }</span>
-                // install pre-commit hook
-                <span class="cov0" title="0">err = installPreCommitHook(logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error installing pre-commit hook: %v", err)
+func hookContains(name, marker string) (bool, error) <span class="cov6" title="2">{
+        hooksDir, err := gitrepo.GetGitHooksDir()
+        if err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("unable to get hooks directory: %w", err)
+        }</span>
+        <span class="cov6" title="2">content, err := os.ReadFile(filepath.Join(hooksDir, name))
+        if err != nil </span><span class="cov0" title="0">{
+                if os.IsNotExist(err) </span><span class="cov0" title="0">{
+                        return false, nil
                 }</span>
-
-                // final logs
-                <span class="cov0" title="0">logg.Debug("Git DRS initialized")
-                logg.Debug(fmt.Sprintf("Using %d concurrent transfers", transfers))
-                return nil</span>
-        },
+                <span class="cov0" title="0">return false, err</span>
+        }
+        <span class="cov6" title="2">return strings.Contains(string(content), marker), nil</span>
 }
 
-func initGitConfig() error <span class="cov10" title="2">{
+func initGitConfig() error <span class="cov10" title="3">{
         configs := map[string]string{
                 "lfs.allowincompletepush": "false",
                 "lfs.concurrenttransfers": strconv.Itoa(transfers),
                 // Use git-drs as the long-running filter-process handler.
                 // This replaces the default git-lfs smudge/clean per-invocation commands
                 // with a single persistent process that calls the DRS transfer stack directly.
-                "filter.drs.process": "git-drs filter",
+                "filter.drs.clean":    "git-drs clean -- %f",
+                "filter.drs.smudge":   "git-drs smudge -- %f",
+                "filter.drs.process":  "git-drs filter",
+                "filter.drs.required": "true",
                 // Canonical git-drs config keys consumed by clients.
                 "drs.upsert":                  strconv.FormatBool(upsert),
                 "drs.multipart-threshold":     strconv.Itoa(multiPartThreshold),
@@ -1890,7 +2287,7 @@
         if err := gitrepo.SetGitConfigOptions(configs); err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to write git config: %w", err)
         }</span>
-        <span class="cov10" title="2">return nil</span>
+        <span class="cov10" title="3">return nil</span>
 }
 
 func init() <span class="cov1" title="1">{
@@ -1900,17 +2297,17 @@
         Cmd.Flags().BoolVar(&amp;enableDataClientLogs, "enable-data-client-logs", false, "Enable data-client internal logs")
 }</span>
 
-func installPrePushHook(logger *slog.Logger) error <span class="cov10" title="2">{
+func installPrePushHook(logger *slog.Logger) error <span class="cov10" title="3">{
         hooksDir, err := gitrepo.GetGitHooksDir()
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to get hooks directory: %w", err)
         }</span>
 
-        <span class="cov10" title="2">if err := os.MkdirAll(hooksDir, 0755); err != nil </span><span class="cov0" title="0">{
+        <span class="cov10" title="3">if err := os.MkdirAll(hooksDir, 0755); err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to create hooks directory: %w", err)
         }</span>
 
-        <span class="cov10" title="2">hookPath := filepath.Join(hooksDir, "pre-push")
+        <span class="cov10" title="3">hookPath := filepath.Join(hooksDir, "pre-push")
         hookBody := `
 # . git/hooks/pre-push
 remote="$1"
@@ -1944,31 +2341,31 @@
                 <span class="cov1" title="1">logger.Debug(fmt.Sprintf("pre-push hook updated; backup written to %s", backupPath))</span>
         }
         // If there was an error other than expected not existing, return it
-        <span class="cov10" title="2">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
+        <span class="cov10" title="3">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to read pre-push hook: %w", err)
         }</span>
 
-        <span class="cov10" title="2">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
+        <span class="cov10" title="3">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to write pre-push hook: %w", err)
         }</span>
-        <span class="cov10" title="2">logger.Debug("pre-push hook installed")
+        <span class="cov10" title="3">logger.Debug("pre-push hook installed")
         return nil</span>
 }
 
-func installPreCommitHook(logger *slog.Logger) error <span class="cov10" title="2">{
+func installPreCommitHook(logger *slog.Logger) error <span class="cov10" title="3">{
         cmd := exec.Command("git", "rev-parse", "--git-dir")
         cmdOut, err := cmd.Output()
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to locate git directory: %w", err)
         }</span>
-        <span class="cov10" title="2">gitDir := strings.TrimSpace(string(cmdOut))
+        <span class="cov10" title="3">gitDir := strings.TrimSpace(string(cmdOut))
         hooksDir := filepath.Join(gitDir, "hooks")
         if err := os.MkdirAll(hooksDir, 0755); err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to create hooks directory: %w", err)
         }</span>
 
-        <span class="cov10" title="2">hookPath := filepath.Join(hooksDir, "pre-commit")
+        <span class="cov10" title="3">hookPath := filepath.Join(hooksDir, "pre-commit")
         hookBody := `
 # .git/hooks/pre-commit
 exec git drs precommit
@@ -1990,20 +2387,20 @@
                 <span class="cov1" title="1">logger.Debug(fmt.Sprintf("pre-commit hook updated; backup written to %s", backupPath))</span>
         }
         // If there was an error other than expected not existing, return it
-        <span class="cov10" title="2">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
+        <span class="cov10" title="3">if err != nil &amp;&amp; !os.IsNotExist(err) </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to read pre-commit hook: %w", err)
         }</span>
 
-        <span class="cov10" title="2">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
+        <span class="cov10" title="3">err = os.WriteFile(hookPath, []byte(hookScript), 0755)
         if err != nil </span><span class="cov0" title="0">{
                 return fmt.Errorf("unable to write pre-commit hook: %w", err)
         }</span>
-        <span class="cov10" title="2">logger.Debug("pre-commit hook installed")
+        <span class="cov10" title="3">logger.Debug("pre-commit hook installed")
         return nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file13" style="display: none">package install
+		<pre class="file" id="file12" style="display: none">package install
 
 import (
         "fmt"
@@ -2072,6248 +2469,7719 @@
 }
 </pre>
 		
-		<pre class="file" id="file14" style="display: none">// Package precommit
-// -------------------------------------
-// LFS-only local cache updater for:
-//   - Path -&gt; OID  : .git/drs/pre-commit/v1/paths/&lt;encoded-path&gt;.json
-//   - OID  -&gt; Paths + S3 URL hint : .git/drs/pre-commit/v1/oids/&lt;oid&gt;.json
-//
-// This hook is intentionally:
-//   - LFS-only (non-LFS paths are ignored)
-//   - local-only (no network, no server index reads)
-//   - index-based (reads STAGED content via `git show :&lt;path&gt;`)
-//
-// Note: This is a reference implementation. Adjust logging/policy as desired.
-package precommit
+		<pre class="file" id="file13" style="display: none">package lsfiles
 
 import (
-        "bufio"
-        "bytes"
-        "context"
-        "crypto/sha256"
-        "encoding/base64"
         "encoding/json"
-        "errors"
         "fmt"
-        "io"
+        "log/slog"
         "os"
         "os/exec"
-        "path/filepath"
         "sort"
         "strings"
-        "time"
 
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/pathspec"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
         "github.com/spf13/cobra"
 )
 
-const (
-        cacheVersionDir = "drs/pre-commit/v1"
-        lfsSpecLine     = "version https://git-lfs.github.com/spec/v1"
-)
-
-type PathEntry struct {
-        Path      string `json:"path"`
-        LFSOID    string `json:"lfs_oid"`
-        UpdatedAt string `json:"updated_at"`
-}
-
-type OIDEntry struct {
-        LFSOID        string   `json:"lfs_oid"`
-        Paths         []string `json:"paths"`
-        S3URL         string   `json:"s3_url,omitempty"` // hint only; may be empty
-        UpdatedAt     string   `json:"updated_at"`
-        ContentChange bool     `json:"content_changed"`
-}
-
-type ChangeKind int
+var gitRemote string
+var drsRemote string
+var includePatterns []string
+var showLong bool
+var nameOnly bool
+var jsonOutput bool
+var drsStatus bool
 
-const (
-        KindAdd ChangeKind = iota
-        KindModify
-        KindDelete
-        KindRename
+var (
+        loadConfig      = config.LoadConfig
+        resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) <span class="cov0" title="0">{ return cfg.GetRemoteOrDefault(name) }</span>
+        newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) <span class="cov0" title="0">{
+                return cfg.GetRemoteClient(remote, logger)
+        }</span>
+        loadLFSInventory = func(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]lfs.LfsFileInfo, error) <span class="cov0" title="0">{
+                if len(branches) == 0 </span><span class="cov0" title="0">{
+                        return lfs.GetTrackedLfsFiles(logger)
+                }</span>
+                <span class="cov0" title="0">return lfs.GetLfsFilesForRefs(branches, logger)</span>
+        }
+        listRemoteRefs           = defaultListRemoteRefs
+        listGitRemotes           = defaultListGitRemotes
+        resolveDefaultRemote     = defaultResolveDefaultRemote
+        lookupScopedObjectsBatch = drsremote.ObjectsByHashesForScope
 )
 
-type Change struct {
-        Kind    ChangeKind
-        OldPath string // for rename
-        NewPath string // for rename (and for add/modify/delete uses NewPath)
-        Status  string // raw status, e.g. "A", "M", "D", "R100"
+type fileRow struct {
+        OID        string   `json:"oid"`
+        ShortOID   string   `json:"short_oid"`
+        Status     string   `json:"status"`
+        Path       string   `json:"path"`
+        Localized  bool     `json:"localized"`
+        Registered bool     `json:"registered,omitempty"`
+        DRSIDs     []string `json:"drs_ids,omitempty"`
+        Detail     string   `json:"detail,omitempty"`
 }
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "precommit",
-        Short: "pre-commit hook to update local DRS cache",
-        Long:  "Pre-commit hook that updates the local DRS pre-commit cache",
-        Args:  cobra.ExactArgs(0),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                return run(context.Background())
-        }</span>,
-}
+func defaultListRemoteRefs(gitRemoteName string) ([]string, error) <span class="cov0" title="0">{
+        if strings.TrimSpace(gitRemoteName) == "" </span><span class="cov0" title="0">{
+                return nil, nil
+        }</span>
 
-func main() <span class="cov0" title="0">{
-        ctx := context.Background()
-        if err := run(ctx); err != nil </span><span class="cov0" title="0">{
-                // For a reference impl, treat errors as non-fatal unless you want strict enforcement.
-                // Exiting non-zero blocks the commit.
-                fmt.Fprintf(os.Stderr, "pre-commit drs cache: %v\n", err)
-                os.Exit(1)
+        <span class="cov0" title="0">cmd := exec.Command("git", "for-each-ref", "--format=%(refname)", "refs/remotes/"+gitRemoteName)
+        out, err := cmd.Output()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("list refs for remote %s: %w", gitRemoteName, err)
         }</span>
+
+        <span class="cov0" title="0">lines := strings.Split(string(out), "\n")
+        refs := make([]string, 0, len(lines))
+        for _, line := range lines </span><span class="cov0" title="0">{
+                ref := strings.TrimSpace(line)
+                if ref == "" || strings.HasSuffix(ref, "/HEAD") </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">refs = append(refs, ref)</span>
+        }
+        <span class="cov0" title="0">sort.Strings(refs)
+        return refs, nil</span>
 }
 
-func run(ctx context.Context) error <span class="cov0" title="0">{
-        gitDir, err := gitRevParseGitDir(ctx)
+func defaultListGitRemotes() ([]string, error) <span class="cov0" title="0">{
+        cmd := exec.Command("git", "remote")
+        out, err := cmd.Output()
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return nil, fmt.Errorf("list git remotes: %w", err)
         }</span>
 
-        <span class="cov0" title="0">cacheRoot := filepath.Join(gitDir, cacheVersionDir)
-        pathsDir := filepath.Join(cacheRoot, "paths")
-        oidsDir := filepath.Join(cacheRoot, "oids")
-        tombsDir := filepath.Join(cacheRoot, "tombstones")
+        <span class="cov0" title="0">lines := strings.Split(string(out), "\n")
+        remotes := make([]string, 0, len(lines))
+        for _, line := range lines </span><span class="cov0" title="0">{
+                name := strings.TrimSpace(line)
+                if name == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">remotes = append(remotes, name)</span>
+        }
+        <span class="cov0" title="0">sort.Strings(remotes)
+        return remotes, nil</span>
+}
 
-        if err := os.MkdirAll(pathsDir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return err
+func defaultResolveDefaultRemote() string <span class="cov0" title="0">{
+        cfg, err := loadConfig()
+        if err == nil &amp;&amp; cfg != nil </span><span class="cov0" title="0">{
+                if remote, err := cfg.GetRemoteOrDefault(""); err == nil </span><span class="cov0" title="0">{
+                        return strings.TrimSpace(string(remote))
+                }</span>
+        }
+
+        <span class="cov0" title="0">remotes, err := listGitRemotes()
+        if err != nil || len(remotes) == 0 </span><span class="cov0" title="0">{
+                return ""
         }</span>
-        <span class="cov0" title="0">if err := os.MkdirAll(oidsDir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov0" title="0">for _, remote := range remotes </span><span class="cov0" title="0">{
+                if remote == config.ORIGIN </span><span class="cov0" title="0">{
+                        return remote
+                }</span>
+        }
+        <span class="cov0" title="0">if len(remotes) == 1 </span><span class="cov0" title="0">{
+                return remotes[0]
         }</span>
-        <span class="cov0" title="0">_ = os.MkdirAll(tombsDir, 0o755) // optional
+        <span class="cov0" title="0">return ""</span>
+}
 
-        changes, err := stagedChanges(ctx)
+func collectRows(cmd *cobra.Command, gitRemoteName, drsRemoteName string, patterns []string, resolveDRS bool) ([]fileRow, error) <span class="cov7" title="5">{
+        logger := drslog.GetLogger()
+
+        var client *config.GitContext
+        if resolveDRS </span><span class="cov3" title="2">{
+                cfg, err := loadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+
+                <span class="cov3" title="2">remoteName, err := resolveRemote(cfg, drsRemoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Error(fmt.Sprintf("Error getting remote: %v", err))
+                        return nil, err
+                }</span>
+
+                <span class="cov3" title="2">client, err = newRemoteClient(cfg, remoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+
+        <span class="cov7" title="5">var (
+                refs []string
+                err  error
+        )
+        if strings.TrimSpace(gitRemoteName) != "" </span><span class="cov5" title="3">{
+                refs, err = listRemoteRefs(gitRemoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+
+        <span class="cov7" title="5">lfsFiles, err := loadLFSInventory(gitRemoteName, drsRemoteName, refs, logger)
         if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">if len(changes) == 0 </span><span class="cov0" title="0">{
-                return nil
+                return nil, err
         }</span>
+        <span class="cov7" title="5">if len(lfsFiles) == 0 &amp;&amp; strings.TrimSpace(gitRemoteName) == "" </span><span class="cov1" title="1">{
+                fallbackRemote := resolveDefaultRemote()
+                if fallbackRemote != "" </span><span class="cov1" title="1">{
+                        refs, err = listRemoteRefs(fallbackRemote)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return nil, err
+                        }</span>
+                        <span class="cov1" title="1">if len(refs) &gt; 0 </span><span class="cov1" title="1">{
+                                lfsFiles, err = loadLFSInventory(fallbackRemote, drsRemoteName, refs, logger)
+                                if err != nil </span><span class="cov0" title="0">{
+                                        return nil, err
+                                }</span>
+                        }
+                }
+        }
 
-        <span class="cov0" title="0">now := time.Now().UTC().Format(time.RFC3339)
+        <span class="cov7" title="5">keys := make([]string, 0, len(lfsFiles))
+        for path := range lfsFiles </span><span class="cov10" title="9">{
+                keys = append(keys, path)
+        }</span>
+        <span class="cov7" title="5">sort.Strings(keys)
 
-        // Process renames first so subsequent add/modify logic sees the "new" path.
-        // This mirrors how we want cache paths to follow staged paths.
-        for _, ch := range changes </span><span class="cov0" title="0">{
-                if ch.Kind != KindRename </span><span class="cov0" title="0">{
-                        continue</span>
+        rows := make([]fileRow, 0, len(keys))
+        var drsResults map[string][]drsapi.DrsObject
+        var drsLookupErr error
+        if resolveDRS </span><span class="cov3" title="2">{
+                oids := make([]string, 0, len(keys))
+                seenOIDs := make(map[string]struct{}, len(keys))
+                for _, path := range keys </span><span class="cov7" title="5">{
+                        if !pathspec.MatchesAny(path, patterns) </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="4">oid := lfsFiles[path].Oid
+                        if oid == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="4">if _, exists := seenOIDs[oid]; exists </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="4">seenOIDs[oid] = struct{}{}
+                        oids = append(oids, oid)</span>
                 }
-                // Only act if BOTH old and new are LFS in scope? Prefer:
-                // - If the new path is LFS, we migrate.
-                // - If it isn't LFS, we remove old path entry (out of scope).
-                <span class="cov0" title="0">newOID, newIsLFS, err := stagedLFSOID(ctx, ch.NewPath)
-                if err != nil </span><span class="cov0" title="0">{
-                        // If file doesn't exist in index due to weird staging, skip.
+                <span class="cov3" title="2">drsResults, drsLookupErr = lookupScopedObjectsBatch(cmd.Context(), client, oids)</span>
+        }
+        <span class="cov7" title="5">for _, path := range keys </span><span class="cov10" title="9">{
+                if !pathspec.MatchesAny(path, patterns) </span><span class="cov1" title="1">{
                         continue</span>
                 }
+                <span class="cov9" title="8">info := lfsFiles[path]
+                row := fileRow{
+                        OID:       info.Oid,
+                        ShortOID:  shortOID(info.Oid),
+                        Path:      path,
+                        Localized: isLocalized(path),
+                }
+                row.Status = "-"
+                if row.Localized </span><span class="cov1" title="1">{
+                        row.Status = "*"
+                }</span>
+
+                <span class="cov9" title="8">if resolveDRS </span><span class="cov6" title="4">{
+                        switch </span>{
+                        case drsLookupErr != nil:<span class="cov3" title="2">
+                                row.Detail = drsLookupErr.Error()</span>
+                        default:<span class="cov3" title="2">
+                                results := drsResults[info.Oid]
+                                if len(results) == 0 </span><span class="cov1" title="1">{
+                                        row.Registered = false
+                                        break</span>
+                                }
+                                <span class="cov1" title="1">row.Registered = true
+                                row.DRSIDs = make([]string, 0, len(results))
+                                for _, res := range results </span><span class="cov1" title="1">{
+                                        row.DRSIDs = append(row.DRSIDs, "drs://"+res.Id)
+                                }</span>
+                                <span class="cov1" title="1">row.Detail = strings.Join(row.DRSIDs, ",")</span>
+                        }
+                }
 
-                <span class="cov0" title="0">oldPathFile := pathEntryFile(pathsDir, ch.OldPath)
-                newPathFile := pathEntryFile(pathsDir, ch.NewPath)
+                <span class="cov9" title="8">rows = append(rows, row)</span>
+        }
 
-                if newIsLFS </span><span class="cov0" title="0">{
-                        // Move/overwrite path entry file
-                        if err := moveFileBestEffort(oldPathFile, newPathFile); err != nil &amp;&amp; !errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
-                                return fmt.Errorf("rename migrate path entry: %w", err)
-                        }</span>
+        <span class="cov7" title="5">return rows, nil</span>
+}
 
-                        // Ensure path entry content correct
-                        <span class="cov0" title="0">if err := writeJSONAtomic(newPathFile, PathEntry{
-                                Path:      ch.NewPath,
-                                LFSOID:    newOID,
-                                UpdatedAt: now,
-                        }); err != nil </span><span class="cov0" title="0">{
+func printRows(cmd *cobra.Command, rows []fileRow) error <span class="cov3" title="2">{
+        if jsonOutput </span><span class="cov0" title="0">{
+                enc := json.NewEncoder(cmd.OutOrStdout())
+                enc.SetIndent("", "  ")
+                return enc.Encode(rows)
+        }</span>
+        <span class="cov3" title="2">for _, row := range rows </span><span class="cov6" title="4">{
+                switch </span>{
+                case nameOnly:<span class="cov0" title="0">
+                        if _, err := fmt.Fprintln(cmd.OutOrStdout(), row.Path); err != nil </span><span class="cov0" title="0">{
                                 return err
                         }</span>
-
-                        // Update oid entry: replace old path with new path for that OID
-                        <span class="cov0" title="0">if err := oidAddOrReplacePath(oidsDir, newOID, ch.OldPath, ch.NewPath, now, false); err != nil </span><span class="cov0" title="0">{
-                                return err
+                case drsStatus:<span class="cov3" title="2">
+                        oid := row.ShortOID
+                        if showLong </span><span class="cov3" title="2">{
+                                oid = row.OID
                         }</span>
-                } else<span class="cov0" title="0"> {
-                        // Out of scope now: remove any cached path entry.
-                        _ = os.Remove(oldPathFile)
-                }</span>
-        }
-
-        // Process adds/modifies/deletes (and renames again just to ensure content correctness on new path).
-        <span class="cov0" title="0">for _, ch := range changes </span><span class="cov0" title="0">{
-                switch ch.Kind </span>{
-                case KindAdd, KindModify:<span class="cov0" title="0">
-                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
-                                return err
+                        <span class="cov3" title="2">detail := row.Detail
+                        if detail == "" </span><span class="cov1" title="1">{
+                                detail = "-"
                         }</span>
-                case KindRename:<span class="cov0" title="0">
-                        // Treat like upsert on NewPath to ensure OID/path consistency if content also changed.
-                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                        <span class="cov3" title="2">if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\t%s\n", oid, row.Status, row.Path, detail); err != nil </span><span class="cov0" title="0">{
                                 return err
                         }</span>
-                        // Optionally also remove old path from *other* OID entry if rename+content-change changed OID.
-                        // We'll do it inside handleUpsert by checking previous cached OID for that path (after move).
-                case KindDelete:<span class="cov0" title="0">
-                        if err := handleDelete(ctx, pathsDir, oidsDir, tombsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                default:<span class="cov3" title="2">
+                        oid := row.ShortOID
+                        if showLong </span><span class="cov0" title="0">{
+                                oid = row.OID
+                        }</span>
+                        <span class="cov3" title="2">if _, err := fmt.Fprintf(cmd.OutOrStdout(), "%s %s %s\n", oid, row.Status, row.Path); err != nil </span><span class="cov0" title="0">{
                                 return err
                         }</span>
                 }
         }
-
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov3" title="2">return nil</span>
 }
 
-func handleUpsert(ctx context.Context, pathsDir, oidsDir, path, now string) error <span class="cov6" title="2">{
-        oid, isLFS, err := stagedLFSOID(ctx, path)
-        if err != nil </span><span class="cov0" title="0">{
-                // If file isn't in index, ignore.
-                return nil
+func shortOID(oid string) string <span class="cov9" title="8">{
+        if len(oid) &lt;= 10 </span><span class="cov0" title="0">{
+                return oid
         }</span>
-        <span class="cov6" title="2">if !isLFS </span><span class="cov1" title="1">{
-                // Out of scope.
-                return nil
+        <span class="cov9" title="8">return oid[:10]</span>
+}
+
+func isLocalized(path string) bool <span class="cov9" title="8">{
+        payload, err := os.ReadFile(path)
+        if err != nil </span><span class="cov8" title="6">{
+                return false
         }</span>
+        <span class="cov3" title="2">_, _, ok := lfs.ParseLFSPointer(payload)
+        return !ok</span>
+}
 
-        <span class="cov1" title="1">pathFile := pathEntryFile(pathsDir, path)
+func validateOutputFlags() error <span class="cov3" title="2">{
+        if nameOnly &amp;&amp; jsonOutput </span><span class="cov1" title="1">{
+                return fmt.Errorf("--name-only and --json are mutually exclusive")
+        }</span>
+        <span class="cov1" title="1">if showLong &amp;&amp; nameOnly </span><span class="cov1" title="1">{
+                return fmt.Errorf("--long and --name-only are mutually exclusive")
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
 
-        // Load previous path entry if it exists to detect content changes.
-        var prev PathEntry
-        prevExists := false
-        if b, err := os.ReadFile(pathFile); err == nil </span><span class="cov0" title="0">{
-                _ = json.Unmarshal(b, &amp;prev)
-                if prev.Path != "" &amp;&amp; prev.LFSOID != "" </span><span class="cov0" title="0">{
-                        prevExists = true
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "ls-files [pathspec...]",
+        Short: "List tracked DRS/LFS pointer files in the repository",
+        Long:  "List tracked DRS/Git-LFS pointer files in the repository. By default this behaves like a local file inventory. Use --drs to also resolve DRS registration status.",
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if err := validateOutputFlags(); err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
-        }
+                <span class="cov0" title="0">patterns := append([]string{}, includePatterns...)
+                patterns = append(patterns, args...)
+                rows, err := collectRows(cmd, gitRemote, drsRemote, patterns, drsStatus)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov0" title="0">return printRows(cmd, rows)</span>
+        },
+}
 
-        // Write/update path entry.
-        <span class="cov1" title="1">if err := writeJSONAtomic(pathFile, PathEntry{
-                Path:      path,
-                LFSOID:    oid,
-                UpdatedAt: now,
-        }); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().StringVarP(&amp;gitRemote, "git-remote", "r", "", "target remote Git server (default: origin)")
+        Cmd.Flags().StringVarP(&amp;drsRemote, "drs-remote", "d", "", "target remote DRS server (default: origin)")
+        Cmd.Flags().StringArrayVarP(&amp;includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+        Cmd.Flags().BoolVarP(&amp;showLong, "long", "l", false, "show full object IDs")
+        Cmd.Flags().BoolVarP(&amp;nameOnly, "name-only", "n", false, "show only file paths")
+        Cmd.Flags().BoolVar(&amp;jsonOutput, "json", false, "emit JSON output")
+        Cmd.Flags().BoolVar(&amp;drsStatus, "drs", false, "include DRS registration lookup details")
+}</span>
+</pre>
+		
+		<pre class="file" id="file14" style="display: none">package ping
 
-        // Update OID entry for new oid: add path.
-        <span class="cov1" title="1">contentChanged := prevExists &amp;&amp; prev.LFSOID != oid
-        if err := oidAddOrReplacePath(oidsDir, oid, "", path, now, contentChanged); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+import (
+        "context"
+        "fmt"
+        "log/slog"
+        "strings"
 
-        // If content changed, remove path from the *old* oid entry (best effort).
-        <span class="cov1" title="1">if contentChanged </span><span class="cov0" title="0">{
-                _ = oidRemovePath(oidsDir, prev.LFSOID, path, now)
-        }</span>
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov1" title="1">return nil</span>
+type statusInfo struct {
+        Remote        config.Remote
+        IsDefault     bool
+        RemoteType    string
+        Endpoint      string
+        Organization  string
+        Project       string
+        Bucket        string
+        StoragePrefix string
+        AuthMode      string
 }
 
-func handleDelete(ctx context.Context, pathsDir, oidsDir, tombsDir, path, now string) error <span class="cov0" title="0">{
-        // Only consider deletion if it was previously an LFS entry (cache-driven).
-        pathFile := pathEntryFile(pathsDir, path)
-        b, err := os.ReadFile(pathFile)
+var pingHealth = func(ctx context.Context, gc *config.GitContext) error <span class="cov0" title="0">{
+        return gc.Client.Health().Ping(ctx)
+}</span>
+
+var Cmd = &amp;cobra.Command{
+        Use:   "ping [remote-name]",
+        Short: "Show effective remote setup and verify the remote responds",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov8" title="3">{
+                if len(args) &gt; 1 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs ping --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov5" title="2">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                logger := drslog.GetLogger()
+                status, gc, err := resolveStatus(args, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">printStatus(status)
+
+                if err := pingHealth(cmd.Context(), gc); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("remote health check failed for %q (%s): %w", status.Remote, status.Endpoint, err)
+                }</span>
+                <span class="cov1" title="1">fmt.Println("health: ok")
+                return nil</span>
+        },
+}
+
+func resolveStatus(args []string, logger *slog.Logger) (statusInfo, *config.GitContext, error) <span class="cov5" title="2">{
+        cfg, err := config.LoadConfig()
         if err != nil </span><span class="cov0" title="0">{
-                // nothing to do
-                return nil
-        }</span>
-        <span class="cov0" title="0">var pe PathEntry
-        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
-                // corrupted cache; remove it
-                _ = os.Remove(pathFile)
-                return nil
+                return statusInfo{}, nil, err
         }</span>
-        // Remove path entry.
-        <span class="cov0" title="0">_ = os.Remove(pathFile)
 
-        // Remove this path from the old oid entry (best effort).
-        if pe.LFSOID != "" </span><span class="cov0" title="0">{
-                _ = oidRemovePath(oidsDir, pe.LFSOID, path, now)
+        <span class="cov5" title="2">var remoteArg string
+        if len(args) == 1 </span><span class="cov0" title="0">{
+                remoteArg = args[0]
+        }</span>
+        <span class="cov5" title="2">remoteName, err := cfg.GetRemoteOrDefault(remoteArg)
+        if err != nil </span><span class="cov0" title="0">{
+                return statusInfo{}, nil, err
         }</span>
 
-        // Optional tombstone.
-        <span class="cov0" title="0">tombFile := filepath.Join(tombsDir, encodePath(path)+".json")
-        _ = writeJSONAtomic(tombFile, map[string]string{
-                "path":       path,
-                "deleted_at": now,
-        })
-
-        return nil</span>
-}
+        <span class="cov5" title="2">remoteCfg := cfg.GetRemote(remoteName)
+        if remoteCfg == nil </span><span class="cov0" title="0">{
+                return statusInfo{}, nil, fmt.Errorf("no remote configuration found for %q", remoteName)
+        }</span>
 
-// stagedChanges parses: git diff --cached --name-status -M
-// Formats:
-//
-//        A&lt;TAB&gt;path
-//        M&lt;TAB&gt;path
-//        D&lt;TAB&gt;path
-//        R100&lt;TAB&gt;old&lt;TAB&gt;new
-func stagedChanges(ctx context.Context) ([]Change, error) <span class="cov0" title="0">{
-        out, err := git(ctx, "diff", "--cached", "--name-status", "-M")
+        <span class="cov5" title="2">gc, err := cfg.GetRemoteClient(remoteName, logger)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return statusInfo{}, nil, err
         }</span>
-        <span class="cov0" title="0">var changes []Change
-        sc := bufio.NewScanner(bytes.NewReader(out))
-        for sc.Scan() </span><span class="cov0" title="0">{
-                line := sc.Text()
-                if strings.TrimSpace(line) == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">parts := strings.Split(line, "\t")
-                if len(parts) &lt; 2 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">status := parts[0]
-                switch </span>{
-                case status == "A":<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindAdd, NewPath: parts[1], Status: status})</span>
-                case status == "M":<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindModify, NewPath: parts[1], Status: status})</span>
-                case status == "D":<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindDelete, NewPath: parts[1], Status: status})</span>
-                case strings.HasPrefix(status, "R") &amp;&amp; len(parts) &gt;= 3:<span class="cov0" title="0">
-                        changes = append(changes, Change{Kind: KindRename, OldPath: parts[1], NewPath: parts[2], Status: status})</span>
-                default:<span class="cov0" title="0"></span>
-                        // ignore other statuses (C, T, U, etc) for this reference impl
-                }
+
+        <span class="cov5" title="2">status := statusInfo{
+                Remote:        remoteName,
+                IsDefault:     remoteName == cfg.DefaultRemote,
+                Endpoint:      remoteCfg.GetEndpoint(),
+                Organization:  remoteCfg.GetOrganization(),
+                Project:       remoteCfg.GetProjectId(),
+                Bucket:        gc.BucketName,
+                StoragePrefix: gc.StoragePrefix,
+                AuthMode:      authMode(gc),
         }
-        <span class="cov0" title="0">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        switch remoteCfg.(type) </span>{
+        case *config.Gen3Remote:<span class="cov0" title="0">
+                status.RemoteType = string(config.Gen3ServerType)</span>
+        case *config.LocalRemote:<span class="cov5" title="2">
+                status.RemoteType = string(config.LocalServerType)</span>
+        default:<span class="cov0" title="0">
+                status.RemoteType = "unknown"</span>
+        }
+
+        <span class="cov5" title="2">return status, gc, nil</span>
+}
+
+func printStatus(status statusInfo) <span class="cov1" title="1">{
+        def := ""
+        if status.IsDefault </span><span class="cov1" title="1">{
+                def = " (default)"
         }</span>
-        <span class="cov0" title="0">return changes, nil</span>
+        <span class="cov1" title="1">fmt.Printf("remote: %s%s\n", status.Remote, def)
+        fmt.Printf("type: %s\n", status.RemoteType)
+        fmt.Printf("endpoint: %s\n", status.Endpoint)
+        fmt.Printf("organization: %s\n", blankIfEmpty(status.Organization))
+        fmt.Printf("project: %s\n", blankIfEmpty(status.Project))
+        fmt.Printf("bucket: %s\n", blankIfEmpty(status.Bucket))
+        fmt.Printf("storage_prefix: %s\n", blankIfEmpty(status.StoragePrefix))
+        fmt.Printf("auth: %s\n", status.AuthMode)</span>
 }
 
-// stagedLFSOID returns (oid, isLFS, err) based on STAGED content.
-// isLFS is true only if the staged file is a valid LFS pointer with an oid sha256 line.
-func stagedLFSOID(ctx context.Context, path string) (string, bool, error) <span class="cov6" title="2">{
-        out, err := git(ctx, "show", ":"+path)
-        if err != nil </span><span class="cov0" title="0">{
-                // path may not exist in index (deleted/intent-to-add weirdness)
-                return "", false, err
+func authMode(gc *config.GitContext) string <span class="cov5" title="2">{
+        if gc == nil || gc.Credential == nil </span><span class="cov0" title="0">{
+                return "none"
         }</span>
-
-        // Fast parse: look for spec line and oid line near top.
-        // LFS pointer files are small; scanning full content is fine.
-        <span class="cov6" title="2">var hasSpec bool
-        var oid string
-
-        sc := bufio.NewScanner(bytes.NewReader(out))
-        for sc.Scan() </span><span class="cov10" title="3">{
-                line := sc.Text()
-                if line == lfsSpecLine </span><span class="cov1" title="1">{
-                        hasSpec = true
-                        continue</span>
-                }
-                <span class="cov6" title="2">if strings.HasPrefix(line, "oid sha256:") </span><span class="cov1" title="1">{
-                        hex := strings.TrimPrefix(line, "oid sha256:")
-                        hex = strings.TrimSpace(hex)
-                        if hex != "" </span><span class="cov1" title="1">{
-                                oid = "sha256:" + hex
-                        }</span>
-                        // keep scanning a bit in case spec is below (rare), but we can break once both are found.
-                }
-                // pointer usually has only a few lines; stop early after 10 lines
-                <span class="cov6" title="2">if hasSpec &amp;&amp; oid != "" </span><span class="cov1" title="1">{
-                        break</span>
-                }
-        }
-        <span class="cov6" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
-                return "", false, err
+        <span class="cov5" title="2">if strings.TrimSpace(gc.Credential.AccessToken) != "" </span><span class="cov0" title="0">{
+                return "bearer"
         }</span>
-
-        <span class="cov6" title="2">if hasSpec &amp;&amp; oid != "" </span><span class="cov1" title="1">{
-                return oid, true, nil
+        <span class="cov5" title="2">if strings.TrimSpace(gc.Credential.KeyID) != "" || strings.TrimSpace(gc.Credential.APIKey) != "" </span><span class="cov0" title="0">{
+                return "basic"
         }</span>
-        <span class="cov1" title="1">return "", false, nil</span>
+        <span class="cov5" title="2">return "none"</span>
 }
 
-func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov0" title="0">{
-        out, err := git(ctx, "rev-parse", "--git-dir")
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func blankIfEmpty(v string) string <span class="cov10" title="4">{
+        v = strings.TrimSpace(v)
+        if v == "" </span><span class="cov0" title="0">{
+                return "-"
         }</span>
-        <span class="cov0" title="0">gitDir := strings.TrimSpace(string(out))
-        if gitDir == "" </span><span class="cov0" title="0">{
-                return "", errors.New("could not determine .git dir")
-        }</span>
-        // If gitDir is relative, resolve relative to repo root
-        <span class="cov0" title="0">if !filepath.IsAbs(gitDir) </span><span class="cov0" title="0">{
-                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
-                if err != nil </span><span class="cov0" title="0">{
-                        return "", err
-                }</span>
-                <span class="cov0" title="0">root := strings.TrimSpace(string(rootOut))
-                gitDir = filepath.Join(root, gitDir)</span>
-        }
-        <span class="cov0" title="0">return gitDir, nil</span>
-}
-
-func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov6" title="2">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Env = os.Environ()
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
-        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
-                // include stderr for debugging; don’t leak massive output
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
-                }</span>
-                <span class="cov0" title="0">return nil, fmt.Errorf("git %s: %s", strings.Join(args, " "), msg)</span>
-        }
-        <span class="cov6" title="2">return stdout.Bytes(), nil</span>
+        <span class="cov10" title="4">return v</span>
 }
+</pre>
+		
+		<pre class="file" id="file15" style="display: none">// Package precommit
+// -------------------------------------
+// LFS-only local cache updater for:
+//   - Path -&gt; OID  : .git/drs/pre-commit/v1/paths/&lt;encoded-path&gt;.json
+//   - OID  -&gt; Paths + S3 URL hint : .git/drs/pre-commit/v1/oids/&lt;oid&gt;.json
+//
+// This hook is intentionally:
+//   - LFS-only (non-LFS paths are ignored)
+//   - local-only (no network, no server index reads)
+//   - index-based (reads STAGED content via `git show :&lt;path&gt;`)
+//
+// Note: This is a reference implementation. Adjust logging/policy as desired.
+package precommit
 
-// pathEntryFile maps a repo-relative path to a cache file location.
-// We keep a deterministic encoding so any path maps to exactly one file.
-func pathEntryFile(pathsDir, path string) string <span class="cov10" title="3">{
-        return filepath.Join(pathsDir, encodePath(path)+".json")
-}</span>
-
-func encodePath(path string) string <span class="cov10" title="3">{
-        // base64url encoding of the UTF-8 path string (no padding) is simple and safe.
-        return base64.RawURLEncoding.EncodeToString([]byte(path))
-}</span>
-
-func oidEntryFile(oidsDir, oid string) string <span class="cov6" title="2">{
-        // OID contains ":"; make it filesystem safe but still human readable.
-        // Use a stable transform; here: sha256 of oid string to avoid path length issues.
-        sum := sha256.Sum256([]byte(oid))
-        return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
-}</span>
-
-// oidAddOrReplacePath:
-// - loads oid entry (if exists)
-// - adds newPath to paths[]
-// - if oldPath != "" and present, replaces it with newPath
-// - sets ContentChange flag if requested (ORed into existing flag)
-// - preserves existing s3_url hint
-func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov1" title="1">{
-        f := oidEntryFile(oidsDir, oid)
+import (
+        "bufio"
+        "bytes"
+        "context"
+        "crypto/sha256"
+        "encoding/base64"
+        "encoding/json"
+        "errors"
+        "fmt"
+        "io"
+        "os"
+        "os/exec"
+        "path/filepath"
+        "sort"
+        "strconv"
+        "strings"
+        "time"
 
-        entry := OIDEntry{
-                LFSOID:    oid,
-                Paths:     []string{},
-                UpdatedAt: now,
-        }
-        if b, err := os.ReadFile(f); err == nil </span><span class="cov0" title="0">{
-                _ = json.Unmarshal(b, &amp;entry)
-                // ensure oid is set even if old file was incomplete
-                entry.LFSOID = oid
-        }</span>
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov1" title="1">paths := make(map[string]struct{}, len(entry.Paths)+1)
-        for _, p := range entry.Paths </span><span class="cov0" title="0">{
-                paths[p] = struct{}{}
-        }</span>
+const (
+        cacheVersionDir                     = "drs/pre-commit/v1"
+        lfsSpecLine                         = "version https://git-lfs.github.com/spec/v1"
+        defaultDirectCommitWarningThreshold = int64(10 * 1024 * 1024)
+)
 
-        <span class="cov1" title="1">if oldPath != "" </span><span class="cov0" title="0">{
-                delete(paths, oldPath)
-        }</span>
-        <span class="cov1" title="1">if newPath != "" </span><span class="cov1" title="1">{
-                paths[newPath] = struct{}{}
-        }</span>
+var (
+        directCommitWarningThresholdBytes = defaultDirectCommitWarningThreshold
+        confirmOversizedDirectGitCommit   = promptOversizedDirectGitCommit
+)
 
-        <span class="cov1" title="1">entry.Paths = keysSorted(paths)
-        entry.UpdatedAt = now
-        entry.ContentChange = entry.ContentChange || contentChanged
+type PathEntry struct {
+        Path      string `json:"path"`
+        LFSOID    string `json:"lfs_oid"`
+        UpdatedAt string `json:"updated_at"`
+}
 
-        return writeJSONAtomic(f, entry)</span>
+type OIDEntry struct {
+        LFSOID        string   `json:"lfs_oid"`
+        Paths         []string `json:"paths"`
+        S3URL         string   `json:"s3_url,omitempty"` // hint only; may be empty
+        UpdatedAt     string   `json:"updated_at"`
+        ContentChange bool     `json:"content_changed"`
 }
 
-func oidRemovePath(oidsDir, oid, path, now string) error <span class="cov0" title="0">{
-        f := oidEntryFile(oidsDir, oid)
+type ChangeKind int
 
-        b, err := os.ReadFile(f)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">var entry OIDEntry
-        if err := json.Unmarshal(b, &amp;entry); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">paths := make(map[string]struct{}, len(entry.Paths))
-        for _, p := range entry.Paths </span><span class="cov0" title="0">{
-                if p == path </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">paths[p] = struct{}{}</span>
-        }
-        <span class="cov0" title="0">entry.Paths = keysSorted(paths)
-        entry.UpdatedAt = now
+const (
+        KindAdd ChangeKind = iota
+        KindModify
+        KindDelete
+        KindRename
+)
 
-        // If no paths remain, keep the file (it may still hold s3_url hint) or delete it.
-        // This ADR allows stale entries; keeping is fine. Optionally delete when empty:
-        // if len(entry.Paths) == 0 &amp;&amp; entry.S3URL == "" { return os.Remove(f) }
+type Change struct {
+        Kind    ChangeKind
+        OldPath string // for rename
+        NewPath string // for rename (and for add/modify/delete uses NewPath)
+        Status  string // raw status, e.g. "A", "M", "D", "R100"
+}
 
-        return writeJSONAtomic(f, entry)</span>
+type OversizedStagedFile struct {
+        Path string
+        Size int64
 }
 
-func keysSorted(m map[string]struct{}) []string <span class="cov1" title="1">{
-        out := make([]string, 0, len(m))
-        for k := range m </span><span class="cov1" title="1">{
-                out = append(out, k)
-        }</span>
-        <span class="cov1" title="1">sort.Strings(out)
-        return out</span>
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "precommit",
+        Short: "pre-commit hook to update local DRS cache",
+        Long:  "Pre-commit hook that updates the local DRS pre-commit cache",
+        Args:  cobra.ExactArgs(0),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                return run(context.Background())
+        }</span>,
 }
 
-// writeJSONAtomic writes JSON to a temp file then renames it into place.
-// This avoids partially written cache files if the process is interrupted.
-func writeJSONAtomic(path string, v any) error <span class="cov6" title="2">{
-        dir := filepath.Dir(path)
-        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return err
+func main() <span class="cov0" title="0">{
+        ctx := context.Background()
+        if err := run(ctx); err != nil </span><span class="cov0" title="0">{
+                // For a reference impl, treat errors as non-fatal unless you want strict enforcement.
+                // Exiting non-zero blocks the commit.
+                fmt.Fprintf(os.Stderr, "pre-commit drs cache: %v\n", err)
+                os.Exit(1)
         }</span>
+}
 
-        <span class="cov6" title="2">tmp := path + ".tmp"
-        f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+func run(ctx context.Context) error <span class="cov1" title="1">{
+        gitDir, err := gitRevParseGitDir(ctx)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov6" title="2">defer func() </span><span class="cov6" title="2">{ _ = f.Close() }</span>()
 
-        <span class="cov6" title="2">enc := json.NewEncoder(f)
-        enc.SetIndent("", "  ")
-        if err := enc.Encode(v); err != nil </span><span class="cov0" title="0">{
-                _ = os.Remove(tmp)
-                return err
-        }</span>
-        <span class="cov6" title="2">if err := f.Sync(); err != nil </span><span class="cov0" title="0">{
-                _ = os.Remove(tmp)
+        <span class="cov1" title="1">cacheRoot := filepath.Join(gitDir, cacheVersionDir)
+        pathsDir := filepath.Join(cacheRoot, "paths")
+        oidsDir := filepath.Join(cacheRoot, "oids")
+        tombsDir := filepath.Join(cacheRoot, "tombstones")
+
+        if err := os.MkdirAll(pathsDir, 0o755); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov6" title="2">if err := f.Close(); err != nil </span><span class="cov0" title="0">{
-                _ = os.Remove(tmp)
+        <span class="cov1" title="1">if err := os.MkdirAll(oidsDir, 0o755); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov6" title="2">return os.Rename(tmp, path)</span>
-}
+        <span class="cov1" title="1">_ = os.MkdirAll(tombsDir, 0o755) // optional
 
-func moveFileBestEffort(src, dst string) error <span class="cov0" title="0">{
-        // Ensure destination directory exists.
-        if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil </span><span class="cov0" title="0">{
+        changes, err := stagedChanges(ctx)
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        // Rename will fail across devices; fall back to copy+remove.
-        <span class="cov0" title="0">if err := os.Rename(src, dst); err == nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">if len(changes) == 0 </span><span class="cov0" title="0">{
                 return nil
-        }</span> else<span class="cov0" title="0"> if errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
-                return err
         }</span>
-
-        <span class="cov0" title="0">in, err := os.Open(src)
+        <span class="cov1" title="1">oversized, err := collectOversizedPlainGitStagedFiles(ctx, changes, directCommitWarningThresholdBytes)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">defer in.Close()
+        <span class="cov1" title="1">if len(oversized) &gt; 0 </span><span class="cov1" title="1">{
+                allowed, err := confirmOversizedDirectGitCommit(oversized)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">if !allowed </span><span class="cov1" title="1">{
+                        return fmt.Errorf("commit aborted so you can track large files before committing them directly to Git")
+                }</span>
+        }
 
-        out, err := os.OpenFile(dst, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+        <span class="cov0" title="0">now := time.Now().UTC().Format(time.RFC3339)
 
-        <span class="cov0" title="0">if _, err := io.Copy(out, in); err != nil </span><span class="cov0" title="0">{
-                _ = out.Close()
-                return err
-        }</span>
-        <span class="cov0" title="0">if err := out.Close(); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">return os.Remove(src)</span>
-}
-</pre>
-		
-		<pre class="file" id="file15" style="display: none">package prepush
-
-import (
-        "bufio"
-        "bytes"
-        "context"
-        "encoding/base64"
-        "encoding/json"
-        "fmt"
-        "io"
-        "log/slog"
-        "net/http"
-        "os"
-        "os/exec"
-        "sort"
-        "strings"
-        "time"
+        // Process renames first so subsequent add/modify logic sees the "new" path.
+        // This mirrors how we want cache paths to follow staged paths.
+        for _, ch := range changes </span><span class="cov0" title="0">{
+                if ch.Kind != KindRename </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                // Only act if BOTH old and new are LFS in scope? Prefer:
+                // - If the new path is LFS, we migrate.
+                // - If it isn't LFS, we remove old path entry (out of scope).
+                <span class="cov0" title="0">newOID, newIsLFS, err := stagedLFSOID(ctx, ch.NewPath)
+                if err != nil </span><span class="cov0" title="0">{
+                        // If file doesn't exist in index due to weird staging, skip.
+                        continue</span>
+                }
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drsmap"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/calypr/git-drs/internal/precommit_cache"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/spf13/cobra"
-)
+                <span class="cov0" title="0">oldPathFile := pathEntryFile(pathsDir, ch.OldPath)
+                newPathFile := pathEntryFile(pathsDir, ch.NewPath)
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "pre-push-prepare",
-        Short: "pre-push hook to update DRS objects",
-        Long:  "Pre-push hook that updates DRS objects before transfer",
-        Args:  cobra.RangeArgs(0, 2),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                return NewPrePushService().Run(args, os.Stdin)
-        }</span>,
-}
+                if newIsLFS </span><span class="cov0" title="0">{
+                        // Move/overwrite path entry file
+                        if err := moveFileBestEffort(oldPathFile, newPathFile); err != nil &amp;&amp; !errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
+                                return fmt.Errorf("rename migrate path entry: %w", err)
+                        }</span>
 
-type PrePushService struct {
-        newLogger        func(string, bool) (*slog.Logger, error)
-        loadConfig       func() (*config.Config, error)
-        updateDrsObjects func(common.ObjectBuilder, map[string]lfs.LfsFileInfo, drsmap.UpdateOptions) error
-        createTempFile   func(dir, pattern string) (*os.File, error)
-}
+                        // Ensure path entry content correct
+                        <span class="cov0" title="0">if err := writeJSONAtomic(newPathFile, PathEntry{
+                                Path:      ch.NewPath,
+                                LFSOID:    newOID,
+                                UpdatedAt: now,
+                        }); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
 
-func NewPrePushService() *PrePushService <span class="cov0" title="0">{
-        return &amp;PrePushService{
-                newLogger:        drslog.NewLogger,
-                loadConfig:       config.LoadConfig,
-                updateDrsObjects: drsmap.UpdateDrsObjectsWithFiles,
-                createTempFile:   os.CreateTemp,
+                        // Update oid entry: replace old path with new path for that OID
+                        <span class="cov0" title="0">if err := oidAddOrReplacePath(oidsDir, newOID, ch.OldPath, ch.NewPath, now, false); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                } else<span class="cov0" title="0"> {
+                        // Out of scope now: remove any cached path entry.
+                        _ = os.Remove(oldPathFile)
+                }</span>
         }
-}</span>
-
-func (s *PrePushService) Run(args []string, stdin io.Reader) error <span class="cov0" title="0">{
-        ctx := context.Background()
-        myLogger, err := s.newLogger("", false)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error creating logger: %v", err)
-        }</span>
-
-        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ START: pre-push ~~~~~~~~~~~~~")
 
-        cfg, err := s.loadConfig()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting config: %v", err)
-        }</span>
+        // Process adds/modifies/deletes (and renames again just to ensure content correctness on new path).
+        <span class="cov0" title="0">for _, ch := range changes </span><span class="cov0" title="0">{
+                switch ch.Kind </span>{
+                case KindAdd, KindModify:<span class="cov0" title="0">
+                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                case KindRename:<span class="cov0" title="0">
+                        // Treat like upsert on NewPath to ensure OID/path consistency if content also changed.
+                        if err := handleUpsert(ctx, pathsDir, oidsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                        // Optionally also remove old path from *other* OID entry if rename+content-change changed OID.
+                        // We'll do it inside handleUpsert by checking previous cached OID for that path (after move).
+                case KindDelete:<span class="cov0" title="0">
+                        if err := handleDelete(ctx, pathsDir, oidsDir, tombsDir, ch.NewPath, now); err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                }
+        }
 
-        <span class="cov0" title="0">gitRemoteName, gitRemoteLocation := parseRemoteArgs(args)
-        myLogger.Debug(fmt.Sprintf("git remote name: %s, git remote location: %s", gitRemoteName, gitRemoteLocation))
+        <span class="cov0" title="0">return nil</span>
+}
 
-        remote, err := cfg.GetDefaultRemote()
+func handleUpsert(ctx context.Context, pathsDir, oidsDir, path, now string) error <span class="cov3" title="2">{
+        oid, isLFS, err := stagedLFSOID(ctx, path)
         if err != nil </span><span class="cov0" title="0">{
-                myLogger.Debug(fmt.Sprintf("Warning. Error getting default remote: %v", err))
-                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting default remote:", err)
+                // If file isn't in index, ignore.
                 return nil
         }</span>
-
-        <span class="cov0" title="0">remoteConfig := cfg.GetRemote(remote)
-        if remoteConfig == nil </span><span class="cov0" title="0">{
-                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting remote configuration.")
-                myLogger.Debug("Warning. Skipping DRS preparation. Error getting remote configuration.")
+        <span class="cov3" title="2">if !isLFS </span><span class="cov1" title="1">{
+                // Out of scope.
                 return nil
         }</span>
 
-        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(
-                remoteConfig.GetOrganization(),
-                remoteConfig.GetProjectId(),
-                remoteConfig.GetBucketName(),
-                remoteConfig.GetStoragePrefix(),
-        )
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+        <span class="cov1" title="1">pathFile := pathEntryFile(pathsDir, path)
 
-        <span class="cov0" title="0">builder := common.NewObjectBuilder(scope.Bucket, remoteConfig.GetProjectId())
-        builder.Organization = remoteConfig.GetOrganization()
-        builder.StoragePrefix = scope.Prefix
-        myLogger.Debug(fmt.Sprintf("Current server project: %s (org: %s)", builder.Project, builder.Organization))
+        // Load previous path entry if it exists to detect content changes.
+        var prev PathEntry
+        prevExists := false
+        if b, err := os.ReadFile(pathFile); err == nil </span><span class="cov0" title="0">{
+                _ = json.Unmarshal(b, &amp;prev)
+                if prev.Path != "" &amp;&amp; prev.LFSOID != "" </span><span class="cov0" title="0">{
+                        prevExists = true
+                }</span>
+        }
 
-        tmp, err := bufferStdin(stdin, s.createTempFile)
-        if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("error buffering stdin: %v", err))
+        // Write/update path entry.
+        <span class="cov1" title="1">if err := writeJSONAtomic(pathFile, PathEntry{
+                Path:      path,
+                LFSOID:    oid,
+                UpdatedAt: now,
+        }); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">defer func() </span><span class="cov0" title="0">{
-                _ = tmp.Close()
-                _ = os.Remove(tmp.Name())
-        }</span>()
 
-        <span class="cov0" title="0">refs, err := readPushedRefs(tmp)
-        if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("error reading pushed refs: %v", err))
+        // Update OID entry for new oid: add path.
+        <span class="cov1" title="1">contentChanged := prevExists &amp;&amp; prev.LFSOID != oid
+        if err := oidAddOrReplacePath(oidsDir, oid, "", path, now, contentChanged); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">branches := branchesFromRefs(refs)
 
-        cache, cacheReady := openCache(ctx, myLogger)
-        lfsFiles, usedCache, err := collectLfsFiles(ctx, cache, cacheReady, gitRemoteName, gitRemoteLocation, branches, refs, myLogger)
-        if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("error collecting LFS files: %v", err))
-                return err
+        // If content changed, remove path from the *old* oid entry (best effort).
+        <span class="cov1" title="1">if contentChanged </span><span class="cov0" title="0">{
+                _ = oidRemovePath(oidsDir, prev.LFSOID, path, now)
         }</span>
 
-        <span class="cov0" title="0">myLogger.Debug(fmt.Sprintf("Preparing DRS objects for push branches: %v (cache=%v)", branches, usedCache))
-        err = s.updateDrsObjects(builder, lfsFiles, drsmap.UpdateOptions{
-                Cache:          cache,
-                PreferCacheURL: usedCache,
-                Logger:         myLogger,
-        })
+        <span class="cov1" title="1">return nil</span>
+}
+
+func handleDelete(ctx context.Context, pathsDir, oidsDir, tombsDir, path, now string) error <span class="cov0" title="0">{
+        // Only consider deletion if it was previously an LFS entry (cache-driven).
+        pathFile := pathEntryFile(pathsDir, path)
+        b, err := os.ReadFile(pathFile)
         if err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("UpdateDrsObjects failed: %v", err))
-                return err
+                // nothing to do
+                return nil
         }</span>
-
-        // Stage metadata in one packet; server consumes it at LFS verify-time.
-        <span class="cov0" title="0">myLogger.Info(fmt.Sprintf("Staging %d DRS metadata records for LFS verify", len(lfsFiles)))
-        if err := submitPendingLFSMeta(ctx, remote, remoteConfig.GetEndpoint(), lfsFiles, myLogger); err != nil </span><span class="cov0" title="0">{
-                myLogger.Error(fmt.Sprintf("DRS metadata staging failed: %v", err))
-                return fmt.Errorf("DRS metadata staging failed: %w", err)
+        <span class="cov0" title="0">var pe PathEntry
+        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
+                // corrupted cache; remove it
+                _ = os.Remove(pathFile)
+                return nil
         }</span>
+        // Remove path entry.
+        <span class="cov0" title="0">_ = os.Remove(pathFile)
 
-        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ COMPLETED: pre-push ~~~~~~~~~~~~~")
-        return nil</span>
-}
-
-type metadataSubmitRequest struct {
-        Candidates []metadataCandidate `json:"candidates"`
-        TTLSeconds int64               `json:"ttl_seconds,omitempty"`
-}
-
-type metadataChecksum struct {
-        Type     string `json:"type"`
-        Checksum string `json:"checksum"`
-}
+        // Remove this path from the old oid entry (best effort).
+        if pe.LFSOID != "" </span><span class="cov0" title="0">{
+                _ = oidRemovePath(oidsDir, pe.LFSOID, path, now)
+        }</span>
 
-type metadataAccessURL struct {
-        URL string `json:"url,omitempty"`
-}
+        // Optional tombstone.
+        <span class="cov0" title="0">tombFile := filepath.Join(tombsDir, encodePath(path)+".json")
+        _ = writeJSONAtomic(tombFile, map[string]string{
+                "path":       path,
+                "deleted_at": now,
+        })
 
-type metadataAccessMethod struct {
-        Type           string              `json:"type,omitempty"`
-        AccessURL      metadataAccessURL   `json:"access_url,omitempty"`
-        AccessID       string              `json:"access_id,omitempty"`
-        Region         string              `json:"region,omitempty"`
-        Authorizations map[string][]string `json:"authorizations,omitempty"`
+        return nil</span>
 }
 
-type metadataCandidate struct {
-        Id            string                 `json:"id,omitempty"`
-        Name          string                 `json:"name,omitempty"`
-        Size          int64                  `json:"size"`
-        Version       string                 `json:"version,omitempty"`
-        MimeType      string                 `json:"mime_type,omitempty"`
-        Checksums     []metadataChecksum     `json:"checksums"`
-        AccessMethods []metadataAccessMethod `json:"access_methods,omitempty"`
-        Description   string                 `json:"description,omitempty"`
-        Aliases       []string               `json:"aliases,omitempty"`
-}
-
-func toMetadataCandidate(c drsapi.DrsObjectCandidate) metadataCandidate <span class="cov8" title="9">{
-        name := ""
-        if c.Name != nil </span><span class="cov8" title="9">{
-                name = *c.Name
-        }</span>
-        <span class="cov8" title="9">mimeType := ""
-        if c.MimeType != nil </span><span class="cov0" title="0">{
-                mimeType = *c.MimeType
-        }</span>
-        <span class="cov8" title="9">description := ""
-        if c.Description != nil </span><span class="cov0" title="0">{
-                description = *c.Description
-        }</span>
-        <span class="cov8" title="9">aliases := []string(nil)
-        if c.Aliases != nil </span><span class="cov0" title="0">{
-                aliases = append([]string(nil), (*c.Aliases)...)
-        }</span>
-        <span class="cov8" title="9">out := metadataCandidate{
-                Name:        name,
-                Size:        c.Size,
-                Version:     "",
-                MimeType:    mimeType,
-                Description: description,
-                Aliases:     aliases,
-        }
-        if c.Version != nil </span><span class="cov0" title="0">{
-                out.Version = *c.Version
+// stagedChanges parses: git diff --cached --name-status -M
+// Formats:
+//
+//        A&lt;TAB&gt;path
+//        M&lt;TAB&gt;path
+//        D&lt;TAB&gt;path
+//        R100&lt;TAB&gt;old&lt;TAB&gt;new
+func stagedChanges(ctx context.Context) ([]Change, error) <span class="cov3" title="2">{
+        out, err := git(ctx, "diff", "--cached", "--name-status", "-M")
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
         }</span>
-
-        <span class="cov8" title="9">if len(c.Checksums) &gt; 0 </span><span class="cov8" title="9">{
-                out.Checksums = make([]metadataChecksum, 0, len(c.Checksums))
-                for _, cs := range c.Checksums </span><span class="cov8" title="9">{
-                        out.Checksums = append(out.Checksums, metadataChecksum{
-                                Type:     string(cs.Type),
-                                Checksum: cs.Checksum,
-                        })
-                }</span>
-        }
-
-        <span class="cov8" title="9">if c.AccessMethods != nil &amp;&amp; len(*c.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
-                out.AccessMethods = make([]metadataAccessMethod, 0, len(*c.AccessMethods))
-                for _, am := range *c.AccessMethods </span><span class="cov0" title="0">{
-                        accID := ""
-                        if am.AccessId != nil </span><span class="cov0" title="0">{
-                                accID = *am.AccessId
-                        }</span>
-                        <span class="cov0" title="0">region := ""
-                        if am.Region != nil </span><span class="cov0" title="0">{
-                                region = *am.Region
-                        }</span>
-                        <span class="cov0" title="0">accURL := ""
-                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
-                                accURL = am.AccessUrl.Url
-                        }</span>
-                        <span class="cov0" title="0">m := metadataAccessMethod{
-                                Type:     string(am.Type),
-                                AccessID: accID,
-                                Region:   region,
-                                AccessURL: metadataAccessURL{
-                                        URL: accURL,
-                                },
-                        }
-                        if am.Authorizations != nil &amp;&amp; len(*am.Authorizations) &gt; 0 </span><span class="cov0" title="0">{
-                                m.Authorizations = *am.Authorizations
-                        }</span>
-                        <span class="cov0" title="0">out.AccessMethods = append(out.AccessMethods, m)</span>
+        <span class="cov3" title="2">var changes []Change
+        sc := bufio.NewScanner(bytes.NewReader(out))
+        for sc.Scan() </span><span class="cov5" title="3">{
+                line := sc.Text()
+                if strings.TrimSpace(line) == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">parts := strings.Split(line, "\t")
+                if len(parts) &lt; 2 </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">status := parts[0]
+                switch </span>{
+                case status == "A":<span class="cov5" title="3">
+                        changes = append(changes, Change{Kind: KindAdd, NewPath: parts[1], Status: status})</span>
+                case status == "M":<span class="cov0" title="0">
+                        changes = append(changes, Change{Kind: KindModify, NewPath: parts[1], Status: status})</span>
+                case status == "D":<span class="cov0" title="0">
+                        changes = append(changes, Change{Kind: KindDelete, NewPath: parts[1], Status: status})</span>
+                case strings.HasPrefix(status, "R") &amp;&amp; len(parts) &gt;= 3:<span class="cov0" title="0">
+                        changes = append(changes, Change{Kind: KindRename, OldPath: parts[1], NewPath: parts[2], Status: status})</span>
+                default:<span class="cov0" title="0"></span>
+                        // ignore other statuses (C, T, U, etc) for this reference impl
                 }
         }
-
-        <span class="cov8" title="9">return out</span>
+        <span class="cov3" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov3" title="2">return changes, nil</span>
 }
 
-func submitPendingLFSMeta(ctx context.Context, remote config.Remote, endpoint string, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error <span class="cov8" title="9">{
-        base := strings.TrimRight(strings.TrimSpace(endpoint), "/")
-        if base == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote endpoint is empty")
+// stagedLFSOID returns (oid, isLFS, err) based on STAGED content.
+// isLFS is true only if the staged file is a valid LFS pointer with an oid sha256 line.
+func stagedLFSOID(ctx context.Context, path string) (string, bool, error) <span class="cov7" title="5">{
+        out, err := git(ctx, "show", ":"+path)
+        if err != nil </span><span class="cov0" title="0">{
+                // path may not exist in index (deleted/intent-to-add weirdness)
+                return "", false, err
         }</span>
-        <span class="cov8" title="9">url := base + "/info/lfs/objects/metadata"
 
-        candidates := make([]metadataCandidate, 0, len(lfsFiles))
-        for _, file := range lfsFiles </span><span class="cov8" title="9">{
-                obj, err := drsmap.DrsInfoFromOid(file.Oid)
-                if err != nil || obj == nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping oid %s: local DRS object not found", file.Oid))
+        // Fast parse: look for spec line and oid line near top.
+        // LFS pointer files are small; scanning full content is fine.
+        <span class="cov7" title="5">var hasSpec bool
+        var oid string
+
+        sc := bufio.NewScanner(bytes.NewReader(out))
+        for sc.Scan() </span><span class="cov8" title="7">{
+                line := sc.Text()
+                if line == lfsSpecLine </span><span class="cov3" title="2">{
+                        hasSpec = true
                         continue</span>
                 }
-                <span class="cov8" title="9">candidates = append(candidates, toMetadataCandidate(common.ConvertToCandidate(obj)))</span>
+                <span class="cov7" title="5">if strings.HasPrefix(line, "oid sha256:") </span><span class="cov3" title="2">{
+                        hex := strings.TrimPrefix(line, "oid sha256:")
+                        hex = strings.TrimSpace(hex)
+                        if hex != "" </span><span class="cov3" title="2">{
+                                oid = "sha256:" + hex
+                        }</span>
+                        // keep scanning a bit in case spec is below (rare), but we can break once both are found.
+                }
+                // pointer usually has only a few lines; stop early after 10 lines
+                <span class="cov7" title="5">if hasSpec &amp;&amp; oid != "" </span><span class="cov3" title="2">{
+                        break</span>
+                }
         }
-        <span class="cov8" title="9">if len(candidates) == 0 </span><span class="cov0" title="0">{
-                logger.Debug("no metadata candidates to stage")
-                return nil
+        <span class="cov7" title="5">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
+                return "", false, err
         }</span>
 
-        <span class="cov8" title="9">reqBody := metadataSubmitRequest{
-                Candidates: candidates,
-                TTLSeconds: int64((20 * time.Minute).Seconds()),
-        }
-        payload, err := json.Marshal(reqBody)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to encode pending metadata request: %w", err)
+        <span class="cov7" title="5">if hasSpec &amp;&amp; oid != "" </span><span class="cov3" title="2">{
+                return oid, true, nil
         }</span>
+        <span class="cov5" title="3">return "", false, nil</span>
+}
 
-        <span class="cov8" title="9">httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
+func stagedBlobSize(ctx context.Context, path string) (int64, error) <span class="cov3" title="2">{
+        out, err := git(ctx, "cat-file", "-s", ":"+path)
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to create pending metadata request: %w", err)
+                return 0, err
         }</span>
-        <span class="cov8" title="9">httpReq.Header.Set("Content-Type", "application/json")
-        httpReq.Header.Set("Accept", "application/vnd.git-lfs+json")
-        if authHeader, ok := resolveRemoteAuthHeader(string(remote)); ok </span><span class="cov3" title="2">{
-                httpReq.Header.Set("Authorization", authHeader)
+        <span class="cov3" title="2">size, err := strconv.ParseInt(strings.TrimSpace(string(out)), 10, 64)
+        if err != nil </span><span class="cov0" title="0">{
+                return 0, fmt.Errorf("parse staged blob size for %s: %w", path, err)
         }</span>
+        <span class="cov3" title="2">return size, nil</span>
+}
 
-        <span class="cov8" title="9">client := pendingMetadataClientFactory()
-        resp, err := client.Do(httpReq)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("pending metadata request failed: %w", err)
+func collectOversizedPlainGitStagedFiles(ctx context.Context, changes []Change, thresholdBytes int64) ([]OversizedStagedFile, error) <span class="cov3" title="2">{
+        if thresholdBytes &lt;= 0 </span><span class="cov0" title="0">{
+                return nil, nil
         }</span>
-        <span class="cov8" title="9">defer resp.Body.Close()
+        <span class="cov3" title="2">var oversized []OversizedStagedFile
+        seen := make(map[string]struct{})
+        for _, ch := range changes </span><span class="cov5" title="3">{
+                if ch.Kind != KindAdd &amp;&amp; ch.Kind != KindModify &amp;&amp; ch.Kind != KindRename </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">path := ch.NewPath
+                if path == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">if _, ok := seen[path]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">seen[path] = struct{}{}
 
-        if resp.StatusCode &lt; 200 || resp.StatusCode &gt;= 300 </span><span class="cov7" title="6">{
-                body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
-                bodyText := strings.TrimSpace(string(body))
-                // Some deployments do not yet expose /info/lfs/objects/metadata.
-                // Treat this as optional capability and continue with push flow.
-                switch resp.StatusCode </span>{
-                case http.StatusNotFound, http.StatusMethodNotAllowed, http.StatusNotImplemented:<span class="cov4" title="3">
-                        logger.Warn(fmt.Sprintf("metadata staging endpoint unavailable (status=%d); continuing without staged metadata", resp.StatusCode))
-                        return nil</span>
+                _, isLFS, err := stagedLFSOID(ctx, path)
+                if err != nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">if isLFS </span><span class="cov1" title="1">{
+                        continue</span>
                 }
-                // Some reverse proxies/frontends may return HTML 404/maintenance pages with 5xx.
-                // If this looks like non-API HTML and not a structured LFS error, degrade gracefully.
-                <span class="cov4" title="3">if strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "text/html") </span><span class="cov1" title="1">{
-                        logger.Warn(fmt.Sprintf("metadata staging returned HTML response (status=%d); continuing without staged metadata", resp.StatusCode))
-                        return nil
-                }</span>
-                <span class="cov3" title="2">return fmt.Errorf("pending metadata request failed: status=%d body=%s", resp.StatusCode, bodyText)</span>
-        }
-        <span class="cov4" title="3">return nil</span>
-}
 
-func resolveRemoteAuthHeader(remoteName string) (string, bool) <span class="cov10" title="12">{
-        if token, err := gitrepo.GetRemoteToken(remoteName); err == nil </span><span class="cov10" title="12">{
-                if token = strings.TrimSpace(token); token != "" </span><span class="cov3" title="2">{
-                        return "Bearer " + token, true
+                <span class="cov3" title="2">size, err := stagedBlobSize(ctx, path)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
                 }</span>
+                <span class="cov3" title="2">if size &lt;= thresholdBytes </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov3" title="2">oversized = append(oversized, OversizedStagedFile{Path: path, Size: size})</span>
         }
-        <span class="cov9" title="10">username, password, err := gitrepo.GetRemoteBasicAuth(remoteName)
-        if err != nil || username == "" || password == "" </span><span class="cov8" title="8">{
-                return "", false
-        }</span>
-        <span class="cov3" title="2">creds := username + ":" + password
-        return "Basic " + base64.StdEncoding.EncodeToString([]byte(creds)), true</span>
+        <span class="cov3" title="2">sort.Slice(oversized, func(i, j int) bool </span><span class="cov0" title="0">{ return oversized[i].Path &lt; oversized[j].Path }</span>)
+        <span class="cov3" title="2">return oversized, nil</span>
 }
 
-func parseRemoteArgs(args []string) (string, string) <span class="cov0" title="0">{
-        var gitRemoteName, gitRemoteLocation string
-        if len(args) &gt;= 1 </span><span class="cov0" title="0">{
-                gitRemoteName = args[0]
+func promptOversizedDirectGitCommit(files []OversizedStagedFile) (bool, error) <span class="cov0" title="0">{
+        if len(files) == 0 </span><span class="cov0" title="0">{
+                return true, nil
         }</span>
-        <span class="cov0" title="0">if len(args) &gt;= 2 </span><span class="cov0" title="0">{
-                gitRemoteLocation = args[1]
+
+        <span class="cov0" title="0">fmt.Fprintf(os.Stderr, "\nWarning: the following staged files are being committed directly to Git and exceed %s:\n\n", humanBytes(directCommitWarningThresholdBytes))
+        for _, f := range files </span><span class="cov0" title="0">{
+                fmt.Fprintf(os.Stderr, "  - %s (%s)\n", f.Path, humanBytes(f.Size))
         }</span>
-        <span class="cov0" title="0">if gitRemoteName == "" </span><span class="cov0" title="0">{
-                gitRemoteName = "origin"
+        <span class="cov0" title="0">fmt.Fprintln(os.Stderr, "\nIf these should be managed by git-drs, track them first and re-add them.")
+        fmt.Fprint(os.Stderr, "Continue committing these files directly to GitHub? [y/N]: ")
+
+        reader := bufio.NewReader(os.Stdin)
+        line, err := reader.ReadString('\n')
+        if err != nil &amp;&amp; !errors.Is(err, io.EOF) </span><span class="cov0" title="0">{
+                return false, err
         }</span>
-        <span class="cov0" title="0">return gitRemoteName, gitRemoteLocation</span>
+        <span class="cov0" title="0">answer := strings.ToLower(strings.TrimSpace(line))
+        return answer == "y" || answer == "yes", nil</span>
 }
 
-type pushedRef struct {
-        LocalRef  string
-        LocalSHA  string
-        RemoteRef string
-        RemoteSHA string
+func humanBytes(n int64) string <span class="cov0" title="0">{
+        const unit = int64(1024)
+        if n &lt; unit </span><span class="cov0" title="0">{
+                return fmt.Sprintf("%d B", n)
+        }</span>
+        <span class="cov0" title="0">div, exp := unit, 0
+        for q := n / unit; q &gt;= unit; q /= unit </span><span class="cov0" title="0">{
+                div *= unit
+                exp++
+        }</span>
+        <span class="cov0" title="0">return fmt.Sprintf("%.1f %ciB", float64(n)/float64(div), "KMGTPE"[exp])</span>
 }
 
-func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) <span class="cov1" title="1">{
-        tmp, err := createTempFile("", "prepush-stdin-*")
+func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov1" title="1">{
+        out, err := git(ctx, "rev-parse", "--git-dir")
         if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
-        }</span>
-
-        <span class="cov1" title="1">if _, err := io.Copy(tmp, stdin); err != nil </span><span class="cov1" title="1">{
-                _ = tmp.Close()
-                _ = os.Remove(tmp.Name())
-                return nil, fmt.Errorf("error buffering stdin: %w", err)
+                return "", err
         }</span>
-
-        <span class="cov0" title="0">if _, err := tmp.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                _ = tmp.Close()
-                _ = os.Remove(tmp.Name())
-                return nil, fmt.Errorf("error seeking temp stdin: %w", err)
+        <span class="cov1" title="1">gitDir := strings.TrimSpace(string(out))
+        if gitDir == "" </span><span class="cov0" title="0">{
+                return "", errors.New("could not determine .git dir")
         }</span>
-        <span class="cov0" title="0">return tmp, nil</span>
+        // If gitDir is relative, resolve relative to repo root
+        <span class="cov1" title="1">if !filepath.IsAbs(gitDir) </span><span class="cov1" title="1">{
+                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
+                if err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov1" title="1">root := strings.TrimSpace(string(rootOut))
+                gitDir = filepath.Join(root, gitDir)</span>
+        }
+        <span class="cov1" title="1">return gitDir, nil</span>
 }
 
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) <span class="cov0" title="0">{
-        // Ensure we read from start
-        // example:
-        // refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">scanner := bufio.NewScanner(f)
-        refs := make([]pushedRef, 0)
-        for scanner.Scan() </span><span class="cov0" title="0">{
-                line := scanner.Text()
-                fields := strings.Fields(line)
-                if len(fields) &lt; 4 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">refs = append(refs, pushedRef{
-                        LocalRef:  fields[0],
-                        LocalSHA:  fields[1],
-                        RemoteRef: fields[2],
-                        RemoteSHA: fields[3],
-                })</span>
+func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov10" title="11">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Env = os.Environ()
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                // include stderr for debugging; don’t leak massive output
+                msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
+                }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("git %s: %s", strings.Join(args, " "), msg)</span>
         }
-        <span class="cov0" title="0">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        // Rewind so caller can reuse the file
-        <span class="cov0" title="0">if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">return refs, nil</span>
+        <span class="cov10" title="11">return stdout.Bytes(), nil</span>
 }
 
-func branchesFromRefs(refs []pushedRef) []string <span class="cov0" title="0">{
-        const prefix = "refs/heads/"
-        set := make(map[string]struct{})
-        for _, ref := range refs </span><span class="cov0" title="0">{
-                if strings.HasPrefix(ref.LocalRef, prefix) </span><span class="cov0" title="0">{
-                        branch := strings.TrimPrefix(ref.LocalRef, prefix)
-                        if branch != "" </span><span class="cov0" title="0">{
-                                set[branch] = struct{}{}
-                        }</span>
-                }
+// pathEntryFile maps a repo-relative path to a cache file location.
+// We keep a deterministic encoding so any path maps to exactly one file.
+func pathEntryFile(pathsDir, path string) string <span class="cov5" title="3">{
+        return filepath.Join(pathsDir, encodePath(path)+".json")
+}</span>
+
+func encodePath(path string) string <span class="cov5" title="3">{
+        // base64url encoding of the UTF-8 path string (no padding) is simple and safe.
+        return base64.RawURLEncoding.EncodeToString([]byte(path))
+}</span>
+
+func oidEntryFile(oidsDir, oid string) string <span class="cov3" title="2">{
+        // OID contains ":"; make it filesystem safe but still human readable.
+        // Use a stable transform; here: sha256 of oid string to avoid path length issues.
+        sum := sha256.Sum256([]byte(oid))
+        return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
+}</span>
+
+// oidAddOrReplacePath:
+// - loads oid entry (if exists)
+// - adds newPath to paths[]
+// - if oldPath != "" and present, replaces it with newPath
+// - sets ContentChange flag if requested (ORed into existing flag)
+// - preserves existing s3_url hint
+func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov1" title="1">{
+        f := oidEntryFile(oidsDir, oid)
+
+        entry := OIDEntry{
+                LFSOID:    oid,
+                Paths:     []string{},
+                UpdatedAt: now,
         }
-        <span class="cov0" title="0">branches := make([]string, 0, len(set))
-        for b := range set </span><span class="cov0" title="0">{
-                branches = append(branches, b)
+        if b, err := os.ReadFile(f); err == nil </span><span class="cov0" title="0">{
+                _ = json.Unmarshal(b, &amp;entry)
+                // ensure oid is set even if old file was incomplete
+                entry.LFSOID = oid
         }</span>
-        <span class="cov0" title="0">sort.Strings(branches)
-        return branches</span>
-}
 
-func openCache(ctx context.Context, logger *slog.Logger) (*precommit_cache.Cache, bool) <span class="cov0" title="0">{
-        cache, err := precommit_cache.Open(ctx)
-        if err != nil </span><span class="cov0" title="0">{
-                logger.Debug(fmt.Sprintf("pre-commit cache unavailable: %v", err))
-                return nil, false
+        <span class="cov1" title="1">paths := make(map[string]struct{}, len(entry.Paths)+1)
+        for _, p := range entry.Paths </span><span class="cov0" title="0">{
+                paths[p] = struct{}{}
         }</span>
-        <span class="cov0" title="0">if _, err := os.Stat(cache.Root); err != nil </span><span class="cov0" title="0">{
-                if os.IsNotExist(err) </span><span class="cov0" title="0">{
-                        logger.Debug("pre-commit cache missing; continuing without cache")
-                }</span> else<span class="cov0" title="0"> {
-                        logger.Debug(fmt.Sprintf("pre-commit cache access error: %v", err))
-                }</span>
-                <span class="cov0" title="0">return nil, false</span>
-        }
-        <span class="cov0" title="0">return cache, true</span>
-}
 
-func collectLfsFiles(ctx context.Context, cache *precommit_cache.Cache, cacheReady bool, gitRemoteName, gitRemoteLocation string, branches []string, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov0" title="0">{
-        if cacheReady </span><span class="cov0" title="0">{
-                lfsFiles, ok, err := lfsFilesFromCache(ctx, cache, refs, logger)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("pre-commit cache read failed: %v", err))
-                }</span> else<span class="cov0" title="0"> if ok </span><span class="cov0" title="0">{
-                        return lfsFiles, true, nil
-                }</span>
-                <span class="cov0" title="0">logger.Debug("pre-commit cache incomplete or stale; falling back to LFS discovery")</span>
-        }
-        <span class="cov0" title="0">lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, false, err
+        <span class="cov1" title="1">if oldPath != "" </span><span class="cov0" title="0">{
+                delete(paths, oldPath)
+        }</span>
+        <span class="cov1" title="1">if newPath != "" </span><span class="cov1" title="1">{
+                paths[newPath] = struct{}{}
         }</span>
-        <span class="cov0" title="0">return lfsFiles, false, nil</span>
-}
-
-const cacheMaxAge = 24 * time.Hour
 
-var pendingMetadataClientFactory = func() *http.Client <span class="cov0" title="0">{
-        return &amp;http.Client{Timeout: 20 * time.Second}
-}</span>
+        <span class="cov1" title="1">entry.Paths = keysSorted(paths)
+        entry.UpdatedAt = now
+        entry.ContentChange = entry.ContentChange || contentChanged
 
-func normalizeCachedOID(oid string) string <span class="cov4" title="3">{
-        normalized := strings.TrimSpace(oid)
-        if len(normalized) &gt;= len("sha256:") &amp;&amp; strings.EqualFold(normalized[:len("sha256:")], "sha256:") </span><span class="cov1" title="1">{
-                normalized = normalized[len("sha256:"):]
-        }</span>
-        <span class="cov4" title="3">return strings.TrimSpace(normalized)</span>
+        return writeJSONAtomic(f, entry)</span>
 }
 
-func lfsFilesFromCache(ctx context.Context, cache *precommit_cache.Cache, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov4" title="3">{
-        if cache == nil </span><span class="cov0" title="0">{
-                return nil, false, nil
-        }</span>
-        <span class="cov4" title="3">paths, err := listPushedPaths(ctx, refs)
+func oidRemovePath(oidsDir, oid, path, now string) error <span class="cov0" title="0">{
+        f := oidEntryFile(oidsDir, oid)
+
+        b, err := os.ReadFile(f)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, false, err
+                return err
         }</span>
-        <span class="cov4" title="3">lfsFiles := make(map[string]lfs.LfsFileInfo, len(paths))
-        for _, path := range paths </span><span class="cov4" title="3">{
-                entry, ok, err := cache.ReadPathEntry(path)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, false, err
-                }</span>
-                <span class="cov4" title="3">if !ok </span><span class="cov0" title="0">{
-                        return nil, false, nil
-                }</span>
-                <span class="cov4" title="3">oid := normalizeCachedOID(entry.LFSOID)
-                if oid == "" </span><span class="cov0" title="0">{
-                        return nil, false, nil
-                }</span>
-                <span class="cov4" title="3">if entry.UpdatedAt == "" || precommit_cache.StaleAfter(entry.UpdatedAt, cacheMaxAge) </span><span class="cov1" title="1">{
-                        return nil, false, nil
-                }</span>
-                <span class="cov3" title="2">stat, err := os.Stat(path)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("cache path stat failed for %s: %v", path, err))
-                        return nil, false, nil
-                }</span>
-                <span class="cov3" title="2">lfsFiles[path] = lfs.LfsFileInfo{
-                        Name:    path,
-                        Size:    stat.Size(),
-                        OidType: "sha256",
-                        Oid:     oid,
-                        Version: "https://git-lfs.github.com/spec/v1",
-                }</span>
-        }
-        <span class="cov3" title="2">return lfsFiles, true, nil</span>
-}
-
-func listPushedPaths(ctx context.Context, refs []pushedRef) ([]string, error) <span class="cov4" title="3">{
-        const zeroSHA = "0000000000000000000000000000000000000000"
-        set := make(map[string]struct{})
-        for _, ref := range refs </span><span class="cov4" title="3">{
-                if ref.LocalSHA == "" || ref.LocalSHA == zeroSHA </span><span class="cov0" title="0">{
+        <span class="cov0" title="0">var entry OIDEntry
+        if err := json.Unmarshal(b, &amp;entry); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">paths := make(map[string]struct{}, len(entry.Paths))
+        for _, p := range entry.Paths </span><span class="cov0" title="0">{
+                if p == path </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov4" title="3">var args []string
-                if ref.RemoteSHA == "" || ref.RemoteSHA == zeroSHA </span><span class="cov1" title="1">{
-                        args = []string{"ls-tree", "-r", "--name-only", ref.LocalSHA}
-                }</span> else<span class="cov3" title="2"> {
-                        args = []string{"diff", "--name-only", ref.RemoteSHA, ref.LocalSHA}
-                }</span>
-                <span class="cov4" title="3">out, err := gitOutput(ctx, args...)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, err
-                }</span>
-                <span class="cov4" title="3">for _, line := range strings.Split(strings.TrimSpace(out), "\n") </span><span class="cov4" title="3">{
-                        line = strings.TrimSpace(line)
-                        if line == "" </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov4" title="3">set[line] = struct{}{}</span>
-                }
+                <span class="cov0" title="0">paths[p] = struct{}{}</span>
         }
-        <span class="cov4" title="3">paths := make([]string, 0, len(set))
-        for path := range set </span><span class="cov4" title="3">{
-                paths = append(paths, path)
-        }</span>
-        <span class="cov4" title="3">sort.Strings(paths)
-        return paths, nil</span>
+        <span class="cov0" title="0">entry.Paths = keysSorted(paths)
+        entry.UpdatedAt = now
+
+        // If no paths remain, keep the file (it may still hold s3_url hint) or delete it.
+        // This ADR allows stale entries; keeping is fine. Optionally delete when empty:
+        // if len(entry.Paths) == 0 &amp;&amp; entry.S3URL == "" { return os.Remove(f) }
+
+        return writeJSONAtomic(f, entry)</span>
 }
 
-func gitOutput(ctx context.Context, args ...string) (string, error) <span class="cov4" title="3">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Env = os.Environ()
-        out, err := cmd.CombinedOutput()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
+func keysSorted(m map[string]struct{}) []string <span class="cov1" title="1">{
+        out := make([]string, 0, len(m))
+        for k := range m </span><span class="cov1" title="1">{
+                out = append(out, k)
         }</span>
-        <span class="cov4" title="3">return string(out), nil</span>
+        <span class="cov1" title="1">sort.Strings(out)
+        return out</span>
 }
 
-// readPushedBranches reads git push lines from the provided temp file,
-// extracts unique local branch names for refs under `refs/heads/` and
-// returns them sorted. The file is rewound to the start before returning.
-func readPushedBranches(f *os.File) ([]string, error) <span class="cov6" title="5">{
-        // Ensure we read from start
-        // example:
-        // refs/heads/main 67890abcdef1234567890abcdef1234567890abcd refs/heads/main 12345abcdef67890abcdef1234567890abcdef12
-        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+// writeJSONAtomic writes JSON to a temp file then renames it into place.
+// This avoids partially written cache files if the process is interrupted.
+func writeJSONAtomic(path string, v any) error <span class="cov3" title="2">{
+        dir := filepath.Dir(path)
+        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov6" title="5">scanner := bufio.NewScanner(f)
-        set := make(map[string]struct{})
-        for scanner.Scan() </span><span class="cov7" title="6">{
-                line := scanner.Text()
-                fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov7" title="6">localRef := fields[0]
-                const prefix = "refs/heads/"
-                if strings.HasPrefix(localRef, prefix) </span><span class="cov6" title="4">{
-                        branch := strings.TrimPrefix(localRef, prefix)
-                        if branch != "" </span><span class="cov6" title="4">{
-                                set[branch] = struct{}{}
-                        }</span>
-                }
-        }
-        <span class="cov6" title="5">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+
+        <span class="cov3" title="2">tmp := path + ".tmp"
+        f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov3" title="2">defer func() </span><span class="cov3" title="2">{ _ = f.Close() }</span>()
+
+        <span class="cov3" title="2">enc := json.NewEncoder(f)
+        enc.SetIndent("", "  ")
+        if err := enc.Encode(v); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmp)
+                return err
         }</span>
-        <span class="cov6" title="5">branches := make([]string, 0, len(set))
-        for b := range set </span><span class="cov6" title="4">{
-                branches = append(branches, b)
+        <span class="cov3" title="2">if err := f.Sync(); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmp)
+                return err
         }</span>
-        <span class="cov6" title="5">sort.Strings(branches)
-        // Rewind so caller can reuse the file
-        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov3" title="2">if err := f.Close(); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmp)
+                return err
         }</span>
-        <span class="cov6" title="5">return branches, nil</span>
+        <span class="cov3" title="2">return os.Rename(tmp, path)</span>
 }
-</pre>
-		
-		<pre class="file" id="file16" style="display: none">package pull
 
-import (
-        "context"
-        "fmt"
-        "net/url"
-        "os"
-        "os/exec"
-        "strings"
-
-        "github.com/bytedance/sonic"
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drslookup"
-        "github.com/calypr/git-drs/internal/drsmap"
-        "github.com/calypr/git-drs/internal/lfs"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/spf13/cobra"
-)
-
-var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
-        cmd := exec.Command(name, args...)
-        return cmd.CombinedOutput()
-}</span>
-
-var Cmd = &amp;cobra.Command{
-        Use:   "pull [remote-name]",
-        Short: "Pull using the standard Git + Git LFS flow",
-        Long:  "Pull using the standard Git + Git LFS flow (git pull, git lfs pull, git lfs checkout).",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) &gt; 1 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs pull --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov6" title="2">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-                logg := drslog.GetLogger()
-
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error loading config: %v", err)
-                }</span>
-
-                <span class="cov6" title="2">var remote config.Remote
-                if len(args) &gt; 0 </span><span class="cov0" title="0">{
-                        remote = config.Remote(args[0])
-                }</span> else<span class="cov6" title="2"> {
-                        remote, err = cfg.GetDefaultRemote()
-                        if err != nil </span><span class="cov6" title="2">{
-                                logg.Error(fmt.Sprintf("Error getting remote: %v", err))
-                                return err
-                        }</span>
-                }
-
-                <span class="cov0" title="0">drsCtx, err := cfg.GetRemoteClient(remote, logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        logg.Error(fmt.Sprintf("error creating DRS client: %s", err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">_ = drsCtx // Remote validation only.
-
-                if out, err := runCommand("git", "pull", string(remote)); err != nil </span><span class="cov0" title="0">{
-                        msg := strings.TrimSpace(string(out))
-                        if msg == "" </span><span class="cov0" title="0">{
-                                msg = err.Error()
-                        }</span>
-                        <span class="cov0" title="0">return fmt.Errorf("git pull failed for remote %q: %s", remote, msg)</span>
-                }
-
-                <span class="cov0" title="0">var parsed struct {
-                        Files []lfs.LfsFileInfo `json:"files"`
-                }
-                out, err := runCommand("git", "lfs", "ls-files", "--json")
-                if err != nil </span><span class="cov0" title="0">{
-                        msg := commandMessage(out, err)
-                        if !isMissingGitLFS(msg) </span><span class="cov0" title="0">{
-                                return fmt.Errorf("git lfs ls-files failed: %s", msg)
-                        }</span>
-                        <span class="cov0" title="0">lfsFiles, inventoryErr := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, logg)
-                        if inventoryErr != nil </span><span class="cov0" title="0">{
-                                return fmt.Errorf("git lfs ls-files failed: %s; fallback inventory failed: %w", msg, inventoryErr)
-                        }</span>
-                        <span class="cov0" title="0">parsed.Files = make([]lfs.LfsFileInfo, 0, len(lfsFiles))
-                        for _, f := range lfsFiles </span><span class="cov0" title="0">{
-                                parsed.Files = append(parsed.Files, f)
-                        }</span>
-                } else<span class="cov0" title="0"> if err := lfsjsonUnmarshal(out, &amp;parsed); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to parse git lfs ls-files output: %w", err)
-                }</span>
-
-                <span class="cov0" title="0">ctx := context.Background()
-                missingOIDs := make([]string, 0, len(parsed.Files))
-                seenMissing := make(map[string]struct{}, len(parsed.Files))
-                for _, f := range parsed.Files </span><span class="cov0" title="0">{
-                        if f.Downloaded </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov0" title="0">if _, seen := seenMissing[f.Oid]; seen </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov0" title="0">seenMissing[f.Oid] = struct{}{}
-                        missingOIDs = append(missingOIDs, f.Oid)</span>
-                }
-
-                <span class="cov0" title="0">if len(missingOIDs) &gt; 0 </span><span class="cov0" title="0">{
-                        prefetched := make(map[string]drsapi.DrsObject, len(missingOIDs))
-                        for _, oid := range missingOIDs </span><span class="cov0" title="0">{
-                                recs, err := drslookup.ObjectsByHashForScope(ctx, drsCtx, oid)
-                                if err != nil || len(recs) == 0 </span><span class="cov0" title="0">{
-                                        continue</span>
-                                }
-                                <span class="cov0" title="0">prefetched[oid] = recs[0]</span>
-                        }
-                        <span class="cov0" title="0">if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
-                                logg.Debug(fmt.Sprintf("prefetched %d objects for pull", len(prefetched)))
-                        }</span> else<span class="cov0" title="0"> {
-                                logg.Debug("bulk prefetch found no scoped objects; continuing per-object")
-                        }</span>
-
-                        <span class="cov0" title="0">prefetchedAccess := make(map[string]drsapi.AccessURL, len(prefetched))
-                        if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
-                                objects := make([]drsapi.DrsObject, 0, len(prefetched))
-                                for _, obj := range prefetched </span><span class="cov0" title="0">{
-                                        objects = append(objects, obj)
-                                }</span>
-                                <span class="cov0" title="0">if resolved, err := drslookup.BulkAccessURLsForObjects(ctx, drsCtx, objects); err == nil </span><span class="cov0" title="0">{
-                                        prefetchedAccess = resolved
-                                        logg.Debug(fmt.Sprintf("bulk access resolved %d URLs for pull", len(prefetchedAccess)))
-                                }</span> else<span class="cov0" title="0"> {
-                                        logg.Debug(fmt.Sprintf("bulk access prefetch failed; continuing per-object: %v", err))
-                                }</span>
-                        }
-                        <span class="cov0" title="0">for _, f := range parsed.Files </span><span class="cov0" title="0">{
-                                if f.Downloaded </span><span class="cov0" title="0">{
-                                        continue</span>
-                                }
-                                <span class="cov0" title="0">dstPath, err := drsmap.GetObjectPath(common.LFS_OBJS_PATH, f.Oid)
-                                if err != nil </span><span class="cov0" title="0">{
-                                        return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
-                                }</span>
-                                <span class="cov0" title="0">if obj, ok := prefetched[f.Oid]; ok </span><span class="cov0" title="0">{
-                                        if accessURL, ok := prefetchedAccess[obj.Id]; ok </span><span class="cov0" title="0">{
-                                                objCopy := obj
-                                                if err := lfs.DownloadResolvedToCachePath(ctx, drsCtx, f.Oid, dstPath, &amp;objCopy, &amp;accessURL); err != nil </span><span class="cov0" title="0">{
-                                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
-                                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
-                                                }</span>
-                                                <span class="cov0" title="0">continue</span>
-                                        }
-                                }
-                                <span class="cov0" title="0">if err := lfs.DownloadToCachePath(ctx, drsCtx, logg, f.Oid, dstPath); err != nil </span><span class="cov0" title="0">{
-                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
-                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
-                                }</span>
-                        }
-                } else<span class="cov0" title="0"> {
-                        logg.Debug("no missing LFS objects to download")
-                }</span>
-
-                <span class="cov0" title="0">if out, err := runCommand("git", "lfs", "checkout"); err != nil </span><span class="cov0" title="0">{
-                        msg := commandMessage(out, err)
-                        if !isMissingGitLFS(msg) </span><span class="cov0" title="0">{
-                                return fmt.Errorf("git lfs checkout failed: %s", msg)
-                        }</span>
-                }
-                <span class="cov0" title="0">if err := checkoutDownloadedFiles(parsed.Files); err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-
-                <span class="cov0" title="0">return nil</span>
-        },
-}
+func moveFileBestEffort(src, dst string) error <span class="cov0" title="0">{
+        // Ensure destination directory exists.
+        if err := os.MkdirAll(filepath.Dir(dst), 0o755); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        // Rename will fail across devices; fall back to copy+remove.
+        <span class="cov0" title="0">if err := os.Rename(src, dst); err == nil </span><span class="cov0" title="0">{
+                return nil
+        }</span> else<span class="cov0" title="0"> if errors.Is(err, os.ErrNotExist) </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-func commandMessage(out []byte, err error) string <span class="cov0" title="0">{
-        msg := strings.TrimSpace(string(out))
-        if msg == "" &amp;&amp; err != nil </span><span class="cov0" title="0">{
-                msg = err.Error()
+        <span class="cov0" title="0">in, err := os.Open(src)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">return msg</span>
-}
+        <span class="cov0" title="0">defer in.Close()
 
-func isMissingGitLFS(msg string) bool <span class="cov0" title="0">{
-        return strings.Contains(msg, "git: 'lfs' is not a git command")
-}</span>
+        out, err := os.OpenFile(dst, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-func checkoutDownloadedFiles(files []lfs.LfsFileInfo) error <span class="cov0" title="0">{
-        for _, f := range files </span><span class="cov0" title="0">{
-                if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">srcPath, err := drsmap.GetObjectPath(common.LFS_OBJS_PATH, f.Oid)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to resolve cached object for %s: %w", f.Oid, err)
-                }</span>
-                <span class="cov0" title="0">payload, err := os.ReadFile(srcPath)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to read cached object %s: %w", srcPath, err)
-                }</span>
-                <span class="cov0" title="0">if err := os.WriteFile(f.Name, payload, 0o644); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
-                }</span>
-        }
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov0" title="0">if _, err := io.Copy(out, in); err != nil </span><span class="cov0" title="0">{
+                _ = out.Close()
+                return err
+        }</span>
+        <span class="cov0" title="0">if err := out.Close(); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return os.Remove(src)</span>
 }
+</pre>
+		
+		<pre class="file" id="file16" style="display: none">package prepush
 
-var lfsjsonUnmarshal = func(data []byte, v any) error <span class="cov0" title="0">{
-        return sonic.ConfigFastest.Unmarshal(data, v)
-}</span>
+import (
+        "fmt"
+        "io"
+        "os"
+)
 
-func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContext, oid string) string <span class="cov0" title="0">{
-        recs, err := drslookup.ObjectsByHashForScope(ctx, drsCtx, oid)
+func bufferStdin(stdin io.Reader, createTempFile func(dir, pattern string) (*os.File, error)) (*os.File, error) <span class="cov8" title="1">{
+        tmp, err := createTempFile("", "prepush-stdin-*")
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Sprintf("oid=%s query_error=%v", oid, err)
-        }</span>
-        <span class="cov0" title="0">if len(recs) == 0 </span><span class="cov0" title="0">{
-                return fmt.Sprintf("oid=%s records=0", oid)
+                return nil, fmt.Errorf("error creating temp file for stdin: %w", err)
         }</span>
 
-        <span class="cov0" title="0">match := &amp;recs[0]
+        <span class="cov8" title="1">if _, err := io.Copy(tmp, stdin); err != nil </span><span class="cov8" title="1">{
+                _ = tmp.Close()
+                _ = os.Remove(tmp.Name())
+                return nil, fmt.Errorf("error buffering stdin: %w", err)
+        }</span>
 
-        methods := make([]string, 0)
-        if match.AccessMethods != nil </span><span class="cov0" title="0">{
-                methods = make([]string, 0, len(*match.AccessMethods))
-                for _, am := range *match.AccessMethods </span><span class="cov0" title="0">{
-                        scheme := ""
-                        rawURL := ""
-                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
-                                rawURL = strings.TrimSpace(am.AccessUrl.Url)
-                        }</span>
-                        <span class="cov0" title="0">if rawURL != "" </span><span class="cov0" title="0">{
-                                if parsed, parseErr := url.Parse(rawURL); parseErr == nil </span><span class="cov0" title="0">{
-                                        scheme = parsed.Scheme
-                                }</span>
-                        }
-                        <span class="cov0" title="0">accessID := ""
-                        if am.AccessId != nil </span><span class="cov0" title="0">{
-                                accessID = strings.TrimSpace(*am.AccessId)
-                        }</span>
-                        <span class="cov0" title="0">methods = append(methods, fmt.Sprintf("{type=%s access_id=%s url_scheme=%s url=%s}", am.Type, accessID, scheme, rawURL))</span>
-                }
-        }
-        <span class="cov0" title="0">return fmt.Sprintf("oid=%s did=%s size=%d access_methods=%s", oid, strings.TrimSpace(match.Id), match.Size, strings.Join(methods, ", "))</span>
+        <span class="cov0" title="0">if _, err := tmp.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
+                _ = tmp.Close()
+                _ = os.Remove(tmp.Name())
+                return nil, fmt.Errorf("error seeking temp stdin: %w", err)
+        }</span>
+        <span class="cov0" title="0">return tmp, nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file17" style="display: none">package push
+		<pre class="file" id="file17" style="display: none">package prepush
 
 import (
+        "bytes"
         "context"
+        "encoding/base64"
+        "encoding/json"
         "fmt"
+        "io"
+        "log/slog"
+        "net/http"
+        "os"
         "os/exec"
+        "sort"
         "strings"
+        "time"
 
+        "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsdelete"
         "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsmap"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/gitrepo"
         "github.com/calypr/git-drs/internal/lfs"
-        "github.com/calypr/git-drs/internal/pushsync"
+        "github.com/calypr/git-drs/internal/precommit_cache"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
         "github.com/spf13/cobra"
 )
 
-var pushWithHooks bool
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "pre-push-prepare",
+        Short: "pre-push hook to update DRS objects",
+        Long:  "Pre-push hook that updates DRS objects before transfer",
+        Args:  cobra.RangeArgs(0, 2),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                return NewPrePushService().Run(args, os.Stdin)
+        }</span>,
+}
 
-var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
-        cmd := exec.Command(name, args...)
-        return cmd.CombinedOutput()
+type PrePushService struct {
+        newLogger       func(string, bool) (*slog.Logger, error)
+        loadConfig      func() (*config.Config, error)
+        writeDrsObjects func(drsobject.Builder, map[string]lfs.LfsFileInfo, drsmap.WriteOptions) error
+        createTempFile  func(dir, pattern string) (*os.File, error)
+}
+
+func NewPrePushService() *PrePushService <span class="cov0" title="0">{
+        return &amp;PrePushService{
+                newLogger:       drslog.NewLogger,
+                loadConfig:      config.LoadConfig,
+                writeDrsObjects: drsmap.WriteObjectsForLFSFiles,
+                createTempFile:  os.CreateTemp,
+        }
 }</span>
 
-var Cmd = &amp;cobra.Command{
-        Use:   "push [remote-name]",
-        Short: "Upload/register DRS objects and push Git refs",
-        Long:  "Performs git-drs managed upload/register flow (multipart for large files) and then runs git push (without pre-push hooks by default).",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) &gt; 1 </span><span class="cov1" title="1">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs push --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov6" title="2">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-                myLogger := drslog.GetLogger()
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        myLogger.Debug(fmt.Sprintf("Error loading config: %v", err))
-                        return err
-                }</span>
+func (s *PrePushService) Run(args []string, stdin io.Reader) error <span class="cov0" title="0">{
+        ctx := context.Background()
+        myLogger, err := s.newLogger("", false)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error creating logger: %v", err)
+        }</span>
 
-                <span class="cov6" title="2">var remote config.Remote
-                if len(args) &gt; 0 </span><span class="cov0" title="0">{
-                        remote = config.Remote(args[0])
-                }</span> else<span class="cov6" title="2"> {
-                        remote, err = cfg.GetDefaultRemote()
-                        if err != nil </span><span class="cov6" title="2">{
-                                myLogger.Debug(fmt.Sprintf("Error getting default remote: %v", err))
-                                return err
-                        }</span>
-                }
+        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ START: pre-push ~~~~~~~~~~~~~")
 
-                <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remote, myLogger)
-                if err != nil </span><span class="cov0" title="0">{
-                        myLogger.Debug(fmt.Sprintf("Error creating DRS client: %s", err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">lfsFiles, err := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, myLogger)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to discover LFS files to push: %w", err)
-                }</span>
+        cfg, err := s.loadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error getting config: %v", err)
+        }</span>
 
-                <span class="cov0" title="0">ctx := context.Background()
-                if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed batch register/upload workflow: %w", err)
-                }</span>
+        <span class="cov0" title="0">gitRemoteName, gitRemoteLocation := parseRemoteArgs(args)
+        myLogger.Debug(fmt.Sprintf("git remote name: %s, git remote location: %s", gitRemoteName, gitRemoteLocation))
 
-                <span class="cov0" title="0">pushArgs := []string{"push"}
-                if !pushWithHooks </span><span class="cov0" title="0">{
-                        pushArgs = append(pushArgs, "--no-verify")
-                }</span>
-                <span class="cov0" title="0">pushArgs = append(pushArgs, string(remote))
-                out, err := runCommand("git", pushArgs...)
-                if err != nil </span><span class="cov0" title="0">{
-                        msg := strings.TrimSpace(string(out))
-                        if msg == "" </span><span class="cov0" title="0">{
-                                msg = err.Error()
-                        }</span>
-                        <span class="cov0" title="0">return fmt.Errorf("git push failed for remote %q: %s", remote, msg)</span>
-                }
-                <span class="cov0" title="0">return nil</span>
-        },
-}
+        remote, err := cfg.GetDefaultRemote()
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Debug(fmt.Sprintf("Warning. Error getting default remote: %v", err))
+                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting default remote:", err)
+                return nil
+        }</span>
 
-func init() <span class="cov1" title="1">{
-        Cmd.Flags().BoolVar(&amp;pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
-}</span>
-</pre>
-		
-		<pre class="file" id="file18" style="display: none">package query
+        <span class="cov0" title="0">remoteConfig := cfg.GetRemote(remote)
+        if remoteConfig == nil </span><span class="cov0" title="0">{
+                fmt.Fprintln(os.Stderr, "Warning. Skipping DRS preparation. Error getting remote configuration.")
+                myLogger.Debug("Warning. Skipping DRS preparation. Error getting remote configuration.")
+                return nil
+        }</span>
+        <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remote, myLogger)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-import (
-        "context"
-        "fmt"
-        "strings"
+        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(
+                remoteConfig.GetOrganization(),
+                remoteConfig.GetProjectId(),
+                remoteConfig.GetBucketName(),
+                remoteConfig.GetStoragePrefix(),
+        )
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/drslookup"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
-        "github.com/spf13/cobra"
-)
+        <span class="cov0" title="0">builder := drsobject.NewBuilder(scope.Bucket, remoteConfig.GetProjectId())
+        builder.Organization = remoteConfig.GetOrganization()
+        builder.StoragePrefix = scope.Prefix
+        myLogger.Debug(fmt.Sprintf("Current server project: %s (org: %s)", builder.Project, builder.Organization))
 
-var remote string
-var checksum = false
-var pretty = false
+        tmp, err := bufferStdin(stdin, s.createTempFile)
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("error buffering stdin: %v", err))
+                return err
+        }</span>
+        <span class="cov0" title="0">defer func() </span><span class="cov0" title="0">{
+                _ = tmp.Close()
+                _ = os.Remove(tmp.Name())
+        }</span>()
 
-func queryByChecksum(ctx context.Context, gc *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
-        hashType := checksumTypeForString(checksum)
-        if hashType != hash.ChecksumTypeSHA256.String() </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("checksum lookup currently only supports sha256 (got %q); non-sha256 support is tracked in syfon DRSService.GetObjectsByChecksum", hashType)
+        <span class="cov0" title="0">refs, err := readPushedRefs(tmp)
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("error reading pushed refs: %v", err))
+                return err
         }</span>
-        <span class="cov0" title="0">return drslookup.ObjectsByHashForScope(ctx, gc, checksum)</span>
-}
+        <span class="cov0" title="0">if _, err := drsdelete.ReconcileCommittedDeletes(ctx, drsClient, drsDeleteRefs(refs), myLogger); err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("delete reconciliation failed: %v", err))
+                return err
+        }</span>
+        <span class="cov0" title="0">branches := branchesFromRefs(refs)
 
-func checksumTypeForString(sum string) string <span class="cov10" title="5">{
-        switch len(strings.TrimSpace(sum)) </span>{
-        case 32:<span class="cov1" title="1">
-                return "md5"</span>
-        case 40:<span class="cov1" title="1">
-                return "sha1"</span>
-        case 64:<span class="cov1" title="1">
-                return "sha256"</span>
-        case 128:<span class="cov1" title="1">
-                return "sha512"</span>
-        default:<span class="cov1" title="1">
-                return string(hash.NormalizeChecksumType(sum))</span>
-        }
-}
+        cache, cacheReady := openCache(ctx, myLogger)
+        lfsFiles, usedCache, err := collectLfsFiles(ctx, cache, cacheReady, gitRemoteName, gitRemoteLocation, branches, refs, myLogger)
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("error collecting LFS files: %v", err))
+                return err
+        }</span>
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "query &lt;drs_id&gt;",
-        Short: "Query DRS server by DRS ID",
-        Long:  "Query DRS server by DRS ID",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                if len(args) != 1 </span><span class="cov0" title="0">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: requires exactly 1 argument (DRS ID), received %d\n\nUsage: %s\n\nSee 'git drs query --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                logger := drslog.GetLogger()
+        <span class="cov0" title="0">myLogger.Debug(fmt.Sprintf("Preparing DRS objects for push branches: %v (cache=%v)", branches, usedCache))
+        err = s.writeDrsObjects(builder, lfsFiles, drsmap.WriteOptions{
+                Cache:          cache,
+                PreferCacheURL: usedCache,
+                Logger:         myLogger,
+        })
+        if err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("WriteObjectsForLFSFiles failed: %v", err))
+                return err
+        }</span>
 
-                cfg, err := config.LoadConfig()
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
+        // Stage metadata in one packet; server consumes it at LFS verify-time.
+        <span class="cov0" title="0">myLogger.Info(fmt.Sprintf("Staging %d DRS metadata records for LFS verify", len(lfsFiles)))
+        if err := submitPendingLFSMeta(ctx, remote, remoteConfig.GetEndpoint(), lfsFiles, myLogger); err != nil </span><span class="cov0" title="0">{
+                myLogger.Error(fmt.Sprintf("DRS metadata staging failed: %v", err))
+                return fmt.Errorf("DRS metadata staging failed: %w", err)
+        }</span>
 
-                <span class="cov0" title="0">remoteName, err := cfg.GetRemoteOrDefault(remote)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error getting remote: %v", err))
-                        return err
-                }</span>
+        <span class="cov0" title="0">myLogger.Info("~~~~~~~~~~~~~ COMPLETED: pre-push ~~~~~~~~~~~~~")
+        return nil</span>
+}
 
-                <span class="cov0" title="0">gc, err := cfg.GetRemoteClient(remoteName, logger)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
+type metadataSubmitRequest struct {
+        Candidates []metadataCandidate `json:"candidates"`
+        TTLSeconds int64               `json:"ttl_seconds,omitempty"`
+}
 
-                <span class="cov0" title="0">if checksum </span><span class="cov0" title="0">{
-                        objs, err := queryByChecksum(context.Background(), gc, args[0])
-                        if err != nil </span><span class="cov0" title="0">{
-                                return err
-                        }</span>
-                        <span class="cov0" title="0">for _, drsObj := range objs </span><span class="cov0" title="0">{
-                                if err := common.PrintDRSObject(drsObj, pretty); err != nil </span><span class="cov0" title="0">{
-                                        return err
-                                }</span>
-                        }
-                        <span class="cov0" title="0">return nil</span>
-                }
+type metadataChecksum struct {
+        Type     string `json:"type"`
+        Checksum string `json:"checksum"`
+}
 
-                <span class="cov0" title="0">obj, err := gc.Client.DRS().GetObject(context.Background(), args[0])
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">return common.PrintDRSObject(obj, pretty)</span>
-        },
+type metadataAccessURL struct {
+        URL string `json:"url,omitempty"`
 }
 
-func init() <span class="cov1" title="1">{
-        Cmd.Flags().StringVarP(&amp;remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
-        Cmd.Flags().BoolVarP(&amp;checksum, "checksum", "c", checksum, "Find by checksum")
-        Cmd.Flags().BoolVarP(&amp;pretty, "pretty", "p", pretty, "Print indented JSON")
-}</span>
-</pre>
-		
-		<pre class="file" id="file19" style="display: none">package add
+type metadataAccessMethod struct {
+        Type           string              `json:"type,omitempty"`
+        AccessURL      metadataAccessURL   `json:"access_url,omitempty"`
+        AccessID       string              `json:"access_id,omitempty"`
+        Region         string              `json:"region,omitempty"`
+        Authorizations map[string][]string `json:"authorizations,omitempty"`
+}
 
-import (
-        "context"
-        "fmt"
-        "log/slog"
-        "strings"
+type metadataCandidate struct {
+        Id            string                 `json:"id,omitempty"`
+        Name          string                 `json:"name,omitempty"`
+        Size          int64                  `json:"size"`
+        Version       string                 `json:"version,omitempty"`
+        MimeType      string                 `json:"mime_type,omitempty"`
+        Checksums     []metadataChecksum     `json:"checksums"`
+        AccessMethods []metadataAccessMethod `json:"access_methods,omitempty"`
+        Description   string                 `json:"description,omitempty"`
+        Aliases       []string               `json:"aliases,omitempty"`
+}
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/calypr/syfon/client/conf"
-        "github.com/spf13/cobra"
-)
-
-var Gen3Cmd = &amp;cobra.Command{
-        Use: "gen3 [remote-name]",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                if len(args) &gt; 1 </span><span class="cov0" title="0">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                logg := drslog.GetLogger()
-
-                // make sure at least one of the credentials params is provided
-                if credFile == "" &amp;&amp; fenceToken == "" &amp;&amp; len(args) == 0 </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error: Gen3 requires a credentials file or accessToken to setup project locally. Please provide either a --cred or --token flag. See 'git drs remote add gen3 --help' for more details")
-                }</span>
-
-                <span class="cov0" title="0">remoteName := config.ORIGIN
-                if len(args) &gt; 0 </span><span class="cov0" title="0">{
-                        remoteName = args[0]
-                }</span>
-
-                <span class="cov0" title="0">err := gen3Init(remoteName, credFile, fenceToken, project, organization, bucket, logg)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("error configuring gen3 server: %v", err)
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        },
-}
-
-func gen3Init(remoteName, credFile, fenceToken, project, organization, bucket string, logg *slog.Logger) error <span class="cov0" title="0">{
-        if remoteName == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
+func toMetadataCandidate(c drsapi.DrsObjectCandidate) metadataCandidate <span class="cov8" title="9">{
+        name := ""
+        if c.Name != nil </span><span class="cov8" title="9">{
+                name = *c.Name
         }</span>
-        <span class="cov0" title="0">if project == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("project is required for Gen3 remote")
+        <span class="cov8" title="9">mimeType := ""
+        if c.MimeType != nil </span><span class="cov0" title="0">{
+                mimeType = *c.MimeType
         }</span>
-
-        <span class="cov0" title="0">resolvedBucket := strings.TrimSpace(bucket)
-        resolvedStoragePrefix := ""
-        if strings.TrimSpace(organization) != "" </span><span class="cov0" title="0">{
-                scope, err := gitrepo.ResolveBucketScope(organization, project, resolvedBucket, "")
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
-                }</span>
-                <span class="cov0" title="0">resolvedBucket = strings.TrimSpace(scope.Bucket)
-                resolvedStoragePrefix = strings.TrimSpace(scope.Prefix)</span>
+        <span class="cov8" title="9">description := ""
+        if c.Description != nil </span><span class="cov0" title="0">{
+                description = *c.Description
+        }</span>
+        <span class="cov8" title="9">aliases := []string(nil)
+        if c.Aliases != nil </span><span class="cov0" title="0">{
+                aliases = append([]string(nil), (*c.Aliases)...)
+        }</span>
+        <span class="cov8" title="9">out := metadataCandidate{
+                Name:        name,
+                Size:        c.Size,
+                Version:     "",
+                MimeType:    mimeType,
+                Description: description,
+                Aliases:     aliases,
         }
-        <span class="cov0" title="0">if resolvedBucket == "" </span><span class="cov0" title="0">{
-                if strings.TrimSpace(organization) == "" </span><span class="cov0" title="0">{
-                        return fmt.Errorf("bucket is required when organization is empty")
-                }</span>
-                <span class="cov0" title="0">if strings.TrimSpace(resolvedBucket) == "" </span><span class="cov0" title="0">{
-                        return fmt.Errorf("bucket is required (or configure mapping first with `git drs bucket add-project --organization %s --project %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`)", organization, project)
+        if c.Version != nil </span><span class="cov0" title="0">{
+                out.Version = *c.Version
+        }</span>
+
+        <span class="cov8" title="9">if len(c.Checksums) &gt; 0 </span><span class="cov8" title="9">{
+                out.Checksums = make([]metadataChecksum, 0, len(c.Checksums))
+                for _, cs := range c.Checksums </span><span class="cov8" title="9">{
+                        out.Checksums = append(out.Checksums, metadataChecksum{
+                                Type:     string(cs.Type),
+                                Checksum: cs.Checksum,
+                        })
                 }</span>
         }
 
-        <span class="cov0" title="0">var accessToken, apiKey, keyID, apiEndpoint string
-        configure := conf.NewConfigure(logg)
-        switch </span>{
-        case fenceToken != "":<span class="cov0" title="0">
-                accessToken = fenceToken
-                var err error
-                apiEndpoint, err = common.ParseAPIEndpointFromToken(accessToken)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to parse API endpoint from provided access token: %w", err)
-                }</span>
+        <span class="cov8" title="9">if c.AccessMethods != nil &amp;&amp; len(*c.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
+                out.AccessMethods = make([]metadataAccessMethod, 0, len(*c.AccessMethods))
+                for _, am := range *c.AccessMethods </span><span class="cov0" title="0">{
+                        accID := ""
+                        if am.AccessId != nil </span><span class="cov0" title="0">{
+                                accID = *am.AccessId
+                        }</span>
+                        <span class="cov0" title="0">region := ""
+                        if am.Region != nil </span><span class="cov0" title="0">{
+                                region = *am.Region
+                        }</span>
+                        <span class="cov0" title="0">accURL := ""
+                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
+                                accURL = am.AccessUrl.Url
+                        }</span>
+                        <span class="cov0" title="0">m := metadataAccessMethod{
+                                Type:     string(am.Type),
+                                AccessID: accID,
+                                Region:   region,
+                                AccessURL: metadataAccessURL{
+                                        URL: accURL,
+                                },
+                        }
+                        out.AccessMethods = append(out.AccessMethods, m)</span>
+                }
+        }
 
-        case credFile != "":<span class="cov0" title="0">
-                cred, err := configure.Import(credFile, "")
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to read credentials file %s: %w", credFile, err)
-                }</span>
-                <span class="cov0" title="0">accessToken = cred.AccessToken
-                apiKey = cred.APIKey
-                keyID = cred.KeyID
+        <span class="cov8" title="9">return out</span>
+}
 
-                apiEndpoint, err = common.ParseAPIEndpointFromToken(cred.APIKey)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to parse API endpoint from API key in credentials file: %w", err)
-                }</span>
+func submitPendingLFSMeta(ctx context.Context, remote config.Remote, endpoint string, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error <span class="cov8" title="9">{
+        base := strings.TrimRight(strings.TrimSpace(endpoint), "/")
+        if base == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote endpoint is empty")
+        }</span>
+        <span class="cov8" title="9">url := base + "/info/lfs/objects/metadata"
 
-        default:<span class="cov0" title="0">
-                existing, err := configure.Load(remoteName)
-                if err == nil </span><span class="cov0" title="0">{
-                        accessToken = existing.AccessToken
-                        apiKey = existing.APIKey
-                        keyID = existing.KeyID
-                        apiEndpoint = existing.APIEndpoint
-                }</span> else<span class="cov0" title="0"> {
-                        return fmt.Errorf("must provide either --cred or --token (or have existing profile %s)", remoteName)
-                }</span>
+        candidates := make([]metadataCandidate, 0, len(lfsFiles))
+        for _, file := range lfsFiles </span><span class="cov8" title="9">{
+                obj, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
+                if err != nil || obj == nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("skipping oid %s: local DRS object not found", file.Oid))
+                        continue</span>
+                }
+                <span class="cov8" title="9">candidates = append(candidates, toMetadataCandidate(drsobject.ConvertToCandidate(obj)))</span>
         }
-
-        <span class="cov0" title="0">if apiEndpoint == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("could not determine Gen3 API endpoint")
+        <span class="cov8" title="9">if len(candidates) == 0 </span><span class="cov0" title="0">{
+                logger.Debug("no metadata candidates to stage")
+                return nil
         }</span>
 
-        <span class="cov0" title="0">remoteGen3 := config.RemoteSelect{
-                Gen3: &amp;config.Gen3Remote{
-                        Endpoint:      apiEndpoint,
-                        ProjectID:     project,
-                        Organization:  organization,
-                        Bucket:        resolvedBucket,
-                        StoragePrefix: resolvedStoragePrefix,
-                },
+        <span class="cov8" title="9">reqBody := metadataSubmitRequest{
+                Candidates: candidates,
+                TTLSeconds: int64((20 * time.Minute).Seconds()),
         }
+        payload, err := json.Marshal(reqBody)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to encode pending metadata request: %w", err)
+        }</span>
 
-        remote := config.Remote(remoteName)
-        if _, err := config.UpdateRemote(remote, remoteGen3); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to update remote config: %w", err)
+        <span class="cov8" title="9">httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(payload))
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to create pending metadata request: %w", err)
+        }</span>
+        <span class="cov8" title="9">httpReq.Header.Set("Content-Type", "application/vnd.git-lfs+json")
+        httpReq.Header.Set("Accept", "application/vnd.git-lfs+json")
+        if authHeader, ok := resolveRemoteAuthHeader(string(remote)); ok </span><span class="cov3" title="2">{
+                httpReq.Header.Set("Authorization", authHeader)
         }</span>
-        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
 
-        // Step 3: Ensure credential profile is up-to-date (refreshes token if needed)
-        cred := &amp;conf.Credential{
-                Profile:            remoteName,
-                APIEndpoint:        apiEndpoint,
-                APIKey:             apiKey,
-                KeyID:              keyID,
-                AccessToken:        accessToken, // may be stale
-                UseShepherd:        "false",     // or preserve from existing?
-                MinShepherdVersion: "",
+        <span class="cov8" title="9">client := pendingMetadataClientFactory()
+        resp, err := client.Do(httpReq)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("pending metadata request failed: %w", err)
+        }</span>
+        <span class="cov8" title="9">defer resp.Body.Close()
+
+        if resp.StatusCode &lt; 200 || resp.StatusCode &gt;= 300 </span><span class="cov7" title="6">{
+                body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
+                bodyText := strings.TrimSpace(string(body))
+                // Some deployments do not yet expose /info/lfs/objects/metadata.
+                // Treat this as optional capability and continue with push flow.
+                switch resp.StatusCode </span>{
+                case http.StatusNotFound, http.StatusMethodNotAllowed, http.StatusNotImplemented:<span class="cov4" title="3">
+                        logger.Warn(fmt.Sprintf("metadata staging endpoint unavailable (status=%d); continuing without staged metadata", resp.StatusCode))
+                        return nil</span>
+                }
+                // Some reverse proxies/frontends may return HTML 404/maintenance pages with 5xx.
+                // If this looks like non-API HTML and not a structured LFS error, degrade gracefully.
+                <span class="cov4" title="3">if strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "text/html") </span><span class="cov1" title="1">{
+                        logger.Warn(fmt.Sprintf("metadata staging returned HTML response (status=%d); continuing without staged metadata", resp.StatusCode))
+                        return nil
+                }</span>
+                <span class="cov3" title="2">return fmt.Errorf("pending metadata request failed: status=%d body=%s", resp.StatusCode, bodyText)</span>
         }
+        <span class="cov4" title="3">return nil</span>
+}
 
-        if err := gitauth.EnsureValidCredential(context.Background(), cred, logg); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", err)
+func resolveRemoteAuthHeader(remoteName string) (string, bool) <span class="cov10" title="12">{
+        if token, err := gitrepo.GetRemoteToken(remoteName); err == nil </span><span class="cov10" title="12">{
+                if token = strings.TrimSpace(token); token != "" </span><span class="cov3" title="2">{
+                        return "Bearer " + token, true
+                }</span>
+        }
+        <span class="cov9" title="10">username, password, err := gitrepo.GetRemoteBasicAuth(remoteName)
+        if err != nil || username == "" || password == "" </span><span class="cov8" title="8">{
+                return "", false
         }</span>
+        <span class="cov3" title="2">creds := username + ":" + password
+        return "Basic " + base64.StdEncoding.EncodeToString([]byte(creds)), true</span>
+}
 
-        <span class="cov0" title="0">if err := configure.Save(cred); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
+func parseRemoteArgs(args []string) (string, string) <span class="cov0" title="0">{
+        var gitRemoteName, gitRemoteLocation string
+        if len(args) &gt;= 1 </span><span class="cov0" title="0">{
+                gitRemoteName = args[0]
         }</span>
-        // Configure stock git credential plumbing for lfs + persist the refreshed token locally.
-        <span class="cov0" title="0">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to configure git credential helper: %w", err)
+        <span class="cov0" title="0">if len(args) &gt;= 2 </span><span class="cov0" title="0">{
+                gitRemoteLocation = args[1]
         }</span>
-        <span class="cov0" title="0">if err := gitrepo.SetRemoteLFSURL(remoteName, apiEndpoint); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to set lfs url for remote %s: %w", remoteName, err)
+        <span class="cov0" title="0">if gitRemoteName == "" </span><span class="cov0" title="0">{
+                gitRemoteName = "origin"
         }</span>
-        <span class="cov0" title="0">if strings.TrimSpace(cred.AccessToken) != "" </span><span class="cov0" title="0">{
-                if err := gitrepo.SetRemoteToken(remoteName, strings.TrimSpace(cred.AccessToken)); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to persist repo token for remote %s: %w", remoteName, err)
+        <span class="cov0" title="0">return gitRemoteName, gitRemoteLocation</span>
+}
+
+func openCache(ctx context.Context, logger *slog.Logger) (*precommit_cache.Cache, bool) <span class="cov0" title="0">{
+        cache, err := precommit_cache.Open(ctx)
+        if err != nil </span><span class="cov0" title="0">{
+                logger.Debug(fmt.Sprintf("pre-commit cache unavailable: %v", err))
+                return nil, false
+        }</span>
+        <span class="cov0" title="0">if _, err := os.Stat(cache.Root); err != nil </span><span class="cov0" title="0">{
+                if os.IsNotExist(err) </span><span class="cov0" title="0">{
+                        logger.Debug("pre-commit cache missing; continuing without cache")
+                }</span> else<span class="cov0" title="0"> {
+                        logger.Debug(fmt.Sprintf("pre-commit cache access error: %v", err))
                 }</span>
+                <span class="cov0" title="0">return nil, false</span>
         }
-
-        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Gen3 profile '%s' configured and token refreshed successfully", remoteName))
-        return nil</span>
+        <span class="cov0" title="0">return cache, true</span>
 }
-</pre>
-		
-		<pre class="file" id="file20" style="display: none">package add
-
-import "github.com/spf13/cobra"
 
-var (
-        apiEndpoint   string
-        bucket        string
-        credFile      string
-        fenceToken    string
-        localPassword string
-        localUsername string
-        project       string
-        organization  string
-)
-
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "add",
-        Short: "add server access for git-drs",
+func collectLfsFiles(ctx context.Context, cache *precommit_cache.Cache, cacheReady bool, gitRemoteName, gitRemoteLocation string, branches []string, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov0" title="0">{
+        if cacheReady </span><span class="cov0" title="0">{
+                lfsFiles, ok, err := lfsFilesFromCache(ctx, cache, refs, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("pre-commit cache read failed: %v", err))
+                }</span> else<span class="cov0" title="0"> if ok </span><span class="cov0" title="0">{
+                        return lfsFiles, true, nil
+                }</span>
+                <span class="cov0" title="0">logger.Debug("pre-commit cache incomplete or stale; falling back to LFS discovery")</span>
+        }
+        <span class="cov0" title="0">lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, false, err
+        }</span>
+        <span class="cov0" title="0">return lfsFiles, false, nil</span>
 }
 
-func init() <span class="cov8" title="1">{
-        Gen3Cmd.Flags().StringVar(&amp;apiEndpoint, "url", "", "[gen3] Specify the API endpoint of the data commons")
-        Gen3Cmd.Flags().StringVar(&amp;bucket, "bucket", "", "[gen3] Specify the bucket name")
-        Gen3Cmd.Flags().StringVar(&amp;credFile, "cred", "", "[gen3] Specify the gen3 credential file that you want to use")
-        Gen3Cmd.Flags().StringVar(&amp;fenceToken, "token", "", "[gen3] Specify the token to be used as a replacement for a credential file for temporary access")
-        Gen3Cmd.Flags().StringVar(&amp;project, "project", "", "[gen3] Specify the gen3 project ID in the format &lt;program&gt;-&lt;project&gt;")
-        Gen3Cmd.Flags().StringVar(&amp;organization, "organization", "", "[gen3] Optional organization/program scope (use with --project as project id)")
+const cacheMaxAge = 24 * time.Hour
 
-        Cmd.AddCommand(Gen3Cmd)
-        LocalCmd.Flags().StringVarP(&amp;project, "project", "p", "", "Project ID")
-        LocalCmd.Flags().StringVar(&amp;bucket, "bucket", "", "Bucket Name")
-        LocalCmd.Flags().StringVar(&amp;organization, "organization", "", "Organization Name")
-        LocalCmd.Flags().StringVar(&amp;localUsername, "username", "", "Username for local DRS HTTP basic auth")
-        LocalCmd.Flags().StringVar(&amp;localPassword, "password", "", "Password for local DRS HTTP basic auth")
-        Cmd.AddCommand(LocalCmd)
+var pendingMetadataClientFactory = func() *http.Client <span class="cov0" title="0">{
+        return &amp;http.Client{Timeout: 20 * time.Second}
 }</span>
+
+func normalizeCachedOID(oid string) string <span class="cov4" title="3">{
+        normalized := strings.TrimSpace(oid)
+        if len(normalized) &gt;= len("sha256:") &amp;&amp; strings.EqualFold(normalized[:len("sha256:")], "sha256:") </span><span class="cov1" title="1">{
+                normalized = normalized[len("sha256:"):]
+        }</span>
+        <span class="cov4" title="3">return strings.TrimSpace(normalized)</span>
+}
+
+func lfsFilesFromCache(ctx context.Context, cache *precommit_cache.Cache, refs []pushedRef, logger *slog.Logger) (map[string]lfs.LfsFileInfo, bool, error) <span class="cov4" title="3">{
+        if cache == nil </span><span class="cov0" title="0">{
+                return nil, false, nil
+        }</span>
+        <span class="cov4" title="3">paths, err := listPushedPaths(ctx, refs)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, false, err
+        }</span>
+        <span class="cov4" title="3">lfsFiles := make(map[string]lfs.LfsFileInfo, len(paths))
+        for _, path := range paths </span><span class="cov4" title="3">{
+                entry, ok, err := cache.ReadPathEntry(path)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, false, err
+                }</span>
+                <span class="cov4" title="3">if !ok </span><span class="cov0" title="0">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov4" title="3">oid := normalizeCachedOID(entry.LFSOID)
+                if oid == "" </span><span class="cov0" title="0">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov4" title="3">if entry.UpdatedAt == "" || precommit_cache.StaleAfter(entry.UpdatedAt, cacheMaxAge) </span><span class="cov1" title="1">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov3" title="2">stat, err := os.Stat(path)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("cache path stat failed for %s: %v", path, err))
+                        return nil, false, nil
+                }</span>
+                <span class="cov3" title="2">lfsFiles[path] = lfs.LfsFileInfo{
+                        Name:    path,
+                        Size:    stat.Size(),
+                        OidType: "sha256",
+                        Oid:     oid,
+                        Version: "https://git-lfs.github.com/spec/v1",
+                }</span>
+        }
+        <span class="cov3" title="2">return lfsFiles, true, nil</span>
+}
+
+func listPushedPaths(ctx context.Context, refs []pushedRef) ([]string, error) <span class="cov4" title="3">{
+        const zeroSHA = "0000000000000000000000000000000000000000"
+        set := make(map[string]struct{})
+        for _, ref := range refs </span><span class="cov4" title="3">{
+                if ref.LocalSHA == "" || ref.LocalSHA == zeroSHA </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="3">var args []string
+                if ref.RemoteSHA == "" || ref.RemoteSHA == zeroSHA </span><span class="cov1" title="1">{
+                        args = []string{"ls-tree", "-r", "--name-only", ref.LocalSHA}
+                }</span> else<span class="cov3" title="2"> {
+                        args = []string{"diff", "--name-only", ref.RemoteSHA, ref.LocalSHA}
+                }</span>
+                <span class="cov4" title="3">out, err := gitOutput(ctx, args...)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov4" title="3">for _, line := range strings.Split(strings.TrimSpace(out), "\n") </span><span class="cov4" title="3">{
+                        line = strings.TrimSpace(line)
+                        if line == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov4" title="3">set[line] = struct{}{}</span>
+                }
+        }
+        <span class="cov4" title="3">paths := make([]string, 0, len(set))
+        for path := range set </span><span class="cov4" title="3">{
+                paths = append(paths, path)
+        }</span>
+        <span class="cov4" title="3">sort.Strings(paths)
+        return paths, nil</span>
+}
+
+func gitOutput(ctx context.Context, args ...string) (string, error) <span class="cov4" title="3">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Env = os.Environ()
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
+        }</span>
+        <span class="cov4" title="3">return string(out), nil</span>
+}
 </pre>
 		
-		<pre class="file" id="file21" style="display: none">package add
+		<pre class="file" id="file18" style="display: none">package prepush
 
 import (
-        "fmt"
+        "bufio"
+        "io"
+        "sort"
         "strings"
 
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/spf13/cobra"
+        "github.com/calypr/git-drs/internal/drsdelete"
 )
 
-var LocalCmd = &amp;cobra.Command{
-        Use:   "local &lt;remote-name&gt; &lt;url&gt;",
-        Short: "Add a local DRS server",
-        Long:  "Add a local DRS server by specifying its base URL, e.g., http://localhost:8000. Optional --username/--password configures basic auth for git-lfs and helper flows.",
-        Args:  cobra.ExactArgs(2),
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                remoteName := args[0]
-                url := args[1]
-
-                if url == "" </span><span class="cov0" title="0">{
-                        return fmt.Errorf("URL cannot be empty")
-                }</span>
+type pushedRef struct {
+        LocalRef  string
+        LocalSHA  string
+        RemoteRef string
+        RemoteSHA string
+}
 
-                <span class="cov0" title="0">remoteSelect := config.RemoteSelect{
-                        Local: &amp;config.LocalRemote{
-                                BaseURL:      url,
-                                ProjectID:    project,
-                                Bucket:       bucket,
-                                Organization: organization,
-                        },
+// readPushedRefs parses git's pre-push stdin format and rewinds the reader
+// before returning so callers can reuse the buffered input.
+func readPushedRefs(f io.ReadSeeker) ([]pushedRef, error) <span class="cov9" title="5">{
+        if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov9" title="5">scanner := bufio.NewScanner(f)
+        refs := make([]pushedRef, 0)
+        for scanner.Scan() </span><span class="cov10" title="6">{
+                fields := strings.Fields(scanner.Text())
+                if len(fields) &lt; 4 </span><span class="cov1" title="1">{
+                        continue</span>
                 }
+                <span class="cov9" title="5">refs = append(refs, pushedRef{
+                        LocalRef:  fields[0],
+                        LocalSHA:  fields[1],
+                        RemoteRef: fields[2],
+                        RemoteSHA: fields[3],
+                })</span>
+        }
+        <span class="cov9" title="5">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov9" title="5">if _, err := f.Seek(0, 0); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov9" title="5">return refs, nil</span>
+}
 
-                newConfig, err := config.UpdateRemote(config.Remote(remoteName), remoteSelect)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">if err := gitrepo.SetRemoteLFSURL(remoteName, url); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to configure lfs url for remote %q: %w", remoteName, err)
-                }</span>
-                <span class="cov0" title="0">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to configure git credential helper: %w", err)
-                }</span>
-                <span class="cov0" title="0">if strings.TrimSpace(localUsername) != "" || strings.TrimSpace(localPassword) != "" </span><span class="cov0" title="0">{
-                        if strings.TrimSpace(localUsername) == "" || strings.TrimSpace(localPassword) == "" </span><span class="cov0" title="0">{
-                                return fmt.Errorf("both --username and --password are required when configuring local basic auth")
-                        }</span>
-                        <span class="cov0" title="0">if err := gitrepo.SetRemoteBasicAuth(remoteName, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword)); err != nil </span><span class="cov0" title="0">{
-                                return fmt.Errorf("failed to configure local basic auth for remote %q: %w", remoteName, err)
+func branchesFromRefs(refs []pushedRef) []string <span class="cov9" title="5">{
+        const prefix = "refs/heads/"
+        set := make(map[string]struct{})
+        for _, ref := range refs </span><span class="cov9" title="5">{
+                if strings.HasPrefix(ref.LocalRef, prefix) </span><span class="cov7" title="4">{
+                        branch := strings.TrimPrefix(ref.LocalRef, prefix)
+                        if branch != "" </span><span class="cov7" title="4">{
+                                set[branch] = struct{}{}
                         }</span>
                 }
+        }
+        <span class="cov9" title="5">branches := make([]string, 0, len(set))
+        for branch := range set </span><span class="cov7" title="4">{
+                branches = append(branches, branch)
+        }</span>
+        <span class="cov9" title="5">sort.Strings(branches)
+        return branches</span>
+}
 
-                <span class="cov0" title="0">fmt.Printf("Added remote '%s'. Config: %v\n", remoteName, newConfig.GetRemote(config.Remote(remoteName)))
-                return nil</span>
-        },
+func drsDeleteRefs(refs []pushedRef) []drsdelete.RefUpdate <span class="cov0" title="0">{
+        out := make([]drsdelete.RefUpdate, 0, len(refs))
+        for _, ref := range refs </span><span class="cov0" title="0">{
+                out = append(out, drsdelete.RefUpdate{
+                        OldSHA: strings.TrimSpace(ref.RemoteSHA),
+                        NewSHA: strings.TrimSpace(ref.LocalSHA),
+                })
+        }</span>
+        <span class="cov0" title="0">return out</span>
 }
 </pre>
 		
-		<pre class="file" id="file22" style="display: none">package remote
+		<pre class="file" id="file19" style="display: none">package pull
 
 import (
+        "context"
         "fmt"
+        "io"
+        "log/slog"
+        "net/url"
+        "os"
+        "path/filepath"
+        "sort"
+        "strings"
 
+        "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
         "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/pathspec"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        sycommon "github.com/calypr/syfon/client/common"
         "github.com/spf13/cobra"
 )
 
-var ListCmd = &amp;cobra.Command{
-        Use:   "list",
-        Short: "List DRS repos",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="2">{
-                if len(args) != 0 </span><span class="cov1" title="1">{
+var includePatterns []string
+var dryRun bool
+
+var (
+        loadCfg         = config.LoadConfig
+        resolveRemote   = func(cfg *config.Config, name string) (config.Remote, error) <span class="cov0" title="0">{ return cfg.GetRemoteOrDefault(name) }</span>
+        newRemoteClient = func(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*config.GitContext, error) <span class="cov0" title="0">{
+                return cfg.GetRemoteClient(remote, logger)
+        }</span>
+        loadWorktreeInventory = lfs.GetWorktreeLfsFiles
+)
+
+var Cmd = &amp;cobra.Command{
+        Use:   "pull [remote-name]",
+        Short: "Download DRS pointer file content into the current checkout",
+        Long:  "Hydrate DRS/Git-LFS pointer files in the current checkout. By default this mirrors git lfs pull semantics for the worktree rather than running git pull.",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) &gt; 1 </span><span class="cov0" title="0">{
                         cmd.SilenceUsage = false
-                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs remote list --help' for more details", len(args), cmd.UseLine())
+                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs pull --help' for more details", len(args), cmd.UseLine())
                 }</span>
-                <span class="cov1" title="1">return nil</span>
+                <span class="cov0" title="0">return nil</span>
         },
         RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
                 logg := drslog.GetLogger()
-                cfg, err := config.LoadConfig()
+
+                cfg, err := loadCfg()
                 if err != nil </span><span class="cov0" title="0">{
-                        logg.Debug(fmt.Sprintf("Error loading config: %s", err))
-                        return err
+                        return fmt.Errorf("error loading config: %v", err)
                 }</span>
 
-                <span class="cov1" title="1">for name, remoteSelect := range cfg.Remotes </span><span class="cov1" title="1">{
-                        // Determine if this is the default
-                        isDefault := name == cfg.DefaultRemote
-                        marker := " "
-                        if isDefault </span><span class="cov1" title="1">{
-                                marker = "*"
+                <span class="cov1" title="1">var remote config.Remote
+                if len(args) &gt; 0 </span><span class="cov0" title="0">{
+                        remote = config.Remote(args[0])
+                }</span> else<span class="cov1" title="1"> {
+                        remote, err = resolveRemote(cfg, "")
+                        if err != nil </span><span class="cov0" title="0">{
+                                logg.Error(fmt.Sprintf("Error getting remote: %v", err))
+                                return err
                         }</span>
+                }
 
-                        // Determine remote type and endpoint
-                        <span class="cov1" title="1">var remoteType string
-                        var remote config.DRSRemote
-                        if remoteSelect.Gen3 != nil </span><span class="cov1" title="1">{
-                                remoteType = string(config.Gen3ServerType)
-                                remote = remoteSelect.Gen3
-                        }</span> else<span class="cov0" title="0"> if remoteSelect.Local != nil </span><span class="cov0" title="0">{
-                                remoteType = string(config.LocalServerType)
-                                remote = remoteSelect.Local
-                        }</span> else<span class="cov0" title="0"> {
-                                remoteType = "unknown"
-                        }</span>
+                <span class="cov1" title="1">drsCtx, err := newRemoteClient(cfg, remote, logg)
+                if err != nil </span><span class="cov0" title="0">{
+                        logg.Error(fmt.Sprintf("error creating DRS client: %s", err))
+                        return err
+                }</span>
 
-                        <span class="cov1" title="1">endpoint := "N/A"
-                        if remote != nil </span><span class="cov1" title="1">{
-                                endpoint = remote.GetEndpoint()
-                        }</span>
+                <span class="cov1" title="1">inventory, err := loadWorktreeInventory(logg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to discover pointer files in worktree: %w", err)
+                }</span>
+                <span class="cov1" title="1">pointers := collectPointerFiles(inventory, includePatterns)
+                if len(pointers) == 0 </span><span class="cov0" title="0">{
+                        logg.Debug("no matching pointer files to hydrate")
+                        return nil
+                }</span>
 
-                        <span class="cov1" title="1">fmt.Printf("%s %-10s %-8s %s\n", marker, name, remoteType, endpoint)</span>
+                <span class="cov1" title="1">progress := newPullProgressRenderer(os.Stderr)
+                progress.OnPlan(pointers)
+                defer progress.Finish()
+
+                if dryRun </span><span class="cov1" title="1">{
+                        for _, f := range pointers </span><span class="cov1" title="1">{
+                                if _, err := fmt.Fprintln(cmd.OutOrStdout(), f.Name); err != nil </span><span class="cov0" title="0">{
+                                        return err
+                                }</span>
+                        }
+                        <span class="cov1" title="1">return nil</span>
                 }
-                <span class="cov1" title="1">return nil</span>
-        },
-}
-</pre>
-		
-		<pre class="file" id="file23" style="display: none">package remote
 
-import (
-        "github.com/calypr/git-drs/cmd/remote/add"
-        "github.com/spf13/cobra"
-)
+                <span class="cov0" title="0">ctx := context.Background()
+                missingOIDs := make([]string, 0, len(pointers))
+                seenMissing := make(map[string]struct{}, len(pointers))
+                for _, f := range pointers </span><span class="cov0" title="0">{
+                        cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
+                        }</span>
+                        <span class="cov0" title="0">if _, err := os.Stat(cachePath); err == nil </span><span class="cov0" title="0">{
+                                continue</span>
+                        } else<span class="cov0" title="0"> if !os.IsNotExist(err) </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed to stat cached object for %s: %w", f.Oid, err)
+                        }</span>
+                        <span class="cov0" title="0">if _, seen := seenMissing[f.Oid]; seen </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov0" title="0">seenMissing[f.Oid] = struct{}{}
+                        missingOIDs = append(missingOIDs, f.Oid)</span>
+                }
 
-// Cmd line declaration
-var Cmd = &amp;cobra.Command{
-        Use:   "remote",
-        Short: "Manage remote DRS server configs",
+                <span class="cov0" title="0">if len(missingOIDs) &gt; 0 </span><span class="cov0" title="0">{
+                        prefetched := make(map[string]drsapi.DrsObject, len(missingOIDs))
+                        for _, oid := range missingOIDs </span><span class="cov0" title="0">{
+                                recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+                                if err != nil || len(recs) == 0 </span><span class="cov0" title="0">{
+                                        continue</span>
+                                }
+                                <span class="cov0" title="0">prefetched[oid] = recs[0]</span>
+                        }
+                        <span class="cov0" title="0">if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
+                                logg.Debug(fmt.Sprintf("prefetched %d objects for pull", len(prefetched)))
+                        }</span> else<span class="cov0" title="0"> {
+                                logg.Debug("bulk prefetch found no scoped objects; continuing per-object")
+                        }</span>
+
+                        <span class="cov0" title="0">prefetchedAccess := make(map[string]drsapi.AccessURL, len(prefetched))
+                        if len(prefetched) &gt; 0 </span><span class="cov0" title="0">{
+                                objects := make([]drsapi.DrsObject, 0, len(prefetched))
+                                for _, obj := range prefetched </span><span class="cov0" title="0">{
+                                        objects = append(objects, obj)
+                                }</span>
+                                <span class="cov0" title="0">if resolved, err := drsremote.BulkAccessURLsForObjects(ctx, drsCtx, objects); err == nil </span><span class="cov0" title="0">{
+                                        prefetchedAccess = resolved
+                                        logg.Debug(fmt.Sprintf("bulk access resolved %d URLs for pull", len(prefetchedAccess)))
+                                }</span> else<span class="cov0" title="0"> {
+                                        logg.Debug(fmt.Sprintf("bulk access prefetch failed; continuing per-object: %v", err))
+                                }</span>
+                        }
+                        <span class="cov0" title="0">for _, f := range pointers </span><span class="cov0" title="0">{
+                                dstPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
+                                if err != nil </span><span class="cov0" title="0">{
+                                        return fmt.Errorf("failed to resolve LFS object path for %s: %w", f.Oid, err)
+                                }</span>
+                                <span class="cov0" title="0">if _, err := os.Stat(dstPath); err == nil </span><span class="cov0" title="0">{
+                                        continue</span>
+                                } else<span class="cov0" title="0"> if !os.IsNotExist(err) </span><span class="cov0" title="0">{
+                                        return fmt.Errorf("failed to stat cache path %s: %w", dstPath, err)
+                                }</span>
+                                <span class="cov0" title="0">progress.OnDownloadStart(f)
+                                downloadCtx := progressContextForPointer(ctx, progress, f)
+                                if obj, ok := prefetched[f.Oid]; ok </span><span class="cov0" title="0">{
+                                        if accessURL, ok := prefetchedAccess[obj.Id]; ok </span><span class="cov0" title="0">{
+                                                objCopy := obj
+                                                if err := drsremote.DownloadResolvedToCachePath(downloadCtx, drsCtx, f.Oid, dstPath, &amp;objCopy, &amp;accessURL); err != nil </span><span class="cov0" title="0">{
+                                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
+                                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
+                                                }</span>
+                                                <span class="cov0" title="0">continue</span>
+                                        }
+                                }
+                                <span class="cov0" title="0">if err := drsremote.DownloadToCachePath(downloadCtx, drsCtx, logg, f.Oid, dstPath); err != nil </span><span class="cov0" title="0">{
+                                        debugCtx := buildPullDownloadDebugContext(ctx, drsCtx, f.Oid)
+                                        return fmt.Errorf("failed to download oid %s to %s: %w\npull-debug: %s", f.Oid, dstPath, err, debugCtx)
+                                }</span>
+                        }
+                } else<span class="cov0" title="0"> {
+                        logg.Debug("no missing pointer objects to download")
+                }</span>
+
+                <span class="cov0" title="0">if err := checkoutDownloadedFiles(pointers, progress); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+
+                <span class="cov0" title="0">return nil</span>
+        },
 }
 
-func init() <span class="cov8" title="1">{
-        Cmd.AddCommand(add.Cmd)
-        Cmd.AddCommand(ListCmd)
-        Cmd.AddCommand(SetCmd)
-}</span>
-</pre>
-		
-		<pre class="file" id="file24" style="display: none">package remote
+type pointerFile struct {
+        Name string
+        Oid  string
+        Size int64
+}
 
-import (
-        "fmt"
+func collectPointerFiles(inventory map[string]lfs.LfsFileInfo, patterns []string) []pointerFile <span class="cov4" title="2">{
+        keys := make([]string, 0, len(inventory))
+        for path := range inventory </span><span class="cov10" title="5">{
+                if !pathspec.MatchesAny(path, patterns) </span><span class="cov4" title="2">{
+                        continue</span>
+                }
+                <span class="cov7" title="3">keys = append(keys, path)</span>
+        }
+        <span class="cov4" title="2">sort.Strings(keys)
 
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/spf13/cobra"
-)
+        files := make([]pointerFile, 0, len(keys))
+        for _, path := range keys </span><span class="cov7" title="3">{
+                info := inventory[path]
+                files = append(files, pointerFile{Name: path, Oid: info.Oid, Size: info.Size})
+        }</span>
+        <span class="cov4" title="2">return files</span>
+}
 
-var SetCmd = &amp;cobra.Command{
-        Use:   "set &lt;remote-name&gt;",
-        Short: "Set the default DRS remote",
-        Long:  "Set which DRS remote to use by default for all operations",
-        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
-                if len(args) != 1 </span><span class="cov6" title="2">{
-                        cmd.SilenceUsage = false
-                        return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote set --help' for more details", len(args), cmd.UseLine())
+func progressContextForPointer(ctx context.Context, progress *pullProgressRenderer, file pointerFile) context.Context <span class="cov0" title="0">{
+        ctx = sycommon.WithOid(ctx, file.Name)
+        return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error </span><span class="cov0" title="0">{
+                if ev.Event != "progress" </span><span class="cov0" title="0">{
+                        return nil
                 }</span>
-                <span class="cov1" title="1">return nil</span>
-        },
-        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
-                remoteName := args[0]
-                logger := drslog.GetLogger()
+                <span class="cov0" title="0">progress.OnDownloadProgress(file.Name, ev.BytesSoFar, file.Size)
+                return nil</span>
+        })
+}
 
-                cfg, err := config.LoadConfig()
+func checkoutDownloadedFiles(files []pointerFile, progress *pullProgressRenderer) error <span class="cov0" title="0">{
+        for _, f := range files </span><span class="cov0" title="0">{
+                if strings.TrimSpace(f.Name) == "" || strings.TrimSpace(f.Oid) == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">srcPath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, f.Oid)
                 if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to load config: %w", err)
+                        return fmt.Errorf("failed to resolve cached object for %s: %w", f.Oid, err)
                 }</span>
-
-                // validate remote exists
-                <span class="cov0" title="0">remote := config.Remote(remoteName)
-                if _, ok := cfg.Remotes[remote]; !ok </span><span class="cov0" title="0">{
-                        availableRemotes := make([]string, 0, len(cfg.Remotes))
-                        for name := range cfg.Remotes </span><span class="cov0" title="0">{
-                                availableRemotes = append(availableRemotes, string(name))
+                <span class="cov0" title="0">src, err := os.Open(srcPath)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to read cached object %s: %w", srcPath, err)
+                }</span>
+                <span class="cov0" title="0">progress.OnCheckoutStart(f)
+                if dir := filepath.Dir(f.Name); dir != "." </span><span class="cov0" title="0">{
+                        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                                src.Close()
+                                return fmt.Errorf("failed to create directory for %s: %w", f.Name, err)
                         }</span>
-                        <span class="cov0" title="0">return fmt.Errorf(
-                                "remote '%s' not found.\nAvailable remotes: %v",
-                                remoteName,
-                                availableRemotes,
-                        )</span>
                 }
+                <span class="cov0" title="0">dst, err := os.OpenFile(f.Name, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
+                if err != nil </span><span class="cov0" title="0">{
+                        src.Close()
+                        return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
+                }</span>
+                <span class="cov0" title="0">if _, err := io.Copy(dst, src); err != nil </span><span class="cov0" title="0">{
+                        dst.Close()
+                        src.Close()
+                        return fmt.Errorf("failed to checkout %s: %w", f.Name, err)
+                }</span>
+                <span class="cov0" title="0">if err := dst.Close(); err != nil </span><span class="cov0" title="0">{
+                        src.Close()
+                        return fmt.Errorf("failed to finalize checkout for %s: %w", f.Name, err)
+                }</span>
+                <span class="cov0" title="0">if err := src.Close(); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to close cached object %s: %w", srcPath, err)
+                }</span>
+                <span class="cov0" title="0">progress.OnCompleted(f)</span>
+        }
+        <span class="cov0" title="0">return nil</span>
+}
 
-                // save new default
-                <span class="cov0" title="0">cfg.DefaultRemote = remote
+func buildPullDownloadDebugContext(ctx context.Context, drsCtx *config.GitContext, oid string) string <span class="cov0" title="0">{
+        recs, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Sprintf("oid=%s query_error=%v", oid, err)
+        }</span>
+        <span class="cov0" title="0">if len(recs) == 0 </span><span class="cov0" title="0">{
+                return fmt.Sprintf("oid=%s records=0", oid)
+        }</span>
 
-                if err := config.SaveConfig(cfg); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("failed to save config: %w", err)
-                }</span>
+        <span class="cov0" title="0">match := &amp;recs[0]
 
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Default remote set to: %s", remoteName))
-                return nil</span>
-        },
+        methods := make([]string, 0)
+        if match.AccessMethods != nil </span><span class="cov0" title="0">{
+                methods = make([]string, 0, len(*match.AccessMethods))
+                for _, am := range *match.AccessMethods </span><span class="cov0" title="0">{
+                        scheme := ""
+                        rawURL := ""
+                        if am.AccessUrl != nil </span><span class="cov0" title="0">{
+                                rawURL = strings.TrimSpace(am.AccessUrl.Url)
+                        }</span>
+                        <span class="cov0" title="0">if rawURL != "" </span><span class="cov0" title="0">{
+                                if parsed, parseErr := url.Parse(rawURL); parseErr == nil </span><span class="cov0" title="0">{
+                                        scheme = parsed.Scheme
+                                }</span>
+                        }
+                        <span class="cov0" title="0">accessID := ""
+                        if am.AccessId != nil </span><span class="cov0" title="0">{
+                                accessID = strings.TrimSpace(*am.AccessId)
+                        }</span>
+                        <span class="cov0" title="0">methods = append(methods, fmt.Sprintf("{type=%s access_id=%s url_scheme=%s url=%s}", am.Type, accessID, scheme, rawURL))</span>
+                }
+        }
+        <span class="cov0" title="0">return fmt.Sprintf("oid=%s did=%s size=%d access_methods=%s", oid, strings.TrimSpace(match.Id), match.Size, strings.Join(methods, ", "))</span>
 }
+
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().StringArrayVarP(&amp;includePatterns, "include", "I", nil, "include pathspec/glob pattern(s)")
+        Cmd.Flags().BoolVar(&amp;dryRun, "dry-run", false, "list matching pointer files without downloading them")
+}</span>
 </pre>
 		
-		<pre class="file" id="file25" style="display: none">package smudge
+		<pre class="file" id="file20" style="display: none">package pull
 
 import (
-        "context"
-        "errors"
         "fmt"
-        "os"
+        "io"
 
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslog"
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/spf13/cobra"
+        "github.com/calypr/git-drs/internal/progressui"
 )
 
-// Cmd implements `git drs smudge`, which mirrors `git lfs smudge` behavior.
-var Cmd = &amp;cobra.Command{
-        Use:   "smudge -- &lt;path&gt;",
-        Short: "Smudge a file by converting an LFS pointer to file content (invoked by git)",
-        Long: `git drs smudge reads potential LFS pointer content from stdin. If the input
-is a valid LFS pointer, it restores file content from the local LFS object cache
-or downloads it from the configured DRS remote. If no DRS remote is configured,
-the pointer is passed through unchanged. If the input is not an LFS pointer,
-content is passed through unchanged.
+const pullNonTTYProgressInterval = progressui.NonTTYProgressInterval
 
-This command mirrors 'git lfs smudge' and is intended to be configured as the
-git smudge filter:
+type pullProgressPhase string
 
-  git config filter.drs.smudge 'git-drs smudge -- %f'`,
-        Hidden: true,
-        Args:   cobra.ExactArgs(1),
-        RunE:   runSmudge,
+const (
+        pullProgressPending     pullProgressPhase = "pending"
+        pullProgressDownloading pullProgressPhase = "downloading"
+        pullProgressCheckingOut pullProgressPhase = "checking_out"
+        pullProgressCompleted   pullProgressPhase = "completed"
+)
+
+type pullFileProgress struct {
+        path    string
+        total   int64
+        current int64
+        phase   pullProgressPhase
 }
 
-func runSmudge(cmd *cobra.Command, args []string) error <span class="cov8" title="1">{
-        ctx := cmd.Context()
-        if ctx == nil </span><span class="cov8" title="1">{
-                ctx = context.Background()
-        }</span>
+type pullProgressRenderer struct {
+        base      *progressui.Renderer
+        planned   bool
+        files     map[string]*pullFileProgress
+        fileOrder []string
+}
 
-        <span class="cov8" title="1">pathname := args[0]
-        logger := drslog.GetLogger()
-        logger.Debug("smudge: starting", "pathname", pathname)
+func newPullProgressRenderer(out io.Writer) *pullProgressRenderer <span class="cov5" title="4">{
+        return &amp;pullProgressRenderer{
+                base:  progressui.NewRenderer(out),
+                files: make(map[string]*pullFileProgress),
+        }
+}</span>
 
-        cfg, err := config.LoadConfig()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: load config: %w", err)
-        }</span>
+func isPullWriterTTY(w io.Writer) bool <span class="cov0" title="0">{
+        return progressui.IsWriterTTY(w)
+}</span>
 
-        <span class="cov8" title="1">remote, err := cfg.GetDefaultRemote()
-        if err != nil </span><span class="cov8" title="1">{
-                if errors.Is(err, config.ErrNoDefaultRemote) </span><span class="cov8" title="1">{
-                        logger.Debug("smudge: no default remote configured; passing through pointer", "pathname", pathname)
-                        return lfs.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, nil)
-                }</span>
-                <span class="cov0" title="0">return fmt.Errorf("smudge: get default remote: %w", err)</span>
+func (r *pullProgressRenderer) render(force bool) <span class="cov8" title="14">{
+        lines := make([]string, 0, len(r.fileOrder))
+        for _, id := range r.fileOrder </span><span class="cov9" title="20">{
+                item := r.files[id]
+                if item == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov9" title="20">lines = append(lines, r.renderLine(item))</span>
         }
+        <span class="cov8" title="14">r.base.Render(force, lines)</span>
+}
 
-        <span class="cov0" title="0">drsCtx, err := cfg.GetRemoteClient(remote, logger)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: create DRS client: %w", err)
+func (r *pullProgressRenderer) OnPlan(files []pointerFile) <span class="cov5" title="4">{
+        r.planned = len(files) &gt; 0
+        r.files = make(map[string]*pullFileProgress, len(files))
+        r.fileOrder = r.fileOrder[:0]
+        for _, file := range files </span><span class="cov5" title="5">{
+                r.files[file.Name] = &amp;pullFileProgress{
+                        path:  file.Name,
+                        total: file.Size,
+                        phase: pullProgressPending,
+                }
+                r.fileOrder = append(r.fileOrder, file.Name)
+        }</span>
+        <span class="cov5" title="4">if r.planned </span><span class="cov5" title="4">{
+                r.render(true)
         }</span>
-
-        <span class="cov0" title="0">return lfs.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, func(callCtx context.Context, oid, cachePath string) error </span><span class="cov0" title="0">{
-                return lfs.DownloadToCachePath(callCtx, drsCtx, logger, oid, cachePath)
-        }</span>)
 }
 
-func init() {<span class="cov8" title="1">}</span>
-</pre>
-		
-		<pre class="file" id="file26" style="display: none">package track
-
-import (
-        "context"
-        "fmt"
-
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/spf13/cobra"
-)
-
-var (
-        gitLFSTrackPatterns = lfs.GitLFSTrackPatterns
-        gitLFSListPatterns  = lfs.GitLFSListTrackedPatterns
-)
-
-var Cmd = NewCommand()
-
-func NewCommand() *cobra.Command <span class="cov10" title="3">{
-        cmd := &amp;cobra.Command{
-                Use:   "track [pattern ...]",
-                Short: "Track files with Git LFS",
-                Long:  "Manage Git LFS tracking patterns. With no patterns, this lists tracked patterns.",
-                Args:  cobra.ArbitraryArgs,
-                RunE:  runTrack,
-        }
-
-        cmd.Flags().Bool("verbose", false, "show detailed output")
-        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
+func (r *pullProgressRenderer) OnDownloadStart(file pointerFile) <span class="cov4" title="3">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item, ok := r.files[file.Name]
+        if !ok </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item.path = file.Name
+        if file.Size &gt; 0 </span><span class="cov4" title="3">{
+                item.total = file.Size
+        }</span>
+        <span class="cov4" title="3">item.phase = pullProgressDownloading
+        r.render(false)</span>
+}
 
-        return cmd
-}</span>
+func (r *pullProgressRenderer) OnDownloadProgress(id string, bytesSoFar int64, total int64) <span class="cov4" title="3">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item, ok := r.files[id]
+        if !ok </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">if total &gt; 0 </span><span class="cov4" title="3">{
+                item.total = total
+        }</span>
+        <span class="cov4" title="3">if bytesSoFar &gt; item.current </span><span class="cov4" title="3">{
+                item.current = bytesSoFar
+        }</span>
+        <span class="cov4" title="3">item.phase = pullProgressDownloading
+        r.render(false)</span>
+}
 
-func runTrack(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
-        verbose, err := cmd.Flags().GetBool("verbose")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag verbose: %w", err)
+func (r *pullProgressRenderer) OnCheckoutStart(file pointerFile) <span class="cov1" title="1">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov6" title="2">dryRun, err := cmd.Flags().GetBool("dry-run")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag dry-run: %w", err)
+        <span class="cov1" title="1">item, ok := r.files[file.Name]
+        if !ok </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov1" title="1">item.phase = pullProgressCheckingOut
+        if item.total == 0 &amp;&amp; file.Size &gt; 0 </span><span class="cov0" title="0">{
+                item.total = file.Size
         }</span>
+        <span class="cov1" title="1">r.render(false)</span>
+}
 
-        <span class="cov6" title="2">ctx := cmd.Context()
-        if ctx == nil </span><span class="cov0" title="0">{
-                ctx = context.Background()
+func (r *pullProgressRenderer) OnCompleted(file pointerFile) <span class="cov4" title="3">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
+        }</span>
+        <span class="cov4" title="3">item, ok := r.files[file.Name]
+        if !ok </span><span class="cov0" title="0">{
+                return
         }</span>
+        <span class="cov4" title="3">if item.total == 0 &amp;&amp; file.Size &gt; 0 </span><span class="cov0" title="0">{
+                item.total = file.Size
+        }</span>
+        <span class="cov4" title="3">if item.total &gt; 0 </span><span class="cov4" title="3">{
+                item.current = item.total
+        }</span>
+        <span class="cov4" title="3">item.phase = pullProgressCompleted
+        r.render(false)</span>
+}
 
-        <span class="cov6" title="2">var out string
-        if len(args) == 0 </span><span class="cov1" title="1">{
-                out, err = gitLFSListPatterns(ctx, verbose)
-        }</span> else<span class="cov1" title="1"> {
-                out, err = gitLFSTrackPatterns(ctx, args, verbose, dryRun)
+func (r *pullProgressRenderer) Finish() <span class="cov1" title="1">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov6" title="2">if err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">lines := make([]string, 0, len(r.fileOrder))
+        for _, id := range r.fileOrder </span><span class="cov1" title="1">{
+                item := r.files[id]
+                if item == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">lines = append(lines, r.renderLine(item))</span>
+        }
+        <span class="cov1" title="1">r.base.Finish(lines)
+        r.planned = false</span>
+}
+
+func (r *pullProgressRenderer) renderLine(file *pullFileProgress) string <span class="cov10" title="21">{
+        label := "preparing pull"
+        if file != nil &amp;&amp; file.path != "" </span><span class="cov10" title="21">{
+                label = progressui.TrimLabel(file.path, 48)
         }</span>
 
-        <span class="cov6" title="2">if out != "" </span><span class="cov6" title="2">{
-                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+        <span class="cov10" title="21">prefix := ""
+        if file != nil </span><span class="cov10" title="21">{
+                switch file.phase </span>{
+                case pullProgressDownloading, pullProgressCheckingOut:<span class="cov6" title="7">
+                        if !(file.total &gt; 0 &amp;&amp; file.current &gt;= file.total) </span><span class="cov6" title="6">{
+                                prefix = r.base.Spinner() + " "
+                        }</span>
+                }
+        }
+
+        <span class="cov10" title="21">current := int64(0)
+        total := int64(0)
+        if file != nil </span><span class="cov10" title="21">{
+                current = file.current
+                total = file.total
         }</span>
-        <span class="cov6" title="2">return nil</span>
+        <span class="cov10" title="21">bar := progressui.RenderProgressBar(current, total, 24)
+        pct := progressui.RenderPercent(current, total)
+        bytesLabel := progressui.RenderByteProgress(current, total, current &gt;= total)
+
+        return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)</span>
 }
 </pre>
 		
-		<pre class="file" id="file27" style="display: none">package untrack
+		<pre class="file" id="file21" style="display: none">package push
 
 import (
         "context"
         "fmt"
+        "os"
+        "os/exec"
+        "strings"
 
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsdelete"
+        "github.com/calypr/git-drs/internal/drslog"
         "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/pushsync"
         "github.com/spf13/cobra"
 )
 
-var gitLFSUntrackPatterns = lfs.GitLFSUntrackPatterns
+var pushWithHooks bool
+var pushForceUpload bool
 
-var Cmd = NewCommand()
+var runCommand = func(name string, args ...string) ([]byte, error) <span class="cov0" title="0">{
+        cmd := exec.Command(name, args...)
+        return cmd.CombinedOutput()
+}</span>
 
-func NewCommand() *cobra.Command <span class="cov10" title="3">{
-        cmd := &amp;cobra.Command{
-                Use:   "untrack &lt;pattern&gt; [pattern ...]",
-                Short: "Stop tracking files with Git LFS",
-                Long:  "Remove one or more Git LFS tracking patterns.",
-                Args:  cobra.MinimumNArgs(1),
-                RunE:  runUntrack,
-        }
+var gitOutputFn = gitOutput
 
-        cmd.Flags().Bool("verbose", false, "show detailed output")
-        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
+var Cmd = &amp;cobra.Command{
+        Use:   "push [remote-name]",
+        Short: "Upload/register DRS objects and push Git refs",
+        Long:  "Performs git-drs managed upload/register flow (multipart for large files) and then runs git push (without pre-push hooks by default).",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
+                if len(args) &gt; 1 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts at most 1 argument (remote name), received %d\n\nUsage: %s\n\nSee 'git drs push --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov6" title="2">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+                myLogger := drslog.GetLogger()
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        myLogger.Debug(fmt.Sprintf("Error loading config: %v", err))
+                        return err
+                }</span>
 
-        return cmd
+                <span class="cov6" title="2">var remote config.Remote
+                if len(args) &gt; 0 </span><span class="cov0" title="0">{
+                        remote = config.Remote(args[0])
+                }</span> else<span class="cov6" title="2"> {
+                        remote, err = cfg.GetDefaultRemote()
+                        if err != nil </span><span class="cov6" title="2">{
+                                myLogger.Debug(fmt.Sprintf("Error getting default remote: %v", err))
+                                return err
+                        }</span>
+                }
+
+                <span class="cov0" title="0">drsClient, err := cfg.GetRemoteClient(remote, myLogger)
+                if err != nil </span><span class="cov0" title="0">{
+                        myLogger.Debug(fmt.Sprintf("Error creating DRS client: %s", err))
+                        return err
+                }</span>
+                <span class="cov0" title="0">drsClient.ForceUpload = pushForceUpload
+                lfsFiles, err := lfs.GetAllLfsFiles(string(remote), "", []string{"HEAD"}, myLogger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to discover LFS files to push: %w", err)
+                }</span>
+
+                <span class="cov0" title="0">ctx := context.Background()
+                deleteRefs, err := currentDeleteRefUpdates(ctx)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to resolve delete reconciliation base: %w", err)
+                }</span>
+                <span class="cov0" title="0">if _, err := drsdelete.ReconcileCommittedDeletes(ctx, drsClient, deleteRefs, myLogger); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to reconcile deletes: %w", err)
+                }</span>
+                <span class="cov0" title="0">progress := newUploadProgressRenderer(os.Stderr)
+                if err := pushsync.BatchSyncForPush(drsClient, ctx, lfsFiles, progress); err != nil </span><span class="cov0" title="0">{
+                        progress.Finish()
+                        return fmt.Errorf("failed batch register/upload workflow: %w", err)
+                }</span>
+                <span class="cov0" title="0">progress.Finish()
+                switch </span>{
+                case len(lfsFiles) == 0:<span class="cov0" title="0">
+                        fmt.Fprintln(os.Stdout, "No git-drs tracked files found; pushing Git refs only.")</span>
+                case !progress.HadUploads():<span class="cov0" title="0">
+                        fmt.Fprintln(os.Stdout, "No DRS payload uploads needed; all tracked objects are already available remotely.")</span>
+                }
+
+                <span class="cov0" title="0">pushArgs := []string{"push"}
+                if !pushWithHooks </span><span class="cov0" title="0">{
+                        pushArgs = append(pushArgs, "--no-verify")
+                }</span>
+                <span class="cov0" title="0">pushArgs = append(pushArgs, string(remote))
+                out, err := runCommand("git", pushArgs...)
+                if err != nil </span><span class="cov0" title="0">{
+                        msg := strings.TrimSpace(string(out))
+                        if msg == "" </span><span class="cov0" title="0">{
+                                msg = err.Error()
+                        }</span>
+                        <span class="cov0" title="0">return fmt.Errorf("git push failed for remote %q: %s", remote, msg)</span>
+                }
+                <span class="cov0" title="0">return nil</span>
+        },
+}
+
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().BoolVar(&amp;pushWithHooks, "with-hooks", false, "Run git push with local hooks enabled (invokes pre-push)")
+        Cmd.Flags().BoolVar(&amp;pushForceUpload, "force-upload", false, "Upload payload bytes even when a matching downloadable object already exists remotely")
 }</span>
 
-func runUntrack(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
-        verbose, err := cmd.Flags().GetBool("verbose")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag verbose: %w", err)
-        }</span>
-        <span class="cov1" title="1">dryRun, err := cmd.Flags().GetBool("dry-run")
+func currentDeleteRefUpdates(ctx context.Context) ([]drsdelete.RefUpdate, error) <span class="cov6" title="2">{
+        head, err := gitOutputFn(ctx, "rev-parse", "HEAD")
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("read flag dry-run: %w", err)
+                return nil, err
         }</span>
-
-        <span class="cov1" title="1">ctx := cmd.Context()
-        if ctx == nil </span><span class="cov0" title="0">{
-                ctx = context.Background()
+        <span class="cov6" title="2">upstream, err := gitOutputFn(ctx, "rev-parse", "--verify", "@{upstream}")
+        if err != nil </span><span class="cov1" title="1">{
+                return nil, nil
         }</span>
+        <span class="cov1" title="1">return []drsdelete.RefUpdate{{
+                OldSHA: upstream,
+                NewSHA: head,
+        }}, nil</span>
+}
 
-        <span class="cov1" title="1">out, err := gitLFSUntrackPatterns(ctx, args, verbose, dryRun)
+func gitOutput(ctx context.Context, args ...string) (string, error) <span class="cov0" title="0">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        out, err := cmd.CombinedOutput()
         if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-
-        <span class="cov1" title="1">if out != "" </span><span class="cov1" title="1">{
-                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+                return "", fmt.Errorf("git %s: %s", strings.Join(args, " "), strings.TrimSpace(string(out)))
         }</span>
-        <span class="cov1" title="1">return nil</span>
+        <span class="cov0" title="0">return strings.TrimSpace(string(out)), nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file28" style="display: none">package version
+		<pre class="file" id="file22" style="display: none">package push
 
 import (
         "fmt"
-        "runtime/debug"
+        "io"
 
-        "github.com/spf13/cobra"
+        "github.com/calypr/git-drs/internal/progressui"
+        "github.com/calypr/git-drs/internal/pushsync"
 )
 
-// Cmd represents the "version" command
-var Cmd = &amp;cobra.Command{
-        Use:   "version",
-        Short: "Get version",
-        Long:  ``,
-        Run: func(cmd *cobra.Command, args []string) <span class="cov4" title="5">{
-                fmt.Println("git-drs", buildVersion())
-        }</span>,
+type uploadFileProgress struct {
+        path      string
+        total     int64
+        current   int64
+        started   bool
+        completed bool
 }
 
-func buildVersion() string <span class="cov5" title="6">{
-        tag := ""
-        commit := ""
-        if info, ok := debug.ReadBuildInfo(); ok </span><span class="cov5" title="6">{
-                if info.Main.Version != "" &amp;&amp; info.Main.Version != "(devel)" </span><span class="cov0" title="0">{
-                        tag = info.Main.Version
-                }</span>
-                <span class="cov5" title="6">for _, setting := range info.Settings </span><span class="cov10" title="42">{
-                        switch setting.Key </span>{
-                        case "vcs.revision":<span class="cov0" title="0">
-                                commit = setting.Value</span>
-                        case "vcs.tag":<span class="cov0" title="0">
-                                if tag == "" </span><span class="cov0" title="0">{
-                                        tag = setting.Value
-                                }</span>
-                        }
+type uploadProgressRenderer struct {
+        base      *progressui.Renderer
+        planned   bool
+        plan      pushsync.UploadPlanSummary
+        files     map[string]*uploadFileProgress
+        fileOrder []string
+}
+
+func newUploadProgressRenderer(out io.Writer) *uploadProgressRenderer <span class="cov5" title="4">{
+        return &amp;uploadProgressRenderer{
+                base:  progressui.NewRenderer(out),
+                files: make(map[string]*uploadFileProgress),
+        }
+}</span>
+
+func (r *uploadProgressRenderer) render(force bool) <span class="cov8" title="12">{
+        lines := make([]string, 0, len(r.fileOrder))
+        for idx, oid := range r.fileOrder </span><span class="cov9" title="18">{
+                file := r.files[oid]
+                if file == nil </span><span class="cov0" title="0">{
+                        continue</span>
                 }
+                <span class="cov9" title="18">lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))</span>
         }
+        <span class="cov8" title="12">r.base.Render(force, lines)</span>
+}
 
-        <span class="cov5" title="6">commitShort := commit
-        if len(commitShort) &gt; 7 </span><span class="cov0" title="0">{
-                commitShort = commitShort[:7]
+func (r *uploadProgressRenderer) OnUploadPlan(plan pushsync.UploadPlanSummary) <span class="cov5" title="4">{
+        r.plan = plan
+        r.planned = plan.TotalFiles &gt; 0
+        r.files = make(map[string]*uploadFileProgress, len(plan.Files))
+        r.fileOrder = r.fileOrder[:0]
+        for _, file := range plan.Files </span><span class="cov5" title="5">{
+                r.files[file.OID] = &amp;uploadFileProgress{
+                        path:  file.Path,
+                        total: file.Bytes,
+                }
+                r.fileOrder = append(r.fileOrder, file.OID)
+        }</span>
+        <span class="cov5" title="4">if r.planned </span><span class="cov5" title="4">{
+                r.render(true)
         }</span>
-
-        <span class="cov5" title="6">switch </span>{
-        case tag != "" &amp;&amp; commitShort != "":<span class="cov0" title="0">
-                return fmt.Sprintf("%s-%s", tag, commitShort)</span>
-        case tag != "":<span class="cov0" title="0">
-                return tag</span>
-        case commitShort != "":<span class="cov0" title="0">
-                return fmt.Sprintf("dev-%s", commitShort)</span>
-        default:<span class="cov5" title="6">
-                return "dev-unknown"</span>
-        }
 }
-</pre>
-		
-		<pre class="file" id="file29" style="display: none">package cloud
 
-import (
-        "context"
-        "errors"
-        "fmt"
-        "net/url"
-        "path"
-        "regexp"
-        "strings"
-        "time"
-
-        "github.com/aws/aws-sdk-go-v2/aws"
-        awsconfig "github.com/aws/aws-sdk-go-v2/config"
-        "github.com/aws/aws-sdk-go-v2/credentials"
-        "github.com/aws/aws-sdk-go-v2/service/s3"
-        "gocloud.dev/blob"
-        _ "gocloud.dev/blob/azureblob"
-        _ "gocloud.dev/blob/gcsblob"
-        "gocloud.dev/blob/s3blob"
-)
-
-// ObjectParameters contains provider-agnostic object lookup settings for
-// go-cloud metadata inspection.
-type ObjectParameters struct {
-        ObjectURL       string
-        S3Region        string
-        S3Endpoint      string
-        S3AccessKey     string
-        S3SecretKey     string
-        SHA256          string // optional expected hex (64 chars). Can be "sha256:&lt;hex&gt;" or "&lt;hex&gt;"
-        DestinationPath string // optional override URL path (worktree filename)
-}
-
-// ObjectInfo is the resolved object metadata returned by inspection.
-type ObjectInfo struct {
-
-        // Object identity
-        Bucket string
-        Key    string
-        Path   string // basename of Key (filename), or override from input
-
-        // HEAD-derived info
-        SizeBytes   int64
-        MetaSHA256  string // from user-defined object metadata (if present)
-        ETag        string
-        LastModTime time.Time
-}
-
-type objectLocation struct {
-        bucketURL string
-        bucket    string
-        key       string
-        path      string
-}
-
-var (
-        virtualHostedS3RE  = regexp.MustCompile(`^(.+?)\.s3(?:[.-]|$)`)
-        virtualHostedGCSRE = regexp.MustCompile(`^(.+?)\.storage\.googleapis\.com$`)
-        azureBlobHostRE    = regexp.MustCompile(`^([^.]+)\.blob\.core\.windows\.net$`)
-)
-
-// InspectObjectForLFS inspects object metadata for add-url and supports
-// multiple cloud URL styles (s3, gs, azblob).
-func InspectObjectForLFS(ctx context.Context, in ObjectParameters) (*ObjectInfo, error) <span class="cov0" title="0">{
-        if strings.TrimSpace(in.ObjectURL) == "" </span><span class="cov0" title="0">{
-                return nil, errors.New("ObjectURL is required")
+func (r *uploadProgressRenderer) OnUploadProgress(ev pushsync.UploadProgressEvent) <span class="cov7" title="8">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
-
-        <span class="cov0" title="0">loc, err := parseObjectLocation(in.ObjectURL, in.DestinationPath, in)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov7" title="8">file, ok := r.files[ev.OID]
+        if !ok </span><span class="cov0" title="0">{
+                return
         }</span>
-
-        <span class="cov0" title="0">cloudBucket, err := openBucketForLocation(ctx, loc, in)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("failed to open bucket via go-cloud string %s: %w", loc.bucketURL, err)
+        <span class="cov7" title="8">if ev.Path != "" </span><span class="cov7" title="8">{
+                file.path = ev.Path
         }</span>
-        <span class="cov0" title="0">defer cloudBucket.Close()
-
-        attrs, err := cloudBucket.Attributes(ctx, loc.key)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("blob attributes failed (bucket=%q key=%q): %w", loc.bucketURL, loc.key, err)
+        <span class="cov7" title="8">if ev.TotalBytes &gt; 0 </span><span class="cov7" title="8">{
+                file.total = ev.TotalBytes
         }</span>
-
-        <span class="cov0" title="0">metaSHA := extractSHA256FromMetadata(attrs.Metadata)
-        expected := normalizeSHA256(in.SHA256)
-        if expected != "" &amp;&amp; metaSHA != "" &amp;&amp; !strings.EqualFold(expected, metaSHA) </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("sha256 mismatch: expected=%s head.meta=%s", expected, metaSHA)
+        <span class="cov7" title="8">if ev.BytesSoFar &gt; file.current </span><span class="cov6" title="6">{
+                file.current = ev.BytesSoFar
         }</span>
-
-        <span class="cov0" title="0">var lm time.Time
-        if !attrs.ModTime.IsZero() </span><span class="cov0" title="0">{
-                lm = attrs.ModTime
+        <span class="cov7" title="8">if ev.Phase == pushsync.UploadProgressUploading </span><span class="cov5" title="5">{
+                file.started = true
         }</span>
-
-        <span class="cov0" title="0">etag := strings.TrimSpace(attrs.ETag)
-        etag = strings.Trim(etag, `"`)
-
-        out := &amp;ObjectInfo{
-                Bucket:      loc.bucket,
-                Key:         loc.key,
-                Path:        loc.path,
-                SizeBytes:   attrs.Size,
-                MetaSHA256:  metaSHA,
-                ETag:        etag,
-                LastModTime: lm,
+        <span class="cov7" title="8">if ev.Phase == pushsync.UploadProgressCompleted &amp;&amp; !file.completed </span><span class="cov4" title="3">{
+                file.started = true
+                file.completed = true
+                if file.total &gt; 0 </span><span class="cov4" title="3">{
+                        file.current = file.total
+                }</span>
         }
-        return out, nil</span>
+        <span class="cov7" title="8">r.render(false)</span>
 }
 
-func openBucketForLocation(ctx context.Context, loc *objectLocation, in ObjectParameters) (*blob.Bucket, error) <span class="cov0" title="0">{
-        if !strings.HasPrefix(loc.bucketURL, "s3://") </span><span class="cov0" title="0">{
-                return blob.OpenBucket(ctx, loc.bucketURL)
-        }</span>
-
-        <span class="cov0" title="0">u, err := url.Parse(loc.bucketURL)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("parse s3 bucket URL %q: %w", loc.bucketURL, err)
-        }</span>
-        <span class="cov0" title="0">bucket := strings.TrimSpace(u.Host)
-        if bucket == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("missing bucket in s3 URL %q", loc.bucketURL)
+func (r *uploadProgressRenderer) Finish() <span class="cov3" title="2">{
+        if !r.planned </span><span class="cov0" title="0">{
+                return
         }</span>
+        <span class="cov3" title="2">lines := make([]string, 0, len(r.fileOrder))
+        for idx, oid := range r.fileOrder </span><span class="cov4" title="3">{
+                file := r.files[oid]
+                if file == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="3">lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))</span>
+        }
+        <span class="cov3" title="2">r.base.Finish(lines)
+        r.planned = false</span>
+}
 
-        <span class="cov0" title="0">q := u.Query()
-        region := strings.TrimSpace(firstNonEmpty(in.S3Region, q.Get("region")))
-        endpoint := strings.TrimRight(strings.TrimSpace(firstNonEmpty(in.S3Endpoint, q.Get("endpoint"))), "/")
-        accessKey := strings.TrimSpace(in.S3AccessKey)
-        secretKey := strings.TrimSpace(in.S3SecretKey)
+func (r *uploadProgressRenderer) HadUploads() bool <span class="cov4" title="3">{
+        return r != nil &amp;&amp; r.planned
+}</span>
 
-        loadOpts := make([]func(*awsconfig.LoadOptions) error, 0, 2)
-        if region != "" </span><span class="cov0" title="0">{
-                loadOpts = append(loadOpts, awsconfig.WithRegion(region))
+func (r *uploadProgressRenderer) renderLine(idx int, total int, file *uploadFileProgress) string <span class="cov10" title="21">{
+        label := "preparing upload"
+        if file != nil &amp;&amp; file.path != "" </span><span class="cov10" title="21">{
+                label = progressui.TrimLabel(file.path, 48)
         }</span>
-        <span class="cov0" title="0">if accessKey != "" || secretKey != "" </span><span class="cov0" title="0">{
-                if accessKey == "" || secretKey == "" </span><span class="cov0" title="0">{
-                        return nil, errors.New("both S3AccessKey and S3SecretKey are required when either is provided")
-                }</span>
-                <span class="cov0" title="0">loadOpts = append(loadOpts, awsconfig.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(accessKey, secretKey, "")))</span>
+        <span class="cov10" title="21">prefix := ""
+        if file != nil </span><span class="cov10" title="21">{
+                switch </span>{
+                case file.started &amp;&amp; !file.completed:<span class="cov5" title="5">
+                        prefix = r.base.Spinner() + " "</span>
+                }
         }
 
-        <span class="cov0" title="0">awsCfg, err := awsconfig.LoadDefaultConfig(ctx, loadOpts...)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("load aws config: %w", err)
+        <span class="cov10" title="21">current := int64(0)
+        totalBytes := int64(0)
+        completed := false
+        if file != nil </span><span class="cov10" title="21">{
+                current = file.current
+                totalBytes = file.total
+                completed = file.completed
         }</span>
+        <span class="cov10" title="21">displayCurrent := progressui.VisibleProgressBytes(current, totalBytes, completed)
+        bar := progressui.RenderProgressBar(displayCurrent, totalBytes, 24)
+        pct := progressui.RenderPercentCapped(displayCurrent, totalBytes, completed)
+        bytesLabel := progressui.RenderByteProgress(displayCurrent, totalBytes, completed)
 
-        <span class="cov0" title="0">clientOpts := make([]func(*s3.Options), 0, 1)
-        if endpoint != "" </span><span class="cov0" title="0">{
-                clientOpts = append(clientOpts, func(o *s3.Options) </span><span class="cov0" title="0">{
-                        o.UsePathStyle = true
-                        o.BaseEndpoint = aws.String(endpoint)
-                }</span>)
-        }
-        <span class="cov0" title="0">client := s3.NewFromConfig(awsCfg, clientOpts...)
-        return s3blob.OpenBucketV2(ctx, client, bucket, nil)</span>
+        _ = idx
+        _ = total
+        return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)</span>
 }
+</pre>
+		
+		<pre class="file" id="file23" style="display: none">package query
 
-func parseObjectLocation(raw, destinationPath string, cfg ObjectParameters) (*objectLocation, error) <span class="cov8" title="6">{
-        u, err := url.Parse(raw)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+import (
+        "context"
+        "fmt"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        "github.com/calypr/syfon/client/hash"
+        "github.com/spf13/cobra"
+)
+
+var remote string
+var checksum = false
+var pretty = false
+
+func queryByChecksum(ctx context.Context, gc *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
+        hashType := checksumTypeForString(checksum)
+        if hashType != hash.ChecksumTypeSHA256.String() </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("checksum lookup currently only supports sha256 (got %q); non-sha256 support is tracked in syfon DRSService.GetObjectsByChecksum", hashType)
         }</span>
+        <span class="cov0" title="0">return drsremote.ObjectsByHashForScope(ctx, gc, checksum)</span>
+}
 
-        <span class="cov8" title="6">withPath := func(bucketURL, bucket, key string) (*objectLocation, error) </span><span class="cov8" title="6">{
-                worktreeName := strings.TrimSpace(destinationPath)
-                if worktreeName == "" </span><span class="cov8" title="6">{
-                        worktreeName = path.Base(key)
-                        if worktreeName == "." || worktreeName == "/" || worktreeName == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("could not derive worktree name from key %q", key)
-                        }</span>
-                } else<span class="cov0" title="0"> if worktreeName == "." || worktreeName == "/" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("invalid worktree name override %q", worktreeName)
-                }</span>
-                <span class="cov8" title="6">return &amp;objectLocation{
-                        bucketURL: bucketURL,
-                        bucket:    bucket,
-                        key:       key,
-                        path:      worktreeName,
-                }, nil</span>
+func checksumTypeForString(sum string) string <span class="cov10" title="5">{
+        switch len(strings.TrimSpace(sum)) </span>{
+        case 32:<span class="cov1" title="1">
+                return "md5"</span>
+        case 40:<span class="cov1" title="1">
+                return "sha1"</span>
+        case 64:<span class="cov1" title="1">
+                return "sha256"</span>
+        case 128:<span class="cov1" title="1">
+                return "sha512"</span>
+        default:<span class="cov1" title="1">
+                return string(hash.NormalizeChecksumType(sum))</span>
         }
+}
 
-        <span class="cov8" title="6">switch u.Scheme </span>{
-        case "s3", "gs", "azblob":<span class="cov5" title="3">
-                bucket := u.Host
-                key := strings.TrimPrefix(u.Path, "/")
-                if bucket == "" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("no bucket/container in URL: %s", raw)
-                }</span>
-                <span class="cov5" title="3">if key == "" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("no object key/path in URL: %s", raw)
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "query &lt;drs_id&gt;",
+        Short: "Query DRS server by DRS ID",
+        Long:  "Query DRS server by DRS ID",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) != 1 </span><span class="cov0" title="0">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: requires exactly 1 argument (DRS ID), received %d\n\nUsage: %s\n\nSee 'git drs query --help' for more details", len(args), cmd.UseLine())
                 }</span>
-                <span class="cov5" title="3">return withPath(normalizeCloudBucketURL(u, cfg), bucket, key)</span>
-        case "http", "https":<span class="cov5" title="3">
-                host := u.Hostname()
-                key := strings.TrimPrefix(u.Path, "/")
-                if key == "" </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("no object path in URL: %s", raw)
+                <span class="cov0" title="0">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                logger := drslog.GetLogger()
+
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
 
-                <span class="cov5" title="3">if m := virtualHostedS3RE.FindStringSubmatch(host); m != nil </span><span class="cov1" title="1">{
-                        bucket := m[1]
-                        return withPath(fmt.Sprintf("s3://%s", bucket), bucket, key)
+                <span class="cov0" title="0">remoteName, err := cfg.GetRemoteOrDefault(remote)
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Error(fmt.Sprintf("Error getting remote: %v", err))
+                        return err
                 }</span>
 
-                <span class="cov4" title="2">if m := virtualHostedGCSRE.FindStringSubmatch(host); m != nil </span><span class="cov0" title="0">{
-                        bucket := m[1]
-                        return withPath(fmt.Sprintf("gs://%s", bucket), bucket, key)
+                <span class="cov0" title="0">gc, err := cfg.GetRemoteClient(remoteName, logger)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
 
-                <span class="cov4" title="2">if host == "storage.googleapis.com" </span><span class="cov0" title="0">{
-                        parts := strings.SplitN(key, "/", 2)
-                        if len(parts) &lt; 2 || parts[0] == "" || parts[1] == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("invalid GCS path-style URL: %s", raw)
+                <span class="cov0" title="0">if checksum </span><span class="cov0" title="0">{
+                        objs, err := queryByChecksum(context.Background(), gc, args[0])
+                        if err != nil </span><span class="cov0" title="0">{
+                                return err
                         }</span>
-                        <span class="cov0" title="0">bucket := parts[0]
-                        return withPath(fmt.Sprintf("gs://%s", bucket), bucket, parts[1])</span>
+                        <span class="cov0" title="0">for _, drsObj := range objs </span><span class="cov0" title="0">{
+                                if err := common.PrintDRSObject(drsObj, pretty); err != nil </span><span class="cov0" title="0">{
+                                        return err
+                                }</span>
+                        }
+                        <span class="cov0" title="0">return nil</span>
                 }
 
-                <span class="cov4" title="2">if m := azureBlobHostRE.FindStringSubmatch(host); m != nil </span><span class="cov1" title="1">{
-                        account := m[1]
-                        parts := strings.SplitN(key, "/", 2)
-                        if len(parts) &lt; 2 || parts[0] == "" || parts[1] == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("invalid Azure blob URL: %s", raw)
-                        }</span>
-                        <span class="cov1" title="1">container := parts[0]
-                        blobPath := parts[1]
-                        bucketURL := fmt.Sprintf("azblob://%s?account_name=%s", container, account)
-                        return withPath(bucketURL, container, blobPath)</span>
-                }
+                <span class="cov0" title="0">obj, err := gc.Client.DRS().GetObject(context.Background(), args[0])
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov0" title="0">return common.PrintDRSObject(obj, pretty)</span>
+        },
+}
 
-                // Legacy S3 path-style compatibility for endpoints like s3.example.org.
-                <span class="cov1" title="1">if strings.Contains(host, "s3") </span><span class="cov1" title="1">{
-                        parts := strings.SplitN(key, "/", 2)
-                        if len(parts) &lt; 2 || parts[0] == "" || parts[1] == "" </span><span class="cov0" title="0">{
-                                return nil, fmt.Errorf("invalid S3 path-style URL: %s", raw)
-                        }</span>
-                        <span class="cov1" title="1">bucket := parts[0]
-                        endpointHint := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
-                        return withPath(buildS3BucketURL(bucket, cfg, endpointHint), bucket, parts[1])</span>
-                }
+func init() <span class="cov1" title="1">{
+        Cmd.Flags().StringVarP(&amp;remote, "remote", "r", "", "target remote DRS server (default: default_remote)")
+        Cmd.Flags().BoolVarP(&amp;checksum, "checksum", "c", checksum, "Find by checksum")
+        Cmd.Flags().BoolVarP(&amp;pretty, "pretty", "p", pretty, "Print indented JSON")
+}</span>
+</pre>
+		
+		<pre class="file" id="file24" style="display: none">package add
 
-                <span class="cov0" title="0">return nil, fmt.Errorf("unsupported http(s) cloud URL: %s", raw)</span>
-        default:<span class="cov0" title="0">
-                return nil, fmt.Errorf("unsupported scheme: %s", u.Scheme)</span>
-        }
-}
+import (
+        "context"
+        "encoding/json"
+        "fmt"
+        "log/slog"
+        "net/http"
+        "strings"
 
-func buildS3BucketURL(bucket string, cfg ObjectParameters, endpointHint string) string <span class="cov5" title="3">{
-        u := url.URL{
-                Scheme: "s3",
-                Host:   bucket,
-        }
-        q := url.Values{}
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/cmd/initialize"
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+        conf "github.com/calypr/syfon/client/config"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/spf13/cobra"
+)
 
-        region := strings.TrimSpace(cfg.S3Region)
-        if region != "" </span><span class="cov1" title="1">{
-                q.Set("region", region)
-        }</span>
+var Gen3Cmd = &amp;cobra.Command{
+        Use: "gen3 [remote-name] &lt;organization/project&gt;",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                if len(args) &lt; 1 || len(args) &gt; 2 </span><span class="cov0" title="0">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: expected [remote-name] &lt;organization/project&gt;, received %d arguments\n\nUsage: %s\n\nSee 'git drs remote add gen3 --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                logg := drslog.GetLogger()
 
-        <span class="cov5" title="3">endpoint := strings.TrimRight(firstNonEmpty(endpointHint, cfg.S3Endpoint), "/")
-        if endpoint != "" </span><span class="cov4" title="2">{
-                q.Set("endpoint", endpoint)
-        }</span>
+                remoteName := config.ORIGIN
+                scopeArg := ""
+                if len(args) == 1 </span><span class="cov0" title="0">{
+                        scopeArg = args[0]
+                }</span> else<span class="cov0" title="0"> {
+                        remoteName = args[0]
+                        scopeArg = args[1]
+                }</span>
 
-        <span class="cov5" title="3">if len(q) &gt; 0 </span><span class="cov4" title="2">{
-                u.RawQuery = q.Encode()
-        }</span>
-        <span class="cov5" title="3">return u.String()</span>
+                <span class="cov0" title="0">err := gen3Init(remoteName, credFile, fenceToken, scopeArg, logg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error configuring gen3 server: %v", err)
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        },
 }
 
-func normalizeCloudBucketURL(u *url.URL, cfg ObjectParameters) string <span class="cov5" title="3">{
-        bucketURL := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
-        if u.Scheme == "s3" </span><span class="cov4" title="2">{
-                bucketURL = buildS3BucketURL(u.Host, cfg, "")
+func gen3Init(remoteName, credFile, fenceToken, scopeArg string, logg *slog.Logger) error <span class="cov0" title="0">{
+        if remoteName == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
         }</span>
-        <span class="cov5" title="3">if u.RawQuery == "" </span><span class="cov5" title="3">{
-                return bucketURL
+        <span class="cov0" title="0">if err := initialize.EnsureInitialized(logg); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to initialize repository: %w", err)
         }</span>
-
-        <span class="cov0" title="0">parsed, err := url.Parse(bucketURL)
+        <span class="cov0" title="0">organization, project, err := parseScopeArg(scopeArg)
         if err != nil </span><span class="cov0" title="0">{
-                return bucketURL
+                return err
         }</span>
-        <span class="cov0" title="0">q := parsed.Query()
-        for k, vs := range u.Query() </span><span class="cov0" title="0">{
-                q.Del(k)
-                for _, v := range vs </span><span class="cov0" title="0">{
-                        q.Add(k, v)
-                }</span>
-        }
-        <span class="cov0" title="0">parsed.RawQuery = q.Encode()
-        return parsed.String()</span>
-}
 
-func firstNonEmpty(values ...string) string <span class="cov5" title="3">{
-        for _, v := range values </span><span class="cov7" title="5">{
-                v = strings.TrimSpace(v)
-                if v != "" </span><span class="cov4" title="2">{
-                        return v
+        <span class="cov0" title="0">var accessToken, apiKey, keyID, apiEndpoint string
+        configure := conf.NewConfigure(logg)
+        switch </span>{
+        case fenceToken != "":<span class="cov0" title="0">
+                accessToken = fenceToken
+                var err error
+                apiEndpoint, err = common.ParseAPIEndpointFromToken(accessToken)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to parse API endpoint from provided access token: %w", err)
                 }</span>
-        }
-        <span class="cov1" title="1">return ""</span>
-}
 
-//
-// --- SHA256 metadata extraction ---
-//
+        case credFile != "":<span class="cov0" title="0">
+                cred, err := configure.Import(credFile, "")
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to read credentials file %s: %w", credFile, err)
+                }</span>
+                <span class="cov0" title="0">accessToken = cred.AccessToken
+                apiKey = cred.APIKey
+                keyID = cred.KeyID
 
-var sha256HexRe = regexp.MustCompile(`(?i)^[0-9a-f]{64}$`)
+                apiEndpoint, err = common.ParseAPIEndpointFromToken(cred.APIKey)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to parse API endpoint from API key in credentials file: %w", err)
+                }</span>
 
-func normalizeSHA256(s string) string <span class="cov8" title="6">{
-        s = strings.TrimSpace(s)
-        s = strings.TrimPrefix(strings.ToLower(s), "sha256:")
-        s = strings.TrimSpace(s)
-        if s == "" </span><span class="cov0" title="0">{
-                return ""
-        }</span>
-        <span class="cov8" title="6">if !sha256HexRe.MatchString(s) </span><span class="cov1" title="1">{
-                // If caller provided something malformed, treat as empty.
-                // Change this to a hard error if you prefer.
-                return ""
-        }</span>
-        <span class="cov7" title="5">return strings.ToLower(s)</span>
-}
+        default:<span class="cov0" title="0">
+                existing, err := configure.Load(remoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to load %s config: %w", remoteName, err)
+                }</span> else<span class="cov0" title="0"> {
+                        accessToken = existing.AccessToken
+                        apiKey = existing.APIKey
+                        keyID = existing.KeyID
+                        apiEndpoint = existing.APIEndpoint
+                }</span>
+        }
 
-func extractSHA256FromMetadata(md map[string]string) string <span class="cov5" title="3">{
-        if md == nil </span><span class="cov0" title="0">{
-                return ""
+        <span class="cov0" title="0">if apiEndpoint == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("could not determine Gen3 API endpoint")
         }</span>
 
-        // AWS SDK v2 exposes user-defined metadata WITHOUT the "x-amz-meta-" prefix,
-        // and normalizes keys to lower-case.
-        <span class="cov5" title="3">candidates := []string{
-                "sha256",
-                "checksum-sha256",
-                "content-sha256",
-                "oid-sha256",
-                "git-lfs-sha256",
+        <span class="cov0" title="0">cred := &amp;conf.Credential{
+                Profile:            remoteName,
+                APIEndpoint:        apiEndpoint,
+                APIKey:             apiKey,
+                KeyID:              keyID,
+                AccessToken:        accessToken, // may be stale
+                UseShepherd:        "false",
+                MinShepherdVersion: "",
         }
 
-        for _, k := range candidates </span><span class="cov10" title="8">{
-                if v, ok := md[k]; ok </span><span class="cov4" title="2">{
-                        n := normalizeSHA256(v)
-                        if n != "" </span><span class="cov4" title="2">{
-                                return n
-                        }</span>
-                }
-        }
+        if err := credentials.EnsureValidCredential(context.Background(), cred, logg); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to verify/refresh Gen3 credential: %w", config.WrapCredentialValidationError(remoteName, err))
+        }</span>
 
-        // Sometimes people stash "sha256:&lt;hex&gt;"
-        <span class="cov1" title="1">for _, v := range md </span><span class="cov1" title="1">{
-                if n := normalizeSHA256(v); n != "" </span><span class="cov1" title="1">{
-                        return n
+        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+        if err != nil </span><span class="cov0" title="0">{
+                scope, err = resolveBucketScopeFromServer(context.Background(), apiEndpoint, strings.TrimSpace(cred.AccessToken), organization, project)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
                 }</span>
         }
+        <span class="cov0" title="0">resolvedBucket := strings.TrimSpace(scope.Bucket)
+        resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+        if resolvedBucket == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
+        }</span>
 
-        <span class="cov0" title="0">return ""</span>
-}
-</pre>
-		
-		<pre class="file" id="file30" style="display: none">package common
-
-import (
-        "crypto/sha256"
-        "encoding/hex"
-        "fmt"
-        "io"
-        "net/url"
-        "os"
-        "strings"
-
-        "github.com/bytedance/sonic"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-)
-
-// AddUnique appends items from 'toAdd' to 'existing' only if they're not already present.
-// Returns the updated slice with unique items.
-func AddUnique[T comparable](existing []T, toAdd []T) []T <span class="cov1" title="1">{
-        // seen map uses struct{} as the value for memory efficiency
-        seen := make(map[T]struct{}, len(existing))
+        <span class="cov0" title="0">remoteGen3 := config.RemoteSelect{
+                Gen3: &amp;config.Gen3Remote{
+                        Endpoint:      apiEndpoint,
+                        ProjectID:     project,
+                        Organization:  organization,
+                        Bucket:        resolvedBucket,
+                        StoragePrefix: resolvedStoragePrefix,
+                },
+        }
 
-        // Populate the set with existing items
-        for _, item := range existing </span><span class="cov4" title="2">{
-                seen[item] = struct{}{}
+        remote := config.Remote(remoteName)
+        if _, err := config.UpdateRemote(remote, remoteGen3); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to update remote config: %w", err)
         }</span>
+        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Remote added/updated: %s → %s (project: %s, bucket: %s, storage_prefix: %s)", remoteName, apiEndpoint, project, resolvedBucket, resolvedStoragePrefix))
 
-        <span class="cov1" title="1">for _, item := range toAdd </span><span class="cov4" title="2">{
-                // check if item not yet in the set
-                if _, found := seen[item]; !found </span><span class="cov1" title="1">{
-                        existing = append(existing, item)
-                        // Add the new unique item to the set
-                        seen[item] = struct{}{}
+        if err := configure.Save(cred); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to configure/update Gen3 profile: %w", err)
+        }</span>
+        // Configure stock git credential plumbing for lfs + persist the refreshed token locally.
+        <span class="cov0" title="0">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to configure git credential helper: %w", err)
+        }</span>
+        <span class="cov0" title="0">if err := gitrepo.SetRemoteLFSURL(remoteName, apiEndpoint); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to set lfs url for remote %s: %w", remoteName, err)
+        }</span>
+        <span class="cov0" title="0">if strings.TrimSpace(cred.AccessToken) != "" </span><span class="cov0" title="0">{
+                if err := gitrepo.SetRemoteToken(remoteName, strings.TrimSpace(cred.AccessToken)); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to persist repo token for remote %s: %w", remoteName, err)
                 }</span>
         }
-        <span class="cov1" title="1">return existing</span>
+
+        <span class="cov0" title="0">logg.Debug(fmt.Sprintf("Gen3 profile '%s' configured and token refreshed successfully", remoteName))
+        return nil</span>
 }
 
-// ProjectToResource converts a project ID and optional organization to a GA4GH resource path.
-// Kept for internal use only; the DRS wire format now uses AuthzMapFromOrgProject.
-func ProjectToResource(org, project string) (string, error) <span class="cov0" title="0">{
-        if org != "" </span><span class="cov0" title="0">{
-                return "/programs/" + org + "/projects/" + project, nil
+func parseScopeArg(raw string) (string, string, error) <span class="cov9" title="6">{
+        raw = strings.TrimSpace(raw)
+        if raw == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("organization/project scope is required")
         }</span>
-        <span class="cov0" title="0">if project == "" </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("project ID is empty")
+
+        <span class="cov9" title="6">parts := strings.Split(raw, "/")
+        if len(parts) != 2 </span><span class="cov4" title="2">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
         }</span>
-        <span class="cov0" title="0">if !strings.Contains(project, "-") </span><span class="cov0" title="0">{
-                return "/programs/default/projects/" + project, nil
+        <span class="cov7" title="4">organization := strings.TrimSpace(parts[0])
+        project := strings.TrimSpace(parts[1])
+        if organization == "" || project == "" </span><span class="cov4" title="2">{
+                return "", "", fmt.Errorf("invalid scope %q: expected organization/project", raw)
         }</span>
-        <span class="cov0" title="0">projectIDParts := strings.SplitN(project, "-", 2)
-        return "/programs/" + projectIDParts[0] + "/projects/" + projectIDParts[1], nil</span>
+        <span class="cov4" title="2">return organization, project, nil</span>
 }
 
-// ParseOrgProject resolves the effective org and project from the conventional
-// arguments. When org is provided it is used directly. When org is empty the
-// project string is split on the first "-" to derive org and project (the same
-// convention that ProjectToResource applies).
-func ParseOrgProject(org, project string) (string, string) <span class="cov7" title="3">{
-        if org != "" </span><span class="cov1" title="1">{
-                return org, project
+func resolveBucketScopeFromServer(ctx context.Context, endpoint, token, organization, project string) (gitrepo.ResolvedBucketScope, error) <span class="cov6" title="3">{
+        if strings.TrimSpace(endpoint) == "" </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
         }</span>
-        <span class="cov4" title="2">if project == "" </span><span class="cov0" title="0">{
-                return "", ""
+        <span class="cov6" title="3">if strings.TrimSpace(token) == "" </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing access token for server bucket lookup")
         }</span>
-        <span class="cov4" title="2">if !strings.Contains(project, "-") </span><span class="cov1" title="1">{
-                return "default", project
+
+        <span class="cov6" title="3">req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
         }</span>
-        <span class="cov1" title="1">parts := strings.SplitN(project, "-", 2)
-        return parts[0], parts[1]</span>
-}
+        <span class="cov6" title="3">req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(token))
 
-// AuthzMapFromOrgProject builds the wire-format authorizations map from an
-// org and project. An empty project means org-wide access.
-func AuthzMapFromOrgProject(org, project string) map[string][]string <span class="cov10" title="5">{
-        org = strings.TrimSpace(org)
-        if org == "" </span><span class="cov1" title="1">{
-                return nil
+        resp, err := http.DefaultClient.Do(req)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
         }</span>
-        <span class="cov8" title="4">project = strings.TrimSpace(project)
-        if project == "" </span><span class="cov1" title="1">{
-                return map[string][]string{org: {}}
+        <span class="cov6" title="3">defer resp.Body.Close()
+        if resp.StatusCode != http.StatusOK </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
         }</span>
-        <span class="cov7" title="3">return map[string][]string{org: {project}}</span>
-}
 
-// AuthzMatchesScope reports whether the authz map grants access for the given
-// org and project. An empty project list in the map means org-wide access.
-func AuthzMatchesScope(authzMap map[string][]string, org, project string) bool <span class="cov8" title="4">{
-        if len(authzMap) == 0 || org == "" </span><span class="cov1" title="1">{
-                return false
+        <span class="cov6" title="3">var payload bucketapi.BucketsResponse
+        if err := json.NewDecoder(resp.Body).Decode(&amp;payload); err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
         }</span>
-        <span class="cov7" title="3">projects, ok := authzMap[org]
-        if !ok </span><span class="cov0" title="0">{
-                return false
+
+        <span class="cov6" title="3">projectResource, err := syfoncommon.ResourcePath(organization, project)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
         }</span>
-        <span class="cov7" title="3">if len(projects) == 0 </span><span class="cov1" title="1">{
-                return true // org-wide
+        <span class="cov6" title="3">orgResource, err := syfoncommon.ResourcePath(organization, "")
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
         }</span>
-        <span class="cov4" title="2">for _, p := range projects </span><span class="cov7" title="3">{
-                if p == project </span><span class="cov1" title="1">{
-                        return true
-                }</span>
-        }
-        <span class="cov1" title="1">return false</span>
-}
 
-// CalculateFileSHA256 returns the lowercase hex SHA256 checksum for a file.
-func CalculateFileSHA256(path string) (string, error) <span class="cov4" title="2">{
-        f, err := os.Open(path)
-        if err != nil </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("open file %s: %w", path, err)
+        <span class="cov6" title="3">if bucket, ok := findBucketByResource(payload, projectResource); ok </span><span class="cov1" title="1">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
-        <span class="cov1" title="1">defer f.Close()
-
-        h := sha256.New()
-        if _, err := io.Copy(h, f); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("hash file %s: %w", path, err)
+        <span class="cov4" title="2">if bucket, ok := findBucketByResource(payload, orgResource); ok </span><span class="cov1" title="1">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
 
-        <span class="cov1" title="1">return hex.EncodeToString(h.Sum(nil)), nil</span>
+        <span class="cov1" title="1">return gitrepo.ResolvedBucketScope{}, fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)</span>
 }
 
-func NormalizeChecksum(raw string) string <span class="cov4" title="2">{
-        raw = strings.TrimSpace(raw)
-        raw = strings.TrimPrefix(raw, "sha256:")
-        return strings.TrimSpace(raw)
-}</span>
+func findBucketByResource(payload bucketapi.BucketsResponse, resource string) (string, bool) <span class="cov10" title="7">{
+        resource = syfoncommon.NormalizeAccessResource(resource)
+        if resource == "" </span><span class="cov0" title="0">{
+                return "", false
+        }</span>
+        <span class="cov10" title="7">var match string
+        for bucket, meta := range payload.S3BUCKETS </span><span class="cov10" title="7">{
+                if meta.Programs == nil </span><span class="cov4" title="2">{
+                        continue</span>
+                }
+                <span class="cov8" title="5">for _, candidate := range *meta.Programs </span><span class="cov8" title="5">{
+                        if syfoncommon.NormalizeAccessResource(candidate) != resource </span><span class="cov1" title="1">{
+                                continue</span>
+                        }
+                        <span class="cov7" title="4">if match != "" &amp;&amp; match != bucket </span><span class="cov0" title="0">{
+                                return "", false
+                        }</span>
+                        <span class="cov7" title="4">match = bucket
+                        break</span>
+                }
+        }
+        <span class="cov10" title="7">if match == "" </span><span class="cov6" title="3">{
+                return "", false
+        }</span>
+        <span class="cov7" title="4">return match, true</span>
+}
+</pre>
+		
+		<pre class="file" id="file25" style="display: none">package add
 
-func NormalizeOid(raw string) string <span class="cov0" title="0">{
-        return NormalizeChecksum(raw)
-}</span>
+import "github.com/spf13/cobra"
 
-func StoragePrefix(org, project string) string <span class="cov0" title="0">{
-        _ = org
-        _ = project
-        return ""
-}</span>
+var (
+        credFile      string
+        fenceToken    string
+        localPassword string
+        localUsername string
+)
 
-type ObjectBuilder struct {
-        Bucket        string
-        Project       string
-        Organization  string
-        StoragePrefix string
-        Provider      string
-        AccessScheme  string
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "add",
+        Short: "add server access for git-drs",
 }
 
-func NewObjectBuilder(bucket, project string) ObjectBuilder <span class="cov0" title="0">{
-        return ObjectBuilder{Bucket: bucket, Project: project}
-}</span>
+func init() <span class="cov8" title="1">{
+        Gen3Cmd.Flags().StringVar(&amp;credFile, "cred", "", "[gen3] Import a Gen3 credential file into this profile")
+        Gen3Cmd.Flags().StringVar(&amp;fenceToken, "token", "", "[gen3] Use a temporary bearer token issued from fence")
 
-func (b ObjectBuilder) Build(fileName string, checksum string, size int64, drsID string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
-        prefix := strings.Trim(strings.TrimSpace(b.StoragePrefix), "/")
-        return BuildDrsObjWithPrefix(fileName, checksum, size, drsID, b.Bucket, b.Organization, b.Project, prefix)
+        Cmd.AddCommand(Gen3Cmd)
+        LocalCmd.Flags().StringVar(&amp;localUsername, "username", "", "Username for local DRS HTTP basic auth")
+        LocalCmd.Flags().StringVar(&amp;localPassword, "password", "", "Password for local DRS HTTP basic auth")
+        Cmd.AddCommand(LocalCmd)
 }</span>
+</pre>
+		
+		<pre class="file" id="file26" style="display: none">package add
 
-func BuildDrsObjWithPrefix(fileName string, checksum string, size int64, drsID string, bucket string, org string, project string, prefix string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
-        return BuildDrsObjWithOptions(fileName, checksum, size, drsID, ObjectLocationOptions{
-                Bucket:        bucket,
-                Organization:  org,
-                Project:       project,
-                StoragePrefix: prefix,
-        })
-}</span>
+import (
+        "context"
+        "encoding/json"
+        "fmt"
+        "net/http"
+        "strings"
 
-func ConvertToCandidate(obj *drsapi.DrsObject) drsapi.DrsObjectCandidate <span class="cov0" title="0">{
-        if obj == nil </span><span class="cov0" title="0">{
-                return drsapi.DrsObjectCandidate{}
-        }</span>
-        <span class="cov0" title="0">return drsapi.DrsObjectCandidate{
-                AccessMethods: obj.AccessMethods,
-                Aliases:       obj.Aliases,
-                Checksums:     obj.Checksums,
-                Contents:      obj.Contents,
-                Description:   obj.Description,
-                MimeType:      obj.MimeType,
-                Name:          obj.Name,
-                Size:          obj.Size,
-                Version:       obj.Version,
-        }</span>
-}
+        "github.com/calypr/git-drs/cmd/initialize"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        bucketapi "github.com/calypr/syfon/apigen/client/bucketapi"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/spf13/cobra"
+)
 
-type ObjectLocationOptions struct {
-        Bucket        string
-        Organization  string
-        Project       string
-        StoragePrefix string
-        Provider      string
-        AccessScheme  string
-}
+var LocalCmd = &amp;cobra.Command{
+        Use:   "local &lt;remote-name&gt; &lt;url&gt; &lt;organization/project&gt;",
+        Short: "Add a local DRS server",
+        Long:  "Add a local DRS server by specifying its base URL and scope. Optional --username/--password configures basic auth for helper flows.",
+        Args:  cobra.ExactArgs(3),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                remoteName := args[0]
+                url := args[1]
+                scopeArg := args[2]
 
-func BuildDrsObjWithOptions(fileName string, checksum string, size int64, drsID string, opts ObjectLocationOptions) (*drsapi.DrsObject, error) <span class="cov4" title="2">{
-        checksum = NormalizeChecksum(checksum)
-        if checksum == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("checksum is required")
-        }</span>
+                if err := initialize.EnsureInitialized(drslog.GetLogger()); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to initialize repository: %w", err)
+                }</span>
+                <span class="cov1" title="1">if url == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("URL cannot be empty")
+                }</span>
+                <span class="cov1" title="1">organization, project, err := parseScopeArg(scopeArg)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">scope, err := gitrepo.ResolveBucketScope(organization, project, "", "")
+                if err != nil </span><span class="cov1" title="1">{
+                        scope, err = resolveBucketScopeFromLocalServer(context.Background(), url, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword), organization, project)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed resolving bucket mapping for organization=%q project=%q: %w", organization, project, err)
+                        }</span>
+                }
+                <span class="cov1" title="1">resolvedBucket := strings.TrimSpace(scope.Bucket)
+                resolvedStoragePrefix := strings.TrimSpace(scope.Prefix)
+                if resolvedBucket == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("no bucket mapping found for organization=%q project=%q", organization, project)
+                }</span>
 
-        <span class="cov4" title="2">obj := &amp;drsapi.DrsObject{
-                Id:      drsID,
-                SelfUri: "drs://" + drsID,
-                Size:    size,
-                Name:    &amp;fileName,
-                Checksums: []drsapi.Checksum{
-                        {Type: "sha256", Checksum: checksum},
-                },
-        }
+                <span class="cov1" title="1">remoteSelect := config.RemoteSelect{
+                        Local: &amp;config.LocalRemote{
+                                BaseURL:       url,
+                                ProjectID:     project,
+                                Bucket:        resolvedBucket,
+                                Organization:  organization,
+                                StoragePrefix: resolvedStoragePrefix,
+                        },
+                }
 
-        if opts.Bucket == "" </span><span class="cov0" title="0">{
-                return obj, nil
-        }</span>
+                newConfig, err := config.UpdateRemote(config.Remote(remoteName), remoteSelect)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">if err := gitrepo.SetRemoteLFSURL(remoteName, url); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to configure lfs url for remote %q: %w", remoteName, err)
+                }</span>
+                <span class="cov1" title="1">if err := gitrepo.ConfigureCredentialHelperForRepo(); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to configure git credential helper: %w", err)
+                }</span>
+                <span class="cov1" title="1">if strings.TrimSpace(localUsername) != "" || strings.TrimSpace(localPassword) != "" </span><span class="cov0" title="0">{
+                        if strings.TrimSpace(localUsername) == "" || strings.TrimSpace(localPassword) == "" </span><span class="cov0" title="0">{
+                                return fmt.Errorf("both --username and --password are required when configuring local basic auth")
+                        }</span>
+                        <span class="cov0" title="0">if err := gitrepo.SetRemoteBasicAuth(remoteName, strings.TrimSpace(localUsername), strings.TrimSpace(localPassword)); err != nil </span><span class="cov0" title="0">{
+                                return fmt.Errorf("failed to configure local basic auth for remote %q: %w", remoteName, err)
+                        }</span>
+                }
 
-        <span class="cov4" title="2">prefix := strings.Trim(strings.TrimSpace(opts.StoragePrefix), "/")
+                <span class="cov1" title="1">fmt.Printf("Added remote '%s'. Config: %v\n", remoteName, newConfig.GetRemote(config.Remote(remoteName)))
+                return nil</span>
+        },
+}
 
-        accessURL, methodType, err := BuildAccessURL(opts.Bucket, prefix, checksum, opts.Provider, opts.AccessScheme)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+func resolveBucketScopeFromLocalServer(ctx context.Context, endpoint, username, password, organization, project string) (gitrepo.ResolvedBucketScope, error) <span class="cov10" title="2">{
+        if strings.TrimSpace(endpoint) == "" </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("missing API endpoint for server bucket lookup")
         }</span>
 
-        <span class="cov4" title="2">am := drsapi.AccessMethod{
-                Type: drsapi.AccessMethodType(methodType),
-                AccessUrl: &amp;struct {
-                        Headers *[]string `json:"headers,omitempty"`
-                        Url     string    `json:"url"`
-                }{Url: accessURL},
-        }
-        if authzMap := AuthzMapFromOrgProject(opts.Organization, opts.Project); authzMap != nil </span><span class="cov4" title="2">{
-                am.Authorizations = &amp;authzMap
+        <span class="cov10" title="2">req, err := http.NewRequestWithContext(ctx, http.MethodGet, strings.TrimRight(endpoint, "/")+"/data/buckets", nil)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("build bucket list request: %w", err)
+        }</span>
+        <span class="cov10" title="2">if username != "" || password != "" </span><span class="cov1" title="1">{
+                req.SetBasicAuth(username, password)
         }</span>
-        <span class="cov4" title="2">ams := []drsapi.AccessMethod{am}
-        obj.AccessMethods = &amp;ams
-        return obj, nil</span>
-}
 
-func BuildAccessURL(bucket string, prefix string, key string, provider string, accessScheme string) (string, string, error) <span class="cov4" title="2">{
-        bucket = strings.TrimSpace(bucket)
-        key = strings.Trim(strings.TrimSpace(key), "/")
-        if bucket == "" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("bucket is required")
+        <span class="cov10" title="2">resp, err := http.DefaultClient.Do(req)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("request bucket list: %w", err)
         }</span>
-        <span class="cov4" title="2">if key == "" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("key is required")
+        <span class="cov10" title="2">defer resp.Body.Close()
+        if resp.StatusCode != http.StatusOK </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("bucket list failed with status %d", resp.StatusCode)
         }</span>
 
-        <span class="cov4" title="2">scheme := strings.TrimSuffix(strings.ToLower(strings.TrimSpace(accessScheme)), "://")
-        if scheme == "" </span><span class="cov4" title="2">{
-                scheme = schemeFromProvider(provider)
+        <span class="cov10" title="2">var payload bucketapi.BucketsResponse
+        if err := json.NewDecoder(resp.Body).Decode(&amp;payload); err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, fmt.Errorf("decode bucket list response: %w", err)
         }</span>
 
-        <span class="cov4" title="2">if u, err := url.Parse(bucket); err == nil &amp;&amp; u.Scheme != "" </span><span class="cov0" title="0">{
-                scheme = strings.ToLower(u.Scheme)
-                bucket = u.Host
-                basePath := strings.Trim(u.Path, "/")
-                if basePath != "" </span><span class="cov0" title="0">{
-                        if prefix == "" </span><span class="cov0" title="0">{
-                                prefix = basePath
-                        }</span> else<span class="cov0" title="0"> {
-                                prefix = strings.Trim(basePath+"/"+strings.Trim(prefix, "/"), "/")
-                        }</span>
-                }
-        }
+        <span class="cov10" title="2">projectResource, err := syfoncommon.ResourcePath(organization, project)
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
+        }</span>
+        <span class="cov10" title="2">orgResource, err := syfoncommon.ResourcePath(organization, "")
+        if err != nil </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{}, err
+        }</span>
 
-        <span class="cov4" title="2">if scheme == "" </span><span class="cov0" title="0">{
-                scheme = "s3"
+        <span class="cov10" title="2">if bucket, ok := findBucketByResource(payload, projectResource); ok </span><span class="cov10" title="2">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
-        <span class="cov4" title="2">methodType := accessMethodTypeForScheme(scheme)
-        path := key
-        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
-        if prefix != "" </span><span class="cov1" title="1">{
-                path = prefix + "/" + key
+        <span class="cov0" title="0">if bucket, ok := findBucketByResource(payload, orgResource); ok </span><span class="cov0" title="0">{
+                return gitrepo.ResolvedBucketScope{Bucket: bucket}, nil
         }</span>
-        <span class="cov4" title="2">return fmt.Sprintf("%s://%s/%s", scheme, bucket, path), methodType, nil</span>
+
+        <span class="cov0" title="0">return gitrepo.ResolvedBucketScope{}, fmt.Errorf("no visible server bucket matched organization=%q project=%q", organization, project)</span>
 }
+</pre>
+		
+		<pre class="file" id="file27" style="display: none">package remote
 
-func schemeFromProvider(provider string) string <span class="cov4" title="2">{
-        switch strings.ToLower(strings.TrimSpace(provider)) </span>{
-        case "", "s3", "aws", "minio":<span class="cov4" title="2">
-                return "s3"</span>
-        case "gcs", "gcp", "google", "gs":<span class="cov0" title="0">
-                return "gs"</span>
-        case "azure", "azblob", "blob":<span class="cov0" title="0">
-                return "az"</span>
-        default:<span class="cov0" title="0">
-                return strings.TrimSuffix(strings.ToLower(strings.TrimSpace(provider)), "://")</span>
-        }
-}
-
-func accessMethodTypeForScheme(scheme string) string <span class="cov4" title="2">{
-        switch strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://")) </span>{
-        case "gcs", "gs":<span class="cov0" title="0">
-                return string(drsapi.AccessMethodTypeGs)</span>
-        case "s3":<span class="cov4" title="2">
-                return string(drsapi.AccessMethodTypeS3)</span>
-        default:<span class="cov0" title="0">
-                return strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://"))</span>
-        }
-}
+import (
+        "fmt"
 
-// PrintDRSObject marshals and prints a DRS object as JSON.
-func PrintDRSObject(obj drsapi.DrsObject, pretty bool) error <span class="cov0" title="0">{
-        var out []byte
-        var err error
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        syconf "github.com/calypr/syfon/client/config"
+        "github.com/spf13/cobra"
+)
 
-        if pretty </span><span class="cov0" title="0">{
-                out, err = sonic.ConfigFastest.MarshalIndent(obj, "", "  ")
-        }</span> else<span class="cov0" title="0"> {
-                out, err = sonic.ConfigFastest.Marshal(obj)
+var (
+        loadConfig            = config.LoadConfig
+        loadProfileCredential = func(profile string) (*syconf.Credential, error) <span class="cov0" title="0">{
+                return syconf.NewConfigure(drslog.GetLogger()).Load(profile)
         }</span>
+        ensureValidCredential = credentials.EnsureValidCredential
+)
 
-        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+var ListCmd = &amp;cobra.Command{
+        Use:   "list",
+        Short: "List DRS repos",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="2">{
+                if len(args) != 0 </span><span class="cov1" title="1">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: accepts no arguments, received %d\n\nUsage: %s\n\nSee 'git drs remote list --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+                logg := drslog.GetLogger()
+                cfg, err := loadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        logg.Debug(fmt.Sprintf("Error loading config: %s", err))
+                        return err
+                }</span>
 
-        <span class="cov0" title="0">fmt.Printf("%s\n", string(out))
-        return nil</span>
+                <span class="cov1" title="1">for name, remoteSelect := range cfg.Remotes </span><span class="cov1" title="1">{
+                        // Determine if this is the default
+                        isDefault := name == cfg.DefaultRemote
+                        marker := " "
+                        if isDefault </span><span class="cov1" title="1">{
+                                marker = "*"
+                        }</span>
+
+                        // Determine remote type and endpoint
+                        <span class="cov1" title="1">var remoteType string
+                        var remote config.DRSRemote
+                        if remoteSelect.Gen3 != nil </span><span class="cov1" title="1">{
+                                remoteType = string(config.Gen3ServerType)
+                                remote = remoteSelect.Gen3
+                        }</span> else<span class="cov0" title="0"> if remoteSelect.Local != nil </span><span class="cov0" title="0">{
+                                remoteType = string(config.LocalServerType)
+                                remote = remoteSelect.Local
+                        }</span> else<span class="cov0" title="0"> {
+                                remoteType = "unknown"
+                        }</span>
+
+                        <span class="cov1" title="1">endpoint := "N/A"
+                        if remote != nil </span><span class="cov1" title="1">{
+                                endpoint = remote.GetEndpoint()
+                        }</span>
+
+                        <span class="cov1" title="1">fmt.Printf("%s %-10s %-8s %s\n", marker, name, remoteType, endpoint)
+                        if remoteSelect.Gen3 != nil </span><span class="cov1" title="1">{
+                                cred, err := loadProfileCredential(string(name))
+                                if err != nil </span><span class="cov0" title="0">{
+                                        logg.Warn(fmt.Sprintf("remote %s credential check skipped: %v", name, err))
+                                        continue</span>
+                                }
+                                <span class="cov1" title="1">if err := ensureValidCredential(cmd.Context(), cred, logg); err != nil </span><span class="cov0" title="0">{
+                                        logg.Warn(config.WrapCredentialValidationError(string(name), err).Error())
+                                }</span>
+                        }
+                }
+                <span class="cov1" title="1">return nil</span>
+        },
 }
 </pre>
 		
-		<pre class="file" id="file31" style="display: none">package common
+		<pre class="file" id="file28" style="display: none">package remote
 
 import (
-        "bufio"
         "fmt"
-        "io"
-        "os"
-        "strings"
-)
-
-// PromptForConfirmation displays a prompt and reads user input to confirm an operation.
-// Returns nil if the response matches expectedResponse, error otherwise.
-// If caseSensitive is false, comparison is case-insensitive.
-func PromptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error <span class="cov10" title="2">{
-        fmt.Fprintf(w, "%s: ", prompt)
+        "sort"
 
-        reader := bufio.NewReader(os.Stdin)
-        response, err := reader.ReadString('\n')
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error reading confirmation: %v", err)
-        }</span>
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov10" title="2">response = strings.TrimSpace(response)
-        if !caseSensitive </span><span class="cov1" title="1">{
-                response = strings.ToLower(response)
-                expectedResponse = strings.ToLower(expectedResponse)
-        }</span>
+var RemoveCmd = &amp;cobra.Command{
+        Use:     "remove &lt;remote-name&gt;",
+        Aliases: []string{"rm"},
+        Short:   "Remove a DRS remote",
+        Long:    "Remove a configured DRS remote and repair the default remote if needed.",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
+                if len(args) != 1 </span><span class="cov6" title="2">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote remove --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+                remoteName := config.Remote(args[0])
+                logger := drslog.GetLogger()
 
-        <span class="cov10" title="2">if response != expectedResponse </span><span class="cov1" title="1">{
-                return fmt.Errorf("operation cancelled: confirmation did not match")
-        }</span>
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to load config: %w", err)
+                }</span>
 
-        <span class="cov1" title="1">return nil</span>
-}
+                <span class="cov6" title="2">if _, ok := cfg.Remotes[remoteName]; !ok </span><span class="cov0" title="0">{
+                        availableRemotes := make([]string, 0, len(cfg.Remotes))
+                        for name := range cfg.Remotes </span><span class="cov0" title="0">{
+                                availableRemotes = append(availableRemotes, string(name))
+                        }</span>
+                        <span class="cov0" title="0">sort.Strings(availableRemotes)
+                        return fmt.Errorf(
+                                "remote '%s' not found.\nAvailable remotes: %v",
+                                remoteName,
+                                availableRemotes,
+                        )</span>
+                }
 
-// DisplayWarningHeader writes a formatted warning header to the writer
-func DisplayWarningHeader(w io.Writer, operation string) <span class="cov1" title="1">{
-        fmt.Fprintf(w, "\n⚠️  WARNING: You are about to %s\n\n", operation)
-}</span>
+                <span class="cov6" title="2">updated, err := config.RemoveRemote(remoteName)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to remove remote: %w", err)
+                }</span>
 
-// DisplayField writes a formatted key-value field to the writer
-func DisplayField(w io.Writer, key, value string) <span class="cov1" title="1">{
-        fmt.Fprintf(w, "%-11s %s\n", key+":", value)
-}</span>
+                <span class="cov6" title="2">if updated.DefaultRemote == "" </span><span class="cov1" title="1">{
+                        logger.Debug(fmt.Sprintf("Removed remote %s; no default remote remains", remoteName))
+                        return nil
+                }</span>
 
-// DisplayFooter writes the standard "cannot be undone" footer to the writer
-func DisplayFooter(w io.Writer) <span class="cov1" title="1">{
-        fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
-}</span>
+                <span class="cov1" title="1">logger.Debug(fmt.Sprintf("Removed remote %s; default remote is now %s", remoteName, updated.DefaultRemote))
+                return nil</span>
+        },
+}
 </pre>
 		
-		<pre class="file" id="file32" style="display: none">package common
+		<pre class="file" id="file29" style="display: none">package remote
 
 import (
-        "fmt"
-        "net/url"
-
-        "github.com/golang-jwt/jwt/v5"
+        "github.com/calypr/git-drs/cmd/remote/add"
+        "github.com/spf13/cobra"
 )
 
-func ParseEmailFromToken(tokenString string) (string, error) <span class="cov10" title="5">{
-        claims := jwt.MapClaims{}
-        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
-        if err != nil </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("failed to decode token in ParseEmailFromToken: '%s': %w", tokenString, err)
-        }</span>
-        <span class="cov8" title="4">context, ok := claims["context"].(map[string]any)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'context' claim structure")
-        }</span>
-        <span class="cov7" title="3">user, ok := context["user"].(map[string]any)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'context.user' claim structure")
-        }</span>
-        <span class="cov4" title="2">name, ok := user["name"].(string)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'context.user.name' claim")
-        }</span>
-        <span class="cov1" title="1">return name, nil</span>
+// Cmd line declaration
+var Cmd = &amp;cobra.Command{
+        Use:   "remote",
+        Short: "Manage remote DRS server configs",
 }
 
-func ParseAPIEndpointFromToken(tokenString string) (string, error) <span class="cov7" title="3">{
-        claims := jwt.MapClaims{}
-        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("failed to decode token in ParseAPIEndpointFromToken: '%s': %w", tokenString, err)
-        }</span>
-        <span class="cov7" title="3">issUrl, ok := claims["iss"].(string)
-        if !ok </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("missing or invalid 'iss' claim")
-        }</span>
-        <span class="cov4" title="2">parsedURL, err := url.Parse(issUrl)
-        if err != nil </span><span class="cov1" title="1">{
-                return "", err
-        }</span>
-        <span class="cov1" title="1">return fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host), nil</span>
-}
+func init() <span class="cov8" title="1">{
+        Cmd.AddCommand(add.Cmd)
+        Cmd.AddCommand(ListCmd)
+        Cmd.AddCommand(RemoveCmd)
+        Cmd.AddCommand(SetCmd)
+}</span>
 </pre>
 		
-		<pre class="file" id="file33" style="display: none">package config
+		<pre class="file" id="file30" style="display: none">package remote
 
 import (
-        "errors"
         "fmt"
-        "log/slog"
-        "path/filepath"
-        "strings"
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        "github.com/go-git/go-git/v5"
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/spf13/cobra"
 )
 
-// RemoteType represents the type of server being initialized
-type RemoteType string
-type Remote string
-
-const (
-        ORIGIN = "origin"
-
-        Gen3ServerType  RemoteType = "gen3"
-        LocalServerType RemoteType = "local"
-
-        configSection          = "drs"
-        remoteSubsectionPrefix = "remote."
-)
+var SetCmd = &amp;cobra.Command{
+        Use:   "set &lt;remote-name&gt;",
+        Short: "Set the default DRS remote",
+        Long:  "Set which DRS remote to use by default for all operations",
+        Args: func(cmd *cobra.Command, args []string) error <span class="cov10" title="3">{
+                if len(args) != 1 </span><span class="cov6" title="2">{
+                        cmd.SilenceUsage = false
+                        return fmt.Errorf("error: requires exactly 1 argument (remote name), received %d\n\nUsage: %s\n\nRun 'git drs remote list' to see available remotes or 'git drs remote set --help' for more details", len(args), cmd.UseLine())
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        },
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                remoteName := args[0]
+                logger := drslog.GetLogger()
 
-var ErrNoDefaultRemote = errors.New("no default remote configured")
+                cfg, err := config.LoadConfig()
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to load config: %w", err)
+                }</span>
 
-func AllRemoteTypes() []RemoteType <span class="cov4" title="8">{
-        return []RemoteType{Gen3ServerType, LocalServerType}
-}</span>
+                // validate remote exists
+                <span class="cov0" title="0">remote := config.Remote(remoteName)
+                if _, ok := cfg.Remotes[remote]; !ok </span><span class="cov0" title="0">{
+                        availableRemotes := make([]string, 0, len(cfg.Remotes))
+                        for name := range cfg.Remotes </span><span class="cov0" title="0">{
+                                availableRemotes = append(availableRemotes, string(name))
+                        }</span>
+                        <span class="cov0" title="0">return fmt.Errorf(
+                                "remote '%s' not found.\nAvailable remotes: %v",
+                                remoteName,
+                                availableRemotes,
+                        )</span>
+                }
 
-func IsValidRemoteType(mode string) error <span class="cov3" title="4">{
-        modeOptions := make([]string, len(AllRemoteTypes()))
-        for i, m := range AllRemoteTypes() </span><span class="cov4" title="8">{
-                modeOptions[i] = string(m)
-        }</span>
+                // save new default
+                <span class="cov0" title="0">cfg.DefaultRemote = remote
 
-        <span class="cov3" title="4">for _, validMode := range modeOptions </span><span class="cov4" title="7">{
-                if mode == string(validMode) </span><span class="cov2" title="2">{
-                        return nil
+                if err := config.SaveConfig(cfg); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("failed to save config: %w", err)
                 }</span>
-        }
 
-        <span class="cov2" title="2">return fmt.Errorf("invalid mode '%s'. Valid options are: %s", mode, strings.Join(modeOptions, ", "))</span>
+                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Default remote set to: %s", remoteName))
+                return nil</span>
+        },
 }
+</pre>
+		
+		<pre class="file" id="file31" style="display: none">package rm
 
-// Config holds the overall config structure
-type Config struct {
-        DefaultRemote Remote
-        Remotes       map[Remote]RemoteSelect
+import (
+        "context"
+        "fmt"
+        "os/exec"
+        "path/filepath"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/spf13/cobra"
+)
+
+var runCommand = func(name string, args ...string) error <span class="cov8" title="1">{
+        cmd := exec.Command(name, args...)
+        return cmd.Run()
+}</span>
+
+var Cmd = &amp;cobra.Command{
+        Use:   "rm &lt;path&gt;...",
+        Short: "Remove tracked git-drs files",
+        Args:  cobra.MinimumNArgs(1),
+        RunE: func(cmd *cobra.Command, args []string) error <span class="cov0" title="0">{
+                return run(cmd.Context(), args)
+        }</span>,
 }
 
-func (c Config) GetRemoteClient(remote Remote, logger *slog.Logger) (*GitContext, error) <span class="cov1" title="1">{
-        x, ok := c.Remotes[remote]
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("GetRemoteClient no remote configuration found for current remote: %s", remote)
-        }</span>
-        <span class="cov1" title="1">if x.Local != nil </span><span class="cov1" title="1">{
-                return x.Local.GetClient(string(remote), logger)
+func run(ctx context.Context, args []string) error <span class="cov8" title="1">{
+        tracked, err := lfs.GetTrackedLfsFiles(drslog.GetLogger())
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">if x.Gen3 != nil </span><span class="cov0" title="0">{
-                username, password, err := gitrepo.GetRemoteBasicAuth(string(remote))
-                if err == nil &amp;&amp; strings.TrimSpace(username) != "" &amp;&amp; strings.TrimSpace(password) != "" </span><span class="cov0" title="0">{
-                        // If repo-local basic auth is configured, prefer the local/basic-auth client
-                        // path even when the remote entry was parsed as Gen3.
-                        return localRemoteFromGen3(x.Gen3, username, password).GetClient(string(remote), logger)
+
+        <span class="cov8" title="1">type removal struct {
+                path string
+                oid  string
+        }
+        planned := make([]removal, 0, len(args))
+        for _, raw := range args </span><span class="cov8" title="1">{
+                path := filepath.ToSlash(filepath.Clean(raw))
+                info, ok := tracked[path]
+                if !ok || strings.TrimSpace(info.Oid) == "" </span><span class="cov0" title="0">{
+                        return fmt.Errorf("%s is not a tracked git-drs/LFS file", raw)
                 }</span>
-                <span class="cov0" title="0">return x.Gen3.GetClient(string(remote), logger)</span>
+                <span class="cov8" title="1">planned = append(planned, removal{path: path, oid: "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")})</span>
         }
-        <span class="cov0" title="0">return nil, fmt.Errorf("no valid remote configuration found for current remote: %s", remote)</span>
-}
 
-func (c Config) GetRemote(remote Remote) DRSRemote <span class="cov2" title="2">{
-        x, ok := c.Remotes[remote]
-        if !ok </span><span class="cov0" title="0">{
-                return nil
+        <span class="cov8" title="1">gitArgs := []string{"rm", "--"}
+        for _, item := range planned </span><span class="cov8" title="1">{
+                gitArgs = append(gitArgs, item.path)
         }</span>
-        <span class="cov2" title="2">if x.Gen3 != nil </span><span class="cov0" title="0">{
-                return x.Gen3
-        }</span> else<span class="cov2" title="2"> if x.Local != nil </span><span class="cov2" title="2">{
-                return x.Local
+        <span class="cov8" title="1">if err := runCommand("git", gitArgs...); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">return nil</span>
+
+        <span class="cov8" title="1">return nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file32" style="display: none">package smudge
 
-// GetDefaultRemote returns the configured default remote with validation
-func (c Config) GetDefaultRemote() (Remote, error) <span class="cov1" title="1">{
-        if c.DefaultRemote == "" </span><span class="cov0" title="0">{
-                return "", fmt.Errorf(
-                        "%w.\n"+
-                                "Set one with: git drs remote set &lt;name&gt;\n"+
-                                "Available remotes: %v\n"+
-                                "Config: %v\n",
-                        ErrNoDefaultRemote,
-                        c.listRemoteNames(),
-                        c,
-                )
-        }</span>
+import (
+        "context"
+        "errors"
+        "fmt"
+        "os"
 
-        <span class="cov1" title="1">if _, ok := c.Remotes[c.DefaultRemote]; !ok </span><span class="cov0" title="0">{
-                return "", fmt.Errorf(
-                        "default remote '%s' not found in configuration.\n"+
-                                "Available remotes: %v",
-                        c.DefaultRemote,
-                        c.listRemoteNames(),
-                )
-        }</span>
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsfilter"
+        "github.com/calypr/git-drs/internal/drslog"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov1" title="1">return c.DefaultRemote, nil</span>
-}
+// Cmd implements `git drs smudge`, which mirrors `git lfs smudge` behavior.
+var Cmd = &amp;cobra.Command{
+        Use:   "smudge -- &lt;path&gt;",
+        Short: "Smudge a file by converting an LFS pointer to file content (invoked by git)",
+        Long: `git drs smudge reads potential LFS pointer content from stdin. If the input
+is a valid LFS pointer, it restores file content from the local LFS object cache
+or downloads it from the configured DRS remote. If no DRS remote is configured,
+the pointer is passed through unchanged. If the input is not an LFS pointer,
+content is passed through unchanged.
 
-// GetRemoteOrDefault returns the specified remote if provided, otherwise returns the default remote
-func (c Config) GetRemoteOrDefault(remote string) (Remote, error) <span class="cov2" title="2">{
-        if remote != "" </span><span class="cov1" title="1">{
-                return Remote(remote), nil
-        }</span>
-        <span class="cov1" title="1">return c.GetDefaultRemote()</span>
-}
+This command mirrors 'git lfs smudge' and is intended to be configured as the
+git smudge filter:
 
-// listRemoteNames returns a slice of all remote names for error messages
-func (c Config) listRemoteNames() []string <span class="cov0" title="0">{
-        names := make([]string, 0, len(c.Remotes))
-        for name := range c.Remotes </span><span class="cov0" title="0">{
-                names = append(names, string(name))
-        }</span>
-        <span class="cov0" title="0">return names</span>
+  git config filter.drs.smudge 'git-drs smudge -- %f'`,
+        Hidden: true,
+        Args:   cobra.ExactArgs(1),
+        RunE:   runSmudge,
 }
 
-// getRepo opens the current git repository
-func getRepo() (*git.Repository, error) <span class="cov6" title="15">{
-        return gitrepo.GetRepo()
-}</span>
-
-func (c Config) ConfigPath() (string, error) <span class="cov0" title="0">{
-        return getConfigPath()
-}</span>
-
-// updates and git adds a Git DRS config file
-// this should handle three cases:
-// 1. create a new config file if it does not exist / is empty
-// 2. return an error if the config file is invalid
-// 3. update the existing config file, making sure to combine the new serversMap with the existing one
-// UpdateRemote updates and saves configuration using go-git
-func UpdateRemote(name Remote, remote RemoteSelect) (*Config, error) <span class="cov3" title="3">{
-        repo, err := getRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+func runSmudge(cmd *cobra.Command, args []string) error <span class="cov8" title="1">{
+        ctx := cmd.Context()
+        if ctx == nil </span><span class="cov8" title="1">{
+                ctx = context.Background()
         }</span>
 
-        <span class="cov3" title="3">conf, err := repo.Config()
+        <span class="cov8" title="1">pathname := args[0]
+        logger := drslog.GetLogger()
+        logger.Debug("smudge: starting", "pathname", pathname)
+
+        cfg, err := config.LoadConfig()
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("smudge: load config: %w", err)
         }</span>
 
-        // Update drs.remote.&lt;name&gt; subsection
-        <span class="cov3" title="3">remoteSubsectionName := fmt.Sprintf("%s%s", remoteSubsectionPrefix, name)
-        remoteSubsection := conf.Raw.Section(configSection).Subsection(remoteSubsectionName)
-
-        if remote.Gen3 != nil </span><span class="cov1" title="1">{
-                remoteSubsection.SetOption("type", "gen3")
-                remoteSubsection.SetOption("endpoint", remote.Gen3.Endpoint)
-                remoteSubsection.SetOption("project", remote.Gen3.ProjectID)
-                remoteSubsection.SetOption("bucket", remote.Gen3.Bucket)
-                if remote.Gen3.Organization != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("organization", remote.Gen3.Organization)
-                }</span>
-                <span class="cov1" title="1">if remote.Gen3.StoragePrefix != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("storage_prefix", remote.Gen3.StoragePrefix)
-                }</span>
-        } else<span class="cov2" title="2"> if remote.Local != nil </span><span class="cov2" title="2">{
-                remoteSubsection.SetOption("type", "local")
-                remoteSubsection.SetOption("endpoint", remote.Local.BaseURL)
-                if remote.Local.ProjectID != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("project", remote.Local.ProjectID)
-                }</span>
-                <span class="cov2" title="2">if remote.Local.Bucket != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("bucket", remote.Local.Bucket)
-                }</span>
-                <span class="cov2" title="2">if remote.Local.Organization != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("organization", remote.Local.Organization)
-                }</span>
-                <span class="cov2" title="2">if remote.Local.StoragePrefix != "" </span><span class="cov0" title="0">{
-                        remoteSubsection.SetOption("storage_prefix", remote.Local.StoragePrefix)
+        <span class="cov8" title="1">remote, err := cfg.GetDefaultRemote()
+        if err != nil </span><span class="cov8" title="1">{
+                if errors.Is(err, config.ErrNoDefaultRemote) </span><span class="cov8" title="1">{
+                        logger.Debug("smudge: no default remote configured; passing through pointer", "pathname", pathname)
+                        return drsfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, nil)
                 }</span>
+                <span class="cov0" title="0">return fmt.Errorf("smudge: get default remote: %w", err)</span>
         }
 
-        // Set default remote if not set
-        <span class="cov3" title="3">configRoot := conf.Raw.Section(configSection)
-        defaultRemote := configRoot.Option("default-remote")
-        if defaultRemote == "" </span><span class="cov3" title="3">{
-                configRoot.SetOption("default-remote", string(name))
-        }</span>
-
-        // Save config
-        <span class="cov3" title="3">if err := repo.Storer.SetConfig(conf); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov0" title="0">drsCtx, err := cfg.GetRemoteClient(remote, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: create DRS client: %w", err)
         }</span>
 
-        <span class="cov3" title="3">return LoadConfig()</span>
+        <span class="cov0" title="0">return drsfilter.SmudgeContent(ctx, pathname, os.Stdin, os.Stdout, logger, func(callCtx context.Context, oid, cachePath string) error </span><span class="cov0" title="0">{
+                return drsremote.DownloadToCachePath(callCtx, drsCtx, logger, oid, cachePath)
+        }</span>)
 }
 
-func parseAndAddRemote(cfg *Config, subsectionName string, remoteType string, endpoint string, project string, bucket string, organization string, storagePrefix string) <span class="cov5" title="9">{
-        if !strings.HasPrefix(subsectionName, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
-                return
-        }</span>
+func init() {<span class="cov8" title="1">}</span>
+</pre>
+		
+		<pre class="file" id="file33" style="display: none">package track
 
-        <span class="cov5" title="9">remoteName := Remote(strings.TrimPrefix(subsectionName, remoteSubsectionPrefix))
-        rs := RemoteSelect{}
+import (
+        "context"
+        "fmt"
 
-        if remoteType == "gen3" || remoteType == "" </span><span class="cov4" title="5">{
-                rs.Gen3 = &amp;Gen3Remote{
-                        Endpoint:      endpoint,
-                        ProjectID:     project,
-                        Bucket:        bucket,
-                        Organization:  organization,
-                        StoragePrefix: storagePrefix,
-                }
-        }</span> else<span class="cov3" title="4"> if remoteType == "local" </span><span class="cov3" title="4">{
-                rs.Local = &amp;LocalRemote{
-                        BaseURL:       endpoint,
-                        ProjectID:     project,
-                        Bucket:        bucket,
-                        Organization:  organization,
-                        StoragePrefix: storagePrefix,
-                }
-        }</span>
+        "github.com/calypr/git-drs/internal/drstrack"
+        "github.com/spf13/cobra"
+)
 
-        <span class="cov5" title="9">cfg.Remotes[remoteName] = rs</span>
-}
+var (
+        gitLFSTrackPatterns = drstrack.TrackPatterns
+        gitLFSListPatterns  = drstrack.ListTrackedPatterns
+)
 
-// LoadConfig loads configuration using go-git
-func LoadConfig() (*Config, error) <span class="cov5" title="10">{
-        repo, err := getRepo()
+var Cmd = NewCommand()
+
+func NewCommand() *cobra.Command <span class="cov10" title="3">{
+        cmd := &amp;cobra.Command{
+                Use:   "track [pattern ...]",
+                Short: "Track files with Git LFS",
+                Long:  "Manage Git LFS tracking patterns. With no patterns, this lists tracked patterns.",
+                Args:  cobra.ArbitraryArgs,
+                RunE:  runTrack,
+        }
+
+        cmd.Flags().Bool("verbose", false, "show detailed output")
+        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
+
+        return cmd
+}</span>
+
+func runTrack(cmd *cobra.Command, args []string) error <span class="cov6" title="2">{
+        verbose, err := cmd.Flags().GetBool("verbose")
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("read flag verbose: %w", err)
         }</span>
-
-        <span class="cov5" title="10">conf, err := repo.Config()
+        <span class="cov6" title="2">dryRun, err := cmd.Flags().GetBool("dry-run")
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("read flag dry-run: %w", err)
         }</span>
 
-        <span class="cov5" title="10">cfg := &amp;Config{
-                Remotes: make(map[Remote]RemoteSelect),
-        }
+        <span class="cov6" title="2">ctx := cmd.Context()
+        if ctx == nil </span><span class="cov0" title="0">{
+                ctx = context.Background()
+        }</span>
 
-        // Iterate over all sections to find 'drs' and its subsections
-        for _, section := range conf.Raw.Sections </span><span class="cov10" title="109">{
-                if section.Name != configSection </span><span class="cov9" title="100">{
-                        continue</span>
-                }
+        <span class="cov6" title="2">var out string
+        if len(args) == 0 </span><span class="cov1" title="1">{
+                out, err = gitLFSListPatterns(ctx, verbose)
+        }</span> else<span class="cov1" title="1"> {
+                out, err = gitLFSTrackPatterns(ctx, args, verbose, dryRun)
+        }</span>
+        <span class="cov6" title="2">if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-                // Check for default-remote in the section root.
-                <span class="cov5" title="9">dr := section.Option("default-remote")
-                if dr != "" </span><span class="cov5" title="9">{
-                        cfg.DefaultRemote = Remote(dr)
-                }</span>
+        <span class="cov6" title="2">if out != "" </span><span class="cov6" title="2">{
+                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
+        }</span>
+        <span class="cov6" title="2">return nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file34" style="display: none">package untrack
 
-                <span class="cov5" title="9">for _, subsection := range section.Subsections </span><span class="cov5" title="9">{
-                        if !strings.HasPrefix(subsection.Name, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov5" title="9">parseAndAddRemote(
-                                cfg,
-                                subsection.Name,
-                                subsection.Option("type"),
-                                subsection.Option("endpoint"),
-                                subsection.Option("project"),
-                                subsection.Option("bucket"),
-                                subsection.Option("organization"),
-                                subsection.Option("storage_prefix"),
-                        )</span>
-                }
+import (
+        "context"
+        "fmt"
+
+        "github.com/calypr/git-drs/internal/drstrack"
+        "github.com/spf13/cobra"
+)
+
+var gitLFSUntrackPatterns = drstrack.UntrackPatterns
+
+var Cmd = NewCommand()
+
+func NewCommand() *cobra.Command <span class="cov10" title="3">{
+        cmd := &amp;cobra.Command{
+                Use:   "untrack &lt;pattern&gt; [pattern ...]",
+                Short: "Stop tracking files with Git LFS",
+                Long:  "Remove one or more Git LFS tracking patterns.",
+                Args:  cobra.MinimumNArgs(1),
+                RunE:  runUntrack,
         }
 
-        <span class="cov5" title="10">return cfg, nil</span>
-}
+        cmd.Flags().Bool("verbose", false, "show detailed output")
+        cmd.Flags().Bool("dry-run", false, "show what would change without writing")
 
-func CreateEmptyConfig() error <span class="cov1" title="1">{
-        // With go-git, we just verify we are in a repo?
-        // Existing behavior was ensuring file existence.
-        // We can check if we can open the repo.
-        _, err := getRepo()
-        return err
+        return cmd
 }</span>
 
-func GetProjectId(remote Remote) (string, error) <span class="cov0" title="0">{
-        cfg, err := LoadConfig()
+func runUntrack(cmd *cobra.Command, args []string) error <span class="cov1" title="1">{
+        verbose, err := cmd.Flags().GetBool("verbose")
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("error loading config: %v", err)
+                return fmt.Errorf("read flag verbose: %w", err)
         }</span>
-        <span class="cov0" title="0">rmt := cfg.GetRemote(remote)
-        if rmt == nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("no remote configuration found for current remote: %s", remote)
+        <span class="cov1" title="1">dryRun, err := cmd.Flags().GetBool("dry-run")
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("read flag dry-run: %w", err)
         }</span>
-        <span class="cov0" title="0">return rmt.GetProjectId(), nil</span>
-}
 
-// SaveConfig writes the configuration using go-git
-func SaveConfig(cfg *Config) error <span class="cov1" title="1">{
-        repo, err := getRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">ctx := cmd.Context()
+        if ctx == nil </span><span class="cov0" title="0">{
+                ctx = context.Background()
         }</span>
 
-        <span class="cov1" title="1">conf, err := repo.Config()
+        <span class="cov1" title="1">out, err := gitLFSUntrackPatterns(ctx, args, verbose, dryRun)
         if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
 
-        <span class="cov1" title="1">if cfg.DefaultRemote != "" </span><span class="cov1" title="1">{
-                conf.Raw.Section(configSection).SetOption("default-remote", string(cfg.DefaultRemote))
+        <span class="cov1" title="1">if out != "" </span><span class="cov1" title="1">{
+                _, _ = fmt.Fprint(cmd.OutOrStdout(), out)
         }</span>
+        <span class="cov1" title="1">return nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file35" style="display: none">package version
 
-        <span class="cov1" title="1">return repo.Storer.SetConfig(conf)</span>
+import (
+        "fmt"
+        "runtime/debug"
+
+        "github.com/spf13/cobra"
+)
+
+// Cmd represents the "version" command
+var Cmd = &amp;cobra.Command{
+        Use:   "version",
+        Short: "Get version",
+        Long:  ``,
+        Run: func(cmd *cobra.Command, args []string) <span class="cov4" title="5">{
+                fmt.Println("git-drs", buildVersion())
+        }</span>,
 }
 
-// GetGitConfigInt reads an integer value from git config
-// getGitConfigValue retrieves a value from git config by key
-func getConfigPath() (string, error) <span class="cov0" title="0">{
-        topLevel, err := gitrepo.GitTopLevel()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func buildVersion() string <span class="cov5" title="6">{
+        tag := ""
+        commit := ""
+        if info, ok := debug.ReadBuildInfo(); ok </span><span class="cov5" title="6">{
+                if info.Main.Version != "" &amp;&amp; info.Main.Version != "(devel)" </span><span class="cov0" title="0">{
+                        tag = info.Main.Version
+                }</span>
+                <span class="cov5" title="6">for _, setting := range info.Settings </span><span class="cov10" title="42">{
+                        switch setting.Key </span>{
+                        case "vcs.revision":<span class="cov0" title="0">
+                                commit = setting.Value</span>
+                        case "vcs.tag":<span class="cov0" title="0">
+                                if tag == "" </span><span class="cov0" title="0">{
+                                        tag = setting.Value
+                                }</span>
+                        }
+                }
+        }
+
+        <span class="cov5" title="6">commitShort := commit
+        if len(commitShort) &gt; 7 </span><span class="cov0" title="0">{
+                commitShort = commitShort[:7]
         }</span>
 
-        <span class="cov0" title="0">configPath := filepath.Join(topLevel, common.DRS_DIR, common.CONFIG_YAML)
-        return configPath, nil</span>
+        <span class="cov5" title="6">switch </span>{
+        case tag != "" &amp;&amp; commitShort != "":<span class="cov0" title="0">
+                return fmt.Sprintf("%s-%s", tag, commitShort)</span>
+        case tag != "":<span class="cov0" title="0">
+                return tag</span>
+        case commitShort != "":<span class="cov0" title="0">
+                return fmt.Sprintf("dev-%s", commitShort)</span>
+        default:<span class="cov5" title="6">
+                return "dev-unknown"</span>
+        }
 }
 </pre>
 		
-		<pre class="file" id="file34" style="display: none">package config
+		<pre class="file" id="file36" style="display: none">package common
 
 import (
-        "context"
+        "crypto/sha256"
+        "encoding/hex"
         "fmt"
-        "log/slog"
-        "net/url"
+        "io"
+        "os"
         "strings"
 
-        gitauth "github.com/calypr/git-drs/internal/auth"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        syclient "github.com/calypr/syfon/client"
-        syconf "github.com/calypr/syfon/client/conf"
-        syrequest "github.com/calypr/syfon/client/request"
-        "github.com/calypr/syfon/client/syfonclient"
+        "github.com/bytedance/sonic"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
-type DRSRemote interface {
-        GetProjectId() string
-        GetOrganization() string
-        GetEndpoint() string
-        GetBucketName() string
-        GetStoragePrefix() string
-        GetClient(remoteName string, logger *slog.Logger) (*GitContext, error)
+// ParseOrgProject resolves the effective org and project from the conventional
+// arguments. When org is provided it is used directly. When org is empty the
+// project string is split on the first "-" to derive org and project.
+func ParseOrgProject(org, project string) (string, string) <span class="cov10" title="3">{
+        if org != "" </span><span class="cov1" title="1">{
+                return org, project
+        }</span>
+        <span class="cov6" title="2">if project == "" </span><span class="cov0" title="0">{
+                return "", ""
+        }</span>
+        <span class="cov6" title="2">if !strings.Contains(project, "-") </span><span class="cov1" title="1">{
+                return "default", project
+        }</span>
+        <span class="cov1" title="1">parts := strings.SplitN(project, "-", 2)
+        return parts[0], parts[1]</span>
 }
 
-type GitContext struct {
-        Client             syfonclient.SyfonClient
-        Requestor          syrequest.Requester
-        Organization       string
-        ProjectId          string
-        BucketName         string
-        StoragePrefix      string
-        Upsert             bool
-        MultiPartThreshold int64
-        UploadConcurrency  int
-        Logger             *slog.Logger
-        Credential         *syconf.Credential
+// CalculateFileSHA256 returns the lowercase hex SHA256 checksum for a file.
+func CalculateFileSHA256(path string) (string, error) <span class="cov6" title="2">{
+        f, err := os.Open(path)
+        if err != nil </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("open file %s: %w", path, err)
+        }</span>
+        <span class="cov1" title="1">defer f.Close()
+
+        h := sha256.New()
+        if _, err := io.Copy(h, f); err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("hash file %s: %w", path, err)
+        }</span>
+
+        <span class="cov1" title="1">return hex.EncodeToString(h.Sum(nil)), nil</span>
 }
 
-type RemoteSelect struct {
-        Gen3  *Gen3Remote
-        Local *LocalRemote
-}
+// PrintDRSObject marshals and prints a DRS object as JSON.
+func PrintDRSObject(obj drsapi.DrsObject, pretty bool) error <span class="cov0" title="0">{
+        var out []byte
+        var err error
 
-type Gen3Remote struct {
-        Endpoint      string `yaml:"endpoint"`
-        ProjectID     string `yaml:"project_id"`
-        Bucket        string `yaml:"bucket"`
-        Organization  string `yaml:"organization"`
-        StoragePrefix string `yaml:"storage_prefix"`
+        if pretty </span><span class="cov0" title="0">{
+                out, err = sonic.ConfigFastest.MarshalIndent(obj, "", "  ")
+        }</span> else<span class="cov0" title="0"> {
+                out, err = sonic.ConfigFastest.Marshal(obj)
+        }</span>
+        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+
+        <span class="cov0" title="0">fmt.Printf("%s\n", string(out))
+        return nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file37" style="display: none">package common
 
-func (s Gen3Remote) GetProjectId() string     <span class="cov0" title="0">{ return s.ProjectID }</span>
-func (s Gen3Remote) GetOrganization() string  <span class="cov0" title="0">{ return s.Organization }</span>
-func (s Gen3Remote) GetEndpoint() string      <span class="cov0" title="0">{ return s.Endpoint }</span>
-func (s Gen3Remote) GetBucketName() string    <span class="cov0" title="0">{ return s.Bucket }</span>
-func (s Gen3Remote) GetStoragePrefix() string <span class="cov0" title="0">{ return s.StoragePrefix }</span>
+import (
+        "bufio"
+        "fmt"
+        "io"
+        "os"
+        "strings"
+)
 
-func (s Gen3Remote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov0" title="0">{
-        manager := syconf.NewConfigure(logger)
-        cred, err := manager.Load(remoteName)
+// PromptForConfirmation displays a prompt and reads user input to confirm an operation.
+// Returns nil if the response matches expectedResponse, error otherwise.
+// If caseSensitive is false, comparison is case-insensitive.
+func PromptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error <span class="cov10" title="2">{
+        fmt.Fprintf(w, "%s: ", prompt)
+
+        reader := bufio.NewReader(os.Stdin)
+        response, err := reader.ReadString('\n')
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                return fmt.Errorf("error reading confirmation: %v", err)
         }</span>
-        <span class="cov0" title="0">if err := gitauth.EnsureValidCredential(context.Background(), cred, logger); err != nil </span><span class="cov0" title="0">{
-                return nil, err
+
+        <span class="cov10" title="2">response = strings.TrimSpace(response)
+        if !caseSensitive </span><span class="cov1" title="1">{
+                response = strings.ToLower(response)
+                expectedResponse = strings.ToLower(expectedResponse)
         }</span>
-        <span class="cov0" title="0">return newGitContext(*cred, s, logger)</span>
+
+        <span class="cov10" title="2">if response != expectedResponse </span><span class="cov1" title="1">{
+                return fmt.Errorf("operation cancelled: confirmation did not match")
+        }</span>
+
+        <span class="cov1" title="1">return nil</span>
 }
 
-type LocalRemote struct {
-        BaseURL       string
-        ProjectID     string
-        Bucket        string
-        Organization  string
-        StoragePrefix string
-        BasicUsername string
-        BasicPassword string
+// DisplayWarningHeader writes a formatted warning header to the writer
+func DisplayWarningHeader(w io.Writer, operation string) <span class="cov1" title="1">{
+        fmt.Fprintf(w, "\n⚠️  WARNING: You are about to %s\n\n", operation)
+}</span>
+
+// DisplayField writes a formatted key-value field to the writer
+func DisplayField(w io.Writer, key, value string) <span class="cov1" title="1">{
+        fmt.Fprintf(w, "%-11s %s\n", key+":", value)
+}</span>
+
+// DisplayFooter writes the standard "cannot be undone" footer to the writer
+func DisplayFooter(w io.Writer) <span class="cov1" title="1">{
+        fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
+}</span>
+</pre>
+		
+		<pre class="file" id="file38" style="display: none">package common
+
+import (
+        "fmt"
+        "net/url"
+
+        "github.com/golang-jwt/jwt/v5"
+)
+
+func ParseEmailFromToken(tokenString string) (string, error) <span class="cov10" title="5">{
+        claims := jwt.MapClaims{}
+        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
+        if err != nil </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("failed to decode token in ParseEmailFromToken: '%s': %w", tokenString, err)
+        }</span>
+        <span class="cov8" title="4">context, ok := claims["context"].(map[string]any)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'context' claim structure")
+        }</span>
+        <span class="cov7" title="3">user, ok := context["user"].(map[string]any)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'context.user' claim structure")
+        }</span>
+        <span class="cov4" title="2">name, ok := user["name"].(string)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'context.user.name' claim")
+        }</span>
+        <span class="cov1" title="1">return name, nil</span>
 }
 
-func (l LocalRemote) GetProjectId() string <span class="cov4" title="2">{
-        if l.ProjectID != "" </span><span class="cov1" title="1">{
-                return l.ProjectID
+func ParseAPIEndpointFromToken(tokenString string) (string, error) <span class="cov7" title="3">{
+        claims := jwt.MapClaims{}
+        _, _, err := jwt.NewParser().ParseUnverified(tokenString, &amp;claims)
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("failed to decode token in ParseAPIEndpointFromToken: '%s': %w", tokenString, err)
         }</span>
-        <span class="cov1" title="1">return "local-project"</span>
+        <span class="cov7" title="3">issUrl, ok := claims["iss"].(string)
+        if !ok </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("missing or invalid 'iss' claim")
+        }</span>
+        <span class="cov4" title="2">parsedURL, err := url.Parse(issUrl)
+        if err != nil </span><span class="cov1" title="1">{
+                return "", err
+        }</span>
+        <span class="cov1" title="1">return fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host), nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file39" style="display: none">package config
 
-func (l LocalRemote) GetOrganization() string  <span class="cov10" title="5">{ return l.Organization }</span>
-func (l LocalRemote) GetEndpoint() string      <span class="cov0" title="0">{ return l.BaseURL }</span>
-func (l LocalRemote) GetBucketName() string    <span class="cov4" title="2">{ return l.Bucket }</span>
-func (l LocalRemote) GetStoragePrefix() string <span class="cov4" title="2">{ return l.StoragePrefix }</span>
+import (
+        "errors"
+        "fmt"
+        "log/slog"
+        "path/filepath"
+        "sort"
+        "strings"
 
-func (l LocalRemote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov4" title="2">{
-        if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov1" title="1">{
-                l.BasicUsername = username
-                l.BasicPassword = password
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        "github.com/go-git/go-git/v5"
+)
+
+// RemoteType represents the type of server being initialized
+type RemoteType string
+type Remote string
+
+const (
+        ORIGIN = "origin"
+
+        Gen3ServerType  RemoteType = "gen3"
+        LocalServerType RemoteType = "local"
+
+        configSection          = "drs"
+        remoteSubsectionPrefix = "remote."
+)
+
+var ErrNoDefaultRemote = errors.New("no default remote configured")
+
+func AllRemoteTypes() []RemoteType <span class="cov4" title="8">{
+        return []RemoteType{Gen3ServerType, LocalServerType}
+}</span>
+
+func IsValidRemoteType(mode string) error <span class="cov3" title="4">{
+        modeOptions := make([]string, len(AllRemoteTypes()))
+        for i, m := range AllRemoteTypes() </span><span class="cov4" title="8">{
+                modeOptions[i] = string(m)
         }</span>
-        <span class="cov4" title="2">projectID := l.GetProjectId()
-        bucketName := l.GetBucketName()
-        storagePrefix := l.GetStoragePrefix()
-        if strings.TrimSpace(l.GetOrganization()) != "" || strings.TrimSpace(bucketName) != "" || strings.TrimSpace(storagePrefix) != "" </span><span class="cov1" title="1">{
-                scope, err := gitrepo.ResolveBucketScope(
-                        l.GetOrganization(),
-                        projectID,
-                        bucketName,
-                        storagePrefix,
-                )
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, err
+
+        <span class="cov3" title="4">for _, validMode := range modeOptions </span><span class="cov4" title="7">{
+                if mode == string(validMode) </span><span class="cov2" title="2">{
+                        return nil
                 }</span>
-                <span class="cov1" title="1">bucketName = scope.Bucket
-                storagePrefix = scope.Prefix</span>
         }
 
-        <span class="cov4" title="2">cred := &amp;syconf.Credential{APIEndpoint: l.BaseURL}
-        if l.BasicUsername != "" || l.BasicPassword != "" </span><span class="cov1" title="1">{
-                cred.KeyID = l.BasicUsername
-                cred.APIKey = l.BasicPassword
-        }</span>
+        <span class="cov2" title="2">return fmt.Errorf("invalid mode '%s'. Valid options are: %s", mode, strings.Join(modeOptions, ", "))</span>
+}
+
+// Config holds the overall config structure
+type Config struct {
+        DefaultRemote Remote
+        Remotes       map[Remote]RemoteSelect
+}
+
+func (c Config) GetRemoteClient(remote Remote, logger *slog.Logger) (*GitContext, error) <span class="cov1" title="1">{
+        x, ok := c.Remotes[remote]
+        if !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("GetRemoteClient no remote configuration found for current remote: %s", remote)
+        }</span>
+        <span class="cov1" title="1">if x.Local != nil </span><span class="cov1" title="1">{
+                return x.Local.GetClient(string(remote), logger)
+        }</span>
+        <span class="cov0" title="0">if x.Gen3 != nil </span><span class="cov0" title="0">{
+                username, password, err := gitrepo.GetRemoteBasicAuth(string(remote))
+                if err == nil &amp;&amp; strings.TrimSpace(username) != "" &amp;&amp; strings.TrimSpace(password) != "" </span><span class="cov0" title="0">{
+                        // If repo-local basic auth is configured, prefer the local/basic-auth client
+                        // path even when the remote entry was parsed as Gen3.
+                        return localRemoteFromGen3(x.Gen3, username, password).GetClient(string(remote), logger)
+                }</span>
+                <span class="cov0" title="0">return x.Gen3.GetClient(string(remote), logger)</span>
+        }
+        <span class="cov0" title="0">return nil, fmt.Errorf("no valid remote configuration found for current remote: %s", remote)</span>
+}
+
+func (c Config) GetRemote(remote Remote) DRSRemote <span class="cov2" title="2">{
+        x, ok := c.Remotes[remote]
+        if !ok </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov2" title="2">if x.Gen3 != nil </span><span class="cov0" title="0">{
+                return x.Gen3
+        }</span> else<span class="cov2" title="2"> if x.Local != nil </span><span class="cov2" title="2">{
+                return x.Local
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
+
+// GetDefaultRemote returns the configured default remote with validation
+func (c Config) GetDefaultRemote() (Remote, error) <span class="cov1" title="1">{
+        if c.DefaultRemote == "" </span><span class="cov0" title="0">{
+                return "", fmt.Errorf(
+                        "%w.\n"+
+                                "Set one with: git drs remote set &lt;name&gt;\n"+
+                                "Available remotes: %v\n"+
+                                "Config: %v\n",
+                        ErrNoDefaultRemote,
+                        c.listRemoteNames(),
+                        c,
+                )
+        }</span>
+
+        <span class="cov1" title="1">if _, ok := c.Remotes[c.DefaultRemote]; !ok </span><span class="cov0" title="0">{
+                return "", fmt.Errorf(
+                        "default remote '%s' not found in configuration.\n"+
+                                "Available remotes: %v",
+                        c.DefaultRemote,
+                        c.listRemoteNames(),
+                )
+        }</span>
+
+        <span class="cov1" title="1">return c.DefaultRemote, nil</span>
+}
+
+// GetRemoteOrDefault returns the specified remote if provided, otherwise returns the default remote
+func (c Config) GetRemoteOrDefault(remote string) (Remote, error) <span class="cov2" title="2">{
+        if remote != "" </span><span class="cov1" title="1">{
+                return Remote(remote), nil
+        }</span>
+        <span class="cov1" title="1">return c.GetDefaultRemote()</span>
+}
+
+// listRemoteNames returns a slice of all remote names for error messages
+func (c Config) listRemoteNames() []string <span class="cov0" title="0">{
+        names := make([]string, 0, len(c.Remotes))
+        for name := range c.Remotes </span><span class="cov0" title="0">{
+                names = append(names, string(name))
+        }</span>
+        <span class="cov0" title="0">return names</span>
+}
+
+// getRepo opens the current git repository
+func getRepo() (*git.Repository, error) <span class="cov6" title="15">{
+        return gitrepo.GetRepo()
+}</span>
+
+func (c Config) ConfigPath() (string, error) <span class="cov0" title="0">{
+        return getConfigPath()
+}</span>
+
+// updates and git adds a Git DRS config file
+// this should handle three cases:
+// 1. create a new config file if it does not exist / is empty
+// 2. return an error if the config file is invalid
+// 3. update the existing config file, making sure to combine the new serversMap with the existing one
+// UpdateRemote updates and saves configuration using go-git
+func UpdateRemote(name Remote, remote RemoteSelect) (*Config, error) <span class="cov3" title="3">{
+        repo, err := getRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov3" title="3">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        // Update drs.remote.&lt;name&gt; subsection
+        <span class="cov3" title="3">remoteSubsectionName := fmt.Sprintf("%s%s", remoteSubsectionPrefix, name)
+        remoteSubsection := conf.Raw.Section(configSection).Subsection(remoteSubsectionName)
+
+        if remote.Gen3 != nil </span><span class="cov1" title="1">{
+                remoteSubsection.SetOption("type", "gen3")
+                remoteSubsection.SetOption("endpoint", remote.Gen3.Endpoint)
+                remoteSubsection.SetOption("project", remote.Gen3.ProjectID)
+                remoteSubsection.SetOption("bucket", remote.Gen3.Bucket)
+                if remote.Gen3.Organization != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("organization", remote.Gen3.Organization)
+                }</span>
+                <span class="cov1" title="1">if remote.Gen3.StoragePrefix != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("storage_prefix", remote.Gen3.StoragePrefix)
+                }</span>
+        } else<span class="cov2" title="2"> if remote.Local != nil </span><span class="cov2" title="2">{
+                remoteSubsection.SetOption("type", "local")
+                remoteSubsection.SetOption("endpoint", remote.Local.BaseURL)
+                if remote.Local.ProjectID != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("project", remote.Local.ProjectID)
+                }</span>
+                <span class="cov2" title="2">if remote.Local.Bucket != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("bucket", remote.Local.Bucket)
+                }</span>
+                <span class="cov2" title="2">if remote.Local.Organization != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("organization", remote.Local.Organization)
+                }</span>
+                <span class="cov2" title="2">if remote.Local.StoragePrefix != "" </span><span class="cov0" title="0">{
+                        remoteSubsection.SetOption("storage_prefix", remote.Local.StoragePrefix)
+                }</span>
+        }
+
+        // Set default remote if not set
+        <span class="cov3" title="3">configRoot := conf.Raw.Section(configSection)
+        defaultRemote := configRoot.Option("default-remote")
+        if defaultRemote == "" </span><span class="cov3" title="3">{
+                configRoot.SetOption("default-remote", string(name))
+        }</span>
+
+        // Save config
+        <span class="cov3" title="3">if err := repo.Storer.SetConfig(conf); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov3" title="3">return LoadConfig()</span>
+}
+
+func parseAndAddRemote(cfg *Config, subsectionName string, remoteType string, endpoint string, project string, bucket string, organization string, storagePrefix string) <span class="cov5" title="9">{
+        if !strings.HasPrefix(subsectionName, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
+                return
+        }</span>
+
+        <span class="cov5" title="9">remoteName := Remote(strings.TrimPrefix(subsectionName, remoteSubsectionPrefix))
+        rs := RemoteSelect{}
+
+        if remoteType == "gen3" || remoteType == "" </span><span class="cov4" title="5">{
+                rs.Gen3 = &amp;Gen3Remote{
+                        Endpoint:      endpoint,
+                        ProjectID:     project,
+                        Bucket:        bucket,
+                        Organization:  organization,
+                        StoragePrefix: storagePrefix,
+                }
+        }</span> else<span class="cov3" title="4"> if remoteType == "local" </span><span class="cov3" title="4">{
+                rs.Local = &amp;LocalRemote{
+                        BaseURL:       endpoint,
+                        ProjectID:     project,
+                        Bucket:        bucket,
+                        Organization:  organization,
+                        StoragePrefix: storagePrefix,
+                }
+        }</span>
+
+        <span class="cov5" title="9">cfg.Remotes[remoteName] = rs</span>
+}
+
+// LoadConfig loads configuration using go-git
+func LoadConfig() (*Config, error) <span class="cov5" title="10">{
+        repo, err := getRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov5" title="10">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov5" title="10">cfg := &amp;Config{
+                Remotes: make(map[Remote]RemoteSelect),
+        }
+
+        // Iterate over all sections to find 'drs' and its subsections
+        for _, section := range conf.Raw.Sections </span><span class="cov10" title="109">{
+                if section.Name != configSection </span><span class="cov9" title="100">{
+                        continue</span>
+                }
+
+                // Check for default-remote in the section root.
+                <span class="cov5" title="9">dr := section.Option("default-remote")
+                if dr != "" </span><span class="cov5" title="9">{
+                        cfg.DefaultRemote = Remote(dr)
+                }</span>
+
+                <span class="cov5" title="9">for _, subsection := range section.Subsections </span><span class="cov5" title="9">{
+                        if !strings.HasPrefix(subsection.Name, remoteSubsectionPrefix) </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov5" title="9">parseAndAddRemote(
+                                cfg,
+                                subsection.Name,
+                                subsection.Option("type"),
+                                subsection.Option("endpoint"),
+                                subsection.Option("project"),
+                                subsection.Option("bucket"),
+                                subsection.Option("organization"),
+                                subsection.Option("storage_prefix"),
+                        )</span>
+                }
+        }
+
+        <span class="cov5" title="10">return cfg, nil</span>
+}
+
+func CreateEmptyConfig() error <span class="cov1" title="1">{
+        // With go-git, we just verify we are in a repo?
+        // Existing behavior was ensuring file existence.
+        // We can check if we can open the repo.
+        _, err := getRepo()
+        return err
+}</span>
+
+func GetProjectId(remote Remote) (string, error) <span class="cov0" title="0">{
+        cfg, err := LoadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("error loading config: %v", err)
+        }</span>
+        <span class="cov0" title="0">rmt := cfg.GetRemote(remote)
+        if rmt == nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("no remote configuration found for current remote: %s", remote)
+        }</span>
+        <span class="cov0" title="0">return rmt.GetProjectId(), nil</span>
+}
+
+// SaveConfig writes the configuration using go-git
+func SaveConfig(cfg *Config) error <span class="cov1" title="1">{
+        repo, err := getRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+
+        <span class="cov1" title="1">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+
+        <span class="cov1" title="1">if cfg.DefaultRemote != "" </span><span class="cov1" title="1">{
+                conf.Raw.Section(configSection).SetOption("default-remote", string(cfg.DefaultRemote))
+        }</span>
+
+        <span class="cov1" title="1">return repo.Storer.SetConfig(conf)</span>
+}
+
+func RemoveRemote(name Remote) (*Config, error) <span class="cov0" title="0">{
+        cfg, err := LoadConfig()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov0" title="0">if _, ok := cfg.Remotes[name]; !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("remote '%s' not found", name)
+        }</span>
+
+        <span class="cov0" title="0">delete(cfg.Remotes, name)
+
+        keys := []string{
+                fmt.Sprintf("drs.remote.%s.type", name),
+                fmt.Sprintf("drs.remote.%s.endpoint", name),
+                fmt.Sprintf("drs.remote.%s.project", name),
+                fmt.Sprintf("drs.remote.%s.bucket", name),
+                fmt.Sprintf("drs.remote.%s.organization", name),
+                fmt.Sprintf("drs.remote.%s.storage_prefix", name),
+                fmt.Sprintf("drs.remote.%s.token", name),
+                fmt.Sprintf("drs.remote.%s.username", name),
+                fmt.Sprintf("drs.remote.%s.password", name),
+                fmt.Sprintf("remote.%s.lfsurl", name),
+        }
+        if err := gitrepo.UnsetGitConfigOptions(keys); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov0" title="0">if cfg.DefaultRemote == name </span><span class="cov0" title="0">{
+                cfg.DefaultRemote = firstRemote(cfg)
+        }</span>
+
+        <span class="cov0" title="0">if err := SaveConfig(cfg); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov0" title="0">if cfg.DefaultRemote == "" </span><span class="cov0" title="0">{
+                if err := gitrepo.UnsetGitConfigOptions([]string{"drs.default-remote"}); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+
+        <span class="cov0" title="0">return LoadConfig()</span>
+}
+
+func firstRemote(cfg *Config) Remote <span class="cov0" title="0">{
+        if cfg == nil || len(cfg.Remotes) == 0 </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+
+        <span class="cov0" title="0">names := make([]string, 0, len(cfg.Remotes))
+        for name := range cfg.Remotes </span><span class="cov0" title="0">{
+                names = append(names, string(name))
+        }</span>
+        <span class="cov0" title="0">sort.Strings(names)
+        return Remote(names[0])</span>
+}
+
+// GetGitConfigInt reads an integer value from git config
+// getGitConfigValue retrieves a value from git config by key
+func getConfigPath() (string, error) <span class="cov0" title="0">{
+        topLevel, err := gitrepo.GitTopLevel()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+
+        <span class="cov0" title="0">configPath := filepath.Join(topLevel, common.DRS_DIR, common.CONFIG_YAML)
+        return configPath, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file40" style="display: none">package config
+
+import (
+        "context"
+        "fmt"
+        "log/slog"
+        "net/url"
+        "strings"
+
+        "github.com/calypr/data-client/credentials"
+        "github.com/calypr/git-drs/internal/gitrepo"
+        syclient "github.com/calypr/syfon/client"
+        syconf "github.com/calypr/syfon/client/config"
+)
+
+const credentialHelpSuffix = "Refresh credentials with `git drs remote add gen3 &lt;remote-name&gt; &lt;organization/project&gt; --cred &lt;path&gt;` or `--token &lt;token&gt;`. See docs/getting-started.md."
+
+type DRSRemote interface {
+        GetProjectId() string
+        GetOrganization() string
+        GetEndpoint() string
+        GetBucketName() string
+        GetStoragePrefix() string
+        GetClient(remoteName string, logger *slog.Logger) (*GitContext, error)
+}
+
+type GitContext struct {
+        Client             *syclient.Client
+        Organization       string
+        ProjectId          string
+        BucketName         string
+        StoragePrefix      string
+        Upsert             bool
+        ForceUpload        bool
+        MultiPartThreshold int64
+        UploadConcurrency  int
+        Logger             *slog.Logger
+        Credential         *syconf.Credential
+}
+
+type RemoteSelect struct {
+        Gen3  *Gen3Remote
+        Local *LocalRemote
+}
+
+type Gen3Remote struct {
+        Endpoint      string `yaml:"endpoint"`
+        ProjectID     string `yaml:"project_id"`
+        Bucket        string `yaml:"bucket"`
+        Organization  string `yaml:"organization"`
+        StoragePrefix string `yaml:"storage_prefix"`
+}
+
+func (s Gen3Remote) GetProjectId() string     <span class="cov1" title="1">{ return s.ProjectID }</span>
+func (s Gen3Remote) GetOrganization() string  <span class="cov4" title="2">{ return s.Organization }</span>
+func (s Gen3Remote) GetEndpoint() string      <span class="cov0" title="0">{ return s.Endpoint }</span>
+func (s Gen3Remote) GetBucketName() string    <span class="cov1" title="1">{ return s.Bucket }</span>
+func (s Gen3Remote) GetStoragePrefix() string <span class="cov1" title="1">{ return s.StoragePrefix }</span>
+
+func (s Gen3Remote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov0" title="0">{
+        manager := syconf.NewConfigure(logger)
+        cred, err := manager.Load(remoteName)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov0" title="0">if err := credentials.EnsureValidCredential(context.Background(), cred, logger); err != nil </span><span class="cov0" title="0">{
+                return nil, WrapCredentialValidationError(remoteName, err)
+        }</span>
+        <span class="cov0" title="0">return newGitContext(*cred, s, logger)</span>
+}
+
+type LocalRemote struct {
+        BaseURL       string
+        ProjectID     string
+        Bucket        string
+        Organization  string
+        StoragePrefix string
+        BasicUsername string
+        BasicPassword string
+}
+
+func (l LocalRemote) GetProjectId() string <span class="cov4" title="2">{
+        if l.ProjectID != "" </span><span class="cov1" title="1">{
+                return l.ProjectID
+        }</span>
+        <span class="cov1" title="1">return "local-project"</span>
+}
+
+func (l LocalRemote) GetOrganization() string  <span class="cov10" title="5">{ return l.Organization }</span>
+func (l LocalRemote) GetEndpoint() string      <span class="cov0" title="0">{ return l.BaseURL }</span>
+func (l LocalRemote) GetBucketName() string    <span class="cov4" title="2">{ return l.Bucket }</span>
+func (l LocalRemote) GetStoragePrefix() string <span class="cov4" title="2">{ return l.StoragePrefix }</span>
+
+func (l LocalRemote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) <span class="cov4" title="2">{
+        if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil &amp;&amp; username != "" &amp;&amp; password != "" </span><span class="cov1" title="1">{
+                l.BasicUsername = username
+                l.BasicPassword = password
+        }</span>
+        <span class="cov4" title="2">projectID := l.GetProjectId()
+        bucketName := l.GetBucketName()
+        storagePrefix := l.GetStoragePrefix()
+        if strings.TrimSpace(l.GetOrganization()) != "" || strings.TrimSpace(bucketName) != "" || strings.TrimSpace(storagePrefix) != "" </span><span class="cov1" title="1">{
+                scope, err := gitrepo.ResolveBucketScope(
+                        l.GetOrganization(),
+                        projectID,
+                        bucketName,
+                        storagePrefix,
+                )
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov1" title="1">bucketName = scope.Bucket
+                storagePrefix = scope.Prefix</span>
+        }
+
+        <span class="cov4" title="2">cred := &amp;syconf.Credential{APIEndpoint: l.BaseURL}
+        if l.BasicUsername != "" || l.BasicPassword != "" </span><span class="cov1" title="1">{
+                cred.KeyID = l.BasicUsername
+                cred.APIKey = l.BasicPassword
+        }</span>
+
+        <span class="cov4" title="2">raw, err := syclient.New(l.BaseURL, syclient.WithBasicAuth(cred.KeyID, cred.APIKey))
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov4" title="2">client, ok := raw.(*syclient.Client)
+        if !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("unexpected syfon client type %T", raw)
+        }</span>
+
+        <span class="cov4" title="2">return &amp;GitContext{
+                Client:        client,
+                Organization:  l.GetOrganization(),
+                ProjectId:     projectID,
+                BucketName:    bucketName,
+                StoragePrefix: storagePrefix,
+                Logger:        logger,
+                Credential:    cred,
+        }, nil</span>
+}
+
+func newGitContext(profileConfig syconf.Credential, remote Gen3Remote, logger *slog.Logger) (*GitContext, error) <span class="cov1" title="1">{
+        if _, err := url.Parse(profileConfig.APIEndpoint); err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">projectID := remote.GetProjectId()
+        if projectID == "" </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("no gen3 project specified")
+        }</span>
+
+        <span class="cov1" title="1">scope, err := gitrepo.ResolveBucketScope(
+                remote.GetOrganization(),
+                projectID,
+                remote.GetBucketName(),
+                remote.GetStoragePrefix(),
+        )
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov1" title="1">raw, err := syclient.New(profileConfig.APIEndpoint, syclient.WithBearerToken(profileConfig.AccessToken))
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">client, ok := raw.(*syclient.Client)
+        if !ok </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("unexpected syfon client type %T", raw)
+        }</span>
+
+        <span class="cov1" title="1">uploadConcurrency := int(gitrepo.GetGitConfigInt("lfs.concurrenttransfers", 4))
+        if uploadConcurrency &lt; 1 </span><span class="cov0" title="0">{
+                uploadConcurrency = 1
+        }</span>
+
+        <span class="cov1" title="1">return &amp;GitContext{
+                Client:             client,
+                ProjectId:          projectID,
+                BucketName:         scope.Bucket,
+                Organization:       remote.GetOrganization(),
+                StoragePrefix:      scope.Prefix,
+                Upsert:             gitrepo.GetGitConfigBool("drs.upsert", false),
+                MultiPartThreshold: int64(gitrepo.GetGitConfigInt("drs.multipart-threshold", 5120)) * 1024 * 1024,
+                UploadConcurrency:  uploadConcurrency,
+                Logger:             logger,
+                Credential:         &amp;profileConfig,
+        }, nil</span>
+}
+
+func localRemoteFromGen3(gen3 *Gen3Remote, username string, password string) *LocalRemote <span class="cov0" title="0">{
+        return &amp;LocalRemote{
+                BaseURL:       gen3.Endpoint,
+                ProjectID:     gen3.ProjectID,
+                Bucket:        gen3.Bucket,
+                Organization:  gen3.Organization,
+                StoragePrefix: gen3.StoragePrefix,
+                BasicUsername: strings.TrimSpace(username),
+                BasicPassword: strings.TrimSpace(password),
+        }
+}</span>
+
+func WrapCredentialValidationError(remoteName string, err error) error <span class="cov0" title="0">{
+        if err == nil </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov0" title="0">if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("%w. %s", err, credentialHelpSuffix)
+        }</span>
+        <span class="cov0" title="0">return fmt.Errorf("%w. Remote %q requires refreshed credentials. %s", err, remoteName, credentialHelpSuffix)</span>
+}
+</pre>
+		
+		<pre class="file" id="file41" style="display: none">package drsdelete
+
+import (
+        "context"
+        "fmt"
+        "os/exec"
+        "sort"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/lfs"
+)
+
+type deletedPointer struct {
+        Path string
+        OID  string
+}
+
+func collectDeletedPointers(ctx context.Context, refs []RefUpdate) (map[string][]deletedPointer, error) <span class="cov5" title="3">{
+        grouped := make(map[string][]deletedPointer)
+        seen := make(map[string]struct{})
+        for _, ref := range refs </span><span class="cov5" title="3">{
+                oldSHA := strings.TrimSpace(ref.OldSHA)
+                newSHA := strings.TrimSpace(ref.NewSHA)
+                if oldSHA == "" || newSHA == "" || isZeroSHA(oldSHA) || isZeroSHA(newSHA) </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">paths, err := gitDeletedPaths(ctx, oldSHA, newSHA)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov5" title="3">for _, path := range paths </span><span class="cov5" title="3">{
+                        key := oldSHA + "\x00" + path
+                        if _, ok := seen[key]; ok </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov5" title="3">seen[key] = struct{}{}
+
+                        oid, ok, err := gitPointerOID(ctx, oldSHA, path)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return nil, err
+                        }</span>
+                        <span class="cov5" title="3">if !ok </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov5" title="3">grouped[oid] = append(grouped[oid], deletedPointer{Path: path, OID: oid})</span>
+                }
+        }
+        <span class="cov5" title="3">return grouped, nil</span>
+}
+
+func deletedPaths(items []deletedPointer) []string <span class="cov0" title="0">{
+        out := make([]string, 0, len(items))
+        for _, item := range items </span><span class="cov0" title="0">{
+                out = append(out, item.Path)
+        }</span>
+        <span class="cov0" title="0">sort.Strings(out)
+        return out</span>
+}
+
+func gitDeletedPaths(ctx context.Context, oldSHA, newSHA string) ([]string, error) <span class="cov5" title="3">{
+        cmd := exec.CommandContext(ctx, "git", "diff", "--name-status", "--diff-filter=D", "-M", oldSHA, newSHA)
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("git diff deleted paths %s..%s: %s", oldSHA, newSHA, strings.TrimSpace(string(out)))
+        }</span>
+        <span class="cov5" title="3">lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+        paths := make([]string, 0, len(lines))
+        for _, line := range lines </span><span class="cov5" title="3">{
+                line = strings.TrimSpace(line)
+                if line == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">parts := strings.Split(line, "\t")
+                if len(parts) &lt; 2 || parts[0] != "D" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov5" title="3">paths = append(paths, parts[1])</span>
+        }
+        <span class="cov5" title="3">return paths, nil</span>
+}
+
+func gitPointerOID(ctx context.Context, ref, path string) (string, bool, error) <span class="cov5" title="3">{
+        spec := ref + ":" + path
+        cmd := exec.CommandContext(ctx, "git", "show", spec)
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("git show %s: %s", spec, strings.TrimSpace(string(out)))
+        }</span>
+        <span class="cov5" title="3">oid, _, ok := lfs.ParseLFSPointer(out)
+        if !ok </span><span class="cov0" title="0">{
+                return "", false, nil
+        }</span>
+        <span class="cov5" title="3">return "sha256:" + strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), true, nil</span>
+}
+
+func isZeroSHA(sha string) bool <span class="cov10" title="9">{
+        return strings.TrimSpace(sha) == "0000000000000000000000000000000000000000"
+}</span>
+</pre>
+		
+		<pre class="file" id="file42" style="display: none">package drsdelete
+
+import (
+        "log/slog"
+        "sort"
+        "strings"
+
+        "github.com/calypr/git-drs/internal/lfs"
+)
+
+func collectLivePathsByOID(refs []RefUpdate, logger *slog.Logger) (map[string][]string, error) <span class="cov10" title="3">{
+        targets := make([]string, 0, len(refs))
+        seen := make(map[string]struct{}, len(refs))
+        for _, ref := range refs </span><span class="cov10" title="3">{
+                newSHA := strings.TrimSpace(ref.NewSHA)
+                if newSHA == "" || isZeroSHA(newSHA) </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov10" title="3">if _, ok := seen[newSHA]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov10" title="3">seen[newSHA] = struct{}{}
+                targets = append(targets, newSHA)</span>
+        }
+        <span class="cov10" title="3">if len(targets) == 0 </span><span class="cov0" title="0">{
+                return map[string][]string{}, nil
+        }</span>
+
+        <span class="cov10" title="3">files, err := lfs.GetLfsFilesForRefs(targets, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov10" title="3">liveByOID := make(map[string][]string)
+        for path, info := range files </span><span class="cov1" title="1">{
+                oid := "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")
+                liveByOID[oid] = append(liveByOID[oid], path)
+        }</span>
+        <span class="cov10" title="3">for oid := range liveByOID </span><span class="cov1" title="1">{
+                sort.Strings(liveByOID[oid])
+        }</span>
+        <span class="cov10" title="3">return liveByOID, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file43" style="display: none">package drsdelete
+
+import (
+        "context"
+        "fmt"
+        "io"
+        "log/slog"
+
+        "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsremote"
+        sycommon "github.com/calypr/syfon/common"
+)
+
+type RefUpdate struct {
+        OldSHA string
+        NewSHA string
+}
+
+type Summary struct {
+        DeletedRecords   int
+        RemovedResources int
+        ClearedLocalOnly int
+        PendingMissing   int
+        PendingAmbiguous int
+}
+
+func ReconcileCommittedDeletes(ctx context.Context, drsCtx *config.GitContext, refs []RefUpdate, logger *slog.Logger) (Summary, error) <span class="cov10" title="3">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
+                return Summary{}, fmt.Errorf("DRS client unavailable")
+        }</span>
+        <span class="cov10" title="3">if logger == nil </span><span class="cov10" title="3">{
+                logger = slog.New(slog.NewTextHandler(io.Discard, nil))
+        }</span>
+        <span class="cov10" title="3">if len(refs) == 0 </span><span class="cov0" title="0">{
+                return Summary{}, nil
+        }</span>
+
+        <span class="cov10" title="3">deletedByOID, err := collectDeletedPointers(ctx, refs)
+        if err != nil </span><span class="cov0" title="0">{
+                return Summary{}, err
+        }</span>
+        <span class="cov10" title="3">if len(deletedByOID) == 0 </span><span class="cov0" title="0">{
+                return Summary{}, nil
+        }</span>
+
+        <span class="cov10" title="3">liveByOID, err := collectLivePathsByOID(refs, logger)
+        if err != nil </span><span class="cov0" title="0">{
+                return Summary{}, err
+        }</span>
+
+        <span class="cov10" title="3">resource, err := sycommon.ResourcePath(drsCtx.Organization, drsCtx.ProjectId)
+        if err != nil </span><span class="cov0" title="0">{
+                return Summary{}, err
+        }</span>
+
+        <span class="cov10" title="3">summary := Summary{}
+        for oid, deletions := range deletedByOID </span><span class="cov10" title="3">{
+                if livePaths := liveByOID[oid]; len(livePaths) &gt; 0 </span><span class="cov1" title="1">{
+                        summary.ClearedLocalOnly += len(deletions)
+                        continue</span>
+                }
+
+                <span class="cov6" title="2">records, err := drsremote.ObjectsByHashForScope(ctx, drsCtx, oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return summary, err
+                }</span>
+                <span class="cov6" title="2">switch len(records) </span>{
+                case 0:<span class="cov0" title="0">
+                        summary.PendingMissing += len(deletions)
+                        if logger != nil </span><span class="cov0" title="0">{
+                                logger.Warn("deleted pointer has no scoped DRS match", "oid", oid, "paths", deletedPaths(deletions))
+                        }</span>
+                        <span class="cov0" title="0">continue</span>
+                case 1:<span class="cov6" title="2"></span>
+                default:<span class="cov0" title="0">
+                        summary.PendingAmbiguous += len(deletions)
+                        if logger != nil </span><span class="cov0" title="0">{
+                                logger.Warn("deleted pointer matched multiple scoped DRS records", "oid", oid, "count", len(records), "paths", deletedPaths(deletions))
+                        }</span>
+                        <span class="cov0" title="0">continue</span>
+                }
+
+                <span class="cov6" title="2">record := records[0]
+                controlled := []string(nil)
+                if record.ControlledAccess != nil </span><span class="cov6" title="2">{
+                        controlled = sycommon.NormalizeAccessResources(*record.ControlledAccess)
+                }</span>
+                <span class="cov6" title="2">if len(controlled) &lt;= 1 </span><span class="cov1" title="1">{
+                        if err := drsCtx.Client.DRS().DeleteObject(ctx, record.Id, true); err != nil </span><span class="cov0" title="0">{
+                                return summary, err
+                        }</span>
+                        <span class="cov1" title="1">summary.DeletedRecords++
+                        continue</span>
+                }
+
+                <span class="cov1" title="1">var out map[string]any
+                if err := drsCtx.Client.Requestor().Do(ctx, "POST", "/index/"+record.Id+"/controlled-access/remove", map[string]string{
+                        "resource": resource,
+                }, &amp;out); err != nil </span><span class="cov0" title="0">{
+                        return summary, err
+                }</span>
+                <span class="cov1" title="1">summary.RemovedResources++</span>
+        }
+
+        <span class="cov10" title="3">if logger != nil &amp;&amp; (summary.DeletedRecords &gt; 0 || summary.RemovedResources &gt; 0 || summary.ClearedLocalOnly &gt; 0 || summary.PendingMissing &gt; 0 || summary.PendingAmbiguous &gt; 0) </span><span class="cov10" title="3">{
+                logger.Info("delete reconciliation complete",
+                        "deleted_records", summary.DeletedRecords,
+                        "removed_resources", summary.RemovedResources,
+                        "cleared_local_only", summary.ClearedLocalOnly,
+                        "pending_missing", summary.PendingMissing,
+                        "pending_ambiguous", summary.PendingAmbiguous,
+                )
+        }</span>
+        <span class="cov10" title="3">return summary, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file44" style="display: none">package drsfilter
+
+import (
+        "context"
+        "crypto/sha256"
+        "encoding/hex"
+        "fmt"
+        "io"
+        "log/slog"
+        "os"
+        "path/filepath"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+// writeDrsMap records a local DRS object entry in .git/drs/lfs/objects so that
+// the pre-push workflow can discover and upload the file.
+func writeDrsMap(pathname string, oid string, size int64) error <span class="cov8" title="1">{
+        name := filepath.Base(pathname)
+        drsObj := &amp;drsapi.DrsObject{
+                Name: &amp;name,
+                Size: size,
+                Checksums: []drsapi.Checksum{
+                        {Type: "sha256", Checksum: oid},
+                },
+        }
+        if existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid); err == nil &amp;&amp; existing != nil </span><span class="cov8" title="1">{
+                drsObj = existing
+                drsObj.Name = &amp;name
+                drsObj.Size = size
+                drsObj.Checksums = []drsapi.Checksum{
+                        {Type: "sha256", Checksum: oid},
+                }
+        }</span>
+        <span class="cov8" title="1">return drsobject.WriteObject(common.DRS_OBJS_PATH, drsObj, oid)</span>
+}
+
+// CleanContent reads raw file content from content, hashes it with SHA-256,
+// stores the content in the git-lfs local object cache under lfsRoot, and
+// writes an LFS pointer to dst. It also records a DRS map entry so that
+// `git drs push` can discover the file.
+//
+// pathname is the repo-relative path of the file being cleaned; it is used
+// only for the DRS map entry name and log messages.
+func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Reader, dst io.Writer, logger *slog.Logger) error <span class="cov8" title="1">{
+        _ = ctx // reserved for future cancellation propagation
+
+        objDir := filepath.Join(lfsRoot, "objects")
+        if err := os.MkdirAll(objDir, 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: mkdir LFS objects: %w", err)
+        }</span>
+
+        // Buffer the content into a temp file while computing its SHA-256.
+        <span class="cov8" title="1">tmp, err := os.CreateTemp(objDir, "git-drs-clean-*")
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: create temp file: %w", err)
+        }</span>
+        <span class="cov8" title="1">tmpPath := tmp.Name()
+        defer func() </span><span class="cov8" title="1">{
+                if _, statErr := os.Stat(tmpPath); statErr == nil </span><span class="cov8" title="1">{
+                        _ = os.Remove(tmpPath)
+                }</span>
+        }()
+
+        <span class="cov8" title="1">h := sha256.New()
+        written, err := io.Copy(tmp, io.TeeReader(content, h))
+        if err != nil </span><span class="cov0" title="0">{
+                tmp.Close()
+                return fmt.Errorf("clean: write temp file: %w", err)
+        }</span>
+        <span class="cov8" title="1">if err := tmp.Close(); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: close temp file: %w", err)
+        }</span>
+        <span class="cov8" title="1">size := written
+        oid := hex.EncodeToString(h.Sum(nil))
+
+        if size &gt; 0 &amp;&amp; size &lt; 2048 </span><span class="cov8" title="1">{
+                if data, readErr := os.ReadFile(tmpPath); readErr == nil </span><span class="cov8" title="1">{
+                        if pointerOID, pointerSize, ok := lfs.ParseLFSPointer(data); ok </span><span class="cov8" title="1">{
+                                if _, err := dst.Write(data); err != nil </span><span class="cov0" title="0">{
+                                        return fmt.Errorf("clean: write existing pointer: %w", err)
+                                }</span>
+                                <span class="cov8" title="1">if mapErr := writeDrsMap(pathname, pointerOID, pointerSize); mapErr != nil </span><span class="cov0" title="0">{
+                                        logger.Warn("clean: failed to write DRS map entry for existing pointer", "pathname", pathname, "error", mapErr)
+                                }</span>
+                                <span class="cov8" title="1">logger.Debug("clean: passed through existing LFS pointer", "pathname", pathname, "oid", pointerOID, "size", pointerSize)
+                                return nil</span>
+                        }
+                }
+        }
+
+        // Move temp file to the final content-addressed location.
+        <span class="cov0" title="0">cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: resolve cache path: %w", err)
+        }</span>
+        <span class="cov0" title="0">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: mkdir for cache path: %w", err)
+        }</span>
+        <span class="cov0" title="0">if err := os.Rename(tmpPath, cachePath); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: move to cache: %w", err)
+        }</span>
+
+        <span class="cov0" title="0">logger.Debug("clean: stored LFS object", "pathname", pathname, "oid", oid, "size", size)
+
+        // Write the LFS pointer to dst.
+        pointer := fmt.Sprintf(
+                "version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
+                oid, size,
+        )
+        if _, err := io.WriteString(dst, pointer); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("clean: write pointer: %w", err)
+        }</span>
+
+        // Record a DRS map entry so `git drs push` can find the file.
+        <span class="cov0" title="0">if mapErr := writeDrsMap(pathname, oid, size); mapErr != nil </span><span class="cov0" title="0">{
+                logger.Warn("clean: failed to write DRS map entry", "pathname", pathname, "error", mapErr)
+        }</span>
+
+        <span class="cov0" title="0">return nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file45" style="display: none">package drsfilter
+
+import (
+        "context"
+        "errors"
+        "fmt"
+        "io"
+        "io/fs"
+        "log/slog"
+        "os"
+        "path/filepath"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/lfs"
+)
+
+// SmudgeDownloadFunc downloads the object identified by oid into cachePath.
+type SmudgeDownloadFunc func(ctx context.Context, oid, cachePath string) error
+
+// SmudgeContent reads pointer content from ptr and writes smudged content to dst.
+// If the payload is not an LFS pointer, it passes data through unchanged.
+func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.Writer, logger *slog.Logger, download SmudgeDownloadFunc) error <span class="cov10" title="4">{
+        ptrBytes, err := io.ReadAll(ptr)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: read pointer: %w", err)
+        }</span>
+
+        <span class="cov10" title="4">oid, size, ok := lfs.ParseLFSPointer(ptrBytes)
+        if !ok </span><span class="cov1" title="1">{
+                _, err := dst.Write(ptrBytes)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("smudge: passthrough write: %w", err)
+                }</span>
+                <span class="cov1" title="1">return nil</span>
+        }
+
+        <span class="cov8" title="3">if logger != nil </span><span class="cov8" title="3">{
+                logger.Debug("smudge", "pathname", pathname, "oid", oid, "size", size)
+        }</span>
+
+        <span class="cov8" title="3">cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: resolve cache path: %w", err)
+        }</span>
+
+        <span class="cov8" title="3">err = copyObjectToWriter(cachePath, dst)
+        if err == nil </span><span class="cov1" title="1">{
+                return nil
+        }</span>
+        <span class="cov5" title="2">if !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: read cache: %w", err)
+        }</span>
+
+        <span class="cov5" title="2">if download == nil </span><span class="cov1" title="1">{
+                // No remote configured — write the pointer back to the working tree
+                // unchanged, matching git-lfs --skip-smudge behaviour.
+                if logger != nil </span><span class="cov1" title="1">{
+                        logger.Debug("smudge: no downloader configured, writing pointer", "oid", oid)
+                }</span>
+                <span class="cov1" title="1">_, err := dst.Write(ptrBytes)
+                return err</span>
+        }
+
+        <span class="cov1" title="1">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: mkdir for cache path: %w", err)
+        }</span>
+
+        <span class="cov1" title="1">if err := download(ctx, oid, cachePath); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: download oid %s: %w", oid, err)
+        }</span>
+
+        <span class="cov1" title="1">if err := copyObjectToWriter(cachePath, dst); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("smudge: open downloaded file: %w", err)
+        }</span>
+
+        <span class="cov1" title="1">return nil</span>
+}
+
+func copyObjectToWriter(path string, dst io.Writer) error <span class="cov10" title="4">{
+        f, err := os.Open(path)
+        if err != nil </span><span class="cov5" title="2">{
+                return err
+        }</span>
+        <span class="cov5" title="2">defer f.Close()
+
+        _, err = io.Copy(dst, f)
+        return err</span>
+}
+</pre>
+		
+		<pre class="file" id="file46" style="display: none">// go
+package drslog
+
+import (
+        "io"
+        "log/slog"
+        "os"
+        "path/filepath"
+        "runtime/debug"
+        "strconv"
+        "strings"
+        "sync"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/gitrepo"
+
+        "github.com/calypr/syfon/client/logs"
+)
+
+var globalLogger *slog.Logger
+var globalLogFile io.Closer
+var globalLoggerOnce sync.Once
+var globalLoggerMu sync.RWMutex
+var GIT_TRANSFER_TRACE int
+var modulePathSuffixOnce sync.Once
+var modulePathSuffixValue string
+var repoRootOnce sync.Once
+var repoRootValue string
+
+const (
+        levelDebugStr   = "DEBUG"
+        levelInfoStr    = "INFO"
+        levelWarnStr    = "WARN"
+        levelWarningStr = "WARNING"
+        levelErrorStr   = "ERROR"
+)
+
+// init initializes package-level settings from the environment.
+//
+// Documented calls inside:
+//   - os.Getenv("GIT_TRANSFER_TRACE")
+//     Reads environment variable to optionally enable trace logging.
+//   - strconv.Atoi(envValue)
+//     Parses the numeric env value.
+//
+// Side-effects:
+// - sets package variable GIT_TRANSFER_TRACE.
+// Typical callers:
+// - runtime automatically invokes init(); no external callers needed.
+func init() <span class="cov1" title="1">{
+        GIT_TRANSFER_TRACE = 0
+        if envValue := os.Getenv("GIT_TRANSFER_TRACE"); envValue != "" </span><span class="cov0" title="0">{
+                if parsed, err := strconv.Atoi(envValue); err == nil </span><span class="cov0" title="0">{
+                        GIT_TRANSFER_TRACE = parsed
+                }</span>
+        }
+}
+
+// TraceEnabled returns whether transfer trace logging is enabled.
+//
+// Documented calls inside:
+// - reads package variable GIT_TRANSFER_TRACE.
+// Typical callers:
+// - logging setup and callsites that want to be verbose only when trace is enabled.
+func TraceEnabled() bool <span class="cov4" title="2">{
+        return GIT_TRANSFER_TRACE == 1
+}</span>
+
+// NewLogger creates and installs a global slog.Logger that writes to the specified file
+// and optionally to stderr. It is safe to call multiple times; the first successful call
+// establishes the global logger.
+//
+// Documented calls inside:
+//   - projectdir.DRS_DIR usage
+//     Uses projectdir.DRS_DIR to create log directory.
+//   - os.MkdirAll(projectdir.DRS_DIR, 0755)
+//     Ensures the directory exists; returns error on failure.
+//   - filepath.Join(projectdir.DRS_DIR, "git-drs.log")
+//     Constructs default filename when none provided.
+//   - os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+//     Opens/creates the log file (returns *os.File).
+//   - io.MultiWriter(writers...)
+//     Combines file and optionally os.Stderr into a single Writer.
+//   - slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{...})
+//     Creates the text handler for slog that writes to the combined writer.
+//   - slog.New(handler).With("pid", os.Getpid())
+//     Builds the logger and attaches pid attribute.
+//   - globalLoggerMu.Lock()/Unlock()
+//     Protects globalLogFile and globalLogger assignment.
+//
+// Side-effects:
+// - sets package-level globalLogger and globalLogFile.
+// Typical callers:
+// - application startup code that wants to initialize logging (e.g. main).
+func NewLogger(filename string, logToStderr bool) (*slog.Logger, error) <span class="cov4" title="2">{
+        var writers []io.Writer
+
+        if filename == "" </span><span class="cov1" title="1">{
+                // create drs dir if it doesn't exist
+                if err := os.MkdirAll(common.DRS_DIR, 0755); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+
+                <span class="cov1" title="1">filename = filepath.Join(common.DRS_DIR, "git-drs.log")</span>
+        }
+
+        <span class="cov4" title="2">file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov4" title="2">writers = append(writers, file)
+
+        if logToStderr </span><span class="cov0" title="0">{
+                writers = append(writers, os.Stderr)
+        }</span>
+
+        <span class="cov4" title="2">multiWriter := io.MultiWriter(writers...)
+
+        handler := slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{
+                AddSource:   true,
+                Level:       resolveLogLevel(),
+                ReplaceAttr: replaceSourceAttr,
+        })
+        core := slog.New(logs.NewProgressHandler(handler)).With("pid", os.Getpid())
+
+        globalLoggerMu.Lock()
+        globalLogFile = file
+        globalLogger = core
+        globalLoggerMu.Unlock()
+
+        return globalLogger, nil</span>
+}
+
+// GetLogger returns the global logger, initializing a no-op logger on first access.
+//
+// Documented calls inside:
+//   - globalLoggerOnce.Do(func() { ... })
+//     Ensures initialization runs only once.
+//   - NewNoOpLogger()
+//     Creates a logger that discards output if no global logger was set.
+//
+// Typical callers:
+// - any package code that needs access to the package-level logger.
+func GetLogger() *slog.Logger <span class="cov1" title="1">{
+        globalLoggerOnce.Do(func() </span><span class="cov1" title="1">{
+                if globalLogger == nil </span><span class="cov0" title="0">{
+                        globalLogger = NewNoOpLogger()
+                }</span>
+        })
+        <span class="cov1" title="1">return globalLogger</span>
+}
+
+// Close closes the active log file if one was opened.
+//
+// Documented calls inside:
+//   - globalLoggerMu.Lock()/Unlock()
+//     Protects access to globalLogFile.
+//   - globalLogFile.Close()
+//     Closes the underlying file and returns any error.
+//
+// Side-effects:
+// - sets globalLogFile to nil.
+// Typical callers:
+// - application shutdown code or tests that want to release file handles.
+func Close() error <span class="cov4" title="2">{
+        globalLoggerMu.Lock()
+        defer globalLoggerMu.Unlock()
+        if globalLogFile != nil </span><span class="cov4" title="2">{
+                err := globalLogFile.Close()
+
+                globalLogFile = nil
+                return err
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
+
+// NewNoOpLogger returns a logger that discards all output.
+//
+// Documented calls inside:
+//   - slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{Level: slog.LevelDebug})
+//     Creates a text handler writing to io.Discard.
+//   - slog.New(handler)
+//     Builds the logger.
+//
+// Typical callers:
+// - GetLogger on first access when no global logger was configured.
+// - tests that need a deterministic logger that produces no output.
+func NewNoOpLogger() *slog.Logger <span class="cov1" title="1">{
+        handler := slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{
+                Level: slog.LevelDebug,
+        })
+        return slog.New(logs.NewProgressHandler(handler))
+}</span>
+
+// resolveLogLevel determines the effective log level.
+//
+// Documented calls inside:
+//   - TraceEnabled()
+//     If trace is enabled, returns Debug level immediately.
+//   - readLogLevelFromGitConfig()
+//     Attempts to read configured level from git config; returns level and ok.
+//   - defaults to slog.LevelInfo when nothing else matches.
+//
+// Typical callers:
+// - NewLogger -&gt; used when creating slog.HandlerOptions.Level.
+func resolveLogLevel() slog.Level <span class="cov4" title="2">{
+        if TraceEnabled() </span><span class="cov0" title="0">{
+                return slog.LevelDebug
+        }</span>
+
+        <span class="cov4" title="2">level, ok := readLogLevelFromGitConfig()
+        if ok </span><span class="cov0" title="0">{
+                return level
+        }</span>
+
+        <span class="cov4" title="2">return slog.LevelInfo</span>
+}
+
+// readLogLevelFromGitConfig queries git configuration for a custom log level.
+//
+// Documented calls inside:
+//   - exec.Command("git", "config", "--get", "drs.loglevel")
+//     Constructs the command to query git config.
+//   - cmd.Output()
+//     Executes the command and returns raw output or an error.
+//   - strings.TrimSpace(string(output))
+//     Trims whitespace/newlines from git output.
+//   - parseLogLevel(value)
+//     Parses the trimmed value into a slog.Level.
+//
+// Behavior:
+// - On any error or empty output, returns (slog.LevelInfo, false) to indicate no valid config was found.
+// Typical callers:
+// - resolveLogLevel when initializing a logger.
+func readLogLevelFromGitConfig() (slog.Level, bool) <span class="cov4" title="2">{
+        val, err := gitrepo.GetGitConfigString("drs.loglevel")
+        if err != nil || val == "" </span><span class="cov4" title="2">{
+                return slog.LevelInfo, false
+        }</span>
+
+        <span class="cov0" title="0">parsed, ok := parseLogLevel(val)
+        if !ok </span><span class="cov0" title="0">{
+                return slog.LevelInfo, false
+        }</span>
+        <span class="cov0" title="0">return parsed, true</span>
+}
+
+// parseLogLevel maps textual level names to slog.Level.
+//
+// Documented calls inside:
+//   - strings.ToUpper(strings.TrimSpace(value))
+//     Normalizes the input for comparison.
+//   - switch on normalized value to return corresponding slog.Level constants.
+//
+// Typical callers:
+// - readLogLevelFromGitConfig
+// - resolveLogLevel indirectly.
+
+func parseLogLevel(value string) (slog.Level, bool) <span class="cov0" title="0">{
+        switch strings.ToUpper(strings.TrimSpace(value)) </span>{
+        case levelDebugStr:<span class="cov0" title="0">
+                return slog.LevelDebug, true</span>
+        case levelInfoStr:<span class="cov0" title="0">
+                return slog.LevelInfo, true</span>
+        case levelWarnStr, levelWarningStr:<span class="cov0" title="0">
+                return slog.LevelWarn, true</span>
+        case levelErrorStr:<span class="cov0" title="0">
+                return slog.LevelError, true</span>
+        default:<span class="cov0" title="0">
+                return slog.LevelDebug, false</span>
+        }
+}
+
+// replaceSourceAttr rewrites the slog.Source attr to a shorter path suitable for logs.
+//
+// Documented calls inside:
+//   - attr.Key comparison with slog.SourceKey
+//     Determines whether the attribute is the source attribute.
+//   - attr.Value.Any().(*slog.Source)
+//     Retrieves and type-asserts the attribute value to *slog.Source.
+//   - formatSourcePath(source.File)
+//     Formats the file path according to module or repo root heuristics.
+//   - attr.Value = slog.AnyValue(source)
+//     Replaces attribute value with modified source.
+//
+// Typical callers:
+// - passed as ReplaceAttr to slog.HandlerOptions in NewLogger.
+func replaceSourceAttr(_ []string, attr slog.Attr) slog.Attr <span class="cov10" title="6">{
+        if attr.Key != slog.SourceKey </span><span class="cov9" title="5">{
+                return attr
+        }</span>
+        <span class="cov1" title="1">source, ok := attr.Value.Any().(*slog.Source)
+        if !ok || source == nil </span><span class="cov0" title="0">{
+                return attr
+        }</span>
+        <span class="cov1" title="1">source.File = formatSourcePath(source.File)
+        attr.Value = slog.AnyValue(source)
+        return attr</span>
+}
+
+// formatSourcePath shortens file paths using module suffix or repo root heuristics.
+//
+// Documented calls inside:
+//   - filepath.ToSlash(path)
+//     Normalizes OS-specific separators to forward slashes.
+//   - modulePathSuffix()
+//     Gets the module path suffix (derived from build info).
+//   - strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
+//     Normalizes module suffix.
+//   - strings.Index(pathSlash, "/"+moduleSuffixSlash+"/")
+//     Searches for module suffix within the path to trim leading segments.
+//   - strings.HasPrefix(pathSlash, moduleSuffixSlash+"/")
+//     Handles case where path already starts with module suffix.
+//   - repoRootPath()
+//     Attempts to resolve the repository root (by locating go.mod).
+//   - strings.HasPrefix(pathSlash, repoRootSlash+"/")
+//     Trims repository-root prefix to produce a relative path.
+//   - filepath.ToSlash(filepath.Join(moduleSuffix, rel))
+//     Reconstructs path when combining module suffix and relative path.
+//
+// Typical callers:
+// - replaceSourceAttr when rewriting source file paths for log output.
+func formatSourcePath(path string) string <span class="cov1" title="1">{
+        pathSlash := filepath.ToSlash(path)
+        moduleSuffix := modulePathSuffix()
+        if moduleSuffix != "" </span><span class="cov1" title="1">{
+                moduleSuffixSlash := strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
+                if idx := strings.Index(pathSlash, "/"+moduleSuffixSlash+"/"); idx &gt;= 0 </span><span class="cov0" title="0">{
+                        return pathSlash[idx+1:]
+                }</span>
+                <span class="cov1" title="1">if strings.HasPrefix(pathSlash, moduleSuffixSlash+"/") </span><span class="cov0" title="0">{
+                        return pathSlash
+                }</span>
+        }
+        <span class="cov1" title="1">repoRoot := repoRootPath()
+        if repoRoot != "" </span><span class="cov1" title="1">{
+                repoRootSlash := filepath.ToSlash(repoRoot)
+                if strings.HasPrefix(pathSlash, repoRootSlash+"/") </span><span class="cov1" title="1">{
+                        rel := strings.TrimPrefix(pathSlash, repoRootSlash+"/")
+                        if moduleSuffix != "" </span><span class="cov1" title="1">{
+                                return filepath.ToSlash(filepath.Join(moduleSuffix, rel))
+                        }</span>
+                        <span class="cov0" title="0">return rel</span>
+                }
+        }
+        <span class="cov0" title="0">return pathSlash</span>
+}
+
+// modulePathSuffix returns the module path suffix derived from build info.
+//
+// Documented calls inside:
+//   - runtime/debug.ReadBuildInfo()
+//     Reads build info at runtime; used to extract Main.Path.
+//   - strings.Split(info.Main.Path, "/")
+//     Splits module path to drop the first element (typically hostname).
+//
+// Side-effects:
+// - caches computed value via modulePathSuffixOnce.
+// Typical callers:
+// - formatSourcePath to help shorten file paths.
+func modulePathSuffix() string <span class="cov1" title="1">{
+        modulePathSuffixOnce.Do(func() </span><span class="cov1" title="1">{
+                if info, ok := debug.ReadBuildInfo(); ok &amp;&amp; info.Main.Path != "" </span><span class="cov1" title="1">{
+                        parts := strings.Split(info.Main.Path, "/")
+                        if len(parts) &gt; 1 </span><span class="cov1" title="1">{
+                                modulePathSuffixValue = strings.Join(parts[1:], "/")
+                        }</span>
+                }
+        })
+        <span class="cov1" title="1">return modulePathSuffixValue</span>
+}
+
+// repoRootPath attempts to locate the repository root by searching for go.mod upward.
+//
+// Documented calls inside:
+//   - os.Getwd()
+//     Retrieves current working directory as a starting point.
+//   - os.Stat(filepath.Join(dir, "go.mod"))
+//     Checks for presence of go.mod in each directory while walking up.
+//   - filepath.Dir(dir)
+//     Moves up one directory level on each iteration.
+//
+// Side-effects:
+// - caches resolved repo root via repoRootOnce.
+// Typical callers:
+// - formatSourcePath when computing shorter file paths for logs.
+func repoRootPath() string <span class="cov1" title="1">{
+        repoRootOnce.Do(func() </span><span class="cov1" title="1">{
+                cwd, err := os.Getwd()
+                if err != nil </span><span class="cov0" title="0">{
+                        return
+                }</span>
+                <span class="cov1" title="1">dir := cwd
+                for </span><span class="cov6" title="3">{
+                        if _, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil </span><span class="cov1" title="1">{
+                                repoRootValue = dir
+                                return
+                        }</span>
+                        <span class="cov4" title="2">parent := filepath.Dir(dir)
+                        if parent == dir </span><span class="cov0" title="0">{
+                                return
+                        }</span>
+                        <span class="cov4" title="2">dir = parent</span>
+                }
+        })
+        <span class="cov1" title="1">return repoRootValue</span>
+}
+</pre>
+		
+		<pre class="file" id="file47" style="display: none">package drsmap
+
+import (
+        "fmt"
+        "log/slog"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/lfs"
+        "github.com/calypr/git-drs/internal/precommit_cache"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/google/uuid"
+)
+
+type WriteOptions struct {
+        Cache          *precommit_cache.Cache
+        PreferCacheURL bool
+        Logger         *slog.Logger
+}
 
-        <span class="cov4" title="2">rawClient, err := syclient.New(l.BaseURL, syclient.WithBasicAuth(cred.KeyID, cred.APIKey))
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.LfsFileInfo, opts WriteOptions) error <span class="cov6" title="3">{
+        if opts.Logger == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("logger is required")
         }</span>
-        <span class="cov4" title="2">reqClient, ok := rawClient.(interface{ Requestor() syrequest.Requester })
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not expose requestor")
+        <span class="cov6" title="3">opts.Logger.Debug("writing local DRS objects for LFS files")
+
+        if builder.Project == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("no project configured")
         }</span>
-        <span class="cov4" title="2">syfonClient, ok := rawClient.(syfonclient.SyfonClient)
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not implement syfonclient.SyfonClient")
+        <span class="cov6" title="3">if len(lfsFiles) == 0 </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        <span class="cov4" title="2">return &amp;GitContext{
-                Client:        syfonClient,
-                Requestor:     reqClient.Requestor(),
-                Organization:  l.GetOrganization(),
-                ProjectId:     projectID,
-                BucketName:    bucketName,
-                StoragePrefix: storagePrefix,
-                Logger:        logger,
-                Credential:    cred,
-        }, nil</span>
-}
+        <span class="cov6" title="3">for _, file := range lfsFiles </span><span class="cov6" title="3">{
+                var authoritativeObj *drsapi.DrsObject
+                existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
+                if err == nil &amp;&amp; existing != nil </span><span class="cov4" title="2">{
+                        authoritativeObj = existing
+                        name := file.Name
+                        authoritativeObj.Name = &amp;name
+                        authoritativeObj.Size = file.Size
+                        ensureControlledAccess(authoritativeObj, builder.Organization, builder.Project)
+                }</span> else<span class="cov1" title="1"> {
+                        drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
+                        authoritativeObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
+                        if err != nil </span><span class="cov0" title="0">{
+                                opts.Logger.Error(fmt.Sprintf("Could not build DRS object for %s OID %s %v", file.Name, file.Oid, err))
+                                continue</span>
+                        }
+                }
 
-func newGitContext(profileConfig syconf.Credential, remote Gen3Remote, logger *slog.Logger) (*GitContext, error) <span class="cov0" title="0">{
-        if _, err := url.Parse(profileConfig.APIEndpoint); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">projectID := remote.GetProjectId()
-        if projectID == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("no gen3 project specified")
-        }</span>
+                <span class="cov6" title="3">authoritativeURL := ""
+                if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 &amp;&amp; (*authoritativeObj.AccessMethods)[0].AccessUrl != nil </span><span class="cov4" title="2">{
+                        authoritativeURL = (*authoritativeObj.AccessMethods)[0].AccessUrl.Url
+                }</span>
 
-        <span class="cov0" title="0">scope, err := gitrepo.ResolveBucketScope(
-                remote.GetOrganization(),
-                projectID,
-                remote.GetBucketName(),
-                remote.GetStoragePrefix(),
-        )
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
+                <span class="cov6" title="3">var hint string
+                if opts.Cache != nil </span><span class="cov1" title="1">{
+                        externalURL, ok, err := opts.Cache.LookupExternalURLByOID(file.Oid)
+                        if err != nil </span><span class="cov0" title="0">{
+                                opts.Logger.Debug(fmt.Sprintf("cache lookup failed for %s: %v", file.Oid, err))
+                        }</span> else<span class="cov1" title="1"> if ok </span><span class="cov1" title="1">{
+                                hint = externalURL
+                        }</span>
+                }
 
-        <span class="cov0" title="0">rawClient, err := syclient.New(profileConfig.APIEndpoint, syclient.WithBearerToken(profileConfig.AccessToken))
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                <span class="cov6" title="3">if hint != "" </span><span class="cov1" title="1">{
+                        if err := precommit_cache.CheckExternalURLMismatch(hint, authoritativeURL); err != nil </span><span class="cov1" title="1">{
+                                opts.Logger.Warn(fmt.Sprintf("Warning. %s (path=%s oid=%s)", err.Error(), file.Name, file.Oid))
+                        }</span>
+                }
+
+                <span class="cov6" title="3">if opts.PreferCacheURL &amp;&amp; hint != "" </span><span class="cov1" title="1">{
+                        if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 </span><span class="cov1" title="1">{
+                                am := &amp;(*authoritativeObj.AccessMethods)[0]
+                                am.AccessUrl = &amp;struct {
+                                        Headers *[]string `json:"headers,omitempty"`
+                                        Url     string    `json:"url"`
+                                }{Url: hint}
+                        }</span> else<span class="cov0" title="0"> {
+                                newAm := drsapi.AccessMethod{
+                                        Type: drsapi.AccessMethodTypeS3,
+                                        AccessUrl: &amp;struct {
+                                                Headers *[]string `json:"headers,omitempty"`
+                                                Url     string    `json:"url"`
+                                        }{Url: hint},
+                                }
+                                authoritativeObj.AccessMethods = &amp;[]drsapi.AccessMethod{newAm}
+                        }</span>
+                        <span class="cov1" title="1">ensureControlledAccess(authoritativeObj, builder.Organization, builder.Project)</span>
+                }
+
+                <span class="cov6" title="3">if err := drsobject.WriteObject(common.DRS_OBJS_PATH, authoritativeObj, file.Oid); err != nil </span><span class="cov0" title="0">{
+                        opts.Logger.Error(fmt.Sprintf("could not write local DRS object for %s OID %s: %v", file.Name, file.Oid, err))
+                        continue</span>
+                }
+                <span class="cov6" title="3">opts.Logger.Info(fmt.Sprintf("Prepared File %s OID %s with DRS ID %s for commit", file.Name, file.Oid, authoritativeObj.Id))</span>
+        }
+
+        <span class="cov6" title="3">return nil</span>
+}
+
+func ensureControlledAccess(obj *drsapi.DrsObject, org, project string) <span class="cov6" title="3">{
+        if obj == nil </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov0" title="0">reqClient, ok := rawClient.(interface{ Requestor() syrequest.Requester })
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not expose requestor")
+        <span class="cov6" title="3">authzMap := syfoncommon.AuthzMapFromScope(org, project)
+        if len(authzMap) == 0 </span><span class="cov0" title="0">{
+                return
         }</span>
-        <span class="cov0" title="0">syfonClient, ok := rawClient.(syfonclient.SyfonClient)
-        if !ok </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("syfon client does not implement syfonclient.SyfonClient")
+        <span class="cov6" title="3">next := append([]string(nil), derefStringSlice(obj.ControlledAccess)...)
+        next = append(next, syfoncommon.AuthzMapToControlledAccess(authzMap)...)
+        normalized := syfoncommon.NormalizeAccessResources(next)
+        if len(normalized) == 0 </span><span class="cov0" title="0">{
+                return
         }</span>
+        <span class="cov6" title="3">obj.ControlledAccess = &amp;normalized</span>
+}
 
-        <span class="cov0" title="0">uploadConcurrency := int(gitrepo.GetGitConfigInt("lfs.concurrenttransfers", 4))
-        if uploadConcurrency &lt; 1 </span><span class="cov0" title="0">{
-                uploadConcurrency = 1
+func derefStringSlice(ptr *[]string) []string <span class="cov10" title="6">{
+        if ptr == nil </span><span class="cov1" title="1">{
+                return nil
         }</span>
-
-        <span class="cov0" title="0">return &amp;GitContext{
-                Client:             syfonClient,
-                Requestor:          reqClient.Requestor(),
-                ProjectId:          projectID,
-                BucketName:         scope.Bucket,
-                Organization:       remote.GetOrganization(),
-                StoragePrefix:      scope.Prefix,
-                Upsert:             gitrepo.GetGitConfigBool("drs.upsert", false),
-                MultiPartThreshold: int64(gitrepo.GetGitConfigInt("drs.multipart-threshold", 5120)) * 1024 * 1024,
-                UploadConcurrency:  uploadConcurrency,
-                Logger:             logger,
-                Credential:         &amp;profileConfig,
-        }, nil</span>
+        <span class="cov9" title="5">return append([]string(nil), (*ptr)...)</span>
 }
-
-func localRemoteFromGen3(gen3 *Gen3Remote, username string, password string) *LocalRemote <span class="cov0" title="0">{
-        return &amp;LocalRemote{
-                BaseURL:       gen3.Endpoint,
-                ProjectID:     gen3.ProjectID,
-                Bucket:        gen3.Bucket,
-                Organization:  gen3.Organization,
-                StoragePrefix: gen3.StoragePrefix,
-                BasicUsername: strings.TrimSpace(username),
-                BasicPassword: strings.TrimSpace(password),
-        }
-}</span>
 </pre>
 		
-		<pre class="file" id="file35" style="display: none">// go
-package drslog
+		<pre class="file" id="file48" style="display: none">package drsobject
 
 import (
-        "io"
-        "log/slog"
-        "os"
-        "path/filepath"
-        "runtime/debug"
-        "strconv"
+        "fmt"
+        "net/url"
         "strings"
-        "sync"
-
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/gitrepo"
 
-        "github.com/calypr/syfon/client/logs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        syfoncommon "github.com/calypr/syfon/common"
+        "github.com/google/uuid"
 )
 
-var globalLogger *slog.Logger
-var globalLogFile io.Closer
-var globalLoggerOnce sync.Once
-var globalLoggerMu sync.RWMutex
-var GIT_TRANSFER_TRACE int
-var modulePathSuffixOnce sync.Once
-var modulePathSuffixValue string
-var repoRootOnce sync.Once
-var repoRootValue string
+// UUIDNamespace is the legacy deterministic UUID namespace used to derive
+// local DRS IDs from "&lt;projectID&gt;:&lt;sha256&gt;". It intentionally uses the DNS
+// namespace UUID value because existing deployed git-drs records were generated
+// with this exact namespace. Do not change it without a DRS ID migration plan.
+var UUIDNamespace = uuid.MustParse("6ba7b810-9dad-11d1-80b4-00c04fd430c8")
 
-const (
-        levelDebugStr   = "DEBUG"
-        levelInfoStr    = "INFO"
-        levelWarnStr    = "WARN"
-        levelWarningStr = "WARNING"
-        levelErrorStr   = "ERROR"
-)
+func NormalizeChecksum(raw string) string <span class="cov10" title="2">{
+        raw = strings.TrimSpace(raw)
+        raw = strings.TrimPrefix(raw, "sha256:")
+        return strings.TrimSpace(raw)
+}</span>
 
-// init initializes package-level settings from the environment.
-//
-// Documented calls inside:
-//   - os.Getenv("GIT_TRANSFER_TRACE")
-//     Reads environment variable to optionally enable trace logging.
-//   - strconv.Atoi(envValue)
-//     Parses the numeric env value.
-//
-// Side-effects:
-// - sets package variable GIT_TRANSFER_TRACE.
-// Typical callers:
-// - runtime automatically invokes init(); no external callers needed.
-func init() <span class="cov1" title="1">{
-        GIT_TRANSFER_TRACE = 0
-        if envValue := os.Getenv("GIT_TRANSFER_TRACE"); envValue != "" </span><span class="cov0" title="0">{
-                if parsed, err := strconv.Atoi(envValue); err == nil </span><span class="cov0" title="0">{
-                        GIT_TRANSFER_TRACE = parsed
-                }</span>
-        }
+func NormalizeOid(raw string) string <span class="cov0" title="0">{
+        return NormalizeChecksum(raw)
+}</span>
+
+type Builder struct {
+        Bucket        string
+        Project       string
+        Organization  string
+        StoragePrefix string
+        Provider      string
+        AccessScheme  string
 }
 
-// TraceEnabled returns whether transfer trace logging is enabled.
-//
-// Documented calls inside:
-// - reads package variable GIT_TRANSFER_TRACE.
-// Typical callers:
-// - logging setup and callsites that want to be verbose only when trace is enabled.
-func TraceEnabled() bool <span class="cov4" title="2">{
-        return GIT_TRANSFER_TRACE == 1
+func NewBuilder(bucket, project string) Builder <span class="cov0" title="0">{
+        return Builder{Bucket: bucket, Project: project}
 }</span>
 
-// NewLogger creates and installs a global slog.Logger that writes to the specified file
-// and optionally to stderr. It is safe to call multiple times; the first successful call
-// establishes the global logger.
-//
-// Documented calls inside:
-//   - projectdir.DRS_DIR usage
-//     Uses projectdir.DRS_DIR to create log directory.
-//   - os.MkdirAll(projectdir.DRS_DIR, 0755)
-//     Ensures the directory exists; returns error on failure.
-//   - filepath.Join(projectdir.DRS_DIR, "git-drs.log")
-//     Constructs default filename when none provided.
-//   - os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
-//     Opens/creates the log file (returns *os.File).
-//   - io.MultiWriter(writers...)
-//     Combines file and optionally os.Stderr into a single Writer.
-//   - slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{...})
-//     Creates the text handler for slog that writes to the combined writer.
-//   - slog.New(handler).With("pid", os.Getpid())
-//     Builds the logger and attaches pid attribute.
-//   - globalLoggerMu.Lock()/Unlock()
-//     Protects globalLogFile and globalLogger assignment.
-//
-// Side-effects:
-// - sets package-level globalLogger and globalLogFile.
-// Typical callers:
-// - application startup code that wants to initialize logging (e.g. main).
-func NewLogger(filename string, logToStderr bool) (*slog.Logger, error) <span class="cov4" title="2">{
-        var writers []io.Writer
+func (b Builder) Build(fileName string, checksum string, size int64, drsID string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
+        prefix := strings.Trim(strings.TrimSpace(b.StoragePrefix), "/")
+        return BuildWithPrefix(fileName, checksum, size, drsID, b.Bucket, b.Organization, b.Project, prefix)
+}</span>
 
-        if filename == "" </span><span class="cov1" title="1">{
-                // create drs dir if it doesn't exist
-                if err := os.MkdirAll(common.DRS_DIR, 0755); err != nil </span><span class="cov0" title="0">{
-                        return nil, err
-                }</span>
+func BuildWithPrefix(fileName string, checksum string, size int64, drsID string, bucket string, org string, project string, prefix string) (*drsapi.DrsObject, error) <span class="cov0" title="0">{
+        return BuildWithOptions(fileName, checksum, size, drsID, LocationOptions{
+                Bucket:        bucket,
+                Organization:  org,
+                Project:       project,
+                StoragePrefix: prefix,
+        })
+}</span>
+
+func ConvertToCandidate(obj *drsapi.DrsObject) drsapi.DrsObjectCandidate <span class="cov0" title="0">{
+        if obj == nil </span><span class="cov0" title="0">{
+                return drsapi.DrsObjectCandidate{}
+        }</span>
+        <span class="cov0" title="0">return drsapi.DrsObjectCandidate{
+                AccessMethods:    obj.AccessMethods,
+                Aliases:          obj.Aliases,
+                Checksums:        obj.Checksums,
+                Contents:         obj.Contents,
+                ControlledAccess: obj.ControlledAccess,
+                Description:      obj.Description,
+                MimeType:         obj.MimeType,
+                Name:             obj.Name,
+                Size:             obj.Size,
+                Version:          obj.Version,
+        }</span>
+}
+
+type LocationOptions struct {
+        Bucket        string
+        Organization  string
+        Project       string
+        StoragePrefix string
+        Provider      string
+        AccessScheme  string
+}
 
-                <span class="cov1" title="1">filename = filepath.Join(common.DRS_DIR, "git-drs.log")</span>
+func BuildWithOptions(fileName string, checksum string, size int64, drsID string, opts LocationOptions) (*drsapi.DrsObject, error) <span class="cov10" title="2">{
+        checksum = NormalizeChecksum(checksum)
+        if checksum == "" </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("checksum is required")
+        }</span>
+
+        <span class="cov10" title="2">obj := &amp;drsapi.DrsObject{
+                Id:      drsID,
+                SelfUri: "drs://" + drsID,
+                Size:    size,
+                Name:    &amp;fileName,
+                Checksums: []drsapi.Checksum{
+                        {Type: "sha256", Checksum: checksum},
+                },
         }
 
-        <span class="cov4" title="2">file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+        if opts.Bucket == "" </span><span class="cov0" title="0">{
+                return obj, nil
+        }</span>
+
+        <span class="cov10" title="2">prefix := strings.Trim(strings.TrimSpace(opts.StoragePrefix), "/")
+
+        accessURL, methodType, err := BuildAccessURL(opts.Bucket, prefix, checksum, opts.Provider, opts.AccessScheme)
         if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
-        <span class="cov4" title="2">writers = append(writers, file)
 
-        if logToStderr </span><span class="cov0" title="0">{
-                writers = append(writers, os.Stderr)
+        <span class="cov10" title="2">am := drsapi.AccessMethod{
+                Type: drsapi.AccessMethodType(methodType),
+                AccessUrl: &amp;struct {
+                        Headers *[]string `json:"headers,omitempty"`
+                        Url     string    `json:"url"`
+                }{Url: accessURL},
+        }
+        ams := []drsapi.AccessMethod{am}
+        obj.AccessMethods = &amp;ams
+        if authzMap := syfoncommon.AuthzMapFromScope(opts.Organization, opts.Project); authzMap != nil </span><span class="cov10" title="2">{
+                controlled := syfoncommon.AuthzMapToControlledAccess(authzMap)
+                obj.ControlledAccess = &amp;controlled
         }</span>
+        <span class="cov10" title="2">return obj, nil</span>
+}
 
-        <span class="cov4" title="2">multiWriter := io.MultiWriter(writers...)
+func BuildAccessURL(bucket string, prefix string, key string, provider string, accessScheme string) (string, string, error) <span class="cov10" title="2">{
+        bucket = strings.TrimSpace(bucket)
+        key = strings.Trim(strings.TrimSpace(key), "/")
+        if bucket == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("bucket is required")
+        }</span>
+        <span class="cov10" title="2">if key == "" </span><span class="cov0" title="0">{
+                return "", "", fmt.Errorf("key is required")
+        }</span>
 
-        handler := slog.NewTextHandler(multiWriter, &amp;slog.HandlerOptions{
-                AddSource:   true,
-                Level:       resolveLogLevel(),
-                ReplaceAttr: replaceSourceAttr,
-        })
-        core := slog.New(logs.NewProgressHandler(handler)).With("pid", os.Getpid())
+        <span class="cov10" title="2">scheme := strings.TrimSuffix(strings.ToLower(strings.TrimSpace(accessScheme)), "://")
+        if scheme == "" </span><span class="cov10" title="2">{
+                scheme = schemeFromProvider(provider)
+        }</span>
 
-        globalLoggerMu.Lock()
-        globalLogFile = file
-        globalLogger = core
-        globalLoggerMu.Unlock()
+        <span class="cov10" title="2">if u, err := url.Parse(bucket); err == nil &amp;&amp; u.Scheme != "" </span><span class="cov0" title="0">{
+                scheme = strings.ToLower(u.Scheme)
+                bucket = u.Host
+                basePath := strings.Trim(u.Path, "/")
+                if basePath != "" </span><span class="cov0" title="0">{
+                        if prefix == "" </span><span class="cov0" title="0">{
+                                prefix = basePath
+                        }</span> else<span class="cov0" title="0"> {
+                                prefix = strings.Trim(basePath+"/"+strings.Trim(prefix, "/"), "/")
+                        }</span>
+                }
+        }
 
-        return globalLogger, nil</span>
+        <span class="cov10" title="2">if scheme == "" </span><span class="cov0" title="0">{
+                scheme = "s3"
+        }</span>
+        <span class="cov10" title="2">methodType := accessMethodTypeForScheme(scheme)
+        path := key
+        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
+        if prefix != "" </span><span class="cov1" title="1">{
+                path = prefix + "/" + key
+        }</span>
+        <span class="cov10" title="2">return fmt.Sprintf("%s://%s/%s", scheme, bucket, path), methodType, nil</span>
 }
 
-// GetLogger returns the global logger, initializing a no-op logger on first access.
-//
-// Documented calls inside:
-//   - globalLoggerOnce.Do(func() { ... })
-//     Ensures initialization runs only once.
-//   - NewNoOpLogger()
-//     Creates a logger that discards output if no global logger was set.
-//
-// Typical callers:
-// - any package code that needs access to the package-level logger.
-func GetLogger() *slog.Logger <span class="cov1" title="1">{
-        globalLoggerOnce.Do(func() </span><span class="cov1" title="1">{
-                if globalLogger == nil </span><span class="cov0" title="0">{
-                        globalLogger = NewNoOpLogger()
-                }</span>
-        })
-        <span class="cov1" title="1">return globalLogger</span>
+func schemeFromProvider(provider string) string <span class="cov10" title="2">{
+        switch strings.ToLower(strings.TrimSpace(provider)) </span>{
+        case "", "s3", "aws", "minio":<span class="cov10" title="2">
+                return "s3"</span>
+        case "gcs", "gcp", "google", "gs":<span class="cov0" title="0">
+                return "gs"</span>
+        case "azure", "azblob", "blob":<span class="cov0" title="0">
+                return "az"</span>
+        default:<span class="cov0" title="0">
+                return strings.TrimSuffix(strings.ToLower(strings.TrimSpace(provider)), "://")</span>
+        }
 }
 
-// Close closes the active log file if one was opened.
-//
-// Documented calls inside:
-//   - globalLoggerMu.Lock()/Unlock()
-//     Protects access to globalLogFile.
-//   - globalLogFile.Close()
-//     Closes the underlying file and returns any error.
-//
-// Side-effects:
-// - sets globalLogFile to nil.
-// Typical callers:
-// - application shutdown code or tests that want to release file handles.
-func Close() error <span class="cov4" title="2">{
-        globalLoggerMu.Lock()
-        defer globalLoggerMu.Unlock()
-        if globalLogFile != nil </span><span class="cov4" title="2">{
-                err := globalLogFile.Close()
-
-                globalLogFile = nil
-                return err
-        }</span>
-        <span class="cov0" title="0">return nil</span>
+func accessMethodTypeForScheme(scheme string) string <span class="cov10" title="2">{
+        switch strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://")) </span>{
+        case "gcs", "gs":<span class="cov0" title="0">
+                return string(drsapi.AccessMethodTypeGs)</span>
+        case "s3":<span class="cov10" title="2">
+                return string(drsapi.AccessMethodTypeS3)</span>
+        default:<span class="cov0" title="0">
+                return strings.ToLower(strings.TrimSuffix(strings.TrimSpace(scheme), "://"))</span>
+        }
 }
+</pre>
+		
+		<pre class="file" id="file49" style="display: none">package drsobject
 
-// NewNoOpLogger returns a logger that discards all output.
-//
-// Documented calls inside:
-//   - slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{Level: slog.LevelDebug})
-//     Creates a text handler writing to io.Discard.
-//   - slog.New(handler)
-//     Builds the logger.
-//
-// Typical callers:
-// - GetLogger on first access when no global logger was configured.
-// - tests that need a deterministic logger that produces no output.
-func NewNoOpLogger() *slog.Logger <span class="cov1" title="1">{
-        handler := slog.NewTextHandler(io.Discard, &amp;slog.HandlerOptions{
-                Level: slog.LevelDebug,
-        })
-        return slog.New(logs.NewProgressHandler(handler))
-}</span>
+import (
+        "fmt"
+        "os"
+        "path/filepath"
+        "strings"
 
-// resolveLogLevel determines the effective log level.
-//
-// Documented calls inside:
-//   - TraceEnabled()
-//     If trace is enabled, returns Debug level immediately.
-//   - readLogLevelFromGitConfig()
-//     Attempts to read configured level from git config; returns level and ok.
-//   - defaults to slog.LevelInfo when nothing else matches.
-//
-// Typical callers:
-// - NewLogger -&gt; used when creating slog.HandlerOptions.Level.
-func resolveLogLevel() slog.Level <span class="cov4" title="2">{
-        if TraceEnabled() </span><span class="cov0" title="0">{
-                return slog.LevelDebug
-        }</span>
+        "github.com/bytedance/sonic"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
 
-        <span class="cov4" title="2">level, ok := readLogLevelFromGitConfig()
-        if ok </span><span class="cov0" title="0">{
-                return level
+func objectPath(basePath string, oid string) (string, error) <span class="cov10" title="3">{
+        oid = strings.TrimPrefix(oid, "sha256:")
+        if len(oid) != 64 </span><span class="cov1" title="1">{
+                return "", fmt.Errorf("error: %s is not a valid sha256 hash", oid)
         }</span>
-
-        <span class="cov4" title="2">return slog.LevelInfo</span>
+        <span class="cov6" title="2">return filepath.Join(basePath, oid[:2], oid[2:4], oid), nil</span>
 }
 
-// readLogLevelFromGitConfig queries git configuration for a custom log level.
-//
-// Documented calls inside:
-//   - exec.Command("git", "config", "--get", "drs.loglevel")
-//     Constructs the command to query git config.
-//   - cmd.Output()
-//     Executes the command and returns raw output or an error.
-//   - strings.TrimSpace(string(output))
-//     Trims whitespace/newlines from git output.
-//   - parseLogLevel(value)
-//     Parses the trimmed value into a slog.Level.
-//
-// Behavior:
-// - On any error or empty output, returns (slog.LevelInfo, false) to indicate no valid config was found.
-// Typical callers:
-// - resolveLogLevel when initializing a logger.
-func readLogLevelFromGitConfig() (slog.Level, bool) <span class="cov4" title="2">{
-        val, err := gitrepo.GetGitConfigString("drs.loglevel")
-        if err != nil || val == "" </span><span class="cov4" title="2">{
-                return slog.LevelInfo, false
+func WriteObject(basePath string, drsObj *drsapi.DrsObject, oid string) error <span class="cov1" title="1">{
+        drsObjBytes, err := sonic.ConfigFastest.Marshal(drsObj)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error marshalling DRS object for oid %s: %v", oid, err)
         }</span>
 
-        <span class="cov0" title="0">parsed, ok := parseLogLevel(val)
-        if !ok </span><span class="cov0" title="0">{
-                return slog.LevelInfo, false
+        <span class="cov1" title="1">drsObjPath, err := objectPath(basePath, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov1" title="1">if err := os.MkdirAll(filepath.Dir(drsObjPath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error creating directory for %s: %v", drsObjPath, err)
         }</span>
-        <span class="cov0" title="0">return parsed, true</span>
-}
-
-// parseLogLevel maps textual level names to slog.Level.
-//
-// Documented calls inside:
-//   - strings.ToUpper(strings.TrimSpace(value))
-//     Normalizes the input for comparison.
-//   - switch on normalized value to return corresponding slog.Level constants.
-//
-// Typical callers:
-// - readLogLevelFromGitConfig
-// - resolveLogLevel indirectly.
 
-func parseLogLevel(value string) (slog.Level, bool) <span class="cov0" title="0">{
-        switch strings.ToUpper(strings.TrimSpace(value)) </span>{
-        case levelDebugStr:<span class="cov0" title="0">
-                return slog.LevelDebug, true</span>
-        case levelInfoStr:<span class="cov0" title="0">
-                return slog.LevelInfo, true</span>
-        case levelWarnStr, levelWarningStr:<span class="cov0" title="0">
-                return slog.LevelWarn, true</span>
-        case levelErrorStr:<span class="cov0" title="0">
-                return slog.LevelError, true</span>
-        default:<span class="cov0" title="0">
-                return slog.LevelDebug, false</span>
-        }
+        <span class="cov1" title="1">if err := os.WriteFile(drsObjPath, drsObjBytes, 0o644); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error writing %s: %v", drsObjPath, err)
+        }</span>
+        <span class="cov1" title="1">return nil</span>
 }
 
-// replaceSourceAttr rewrites the slog.Source attr to a shorter path suitable for logs.
-//
-// Documented calls inside:
-//   - attr.Key comparison with slog.SourceKey
-//     Determines whether the attribute is the source attribute.
-//   - attr.Value.Any().(*slog.Source)
-//     Retrieves and type-asserts the attribute value to *slog.Source.
-//   - formatSourcePath(source.File)
-//     Formats the file path according to module or repo root heuristics.
-//   - attr.Value = slog.AnyValue(source)
-//     Replaces attribute value with modified source.
-//
-// Typical callers:
-// - passed as ReplaceAttr to slog.HandlerOptions in NewLogger.
-func replaceSourceAttr(_ []string, attr slog.Attr) slog.Attr <span class="cov10" title="6">{
-        if attr.Key != slog.SourceKey </span><span class="cov9" title="5">{
-                return attr
+func ReadObject(basePath string, oid string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        path, err := objectPath(basePath, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error getting object path for oid %s: %v", oid, err)
+        }</span>
+
+        <span class="cov1" title="1">drsObjBytes, err := os.ReadFile(path)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error reading DRS object for oid %s: %v", oid, err)
         }</span>
-        <span class="cov1" title="1">source, ok := attr.Value.Any().(*slog.Source)
-        if !ok || source == nil </span><span class="cov0" title="0">{
-                return attr
+
+        <span class="cov1" title="1">var drsObject drsapi.DrsObject
+        if err := sonic.ConfigFastest.Unmarshal(drsObjBytes, &amp;drsObject); err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("error unmarshaling DRS object for oid %s: %v", oid, err)
         }</span>
-        <span class="cov1" title="1">source.File = formatSourcePath(source.File)
-        attr.Value = slog.AnyValue(source)
-        return attr</span>
-}
 
-// formatSourcePath shortens file paths using module suffix or repo root heuristics.
-//
-// Documented calls inside:
-//   - filepath.ToSlash(path)
-//     Normalizes OS-specific separators to forward slashes.
-//   - modulePathSuffix()
-//     Gets the module path suffix (derived from build info).
-//   - strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
-//     Normalizes module suffix.
-//   - strings.Index(pathSlash, "/"+moduleSuffixSlash+"/")
-//     Searches for module suffix within the path to trim leading segments.
-//   - strings.HasPrefix(pathSlash, moduleSuffixSlash+"/")
-//     Handles case where path already starts with module suffix.
-//   - repoRootPath()
-//     Attempts to resolve the repository root (by locating go.mod).
-//   - strings.HasPrefix(pathSlash, repoRootSlash+"/")
-//     Trims repository-root prefix to produce a relative path.
-//   - filepath.ToSlash(filepath.Join(moduleSuffix, rel))
-//     Reconstructs path when combining module suffix and relative path.
-//
-// Typical callers:
-// - replaceSourceAttr when rewriting source file paths for log output.
-func formatSourcePath(path string) string <span class="cov1" title="1">{
-        pathSlash := filepath.ToSlash(path)
-        moduleSuffix := modulePathSuffix()
-        if moduleSuffix != "" </span><span class="cov1" title="1">{
-                moduleSuffixSlash := strings.TrimPrefix(filepath.ToSlash(moduleSuffix), "/")
-                if idx := strings.Index(pathSlash, "/"+moduleSuffixSlash+"/"); idx &gt;= 0 </span><span class="cov0" title="0">{
-                        return pathSlash[idx+1:]
-                }</span>
-                <span class="cov1" title="1">if strings.HasPrefix(pathSlash, moduleSuffixSlash+"/") </span><span class="cov0" title="0">{
-                        return pathSlash
-                }</span>
-        }
-        <span class="cov1" title="1">repoRoot := repoRootPath()
-        if repoRoot != "" </span><span class="cov1" title="1">{
-                repoRootSlash := filepath.ToSlash(repoRoot)
-                if strings.HasPrefix(pathSlash, repoRootSlash+"/") </span><span class="cov1" title="1">{
-                        rel := strings.TrimPrefix(pathSlash, repoRootSlash+"/")
-                        if moduleSuffix != "" </span><span class="cov1" title="1">{
-                                return filepath.ToSlash(filepath.Join(moduleSuffix, rel))
-                        }</span>
-                        <span class="cov0" title="0">return rel</span>
-                }
-        }
-        <span class="cov0" title="0">return pathSlash</span>
+        <span class="cov1" title="1">return &amp;drsObject, nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file50" style="display: none">package drsremote
 
-// modulePathSuffix returns the module path suffix derived from build info.
-//
-// Documented calls inside:
-//   - runtime/debug.ReadBuildInfo()
-//     Reads build info at runtime; used to extract Main.Path.
-//   - strings.Split(info.Main.Path, "/")
-//     Splits module path to drop the first element (typically hostname).
-//
-// Side-effects:
-// - caches computed value via modulePathSuffixOnce.
-// Typical callers:
-// - formatSourcePath to help shorten file paths.
-func modulePathSuffix() string <span class="cov1" title="1">{
-        modulePathSuffixOnce.Do(func() </span><span class="cov1" title="1">{
-                if info, ok := debug.ReadBuildInfo(); ok &amp;&amp; info.Main.Path != "" </span><span class="cov1" title="1">{
-                        parts := strings.Split(info.Main.Path, "/")
-                        if len(parts) &gt; 1 </span><span class="cov1" title="1">{
-                                modulePathSuffixValue = strings.Join(parts[1:], "/")
-                        }</span>
+import (
+        "strings"
+
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+func bulkAccessRequest(objects []drsapi.DrsObject) (drsapi.BulkObjectAccessId, bool) <span class="cov8" title="1">{
+        req := drsapi.BulkObjectAccessId{}
+        items := make([]struct {
+                BulkAccessIds *[]string `json:"bulk_access_ids,omitempty"`
+                BulkObjectId  *string   `json:"bulk_object_id,omitempty"`
+        }, 0, len(objects))
+
+        for _, obj := range objects </span><span class="cov8" title="1">{
+                objectID := strings.TrimSpace(obj.Id)
+                accessID := accessIDForBulkRequest(obj)
+                if objectID == "" || accessID == "" </span><span class="cov0" title="0">{
+                        continue</span>
                 }
-        })
-        <span class="cov1" title="1">return modulePathSuffixValue</span>
+                <span class="cov8" title="1">objID := objectID
+                accessIDs := []string{accessID}
+                items = append(items, struct {
+                        BulkAccessIds *[]string `json:"bulk_access_ids,omitempty"`
+                        BulkObjectId  *string   `json:"bulk_object_id,omitempty"`
+                }{
+                        BulkAccessIds: &amp;accessIDs,
+                        BulkObjectId:  &amp;objID,
+                })</span>
+        }
+        <span class="cov8" title="1">if len(items) == 0 </span><span class="cov0" title="0">{
+                return req, false
+        }</span>
+        <span class="cov8" title="1">req.BulkObjectAccessIds = &amp;items
+        return req, true</span>
 }
 
-// repoRootPath attempts to locate the repository root by searching for go.mod upward.
-//
-// Documented calls inside:
-//   - os.Getwd()
-//     Retrieves current working directory as a starting point.
-//   - os.Stat(filepath.Join(dir, "go.mod"))
-//     Checks for presence of go.mod in each directory while walking up.
-//   - filepath.Dir(dir)
-//     Moves up one directory level on each iteration.
-//
-// Side-effects:
-// - caches resolved repo root via repoRootOnce.
-// Typical callers:
-// - formatSourcePath when computing shorter file paths for logs.
-func repoRootPath() string <span class="cov1" title="1">{
-        repoRootOnce.Do(func() </span><span class="cov1" title="1">{
-                cwd, err := os.Getwd()
-                if err != nil </span><span class="cov0" title="0">{
-                        return
+func accessIDForBulkRequest(obj drsapi.DrsObject) string <span class="cov8" title="1">{
+        if obj.AccessMethods == nil </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+        <span class="cov8" title="1">for _, method := range *obj.AccessMethods </span><span class="cov8" title="1">{
+                if method.AccessId != nil &amp;&amp; strings.TrimSpace(*method.AccessId) != "" </span><span class="cov8" title="1">{
+                        return strings.TrimSpace(*method.AccessId)
                 }</span>
-                <span class="cov1" title="1">dir := cwd
-                for </span><span class="cov6" title="3">{
-                        if _, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil </span><span class="cov1" title="1">{
-                                repoRootValue = dir
-                                return
-                        }</span>
-                        <span class="cov4" title="2">parent := filepath.Dir(dir)
-                        if parent == dir </span><span class="cov0" title="0">{
-                                return
-                        }</span>
-                        <span class="cov4" title="2">dir = parent</span>
-                }
-        })
-        <span class="cov1" title="1">return repoRootValue</span>
+        }
+        <span class="cov0" title="0">return ""</span>
 }
 </pre>
 		
-		<pre class="file" id="file36" style="display: none">package drslookup
+		<pre class="file" id="file51" style="display: none">package drsremote
 
 import (
         "context"
         "fmt"
+        "io"
+        "log/slog"
         "net/http"
-        "net/url"
+        "os"
+        "path/filepath"
         "strings"
 
-        "github.com/calypr/git-drs/internal/common"
         "github.com/calypr/git-drs/internal/config"
+        "github.com/calypr/git-drs/internal/drsobject"
         drsapi "github.com/calypr/syfon/apigen/client/drs"
+        "github.com/calypr/syfon/client/request"
+        "github.com/calypr/syfon/client/transfer"
+        sydownload "github.com/calypr/syfon/client/transfer/download"
 )
 
-func ObjectsByHash(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
-        if drsCtx == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
+func ObjectsByHash(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov4" title="2">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
                 return nil, fmt.Errorf("DRS client unavailable")
         }</span>
-        <span class="cov0" title="0">checksum = normalizeChecksum(checksum)
+        <span class="cov4" title="2">checksum = drsobject.NormalizeChecksum(checksum)
         if checksum == "" </span><span class="cov0" title="0">{
                 return nil, nil
         }</span>
-        <span class="cov0" title="0">var out drsapi.N200OkDrsObjects
-        path := "/ga4gh/drs/v1/objects/checksum/" + url.PathEscape(checksum)
-        if err := drsCtx.Requestor.Do(ctx, http.MethodGet, path, nil, &amp;out); err != nil </span><span class="cov0" title="0">{
+        <span class="cov4" title="2">page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, []string{checksum})
+        if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
-        <span class="cov0" title="0">if out.ResolvedDrsObject == nil </span><span class="cov0" title="0">{
-                return nil, nil
+        <span class="cov4" title="2">return page.DrsObjects, nil</span>
+}
+
+func ObjectsByHashes(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) <span class="cov1" title="1">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("DRS client unavailable")
+        }</span>
+        <span class="cov1" title="1">normalizedToOriginal := make(map[string]string, len(checksums))
+        queryChecksums := make([]string, 0, len(checksums))
+        for _, checksum := range checksums </span><span class="cov4" title="2">{
+                normalized := drsobject.NormalizeChecksum(checksum)
+                if normalized == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">if _, exists := normalizedToOriginal[normalized]; exists </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="2">normalizedToOriginal[normalized] = checksum
+                queryChecksums = append(queryChecksums, normalized)</span>
+        }
+        <span class="cov1" title="1">if len(queryChecksums) == 0 </span><span class="cov0" title="0">{
+                return map[string][]drsapi.DrsObject{}, nil
+        }</span>
+
+        <span class="cov1" title="1">page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, queryChecksums)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+
+        <span class="cov1" title="1">results := make(map[string][]drsapi.DrsObject, len(normalizedToOriginal))
+        for normalized, original := range normalizedToOriginal </span><span class="cov4" title="2">{
+                results[original] = nil
+                results[normalized] = nil
         }</span>
-        <span class="cov0" title="0">return *out.ResolvedDrsObject, nil</span>
+        <span class="cov1" title="1">for _, obj := range page.DrsObjects </span><span class="cov6" title="3">{
+                for _, checksum := range obj.Checksums </span><span class="cov6" title="3">{
+                        if checksum.Type == "" || checksum.Checksum == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="3">normalized := drsobject.NormalizeChecksum(fmt.Sprintf("%s:%s", checksum.Type, checksum.Checksum))
+                        if normalized == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="3">original, ok := normalizedToOriginal[normalized]
+                        if !ok </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov6" title="3">results[original] = append(results[original], obj)
+                        if original != normalized </span><span class="cov6" title="3">{
+                                results[normalized] = append(results[normalized], obj)
+                        }</span>
+                }
+        }
+
+        <span class="cov1" title="1">return results, nil</span>
 }
 
-func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov0" title="0">{
+func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) <span class="cov4" title="2">{
         objects, err := ObjectsByHash(ctx, drsCtx, checksum)
         if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
-        <span class="cov0" title="0">result := make([]drsapi.DrsObject, 0, len(objects))
-        for _, obj := range objects </span><span class="cov0" title="0">{
-                if MatchesScope(&amp;obj, drsCtx.Organization, drsCtx.ProjectId) </span><span class="cov0" title="0">{
+        <span class="cov4" title="2">result := make([]drsapi.DrsObject, 0, len(objects))
+        for _, obj := range objects </span><span class="cov7" title="4">{
+                if MatchesScope(&amp;obj, drsCtx.Organization, drsCtx.ProjectId) </span><span class="cov7" title="4">{
                         result = append(result, obj)
                 }</span>
         }
-        <span class="cov0" title="0">return result, nil</span>
+        <span class="cov4" title="2">return result, nil</span>
+}
+
+func ObjectsByHashesForScope(ctx context.Context, drsCtx *config.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) <span class="cov1" title="1">{
+        objectsByChecksum, err := ObjectsByHashes(ctx, drsCtx, checksums)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">results := make(map[string][]drsapi.DrsObject, len(objectsByChecksum))
+        for checksum, objects := range objectsByChecksum </span><span class="cov7" title="4">{
+                filtered := make([]drsapi.DrsObject, 0, len(objects))
+                for _, obj := range objects </span><span class="cov10" title="6">{
+                        if MatchesScope(&amp;obj, drsCtx.Organization, drsCtx.ProjectId) </span><span class="cov7" title="4">{
+                                filtered = append(filtered, obj)
+                        }</span>
+                }
+                <span class="cov7" title="4">results[checksum] = filtered</span>
+        }
+        <span class="cov1" title="1">return results, nil</span>
 }
 
-func AccessURLForHashScope(ctx context.Context, drsCtx *config.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) <span class="cov0" title="0">{
+func AccessURLForHashScope(ctx context.Context, drsCtx *config.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) <span class="cov1" title="1">{
         records, err := ObjectsByHashForScope(ctx, drsCtx, checksum)
         if err != nil </span><span class="cov0" title="0">{
                 return nil, nil, err
         }</span>
-        <span class="cov0" title="0">if len(records) == 0 </span><span class="cov0" title="0">{
-                return nil, nil, fmt.Errorf("no matching DRS record found for oid %s", normalizeChecksum(checksum))
+        <span class="cov1" title="1">if len(records) == 0 </span><span class="cov0" title="0">{
+                return nil, nil, fmt.Errorf("no matching DRS record found for oid %s", drsobject.NormalizeChecksum(checksum))
         }</span>
-        <span class="cov0" title="0">match := records[0]
+        <span class="cov1" title="1">match := records[0]
         if match.AccessMethods == nil || len(*match.AccessMethods) == 0 </span><span class="cov0" title="0">{
                 return nil, nil, fmt.Errorf("no access methods available for DRS object %s", match.Id)
         }</span>
-        <span class="cov0" title="0">accessType := (*match.AccessMethods)[0].Type
+        <span class="cov1" title="1">accessType := (*match.AccessMethods)[0].Type
         if accessType == "" </span><span class="cov0" title="0">{
                 return nil, nil, fmt.Errorf("no access type found in access method for DRS object %s", match.Id)
         }</span>
-        <span class="cov0" title="0">accessURL, err := drsCtx.Client.DRS().GetAccessURL(ctx, match.Id, string(accessType))
+        <span class="cov1" title="1">accessURL, err := drsCtx.Client.DRS().GetAccessURL(ctx, match.Id, string(accessType))
         if err != nil </span><span class="cov0" title="0">{
                 return nil, nil, err
         }</span>
-        <span class="cov0" title="0">return &amp;accessURL, &amp;match, nil</span>
+        <span class="cov1" title="1">return &amp;accessURL, &amp;match, nil</span>
 }
 
-func BulkAccessURLsForObjects(ctx context.Context, drsCtx *config.GitContext, objects []drsapi.DrsObject) (map[string]drsapi.AccessURL, error) <span class="cov8" title="1">{
-        if drsCtx == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
+func BulkAccessURLsForObjects(ctx context.Context, drsCtx *config.GitContext, objects []drsapi.DrsObject) (map[string]drsapi.AccessURL, error) <span class="cov1" title="1">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
                 return nil, fmt.Errorf("DRS client unavailable")
         }</span>
-
-        <span class="cov8" title="1">type bulkObjectAccessID struct {
-                BulkObjectID  string   `json:"bulk_object_id"`
-                BulkAccessIDs []string `json:"bulk_access_ids"`
-        }
-        req := struct {
-                BulkObjectAccessIDs []bulkObjectAccessID `json:"bulk_object_access_ids"`
-        }{}
-
-        for _, obj := range objects </span><span class="cov8" title="1">{
-                accessID := firstAccessID(obj)
-                if strings.TrimSpace(obj.Id) == "" || accessID == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov8" title="1">req.BulkObjectAccessIDs = append(req.BulkObjectAccessIDs, bulkObjectAccessID{
-                        BulkObjectID: strings.TrimSpace(obj.Id),
-                        BulkAccessIDs: []string{
-                                accessID,
-                        },
-                })</span>
-        }
-        <span class="cov8" title="1">if len(req.BulkObjectAccessIDs) == 0 </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">req, ok := bulkAccessRequest(objects)
+        if !ok </span><span class="cov0" title="0">{
                 return map[string]drsapi.AccessURL{}, nil
         }</span>
 
-        <span class="cov8" title="1">var resp struct {
-                ResolvedDrsObjectAccessURLs []drsapi.BulkAccessURL `json:"resolved_drs_object_access_urls"`
-        }
-        if err := drsCtx.Requestor.Do(ctx, http.MethodPost, "/ga4gh/drs/v1/objects/access", req, &amp;resp); err != nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">resp, err := drsCtx.Client.DRSAPI().GetBulkAccessURLWithResponse(ctx, req)
+        if err != nil </span><span class="cov0" title="0">{
                 return nil, err
         }</span>
+        <span class="cov1" title="1">if resp.JSON200 == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("unexpected response: %d", resp.StatusCode())
+        }</span>
 
-        <span class="cov8" title="1">out := make(map[string]drsapi.AccessURL, len(resp.ResolvedDrsObjectAccessURLs))
-        for _, resolved := range resp.ResolvedDrsObjectAccessURLs </span><span class="cov8" title="1">{
-                objectID := strings.TrimSpace(stringPtrValue(resolved.DrsObjectId))
-                if objectID == "" || strings.TrimSpace(resolved.Url) == "" </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">out := map[string]drsapi.AccessURL{}
+        if resp.JSON200.ResolvedDrsObjectAccessUrls == nil </span><span class="cov0" title="0">{
+                return out, nil
+        }</span>
+        <span class="cov1" title="1">for _, resolved := range *resp.JSON200.ResolvedDrsObjectAccessUrls </span><span class="cov1" title="1">{
+                if resolved.DrsObjectId == nil </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov8" title="1">out[objectID] = drsapi.AccessURL{
-                        Headers: resolved.Headers,
-                        Url:     resolved.Url,
-                }</span>
+                <span class="cov1" title="1">objectID := *resolved.DrsObjectId
+                if strings.TrimSpace(objectID) == "" || strings.TrimSpace(resolved.Url) == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">out[strings.TrimSpace(objectID)] = drsapi.AccessURL{Headers: resolved.Headers, Url: resolved.Url}</span>
         }
-        <span class="cov8" title="1">return out, nil</span>
+        <span class="cov1" title="1">return out, nil</span>
 }
 
-func firstAccessID(obj drsapi.DrsObject) string <span class="cov8" title="1">{
-        if obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 </span><span class="cov0" title="0">{
-                return ""
+// DownloadToCachePath downloads the DRS object identified by oid to cachePath
+// using the project-scoped URL resolution preferred by git-drs.
+func DownloadToCachePath(ctx context.Context, drsCtx *config.GitContext, logger *slog.Logger, oid, cachePath string) error <span class="cov0" title="0">{
+        _ = logger
+        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("mkdir for cache path: %w", err)
         }</span>
-        <span class="cov8" title="1">method := (*obj.AccessMethods)[0]
-        if method.AccessId != nil &amp;&amp; strings.TrimSpace(*method.AccessId) != "" </span><span class="cov8" title="1">{
-                return strings.TrimSpace(*method.AccessId)
+
+        <span class="cov0" title="0">accessURL, match, err := AccessURLForHashScope(ctx, drsCtx, oid)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov0" title="0">return strings.TrimSpace(string(method.Type))</span>
+        <span class="cov0" title="0">return downloadResolved(ctx, drsCtx, oid, cachePath, match, accessURL)</span>
 }
 
-func stringPtrValue(v *string) string <span class="cov8" title="1">{
-        if v == nil </span><span class="cov0" title="0">{
-                return ""
+func DownloadResolvedToCachePath(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error <span class="cov0" title="0">{
+        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("mkdir for cache path: %w", err)
+        }</span>
+        <span class="cov0" title="0">if obj == nil || accessURL == nil || accessURL.Url == "" </span><span class="cov0" title="0">{
+                return DownloadToCachePath(ctx, drsCtx, nil, oid, cachePath)
         }</span>
-        <span class="cov8" title="1">return *v</span>
+        <span class="cov0" title="0">return downloadResolved(ctx, drsCtx, oid, cachePath, obj, accessURL)</span>
 }
 
-func MatchesScope(obj *drsapi.DrsObject, organization, project string) bool <span class="cov0" title="0">{
-        if obj == nil || obj.AccessMethods == nil </span><span class="cov0" title="0">{
-                return false
+func DownloadResolvedToPath(ctx context.Context, drsCtx *config.GitContext, oid, dstPath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL, opts sydownload.DownloadOptions) error <span class="cov1" title="1">{
+        if drsCtx == nil || drsCtx.Client == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("DRS client unavailable")
         }</span>
-        <span class="cov0" title="0">for _, method := range *obj.AccessMethods </span><span class="cov0" title="0">{
-                if method.Authorizations == nil </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov0" title="0">if common.AuthzMatchesScope(*method.Authorizations, organization, project) </span><span class="cov0" title="0">{
-                        return true
+        <span class="cov1" title="1">if obj == nil || accessURL == nil || strings.TrimSpace(accessURL.Url) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("resolved DRS object and access URL are required")
+        }</span>
+        <span class="cov1" title="1">src := &amp;resolvedSource{
+                requestor:    drsCtx.Client.Requestor(),
+                accessURL:    strings.TrimSpace(accessURL.Url),
+                expectedSize: obj.Size,
+        }
+        return sydownload.DownloadToPathWithOptions(ctx, src, oid, dstPath, opts)</span>
+}
+
+func downloadResolved(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error <span class="cov0" title="0">{
+        return DownloadResolvedToPath(ctx, drsCtx, oid, cachePath, obj, accessURL, sydownload.DownloadOptions{
+                MultipartThreshold: 5 * 1024 * 1024,
+                Concurrency:        2,
+                ChunkSize:          64 * 1024 * 1024,
+        })
+}</span>
+
+type resolvedSource struct {
+        requestor    request.Requester
+        accessURL    string
+        expectedSize int64
+}
+
+func (s *resolvedSource) Name() string <span class="cov0" title="0">{
+        return "resolved-url"
+}</span>
+
+func (s *resolvedSource) Logger() transfer.TransferLogger <span class="cov0" title="0">{
+        return transfer.NoOpLogger{}
+}</span>
+
+func (s *resolvedSource) Stat(ctx context.Context, guid string) (*transfer.ObjectMetadata, error) <span class="cov1" title="1">{
+        return &amp;transfer.ObjectMetadata{
+                Size:         s.expectedSize,
+                AcceptRanges: s.expectedSize &gt; 0,
+                Provider:     "drs",
+        }, nil
+}</span>
+
+func (s *resolvedSource) GetReader(ctx context.Context, guid string) (io.ReadCloser, error) <span class="cov1" title="1">{
+        return s.download(ctx, nil, nil)
+}</span>
+
+func (s *resolvedSource) GetRangeReader(ctx context.Context, guid string, offset, length int64) (io.ReadCloser, error) <span class="cov1" title="1">{
+        if length &lt;= 0 </span><span class="cov0" title="0">{
+                return s.download(ctx, nil, nil)
+        }</span>
+        <span class="cov1" title="1">end := offset + length - 1
+        return s.download(ctx, &amp;offset, &amp;end)</span>
+}
+
+func (s *resolvedSource) download(ctx context.Context, start, end *int64) (io.ReadCloser, error) <span class="cov4" title="2">{
+        resp, err := transfer.GenericDownload(ctx, s.requestor, s.accessURL, start, end)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov4" title="2">if start != nil &amp;&amp; resp.StatusCode == http.StatusOK </span><span class="cov1" title="1">{
+                resp.Body.Close()
+                return nil, transfer.ErrRangeIgnored
+        }</span>
+        <span class="cov1" title="1">return resp.Body, nil</span>
+}
+</pre>
+		
+		<pre class="file" id="file52" style="display: none">package drsremote
+
+import (
+        "fmt"
+        "strings"
+
+        drscommon "github.com/calypr/git-drs/internal/common"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        syfoncommon "github.com/calypr/syfon/common"
+)
+
+func MatchesScope(obj *drsapi.DrsObject, organization, project string) bool <span class="cov10" title="13">{
+        return syfoncommon.DrsObjectMatchesScope(obj, organization, project)
+}</span>
+
+func FindMatchingRecord(records []drsapi.DrsObject, organization, projectID string) (*drsapi.DrsObject, error) <span class="cov5" title="4">{
+        if len(records) == 0 </span><span class="cov3" title="2">{
+                return nil, nil
+        }</span>
+
+        <span class="cov3" title="2">org, project := drscommon.ParseOrgProject(strings.TrimSpace(organization), strings.TrimSpace(projectID))
+        if org == "" </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("could not determine organization from inputs org=%q project=%q", organization, projectID)
+        }</span>
+
+        <span class="cov3" title="2">for _, record := range records </span><span class="cov4" title="3">{
+                if MatchesScope(&amp;record, org, project) </span><span class="cov1" title="1">{
+                        return &amp;record, nil
                 }</span>
         }
-        <span class="cov0" title="0">return false</span>
+        <span class="cov1" title="1">return nil, nil</span>
 }
-
-func normalizeChecksum(raw string) string <span class="cov0" title="0">{
-        raw = strings.TrimSpace(raw)
-        raw = strings.TrimPrefix(raw, "sha256:")
-        return strings.TrimSpace(raw)
-}</span>
 </pre>
 		
-		<pre class="file" id="file37" style="display: none">package drsmap
-
-// Utilities to map between Git LFS files and DRS objects
+		<pre class="file" id="file53" style="display: none">package drstrack
 
 import (
-        "bytes"
-        "context"
-        "errors"
+        "bufio"
         "fmt"
-        "log/slog"
         "os"
-        "os/exec"
         "path/filepath"
         "strings"
-
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslookup"
-        "github.com/calypr/git-drs/internal/lfs"
-        "github.com/calypr/git-drs/internal/precommit_cache"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
-        "github.com/google/uuid"
 )
 
-var drsUUIDNamespace = uuid.MustParse("6ba7b810-9dad-11d1-80b4-00c04fd430c8")
-
-// execCommand is a variable to allow mocking in tests
-var execCommandContext = exec.CommandContext
-
-func PushLocalDrsObjects(drsClient *config.GitContext, myLogger *slog.Logger) error <span class="cov0" title="0">{
-        // Gather all objects in .git/drs/lfs/objects store
-        drsLfsObjs, err := lfs.GetDrsLfsObjects(myLogger)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+// UpsertDRSRouteLines adds or updates .gitattributes lines of the form:
+//
+//        &lt;pattern&gt; drs.route=&lt;ro|rw&gt;
+func UpsertDRSRouteLines(gitattributesPath string, mode string, patterns []string) (changed bool, err error) <span class="cov8" title="3">{
+        mode = strings.ToLower(strings.TrimSpace(mode))
+        if mode != "ro" &amp;&amp; mode != "rw" </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("invalid mode %q", mode)
         }</span>
 
-        <span class="cov0" title="0">return SyncObjectsWithServer(drsClient, drsLfsObjs, myLogger)</span>
-}
-
-func SyncObjectsWithServer(drsClient *config.GitContext, drsObjects map[string]*drsapi.DrsObject, myLogger *slog.Logger) error <span class="cov0" title="0">{
-        if len(drsObjects) == 0 </span><span class="cov0" title="0">{
-                return nil
+        <span class="cov8" title="3">want := make(map[string]string, len(patterns))
+        order := make([]string, 0, len(patterns))
+        for _, p := range patterns </span><span class="cov8" title="3">{
+                p = strings.TrimSpace(p)
+                if p == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov8" title="3">if _, ok := want[p]; !ok </span><span class="cov8" title="3">{
+                        want[p] = p
+                        order = append(order, p)
+                }</span>
+        }
+        <span class="cov8" title="3">if len(order) == 0 </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("no patterns provided")
         }</span>
 
-        // 1. Bulk lookup all hashes on server.
-        <span class="cov0" title="0">hashes := make([]string, 0, len(drsObjects))
-        for h := range drsObjects </span><span class="cov0" title="0">{
-                hashes = append(hashes, h)
-        }</span>
-        <span class="cov0" title="0">bulkByHash := make(map[string][]drsapi.DrsObject, len(hashes))
-        for _, h := range hashes </span><span class="cov0" title="0">{
-                objects, err := drslookup.ObjectsByHash(context.Background(), drsClient, h)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("hash lookup failed for %s: %w", h, err)
-                }</span>
-                <span class="cov0" title="0">for _, obj := range objects </span><span class="cov0" title="0">{
-                        hInfo := hash.ConvertDrsChecksumsToHashInfo(obj.Checksums)
-                        if hInfo.SHA256 == "" </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov0" title="0">bulkByHash[hInfo.SHA256] = append(bulkByHash[hInfo.SHA256], obj)</span>
-                }
-        }
-
-        // 2. Identify missing records by hash.
-        <span class="cov0" title="0">missingRecords := make([]*drsapi.DrsObject, 0)
-        for h, localObj := range drsObjects </span><span class="cov0" title="0">{
-                foundOnServer := false
-                recs := bulkByHash[h]
-                if len(recs) &gt; 0 </span><span class="cov0" title="0">{
-                        // Check if any record matches our project.
-                        matched, _ := FindMatchingRecord(recs, drsClient.Organization, drsClient.ProjectId)
-                        foundOnServer = matched != nil
-                }</span>
-
-                <span class="cov0" title="0">if !foundOnServer </span><span class="cov0" title="0">{
-                        myLogger.Debug(fmt.Sprintf("Record missing on server for hash %s, adding to registration queue", h))
-                        missingRecords = append(missingRecords, localObj)
-                }</span>
-        }
-
-        // 3. Register missing records in one bulk request when possible.
-        <span class="cov0" title="0">if len(missingRecords) &gt; 0 </span><span class="cov0" title="0">{
-                myLogger.Info(fmt.Sprintf("Registering %d missing records", len(missingRecords)))
-                req := drsapi.RegisterObjectsJSONRequestBody{}
-                req.Candidates = make([]drsapi.DrsObjectCandidate, 0, len(missingRecords))
-                for _, obj := range missingRecords </span><span class="cov0" title="0">{
-                        candidate := drsapi.DrsObjectCandidate{
-                                AccessMethods: obj.AccessMethods,
-                                Aliases:       obj.Aliases,
-                                Checksums:     obj.Checksums,
-                                Contents:      obj.Contents,
-                                Description:   obj.Description,
-                                MimeType:      obj.MimeType,
-                                Name:          obj.Name,
-                                Size:          obj.Size,
-                                Version:       obj.Version,
-                        }
-                        req.Candidates = append(req.Candidates, candidate)
+        <span class="cov8" title="3">var lines []string
+        data, readErr := os.ReadFile(gitattributesPath)
+        if readErr == nil </span><span class="cov5" title="2">{
+                sc := bufio.NewScanner(strings.NewReader(string(data)))
+                for sc.Scan() </span><span class="cov8" title="3">{
+                        lines = append(lines, sc.Text())
                 }</span>
-                <span class="cov0" title="0">if _, err := drsClient.Client.DRS().RegisterObjects(context.Background(), req); err != nil </span><span class="cov0" title="0">{
-                        myLogger.Error(fmt.Sprintf("Failed to register records in bulk: %v", err))
-                        return fmt.Errorf("error in bulk registration: %v", err)
+                <span class="cov5" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
+                        return false, fmt.Errorf("read %s: %w", gitattributesPath, err)
                 }</span>
-        }
-
-        <span class="cov0" title="0">myLogger.Info(fmt.Sprintf("Successfully synced %d objects with server (registered %d new)", len(drsObjects), len(missingRecords)))
-        return nil</span>
-}
+        } else<span class="cov1" title="1"> if !os.IsNotExist(readErr) </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("read %s: %w", gitattributesPath, readErr)
+        }</span>
 
-func SyncFilesWithServer(drsClient *config.GitContext, lfsFiles map[string]lfs.LfsFileInfo, logger *slog.Logger) error <span class="cov0" title="0">{
-        objectsToSync := make(map[string]*drsapi.DrsObject)
-        for _, file := range lfsFiles </span><span class="cov0" title="0">{
-                obj, err := lfs.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-                if err == nil &amp;&amp; obj != nil </span><span class="cov0" title="0">{
-                        objectsToSync[file.Oid] = obj
+        <span class="cov8" title="3">seen := make(map[string]int)
+        for i, line := range lines </span><span class="cov8" title="3">{
+                pat, _, ok := parseRouteLine(line)
+                if ok </span><span class="cov5" title="2">{
+                        seen[pat] = i
                 }</span>
         }
-        <span class="cov0" title="0">return SyncObjectsWithServer(drsClient, objectsToSync, logger)</span>
-}
 
-func PullRemoteDrsObjects(drsClient *config.GitContext, logger *slog.Logger) error <span class="cov0" title="0">{
-        const pageSize = 1000
-        writtenObjs := 0
-        for pageNum := 1; ; pageNum++ </span><span class="cov0" title="0">{
-                page, err := drsClient.Client.DRS().ListObjectsByProject(context.Background(), drsClient.ProjectId, pageSize, pageNum)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">for _, obj := range page.DrsObjects </span><span class="cov0" title="0">{
-                        hashInfo := hash.ConvertDrsChecksumsToHashInfo(obj.Checksums)
-                        if hashInfo.SHA256 == "" </span><span class="cov0" title="0">{
-                                return fmt.Errorf("error: drs Object '%s' does not contain a sha256 checksum", obj.Id)
-                        }</span>
-                        <span class="cov0" title="0">oid := hashInfo.SHA256
-                        drsObjPath, err := GetObjectPath(common.DRS_OBJS_PATH, oid)
-                        if err != nil </span><span class="cov0" title="0">{
-                                return fmt.Errorf("error getting object path for oid %s: %v", oid, err)
+        <span class="cov8" title="3">for _, pat := range order </span><span class="cov8" title="3">{
+                newLine := fmt.Sprintf("%s drs.route=%s", pat, mode)
+                if idx, ok := seen[pat]; ok </span><span class="cov5" title="2">{
+                        if strings.TrimSpace(lines[idx]) != newLine </span><span class="cov1" title="1">{
+                                lines[idx] = newLine
+                                changed = true
                         }</span>
-                        <span class="cov0" title="0">if drsObjPath != "" &amp;&amp; oid != "" </span><span class="cov0" title="0">{
-                                writtenObjs++
-                                err = WriteDrsObj(&amp;obj, oid, drsObjPath)
-                                if err != nil </span><span class="cov0" title="0">{
-                                        return fmt.Errorf("error writing DRS object for oid %s: %v", oid, err)
-                                }</span>
-                        }
-                }
-                <span class="cov0" title="0">if len(page.DrsObjects) &lt; pageSize </span><span class="cov0" title="0">{
-                        break</span>
+                        <span class="cov5" title="2">continue</span>
                 }
+                <span class="cov1" title="1">lines = append(lines, newLine)
+                changed = true</span>
         }
-        <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Wrote %d new objs to object store", writtenObjs))
-        return nil</span>
-}
-func UpdateDrsObjects(builder common.ObjectBuilder, gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) error <span class="cov0" title="0">{
 
-        logger.Debug("Update to DRS objects started")
-
-        // get all lfs files
-        lfsFiles, err := lfs.GetAllLfsFiles(gitRemoteName, gitRemoteLocation, branches, logger)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error getting all LFS files: %v", err)
+        <span class="cov8" title="3">if !changed &amp;&amp; readErr == nil </span><span class="cov1" title="1">{
+                return false, nil
         }</span>
 
-        // get project
-        <span class="cov0" title="0">if builder.Project == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("no project configured")
+        <span class="cov5" title="2">if err := os.MkdirAll(filepath.Dir(gitattributesPath), 0o755); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("mkdir %s: %w", filepath.Dir(gitattributesPath), err)
         }</span>
 
-        <span class="cov0" title="0">return UpdateDrsObjectsWithFiles(builder, lfsFiles, UpdateOptions{Logger: logger})</span>
-}
-
-type UpdateOptions struct {
-        Cache          *precommit_cache.Cache
-        PreferCacheURL bool
-        Logger         *slog.Logger
+        <span class="cov5" title="2">out := strings.Join(lines, "\n")
+        if !strings.HasSuffix(out, "\n") </span><span class="cov5" title="2">{
+                out += "\n"
+        }</span>
+        <span class="cov5" title="2">if err := os.WriteFile(gitattributesPath, []byte(out), 0o644); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("write %s: %w", gitattributesPath, err)
+        }</span>
+        <span class="cov5" title="2">return true, nil</span>
 }
 
-func UpdateDrsObjectsWithFiles(builder common.ObjectBuilder, lfsFiles map[string]lfs.LfsFileInfo, opts UpdateOptions) error <span class="cov0" title="0">{
-        if opts.Logger == nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("logger is required")
+func parseRouteLine(line string) (pattern string, mode string, ok bool) <span class="cov10" title="4">{
+        s := strings.TrimSpace(line)
+        if s == "" || strings.HasPrefix(s, "#") </span><span class="cov1" title="1">{
+                return "", "", false
         }</span>
-        <span class="cov0" title="0">opts.Logger.Debug("Update to DRS objects started")
 
-        // get project
-        if builder.Project == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("no project configured")
-        }</span>
-        <span class="cov0" title="0">if len(lfsFiles) == 0 </span><span class="cov0" title="0">{
-                return nil
+        <span class="cov8" title="3">parts := strings.Fields(s)
+        if len(parts) &lt; 2 </span><span class="cov0" title="0">{
+                return "", "", false
         }</span>
 
-        <span class="cov0" title="0">for _, file := range lfsFiles </span><span class="cov0" title="0">{
-                var authoritativeObj *drsapi.DrsObject
-                existing, err := lfs.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-                if err == nil &amp;&amp; existing != nil </span><span class="cov0" title="0">{
-                        authoritativeObj = existing
-                        // Update basic info if necessary
-                        name := file.Name
-                        authoritativeObj.Name = &amp;name
-                        authoritativeObj.Size = file.Size
-
-                        // Ensure Authorizations are populated (backwards compatibility for old local records).
-                        // Existing access URLs are authoritative, especially for add-url records
-                        // that point to an already existing cloud object.
-                        authzMap := common.AuthzMapFromOrgProject(builder.Organization, builder.Project)
-                        if authoritativeObj.AccessMethods == nil </span><span class="cov0" title="0">{
-                                authoritativeObj.AccessMethods = &amp;[]drsapi.AccessMethod{}
-                        }</span>
-                        <span class="cov0" title="0">for i := range *authoritativeObj.AccessMethods </span><span class="cov0" title="0">{
-                                am := &amp;(*authoritativeObj.AccessMethods)[i]
-                                if am.Authorizations == nil || len(*am.Authorizations) == 0 </span><span class="cov0" title="0">{
-                                        if authzMap != nil </span><span class="cov0" title="0">{
-                                                am.Authorizations = &amp;authzMap
-                                        }</span>
-                                }
-                        }
-                } else<span class="cov0" title="0"> {
-                        drsID := DrsUUID(builder.Project, file.Oid)
-                        authoritativeObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
-                        if err != nil </span><span class="cov0" title="0">{
-                                opts.Logger.Error(fmt.Sprintf("Could not build DRS object for %s OID %s %v", file.Name, file.Oid, err))
-                                continue</span>
-                        }
-                }
-
-                <span class="cov0" title="0">authoritativeURL := ""
-                if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 &amp;&amp; (*authoritativeObj.AccessMethods)[0].AccessUrl != nil </span><span class="cov0" title="0">{
-                        authoritativeURL = (*authoritativeObj.AccessMethods)[0].AccessUrl.Url
-                }</span>
-
-                <span class="cov0" title="0">var hint string
-                if opts.Cache != nil </span><span class="cov0" title="0">{
-                        externalURL, ok, err := opts.Cache.LookupExternalURLByOID(file.Oid)
-                        if err != nil </span><span class="cov0" title="0">{
-                                opts.Logger.Debug(fmt.Sprintf("cache lookup failed for %s: %v", file.Oid, err))
-                        }</span> else<span class="cov0" title="0"> if ok </span><span class="cov0" title="0">{
-                                hint = externalURL
-                        }</span>
-                }
-
-                <span class="cov0" title="0">if hint != "" </span><span class="cov0" title="0">{
-                        if err := precommit_cache.CheckExternalURLMismatch(hint, authoritativeURL); err != nil </span><span class="cov0" title="0">{
-                                opts.Logger.Warn(fmt.Sprintf("Warning. %s (path=%s oid=%s)", err.Error(), file.Name, file.Oid))
-                                fmt.Fprintln(os.Stderr, "Warning.", err.Error())
+        <span class="cov8" title="3">pat := parts[0]
+        for _, tok := range parts[1:] </span><span class="cov8" title="3">{
+                if strings.HasPrefix(tok, "drs.route=") </span><span class="cov8" title="3">{
+                        val := strings.TrimPrefix(tok, "drs.route=")
+                        val = strings.ToLower(strings.TrimSpace(val))
+                        if val == "ro" || val == "rw" </span><span class="cov8" title="3">{
+                                return pat, val, true
                         }</span>
+                        <span class="cov0" title="0">return "", "", false</span>
                 }
-
-                <span class="cov0" title="0">if opts.PreferCacheURL &amp;&amp; hint != "" </span><span class="cov0" title="0">{
-                        cacheAuthzMap := common.AuthzMapFromOrgProject(builder.Organization, builder.Project)
-                        if authoritativeObj.AccessMethods != nil &amp;&amp; len(*authoritativeObj.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
-                                am := &amp;(*authoritativeObj.AccessMethods)[0]
-                                am.AccessUrl = &amp;struct {
-                                        Headers *[]string `json:"headers,omitempty"`
-                                        Url     string    `json:"url"`
-                                }{Url: hint}
-                                if cacheAuthzMap != nil </span><span class="cov0" title="0">{
-                                        am.Authorizations = &amp;cacheAuthzMap
-                                }</span>
-                        } else<span class="cov0" title="0"> {
-                                newAm := drsapi.AccessMethod{
-                                        Type: drsapi.AccessMethodTypeS3,
-                                        AccessUrl: &amp;struct {
-                                                Headers *[]string `json:"headers,omitempty"`
-                                                Url     string    `json:"url"`
-                                        }{Url: hint},
-                                }
-                                if cacheAuthzMap != nil </span><span class="cov0" title="0">{
-                                        newAm.Authorizations = &amp;cacheAuthzMap
-                                }</span>
-                                <span class="cov0" title="0">authoritativeObj.AccessMethods = &amp;[]drsapi.AccessMethod{newAm}</span>
-                        }
-                }
-
-                <span class="cov0" title="0">if err := lfs.WriteObject(common.DRS_OBJS_PATH, authoritativeObj, file.Oid); err != nil </span><span class="cov0" title="0">{
-                        opts.Logger.Error(fmt.Sprintf("Could not WriteDrsFile for %s OID %s %v", file.Name, file.Oid, err))
-                        continue</span>
-                }
-                <span class="cov0" title="0">opts.Logger.Info(fmt.Sprintf("Prepared File %s OID %s with DRS ID %s for commit", file.Name, file.Oid, authoritativeObj.Id))</span>
         }
-
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov0" title="0">return "", "", false</span>
 }
+</pre>
+		
+		<pre class="file" id="file54" style="display: none">package drstrack
 
-// WriteDrsFile creates drsObject record from LFS file info
-func WriteDrsFile(builder common.ObjectBuilder, file lfs.LfsFileInfo, objectPath *string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
-
-        // determine drs object path: use provided objectPath if non-nil/non-empty, otherwise compute default
+import (
+        "bufio"
+        "bytes"
+        "context"
+        "fmt"
+        "os"
+        "path/filepath"
+        "runtime"
+        "strings"
 
-        // if file is in cache, hasn't been committed to git or pushed to DRS server
-        // create a local DRS object for it
-        // TODO: determine git to gen3 project hierarchy mapping (eg repo name to project ID)
-        // If objectPath is provided, we use it. Otherwise compute default.
-        existing, err := lfs.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-        var drsObj *drsapi.DrsObject
-        if err == nil &amp;&amp; existing != nil </span><span class="cov0" title="0">{
-                drsObj = existing
-                name := file.Name
-                drsObj.Name = &amp;name
-                drsObj.Size = file.Size
-        }</span> else<span class="cov1" title="1"> {
-                drsId := DrsUUID(builder.Project, file.Oid)
-                drsObj, err = builder.Build(file.Name, file.Oid, file.Size, drsId)
-                if err != nil </span><span class="cov0" title="0">{
-                        return nil, fmt.Errorf("error building DRS object for oid %s: %v", file.Oid, err)
-                }</span>
-        }
+        "github.com/calypr/git-drs/internal/gitrepo"
+)
 
-        <span class="cov1" title="1">if objectPath != nil &amp;&amp; *objectPath != "" </span><span class="cov0" title="0">{
-                if drsObj.AccessMethods != nil &amp;&amp; len(*drsObj.AccessMethods) &gt; 0 </span><span class="cov0" title="0">{
-                        am := &amp;(*drsObj.AccessMethods)[0]
-                        am.AccessUrl = &amp;struct {
-                                Headers *[]string `json:"headers,omitempty"`
-                                Url     string    `json:"url"`
-                        }{Url: *objectPath}
-                }</span> else<span class="cov0" title="0"> {
-                        ams := []drsapi.AccessMethod{
-                                {
-                                        Type: drsapi.AccessMethodTypeS3,
-                                        AccessUrl: &amp;struct {
-                                                Headers *[]string `json:"headers,omitempty"`
-                                                Url     string    `json:"url"`
-                                        }{Url: *objectPath},
-                                },
-                        }
-                        drsObj.AccessMethods = &amp;ams
-                }</span>
-        }
+func TrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
+        _ = ctx
+        changedAttribLines := make(map[string]string, len(patterns))
+        var output strings.Builder
 
-        // write drs objects to DRS_OBJS_PATH
-        <span class="cov1" title="1">err = lfs.WriteObject(common.DRS_OBJS_PATH, drsObj, file.Oid)
+        attribContents, err := readLocalGitAttributes()
         if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error writing DRS object for oid %s: %v", file.Oid, err)
+                return "", fmt.Errorf("git drs track failed: %w", err)
         }</span>
-        <span class="cov1" title="1">return drsObj, nil</span>
-}
 
-func WriteDrsObj(drsObj *drsapi.DrsObject, oid string, drsObjPath string) error <span class="cov1" title="1">{
-        basePath := filepath.Dir(filepath.Dir(filepath.Dir(drsObjPath)))
-        return lfs.WriteObject(basePath, drsObj, oid)
-}</span>
+        <span class="cov3" title="2">knownPatterns := parseKnownLFSPatterns(attribContents)
 
-func DrsUUID(projectId string, hash string) string <span class="cov10" title="5">{
-        // normalize hash - strip sha256: prefix if present
-        hash = strings.TrimPrefix(hash, "sha256:")
+        for _, unsanitizedPattern := range patterns </span><span class="cov4" title="3">{
+                pattern := trimCurrentPrefix(cleanRootPath(unsanitizedPattern))
+                encodedArg := escapeAttrPattern(pattern)
 
-        // create UUID based on project ID and hash
-        hashStr := fmt.Sprintf("%s:%s", projectId, hash)
-        return uuid.NewSHA1(drsUUIDNamespace, []byte(hashStr)).String()
-}</span>
+                if knownLine, ok := knownPatterns[pattern]; ok </span><span class="cov0" title="0">{
+                        if strings.Contains(knownLine, "filter=drs") &amp;&amp; strings.Contains(knownLine, "diff=drs") &amp;&amp; strings.Contains(knownLine, "merge=drs") &amp;&amp; strings.Contains(knownLine, "-text") </span><span class="cov0" title="0">{
+                                output.WriteString(fmt.Sprintf("%q already supported\n", pattern))
+                                continue</span>
+                        }
+                }
 
-// creates drsObject record from file
-func DrsInfoFromOid(oid string) (*drsapi.DrsObject, error) <span class="cov4" title="2">{
-        return lfs.ReadObject(common.DRS_OBJS_PATH, oid)
-}</span>
+                <span class="cov4" title="3">changedAttribLines[pattern] = fmt.Sprintf("%s filter=drs diff=drs merge=drs -text", encodedArg)
+                output.WriteString(fmt.Sprintf("Tracking %q\n", unescapeAttrPattern(encodedArg)))
 
-func GetObjectPath(basePath string, oid string) (string, error) <span class="cov7" title="3">{
-        return lfs.ObjectPath(basePath, oid)
-}</span>
+                if verbose </span><span class="cov0" title="0">{
+                        output.WriteString(fmt.Sprintf("Searching for files matching pattern: %s\n", pattern))
+                        output.WriteString(fmt.Sprintf("Found %d files previously added to Git matching pattern: %s\n", 0, pattern))
+                }</span>
+        }
 
-// CreateCustomPath creates a custom path based on the DRS URI
-// For example, DRS URI drs://&lt;namespace&gt;:&lt;drs_id&gt;
-// create custom path &lt;baseDir&gt;/&lt;namespace&gt;/&lt;drs_id&gt;
-func CreateCustomPath(baseDir, drsURI string) (string, error) <span class="cov0" title="0">{
-        const prefix = "drs://"
-        if len(drsURI) &lt;= len(prefix) || drsURI[:len(prefix)] != prefix </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("invalid DRS URI: %s", drsURI)
-        }</span>
-        <span class="cov0" title="0">rest := drsURI[len(prefix):]
-
-        // Split by first colon
-        colonIdx := -1
-        for i, c := range rest </span><span class="cov0" title="0">{
-                if c == ':' </span><span class="cov0" title="0">{
-                        colonIdx = i
-                        break</span>
-                }
+        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
+                if err := writeMergedGitAttributes(attribContents, changedAttribLines, false); err != nil </span><span class="cov0" title="0">{
+                        return "", fmt.Errorf("git drs track failed: %w", err)
+                }</span>
         }
-        <span class="cov0" title="0">if colonIdx == -1 </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("DRS URI missing colon: %s", drsURI)
-        }</span>
-        <span class="cov0" title="0">namespace := rest[:colonIdx]
-        drsId := rest[colonIdx+1:]
-        return filepath.Join(baseDir, namespace, drsId), nil</span>
+
+        <span class="cov3" title="2">return output.String(), nil</span>
 }
 
-// FindMatchingRecord finds a record from the list that matches the given project ID authz.
-// If no matching record is found return nil.
-func FindMatchingRecord(records []drsapi.DrsObject, organization, projectId string) (*drsapi.DrsObject, error) <span class="cov8" title="4">{
-        if len(records) == 0 </span><span class="cov4" title="2">{
-                return nil, nil
-        }</span>
+func ListTrackedPatterns(ctx context.Context, verbose bool) (string, error) <span class="cov1" title="1">{
+        _ = ctx
+        _ = verbose
 
-        <span class="cov4" title="2">org, project := common.ParseOrgProject(organization, projectId)
-        if org == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("could not determine organization from inputs org=%q project=%q", organization, projectId)
+        attribContents, err := readLocalGitAttributes()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git drs track failed: %w", err)
         }</span>
 
-        <span class="cov4" title="2">for _, record := range records </span><span class="cov7" title="3">{
-                if record.AccessMethods == nil </span><span class="cov0" title="0">{
+        <span class="cov1" title="1">scanner := bufio.NewScanner(bytes.NewReader(attribContents))
+        var patterns []string
+        for scanner.Scan() </span><span class="cov3" title="2">{
+                line := scanner.Text()
+                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov7" title="3">for _, access := range *record.AccessMethods </span><span class="cov7" title="3">{
-                        if access.Authorizations == nil || len(*access.Authorizations) == 0 </span><span class="cov0" title="0">{
-                                continue</span>
-                        }
-                        <span class="cov7" title="3">if common.AuthzMatchesScope(*access.Authorizations, org, project) </span><span class="cov1" title="1">{
-                                return &amp;record, nil
-                        }</span>
+                <span class="cov3" title="2">fields := strings.Fields(line)
+                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                        continue</span>
                 }
+                <span class="cov3" title="2">patterns = append(patterns, unescapeAttrPattern(fields[0]))</span>
         }
-        <span class="cov1" title="1">return nil, nil</span>
-}
-
-// output of git lfs ls-files
-type LfsLsOutput struct {
-        Files []lfs.LfsFileInfo `json:"files"`
-}
-
-type LfsDryRunSpec struct {
-        Remote string // e.g. "origin"
-        Ref    string // e.g. "refs/heads/main" or "HEAD"
-}
-
-// RunLfsPushDryRun executes: git lfs push --dry-run &lt;remote&gt; &lt;ref&gt;
-func RunLfsPushDryRun(ctx context.Context, repoDir string, spec LfsDryRunSpec, logger *slog.Logger) (string, error) <span class="cov0" title="0">{
-        if spec.Remote == "" || spec.Ref == "" </span><span class="cov0" title="0">{
-                return "", errors.New("missing remote or ref")
+        <span class="cov1" title="1">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git drs track failed: parse .gitattributes: %w", err)
         }</span>
 
-        // Debug-print the command to stderr
-        <span class="cov0" title="0">fullCmd := []string{"git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref}
-        logger.Debug(fmt.Sprintf("running command: %v", fullCmd))
-
-        cmd := execCommandContext(ctx, "git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref)
-        cmd.Dir = repoDir
-
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
+        <span class="cov1" title="1">if len(patterns) == 0 </span><span class="cov0" title="0">{
+                return "", nil
+        }</span>
 
-        err := cmd.Run()
-        out := stdout.String()
-        if err != nil </span><span class="cov0" title="0">{
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
-                }</span>
-                <span class="cov0" title="0">return out, fmt.Errorf("git lfs push --dry-run failed: %s", msg)</span>
-        }
-        <span class="cov0" title="0">return out, nil</span>
+        <span class="cov1" title="1">var out strings.Builder
+        out.WriteString("Listing tracked patterns\n")
+        for _, p := range patterns </span><span class="cov3" title="2">{
+                out.WriteString(fmt.Sprintf("    %s (.gitattributes)\n", p))
+        }</span>
+        <span class="cov1" title="1">return out.String(), nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file38" style="display: none">package gitrepo
 
-import (
-        "fmt"
-        "regexp"
-        "strings"
-)
+func UntrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
+        _ = ctx
+        _ = verbose
 
-type BucketMapping struct {
-        Bucket string
-        Prefix string
-}
+        attribContents, err := readLocalGitAttributes()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git drs untrack failed: %w", err)
+        }</span>
+        <span class="cov3" title="2">if len(attribContents) == 0 </span><span class="cov0" title="0">{
+                return "", nil
+        }</span>
 
-var bucketMapKeyPartSanitizer = regexp.MustCompile(`[^a-z0-9_-]+`)
+        <span class="cov3" title="2">removeSet := make(map[string]struct{}, len(patterns))
+        for _, p := range patterns </span><span class="cov3" title="2">{
+                escaped := escapeAttrPattern(trimCurrentPrefix(p))
+                removeSet[escaped] = struct{}{}
+        }</span>
 
-func normalizeBucketMapKeyPart(v string) string <span class="cov10" title="61">{
-        v = strings.ToLower(strings.TrimSpace(v))
-        v = strings.ReplaceAll(v, ".", "_")
-        v = bucketMapKeyPartSanitizer.ReplaceAllString(v, "_")
-        v = strings.Trim(v, "_")
-        return v
-}</span>
+        <span class="cov3" title="2">var out strings.Builder
+        var keptLines []string
+        scanner := bufio.NewScanner(bytes.NewReader(attribContents))
+        for scanner.Scan() </span><span class="cov4" title="3">{
+                line := scanner.Text()
+                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
+                        keptLines = append(keptLines, line)
+                        continue</span>
+                }
 
-func orgBucketKey(org, field string) string <span class="cov7" title="23">{
-        return fmt.Sprintf("drs.bucketmap.orgs.%s.%s", normalizeBucketMapKeyPart(org), field)
-}</span>
+                <span class="cov4" title="3">fields := strings.Fields(line)
+                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                        keptLines = append(keptLines, line)
+                        continue</span>
+                }
 
-func projectBucketKey(org, project, field string) string <span class="cov7" title="19">{
-        return fmt.Sprintf("drs.bucketmap.projects.%s.%s.%s", normalizeBucketMapKeyPart(org), normalizeBucketMapKeyPart(project), field)
-}</span>
+                <span class="cov4" title="3">path := trimCurrentPrefix(fields[0])
+                if _, ok := removeSet[path]; ok </span><span class="cov3" title="2">{
+                        out.WriteString(fmt.Sprintf("Untracking %q\n", unescapeAttrPattern(path)))
+                        continue</span>
+                }
 
-func SetBucketMapping(org, project, bucket, prefix string) error <span class="cov6" title="10">{
-        org = strings.TrimSpace(org)
-        project = strings.TrimSpace(project)
-        bucket = strings.TrimSpace(bucket)
-        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
-        if org == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("organization is required")
-        }</span>
-        <span class="cov6" title="10">if bucket == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("bucket is required")
+                <span class="cov1" title="1">keptLines = append(keptLines, line)</span>
+        }
+        <span class="cov3" title="2">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git lfs untrack failed: parse .gitattributes: %w", err)
         }</span>
 
-        <span class="cov6" title="10">configs := map[string]string{}
-        prefixKey := ""
-        if project != "" </span><span class="cov4" title="4">{
-                configs[projectBucketKey(org, project, "bucket")] = bucket
-                prefixKey = projectBucketKey(org, project, "prefix")
-                if prefix != "" </span><span class="cov3" title="3">{
-                        configs[prefixKey] = prefix
+        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
+                content := strings.Join(keptLines, "\n")
+                if content != "" </span><span class="cov1" title="1">{
+                        content += "\n"
                 }</span>
-        } else<span class="cov4" title="6"> {
-                configs[orgBucketKey(org, "bucket")] = bucket
-                prefixKey = orgBucketKey(org, "prefix")
-                if prefix != "" </span><span class="cov4" title="4">{
-                        configs[prefixKey] = prefix
+                <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
+                        return "", fmt.Errorf("git lfs untrack failed: write .gitattributes: %w", err)
                 }</span>
         }
-        <span class="cov6" title="10">if err := SetGitConfigOptions(configs); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov6" title="10">if prefix == "" &amp;&amp; prefixKey != "" </span><span class="cov3" title="3">{
-                return UnsetGitConfigOptions([]string{prefixKey})
-        }</span>
-        <span class="cov5" title="7">return nil</span>
+
+        <span class="cov3" title="2">return out.String(), nil</span>
 }
 
-func GetBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov5" title="8">{
-        org = strings.TrimSpace(org)
-        project = strings.TrimSpace(project)
-        if org == "" </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, nil
+func readLocalGitAttributes() ([]byte, error) <span class="cov6" title="5">{
+        data, err := os.ReadFile(".gitattributes")
+        if err != nil </span><span class="cov3" title="2">{
+                if os.IsNotExist(err) </span><span class="cov3" title="2">{
+                        return nil, nil
+                }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("read .gitattributes: %w", err)</span>
+        }
+        <span class="cov4" title="3">return data, nil</span>
+}
+
+func parseKnownLFSPatterns(content []byte) map[string]string <span class="cov3" title="2">{
+        known := make(map[string]string)
+        scanner := bufio.NewScanner(bytes.NewReader(content))
+        for scanner.Scan() </span><span class="cov0" title="0">{
+                line := scanner.Text()
+                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">fields := strings.Fields(line)
+                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">known[unescapeAttrPattern(fields[0])] = line</span>
+        }
+        <span class="cov3" title="2">return known</span>
+}
+
+func writeMergedGitAttributes(existing []byte, changed map[string]string, dryRun bool) error <span class="cov1" title="1">{
+        if dryRun </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        // Project-specific mapping takes precedence.
-        <span class="cov5" title="8">if project != "" </span><span class="cov4" title="4">{
-                bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
-                if err != nil </span><span class="cov0" title="0">{
-                        return BucketMapping{}, false, err
-                }</span>
-                <span class="cov4" title="4">if strings.TrimSpace(bucket) != "" </span><span class="cov2" title="2">{
-                        prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
-                        if err != nil </span><span class="cov0" title="0">{
-                                return BucketMapping{}, false, err
-                        }</span>
-                        <span class="cov2" title="2">return BucketMapping{
-                                Bucket: strings.TrimSpace(bucket),
-                                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
-                        }, true, nil</span>
+        <span class="cov1" title="1">var merged []string
+        if len(existing) &gt; 0 </span><span class="cov0" title="0">{
+                scanner := bufio.NewScanner(bytes.NewReader(existing))
+                for scanner.Scan() </span><span class="cov0" title="0">{
+                        line := scanner.Text()
+                        fields := strings.Fields(line)
+                        if len(fields) &gt;= 1 </span><span class="cov0" title="0">{
+                                pat := unescapeAttrPattern(fields[0])
+                                if newline, ok := changed[pat]; ok </span><span class="cov0" title="0">{
+                                        merged = append(merged, newline)
+                                        delete(changed, pat)
+                                        continue</span>
+                                }
+                        }
+                        <span class="cov0" title="0">merged = append(merged, line)</span>
                 }
+                <span class="cov0" title="0">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("parse .gitattributes: %w", err)
+                }</span>
         }
 
-        // Fallback: organization-level mapping.
-        <span class="cov4" title="6">bucket, err := GetGitConfigString(orgBucketKey(org, "bucket"))
-        if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
+        <span class="cov1" title="1">for _, newline := range changed </span><span class="cov3" title="2">{
+                merged = append(merged, newline)
         }</span>
-        <span class="cov4" title="6">if strings.TrimSpace(bucket) == "" </span><span class="cov1" title="1">{
-                return BucketMapping{}, false, nil
+
+        <span class="cov1" title="1">content := strings.Join(merged, "\n")
+        if content != "" </span><span class="cov1" title="1">{
+                content += "\n"
         }</span>
-        <span class="cov4" title="5">prefix, err := GetGitConfigString(orgBucketKey(org, "prefix"))
-        if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
+        <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("write .gitattributes: %w", err)
         }</span>
-        <span class="cov4" title="5">return BucketMapping{
-                Bucket: strings.TrimSpace(bucket),
-                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
-        }, true, nil</span>
+        <span class="cov1" title="1">return nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file39" style="display: none">package gitrepo
 
-import (
-        "fmt"
-        "strings"
-)
+func cleanRootPath(pattern string) string <span class="cov4" title="3">{
+        return strings.TrimPrefix(pattern, "/")
+}</span>
 
-type ResolvedBucketScope struct {
-        Bucket string
-        Prefix string
-}
+func trimCurrentPrefix(path string) string <span class="cov8" title="8">{
+        return strings.TrimPrefix(path, "./")
+}</span>
 
-// ResolveBucketScope returns the effective bucket/prefix for an org+project.
-// It prefers explicit bucket-map entries and validates conflicts with any
-// configured fallback values.
-func ResolveBucketScope(organization, project, configuredBucket, configuredPrefix string) (ResolvedBucketScope, error) <span class="cov7" title="4">{
-        organization = strings.TrimSpace(organization)
-        project = strings.TrimSpace(project)
-        configuredBucket = strings.TrimSpace(configuredBucket)
-        configuredPrefix = strings.Trim(strings.TrimSpace(configuredPrefix), "/")
+var trackEscapePatterns = map[string]string{
+        " ": "[[:space:]]",
+        "#": "\\#",
+}
 
-        if organization == "" </span><span class="cov0" title="0">{
-                if configuredBucket == "" </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("bucket is required when organization is empty")
-                }</span>
-                <span class="cov0" title="0">return ResolvedBucketScope{
-                        Bucket: configuredBucket,
-                        Prefix: configuredPrefix,
-                }, nil</span>
-        }
+func escapeAttrPattern(s string) string <span class="cov6" title="5">{
+        var escaped string
+        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
+                escaped = strings.ReplaceAll(s, `\\`, "/")
+        }</span> else<span class="cov6" title="5"> {
+                escaped = strings.ReplaceAll(s, `\\`, `\\\\`)
+        }</span>
 
-        <span class="cov7" title="4">orgMapping, hasOrgMapping, err := GetBucketMapping(organization, "")
-        if err != nil </span><span class="cov0" title="0">{
-                return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q: %w", organization, err)
+        <span class="cov6" title="5">for from, to := range trackEscapePatterns </span><span class="cov8" title="10">{
+                escaped = strings.ReplaceAll(escaped, from, to)
         }</span>
 
-        <span class="cov7" title="4">var projectMapping BucketMapping
-        hasProjectMapping := false
-        if project != "" </span><span class="cov7" title="4">{
-                projectMapping, hasProjectMapping, err = getExactBucketMapping(organization, project)
-                if err != nil </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q project=%q: %w", organization, project, err)
-                }</span>
-        }
+        <span class="cov6" title="5">return escaped</span>
+}
 
-        <span class="cov7" title="4">if hasOrgMapping </span><span class="cov6" title="3">{
-                bucket := strings.TrimSpace(orgMapping.Bucket)
-                if bucket == "" </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q is missing bucket", organization)
-                }</span>
-                <span class="cov6" title="3">return ResolvedBucketScope{
-                        Bucket: bucket,
-                        Prefix: joinBucketPrefixes(orgMapping.Prefix, projectMapping.Prefix),
-                }, nil</span>
-        }
+func unescapeAttrPattern(escaped string) string <span class="cov7" title="7">{
+        unescaped := escaped
 
-        <span class="cov1" title="1">if hasProjectMapping </span><span class="cov0" title="0">{
-                bucket := strings.TrimSpace(projectMapping.Bucket)
-                if bucket == "" </span><span class="cov0" title="0">{
-                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q project=%q is missing bucket", organization, project)
-                }</span>
-                <span class="cov0" title="0">return ResolvedBucketScope{
-                        Bucket: bucket,
-                        Prefix: strings.Trim(strings.TrimSpace(projectMapping.Prefix), "/"),
-                }, nil</span>
-        }
+        for to, from := range trackEscapePatterns </span><span class="cov10" title="14">{
+                unescaped = strings.ReplaceAll(unescaped, from, to)
+        }</span>
 
-        <span class="cov1" title="1">if configuredBucket == "" </span><span class="cov0" title="0">{
-                return ResolvedBucketScope{}, fmt.Errorf("bucket is required (or configure mapping with `git drs bucket add-organization --organization %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`)", organization)
+        <span class="cov7" title="7">if runtime.GOOS != "windows" </span><span class="cov7" title="7">{
+                unescaped = strings.ReplaceAll(unescaped, `\\\\`, `\\`)
         }</span>
-        <span class="cov1" title="1">return ResolvedBucketScope{
-                Bucket: configuredBucket,
-                Prefix: configuredPrefix,
-        }, nil</span>
+
+        <span class="cov7" title="7">return unescaped</span>
 }
 
-func getExactBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov7" title="4">{
-        org = strings.TrimSpace(org)
-        project = strings.TrimSpace(project)
-        if org == "" || project == "" </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, nil
+func TrackReadOnly(ctx context.Context, path string) (bool, error) <span class="cov0" title="0">{
+        if _, err := TrackPatterns(ctx, []string{path}, false, false); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("git lfs track failed: %w", err)
         }</span>
-        <span class="cov7" title="4">bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
+
+        <span class="cov0" title="0">repoRoot, err := gitrepo.GitTopLevel()
         if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
-        }</span>
-        <span class="cov7" title="4">if strings.TrimSpace(bucket) == "" </span><span class="cov6" title="3">{
-                return BucketMapping{}, false, nil
+                return false, err
         }</span>
-        <span class="cov1" title="1">prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
+
+        <span class="cov0" title="0">attrPath := filepath.Join(repoRoot, ".gitattributes")
+        changed, err := UpsertDRSRouteLines(attrPath, "ro", []string{path})
         if err != nil </span><span class="cov0" title="0">{
-                return BucketMapping{}, false, err
+                return false, err
         }</span>
-        <span class="cov1" title="1">return BucketMapping{
-                Bucket: strings.TrimSpace(bucket),
-                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
-        }, true, nil</span>
-}
 
-func joinBucketPrefixes(parts ...string) string <span class="cov6" title="3">{
-        joined := make([]string, 0, len(parts))
-        for _, part := range parts </span><span class="cov10" title="6">{
-                part = strings.Trim(strings.TrimSpace(part), "/")
-                if part != "" </span><span class="cov6" title="3">{
-                        joined = append(joined, part)
-                }</span>
-        }
-        <span class="cov6" title="3">return strings.Join(joined, "/")</span>
+        <span class="cov0" title="0">return changed, nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file40" style="display: none">package gitrepo
+		<pre class="file" id="file55" style="display: none">package gitfilter
 
 import (
+        "bytes"
+        "context"
         "fmt"
+        "io"
+        "log/slog"
+        "slices"
         "strings"
 
-        gitconfig "github.com/go-git/go-git/v5/plumbing/format/config"
+        "github.com/git-lfs/pktline"
 )
 
-func remoteTokenKey(remoteName string) string <span class="cov0" title="0">{
-        return fmt.Sprintf("drs.remote.%s.token", remoteName)
-}</span>
-
-func remoteUsernameKey(remoteName string) string <span class="cov10" title="2">{
-        return fmt.Sprintf("drs.remote.%s.username", remoteName)
-}</span>
-
-func remotePasswordKey(remoteName string) string <span class="cov10" title="2">{
-        return fmt.Sprintf("drs.remote.%s.password", remoteName)
-}</span>
-
-func remoteLFSURL(endpoint string) string <span class="cov0" title="0">{
-        base := strings.TrimSpace(strings.TrimRight(endpoint, "/"))
-        if base == "" </span><span class="cov0" title="0">{
-                return ""
-        }</span>
-        <span class="cov0" title="0">return base + "/info/lfs"</span>
-}
+// SmudgeFunc is called for each smudge (checkout) request.
+// req contains the pathname and command metadata.
+// ptr is the LFS pointer payload received from git (may be non-LFS content for untracked files).
+// dst is where the real file content must be written.
+type SmudgeFunc func(ctx context.Context, req FilterRequest, ptr io.Reader, dst io.Writer) error
 
-// GetRemoteToken reads a remote-specific bearer token from repo-local git config.
-func GetRemoteToken(remoteName string) (string, error) <span class="cov0" title="0">{
-        return GetGitConfigString(remoteTokenKey(remoteName))
-}</span>
+// CleanFunc is called for each clean (stage) request.
+// req contains the pathname and command metadata.
+// content is the full file content received from git.
+// dst is where the LFS pointer must be written.
+type CleanFunc func(ctx context.Context, req FilterRequest, content io.Reader, dst io.Writer) error
 
-// SetRemoteToken stores a remote-specific bearer token in repo-local git config.
-func SetRemoteToken(remoteName, token string) error <span class="cov0" title="0">{
-        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
-        }</span>
-        <span class="cov0" title="0">if strings.TrimSpace(token) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("token is required")
-        }</span>
-        <span class="cov0" title="0">configs := map[string]string{remoteTokenKey(remoteName): token}
-        return SetGitConfigOptions(configs)</span>
+// FilterRequest describes a single filter request from git.
+type FilterRequest struct {
+        // Command is "smudge" or "clean".
+        Command string
+        // Pathname is the repo-relative file path being processed.
+        Pathname string
 }
 
-func GetRemoteBasicAuth(remoteName string) (string, string, error) <span class="cov1" title="1">{
-        username, err := GetGitConfigString(remoteUsernameKey(remoteName))
-        if err != nil </span><span class="cov0" title="0">{
-                return "", "", err
-        }</span>
-        <span class="cov1" title="1">password, err := GetGitConfigString(remotePasswordKey(remoteName))
-        if err != nil </span><span class="cov0" title="0">{
-                return "", "", err
-        }</span>
-        <span class="cov1" title="1">return strings.TrimSpace(username), strings.TrimSpace(password), nil</span>
+// GitFilter implements the git long-running filter process protocol v2.
+//
+// Protocol reference:
+//
+//        https://git-scm.com/docs/gitattributes#_long_running_filter_process
+//
+// Usage:
+//
+//        f := NewGitFilter(os.Stdin, os.Stdout).
+//            OnSmudge(smudgeFn).
+//            OnClean(cleanFn)
+//        err := f.Run(ctx)
+type GitFilter struct {
+        pl     *pktline.Pktline
+        out    io.Writer
+        smudge SmudgeFunc
+        clean  CleanFunc
+        logger *slog.Logger
 }
 
-func SetRemoteBasicAuth(remoteName, username, password string) error <span class="cov1" title="1">{
-        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
-        }</span>
-        <span class="cov1" title="1">if strings.TrimSpace(username) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("username is required")
-        }</span>
-        <span class="cov1" title="1">if strings.TrimSpace(password) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("password is required")
-        }</span>
-        <span class="cov1" title="1">configs := map[string]string{
-                remoteUsernameKey(remoteName): username,
-                remotePasswordKey(remoteName): password,
+// NewGitFilter creates a GitFilter that reads from in and writes to out.
+func NewGitFilter(in io.Reader, out io.Writer, logger *slog.Logger) *GitFilter <span class="cov1" title="1">{
+        return &amp;GitFilter{
+                pl:     pktline.NewPktline(in, out),
+                out:    out,
+                logger: logger,
         }
-        return SetGitConfigOptions(configs)</span>
-}
-
-// ConfigureCredentialHelperForRepo installs repo-local git credential helper wiring
-// so git-lfs uses standard git credential resolution.
-//
-// credential.helper is a multi-valued git config key: using SetOption would
-// overwrite any pre-existing helpers (e.g. a credential store with other remote
-// credentials).  We use AddOption instead, guarded by a presence check to avoid
-// accumulating duplicate entries on repeated calls.
-func ConfigureCredentialHelperForRepo() error <span class="cov0" title="0">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov0" title="0">conf, err := repo.Config()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-
-        <span class="cov0" title="0">const helperValue = "!git drs credential-helper"
-        credSection := conf.Raw.Section("credential")
-
-        if !containsOption(credSection.Options, "helper", helperValue) </span><span class="cov0" title="0">{
-                credSection.AddOption("helper", helperValue)
-        }</span>
-        <span class="cov0" title="0">credSection.SetOption("useHttpPath", "true")
+}</span>
 
-        return repo.Storer.SetConfig(conf)</span>
-}
+// OnSmudge registers the smudge handler and returns the receiver for chaining.
+func (f *GitFilter) OnSmudge(fn SmudgeFunc) *GitFilter <span class="cov1" title="1">{
+        f.smudge = fn
+        return f
+}</span>
 
-func containsOption(opts gitconfig.Options, key, value string) bool <span class="cov0" title="0">{
-        for _, v := range opts.GetAll(key) </span><span class="cov0" title="0">{
-                if v == value </span><span class="cov0" title="0">{
-                        return true
-                }</span>
-        }
-        <span class="cov0" title="0">return false</span>
-}
+// OnClean registers the clean handler and returns the receiver for chaining.
+func (f *GitFilter) OnClean(fn CleanFunc) *GitFilter <span class="cov0" title="0">{
+        f.clean = fn
+        return f
+}</span>
 
-// SetRemoteLFSURL stores the LFS API endpoint for the provided git remote.
-func SetRemoteLFSURL(remoteName, endpoint string) error <span class="cov0" title="0">{
-        lfsURL := remoteLFSURL(endpoint)
-        if lfsURL == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("endpoint is required")
-        }</span>
-        <span class="cov0" title="0">if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("remote name is required")
+// Run performs the capability handshake and then processes filter requests
+// until the underlying reader is exhausted or the context is cancelled.
+func (f *GitFilter) Run(ctx context.Context) error <span class="cov1" title="1">{
+        f.logger.Debug("Starting git filter process")
+        if err := f.handshake(); err != nil </span><span class="cov0" title="0">{
+                f.logger.Debug(fmt.Sprintf("Handshake failed: %v", err))
+                return fmt.Errorf("git-filter: handshake: %w", err)
         }</span>
-        <span class="cov0" title="0">configs := map[string]string{
-                fmt.Sprintf("remote.%s.lfsurl", remoteName): lfsURL,
+        <span class="cov1" title="1">for </span><span class="cov10" title="2">{
+                if err := ctx.Err(); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov10" title="2">if err := f.processOne(ctx); err != nil </span><span class="cov1" title="1">{
+                        if err == io.EOF </span><span class="cov1" title="1">{
+                                return nil
+                        }</span>
+                        <span class="cov0" title="0">return err</span>
+                }
         }
-        return SetGitConfigOptions(configs)</span>
 }
-</pre>
-		
-		<pre class="file" id="file41" style="display: none">package gitrepo
-
-import (
-        "os"
-        "os/exec"
-        "path/filepath"
-        "strconv"
-        "strings"
 
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/go-git/go-git/v5"
-)
+// --------------------------------------------------------------------------
+// Handshake
+// --------------------------------------------------------------------------
 
-func DrsTopLevel() (string, error) <span class="cov0" title="0">{
-        base, err := GitTopLevel()
+// handshake implements the git filter v2 capability exchange.
+//
+// git → filter:
+//
+//        PKT-LINE("git-filter-client\n")
+//        PKT-LINE("version=2\n")
+//        flush-pkt
+//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
+//
+// filter → git:
+//
+//        PKT-LINE("git-filter-server\n")
+//        PKT-LINE("version=2\n")
+//        flush-pkt
+//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
+func (f *GitFilter) handshake() error <span class="cov1" title="1">{
+        // --- version negotiation from git ---
+        initMsg, err := f.pl.ReadPacketText()
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return fmt.Errorf("reading welcome: %w", err)
         }</span>
-        <span class="cov0" title="0">return filepath.Join(base, common.DRS_DIR), nil</span>
-}
-
-// GetRepo opens the current git repository
-func GetRepo() (*git.Repository, error) <span class="cov8" title="12">{
-        cwd, err := os.Getwd()
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+        <span class="cov1" title="1">if initMsg != "git-filter-client" </span><span class="cov0" title="0">{
+                return fmt.Errorf("expected 'git-filter-client', got %q", initMsg)
         }</span>
-        <span class="cov8" title="12">return git.PlainOpenWithOptions(cwd, &amp;git.PlainOpenOptions{DetectDotGit: true})</span>
-}
 
-// GitTopLevel returns the absolute path of the git repository root
-func GitTopLevel() (string, error) <span class="cov0" title="0">{
-        repo, err := GetRepo()
+        <span class="cov1" title="1">versions, err := f.pl.ReadPacketList()
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return fmt.Errorf("reading versions: %w", err)
         }</span>
-        <span class="cov0" title="0">wt, err := repo.Worktree()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+        <span class="cov1" title="1">if !slices.Contains(versions, "version=2") </span><span class="cov0" title="0">{
+                return fmt.Errorf("unsupported filter protocol versions %v (requires version=2)", versions)
         }</span>
-        <span class="cov0" title="0">return wt.Filesystem.Root(), nil</span>
-}
 
-// GetGitConfigString reads a string value from git config using the git command
-// to ensure we pick up values from all scopes (system, global, local).
-func GetGitConfigString(key string) (string, error) <span class="cov10" title="24">{
-        cmd := exec.Command("git", "config", "--get", key)
-        out, err := cmd.Output()
-        if err != nil </span><span class="cov7" title="9">{
-                // git config returns exit code 1 if the key is not found
-                return "", nil
+        // --- send our identity ---
+        <span class="cov1" title="1">if err := f.pl.WritePacketList([]string{"git-filter-server", "version=2"}); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov8" title="15">return strings.TrimSpace(string(out)), nil</span>
-}
 
-// GetGitConfigInt reads an integer value from git config
-func GetGitConfigInt(key string, defaultValue int64) int64 <span class="cov0" title="0">{
-        valStr, err := GetGitConfigString(key)
-        if err != nil || valStr == "" </span><span class="cov0" title="0">{
-                return defaultValue
-        }</span>
-        <span class="cov0" title="0">val, err := strconv.ParseInt(valStr, 10, 64)
-        if err != nil </span><span class="cov0" title="0">{
-                return defaultValue
+        // --- read capabilities from git ---
+        <span class="cov1" title="1">if _, err := f.pl.ReadPacketList(); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("reading capabilities: %w", err)
         }</span>
-        <span class="cov0" title="0">return val</span>
-}
 
-// GetGitConfigBool reads a boolean value from git config
-func GetGitConfigBool(key string, defaultValue bool) bool <span class="cov0" title="0">{
-        valStr, err := GetGitConfigString(key)
-        if err != nil || valStr == "" </span><span class="cov0" title="0">{
-                return defaultValue
-        }</span>
-        <span class="cov0" title="0">val, err := strconv.ParseBool(valStr)
-        if err != nil </span><span class="cov0" title="0">{
-                return defaultValue
-        }</span>
-        <span class="cov0" title="0">return val</span>
+        // --- advertise our capabilities ---
+        <span class="cov1" title="1">return f.pl.WritePacketList([]string{"capability=clean", "capability=smudge"})</span>
 }
 
-func SetGitConfigOptions(configs map[string]string) error <span class="cov7" title="11">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
+// --------------------------------------------------------------------------
+// Per-request processing
+// --------------------------------------------------------------------------
+
+func (f *GitFilter) processOne(ctx context.Context) error <span class="cov10" title="2">{
+        f.logger.Debug("Waiting for next filter request...")
+        req, err := f.readRequest()
+        if err != nil </span><span class="cov1" title="1">{
+                f.logger.Debug(fmt.Sprintf("Error reading filter request: %v", err))
                 return err
         }</span>
-        <span class="cov7" title="11">conf, err := repo.Config()
+        <span class="cov1" title="1">f.logger.Debug("Received filter request", "command", req.Command, "pathname", req.Pathname)
+        // Read content (between the delimiter and the trailing flush).
+        content, err := f.readContent()
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return fmt.Errorf("reading content for %s %s: %w", req.Command, req.Pathname, err)
         }</span>
 
-        <span class="cov7" title="11">for key, value := range configs </span><span class="cov9" title="19">{
-                parts := strings.Split(key, ".")
-                if len(parts) == 2 </span><span class="cov0" title="0">{
-                        conf.Raw.Section(parts[0]).SetOption(parts[1], value)
-                }</span> else<span class="cov9" title="19"> if len(parts) &gt; 2 </span><span class="cov9" title="19">{
-                        // Handle subsections e.g. lfs.customtransfer.drs.path or drs.remote.origin.type
-                        section := parts[0]
-                        subsection := strings.Join(parts[1:len(parts)-1], ".")
-                        key := parts[len(parts)-1]
-                        conf.Raw.Section(section).Subsection(subsection).SetOption(key, value)
-                }</span>
+        <span class="cov1" title="1">var handlerErr error
+        switch req.Command </span>{
+        case "smudge":<span class="cov1" title="1">
+                handlerErr = f.handleSmudge(ctx, req, content)</span>
+        case "clean":<span class="cov0" title="0">
+                handlerErr = f.handleClean(ctx, req, content)</span>
+        default:<span class="cov0" title="0">
+                // Unknown command: respond with error status and empty content.
+                handlerErr = fmt.Errorf("unknown command %q", req.Command)</span>
         }
 
-        <span class="cov7" title="11">return repo.Storer.SetConfig(conf)</span>
+        <span class="cov1" title="1">if handlerErr != nil </span><span class="cov0" title="0">{
+                // Send error status; git will use the pointer/raw bytes itself.
+                if err := f.pl.WritePacketList([]string{"status=error"}); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        }
+        <span class="cov1" title="1">return nil</span>
 }
 
-// UnsetGitConfigOptions removes git config keys from local repo config.
-// Missing keys are ignored.
-func UnsetGitConfigOptions(keys []string) error <span class="cov4" title="3">{
-        for _, key := range keys </span><span class="cov4" title="3">{
-                cmd := exec.Command("git", "config", "--unset-all", key)
-                if err := cmd.Run(); err != nil </span><span class="cov1" title="1">{
-                        // git exits non-zero when the key doesn't exist; this is safe to ignore.
-                        continue</span>
-                }
-        }
-        <span class="cov4" title="3">return nil</span>
+func (f *GitFilter) handleSmudge(ctx context.Context, req FilterRequest, content []byte) error <span class="cov1" title="1">{
+        if f.smudge == nil </span><span class="cov0" title="0">{
+                return f.passthroughSmudge(content)
+        }</span>
+
+        <span class="cov1" title="1">var dst bytes.Buffer
+        if err := f.smudge(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov1" title="1">return f.writeSuccessResponse(dst.Bytes())</span>
 }
 
-// GetGitHooksDir returns the absolute path to the .git/hooks directory
-func GetGitHooksDir() (string, error) <span class="cov1" title="1">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func (f *GitFilter) handleClean(ctx context.Context, req FilterRequest, content []byte) error <span class="cov0" title="0">{
+        if f.clean == nil </span><span class="cov0" title="0">{
+                return f.passthroughClean(content)
         }</span>
-        <span class="cov1" title="1">wt, err := repo.Worktree()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+
+        <span class="cov0" title="0">var dst bytes.Buffer
+        if err := f.clean(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        // This is a simplification; for complex setups (submodules, worktrees),
-        // we might need more robust logic, but this matches previous behavior.
-        <span class="cov1" title="1">return filepath.Join(wt.Filesystem.Root(), ".git", "hooks"), nil</span>
+        <span class="cov0" title="0">return f.writeSuccessResponse(dst.Bytes())</span>
 }
 
-// AddFile adds a file to the git staging area (index)
-func AddFile(path string) error <span class="cov0" title="0">{
-        repo, err := GetRepo()
-        if err != nil </span><span class="cov0" title="0">{
+// passthroughSmudge sends content as-is (smudge no-op).
+func (f *GitFilter) passthroughSmudge(content []byte) error <span class="cov0" title="0">{
+        return f.writeSuccessResponse(content)
+}</span>
+
+// passthroughClean sends content as-is (clean no-op).
+func (f *GitFilter) passthroughClean(content []byte) error <span class="cov0" title="0">{
+        return f.writeSuccessResponse(content)
+}</span>
+
+// writeSuccessResponse writes the success response including pkt-line framed content.
+//
+// Format:
+//
+//        PKT-LINE("status=success\n")
+//        flush-pkt
+//        [PKT-LINE(content chunks)]
+//        flush-pkt
+//        flush-pkt  (second flush signals end of command)
+func (f *GitFilter) writeSuccessResponse(data []byte) error <span class="cov1" title="1">{
+        if err := f.pl.WritePacketList([]string{"status=success"}); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">wt, err := repo.Worktree()
-        if err != nil </span><span class="cov0" title="0">{
+
+        <span class="cov1" title="1">w := pktline.NewPktlineWriter(f.out, pktline.MaxPacketLength)
+        if len(data) &gt; 0 </span><span class="cov1" title="1">{
+                if _, err := w.Write(data); err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+        }
+        <span class="cov1" title="1">if err := w.Flush(); err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">_, err = wt.Add(path)
-        return err</span>
+
+        // Send trailing key=value list (empty) terminated with flush.
+        <span class="cov1" title="1">return f.pl.WritePacketList(nil)</span>
+}
+
+// --------------------------------------------------------------------------
+// Helpers
+// --------------------------------------------------------------------------
+
+// readRequest reads the command header section terminated by a delimiter packet.
+// Returns (FilterRequest, nil) on success, or (_, io.EOF) if the stream is done.
+func (f *GitFilter) readRequest() (FilterRequest, error) <span class="cov10" title="2">{
+        requestList, err := f.pl.ReadPacketList()
+        if err != nil </span><span class="cov1" title="1">{
+                return FilterRequest{}, err
+        }</span>
+
+        <span class="cov1" title="1">var req FilterRequest
+        for _, line := range requestList </span><span class="cov10" title="2">{
+                if kv := strings.SplitN(line, "=", 2); len(kv) == 2 </span><span class="cov10" title="2">{
+                        switch kv[0] </span>{
+                        case "command":<span class="cov1" title="1">
+                                req.Command = kv[1]</span>
+                        case "pathname":<span class="cov1" title="1">
+                                req.Pathname = kv[1]</span>
+                        }
+                }
+        }
+        <span class="cov1" title="1">return req, nil</span>
 }
+
+// readContent reads pkt-line data packets until a flush packet, returning all
+// data concatenated. git sends content flush-terminated.
+func (f *GitFilter) readContent() ([]byte, error) <span class="cov1" title="1">{
+        return io.ReadAll(pktline.NewPktlineReaderFromPktline(f.pl, pktline.MaxPacketLength))
+}</span>
 </pre>
 		
-		<pre class="file" id="file42" style="display: none">package lfs
-
-// Package filterops contains the shared logic for the git-drs clean and
-// filter-process sub commands. Both sub commands need to convert raw file
-// content into an LFS pointer (the "clean" side of the LFS filter pair), so
-// the implementation lives here and is imported by each command rather than
-// being duplicated.
+		<pre class="file" id="file56" style="display: none">package gitrepo
 
 import (
-        "context"
-        "crypto/sha256"
-        "encoding/hex"
         "fmt"
-        "io"
-        "log/slog"
-        "os"
-        "path/filepath"
+        "regexp"
         "strings"
-
-        "github.com/calypr/git-drs/internal/common"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
-// ParseLFSPointer extracts the oid and size from an LFS pointer payload.
-// Returns ("", 0, false) if data is not a valid LFS pointer.
-func ParseLFSPointer(data []byte) (oid string, size int64, ok bool) <span class="cov6" title="5">{
-        text := string(data)
-        if !strings.Contains(text, "version https://git-lfs.github.com/spec/v1") </span><span class="cov1" title="1">{
-                return "", 0, false
+type BucketMapping struct {
+        Bucket string
+        Prefix string
+}
+
+var bucketMapKeyPartSanitizer = regexp.MustCompile(`[^a-z0-9_-]+`)
+
+func normalizeBucketMapKeyPart(v string) string <span class="cov10" title="61">{
+        v = strings.ToLower(strings.TrimSpace(v))
+        v = strings.ReplaceAll(v, ".", "_")
+        v = bucketMapKeyPartSanitizer.ReplaceAllString(v, "_")
+        v = strings.Trim(v, "_")
+        return v
+}</span>
+
+func orgBucketKey(org, field string) string <span class="cov7" title="23">{
+        return fmt.Sprintf("drs.bucketmap.orgs.%s.%s", normalizeBucketMapKeyPart(org), field)
+}</span>
+
+func projectBucketKey(org, project, field string) string <span class="cov7" title="19">{
+        return fmt.Sprintf("drs.bucketmap.projects.%s.%s.%s", normalizeBucketMapKeyPart(org), normalizeBucketMapKeyPart(project), field)
+}</span>
+
+func SetBucketMapping(org, project, bucket, prefix string) error <span class="cov6" title="10">{
+        org = strings.TrimSpace(org)
+        project = strings.TrimSpace(project)
+        bucket = strings.TrimSpace(bucket)
+        prefix = strings.Trim(strings.TrimSpace(prefix), "/")
+        if org == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("organization is required")
         }</span>
-        <span class="cov5" title="4">for _, line := range strings.Split(text, "\n") </span><span class="cov10" title="16">{
-                line = strings.TrimSpace(line)
-                if strings.HasPrefix(line, "oid sha256:") </span><span class="cov5" title="4">{
-                        oid = strings.TrimPrefix(line, "oid sha256:")
+        <span class="cov6" title="10">if bucket == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("bucket is required")
+        }</span>
+
+        <span class="cov6" title="10">configs := map[string]string{}
+        prefixKey := ""
+        if project != "" </span><span class="cov4" title="4">{
+                configs[projectBucketKey(org, project, "bucket")] = bucket
+                prefixKey = projectBucketKey(org, project, "prefix")
+                if prefix != "" </span><span class="cov3" title="3">{
+                        configs[prefixKey] = prefix
                 }</span>
-                <span class="cov10" title="16">if strings.HasPrefix(line, "size ") </span><span class="cov5" title="4">{
-                        fmt.Sscanf(strings.TrimPrefix(line, "size "), "%d", &amp;size)
+        } else<span class="cov4" title="6"> {
+                configs[orgBucketKey(org, "bucket")] = bucket
+                prefixKey = orgBucketKey(org, "prefix")
+                if prefix != "" </span><span class="cov4" title="4">{
+                        configs[prefixKey] = prefix
                 }</span>
         }
-        <span class="cov5" title="4">if oid == "" </span><span class="cov0" title="0">{
-                return "", 0, false
+        <span class="cov6" title="10">if err := SetGitConfigOptions(configs); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov5" title="4">return oid, size, true</span>
-}
-
-// WriteDrsMap records a local DRS object entry in .git/drs/lfs/objects so that
-// the pre-push workflow can discover and upload the file. This mirrors the
-// ObjectStore.WriteObject pattern.
-func WriteDrsMap(pathname string, oid string, size int64) error <span class="cov1" title="1">{
-        name := filepath.Base(pathname)
-        drsObj := &amp;drsapi.DrsObject{
-                Name: &amp;name,
-                Size: size,
-                Checksums: []drsapi.Checksum{
-                        {Type: "sha256", Checksum: oid},
-                },
-        }
-        if existing, err := ReadObject(common.DRS_OBJS_PATH, oid); err == nil &amp;&amp; existing != nil </span><span class="cov1" title="1">{
-                drsObj = existing
-                drsObj.Name = &amp;name
-                drsObj.Size = size
-                drsObj.Checksums = []drsapi.Checksum{
-                        {Type: "sha256", Checksum: oid},
-                }
+        <span class="cov6" title="10">if prefix == "" &amp;&amp; prefixKey != "" </span><span class="cov3" title="3">{
+                return UnsetGitConfigOptions([]string{prefixKey})
         }</span>
-        <span class="cov1" title="1">return WriteObject(common.DRS_OBJS_PATH, drsObj, oid)</span>
+        <span class="cov5" title="7">return nil</span>
 }
 
-// CleanContent reads raw file content from content, hashes it with SHA-256,
-// stores the content in the git-lfs local object cache under lfsRoot, and
-// writes an LFS pointer to dst. It also records a DRS map entry so that
-// `git drs push` can discover the file.
-//
-// pathname is the repo-relative path of the file being cleaned; it is used
-// only for the DRS map entry name and log messages.
-func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Reader, dst io.Writer, logger *slog.Logger) error <span class="cov1" title="1">{
-        _ = ctx // reserved for future cancellation propagation
-
-        objDir := filepath.Join(lfsRoot, "objects")
-        if err := os.MkdirAll(objDir, 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: mkdir LFS objects: %w", err)
+func GetBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov5" title="8">{
+        org = strings.TrimSpace(org)
+        project = strings.TrimSpace(project)
+        if org == "" </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, nil
         }</span>
 
-        // Buffer the content into a temp file while computing its SHA-256.
-        <span class="cov1" title="1">tmp, err := os.CreateTemp(objDir, "git-drs-clean-*")
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: create temp file: %w", err)
-        }</span>
-        <span class="cov1" title="1">tmpPath := tmp.Name()
-        defer func() </span><span class="cov1" title="1">{
-                if _, statErr := os.Stat(tmpPath); statErr == nil </span><span class="cov1" title="1">{
-                        _ = os.Remove(tmpPath)
+        // Project-specific mapping takes precedence.
+        <span class="cov5" title="8">if project != "" </span><span class="cov4" title="4">{
+                bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
+                if err != nil </span><span class="cov0" title="0">{
+                        return BucketMapping{}, false, err
                 }</span>
-        }()
-
-        <span class="cov1" title="1">h := sha256.New()
-        written, err := io.Copy(tmp, io.TeeReader(content, h))
-        if err != nil </span><span class="cov0" title="0">{
-                tmp.Close()
-                return fmt.Errorf("clean: write temp file: %w", err)
-        }</span>
-        <span class="cov1" title="1">if err := tmp.Close(); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: close temp file: %w", err)
-        }</span>
-        <span class="cov1" title="1">size := written
-        oid := hex.EncodeToString(h.Sum(nil))
-
-        if size &gt; 0 &amp;&amp; size &lt; 2048 </span><span class="cov1" title="1">{
-                if data, readErr := os.ReadFile(tmpPath); readErr == nil </span><span class="cov1" title="1">{
-                        if pointerOID, pointerSize, ok := ParseLFSPointer(data); ok </span><span class="cov1" title="1">{
-                                if _, err := dst.Write(data); err != nil </span><span class="cov0" title="0">{
-                                        return fmt.Errorf("clean: write existing pointer: %w", err)
-                                }</span>
-                                <span class="cov1" title="1">if mapErr := WriteDrsMap(pathname, pointerOID, pointerSize); mapErr != nil </span><span class="cov0" title="0">{
-                                        logger.Warn("clean: failed to write DRS map entry for existing pointer", "pathname", pathname, "error", mapErr)
-                                }</span>
-                                <span class="cov1" title="1">logger.Debug("clean: passed through existing LFS pointer", "pathname", pathname, "oid", pointerOID, "size", pointerSize)
-                                return nil</span>
-                        }
+                <span class="cov4" title="4">if strings.TrimSpace(bucket) != "" </span><span class="cov2" title="2">{
+                        prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
+                        if err != nil </span><span class="cov0" title="0">{
+                                return BucketMapping{}, false, err
+                        }</span>
+                        <span class="cov2" title="2">return BucketMapping{
+                                Bucket: strings.TrimSpace(bucket),
+                                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
+                        }, true, nil</span>
                 }
         }
 
-        // Move temp file to the final content-addressed location.
-        <span class="cov0" title="0">cachePath, err := ObjectPath(common.LFS_OBJS_PATH, oid)
+        // Fallback: organization-level mapping.
+        <span class="cov4" title="6">bucket, err := GetGitConfigString(orgBucketKey(org, "bucket"))
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: resolve cache path: %w", err)
-        }</span>
-        <span class="cov0" title="0">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: mkdir for cache path: %w", err)
-        }</span>
-        <span class="cov0" title="0">if err := os.Rename(tmpPath, cachePath); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: move to cache: %w", err)
+                return BucketMapping{}, false, err
         }</span>
-
-        <span class="cov0" title="0">logger.Debug("clean: stored LFS object", "pathname", pathname, "oid", oid, "size", size)
-
-        // Write the LFS pointer to dst.
-        pointer := fmt.Sprintf(
-                "version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
-                oid, size,
-        )
-        if _, err := io.WriteString(dst, pointer); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("clean: write pointer: %w", err)
+        <span class="cov4" title="6">if strings.TrimSpace(bucket) == "" </span><span class="cov1" title="1">{
+                return BucketMapping{}, false, nil
         }</span>
-
-        // Record a DRS map entry so `git drs push` can find the file.
-        <span class="cov0" title="0">if mapErr := WriteDrsMap(pathname, oid, size); mapErr != nil </span><span class="cov0" title="0">{
-                logger.Warn("clean: failed to write DRS map entry", "pathname", pathname, "error", mapErr)
+        <span class="cov4" title="5">prefix, err := GetGitConfigString(orgBucketKey(org, "prefix"))
+        if err != nil </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, err
         }</span>
-
-        <span class="cov0" title="0">return nil</span>
+        <span class="cov4" title="5">return BucketMapping{
+                Bucket: strings.TrimSpace(bucket),
+                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
+        }, true, nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file43" style="display: none">package lfs
+		<pre class="file" id="file57" style="display: none">package gitrepo
 
 import (
-        "context"
         "fmt"
-        "io"
-        "log/slog"
-        "net/http"
-        "os"
-        "path/filepath"
         "strings"
-
-        "github.com/calypr/git-drs/internal/config"
-        "github.com/calypr/git-drs/internal/drslookup"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        sycommon "github.com/calypr/syfon/client/common"
-        syrequest "github.com/calypr/syfon/client/request"
-        "github.com/calypr/syfon/client/transfer"
-        "github.com/calypr/syfon/client/xfer/download"
 )
 
-// DownloadToCachePath downloads the DRS object identified by oid to cachePath
-// using the project-scoped URL resolution preferred by git-drs.
-func DownloadToCachePath(ctx context.Context, drsCtx *config.GitContext, logger *slog.Logger, oid, cachePath string) error <span class="cov0" title="0">{
-        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("mkdir for cache path: %w", err)
-        }</span>
+type ResolvedBucketScope struct {
+        Bucket string
+        Prefix string
+}
+
+// ResolveBucketScope returns the effective bucket/prefix for an org+project.
+// It prefers explicit bucket-map entries and validates conflicts with any
+// configured fallback values.
+func ResolveBucketScope(organization, project, configuredBucket, configuredPrefix string) (ResolvedBucketScope, error) <span class="cov7" title="4">{
+        organization = strings.TrimSpace(organization)
+        project = strings.TrimSpace(project)
+        configuredBucket = strings.TrimSpace(configuredBucket)
+        configuredPrefix = strings.Trim(strings.TrimSpace(configuredPrefix), "/")
+
+        if organization == "" </span><span class="cov0" title="0">{
+                if configuredBucket == "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("bucket is required when organization is empty")
+                }</span>
+                <span class="cov0" title="0">return ResolvedBucketScope{
+                        Bucket: configuredBucket,
+                        Prefix: configuredPrefix,
+                }, nil</span>
+        }
 
-        <span class="cov0" title="0">backend, err := newScopedBackend(ctx, drsCtx, oid)
+        <span class="cov7" title="4">orgMapping, hasOrgMapping, err := GetBucketMapping(organization, "")
         if err != nil </span><span class="cov0" title="0">{
-                return err
+                return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q: %w", organization, err)
         }</span>
 
-        <span class="cov0" title="0">opts := download.DownloadOptions{
-                MultipartThreshold: 5 * 1024 * 1024,
-                Concurrency:        2,
-                ChunkSize:          64 * 1024 * 1024,
+        <span class="cov7" title="4">var projectMapping BucketMapping
+        hasProjectMapping := false
+        if project != "" </span><span class="cov7" title="4">{
+                projectMapping, hasProjectMapping, err = getExactBucketMapping(organization, project)
+                if err != nil </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("resolve bucket mapping for organization=%q project=%q: %w", organization, project, err)
+                }</span>
         }
-        return download.DownloadToPathWithOptions(ctx, backend, oid, cachePath, opts)</span>
-}
 
-func DownloadResolvedToCachePath(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error <span class="cov0" title="0">{
-        if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("mkdir for cache path: %w", err)
-        }</span>
-        <span class="cov0" title="0">if obj == nil || accessURL == nil || strings.TrimSpace(accessURL.Url) == "" </span><span class="cov0" title="0">{
-                return DownloadToCachePath(ctx, drsCtx, nil, oid, cachePath)
-        }</span>
-        <span class="cov0" title="0">backend, err := newScopedBackendFromResolved(drsCtx, obj, strings.TrimSpace(accessURL.Url))
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
+        <span class="cov7" title="4">if hasOrgMapping </span><span class="cov6" title="3">{
+                bucket := strings.TrimSpace(orgMapping.Bucket)
+                if bucket == "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q is missing bucket", organization)
+                }</span>
+                <span class="cov6" title="3">return ResolvedBucketScope{
+                        Bucket: bucket,
+                        Prefix: joinBucketPrefixes(orgMapping.Prefix, projectMapping.Prefix),
+                }, nil</span>
+        }
 
-        <span class="cov0" title="0">opts := download.DownloadOptions{
-                MultipartThreshold: 5 * 1024 * 1024,
-                Concurrency:        2,
-                ChunkSize:          64 * 1024 * 1024,
+        <span class="cov1" title="1">if hasProjectMapping </span><span class="cov0" title="0">{
+                bucket := strings.TrimSpace(projectMapping.Bucket)
+                if bucket == "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("bucket mapping for organization=%q project=%q is missing bucket", organization, project)
+                }</span>
+                <span class="cov0" title="0">return ResolvedBucketScope{
+                        Bucket: bucket,
+                        Prefix: strings.Trim(strings.TrimSpace(projectMapping.Prefix), "/"),
+                }, nil</span>
         }
-        return download.DownloadToPathWithOptions(ctx, backend, oid, cachePath, opts)</span>
-}
 
-type scopedBackend struct {
-        base      transfer.Backend
-        requestor syrequest.Requester
-        object    *drsapi.DrsObject
-        accessURL string
+        <span class="cov1" title="1">if configuredBucket == "" </span><span class="cov0" title="0">{
+                if project != "" </span><span class="cov0" title="0">{
+                        return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q project=%q; configure one first with `git drs bucket add-organization --organization %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;` or `git drs bucket add-project --organization %s --project %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`", organization, project, organization, organization, project)
+                }</span>
+                <span class="cov0" title="0">return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q; configure one first with `git drs bucket add-organization --organization %s --path &lt;scheme&gt;://&lt;bucket&gt;/&lt;prefix&gt;`", organization, organization)</span>
+        }
+        <span class="cov1" title="1">return ResolvedBucketScope{
+                Bucket: configuredBucket,
+                Prefix: configuredPrefix,
+        }, nil</span>
 }
 
-func newScopedBackend(ctx context.Context, drsCtx *config.GitContext, oid string) (*scopedBackend, error) <span class="cov0" title="0">{
-        if drsCtx == nil || drsCtx.Client == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("DRS client unavailable")
+func getExactBucketMapping(org, project string) (BucketMapping, bool, error) <span class="cov7" title="4">{
+        org = strings.TrimSpace(org)
+        project = strings.TrimSpace(project)
+        if org == "" || project == "" </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, nil
         }</span>
-
-        <span class="cov0" title="0">accessURL, match, err := drslookup.AccessURLForHashScope(ctx, drsCtx, oid)
+        <span class="cov7" title="4">bucket, err := GetGitConfigString(projectBucketKey(org, project, "bucket"))
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-
-        <span class="cov0" title="0">return &amp;scopedBackend{
-                base:      drsCtx.Client.Data(),
-                requestor: drsCtx.Requestor,
-                object:    match,
-                accessURL: strings.TrimSpace(accessURL.Url),
-        }, nil</span>
-}
-
-func newScopedBackendFromResolved(drsCtx *config.GitContext, obj *drsapi.DrsObject, accessURL string) (*scopedBackend, error) <span class="cov0" title="0">{
-        if drsCtx == nil || drsCtx.Client == nil || drsCtx.Requestor == nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("DRS client unavailable")
+                return BucketMapping{}, false, err
         }</span>
-        <span class="cov0" title="0">return &amp;scopedBackend{
-                base:      drsCtx.Client.Data(),
-                requestor: drsCtx.Requestor,
-                object:    obj,
-                accessURL: strings.TrimSpace(accessURL),
-        }, nil</span>
-}
-
-func (b *scopedBackend) Name() string <span class="cov0" title="0">{ return b.base.Name() }</span>
-
-func (b *scopedBackend) Logger() transfer.TransferLogger <span class="cov0" title="0">{ return b.base.Logger() }</span>
-
-func (b *scopedBackend) Validate(ctx context.Context, bucket string) error <span class="cov0" title="0">{
-        return b.base.Validate(ctx, bucket)
-}</span>
-
-func (b *scopedBackend) Stat(ctx context.Context, guid string) (*transfer.ObjectMetadata, error) <span class="cov0" title="0">{
-        if b.object == nil </span><span class="cov0" title="0">{
-                return b.base.Stat(ctx, guid)
+        <span class="cov7" title="4">if strings.TrimSpace(bucket) == "" </span><span class="cov6" title="3">{
+                return BucketMapping{}, false, nil
         }</span>
-        <span class="cov0" title="0">md := &amp;transfer.ObjectMetadata{
-                Size:         b.object.Size,
-                AcceptRanges: true,
-                Provider:     "drs",
-        }
-        return md, nil</span>
-}
-
-func (b *scopedBackend) GetReader(ctx context.Context, guid string) (io.ReadCloser, error) <span class="cov0" title="0">{
-        return b.download(ctx, nil, nil)
-}</span>
-
-func (b *scopedBackend) GetRangeReader(ctx context.Context, guid string, offset, length int64) (io.ReadCloser, error) <span class="cov0" title="0">{
-        if length &lt;= 0 </span><span class="cov0" title="0">{
-                return b.download(ctx, nil, nil)
+        <span class="cov1" title="1">prefix, err := GetGitConfigString(projectBucketKey(org, project, "prefix"))
+        if err != nil </span><span class="cov0" title="0">{
+                return BucketMapping{}, false, err
         }</span>
-        <span class="cov0" title="0">end := offset + length - 1
-        return b.download(ctx, &amp;offset, &amp;end)</span>
+        <span class="cov1" title="1">return BucketMapping{
+                Bucket: strings.TrimSpace(bucket),
+                Prefix: strings.Trim(strings.TrimSpace(prefix), "/"),
+        }, true, nil</span>
 }
 
-func (b *scopedBackend) GetWriter(ctx context.Context, guid string) (io.WriteCloser, error) <span class="cov0" title="0">{
-        return b.base.GetWriter(ctx, guid)
-}</span>
-
-func (b *scopedBackend) Upload(ctx context.Context, guid string, body io.Reader, size int64) error <span class="cov0" title="0">{
-        return b.base.Upload(ctx, guid, body, size)
-}</span>
-
-func (b *scopedBackend) MultipartInit(ctx context.Context, guid string) (string, error) <span class="cov0" title="0">{
-        return b.base.MultipartInit(ctx, guid)
-}</span>
-
-func (b *scopedBackend) MultipartPart(ctx context.Context, guid string, uploadID string, partNum int, body io.Reader) (string, error) <span class="cov0" title="0">{
-        return b.base.MultipartPart(ctx, guid, uploadID, partNum, body)
-}</span>
-
-func (b *scopedBackend) MultipartComplete(ctx context.Context, guid string, uploadID string, parts []transfer.MultipartPart) error <span class="cov0" title="0">{
-        return b.base.MultipartComplete(ctx, guid, uploadID, parts)
-}</span>
-
-func (b *scopedBackend) Delete(ctx context.Context, guid string) error <span class="cov0" title="0">{
-        return b.base.Delete(ctx, guid)
-}</span>
-
-func (b *scopedBackend) download(ctx context.Context, rangeStart, rangeEnd *int64) (io.ReadCloser, error) <span class="cov0" title="0">{
-        if b.accessURL == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("empty download URL")
-        }</span>
-        <span class="cov0" title="0">var opts []syrequest.RequestOption
-        if rangeStart != nil </span><span class="cov0" title="0">{
-                rangeHeader := "bytes=" + fmt.Sprintf("%d-", *rangeStart)
-                if rangeEnd != nil </span><span class="cov0" title="0">{
-                        rangeHeader += fmt.Sprintf("%d", *rangeEnd)
+func joinBucketPrefixes(parts ...string) string <span class="cov6" title="3">{
+        joined := make([]string, 0, len(parts))
+        for _, part := range parts </span><span class="cov10" title="6">{
+                part = strings.Trim(strings.TrimSpace(part), "/")
+                if part != "" </span><span class="cov6" title="3">{
+                        joined = append(joined, part)
                 }</span>
-                <span class="cov0" title="0">opts = append(opts, syrequest.WithHeader("Range", rangeHeader))</span>
         }
-        <span class="cov0" title="0">if sycommon.IsCloudPresignedURL(b.accessURL) </span><span class="cov0" title="0">{
-                opts = append(opts, syrequest.WithSkipAuth(true))
-        }</span>
-        <span class="cov0" title="0">var resp *http.Response
-        if err := b.requestor.Do(ctx, http.MethodGet, b.accessURL, nil, &amp;resp, opts...); err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">if resp.StatusCode &gt;= http.StatusBadRequest </span><span class="cov0" title="0">{
-                body, _ := io.ReadAll(resp.Body)
-                _ = resp.Body.Close()
-                return nil, fmt.Errorf("download failed: status=%d body=%s", resp.StatusCode, strings.TrimSpace(string(body)))
-        }</span>
-        <span class="cov0" title="0">return resp.Body, nil</span>
+        <span class="cov6" title="3">return strings.Join(joined, "/")</span>
 }
 </pre>
 		
-		<pre class="file" id="file44" style="display: none">package lfs
+		<pre class="file" id="file58" style="display: none">package gitrepo
 
 import (
-        "bytes"
-        "context"
         "fmt"
-        "io"
-        "log/slog"
-        "slices"
         "strings"
 
-        "github.com/git-lfs/pktline"
+        gitconfig "github.com/go-git/go-git/v5/plumbing/format/config"
 )
 
-// SmudgeFunc is called for each smudge (checkout) request.
-// req contains the pathname and command metadata.
-// ptr is the LFS pointer payload received from git (may be non-LFS content for untracked files).
-// dst is where the real file content must be written.
-type SmudgeFunc func(ctx context.Context, req FilterRequest, ptr io.Reader, dst io.Writer) error
-
-// CleanFunc is called for each clean (stage) request.
-// req contains the pathname and command metadata.
-// content is the full file content received from git.
-// dst is where the LFS pointer must be written.
-type CleanFunc func(ctx context.Context, req FilterRequest, content io.Reader, dst io.Writer) error
-
-// FilterRequest describes a single filter request from git.
-type FilterRequest struct {
-        // Command is "smudge" or "clean".
-        Command string
-        // Pathname is the repo-relative file path being processed.
-        Pathname string
-}
-
-// GitFilter implements the git long-running filter process protocol v2.
-//
-// Protocol reference:
-//
-//        https://git-scm.com/docs/gitattributes#_long_running_filter_process
-//
-// Usage:
-//
-//        f := NewGitFilter(os.Stdin, os.Stdout).
-//            OnSmudge(smudgeFn).
-//            OnClean(cleanFn)
-//        err := f.Run(ctx)
-type GitFilter struct {
-        pl     *pktline.Pktline
-        out    io.Writer
-        smudge SmudgeFunc
-        clean  CleanFunc
-        logger *slog.Logger
-}
-
-// NewGitFilter creates a GitFilter that reads from in and writes to out.
-func NewGitFilter(in io.Reader, out io.Writer, logger *slog.Logger) *GitFilter <span class="cov1" title="1">{
-        return &amp;GitFilter{
-                pl:     pktline.NewPktline(in, out),
-                out:    out,
-                logger: logger,
-        }
+func remoteTokenKey(remoteName string) string <span class="cov0" title="0">{
+        return fmt.Sprintf("drs.remote.%s.token", remoteName)
 }</span>
 
-// OnSmudge registers the smudge handler and returns the receiver for chaining.
-func (f *GitFilter) OnSmudge(fn SmudgeFunc) *GitFilter <span class="cov1" title="1">{
-        f.smudge = fn
-        return f
+func remoteUsernameKey(remoteName string) string <span class="cov10" title="2">{
+        return fmt.Sprintf("drs.remote.%s.username", remoteName)
 }</span>
 
-// OnClean registers the clean handler and returns the receiver for chaining.
-func (f *GitFilter) OnClean(fn CleanFunc) *GitFilter <span class="cov0" title="0">{
-        f.clean = fn
-        return f
+func remotePasswordKey(remoteName string) string <span class="cov10" title="2">{
+        return fmt.Sprintf("drs.remote.%s.password", remoteName)
 }</span>
 
-// Run performs the capability handshake and then processes filter requests
-// until the underlying reader is exhausted or the context is cancelled.
-func (f *GitFilter) Run(ctx context.Context) error <span class="cov1" title="1">{
-        f.logger.Debug("Starting git filter process")
-        if err := f.handshake(); err != nil </span><span class="cov0" title="0">{
-                f.logger.Debug(fmt.Sprintf("Handshake failed: %v", err))
-                return fmt.Errorf("git-filter: handshake: %w", err)
+func remoteLFSURL(endpoint string) string <span class="cov0" title="0">{
+        base := strings.TrimSpace(strings.TrimRight(endpoint, "/"))
+        if base == "" </span><span class="cov0" title="0">{
+                return ""
         }</span>
-        <span class="cov1" title="1">for </span><span class="cov10" title="2">{
-                if err := ctx.Err(); err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov10" title="2">if err := f.processOne(ctx); err != nil </span><span class="cov1" title="1">{
-                        if err == io.EOF </span><span class="cov1" title="1">{
-                                return nil
-                        }</span>
-                        <span class="cov0" title="0">return err</span>
-                }
-        }
+        <span class="cov0" title="0">return base + "/info/lfs"</span>
 }
 
-// --------------------------------------------------------------------------
-// Handshake
-// --------------------------------------------------------------------------
-
-// handshake implements the git filter v2 capability exchange.
-//
-// git → filter:
-//
-//        PKT-LINE("git-filter-client\n")
-//        PKT-LINE("version=2\n")
-//        flush-pkt
-//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
-//
-// filter → git:
-//
-//        PKT-LINE("git-filter-server\n")
-//        PKT-LINE("version=2\n")
-//        flush-pkt
-//        PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
-func (f *GitFilter) handshake() error <span class="cov1" title="1">{
-        // --- version negotiation from git ---
-        initMsg, err := f.pl.ReadPacketText()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading welcome: %w", err)
-        }</span>
-        <span class="cov1" title="1">if initMsg != "git-filter-client" </span><span class="cov0" title="0">{
-                return fmt.Errorf("expected 'git-filter-client', got %q", initMsg)
-        }</span>
-
-        <span class="cov1" title="1">versions, err := f.pl.ReadPacketList()
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading versions: %w", err)
-        }</span>
-        <span class="cov1" title="1">if !slices.Contains(versions, "version=2") </span><span class="cov0" title="0">{
-                return fmt.Errorf("unsupported filter protocol versions %v (requires version=2)", versions)
-        }</span>
+// GetRemoteToken reads a remote-specific bearer token from repo-local git config.
+func GetRemoteToken(remoteName string) (string, error) <span class="cov0" title="0">{
+        return GetGitConfigString(remoteTokenKey(remoteName))
+}</span>
 
-        // --- send our identity ---
-        <span class="cov1" title="1">if err := f.pl.WritePacketList([]string{"git-filter-server", "version=2"}); err != nil </span><span class="cov0" title="0">{
-                return err
+// SetRemoteToken stores a remote-specific bearer token in repo-local git config.
+func SetRemoteToken(remoteName, token string) error <span class="cov0" title="0">{
+        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
         }</span>
-
-        // --- read capabilities from git ---
-        <span class="cov1" title="1">if _, err := f.pl.ReadPacketList(); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading capabilities: %w", err)
+        <span class="cov0" title="0">if strings.TrimSpace(token) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("token is required")
         }</span>
-
-        // --- advertise our capabilities ---
-        <span class="cov1" title="1">return f.pl.WritePacketList([]string{"capability=clean", "capability=smudge"})</span>
+        <span class="cov0" title="0">configs := map[string]string{remoteTokenKey(remoteName): token}
+        return SetGitConfigOptions(configs)</span>
 }
 
-// --------------------------------------------------------------------------
-// Per-request processing
-// --------------------------------------------------------------------------
-
-func (f *GitFilter) processOne(ctx context.Context) error <span class="cov10" title="2">{
-        f.logger.Debug("Waiting for next filter request...")
-        req, err := f.readRequest()
-        if err != nil </span><span class="cov1" title="1">{
-                f.logger.Debug(fmt.Sprintf("Error reading filter request: %v", err))
-                return err
+func GetRemoteBasicAuth(remoteName string) (string, string, error) <span class="cov1" title="1">{
+        username, err := GetGitConfigString(remoteUsernameKey(remoteName))
+        if err != nil </span><span class="cov0" title="0">{
+                return "", "", err
         }</span>
-        <span class="cov1" title="1">f.logger.Debug("Received filter request", "command", req.Command, "pathname", req.Pathname)
-        // Read content (between the delimiter and the trailing flush).
-        content, err := f.readContent()
+        <span class="cov1" title="1">password, err := GetGitConfigString(remotePasswordKey(remoteName))
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("reading content for %s %s: %w", req.Command, req.Pathname, err)
+                return "", "", err
         }</span>
-
-        <span class="cov1" title="1">var handlerErr error
-        switch req.Command </span>{
-        case "smudge":<span class="cov1" title="1">
-                handlerErr = f.handleSmudge(ctx, req, content)</span>
-        case "clean":<span class="cov0" title="0">
-                handlerErr = f.handleClean(ctx, req, content)</span>
-        default:<span class="cov0" title="0">
-                // Unknown command: respond with error status and empty content.
-                handlerErr = fmt.Errorf("unknown command %q", req.Command)</span>
-        }
-
-        <span class="cov1" title="1">if handlerErr != nil </span><span class="cov0" title="0">{
-                // Send error status; git will use the pointer/raw bytes itself.
-                if err := f.pl.WritePacketList([]string{"status=error"}); err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">return nil</span>
-        }
-        <span class="cov1" title="1">return nil</span>
+        <span class="cov1" title="1">return strings.TrimSpace(username), strings.TrimSpace(password), nil</span>
 }
 
-func (f *GitFilter) handleSmudge(ctx context.Context, req FilterRequest, content []byte) error <span class="cov1" title="1">{
-        if f.smudge == nil </span><span class="cov0" title="0">{
-                return f.passthroughSmudge(content)
+func SetRemoteBasicAuth(remoteName, username, password string) error <span class="cov1" title="1">{
+        if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
         }</span>
-
-        <span class="cov1" title="1">var dst bytes.Buffer
-        if err := f.smudge(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">if strings.TrimSpace(username) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("username is required")
         }</span>
-        <span class="cov1" title="1">return f.writeSuccessResponse(dst.Bytes())</span>
+        <span class="cov1" title="1">if strings.TrimSpace(password) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("password is required")
+        }</span>
+        <span class="cov1" title="1">configs := map[string]string{
+                remoteUsernameKey(remoteName): username,
+                remotePasswordKey(remoteName): password,
+        }
+        return SetGitConfigOptions(configs)</span>
 }
 
-func (f *GitFilter) handleClean(ctx context.Context, req FilterRequest, content []byte) error <span class="cov0" title="0">{
-        if f.clean == nil </span><span class="cov0" title="0">{
-                return f.passthroughClean(content)
+// ConfigureCredentialHelperForRepo installs repo-local git credential helper wiring
+// so git-lfs uses standard git credential resolution.
+//
+// credential.helper is a multi-valued git config key: using SetOption would
+// overwrite any pre-existing helpers (e.g. a credential store with other remote
+// credentials).  We use AddOption instead, guarded by a presence check to avoid
+// accumulating duplicate entries on repeated calls.
+func ConfigureCredentialHelperForRepo() error <span class="cov0" title="0">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        <span class="cov0" title="0">var dst bytes.Buffer
-        if err := f.clean(ctx, req, bytes.NewReader(content), &amp;dst); err != nil </span><span class="cov0" title="0">{
+        <span class="cov0" title="0">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
                 return err
         }</span>
-        <span class="cov0" title="0">return f.writeSuccessResponse(dst.Bytes())</span>
-}
-
-// passthroughSmudge sends content as-is (smudge no-op).
-func (f *GitFilter) passthroughSmudge(content []byte) error <span class="cov0" title="0">{
-        return f.writeSuccessResponse(content)
-}</span>
 
-// passthroughClean sends content as-is (clean no-op).
-func (f *GitFilter) passthroughClean(content []byte) error <span class="cov0" title="0">{
-        return f.writeSuccessResponse(content)
-}</span>
+        <span class="cov0" title="0">const helperValue = "!git drs credential-helper"
+        credSection := conf.Raw.Section("credential")
 
-// writeSuccessResponse writes the success response including pkt-line framed content.
-//
-// Format:
-//
-//        PKT-LINE("status=success\n")
-//        flush-pkt
-//        [PKT-LINE(content chunks)]
-//        flush-pkt
-//        flush-pkt  (second flush signals end of command)
-func (f *GitFilter) writeSuccessResponse(data []byte) error <span class="cov1" title="1">{
-        if err := f.pl.WritePacketList([]string{"status=success"}); err != nil </span><span class="cov0" title="0">{
-                return err
+        if !containsOption(credSection.Options, "helper", helperValue) </span><span class="cov0" title="0">{
+                credSection.AddOption("helper", helperValue)
         }</span>
+        <span class="cov0" title="0">credSection.SetOption("useHttpPath", "true")
 
-        <span class="cov1" title="1">w := pktline.NewPktlineWriter(f.out, pktline.MaxPacketLength)
-        if len(data) &gt; 0 </span><span class="cov1" title="1">{
-                if _, err := w.Write(data); err != nil </span><span class="cov0" title="0">{
-                        return err
+        return repo.Storer.SetConfig(conf)</span>
+}
+
+func containsOption(opts gitconfig.Options, key, value string) bool <span class="cov0" title="0">{
+        for _, v := range opts.GetAll(key) </span><span class="cov0" title="0">{
+                if v == value </span><span class="cov0" title="0">{
+                        return true
                 }</span>
         }
-        <span class="cov1" title="1">if err := w.Flush(); err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-
-        // Send trailing key=value list (empty) terminated with flush.
-        <span class="cov1" title="1">return f.pl.WritePacketList(nil)</span>
+        <span class="cov0" title="0">return false</span>
 }
 
-// --------------------------------------------------------------------------
-// Helpers
-// --------------------------------------------------------------------------
-
-// readRequest reads the command header section terminated by a delimiter packet.
-// Returns (FilterRequest, nil) on success, or (_, io.EOF) if the stream is done.
-func (f *GitFilter) readRequest() (FilterRequest, error) <span class="cov10" title="2">{
-        requestList, err := f.pl.ReadPacketList()
-        if err != nil </span><span class="cov1" title="1">{
-                return FilterRequest{}, err
+// SetRemoteLFSURL stores the LFS API endpoint for the provided git remote.
+func SetRemoteLFSURL(remoteName, endpoint string) error <span class="cov0" title="0">{
+        lfsURL := remoteLFSURL(endpoint)
+        if lfsURL == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("endpoint is required")
         }</span>
-
-        <span class="cov1" title="1">var req FilterRequest
-        for _, line := range requestList </span><span class="cov10" title="2">{
-                if kv := strings.SplitN(line, "=", 2); len(kv) == 2 </span><span class="cov10" title="2">{
-                        switch kv[0] </span>{
-                        case "command":<span class="cov1" title="1">
-                                req.Command = kv[1]</span>
-                        case "pathname":<span class="cov1" title="1">
-                                req.Pathname = kv[1]</span>
-                        }
-                }
+        <span class="cov0" title="0">if strings.TrimSpace(remoteName) == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("remote name is required")
+        }</span>
+        <span class="cov0" title="0">configs := map[string]string{
+                fmt.Sprintf("remote.%s.lfsurl", remoteName): lfsURL,
         }
-        <span class="cov1" title="1">return req, nil</span>
+        return SetGitConfigOptions(configs)</span>
 }
-
-// readContent reads pkt-line data packets until a flush packet, returning all
-// data concatenated. git sends content flush-terminated.
-func (f *GitFilter) readContent() ([]byte, error) <span class="cov1" title="1">{
-        return io.ReadAll(pktline.NewPktlineReaderFromPktline(f.pl, pktline.MaxPacketLength))
-}</span>
 </pre>
 		
-		<pre class="file" id="file45" style="display: none">package lfs
+		<pre class="file" id="file59" style="display: none">package gitrepo
 
 import (
-        "bufio"
-        "fmt"
         "os"
+        "os/exec"
         "path/filepath"
+        "strconv"
         "strings"
+
+        "github.com/calypr/git-drs/internal/common"
+        "github.com/go-git/go-git/v5"
 )
 
-// UpsertDRSRouteLines adds or updates .gitattributes lines of the form:
-//
-//        &lt;pattern&gt; drs.route=&lt;ro|rw&gt;
-//
-// Returns changed=true if the file was modified.
-func UpsertDRSRouteLines(gitattributesPath string, mode string, patterns []string) (changed bool, err error) <span class="cov8" title="3">{
-        mode = strings.ToLower(strings.TrimSpace(mode))
-        if mode != "ro" &amp;&amp; mode != "rw" </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("invalid mode %q", mode)
+func DrsTopLevel() (string, error) <span class="cov0" title="0">{
+        base, err := GitTopLevel()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
         }</span>
+        <span class="cov0" title="0">return filepath.Join(base, common.DRS_DIR), nil</span>
+}
 
-        // Normalize patterns (preserve original spelling except trim).
-        <span class="cov8" title="3">want := make(map[string]string, len(patterns))
-        order := make([]string, 0, len(patterns))
-        for _, p := range patterns </span><span class="cov8" title="3">{
-                p = strings.TrimSpace(p)
-                if p == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov8" title="3">if _, ok := want[p]; !ok </span><span class="cov8" title="3">{
-                        want[p] = p
-                        order = append(order, p)
-                }</span>
-        }
-        <span class="cov8" title="3">if len(order) == 0 </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("no patterns provided")
+// GetRepo opens the current git repository
+func GetRepo() (*git.Repository, error) <span class="cov8" title="12">{
+        cwd, err := os.Getwd()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov8" title="12">return git.PlainOpenWithOptions(cwd, &amp;git.PlainOpenOptions{DetectDotGit: true})</span>
+}
+
+// GitTopLevel returns the absolute path of the git repository root
+func GitTopLevel() (string, error) <span class="cov0" title="0">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov0" title="0">wt, err := repo.Worktree()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov0" title="0">return wt.Filesystem.Root(), nil</span>
+}
+
+// GetGitConfigString reads a string value from git config using the git command
+// to ensure we pick up values from all scopes (system, global, local).
+func GetGitConfigString(key string) (string, error) <span class="cov10" title="24">{
+        cmd := exec.Command("git", "config", "--get", key)
+        out, err := cmd.Output()
+        if err != nil </span><span class="cov7" title="9">{
+                // git config returns exit code 1 if the key is not found
+                return "", nil
+        }</span>
+        <span class="cov8" title="15">return strings.TrimSpace(string(out)), nil</span>
+}
+
+// GetGitConfigInt reads an integer value from git config
+func GetGitConfigInt(key string, defaultValue int64) int64 <span class="cov0" title="0">{
+        valStr, err := GetGitConfigString(key)
+        if err != nil || valStr == "" </span><span class="cov0" title="0">{
+                return defaultValue
+        }</span>
+        <span class="cov0" title="0">val, err := strconv.ParseInt(valStr, 10, 64)
+        if err != nil </span><span class="cov0" title="0">{
+                return defaultValue
         }</span>
+        <span class="cov0" title="0">return val</span>
+}
 
-        // Read existing file if present.
-        <span class="cov8" title="3">var lines []string
-        data, readErr := os.ReadFile(gitattributesPath)
-        if readErr == nil </span><span class="cov5" title="2">{
-                sc := bufio.NewScanner(strings.NewReader(string(data)))
-                for sc.Scan() </span><span class="cov8" title="3">{
-                        lines = append(lines, sc.Text())
-                }</span>
-                <span class="cov5" title="2">if err := sc.Err(); err != nil </span><span class="cov0" title="0">{
-                        return false, fmt.Errorf("read %s: %w", gitattributesPath, err)
-                }</span>
-        } else<span class="cov1" title="1"> if !os.IsNotExist(readErr) </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("read %s: %w", gitattributesPath, readErr)
+// GetGitConfigBool reads a boolean value from git config
+func GetGitConfigBool(key string, defaultValue bool) bool <span class="cov0" title="0">{
+        valStr, err := GetGitConfigString(key)
+        if err != nil || valStr == "" </span><span class="cov0" title="0">{
+                return defaultValue
         }</span>
+        <span class="cov0" title="0">val, err := strconv.ParseBool(valStr)
+        if err != nil </span><span class="cov0" title="0">{
+                return defaultValue
+        }</span>
+        <span class="cov0" title="0">return val</span>
+}
 
-        // Build index of existing drs.route lines.
-        // We match "pattern ... drs.route=&lt;x&gt;" in a whitespace-tolerant way, but only update
-        // if the first token equals the pattern exactly.
-        <span class="cov8" title="3">seen := make(map[string]int) // pattern -&gt; line index
-        for i, line := range lines </span><span class="cov8" title="3">{
-                pat, _, ok := parseRouteLine(line)
-                if ok </span><span class="cov5" title="2">{
-                        seen[pat] = i
-                }</span>
-        }
-
-        // Apply upserts.
-        <span class="cov8" title="3">for _, pat := range order </span><span class="cov8" title="3">{
-                newLine := fmt.Sprintf("%s drs.route=%s", pat, mode)
+func SetGitConfigOptions(configs map[string]string) error <span class="cov7" title="11">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov7" title="11">conf, err := repo.Config()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
 
-                if idx, ok := seen[pat]; ok </span><span class="cov5" title="2">{
-                        // Update only if different
-                        if strings.TrimSpace(lines[idx]) != newLine </span><span class="cov1" title="1">{
-                                lines[idx] = newLine
-                                changed = true
-                        }</span>
-                } else<span class="cov1" title="1"> {
-                        lines = append(lines, newLine)
-                        changed = true
+        <span class="cov7" title="11">for key, value := range configs </span><span class="cov9" title="19">{
+                parts := strings.Split(key, ".")
+                if len(parts) == 2 </span><span class="cov0" title="0">{
+                        conf.Raw.Section(parts[0]).SetOption(parts[1], value)
+                }</span> else<span class="cov9" title="19"> if len(parts) &gt; 2 </span><span class="cov9" title="19">{
+                        // Handle subsections e.g. lfs.customtransfer.drs.path or drs.remote.origin.type
+                        section := parts[0]
+                        subsection := strings.Join(parts[1:len(parts)-1], ".")
+                        key := parts[len(parts)-1]
+                        conf.Raw.Section(section).Subsection(subsection).SetOption(key, value)
                 }</span>
         }
 
-        <span class="cov8" title="3">if !changed &amp;&amp; readErr == nil </span><span class="cov1" title="1">{
-                return false, nil
-        }</span>
+        <span class="cov7" title="11">return repo.Storer.SetConfig(conf)</span>
+}
 
-        // Ensure directory exists (it should, but be safe).
-        <span class="cov5" title="2">if err := os.MkdirAll(filepath.Dir(gitattributesPath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("mkdir %s: %w", filepath.Dir(gitattributesPath), err)
-        }</span>
+// UnsetGitConfigOptions removes git config keys from local repo config.
+// Missing keys are ignored.
+func UnsetGitConfigOptions(keys []string) error <span class="cov4" title="3">{
+        for _, key := range keys </span><span class="cov4" title="3">{
+                cmd := exec.Command("git", "config", "--unset-all", key)
+                if err := cmd.Run(); err != nil </span><span class="cov1" title="1">{
+                        // git exits non-zero when the key doesn't exist; this is safe to ignore.
+                        continue</span>
+                }
+        }
+        <span class="cov4" title="3">return nil</span>
+}
 
-        // Write back with trailing newline.
-        <span class="cov5" title="2">out := strings.Join(lines, "\n")
-        if !strings.HasSuffix(out, "\n") </span><span class="cov5" title="2">{
-                out += "\n"
+// GetGitHooksDir returns the absolute path to the .git/hooks directory
+func GetGitHooksDir() (string, error) <span class="cov1" title="1">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
         }</span>
-        <span class="cov5" title="2">if err := os.WriteFile(gitattributesPath, []byte(out), 0o644); err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("write %s: %w", gitattributesPath, err)
+        <span class="cov1" title="1">wt, err := repo.Worktree()
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
         }</span>
-        <span class="cov5" title="2">return true, nil</span>
+        // This is a simplification; for complex setups (submodules, worktrees),
+        // we might need more robust logic, but this matches previous behavior.
+        <span class="cov1" title="1">return filepath.Join(wt.Filesystem.Root(), ".git", "hooks"), nil</span>
 }
 
-// parseRouteLine returns (pattern, mode, ok) for lines like:
-//
-//        scratch/** drs.route=rw
-//
-// It ignores comments and blank lines.
-func parseRouteLine(line string) (pattern string, mode string, ok bool) <span class="cov10" title="4">{
-        s := strings.TrimSpace(line)
-        if s == "" || strings.HasPrefix(s, "#") </span><span class="cov1" title="1">{
-                return "", "", false
+// AddFile adds a file to the git staging area (index)
+func AddFile(path string) error <span class="cov0" title="0">{
+        repo, err := GetRepo()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        // Tokenize by whitespace.
-        <span class="cov8" title="3">parts := strings.Fields(s)
-        if len(parts) &lt; 2 </span><span class="cov0" title="0">{
-                return "", "", false
+        <span class="cov0" title="0">wt, err := repo.Worktree()
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        <span class="cov8" title="3">pat := parts[0]
-        for _, tok := range parts[1:] </span><span class="cov8" title="3">{
-                if strings.HasPrefix(tok, "drs.route=") </span><span class="cov8" title="3">{
-                        val := strings.TrimPrefix(tok, "drs.route=")
-                        val = strings.ToLower(strings.TrimSpace(val))
-                        if val == "ro" || val == "rw" </span><span class="cov8" title="3">{
-                                return pat, val, true
-                        }</span>
-                        // present but invalid -&gt; treat as not-ok to avoid “fixing” unknown formats silently
-                        <span class="cov0" title="0">return "", "", false</span>
-                }
-        }
-        <span class="cov0" title="0">return "", "", false</span>
+        <span class="cov0" title="0">_, err = wt.Add(path)
+        return err</span>
 }
 </pre>
 		
-		<pre class="file" id="file46" style="display: none">package lfs
+		<pre class="file" id="file60" style="display: none">package lfs
 
 import (
-        "bufio"
         "bytes"
         "context"
         "errors"
         "fmt"
+        "log/slog"
         "os"
         "os/exec"
         "path/filepath"
-        "runtime"
+        "regexp"
+        "strconv"
         "strings"
 
-        "github.com/calypr/git-drs/internal/gitrepo"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        "github.com/calypr/syfon/client/hash"
 )
 
-// runGitAllowMissing treats "key not found" as empty output, not an error.
-func runGitAllowMissing(ctx context.Context, args ...string) (string, error) <span class="cov5" title="4">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        // Use Output() to get stdout only.
-        // GIT_TRACE et al go to stderr.
-        b, err := cmd.Output()
-        //if err != nil {
-        //        // "git config --get missing.key" exits 1 with empty output.
-        //        var exitErr *exec.ExitError
-        //        if errors.As(err, &amp;exitErr) &amp;&amp; exitErr.ExitCode() == 1 {
-        //                return "", nil
-        //        }
-        //}
-        if err != nil </span><span class="cov1" title="1">{
-                // "git config --get missing.key" exits 1 with empty output.
-                s := strings.TrimSpace(string(b))
-                if s == "" </span><span class="cov1" title="1">{
-                        return "", nil
-                }</span>
-                <span class="cov0" title="0">return "", fmt.Errorf("%v: &gt;%s&lt;", err, s)</span>
-        }
-        <span class="cov4" title="3">return string(b), nil</span>
+// LfsFileInfo represents a Git LFS pointer discovered in Git history or CLI output.
+type LfsFileInfo struct {
+        Name       string `json:"name"`
+        Size       int64  `json:"size"`
+        Checkout   bool   `json:"checkout"`
+        Downloaded bool   `json:"downloaded"`
+        IsPointer  bool   `json:"is_pointer,omitempty"`
+        OidType    string `json:"oid_type"`
+        Oid        string `json:"oid"`
+        Version    string `json:"version"`
 }
 
-// resolveLFSRoot implements:
-// - if `git config --get lfs.storage` is set: use it
-//   - if relative: resolve relative to GitCommonDir (this is how git-lfs treats it in practice)
-//
-// - else: &lt;GitCommonDir&gt;/lfs
-func resolveLFSRoot(ctx context.Context, gitCommonDir string) (string, error) <span class="cov5" title="4">{
-        // NOTE: git config --get returns exit status 1 if key not found.
-        out, err := runGitAllowMissing(ctx, "config", "--get", "lfs.storage")
+func IsLFSTracked(path string) (bool, error) <span class="cov2" title="2">{
+        if path == "" </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("path is empty")
+        }</span>
+
+        <span class="cov2" title="2">cmd := exec.Command("git", "check-attr", "filter", "--", filepath.ToSlash(path))
+        var out bytes.Buffer
+        cmd.Stdout = &amp;out
+        cmd.Stderr = &amp;out
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                return false, fmt.Errorf("git check-attr failed: %w (%s)", err, out.String())
+        }</span>
+
+        <span class="cov2" title="2">fields := strings.Split(out.String(), ":")
+        if len(fields) &lt; 3 </span><span class="cov0" title="0">{
+                return false, nil
+        }</span>
+        <span class="cov2" title="2">return isTrackedFilter(strings.TrimSpace(fields[2])), nil</span>
+}
+
+func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov1" title="1">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
+        }</span>
+        <span class="cov1" title="1">repoDir, err := os.Getwd()
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git config --get lfs.storage failed: %w", err)
+                return nil, err
         }</span>
-        <span class="cov5" title="4">val := strings.TrimSpace(out)
 
-        if val == "" </span><span class="cov1" title="1">{
-                return filepath.Clean(filepath.Join(gitCommonDir, "lfs")), nil
+        <span class="cov1" title="1">if gitRemoteName == "" </span><span class="cov0" title="0">{
+                gitRemoteName = "origin"
         }</span>
+        <span class="cov1" title="1">if gitRemoteLocation != "" </span><span class="cov0" title="0">{
+                logger.Debug(fmt.Sprintf("Using git remote %s at %s for LFS inventory", gitRemoteName, gitRemoteLocation))
+        }</span> else<span class="cov1" title="1"> {
+                logger.Debug(fmt.Sprintf("Using git remote %s for LFS inventory", gitRemoteName))
+        }</span>
+        <span class="cov1" title="1">logger.Debug("Scanning Git refs for LFS pointer files (no git lfs CLI required)")
 
-        // Expand ~ if present (nice-to-have).
-        <span class="cov4" title="3">if strings.HasPrefix(val, "~") &amp;&amp; (len(val) == 1 || val[1] == '/' || val[1] == '\\') </span><span class="cov1" title="1">{
-                home, herr := userHomeDir()
-                if herr == nil &amp;&amp; home != "" </span><span class="cov1" title="1">{
-                        val = filepath.Join(home, strings.TrimPrefix(val, "~"))
+        // no timeout for now
+        ctx := context.Background()
+        refs := buildRefs(branches)
+        lfsFileMap := make(map[string]LfsFileInfo)
+        for _, ref := range refs </span><span class="cov2" title="2">{
+                if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
                 }</span>
         }
 
-        <span class="cov4" title="3">if !filepath.IsAbs(val) </span><span class="cov1" title="1">{
-                val = filepath.Join(gitCommonDir, val)
-        }</span>
-        <span class="cov4" title="3">return filepath.Clean(val), nil</span>
+        <span class="cov1" title="1">return lfsFileMap, nil</span>
 }
 
-func runGit(ctx context.Context, args ...string) (string, error) <span class="cov5" title="4">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        b, err := cmd.CombinedOutput()
+// GetLfsFilesForRefs scans arbitrary refs or SHAs and returns the LFS pointer
+// files present in those trees.
+func GetLfsFilesForRefs(refs []string, logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov0" title="0">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
+        }</span>
+        <span class="cov0" title="0">repoDir, err := os.Getwd()
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("%v: %s", err, strings.TrimSpace(string(b)))
+                return nil, err
         }</span>
-        <span class="cov5" title="4">return string(b), nil</span>
+
+        <span class="cov0" title="0">ctx := context.Background()
+        lfsFileMap := make(map[string]LfsFileInfo)
+        seen := make(map[string]struct{}, len(refs))
+        for _, ref := range refs </span><span class="cov0" title="0">{
+                ref = strings.TrimSpace(ref)
+                if ref == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">if _, ok := seen[ref]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">seen[ref] = struct{}{}
+                if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+        }
+        <span class="cov0" title="0">return lfsFileMap, nil</span>
 }
 
-func userHomeDir() (string, error) <span class="cov1" title="1">{
-        // Avoid os/user on some cross-compile scenarios; keep it simple.
-        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
-                // Not your target, but safe fallback.
-                return "", errors.New("home expansion not supported on windows in this helper")
+// GetWorktreeLfsFiles scans the current checkout and returns tracked files whose
+// worktree content is currently a valid Git LFS pointer. This is the fast path
+// for interactive commands like `git-drs ls-files`.
+func GetWorktreeLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov2" title="2">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
         }</span>
-        <span class="cov1" title="1">if home := strings.TrimSpace(os.Getenv("HOME")); home != "" </span><span class="cov1" title="1">{
-                return home, nil
+        <span class="cov2" title="2">repoDir, err := os.Getwd()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
         }</span>
-        // macOS/Linux
-        <span class="cov0" title="0">out, err := exec.Command("sh", "-lc", "printf %s \"$HOME\"").CombinedOutput()
+        <span class="cov2" title="2">logger.Debug("Scanning current worktree for LFS pointer files")
+        ctx := context.Background()
+        paths, err := listTrackedWorktreeFiles(ctx, repoDir)
         if err != nil </span><span class="cov0" title="0">{
-                return "", err
+                return nil, err
         }</span>
-        <span class="cov0" title="0">return strings.TrimSpace(string(out)), nil</span>
+        <span class="cov2" title="2">files := make(map[string]LfsFileInfo)
+        for _, path := range paths </span><span class="cov4" title="4">{
+                payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
+                if err != nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov4" title="4">pointer, ok := parseLFSPointer(string(payload))
+                if !ok </span><span class="cov4" title="3">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">files[path] = LfsFileInfo{
+                        Name:      path,
+                        Size:      pointer.Size,
+                        IsPointer: true,
+                        OidType:   pointer.OidType,
+                        Oid:       pointer.Oid,
+                        Version:   pointer.Version,
+                }</span>
+        }
+        <span class="cov2" title="2">return files, nil</span>
 }
 
-func GetGitAttribute(ctx context.Context, attr string, path string) (string, error) <span class="cov0" title="0">{
-        out, err := runGit(ctx, "check-attr", attr, "--", path)
+// GetTrackedLfsFiles scans the current checkout and returns files that are LFS
+// tracked according to Git attributes. Pointer metadata is taken from the
+// worktree when still present, or from the index when the worktree has already
+// been hydrated.
+func GetTrackedLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov1" title="1">{
+        if logger == nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("logger is required")
+        }</span>
+        <span class="cov1" title="1">repoDir, err := os.Getwd()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">logger.Debug("Scanning current worktree for LFS-tracked files")
+        ctx := context.Background()
+        paths, err := listTrackedWorktreeFiles(ctx, repoDir)
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git check-attr failed: %w", err)
+                return nil, err
         }</span>
-        <span class="cov0" title="0">return out, nil</span>
-}
-
-//
-// --- Git helpers ---
-//
-
-func GitLFSTrack(ctx context.Context, path string) (bool, error) <span class="cov0" title="0">{
-        out, err := GitLFSTrackPatterns(ctx, []string{path}, false, false)
+        <span class="cov1" title="1">tracked, err := filterLfsTrackedPaths(ctx, repoDir, paths)
         if err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("git drs track failed: %w", err)
+                return nil, err
         }</span>
-        <span class="cov0" title="0">return strings.Contains(out, "Tracking \""), nil</span>
+        <span class="cov1" title="1">files := make(map[string]LfsFileInfo, len(tracked))
+        for _, path := range tracked </span><span class="cov1" title="1">{
+                if info, ok := readWorktreePointerInfo(repoDir, path); ok </span><span class="cov0" title="0">{
+                        files[path] = info
+                        continue</span>
+                }
+                <span class="cov1" title="1">if info, ok := readIndexPointerInfo(ctx, repoDir, path); ok </span><span class="cov1" title="1">{
+                        files[path] = info
+                }</span>
+        }
+        <span class="cov1" title="1">return files, nil</span>
 }
 
-func GitLFSTrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
-        _ = ctx
-        changedAttribLines := make(map[string]string, len(patterns))
-        var output strings.Builder
-
-        attribContents, err := readLocalGitAttributes()
+func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error <span class="cov2" title="2">{
+        paths, err := grepPointerPaths(ctx, repoDir, ref)
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs track failed: %w", err)
+                return fmt.Errorf("git grep failed for %s: %w", ref, err)
         }</span>
-
-        <span class="cov3" title="2">knownPatterns := parseKnownLFSPatterns(attribContents)
-
-        for _, unsanitizedPattern := range patterns </span><span class="cov4" title="3">{
-                pattern := trimCurrentPrefix(cleanRootPath(unsanitizedPattern))
-                encodedArg := escapeAttrPattern(pattern)
-
-                if knownLine, ok := knownPatterns[pattern]; ok </span><span class="cov0" title="0">{
-                        if strings.Contains(knownLine, "filter=drs") &amp;&amp; strings.Contains(knownLine, "diff=drs") &amp;&amp; strings.Contains(knownLine, "merge=drs") &amp;&amp; strings.Contains(knownLine, "-text") </span><span class="cov0" title="0">{
-                                output.WriteString(fmt.Sprintf("%q already supported\n", pattern))
-                                continue</span>
-                        }
+        <span class="cov2" title="2">for _, path := range paths </span><span class="cov4" title="3">{
+                blob, err := runGitCommand(ctx, repoDir, "show", fmt.Sprintf("%s:%s", ref, path))
+                if err != nil </span><span class="cov0" title="0">{
+                        logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob", path, ref))
+                        continue</span>
                 }
 
-                <span class="cov4" title="3">changedAttribLines[pattern] = fmt.Sprintf("%s filter=drs diff=drs merge=drs -text", encodedArg)
-                output.WriteString(fmt.Sprintf("Tracking %q\n", unescapeAttrPattern(encodedArg)))
-
-                if verbose </span><span class="cov0" title="0">{
-                        output.WriteString(fmt.Sprintf("Searching for files matching pattern: %s\n", pattern))
-                        output.WriteString(fmt.Sprintf("Found %d files previously added to Git matching pattern: %s\n", 0, pattern))
-                }</span>
-        }
+                <span class="cov4" title="3">pointer, ok := parseLFSPointer(blob)
+                if !ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
 
-        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
-                if err := writeMergedGitAttributes(attribContents, changedAttribLines, false); err != nil </span><span class="cov0" title="0">{
-                        return "", fmt.Errorf("git drs track failed: %w", err)
+                <span class="cov4" title="3">lfsFileMap[path] = LfsFileInfo{
+                        Name:      path,
+                        Size:      pointer.Size,
+                        IsPointer: true,
+                        OidType:   pointer.OidType,
+                        Oid:       pointer.Oid,
+                        Version:   pointer.Version,
                 }</span>
         }
 
-        <span class="cov3" title="2">return output.String(), nil</span>
+        <span class="cov2" title="2">return nil</span>
 }
 
-func GitLFSListTrackedPatterns(ctx context.Context, verbose bool) (string, error) <span class="cov1" title="1">{
-        _ = ctx
-        _ = verbose
-
-        attribContents, err := readLocalGitAttributes()
+func listTrackedWorktreeFiles(ctx context.Context, repoDir string) ([]string, error) <span class="cov4" title="3">{
+        out, err := runGitCommand(ctx, repoDir, "ls-files", "-z")
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs track failed: %w", err)
+                return nil, fmt.Errorf("git ls-files failed: %w", err)
         }</span>
-
-        <span class="cov1" title="1">scanner := bufio.NewScanner(bytes.NewReader(attribContents))
-        var patterns []string
-        for scanner.Scan() </span><span class="cov3" title="2">{
-                line := scanner.Text()
-                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov3" title="2">fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+        <span class="cov4" title="3">raw := strings.Split(out, "\x00")
+        paths := make([]string, 0, len(raw))
+        for _, entry := range raw </span><span class="cov7" title="9">{
+                entry = strings.TrimSpace(entry)
+                if entry == "" </span><span class="cov4" title="3">{
                         continue</span>
                 }
-                <span class="cov3" title="2">patterns = append(patterns, unescapeAttrPattern(fields[0]))</span>
+                <span class="cov6" title="6">paths = append(paths, entry)</span>
         }
-        <span class="cov1" title="1">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs track failed: parse .gitattributes: %w", err)
-        }</span>
+        <span class="cov4" title="3">return paths, nil</span>
+}
 
-        <span class="cov1" title="1">if len(patterns) == 0 </span><span class="cov0" title="0">{
-                return "", nil
+func filterLfsTrackedPaths(ctx context.Context, repoDir string, paths []string) ([]string, error) <span class="cov1" title="1">{
+        if len(paths) == 0 </span><span class="cov0" title="0">{
+                return nil, nil
         }</span>
 
-        <span class="cov1" title="1">var out strings.Builder
-        out.WriteString("Listing tracked patterns\n")
-        for _, p := range patterns </span><span class="cov3" title="2">{
-                out.WriteString(fmt.Sprintf("    %s (.gitattributes)\n", p))
-        }</span>
-        <span class="cov1" title="1">return out.String(), nil</span>
+        <span class="cov1" title="1">cmd := exec.CommandContext(ctx, "git", "check-attr", "-z", "--stdin", "filter")
+        cmd.Dir = repoDir
+        cmd.Stdin = strings.NewReader(strings.Join(paths, "\x00") + "\x00")
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
+                }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("git check-attr failed: %s", msg)</span>
+        }
+
+        <span class="cov1" title="1">raw := strings.Split(stdout.String(), "\x00")
+        filtered := make([]string, 0, len(paths))
+        for i := 0; i+2 &lt; len(raw); i += 3 </span><span class="cov2" title="2">{
+                path := strings.TrimSpace(raw[i])
+                attr := strings.TrimSpace(raw[i+1])
+                value := strings.TrimSpace(raw[i+2])
+                if path == "" || attr != "filter" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov2" title="2">if isTrackedFilter(value) </span><span class="cov1" title="1">{
+                        filtered = append(filtered, path)
+                }</span>
+        }
+        <span class="cov1" title="1">return filtered, nil</span>
 }
 
-func GitLFSUntrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) <span class="cov3" title="2">{
-        _ = ctx
-        _ = verbose
+func isTrackedFilter(value string) bool <span class="cov4" title="4">{
+        switch strings.TrimSpace(value) </span>{
+        case "lfs", "drs":<span class="cov2" title="2">
+                return true</span>
+        default:<span class="cov2" title="2">
+                return false</span>
+        }
+}
 
-        attribContents, err := readLocalGitAttributes()
+func readWorktreePointerInfo(repoDir, path string) (LfsFileInfo, bool) <span class="cov1" title="1">{
+        payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
         if err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git drs untrack failed: %w", err)
+                return LfsFileInfo{}, false
         }</span>
-        <span class="cov3" title="2">if len(attribContents) == 0 </span><span class="cov0" title="0">{
-                return "", nil
+        <span class="cov1" title="1">pointer, ok := parseLFSPointer(string(payload))
+        if !ok </span><span class="cov1" title="1">{
+                return LfsFileInfo{}, false
         }</span>
+        <span class="cov0" title="0">return LfsFileInfo{
+                Name:      path,
+                Size:      pointer.Size,
+                IsPointer: true,
+                OidType:   pointer.OidType,
+                Oid:       pointer.Oid,
+                Version:   pointer.Version,
+        }, true</span>
+}
 
-        <span class="cov3" title="2">removeSet := make(map[string]struct{}, len(patterns))
-        for _, p := range patterns </span><span class="cov3" title="2">{
-                escaped := escapeAttrPattern(trimCurrentPrefix(p))
-                removeSet[escaped] = struct{}{}
+func readIndexPointerInfo(ctx context.Context, repoDir, path string) (LfsFileInfo, bool) <span class="cov1" title="1">{
+        blob, err := runGitCommand(ctx, repoDir, "show", ":"+path)
+        if err != nil </span><span class="cov0" title="0">{
+                return LfsFileInfo{}, false
         }</span>
-
-        <span class="cov3" title="2">var out strings.Builder
-        var keptLines []string
-        scanner := bufio.NewScanner(bytes.NewReader(attribContents))
-        for scanner.Scan() </span><span class="cov4" title="3">{
-                line := scanner.Text()
-                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
-                        keptLines = append(keptLines, line)
-                        continue</span>
-                }
-
-                <span class="cov4" title="3">fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
-                        keptLines = append(keptLines, line)
-                        continue</span>
-                }
-
-                <span class="cov4" title="3">path := trimCurrentPrefix(fields[0])
-                if _, ok := removeSet[path]; ok </span><span class="cov3" title="2">{
-                        out.WriteString(fmt.Sprintf("Untracking %q\n", unescapeAttrPattern(path)))
-                        continue</span>
-                }
-
-                <span class="cov1" title="1">keptLines = append(keptLines, line)</span>
-        }
-        <span class="cov3" title="2">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("git lfs untrack failed: parse .gitattributes: %w", err)
+        <span class="cov1" title="1">pointer, ok := parseLFSPointer(blob)
+        if !ok </span><span class="cov0" title="0">{
+                return LfsFileInfo{}, false
         }</span>
+        <span class="cov1" title="1">return LfsFileInfo{
+                Name:      path,
+                Size:      pointer.Size,
+                IsPointer: false,
+                OidType:   pointer.OidType,
+                Oid:       pointer.Oid,
+                Version:   pointer.Version,
+        }, true</span>
+}
 
-        <span class="cov3" title="2">if !dryRun </span><span class="cov1" title="1">{
-                content := strings.Join(keptLines, "\n")
-                if content != "" </span><span class="cov1" title="1">{
-                        content += "\n"
+func grepPointerPaths(ctx context.Context, repoDir, ref string) ([]string, error) <span class="cov2" title="2">{
+        cmd := exec.CommandContext(ctx, "git", "grep", "-z", "-l", "https://git-lfs.github.com/spec/v1", ref, "--")
+        cmd.Dir = repoDir
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        err := cmd.Run()
+        if err != nil </span><span class="cov0" title="0">{
+                var exitErr *exec.ExitError
+                if errors.As(err, &amp;exitErr) &amp;&amp; exitErr.ExitCode() == 1 </span><span class="cov0" title="0">{
+                        return nil, nil
                 }</span>
-                <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
-                        return "", fmt.Errorf("git lfs untrack failed: write .gitattributes: %w", err)
+                <span class="cov0" title="0">msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
                 }</span>
+                <span class="cov0" title="0">return nil, fmt.Errorf("%s", msg)</span>
         }
 
-        <span class="cov3" title="2">return out.String(), nil</span>
+        <span class="cov2" title="2">raw := strings.Split(stdout.String(), "\x00")
+        paths := make([]string, 0, len(raw))
+        prefix := ref + ":"
+        for _, entry := range raw </span><span class="cov5" title="5">{
+                entry = strings.TrimSpace(entry)
+                if entry == "" </span><span class="cov2" title="2">{
+                        continue</span>
+                }
+                <span class="cov4" title="3">path := entry
+                if strings.HasPrefix(path, prefix) </span><span class="cov4" title="3">{
+                        path = strings.TrimPrefix(path, prefix)
+                }</span>
+                <span class="cov4" title="3">paths = append(paths, path)</span>
+        }
+        <span class="cov2" title="2">return paths, nil</span>
 }
 
-func readLocalGitAttributes() ([]byte, error) <span class="cov6" title="5">{
-        data, err := os.ReadFile(".gitattributes")
-        if err != nil </span><span class="cov3" title="2">{
-                if os.IsNotExist(err) </span><span class="cov3" title="2">{
-                        return nil, nil
+func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) <span class="cov6" title="7">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Dir = repoDir
+        var stdout, stderr bytes.Buffer
+        cmd.Stdout = &amp;stdout
+        cmd.Stderr = &amp;stderr
+        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
+                msg := strings.TrimSpace(stderr.String())
+                if msg == "" </span><span class="cov0" title="0">{
+                        msg = err.Error()
                 }</span>
-                <span class="cov0" title="0">return nil, fmt.Errorf("read .gitattributes: %w", err)</span>
+                <span class="cov0" title="0">return "", fmt.Errorf("%s", msg)</span>
         }
-        <span class="cov4" title="3">return data, nil</span>
+        <span class="cov6" title="7">return stdout.String(), nil</span>
 }
 
-func parseKnownLFSPatterns(content []byte) map[string]string <span class="cov3" title="2">{
-        known := make(map[string]string)
-        scanner := bufio.NewScanner(bytes.NewReader(content))
-        for scanner.Scan() </span><span class="cov0" title="0">{
-                line := scanner.Text()
-                if !strings.Contains(line, "filter=drs") </span><span class="cov0" title="0">{
+type lfsPointer struct {
+        Version string
+        OidType string
+        Oid     string
+        Size    int64
+}
+
+func parseLFSPointer(content string) (lfsPointer, bool) <span class="cov7" title="9">{
+        var p lfsPointer
+        sha256Re := regexp.MustCompile(`(?i)^[a-f0-9]{64}$`)
+
+        for _, line := range strings.Split(strings.ReplaceAll(content, "\r\n", "\n"), "\n") </span><span class="cov10" title="24">{
+                line = strings.TrimSpace(line)
+                if line == "" </span><span class="cov5" title="5">{
                         continue</span>
                 }
-                <span class="cov0" title="0">fields := strings.Fields(line)
-                if len(fields) &lt; 1 </span><span class="cov0" title="0">{
+                <span class="cov9" title="19">if strings.HasPrefix(line, "version ") </span><span class="cov5" title="5">{
+                        p.Version = strings.TrimSpace(strings.TrimPrefix(line, "version "))
                         continue</span>
                 }
-                <span class="cov0" title="0">known[unescapeAttrPattern(fields[0])] = line</span>
+                <span class="cov8" title="14">if strings.HasPrefix(line, "oid ") </span><span class="cov5" title="5">{
+                        oidSpec := strings.TrimSpace(strings.TrimPrefix(line, "oid "))
+                        parts := strings.SplitN(oidSpec, ":", 2)
+                        if len(parts) != 2 </span><span class="cov0" title="0">{
+                                return lfsPointer{}, false
+                        }</span>
+                        <span class="cov5" title="5">p.OidType = strings.TrimSpace(parts[0])
+                        p.Oid = strings.TrimSpace(parts[1])
+                        continue</span>
+                }
+                <span class="cov7" title="9">if strings.HasPrefix(line, "size ") </span><span class="cov5" title="5">{
+                        szStr := strings.TrimSpace(strings.TrimPrefix(line, "size "))
+                        sz, err := strconv.ParseInt(szStr, 10, 64)
+                        if err != nil || sz &lt; 0 </span><span class="cov0" title="0">{
+                                return lfsPointer{}, false
+                        }</span>
+                        <span class="cov5" title="5">p.Size = sz</span>
+                }
         }
-        <span class="cov3" title="2">return known</span>
+
+        <span class="cov7" title="9">if p.Version == "" || p.OidType == "" || p.Oid == "" </span><span class="cov4" title="4">{
+                return lfsPointer{}, false
+        }</span>
+        <span class="cov5" title="5">if p.OidType != "sha256" || !sha256Re.MatchString(p.Oid) </span><span class="cov0" title="0">{
+                return lfsPointer{}, false
+        }</span>
+
+        <span class="cov5" title="5">return p, true</span>
 }
 
-func writeMergedGitAttributes(existing []byte, changed map[string]string, dryRun bool) error <span class="cov1" title="1">{
-        if dryRun </span><span class="cov0" title="0">{
-                return nil
+// ParseLFSPointer extracts the sha256 object ID and size from an LFS pointer
+// payload. It returns ok=false when data is not a valid Git LFS pointer.
+func ParseLFSPointer(data []byte) (oid string, size int64, ok bool) <span class="cov0" title="0">{
+        pointer, ok := parseLFSPointer(string(data))
+        if !ok </span><span class="cov0" title="0">{
+                return "", 0, false
         }</span>
+        <span class="cov0" title="0">return pointer.Oid, pointer.Size, true</span>
+}
 
-        <span class="cov1" title="1">var merged []string
-        if len(existing) &gt; 0 </span><span class="cov0" title="0">{
-                scanner := bufio.NewScanner(bytes.NewReader(existing))
-                for scanner.Scan() </span><span class="cov0" title="0">{
-                        line := scanner.Text()
-                        fields := strings.Fields(line)
-                        if len(fields) &gt;= 1 </span><span class="cov0" title="0">{
-                                pat := unescapeAttrPattern(fields[0])
-                                if newline, ok := changed[pat]; ok </span><span class="cov0" title="0">{
-                                        merged = append(merged, newline)
-                                        delete(changed, pat)
-                                        continue</span>
-                                }
-                        }
-                        <span class="cov0" title="0">merged = append(merged, line)</span>
+func buildRefs(branches []string) []string <span class="cov1" title="1">{
+        if len(branches) == 0 </span><span class="cov0" title="0">{
+                return []string{"HEAD"}
+        }</span>
+        <span class="cov1" title="1">refs := make([]string, 0, len(branches))
+        seen := make(map[string]struct{})
+        for _, branch := range branches </span><span class="cov2" title="2">{
+                branch = strings.TrimSpace(branch)
+                if branch == "" </span><span class="cov0" title="0">{
+                        continue</span>
                 }
-                <span class="cov0" title="0">if err := scanner.Err(); err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("parse .gitattributes: %w", err)
+                <span class="cov2" title="2">ref := branch
+                if branch != "HEAD" &amp;&amp; !strings.HasPrefix(branch, "refs/") </span><span class="cov2" title="2">{
+                        ref = fmt.Sprintf("refs/heads/%s", branch)
                 }</span>
+                <span class="cov2" title="2">if _, ok := seen[ref]; ok </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov2" title="2">seen[ref] = struct{}{}
+                refs = append(refs, ref)</span>
         }
-
-        <span class="cov1" title="1">for _, newline := range changed </span><span class="cov3" title="2">{
-                merged = append(merged, newline)
+        <span class="cov1" title="1">if len(refs) == 0 </span><span class="cov0" title="0">{
+                return []string{"HEAD"}
         }</span>
+        <span class="cov1" title="1">return refs</span>
+}
 
-        <span class="cov1" title="1">content := strings.Join(merged, "\n")
-        if content != "" </span><span class="cov1" title="1">{
-                content += "\n"
-        }</span>
-        <span class="cov1" title="1">if err := os.WriteFile(".gitattributes", []byte(content), 0o644); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("write .gitattributes: %w", err)
+// CreateLfsPointer creates a Git LFS pointer file for the given DRS object.
+func CreateLfsPointer(drsObj *drsapi.DrsObject, dst string) error <span class="cov0" title="0">{
+        hashInfo := hash.ConvertDrsChecksumsToHashInfo(drsObj.Checksums)
+        shaSum := hashInfo.SHA256
+        if shaSum == "" </span><span class="cov0" title="0">{
+                return fmt.Errorf("no sha256 checksum found for DRS object")
         }</span>
-        <span class="cov1" title="1">return nil</span>
-}
 
-func cleanRootPath(pattern string) string <span class="cov4" title="3">{
-        return strings.TrimPrefix(pattern, "/")
-}</span>
+        // create pointer file content
+        <span class="cov0" title="0">pointerContent := "version https://git-lfs.github.com/spec/v1\n"
+        pointerContent += fmt.Sprintf("oid sha256:%s\n", shaSum)
+        pointerContent += fmt.Sprintf("size %d\n", drsObj.Size)
 
-func trimCurrentPrefix(path string) string <span class="cov8" title="8">{
-        return strings.TrimPrefix(path, "./")
-}</span>
+        // write to file
+        err := os.WriteFile(dst, []byte(pointerContent), 0644)
+        if err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("failed to write LFS pointer file: %w", err)
+        }</span>
 
-var trackEscapePatterns = map[string]string{
-        " ": "[[:space:]]",
-        "#": "\\#",
+        <span class="cov0" title="0">return nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file61" style="display: none">package lfs
 
-func escapeAttrPattern(s string) string <span class="cov6" title="5">{
-        var escaped string
-        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
-                escaped = strings.ReplaceAll(s, `\\`, "/")
-        }</span> else<span class="cov6" title="5"> {
-                escaped = strings.ReplaceAll(s, `\\`, `\\\\`)
-        }</span>
+import (
+        "fmt"
+        "path/filepath"
+        "strings"
+)
 
-        <span class="cov6" title="5">for from, to := range trackEscapePatterns </span><span class="cov8" title="10">{
-                escaped = strings.ReplaceAll(escaped, from, to)
+// ObjectPath returns the Git LFS fanout path for a sha256 object ID.
+func ObjectPath(basePath string, oid string) (string, error) <span class="cov8" title="1">{
+        oid = strings.TrimPrefix(oid, "sha256:")
+        if len(oid) != 64 </span><span class="cov8" title="1">{
+                return "", fmt.Errorf("error: %s is not a valid sha256 hash", oid)
         }</span>
 
-        <span class="cov6" title="5">return escaped</span>
+        <span class="cov0" title="0">return filepath.Join(basePath, oid[:2], oid[2:4], oid), nil</span>
 }
+</pre>
+		
+		<pre class="file" id="file62" style="display: none">package lfs
 
-func unescapeAttrPattern(escaped string) string <span class="cov7" title="7">{
-        unescaped := escaped
+import (
+        "context"
+        "errors"
+        "fmt"
+        "os"
+        "os/exec"
+        "path/filepath"
+        "runtime"
+        "strings"
+)
 
-        for to, from := range trackEscapePatterns </span><span class="cov10" title="14">{
-                unescaped = strings.ReplaceAll(unescaped, from, to)
+// runGitAllowMissing treats "key not found" as empty output, not an error.
+func runGitAllowMissing(ctx context.Context, args ...string) (string, error) <span class="cov10" title="4">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        b, err := cmd.Output()
+        if err != nil </span><span class="cov1" title="1">{
+                s := strings.TrimSpace(string(b))
+                if s == "" </span><span class="cov1" title="1">{
+                        return "", nil
+                }</span>
+                <span class="cov0" title="0">return "", fmt.Errorf("%v: &gt;%s&lt;", err, s)</span>
+        }
+        <span class="cov8" title="3">return string(b), nil</span>
+}
+
+// resolveLFSRoot mirrors git-lfs storage resolution:
+// - if lfs.storage is set, use it relative to GitCommonDir when needed
+// - otherwise use &lt;GitCommonDir&gt;/lfs
+func resolveLFSRoot(ctx context.Context, gitCommonDir string) (string, error) <span class="cov10" title="4">{
+        out, err := runGitAllowMissing(ctx, "config", "--get", "lfs.storage")
+        if err != nil </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("git config --get lfs.storage failed: %w", err)
         }</span>
+        <span class="cov10" title="4">val := strings.TrimSpace(out)
 
-        <span class="cov7" title="7">if runtime.GOOS != "windows" </span><span class="cov7" title="7">{
-                unescaped = strings.ReplaceAll(unescaped, `\\\\`, `\\`)
+        if val == "" </span><span class="cov1" title="1">{
+                return filepath.Clean(filepath.Join(gitCommonDir, "lfs")), nil
         }</span>
 
-        <span class="cov7" title="7">return unescaped</span>
-}
+        <span class="cov8" title="3">if strings.HasPrefix(val, "~") &amp;&amp; (len(val) == 1 || val[1] == '/' || val[1] == '\\') </span><span class="cov1" title="1">{
+                home, herr := userHomeDir()
+                if herr == nil &amp;&amp; home != "" </span><span class="cov1" title="1">{
+                        val = filepath.Join(home, strings.TrimPrefix(val, "~"))
+                }</span>
+        }
 
-func GitLFSTrackReadOnly(ctx context.Context, path string) (bool, error) <span class="cov0" title="0">{
-        _, err := GitLFSTrack(ctx, path)
-        if err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("git lfs track failed: %w", err)
+        <span class="cov8" title="3">if !filepath.IsAbs(val) </span><span class="cov1" title="1">{
+                val = filepath.Join(gitCommonDir, val)
         }</span>
+        <span class="cov8" title="3">return filepath.Clean(val), nil</span>
+}
 
-        <span class="cov0" title="0">repoRoot, err := gitrepo.GitTopLevel()
+func runGit(ctx context.Context, args ...string) (string, error) <span class="cov10" title="4">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        b, err := cmd.CombinedOutput()
         if err != nil </span><span class="cov0" title="0">{
-                return false, err
+                return "", fmt.Errorf("%v: %s", err, strings.TrimSpace(string(b)))
         }</span>
+        <span class="cov10" title="4">return string(b), nil</span>
+}
 
-        <span class="cov0" title="0">attrPath := filepath.Join(repoRoot, ".gitattributes")
-        changed, err := UpsertDRSRouteLines(attrPath, "ro", []string{path})
+func userHomeDir() (string, error) <span class="cov1" title="1">{
+        if runtime.GOOS == "windows" </span><span class="cov0" title="0">{
+                return "", errors.New("home expansion not supported on windows in this helper")
+        }</span>
+        <span class="cov1" title="1">if home := strings.TrimSpace(os.Getenv("HOME")); home != "" </span><span class="cov1" title="1">{
+                return home, nil
+        }</span>
+        <span class="cov0" title="0">out, err := exec.Command("sh", "-lc", "printf %s \"$HOME\"").CombinedOutput()
         if err != nil </span><span class="cov0" title="0">{
-                return false, err
+                return "", err
         }</span>
-
-        <span class="cov0" title="0">return changed, nil</span>
+        <span class="cov0" title="0">return strings.TrimSpace(string(out)), nil</span>
 }
 
-func gitRevParseGitCommonDir(ctx context.Context) (string, error) <span class="cov5" title="4">{
+func gitRevParseGitCommonDir(ctx context.Context) (string, error) <span class="cov10" title="4">{
         out, err := runGit(ctx, "rev-parse", "--git-common-dir")
         if err != nil </span><span class="cov0" title="0">{
                 return "", fmt.Errorf("git rev-parse --git-common-dir failed: %w", err)
         }</span>
-        <span class="cov5" title="4">dir := strings.TrimSpace(out)
+        <span class="cov10" title="4">dir := strings.TrimSpace(out)
         if dir == "" </span><span class="cov0" title="0">{
                 return "", errors.New("git rev-parse returned empty --git-common-dir")
         }</span>
-        // If relative, resolve it against current working directory.
-        <span class="cov5" title="4">if !filepath.IsAbs(dir) </span><span class="cov5" title="4">{
+        <span class="cov10" title="4">if !filepath.IsAbs(dir) </span><span class="cov10" title="4">{
                 abs, err := filepath.Abs(dir)
-                if err == nil </span><span class="cov5" title="4">{
+                if err == nil </span><span class="cov10" title="4">{
                         dir = abs
                 }</span>
         }
-        <span class="cov5" title="4">return dir, nil</span>
+        <span class="cov10" title="4">return dir, nil</span>
 }
 
-// GetGitRootDirectories
-// returns (gitCommonDir, lfsRoot, error).
+// GetGitRootDirectories returns the Git common directory and LFS object root.
 func GetGitRootDirectories(ctx context.Context) (string, string, error) <span class="cov0" title="0">{
         gitCommonDir, err := gitRevParseGitCommonDir(ctx)
         if err != nil </span><span class="cov0" title="0">{
@@ -8330,1154 +10198,1309 @@
 }
 </pre>
 		
-		<pre class="file" id="file47" style="display: none">package lfs
+		<pre class="file" id="file63" style="display: none">package pathspec
+
+import (
+        "path/filepath"
+        "regexp"
+        "strings"
+)
+
+func MatchesAny(path string, patterns []string) bool <span class="cov0" title="0">{
+        if len(patterns) == 0 </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov0" title="0">normalized := filepath.ToSlash(filepath.Clean(path))
+        for _, pattern := range patterns </span><span class="cov0" title="0">{
+                pattern = strings.TrimSpace(pattern)
+                if pattern == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">if Matches(normalized, pattern) </span><span class="cov0" title="0">{
+                        return true
+                }</span>
+        }
+        <span class="cov0" title="0">return false</span>
+}
+
+func Matches(path, pattern string) bool <span class="cov5" title="5">{
+        pattern = filepath.ToSlash(filepath.Clean(pattern))
+        if !strings.ContainsAny(pattern, "*?[") </span><span class="cov3" title="2">{
+                return path == pattern
+        }</span>
+        <span class="cov4" title="3">re, err := regexp.Compile(globToRegexp(pattern))
+        if err != nil </span><span class="cov0" title="0">{
+                return false
+        }</span>
+        <span class="cov4" title="3">return re.MatchString(path)</span>
+}
+
+func globToRegexp(pattern string) string <span class="cov4" title="3">{
+        var b strings.Builder
+        b.WriteString("^")
+        for i := 0; i &lt; len(pattern); i++ </span><span class="cov10" title="21">{
+                ch := pattern[i]
+                switch ch </span>{
+                case '*':<span class="cov4" title="3">
+                        if i+1 &lt; len(pattern) &amp;&amp; pattern[i+1] == '*' </span><span class="cov1" title="1">{
+                                b.WriteString(".*")
+                                i++
+                                continue</span>
+                        }
+                        <span class="cov3" title="2">b.WriteString(`[^/]*`)</span>
+                case '?':<span class="cov0" title="0">
+                        b.WriteString(`[^/]`)</span>
+                case '.', '+', '(', ')', '|', '^', '$', '{', '}', '[', ']', '\\':<span class="cov3" title="2">
+                        b.WriteByte('\\')
+                        b.WriteByte(ch)</span>
+                default:<span class="cov9" title="16">
+                        b.WriteByte(ch)</span>
+                }
+        }
+        <span class="cov4" title="3">b.WriteString("$")
+        return b.String()</span>
+}
+</pre>
+		
+		<pre class="file" id="file64" style="display: none">package precommit_cache
 
 import (
-        "bytes"
         "context"
+        "crypto/sha256"
+        "encoding/base64"
+        "encoding/json"
         "errors"
         "fmt"
-        "log/slog"
+        "io/fs"
         "os"
         "os/exec"
         "path/filepath"
-        "regexp"
-        "strconv"
+        "sort"
         "strings"
+        "time"
+)
 
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
+const (
+        // cacheVersionDir is the repository-relative directory under `.git`
+        // containing the pre-commit cache layout (paths and oids).
+        cacheVersionDir = "drs/pre-commit/v1"
 )
 
-type DryRunSpec struct {
-        Remote string // e.g. "origin"
-        Ref    string // e.g. "refs/heads/main" or "HEAD"
+// PathEntry represents the per-path cache file format.
+// It maps a repository-relative path to the last recorded LFS OID and
+// a timestamp when the entry was updated.
+type PathEntry struct {
+        Path      string `json:"path"`
+        LFSOID    string `json:"lfs_oid"`
+        UpdatedAt string `json:"updated_at"`
+}
+
+// OIDEntry represents the per-OID cache file format.
+// It lists repository paths that referenced the OID, an optional
+// non-authoritative external URL hint, a timestamp and a flag that
+// indicates whether content changed for a path update.
+type OIDEntry struct {
+        LFSOID        string   `json:"lfs_oid"`
+        Paths         []string `json:"paths"`
+        ExternalURL   string   `json:"external_url,omitempty"` // non-authoritative hint
+        UpdatedAt     string   `json:"updated_at"`
+        ContentChange bool     `json:"content_changed"`
+}
+
+// Cache provides read-only access to the `.git/drs/pre-commit` cache.
+// Use Open to construct an instance with correct paths resolved.
+type Cache struct {
+        GitDir    string
+        Root      string
+        PathsDir  string
+        OIDsDir   string
+        StatePath string
+}
+
+// Open discovers the repository `.git` directory and returns a Cache
+// configured to read the repository's pre-commit cache layout.
+// Returns an error if git metadata cannot be resolved.
+func Open(ctx context.Context) (*Cache, error) <span class="cov1" title="1">{
+        gitDir, err := gitRevParseGitDir(ctx)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov1" title="1">root := filepath.Join(gitDir, cacheVersionDir)
+        return &amp;Cache{
+                GitDir:    gitDir,
+                Root:      root,
+                PathsDir:  filepath.Join(root, "paths"),
+                OIDsDir:   filepath.Join(root, "oids"),
+                StatePath: filepath.Join(root, "state.json"),
+        }, nil</span>
+}
+
+//
+// Primary lookup helpers
+//
+
+// LookupOIDByPath returns the cached LFS OID for a repo-relative path.
+// It returns (oid, true, nil) when present, (\"\", false, nil) when absent,
+// and an error if the underlying read failed.
+func (c *Cache) LookupOIDByPath(path string) (string, bool, error) <span class="cov1" title="1">{
+        pe, ok, err := c.ReadPathEntry(path)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return "", ok, err
+        }</span>
+        <span class="cov1" title="1">if pe.LFSOID == "" </span><span class="cov0" title="0">{
+                return "", false, nil
+        }</span>
+        <span class="cov1" title="1">return pe.LFSOID, true, nil</span>
+}
+
+// LookupPathsByOID returns advisory repository-relative paths that recently
+// referenced the given LFS OID. Paths are returned sorted. Absent OID yields
+// (nil, false, nil).
+func (c *Cache) LookupPathsByOID(oid string) ([]string, bool, error) <span class="cov0" title="0">{
+        oe, ok, err := c.ReadOIDEntry(oid)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return nil, ok, err
+        }</span>
+        <span class="cov0" title="0">paths := append([]string(nil), oe.Paths...)
+        sort.Strings(paths)
+        return paths, true, nil</span>
+}
+
+// LookupExternalURLByOID returns the cached external URL hint for an OID.
+// Returns (\"\", false, nil) if the entry is missing or the hint is empty.
+func (c *Cache) LookupExternalURLByOID(oid string) (string, bool, error) <span class="cov5" title="2">{
+        oe, ok, err := c.ReadOIDEntry(oid)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return "", ok, err
+        }</span>
+        <span class="cov5" title="2">u := strings.TrimSpace(oe.ExternalURL)
+        if u == "" </span><span class="cov0" title="0">{
+                return "", false, nil
+        }</span>
+        <span class="cov5" title="2">return u, true, nil</span>
 }
 
-// RunPushDryRun executes: git lfs push --dry-run &lt;remote&gt; &lt;ref&gt;
-func RunPushDryRun(ctx context.Context, repoDir string, spec DryRunSpec, logger *slog.Logger) (string, error) <span class="cov0" title="0">{
-        if spec.Remote == "" || spec.Ref == "" </span><span class="cov0" title="0">{
-                return "", errors.New("missing remote or ref")
+// ResolveExternalURLByPath resolves a path -&gt; oid -&gt; external_url (hint).
+// Returns the external URL hint when available. Missing data yields
+// (\"\", false, nil).
+func (c *Cache) ResolveExternalURLByPath(path string) (string, bool, error) <span class="cov1" title="1">{
+        oid, ok, err := c.LookupOIDByPath(path)
+        if err != nil || !ok </span><span class="cov0" title="0">{
+                return "", false, err
         }</span>
+        <span class="cov1" title="1">return c.LookupExternalURLByOID(oid)</span>
+}
 
-        // Debug-print the command to stderr
-        <span class="cov0" title="0">fullCmd := []string{"git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref}
-        logger.Debug(fmt.Sprintf("running command: %v", fullCmd))
-
-        cmd := exec.CommandContext(ctx, "git", "lfs", "push", "--dry-run", spec.Remote, spec.Ref)
-        cmd.Dir = repoDir
-
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
+//
+// Lower-level file access
+//
 
-        err := cmd.Run()
-        out := stdout.String()
+// ReadPathEntry reads and parses the JSON path entry for a repository-relative
+// path. Returns (entry, true, nil) on success, (nil, false, nil) if the file
+// does not exist, or an error on I/O/parse failure.
+func (c *Cache) ReadPathEntry(path string) (*PathEntry, bool, error) <span class="cov1" title="1">{
+        f := c.pathEntryFile(path)
+        b, err := os.ReadFile(f)
         if err != nil </span><span class="cov0" title="0">{
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
+                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return nil, false, nil
                 }</span>
-                <span class="cov0" title="0">return out, fmt.Errorf("git lfs push --dry-run failed: %s", msg)</span>
+                <span class="cov0" title="0">return nil, false, fmt.Errorf("read path entry %q: %w", f, err)</span>
         }
-        <span class="cov0" title="0">return out, nil</span>
+        <span class="cov1" title="1">var pe PathEntry
+        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
+                return nil, false, fmt.Errorf("parse path entry %q: %w", f, err)
+        }</span>
+        <span class="cov1" title="1">return &amp;pe, true, nil</span>
 }
 
-func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]LfsFileInfo, error) <span class="cov1" title="1">{
-        if logger == nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("logger is required")
-        }</span>
-        <span class="cov1" title="1">repoDir, err := os.Getwd()
+// ReadOIDEntry reads and parses the JSON OID entry for an LFS OID string.
+// Returns (entry, true, nil) on success, (nil, false, nil) if missing,
+// or an error on I/O/parse failure.
+func (c *Cache) ReadOIDEntry(oid string) (*OIDEntry, bool, error) <span class="cov5" title="2">{
+        f := c.oidEntryFile(oid)
+        b, err := os.ReadFile(f)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-
-        <span class="cov1" title="1">if gitRemoteName == "" </span><span class="cov0" title="0">{
-                gitRemoteName = "origin"
-        }</span>
-        <span class="cov1" title="1">if gitRemoteLocation != "" </span><span class="cov0" title="0">{
-                logger.Debug(fmt.Sprintf("Using git remote %s at %s for LFS inventory", gitRemoteName, gitRemoteLocation))
-        }</span> else<span class="cov1" title="1"> {
-                logger.Debug(fmt.Sprintf("Using git remote %s for LFS inventory", gitRemoteName))
+                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return nil, false, nil
+                }</span>
+                <span class="cov0" title="0">return nil, false, fmt.Errorf("read oid entry %q: %w", f, err)</span>
+        }
+        <span class="cov5" title="2">var oe OIDEntry
+        if err := json.Unmarshal(b, &amp;oe); err != nil </span><span class="cov0" title="0">{
+                return nil, false, fmt.Errorf("parse oid entry %q: %w", f, err)
         }</span>
-        <span class="cov1" title="1">logger.Debug("Scanning Git refs for LFS pointer files (no git lfs CLI required)")
+        <span class="cov5" title="2">return &amp;oe, true, nil</span>
+}
 
-        // no timeout for now
-        ctx := context.Background()
-        refs := buildRefs(branches)
-        lfsFileMap := make(map[string]LfsFileInfo)
-        for _, ref := range refs </span><span class="cov3" title="2">{
-                if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil </span><span class="cov0" title="0">{
-                        return nil, err
+func (c *Cache) EnsureLayout() error <span class="cov0" title="0">{
+        for _, dir := range []string{c.Root, c.PathsDir, c.OIDsDir} </span><span class="cov0" title="0">{
+                if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                        return err
                 }</span>
         }
-
-        <span class="cov1" title="1">return lfsFileMap, nil</span>
+        <span class="cov0" title="0">return nil</span>
 }
 
-func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error <span class="cov3" title="2">{
-        out, err := runGitCommand(ctx, repoDir, "ls-tree", "-r", "-z", "--long", ref)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("git ls-tree failed for %s: %w", ref, err)
+func (c *Cache) UpsertPathEntry(entry PathEntry) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
+        <span class="cov0" title="0">return writeJSONAtomic(c.pathEntryFile(entry.Path), entry)</span>
+}
 
-        <span class="cov3" title="2">entries := strings.Split(out, "\x00")
-        for _, entry := range entries </span><span class="cov7" title="7">{
-                entry = strings.TrimSpace(entry)
-                if entry == "" </span><span class="cov3" title="2">{
-                        continue</span>
-                }
-
-                <span class="cov6" title="5">oid, path, err := parseLsTreeEntry(entry)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping unparseable ls-tree entry for %s: %q", ref, entry))
-                        continue</span>
-                }
-
-                <span class="cov6" title="5">blob, err := runGitCommand(ctx, repoDir, "cat-file", "-p", oid)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob %s", path, ref, oid))
-                        continue</span>
-                }
-
-                <span class="cov6" title="5">pointer, ok := parseLFSPointer(blob)
-                if !ok </span><span class="cov3" title="2">{
-                        continue</span>
-                }
-
-                <span class="cov4" title="3">lfsFileMap[path] = LfsFileInfo{
-                        Name:      path,
-                        Size:      pointer.Size,
-                        IsPointer: true,
-                        OidType:   pointer.OidType,
-                        Oid:       pointer.Oid,
-                        Version:   pointer.Version,
-                }</span>
-        }
-
-        <span class="cov3" title="2">return nil</span>
+func (c *Cache) AddOrReplaceOIDPath(oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return oidAddOrReplacePath(c.OIDsDir, oid, oldPath, newPath, now, contentChanged)</span>
 }
 
-func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) <span class="cov7" title="7">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Dir = repoDir
-        var stdout, stderr bytes.Buffer
-        cmd.Stdout = &amp;stdout
-        cmd.Stderr = &amp;stderr
-        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
-                msg := strings.TrimSpace(stderr.String())
-                if msg == "" </span><span class="cov0" title="0">{
-                        msg = err.Error()
-                }</span>
-                <span class="cov0" title="0">return "", fmt.Errorf("%s", msg)</span>
-        }
-        <span class="cov7" title="7">return stdout.String(), nil</span>
+func (c *Cache) RemovePathFromOID(oid, path, now string) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return oidRemovePath(c.OIDsDir, oid, path, now)</span>
 }
 
-func parseLsTreeEntry(entry string) (string, string, error) <span class="cov6" title="5">{
-        tab := strings.Index(entry, "\t")
-        if tab &lt; 0 </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("missing tab separator")
+func (c *Cache) DeletePathEntry(path string) error <span class="cov0" title="0">{
+        if err := c.EnsureLayout(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
+        <span class="cov0" title="0">if err := os.Remove(c.pathEntryFile(path)); err != nil &amp;&amp; !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">return nil</span>
+}
 
-        <span class="cov6" title="5">meta := strings.Fields(entry[:tab])
-        if len(meta) &lt; 3 </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("invalid ls-tree metadata")
+//
+// Validation helpers (optional)
+//
+
+// CheckExternalURLMismatch compares a cached external URL hint against an
+// authoritative URL. If either value is empty this is a no-op. When both are
+// non-empty and differ an error describing the mismatch is returned.
+func CheckExternalURLMismatch(localHint, authoritative string) error <span class="cov8" title="3">{
+        l := strings.TrimSpace(localHint)
+        a := strings.TrimSpace(authoritative)
+        if l == "" || a == "" </span><span class="cov1" title="1">{
+                return nil
         }</span>
-        <span class="cov6" title="5">if meta[1] != "blob" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("not a blob entry")
+        <span class="cov5" title="2">if l != a </span><span class="cov1" title="1">{
+                return fmt.Errorf(
+                        "external URL mismatch: cache=%q authoritative=%q",
+                        l, a,
+                )
         }</span>
+        <span class="cov1" title="1">return nil</span>
+}
 
-        <span class="cov6" title="5">oid := strings.TrimSpace(meta[2])
-        path := strings.TrimSpace(entry[tab+1:])
-        if oid == "" || path == "" </span><span class="cov0" title="0">{
-                return "", "", fmt.Errorf("missing oid or path")
+// StaleAfter reports whether a JSON entry with the given updatedAt RFC3339
+// timestamp is older than maxAge. Returns false if the timestamp cannot be parsed.
+func StaleAfter(updatedAt string, maxAge time.Duration) bool <span class="cov5" title="2">{
+        t, err := time.Parse(time.RFC3339, updatedAt)
+        if err != nil </span><span class="cov1" title="1">{
+                return false
         }</span>
-        <span class="cov6" title="5">return oid, path, nil</span>
+        <span class="cov1" title="1">return time.Since(t) &gt; maxAge</span>
 }
 
-type lfsPointer struct {
-        Version string
-        OidType string
-        Oid     string
-        Size    int64
+//
+// Filename / encoding helpers
+//
+
+// pathEntryFile returns the filesystem path to the JSON file for the given
+// repository-relative path within the Cache.PathsDir.
+func (c *Cache) pathEntryFile(path string) string <span class="cov5" title="2">{
+        return filepath.Join(c.PathsDir, EncodePath(path)+".json")
+}</span>
+
+// oidEntryFile returns the filesystem path to the JSON file for the given
+// LFS OID. Files are named by sha256(oid) to avoid filesystem restrictions.
+func (c *Cache) oidEntryFile(oid string) string <span class="cov10" title="4">{
+        sum := sha256.Sum256([]byte(oid))
+        return filepath.Join(c.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
+}</span>
+
+// EncodePath returns a filesystem-safe base64 raw-URL encoding for a path.
+// The encoding is reversible by DecodePath.
+func EncodePath(path string) string <span class="cov8" title="3">{
+        return base64.RawURLEncoding.EncodeToString([]byte(path))
+}</span>
+
+// DecodePath decodes a value produced by EncodePath back to the original path.
+// Returns an error if the input is not valid base64 raw-URL.
+func DecodePath(encoded string) (string, error) <span class="cov1" title="1">{
+        b, err := base64.RawURLEncoding.DecodeString(encoded)
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov1" title="1">return string(b), nil</span>
 }
 
-func parseLFSPointer(content string) (lfsPointer, bool) <span class="cov6" title="5">{
-        var p lfsPointer
-        sha256Re := regexp.MustCompile(`(?i)^[a-f0-9]{64}$`)
+//
+// Git helpers
+//
 
-        for _, line := range strings.Split(strings.ReplaceAll(content, "\r\n", "\n"), "\n") </span><span class="cov10" title="14">{
-                line = strings.TrimSpace(line)
-                if line == "" </span><span class="cov4" title="3">{
-                        continue</span>
-                }
-                <span class="cov9" title="11">if strings.HasPrefix(line, "version ") </span><span class="cov4" title="3">{
-                        p.Version = strings.TrimSpace(strings.TrimPrefix(line, "version "))
-                        continue</span>
-                }
-                <span class="cov8" title="8">if strings.HasPrefix(line, "oid ") </span><span class="cov4" title="3">{
-                        oidSpec := strings.TrimSpace(strings.TrimPrefix(line, "oid "))
-                        parts := strings.SplitN(oidSpec, ":", 2)
-                        if len(parts) != 2 </span><span class="cov0" title="0">{
-                                return lfsPointer{}, false
-                        }</span>
-                        <span class="cov4" title="3">p.OidType = strings.TrimSpace(parts[0])
-                        p.Oid = strings.TrimSpace(parts[1])
-                        continue</span>
-                }
-                <span class="cov6" title="5">if strings.HasPrefix(line, "size ") </span><span class="cov4" title="3">{
-                        szStr := strings.TrimSpace(strings.TrimPrefix(line, "size "))
-                        sz, err := strconv.ParseInt(szStr, 10, 64)
-                        if err != nil || sz &lt; 0 </span><span class="cov0" title="0">{
-                                return lfsPointer{}, false
-                        }</span>
-                        <span class="cov4" title="3">p.Size = sz</span>
-                }
+// gitRevParseGitDir runs `git rev-parse --git-dir` (and `--show-toplevel` if
+// necessary) to return an absolute path to the repository `.git` directory.
+// Returns an error when git fails or the result cannot be resolved.
+func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov1" title="1">{
+        out, err := git(ctx, "rev-parse", "--git-dir")
+        if err != nil </span><span class="cov0" title="0">{
+                return "", err
+        }</span>
+        <span class="cov1" title="1">gitDir := strings.TrimSpace(string(out))
+        if gitDir == "" </span><span class="cov0" title="0">{
+                return "", errors.New("could not determine .git dir")
+        }</span>
+        <span class="cov1" title="1">if !filepath.IsAbs(gitDir) </span><span class="cov1" title="1">{
+                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
+                if err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov1" title="1">root := strings.TrimSpace(string(rootOut))
+                gitDir = filepath.Join(root, gitDir)</span>
         }
+        <span class="cov1" title="1">return gitDir, nil</span>
+}
+
+// git executes a git command and returns combined output. If git exits with
+// a non-zero status the returned error includes the command and stderr/stdout.
+func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov5" title="2">{
+        cmd := exec.CommandContext(ctx, "git", args...)
+        cmd.Env = os.Environ()
+        out, err := cmd.CombinedOutput()
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf(
+                        "git %s: %s",
+                        strings.Join(args, " "),
+                        strings.TrimSpace(string(out)),
+                )
+        }</span>
+        <span class="cov5" title="2">return out, nil</span>
+}
 
-        <span class="cov6" title="5">if p.Version == "" || p.OidType == "" || p.Oid == "" </span><span class="cov3" title="2">{
-                return lfsPointer{}, false
+func writeJSONAtomic(path string, v any) error <span class="cov0" title="0">{
+        dir := filepath.Dir(path)
+        if err := os.MkdirAll(dir, 0o755); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-        <span class="cov4" title="3">if p.OidType != "sha256" || !sha256Re.MatchString(p.Oid) </span><span class="cov0" title="0">{
-                return lfsPointer{}, false
+        <span class="cov0" title="0">tmp, err := os.CreateTemp(dir, ".tmp-*.json")
+        if err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        <span class="cov4" title="3">return p, true</span>
+        <span class="cov0" title="0">tmpName := tmp.Name()
+        enc := json.NewEncoder(tmp)
+        enc.SetIndent("", "  ")
+        if err := enc.Encode(v); err != nil </span><span class="cov0" title="0">{
+                _ = tmp.Close()
+                _ = os.Remove(tmpName)
+                return err
+        }</span>
+        <span class="cov0" title="0">if err := tmp.Close(); err != nil </span><span class="cov0" title="0">{
+                _ = os.Remove(tmpName)
+                return err
+        }</span>
+        <span class="cov0" title="0">return os.Rename(tmpName, path)</span>
 }
 
-func buildRefs(branches []string) []string <span class="cov1" title="1">{
-        if len(branches) == 0 </span><span class="cov0" title="0">{
-                return []string{"HEAD"}
+func oidAddOrReplacePath(oidsDir, oid, oldPath, newPath, now string, contentChanged bool) error <span class="cov0" title="0">{
+        f := oidEntryFilePath(oidsDir, oid)
+        var oe OIDEntry
+        if b, err := os.ReadFile(f); err == nil </span><span class="cov0" title="0">{
+                _ = json.Unmarshal(b, &amp;oe)
         }</span>
-        <span class="cov1" title="1">refs := make([]string, 0, len(branches))
-        seen := make(map[string]struct{})
-        for _, branch := range branches </span><span class="cov3" title="2">{
-                branch = strings.TrimSpace(branch)
-                if branch == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov3" title="2">ref := branch
-                if branch != "HEAD" &amp;&amp; !strings.HasPrefix(branch, "refs/") </span><span class="cov3" title="2">{
-                        ref = fmt.Sprintf("refs/heads/%s", branch)
-                }</span>
-                <span class="cov3" title="2">if _, ok := seen[ref]; ok </span><span class="cov0" title="0">{
+        <span class="cov0" title="0">if oe.LFSOID == "" </span><span class="cov0" title="0">{
+                oe.LFSOID = oid
+        }</span>
+        <span class="cov0" title="0">pathsSet := make(map[string]struct{}, len(oe.Paths)+1)
+        for _, p := range oe.Paths </span><span class="cov0" title="0">{
+                p = strings.TrimSpace(p)
+                if p == "" || p == oldPath </span><span class="cov0" title="0">{
                         continue</span>
                 }
-                <span class="cov3" title="2">seen[ref] = struct{}{}
-                refs = append(refs, ref)</span>
+                <span class="cov0" title="0">pathsSet[p] = struct{}{}</span>
         }
-        <span class="cov1" title="1">if len(refs) == 0 </span><span class="cov0" title="0">{
-                return []string{"HEAD"}
+        <span class="cov0" title="0">if strings.TrimSpace(newPath) != "" </span><span class="cov0" title="0">{
+                pathsSet[newPath] = struct{}{}
         }</span>
-        <span class="cov1" title="1">return refs</span>
+        <span class="cov0" title="0">oe.Paths = oe.Paths[:0]
+        for p := range pathsSet </span><span class="cov0" title="0">{
+                oe.Paths = append(oe.Paths, p)
+        }</span>
+        <span class="cov0" title="0">sort.Strings(oe.Paths)
+        oe.UpdatedAt = now
+        oe.ContentChange = contentChanged
+        return writeJSONAtomic(f, oe)</span>
 }
 
-func addFilesFromDryRun(out, repoDir string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error <span class="cov3" title="2">{
-        // Log when dry-run returns no output to help with debugging
-        if strings.TrimSpace(out) == "" </span><span class="cov0" title="0">{
-                logger.Debug("No LFS files to push (dry-run returned no output)")
+func oidRemovePath(oidsDir, oid, path, now string) error <span class="cov0" title="0">{
+        if strings.TrimSpace(oid) == "" || strings.TrimSpace(path) == "" </span><span class="cov0" title="0">{
                 return nil
         }</span>
-
-        // accept lowercase or uppercase hex
-        <span class="cov3" title="2">sha256Re := regexp.MustCompile(`(?i)^[a-f0-9]{64}$`)
-
-        for _, line := range strings.Split(strings.TrimSpace(string(out)), "\n") </span><span class="cov7" title="7">{
-                line = strings.TrimSpace(line)
-                if line == "" </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-                <span class="cov7" title="7">parts := strings.Fields(line)
-                if len(parts) &lt; 2 </span><span class="cov0" title="0">{
-                        continue</span>
-                }
-
-                <span class="cov7" title="7">oid := ""
-                oidIndex := -1
-                for i, p := range parts </span><span class="cov8" title="9">{
-                        if sha256Re.MatchString(p) </span><span class="cov7" title="7">{
-                                oid = p
-                                oidIndex = i
-                                break</span>
-                        }
-                }
-                <span class="cov7" title="7">if oid == "" </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping LFS line with no oid: %q", line))
-                        continue</span>
-                }
-
-                // Preserve full path text (including spaces) by slicing from the first oid occurrence.
-                <span class="cov7" title="7">path := ""
-                if idx := strings.Index(line, oid); idx &gt;= 0 </span><span class="cov7" title="7">{
-                        path = strings.TrimSpace(line[idx+len(oid):])
-                }</span>
-                <span class="cov7" title="7">if path == "" &amp;&amp; oidIndex+1 &lt; len(parts) </span><span class="cov0" title="0">{
-                        path = strings.Join(parts[oidIndex+1:], " ")
-                }</span>
-                <span class="cov7" title="7">path = strings.TrimSpace(strings.TrimPrefix(strings.TrimPrefix(path, "=&gt;"), "-&gt;"))
-                path = strings.TrimSpace(strings.TrimPrefix(path, "=&gt;"))
-                path = strings.TrimSpace(strings.TrimPrefix(path, "-&gt;"))
-                if path == "" </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping LFS line with empty path: %q", line))
-                        continue</span>
-                }
-
-                // Validate OID looks like a SHA256 hex string.
-                // (kept as a guard in case extraction logic changes)
-                <span class="cov7" title="7">if !sha256Re.MatchString(oid) </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping LFS line with invalid oid %q: %q", oid, line))
-                        continue</span>
-                }
-
-                // see https://github.com/calypr/git-drs/issues/124#issuecomment-3721837089
-                <span class="cov7" title="7">if oid == "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" &amp;&amp; strings.Contains(path, ".gitattributes") </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("skipping empty LFS pointer for %s", path))
-                        continue</span>
-                }
-                // Remove a trailing parenthetical suffix from p, e.g.:
-                // "path/to/file.dat (100 KB)" -&gt; "path/to/file.dat"
-                <span class="cov7" title="7">if idx := strings.LastIndex(path, " ("); idx != -1 &amp;&amp; strings.HasSuffix(path, ")") </span><span class="cov0" title="0">{
-                        path = strings.TrimSpace(path[:idx])
-                }</span>
-                <span class="cov7" title="7">size := int64(0)
-                absPath := path
-                if repoDir != "" &amp;&amp; !filepath.IsAbs(path) </span><span class="cov7" title="7">{
-                        absPath = filepath.Join(repoDir, path)
+        <span class="cov0" title="0">f := oidEntryFilePath(oidsDir, oid)
+        b, err := os.ReadFile(f)
+        if err != nil </span><span class="cov0" title="0">{
+                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return nil
                 }</span>
-                <span class="cov7" title="7">if stat, err := os.Stat(absPath); err == nil </span><span class="cov7" title="7">{
-                        size = stat.Size()
-                }</span> else<span class="cov0" title="0"> {
-                        logger.Error(fmt.Sprintf("could not stat file %s: %v", path, err))
+                <span class="cov0" title="0">return err</span>
+        }
+        <span class="cov0" title="0">var oe OIDEntry
+        if err := json.Unmarshal(b, &amp;oe); err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">filtered := oe.Paths[:0]
+        for _, existing := range oe.Paths </span><span class="cov0" title="0">{
+                if strings.TrimSpace(existing) == "" || existing == path </span><span class="cov0" title="0">{
                         continue</span>
                 }
-
-                <span class="cov7" title="7">isPointer := false
-                // If the file is small, read it and detect LFS pointer signature.
-                // Pointer files are textual and include the LFS spec version + an oid line.
-                if size &gt; 0 &amp;&amp; size &lt; 2048 </span><span class="cov1" title="1">{
-                        if data, readErr := os.ReadFile(absPath); readErr == nil </span><span class="cov1" title="1">{
-                                s := strings.TrimSpace(string(data))
-                                if strings.Contains(s, "version https://git-lfs.github.com/spec/v1") &amp;&amp; strings.Contains(s, "oid sha256:") </span><span class="cov1" title="1">{
-                                        isPointer = true
-                                }</span>
-                        }
-                }
-
-                <span class="cov7" title="7">lfsFileMap[path] = LfsFileInfo{
-                        Name:      path,
-                        Size:      size,
-                        IsPointer: isPointer,
-                        OidType:   "sha256",
-                        Oid:       oid,
-                        Version:   "https://git-lfs.github.com/spec/v1",
+                <span class="cov0" title="0">filtered = append(filtered, existing)</span>
+        }
+        <span class="cov0" title="0">oe.Paths = filtered
+        oe.UpdatedAt = now
+        if len(oe.Paths) == 0 </span><span class="cov0" title="0">{
+                if err := os.Remove(f); err != nil &amp;&amp; !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
+                        return err
                 }</span>
+                <span class="cov0" title="0">return nil</span>
         }
-
-        <span class="cov3" title="2">return nil</span>
+        <span class="cov0" title="0">sort.Strings(oe.Paths)
+        return writeJSONAtomic(f, oe)</span>
 }
 
-// CreateLfsPointer creates a Git LFS pointer file for the given DRS object.
-func CreateLfsPointer(drsObj *drsapi.DrsObject, dst string) error <span class="cov0" title="0">{
-        hashInfo := hash.ConvertDrsChecksumsToHashInfo(drsObj.Checksums)
-        shaSum := hashInfo.SHA256
-        if shaSum == "" </span><span class="cov0" title="0">{
-                return fmt.Errorf("no sha256 checksum found for DRS object")
-        }</span>
-
-        // create pointer file content
-        <span class="cov0" title="0">pointerContent := "version https://git-lfs.github.com/spec/v1\n"
-        pointerContent += fmt.Sprintf("oid sha256:%s\n", shaSum)
-        pointerContent += fmt.Sprintf("size %d\n", drsObj.Size)
-
-        // write to file
-        err := os.WriteFile(dst, []byte(pointerContent), 0644)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("failed to write LFS pointer file: %w", err)
-        }</span>
-
-        <span class="cov0" title="0">return nil</span>
-}
+func oidEntryFilePath(oidsDir, oid string) string <span class="cov0" title="0">{
+        sum := sha256.Sum256([]byte(oid))
+        return filepath.Join(oidsDir, fmt.Sprintf("%x.json", sum[:]))
+}</span>
 </pre>
 		
-		<pre class="file" id="file48" style="display: none">package lfs
+		<pre class="file" id="file65" style="display: none">package pushsync
 
 import (
-        "bytes"
+        "context"
         "fmt"
-        "os/exec"
+        "net/url"
+        "os"
         "path/filepath"
+        "sort"
         "strings"
 
-        "github.com/bytedance/sonic"
+        localcommon "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        localdrsobject "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/drsremote"
+        "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        sycommon "github.com/calypr/syfon/client/common"
+        "github.com/calypr/syfon/client/hash"
+        "github.com/google/uuid"
+        "golang.org/x/sync/errgroup"
 )
 
-// IsLFSTracked returns true if the given path is tracked by Git LFS
-// (i.e. has `filter=lfs` via git attributes).
-func IsLFSTracked(path string) (bool, error) <span class="cov10" title="2">{
-        if path == "" </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("path is empty")
-        }</span>
-
-        // Git prefers forward slashes, even on macOS/Linux
-        <span class="cov10" title="2">cleanPath := filepath.ToSlash(path)
-
-        cmd := exec.Command(
-                "git",
-                "check-attr",
-                "filter",
-                "--",
-                cleanPath,
-        )
-
-        var out bytes.Buffer
-        cmd.Stdout = &amp;out
-        cmd.Stderr = &amp;out
-
-        if err := cmd.Run(); err != nil </span><span class="cov0" title="0">{
-                return false, fmt.Errorf("git check-attr failed: %w (%s)", err, out.String())
-        }</span>
-
-        // Expected output:
-        // path: filter: lfs
-        // path: filter: unspecified
-        //
-        // Format is stable and documented.
-        <span class="cov10" title="2">fields := strings.Split(out.String(), ":")
-        if len(fields) &lt; 3 </span><span class="cov0" title="0">{
-                return false, nil
+type batchSyncSession struct {
+        ctx            context.Context
+        rt             *pushRuntime
+        reporter       UploadProgressReporter
+        filesByOID     map[string]lfs.LfsFileInfo
+        oids           []string
+        drsObjByOID    map[string]*drsapi.DrsObject
+        existingByHash map[string][]drsapi.DrsObject
+        uploadRequired map[string]bool
+}
+
+type uploadCandidate struct {
+        oid  string
+        obj  *drsapi.DrsObject
+        file lfs.LfsFileInfo
+        size int64
+        src  string
+}
+
+// BatchSyncForPush performs checksum-first push preparation.
+func BatchSyncForPush(cl *config.GitContext, ctx context.Context, files map[string]lfs.LfsFileInfo, reporter UploadProgressReporter) error <span class="cov0" title="0">{
+        session := &amp;batchSyncSession{
+                ctx:            ctx,
+                rt:             newPushRuntime(cl),
+                reporter:       reporter,
+                drsObjByOID:    make(map[string]*drsapi.DrsObject),
+                existingByHash: make(map[string][]drsapi.DrsObject),
+                uploadRequired: make(map[string]bool),
+        }
+        if len(files) == 0 </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        <span class="cov10" title="2">value := strings.TrimSpace(fields[2])
-        return value == "lfs", nil</span>
-}
-
-// LfsFileInfo represents the information about an LFS file
-type LfsFileInfo struct {
-        Name       string `json:"name"`
-        Size       int64  `json:"size"`
-        Checkout   bool   `json:"checkout"`
-        Downloaded bool   `json:"downloaded"`
-        IsPointer  bool   `json:"is_pointer,omitempty"`
-        OidType    string `json:"oid_type"`
-        Oid        string `json:"oid"`
-        Version    string `json:"version"`
-}
-
-type lfsLsOutput struct {
-        Files []LfsFileInfo `json:"files"`
-}
-
-// CheckIfLfsFile checks if a given file is tracked by Git LFS.
-// Returns true and file info if it's an LFS file, false otherwise.
-func CheckIfLfsFile(fileName string) (bool, *LfsFileInfo, error) <span class="cov0" title="0">{
-        // Use git lfs ls-files -I to check if specific file is LFS tracked
-        cmd := exec.Command("git", "lfs", "ls-files", "-I", fileName, "--json")
-        out, err := cmd.Output()
-        if err != nil </span><span class="cov0" title="0">{
-                // If git lfs ls-files returns error, the file is not LFS tracked
-                return false, nil, nil
+        <span class="cov0" title="0">session.normalizeFiles(files)
+        if err := session.lookupMetadata(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
-
-        // If output is empty, file is not LFS tracked
-        <span class="cov0" title="0">if len(strings.TrimSpace(string(out))) == 0 </span><span class="cov0" title="0">{
-                return false, nil, nil
+        <span class="cov0" title="0">if err := session.ensureMetadataRegistered(); err != nil </span><span class="cov0" title="0">{
+                return err
         }</span>
 
-        // Parse the JSON output
-        <span class="cov0" title="0">var output lfsLsOutput
-        err = sonic.ConfigFastest.Unmarshal(out, &amp;output)
+        <span class="cov0" title="0">candidates, err := session.identifyUploadCandidates()
         if err != nil </span><span class="cov0" title="0">{
-                return false, nil, fmt.Errorf("error unmarshaling git lfs ls-files output for %s: %v", fileName, err)
+                return err
         }</span>
-
-        // If no files in output, not LFS tracked
-        <span class="cov0" title="0">if len(output.Files) == 0 </span><span class="cov0" title="0">{
-                return false, nil, nil
+        <span class="cov0" title="0">if len(candidates) == 0 </span><span class="cov0" title="0">{
+                return nil
         }</span>
 
-        <span class="cov0" title="0">return true, &amp;output.Files[0], nil</span>
+        <span class="cov0" title="0">return session.executeUploadPlan(candidates)</span>
 }
-</pre>
-		
-		<pre class="file" id="file49" style="display: none">package lfs
-
-import (
-        "crypto/sha256"
-        "fmt"
-        "os"
-        "path/filepath"
-        "strings"
-)
-
-const addURLSentinelHeader = "git-drs-add-url-sentinel:v1\n"
 
-func SyntheticOIDFromETag(etag string) (string, error) <span class="cov6" title="2">{
-        e := strings.TrimSpace(strings.Trim(etag, `"`))
-        if e == "" </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("etag is required for synthetic oid")
-        }</span>
-        <span class="cov6" title="2">sum := sha256.Sum256([]byte(e))
-        return fmt.Sprintf("%x", sum[:]), nil</span>
+func (s *batchSyncSession) normalizeFiles(files map[string]lfs.LfsFileInfo) <span class="cov0" title="0">{
+        s.filesByOID = make(map[string]lfs.LfsFileInfo, len(files))
+        for _, f := range files </span><span class="cov0" title="0">{
+                oid := localdrsobject.NormalizeOid(f.Oid)
+                if oid == "" </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">if _, exists := s.filesByOID[oid]; exists </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov0" title="0">f.Oid = oid
+                s.filesByOID[oid] = f
+                s.oids = append(s.oids, oid)</span>
+        }
+        <span class="cov0" title="0">sort.Strings(s.oids)</span>
 }
 
-func BuildAddURLSentinel(etag string, sourceURL string) ([]byte, error) <span class="cov10" title="3">{
-        e := strings.TrimSpace(strings.Trim(etag, `"`))
-        if e == "" </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("etag is required for sentinel")
-        }</span>
-        <span class="cov10" title="3">return []byte(addURLSentinelHeader + "etag=" + e + "\nsource=" + strings.TrimSpace(sourceURL) + "\n"), nil</span>
+func (s *batchSyncSession) lookupMetadata() error <span class="cov0" title="0">{
+        s.existingByHash = make(map[string][]drsapi.DrsObject, len(s.oids))
+        for _, oid := range s.oids </span><span class="cov0" title="0">{
+                objects, err := drsremote.ObjectsByHash(s.ctx, s.rt.API, oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("hash lookup failed for oid %s: %w", oid, err)
+                }</span>
+                <span class="cov0" title="0">for _, obj := range objects </span><span class="cov0" title="0">{
+                        objOID := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
+                        if objOID == "" </span><span class="cov0" title="0">{
+                                continue</span>
+                        }
+                        <span class="cov0" title="0">s.existingByHash[objOID] = append(s.existingByHash[objOID], obj)</span>
+                }
+        }
+        <span class="cov0" title="0">return nil</span>
 }
 
-func IsAddURLSentinelBytes(data []byte) bool <span class="cov10" title="3">{
-        return strings.HasPrefix(string(data), addURLSentinelHeader)
-}</span>
-
-func IsAddURLSentinelObject(path string) (bool, error) <span class="cov1" title="1">{
-        f, err := os.Open(path)
-        if err != nil </span><span class="cov0" title="0">{
-                return false, err
-        }</span>
-        <span class="cov1" title="1">defer f.Close()
+func (s *batchSyncSession) ensureMetadataRegistered() error <span class="cov1" title="1">{
+        toRegister := make([]drsapi.DrsObjectCandidate, 0)
 
-        buf := make([]byte, len(addURLSentinelHeader))
-        n, err := f.Read(buf)
-        if err != nil &amp;&amp; n == 0 </span><span class="cov0" title="0">{
-                return false, err
-        }</span>
-        <span class="cov1" title="1">return IsAddURLSentinelBytes(buf[:n]), nil</span>
-}
+        for _, oid := range s.oids </span><span class="cov1" title="1">{
+                obj, err := s.getOrCreateDRSObjectCandidate(oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return err
+                }</span>
+                <span class="cov1" title="1">s.drsObjByOID[oid] = obj
 
-func WriteAddURLSentinelObject(lfsRoot string, oid string, etag string, sourceURL string) (string, error) <span class="cov6" title="2">{
-        objPath := filepath.Join(lfsRoot, "objects", oid[:2], oid[2:4], oid)
-        if err := os.MkdirAll(filepath.Dir(objPath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("mkdir %s: %w", filepath.Dir(objPath), err)
-        }</span>
-        <span class="cov6" title="2">payload, err := BuildAddURLSentinel(etag, sourceURL)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
-        }</span>
-        <span class="cov6" title="2">if err := os.WriteFile(objPath, payload, 0o644); err != nil </span><span class="cov0" title="0">{
-                return "", fmt.Errorf("write sentinel %s: %w", objPath, err)
-        }</span>
-        <span class="cov6" title="2">return objPath, nil</span>
-}
-</pre>
-		
-		<pre class="file" id="file50" style="display: none">package lfs
+                recs := s.existingByHash[oid]
+                if len(recs) == 0 </span><span class="cov0" title="0">{
+                        toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
+                        s.uploadRequired[oid] = true
+                        continue</span>
+                }
+                <span class="cov1" title="1">if match, err := drsremote.FindMatchingRecord(recs, s.rt.Scope.Organization, s.rt.Scope.Project); err == nil &amp;&amp; match != nil </span><span class="cov0" title="0">{
+                        s.drsObjByOID[oid] = match
+                        if s.rt.Tuning.ForceUpload </span><span class="cov0" title="0">{
+                                s.uploadRequired[oid] = true
+                        }</span>
+                        <span class="cov0" title="0">continue</span>
+                }
 
-import (
-        "context"
-        "errors"
-        "fmt"
-        "io"
-        "io/fs"
-        "log/slog"
-        "os"
-        "path/filepath"
+                <span class="cov1" title="1">reusable := s.findReusableRecord(recs)
+                if reusable != nil &amp;&amp; !s.rt.Tuning.ForceUpload </span><span class="cov1" title="1">{
+                        reuseObj, err := s.buildReusableScopedObject(oid, reusable)
+                        if err != nil </span><span class="cov0" title="0">{
+                                return err
+                        }</span>
+                        <span class="cov1" title="1">s.drsObjByOID[oid] = reuseObj
+                        toRegister = append(toRegister, localdrsobject.ConvertToCandidate(reuseObj))
+                        continue</span>
+                }
 
-        "github.com/calypr/git-drs/internal/common"
-)
+                <span class="cov0" title="0">toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
+                s.uploadRequired[oid] = true</span>
+        }
 
-// SmudgeDownloadFunc downloads the object identified by oid into cachePath.
-type SmudgeDownloadFunc func(ctx context.Context, oid, cachePath string) error
+        <span class="cov1" title="1">if len(toRegister) == 0 </span><span class="cov0" title="0">{
+                return nil
+        }</span>
 
-// SmudgeContent reads pointer content from ptr and writes smudged content to dst.
-// If the payload is not an LFS pointer, it passes data through unchanged.
-func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.Writer, logger *slog.Logger, download SmudgeDownloadFunc) error <span class="cov10" title="4">{
-        ptrBytes, err := io.ReadAll(ptr)
+        <span class="cov1" title="1">s.rt.Logger.InfoContext(s.ctx, fmt.Sprintf("bulk registering %d missing records", len(toRegister)))
+        registered, err := s.rt.API.Client.DRS().RegisterObjects(s.ctx, drsapi.RegisterObjectsJSONRequestBody{
+                Candidates: toRegister,
+        })
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: read pointer: %w", err)
+                return fmt.Errorf("bulk register failed: %w", err)
         }</span>
+        <span class="cov1" title="1">for i := range registered.Objects </span><span class="cov1" title="1">{
+                obj := registered.Objects[i]
+                oid := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
+                if oid != "" </span><span class="cov1" title="1">{
+                        copyObj := obj
+                        s.drsObjByOID[oid] = &amp;copyObj
+                }</span>
+        }
+        <span class="cov1" title="1">return nil</span>
+}
 
-        <span class="cov10" title="4">oid, size, ok := ParseLFSPointer(ptrBytes)
-        if !ok </span><span class="cov1" title="1">{
-                _, err := dst.Write(ptrBytes)
-                if err != nil </span><span class="cov0" title="0">{
-                        return fmt.Errorf("smudge: passthrough write: %w", err)
+func (s *batchSyncSession) findReusableRecord(records []drsapi.DrsObject) *drsapi.DrsObject <span class="cov1" title="1">{
+        for i := range records </span><span class="cov1" title="1">{
+                record := records[i]
+                if hasResolvableAccessMethod(&amp;record) </span><span class="cov1" title="1">{
+                        return &amp;record
                 }</span>
-                <span class="cov1" title="1">return nil</span>
         }
+        <span class="cov0" title="0">return nil</span>
+}
 
-        <span class="cov8" title="3">if logger != nil </span><span class="cov8" title="3">{
-                logger.Debug("smudge", "pathname", pathname, "oid", oid, "size", size)
+func (s *batchSyncSession) buildReusableScopedObject(oid string, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        file := s.filesByOID[oid]
+        obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, existing)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("failed to build scoped reusable object for oid %s: %w", oid, err)
         }</span>
+        <span class="cov1" title="1">if existing != nil &amp;&amp; existing.AccessMethods != nil </span><span class="cov1" title="1">{
+                obj.AccessMethods = existing.AccessMethods
+        }</span>
+        <span class="cov1" title="1">return obj, nil</span>
+}
 
-        <span class="cov8" title="3">cachePath, err := ObjectPath(common.LFS_OBJS_PATH, oid)
+func (s *batchSyncSession) getOrCreateDRSObjectCandidate(oid string) (*drsapi.DrsObject, error) <span class="cov1" title="1">{
+        file := s.filesByOID[oid]
+        if localObj, err := localdrsobject.ReadObject(localcommon.DRS_OBJS_PATH, oid); err == nil &amp;&amp; localObj != nil </span><span class="cov0" title="0">{
+                return scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, localObj)
+        }</span>
+        <span class="cov1" title="1">stat, err := os.Stat(file.Name)
         if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: resolve cache path: %w", err)
+                return nil, fmt.Errorf("failed to stat file %s for oid %s: %w", file.Name, oid, err)
+        }</span>
+        <span class="cov1" title="1">obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, stat.Size(), nil)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, fmt.Errorf("failed to build drs object for oid %s: %w", oid, err)
         }</span>
+        <span class="cov1" title="1">return obj, nil</span>
+}
 
-        <span class="cov8" title="3">err = copyObjectToWriter(cachePath, dst)
-        if err == nil </span><span class="cov1" title="1">{
-                return nil
+func scopedDRSObjectForPush(rt *pushRuntime, oid string, path string, size int64, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) <span class="cov7" title="5">{
+        if rt == nil </span><span class="cov0" title="0">{
+                return existing, nil
         }</span>
-        <span class="cov5" title="2">if !errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: read cache: %w", err)
+        <span class="cov7" title="5">if existing != nil &amp;&amp; size &lt;= 0 </span><span class="cov0" title="0">{
+                size = existing.Size
         }</span>
-
-        <span class="cov5" title="2">if download == nil </span><span class="cov1" title="1">{
-                // No remote configured — write the pointer back to the working tree
-                // unchanged, matching git-lfs --skip-smudge behaviour.
-                if logger != nil </span><span class="cov1" title="1">{
-                        logger.Debug("smudge: no downloader configured, writing pointer", "oid", oid)
+        <span class="cov7" title="5">if size &lt;= 0 </span><span class="cov0" title="0">{
+                if stat, err := os.Stat(path); err == nil </span><span class="cov0" title="0">{
+                        size = stat.Size()
                 }</span>
-                <span class="cov1" title="1">_, err := dst.Write(ptrBytes)
-                return err</span>
         }
 
-        <span class="cov1" title="1">if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: mkdir for cache path: %w", err)
+        <span class="cov7" title="5">name := filepath.Base(path)
+        if existing != nil &amp;&amp; existing.Name != nil &amp;&amp; *existing.Name != "" </span><span class="cov7" title="4">{
+                name = *existing.Name
         }</span>
-
-        <span class="cov1" title="1">if err := download(ctx, oid, cachePath); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: download oid %s: %w", oid, err)
+        <span class="cov7" title="5">if name == "" || name == "." </span><span class="cov0" title="0">{
+                name = oid
         }</span>
 
-        <span class="cov1" title="1">if err := copyObjectToWriter(cachePath, dst); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("smudge: open downloaded file: %w", err)
+        <span class="cov7" title="5">did := uuid.NewSHA1(localdrsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", rt.Scope.Project, localdrsobject.NormalizeOid(oid)))).String()
+        if existing != nil &amp;&amp; existing.Id != "" </span><span class="cov7" title="4">{
+                did = existing.Id
         }</span>
 
-        <span class="cov1" title="1">return nil</span>
-}
+        <span class="cov7" title="5">obj, err := localdrsobject.BuildWithPrefix(name, oid, size, did, rt.Scope.Bucket, rt.Scope.Organization, rt.Scope.Project, rt.Scope.StoragePref)
+        if err != nil </span><span class="cov0" title="0">{
+                return nil, err
+        }</span>
+        <span class="cov7" title="5">if existing == nil </span><span class="cov1" title="1">{
+                return obj, nil
+        }</span>
 
-func copyObjectToWriter(path string, dst io.Writer) error <span class="cov10" title="4">{
-        f, err := os.Open(path)
-        if err != nil </span><span class="cov5" title="2">{
-                return err
+        <span class="cov7" title="4">if shouldPreserveExistingAccessMethodsForPush(existing, obj, oid) </span><span class="cov4" title="2">{
+                obj.AccessMethods = existing.AccessMethods
         }</span>
-        <span class="cov5" title="2">defer f.Close()
 
-        _, err = io.Copy(dst, f)
-        return err</span>
+        <span class="cov7" title="4">obj.Aliases = existing.Aliases
+        obj.Contents = existing.Contents
+        obj.Description = existing.Description
+        obj.MimeType = existing.MimeType
+        if existing.Version != nil </span><span class="cov0" title="0">{
+                obj.Version = existing.Version
+        }</span>
+        <span class="cov7" title="4">if !existing.CreatedTime.IsZero() </span><span class="cov0" title="0">{
+                obj.CreatedTime = existing.CreatedTime
+        }</span>
+        <span class="cov7" title="4">if existing.UpdatedTime != nil </span><span class="cov0" title="0">{
+                obj.UpdatedTime = existing.UpdatedTime
+        }</span>
+        <span class="cov7" title="4">return obj, nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file51" style="display: none">package lfs
-
-import (
-        "fmt"
-        "log/slog"
-        "os"
-        "path/filepath"
-        "strings"
-
-        "github.com/bytedance/sonic"
-        "github.com/calypr/git-drs/internal/common"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-        "github.com/calypr/syfon/client/hash"
-)
 
-// This file contains functions that pertain to .git/drs/lfs/objects directory walk
-type PendingObject struct {
-        OID  string
-        Path string
+func shouldPreserveExistingAccessMethodsForPush(existing *drsapi.DrsObject, generated *drsapi.DrsObject, oid string) bool <span class="cov7" title="4">{
+        existingURL := firstAccessURL(existing)
+        if existingURL == "" </span><span class="cov0" title="0">{
+                return false
+        }</span>
+        <span class="cov7" title="4">generatedURL := firstAccessURL(generated)
+        if existingURL == generatedURL </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov7" title="4">existingBucket, existingKey, existingOK := parseStorageURL(existingURL)
+        if !existingOK </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov7" title="4">generatedBucket, generatedKey, generatedOK := parseStorageURL(generatedURL)
+        normalizedOID := strings.Trim(strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), "/")
+        existingKey = strings.Trim(existingKey, "/")
+        if strings.EqualFold(existingBucket, "objects") </span><span class="cov1" title="1">{
+                return false
+        }</span>
+        <span class="cov5" title="3">if generatedOK &amp;&amp; existingKey == "" </span><span class="cov1" title="1">{
+                return false
+        }</span>
+        <span class="cov4" title="2">if generatedOK &amp;&amp; !strings.EqualFold(existingBucket, generatedBucket) &amp;&amp; existingKey == normalizedOID </span><span class="cov0" title="0">{
+                return false
+        }</span>
+        <span class="cov4" title="2">if generatedOK &amp;&amp; existingKey == generatedKey &amp;&amp; strings.EqualFold(existingBucket, generatedBucket) </span><span class="cov0" title="0">{
+                return true
+        }</span>
+        <span class="cov4" title="2">return true</span>
 }
 
-type ObjectStore struct {
-        BasePath string
-        Logger   *slog.Logger
+func firstAccessURL(obj *drsapi.DrsObject) string <span class="cov10" title="8">{
+        if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+        <span class="cov10" title="8">am := (*obj.AccessMethods)[0]
+        if am.AccessUrl == nil </span><span class="cov0" title="0">{
+                return ""
+        }</span>
+        <span class="cov10" title="8">return strings.TrimSpace(am.AccessUrl.Url)</span>
 }
 
-func NewObjectStore(basePath string, logger *slog.Logger) *ObjectStore <span class="cov9" title="12">{
-        return &amp;ObjectStore{
-                BasePath: basePath,
-                Logger:   logger,
+func parseStorageURL(raw string) (bucket string, key string, ok bool) <span class="cov10" title="8">{
+        u, err := url.Parse(strings.TrimSpace(raw))
+        if err != nil || u.Scheme == "" || u.Host == "" </span><span class="cov0" title="0">{
+                return "", "", false
+        }</span>
+        <span class="cov10" title="8">switch strings.ToLower(u.Scheme) </span>{
+        case "s3", "gs", "azblob":<span class="cov10" title="8">
+                return u.Host, strings.Trim(u.Path, "/"), true</span>
+        default:<span class="cov0" title="0">
+                return "", "", false</span>
         }
-}</span>
-
-func ObjectPath(basePath string, oid string) (string, error) <span class="cov7" title="7">{
-        store := NewObjectStore(basePath, nil)
-        return store.ObjectPath(oid)
-}</span>
-
-func WriteObject(basePath string, drsObj *drsapi.DrsObject, oid string) error <span class="cov3" title="2">{
-        store := NewObjectStore(basePath, nil)
-        return store.WriteObject(drsObj, oid)
-}</span>
+}
 
-func ReadObject(basePath string, oid string) (*drsapi.DrsObject, error) <span class="cov3" title="2">{
-        store := NewObjectStore(basePath, nil)
-        return store.ReadObject(oid)
-}</span>
+func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error) <span class="cov0" title="0">{
+        candidates := make([]uploadCandidate, 0)
+        for _, oid := range s.oids </span><span class="cov0" title="0">{
+                needsUpload, err := s.needsUpload(oid)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, err
+                }</span>
+                <span class="cov0" title="0">if !needsUpload </span><span class="cov0" title="0">{
+                        continue</span>
+                }
 
-func (s *ObjectStore) ObjectPath(oid string) (string, error) <span class="cov10" title="13">{
-        // normalize oid - strip sha256: prefix if present
-        oid = strings.TrimPrefix(oid, "sha256:")
+                <span class="cov0" title="0">file := s.filesByOID[oid]
+                srcPath, canUpload, err := resolveUploadSourcePath(oid, file.Name, file.IsPointer)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, fmt.Errorf("failed to resolve upload source for oid %s: %w", oid, err)
+                }</span>
+                <span class="cov0" title="0">if !canUpload </span><span class="cov0" title="0">{
+                        s.rt.Logger.WarnContext(s.ctx, "no local payload available; skipping upload", "oid", oid, "path", file.Name)
+                        continue</span>
+                }
 
-        // check that oid is a valid sha256 hash
-        if len(oid) != 64 </span><span class="cov1" title="1">{
-                return "", fmt.Errorf("error: %s is not a valid sha256 hash", oid)
-        }</span>
+                <span class="cov0" title="0">stat, err := os.Stat(srcPath)
+                if err != nil </span><span class="cov0" title="0">{
+                        return nil, fmt.Errorf("failed to stat upload source %s: %w", srcPath, err)
+                }</span>
 
-        <span class="cov9" title="12">return filepath.Join(s.BasePath, oid[:2], oid[2:4], oid), nil</span>
+                <span class="cov0" title="0">candidates = append(candidates, uploadCandidate{
+                        oid:  oid,
+                        obj:  s.drsObjByOID[oid],
+                        file: file,
+                        size: stat.Size(),
+                        src:  srcPath,
+                })</span>
+        }
+        <span class="cov0" title="0">return candidates, nil</span>
 }
 
-func (s *ObjectStore) WriteObject(drsObj *drsapi.DrsObject, oid string) error <span class="cov4" title="3">{
-        drsObjBytes, err := sonic.ConfigFastest.Marshal(drsObj)
-        if err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error marshalling DRS object for oid %s: %v", oid, err)
+func (s *batchSyncSession) needsUpload(oid string) (bool, error) <span class="cov4" title="2">{
+        if s.rt.Tuning.ForceUpload </span><span class="cov1" title="1">{
+                return true, nil
         }</span>
-
-        <span class="cov4" title="3">drsObjPath, err := s.ObjectPath(oid)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+        <span class="cov1" title="1">if s.uploadRequired[oid] </span><span class="cov0" title="0">{
+                return true, nil
         }</span>
-        <span class="cov4" title="3">if err := os.MkdirAll(filepath.Dir(drsObjPath), 0755); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error creating directory for %s: %v", drsObjPath, err)
+        <span class="cov1" title="1">if len(s.existingByHash[oid]) == 0 </span><span class="cov0" title="0">{
+                return true, nil
         }</span>
+        <span class="cov1" title="1">return false, nil</span>
+}
 
-        <span class="cov4" title="3">if err := os.WriteFile(drsObjPath, drsObjBytes, 0644); err != nil </span><span class="cov0" title="0">{
-                return fmt.Errorf("error writing %s: %v", drsObjPath, err)
+func hasResolvableAccessMethod(obj *drsapi.DrsObject) bool <span class="cov1" title="1">{
+        if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 </span><span class="cov0" title="0">{
+                return false
         }</span>
-        <span class="cov4" title="3">return nil</span>
+        <span class="cov1" title="1">for _, am := range *obj.AccessMethods </span><span class="cov1" title="1">{
+                if strings.TrimSpace(string(am.Type)) == "" || am.AccessUrl == nil </span><span class="cov0" title="0">{
+                        continue</span>
+                }
+                <span class="cov1" title="1">if strings.TrimSpace(am.AccessUrl.Url) != "" </span><span class="cov1" title="1">{
+                        return true
+                }</span>
+        }
+        <span class="cov0" title="0">return false</span>
 }
 
-func (s *ObjectStore) ReadObject(oid string) (*drsapi.DrsObject, error) <span class="cov4" title="3">{
-        path, err := s.ObjectPath(oid)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error getting object path for oid %s: %v", oid, err)
+func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error <span class="cov4" title="2">{
+        threshold := s.rt.Tuning.MultiPartThreshold
+        if threshold &lt;= 0 </span><span class="cov0" title="0">{
+                threshold = 5 * 1024 * 1024 * 1024
         }</span>
-
-        <span class="cov4" title="3">drsObjBytes, err := os.ReadFile(path)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error reading DRS object for oid %s: %v", oid, err)
+        <span class="cov4" title="2">concurrency := s.rt.Tuning.UploadConcurrency
+        if concurrency &lt;= 0 </span><span class="cov0" title="0">{
+                concurrency = 1
         }</span>
 
-        <span class="cov4" title="3">var drsObject drsapi.DrsObject
-        if err := sonic.ConfigFastest.Unmarshal(drsObjBytes, &amp;drsObject); err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf("error unmarshaling DRS object for oid %s: %v", oid, err)
+        <span class="cov4" title="2">small, large := splitCandidatesByThreshold(candidates, threshold)
+        s.rt.Logger.InfoContext(s.ctx, "upload plan prepared", "total", len(candidates), "parallel_small", len(small), "sequential_large", len(large))
+        if s.reporter != nil </span><span class="cov1" title="1">{
+                s.reporter.OnUploadPlan(buildUploadPlanSummary(candidates))
         }</span>
 
-        <span class="cov4" title="3">return &amp;drsObject, nil</span>
-}
-
-// getPendingObjects walks .git/drs/lfs/objects/ to find all pending records
-func GetPendingObjects(logger *slog.Logger) ([]*PendingObject, error) <span class="cov0" title="0">{
-        var objects []*PendingObject
-        objectsDir := common.DRS_OBJS_PATH
-
-        if _, err := os.Stat(objectsDir); os.IsNotExist(err) </span><span class="cov0" title="0">{
-                return nil, nil
-        }</span>
-        <span class="cov0" title="0">err := filepath.Walk(objectsDir, func(path string, info os.FileInfo, err error) error </span><span class="cov0" title="0">{
-                if err != nil </span><span class="cov0" title="0">{
+        <span class="cov4" title="2">if len(small) &gt; 0 </span><span class="cov4" title="2">{
+                eg, egCtx := errgroup.WithContext(s.ctx)
+                eg.SetLimit(concurrency)
+                for _, c := range small </span><span class="cov7" title="4">{
+                        c := c
+                        eg.Go(func() error </span><span class="cov7" title="4">{
+                                s.reportUploadStarted(c)
+                                uploadCtx := s.progressContextForCandidate(egCtx, c)
+                                if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil </span><span class="cov0" title="0">{
+                                        return err
+                                }</span>
+                                <span class="cov7" title="4">s.reportUploadCompleted(c)
+                                return nil</span>
+                        })
+                }
+                <span class="cov4" title="2">if err := eg.Wait(); err != nil </span><span class="cov0" title="0">{
                         return err
                 }</span>
-                <span class="cov0" title="0">if info.IsDir() </span><span class="cov0" title="0">{
-                        return nil
-                }</span>
-                <span class="cov0" title="0">rel, err := filepath.Rel(objectsDir, path)
-                if err != nil </span><span class="cov0" title="0">{
+        }
+
+        <span class="cov4" title="2">for _, c := range large </span><span class="cov0" title="0">{
+                s.reportUploadStarted(c)
+                uploadCtx := s.progressContextForCandidate(s.ctx, c)
+                if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil </span><span class="cov0" title="0">{
                         return err
                 }</span>
-                <span class="cov0" title="0">parts := strings.SplitN(rel, string(os.PathSeparator), 3)
-                if len(parts) != 3 </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("Skipping malformed path: %s", path))
-                        return nil
-                }</span>
-                <span class="cov0" title="0">oid := parts[2] // GetObjectPath stores full OID in the 3rd directory level
-                objects = append(objects, &amp;PendingObject{
-                        OID: oid,
+                <span class="cov0" title="0">s.reportUploadCompleted(c)</span>
+        }
+        <span class="cov4" title="2">return nil</span>
+}
+
+func buildUploadPlanSummary(candidates []uploadCandidate) UploadPlanSummary <span class="cov1" title="1">{
+        files := make([]UploadPlanFile, 0, len(candidates))
+        var totalBytes int64
+        for _, c := range candidates </span><span class="cov1" title="1">{
+                files = append(files, UploadPlanFile{
+                        OID:   c.oid,
+                        Path:  c.file.Name,
+                        Bytes: c.size,
                 })
-                return nil</span>
-        })
-        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
-                return nil, err
+                totalBytes += c.size
+        }</span>
+        <span class="cov1" title="1">return UploadPlanSummary{
+                Files:      files,
+                TotalFiles: len(files),
+                TotalBytes: totalBytes,
         }</span>
-        <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Found %d pending objects in %s", len(objects), objectsDir))
-        return objects, nil</span>
 }
 
-func GetDrsLfsObjects(logger *slog.Logger) (map[string]*drsapi.DrsObject, error) <span class="cov0" title="0">{
-        objects := map[string]*drsapi.DrsObject{}
-        objectsDir := common.DRS_OBJS_PATH
-        if _, err := os.Stat(objectsDir); os.IsNotExist(err) </span><span class="cov0" title="0">{
-                logger.Debug(fmt.Sprintf("DRS objects directory not found: %s", objectsDir))
-                return nil, nil
+func (s *batchSyncSession) progressContextForCandidate(ctx context.Context, c uploadCandidate) context.Context <span class="cov7" title="4">{
+        if s.reporter == nil </span><span class="cov5" title="3">{
+                return ctx
         }</span>
-
-        <span class="cov0" title="0">err := filepath.Walk(objectsDir, func(path string, info os.FileInfo, err error) error </span><span class="cov0" title="0">{
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error accessing path %s: %v", path, err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">if info.IsDir() </span><span class="cov0" title="0">{
-                        return nil
-                }</span>
-                <span class="cov0" title="0">rel, err := filepath.Rel(objectsDir, path)
-                if err != nil </span><span class="cov0" title="0">{
-                        return err
-                }</span>
-                <span class="cov0" title="0">parts := strings.SplitN(rel, string(os.PathSeparator), 3)
-                if len(parts) != 3 </span><span class="cov0" title="0">{
-                        logger.Debug(fmt.Sprintf("Skipping malformed path: %s", path))
-                        return nil
-                }</span>
-                <span class="cov0" title="0">data, err := os.ReadFile(path)
-                if err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error reading file %s: %v", path, err))
-                        return err
-                }</span>
-                <span class="cov0" title="0">var drsObject drsapi.DrsObject
-                if err := sonic.ConfigFastest.Unmarshal(data, &amp;drsObject); err != nil </span><span class="cov0" title="0">{
-                        logger.Error(fmt.Sprintf("Error unmarshalling JSON from %s: %v", path, err))
+        <span class="cov1" title="1">ctx = sycommon.WithOid(ctx, c.oid)
+        return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error </span><span class="cov9" title="7">{
+                if ev.Event != "progress" </span><span class="cov7" title="4">{
                         return nil
                 }</span>
-
-                // This could be problematic
-                <span class="cov0" title="0">hInfo := hash.ConvertDrsChecksumsToHashInfo(drsObject.Checksums)
-                if hInfo.SHA256 != "" </span><span class="cov0" title="0">{
-                        objects[hInfo.SHA256] = &amp;drsObject
-                }</span>
-
-                <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Successfully unmarshaled drsapi.DrsObject from %s:\n%+v", path, drsObject))
+                <span class="cov5" title="3">s.reporter.OnUploadProgress(UploadProgressEvent{
+                        OID:            c.oid,
+                        Path:           c.file.Name,
+                        BytesSoFar:     ev.BytesSoFar,
+                        BytesSinceLast: ev.BytesSinceLast,
+                        TotalBytes:     c.size,
+                        Phase:          UploadProgressUploading,
+                })
                 return nil</span>
         })
-        <span class="cov0" title="0">if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov0" title="0">logger.Debug(fmt.Sprintf("Found and unmarshaled %d DRS objects.", len(objects)))
-        return objects, nil</span>
 }
-</pre>
-		
-		<pre class="file" id="file52" style="display: none">package lfs
-
-import (
-        "io/fs"
-        "os"
-        "path/filepath"
-
-        "github.com/bytedance/sonic"
-        "github.com/calypr/git-drs/internal/common"
-        "github.com/calypr/git-drs/internal/gitrepo"
-        drsapi "github.com/calypr/syfon/apigen/client/drs"
-)
-
-type DrsWalkFunc func(path string, d *drsapi.DrsObject) error
 
-func BaseDir() (string, error) <span class="cov1" title="1">{
-        gitTopLevel, err := gitrepo.GitTopLevel()
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func (s *batchSyncSession) reportUploadStarted(c uploadCandidate) <span class="cov7" title="4">{
+        if s.reporter == nil </span><span class="cov5" title="3">{
+                return
         }</span>
-        <span class="cov1" title="1">return filepath.Join(gitTopLevel, common.DRS_DIR), nil</span>
-}
-
-type dirWalker struct {
-        baseDir  string
-        userFunc DrsWalkFunc
+        <span class="cov1" title="1">s.reporter.OnUploadProgress(UploadProgressEvent{
+                OID:            c.oid,
+                Path:           c.file.Name,
+                BytesSoFar:     0,
+                BytesSinceLast: 0,
+                TotalBytes:     c.size,
+                Phase:          UploadProgressUploading,
+        })</span>
 }
 
-func (d *dirWalker) call(path string, dir fs.DirEntry, cErr error) error <span class="cov10" title="3">{
-        data, err := os.ReadFile(path)
-        if err != nil </span><span class="cov6" title="2">{
-                return nil
-        }</span>
-        <span class="cov1" title="1">obj := drsapi.DrsObject{}
-        err = sonic.ConfigFastest.Unmarshal(data, &amp;obj)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov1" title="1">relPath, err := filepath.Rel(d.baseDir, path)
-        if err != nil </span><span class="cov0" title="0">{
-                return err
+func (s *batchSyncSession) reportUploadCompleted(c uploadCandidate) <span class="cov7" title="4">{
+        if s.reporter == nil </span><span class="cov5" title="3">{
+                return
         }</span>
-        <span class="cov1" title="1">return d.userFunc(relPath, &amp;obj)</span>
+        <span class="cov1" title="1">s.reporter.OnUploadProgress(UploadProgressEvent{
+                OID:            c.oid,
+                Path:           c.file.Name,
+                BytesSoFar:     c.size,
+                BytesSinceLast: 0,
+                TotalBytes:     c.size,
+                Phase:          UploadProgressCompleted,
+        })</span>
 }
 
-func ObjectWalk(f DrsWalkFunc) error <span class="cov1" title="1">{
-        baseDir, err := BaseDir()
-        if err != nil </span><span class="cov0" title="0">{
-                return err
-        }</span>
-        <span class="cov1" title="1">ud := dirWalker{baseDir, f}
-        return filepath.WalkDir(baseDir, ud.call)</span>
+func splitCandidatesByThreshold(candidates []uploadCandidate, threshold int64) (small, large []uploadCandidate) <span class="cov4" title="2">{
+        for _, c := range candidates </span><span class="cov7" title="4">{
+                if c.size &lt; threshold </span><span class="cov7" title="4">{
+                        small = append(small, c)
+                }</span> else<span class="cov0" title="0"> {
+                        large = append(large, c)
+                }</span>
+        }
+        <span class="cov4" title="2">return</span>
 }
 </pre>
 		
-		<pre class="file" id="file53" style="display: none">package precommit_cache
+		<pre class="file" id="file66" style="display: none">package pushsync
 
 import (
         "context"
-        "crypto/sha256"
-        "encoding/base64"
-        "encoding/json"
-        "errors"
         "fmt"
-        "io/fs"
+        "log/slog"
+        "net/http"
+        "net/url"
         "os"
-        "os/exec"
-        "path/filepath"
-        "sort"
         "strings"
-        "time"
-)
-
-const (
-        // cacheVersionDir is the repository-relative directory under `.git`
-        // containing the pre-commit cache layout (paths and oids).
-        cacheVersionDir = "drs/pre-commit/v1"
-)
-
-// PathEntry represents the per-path cache file format.
-// It maps a repository-relative path to the last recorded LFS OID and
-// a timestamp when the entry was updated.
-type PathEntry struct {
-        Path      string `json:"path"`
-        LFSOID    string `json:"lfs_oid"`
-        UpdatedAt string `json:"updated_at"`
-}
 
-// OIDEntry represents the per-OID cache file format.
-// It lists repository paths that referenced the OID, an optional
-// non-authoritative external URL hint, a timestamp and a flag that
-// indicates whether content changed for a path update.
-type OIDEntry struct {
-        LFSOID        string   `json:"lfs_oid"`
-        Paths         []string `json:"paths"`
-        ExternalURL   string   `json:"external_url,omitempty"` // non-authoritative hint
-        UpdatedAt     string   `json:"updated_at"`
-        ContentChange bool     `json:"content_changed"`
-}
+        localcommon "github.com/calypr/git-drs/internal/common"
+        "github.com/calypr/git-drs/internal/config"
+        localdrsobject "github.com/calypr/git-drs/internal/drsobject"
+        "github.com/calypr/git-drs/internal/lfs"
+        drsapi "github.com/calypr/syfon/apigen/client/drs"
+        internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+        sycommon "github.com/calypr/syfon/client/common"
+        conf "github.com/calypr/syfon/client/config"
+        "github.com/calypr/syfon/client/hash"
+        syrequest "github.com/calypr/syfon/client/request"
+        "github.com/calypr/syfon/client/transfer"
+        syupload "github.com/calypr/syfon/client/transfer/upload"
+)
 
-// Cache provides read-only access to the `.git/drs/pre-commit` cache.
-// Use Open to construct an instance with correct paths resolved.
-type Cache struct {
-        GitDir    string
-        Root      string
-        PathsDir  string
-        OIDsDir   string
-        StatePath string
+var uploadBackendForRuntime = func(rt *pushRuntime) transfer.MultipartBackend <span class="cov0" title="0">{
+        if rt == nil || rt.API == nil || rt.API.Client == nil </span><span class="cov0" title="0">{
+                return nil
+        }</span>
+        <span class="cov0" title="0">return rt.API.Client.Data()</span>
 }
 
-// Open discovers the repository `.git` directory and returns a Cache
-// configured to read the repository's pre-commit cache layout.
-// Returns an error if git metadata cannot be resolved.
-func Open(ctx context.Context) (*Cache, error) <span class="cov1" title="1">{
-        gitDir, err := gitRevParseGitDir(ctx)
-        if err != nil </span><span class="cov0" title="0">{
-                return nil, err
-        }</span>
-        <span class="cov1" title="1">root := filepath.Join(gitDir, cacheVersionDir)
-        return &amp;Cache{
-                GitDir:    gitDir,
-                Root:      root,
-                PathsDir:  filepath.Join(root, "paths"),
-                OIDsDir:   filepath.Join(root, "oids"),
-                StatePath: filepath.Join(root, "state.json"),
-        }, nil</span>
+type scopedUploadURLBackend struct {
+        transfer.MultipartBackend
+        rt *pushRuntime
 }
 
-//
-// Primary lookup helpers
-//
+func (b *scopedUploadURLBackend) ResolveUploadURL(ctx context.Context, guid string, filename string, metadata sycommon.FileMetadata, bucket string) (string, error) <span class="cov10" title="7">{
+        return resolveScopedUploadURL(b.rt, ctx, b.MultipartBackend, guid, filename)
+}</span>
 
-// LookupOIDByPath returns the cached LFS OID for a repo-relative path.
-// It returns (oid, true, nil) when present, (\"\", false, nil) when absent,
-// and an error if the underlying read failed.
-func (c *Cache) LookupOIDByPath(path string) (string, bool, error) <span class="cov1" title="1">{
-        pe, ok, err := c.ReadPathEntry(path)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return "", ok, err
-        }</span>
-        <span class="cov1" title="1">if pe.LFSOID == "" </span><span class="cov0" title="0">{
-                return "", false, nil
-        }</span>
-        <span class="cov1" title="1">return pe.LFSOID, true, nil</span>
+type pushScope struct {
+        Organization string
+        Project      string
+        Bucket       string
+        StoragePref  string
 }
 
-// LookupPathsByOID returns advisory repository-relative paths that recently
-// referenced the given LFS OID. Paths are returned sorted. Absent OID yields
-// (nil, false, nil).
-func (c *Cache) LookupPathsByOID(oid string) ([]string, bool, error) <span class="cov0" title="0">{
-        oe, ok, err := c.ReadOIDEntry(oid)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return nil, ok, err
-        }</span>
-        <span class="cov0" title="0">paths := append([]string(nil), oe.Paths...)
-        sort.Strings(paths)
-        return paths, true, nil</span>
+type pushTuning struct {
+        Upsert             bool
+        ForceUpload        bool
+        MultiPartThreshold int64
+        UploadConcurrency  int
 }
 
-// LookupExternalURLByOID returns the cached external URL hint for an OID.
-// Returns (\"\", false, nil) if the entry is missing or the hint is empty.
-func (c *Cache) LookupExternalURLByOID(oid string) (string, bool, error) <span class="cov5" title="2">{
-        oe, ok, err := c.ReadOIDEntry(oid)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return "", ok, err
-        }</span>
-        <span class="cov5" title="2">u := strings.TrimSpace(oe.ExternalURL)
-        if u == "" </span><span class="cov0" title="0">{
-                return "", false, nil
+type pushRuntime struct {
+        API        *config.GitContext
+        Credential *conf.Credential
+        Logger     *slog.Logger
+        Scope      pushScope
+        Tuning     pushTuning
+        ProbeURL   func(context.Context, string) error
+}
+
+func newPushRuntime(cl *config.GitContext) *pushRuntime <span class="cov6" title="3">{
+        if cl == nil </span><span class="cov4" title="2">{
+                return &amp;pushRuntime{}
+        }</span>
+        <span class="cov1" title="1">return &amp;pushRuntime{
+                API:        cl,
+                Credential: cl.Credential,
+                Logger:     cl.Logger,
+                Scope: pushScope{
+                        Organization: cl.Organization,
+                        Project:      cl.ProjectId,
+                        Bucket:       cl.BucketName,
+                        StoragePref:  cl.StoragePrefix,
+                },
+                Tuning: pushTuning{
+                        Upsert:             cl.Upsert,
+                        ForceUpload:        cl.ForceUpload,
+                        MultiPartThreshold: cl.MultiPartThreshold,
+                        UploadConcurrency:  cl.UploadConcurrency,
+                },
+                ProbeURL: newDownloadProbe(cl),
         }</span>
-        <span class="cov5" title="2">return u, true, nil</span>
 }
 
-// ResolveExternalURLByPath resolves a path -&gt; oid -&gt; external_url (hint).
-// Returns the external URL hint when available. Missing data yields
-// (\"\", false, nil).
-func (c *Cache) ResolveExternalURLByPath(path string) (string, bool, error) <span class="cov1" title="1">{
-        oid, ok, err := c.LookupOIDByPath(path)
-        if err != nil || !ok </span><span class="cov0" title="0">{
-                return "", false, err
+// isFileDownloadable checks if a file is already available for download
+func isFileDownloadable(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject) (bool, error) <span class="cov0" title="0">{
+        // Try to get a download URL - if successful, file is downloadable
+        if drsObject.AccessMethods == nil || len(*drsObject.AccessMethods) == 0 </span><span class="cov0" title="0">{
+                return false, nil
         }</span>
-        <span class="cov1" title="1">return c.LookupExternalURLByOID(oid)</span>
+        <span class="cov0" title="0">accessType := (*drsObject.AccessMethods)[0].Type
+        res, err := rt.API.Client.DRS().GetAccessURL(ctx, drsObject.Id, string(accessType))
+        if err != nil </span><span class="cov0" title="0">{
+                // If we can't get a download URL, assume file is not downloadable
+                return false, nil
+        }</span>
+        <span class="cov0" title="0">if rt.ProbeURL == nil </span><span class="cov0" title="0">{
+                rt.ProbeURL = newDownloadProbe(rt.API)
+        }</span>
+        <span class="cov0" title="0">err = rt.ProbeURL(ctx, res.Url)
+        return err == nil, nil</span>
 }
 
-//
-// Lower-level file access
-//
+func uploadKeyFromObject(obj *drsapi.DrsObject, bucket string, storagePrefix string) string <span class="cov10" title="7">{
+        prefix := strings.Trim(strings.TrimSpace(storagePrefix), "/")
+        applyPrefix := func(key string) string </span><span class="cov10" title="7">{
+                key = strings.Trim(strings.TrimSpace(key), "/")
+                if key == "" </span><span class="cov0" title="0">{
+                        return ""
+                }</span>
+                <span class="cov10" title="7">if prefix == "" || key == prefix || strings.HasPrefix(key, prefix+"/") </span><span class="cov8" title="5">{
+                        return key
+                }</span>
+                <span class="cov4" title="2">return prefix + "/" + key</span>
+        }
 
-// ReadPathEntry reads and parses the JSON path entry for a repository-relative
-// path. Returns (entry, true, nil) on success, (nil, false, nil) if the file
-// does not exist, or an error on I/O/parse failure.
-func (c *Cache) ReadPathEntry(path string) (*PathEntry, bool, error) <span class="cov1" title="1">{
-        f := c.pathEntryFile(path)
-        b, err := os.ReadFile(f)
-        if err != nil </span><span class="cov0" title="0">{
-                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
-                        return nil, false, nil
+        <span class="cov10" title="7">if obj != nil &amp;&amp; obj.AccessMethods != nil &amp;&amp; len(*obj.AccessMethods) &gt; 0 </span><span class="cov1" title="1">{
+                raw := ""
+                if (*obj.AccessMethods)[0].AccessUrl != nil </span><span class="cov1" title="1">{
+                        raw = strings.TrimSpace((*obj.AccessMethods)[0].AccessUrl.Url)
                 }</span>
-                <span class="cov0" title="0">return nil, false, fmt.Errorf("read path entry %q: %w", f, err)</span>
+                <span class="cov1" title="1">if raw != "" </span><span class="cov1" title="1">{
+                        if u, err := url.Parse(raw); err == nil &amp;&amp; strings.EqualFold(u.Scheme, "s3") </span><span class="cov1" title="1">{
+                                // Preserve the full object key path from DRS metadata.
+                                // Taking only filepath.Base(...) loses CAS/storage prefixes and causes 404 downloads.
+                                key := strings.TrimSpace(strings.TrimPrefix(u.Path, "/"))
+                                if key != "" &amp;&amp; (bucket == "" || strings.EqualFold(strings.TrimSpace(u.Host), strings.TrimSpace(bucket))) </span><span class="cov0" title="0">{
+                                        return key
+                                }</span>
+                        }
+                }
         }
-        <span class="cov1" title="1">var pe PathEntry
-        if err := json.Unmarshal(b, &amp;pe); err != nil </span><span class="cov0" title="0">{
-                return nil, false, fmt.Errorf("parse path entry %q: %w", f, err)
+        <span class="cov10" title="7">if obj != nil </span><span class="cov10" title="7">{
+                return applyPrefix(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
         }</span>
-        <span class="cov1" title="1">return &amp;pe, true, nil</span>
+        <span class="cov0" title="0">return ""</span>
 }
 
-// ReadOIDEntry reads and parses the JSON OID entry for an LFS OID string.
-// Returns (entry, true, nil) on success, (nil, false, nil) if missing,
-// or an error on I/O/parse failure.
-func (c *Cache) ReadOIDEntry(oid string) (*OIDEntry, bool, error) <span class="cov5" title="2">{
-        f := c.oidEntryFile(oid)
-        b, err := os.ReadFile(f)
-        if err != nil </span><span class="cov0" title="0">{
-                if errors.Is(err, fs.ErrNotExist) </span><span class="cov0" title="0">{
-                        return nil, false, nil
+func resolveUploadSourcePath(oid string, worktreePath string, isPointer bool) (string, bool, error) <span class="cov1" title="1">{
+        oid = localdrsobject.NormalizeOid(oid)
+        if oid == "" </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("empty oid")
+        }</span>
+
+        <span class="cov1" title="1">lfsObjPath, err := lfs.ObjectPath(localcommon.LFS_OBJS_PATH, oid)
+        if err == nil </span><span class="cov1" title="1">{
+                if st, statErr := os.Stat(lfsObjPath); statErr == nil &amp;&amp; !st.IsDir() &amp;&amp; st.Size() &gt; 0 </span><span class="cov0" title="0">{
+                        return lfsObjPath, true, nil
                 }</span>
-                <span class="cov0" title="0">return nil, false, fmt.Errorf("read oid entry %q: %w", f, err)</span>
         }
-        <span class="cov5" title="2">var oe OIDEntry
-        if err := json.Unmarshal(b, &amp;oe); err != nil </span><span class="cov0" title="0">{
-                return nil, false, fmt.Errorf("parse oid entry %q: %w", f, err)
+
+        <span class="cov1" title="1">if isPointer </span><span class="cov1" title="1">{
+                return "", false, nil
         }</span>
-        <span class="cov5" title="2">return &amp;oe, true, nil</span>
+
+        <span class="cov0" title="0">st, statErr := os.Stat(worktreePath)
+        if statErr != nil </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("stat worktree path %s: %w", worktreePath, statErr)
+        }</span>
+        <span class="cov0" title="0">if st.IsDir() </span><span class="cov0" title="0">{
+                return "", false, fmt.Errorf("worktree path %s is a directory", worktreePath)
+        }</span>
+        <span class="cov0" title="0">return worktreePath, true, nil</span>
 }
 
-//
-// Validation helpers (optional)
-//
+func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject, filePath string, skipIfDownloadable bool) error <span class="cov10" title="7">{
+        hInfo := hash.ConvertDrsChecksumsToHashInfo(drsObject.Checksums)
+        if skipIfDownloadable </span><span class="cov0" title="0">{
+                rt.Logger.DebugContext(ctx, fmt.Sprintf("checking if oid %s is already downloadable", hInfo.SHA256))
+                downloadable, err := isFileDownloadable(rt, ctx, drsObject)
+                if err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("error checking if file is downloadable: oid %s %v", hInfo.SHA256, err)
+                }</span>
+                <span class="cov0" title="0">if downloadable </span><span class="cov0" title="0">{
+                        rt.Logger.DebugContext(ctx, fmt.Sprintf("file %s is already available for download, skipping upload", hInfo.SHA256))
+                        return nil
+                }</span>
+        }
 
-// CheckExternalURLMismatch compares a cached external URL hint against an
-// authoritative URL. If either value is empty this is a no-op. When both are
-// non-empty and differ an error describing the mismatch is returned.
-func CheckExternalURLMismatch(localHint, authoritative string) error <span class="cov8" title="3">{
-        l := strings.TrimSpace(localHint)
-        a := strings.TrimSpace(authoritative)
-        if l == "" || a == "" </span><span class="cov1" title="1">{
-                return nil
+        <span class="cov10" title="7">rt.Logger.DebugContext(ctx, fmt.Sprintf("file %s is not downloadable, proceeding to upload", hInfo.SHA256))
+        multiPartThreshold := int64(5 * 1024 * 1024 * 1024)
+        if rt.Tuning.MultiPartThreshold &gt; 0 </span><span class="cov10" title="7">{
+                multiPartThreshold = rt.Tuning.MultiPartThreshold
         }</span>
-        <span class="cov5" title="2">if l != a </span><span class="cov1" title="1">{
-                return fmt.Errorf(
-                        "external URL mismatch: cache=%q authoritative=%q",
-                        l, a,
+        <span class="cov10" title="7">fileStat, statErr := os.Stat(filePath)
+        if statErr != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("error stat file %s: %v", filePath, statErr)
+        }</span>
+        <span class="cov10" title="7">fileSize := fileStat.Size()
+        drsSize := drsObject.Size
+        if drsSize != fileSize </span><span class="cov7" title="4">{
+                rt.Logger.WarnContext(ctx, "drs metadata size differs from local source size; using local file size for upload mode decision",
+                        "did", drsObject.Id,
+                        "path", filePath,
+                        "drs_size", drsSize,
+                        "file_size", fileSize,
                 )
         }</span>
-        <span class="cov1" title="1">return nil</span>
-}
 
-// StaleAfter reports whether a JSON entry with the given updatedAt RFC3339
-// timestamp is older than maxAge. Returns false if the timestamp cannot be parsed.
-func StaleAfter(updatedAt string, maxAge time.Duration) bool <span class="cov5" title="2">{
-        t, err := time.Parse(time.RFC3339, updatedAt)
-        if err != nil </span><span class="cov1" title="1">{
-                return false
+        <span class="cov10" title="7">objectKey := uploadKeyFromObject(drsObject, rt.Scope.Bucket, rt.Scope.StoragePref)
+        rt.Logger.DebugContext(ctx, "uploading via data-client orchestrator",
+                "size", fileSize,
+                "path", filePath,
+                "threshold", multiPartThreshold,
+        )
+        forceMultipart := fileSize &gt;= multiPartThreshold
+        rt.Logger.DebugContext(ctx, "uploading via syfon transfer engine",
+                "did", drsObject.Id,
+                "size", fileSize,
+                "threshold", multiPartThreshold,
+                "forceMultipart", forceMultipart,
+        )
+        backend := uploadBackendForRuntime(rt)
+        if backend == nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("upload backend is required")
         }</span>
-        <span class="cov1" title="1">return time.Since(t) &gt; maxAge</span>
+        <span class="cov10" title="7">if strings.TrimSpace(rt.Scope.Organization) != "" &amp;&amp; strings.TrimSpace(rt.Scope.Project) != "" </span><span class="cov10" title="7">{
+                backend = &amp;scopedUploadURLBackend{MultipartBackend: backend, rt: rt}
+        }</span>
+        <span class="cov10" title="7">if forceMultipart </span><span class="cov0" title="0">{
+                if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, true); err != nil </span><span class="cov0" title="0">{
+                        return fmt.Errorf("upload error: %w", err)
+                }</span>
+                <span class="cov0" title="0">return nil</span>
+        }
+        <span class="cov10" title="7">if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, false); err != nil </span><span class="cov0" title="0">{
+                return fmt.Errorf("upload error: %w", err)
+        }</span>
+        <span class="cov10" title="7">return nil</span>
 }
 
-//
-// Filename / encoding helpers
-//
-
-// pathEntryFile returns the filesystem path to the JSON file for the given
-// repository-relative path within the Cache.PathsDir.
-func (c *Cache) pathEntryFile(path string) string <span class="cov5" title="2">{
-        return filepath.Join(c.PathsDir, EncodePath(path)+".json")
-}</span>
-
-// oidEntryFile returns the filesystem path to the JSON file for the given
-// LFS OID. Files are named by sha256(oid) to avoid filesystem restrictions.
-func (c *Cache) oidEntryFile(oid string) string <span class="cov10" title="4">{
-        sum := sha256.Sum256([]byte(oid))
-        return filepath.Join(c.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
-}</span>
+func resolveScopedUploadURL(rt *pushRuntime, ctx context.Context, backend transfer.MultipartBackend, did, objectKey string) (string, error) <span class="cov10" title="7">{
+        organization := strings.TrimSpace(rt.Scope.Organization)
+        project := strings.TrimSpace(rt.Scope.Project)
+        if organization == "" || project == "" </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("upload scope organization/project is required")
+        }</span>
 
-// EncodePath returns a filesystem-safe base64 raw-URL encoding for a path.
-// The encoding is reversible by DecodePath.
-func EncodePath(path string) string <span class="cov8" title="3">{
-        return base64.RawURLEncoding.EncodeToString([]byte(path))
-}</span>
+        <span class="cov10" title="7">if rt.API != nil &amp;&amp; rt.API.Client != nil &amp;&amp; rt.API.Client.Requestor() != nil </span><span class="cov1" title="1">{
+                query := url.Values{}
+                query.Set("organization", organization)
+                query.Set("project", project)
+                query.Set("file_name", objectKey)
+                var out internalapi.InternalSignedURL
+                if err := rt.API.Client.Requestor().Do(ctx, http.MethodGet, "/data/upload/"+url.PathEscape(did), nil, &amp;out, syrequest.WithQueryValues(query)); err != nil </span><span class="cov0" title="0">{
+                        return "", err
+                }</span>
+                <span class="cov1" title="1">if out.Url == nil || strings.TrimSpace(*out.Url) == "" </span><span class="cov0" title="0">{
+                        return "", fmt.Errorf("response missing URL")
+                }</span>
+                <span class="cov1" title="1">return *out.Url, nil</span>
+        }
 
-// DecodePath decodes a value produced by EncodePath back to the original path.
-// Returns an error if the input is not valid base64 raw-URL.
-func DecodePath(encoded string) (string, error) <span class="cov1" title="1">{
-        b, err := base64.RawURLEncoding.DecodeString(encoded)
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+        <span class="cov9" title="6">resolver, ok := backend.(interface {
+                ResolveUploadURL(context.Context, string, string, sycommon.FileMetadata, string) (string, error)
+        })
+        if !ok </span><span class="cov0" title="0">{
+                return "", fmt.Errorf("upload backend cannot resolve upload URLs")
         }</span>
-        <span class="cov1" title="1">return string(b), nil</span>
+        <span class="cov9" title="6">metadata := sycommon.FileMetadata{
+                Authorizations: map[string][]string{
+                        organization: {project},
+                },
+        }
+        return resolver.ResolveUploadURL(ctx, did, objectKey, metadata, "")</span>
 }
 
-//
-// Git helpers
-//
+func scopedUploadMetadata(rt *pushRuntime) sycommon.FileMetadata <span class="cov10" title="7">{
+        organization := strings.TrimSpace(rt.Scope.Organization)
+        project := strings.TrimSpace(rt.Scope.Project)
+        if organization == "" || project == "" </span><span class="cov0" title="0">{
+                return sycommon.FileMetadata{}
+        }</span>
+        <span class="cov10" title="7">return sycommon.FileMetadata{
+                Authorizations: map[string][]string{
+                        organization: {project},
+                },
+        }</span>
+}
 
-// gitRevParseGitDir runs `git rev-parse --git-dir` (and `--show-toplevel` if
-// necessary) to return an absolute path to the repository `.git` directory.
-// Returns an error when git fails or the result cannot be resolved.
-func gitRevParseGitDir(ctx context.Context) (string, error) <span class="cov1" title="1">{
-        out, err := git(ctx, "rev-parse", "--git-dir")
-        if err != nil </span><span class="cov0" title="0">{
-                return "", err
+func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error <span class="cov1" title="1">{
+        httpClient := http.DefaultClient
+        if cl != nil &amp;&amp; cl.Client != nil &amp;&amp; cl.Client.HTTPClient() != nil </span><span class="cov1" title="1">{
+                httpClient = cl.Client.HTTPClient()
         }</span>
-        <span class="cov1" title="1">gitDir := strings.TrimSpace(string(out))
-        if gitDir == "" </span><span class="cov0" title="0">{
-                return "", errors.New("could not determine .git dir")
+        <span class="cov1" title="1">return func(ctx context.Context, rawURL string) error </span><span class="cov0" title="0">{
+                return probeDownloadURL(ctx, httpClient, rawURL)
         }</span>
-        <span class="cov1" title="1">if !filepath.IsAbs(gitDir) </span><span class="cov1" title="1">{
-                rootOut, err := git(ctx, "rev-parse", "--show-toplevel")
-                if err != nil </span><span class="cov0" title="0">{
-                        return "", err
-                }</span>
-                <span class="cov1" title="1">root := strings.TrimSpace(string(rootOut))
-                gitDir = filepath.Join(root, gitDir)</span>
-        }
-        <span class="cov1" title="1">return gitDir, nil</span>
 }
 
-// git executes a git command and returns combined output. If git exits with
-// a non-zero status the returned error includes the command and stderr/stdout.
-func git(ctx context.Context, args ...string) ([]byte, error) <span class="cov5" title="2">{
-        cmd := exec.CommandContext(ctx, "git", args...)
-        cmd.Env = os.Environ()
-        out, err := cmd.CombinedOutput()
+func probeDownloadURL(ctx context.Context, httpClient *http.Client, rawURL string) error <span class="cov0" title="0">{
+        req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil)
         if err != nil </span><span class="cov0" title="0">{
-                return nil, fmt.Errorf(
-                        "git %s: %s",
-                        strings.Join(args, " "),
-                        strings.TrimSpace(string(out)),
-                )
+                return err
         }</span>
-        <span class="cov5" title="2">return out, nil</span>
+        <span class="cov0" title="0">req.Header.Set("Range", "bytes=0-0")
+        if httpClient == nil </span><span class="cov0" title="0">{
+                httpClient = http.DefaultClient
+        }</span>
+        <span class="cov0" title="0">resp, err := httpClient.Do(req)
+        if err != nil </span><span class="cov0" title="0">{
+                return err
+        }</span>
+        <span class="cov0" title="0">defer resp.Body.Close()
+        if resp.StatusCode &gt;= 400 </span><span class="cov0" title="0">{
+                return fmt.Errorf("download probe failed with status %d", resp.StatusCode)
+        }</span>
+        <span class="cov0" title="0">return nil</span>
 }
 </pre>
 		
-		<pre class="file" id="file54" style="display: none">// Package version reports the Git-DRS version.
+		<pre class="file" id="file67" style="display: none">// Package version reports the Git-DRS version.
 package version
 
 import "fmt"
diff --git a/coverage/combined.out b/coverage/combined.out
index 73a84998..c49dae6f 100644
--- a/coverage/combined.out
+++ b/coverage/combined.out
@@ -11,6 +11,257 @@ github.com/calypr/git-drs/cmd/addref/add-ref.go:49.3,51.25 3 0
 github.com/calypr/git-drs/cmd/addref/add-ref.go:51.25,54.4 1 0
 github.com/calypr/git-drs/cmd/addref/add-ref.go:56.3,57.13 2 0
 github.com/calypr/git-drs/cmd/addref/add-ref.go:61.13,63.2 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:80.63,82.2 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:84.118,86.21 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:86.21,88.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:89.2,89.20 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:89.20,91.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:92.2,92.29 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:92.29,94.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:95.2,95.26 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:95.26,97.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:98.2,98.21 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:98.21,100.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:101.2,101.20 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:101.20,103.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:104.2,105.114 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:105.114,107.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:108.2,108.17 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:111.95,113.98 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:113.98,115.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:116.2,116.17 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:119.104,121.128 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:121.128,123.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:124.2,124.17 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:127.115,129.87 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:129.87,131.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:132.2,132.17 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:140.54,143.17 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:143.17,145.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:147.3,150.21 4 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:150.21,153.4 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:153.9,157.4 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:159.3,160.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:160.17,162.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:163.3,163.44 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:163.44,165.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:166.3,167.37 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:167.37,169.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:171.3,172.20 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:172.20,174.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:176.3,177.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:177.17,179.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:181.3,182.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:182.17,184.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:185.3,186.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:186.17,188.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:190.3,200.17 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:200.17,202.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:204.3,215.13 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:219.13,222.2 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:224.56,226.15 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:226.15,228.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:229.2,230.21 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:230.21,232.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:233.2,235.32 3 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:235.32,237.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:238.2,238.26 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:241.178,242.20 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:242.20,244.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:246.2,249.16 4 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:249.16,251.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:252.2,255.59 3 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:255.59,257.25 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:257.25,259.4 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:260.3,263.17 4 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:263.17,265.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:266.3,270.23 4 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:270.23,272.18 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:272.18,274.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:275.4,275.27 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:275.27,277.5 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:277.10,279.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:281.3,292.20 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:292.20,303.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:306.2,306.19 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:309.135,311.16 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:311.16,313.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:314.2,314.20 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:314.20,316.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:318.2,321.6 4 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:321.6,327.17 3 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:327.17,329.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:330.3,331.30 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:331.30,333.4 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:334.3,334.24 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:334.24,335.9 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:337.3,337.31 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:337.31,338.49 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:338.49,339.13 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:341.4,342.17 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:342.17,343.13 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:345.4,345.30 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:345.30,346.13 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:348.4,349.26 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:351.3,351.31 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:351.31,352.9 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:354.3,354.9 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:356.2,356.17 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:359.70,360.33 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:360.33,362.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:363.2,363.50 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:363.50,364.47 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:364.47,366.4 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:368.2,368.14 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:371.140,373.22 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:373.22,375.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:377.2,380.29 4 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:380.29,382.16 2 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:382.16,383.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:385.3,386.46 2 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:386.46,388.44 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:388.44,391.5 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:395.2,396.16 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:396.16,398.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:399.2,400.31 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:400.31,402.3 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:404.2,405.26 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:405.26,407.17 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:407.17,409.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:410.3,410.37 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:410.37,412.17 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:412.17,413.13 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:415.4,415.77 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:419.2,422.29 4 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:422.29,424.17 2 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:424.17,426.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:427.3,427.13 1 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:427.13,430.12 3 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:433.3,435.51 3 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:435.51,437.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:438.3,439.14 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:439.14,440.47 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:440.47,442.5 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:443.4,444.19 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:445.9,447.4 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:450.2,451.34 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:451.34,453.3 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:454.2,455.24 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:458.151,460.15 2 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:460.15,462.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:463.2,463.42 1 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:463.42,465.3 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:467.2,468.15 2 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:468.15,470.3 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:471.2,472.22 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:473.9,474.34 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:475.9,476.31 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:477.10,479.33 2 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:479.33,480.54 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:480.54,482.5 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:484.3,484.150 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:488.46,489.23 1 11
+github.com/calypr/git-drs/cmd/copyrecords/main.go:489.23,491.3 1 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:492.2,492.51 1 5
+github.com/calypr/git-drs/cmd/copyrecords/main.go:495.64,496.23 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:496.23,498.3 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:499.2,501.30 3 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:501.30,503.16 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:503.16,504.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:506.3,506.29 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:506.29,507.12 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:509.3,510.25 2 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:512.2,512.12 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:515.94,519.27 3 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:519.27,520.55 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:520.55,523.4 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:524.3,524.63 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:524.63,527.4 2 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:530.2,531.69 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:531.69,534.3 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:536.2,537.69 2 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:537.69,540.3 2 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:542.2,542.24 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:545.56,548.48 3 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:548.48,549.18 1 8
+github.com/calypr/git-drs/cmd/copyrecords/main.go:549.18,550.12 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:552.3,552.29 1 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:552.29,554.17 2 7
+github.com/calypr/git-drs/cmd/copyrecords/main.go:554.17,555.13 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:557.4,557.30 1 7
+github.com/calypr/git-drs/cmd/copyrecords/main.go:557.30,558.13 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:560.4,561.26 2 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:564.2,564.19 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:564.19,566.3 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:567.2,567.13 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:570.84,573.61 3 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:573.61,574.18 1 8
+github.com/calypr/git-drs/cmd/copyrecords/main.go:574.18,575.12 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:577.3,577.32 1 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:577.32,579.30 2 7
+github.com/calypr/git-drs/cmd/copyrecords/main.go:579.30,580.13 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:582.4,583.29 2 6
+github.com/calypr/git-drs/cmd/copyrecords/main.go:586.2,586.19 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:586.19,588.3 1 1
+github.com/calypr/git-drs/cmd/copyrecords/main.go:589.2,589.13 1 3
+github.com/calypr/git-drs/cmd/copyrecords/main.go:592.63,594.16 2 7
+github.com/calypr/git-drs/cmd/copyrecords/main.go:594.16,596.3 1 0
+github.com/calypr/git-drs/cmd/copyrecords/main.go:597.2,597.18 1 7
+github.com/calypr/git-drs/cmd/copyrecords/main.go:600.47,602.2 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:604.50,606.2 1 2
+github.com/calypr/git-drs/cmd/copyrecords/main.go:608.66,610.2 1 4
+github.com/calypr/git-drs/cmd/copyrecords/main.go:612.31,616.2 3 10
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:24.54,25.21 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:25.21,27.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:28.3,28.18 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:29.32,30.14 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:31.11,32.56 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:35.54,37.22 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:37.22,40.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:42.3,43.17 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:43.17,45.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:47.3,49.17 3 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:49.17,51.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:52.3,52.49 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:52.49,54.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:57.3,57.120 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:57.120,61.4 3 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:63.3,65.109 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:65.109,67.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:70.3,72.17 3 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:72.17,73.19 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:73.19,75.5 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:76.4,79.24 4 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:79.24,82.5 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:85.3,85.18 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:85.18,87.4 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:90.3,94.13 3 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:104.69,107.15 3 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:107.15,109.17 2 4
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:109.17,110.9 1 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:112.3,113.22 2 3
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:113.22,114.12 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:116.3,118.14 3 3
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:119.19,120.22 1 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:121.15,122.18 1 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:123.15,124.18 1 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:127.2,127.21 1 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:130.46,132.16 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:132.16,134.3 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:135.2,136.22 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:136.22,138.3 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:139.2,140.16 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:140.16,142.3 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:143.2,144.20 2 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:144.20,146.3 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:147.2,147.34 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:150.78,151.39 1 4
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:151.39,153.3 1 1
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:155.2,156.16 2 3
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:156.16,158.3 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:159.2,159.42 1 3
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:159.42,161.3 1 0
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:163.2,163.49 1 3
 github.com/calypr/git-drs/cmd/bucket/main.go:53.69,55.15 2 7
 github.com/calypr/git-drs/cmd/bucket/main.go:55.15,57.3 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:58.2,59.16 2 7
@@ -92,50 +343,50 @@ github.com/calypr/git-drs/cmd/bucket/main.go:244.71,246.4 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:248.2,248.17 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:248.17,249.58 1 0
 github.com/calypr/git-drs/cmd/bucket/main.go:249.58,251.19 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:251.19,252.117 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:252.117,255.6 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:259.2,259.17 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:259.17,261.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:263.2,264.20 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:264.20,267.17 3 0
-github.com/calypr/git-drs/cmd/bucket/main.go:267.17,269.4 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:270.3,270.41 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:272.2,272.20 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:272.20,274.17 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:274.17,276.4 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:277.3,277.39 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:279.2,279.20 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:279.20,281.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:282.2,282.53 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:285.102,286.52 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:286.52,290.3 3 0
-github.com/calypr/git-drs/cmd/bucket/main.go:292.2,293.16 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:293.16,295.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:296.2,297.16 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:297.16,299.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:300.2,306.16 6 0
-github.com/calypr/git-drs/cmd/bucket/main.go:306.16,308.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:309.2,311.79 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:311.79,313.60 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:313.60,315.4 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:316.3,316.87 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:318.2,318.12 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:321.117,322.52 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:322.52,326.3 3 0
-github.com/calypr/git-drs/cmd/bucket/main.go:328.2,329.16 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:329.16,331.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:332.2,333.16 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:333.16,335.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:336.2,342.16 6 0
-github.com/calypr/git-drs/cmd/bucket/main.go:342.16,344.3 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:345.2,347.79 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:347.79,349.60 2 0
-github.com/calypr/git-drs/cmd/bucket/main.go:349.60,351.4 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:352.3,352.75 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:354.2,354.12 1 0
-github.com/calypr/git-drs/cmd/bucket/main.go:357.13,367.79 9 1
-github.com/calypr/git-drs/cmd/bucket/main.go:367.79,375.3 7 2
-github.com/calypr/git-drs/cmd/bucket/main.go:377.2,379.31 3 1
+github.com/calypr/git-drs/cmd/bucket/main.go:251.19,255.25 4 0
+github.com/calypr/git-drs/cmd/bucket/main.go:255.25,258.6 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:262.2,262.17 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:262.17,264.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:266.2,267.20 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:267.20,270.17 3 0
+github.com/calypr/git-drs/cmd/bucket/main.go:270.17,272.4 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:273.3,273.41 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:275.2,275.20 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:275.20,277.17 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:277.17,279.4 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:280.3,280.39 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:282.2,282.20 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:282.20,284.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:285.2,285.53 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:288.102,289.52 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:289.52,293.3 3 0
+github.com/calypr/git-drs/cmd/bucket/main.go:295.2,296.16 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:296.16,298.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:299.2,300.16 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:300.16,302.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:303.2,309.16 6 0
+github.com/calypr/git-drs/cmd/bucket/main.go:309.16,311.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:312.2,314.79 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:314.79,316.60 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:316.60,318.4 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:319.3,319.87 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:321.2,321.12 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:324.117,325.52 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:325.52,329.3 3 0
+github.com/calypr/git-drs/cmd/bucket/main.go:331.2,332.16 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:332.16,334.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:335.2,336.16 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:336.16,338.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:339.2,345.16 6 0
+github.com/calypr/git-drs/cmd/bucket/main.go:345.16,347.3 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:348.2,350.79 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:350.79,352.60 2 0
+github.com/calypr/git-drs/cmd/bucket/main.go:352.60,354.4 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:355.3,355.75 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:357.2,357.12 1 0
+github.com/calypr/git-drs/cmd/bucket/main.go:360.13,370.79 9 1
+github.com/calypr/git-drs/cmd/bucket/main.go:370.79,378.3 7 2
+github.com/calypr/git-drs/cmd/bucket/main.go:380.2,382.31 3 1
 github.com/calypr/git-drs/cmd/install/main.go:17.34,23.55 1 2
 github.com/calypr/git-drs/cmd/install/main.go:23.55,24.22 1 1
 github.com/calypr/git-drs/cmd/install/main.go:24.22,27.5 2 1
@@ -150,211 +401,1476 @@ github.com/calypr/git-drs/cmd/install/main.go:59.16,61.20 2 0
 github.com/calypr/git-drs/cmd/install/main.go:61.20,63.4 1 0
 github.com/calypr/git-drs/cmd/install/main.go:64.3,64.84 1 0
 github.com/calypr/git-drs/cmd/install/main.go:66.2,66.12 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:23.54,24.21 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:24.21,26.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:27.3,27.18 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:28.32,29.14 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:30.11,31.56 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:34.54,36.22 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:36.22,39.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:41.3,42.17 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:42.17,44.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:46.3,48.17 3 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:48.17,50.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:51.3,51.49 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:51.49,53.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:56.3,56.120 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:56.120,60.4 3 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:62.3,64.109 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:64.109,66.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:69.3,71.17 3 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:71.17,72.19 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:72.19,74.5 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:75.4,75.102 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:75.102,78.20 3 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:78.20,80.6 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:84.3,84.18 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:84.18,86.4 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:89.3,93.13 3 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:103.69,106.15 3 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:106.15,108.17 2 4
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:108.17,109.9 1 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:111.3,112.22 2 3
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:112.22,113.12 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:115.3,117.14 3 3
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:118.19,119.22 1 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:120.15,121.18 1 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:122.15,123.18 1 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:126.2,126.21 1 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:129.46,131.16 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:131.16,133.3 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:134.2,135.22 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:135.22,137.3 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:138.2,139.16 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:139.16,141.3 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:142.2,143.20 2 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:143.20,145.3 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:146.2,146.34 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:149.78,150.39 1 4
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:150.39,152.3 1 1
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:154.2,155.16 2 3
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:155.16,157.3 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:158.2,158.42 1 3
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:158.42,160.3 1 0
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:162.2,162.49 1 3
-github.com/calypr/git-drs/cmd/precommit/main.go:76.54,78.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:81.13,83.33 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:83.33,88.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:91.37,93.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:93.16,95.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:97.2,102.53 5 0
-github.com/calypr/git-drs/cmd/precommit/main.go:102.53,104.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:105.2,105.52 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:105.52,107.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:108.2,111.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:111.16,113.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:114.2,114.23 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:114.23,116.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:118.2,122.29 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:122.29,123.28 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:123.28,124.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:129.3,130.17 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:130.17,132.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:135.3,138.15 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:138.15,140.106 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:140.106,142.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:145.4,149.19 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:149.19,151.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:154.4,154.99 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:154.99,156.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:157.9,160.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:164.2,164.29 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:164.29,165.18 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:166.28,167.80 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:167.80,169.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:170.19,172.80 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:172.80,174.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:177.19,178.90 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:178.90,180.5 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:184.2,184.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:187.83,189.16 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:189.16,192.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:193.2,193.12 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:193.12,196.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:198.2,203.49 4 1
-github.com/calypr/git-drs/cmd/precommit/main.go:203.49,205.43 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:205.43,207.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:211.2,215.17 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:215.17,217.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:220.2,221.89 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:221.89,223.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:226.2,226.20 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:226.20,228.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:230.2,230.12 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:233.93,237.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:237.16,240.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:241.2,242.47 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:242.47,246.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:248.2,251.21 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:251.21,253.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:256.2,262.12 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:272.59,274.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:274.16,276.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:277.2,279.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:279.16,281.36 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:281.36,282.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:284.3,285.21 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:285.21,286.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:288.3,289.10 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:290.22,291.87 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:292.22,293.90 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:294.22,295.90 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:296.58,297.109 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:298.11,298.11 0 0
-github.com/calypr/git-drs/cmd/precommit/main.go:302.2,302.33 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:302.33,304.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:305.2,305.21 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:310.75,312.16 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:312.16,315.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:319.2,323.16 4 2
-github.com/calypr/git-drs/cmd/precommit/main.go:323.16,325.26 2 3
-github.com/calypr/git-drs/cmd/precommit/main.go:325.26,327.12 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:329.3,329.45 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:329.45,332.17 3 1
-github.com/calypr/git-drs/cmd/precommit/main.go:332.17,334.5 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:338.3,338.27 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:338.27,339.9 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:342.2,342.33 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:342.33,344.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:346.2,346.26 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:346.26,348.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:349.2,349.23 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:352.61,354.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:354.16,356.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:357.2,358.18 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:358.18,360.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:362.2,362.29 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:362.29,364.17 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:364.17,366.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:367.3,368.39 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:370.2,370.20 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:373.63,379.34 6 2
-github.com/calypr/git-drs/cmd/precommit/main.go:379.34,382.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:382.16,384.4 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:385.3,385.69 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:387.2,387.28 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:392.50,394.2 1 3
-github.com/calypr/git-drs/cmd/precommit/main.go:396.37,399.2 1 3
-github.com/calypr/git-drs/cmd/precommit/main.go:401.47,406.2 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:414.97,422.42 3 1
-github.com/calypr/git-drs/cmd/precommit/main.go:422.42,426.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:428.2,429.32 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:429.32,431.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:433.2,433.19 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:433.19,435.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:436.2,436.19 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:436.19,438.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:440.2,444.34 4 1
-github.com/calypr/git-drs/cmd/precommit/main.go:447.58,451.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:451.16,453.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:454.2,455.50 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:455.50,457.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:458.2,459.32 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:459.32,460.16 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:460.16,461.12 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:463.3,463.24 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:465.2,472.34 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:475.49,477.19 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:477.19,479.3 1 1
-github.com/calypr/git-drs/cmd/precommit/main.go:480.2,481.12 2 1
-github.com/calypr/git-drs/cmd/precommit/main.go:486.48,488.48 2 2
-github.com/calypr/git-drs/cmd/precommit/main.go:488.48,490.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:492.2,494.16 3 2
-github.com/calypr/git-drs/cmd/precommit/main.go:494.16,496.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:497.2,497.15 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:497.15,497.32 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:499.2,501.38 3 2
-github.com/calypr/git-drs/cmd/precommit/main.go:501.38,504.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:505.2,505.33 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:505.33,508.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:509.2,509.34 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:509.34,512.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:513.2,513.29 1 2
-github.com/calypr/git-drs/cmd/precommit/main.go:516.48,518.62 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:518.62,520.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:522.2,522.44 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:522.44,524.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:524.8,524.43 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:524.43,526.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:528.2,529.16 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:529.16,531.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:532.2,535.16 3 0
-github.com/calypr/git-drs/cmd/precommit/main.go:535.16,537.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:539.2,539.44 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:539.44,542.3 2 0
-github.com/calypr/git-drs/cmd/precommit/main.go:543.2,543.36 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:543.36,545.3 1 0
-github.com/calypr/git-drs/cmd/precommit/main.go:546.2,546.23 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:31.81,31.120 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:32.116,34.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:35.143,36.25 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:36.25,38.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:39.3,39.50 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:58.68,59.44 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:59.44,61.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:63.2,65.16 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:65.16,67.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:69.2,71.29 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:71.29,73.51 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:73.51,74.12 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:76.3,76.27 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:78.2,79.18 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:82.48,85.16 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:85.16,87.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:89.2,91.29 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:91.29,93.17 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:93.17,94.12 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:96.3,96.34 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:98.2,99.21 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:102.43,104.30 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:104.30,105.60 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:105.60,107.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:110.2,111.37 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:111.37,113.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:114.2,114.33 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:114.33,115.30 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:115.30,117.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:119.2,119.23 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:119.23,121.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:122.2,122.11 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:125.130,129.16 3 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:129.16,131.17 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:131.17,133.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:135.3,136.17 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:136.17,139.4 2 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:141.3,142.17 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:142.17,144.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:147.2,151.44 2 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:151.44,153.17 2 3
+github.com/calypr/git-drs/cmd/lsfiles/main.go:153.17,155.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:158.2,159.16 2 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:159.16,161.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:162.2,162.66 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:162.66,164.27 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:164.27,166.18 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:166.18,168.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:169.4,169.21 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:169.21,171.19 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:171.19,173.6 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:178.2,179.29 2 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:179.29,181.3 1 9
+github.com/calypr/git-drs/cmd/lsfiles/main.go:182.2,187.16 5 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:187.16,190.29 3 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:190.29,191.44 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:191.44,192.13 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:194.4,195.17 2 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:195.17,196.13 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:198.4,198.42 1 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:198.42,199.13 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:201.4,202.28 2 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:204.3,204.83 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:206.2,206.28 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:206.28,207.43 1 9
+github.com/calypr/git-drs/cmd/lsfiles/main.go:207.43,208.12 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:210.3,218.20 4 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:218.20,220.4 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:222.3,222.17 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:222.17,223.11 1 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:224.29,225.38 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:226.12,228.26 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:228.26,230.11 2 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:232.5,234.33 3 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:234.33,236.6 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:237.5,237.47 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:241.3,241.27 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:244.2,244.18 1 5
+github.com/calypr/git-drs/cmd/lsfiles/main.go:247.58,248.16 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:248.16,252.3 3 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:253.2,253.27 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:253.27,254.10 1 4
+github.com/calypr/git-drs/cmd/lsfiles/main.go:255.17,256.71 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:256.71,258.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:259.18,261.16 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:261.16,263.5 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:264.4,265.20 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:265.20,267.5 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:268.4,268.113 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:268.113,270.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:271.11,273.16 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:273.16,275.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:276.4,276.101 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:276.101,278.5 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:281.2,281.12 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:284.34,285.20 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:285.20,287.3 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:288.2,288.17 1 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:291.36,293.16 2 8
+github.com/calypr/git-drs/cmd/lsfiles/main.go:293.16,295.3 1 6
+github.com/calypr/git-drs/cmd/lsfiles/main.go:296.2,297.12 2 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:300.34,301.28 1 2
+github.com/calypr/git-drs/cmd/lsfiles/main.go:301.28,303.3 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:304.2,304.26 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:304.26,306.3 1 1
+github.com/calypr/git-drs/cmd/lsfiles/main.go:307.2,307.12 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:315.54,316.47 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:316.47,318.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:319.3,322.17 4 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:322.17,324.4 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:325.3,325.30 1 0
+github.com/calypr/git-drs/cmd/lsfiles/main.go:329.13,337.2 7 1
+github.com/calypr/git-drs/cmd/query/main.go:21.111,23.50 2 0
+github.com/calypr/git-drs/cmd/query/main.go:23.50,25.3 1 0
+github.com/calypr/git-drs/cmd/query/main.go:26.2,26.59 1 0
+github.com/calypr/git-drs/cmd/query/main.go:29.47,30.37 1 5
+github.com/calypr/git-drs/cmd/query/main.go:31.10,32.15 1 1
+github.com/calypr/git-drs/cmd/query/main.go:33.10,34.16 1 1
+github.com/calypr/git-drs/cmd/query/main.go:35.10,36.18 1 1
+github.com/calypr/git-drs/cmd/query/main.go:37.11,38.18 1 1
+github.com/calypr/git-drs/cmd/query/main.go:39.10,40.49 1 1
+github.com/calypr/git-drs/cmd/query/main.go:49.54,50.21 1 0
+github.com/calypr/git-drs/cmd/query/main.go:50.21,53.4 2 0
+github.com/calypr/git-drs/cmd/query/main.go:54.3,54.13 1 0
+github.com/calypr/git-drs/cmd/query/main.go:56.54,60.17 3 0
+github.com/calypr/git-drs/cmd/query/main.go:60.17,62.4 1 0
+github.com/calypr/git-drs/cmd/query/main.go:64.3,65.17 2 0
+github.com/calypr/git-drs/cmd/query/main.go:65.17,68.4 2 0
+github.com/calypr/git-drs/cmd/query/main.go:70.3,71.17 2 0
+github.com/calypr/git-drs/cmd/query/main.go:71.17,73.4 1 0
+github.com/calypr/git-drs/cmd/query/main.go:75.3,75.15 1 0
+github.com/calypr/git-drs/cmd/query/main.go:75.15,77.18 2 0
+github.com/calypr/git-drs/cmd/query/main.go:77.18,79.5 1 0
+github.com/calypr/git-drs/cmd/query/main.go:80.4,80.32 1 0
+github.com/calypr/git-drs/cmd/query/main.go:80.32,81.65 1 0
+github.com/calypr/git-drs/cmd/query/main.go:81.65,83.6 1 0
+github.com/calypr/git-drs/cmd/query/main.go:85.4,85.14 1 0
+github.com/calypr/git-drs/cmd/query/main.go:88.3,89.17 2 0
+github.com/calypr/git-drs/cmd/query/main.go:89.17,91.4 1 0
+github.com/calypr/git-drs/cmd/query/main.go:92.3,92.44 1 0
+github.com/calypr/git-drs/cmd/query/main.go:96.13,100.2 3 1
+github.com/calypr/git-drs/cmd/pull/main.go:30.81,30.120 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:31.116,33.3 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:41.54,42.20 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:42.20,45.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:46.3,46.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:48.54,52.17 3 1
+github.com/calypr/git-drs/cmd/pull/main.go:52.17,54.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:56.3,57.20 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:57.20,59.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:59.9,61.18 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:61.18,64.5 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:67.3,68.17 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:68.17,71.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:73.3,74.17 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:74.17,76.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:77.3,78.25 2 1
+github.com/calypr/git-drs/cmd/pull/main.go:78.25,81.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:83.3,87.13 4 1
+github.com/calypr/git-drs/cmd/pull/main.go:87.13,88.31 1 1
+github.com/calypr/git-drs/cmd/pull/main.go:88.31,89.70 1 1
+github.com/calypr/git-drs/cmd/pull/main.go:89.70,91.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:93.4,93.14 1 1
+github.com/calypr/git-drs/cmd/pull/main.go:96.3,99.30 4 0
+github.com/calypr/git-drs/cmd/pull/main.go:99.30,101.18 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:101.18,103.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:104.4,104.48 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:104.48,105.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:106.10,106.34 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:106.34,108.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:109.4,109.43 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:109.43,110.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:112.4,113.44 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:116.3,116.27 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:116.27,118.36 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:118.36,120.37 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:120.37,121.14 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:123.5,123.30 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:125.4,125.27 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:125.27,127.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:127.10,129.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:131.4,132.27 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:132.27,134.36 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:134.36,136.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:137.5,137.94 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:137.94,140.6 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:140.11,142.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:144.4,144.31 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:144.31,146.19 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:146.19,148.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:149.5,149.47 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:149.47,150.14 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:151.11,151.35 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:151.35,153.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:154.5,156.41 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:156.41,157.55 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:157.55,159.126 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:159.126,162.8 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:163.7,163.15 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:166.5,166.100 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:166.100,169.6 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:171.9,173.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:175.3,175.69 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:175.69,177.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:179.3,179.13 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:189.97,191.30 2 2
+github.com/calypr/git-drs/cmd/pull/main.go:191.30,192.43 1 5
+github.com/calypr/git-drs/cmd/pull/main.go:192.43,193.12 1 2
+github.com/calypr/git-drs/cmd/pull/main.go:195.3,195.28 1 3
+github.com/calypr/git-drs/cmd/pull/main.go:197.2,200.28 3 2
+github.com/calypr/git-drs/cmd/pull/main.go:200.28,203.3 2 3
+github.com/calypr/git-drs/cmd/pull/main.go:204.2,204.14 1 2
+github.com/calypr/git-drs/cmd/pull/main.go:207.119,209.74 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:209.74,210.29 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:210.29,212.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:213.3,214.13 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:218.89,219.26 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:219.26,220.72 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:220.72,221.12 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:223.3,224.17 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:224.17,226.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:227.3,228.17 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:228.17,230.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:231.3,232.46 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:232.46,233.50 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:233.50,236.5 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:238.3,239.17 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:239.17,242.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:243.3,243.46 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:243.46,247.4 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:248.3,248.37 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:248.37,251.4 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:252.3,252.37 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:252.37,254.4 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:255.3,255.26 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:257.2,257.12 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:260.103,262.16 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:262.16,264.3 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:265.2,265.20 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:265.20,267.3 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:269.2,272.32 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:272.32,274.43 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:274.43,277.27 3 0
+github.com/calypr/git-drs/cmd/pull/main.go:277.27,279.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:280.4,280.20 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:280.20,281.63 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:281.63,283.6 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:285.4,286.26 2 0
+github.com/calypr/git-drs/cmd/pull/main.go:286.26,288.5 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:289.4,289.124 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:292.2,292.138 1 0
+github.com/calypr/git-drs/cmd/pull/main.go:295.13,298.2 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:35.67,40.2 1 4
+github.com/calypr/git-drs/cmd/pull/progress.go:42.40,44.2 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:46.51,48.33 2 14
+github.com/calypr/git-drs/cmd/pull/progress.go:48.33,50.18 2 20
+github.com/calypr/git-drs/cmd/pull/progress.go:50.18,51.12 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:53.3,53.44 1 20
+github.com/calypr/git-drs/cmd/pull/progress.go:55.2,55.29 1 14
+github.com/calypr/git-drs/cmd/pull/progress.go:58.60,62.29 4 4
+github.com/calypr/git-drs/cmd/pull/progress.go:62.29,69.3 2 5
+github.com/calypr/git-drs/cmd/pull/progress.go:70.2,70.15 1 4
+github.com/calypr/git-drs/cmd/pull/progress.go:70.15,72.3 1 4
+github.com/calypr/git-drs/cmd/pull/progress.go:75.66,76.16 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:76.16,78.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:79.2,80.9 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:80.9,82.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:83.2,84.19 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:84.19,86.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:87.2,88.17 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:91.93,92.16 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:92.16,94.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:95.2,96.9 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:96.9,98.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:99.2,99.15 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:99.15,101.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:102.2,102.31 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:102.31,104.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:105.2,106.17 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:109.66,110.16 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:110.16,112.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:113.2,114.9 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:114.9,116.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:117.2,118.38 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:118.38,120.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:121.2,121.17 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:124.62,125.16 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:125.16,127.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:128.2,129.9 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:129.9,131.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:132.2,132.38 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:132.38,134.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:135.2,135.20 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:135.20,137.3 1 3
+github.com/calypr/git-drs/cmd/pull/progress.go:138.2,139.17 2 3
+github.com/calypr/git-drs/cmd/pull/progress.go:142.41,143.16 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:143.16,145.3 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:146.2,147.33 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:147.33,149.18 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:149.18,150.12 1 0
+github.com/calypr/git-drs/cmd/pull/progress.go:152.3,152.44 1 1
+github.com/calypr/git-drs/cmd/pull/progress.go:154.2,155.19 2 1
+github.com/calypr/git-drs/cmd/pull/progress.go:158.74,160.36 2 21
+github.com/calypr/git-drs/cmd/pull/progress.go:160.36,162.3 1 21
+github.com/calypr/git-drs/cmd/pull/progress.go:164.2,165.17 2 21
+github.com/calypr/git-drs/cmd/pull/progress.go:165.17,166.21 1 21
+github.com/calypr/git-drs/cmd/pull/progress.go:167.57,168.55 1 7
+github.com/calypr/git-drs/cmd/pull/progress.go:168.55,170.5 1 6
+github.com/calypr/git-drs/cmd/pull/progress.go:174.2,176.17 3 21
+github.com/calypr/git-drs/cmd/pull/progress.go:176.17,179.3 2 21
+github.com/calypr/git-drs/cmd/pull/progress.go:180.2,184.74 4 21
+github.com/calypr/git-drs/cmd/untrack/main.go:15.34,28.2 4 3
+github.com/calypr/git-drs/cmd/untrack/main.go:30.58,32.16 2 1
+github.com/calypr/git-drs/cmd/untrack/main.go:32.16,34.3 1 0
+github.com/calypr/git-drs/cmd/untrack/main.go:35.2,36.16 2 1
+github.com/calypr/git-drs/cmd/untrack/main.go:36.16,38.3 1 0
+github.com/calypr/git-drs/cmd/untrack/main.go:40.2,41.16 2 1
+github.com/calypr/git-drs/cmd/untrack/main.go:41.16,43.3 1 0
+github.com/calypr/git-drs/cmd/untrack/main.go:45.2,46.16 2 1
+github.com/calypr/git-drs/cmd/untrack/main.go:46.16,48.3 1 0
+github.com/calypr/git-drs/cmd/untrack/main.go:50.2,50.15 1 1
+github.com/calypr/git-drs/cmd/untrack/main.go:50.15,52.3 1 1
+github.com/calypr/git-drs/cmd/untrack/main.go:53.2,53.12 1 1
+github.com/calypr/git-drs/cmd/track/main.go:18.34,31.2 4 3
+github.com/calypr/git-drs/cmd/track/main.go:33.56,35.16 2 2
+github.com/calypr/git-drs/cmd/track/main.go:35.16,37.3 1 0
+github.com/calypr/git-drs/cmd/track/main.go:38.2,39.16 2 2
+github.com/calypr/git-drs/cmd/track/main.go:39.16,41.3 1 0
+github.com/calypr/git-drs/cmd/track/main.go:43.2,44.16 2 2
+github.com/calypr/git-drs/cmd/track/main.go:44.16,46.3 1 0
+github.com/calypr/git-drs/cmd/track/main.go:48.2,49.20 2 2
+github.com/calypr/git-drs/cmd/track/main.go:49.20,51.3 1 1
+github.com/calypr/git-drs/cmd/track/main.go:51.8,53.3 1 1
+github.com/calypr/git-drs/cmd/track/main.go:54.2,54.16 1 2
+github.com/calypr/git-drs/cmd/track/main.go:54.16,56.3 1 0
+github.com/calypr/git-drs/cmd/track/main.go:58.2,58.15 1 2
+github.com/calypr/git-drs/cmd/track/main.go:58.15,60.3 1 2
+github.com/calypr/git-drs/cmd/track/main.go:61.2,61.12 1 2
+github.com/calypr/git-drs/internal/common/common.go:18.60,19.15 1 3
+github.com/calypr/git-drs/internal/common/common.go:19.15,21.3 1 1
+github.com/calypr/git-drs/internal/common/common.go:22.2,22.19 1 2
+github.com/calypr/git-drs/internal/common/common.go:22.19,24.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:25.2,25.37 1 2
+github.com/calypr/git-drs/internal/common/common.go:25.37,27.3 1 1
+github.com/calypr/git-drs/internal/common/common.go:28.2,29.27 2 1
+github.com/calypr/git-drs/internal/common/common.go:33.55,35.16 2 2
+github.com/calypr/git-drs/internal/common/common.go:35.16,37.3 1 1
+github.com/calypr/git-drs/internal/common/common.go:38.2,41.41 3 1
+github.com/calypr/git-drs/internal/common/common.go:41.41,43.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:45.2,45.44 1 1
+github.com/calypr/git-drs/internal/common/common.go:49.62,53.12 3 0
+github.com/calypr/git-drs/internal/common/common.go:53.12,55.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:55.8,57.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:58.2,58.16 1 0
+github.com/calypr/git-drs/internal/common/common.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/common/common.go:62.2,63.12 2 0
+github.com/calypr/git-drs/internal/common/confirmation.go:14.107,19.16 4 2
+github.com/calypr/git-drs/internal/common/confirmation.go:19.16,21.3 1 0
+github.com/calypr/git-drs/internal/common/confirmation.go:23.2,24.20 2 2
+github.com/calypr/git-drs/internal/common/confirmation.go:24.20,27.3 2 1
+github.com/calypr/git-drs/internal/common/confirmation.go:29.2,29.34 1 2
+github.com/calypr/git-drs/internal/common/confirmation.go:29.34,31.3 1 1
+github.com/calypr/git-drs/internal/common/confirmation.go:33.2,33.12 1 1
+github.com/calypr/git-drs/internal/common/confirmation.go:37.58,39.2 1 1
+github.com/calypr/git-drs/internal/common/confirmation.go:42.51,44.2 1 1
+github.com/calypr/git-drs/internal/common/confirmation.go:47.33,49.2 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:10.62,13.16 3 5
+github.com/calypr/git-drs/internal/common/jwt.go:13.16,15.3 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:16.2,17.9 2 4
+github.com/calypr/git-drs/internal/common/jwt.go:17.9,19.3 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:20.2,21.9 2 3
+github.com/calypr/git-drs/internal/common/jwt.go:21.9,23.3 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:24.2,25.9 2 2
+github.com/calypr/git-drs/internal/common/jwt.go:25.9,27.3 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:28.2,28.18 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:31.68,34.16 3 3
+github.com/calypr/git-drs/internal/common/jwt.go:34.16,36.3 1 0
+github.com/calypr/git-drs/internal/common/jwt.go:37.2,38.9 2 3
+github.com/calypr/git-drs/internal/common/jwt.go:38.9,40.3 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:41.2,42.16 2 2
+github.com/calypr/git-drs/internal/common/jwt.go:42.16,44.3 1 1
+github.com/calypr/git-drs/internal/common/jwt.go:45.2,45.70 1 1
+github.com/calypr/git-drs/cmd/version/main.go:15.47,17.3 1 5
+github.com/calypr/git-drs/cmd/version/main.go:20.28,23.43 3 6
+github.com/calypr/git-drs/cmd/version/main.go:23.43,24.64 1 6
+github.com/calypr/git-drs/cmd/version/main.go:24.64,26.4 1 0
+github.com/calypr/git-drs/cmd/version/main.go:27.3,27.41 1 6
+github.com/calypr/git-drs/cmd/version/main.go:27.41,28.23 1 42
+github.com/calypr/git-drs/cmd/version/main.go:29.24,30.27 1 0
+github.com/calypr/git-drs/cmd/version/main.go:31.19,32.18 1 0
+github.com/calypr/git-drs/cmd/version/main.go:32.18,34.6 1 0
+github.com/calypr/git-drs/cmd/version/main.go:39.2,40.26 2 6
+github.com/calypr/git-drs/cmd/version/main.go:40.26,42.3 1 0
+github.com/calypr/git-drs/cmd/version/main.go:44.2,44.9 1 6
+github.com/calypr/git-drs/cmd/version/main.go:45.38,46.48 1 0
+github.com/calypr/git-drs/cmd/version/main.go:47.17,48.13 1 0
+github.com/calypr/git-drs/cmd/version/main.go:49.25,50.44 1 0
+github.com/calypr/git-drs/cmd/version/main.go:51.10,52.23 1 6
+github.com/calypr/git-drs/internal/drsfilter/clean.go:21.65,30.101 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:30.101,37.3 4 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:38.2,38.65 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:48.127,52.51 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:52.51,54.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:57.2,58.16 2 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:61.2,62.15 2 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:62.15,63.53 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:63.53,65.4 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:68.2,70.16 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:70.16,73.3 2 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:74.2,74.36 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:74.36,76.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:77.2,80.29 3 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:80.29,81.60 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:81.60,82.68 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:82.68,83.46 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:83.46,85.6 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:86.5,86.80 1 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:86.80,88.6 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:89.5,90.15 2 1
+github.com/calypr/git-drs/internal/drsfilter/clean.go:96.2,97.16 2 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:97.16,99.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:100.2,100.68 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:100.68,102.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:103.2,103.54 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:103.54,105.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:107.2,114.56 3 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:114.56,116.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:119.2,119.63 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:119.63,121.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/clean.go:123.2,123.12 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:22.144,24.16 2 4
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:24.16,26.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:28.2,29.9 2 4
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:29.9,31.17 2 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:31.17,33.4 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:34.3,34.13 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:37.2,37.19 1 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:37.19,39.3 1 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:41.2,42.16 2 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:42.16,44.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:46.2,47.16 2 3
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:47.16,49.3 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:50.2,50.37 1 2
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:50.37,52.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:54.2,54.21 1 2
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:54.21,57.20 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:57.20,59.4 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:60.3,61.13 2 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:64.2,64.68 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:64.68,66.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:68.2,68.54 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:68.54,70.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:72.2,72.59 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:72.59,74.3 1 0
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:76.2,76.12 1 1
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:79.59,81.16 2 4
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:81.16,83.3 1 2
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:84.2,87.12 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:21.43,25.2 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:27.38,29.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:40.49,42.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:44.111,47.2 2 0
+github.com/calypr/git-drs/internal/drsobject/object.go:49.167,56.2 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:58.74,59.16 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:59.16,61.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:62.2,73.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:76.134,77.16 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:77.16,79.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:80.2,81.41 2 0
+github.com/calypr/git-drs/internal/drsobject/object.go:81.41,84.29 3 0
+github.com/calypr/git-drs/internal/drsobject/object.go:84.29,85.12 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:87.3,87.20 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:90.2,101.72 3 0
+github.com/calypr/git-drs/internal/drsobject/object.go:101.72,103.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:104.2,104.57 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:104.57,106.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:107.2,107.15 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:119.132,121.20 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:121.20,123.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:125.2,135.23 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:135.23,137.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:139.2,142.16 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:142.16,144.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:146.2,155.97 4 2
+github.com/calypr/git-drs/internal/drsobject/object.go:155.97,158.3 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:159.2,159.17 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:162.125,165.18 3 2
+github.com/calypr/git-drs/internal/drsobject/object.go:165.18,167.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:168.2,168.15 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:168.15,170.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:172.2,173.18 2 2
+github.com/calypr/git-drs/internal/drsobject/object.go:173.18,175.3 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:177.2,177.63 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:177.63,181.21 4 0
+github.com/calypr/git-drs/internal/drsobject/object.go:181.21,182.20 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:182.20,184.5 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:184.10,186.5 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:190.2,190.18 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:190.18,192.3 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:193.2,196.18 4 2
+github.com/calypr/git-drs/internal/drsobject/object.go:196.18,198.3 1 1
+github.com/calypr/git-drs/internal/drsobject/object.go:199.2,199.73 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:202.49,203.54 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:204.32,205.14 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:206.36,207.14 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:208.33,209.14 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:210.10,211.81 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:215.54,216.79 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:217.19,218.43 1 0
+github.com/calypr/git-drs/internal/drsobject/object.go:219.12,220.43 1 2
+github.com/calypr/git-drs/internal/drsobject/object.go:221.10,222.79 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:13.62,15.20 2 3
+github.com/calypr/git-drs/internal/drsobject/store.go:15.20,17.3 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:18.2,18.61 1 2
+github.com/calypr/git-drs/internal/drsobject/store.go:21.79,23.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:23.16,25.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:27.2,28.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:28.16,30.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:31.2,31.69 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:31.69,33.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:35.2,35.69 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:35.69,37.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:38.2,38.12 1 1
+github.com/calypr/git-drs/internal/drsobject/store.go:41.73,43.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:43.16,45.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:47.2,48.16 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:48.16,50.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:52.2,53.79 2 1
+github.com/calypr/git-drs/internal/drsobject/store.go:53.79,55.3 1 0
+github.com/calypr/git-drs/internal/drsobject/store.go:57.2,57.24 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:9.86,16.30 3 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:16.30,19.39 3 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:19.39,20.12 1 0
+github.com/calypr/git-drs/internal/drsremote/bulk.go:22.3,30.5 3 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:32.2,32.21 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:32.21,34.3 1 0
+github.com/calypr/git-drs/internal/drsremote/bulk.go:35.2,36.18 2 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:39.58,40.30 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:40.30,42.3 1 0
+github.com/calypr/git-drs/internal/drsremote/bulk.go:43.2,43.44 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:43.44,44.74 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:44.74,46.4 1 1
+github.com/calypr/git-drs/internal/drsremote/bulk.go:48.2,48.11 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:23.113,24.43 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:24.43,26.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:27.2,28.20 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:28.20,30.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:31.2,32.16 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:32.16,34.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:35.2,35.29 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:38.129,39.43 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:39.43,41.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:42.2,44.37 3 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:44.37,46.23 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:46.23,47.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:49.3,49.60 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:49.60,50.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:52.3,53.54 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:55.2,55.30 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:55.30,57.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:60.2,66.42 6 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:66.42,68.21 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:68.21,70.17 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:70.17,70.26 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:72.4,73.18 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:73.18,75.5 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:76.4,76.68 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:76.68,78.5 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:80.4,83.14 4 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:87.2,87.33 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:87.33,89.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:91.2,92.57 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:92.57,95.3 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:96.2,96.33 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:96.33,97.42 1 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:97.42,98.54 1 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:98.54,99.13 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:101.4,102.24 2 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:102.24,103.13 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:105.4,106.11 2 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:106.11,107.13 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:109.4,110.30 2 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:110.30,112.5 1 3
+github.com/calypr/git-drs/internal/drsremote/remote.go:116.2,116.21 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:119.121,121.16 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:121.16,123.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:124.2,125.30 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:125.30,126.64 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:126.64,128.4 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:130.2,130.20 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:133.137,135.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:135.16,137.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:138.2,139.51 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:139.51,141.31 2 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:141.31,142.65 1 6
+github.com/calypr/git-drs/internal/drsremote/remote.go:142.65,144.5 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:146.3,146.31 1 4
+github.com/calypr/git-drs/internal/drsremote/remote.go:148.2,148.21 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:151.139,153.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:153.16,155.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:156.2,156.23 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:156.23,158.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:159.2,160.66 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:160.66,162.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:163.2,164.22 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:164.22,166.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:167.2,168.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:168.16,170.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:171.2,171.32 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:174.144,175.43 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:175.43,177.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:178.2,179.9 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:179.9,181.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:183.2,184.16 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:184.16,186.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:187.2,187.25 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:187.25,189.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:191.2,192.53 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:192.53,194.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:195.2,195.69 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:195.69,196.34 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:196.34,197.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:199.3,200.81 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:200.81,201.12 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:203.3,203.100 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:205.2,205.17 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:210.124,212.68 2 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:212.68,214.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:216.2,217.16 2 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:217.16,219.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:220.2,220.72 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:223.163,224.68 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:224.68,226.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:227.2,227.59 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:227.59,229.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:230.2,230.70 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:233.189,234.43 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:234.43,236.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:237.2,237.78 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:237.78,239.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:240.2,245.75 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:248.152,254.2 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:262.40,264.2 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:266.59,268.2 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:270.99,276.2 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:278.93,280.2 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:282.120,283.17 1 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:283.17,285.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:286.2,287.39 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:290.98,292.16 2 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:292.16,294.3 1 0
+github.com/calypr/git-drs/internal/drsremote/remote.go:295.2,295.54 1 2
+github.com/calypr/git-drs/internal/drsremote/remote.go:295.54,298.3 2 1
+github.com/calypr/git-drs/internal/drsremote/remote.go:299.2,299.23 1 1
+github.com/calypr/git-drs/internal/drsremote/scope.go:12.77,14.2 1 13
+github.com/calypr/git-drs/internal/drsremote/scope.go:16.112,17.23 1 4
+github.com/calypr/git-drs/internal/drsremote/scope.go:17.23,19.3 1 2
+github.com/calypr/git-drs/internal/drsremote/scope.go:21.2,22.15 2 2
+github.com/calypr/git-drs/internal/drsremote/scope.go:22.15,24.3 1 0
+github.com/calypr/git-drs/internal/drsremote/scope.go:26.2,26.33 1 2
+github.com/calypr/git-drs/internal/drsremote/scope.go:26.33,27.42 1 3
+github.com/calypr/git-drs/internal/drsremote/scope.go:27.42,29.4 1 1
+github.com/calypr/git-drs/internal/drsremote/scope.go:31.2,31.17 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:14.110,16.34 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:16.34,18.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:20.2,22.29 3 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:22.29,24.14 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:24.14,25.12 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:27.3,27.28 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:27.28,30.4 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:32.2,32.21 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:32.21,34.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:36.2,38.20 3 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:38.20,40.17 2 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:40.17,42.4 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:43.3,43.34 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:43.34,45.4 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:46.8,46.36 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:46.36,48.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:50.2,51.29 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:51.29,53.9 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:53.9,55.4 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:58.2,58.28 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:58.28,60.31 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:60.31,61.48 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:61.48,64.5 2 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:65.4,65.12 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:67.3,68.17 2 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:71.2,71.32 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:71.32,73.3 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:75.2,75.76 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:75.76,77.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:79.2,80.35 2 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:80.35,82.3 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:83.2,83.76 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:83.76,85.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:86.2,86.18 1 2
+github.com/calypr/git-drs/internal/drstrack/routes.go:89.73,91.42 2 4
+github.com/calypr/git-drs/internal/drstrack/routes.go:91.42,93.3 1 1
+github.com/calypr/git-drs/internal/drstrack/routes.go:95.2,96.20 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:96.20,98.3 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:100.2,101.32 2 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:101.32,102.43 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:102.43,105.34 3 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:105.34,107.5 1 3
+github.com/calypr/git-drs/internal/drstrack/routes.go:108.4,108.24 1 0
+github.com/calypr/git-drs/internal/drstrack/routes.go:111.2,111.22 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:16.103,22.16 5 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:22.16,24.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:26.2,28.46 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:28.46,32.50 3 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:32.50,33.176 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:33.176,35.13 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:39.3,42.14 3 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:42.14,45.4 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:48.2,48.13 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:48.13,49.93 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:49.93,51.4 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:54.2,54.29 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:57.77,62.16 4 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:62.16,64.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:66.2,68.21 3 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:68.21,70.44 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:70.44,71.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:73.3,74.22 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:74.22,75.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:77.3,77.62 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:79.2,79.38 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:79.38,81.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:83.2,83.24 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:83.24,85.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:87.2,89.29 3 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:89.29,91.3 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:92.2,92.26 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:95.105,100.16 4 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:100.16,102.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:103.2,103.30 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:103.30,105.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:107.2,108.29 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:108.29,111.3 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:113.2,116.21 4 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:116.21,118.44 2 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:118.44,120.12 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:123.3,124.22 2 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:124.22,126.12 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:129.3,130.35 2 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:130.35,132.12 2 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:135.3,135.38 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:137.2,137.38 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:137.38,139.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:141.2,141.13 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:141.13,143.20 2 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:143.20,145.4 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:146.3,146.80 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:146.80,148.4 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:151.2,151.26 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:154.47,156.16 2 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:156.16,157.25 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:157.25,159.4 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:160.3,160.57 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:162.2,162.18 1 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:165.62,168.21 3 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:168.21,170.44 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:170.44,171.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:173.3,174.22 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:174.22,175.12 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:177.3,177.47 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:179.2,179.14 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:182.94,183.12 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:183.12,185.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:187.2,188.23 2 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:188.23,190.22 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:190.22,193.24 3 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:193.24,195.40 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:195.40,198.14 3 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:201.4,201.33 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:203.3,203.39 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:203.39,205.4 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:208.2,208.34 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:208.34,210.3 1 2
+github.com/calypr/git-drs/internal/drstrack/tracking.go:212.2,213.19 2 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:213.19,215.3 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:216.2,216.79 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:216.79,218.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:219.2,219.12 1 1
+github.com/calypr/git-drs/internal/drstrack/tracking.go:222.43,224.2 1 3
+github.com/calypr/git-drs/internal/drstrack/tracking.go:226.44,228.2 1 8
+github.com/calypr/git-drs/internal/drstrack/tracking.go:235.41,237.31 2 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:237.31,239.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:239.8,241.3 1 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:243.2,243.44 1 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:243.44,245.3 1 10
+github.com/calypr/git-drs/internal/drstrack/tracking.go:247.2,247.16 1 5
+github.com/calypr/git-drs/internal/drstrack/tracking.go:250.49,253.44 2 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:253.44,255.3 1 14
+github.com/calypr/git-drs/internal/drstrack/tracking.go:257.2,257.31 1 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:257.31,259.3 1 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:261.2,261.18 1 7
+github.com/calypr/git-drs/internal/drstrack/tracking.go:264.68,265.76 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:265.76,267.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:269.2,270.16 2 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:270.16,272.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:274.2,276.16 3 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:276.16,278.3 1 0
+github.com/calypr/git-drs/internal/drstrack/tracking.go:280.2,280.21 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:56.80,62.2 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:65.56,68.2 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:71.54,74.2 2 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:78.52,80.38 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:80.38,83.3 2 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:84.2,84.6 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:84.6,85.35 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:85.35,87.4 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:88.3,88.43 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:88.43,89.21 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:89.21,91.5 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:92.4,92.14 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:116.39,119.16 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:119.16,121.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:122.2,122.36 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:122.36,124.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:126.2,127.16 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:127.16,129.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:130.2,130.45 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:130.45,132.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:135.2,135.89 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:135.89,137.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:140.2,140.49 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:140.49,142.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:145.2,145.80 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:152.59,155.16 3 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:155.16,158.3 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:159.2,162.16 3 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:162.16,164.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:166.2,167.21 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:168.16,169.49 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:170.15,171.48 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:172.10,174.61 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:177.2,177.23 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:177.23,179.72 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:179.72,181.4 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:182.3,182.13 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:184.2,184.12 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:187.96,188.21 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:188.21,190.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:192.2,193.75 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:193.75,195.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:196.2,196.44 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:199.95,200.20 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:200.20,202.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:204.2,205.74 2 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:205.74,207.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:208.2,208.44 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:212.61,214.2 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:217.60,219.2 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:230.61,231.73 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:231.73,233.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:235.2,236.19 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:236.19,237.42 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:237.42,239.4 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:241.2,241.34 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:241.34,243.3 1 0
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:246.2,246.34 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:255.58,257.16 2 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:257.16,259.3 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:261.2,262.35 2 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:262.35,263.55 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:263.55,264.17 1 2
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:265.19,266.24 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:267.20,268.25 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:272.2,272.17 1 1
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:277.51,279.2 1 1
+github.com/calypr/git-drs/internal/pathspec/match.go:9.54,10.24 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:10.24,12.3 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:13.2,14.35 2 0
+github.com/calypr/git-drs/internal/pathspec/match.go:14.35,16.20 2 0
+github.com/calypr/git-drs/internal/pathspec/match.go:16.20,17.12 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:19.3,19.35 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:19.35,21.4 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:23.2,23.14 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:26.41,28.42 2 5
+github.com/calypr/git-drs/internal/pathspec/match.go:28.42,30.3 1 2
+github.com/calypr/git-drs/internal/pathspec/match.go:31.2,32.16 2 3
+github.com/calypr/git-drs/internal/pathspec/match.go:32.16,34.3 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:35.2,35.29 1 3
+github.com/calypr/git-drs/internal/pathspec/match.go:38.42,41.36 3 3
+github.com/calypr/git-drs/internal/pathspec/match.go:41.36,43.13 2 21
+github.com/calypr/git-drs/internal/pathspec/match.go:44.12,45.49 1 3
+github.com/calypr/git-drs/internal/pathspec/match.go:45.49,48.13 3 1
+github.com/calypr/git-drs/internal/pathspec/match.go:50.4,50.26 1 2
+github.com/calypr/git-drs/internal/pathspec/match.go:51.12,52.25 1 0
+github.com/calypr/git-drs/internal/pathspec/match.go:53.68,55.19 2 2
+github.com/calypr/git-drs/internal/pathspec/match.go:56.11,57.19 1 16
+github.com/calypr/git-drs/internal/pathspec/match.go:60.2,61.19 2 3
+github.com/calypr/git-drs/internal/version/version.go:22.22,24.2 1 1
+github.com/calypr/git-drs/internal/version/version.go:27.24,35.2 1 1
+github.com/calypr/git-drs/cmd/delete/main.go:29.54,33.51 2 2
+github.com/calypr/git-drs/cmd/delete/main.go:33.51,35.4 1 1
+github.com/calypr/git-drs/cmd/delete/main.go:37.3,40.17 3 1
+github.com/calypr/git-drs/cmd/delete/main.go:40.17,42.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:44.3,45.17 2 1
+github.com/calypr/git-drs/cmd/delete/main.go:45.17,47.4 1 1
+github.com/calypr/git-drs/cmd/delete/main.go:49.3,50.17 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:50.17,53.4 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:56.3,57.17 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:57.17,59.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:60.3,60.24 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:60.24,62.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:65.3,65.19 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:65.19,73.24 8 0
+github.com/calypr/git-drs/cmd/delete/main.go:73.24,75.5 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:76.4,84.18 3 0
+github.com/calypr/git-drs/cmd/delete/main.go:84.18,86.5 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:90.3,91.17 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:91.17,93.4 1 0
+github.com/calypr/git-drs/cmd/delete/main.go:95.3,96.13 2 0
+github.com/calypr/git-drs/cmd/delete/main.go:100.13,103.2 2 1
+github.com/calypr/git-drs/cmd/push/main.go:22.68,25.2 2 0
+github.com/calypr/git-drs/cmd/push/main.go:34.54,35.20 1 3
+github.com/calypr/git-drs/cmd/push/main.go:35.20,38.4 2 1
+github.com/calypr/git-drs/cmd/push/main.go:39.3,39.13 1 2
+github.com/calypr/git-drs/cmd/push/main.go:41.54,47.17 6 2
+github.com/calypr/git-drs/cmd/push/main.go:47.17,51.4 3 0
+github.com/calypr/git-drs/cmd/push/main.go:52.3,55.20 3 2
+github.com/calypr/git-drs/cmd/push/main.go:55.20,57.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:57.9,59.18 2 2
+github.com/calypr/git-drs/cmd/push/main.go:59.18,62.5 2 2
+github.com/calypr/git-drs/cmd/push/main.go:65.3,67.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:67.17,71.4 3 0
+github.com/calypr/git-drs/cmd/push/main.go:72.3,75.17 4 0
+github.com/calypr/git-drs/cmd/push/main.go:75.17,78.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:79.3,81.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:81.17,84.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:85.3,87.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:87.17,90.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:91.3,94.100 3 0
+github.com/calypr/git-drs/cmd/push/main.go:94.100,97.4 2 0
+github.com/calypr/git-drs/cmd/push/main.go:98.3,100.87 3 0
+github.com/calypr/git-drs/cmd/push/main.go:100.87,104.4 3 0
+github.com/calypr/git-drs/cmd/push/main.go:105.3,107.10 3 0
+github.com/calypr/git-drs/cmd/push/main.go:108.27,109.85 1 0
+github.com/calypr/git-drs/cmd/push/main.go:110.31,111.113 1 0
+github.com/calypr/git-drs/cmd/push/main.go:114.3,115.21 2 0
+github.com/calypr/git-drs/cmd/push/main.go:115.21,117.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:118.3,121.17 4 0
+github.com/calypr/git-drs/cmd/push/main.go:121.17,124.17 3 0
+github.com/calypr/git-drs/cmd/push/main.go:124.17,126.5 1 0
+github.com/calypr/git-drs/cmd/push/main.go:127.4,127.71 1 0
+github.com/calypr/git-drs/cmd/push/main.go:129.3,130.13 2 0
+github.com/calypr/git-drs/cmd/push/main.go:134.13,137.2 2 1
+github.com/calypr/git-drs/cmd/push/main.go:139.82,141.16 2 2
+github.com/calypr/git-drs/cmd/push/main.go:141.16,143.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:144.2,145.16 2 2
+github.com/calypr/git-drs/cmd/push/main.go:145.16,147.3 1 1
+github.com/calypr/git-drs/cmd/push/main.go:148.2,151.9 1 1
+github.com/calypr/git-drs/cmd/push/main.go:154.95,157.16 3 2
+github.com/calypr/git-drs/cmd/push/main.go:157.16,159.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:160.2,162.16 3 2
+github.com/calypr/git-drs/cmd/push/main.go:162.16,164.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:164.8,166.29 2 2
+github.com/calypr/git-drs/cmd/push/main.go:166.29,168.4 1 1
+github.com/calypr/git-drs/cmd/push/main.go:168.9,170.4 1 1
+github.com/calypr/git-drs/cmd/push/main.go:172.2,175.9 1 2
+github.com/calypr/git-drs/cmd/push/main.go:178.90,181.16 3 0
+github.com/calypr/git-drs/cmd/push/main.go:181.16,183.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:184.2,186.29 3 0
+github.com/calypr/git-drs/cmd/push/main.go:186.29,188.54 2 0
+github.com/calypr/git-drs/cmd/push/main.go:188.54,190.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:192.2,192.20 1 0
+github.com/calypr/git-drs/cmd/push/main.go:192.20,194.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:195.2,198.16 4 0
+github.com/calypr/git-drs/cmd/push/main.go:198.16,200.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:201.2,201.49 1 0
+github.com/calypr/git-drs/cmd/push/main.go:204.92,207.27 3 2
+github.com/calypr/git-drs/cmd/push/main.go:207.27,210.40 3 2
+github.com/calypr/git-drs/cmd/push/main.go:210.40,211.12 1 0
+github.com/calypr/git-drs/cmd/push/main.go:213.3,214.40 2 2
+github.com/calypr/git-drs/cmd/push/main.go:214.40,216.4 1 1
+github.com/calypr/git-drs/cmd/push/main.go:216.9,218.4 1 1
+github.com/calypr/git-drs/cmd/push/main.go:219.3,220.17 2 2
+github.com/calypr/git-drs/cmd/push/main.go:220.17,222.4 1 0
+github.com/calypr/git-drs/cmd/push/main.go:223.3,223.68 1 2
+github.com/calypr/git-drs/cmd/push/main.go:223.68,225.18 2 4
+github.com/calypr/git-drs/cmd/push/main.go:225.18,226.13 1 0
+github.com/calypr/git-drs/cmd/push/main.go:228.4,228.26 1 4
+github.com/calypr/git-drs/cmd/push/main.go:231.2,232.24 2 2
+github.com/calypr/git-drs/cmd/push/main.go:232.24,234.3 1 4
+github.com/calypr/git-drs/cmd/push/main.go:235.2,236.19 2 2
+github.com/calypr/git-drs/cmd/push/main.go:239.69,242.16 3 0
+github.com/calypr/git-drs/cmd/push/main.go:242.16,244.3 1 0
+github.com/calypr/git-drs/cmd/push/main.go:245.2,245.44 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:37.71,42.2 1 6
+github.com/calypr/git-drs/cmd/push/progress.go:44.59,46.26 2 20
+github.com/calypr/git-drs/cmd/push/progress.go:46.26,48.3 1 3
+github.com/calypr/git-drs/cmd/push/progress.go:49.2,49.36 1 20
+github.com/calypr/git-drs/cmd/push/progress.go:49.36,51.18 2 28
+github.com/calypr/git-drs/cmd/push/progress.go:51.18,52.12 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:54.3,54.67 1 28
+github.com/calypr/git-drs/cmd/push/progress.go:56.2,56.29 1 20
+github.com/calypr/git-drs/cmd/push/progress.go:59.84,68.27 4 1
+github.com/calypr/git-drs/cmd/push/progress.go:68.27,70.3 1 1
+github.com/calypr/git-drs/cmd/push/progress.go:73.88,77.18 3 2
+github.com/calypr/git-drs/cmd/push/progress.go:77.18,79.3 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:80.2,80.41 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:80.41,82.3 1 1
+github.com/calypr/git-drs/cmd/push/progress.go:83.2,83.54 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:83.54,85.3 1 1
+github.com/calypr/git-drs/cmd/push/progress.go:86.2,86.52 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:86.52,89.27 3 1
+github.com/calypr/git-drs/cmd/push/progress.go:89.27,91.4 1 1
+github.com/calypr/git-drs/cmd/push/progress.go:93.2,93.26 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:93.26,95.3 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:98.80,106.34 7 5
+github.com/calypr/git-drs/cmd/push/progress.go:106.34,112.3 2 7
+github.com/calypr/git-drs/cmd/push/progress.go:113.2,113.15 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:113.15,115.3 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:118.84,122.16 3 12
+github.com/calypr/git-drs/cmd/push/progress.go:122.16,124.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:125.2,126.9 2 12
+github.com/calypr/git-drs/cmd/push/progress.go:126.9,128.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:129.2,129.19 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:129.19,131.3 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:132.2,132.23 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:132.23,134.3 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:135.2,135.34 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:135.34,137.3 1 8
+github.com/calypr/git-drs/cmd/push/progress.go:138.2,138.50 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:138.50,140.3 1 7
+github.com/calypr/git-drs/cmd/push/progress.go:141.2,141.69 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:141.69,144.21 3 5
+github.com/calypr/git-drs/cmd/push/progress.go:144.21,146.4 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:148.2,148.23 1 12
+github.com/calypr/git-drs/cmd/push/progress.go:151.43,155.41 3 4
+github.com/calypr/git-drs/cmd/push/progress.go:155.41,157.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:158.2,159.26 2 4
+github.com/calypr/git-drs/cmd/push/progress.go:159.26,161.3 1 1
+github.com/calypr/git-drs/cmd/push/progress.go:162.2,162.36 1 4
+github.com/calypr/git-drs/cmd/push/progress.go:162.36,164.18 2 5
+github.com/calypr/git-drs/cmd/push/progress.go:164.18,165.12 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:167.3,167.67 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:169.2,171.33 3 4
+github.com/calypr/git-drs/cmd/push/progress.go:174.52,178.2 3 3
+github.com/calypr/git-drs/cmd/push/progress.go:180.98,182.36 2 33
+github.com/calypr/git-drs/cmd/push/progress.go:182.36,184.3 1 33
+github.com/calypr/git-drs/cmd/push/progress.go:185.2,186.17 2 33
+github.com/calypr/git-drs/cmd/push/progress.go:186.17,187.10 1 33
+github.com/calypr/git-drs/cmd/push/progress.go:188.40,189.35 1 5
+github.com/calypr/git-drs/cmd/push/progress.go:193.2,196.17 4 33
+github.com/calypr/git-drs/cmd/push/progress.go:196.17,200.3 3 33
+github.com/calypr/git-drs/cmd/push/progress.go:201.2,208.74 7 33
+github.com/calypr/git-drs/cmd/push/progress.go:211.62,214.19 3 4
+github.com/calypr/git-drs/cmd/push/progress.go:214.19,216.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:217.2,217.36 1 4
+github.com/calypr/git-drs/cmd/push/progress.go:217.36,219.3 1 0
+github.com/calypr/git-drs/cmd/push/progress.go:220.2,221.43 2 4
+github.com/calypr/git-drs/cmd/push/progress.go:221.43,223.3 1 2
+github.com/calypr/git-drs/cmd/push/progress.go:224.2,226.94 3 4
+github.com/calypr/git-drs/cmd/rm/main.go:15.58,18.2 2 1
+github.com/calypr/git-drs/cmd/rm/main.go:24.54,26.3 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:29.52,31.16 2 1
+github.com/calypr/git-drs/cmd/rm/main.go:31.16,33.3 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:35.2,40.27 3 1
+github.com/calypr/git-drs/cmd/rm/main.go:40.27,43.47 3 1
+github.com/calypr/git-drs/cmd/rm/main.go:43.47,45.4 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:46.3,46.126 1 1
+github.com/calypr/git-drs/cmd/rm/main.go:49.2,50.31 2 1
+github.com/calypr/git-drs/cmd/rm/main.go:50.31,52.3 1 1
+github.com/calypr/git-drs/cmd/rm/main.go:53.2,53.54 1 1
+github.com/calypr/git-drs/cmd/rm/main.go:53.54,55.3 1 0
+github.com/calypr/git-drs/cmd/rm/main.go:57.2,57.12 1 1
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:12.129,14.16 2 7
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:14.16,16.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:17.2,18.16 2 7
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:18.16,20.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:22.2,22.111 1 7
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:22.111,24.3 1 5
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:25.2,25.107 1 2
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:25.107,27.3 1 1
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:29.2,29.109 1 1
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:32.111,34.23 2 9
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:34.23,36.3 1 3
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:38.2,39.27 2 6
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:39.27,40.34 1 1
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:40.34,41.50 1 2
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:41.50,43.5 1 1
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:45.3,45.148 1 0
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:48.2,48.23 1 5
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:48.23,50.3 1 4
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:51.2,51.151 1 1
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:54.89,56.20 2 9
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:56.20,58.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:60.2,61.46 2 9
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:61.46,62.27 1 11
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:62.27,63.12 1 2
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:65.3,65.44 1 9
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:65.44,66.66 1 9
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:66.66,68.10 2 8
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:72.2,73.32 2 9
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:25.54,26.37 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:26.37,29.4 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:30.3,30.13 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:32.54,37.21 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:37.21,39.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:39.9,42.4 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:44.3,45.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:45.17,47.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:48.3,48.19 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:48.19,49.100 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:49.100,51.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:53.3,53.13 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:57.91,58.22 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:58.22,60.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:61.2,61.59 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:61.59,63.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:64.2,65.16 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:65.16,67.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:69.2,71.9 3 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:72.24,76.17 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:76.17,78.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:80.22,82.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:82.17,84.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:85.3,90.17 5 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:90.17,92.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:94.10,96.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:96.17,98.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:98.9,103.4 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:106.2,106.23 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:106.23,108.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:110.2,122.75 4 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:122.75,124.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:126.2,127.16 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:127.16,129.17 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:129.17,131.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:133.2,135.26 3 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:135.26,137.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:139.2,150.67 3 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:150.67,152.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:153.2,155.45 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:155.45,157.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:159.2,159.67 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:159.67,161.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:162.2,162.73 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:162.73,164.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:166.2,167.12 2 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:170.56,172.15 2 6
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:172.15,174.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:176.2,177.21 2 6
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:177.21,179.3 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:180.2,182.41 3 4
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:182.41,184.3 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:185.2,185.35 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:188.157,189.39 1 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:189.39,191.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:192.2,192.36 1 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:192.36,194.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:196.2,197.16 2 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:197.16,199.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:200.2,203.16 3 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:203.16,205.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:206.2,207.38 2 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:207.38,209.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:211.2,212.68 2 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:212.68,214.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:216.2,217.16 2 5
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:217.16,219.3 1 2
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:220.2,220.57 1 3
+github.com/calypr/git-drs/cmd/remote/add/init.go:20.13,32.2 10 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:23.54,28.74 4 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:28.74,30.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:31.3,31.16 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:31.16,33.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:34.3,35.17 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:35.17,37.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:38.3,39.17 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:39.17,41.18 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:41.18,43.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:45.3,47.27 3 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:47.27,49.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:51.3,62.17 3 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:62.17,64.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:65.3,65.66 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:65.66,67.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:68.3,68.68 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:68.68,70.4 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:71.3,71.87 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:71.87,72.88 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:72.88,74.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:75.4,75.133 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:75.133,77.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:80.3,81.19 2 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:81.19,82.100 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:82.100,84.5 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:86.3,86.13 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:90.175,91.39 1 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:91.39,93.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:95.2,96.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:96.16,98.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:99.2,99.38 1 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:99.38,101.3 1 1
+github.com/calypr/git-drs/cmd/remote/add/local.go:103.2,104.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:104.16,106.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:107.2,108.38 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:108.38,110.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:112.2,113.68 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:113.68,115.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:117.2,118.16 2 2
+github.com/calypr/git-drs/cmd/remote/add/local.go:118.16,120.3 1 0
+github.com/calypr/git-drs/cmd/remote/add/local.go:121.2,121.57 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:88.54,90.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:93.13,95.33 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:95.33,100.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:103.37,105.16 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:105.16,107.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:109.2,114.53 5 1
+github.com/calypr/git-drs/cmd/precommit/main.go:114.53,116.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:117.2,117.52 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:117.52,119.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:120.2,123.16 3 1
+github.com/calypr/git-drs/cmd/precommit/main.go:123.16,125.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:126.2,126.23 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:126.23,128.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:129.2,130.16 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:130.16,132.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:133.2,133.24 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:133.24,135.17 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:135.17,137.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:138.3,138.15 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:138.15,140.4 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:143.2,147.29 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:147.29,148.28 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:148.28,149.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:154.3,155.17 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:155.17,157.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:160.3,163.15 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:163.15,165.106 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:165.106,167.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:170.4,174.19 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:174.19,176.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:179.4,179.99 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:179.99,181.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:182.9,185.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:189.2,189.29 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:189.29,190.18 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:191.28,192.80 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:192.80,194.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:195.19,197.80 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:197.80,199.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:202.19,203.90 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:203.90,205.5 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:209.2,209.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:212.83,214.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:214.16,217.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:218.2,218.12 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:218.12,221.3 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:223.2,228.49 4 1
+github.com/calypr/git-drs/cmd/precommit/main.go:228.49,230.43 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:230.43,232.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:236.2,240.17 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:240.17,242.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:245.2,246.89 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:246.89,248.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:251.2,251.20 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:251.20,253.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:255.2,255.12 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:258.93,262.16 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:262.16,265.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:266.2,267.47 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:267.47,271.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:273.2,276.21 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:276.21,278.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:281.2,287.12 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:297.59,299.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:299.16,301.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:302.2,304.16 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:304.16,306.36 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:306.36,307.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:309.3,310.21 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:310.21,311.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:313.3,314.10 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:315.22,316.87 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:317.22,318.90 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:319.22,320.90 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:321.58,322.109 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:323.11,323.11 0 0
+github.com/calypr/git-drs/cmd/precommit/main.go:327.2,327.33 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:327.33,329.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:330.2,330.21 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:335.75,337.16 2 5
+github.com/calypr/git-drs/cmd/precommit/main.go:337.16,340.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:344.2,348.16 4 5
+github.com/calypr/git-drs/cmd/precommit/main.go:348.16,350.26 2 7
+github.com/calypr/git-drs/cmd/precommit/main.go:350.26,352.12 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:354.3,354.45 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:354.45,357.17 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:357.17,359.5 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:363.3,363.27 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:363.27,364.9 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:367.2,367.33 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:367.33,369.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:371.2,371.26 1 5
+github.com/calypr/git-drs/cmd/precommit/main.go:371.26,373.3 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:374.2,374.23 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:377.70,379.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:379.16,381.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:382.2,383.16 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:383.16,385.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:386.2,386.18 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:389.134,390.25 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:390.25,392.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:393.2,395.29 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:395.29,396.75 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:396.75,397.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:399.3,400.17 2 3
+github.com/calypr/git-drs/cmd/precommit/main.go:400.17,401.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:403.3,403.30 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:403.30,404.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:406.3,409.17 3 3
+github.com/calypr/git-drs/cmd/precommit/main.go:409.17,410.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:412.3,412.12 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:412.12,413.12 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:416.3,417.17 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:417.17,419.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:420.3,420.29 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:420.29,421.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:423.3,423.77 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:425.2,425.44 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:425.44,425.92 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:426.2,426.23 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:429.80,430.21 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:430.21,432.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:434.2,435.26 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:435.26,437.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:438.2,443.43 5 0
+github.com/calypr/git-drs/cmd/precommit/main.go:443.43,445.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:446.2,447.46 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:450.33,452.14 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:452.14,454.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:455.2,456.42 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:456.42,459.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:460.2,460.73 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:463.61,465.16 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:465.16,467.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:468.2,469.18 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:469.18,471.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:473.2,473.29 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:473.29,475.17 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:475.17,477.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:478.3,479.39 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:481.2,481.20 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:484.63,490.34 6 11
+github.com/calypr/git-drs/cmd/precommit/main.go:490.34,493.16 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:493.16,495.4 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:496.3,496.69 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:498.2,498.28 1 11
+github.com/calypr/git-drs/cmd/precommit/main.go:503.50,505.2 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:507.37,510.2 1 3
+github.com/calypr/git-drs/cmd/precommit/main.go:512.47,517.2 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:525.97,533.42 3 1
+github.com/calypr/git-drs/cmd/precommit/main.go:533.42,537.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:539.2,540.32 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:540.32,542.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:544.2,544.19 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:544.19,546.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:547.2,547.19 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:547.19,549.3 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:551.2,555.34 4 1
+github.com/calypr/git-drs/cmd/precommit/main.go:558.58,562.16 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:562.16,564.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:565.2,566.50 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:566.50,568.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:569.2,570.32 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:570.32,571.16 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:571.16,572.12 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:574.3,574.24 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:576.2,583.34 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:586.49,588.19 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:588.19,590.3 1 1
+github.com/calypr/git-drs/cmd/precommit/main.go:591.2,592.12 2 1
+github.com/calypr/git-drs/cmd/precommit/main.go:597.48,599.48 2 2
+github.com/calypr/git-drs/cmd/precommit/main.go:599.48,601.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:603.2,605.16 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:605.16,607.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:608.2,608.15 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:608.15,608.32 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:610.2,612.38 3 2
+github.com/calypr/git-drs/cmd/precommit/main.go:612.38,615.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:616.2,616.33 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:616.33,619.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:620.2,620.34 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:620.34,623.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:624.2,624.29 1 2
+github.com/calypr/git-drs/cmd/precommit/main.go:627.48,629.62 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:629.62,631.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:633.2,633.44 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:633.44,635.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:635.8,635.43 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:635.43,637.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:639.2,640.16 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:640.16,642.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:643.2,646.16 3 0
+github.com/calypr/git-drs/cmd/precommit/main.go:646.16,648.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:650.2,650.44 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:650.44,653.3 2 0
+github.com/calypr/git-drs/cmd/precommit/main.go:654.2,654.36 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:654.36,656.3 1 0
+github.com/calypr/git-drs/cmd/precommit/main.go:657.2,657.23 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:26.73,28.2 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:33.54,34.20 1 3
+github.com/calypr/git-drs/cmd/ping/main.go:34.20,37.4 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:38.3,38.13 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:40.54,43.17 3 1
+github.com/calypr/git-drs/cmd/ping/main.go:43.17,45.4 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:46.3,48.55 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:48.55,50.4 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:51.3,52.13 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:56.96,58.16 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:58.16,60.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:62.2,63.20 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:63.20,65.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:66.2,67.16 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:67.16,69.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:71.2,72.22 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:72.22,74.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:76.2,77.16 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:77.16,79.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:81.2,91.26 2 2
+github.com/calypr/git-drs/cmd/ping/main.go:92.26,93.52 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:94.27,95.53 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:96.10,97.32 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:100.2,100.24 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:103.37,105.22 2 1
+github.com/calypr/git-drs/cmd/ping/main.go:105.22,107.3 1 1
+github.com/calypr/git-drs/cmd/ping/main.go:108.2,115.43 8 1
+github.com/calypr/git-drs/cmd/ping/main.go:118.45,119.39 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:119.39,121.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:122.2,122.56 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:122.56,124.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:125.2,125.99 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:125.99,127.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:128.2,128.15 1 2
+github.com/calypr/git-drs/cmd/ping/main.go:131.36,133.13 2 4
+github.com/calypr/git-drs/cmd/ping/main.go:133.13,135.3 1 0
+github.com/calypr/git-drs/cmd/ping/main.go:136.2,136.10 1 4
+github.com/calypr/git-drs/cmd/smudge/main.go:38.57,40.16 2 1
+github.com/calypr/git-drs/cmd/smudge/main.go:40.16,42.3 1 1
+github.com/calypr/git-drs/cmd/smudge/main.go:44.2,49.16 5 1
+github.com/calypr/git-drs/cmd/smudge/main.go:49.16,51.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:53.2,54.16 2 1
+github.com/calypr/git-drs/cmd/smudge/main.go:54.16,55.48 1 1
+github.com/calypr/git-drs/cmd/smudge/main.go:55.48,58.4 2 1
+github.com/calypr/git-drs/cmd/smudge/main.go:59.3,59.59 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:62.2,63.16 2 0
+github.com/calypr/git-drs/cmd/smudge/main.go:63.16,65.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:67.2,68.25 2 0
+github.com/calypr/git-drs/cmd/smudge/main.go:68.25,69.75 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:69.75,71.4 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:74.2,74.88 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:77.14,77.15 0 1
+github.com/calypr/git-drs/cmd/smudge/main.go:79.30,80.56 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:80.56,82.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:83.2,83.56 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:83.56,85.3 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:86.2,86.93 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:86.93,87.56 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:87.56,89.4 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:91.2,91.93 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:91.93,92.56 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:92.56,94.4 1 0
+github.com/calypr/git-drs/cmd/smudge/main.go:96.2,96.13 1 0
 github.com/calypr/git-drs/cmd/addurl/cache.go:42.109,43.19 1 4
 github.com/calypr/git-drs/cmd/addurl/cache.go:43.19,45.3 1 0
 github.com/calypr/git-drs/cmd/addurl/cache.go:47.2,48.16 2 4
@@ -452,7 +1968,7 @@ github.com/calypr/git-drs/cmd/addurl/io.go:49.53,51.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:53.2,53.132 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:53.132,55.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:56.2,56.12 1 0
-github.com/calypr/git-drs/cmd/addurl/io.go:61.157,97.16 1 1
+github.com/calypr/git-drs/cmd/addurl/io.go:61.159,97.16 1 1
 github.com/calypr/git-drs/cmd/addurl/io.go:97.16,99.3 1 0
 github.com/calypr/git-drs/cmd/addurl/io.go:100.2,100.12 1 1
 github.com/calypr/git-drs/cmd/addurl/io.go:106.52,108.48 2 9
@@ -467,883 +1983,145 @@ github.com/calypr/git-drs/cmd/addurl/main.go:17.55,18.38 1 0
 github.com/calypr/git-drs/cmd/addurl/main.go:18.38,20.5 1 0
 github.com/calypr/git-drs/cmd/addurl/main.go:21.4,21.14 1 0
 github.com/calypr/git-drs/cmd/addurl/main.go:25.2,26.12 2 4
-github.com/calypr/git-drs/cmd/addurl/main.go:30.35,36.2 1 4
-github.com/calypr/git-drs/cmd/addurl/main.go:39.63,41.2 1 0
+github.com/calypr/git-drs/cmd/addurl/main.go:30.35,41.2 2 4
+github.com/calypr/git-drs/cmd/addurl/main.go:44.63,46.2 1 0
 github.com/calypr/git-drs/cmd/addurl/params.go:23.79,27.16 3 3
 github.com/calypr/git-drs/cmd/addurl/params.go:27.16,29.3 1 0
 github.com/calypr/git-drs/cmd/addurl/params.go:31.2,32.16 2 3
 github.com/calypr/git-drs/cmd/addurl/params.go:32.16,34.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:36.2,49.8 1 3
-github.com/calypr/git-drs/cmd/addurl/params.go:54.70,55.20 1 3
-github.com/calypr/git-drs/cmd/addurl/params.go:55.20,57.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:58.2,59.16 2 3
-github.com/calypr/git-drs/cmd/addurl/params.go:59.16,61.3 1 0
-github.com/calypr/git-drs/cmd/addurl/params.go:62.2,62.45 1 3
-github.com/calypr/git-drs/cmd/addurl/params.go:65.45,66.27 1 12
-github.com/calypr/git-drs/cmd/addurl/params.go:66.27,68.14 2 30
-github.com/calypr/git-drs/cmd/addurl/params.go:68.14,70.4 1 4
-github.com/calypr/git-drs/cmd/addurl/params.go:72.2,72.11 1 8
+github.com/calypr/git-drs/cmd/addurl/params.go:35.2,36.16 2 3
+github.com/calypr/git-drs/cmd/addurl/params.go:36.16,38.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:40.2,45.8 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:50.70,51.20 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:51.20,53.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:54.2,54.34 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:54.34,56.17 2 2
+github.com/calypr/git-drs/cmd/addurl/params.go:56.17,58.4 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:59.3,59.46 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:61.2,61.61 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:64.41,66.16 2 5
+github.com/calypr/git-drs/cmd/addurl/params.go:66.16,68.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:69.2,69.39 1 5
+github.com/calypr/git-drs/cmd/addurl/params.go:69.39,71.3 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:72.2,72.54 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:73.52,74.41 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:75.10,76.15 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:80.93,81.40 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:81.40,83.3 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:84.2,84.24 1 2
+github.com/calypr/git-drs/cmd/addurl/params.go:84.24,86.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:87.2,88.22 2 1
+github.com/calypr/git-drs/cmd/addurl/params.go:89.12,90.59 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:91.19,92.59 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:93.22,94.137 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:95.10,96.112 1 0
+github.com/calypr/git-drs/cmd/addurl/params.go:100.47,102.64 2 1
+github.com/calypr/git-drs/cmd/addurl/params.go:102.64,104.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:105.2,105.61 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:105.61,107.3 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:108.2,108.28 1 1
+github.com/calypr/git-drs/cmd/addurl/params.go:111.45,112.27 1 4
+github.com/calypr/git-drs/cmd/addurl/params.go:112.27,114.14 2 5
+github.com/calypr/git-drs/cmd/addurl/params.go:114.14,116.4 1 3
+github.com/calypr/git-drs/cmd/addurl/params.go:118.2,118.11 1 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:42.128,43.79 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:43.79,45.3 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:47.2,49.31 3 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:49.31,50.59 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:50.59,52.4 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:53.3,53.25 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:54.8,55.44 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:55.44,57.4 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:58.3,58.63 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:58.63,60.4 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:61.3,64.20 4 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:67.2,68.114 2 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:68.114,70.3 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:71.2,82.8 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:85.53,87.15 2 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:87.15,89.3 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:90.2,91.16 2 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:91.16,93.3 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:94.2,94.10 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:97.54,99.37 2 2
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:99.37,101.3 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:103.2,104.24 2 2
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:105.29,106.129 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:107.28,108.137 1 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:109.27,110.41 1 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:110.41,112.4 1 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:113.3,113.129 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:114.10,115.125 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:119.53,125.2 2 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:127.66,128.35 1 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:128.35,130.3 1 1
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:131.2,131.17 1 0
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:134.72,136.8 2 2
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:136.8,139.3 2 2
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:140.2,140.14 1 0
 github.com/calypr/git-drs/cmd/addurl/scope.go:10.140,13.19 3 3
 github.com/calypr/git-drs/cmd/addurl/scope.go:13.19,15.3 1 0
 github.com/calypr/git-drs/cmd/addurl/scope.go:17.2,23.16 2 3
 github.com/calypr/git-drs/cmd/addurl/scope.go:23.16,25.3 1 0
 github.com/calypr/git-drs/cmd/addurl/scope.go:26.2,26.42 1 3
-github.com/calypr/git-drs/cmd/addurl/service.go:31.40,40.2 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:46.70,48.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:48.16,50.3 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:52.2,53.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:53.16,55.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:57.2,58.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:58.16,60.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:62.2,63.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:63.16,65.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:67.2,68.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:68.16,70.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:72.2,73.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:73.16,75.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:77.2,77.119 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:77.119,79.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:81.2,82.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:82.16,84.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:86.2,86.80 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:86.80,88.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:90.2,90.92 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:90.92,92.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:94.2,94.81 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:94.81,96.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:98.2,99.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:99.16,101.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:103.2,104.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:104.16,106.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:108.2,109.25 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:109.25,111.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:113.2,114.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:114.16,116.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:118.2,127.80 5 1
-github.com/calypr/git-drs/cmd/addurl/service.go:127.80,129.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:131.2,131.12 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:138.143,140.24 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:140.24,142.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:144.2,145.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:145.16,147.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:148.2,149.16 2 1
-github.com/calypr/git-drs/cmd/addurl/service.go:149.16,151.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:152.2,152.100 1 1
-github.com/calypr/git-drs/cmd/addurl/service.go:152.100,154.3 1 0
-github.com/calypr/git-drs/cmd/addurl/service.go:155.2,155.17 1 1
-github.com/calypr/git-drs/cmd/fetch/main.go:13.68,16.2 2 0
-github.com/calypr/git-drs/cmd/fetch/main.go:22.54,23.20 1 3
-github.com/calypr/git-drs/cmd/fetch/main.go:23.20,26.4 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:27.3,27.13 1 2
-github.com/calypr/git-drs/cmd/fetch/main.go:29.54,33.17 3 2
-github.com/calypr/git-drs/cmd/fetch/main.go:33.17,35.4 1 0
-github.com/calypr/git-drs/cmd/fetch/main.go:37.3,38.20 2 2
-github.com/calypr/git-drs/cmd/fetch/main.go:38.20,40.4 1 1
-github.com/calypr/git-drs/cmd/fetch/main.go:40.9,42.18 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:42.18,45.5 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:48.3,49.17 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:49.17,52.4 2 1
-github.com/calypr/git-drs/cmd/fetch/main.go:53.3,56.17 3 0
-github.com/calypr/git-drs/cmd/fetch/main.go:56.17,58.17 2 0
-github.com/calypr/git-drs/cmd/fetch/main.go:58.17,60.5 1 0
-github.com/calypr/git-drs/cmd/fetch/main.go:61.4,61.75 1 0
-github.com/calypr/git-drs/cmd/fetch/main.go:64.3,64.13 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:27.54,32.17 4 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:32.17,34.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:36.3,37.17 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:37.17,39.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:41.3,42.17 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:42.17,45.4 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:47.3,49.26 3 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:49.26,51.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:54.3,60.17 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:60.17,62.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:65.3,65.52 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:65.52,67.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:68.3,68.31 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:68.31,73.65 4 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:73.65,77.57 4 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:77.57,79.6 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:80.5,80.27 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:80.27,82.6 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:83.10,85.5 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:87.4,90.155 3 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:90.155,92.5 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:96.3,101.17 3 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:101.17,103.4 1 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:105.3,106.13 2 0
-github.com/calypr/git-drs/cmd/deleteproject/main.go:110.13,113.2 2 1
-github.com/calypr/git-drs/cmd/delete/main.go:29.54,33.51 2 2
-github.com/calypr/git-drs/cmd/delete/main.go:33.51,35.4 1 1
-github.com/calypr/git-drs/cmd/delete/main.go:37.3,40.17 3 1
-github.com/calypr/git-drs/cmd/delete/main.go:40.17,42.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:44.3,45.17 2 1
-github.com/calypr/git-drs/cmd/delete/main.go:45.17,47.4 1 1
-github.com/calypr/git-drs/cmd/delete/main.go:49.3,50.17 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:50.17,53.4 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:56.3,57.17 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:57.17,59.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:60.3,60.24 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:60.24,62.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:65.3,65.19 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:65.19,73.24 8 0
-github.com/calypr/git-drs/cmd/delete/main.go:73.24,75.5 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:76.4,84.18 3 0
-github.com/calypr/git-drs/cmd/delete/main.go:84.18,86.5 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:90.3,91.17 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:91.17,93.4 1 0
-github.com/calypr/git-drs/cmd/delete/main.go:95.3,96.13 2 0
-github.com/calypr/git-drs/cmd/delete/main.go:100.13,103.2 2 1
-github.com/calypr/git-drs/cmd/initialize/main.go:33.54,34.21 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:34.21,37.4 2 1
-github.com/calypr/git-drs/cmd/initialize/main.go:38.3,38.13 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:40.54,45.17 3 1
-github.com/calypr/git-drs/cmd/initialize/main.go:45.17,47.4 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:50.3,51.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:51.17,53.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:56.3,57.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:57.17,60.4 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:63.3,65.51 3 0
-github.com/calypr/git-drs/cmd/initialize/main.go:65.51,67.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:68.3,68.58 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:68.58,70.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:72.3,73.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:73.17,75.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:78.3,79.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:79.17,81.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:83.3,84.17 2 0
-github.com/calypr/git-drs/cmd/initialize/main.go:84.17,86.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:89.3,91.13 3 0
-github.com/calypr/git-drs/cmd/initialize/main.go:95.28,109.61 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:109.61,111.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:112.2,112.12 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:115.13,120.2 4 1
-github.com/calypr/git-drs/cmd/initialize/main.go:122.52,124.16 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:124.16,126.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:128.2,128.52 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:128.52,130.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:132.2,152.16 5 2
-github.com/calypr/git-drs/cmd/initialize/main.go:152.16,157.73 3 1
-github.com/calypr/git-drs/cmd/initialize/main.go:157.73,159.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:160.3,160.45 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:160.45,162.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:163.3,163.87 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:166.2,166.39 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:166.39,168.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:170.2,171.16 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:171.16,173.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:174.2,175.12 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:178.54,181.16 3 2
-github.com/calypr/git-drs/cmd/initialize/main.go:181.16,183.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:184.2,186.52 3 2
-github.com/calypr/git-drs/cmd/initialize/main.go:186.52,188.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:190.2,198.16 5 2
-github.com/calypr/git-drs/cmd/initialize/main.go:198.16,203.73 3 1
-github.com/calypr/git-drs/cmd/initialize/main.go:203.73,205.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:206.3,206.45 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:206.45,208.4 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:209.3,209.89 1 1
-github.com/calypr/git-drs/cmd/initialize/main.go:212.2,212.39 1 2
-github.com/calypr/git-drs/cmd/initialize/main.go:212.39,214.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:216.2,217.16 2 2
-github.com/calypr/git-drs/cmd/initialize/main.go:217.16,219.3 1 0
-github.com/calypr/git-drs/cmd/initialize/main.go:220.2,221.12 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:22.68,25.2 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:31.54,32.20 1 3
-github.com/calypr/git-drs/cmd/pull/main.go:32.20,35.4 2 1
-github.com/calypr/git-drs/cmd/pull/main.go:36.3,36.13 1 2
-github.com/calypr/git-drs/cmd/pull/main.go:38.54,42.17 3 2
-github.com/calypr/git-drs/cmd/pull/main.go:42.17,44.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:46.3,47.20 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:47.20,49.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:49.9,51.18 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:51.18,54.5 2 2
-github.com/calypr/git-drs/cmd/pull/main.go:57.3,58.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:58.17,61.4 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:62.3,64.72 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:64.72,66.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:66.17,68.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:69.4,69.71 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:72.3,76.17 3 0
-github.com/calypr/git-drs/cmd/pull/main.go:76.17,78.29 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:78.29,80.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:81.4,82.27 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:82.27,84.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:85.4,86.31 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:86.31,88.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:89.9,89.63 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:89.63,91.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:93.3,96.34 4 0
-github.com/calypr/git-drs/cmd/pull/main.go:96.34,97.20 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:97.20,98.13 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:100.4,100.43 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:100.43,101.13 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:103.4,104.44 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:107.3,107.27 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:107.27,109.36 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:109.36,111.37 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:111.37,112.14 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:114.5,114.30 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:116.4,116.27 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:116.27,118.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:118.10,120.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:122.4,123.27 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:123.27,125.36 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:125.36,127.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:128.5,128.94 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:128.94,131.6 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:131.11,133.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:135.4,135.35 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:135.35,136.21 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:136.21,137.14 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:139.5,140.19 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:140.19,142.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:143.5,143.41 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:143.41,144.55 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:144.55,146.112 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:146.112,149.8 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:150.7,150.15 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:153.5,153.86 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:153.86,156.6 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:158.9,160.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:162.3,162.67 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:162.67,164.29 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:164.29,166.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:168.3,168.63 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:168.63,170.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:172.3,172.13 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:176.51,178.29 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:178.29,180.3 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:181.2,181.12 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:184.39,186.2 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:188.61,189.26 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:189.26,190.72 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:190.72,191.12 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:193.3,194.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:194.17,196.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:197.3,198.17 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:198.17,200.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:201.3,201.62 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:201.62,203.4 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:205.2,205.12 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:208.55,210.2 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:212.103,214.16 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:214.16,216.3 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:217.2,217.20 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:217.20,219.3 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:221.2,224.32 3 0
-github.com/calypr/git-drs/cmd/pull/main.go:224.32,226.43 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:226.43,229.27 3 0
-github.com/calypr/git-drs/cmd/pull/main.go:229.27,231.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:232.4,232.20 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:232.20,233.63 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:233.63,235.6 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:237.4,238.26 2 0
-github.com/calypr/git-drs/cmd/pull/main.go:238.26,240.5 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:241.4,241.124 1 0
-github.com/calypr/git-drs/cmd/pull/main.go:244.2,244.138 1 0
-github.com/calypr/git-drs/cmd/query/main.go:21.111,23.50 2 0
-github.com/calypr/git-drs/cmd/query/main.go:23.50,25.3 1 0
-github.com/calypr/git-drs/cmd/query/main.go:26.2,26.59 1 0
-github.com/calypr/git-drs/cmd/query/main.go:29.47,30.37 1 5
-github.com/calypr/git-drs/cmd/query/main.go:31.10,32.15 1 1
-github.com/calypr/git-drs/cmd/query/main.go:33.10,34.16 1 1
-github.com/calypr/git-drs/cmd/query/main.go:35.10,36.18 1 1
-github.com/calypr/git-drs/cmd/query/main.go:37.11,38.18 1 1
-github.com/calypr/git-drs/cmd/query/main.go:39.10,40.49 1 1
-github.com/calypr/git-drs/cmd/query/main.go:49.54,50.21 1 0
-github.com/calypr/git-drs/cmd/query/main.go:50.21,53.4 2 0
-github.com/calypr/git-drs/cmd/query/main.go:54.3,54.13 1 0
-github.com/calypr/git-drs/cmd/query/main.go:56.54,60.17 3 0
-github.com/calypr/git-drs/cmd/query/main.go:60.17,62.4 1 0
-github.com/calypr/git-drs/cmd/query/main.go:64.3,65.17 2 0
-github.com/calypr/git-drs/cmd/query/main.go:65.17,68.4 2 0
-github.com/calypr/git-drs/cmd/query/main.go:70.3,71.17 2 0
-github.com/calypr/git-drs/cmd/query/main.go:71.17,73.4 1 0
-github.com/calypr/git-drs/cmd/query/main.go:75.3,75.15 1 0
-github.com/calypr/git-drs/cmd/query/main.go:75.15,77.18 2 0
-github.com/calypr/git-drs/cmd/query/main.go:77.18,79.5 1 0
-github.com/calypr/git-drs/cmd/query/main.go:80.4,80.32 1 0
-github.com/calypr/git-drs/cmd/query/main.go:80.32,81.65 1 0
-github.com/calypr/git-drs/cmd/query/main.go:81.65,83.6 1 0
-github.com/calypr/git-drs/cmd/query/main.go:85.4,85.14 1 0
-github.com/calypr/git-drs/cmd/query/main.go:88.3,89.17 2 0
-github.com/calypr/git-drs/cmd/query/main.go:89.17,91.4 1 0
-github.com/calypr/git-drs/cmd/query/main.go:92.3,92.44 1 0
-github.com/calypr/git-drs/cmd/query/main.go:96.13,100.2 3 1
-github.com/calypr/git-drs/cmd/push/main.go:18.68,21.2 2 0
-github.com/calypr/git-drs/cmd/push/main.go:27.54,28.20 1 3
-github.com/calypr/git-drs/cmd/push/main.go:28.20,31.4 2 1
-github.com/calypr/git-drs/cmd/push/main.go:32.3,32.13 1 2
-github.com/calypr/git-drs/cmd/push/main.go:34.54,37.17 3 2
-github.com/calypr/git-drs/cmd/push/main.go:37.17,40.4 2 0
-github.com/calypr/git-drs/cmd/push/main.go:42.3,43.20 2 2
-github.com/calypr/git-drs/cmd/push/main.go:43.20,45.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:45.9,47.18 2 2
-github.com/calypr/git-drs/cmd/push/main.go:47.18,50.5 2 2
-github.com/calypr/git-drs/cmd/push/main.go:53.3,54.17 2 0
-github.com/calypr/git-drs/cmd/push/main.go:54.17,57.4 2 0
-github.com/calypr/git-drs/cmd/push/main.go:58.3,59.17 2 0
-github.com/calypr/git-drs/cmd/push/main.go:59.17,61.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:63.3,64.77 2 0
-github.com/calypr/git-drs/cmd/push/main.go:64.77,66.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:68.3,69.21 2 0
-github.com/calypr/git-drs/cmd/push/main.go:69.21,71.4 1 0
-github.com/calypr/git-drs/cmd/push/main.go:72.3,74.17 3 0
-github.com/calypr/git-drs/cmd/push/main.go:74.17,76.17 2 0
-github.com/calypr/git-drs/cmd/push/main.go:76.17,78.5 1 0
-github.com/calypr/git-drs/cmd/push/main.go:79.4,79.71 1 0
-github.com/calypr/git-drs/cmd/push/main.go:81.3,81.13 1 0
-github.com/calypr/git-drs/cmd/push/main.go:85.13,87.2 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:14.54,15.21 1 2
-github.com/calypr/git-drs/cmd/remote/list.go:15.21,18.4 2 1
-github.com/calypr/git-drs/cmd/remote/list.go:19.3,19.13 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:21.54,24.17 3 1
-github.com/calypr/git-drs/cmd/remote/list.go:24.17,27.4 2 0
-github.com/calypr/git-drs/cmd/remote/list.go:29.3,29.47 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:29.47,33.17 3 1
-github.com/calypr/git-drs/cmd/remote/list.go:33.17,35.5 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:38.4,40.32 3 1
-github.com/calypr/git-drs/cmd/remote/list.go:40.32,43.5 2 1
-github.com/calypr/git-drs/cmd/remote/list.go:43.10,43.40 1 0
-github.com/calypr/git-drs/cmd/remote/list.go:43.40,46.5 2 0
-github.com/calypr/git-drs/cmd/remote/list.go:46.10,48.5 1 0
-github.com/calypr/git-drs/cmd/remote/list.go:50.4,51.21 2 1
-github.com/calypr/git-drs/cmd/remote/list.go:51.21,53.5 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:55.4,55.72 1 1
-github.com/calypr/git-drs/cmd/remote/list.go:57.3,57.13 1 1
-github.com/calypr/git-drs/cmd/remote/root.go:14.13,18.2 3 1
-github.com/calypr/git-drs/cmd/remote/set.go:15.54,16.21 1 3
-github.com/calypr/git-drs/cmd/remote/set.go:16.21,19.4 2 2
-github.com/calypr/git-drs/cmd/remote/set.go:20.3,20.13 1 1
-github.com/calypr/git-drs/cmd/remote/set.go:22.54,27.17 4 0
-github.com/calypr/git-drs/cmd/remote/set.go:27.17,29.4 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:32.3,33.40 2 0
-github.com/calypr/git-drs/cmd/remote/set.go:33.40,35.34 2 0
-github.com/calypr/git-drs/cmd/remote/set.go:35.34,37.5 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:38.4,42.5 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:46.3,48.48 2 0
-github.com/calypr/git-drs/cmd/remote/set.go:48.48,50.4 1 0
-github.com/calypr/git-drs/cmd/remote/set.go:52.3,53.13 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:20.54,21.20 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:21.20,24.4 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:25.3,25.13 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:27.54,31.59 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:31.59,33.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:35.3,36.20 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:36.20,38.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:40.3,41.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:41.17,43.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:44.3,44.13 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:48.112,49.22 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:49.22,51.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:52.2,52.19 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:52.19,54.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:56.2,58.43 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:58.43,60.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:60.17,62.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:63.3,64.58 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:66.2,66.26 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:66.26,67.44 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:67.44,69.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:70.3,70.46 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:70.46,72.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:75.2,77.9 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:78.24,82.17 4 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:82.17,84.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:86.22,88.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:88.17,90.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:91.3,96.17 5 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:96.17,98.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:100.10,102.17 2 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:102.17,107.4 4 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:107.9,109.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:112.2,112.23 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:112.23,114.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:116.2,127.67 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:127.67,129.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:130.2,143.88 3 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:143.88,145.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:147.2,147.45 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:147.45,149.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:151.2,151.67 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:151.67,153.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:154.2,154.73 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:154.73,156.3 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:157.2,157.47 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:157.47,158.97 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:158.97,160.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:163.2,164.12 2 0
-github.com/calypr/git-drs/cmd/remote/add/init.go:22.13,37.2 13 1
-github.com/calypr/git-drs/cmd/remote/add/local.go:17.54,21.16 3 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:21.16,23.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:25.3,35.17 3 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:35.17,37.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:38.3,38.66 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:38.66,40.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:41.3,41.68 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:41.68,43.4 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:44.3,44.87 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:44.87,45.88 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:45.88,47.5 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:48.4,48.133 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:48.133,50.5 1 0
-github.com/calypr/git-drs/cmd/remote/add/local.go:53.3,54.13 2 0
-github.com/calypr/git-drs/cmd/smudge/main.go:34.57,36.16 2 1
-github.com/calypr/git-drs/cmd/smudge/main.go:36.16,38.3 1 1
-github.com/calypr/git-drs/cmd/smudge/main.go:40.2,45.16 5 1
-github.com/calypr/git-drs/cmd/smudge/main.go:45.16,47.3 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:49.2,50.16 2 1
-github.com/calypr/git-drs/cmd/smudge/main.go:50.16,51.48 1 1
-github.com/calypr/git-drs/cmd/smudge/main.go:51.48,54.4 2 1
-github.com/calypr/git-drs/cmd/smudge/main.go:55.3,55.59 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:58.2,59.16 2 0
-github.com/calypr/git-drs/cmd/smudge/main.go:59.16,61.3 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:63.2,63.130 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:63.130,65.3 1 0
-github.com/calypr/git-drs/cmd/smudge/main.go:68.14,68.15 0 1
-github.com/calypr/git-drs/cmd/track/main.go:18.34,31.2 4 3
-github.com/calypr/git-drs/cmd/track/main.go:33.56,35.16 2 2
-github.com/calypr/git-drs/cmd/track/main.go:35.16,37.3 1 0
-github.com/calypr/git-drs/cmd/track/main.go:38.2,39.16 2 2
-github.com/calypr/git-drs/cmd/track/main.go:39.16,41.3 1 0
-github.com/calypr/git-drs/cmd/track/main.go:43.2,44.16 2 2
-github.com/calypr/git-drs/cmd/track/main.go:44.16,46.3 1 0
-github.com/calypr/git-drs/cmd/track/main.go:48.2,49.20 2 2
-github.com/calypr/git-drs/cmd/track/main.go:49.20,51.3 1 1
-github.com/calypr/git-drs/cmd/track/main.go:51.8,53.3 1 1
-github.com/calypr/git-drs/cmd/track/main.go:54.2,54.16 1 2
-github.com/calypr/git-drs/cmd/track/main.go:54.16,56.3 1 0
-github.com/calypr/git-drs/cmd/track/main.go:58.2,58.15 1 2
-github.com/calypr/git-drs/cmd/track/main.go:58.15,60.3 1 2
-github.com/calypr/git-drs/cmd/track/main.go:61.2,61.12 1 2
-github.com/calypr/git-drs/cmd/untrack/main.go:15.34,28.2 4 3
-github.com/calypr/git-drs/cmd/untrack/main.go:30.58,32.16 2 1
-github.com/calypr/git-drs/cmd/untrack/main.go:32.16,34.3 1 0
-github.com/calypr/git-drs/cmd/untrack/main.go:35.2,36.16 2 1
-github.com/calypr/git-drs/cmd/untrack/main.go:36.16,38.3 1 0
-github.com/calypr/git-drs/cmd/untrack/main.go:40.2,41.16 2 1
-github.com/calypr/git-drs/cmd/untrack/main.go:41.16,43.3 1 0
-github.com/calypr/git-drs/cmd/untrack/main.go:45.2,46.16 2 1
-github.com/calypr/git-drs/cmd/untrack/main.go:46.16,48.3 1 0
-github.com/calypr/git-drs/cmd/untrack/main.go:50.2,50.15 1 1
-github.com/calypr/git-drs/cmd/untrack/main.go:50.15,52.3 1 1
-github.com/calypr/git-drs/cmd/untrack/main.go:53.2,53.12 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:36.54,38.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:48.42,55.2 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:57.68,60.16 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:60.16,62.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:64.2,67.16 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:67.16,69.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:71.2,75.16 4 0
-github.com/calypr/git-drs/cmd/prepush/main.go:75.16,79.3 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:81.2,82.25 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:82.25,86.3 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:88.2,94.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:94.16,96.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:98.2,104.16 6 0
-github.com/calypr/git-drs/cmd/prepush/main.go:104.16,107.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:108.2,108.15 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:108.15,111.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:113.2,114.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:114.16,117.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:118.2,122.16 4 0
-github.com/calypr/git-drs/cmd/prepush/main.go:122.16,125.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:127.2,133.16 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:133.16,136.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:139.2,140.106 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:140.106,143.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:145.2,146.12 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:183.73,185.19 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:185.19,187.3 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:188.2,189.23 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:189.23,191.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:192.2,193.26 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:193.26,195.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:196.2,197.22 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:197.22,199.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:200.2,208.22 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:208.22,210.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:212.2,212.26 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:212.26,214.34 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:214.34,219.4 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:222.2,222.57 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:222.57,224.39 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:224.39,226.26 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:226.26,228.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:229.4,230.24 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:230.24,232.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:233.4,234.27 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:234.27,236.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:237.4,245.63 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:245.63,247.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:248.4,248.52 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:252.2,252.12 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:255.151,257.16 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:257.16,259.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:260.2,263.32 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:263.32,265.31 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:265.31,267.12 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:269.3,269.87 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:271.2,271.26 1 9
-github.com/calypr/git-drs/cmd/prepush/main.go:271.26,274.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:276.2,281.16 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:281.16,283.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:285.2,286.16 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:286.16,288.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:289.2,291.67 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:291.67,293.3 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:295.2,297.16 3 9
-github.com/calypr/git-drs/cmd/prepush/main.go:297.16,299.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:300.2,302.53 2 9
-github.com/calypr/git-drs/cmd/prepush/main.go:302.53,307.26 3 6
-github.com/calypr/git-drs/cmd/prepush/main.go:308.84,310.14 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:314.3,314.86 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:314.86,317.4 2 1
-github.com/calypr/git-drs/cmd/prepush/main.go:318.3,318.101 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:320.2,320.12 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:323.64,324.66 1 12
-github.com/calypr/git-drs/cmd/prepush/main.go:324.66,325.52 1 12
-github.com/calypr/git-drs/cmd/prepush/main.go:325.52,327.4 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:329.2,330.52 2 10
-github.com/calypr/git-drs/cmd/prepush/main.go:330.52,332.3 1 8
-github.com/calypr/git-drs/cmd/prepush/main.go:333.2,334.74 2 2
-github.com/calypr/git-drs/cmd/prepush/main.go:337.54,339.20 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:339.20,341.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:342.2,342.20 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:342.20,344.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:345.2,345.25 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:345.25,347.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:348.2,348.41 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:358.113,360.16 2 1
-github.com/calypr/git-drs/cmd/prepush/main.go:360.16,362.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:364.2,364.47 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:364.47,368.3 3 1
-github.com/calypr/git-drs/cmd/prepush/main.go:370.2,370.42 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:370.42,374.3 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:375.2,375.17 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:381.59,385.40 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:385.40,387.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:388.2,390.21 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:390.21,393.22 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:393.22,394.12 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:396.3,401.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:403.2,403.38 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:403.38,405.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:407.2,407.40 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:407.40,409.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:410.2,410.18 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:413.50,416.27 3 0
-github.com/calypr/git-drs/cmd/prepush/main.go:416.27,417.46 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:417.46,419.20 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:419.20,421.5 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:424.2,425.21 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:425.21,427.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:428.2,429.17 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:432.89,434.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:434.16,437.3 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:438.2,438.47 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:438.47,439.25 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:439.25,441.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:441.9,443.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:444.3,444.20 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:446.2,446.20 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:449.231,450.16 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:450.16,452.17 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:452.17,454.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:454.9,454.16 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:454.16,456.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:457.3,457.86 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:459.2,460.16 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:460.16,462.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:463.2,463.29 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:468.56,470.2 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:472.44,474.100 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:474.100,476.3 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:477.2,477.38 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:480.156,481.18 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:481.18,483.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:484.2,485.16 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:485.16,487.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:488.2,489.29 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:489.29,491.17 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:491.17,493.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:494.3,494.10 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:494.10,496.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:497.3,498.16 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:498.16,500.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:501.3,501.88 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:501.88,503.4 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:504.3,505.17 2 2
-github.com/calypr/git-drs/cmd/prepush/main.go:505.17,508.4 2 0
-github.com/calypr/git-drs/cmd/prepush/main.go:509.3,515.4 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:517.2,517.28 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:520.79,523.27 3 3
-github.com/calypr/git-drs/cmd/prepush/main.go:523.27,524.52 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:524.52,525.12 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:527.3,528.54 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:528.54,530.4 1 1
-github.com/calypr/git-drs/cmd/prepush/main.go:530.9,532.4 1 2
-github.com/calypr/git-drs/cmd/prepush/main.go:533.3,534.17 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:534.17,536.4 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:537.3,537.68 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:537.68,539.18 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:539.18,540.13 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:542.4,542.26 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:545.2,546.24 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:546.24,548.3 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:549.2,550.19 2 3
-github.com/calypr/git-drs/cmd/prepush/main.go:553.69,557.16 4 3
-github.com/calypr/git-drs/cmd/prepush/main.go:557.16,559.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:560.2,560.25 1 3
-github.com/calypr/git-drs/cmd/prepush/main.go:566.55,570.40 1 5
-github.com/calypr/git-drs/cmd/prepush/main.go:570.40,572.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:573.2,575.21 3 5
-github.com/calypr/git-drs/cmd/prepush/main.go:575.21,578.22 3 6
-github.com/calypr/git-drs/cmd/prepush/main.go:578.22,579.12 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:581.3,583.42 3 6
-github.com/calypr/git-drs/cmd/prepush/main.go:583.42,585.20 2 4
-github.com/calypr/git-drs/cmd/prepush/main.go:585.20,587.5 1 4
-github.com/calypr/git-drs/cmd/prepush/main.go:590.2,590.38 1 5
-github.com/calypr/git-drs/cmd/prepush/main.go:590.38,592.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:593.2,594.21 2 5
-github.com/calypr/git-drs/cmd/prepush/main.go:594.21,596.3 1 4
-github.com/calypr/git-drs/cmd/prepush/main.go:597.2,599.40 2 5
-github.com/calypr/git-drs/cmd/prepush/main.go:599.40,601.3 1 0
-github.com/calypr/git-drs/cmd/prepush/main.go:602.2,602.22 1 5
-github.com/calypr/git-drs/cmd/version/main.go:15.47,17.3 1 5
-github.com/calypr/git-drs/cmd/version/main.go:20.28,23.43 3 6
-github.com/calypr/git-drs/cmd/version/main.go:23.43,24.64 1 6
-github.com/calypr/git-drs/cmd/version/main.go:24.64,26.4 1 0
-github.com/calypr/git-drs/cmd/version/main.go:27.3,27.41 1 6
-github.com/calypr/git-drs/cmd/version/main.go:27.41,28.23 1 42
-github.com/calypr/git-drs/cmd/version/main.go:29.24,30.27 1 0
-github.com/calypr/git-drs/cmd/version/main.go:31.19,32.18 1 0
-github.com/calypr/git-drs/cmd/version/main.go:32.18,34.6 1 0
-github.com/calypr/git-drs/cmd/version/main.go:39.2,40.26 2 6
-github.com/calypr/git-drs/cmd/version/main.go:40.26,42.3 1 0
-github.com/calypr/git-drs/cmd/version/main.go:44.2,44.9 1 6
-github.com/calypr/git-drs/cmd/version/main.go:45.38,46.48 1 0
-github.com/calypr/git-drs/cmd/version/main.go:47.17,48.13 1 0
-github.com/calypr/git-drs/cmd/version/main.go:49.25,50.44 1 0
-github.com/calypr/git-drs/cmd/version/main.go:51.10,52.23 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:65.89,66.43 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:66.43,68.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:70.2,71.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:71.16,73.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:75.2,76.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:76.16,78.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:79.2,82.16 3 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:82.16,84.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:86.2,88.78 3 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:88.78,90.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:92.2,93.29 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:93.29,95.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:97.2,109.17 4 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:112.113,113.48 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:113.48,115.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:117.2,118.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:118.16,120.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:121.2,122.18 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:122.18,124.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:126.2,133.18 7 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:133.18,135.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:136.2,136.40 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:136.40,137.41 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:137.41,139.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:140.3,140.133 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:143.2,144.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:144.16,146.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:148.2,149.20 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:149.20,150.55 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:150.55,153.4 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:155.2,156.54 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:159.102,161.16 2 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:161.16,163.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:165.2,165.75 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:165.75,167.25 2 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:167.25,169.72 2 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:169.72,171.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:172.9,172.56 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:172.56,174.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:175.3,180.9 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:183.2,183.18 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:184.28,187.19 3 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:187.19,189.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:190.3,190.16 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:190.16,192.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:193.3,193.64 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:194.23,197.16 3 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:197.16,199.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:201.3,201.64 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:201.64,204.4 2 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:206.3,206.65 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:206.65,209.4 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:211.3,211.39 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:211.39,213.58 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:213.58,215.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:216.4,217.69 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:220.3,220.62 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:220.62,223.58 3 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:223.58,225.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:226.4,229.51 4 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:233.3,233.35 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:233.35,235.58 2 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:235.58,237.5 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:238.4,240.82 3 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:243.3,243.67 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:244.10,245.61 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:249.88,257.18 4 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:257.18,259.3 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:261.2,262.20 2 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:262.20,264.3 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:266.2,266.16 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:266.16,268.3 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:269.2,269.19 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:272.71,274.22 2 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:274.22,276.3 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:277.2,277.22 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:277.22,279.3 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:281.2,282.16 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:282.16,284.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:285.2,286.31 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:286.31,288.24 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:288.24,290.4 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:292.2,293.24 2 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:296.45,297.27 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:297.27,299.14 2 5
-github.com/calypr/git-drs/internal/cloud/inspect.go:299.14,301.4 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:303.2,303.11 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:312.39,316.13 4 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:316.13,318.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:319.2,319.33 1 6
-github.com/calypr/git-drs/internal/cloud/inspect.go:319.33,323.3 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:324.2,324.27 1 5
-github.com/calypr/git-drs/internal/cloud/inspect.go:327.61,328.15 1 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:328.15,330.3 1 0
-github.com/calypr/git-drs/internal/cloud/inspect.go:334.2,342.31 2 3
-github.com/calypr/git-drs/internal/cloud/inspect.go:342.31,343.25 1 8
-github.com/calypr/git-drs/internal/cloud/inspect.go:343.25,345.15 2 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:345.15,347.5 1 2
-github.com/calypr/git-drs/internal/cloud/inspect.go:352.2,352.23 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:352.23,353.39 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:353.39,355.4 1 1
-github.com/calypr/git-drs/internal/cloud/inspect.go:358.2,358.11 1 0
-github.com/calypr/git-drs/internal/common/common.go:18.59,23.32 2 1
-github.com/calypr/git-drs/internal/common/common.go:23.32,25.3 1 2
-github.com/calypr/git-drs/internal/common/common.go:27.2,27.29 1 1
-github.com/calypr/git-drs/internal/common/common.go:27.29,29.37 1 2
-github.com/calypr/git-drs/internal/common/common.go:29.37,33.4 2 1
-github.com/calypr/git-drs/internal/common/common.go:35.2,35.17 1 1
-github.com/calypr/git-drs/internal/common/common.go:40.61,41.15 1 0
-github.com/calypr/git-drs/internal/common/common.go:41.15,43.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:44.2,44.19 1 0
-github.com/calypr/git-drs/internal/common/common.go:44.19,46.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:47.2,47.37 1 0
-github.com/calypr/git-drs/internal/common/common.go:47.37,49.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:50.2,51.81 2 0
-github.com/calypr/git-drs/internal/common/common.go:58.60,59.15 1 3
-github.com/calypr/git-drs/internal/common/common.go:59.15,61.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:62.2,62.19 1 2
-github.com/calypr/git-drs/internal/common/common.go:62.19,64.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:65.2,65.37 1 2
-github.com/calypr/git-drs/internal/common/common.go:65.37,67.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:68.2,69.27 2 1
-github.com/calypr/git-drs/internal/common/common.go:74.70,76.15 2 5
-github.com/calypr/git-drs/internal/common/common.go:76.15,78.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:79.2,80.19 2 4
-github.com/calypr/git-drs/internal/common/common.go:80.19,82.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:83.2,83.44 1 3
-github.com/calypr/git-drs/internal/common/common.go:88.80,89.37 1 4
-github.com/calypr/git-drs/internal/common/common.go:89.37,91.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:92.2,93.9 2 3
-github.com/calypr/git-drs/internal/common/common.go:93.9,95.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:96.2,96.24 1 3
-github.com/calypr/git-drs/internal/common/common.go:96.24,98.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:99.2,99.29 1 2
-github.com/calypr/git-drs/internal/common/common.go:99.29,100.19 1 3
-github.com/calypr/git-drs/internal/common/common.go:100.19,102.4 1 1
-github.com/calypr/git-drs/internal/common/common.go:104.2,104.14 1 1
-github.com/calypr/git-drs/internal/common/common.go:108.55,110.16 2 2
-github.com/calypr/git-drs/internal/common/common.go:110.16,112.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:113.2,116.41 3 1
-github.com/calypr/git-drs/internal/common/common.go:116.41,118.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:120.2,120.44 1 1
-github.com/calypr/git-drs/internal/common/common.go:123.43,127.2 3 2
-github.com/calypr/git-drs/internal/common/common.go:129.38,131.2 1 0
-github.com/calypr/git-drs/internal/common/common.go:133.48,137.2 3 0
-github.com/calypr/git-drs/internal/common/common.go:148.61,150.2 1 0
-github.com/calypr/git-drs/internal/common/common.go:152.117,155.2 2 0
-github.com/calypr/git-drs/internal/common/common.go:157.173,164.2 1 0
-github.com/calypr/git-drs/internal/common/common.go:166.74,167.16 1 0
-github.com/calypr/git-drs/internal/common/common.go:167.16,169.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:170.2,180.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:192.144,194.20 2 2
-github.com/calypr/git-drs/internal/common/common.go:194.20,196.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:198.2,208.23 2 2
-github.com/calypr/git-drs/internal/common/common.go:208.23,210.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:212.2,215.16 3 2
-github.com/calypr/git-drs/internal/common/common.go:215.16,217.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:219.2,226.90 2 2
-github.com/calypr/git-drs/internal/common/common.go:226.90,228.3 1 2
-github.com/calypr/git-drs/internal/common/common.go:229.2,231.17 3 2
-github.com/calypr/git-drs/internal/common/common.go:234.125,237.18 3 2
-github.com/calypr/git-drs/internal/common/common.go:237.18,239.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:240.2,240.15 1 2
-github.com/calypr/git-drs/internal/common/common.go:240.15,242.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:244.2,245.18 2 2
-github.com/calypr/git-drs/internal/common/common.go:245.18,247.3 1 2
-github.com/calypr/git-drs/internal/common/common.go:249.2,249.63 1 2
-github.com/calypr/git-drs/internal/common/common.go:249.63,253.21 4 0
-github.com/calypr/git-drs/internal/common/common.go:253.21,254.20 1 0
-github.com/calypr/git-drs/internal/common/common.go:254.20,256.5 1 0
-github.com/calypr/git-drs/internal/common/common.go:256.10,258.5 1 0
-github.com/calypr/git-drs/internal/common/common.go:262.2,262.18 1 2
-github.com/calypr/git-drs/internal/common/common.go:262.18,264.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:265.2,268.18 4 2
-github.com/calypr/git-drs/internal/common/common.go:268.18,270.3 1 1
-github.com/calypr/git-drs/internal/common/common.go:271.2,271.73 1 2
-github.com/calypr/git-drs/internal/common/common.go:274.49,275.54 1 2
-github.com/calypr/git-drs/internal/common/common.go:276.32,277.14 1 2
-github.com/calypr/git-drs/internal/common/common.go:278.36,279.14 1 0
-github.com/calypr/git-drs/internal/common/common.go:280.33,281.14 1 0
-github.com/calypr/git-drs/internal/common/common.go:282.10,283.81 1 0
-github.com/calypr/git-drs/internal/common/common.go:287.54,288.79 1 2
-github.com/calypr/git-drs/internal/common/common.go:289.19,290.43 1 0
-github.com/calypr/git-drs/internal/common/common.go:291.12,292.43 1 2
-github.com/calypr/git-drs/internal/common/common.go:293.10,294.79 1 0
-github.com/calypr/git-drs/internal/common/common.go:299.62,303.12 3 0
-github.com/calypr/git-drs/internal/common/common.go:303.12,305.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:305.8,307.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:309.2,309.16 1 0
-github.com/calypr/git-drs/internal/common/common.go:309.16,311.3 1 0
-github.com/calypr/git-drs/internal/common/common.go:313.2,314.12 2 0
-github.com/calypr/git-drs/internal/common/confirmation.go:14.107,19.16 4 2
-github.com/calypr/git-drs/internal/common/confirmation.go:19.16,21.3 1 0
-github.com/calypr/git-drs/internal/common/confirmation.go:23.2,24.20 2 2
-github.com/calypr/git-drs/internal/common/confirmation.go:24.20,27.3 2 1
-github.com/calypr/git-drs/internal/common/confirmation.go:29.2,29.34 1 2
-github.com/calypr/git-drs/internal/common/confirmation.go:29.34,31.3 1 1
-github.com/calypr/git-drs/internal/common/confirmation.go:33.2,33.12 1 1
-github.com/calypr/git-drs/internal/common/confirmation.go:37.58,39.2 1 1
-github.com/calypr/git-drs/internal/common/confirmation.go:42.51,44.2 1 1
-github.com/calypr/git-drs/internal/common/confirmation.go:47.33,49.2 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:10.62,13.16 3 5
-github.com/calypr/git-drs/internal/common/jwt.go:13.16,15.3 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:16.2,17.9 2 4
-github.com/calypr/git-drs/internal/common/jwt.go:17.9,19.3 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:20.2,21.9 2 3
-github.com/calypr/git-drs/internal/common/jwt.go:21.9,23.3 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:24.2,25.9 2 2
-github.com/calypr/git-drs/internal/common/jwt.go:25.9,27.3 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:28.2,28.18 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:31.68,34.16 3 3
-github.com/calypr/git-drs/internal/common/jwt.go:34.16,36.3 1 0
-github.com/calypr/git-drs/internal/common/jwt.go:37.2,38.9 2 3
-github.com/calypr/git-drs/internal/common/jwt.go:38.9,40.3 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:41.2,42.16 2 2
-github.com/calypr/git-drs/internal/common/jwt.go:42.16,44.3 1 1
-github.com/calypr/git-drs/internal/common/jwt.go:45.2,45.70 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:37.40,41.116 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:41.116,43.4 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:55.70,57.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:57.16,59.3 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:61.2,62.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:62.16,64.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:66.2,67.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:67.16,69.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:71.2,72.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:72.16,74.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:76.2,77.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:77.16,79.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:81.2,82.25 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:82.25,84.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:86.2,87.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:87.16,89.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:91.2,92.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:92.16,94.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:96.2,96.19 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:96.19,103.3 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:105.2,106.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:106.16,108.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:109.2,113.16 4 1
+github.com/calypr/git-drs/cmd/addurl/service.go:113.16,115.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:117.2,118.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:118.16,120.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:122.2,122.119 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:122.119,124.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:126.2,127.16 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:127.16,129.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:131.2,131.80 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:131.80,133.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:135.2,135.92 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:135.92,137.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:139.2,139.81 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:139.81,141.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:143.2,152.80 5 1
+github.com/calypr/git-drs/cmd/addurl/service.go:152.80,154.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:156.2,156.12 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:165.120,168.35 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:168.35,173.3 4 0
+github.com/calypr/git-drs/cmd/addurl/service.go:173.8,176.17 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:176.17,178.4 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:181.2,181.22 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:181.22,182.68 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:182.68,188.4 2 1
+github.com/calypr/git-drs/cmd/addurl/service.go:188.9,196.4 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:199.2,199.86 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:199.86,201.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:202.2,202.20 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:209.145,212.24 3 1
+github.com/calypr/git-drs/cmd/addurl/service.go:212.24,214.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:216.2,216.70 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:219.81,222.13 3 5
+github.com/calypr/git-drs/cmd/addurl/service.go:222.13,224.3 1 1
+github.com/calypr/git-drs/cmd/addurl/service.go:225.2,225.15 1 4
+github.com/calypr/git-drs/cmd/addurl/service.go:225.15,227.3 1 0
+github.com/calypr/git-drs/cmd/addurl/service.go:228.2,229.39 2 4
 github.com/calypr/git-drs/internal/drslog/logger.go:50.13,52.65 2 1
 github.com/calypr/git-drs/internal/drslog/logger.go:52.65,53.56 1 0
 github.com/calypr/git-drs/internal/drslog/logger.go:53.56,55.4 1 0
@@ -1412,336 +2190,138 @@ github.com/calypr/git-drs/internal/drslog/logger.go:399.4,400.21 2 2
 github.com/calypr/git-drs/internal/drslog/logger.go:400.21,402.5 1 0
 github.com/calypr/git-drs/internal/drslog/logger.go:403.4,403.16 1 2
 github.com/calypr/git-drs/internal/drslog/logger.go:406.2,406.22 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:15.113,16.46 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:16.46,18.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:19.2,20.20 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:20.20,22.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:23.2,25.82 3 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:25.82,27.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:28.2,28.34 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:28.34,30.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:31.2,31.36 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:34.121,36.16 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:36.16,38.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:39.2,40.30 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:40.30,41.64 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:41.64,43.4 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:45.2,45.20 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:48.139,50.16 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:50.16,52.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:53.2,53.23 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:53.23,55.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:56.2,57.66 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:57.66,59.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:60.2,61.22 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:61.22,63.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:64.2,65.16 2 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:65.16,67.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:68.2,68.32 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:71.144,72.46 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:72.46,74.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:76.2,84.30 3 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:84.30,86.56 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:86.56,87.12 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:89.3,94.5 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:96.2,96.39 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:96.39,98.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:100.2,103.110 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:103.110,105.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:107.2,108.60 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:108.60,110.62 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:110.62,111.12 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:113.3,116.4 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:118.2,118.17 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:121.49,122.62 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:122.62,124.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:125.2,126.73 2 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:126.73,128.3 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:129.2,129.47 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:132.39,133.14 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:133.14,135.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:136.2,136.11 1 1
-github.com/calypr/git-drs/internal/drslookup/lookup.go:139.77,140.44 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:140.44,142.3 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:143.2,143.44 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:143.44,144.35 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:144.35,145.12 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:147.3,147.78 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:147.78,149.4 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:151.2,151.14 1 0
-github.com/calypr/git-drs/internal/drslookup/lookup.go:154.43,158.2 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:31.85,34.16 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:34.16,36.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:38.2,38.63 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:41.128,42.26 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:42.26,44.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:47.2,48.28 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:48.28,50.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:51.2,52.27 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:52.27,54.17 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:54.17,56.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:57.3,57.31 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:57.31,59.26 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:59.26,60.13 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:62.4,62.68 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:67.2,68.38 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:68.38,71.20 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:71.20,75.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:77.3,77.21 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:77.21,80.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:84.2,84.29 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:84.29,88.38 4 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:88.38,101.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:102.3,102.94 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:102.94,105.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:108.2,109.12 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:112.120,114.32 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:114.32,116.31 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:116.31,118.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:120.2,120.64 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:123.84,126.32 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:126.32,128.17 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:128.17,130.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:131.3,131.39 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:131.39,133.29 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:133.29,135.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:136.4,138.18 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:138.18,140.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:141.4,141.37 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:141.37,144.19 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:144.19,146.6 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:149.3,149.38 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:149.38,150.9 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:153.2,154.12 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:156.140,162.16 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:162.16,164.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:167.2,167.27 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:167.27,169.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:171.2,171.84 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:180.125,181.24 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:181.24,183.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:184.2,187.27 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:187.27,189.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:190.2,190.24 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:190.24,192.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:194.2,194.32 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:194.32,197.36 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:197.36,208.45 6 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:208.45,210.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:211.4,211.51 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:211.51,213.65 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:213.65,214.25 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:214.25,216.7 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:219.9,222.18 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:222.18,224.13 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:228.3,229.145 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:229.145,231.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:233.3,234.24 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:234.24,236.18 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:236.18,238.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:238.10,238.17 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:238.17,240.5 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:243.3,243.17 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:243.17,244.91 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:244.91,247.5 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:250.3,250.40 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:250.40,252.89 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:252.89,258.29 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:258.29,260.6 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:261.10,269.29 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:269.29,271.6 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:272.5,272.67 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:276.3,276.91 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:276.91,278.12 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:280.3,280.127 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:283.2,283.12 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:287.118,297.35 3 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:297.35,302.3 4 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:302.8,305.17 3 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:305.17,307.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:310.2,310.44 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:310.44,311.68 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:311.68,317.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:317.9,328.4 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:332.2,333.16 2 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:333.16,335.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:336.2,336.20 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:339.81,342.2 2 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:344.52,351.2 3 5
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:354.60,356.2 1 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:358.65,360.2 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:365.63,367.66 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:367.66,369.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:370.2,374.25 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:374.25,375.15 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:375.15,377.9 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:380.2,380.20 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:380.20,382.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:383.2,385.54 3 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:390.112,391.23 1 4
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:391.23,393.3 1 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:395.2,396.15 2 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:396.15,398.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:400.2,400.33 1 2
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:400.33,401.34 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:401.34,402.12 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:404.3,404.48 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:404.48,405.72 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:405.72,406.13 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:408.4,408.70 1 3
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:408.70,410.5 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:413.2,413.17 1 1
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:427.117,428.41 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:428.41,430.3 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:433.2,445.16 10 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:445.16,447.16 2 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:447.16,449.4 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:450.3,450.67 1 0
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:452.2,452.17 1 0
-github.com/calypr/git-drs/internal/config/config.go:31.36,33.2 1 8
-github.com/calypr/git-drs/internal/config/config.go:35.43,37.37 2 4
-github.com/calypr/git-drs/internal/config/config.go:37.37,39.3 1 8
-github.com/calypr/git-drs/internal/config/config.go:41.2,41.40 1 4
-github.com/calypr/git-drs/internal/config/config.go:41.40,42.32 1 7
-github.com/calypr/git-drs/internal/config/config.go:42.32,44.4 1 2
-github.com/calypr/git-drs/internal/config/config.go:47.2,47.102 1 2
-github.com/calypr/git-drs/internal/config/config.go:56.90,58.9 2 1
-github.com/calypr/git-drs/internal/config/config.go:58.9,60.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:61.2,61.20 1 1
-github.com/calypr/git-drs/internal/config/config.go:61.20,63.3 1 1
-github.com/calypr/git-drs/internal/config/config.go:64.2,64.19 1 0
-github.com/calypr/git-drs/internal/config/config.go:64.19,66.91 2 0
-github.com/calypr/git-drs/internal/config/config.go:66.91,70.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:71.3,71.50 1 0
-github.com/calypr/git-drs/internal/config/config.go:73.2,73.94 1 0
-github.com/calypr/git-drs/internal/config/config.go:76.52,78.9 2 2
-github.com/calypr/git-drs/internal/config/config.go:78.9,80.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:81.2,81.19 1 2
-github.com/calypr/git-drs/internal/config/config.go:81.19,83.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:83.8,83.27 1 2
-github.com/calypr/git-drs/internal/config/config.go:83.27,85.3 1 2
-github.com/calypr/git-drs/internal/config/config.go:86.2,86.12 1 0
-github.com/calypr/git-drs/internal/config/config.go:90.52,91.27 1 1
-github.com/calypr/git-drs/internal/config/config.go:91.27,101.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:103.2,103.46 1 1
-github.com/calypr/git-drs/internal/config/config.go:103.46,110.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:112.2,112.29 1 1
-github.com/calypr/git-drs/internal/config/config.go:116.67,117.18 1 2
-github.com/calypr/git-drs/internal/config/config.go:117.18,119.3 1 1
-github.com/calypr/git-drs/internal/config/config.go:120.2,120.29 1 1
-github.com/calypr/git-drs/internal/config/config.go:124.44,126.30 2 0
-github.com/calypr/git-drs/internal/config/config.go:126.30,128.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:129.2,129.14 1 0
-github.com/calypr/git-drs/internal/config/config.go:133.41,135.2 1 15
-github.com/calypr/git-drs/internal/config/config.go:137.46,139.2 1 0
-github.com/calypr/git-drs/internal/config/config.go:147.70,149.16 2 3
-github.com/calypr/git-drs/internal/config/config.go:149.16,151.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:153.2,154.16 2 3
-github.com/calypr/git-drs/internal/config/config.go:154.16,156.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:159.2,162.24 3 3
-github.com/calypr/git-drs/internal/config/config.go:162.24,167.37 5 1
-github.com/calypr/git-drs/internal/config/config.go:167.37,169.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:170.3,170.38 1 1
-github.com/calypr/git-drs/internal/config/config.go:170.38,172.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:173.8,173.32 1 2
-github.com/calypr/git-drs/internal/config/config.go:173.32,176.35 3 2
-github.com/calypr/git-drs/internal/config/config.go:176.35,178.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:179.3,179.32 1 2
-github.com/calypr/git-drs/internal/config/config.go:179.32,181.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:182.3,182.38 1 2
-github.com/calypr/git-drs/internal/config/config.go:182.38,184.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:185.3,185.39 1 2
-github.com/calypr/git-drs/internal/config/config.go:185.39,187.4 1 0
-github.com/calypr/git-drs/internal/config/config.go:191.2,193.25 3 3
-github.com/calypr/git-drs/internal/config/config.go:193.25,195.3 1 3
-github.com/calypr/git-drs/internal/config/config.go:198.2,198.52 1 3
-github.com/calypr/git-drs/internal/config/config.go:198.52,200.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:202.2,202.21 1 3
-github.com/calypr/git-drs/internal/config/config.go:205.170,206.64 1 9
-github.com/calypr/git-drs/internal/config/config.go:206.64,208.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:210.2,213.46 3 9
-github.com/calypr/git-drs/internal/config/config.go:213.46,221.3 1 5
-github.com/calypr/git-drs/internal/config/config.go:221.8,221.34 1 4
-github.com/calypr/git-drs/internal/config/config.go:221.34,229.3 1 4
-github.com/calypr/git-drs/internal/config/config.go:231.2,231.30 1 9
-github.com/calypr/git-drs/internal/config/config.go:235.36,237.16 2 10
-github.com/calypr/git-drs/internal/config/config.go:237.16,239.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:241.2,242.16 2 10
-github.com/calypr/git-drs/internal/config/config.go:242.16,244.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:246.2,251.44 2 10
-github.com/calypr/git-drs/internal/config/config.go:251.44,252.36 1 109
-github.com/calypr/git-drs/internal/config/config.go:252.36,253.12 1 100
-github.com/calypr/git-drs/internal/config/config.go:257.3,258.15 2 9
-github.com/calypr/git-drs/internal/config/config.go:258.15,260.4 1 9
-github.com/calypr/git-drs/internal/config/config.go:262.3,262.50 1 9
-github.com/calypr/git-drs/internal/config/config.go:262.50,263.67 1 9
-github.com/calypr/git-drs/internal/config/config.go:263.67,264.13 1 0
-github.com/calypr/git-drs/internal/config/config.go:266.4,275.5 1 9
-github.com/calypr/git-drs/internal/config/config.go:279.2,279.17 1 10
-github.com/calypr/git-drs/internal/config/config.go:282.32,288.2 2 1
-github.com/calypr/git-drs/internal/config/config.go:290.50,292.16 2 0
-github.com/calypr/git-drs/internal/config/config.go:292.16,294.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:295.2,296.16 2 0
-github.com/calypr/git-drs/internal/config/config.go:296.16,298.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:299.2,299.32 1 0
-github.com/calypr/git-drs/internal/config/config.go:303.36,305.16 2 1
-github.com/calypr/git-drs/internal/config/config.go:305.16,307.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:309.2,310.16 2 1
-github.com/calypr/git-drs/internal/config/config.go:310.16,312.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:314.2,314.29 1 1
-github.com/calypr/git-drs/internal/config/config.go:314.29,316.3 1 1
-github.com/calypr/git-drs/internal/config/config.go:318.2,318.36 1 1
-github.com/calypr/git-drs/internal/config/config.go:323.38,325.16 2 0
-github.com/calypr/git-drs/internal/config/config.go:325.16,327.3 1 0
-github.com/calypr/git-drs/internal/config/config.go:329.2,330.24 2 0
-github.com/calypr/git-drs/internal/config/remote.go:54.47,54.69 1 0
-github.com/calypr/git-drs/internal/config/remote.go:55.47,55.72 1 0
-github.com/calypr/git-drs/internal/config/remote.go:56.47,56.68 1 0
-github.com/calypr/git-drs/internal/config/remote.go:57.47,57.66 1 0
-github.com/calypr/git-drs/internal/config/remote.go:58.47,58.73 1 0
-github.com/calypr/git-drs/internal/config/remote.go:60.92,63.16 3 0
-github.com/calypr/git-drs/internal/config/remote.go:63.16,65.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:66.2,66.90 1 0
-github.com/calypr/git-drs/internal/config/remote.go:66.90,68.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:69.2,69.40 1 0
-github.com/calypr/git-drs/internal/config/remote.go:82.44,83.23 1 2
-github.com/calypr/git-drs/internal/config/remote.go:83.23,85.3 1 1
-github.com/calypr/git-drs/internal/config/remote.go:86.2,86.24 1 1
-github.com/calypr/git-drs/internal/config/remote.go:89.48,89.73 1 5
-github.com/calypr/git-drs/internal/config/remote.go:90.48,90.68 1 0
-github.com/calypr/git-drs/internal/config/remote.go:91.48,91.67 1 2
-github.com/calypr/git-drs/internal/config/remote.go:92.48,92.74 1 2
-github.com/calypr/git-drs/internal/config/remote.go:94.93,95.119 1 2
-github.com/calypr/git-drs/internal/config/remote.go:95.119,98.3 2 1
-github.com/calypr/git-drs/internal/config/remote.go:99.2,102.131 4 2
-github.com/calypr/git-drs/internal/config/remote.go:102.131,109.17 2 1
-github.com/calypr/git-drs/internal/config/remote.go:109.17,111.4 1 0
-github.com/calypr/git-drs/internal/config/remote.go:112.3,113.31 2 1
-github.com/calypr/git-drs/internal/config/remote.go:116.2,117.52 2 2
-github.com/calypr/git-drs/internal/config/remote.go:117.52,120.3 2 1
-github.com/calypr/git-drs/internal/config/remote.go:122.2,123.16 2 2
-github.com/calypr/git-drs/internal/config/remote.go:123.16,125.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:126.2,127.9 2 2
-github.com/calypr/git-drs/internal/config/remote.go:127.9,129.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:130.2,131.9 2 2
-github.com/calypr/git-drs/internal/config/remote.go:131.9,133.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:135.2,144.8 1 2
-github.com/calypr/git-drs/internal/config/remote.go:147.114,148.64 1 0
-github.com/calypr/git-drs/internal/config/remote.go:148.64,150.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:151.2,152.21 2 0
-github.com/calypr/git-drs/internal/config/remote.go:152.21,154.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:156.2,162.16 2 0
-github.com/calypr/git-drs/internal/config/remote.go:162.16,164.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:166.2,167.16 2 0
-github.com/calypr/git-drs/internal/config/remote.go:167.16,169.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:170.2,171.9 2 0
-github.com/calypr/git-drs/internal/config/remote.go:171.9,173.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:174.2,175.9 2 0
-github.com/calypr/git-drs/internal/config/remote.go:175.9,177.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:179.2,180.27 2 0
-github.com/calypr/git-drs/internal/config/remote.go:180.27,182.3 1 0
-github.com/calypr/git-drs/internal/config/remote.go:184.2,196.8 1 0
-github.com/calypr/git-drs/internal/config/remote.go:199.91,209.2 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:33.54,34.21 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:34.21,37.4 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:38.3,38.13 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:40.54,42.46 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:42.46,44.4 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:45.3,46.13 2 0
+github.com/calypr/git-drs/cmd/initialize/main.go:52.46,55.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:55.16,57.3 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:60.2,61.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:61.16,63.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:66.2,67.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:67.16,70.3 2 0
+github.com/calypr/git-drs/cmd/initialize/main.go:73.2,75.50 3 1
+github.com/calypr/git-drs/cmd/initialize/main.go:75.50,77.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:78.2,78.57 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:78.57,80.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:82.2,83.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:83.16,85.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:88.2,89.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:89.16,91.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:93.2,94.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:94.16,96.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:98.2,99.12 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:104.49,106.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:106.16,108.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:109.2,109.17 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:109.17,111.3 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:112.2,112.29 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:115.36,116.49 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:116.49,118.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:120.2,120.51 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:120.51,121.25 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:121.25,123.4 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:124.3,124.72 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:127.2,127.124 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:127.124,129.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:130.2,130.127 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:130.127,132.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:133.2,133.129 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:133.129,135.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:136.2,136.115 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:136.115,138.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:140.2,141.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:141.16,143.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:144.2,144.25 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:144.25,146.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:148.2,149.16 2 1
+github.com/calypr/git-drs/cmd/initialize/main.go:149.16,151.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:152.2,152.30 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:155.54,157.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:157.16,159.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:160.2,161.16 2 2
+github.com/calypr/git-drs/cmd/initialize/main.go:161.16,162.25 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:162.25,164.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:165.3,165.20 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:167.2,167.55 1 2
+github.com/calypr/git-drs/cmd/initialize/main.go:172.28,189.18 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:189.18,191.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:193.2,193.61 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:193.61,195.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:196.2,196.12 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:199.13,205.2 5 1
+github.com/calypr/git-drs/cmd/initialize/main.go:207.52,209.16 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:209.16,211.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:213.2,213.52 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:213.52,215.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:217.2,237.16 5 3
+github.com/calypr/git-drs/cmd/initialize/main.go:237.16,242.73 3 1
+github.com/calypr/git-drs/cmd/initialize/main.go:242.73,244.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:245.3,245.45 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:245.45,247.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:248.3,248.87 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:251.2,251.39 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:251.39,253.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:255.2,256.16 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:256.16,258.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:259.2,260.12 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:263.54,266.16 3 3
+github.com/calypr/git-drs/cmd/initialize/main.go:266.16,268.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:269.2,271.52 3 3
+github.com/calypr/git-drs/cmd/initialize/main.go:271.52,273.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:275.2,283.16 5 3
+github.com/calypr/git-drs/cmd/initialize/main.go:283.16,288.73 3 1
+github.com/calypr/git-drs/cmd/initialize/main.go:288.73,290.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:291.3,291.45 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:291.45,293.4 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:294.3,294.89 1 1
+github.com/calypr/git-drs/cmd/initialize/main.go:297.2,297.39 1 3
+github.com/calypr/git-drs/cmd/initialize/main.go:297.39,299.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:301.2,302.16 2 3
+github.com/calypr/git-drs/cmd/initialize/main.go:302.16,304.3 1 0
+github.com/calypr/git-drs/cmd/initialize/main.go:305.2,306.12 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:22.119,23.24 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:23.24,25.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:26.2,28.27 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:28.27,30.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:31.2,31.24 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:31.24,33.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:35.2,35.32 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:35.32,38.36 3 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:38.36,44.4 5 2
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:44.9,47.18 3 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:47.18,49.13 2 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:53.3,54.145 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:54.145,56.4 1 2
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:58.3,59.24 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:59.24,61.18 2 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:61.18,63.5 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:63.10,63.17 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:63.17,65.5 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:68.3,68.17 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:68.17,69.91 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:69.91,71.5 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:74.3,74.40 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:74.40,75.89 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:75.89,81.5 2 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:81.10,90.5 2 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:91.4,91.83 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:94.3,94.97 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:94.97,96.12 2 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:98.3,98.127 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:101.2,101.12 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:104.73,105.16 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:105.16,107.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:108.2,109.24 2 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:109.24,111.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:112.2,115.26 4 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:115.26,117.3 1 0
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:118.2,118.36 1 3
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:121.47,122.16 1 6
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:122.16,124.3 1 1
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:125.2,125.41 1 5
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:59.48,61.16 2 1
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:61.16,63.3 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:64.2,71.8 2 1
@@ -1775,34 +2355,444 @@ github.com/calypr/git-drs/internal/precommit_cache/helpers.go:163.3,163.65 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:165.2,166.47 2 2
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:166.47,168.3 1 0
 github.com/calypr/git-drs/internal/precommit_cache/helpers.go:169.2,169.23 1 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:179.70,182.24 3 3
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:182.24,184.3 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:185.2,185.12 1 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:185.12,190.3 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:191.2,191.12 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:196.62,198.16 2 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:198.16,200.3 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:201.2,201.31 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:210.51,212.2 1 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:216.49,219.2 2 4
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:223.37,225.2 1 3
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:229.49,231.16 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:231.16,233.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:234.2,234.23 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:244.61,246.16 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:246.16,248.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:249.2,250.18 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:250.18,252.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:253.2,253.29 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:253.29,255.17 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:255.17,257.4 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:258.3,259.39 2 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:261.2,261.20 1 1
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:266.63,270.16 4 2
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:270.16,276.3 1 0
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:277.2,277.17 1 2
-github.com/calypr/git-drs/internal/version/version.go:22.22,24.2 1 1
-github.com/calypr/git-drs/internal/version/version.go:27.24,35.2 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:172.38,173.62 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:173.62,174.49 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:174.49,176.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:178.2,178.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:181.56,182.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:182.41,184.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:185.2,185.60 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:188.99,189.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:189.41,191.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:192.2,192.83 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:195.64,196.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:196.41,198.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:199.2,199.49 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:202.52,203.41 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:203.41,205.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:206.2,206.92 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:206.92,208.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:209.2,209.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:219.70,222.24 3 3
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:222.24,224.3 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:225.2,225.12 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:225.12,230.3 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:231.2,231.12 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:236.62,238.16 2 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:238.16,240.3 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:241.2,241.31 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:250.51,252.2 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:256.49,259.2 2 4
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:263.37,265.2 1 3
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:269.49,271.16 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:271.16,273.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:274.2,274.23 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:284.61,286.16 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:286.16,288.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:289.2,290.18 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:290.18,292.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:293.2,293.29 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:293.29,295.17 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:295.17,297.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:298.3,299.39 2 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:301.2,301.20 1 1
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:306.63,310.16 4 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:310.16,316.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:317.2,317.17 1 2
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:320.48,322.48 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:322.48,324.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:325.2,326.16 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:326.16,328.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:329.2,332.38 4 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:332.38,336.3 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:337.2,337.36 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:337.36,340.3 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:341.2,341.33 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:344.97,347.42 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:347.42,349.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:350.2,350.21 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:350.21,352.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:353.2,354.29 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:354.29,356.30 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:356.30,357.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:359.3,359.27 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:361.2,361.38 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:361.38,363.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:364.2,365.26 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:365.26,367.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:368.2,371.31 4 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:374.58,375.67 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:375.67,377.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:378.2,380.16 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:380.16,381.37 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:381.37,383.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:384.3,384.13 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:386.2,387.47 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:387.47,389.3 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:390.2,391.36 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:391.36,392.60 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:392.60,393.12 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:395.3,395.40 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:397.2,399.24 3 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:399.24,400.73 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:400.73,402.4 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:403.3,403.13 1 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:405.2,406.31 2 0
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:409.51,412.2 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:47.140,56.21 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:56.21,58.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:60.2,63.49 4 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:63.49,65.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:66.2,67.59 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:67.59,69.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:71.2,73.16 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:73.16,75.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:76.2,77.26 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:77.26,79.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:81.2,82.46 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:85.77,87.26 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:87.26,89.16 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:89.16,90.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:92.3,92.45 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:92.45,93.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:95.3,97.31 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:99.2,99.22 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:102.51,105.34 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:105.34,108.17 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:108.17,110.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:111.3,111.29 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:111.29,113.32 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:113.32,115.21 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:115.21,116.14 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:118.5,118.69 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:122.2,122.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:125.56,126.21 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:126.21,128.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:129.2,129.37 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:129.37,131.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:132.2,133.52 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:133.52,135.23 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:135.23,137.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:138.3,138.44 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:140.2,140.15 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:143.61,146.31 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:146.31,147.30 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:147.30,149.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:150.3,151.17 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:151.17,153.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:154.3,157.21 3 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:157.21,160.12 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:162.3,162.128 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:162.128,165.12 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:168.3,169.50 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:169.50,171.18 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:171.18,173.5 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:174.4,176.12 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:179.3,180.31 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:183.2,183.26 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:183.26,185.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:187.2,187.23 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:187.23,194.3 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:196.2,200.16 3 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:200.16,202.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:203.2,203.31 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:203.31,205.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:206.2,206.39 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:206.39,208.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:209.2,209.45 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:209.45,212.24 3 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:212.24,214.4 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:215.3,215.16 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:215.16,216.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:218.3,218.79 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:218.79,220.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:222.2,222.23 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:222.23,228.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:229.2,229.12 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:232.111,235.2 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:237.93,238.25 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:238.25,240.41 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:240.41,242.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:244.2,244.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:247.121,250.16 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:250.16,252.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:253.2,253.54 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:253.54,255.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:256.2,256.17 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:259.97,261.111 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:261.111,263.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:264.2,265.16 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:265.16,267.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:268.2,269.16 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:269.16,271.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:272.2,272.17 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:275.138,276.15 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:276.15,278.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:279.2,279.34 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:279.34,281.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:282.2,282.15 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:282.15,283.45 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:283.45,285.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:288.2,289.31 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:289.31,290.89 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:290.89,292.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:294.2,294.31 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:294.31,296.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:298.2,299.42 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:299.42,301.3 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:303.2,304.16 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:304.16,306.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:307.2,307.21 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:307.21,309.3 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:311.2,311.68 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:311.68,313.3 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:315.2,319.29 5 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:319.29,321.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:322.2,322.36 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:322.36,324.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:325.2,325.33 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:325.33,327.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:328.2,328.17 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:331.93,332.41 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:332.41,334.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:335.2,335.83 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:335.83,337.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:338.2,338.62 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:341.44,342.35 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:342.35,344.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:345.2,345.37 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:348.123,350.23 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:350.23,352.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:353.2,354.33 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:354.33,356.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:357.2,358.17 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:358.17,360.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:361.2,364.50 4 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:364.50,366.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:367.2,367.38 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:367.38,369.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:370.2,370.104 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:370.104,372.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:373.2,373.102 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:373.102,375.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:376.2,376.13 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:379.51,380.76 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:380.76,382.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:383.2,384.25 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:384.25,386.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:387.2,387.44 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:390.71,392.50 2 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:392.50,394.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:395.2,395.35 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:396.28,397.49 1 8
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:398.10,399.23 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:403.82,405.29 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:405.29,407.17 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:407.17,409.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:410.3,410.19 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:410.19,411.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:414.3,416.17 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:416.17,418.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:419.3,419.17 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:419.17,421.12 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:424.3,425.17 2 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:425.17,427.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:429.3,435.5 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:437.2,437.24 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:440.66,441.29 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:441.29,443.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:444.2,444.27 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:444.27,446.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:447.2,447.37 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:447.37,449.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:450.2,450.19 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:453.60,454.76 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:454.76,456.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:457.2,457.40 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:457.40,458.70 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:458.70,459.12 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:461.3,461.48 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:461.48,463.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:465.2,465.14 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:468.82,470.20 2 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:470.20,472.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:473.2,474.22 2 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:474.22,476.3 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:478.2,480.23 3 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:480.23,482.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:484.2,484.20 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:484.20,487.27 3 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:487.27,489.23 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:489.23,492.85 3 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:492.85,494.6 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:495.5,496.15 2 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:499.3,499.35 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:499.35,501.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:504.2,504.26 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:504.26,507.83 3 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:507.83,509.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:510.3,510.29 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:512.2,512.12 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:515.77,518.31 3 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:518.31,525.3 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:526.2,530.3 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:533.112,534.23 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:534.23,536.3 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:537.2,538.74 2 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:538.74,539.29 1 7
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:539.29,541.4 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:542.3,550.13 2 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:554.67,555.23 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:555.23,557.3 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:558.2,565.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:568.69,569.23 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:569.23,571.3 1 3
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:572.2,579.4 1 1
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:582.113,583.31 1 2
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:583.31,584.25 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:584.25,586.4 1 4
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:586.9,588.4 1 0
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:590.2,590.8 1 2
+github.com/calypr/git-drs/internal/pushsync/register.go:26.79,27.56 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:27.56,29.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:30.2,30.29 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:38.165,40.2 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:65.57,66.15 1 5
+github.com/calypr/git-drs/internal/pushsync/register.go:66.15,68.3 1 2
+github.com/calypr/git-drs/internal/pushsync/register.go:69.2,86.3 1 3
+github.com/calypr/git-drs/internal/pushsync/register.go:90.106,92.74 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:92.74,94.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:95.2,97.16 3 0
+github.com/calypr/git-drs/internal/pushsync/register.go:97.16,100.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:101.2,101.24 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:101.24,103.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:104.2,105.24 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:108.93,110.41 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:110.41,112.16 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:112.16,114.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:115.3,115.74 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:115.74,117.4 1 5
+github.com/calypr/git-drs/internal/pushsync/register.go:118.3,118.28 1 2
+github.com/calypr/git-drs/internal/pushsync/register.go:121.2,121.75 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:121.75,123.47 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:123.47,125.4 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:126.3,126.16 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:126.16,127.81 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:127.81,131.111 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:131.111,133.6 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:137.2,137.16 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:137.16,139.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:140.2,140.11 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:143.101,145.15 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:145.15,147.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:149.2,150.16 2 1
+github.com/calypr/git-drs/internal/pushsync/register.go:150.16,151.89 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:151.89,153.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:156.2,156.15 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:156.15,158.3 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:160.2,161.20 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:161.20,163.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:164.2,164.16 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:164.16,166.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:167.2,167.32 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:170.141,172.24 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:172.24,175.17 3 0
+github.com/calypr/git-drs/internal/pushsync/register.go:175.17,177.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:178.3,178.19 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:178.19,181.4 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:184.2,186.38 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:186.38,188.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:189.2,190.20 2 7
+github.com/calypr/git-drs/internal/pushsync/register.go:190.20,192.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:193.2,195.25 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:195.25,202.3 1 4
+github.com/calypr/git-drs/internal/pushsync/register.go:204.2,218.20 6 7
+github.com/calypr/git-drs/internal/pushsync/register.go:218.20,220.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:221.2,221.97 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:221.97,223.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:224.2,224.20 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:224.20,225.146 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:225.146,227.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:228.3,228.13 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:230.2,230.146 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:230.146,232.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:233.2,233.12 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:236.141,239.41 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:239.41,241.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:243.2,243.79 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:243.79,249.157 6 1
+github.com/calypr/git-drs/internal/pushsync/register.go:249.157,251.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:252.3,252.58 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:252.58,254.4 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:255.3,255.23 1 1
+github.com/calypr/git-drs/internal/pushsync/register.go:258.2,261.9 2 6
+github.com/calypr/git-drs/internal/pushsync/register.go:261.9,263.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:264.2,269.69 2 6
+github.com/calypr/git-drs/internal/pushsync/register.go:272.66,275.41 3 7
+github.com/calypr/git-drs/internal/pushsync/register.go:275.41,277.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:278.2,282.3 1 7
+github.com/calypr/git-drs/internal/pushsync/register.go:285.82,287.68 2 3
+github.com/calypr/git-drs/internal/pushsync/register.go:287.68,289.3 1 3
+github.com/calypr/git-drs/internal/pushsync/register.go:290.2,290.56 1 3
+github.com/calypr/git-drs/internal/pushsync/register.go:290.56,292.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:295.90,297.16 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:297.16,299.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:300.2,301.23 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:301.23,303.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:304.2,305.16 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:305.16,307.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:308.2,309.28 2 0
+github.com/calypr/git-drs/internal/pushsync/register.go:309.28,311.3 1 0
+github.com/calypr/git-drs/internal/pushsync/register.go:312.2,312.12 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:15.75,17.3 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:24.54,25.21 1 2
+github.com/calypr/git-drs/cmd/remote/list.go:25.21,28.4 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:29.3,29.13 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:31.54,34.17 3 1
+github.com/calypr/git-drs/cmd/remote/list.go:34.17,37.4 2 0
+github.com/calypr/git-drs/cmd/remote/list.go:39.3,39.47 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:39.47,43.17 3 1
+github.com/calypr/git-drs/cmd/remote/list.go:43.17,45.5 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:48.4,50.32 3 1
+github.com/calypr/git-drs/cmd/remote/list.go:50.32,53.5 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:53.10,53.40 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:53.40,56.5 2 0
+github.com/calypr/git-drs/cmd/remote/list.go:56.10,58.5 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:60.4,61.21 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:61.21,63.5 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:65.4,66.32 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:66.32,68.19 2 1
+github.com/calypr/git-drs/cmd/remote/list.go:68.19,70.14 2 0
+github.com/calypr/git-drs/cmd/remote/list.go:72.5,72.76 1 1
+github.com/calypr/git-drs/cmd/remote/list.go:72.76,74.6 1 0
+github.com/calypr/git-drs/cmd/remote/list.go:77.3,77.13 1 1
+github.com/calypr/git-drs/cmd/remote/remove.go:17.54,18.21 1 3
+github.com/calypr/git-drs/cmd/remote/remove.go:18.21,21.4 2 2
+github.com/calypr/git-drs/cmd/remote/remove.go:22.3,22.13 1 1
+github.com/calypr/git-drs/cmd/remote/remove.go:24.54,29.17 4 2
+github.com/calypr/git-drs/cmd/remote/remove.go:29.17,31.4 1 0
+github.com/calypr/git-drs/cmd/remote/remove.go:33.3,33.44 1 2
+github.com/calypr/git-drs/cmd/remote/remove.go:33.44,35.34 2 0
+github.com/calypr/git-drs/cmd/remote/remove.go:35.34,37.5 1 0
+github.com/calypr/git-drs/cmd/remote/remove.go:38.4,43.5 2 0
+github.com/calypr/git-drs/cmd/remote/remove.go:46.3,47.17 2 2
+github.com/calypr/git-drs/cmd/remote/remove.go:47.17,49.4 1 0
+github.com/calypr/git-drs/cmd/remote/remove.go:51.3,51.34 1 2
+github.com/calypr/git-drs/cmd/remote/remove.go:51.34,54.4 2 1
+github.com/calypr/git-drs/cmd/remote/remove.go:56.3,57.13 2 1
+github.com/calypr/git-drs/cmd/remote/root.go:14.13,19.2 4 1
+github.com/calypr/git-drs/cmd/remote/set.go:15.54,16.21 1 3
+github.com/calypr/git-drs/cmd/remote/set.go:16.21,19.4 2 2
+github.com/calypr/git-drs/cmd/remote/set.go:20.3,20.13 1 1
+github.com/calypr/git-drs/cmd/remote/set.go:22.54,27.17 4 0
+github.com/calypr/git-drs/cmd/remote/set.go:27.17,29.4 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:32.3,33.40 2 0
+github.com/calypr/git-drs/cmd/remote/set.go:33.40,35.34 2 0
+github.com/calypr/git-drs/cmd/remote/set.go:35.34,37.5 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:38.4,42.5 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:46.3,48.48 2 0
+github.com/calypr/git-drs/cmd/remote/set.go:48.48,50.4 1 0
+github.com/calypr/git-drs/cmd/remote/set.go:52.3,53.13 2 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:16.49,22.2 5 61
 github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:24.45,26.2 1 23
 github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:28.58,30.2 1 19
@@ -1854,21 +2844,23 @@ github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:57.23,59.19 2 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:59.19,61.4 1 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:62.3,65.9 1 0
 github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:68.2,68.28 1 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:68.28,70.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:71.2,74.8 1 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:77.78,80.32 3 4
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:80.32,82.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:83.2,84.16 2 4
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:84.16,86.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:87.2,87.37 1 4
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:87.37,89.3 1 3
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:90.2,91.16 2 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:91.16,93.3 1 0
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:94.2,97.14 1 1
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:100.49,102.29 2 3
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:102.29,104.17 2 6
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:104.17,106.4 1 3
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:108.2,108.34 1 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:68.28,69.20 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:69.20,71.4 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:72.3,72.232 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:74.2,77.8 1 1
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:80.78,83.32 3 4
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:83.32,85.3 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:86.2,87.16 2 4
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:87.16,89.3 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:90.2,90.37 1 4
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:90.37,92.3 1 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:93.2,94.16 2 1
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:94.16,96.3 1 0
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:97.2,100.14 1 1
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:103.49,105.29 2 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:105.29,107.17 2 6
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:107.17,109.4 1 3
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:111.2,111.34 1 3
 github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:10.47,12.2 1 0
 github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:14.50,16.2 1 2
 github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:18.50,20.2 1 2
@@ -1957,602 +2949,690 @@ github.com/calypr/git-drs/internal/gitrepo/repo.go:139.16,141.3 1 0
 github.com/calypr/git-drs/internal/gitrepo/repo.go:142.2,143.16 2 0
 github.com/calypr/git-drs/internal/gitrepo/repo.go:143.16,145.3 1 0
 github.com/calypr/git-drs/internal/gitrepo/repo.go:146.2,147.12 2 0
-github.com/calypr/git-drs/internal/lfs/clean.go:26.69,28.75 2 5
-github.com/calypr/git-drs/internal/lfs/clean.go:28.75,30.3 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:31.2,31.49 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:31.49,33.45 2 16
-github.com/calypr/git-drs/internal/lfs/clean.go:33.45,35.4 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:36.3,36.39 1 16
-github.com/calypr/git-drs/internal/lfs/clean.go:36.39,38.4 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:40.2,40.15 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:40.15,42.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:43.2,43.24 1 4
-github.com/calypr/git-drs/internal/lfs/clean.go:49.65,58.91 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:58.91,65.3 4 1
-github.com/calypr/git-drs/internal/lfs/clean.go:66.2,66.55 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:76.127,80.51 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:80.51,82.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:85.2,86.16 2 1
-github.com/calypr/git-drs/internal/lfs/clean.go:86.16,88.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:89.2,90.15 2 1
-github.com/calypr/git-drs/internal/lfs/clean.go:90.15,91.53 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:91.53,93.4 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:96.2,98.16 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:98.16,101.3 2 0
-github.com/calypr/git-drs/internal/lfs/clean.go:102.2,102.36 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:102.36,104.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:105.2,108.29 3 1
-github.com/calypr/git-drs/internal/lfs/clean.go:108.29,109.60 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:109.60,110.64 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:110.64,111.46 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:111.46,113.6 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:114.5,114.80 1 1
-github.com/calypr/git-drs/internal/lfs/clean.go:114.80,116.6 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:117.5,118.15 2 1
-github.com/calypr/git-drs/internal/lfs/clean.go:124.2,125.16 2 0
-github.com/calypr/git-drs/internal/lfs/clean.go:125.16,127.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:128.2,128.68 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:128.68,130.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:131.2,131.54 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:131.54,133.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:135.2,142.56 3 0
-github.com/calypr/git-drs/internal/lfs/clean.go:142.56,144.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:147.2,147.63 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:147.63,149.3 1 0
-github.com/calypr/git-drs/internal/lfs/clean.go:151.2,151.12 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:24.124,25.68 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:25.68,27.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:29.2,30.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:30.16,32.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:34.2,39.79 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:42.163,43.68 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:43.68,45.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:46.2,46.78 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:46.78,48.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:49.2,50.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:50.16,52.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:54.2,59.79 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:69.107,70.70 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:70.70,72.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:74.2,75.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:75.16,77.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:79.2,84.8 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:87.127,88.70 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:88.70,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:91.2,96.8 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:99.39,99.63 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:101.58,101.84 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:103.76,105.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:107.98,108.21 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:108.21,110.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:111.2,116.16 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:119.92,121.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:123.119,124.17 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:124.17,126.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:127.2,128.39 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:131.93,133.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:135.100,137.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:139.89,141.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:143.135,145.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:147.132,149.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:151.72,153.2 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:155.107,156.23 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:156.23,158.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:159.2,160.23 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:160.23,162.22 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:162.22,164.4 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:165.3,165.66 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:167.2,167.47 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:167.47,169.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:170.2,171.94 2 0
-github.com/calypr/git-drs/internal/lfs/download.go:171.94,173.3 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:174.2,174.46 1 0
-github.com/calypr/git-drs/internal/lfs/download.go:174.46,178.3 3 0
-github.com/calypr/git-drs/internal/lfs/download.go:179.2,179.23 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:56.80,62.2 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:65.56,68.2 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:71.54,74.2 2 0
-github.com/calypr/git-drs/internal/lfs/filter.go:78.52,80.38 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:80.38,83.3 2 0
-github.com/calypr/git-drs/internal/lfs/filter.go:84.2,84.6 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:84.6,85.35 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:85.35,87.4 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:88.3,88.43 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:88.43,89.21 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:89.21,91.5 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:92.4,92.14 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:116.39,119.16 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:119.16,121.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:122.2,122.36 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:122.36,124.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:126.2,127.16 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:127.16,129.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:130.2,130.45 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:130.45,132.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:135.2,135.89 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:135.89,137.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:140.2,140.49 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:140.49,142.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:145.2,145.80 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:152.59,155.16 3 2
-github.com/calypr/git-drs/internal/lfs/filter.go:155.16,158.3 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:159.2,162.16 3 1
-github.com/calypr/git-drs/internal/lfs/filter.go:162.16,164.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:166.2,167.21 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:168.16,169.49 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:170.15,171.48 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:172.10,174.61 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:177.2,177.23 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:177.23,179.72 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:179.72,181.4 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:182.3,182.13 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:184.2,184.12 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:187.96,188.21 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:188.21,190.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:192.2,193.75 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:193.75,195.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:196.2,196.44 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:199.95,200.20 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:200.20,202.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:204.2,205.74 2 0
-github.com/calypr/git-drs/internal/lfs/filter.go:205.74,207.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:208.2,208.44 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:212.61,214.2 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:217.60,219.2 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:230.61,231.73 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:231.73,233.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:235.2,236.19 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:236.19,237.42 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:237.42,239.4 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:241.2,241.34 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:241.34,243.3 1 0
-github.com/calypr/git-drs/internal/lfs/filter.go:246.2,246.34 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:255.58,257.16 2 2
-github.com/calypr/git-drs/internal/lfs/filter.go:257.16,259.3 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:261.2,262.35 2 1
-github.com/calypr/git-drs/internal/lfs/filter.go:262.35,263.55 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:263.55,264.17 1 2
-github.com/calypr/git-drs/internal/lfs/filter.go:265.19,266.24 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:267.20,268.25 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:272.2,272.17 1 1
-github.com/calypr/git-drs/internal/lfs/filter.go:277.51,279.2 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:16.110,18.34 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:18.34,20.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:23.2,25.29 3 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:25.29,27.14 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:27.14,28.12 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:30.3,30.28 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:30.28,33.4 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:35.2,35.21 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:35.21,37.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:40.2,42.20 3 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:42.20,44.17 2 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:44.17,46.4 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:47.3,47.34 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:47.34,49.4 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:50.8,50.36 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:50.36,52.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:57.2,58.29 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:58.29,60.9 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:60.9,62.4 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:66.2,66.28 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:66.28,69.31 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:69.31,71.48 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:71.48,74.5 2 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:75.9,78.4 2 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:81.2,81.32 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:81.32,83.3 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:86.2,86.76 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:86.76,88.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:91.2,92.35 2 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:92.35,94.3 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:95.2,95.76 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:95.76,97.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:98.2,98.18 1 2
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:106.73,108.42 2 4
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:108.42,110.3 1 1
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:113.2,114.20 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:114.20,116.3 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:118.2,119.32 2 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:119.32,120.43 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:120.43,123.34 3 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:123.34,125.5 1 3
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:127.4,127.24 1 0
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:130.2,130.22 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:19.78,31.16 3 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:31.16,34.14 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:34.14,36.4 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:37.3,37.44 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:39.2,39.23 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:47.79,50.16 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:50.16,52.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:53.2,55.15 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:55.15,57.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:60.2,60.87 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:60.87,62.32 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:62.32,64.4 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:67.2,67.26 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:67.26,69.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:70.2,70.33 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:73.66,76.16 3 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:76.16,78.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:79.2,79.23 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:82.36,84.31 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:84.31,87.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:88.2,88.62 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:88.62,90.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:92.2,93.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:93.16,95.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:96.2,96.44 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:99.85,101.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:101.16,103.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:104.2,104.17 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:111.66,113.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:113.16,115.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:116.2,116.50 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:119.109,125.16 5 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:125.16,127.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:129.2,131.46 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:131.46,135.50 3 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:135.50,136.176 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:136.176,138.13 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:142.3,145.14 3 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:145.14,148.4 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:151.2,151.13 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:151.13,152.93 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:152.93,154.4 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:157.2,157.29 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:160.83,165.16 4 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:165.16,167.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:169.2,171.21 3 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:171.21,173.44 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:173.44,174.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:176.3,177.22 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:177.22,178.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:180.3,180.62 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:182.2,182.38 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:182.38,184.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:186.2,186.24 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:186.24,188.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:190.2,192.29 3 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:192.29,194.3 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:195.2,195.26 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:198.111,203.16 4 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:203.16,205.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:206.2,206.30 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:206.30,208.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:210.2,211.29 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:211.29,214.3 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:216.2,219.21 4 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:219.21,221.44 2 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:221.44,223.12 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:226.3,227.22 2 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:227.22,229.12 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:232.3,233.35 2 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:233.35,235.12 2 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:238.3,238.38 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:240.2,240.38 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:240.38,242.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:244.2,244.13 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:244.13,246.20 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:246.20,248.4 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:249.3,249.80 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:249.80,251.4 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:254.2,254.26 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:257.47,259.16 2 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:259.16,260.25 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:260.25,262.4 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:263.3,263.57 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:265.2,265.18 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:268.62,271.21 3 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:271.21,273.44 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:273.44,274.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:276.3,277.22 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:277.22,278.12 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:280.3,280.47 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:282.2,282.14 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:285.94,286.12 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:286.12,288.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:290.2,291.23 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:291.23,293.22 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:293.22,296.24 3 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:296.24,298.40 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:298.40,301.14 3 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:304.4,304.33 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:306.3,306.39 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:306.39,308.4 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:311.2,311.34 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:311.34,313.3 1 2
-github.com/calypr/git-drs/internal/lfs/helpers.go:315.2,316.19 2 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:316.19,318.3 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:319.2,319.79 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:319.79,321.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:322.2,322.12 1 1
-github.com/calypr/git-drs/internal/lfs/helpers.go:325.43,327.2 1 3
-github.com/calypr/git-drs/internal/lfs/helpers.go:329.44,331.2 1 8
-github.com/calypr/git-drs/internal/lfs/helpers.go:338.41,340.31 2 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:340.31,342.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:342.8,344.3 1 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:346.2,346.44 1 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:346.44,348.3 1 10
-github.com/calypr/git-drs/internal/lfs/helpers.go:350.2,350.16 1 5
-github.com/calypr/git-drs/internal/lfs/helpers.go:353.49,356.44 2 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:356.44,358.3 1 14
-github.com/calypr/git-drs/internal/lfs/helpers.go:360.2,360.31 1 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:360.31,362.3 1 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:364.2,364.18 1 7
-github.com/calypr/git-drs/internal/lfs/helpers.go:367.74,369.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:369.16,371.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:373.2,374.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:374.16,376.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:378.2,380.16 3 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:380.16,382.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:384.2,384.21 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:387.67,389.16 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:389.16,391.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:392.2,393.15 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:393.15,395.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:397.2,397.26 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:397.26,399.17 2 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:399.17,401.4 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:403.2,403.17 1 4
-github.com/calypr/git-drs/internal/lfs/helpers.go:408.73,410.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:410.16,412.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:413.2,414.16 2 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:414.16,416.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:417.2,417.19 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:417.19,419.3 1 0
-github.com/calypr/git-drs/internal/lfs/helpers.go:420.2,420.35 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:26.111,27.41 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:27.41,29.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:32.2,44.16 10 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:44.16,46.16 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:46.16,48.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:49.3,49.67 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:51.2,51.17 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:54.134,55.19 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:55.19,57.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:58.2,59.16 2 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:59.16,61.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:63.2,63.25 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:63.25,65.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:66.2,66.29 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:66.29,68.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:68.8,70.3 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:71.2,77.27 5 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:77.27,78.80 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:78.80,80.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:83.2,83.24 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:86.126,88.16 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:88.16,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:92.2,93.32 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:93.32,95.18 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:95.18,96.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:99.3,100.17 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:100.17,102.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:105.3,106.17 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:106.17,108.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:111.3,112.10 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:112.10,113.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:116.3,123.4 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:126.2,126.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:129.89,135.34 6 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:135.34,137.16 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:137.16,139.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:140.3,140.35 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:142.2,142.29 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:145.61,147.13 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:147.13,149.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:151.2,152.19 2 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:152.19,154.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:155.2,155.23 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:155.23,157.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:159.2,161.29 3 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:161.29,163.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:164.2,164.23 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:174.57,178.86 3 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:178.86,180.17 2 14
-github.com/calypr/git-drs/internal/lfs/lfs.go:180.17,181.12 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:183.3,183.42 1 11
-github.com/calypr/git-drs/internal/lfs/lfs.go:183.42,185.12 2 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:187.3,187.38 1 8
-github.com/calypr/git-drs/internal/lfs/lfs.go:187.38,190.23 3 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:190.23,192.5 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:193.4,195.12 3 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:197.3,197.39 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:197.39,200.28 3 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:200.28,202.5 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:203.4,203.15 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:207.2,207.55 1 5
-github.com/calypr/git-drs/internal/lfs/lfs.go:207.55,209.3 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:210.2,210.59 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:210.59,212.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:214.2,214.16 1 3
-github.com/calypr/git-drs/internal/lfs/lfs.go:217.44,218.24 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:218.24,220.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:221.2,223.34 3 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:223.34,225.19 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:225.19,226.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:228.3,229.62 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:229.62,231.4 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:232.3,232.29 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:232.29,233.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:235.3,236.27 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:238.2,238.20 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:238.20,240.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:241.2,241.13 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:244.108,246.34 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:246.34,249.3 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:252.2,254.75 2 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:254.75,256.17 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:256.17,257.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:259.3,260.21 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:260.21,261.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:264.3,266.27 3 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:266.27,267.31 1 9
-github.com/calypr/git-drs/internal/lfs/lfs.go:267.31,270.10 3 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:273.3,273.16 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:273.16,275.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:279.3,280.48 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:280.48,282.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:283.3,283.44 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:283.44,285.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:286.3,289.17 4 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:289.17,291.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:296.3,296.33 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:296.33,298.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:302.3,302.124 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:302.124,304.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:308.3,308.86 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:308.86,310.4 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:311.3,313.45 3 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:313.45,315.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:316.3,316.48 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:316.48,318.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:318.9,320.12 2 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:323.3,326.30 2 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:326.30,327.61 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:327.61,329.112 2 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:329.112,331.6 1 1
-github.com/calypr/git-drs/internal/lfs/lfs.go:335.3,342.4 1 7
-github.com/calypr/git-drs/internal/lfs/lfs.go:345.2,345.12 1 2
-github.com/calypr/git-drs/internal/lfs/lfs.go:349.67,352.18 3 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:352.18,354.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:357.2,363.16 5 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:363.16,365.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs.go:367.2,367.12 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:15.46,16.16 1 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:16.16,18.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:21.2,35.34 6 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:35.34,37.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:44.2,45.21 2 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:45.21,47.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:49.2,50.28 2 2
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:71.66,75.16 3 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:75.16,78.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:81.2,81.46 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:81.46,83.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:86.2,88.16 3 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:88.16,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:93.2,93.28 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:93.28,95.3 1 0
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:97.2,97.36 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:13.56,15.13 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:15.13,17.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:18.2,19.39 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:22.73,24.13 2 3
-github.com/calypr/git-drs/internal/lfs/sentinel.go:24.13,26.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:27.2,27.108 1 3
-github.com/calypr/git-drs/internal/lfs/sentinel.go:30.46,32.2 1 3
-github.com/calypr/git-drs/internal/lfs/sentinel.go:34.56,36.16 2 1
-github.com/calypr/git-drs/internal/lfs/sentinel.go:36.16,38.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:39.2,43.26 4 1
-github.com/calypr/git-drs/internal/lfs/sentinel.go:43.26,45.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:46.2,46.44 1 1
-github.com/calypr/git-drs/internal/lfs/sentinel.go:49.107,51.66 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:51.66,53.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:54.2,55.16 2 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:55.16,57.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:58.2,58.62 1 2
-github.com/calypr/git-drs/internal/lfs/sentinel.go:58.62,60.3 1 0
-github.com/calypr/git-drs/internal/lfs/sentinel.go:61.2,61.21 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:21.144,23.16 2 4
-github.com/calypr/git-drs/internal/lfs/smudge.go:23.16,25.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:27.2,28.9 2 4
-github.com/calypr/git-drs/internal/lfs/smudge.go:28.9,30.17 2 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:30.17,32.4 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:33.3,33.13 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:36.2,36.19 1 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:36.19,38.3 1 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:40.2,41.16 2 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:41.16,43.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:45.2,46.16 2 3
-github.com/calypr/git-drs/internal/lfs/smudge.go:46.16,48.3 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:49.2,49.37 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:49.37,51.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:53.2,53.21 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:53.21,56.20 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:56.20,58.4 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:59.3,60.13 2 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:63.2,63.68 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:63.68,65.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:67.2,67.54 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:67.54,69.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:71.2,71.59 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:71.59,73.3 1 0
-github.com/calypr/git-drs/internal/lfs/smudge.go:75.2,75.12 1 1
-github.com/calypr/git-drs/internal/lfs/smudge.go:78.59,80.16 2 4
-github.com/calypr/git-drs/internal/lfs/smudge.go:80.16,82.3 1 2
-github.com/calypr/git-drs/internal/lfs/smudge.go:83.2,86.12 3 2
-github.com/calypr/git-drs/internal/lfs/store.go:27.72,32.2 1 12
-github.com/calypr/git-drs/internal/lfs/store.go:34.62,37.2 2 7
-github.com/calypr/git-drs/internal/lfs/store.go:39.79,42.2 2 2
-github.com/calypr/git-drs/internal/lfs/store.go:44.73,47.2 2 2
-github.com/calypr/git-drs/internal/lfs/store.go:49.62,54.20 2 13
-github.com/calypr/git-drs/internal/lfs/store.go:54.20,56.3 1 1
-github.com/calypr/git-drs/internal/lfs/store.go:58.2,58.63 1 12
-github.com/calypr/git-drs/internal/lfs/store.go:61.79,63.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:63.16,65.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:67.2,68.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:68.16,70.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:71.2,71.68 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:71.68,73.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:75.2,75.68 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:75.68,77.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:78.2,78.12 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:81.73,83.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:83.16,85.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:87.2,88.16 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:88.16,90.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:92.2,93.79 2 3
-github.com/calypr/git-drs/internal/lfs/store.go:93.79,95.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:97.2,97.24 1 3
-github.com/calypr/git-drs/internal/lfs/store.go:101.71,105.55 3 0
-github.com/calypr/git-drs/internal/lfs/store.go:105.55,107.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:108.2,108.88 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:108.88,109.17 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:109.17,111.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:112.3,112.19 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:112.19,114.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:115.3,116.17 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:116.17,118.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:119.3,120.22 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:120.22,123.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:124.3,128.13 3 0
-github.com/calypr/git-drs/internal/lfs/store.go:130.2,130.16 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:130.16,132.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:133.2,134.21 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:137.82,140.55 3 0
-github.com/calypr/git-drs/internal/lfs/store.go:140.55,143.3 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:145.2,145.88 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:145.88,146.17 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:146.17,149.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:150.3,150.19 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:150.19,152.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:153.3,154.17 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:154.17,156.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:157.3,158.22 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:158.22,161.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:162.3,163.17 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:163.17,166.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:167.3,168.73 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:168.73,171.4 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:174.3,175.25 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:175.25,177.4 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:179.3,180.13 2 0
-github.com/calypr/git-drs/internal/lfs/store.go:182.2,182.16 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:182.16,184.3 1 0
-github.com/calypr/git-drs/internal/lfs/store.go:185.2,186.21 2 0
-github.com/calypr/git-drs/internal/lfs/util.go:16.32,18.16 2 1
-github.com/calypr/git-drs/internal/lfs/util.go:18.16,20.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:21.2,21.56 1 1
-github.com/calypr/git-drs/internal/lfs/util.go:29.74,31.16 2 3
-github.com/calypr/git-drs/internal/lfs/util.go:31.16,33.3 1 2
-github.com/calypr/git-drs/internal/lfs/util.go:34.2,36.16 3 1
-github.com/calypr/git-drs/internal/lfs/util.go:36.16,38.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:39.2,40.16 2 1
-github.com/calypr/git-drs/internal/lfs/util.go:40.16,42.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:43.2,43.34 1 1
-github.com/calypr/git-drs/internal/lfs/util.go:46.38,48.16 2 1
-github.com/calypr/git-drs/internal/lfs/util.go:48.16,50.3 1 0
-github.com/calypr/git-drs/internal/lfs/util.go:51.2,52.43 2 1
+github.com/calypr/git-drs/internal/config/config.go:32.36,34.2 1 8
+github.com/calypr/git-drs/internal/config/config.go:36.43,38.37 2 4
+github.com/calypr/git-drs/internal/config/config.go:38.37,40.3 1 8
+github.com/calypr/git-drs/internal/config/config.go:42.2,42.40 1 4
+github.com/calypr/git-drs/internal/config/config.go:42.40,43.32 1 7
+github.com/calypr/git-drs/internal/config/config.go:43.32,45.4 1 2
+github.com/calypr/git-drs/internal/config/config.go:48.2,48.102 1 2
+github.com/calypr/git-drs/internal/config/config.go:57.90,59.9 2 1
+github.com/calypr/git-drs/internal/config/config.go:59.9,61.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:62.2,62.20 1 1
+github.com/calypr/git-drs/internal/config/config.go:62.20,64.3 1 1
+github.com/calypr/git-drs/internal/config/config.go:65.2,65.19 1 0
+github.com/calypr/git-drs/internal/config/config.go:65.19,67.91 2 0
+github.com/calypr/git-drs/internal/config/config.go:67.91,71.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:72.3,72.50 1 0
+github.com/calypr/git-drs/internal/config/config.go:74.2,74.94 1 0
+github.com/calypr/git-drs/internal/config/config.go:77.52,79.9 2 2
+github.com/calypr/git-drs/internal/config/config.go:79.9,81.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:82.2,82.19 1 2
+github.com/calypr/git-drs/internal/config/config.go:82.19,84.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:84.8,84.27 1 2
+github.com/calypr/git-drs/internal/config/config.go:84.27,86.3 1 2
+github.com/calypr/git-drs/internal/config/config.go:87.2,87.12 1 0
+github.com/calypr/git-drs/internal/config/config.go:91.52,92.27 1 1
+github.com/calypr/git-drs/internal/config/config.go:92.27,102.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:104.2,104.46 1 1
+github.com/calypr/git-drs/internal/config/config.go:104.46,111.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:113.2,113.29 1 1
+github.com/calypr/git-drs/internal/config/config.go:117.67,118.18 1 2
+github.com/calypr/git-drs/internal/config/config.go:118.18,120.3 1 1
+github.com/calypr/git-drs/internal/config/config.go:121.2,121.29 1 1
+github.com/calypr/git-drs/internal/config/config.go:125.44,127.30 2 0
+github.com/calypr/git-drs/internal/config/config.go:127.30,129.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:130.2,130.14 1 0
+github.com/calypr/git-drs/internal/config/config.go:134.41,136.2 1 15
+github.com/calypr/git-drs/internal/config/config.go:138.46,140.2 1 0
+github.com/calypr/git-drs/internal/config/config.go:148.70,150.16 2 3
+github.com/calypr/git-drs/internal/config/config.go:150.16,152.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:154.2,155.16 2 3
+github.com/calypr/git-drs/internal/config/config.go:155.16,157.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:160.2,163.24 3 3
+github.com/calypr/git-drs/internal/config/config.go:163.24,168.37 5 1
+github.com/calypr/git-drs/internal/config/config.go:168.37,170.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:171.3,171.38 1 1
+github.com/calypr/git-drs/internal/config/config.go:171.38,173.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:174.8,174.32 1 2
+github.com/calypr/git-drs/internal/config/config.go:174.32,177.35 3 2
+github.com/calypr/git-drs/internal/config/config.go:177.35,179.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:180.3,180.32 1 2
+github.com/calypr/git-drs/internal/config/config.go:180.32,182.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:183.3,183.38 1 2
+github.com/calypr/git-drs/internal/config/config.go:183.38,185.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:186.3,186.39 1 2
+github.com/calypr/git-drs/internal/config/config.go:186.39,188.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:192.2,194.25 3 3
+github.com/calypr/git-drs/internal/config/config.go:194.25,196.3 1 3
+github.com/calypr/git-drs/internal/config/config.go:199.2,199.52 1 3
+github.com/calypr/git-drs/internal/config/config.go:199.52,201.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:203.2,203.21 1 3
+github.com/calypr/git-drs/internal/config/config.go:206.170,207.64 1 9
+github.com/calypr/git-drs/internal/config/config.go:207.64,209.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:211.2,214.46 3 9
+github.com/calypr/git-drs/internal/config/config.go:214.46,222.3 1 5
+github.com/calypr/git-drs/internal/config/config.go:222.8,222.34 1 4
+github.com/calypr/git-drs/internal/config/config.go:222.34,230.3 1 4
+github.com/calypr/git-drs/internal/config/config.go:232.2,232.30 1 9
+github.com/calypr/git-drs/internal/config/config.go:236.36,238.16 2 10
+github.com/calypr/git-drs/internal/config/config.go:238.16,240.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:242.2,243.16 2 10
+github.com/calypr/git-drs/internal/config/config.go:243.16,245.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:247.2,252.44 2 10
+github.com/calypr/git-drs/internal/config/config.go:252.44,253.36 1 109
+github.com/calypr/git-drs/internal/config/config.go:253.36,254.12 1 100
+github.com/calypr/git-drs/internal/config/config.go:258.3,259.15 2 9
+github.com/calypr/git-drs/internal/config/config.go:259.15,261.4 1 9
+github.com/calypr/git-drs/internal/config/config.go:263.3,263.50 1 9
+github.com/calypr/git-drs/internal/config/config.go:263.50,264.67 1 9
+github.com/calypr/git-drs/internal/config/config.go:264.67,265.13 1 0
+github.com/calypr/git-drs/internal/config/config.go:267.4,276.5 1 9
+github.com/calypr/git-drs/internal/config/config.go:280.2,280.17 1 10
+github.com/calypr/git-drs/internal/config/config.go:283.32,289.2 2 1
+github.com/calypr/git-drs/internal/config/config.go:291.50,293.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:293.16,295.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:296.2,297.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:297.16,299.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:300.2,300.32 1 0
+github.com/calypr/git-drs/internal/config/config.go:304.36,306.16 2 1
+github.com/calypr/git-drs/internal/config/config.go:306.16,308.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:310.2,311.16 2 1
+github.com/calypr/git-drs/internal/config/config.go:311.16,313.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:315.2,315.29 1 1
+github.com/calypr/git-drs/internal/config/config.go:315.29,317.3 1 1
+github.com/calypr/git-drs/internal/config/config.go:319.2,319.36 1 1
+github.com/calypr/git-drs/internal/config/config.go:322.49,324.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:324.16,326.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:328.2,328.37 1 0
+github.com/calypr/git-drs/internal/config/config.go:328.37,330.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:332.2,346.60 3 0
+github.com/calypr/git-drs/internal/config/config.go:346.60,348.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:350.2,350.31 1 0
+github.com/calypr/git-drs/internal/config/config.go:350.31,352.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:354.2,354.40 1 0
+github.com/calypr/git-drs/internal/config/config.go:354.40,356.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:358.2,358.29 1 0
+github.com/calypr/git-drs/internal/config/config.go:358.29,359.87 1 0
+github.com/calypr/git-drs/internal/config/config.go:359.87,361.4 1 0
+github.com/calypr/git-drs/internal/config/config.go:364.2,364.21 1 0
+github.com/calypr/git-drs/internal/config/config.go:367.38,368.41 1 0
+github.com/calypr/git-drs/internal/config/config.go:368.41,370.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:372.2,373.32 2 0
+github.com/calypr/git-drs/internal/config/config.go:373.32,375.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:376.2,377.25 2 0
+github.com/calypr/git-drs/internal/config/config.go:382.38,384.16 2 0
+github.com/calypr/git-drs/internal/config/config.go:384.16,386.3 1 0
+github.com/calypr/git-drs/internal/config/config.go:388.2,389.24 2 0
+github.com/calypr/git-drs/internal/config/remote.go:55.47,55.69 1 1
+github.com/calypr/git-drs/internal/config/remote.go:56.47,56.72 1 2
+github.com/calypr/git-drs/internal/config/remote.go:57.47,57.68 1 0
+github.com/calypr/git-drs/internal/config/remote.go:58.47,58.66 1 1
+github.com/calypr/git-drs/internal/config/remote.go:59.47,59.73 1 1
+github.com/calypr/git-drs/internal/config/remote.go:61.92,64.16 3 0
+github.com/calypr/git-drs/internal/config/remote.go:64.16,66.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:67.2,69.77 3 0
+github.com/calypr/git-drs/internal/config/remote.go:69.77,71.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:72.2,73.40 2 0
+github.com/calypr/git-drs/internal/config/remote.go:86.44,87.23 1 2
+github.com/calypr/git-drs/internal/config/remote.go:87.23,89.3 1 1
+github.com/calypr/git-drs/internal/config/remote.go:90.2,90.24 1 1
+github.com/calypr/git-drs/internal/config/remote.go:93.48,93.73 1 5
+github.com/calypr/git-drs/internal/config/remote.go:94.48,94.68 1 0
+github.com/calypr/git-drs/internal/config/remote.go:95.48,95.67 1 2
+github.com/calypr/git-drs/internal/config/remote.go:96.48,96.74 1 2
+github.com/calypr/git-drs/internal/config/remote.go:98.93,99.119 1 2
+github.com/calypr/git-drs/internal/config/remote.go:99.119,102.3 2 1
+github.com/calypr/git-drs/internal/config/remote.go:103.2,106.131 4 2
+github.com/calypr/git-drs/internal/config/remote.go:106.131,113.17 2 1
+github.com/calypr/git-drs/internal/config/remote.go:113.17,115.4 1 0
+github.com/calypr/git-drs/internal/config/remote.go:116.3,117.31 2 1
+github.com/calypr/git-drs/internal/config/remote.go:120.2,121.52 2 2
+github.com/calypr/git-drs/internal/config/remote.go:121.52,124.3 2 1
+github.com/calypr/git-drs/internal/config/remote.go:126.2,127.16 2 2
+github.com/calypr/git-drs/internal/config/remote.go:127.16,129.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:130.2,131.9 2 2
+github.com/calypr/git-drs/internal/config/remote.go:131.9,133.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:135.2,143.8 1 2
+github.com/calypr/git-drs/internal/config/remote.go:146.114,147.64 1 1
+github.com/calypr/git-drs/internal/config/remote.go:147.64,149.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:150.2,151.21 2 1
+github.com/calypr/git-drs/internal/config/remote.go:151.21,153.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:155.2,161.16 2 1
+github.com/calypr/git-drs/internal/config/remote.go:161.16,163.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:165.2,166.16 2 1
+github.com/calypr/git-drs/internal/config/remote.go:166.16,168.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:169.2,170.9 2 1
+github.com/calypr/git-drs/internal/config/remote.go:170.9,172.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:174.2,175.27 2 1
+github.com/calypr/git-drs/internal/config/remote.go:175.27,177.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:179.2,190.8 1 1
+github.com/calypr/git-drs/internal/config/remote.go:193.91,203.2 1 0
+github.com/calypr/git-drs/internal/config/remote.go:205.72,206.16 1 0
+github.com/calypr/git-drs/internal/config/remote.go:206.16,208.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:209.2,209.41 1 0
+github.com/calypr/git-drs/internal/config/remote.go:209.41,211.3 1 0
+github.com/calypr/git-drs/internal/config/remote.go:212.2,212.110 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:18.105,21.27 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:21.27,24.77 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:24.77,25.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:27.3,28.17 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:28.17,30.4 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:31.3,31.30 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:31.30,33.30 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:33.30,34.13 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:36.4,39.18 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:39.18,41.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:42.4,42.11 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:42.11,43.13 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:45.4,45.77 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:48.2,48.21 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:51.52,53.29 2 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:53.29,55.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:56.2,57.12 2 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:60.84,63.16 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:63.16,65.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:66.2,68.29 3 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:68.29,70.17 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:70.17,71.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:73.3,74.40 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:74.40,75.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:77.3,77.34 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:79.2,79.19 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:82.81,86.16 4 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:86.16,88.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:89.2,90.9 2 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:90.9,92.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:93.2,93.85 1 3
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:96.33,98.2 1 9
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:11.96,14.27 3 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:14.27,16.40 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:16.40,17.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:19.3,19.32 1 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:19.32,20.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:22.3,23.36 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:25.2,25.23 1 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:25.23,27.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:29.2,30.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:30.16,32.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:33.2,34.32 2 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:34.32,37.3 2 1
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:38.2,38.29 1 3
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:38.29,40.3 1 1
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:41.2,41.23 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:27.136,28.43 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:28.43,30.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:31.2,31.19 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:31.19,33.3 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:34.2,34.20 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:34.20,36.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:38.2,39.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:39.16,41.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:42.2,42.28 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:42.28,44.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:46.2,47.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:47.16,49.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:51.2,52.16 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:52.16,54.3 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:56.2,57.43 2 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:57.43,58.54 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:58.54,60.12 2 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:63.3,64.17 2 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:64.17,66.4 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:67.3,67.23 1 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:68.10,70.21 2 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:70.21,72.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:73.4,73.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:74.10,74.10 0 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:75.11,77.21 2 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:77.21,79.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:80.4,80.12 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:83.3,85.37 3 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:85.37,87.4 1 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:88.3,88.27 1 2
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:88.27,89.81 1 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:89.81,91.5 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:92.4,93.12 2 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:96.3,99.24 2 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:99.24,101.4 1 0
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:102.3,102.29 1 1
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:105.2,105.177 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:105.177,113.3 1 3
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:114.2,114.21 1 3
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:9.113,11.16 2 1
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:11.16,13.3 1 0
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:15.2,15.47 1 1
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:15.47,19.3 3 1
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:21.2,21.42 1 0
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:21.42,25.3 3 0
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:26.2,26.17 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:37.54,39.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:49.42,56.2 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:58.68,61.16 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:61.16,63.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:65.2,68.16 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:68.16,70.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:72.2,76.16 4 0
+github.com/calypr/git-drs/cmd/prepush/main.go:76.16,80.3 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:82.2,83.25 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:83.25,87.3 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:88.2,89.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:89.16,91.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:93.2,99.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:99.16,101.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:103.2,109.16 6 0
+github.com/calypr/git-drs/cmd/prepush/main.go:109.16,112.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:113.2,113.15 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:113.15,116.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:118.2,119.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:119.16,122.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:123.2,123.110 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:123.110,126.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:127.2,131.16 4 0
+github.com/calypr/git-drs/cmd/prepush/main.go:131.16,134.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:136.2,142.16 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:142.16,145.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:148.2,150.33 3 0
+github.com/calypr/git-drs/cmd/prepush/main.go:150.33,152.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:153.2,153.113 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:153.113,156.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:158.2,159.12 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:196.73,198.19 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:198.19,200.3 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:201.2,202.23 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:202.23,204.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:205.2,206.26 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:206.26,208.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:209.2,210.22 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:210.22,212.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:213.2,221.22 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:221.22,223.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:225.2,225.26 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:225.26,227.34 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:227.34,232.4 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:235.2,235.57 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:235.57,237.39 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:237.39,239.26 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:239.26,241.5 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:242.4,243.24 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:243.24,245.5 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:246.4,247.27 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:247.27,249.5 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:250.4,258.52 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:262.2,262.12 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:265.165,267.16 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:267.16,269.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:270.2,273.32 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:273.32,275.31 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:275.31,277.12 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:279.3,279.90 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:281.2,281.26 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:281.26,284.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:286.2,291.16 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:291.16,293.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:295.2,296.16 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:296.16,298.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:299.2,301.17 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:301.17,303.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:303.8,303.74 1 9
+github.com/calypr/git-drs/cmd/prepush/main.go:303.74,305.3 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:307.2,309.16 3 9
+github.com/calypr/git-drs/cmd/prepush/main.go:309.16,311.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:312.2,314.53 2 9
+github.com/calypr/git-drs/cmd/prepush/main.go:314.53,319.26 3 6
+github.com/calypr/git-drs/cmd/prepush/main.go:320.84,322.14 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:326.3,326.86 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:326.86,329.4 2 1
+github.com/calypr/git-drs/cmd/prepush/main.go:330.3,330.101 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:332.2,332.12 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:335.64,336.66 1 12
+github.com/calypr/git-drs/cmd/prepush/main.go:336.66,337.52 1 12
+github.com/calypr/git-drs/cmd/prepush/main.go:337.52,339.4 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:341.2,342.52 2 10
+github.com/calypr/git-drs/cmd/prepush/main.go:342.52,344.3 1 8
+github.com/calypr/git-drs/cmd/prepush/main.go:345.2,346.74 2 2
+github.com/calypr/git-drs/cmd/prepush/main.go:349.54,351.20 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:351.20,353.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:354.2,354.20 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:354.20,356.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:357.2,357.25 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:357.25,359.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:360.2,360.41 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:363.89,365.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:365.16,368.3 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:369.2,369.47 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:369.47,370.25 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:370.25,372.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:372.9,374.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:375.3,375.20 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:377.2,377.20 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:380.231,381.16 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:381.16,383.17 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:383.17,385.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:385.9,385.16 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:385.16,387.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:388.3,388.86 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:390.2,391.16 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:391.16,393.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:394.2,394.29 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:399.56,401.2 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:403.44,405.100 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:405.100,407.3 1 1
+github.com/calypr/git-drs/cmd/prepush/main.go:408.2,408.38 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:411.156,412.18 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:412.18,414.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:415.2,416.16 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:416.16,418.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:419.2,420.29 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:420.29,422.17 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:422.17,424.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:425.3,425.10 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:425.10,427.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:428.3,429.16 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:429.16,431.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:432.3,432.88 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:432.88,434.4 1 1
+github.com/calypr/git-drs/cmd/prepush/main.go:435.3,436.17 2 2
+github.com/calypr/git-drs/cmd/prepush/main.go:436.17,439.4 2 0
+github.com/calypr/git-drs/cmd/prepush/main.go:440.3,446.4 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:448.2,448.28 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:451.79,454.27 3 3
+github.com/calypr/git-drs/cmd/prepush/main.go:454.27,455.52 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:455.52,456.12 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:458.3,459.54 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:459.54,461.4 1 1
+github.com/calypr/git-drs/cmd/prepush/main.go:461.9,463.4 1 2
+github.com/calypr/git-drs/cmd/prepush/main.go:464.3,465.17 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:465.17,467.4 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:468.3,468.68 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:468.68,470.18 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:470.18,471.13 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:473.4,473.26 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:476.2,477.24 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:477.24,479.3 1 3
+github.com/calypr/git-drs/cmd/prepush/main.go:480.2,481.19 2 3
+github.com/calypr/git-drs/cmd/prepush/main.go:484.69,488.16 4 3
+github.com/calypr/git-drs/cmd/prepush/main.go:488.16,490.3 1 0
+github.com/calypr/git-drs/cmd/prepush/main.go:491.2,491.25 1 3
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:21.59,22.40 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:22.40,24.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:25.2,27.21 3 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:27.21,29.22 2 6
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:29.22,30.12 1 1
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:32.3,37.5 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:39.2,39.38 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:39.38,41.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:42.2,42.40 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:42.40,44.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:45.2,45.18 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:48.50,51.27 3 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:51.27,52.46 1 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:52.46,54.20 2 4
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:54.20,56.5 1 4
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:59.2,60.26 2 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:60.26,62.3 1 4
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:63.2,64.17 2 5
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:67.60,69.27 2 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:69.27,74.3 1 0
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:75.2,75.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:33.46,34.16 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:34.16,36.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:38.2,42.34 5 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:42.34,44.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:46.2,47.21 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:47.21,49.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:50.2,50.59 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:53.134,54.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:54.19,56.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:57.2,58.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:62.2,62.25 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:62.25,64.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:65.2,65.29 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:65.29,67.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:67.8,69.3 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:70.2,76.27 5 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:76.27,77.80 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:77.80,79.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:82.2,82.24 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:87.93,88.19 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:88.19,90.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:91.2,92.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:92.16,94.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:96.2,99.27 4 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:99.27,101.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:101.16,102.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:104.3,104.29 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:104.29,105.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:107.3,108.80 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:108.80,110.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:112.2,112.24 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:117.110,118.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:118.19,120.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:121.2,122.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:122.16,124.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:125.2,126.15 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:126.15,128.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:129.2,131.26 3 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:131.26,133.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:134.2,134.105 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:134.105,136.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:137.2,137.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:143.79,144.19 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:144.19,146.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:147.2,148.16 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:148.16,150.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:151.2,154.16 4 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:154.16,156.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:157.2,158.29 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:158.29,160.17 2 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:160.17,161.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:163.3,164.10 2 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:164.10,165.12 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:167.3,174.4 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:176.2,176.19 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:183.78,184.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:184.19,186.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:187.2,188.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:188.16,190.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:191.2,194.16 4 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:194.16,196.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:197.2,198.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:198.16,200.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:201.2,202.31 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:202.31,203.61 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:203.61,205.12 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:207.3,207.63 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:207.63,209.4 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:211.2,211.19 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:214.126,216.16 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:216.16,218.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:219.2,219.72 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:222.139,223.21 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:223.21,225.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:227.2,228.16 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:228.16,230.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:231.2,231.32 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:231.32,233.10 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:233.10,234.12 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:236.3,243.4 1 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:246.2,246.12 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:249.43,250.21 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:250.21,252.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:253.2,255.29 3 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:255.29,257.17 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:257.17,258.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:260.3,260.30 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:260.30,261.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:263.3,264.26 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:266.2,266.12 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:269.109,270.21 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:270.21,272.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:274.2,280.34 7 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:280.34,282.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:282.16,284.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:285.3,285.36 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:288.2,290.29 3 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:290.29,292.17 2 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:292.17,294.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:295.3,295.44 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:295.44,296.12 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:298.3,299.17 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:299.17,301.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:302.3,303.57 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:303.57,305.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:306.3,306.55 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:306.55,308.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:309.3,309.32 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:311.2,311.19 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:314.56,316.29 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:316.29,321.3 4 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:322.2,322.19 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:325.55,327.6 2 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:327.6,329.17 2 279
+github.com/calypr/git-drs/internal/lfs/inventory.go:329.17,331.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:332.3,332.16 1 279
+github.com/calypr/git-drs/internal/lfs/inventory.go:332.16,334.4 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:335.3,335.25 1 273
+github.com/calypr/git-drs/internal/lfs/inventory.go:339.55,341.21 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:341.21,343.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:344.2,345.28 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:345.28,347.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:348.2,348.18 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:351.51,353.16 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:353.16,355.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:356.2,356.15 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:356.15,358.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:359.2,359.12 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:362.86,364.16 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:364.16,366.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:367.2,369.28 3 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:369.28,371.18 2 9
+github.com/calypr/git-drs/internal/lfs/inventory.go:371.18,372.12 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:374.3,374.31 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:376.2,376.19 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:379.99,380.21 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:380.21,382.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:384.2,390.34 7 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:390.34,392.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:392.16,394.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:395.3,395.59 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:398.2,400.37 3 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:400.37,404.37 4 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:404.37,405.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:407.3,407.29 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:407.29,409.4 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:411.2,411.22 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:414.41,415.34 1 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:416.20,417.14 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:418.10,419.15 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:423.72,425.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:425.16,427.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:428.2,429.9 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:429.9,431.3 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:432.2,439.9 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:442.90,444.16 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:444.16,446.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:447.2,448.9 2 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:448.9,450.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:451.2,458.9 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:461.83,468.16 7 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:468.16,470.58 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:470.58,472.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:473.3,474.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:474.16,476.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:477.3,477.36 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:480.2,483.28 4 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:483.28,485.18 2 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:485.18,486.12 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:488.3,489.38 2 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:489.38,491.4 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:492.3,492.30 1 3
+github.com/calypr/git-drs/internal/lfs/inventory.go:494.2,494.19 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:497.89,503.34 6 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:503.34,505.16 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:505.16,507.4 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:508.3,508.35 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:510.2,510.29 1 4
+github.com/calypr/git-drs/internal/lfs/inventory.go:520.57,524.86 3 11
+github.com/calypr/git-drs/internal/lfs/inventory.go:524.86,526.17 2 29
+github.com/calypr/git-drs/internal/lfs/inventory.go:526.17,527.12 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:529.3,529.42 1 23
+github.com/calypr/git-drs/internal/lfs/inventory.go:529.42,531.12 2 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:533.3,533.38 1 17
+github.com/calypr/git-drs/internal/lfs/inventory.go:533.38,536.23 3 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:536.23,538.5 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:539.4,541.12 3 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:543.3,543.39 1 11
+github.com/calypr/git-drs/internal/lfs/inventory.go:543.39,546.28 3 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:546.28,548.5 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:549.4,549.15 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:553.2,553.55 1 11
+github.com/calypr/git-drs/internal/lfs/inventory.go:553.55,555.3 1 5
+github.com/calypr/git-drs/internal/lfs/inventory.go:556.2,556.59 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:556.59,558.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:560.2,560.16 1 6
+github.com/calypr/git-drs/internal/lfs/inventory.go:565.69,567.9 2 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:567.9,569.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:570.2,570.40 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:573.44,574.24 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:574.24,576.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:577.2,579.34 3 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:579.34,581.19 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:581.19,582.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:584.3,585.62 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:585.62,587.4 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:588.3,588.29 1 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:588.29,589.12 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:591.3,592.27 2 2
+github.com/calypr/git-drs/internal/lfs/inventory.go:594.2,594.20 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:594.20,596.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:597.2,597.13 1 1
+github.com/calypr/git-drs/internal/lfs/inventory.go:601.67,604.18 3 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:604.18,606.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:609.2,615.16 5 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:615.16,617.3 1 0
+github.com/calypr/git-drs/internal/lfs/inventory.go:619.2,619.12 1 0
+github.com/calypr/git-drs/internal/lfs/object_path.go:10.62,12.20 2 1
+github.com/calypr/git-drs/internal/lfs/object_path.go:12.20,14.3 1 1
+github.com/calypr/git-drs/internal/lfs/object_path.go:16.2,16.61 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:15.78,18.16 3 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:18.16,20.14 2 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:20.14,22.4 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:23.3,23.44 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:25.2,25.23 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:31.79,33.16 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:33.16,35.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:36.2,38.15 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:38.15,40.3 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:42.2,42.87 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:42.87,44.32 2 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:44.32,46.4 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:49.2,49.26 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:49.26,51.3 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:52.2,52.33 1 3
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:55.66,58.16 3 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:58.16,60.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:61.2,61.23 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:64.36,65.31 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:65.31,67.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:68.2,68.62 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:68.62,70.3 1 1
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:71.2,72.16 2 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:72.16,74.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:75.2,75.44 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:78.67,80.16 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:80.16,82.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:83.2,84.15 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:84.15,86.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:87.2,87.26 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:87.26,89.17 2 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:89.17,91.4 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:93.2,93.17 1 4
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:97.73,99.16 2 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:99.16,101.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:102.2,103.16 2 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:103.16,105.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:106.2,106.19 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:106.19,108.3 1 0
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:109.2,109.35 1 0
diff --git a/coverage/summary.txt b/coverage/summary.txt
index bca1b049..9b02c2ce 100644
--- a/coverage/summary.txt
+++ b/coverage/summary.txt
@@ -1,322 +1,435 @@
-github.com/calypr/git-drs/cmd/addref/add-ref.go:61:			init					100.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:42:			updatePrecommitCache			69.6%
-github.com/calypr/git-drs/cmd/addurl/cache.go:97:			ensureCacheDirs				63.6%
-github.com/calypr/git-drs/cmd/addurl/cache.go:120:			repoRelativePath			70.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:152:			cachePathEntryFile			100.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:159:			cacheOIDEntryFile			100.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:167:			readPathEntry				77.8%
-github.com/calypr/git-drs/cmd/addurl/cache.go:185:			readOIDEntry				80.0%
-github.com/calypr/git-drs/cmd/addurl/cache.go:208:			upsertOIDEntry				82.4%
-github.com/calypr/git-drs/cmd/addurl/cache.go:237:			removePathFromOID			78.6%
-github.com/calypr/git-drs/cmd/addurl/cache.go:260:			sortedKeys				100.0%
-github.com/calypr/git-drs/cmd/addurl/io.go:17:				writePointerFile			69.2%
-github.com/calypr/git-drs/cmd/addurl/io.go:45:				maybeTrackLFS				28.6%
-github.com/calypr/git-drs/cmd/addurl/io.go:61:				printResolvedInfo			66.7%
-github.com/calypr/git-drs/cmd/addurl/io.go:106:				writeJSONAtomic				70.0%
-github.com/calypr/git-drs/cmd/addurl/main.go:13:			NewCommand				50.0%
-github.com/calypr/git-drs/cmd/addurl/main.go:30:			addFlags				100.0%
-github.com/calypr/git-drs/cmd/addurl/main.go:39:			runAddURL				0.0%
-github.com/calypr/git-drs/cmd/addurl/params.go:23:			parseAddURLInput			75.0%
-github.com/calypr/git-drs/cmd/addurl/params.go:54:			resolvePathArg				66.7%
-github.com/calypr/git-drs/cmd/addurl/params.go:65:			firstNonEmpty				100.0%
-github.com/calypr/git-drs/cmd/addurl/scope.go:10:			resolveTargetScope			75.0%
-github.com/calypr/git-drs/cmd/addurl/service.go:31:			NewAddURLService			100.0%
-github.com/calypr/git-drs/cmd/addurl/service.go:46:			Run					68.8%
-github.com/calypr/git-drs/cmd/addurl/service.go:138:			ensureLFSObject				66.7%
-github.com/calypr/git-drs/cmd/bucket/main.go:53:			normalizeStoragePath			78.6%
-github.com/calypr/git-drs/cmd/bucket/main.go:77:			bucketFromStoragePath			77.8%
-github.com/calypr/git-drs/cmd/bucket/main.go:178:			addScope				0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:228:			resolveEndpointAndToken			0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:285:			upsertServerBucket			0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:321:			addServerBucketScope			0.0%
-github.com/calypr/git-drs/cmd/bucket/main.go:357:			init					100.0%
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:103:		readCredentialRequest			93.8%
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:129:		resolveRemote				0.0%
-github.com/calypr/git-drs/cmd/credentialhelper/main.go:149:		requestMatchesEndpointHost		75.0%
-github.com/calypr/git-drs/cmd/delete/main.go:100:			init					100.0%
-github.com/calypr/git-drs/cmd/deleteproject/main.go:110:		init					100.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:95:			initGitConfig				75.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:115:			init					100.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:122:			installPrePushHook			75.0%
-github.com/calypr/git-drs/cmd/initialize/main.go:178:			installPreCommitHook			77.8%
-github.com/calypr/git-drs/cmd/install/main.go:17:			NewCommand				66.7%
-github.com/calypr/git-drs/cmd/install/main.go:36:			installGlobalFilterConfig		100.0%
-github.com/calypr/git-drs/cmd/install/main.go:56:			defaultGitConfigRunner			0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:81:			main					0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:91:			run					0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:187:			handleUpsert				65.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:233:			handleDelete				0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:272:			stagedChanges				0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:310:			stagedLFSOID				91.3%
-github.com/calypr/git-drs/cmd/precommit/main.go:352:			gitRevParseGitDir			0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:373:			git					63.6%
-github.com/calypr/git-drs/cmd/precommit/main.go:392:			pathEntryFile				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:396:			encodePath				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:401:			oidEntryFile				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:414:			oidAddOrReplacePath			75.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:447:			oidRemovePath				0.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:475:			keysSorted				100.0%
-github.com/calypr/git-drs/cmd/precommit/main.go:486:			writeJSONAtomic				61.9%
-github.com/calypr/git-drs/cmd/precommit/main.go:516:			moveFileBestEffort			0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:48:			NewPrePushService			0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:57:			Run					0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:183:			toMetadataCandidate			47.2%
-github.com/calypr/git-drs/cmd/prepush/main.go:255:			submitPendingLFSMeta			80.5%
-github.com/calypr/git-drs/cmd/prepush/main.go:323:			resolveRemoteAuthHeader			100.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:337:			parseRemoteArgs				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:358:			bufferStdin				50.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:381:			readPushedRefs				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:413:			branchesFromRefs			0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:432:			openCache				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:449:			collectLfsFiles				0.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:472:			normalizeCachedOID			100.0%
-github.com/calypr/git-drs/cmd/prepush/main.go:480:			lfsFilesFromCache			69.6%
-github.com/calypr/git-drs/cmd/prepush/main.go:520:			listPushedPaths				86.4%
-github.com/calypr/git-drs/cmd/prepush/main.go:553:			gitOutput				83.3%
-github.com/calypr/git-drs/cmd/prepush/main.go:566:			readPushedBranches			83.3%
-github.com/calypr/git-drs/cmd/pull/main.go:176:				commandMessage				0.0%
-github.com/calypr/git-drs/cmd/pull/main.go:184:				isMissingGitLFS				0.0%
-github.com/calypr/git-drs/cmd/pull/main.go:188:				checkoutDownloadedFiles			0.0%
-github.com/calypr/git-drs/cmd/pull/main.go:212:				buildPullDownloadDebugContext		0.0%
-github.com/calypr/git-drs/cmd/push/main.go:85:				init					100.0%
-github.com/calypr/git-drs/cmd/query/main.go:21:				queryByChecksum				0.0%
-github.com/calypr/git-drs/cmd/query/main.go:29:				checksumTypeForString			100.0%
-github.com/calypr/git-drs/cmd/query/main.go:96:				init					100.0%
-github.com/calypr/git-drs/cmd/remote/add/gen3.go:48:			gen3Init				0.0%
-github.com/calypr/git-drs/cmd/remote/add/init.go:22:			init					100.0%
-github.com/calypr/git-drs/cmd/remote/root.go:14:			init					100.0%
-github.com/calypr/git-drs/cmd/smudge/main.go:34:			runSmudge				65.0%
-github.com/calypr/git-drs/cmd/smudge/main.go:68:			init					0.0%
-github.com/calypr/git-drs/cmd/track/main.go:18:				NewCommand				100.0%
-github.com/calypr/git-drs/cmd/track/main.go:33:				runTrack				77.8%
-github.com/calypr/git-drs/cmd/untrack/main.go:15:			NewCommand				100.0%
-github.com/calypr/git-drs/cmd/untrack/main.go:30:			runUntrack				73.3%
-github.com/calypr/git-drs/cmd/version/main.go:20:			buildVersion				55.6%
-github.com/calypr/git-drs/internal/cloud/inspect.go:65:			InspectObjectForLFS			0.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:112:		openBucketForLocation			0.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:159:		parseObjectLocation			66.7%
-github.com/calypr/git-drs/internal/cloud/inspect.go:249:		buildS3BucketURL			100.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:272:		normalizeCloudBucketURL			33.3%
-github.com/calypr/git-drs/internal/cloud/inspect.go:296:		firstNonEmpty				100.0%
-github.com/calypr/git-drs/internal/cloud/inspect.go:312:		normalizeSHA256				87.5%
-github.com/calypr/git-drs/internal/cloud/inspect.go:327:		extractSHA256FromMetadata		83.3%
-github.com/calypr/git-drs/internal/common/common.go:18:			AddUnique				100.0%
-github.com/calypr/git-drs/internal/common/common.go:40:			ProjectToResource			0.0%
-github.com/calypr/git-drs/internal/common/common.go:58:			ParseOrgProject				87.5%
-github.com/calypr/git-drs/internal/common/common.go:74:			AuthzMapFromOrgProject			100.0%
-github.com/calypr/git-drs/internal/common/common.go:88:			AuthzMatchesScope			90.9%
-github.com/calypr/git-drs/internal/common/common.go:108:		CalculateFileSHA256			87.5%
-github.com/calypr/git-drs/internal/common/common.go:123:		NormalizeChecksum			100.0%
-github.com/calypr/git-drs/internal/common/common.go:129:		NormalizeOid				0.0%
-github.com/calypr/git-drs/internal/common/common.go:133:		StoragePrefix				0.0%
-github.com/calypr/git-drs/internal/common/common.go:148:		NewObjectBuilder			0.0%
-github.com/calypr/git-drs/internal/common/common.go:152:		Build					0.0%
-github.com/calypr/git-drs/internal/common/common.go:157:		BuildDrsObjWithPrefix			0.0%
-github.com/calypr/git-drs/internal/common/common.go:166:		ConvertToCandidate			0.0%
-github.com/calypr/git-drs/internal/common/common.go:192:		BuildDrsObjWithOptions			81.2%
-github.com/calypr/git-drs/internal/common/common.go:234:		BuildAccessURL				60.0%
-github.com/calypr/git-drs/internal/common/common.go:274:		schemeFromProvider			40.0%
-github.com/calypr/git-drs/internal/common/common.go:287:		accessMethodTypeForScheme		50.0%
-github.com/calypr/git-drs/internal/common/common.go:299:		PrintDRSObject				0.0%
-github.com/calypr/git-drs/internal/common/confirmation.go:14:		PromptForConfirmation			91.7%
-github.com/calypr/git-drs/internal/common/confirmation.go:37:		DisplayWarningHeader			100.0%
-github.com/calypr/git-drs/internal/common/confirmation.go:42:		DisplayField				100.0%
-github.com/calypr/git-drs/internal/common/confirmation.go:47:		DisplayFooter				100.0%
-github.com/calypr/git-drs/internal/common/jwt.go:10:			ParseEmailFromToken			100.0%
-github.com/calypr/git-drs/internal/common/jwt.go:31:			ParseAPIEndpointFromToken		90.9%
-github.com/calypr/git-drs/internal/config/config.go:31:			AllRemoteTypes				100.0%
-github.com/calypr/git-drs/internal/config/config.go:35:			IsValidRemoteType			100.0%
-github.com/calypr/git-drs/internal/config/config.go:56:			GetRemoteClient				36.4%
-github.com/calypr/git-drs/internal/config/config.go:76:			GetRemote				62.5%
-github.com/calypr/git-drs/internal/config/config.go:90:			GetDefaultRemote			60.0%
-github.com/calypr/git-drs/internal/config/config.go:116:		GetRemoteOrDefault			100.0%
-github.com/calypr/git-drs/internal/config/config.go:124:		listRemoteNames				0.0%
-github.com/calypr/git-drs/internal/config/config.go:133:		getRepo					100.0%
-github.com/calypr/git-drs/internal/config/config.go:137:		ConfigPath				0.0%
-github.com/calypr/git-drs/internal/config/config.go:147:		UpdateRemote				74.3%
-github.com/calypr/git-drs/internal/config/config.go:205:		parseAndAddRemote			88.9%
-github.com/calypr/git-drs/internal/config/config.go:235:		LoadConfig				83.3%
-github.com/calypr/git-drs/internal/config/config.go:282:		CreateEmptyConfig			100.0%
-github.com/calypr/git-drs/internal/config/config.go:290:		GetProjectId				0.0%
-github.com/calypr/git-drs/internal/config/config.go:303:		SaveConfig				77.8%
-github.com/calypr/git-drs/internal/config/config.go:323:		getConfigPath				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:54:			GetProjectId				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:55:			GetOrganization				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:56:			GetEndpoint				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:57:			GetBucketName				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:58:			GetStoragePrefix			0.0%
-github.com/calypr/git-drs/internal/config/remote.go:60:			GetClient				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:82:			GetProjectId				100.0%
-github.com/calypr/git-drs/internal/config/remote.go:89:			GetOrganization				100.0%
-github.com/calypr/git-drs/internal/config/remote.go:90:			GetEndpoint				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:91:			GetBucketName				100.0%
-github.com/calypr/git-drs/internal/config/remote.go:92:			GetStoragePrefix			100.0%
-github.com/calypr/git-drs/internal/config/remote.go:94:			GetClient				84.6%
-github.com/calypr/git-drs/internal/config/remote.go:147:		newGitContext				0.0%
-github.com/calypr/git-drs/internal/config/remote.go:199:		localRemoteFromGen3			0.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:50:			init					50.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:65:			TraceEnabled				100.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:95:			NewLogger				84.2%
-github.com/calypr/git-drs/internal/drslog/logger.go:144:		GetLogger				75.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:165:		Close					85.7%
-github.com/calypr/git-drs/internal/drslog/logger.go:188:		NewNoOpLogger				100.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:206:		resolveLogLevel				66.7%
-github.com/calypr/git-drs/internal/drslog/logger.go:235:		readLogLevelFromGitConfig		42.9%
-github.com/calypr/git-drs/internal/drslog/logger.go:259:		parseLogLevel				0.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:288:		replaceSourceAttr			87.5%
-github.com/calypr/git-drs/internal/drslog/logger.go:323:		formatSourcePath			76.5%
-github.com/calypr/git-drs/internal/drslog/logger.go:361:		modulePathSuffix			100.0%
-github.com/calypr/git-drs/internal/drslog/logger.go:387:		repoRootPath				85.7%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:15:		ObjectsByHash				0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:34:		ObjectsByHashForScope			0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:48:		AccessURLForHashScope			0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:71:		BulkAccessURLsForObjects		76.2%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:121:		firstAccessID				66.7%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:132:		stringPtrValue				66.7%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:139:		MatchesScope				0.0%
-github.com/calypr/git-drs/internal/drslookup/lookup.go:154:		normalizeChecksum			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:31:		PushLocalDrsObjects			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:41:		SyncObjectsWithServer			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:112:		SyncFilesWithServer			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:123:		PullRemoteDrsObjects			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:156:		UpdateDrsObjects			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:180:		UpdateDrsObjectsWithFiles		0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:287:		WriteDrsFile				47.6%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:339:		WriteDrsObj				100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:344:		DrsUUID					100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:354:		DrsInfoFromOid				100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:358:		GetObjectPath				100.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:365:		CreateCustomPath			0.0%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:390:		FindMatchingRecord			78.6%
-github.com/calypr/git-drs/internal/drsmap/drs_map.go:427:		RunLfsPushDryRun			0.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:16:		normalizeBucketMapKeyPart		100.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:24:		orgBucketKey				100.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:28:		projectBucketKey			100.0%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:32:		SetBucketMapping			87.5%
-github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:68:		GetBucketMapping			77.3%
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:16:		ResolveBucketScope			63.3%
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:77:		getExactBucketMapping			76.9%
-github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:100:		joinBucketPrefixes			100.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:10:		remoteTokenKey				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:14:		remoteUsernameKey			100.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:18:		remotePasswordKey			100.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:22:		remoteLFSURL				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:31:		GetRemoteToken				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:36:		SetRemoteToken				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:47:		GetRemoteBasicAuth			71.4%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:59:		SetRemoteBasicAuth			62.5%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:83:		ConfigureCredentialHelperForRepo	0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:104:		containsOption				0.0%
-github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:114:		SetRemoteLFSURL				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:14:			DrsTopLevel				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:23:			GetRepo					75.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:32:			GitTopLevel				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:46:			GetGitConfigString			100.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:57:			GetGitConfigInt				0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:70:			GetGitConfigBool			0.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:82:			SetGitConfigOptions			81.2%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:110:			UnsetGitConfigOptions			100.0%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:122:			GetGitHooksDir				71.4%
-github.com/calypr/git-drs/internal/gitrepo/repo.go:137:			AddFile					0.0%
-github.com/calypr/git-drs/internal/lfs/clean.go:26:			ParseLFSPointer				91.7%
-github.com/calypr/git-drs/internal/lfs/clean.go:49:			WriteDrsMap				100.0%
-github.com/calypr/git-drs/internal/lfs/clean.go:76:			CleanContent				51.2%
-github.com/calypr/git-drs/internal/lfs/download.go:24:			DownloadToCachePath			0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:42:			DownloadResolvedToCachePath		0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:69:			newScopedBackend			0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:87:			newScopedBackendFromResolved		0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:99:			Name					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:101:			Logger					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:103:			Validate				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:107:			Stat					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:119:			GetReader				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:123:			GetRangeReader				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:131:			GetWriter				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:135:			Upload					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:139:			MultipartInit				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:143:			MultipartPart				0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:147:			MultipartComplete			0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:151:			Delete					0.0%
-github.com/calypr/git-drs/internal/lfs/download.go:155:			download				0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:56:			NewGitFilter				100.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:65:			OnSmudge				100.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:71:			OnClean					0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:78:			Run					63.6%
-github.com/calypr/git-drs/internal/lfs/filter.go:116:			handshake				60.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:152:			processOne				68.4%
-github.com/calypr/git-drs/internal/lfs/filter.go:187:			handleSmudge				66.7%
-github.com/calypr/git-drs/internal/lfs/filter.go:199:			handleClean				0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:212:			passthroughSmudge			0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:217:			passthroughClean			0.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:230:			writeSuccessResponse			66.7%
-github.com/calypr/git-drs/internal/lfs/filter.go:255:			readRequest				100.0%
-github.com/calypr/git-drs/internal/lfs/filter.go:277:			readContent				100.0%
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:16:		UpsertDRSRouteLines			85.1%
-github.com/calypr/git-drs/internal/lfs/gitattributes.go:106:		parseRouteLine				80.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:19:			runGitAllowMissing			87.5%
-github.com/calypr/git-drs/internal/lfs/helpers.go:47:			resolveLFSRoot				92.3%
-github.com/calypr/git-drs/internal/lfs/helpers.go:73:			runGit					80.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:82:			userHomeDir				37.5%
-github.com/calypr/git-drs/internal/lfs/helpers.go:99:			GetGitAttribute				0.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:111:			GitLFSTrack				0.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:119:			GitLFSTrackPatterns			69.6%
-github.com/calypr/git-drs/internal/lfs/helpers.go:160:			GitLFSListTrackedPatterns		79.2%
-github.com/calypr/git-drs/internal/lfs/helpers.go:198:			GitLFSUntrackPatterns			78.4%
-github.com/calypr/git-drs/internal/lfs/helpers.go:257:			readLocalGitAttributes			83.3%
-github.com/calypr/git-drs/internal/lfs/helpers.go:268:			parseKnownLFSPatterns			36.4%
-github.com/calypr/git-drs/internal/lfs/helpers.go:285:			writeMergedGitAttributes		40.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:325:			cleanRootPath				100.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:329:			trimCurrentPrefix			100.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:338:			escapeAttrPattern			85.7%
-github.com/calypr/git-drs/internal/lfs/helpers.go:353:			unescapeAttrPattern			100.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:367:			GitLFSTrackReadOnly			0.0%
-github.com/calypr/git-drs/internal/lfs/helpers.go:387:			gitRevParseGitCommonDir			81.8%
-github.com/calypr/git-drs/internal/lfs/helpers.go:408:			GetGitRootDirectories			0.0%
-github.com/calypr/git-drs/internal/lfs/lfs.go:26:			RunPushDryRun				0.0%
-github.com/calypr/git-drs/internal/lfs/lfs.go:54:			GetAllLfsFiles				72.2%
-github.com/calypr/git-drs/internal/lfs/lfs.go:86:			addFilesFromRef				76.2%
-github.com/calypr/git-drs/internal/lfs/lfs.go:129:			runGitCommand				63.6%
-github.com/calypr/git-drs/internal/lfs/lfs.go:145:			parseLsTreeEntry			69.2%
-github.com/calypr/git-drs/internal/lfs/lfs.go:174:			parseLFSPointer				89.3%
-github.com/calypr/git-drs/internal/lfs/lfs.go:217:			buildRefs				77.8%
-github.com/calypr/git-drs/internal/lfs/lfs.go:244:			addFilesFromDryRun			71.4%
-github.com/calypr/git-drs/internal/lfs/lfs.go:349:			CreateLfsPointer			0.0%
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:15:		IsLFSTracked				78.6%
-github.com/calypr/git-drs/internal/lfs/lfs_tracked.go:71:		CheckIfLfsFile				0.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:13:			SyntheticOIDFromETag			80.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:22:			BuildAddURLSentinel			75.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:30:			IsAddURLSentinelBytes			100.0%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:34:			IsAddURLSentinelObject			77.8%
-github.com/calypr/git-drs/internal/lfs/sentinel.go:49:			WriteAddURLSentinelObject		66.7%
-github.com/calypr/git-drs/internal/lfs/smudge.go:21:			SmudgeContent				77.4%
-github.com/calypr/git-drs/internal/lfs/smudge.go:78:			copyObjectToWriter			100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:27:			NewObjectStore				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:34:			ObjectPath				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:39:			WriteObject				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:44:			ReadObject				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:49:			ObjectPath				100.0%
-github.com/calypr/git-drs/internal/lfs/store.go:61:			WriteObject				63.6%
-github.com/calypr/git-drs/internal/lfs/store.go:81:			ReadObject				70.0%
-github.com/calypr/git-drs/internal/lfs/store.go:101:			GetPendingObjects			0.0%
-github.com/calypr/git-drs/internal/lfs/store.go:137:			GetDrsLfsObjects			0.0%
-github.com/calypr/git-drs/internal/lfs/util.go:16:			BaseDir					75.0%
-github.com/calypr/git-drs/internal/lfs/util.go:29:			call					81.8%
-github.com/calypr/git-drs/internal/lfs/util.go:46:			ObjectWalk				80.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:59:	Open					80.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:81:	LookupOIDByPath				66.7%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:95:	LookupPathsByOID			0.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:107:	LookupExternalURLByOID			71.4%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:122:	ResolveExternalURLByPath		75.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:137:	ReadPathEntry				60.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:156:	ReadOIDEntry				60.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:179:	CheckExternalURLMismatch		100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:196:	StaleAfter				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:210:	pathEntryFile				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:216:	oidEntryFile				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:223:	EncodePath				100.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:229:	DecodePath				75.0%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:244:	gitRevParseGitDir			76.9%
-github.com/calypr/git-drs/internal/precommit_cache/helpers.go:266:	git					83.3%
-github.com/calypr/git-drs/internal/version/version.go:22:		String					100.0%
-github.com/calypr/git-drs/internal/version/version.go:27:		LogFields				100.0%
-total:									(statements)				50.5%
+github.com/calypr/git-drs/cmd/addref/add-ref.go:61:			init						100.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:42:			updatePrecommitCache				69.6%
+github.com/calypr/git-drs/cmd/addurl/cache.go:97:			ensureCacheDirs					63.6%
+github.com/calypr/git-drs/cmd/addurl/cache.go:120:			repoRelativePath				70.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:152:			cachePathEntryFile				100.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:159:			cacheOIDEntryFile				100.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:167:			readPathEntry					77.8%
+github.com/calypr/git-drs/cmd/addurl/cache.go:185:			readOIDEntry					80.0%
+github.com/calypr/git-drs/cmd/addurl/cache.go:208:			upsertOIDEntry					82.4%
+github.com/calypr/git-drs/cmd/addurl/cache.go:237:			removePathFromOID				78.6%
+github.com/calypr/git-drs/cmd/addurl/cache.go:260:			sortedKeys					100.0%
+github.com/calypr/git-drs/cmd/addurl/io.go:17:				writePointerFile				69.2%
+github.com/calypr/git-drs/cmd/addurl/io.go:45:				maybeTrackLFS					28.6%
+github.com/calypr/git-drs/cmd/addurl/io.go:61:				printResolvedInfo				66.7%
+github.com/calypr/git-drs/cmd/addurl/io.go:106:				writeJSONAtomic					70.0%
+github.com/calypr/git-drs/cmd/addurl/main.go:13:			NewCommand					50.0%
+github.com/calypr/git-drs/cmd/addurl/main.go:30:			addFlags					100.0%
+github.com/calypr/git-drs/cmd/addurl/main.go:44:			runAddURL					0.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:23:			parseAddURLInput				72.7%
+github.com/calypr/git-drs/cmd/addurl/params.go:50:			resolvePathArg					75.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:64:			looksLikeCloudURL				75.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:80:			resolveObjectURL				60.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:100:			joinObjectKey					100.0%
+github.com/calypr/git-drs/cmd/addurl/params.go:111:			firstNonEmpty					100.0%
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:42:		inspectRemoteObjectViaServer			0.0%
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:85:		parseInspectLastModified			0.0%
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:97:		mapInspectError					63.6%
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:119:		looksLikeInspectRouteMissing			100.0%
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:127:		fallbackInspectMessage				66.7%
+github.com/calypr/git-drs/cmd/addurl/remote_inspect.go:134:		errorAsResponse					80.0%
+github.com/calypr/git-drs/cmd/addurl/scope.go:10:			resolveTargetScope				75.0%
+github.com/calypr/git-drs/cmd/addurl/service.go:37:			NewAddURLService				50.0%
+github.com/calypr/git-drs/cmd/addurl/service.go:55:			Run						71.9%
+github.com/calypr/git-drs/cmd/addurl/service.go:165:			writeAddURLDrsObject				63.2%
+github.com/calypr/git-drs/cmd/addurl/service.go:209:			ensureLFSObject					80.0%
+github.com/calypr/git-drs/cmd/addurl/service.go:219:			placeholderOIDForUnknownSHA			87.5%
+github.com/calypr/git-drs/cmd/bucket/main.go:53:			normalizeStoragePath				78.6%
+github.com/calypr/git-drs/cmd/bucket/main.go:77:			bucketFromStoragePath				77.8%
+github.com/calypr/git-drs/cmd/bucket/main.go:178:			addScope					0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:228:			resolveEndpointAndToken				0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:288:			upsertServerBucket				0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:324:			addServerBucketScope				0.0%
+github.com/calypr/git-drs/cmd/bucket/main.go:360:			init						100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:80:			newRawIndexAPI					0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:84:			List						0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:111:			BulkDocuments					0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:119:			BulkHashes					0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:127:			CreateBulk					0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:219:			init						100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:224:			parseScopeArg					0.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:241:			copyProjectRecords				81.2%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:309:			listSourceRecordsByControlledAccess		78.1%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:359:			recordHasControlledAccess			83.3%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:371:			buildMergedBatch				86.4%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:458:			targetRecordForSource				64.7%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:488:			copyRecordSHA256				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:495:			dedupeCopyRecordsByDID				84.6%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:515:			mergeExistingRecord				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:545:			mergeStringLists				93.8%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:570:			mergeAccessMethods				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:592:			canonicalAccessMethod				75.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:600:			equalStringPointers				100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:604:			equalStringValuePointers			100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:608:			equalAccessMethodPointers			100.0%
+github.com/calypr/git-drs/cmd/copyrecords/main.go:612:			equalJSON					100.0%
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:104:		readCredentialRequest				93.8%
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:130:		resolveRemote					0.0%
+github.com/calypr/git-drs/cmd/credentialhelper/main.go:150:		requestMatchesEndpointHost			75.0%
+github.com/calypr/git-drs/cmd/delete/main.go:100:			init						100.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:52:			InitializeRepo					70.4%
+github.com/calypr/git-drs/cmd/initialize/main.go:104:			EnsureInitialized				83.3%
+github.com/calypr/git-drs/cmd/initialize/main.go:115:			isInitialized					60.9%
+github.com/calypr/git-drs/cmd/initialize/main.go:155:			hookContains					55.6%
+github.com/calypr/git-drs/cmd/initialize/main.go:172:			initGitConfig					66.7%
+github.com/calypr/git-drs/cmd/initialize/main.go:199:			init						100.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:207:			installPrePushHook				75.0%
+github.com/calypr/git-drs/cmd/initialize/main.go:263:			installPreCommitHook				77.8%
+github.com/calypr/git-drs/cmd/install/main.go:17:			NewCommand					66.7%
+github.com/calypr/git-drs/cmd/install/main.go:36:			installGlobalFilterConfig			100.0%
+github.com/calypr/git-drs/cmd/install/main.go:56:			defaultGitConfigRunner				0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:58:			defaultListRemoteRefs				0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:82:			defaultListGitRemotes				0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:102:			defaultResolveDefaultRemote			0.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:125:			collectRows					86.5%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:247:			printRows					63.6%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:284:			shortOID					66.7%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:291:			isLocalized					100.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:300:			validateOutputFlags				80.0%
+github.com/calypr/git-drs/cmd/lsfiles/main.go:329:			init						100.0%
+github.com/calypr/git-drs/cmd/ping/main.go:56:				resolveStatus					66.7%
+github.com/calypr/git-drs/cmd/ping/main.go:103:				printStatus					100.0%
+github.com/calypr/git-drs/cmd/ping/main.go:118:				authMode					57.1%
+github.com/calypr/git-drs/cmd/ping/main.go:131:				blankIfEmpty					75.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:93:			main						0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:103:			run						36.5%
+github.com/calypr/git-drs/cmd/precommit/main.go:212:			handleUpsert					65.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:258:			handleDelete					0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:297:			stagedChanges					66.7%
+github.com/calypr/git-drs/cmd/precommit/main.go:335:			stagedLFSOID					91.3%
+github.com/calypr/git-drs/cmd/precommit/main.go:377:			stagedBlobSize					71.4%
+github.com/calypr/git-drs/cmd/precommit/main.go:389:			collectOversizedPlainGitStagedFiles		70.4%
+github.com/calypr/git-drs/cmd/precommit/main.go:429:			promptOversizedDirectGitCommit			0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:450:			humanBytes					0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:463:			gitRevParseGitDir				76.9%
+github.com/calypr/git-drs/cmd/precommit/main.go:484:			git						63.6%
+github.com/calypr/git-drs/cmd/precommit/main.go:503:			pathEntryFile					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:507:			encodePath					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:512:			oidEntryFile					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:525:			oidAddOrReplacePath				75.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:558:			oidRemovePath					0.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:586:			keysSorted					100.0%
+github.com/calypr/git-drs/cmd/precommit/main.go:597:			writeJSONAtomic					61.9%
+github.com/calypr/git-drs/cmd/precommit/main.go:627:			moveFileBestEffort				0.0%
+github.com/calypr/git-drs/cmd/prepush/io_helpers.go:9:			bufferStdin					50.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:49:			NewPrePushService				0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:58:			Run						0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:196:			toMetadataCandidate				50.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:265:			submitPendingLFSMeta				79.1%
+github.com/calypr/git-drs/cmd/prepush/main.go:335:			resolveRemoteAuthHeader				100.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:349:			parseRemoteArgs					0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:363:			openCache					0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:380:			collectLfsFiles					0.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:403:			normalizeCachedOID				100.0%
+github.com/calypr/git-drs/cmd/prepush/main.go:411:			lfsFilesFromCache				69.6%
+github.com/calypr/git-drs/cmd/prepush/main.go:451:			listPushedPaths					86.4%
+github.com/calypr/git-drs/cmd/prepush/main.go:484:			gitOutput					83.3%
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:21:		readPushedRefs					78.6%
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:48:		branchesFromRefs				100.0%
+github.com/calypr/git-drs/cmd/prepush/pushed_refs.go:67:		drsDeleteRefs					0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:189:				collectPointerFiles				100.0%
+github.com/calypr/git-drs/cmd/pull/main.go:207:				progressContextForPointer			0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:218:				checkoutDownloadedFiles				0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:260:				buildPullDownloadDebugContext			0.0%
+github.com/calypr/git-drs/cmd/pull/main.go:295:				init						100.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:35:			newPullProgressRenderer				100.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:42:			isPullWriterTTY					0.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:46:			render						85.7%
+github.com/calypr/git-drs/cmd/pull/progress.go:58:			OnPlan						100.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:75:			OnDownloadStart					80.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:91:			OnDownloadProgress				81.8%
+github.com/calypr/git-drs/cmd/pull/progress.go:109:			OnCheckoutStart					66.7%
+github.com/calypr/git-drs/cmd/pull/progress.go:124:			OnCompleted					72.7%
+github.com/calypr/git-drs/cmd/pull/progress.go:142:			Finish						80.0%
+github.com/calypr/git-drs/cmd/pull/progress.go:158:			renderLine					100.0%
+github.com/calypr/git-drs/cmd/push/main.go:134:				init						100.0%
+github.com/calypr/git-drs/cmd/push/main.go:139:				currentDeleteRefUpdates				85.7%
+github.com/calypr/git-drs/cmd/push/main.go:154:				currentPushRefUpdates				84.6%
+github.com/calypr/git-drs/cmd/push/main.go:178:				getRemoteMergeBase				0.0%
+github.com/calypr/git-drs/cmd/push/main.go:204:				listRefUpdatePaths				87.5%
+github.com/calypr/git-drs/cmd/push/main.go:239:				gitOutput					0.0%
+github.com/calypr/git-drs/cmd/push/progress.go:37:			newUploadProgressRenderer			100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:44:			renderLocked					88.9%
+github.com/calypr/git-drs/cmd/push/progress.go:59:			OnMetadataPlan					100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:73:			OnMetadataProgress				100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:98:			OnUploadPlan					100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:118:			OnUploadProgress				90.5%
+github.com/calypr/git-drs/cmd/push/progress.go:151:			Finish						86.7%
+github.com/calypr/git-drs/cmd/push/progress.go:174:			HadUploads					100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:180:			renderLine					100.0%
+github.com/calypr/git-drs/cmd/push/progress.go:211:			renderMetadataLine				83.3%
+github.com/calypr/git-drs/cmd/query/main.go:21:				queryByChecksum					0.0%
+github.com/calypr/git-drs/cmd/query/main.go:29:				checksumTypeForString				100.0%
+github.com/calypr/git-drs/cmd/query/main.go:96:				init						100.0%
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:12:		resolveBucketFromPayload			81.8%
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:32:		chooseVisibleBucket				91.7%
+github.com/calypr/git-drs/cmd/remote/add/bucket_lookup.go:54:		findBucketsByResource				92.3%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:57:			gen3Init					0.0%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:170:			parseScopeArg					90.9%
+github.com/calypr/git-drs/cmd/remote/add/gen3.go:188:			resolveBucketScopeFromServer			71.4%
+github.com/calypr/git-drs/cmd/remote/add/init.go:20:			init						100.0%
+github.com/calypr/git-drs/cmd/remote/add/local.go:90:			resolveBucketScopeFromLocalServer		70.0%
+github.com/calypr/git-drs/cmd/remote/root.go:14:			init						100.0%
+github.com/calypr/git-drs/cmd/rm/main.go:29:				run						82.4%
+github.com/calypr/git-drs/cmd/smudge/main.go:38:			runSmudge					56.5%
+github.com/calypr/git-drs/cmd/smudge/main.go:77:			init						0.0%
+github.com/calypr/git-drs/cmd/smudge/main.go:79:			shouldSkipSmudge				0.0%
+github.com/calypr/git-drs/cmd/track/main.go:18:				NewCommand					100.0%
+github.com/calypr/git-drs/cmd/track/main.go:33:				runTrack					77.8%
+github.com/calypr/git-drs/cmd/untrack/main.go:15:			NewCommand					100.0%
+github.com/calypr/git-drs/cmd/untrack/main.go:30:			runUntrack					73.3%
+github.com/calypr/git-drs/cmd/version/main.go:20:			buildVersion					55.6%
+github.com/calypr/git-drs/internal/common/common.go:18:			ParseOrgProject					87.5%
+github.com/calypr/git-drs/internal/common/common.go:33:			CalculateFileSHA256				87.5%
+github.com/calypr/git-drs/internal/common/common.go:49:			PrintDRSObject					0.0%
+github.com/calypr/git-drs/internal/common/confirmation.go:14:		PromptForConfirmation				91.7%
+github.com/calypr/git-drs/internal/common/confirmation.go:37:		DisplayWarningHeader				100.0%
+github.com/calypr/git-drs/internal/common/confirmation.go:42:		DisplayField					100.0%
+github.com/calypr/git-drs/internal/common/confirmation.go:47:		DisplayFooter					100.0%
+github.com/calypr/git-drs/internal/common/jwt.go:10:			ParseEmailFromToken				100.0%
+github.com/calypr/git-drs/internal/common/jwt.go:31:			ParseAPIEndpointFromToken			90.9%
+github.com/calypr/git-drs/internal/config/config.go:32:			AllRemoteTypes					100.0%
+github.com/calypr/git-drs/internal/config/config.go:36:			IsValidRemoteType				100.0%
+github.com/calypr/git-drs/internal/config/config.go:57:			GetRemoteClient					36.4%
+github.com/calypr/git-drs/internal/config/config.go:77:			GetRemote					62.5%
+github.com/calypr/git-drs/internal/config/config.go:91:			GetDefaultRemote				60.0%
+github.com/calypr/git-drs/internal/config/config.go:117:		GetRemoteOrDefault				100.0%
+github.com/calypr/git-drs/internal/config/config.go:125:		listRemoteNames					0.0%
+github.com/calypr/git-drs/internal/config/config.go:134:		getRepo						100.0%
+github.com/calypr/git-drs/internal/config/config.go:138:		ConfigPath					0.0%
+github.com/calypr/git-drs/internal/config/config.go:148:		UpdateRemote					74.3%
+github.com/calypr/git-drs/internal/config/config.go:206:		parseAndAddRemote				88.9%
+github.com/calypr/git-drs/internal/config/config.go:236:		LoadConfig					83.3%
+github.com/calypr/git-drs/internal/config/config.go:283:		CreateEmptyConfig				100.0%
+github.com/calypr/git-drs/internal/config/config.go:291:		GetProjectId					0.0%
+github.com/calypr/git-drs/internal/config/config.go:304:		SaveConfig					77.8%
+github.com/calypr/git-drs/internal/config/config.go:322:		RemoveRemote					0.0%
+github.com/calypr/git-drs/internal/config/config.go:367:		firstRemote					0.0%
+github.com/calypr/git-drs/internal/config/config.go:382:		getConfigPath					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:55:			GetProjectId					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:56:			GetOrganization					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:57:			GetEndpoint					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:58:			GetBucketName					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:59:			GetStoragePrefix				100.0%
+github.com/calypr/git-drs/internal/config/remote.go:61:			GetClient					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:86:			GetProjectId					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:93:			GetOrganization					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:94:			GetEndpoint					0.0%
+github.com/calypr/git-drs/internal/config/remote.go:95:			GetBucketName					100.0%
+github.com/calypr/git-drs/internal/config/remote.go:96:			GetStoragePrefix				100.0%
+github.com/calypr/git-drs/internal/config/remote.go:98:			GetClient					87.0%
+github.com/calypr/git-drs/internal/config/remote.go:146:		newGitContext					66.7%
+github.com/calypr/git-drs/internal/config/remote.go:193:		localRemoteFromGen3				0.0%
+github.com/calypr/git-drs/internal/config/remote.go:205:		WrapCredentialValidationError			0.0%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:18:		collectDeletedPointers				77.3%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:51:		deletedPaths					0.0%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:60:		gitDeletedPaths					80.0%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:82:		gitPointerOID					77.8%
+github.com/calypr/git-drs/internal/drsdelete/git_history.go:96:		isZeroSHA					100.0%
+github.com/calypr/git-drs/internal/drsdelete/live_refs.go:11:		collectLivePathsByOID				81.8%
+github.com/calypr/git-drs/internal/drsdelete/reconcile.go:27:		ReconcileCommittedDeletes			66.0%
+github.com/calypr/git-drs/internal/drsfilter/clean.go:21:		writeDrsMap					100.0%
+github.com/calypr/git-drs/internal/drsfilter/clean.go:48:		CleanContent					51.2%
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:22:		SmudgeContent					77.4%
+github.com/calypr/git-drs/internal/drsfilter/smudge.go:79:		copyObjectToWriter				100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:50:			init						50.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:65:			TraceEnabled					100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:95:			NewLogger					84.2%
+github.com/calypr/git-drs/internal/drslog/logger.go:144:		GetLogger					75.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:165:		Close						85.7%
+github.com/calypr/git-drs/internal/drslog/logger.go:188:		NewNoOpLogger					100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:206:		resolveLogLevel					66.7%
+github.com/calypr/git-drs/internal/drslog/logger.go:235:		readLogLevelFromGitConfig			42.9%
+github.com/calypr/git-drs/internal/drslog/logger.go:259:		parseLogLevel					0.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:288:		replaceSourceAttr				87.5%
+github.com/calypr/git-drs/internal/drslog/logger.go:323:		formatSourcePath				76.5%
+github.com/calypr/git-drs/internal/drslog/logger.go:361:		modulePathSuffix				100.0%
+github.com/calypr/git-drs/internal/drslog/logger.go:387:		repoRootPath					85.7%
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:22:		WriteObjectsForLFSFiles				78.3%
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:104:		ensureControlledAccess				72.7%
+github.com/calypr/git-drs/internal/drsmap/drs_map.go:121:		derefStringSlice				100.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:21:		NormalizeChecksum				100.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:27:		NormalizeOid					0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:40:		NewBuilder					0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:44:		Build						0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:49:		BuildWithPrefix					0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:58:		ConvertToCandidate				0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:76:		ConvertToInternalRecord				0.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:119:		BuildWithOptions				82.4%
+github.com/calypr/git-drs/internal/drsobject/object.go:162:		BuildAccessURL					60.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:202:		schemeFromProvider				40.0%
+github.com/calypr/git-drs/internal/drsobject/object.go:215:		accessMethodTypeForScheme			50.0%
+github.com/calypr/git-drs/internal/drsobject/store.go:13:		objectPath					100.0%
+github.com/calypr/git-drs/internal/drsobject/store.go:21:		WriteObject					63.6%
+github.com/calypr/git-drs/internal/drsobject/store.go:41:		ReadObject					70.0%
+github.com/calypr/git-drs/internal/drsremote/bulk.go:9:			bulkAccessRequest				85.7%
+github.com/calypr/git-drs/internal/drsremote/bulk.go:39:		accessIDForBulkRequest				66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:23:		ObjectsByHash					66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:38:		ObjectsByHashes					81.5%
+github.com/calypr/git-drs/internal/drsremote/remote.go:119:		ObjectsByHashForScope				87.5%
+github.com/calypr/git-drs/internal/drsremote/remote.go:133:		ObjectsByHashesForScope				90.9%
+github.com/calypr/git-drs/internal/drsremote/remote.go:151:		AccessURLForHashScope				66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:174:		BulkAccessURLsForObjects			66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:210:		DownloadToCachePath				0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:223:		DownloadResolvedToCachePath			0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:233:		DownloadResolvedToPath				66.7%
+github.com/calypr/git-drs/internal/drsremote/remote.go:248:		downloadResolved				0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:262:		Name						0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:266:		Logger						0.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:270:		Stat						100.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:278:		GetReader					100.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:282:		GetRangeReader					75.0%
+github.com/calypr/git-drs/internal/drsremote/remote.go:290:		download					85.7%
+github.com/calypr/git-drs/internal/drsremote/scope.go:12:		MatchesScope					100.0%
+github.com/calypr/git-drs/internal/drsremote/scope.go:16:		FindMatchingRecord				88.9%
+github.com/calypr/git-drs/internal/drstrack/routes.go:14:		UpsertDRSRouteLines				85.4%
+github.com/calypr/git-drs/internal/drstrack/routes.go:89:		parseRouteLine					80.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:16:		TrackPatterns					69.6%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:57:		ListTrackedPatterns				79.2%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:95:		UntrackPatterns					78.4%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:154:		readLocalGitAttributes				83.3%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:165:		parseKnownLFSPatterns				36.4%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:182:		writeMergedGitAttributes			40.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:222:		cleanRootPath					100.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:226:		trimCurrentPrefix				100.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:235:		escapeAttrPattern				85.7%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:250:		unescapeAttrPattern				100.0%
+github.com/calypr/git-drs/internal/drstrack/tracking.go:264:		TrackReadOnly					0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:56:	NewGitFilter					100.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:65:	OnSmudge					100.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:71:	OnClean						0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:78:	Run						63.6%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:116:	handshake					60.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:152:	processOne					68.4%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:187:	handleSmudge					66.7%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:199:	handleClean					0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:212:	passthroughSmudge				0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:217:	passthroughClean				0.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:230:	writeSuccessResponse				66.7%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:255:	readRequest					100.0%
+github.com/calypr/git-drs/internal/gitfilter/filter_process.go:277:	readContent					100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:16:		normalizeBucketMapKeyPart			100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:24:		orgBucketKey					100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:28:		projectBucketKey				100.0%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:32:		SetBucketMapping				87.5%
+github.com/calypr/git-drs/internal/gitrepo/bucket_map.go:68:		GetBucketMapping				77.3%
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:16:		ResolveBucketScope				59.4%
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:80:		getExactBucketMapping				76.9%
+github.com/calypr/git-drs/internal/gitrepo/bucket_scope.go:103:		joinBucketPrefixes				100.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:10:		remoteTokenKey					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:14:		remoteUsernameKey				100.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:18:		remotePasswordKey				100.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:22:		remoteLFSURL					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:31:		GetRemoteToken					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:36:		SetRemoteToken					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:47:		GetRemoteBasicAuth				71.4%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:59:		SetRemoteBasicAuth				62.5%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:83:		ConfigureCredentialHelperForRepo		0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:104:		containsOption					0.0%
+github.com/calypr/git-drs/internal/gitrepo/lfs_auth.go:114:		SetRemoteLFSURL					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:14:			DrsTopLevel					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:23:			GetRepo						75.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:32:			GitTopLevel					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:46:			GetGitConfigString				100.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:57:			GetGitConfigInt					0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:70:			GetGitConfigBool				0.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:82:			SetGitConfigOptions				81.2%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:110:			UnsetGitConfigOptions				100.0%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:122:			GetGitHooksDir					71.4%
+github.com/calypr/git-drs/internal/gitrepo/repo.go:137:			AddFile						0.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:33:			IsLFSTracked					75.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:53:			GetAllLfsFiles					72.2%
+github.com/calypr/git-drs/internal/lfs/inventory.go:87:			GetLfsFilesForRefs				0.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:117:		GetLfsFilesForRefPaths				66.7%
+github.com/calypr/git-drs/internal/lfs/inventory.go:143:		GetWorktreeLfsFiles				80.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:183:		GetTrackedLfsFiles				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:214:		addFilesFromRef					75.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:222:		addFilesFromPaths				81.8%
+github.com/calypr/git-drs/internal/lfs/inventory.go:249:		uniquePaths					76.9%
+github.com/calypr/git-drs/internal/lfs/inventory.go:269:		readRefBlobsBatch				71.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:314:		joinBatchSpecs					100.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:325:		readBatchHeader					87.5%
+github.com/calypr/git-drs/internal/lfs/inventory.go:339:		parseBatchHeaderSize				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:351:		consumeBatchSeparator				66.7%
+github.com/calypr/git-drs/internal/lfs/inventory.go:362:		listTrackedWorktreeFiles			90.9%
+github.com/calypr/git-drs/internal/lfs/inventory.go:379:		filterLfsTrackedPaths				75.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:414:		isTrackedFilter					100.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:423:		readWorktreePointerInfo				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:442:		readIndexPointerInfo				71.4%
+github.com/calypr/git-drs/internal/lfs/inventory.go:461:		grepPointerPaths				73.1%
+github.com/calypr/git-drs/internal/lfs/inventory.go:497:		runGitCommand					63.6%
+github.com/calypr/git-drs/internal/lfs/inventory.go:520:		parseLFSPointer					89.3%
+github.com/calypr/git-drs/internal/lfs/inventory.go:565:		ParseLFSPointer					0.0%
+github.com/calypr/git-drs/internal/lfs/inventory.go:573:		buildRefs					77.8%
+github.com/calypr/git-drs/internal/lfs/inventory.go:601:		CreateLfsPointer				0.0%
+github.com/calypr/git-drs/internal/lfs/object_path.go:10:		ObjectPath					75.0%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:15:		runGitAllowMissing				87.5%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:31:		resolveLFSRoot					92.3%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:55:		runGit						80.0%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:64:		userHomeDir					37.5%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:78:		gitRevParseGitCommonDir				81.8%
+github.com/calypr/git-drs/internal/lfs/repo_paths.go:97:		GetGitRootDirectories				0.0%
+github.com/calypr/git-drs/internal/pathspec/match.go:9:			MatchesAny					0.0%
+github.com/calypr/git-drs/internal/pathspec/match.go:26:		Matches						85.7%
+github.com/calypr/git-drs/internal/pathspec/match.go:38:		globToRegexp					93.8%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:59:	Open						80.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:81:	LookupOIDByPath					66.7%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:95:	LookupPathsByOID				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:107:	LookupExternalURLByOID				71.4%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:122:	ResolveExternalURLByPath			75.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:137:	ReadPathEntry					60.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:156:	ReadOIDEntry					60.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:172:	EnsureLayout					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:181:	UpsertPathEntry					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:188:	AddOrReplaceOIDPath				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:195:	RemovePathFromOID				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:202:	DeletePathEntry					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:219:	CheckExternalURLMismatch			100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:236:	StaleAfter					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:250:	pathEntryFile					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:256:	oidEntryFile					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:263:	EncodePath					100.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:269:	DecodePath					75.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:284:	gitRevParseGitDir				76.9%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:306:	git						83.3%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:320:	writeJSONAtomic					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:344:	oidAddOrReplacePath				0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:374:	oidRemovePath					0.0%
+github.com/calypr/git-drs/internal/precommit_cache/helpers.go:409:	oidEntryFilePath				0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:47:		BatchSyncForPush				0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:85:		normalizeFiles					0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:102:		lookupMetadata					0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:125:		chunkStrings					0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:143:		ensureMetadataRegistered			78.8%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:232:		metadataRecordForOID				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:237:		findReusableRecord				80.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:247:		buildReusableScopedObject			85.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:259:		getOrCreateDRSObjectCandidate			70.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:275:		scopedDRSObjectForPush				67.6%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:331:		recordsEquivalentForPush			0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:341:		drsName						0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:348:		shouldPreserveExistingAccessMethodsForPush	76.2%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:379:		firstAccessURL					66.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:390:		parseStorageURL					66.7%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:403:		identifyUploadCandidates			0.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:440:		needsUpload					71.4%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:453:		hasResolvableAccessMethod			62.5%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:468:		executeUploadPlan				71.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:515:		buildUploadPlanSummary				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:533:		progressContextForCandidate			100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:554:		reportUploadStarted				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:568:		reportUploadCompleted				100.0%
+github.com/calypr/git-drs/internal/pushsync/batch_sync.go:582:		splitCandidatesByThreshold			80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:38:		ResolveUploadURL				100.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:65:		newPushRuntime					100.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:90:		isFileDownloadable				0.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:108:		uploadKeyFromObject				85.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:143:		resolveUploadSourcePath				46.7%
+github.com/calypr/git-drs/internal/pushsync/register.go:170:		uploadFileForObject				63.9%
+github.com/calypr/git-drs/internal/pushsync/register.go:236:		resolveScopedUploadURL				80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:272:		scopedUploadMetadata				80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:285:		newDownloadProbe				80.0%
+github.com/calypr/git-drs/internal/pushsync/register.go:295:		probeDownloadURL				0.0%
+github.com/calypr/git-drs/internal/version/version.go:22:		String						100.0%
+github.com/calypr/git-drs/internal/version/version.go:27:		LogFields					100.0%
+total:									(statements)					60.5%
diff --git a/docs/TODO/bug-checksum-match-upload-skip.md b/docs/TODO/bug-checksum-match-upload-skip.md
new file mode 100644
index 00000000..22b5a306
--- /dev/null
+++ b/docs/TODO/bug-checksum-match-upload-skip.md
@@ -0,0 +1,17 @@
+# Bug Doc: Checksum Match Can Suppress Required Upload
+
+## Current behavior
+
+`internal/transfer` currently treats an existing checksum match as reusable without proving that the referenced payload is still downloadable. This is intentional for now because it avoids extra probe traffic during `git drs push`, but it weakens the older availability guarantee.
+
+In practice, a stale metadata record, broken backing blob, or bad access URL can still cause push preparation to skip upload and continue through the managed push flow, leaving refs that later cannot be pulled successfully.
+
+## Why this is still a bug
+
+The behavior is currently accepted as a tradeoff, but it is still a bug from a data-availability perspective because checksum metadata alone is not enough to prove that the payload bytes remain recoverable.
+
+## Follow-up
+
+- Decide whether to restore downloadability probes for same-scope matches and reusable cross-scope matches.
+- If probes remain disabled, keep the weaker availability guarantee explicit in user-facing `git drs push` and troubleshooting docs.
+- Add a focused regression test once the long-term policy is chosen.
diff --git a/docs/adding-s3-files.md b/docs/adding-s3-files.md
index cb233826..0151d57a 100644
--- a/docs/adding-s3-files.md
+++ b/docs/adding-s3-files.md
@@ -1,13 +1,14 @@
 # Adding Provider Objects with `git drs add-url`
 
-`git drs add-url` prepares a Git LFS pointer plus local DRS metadata for an object that already exists in provider storage.
+`git drs add-url` prepares a Git pointer plus local DRS metadata for an object that already exists in provider storage.
 
 Important behavior:
 
 - `add-url` does not upload object bytes.
 - Registration to drs-server happens when you run `git drs push`.
-- Direct provider inspection is client-owned behavior routed through `syfon/client/cloud`.
-- The resolved source URL (`s3://...`, `gs://...`, `azblob://...`, etc.) is stored as the object access URL.
+- Remote-backed inspection is performed by Syfon through stored bucket credentials and bucket scopes.
+- In the current server-backed path, `add-url` supports S3 and S3-compatible storage.
+- The resolved source URL (`s3://...`) is stored as the object access URL.
 
 ## Supported URL Forms
 
@@ -17,7 +18,7 @@ Primary support today is S3-style URLs:
 - `https://bucket.s3.amazonaws.com/key`
 - Path-style S3-compatible HTTPS URLs
 
-The inspector also accepts other go-cloud styles (`gs://`, `azblob://`, `file://`), but the main production path in current e2e coverage is S3/Gen3 bucket-backed workflows.
+The remote-backed inspect path is intentionally narrow in v1: S3 and S3-compatible buckets only.
 
 ## Two Add-URL Input Modes
 
@@ -26,7 +27,7 @@ The inspector also accepts other go-cloud styles (`gs://`, `azblob://`, `file://
 If your remote org/project already has a bucket mapping, pass an object key relative to that configured bucket scope and set `--scheme`.
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 
 git drs add-url path/to/object.bin data/from-bucket.bin \
@@ -37,10 +38,10 @@ git drs add-url path/to/object.bin data/from-bucket.bin \
 Notes:
 
 - `path/to/object.bin` is resolved relative to the configured bucket prefix for the current remote org/project.
-- `--scheme` is required in object-key mode because local bucket mappings store bucket/prefix, but not provider scheme.
-- Azure object-key mode is not supported yet; use a full `azblob://...` URL so account metadata stays explicit.
+- `--scheme` is required in object-key mode so Syfon knows which provider path to inspect. Today this must be `s3`.
+- The remote Syfon instance resolves bucket plus prefix from its stored bucket scopes, then performs the object HEAD using its stored bucket credential.
 
-### 2) Raw provider URL (compatibility mode)
+### 2) Raw provider URL
 
 You can still pass a full provider URL directly.
 
@@ -54,7 +55,7 @@ git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin \
 If you know the authoritative SHA256, pass `--sha256`.
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 
 git drs add-url path/to/object.bin data/from-bucket.bin \
@@ -66,25 +67,25 @@ git commit -m "add known-sha object"
 git drs push
 ```
 
-## Unknown SHA256 (experimental sentinel mode)
+## Unknown SHA256
 
 If SHA256 is unknown, omit `--sha256`.
 
 Behavior:
 
 1. `add-url` performs object metadata lookup (HEAD/attributes).
-2. Synthetic OID is derived from ETag (`sha256(etag)`).
-3. A local sentinel object is written into `.git/lfs/objects/...`.
-4. `git drs push` performs metadata-only registration.
+2. A deterministic placeholder OID is derived from remote object metadata.
+3. A pointer file and local DRS metadata are written.
+4. `git drs push` performs metadata registration.
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 
 git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
 
 git add data/from-bucket.bin
-git commit -m "add unknown-sha object (sentinel mode)"
+git commit -m "add unknown-sha object"
 git drs push
 ```
 
@@ -92,18 +93,13 @@ git drs push
 
 `add-url` no longer accepts per-command AWS flags.
 
-S3 connection hints are resolved from runtime environment/config. Common variables:
+For the normal remote-backed flow, `git drs add-url` does not use local `AWS_*` credentials. Syfon loads the bucket credential and endpoint configuration that were already stored through bucket management.
 
-- `AWS_REGION` (or `AWS_DEFAULT_REGION`)
-- `AWS_ENDPOINT_URL_S3` (or `AWS_ENDPOINT_URL`)
-- `AWS_ACCESS_KEY_ID`
-- `AWS_SECRET_ACCESS_KEY`
-
-For e2e/dev harnesses, `TEST_BUCKET_*` variables are also supported by command-layer wiring.
+If your remote does not implement the internal inspect route yet, `add-url` fails with an upgrade message instead of falling back to local env-based inspection.
 
 ## Prerequisites
 
-- File path must be LFS-tracked (via `.gitattributes`).
+- File path must be tracked (via `.gitattributes`).
 - Remote configuration must point to the intended org/project scope.
 - The bucket credential and org/project storage scope must exist on drs-server, for example via `git drs bucket add`, then `git drs bucket add-organization` or `git drs bucket add-project --path s3://bucket/prefix`.
 
@@ -111,20 +107,20 @@ For e2e/dev harnesses, `TEST_BUCKET_*` variables are also supported by command-l
 
 ### `blob attributes failed ... MovedPermanently (301)`
 
-Usually region/endpoint mismatch for S3-compatible storage.
+Usually a stored bucket credential is pointed at the wrong region or endpoint for S3-compatible storage.
 
-- Set `AWS_REGION` correctly.
-- Set `AWS_ENDPOINT_URL_S3` for custom endpoints (MinIO/Ceph/Gen3 object gateway).
+- Check the Syfon bucket credential region.
+- Check the Syfon bucket credential endpoint for custom S3-compatible storage.
 
 ### `no local payload available; skipping upload and keeping metadata-only registration`
 
-Expected for add-url pointer/sentinel flows where local payload bytes are intentionally absent.
+Expected for add-url pointer/metadata-only flows where local payload bytes are intentionally absent.
 
-### `file is not tracked by LFS`
+### `file is not tracked`
 
 Track the path pattern and re-add:
 
 ```bash
-git lfs track "data/*.bin"
+git drs track "data/*.bin"
 git add .gitattributes
 ```
diff --git a/docs/bucket-mapping.md b/docs/bucket-mapping.md
new file mode 100644
index 00000000..ef68dbe1
--- /dev/null
+++ b/docs/bucket-mapping.md
@@ -0,0 +1,210 @@
+# Bucket Mapping
+
+Bucket mapping controls where a given `organization/project` scope stores object bytes.
+
+This is usually steward or admin setup, not normal end-user setup.
+
+## What You Configure
+
+There are three related layers:
+
+1. Bucket credentials on the server
+2. Organization-wide storage mapping
+3. Project-specific storage mapping
+
+The usual flow is:
+
+```bash
+git drs bucket add production \
+  --bucket cbds \
+  --region us-east-1 \
+  --access-key "$AWS_ACCESS_KEY_ID" \
+  --secret-key "$AWS_SECRET_ACCESS_KEY" \
+  --s3-endpoint https://s3.amazonaws.com
+
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc
+```
+
+## 1. Add Bucket Credentials
+
+Declare the storage credential on the target server:
+
+```bash
+git drs bucket add production \
+  --bucket cbds \
+  --region us-east-1 \
+  --access-key "$AWS_ACCESS_KEY_ID" \
+  --secret-key "$AWS_SECRET_ACCESS_KEY" \
+  --s3-endpoint https://s3.amazonaws.com
+```
+
+Notes:
+
+- this stores the bucket credential on the remote Syfon server
+- `production` is an optional remote name; if omitted, `origin` is used
+- `--s3-endpoint` is required by the current command surface
+
+## 2. Add an Organization Mapping
+
+Map an organization to a bucket path:
+
+```bash
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+```
+
+This means:
+
+- bucket: `cbds`
+- base prefix for the organization: `htan-int`
+
+Every project in that organization can inherit this mapping.
+
+## 3. Add a Project Mapping
+
+Map a project to a path:
+
+```bash
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc
+```
+
+This adds a project-specific mapping for `HTAN_INT/BForePC`.
+
+## Path Format
+
+Both `add-organization` and `add-project` require `--path` in storage URL form:
+
+```bash
+s3://bucket/prefix
+gs://bucket/prefix
+azblob://bucket/prefix
+```
+
+Important behavior:
+
+- the bucket name is taken from the URL host
+- the persisted prefix is the path portion after the bucket
+- the bucket embedded in `--path` must match the resolved bucket
+
+## How Resolution Works
+
+When `git-drs` resolves the effective storage scope for an `organization/project`, it uses these rules:
+
+### If an organization mapping exists
+
+The organization mapping wins for the bucket.
+
+Then:
+
+- the organization prefix is used as the base
+- if a project mapping also exists, its prefix is appended
+
+Conceptually:
+
+```text
+effective_prefix = org_prefix + "/" + project_prefix
+```
+
+Example:
+
+- organization mapping: `s3://cbds/htan-int`
+- project mapping prefix: `bforepc`
+- effective result: bucket `cbds`, prefix `htan-int/bforepc`
+
+### If no organization mapping exists
+
+An exact project mapping can be used directly.
+
+Example:
+
+- project mapping: `s3://cbds/htan-int/bforepc`
+- effective result: bucket `cbds`, prefix `htan-int/bforepc`
+
+### If neither mapping exists
+
+Remote add and scoped upload setup will fail until a mapping is configured.
+
+## Choosing a Layout
+
+There are two common patterns.
+
+### Hierarchical organization-first layout
+
+```bash
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
+
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc
+```
+
+Result:
+
+- organization root: `htan-int`
+- project subpath: `bforepc`
+- effective project path: `htan-int/bforepc`
+
+Use this when all projects in an organization should live under one org root.
+
+### Exact project-only layout
+
+```bash
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/htan-int/bforepc
+```
+
+Use this when you do not want a separate organization-level mapping.
+
+## Overwriting Existing Mappings
+
+If a mapping already exists, the command fails unless you pass `--force`.
+
+Example:
+
+```bash
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/bforepc-v2 \
+  --force
+```
+
+## What End Users Usually Need To Know
+
+Usually, end users do not need to know the real bucket name.
+
+They only need:
+
+- the target `organization/project`
+- valid credentials
+- a configured remote
+
+Then they can run:
+
+```bash
+git drs remote add gen3 production HTAN_INT/BForePC --cred ~/.gen3/credentials.json
+```
+
+That remote setup resolves the bucket mapping from the server-side scope configuration.
+
+## Related Commands
+
+- [Getting Started](getting-started.md)
+- [Commands Reference](commands.md)
+- [Troubleshooting](troubleshooting.md)
diff --git a/docs/commands.md b/docs/commands.md
index e1a7329f..6fa57edd 100644
--- a/docs/commands.md
+++ b/docs/commands.md
@@ -1,617 +1,323 @@
 # Commands Reference
 
-Complete reference for Git DRS and related Git LFS commands.
+Current reference for the cleaned `git-drs` CLI.
 
-Git DRS owns Git/DRS orchestration and local metadata. Direct provider access, signed URL behavior, and cloud inspection are client-side responsibilities reached through `syfon/client`.
+> **Navigation:** [Getting Started](getting-started.md) -> **Commands Reference** -> [Troubleshooting](troubleshooting.md)
 
-> **Navigation:** [Getting Started](getting-started.md) → **Commands Reference** → [Troubleshooting](troubleshooting.md)
-
-## Git DRS Commands
+## Core Setup
 
 ### `git drs install`
 
-Install global Git filter configuration for git-drs. This is equivalent in purpose to running `git-lfs install` for the git-drs filter.
-
-**Usage:**
+Install global Git filter configuration for `git-drs`.
 
 ```bash
 git drs install
 ```
 
-**What it does:**
-
-- Sets global Git config for `filter.drs.clean`
-- Sets global Git config for `filter.drs.smudge`
-- Sets global Git config for `filter.drs.process`
-- Sets global Git config for `filter.drs.required`
-
-**Resulting `~/.gitconfig` entries:**
-
-```ini
-[filter "drs"]
-    clean = git-drs clean -- %f
-    smudge = git-drs smudge -- %f
-    process = git-drs filter
-    required = true
-```
-
-**When to run:**
-
-- **Once per machine/user** after installing `git-drs`
-- Re-run any time you want to reset these global filter values
+This sets the global `filter.drs.*` entries used by Git clean/smudge/filter operations.
 
 ### `git drs init`
 
-Initialize Git DRS in a repository. Sets up Git DRS hooks and creates a `.git/drs/` directory that Git ignores automatically.
-
-**Usage:**
+Initialize or repair repo-local `git-drs` wiring in the current repository.
 
 ```bash
 git drs init [flags]
 ```
 
-**Options:**
-
-- `--transfers <n>`: Number of concurrent transfers (default: 4)
-
-**Example:**
-
-```bash
-git drs init
-```
-
-**What it does:**
-
-- Creates `.git/drs/` directory structure
-- Configures Git/LFS settings for git-drs managed push/pull
-- Installs Git hooks for DRS workflows
-
-**When to run:**
-
-- **Once** after cloning a Git repository
-- **Once** after creating a new Git repository
-- **Never** needed for subsequent work sessions
-
-**You do NOT need to run `git drs init` again:**
-
-- When starting a new work session
-- After refreshing credentials
-- After pulling new changes
+Common flags:
 
-**Note:** Run this before adding remotes.
+- `--transfers <n>`: concurrent transfers
+- `--upsert`: enable upsert behavior for push/register flows
+- `--multipart-threshold <mb>`: multipart threshold in MB
+- `--enable-data-client-logs`: enable lower-level client logging
 
-### `git drs remote`
+Use this when you want explicit initialization or to repair repo-local hooks/config. For normal onboarding, `git drs remote add ...` now bootstraps repo-local setup automatically when it is missing.
 
-Manage DRS remote server configurations. Git DRS supports multiple remotes for working with development, staging, and production servers.
+## Remote Configuration
 
-#### `git drs remote add gen3 <name>`
+### `git drs remote add gen3 [remote-name] <organization/project>`
 
-Add a Gen3 DRS server configuration.
-
-**Usage:**
-
-```bash
-git drs remote add gen3 <remote-name> \
-    --url <server-url> \
-    --cred <credentials-file> \
-    --organization <program> \
-    --project <project-id> \
-    [--bucket <bucket-name>]
-```
-
-**Options:**
-
-- `--url <url>`: Gen3 server endpoint (required)
-- `--cred <file>`: Path to credentials JSON file (required)
-- `--token <token>`: Token for temporary access (alternative to --cred)
-- `--organization <name>`: Program/organization scope used for bucket mapping
-- `--project <id>`: Project ID (required)
-- `--bucket <name>`: Bucket name fallback when no org/project mapping is configured
-
-**Examples:**
+Add or refresh a Gen3-backed Syfon remote.
 
 ```bash
-# Add production remote
-git drs remote add gen3 production \
-    --url https://calypr-public.ohsu.edu \
-    --cred /path/to/credentials.json \
-    --organization my-program \
-    --project my-project
-
-# Add staging remote
-git drs remote add gen3 staging \
-    --url https://staging.calypr.ohsu.edu \
-    --cred /path/to/staging-credentials.json \
-    --organization staging-program \
-    --project staging-project
+git drs remote add gen3 [remote-name] <organization/project> --cred <credentials-file>
+git drs remote add gen3 [remote-name] <organization/project> --token <bearer-token>
 ```
 
-**Note:** The first remote you add automatically becomes the default remote.
-**Important:** A bucket mapping for the target `organization/project` must already exist, typically created once by a steward/admin with `git drs bucket add`, then `git drs bucket add-organization` or `git drs bucket add-project --path <scheme>://<bucket>/<prefix>`. Without that mapping, push/pull operations will fail.
+Notes:
 
-#### `git drs remote list`
+- `remote-name` is optional; if omitted, the default remote name is used
+- scope is always one positional argument: `organization/project`
+- `--cred` imports a Gen3 credential file
+- `--token` uses a temporary bearer token
+- if repo-local `git-drs` setup is missing, this command bootstraps it
+- bucket resolution is scope-driven; users normally do not provide `--bucket`
 
-List all configured DRS remotes.
+### `git drs remote add local <remote-name> <url> <organization/project>`
 
-**Usage:**
+Add or refresh a local Syfon/DRS remote.
 
 ```bash
-git drs remote list
+git drs remote add local local-dev http://localhost:8080 HTAN_INT/BForePC
+git drs remote add local local-dev http://localhost:8080 HTAN_INT/BForePC --username drs-user --password drs-pass
 ```
 
-**Example Output:**
+Notes:
 
-```
-* production  gen3    https://calypr-public.ohsu.edu
-  staging     gen3    https://staging.calypr.ohsu.edu
-  development gen3    https://dev.calypr.ohsu.edu
-```
+- local mode can store HTTP basic auth for helper flows
+- repo-local `git-drs` setup is also bootstrapped here when missing
 
-The `*` indicates the default remote used by all commands unless specified otherwise.
+### `git drs remote list`
 
-#### `git drs remote set <name>`
-
-Set the default DRS remote for all operations.
-
-**Usage:**
+List configured `git-drs` remotes.
 
 ```bash
-git drs remote set <remote-name>
-```
-
-**Examples:**
-
-```bash
-# Switch to staging for testing
-git drs remote set staging
-
-# Switch back to production
-git drs remote set production
-
-# Verify change
 git drs remote list
 ```
 
-### `git drs fetch [remote-name]`
+### `git drs remote remove <remote-name>`
 
-Fetch DRS object metadata from remote server. Downloads metadata only, not actual files.
-
-**Usage:**
+Remove a configured `git-drs` remote.
 
 ```bash
-# Fetch from default remote
-git drs fetch
-
-# Fetch from specific remote
-git drs fetch staging
-git drs fetch production
+git drs remote remove <remote-name>
+git drs remote rm <remote-name>
 ```
 
-**Note:** `fetch` and `push` are commonly used together for cross-remote workflows. See `git drs push` below.
-
-**What it does:**
-
-- Identifies remote and project from configuration
-- Transfers all DRS records for a given project from the server to the local `.git/drs/lfs/objects/` directory
-
-### `git drs add-url <object-url-or-key> [path]`
+This removes `git-drs` remote config, not normal Git remotes.
 
-Prepare a pointer plus local DRS metadata for an object that already exists in provider storage.
+### `git drs remote set <remote-name>`
 
-**Usage:**
+Set the default `git-drs` remote.
 
 ```bash
-# Preferred: object key resolved against configured bucket scope
-git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
-
-# Compatibility: explicit provider URL
-git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
+git drs remote set production
 ```
 
-**Options:**
+## Tracking and Local Inventory
 
-- `--scheme <scheme>`: Required for object-key mode because local bucket mappings persist bucket/prefix, not provider scheme
-- `--sha256 <hex>`: Expected SHA256 checksum when known
+### `git drs track <pattern>`
 
-**What it does:**
-
-- Resolves the effective org/project bucket scope for the current remote
-- Inspects the provider object through client-owned cloud code
-- Writes a Git LFS pointer into the worktree
-- Stores local DRS metadata for later registration during `git drs push`
-
-### `git drs push [remote-name]`
-
-Push local DRS objects to server. Uploads new files and registers metadata.
-
-**Usage:**
+Track files or globs with `git-drs` pointer behavior.
 
 ```bash
-# Push to default remote
-git drs push
-
-# Push to specific remote
-git drs push staging
-git drs push production
+git drs track "*.bam"
+git drs track "data/**"
 ```
 
-**What it does:**
+Stage `.gitattributes` after changing tracked patterns.
 
-- Checks local `.git/drs/lfs/objects/` for DRS metadata
-- For each object, uploads file to bucket if file exists locally
-- If file doesn't exist locally (metadata only), registers metadata without upload
-- This enables cross-remote promotion workflows
+### `git drs untrack <pattern>`
 
-**Cross-Remote Promotion:**
-
-Transfer DRS records from one remote to another (eg staging to production) without re-uploading files:
+Stop tracking a pattern.
 
 ```bash
-# Fetch metadata from staging
-git drs fetch staging
-
-# Push metadata to production (no file upload since files don't exist locally)
-git drs push production
+git drs untrack "*.bam"
 ```
 
-This is useful when files are already in the production bucket with matching SHA256 hashes. It can also be used to reupload files given that the files are pulled to the repo first.
-
-**Note:** `fetch` and `push` are commonly used together. `fetch` pulls metadata from one remote, `push` registers it to another.
+### `git drs ls-files [pathspec...]`
 
-### `git drs query`
-
-Query a DRS object by its DRS ID or SHA256 checksum.
-
-**Usage:**
+List tracked files in the current checkout.
 
 ```bash
-# Query by DRS ID (default behavior)
-git drs query <drs-id>
-
-# Query by SHA256 checksum
-git drs query --checksum <sha256>
+git drs ls-files
+git drs ls-files -l
+git drs ls-files --drs
+git drs ls-files -I "*.bam"
+git drs ls-files -n results/**
 ```
 
-**Options:**
+Important behavior:
 
-- `--checksum`, `-c`: Treat the argument as a SHA256 checksum instead of a DRS ID.
-- `--pretty`, `-p`: Output indented JSON for easier reading.
-- `--remote`, `-r`: Target a specific remote (default: default_remote).
+- default mode is local-first and cheap
+- `*` means localized/hydrated in the worktree
+- `-` means the worktree still contains a pointer
+- `--drs` adds DRS registration checks
 
-**Examples:**
+Common flags:
 
-```bash
-# Query by checksum and pretty-print the result
-git drs query --checksum 9f2c2db77f0a3e2b47e4b44b8ce8d4c8c3c4c0b5f4c5a2d2f9b1d0bfb0a1c2d3 --pretty
+- `-I, --include <pattern>`: include filter; may be repeated
+- `-l, --long`: long output
+- `-n, --name-only`: path-only output
+- `--json`: structured output
+- `--drs`: include DRS lookup details
 
-# Query by DRS ID against a specific remote
-git drs query did:example:12345 --remote staging
-```
-
-### `git drs add-url`
+## Hydration and Push
 
-Prepare a file reference via cloud object URL for DRS registration.
+### `git drs pull`
 
-**Usage:**
+Hydrate tracked pointer files already present in the current checkout.
 
 ```bash
-# Stage local pointer + DRS metadata
-git drs add-url <cloud-url> [path] [--sha256 <hash>]
-# Register/push prepared records
-git drs push
+git drs pull
+git drs pull -I "*.bam"
+git drs pull -I "data/**" -I "results/*.txt"
+git drs pull --dry-run -I "results/**"
 ```
 
-**Examples:**
-
-```bash
-# Known SHA path
-git drs add-url s3://bucket/path/file.bin data/file.bin --sha256 <sha256>
-
-# Unknown SHA path (experimental sentinel mode)
-git drs add-url s3://bucket/path/file.bin data/file.bin
-```
-
-**Options:**
-
-- `--sha256 <hash>`: Optional SHA256 hash of the source object.  
-  If omitted, add-url uses experimental ETag-derived sentinel mode and registers a synthetic OID.
+Important behavior:
 
-**Notes:**
+- `git drs pull` does not run `git pull`
+- it only hydrates tracked pointer files already present in the checkout
+- include matching is against repo-relative paths
 
-- `add-url` no longer accepts per-command AWS credential flags.
-- S3 connection hints are resolved from environment/runtime config when needed (for example `AWS_REGION`, `AWS_ENDPOINT_URL`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`).
-- Registration happens on `git drs push`, not at `add-url` time.
-
-### `git drs version`
+### `git drs push [remote-name]`
 
-Display Git DRS version information.
+Run the managed `git-drs` push path.
 
 ```bash
-git drs version
+git drs push
+git drs push production
 ```
 
-### `git drs track [pattern ...]`
-
-Manage Git LFS tracking patterns from Git DRS.
-
-**View tracked patterns:**
-
-```bash
-git drs track
-```
+What it does:
 
-**Track one or more patterns:**
+- resolves local pointer/object metadata
+- looks up matching remote metadata in scope
+- registers missing metadata
+- uploads local payload bytes when needed
+- reconciles committed tracked-file deletes derived from the pushed Git ref delta
+- completes the Git push flow
 
-```bash
-git drs track "*.bam"
-git drs track "*.bam" "data/**"
-```
+Notes:
 
-**Options:**
+- this is the normal command for tracked data changes
+- plain `git push` does not trigger `git-drs` registration or upload behavior
+- delete reconciliation is Git-history-derived; there is no delete-intent sidecar state
+- the diff base comes from the current branch upstream when available, otherwise from the best available remote tracking base
 
-- `--verbose`: Show detailed Git LFS output
-- `--dry-run`: Show what would change without writing `.gitattributes`
+## Provider/Object Reference Workflows
 
-### `git drs untrack <pattern> [pattern ...]`
+### `git drs add-url <object-url-or-key> [path]`
 
-Remove one or more Git LFS tracking patterns.
+Create a pointer plus local DRS metadata for an object that already exists in provider storage.
 
 ```bash
-git drs untrack "*.bam"
-git drs untrack "*.bam" "data/**"
+git drs add-url path/to/object.bin data/from-bucket.bin --scheme s3
+git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin
+git drs add-url s3://my-bucket/path/to/object.bin data/from-bucket.bin --sha256 <hex>
 ```
 
-**Options:**
-
-- `--verbose`: Show detailed Git LFS output
-- `--dry-run`: Show what would change without writing `.gitattributes`
-
-### Internal Commands
+Notes:
 
-These commands are called automatically by Git hooks:
+- object-key mode resolves against the configured bucket scope
+- explicit provider URL mode remains supported
+- `--scheme` is required for object-key mode
+- registration happens later on `git drs push`
 
-- `git drs precommit`: Process staged files during commit
-- `git drs pre-push-prepare`: Stage DRS metadata before push
-- `git lfs pre-push`: Optional Git LFS compatibility push flow (invoked by the pre-push hook when enabled)
+### `git drs add-ref <drs-id> <path>`
 
-## Git LFS Commands
-
-### `git lfs track`
-
-Manage file tracking patterns.
-
-**View Tracked Patterns:**
+Add a local pointer file for an existing DRS object.
 
 ```bash
-git lfs track
+git drs add-ref drs://example/object-id data/object.bin
 ```
 
-**Track New Pattern:**
-
-```bash
-git lfs track "*.bam"
-git lfs track "data/**"
-git lfs track "specific-file.txt"
-```
+### `git drs query <drs-id>`
 
-**Untrack Pattern:**
+Query a DRS object by ID or checksum.
 
 ```bash
-git lfs untrack "*.bam"
+git drs query drs://example/object-id
+git drs query --checksum <sha256>
 ```
 
-### `git lfs ls-files`
+## Delete and Copy Workflows
 
-List LFS-tracked files in the repository.
+### `git drs rm <path>...`
 
-**All Files:**
+Remove tracked `git-drs` files from the worktree and index.
 
 ```bash
-git lfs ls-files
+git drs rm data/sample.bam
+git drs rm data/sample1.bam data/sample2.bam
 ```
 
-**Specific Pattern:**
-
-```bash
-git lfs ls-files -I "*.bam"
-git lfs ls-files -I "data/**"
-```
+What it does:
 
-**Output Format:**
+- validates that each path is tracked as a `git-drs` pointer-managed file
+- runs `git rm` for those paths
+- leaves remote DRS reconciliation to the later `git drs push`
 
-- `*` prefix: File is localized (downloaded)
-- `-` prefix: File is not localized
-- No prefix: File status unknown
+Remote behavior on push:
 
-### `git lfs pull`
+- `git drs push` derives deleted pointers from the pushed Git commit delta
+- if the scoped record has exactly one `controlled_access` entry, the whole DRS record is deleted
+- if the scoped record has multiple `controlled_access` entries, only the current `organization/project` resource is removed
+- underlying object bytes are not deleted by default
 
-Download LFS-tracked files.
+### `git drs copy-records [source-remote] <target-remote> <organization/project>`
 
-**All Files:**
+Copy Syfon metadata records from one configured remote to another for one scope.
 
 ```bash
-git lfs pull
+git drs copy-records prod HTAN_INT/BForePC
+git drs copy-records dev prod HTAN_INT/BForePC
 ```
 
-**Specific Files:**
+Behavior:
 
-```bash
-git lfs pull -I "*.bam"
-git lfs pull -I "data/important.txt"
-git lfs pull -I "results/**"
-```
+- with one remote arg:
+  - source defaults to the configured default remote
+  - the arg is treated as the target remote
+- with two remote args:
+  - first is source
+  - second is target
+- copies metadata only, not object bytes
 
-**Multiple Patterns:**
+Merge behavior for existing target records:
 
-```bash
-git lfs pull -I "*.bam" -I "*.vcf"
-```
+- match by DID first, then by checksum where applicable
+- union `controlled_access`
+- union `access_methods`
+- preserve existing target metadata otherwise
 
-### `git lfs install`
+## Bucket Mapping Commands
 
-Configure Git LFS for the system or repository.
+These are typically steward/admin setup commands, not normal day-to-day end-user commands.
 
-**System-wide:**
+### `git drs bucket add`
 
-```bash
-git lfs install --skip-smudge
-```
-
-**Repository-only:**
+Declare bucket credentials for a remote.
 
-```bash
-git lfs install --local --skip-smudge
-```
+### `git drs bucket add-organization`
 
-The `--skip-smudge` option prevents automatic downloading of all LFS files during clone/checkout.
-
-## Standard Git Commands
-
-Git DRS integrates with standard Git commands:
-
-### `git add`
-
-Stage files for commit. LFS-tracked files are automatically processed.
-
-```bash
-git add myfile.bam
-git add data/
-git add .
-```
-
-### `git commit`
-
-Commit changes. Git DRS pre-commit hook runs automatically.
-
-```bash
-git commit -m "Add new data files"
-```
-
-### `git push`
-
-Push commits to remote. Git DRS automatically uploads new files to DRS server.
-
-```bash
-git push
-git push origin main
-```
-
-### `git clone`
-
-Clone repository. Use with Git DRS initialization:
+Map an organization to a bucket path.
 
 ```bash
-git clone <repo-url>
-cd <repo-name>
-git drs init
-git drs remote add gen3 production --cred /path/to/credentials.json --url ... --organization ... --project ...
+git drs bucket add-organization production \
+  --organization HTAN_INT \
+  --path s3://cbds/htan-int
 ```
 
-## Workflow Examples
+### `git drs bucket add-project`
 
-### Complete File Addition Workflow
+Map a project to a bucket path.
 
 ```bash
-# 1. Ensure file type is tracked
-git lfs track "*.bam"
-git add .gitattributes
-
-# 2. Add your file
-git add mydata.bam
-
-# 3. Verify tracking
-git lfs ls-files -I "mydata.bam"
-
-# 4. Commit (creates DRS record)
-git commit -m "Add analysis results"
-
-# 5. Push (uploads to default DRS server)
-git push
-```
-
-### Selective File Download
-
-```bash
-# Check what's available
-git lfs ls-files
-
-# Download specific files
-git lfs pull -I "results/*.txt"
-git lfs pull -I "important-dataset.bam"
-
-# Verify download
-git lfs ls-files -I "results/*.txt"
+git drs bucket add-project production \
+  --organization HTAN_INT \
+  --project BForePC \
+  --path s3://cbds/htan-int/bforepc
 ```
 
-### Repository Setup from Scratch
+## Version
 
-```bash
-# 1. Create and clone repo
-git clone <new-repo-url>
-cd <repo-name>
-
-# 2. Initialize Git DRS
-git drs init
-
-# 3. Add DRS remote
-git drs remote add gen3 production \
-    --url https://calypr-public.ohsu.edu \
-    --cred /path/to/credentials.json \
-    --organization my-program \
-    --project my-project
-
-# 4. Set up file tracking
-git lfs track "*.bam"
-git lfs track "*.vcf.gz"
-git lfs track "data/**"
-git add .gitattributes
-git commit -m "Configure LFS tracking"
-git push
-
-# 5. Add data files
-git add data/sample1.bam
-git commit -m "Add sample data"
-git push
-```
+### `git drs version`
 
-### Cross-Remote Promotion Workflow
+Display version information.
 
 ```bash
-# 1. Add multiple remotes
-git drs remote add gen3 staging \
-    --url https://staging.calypr.ohsu.edu \
-    --cred /path/to/staging-credentials.json \
-    --organization staging-program \
-    --project staging-project
-
-git drs remote add gen3 production \
-    --url https://calypr-public.ohsu.edu \
-    --cred /path/to/prod-credentials.json \
-    --organization prod-program \
-    --project prod-project
-
-# 2. Fetch metadata from staging
-git drs fetch staging
-
-# 3. Push metadata to production (no re-upload)
-git drs push production
+git drs version
 ```
 
-## Environment Variables
+## Removed Legacy Commands
 
-Git DRS respects these environment variables:
+These commands are gone from the cleaned CLI:
 
-- `AWS_ACCESS_KEY_ID`: AWS access key (for S3 operations)
-- `AWS_SECRET_ACCESS_KEY`: AWS secret key (for S3 operations)
+- `git drs fetch`
+- `git drs list`
+- `git drs upload`
+- `git drs download`
 
-## Help and Documentation
-
-Use `--help` with any command for detailed usage:
-
-```bash
-git-drs --help
-git-drs init --help
-git-drs add-url --help
-git lfs --help
-git lfs track --help
-```
+If older notes mention them, treat those references as stale.
diff --git a/docs/developer-guide.md b/docs/developer-guide.md
index e9751130..73eb15cb 100644
--- a/docs/developer-guide.md
+++ b/docs/developer-guide.md
@@ -1,160 +1,165 @@
 # Developer Guide
 
-This guide covers Git DRS internals, architecture, and development information.
+This guide describes the current `git-drs` architecture after the CLI and internal cleanup passes.
 
-## Architecture Overview
+## High-Level Model
 
-Git DRS integrates with Git through several mechanisms:
+`git-drs` sits between normal Git workflows and Syfon/Gen3-backed object workflows.
 
-### Git Hooks Integration
+Use the tools at the right layer:
 
-**Pre-commit Hook**: `git drs precommit`
-- Triggered automatically before each commit
-- Processes all staged LFS files
-- Creates DRS records for new files
-- Only processes files that don't already exist on the DRS server
-- Prepares metadata for later upload during push
+- use `git` for commits, branches, merges, `git pull`, and plain `git push`
+- use `git-drs` for remote configuration, tracking rules, object hydration, object registration/upload, and tracked-file delete reconciliation
 
-**Pre-push Hook**: `git drs pre-push-prepare` (internal)
-- Triggered automatically before each push
-- Stages pending metadata for new/changed files
-- The hook prepares the repo for `git drs push` to complete upload and registration
+The important command split is:
 
-**Managed Push/Pull**
-- `git drs push` performs the register/upload workflow directly through the syfon client stack
-- `git drs pull` performs the download workflow directly through the syfon client stack
+- `git pull` updates Git history and checkout state
+- `git drs pull` hydrates tracked pointer files already present in the checkout
+- `git drs push` performs the managed data push path: metadata registration, upload when needed, delete reconciliation, and then the Git push flow
+- plain `git push` is plain Git only
 
-### File Processing Flow
+## Current Package Ownership
 
-```
-1. Developer: git add file.bam
-2. Developer: git commit -m "Add data"
-3. Git Hook: git drs precommit
-   - Creates DRS object metadata
-   - Stores in .git/drs/ directory
-4. Developer: git push
-5. Git Hook: git drs pre-push-prepare
-   - Stages pending metadata for LFS verify
-6. Git DRS:
-   - `git drs push` runs register/upload directly
-   - `git drs pull` runs download directly
-```
+The current codebase is organized around a few clear owners:
 
-## Current Data Path
+- `cmd/...`
+  - CLI entrypoints and command-local workflow
+  - commands may still own substantial logic when that logic is specific to one command
+- `internal/transfer`
+  - upload/download execution
+  - pull/push progress rendering
+  - delete reconciliation derived from pushed Git history
+- `internal/filter`
+  - clean/smudge logic
+  - long-running Git filter-process protocol handling
+  - skip-smudge behavior
+- `internal/lookup`
+  - scoped DRS object lookup and record matching
+- `internal/gitrepo`
+  - repo-local Git wiring
+  - `.gitattributes` tracking manipulation
+  - repo-local path/config helpers
+- `internal/remoteruntime`
+  - live remote runtime/client assembly from stored config
+  - credential refresh/bootstrap needed to build a working client context
+- `internal/config`
+  - persisted repo config model and config I/O
+- `internal/precommit_cache`
+  - pre-commit cache layout, JSON types, and shared cache-path helpers
+  - not the owner of hook policy
 
-Git DRS no longer uses a custom transfer agent.
+## Repository-Local State
 
-- Upload path (primary): `git drs push` discovers local LFS pointers, bulk-registers missing objects, checks validity, and uploads missing bits.
-- Download path (primary): `git drs pull` resolves object records and downloads into local LFS object storage.
+`git-drs` keeps local state under `.git/drs/`.
 
-## Repository Structure
+The important split is:
 
-### Core Components
+- `.git/drs/lfs/objects`
+  - authoritative local DRS metadata objects
+  - consumed directly by commands such as `git drs push` and `git drs query`
+- `.git/drs/pre-commit`
+  - rebuildable local cache for path/OID/external URL bookkeeping
+  - currently written by `git drs precommit` and `git drs add-url`
 
-```
-cmd/                    # CLI command implementations
-├── initialize/         # Repository initialization
-├── push/               # Register/upload workflow
-├── pull/               # Download workflow
-├── prepush/            # Pre-push metadata staging hook
-├── precommit/         # Pre-commit hook
-├── addurl/            # Cloud object URL reference handling
-└── ...
-
-client/                # DRS client implementations
-├── interface.go       # Client interface definitions
-├── DRS.go         # Gen3/DRS client
-└── drs-map.go        # File mapping utilities
-
-config/                # Configuration management
-└── config.go         # Config file handling
-
-drs/                   # DRS object utilities
-├── object.go         # DRS object structures
-└── util.go           # Utility functions
-
-lfs/                   # Git LFS integration
-└── lfs.go            # LFS pointer/discovery helpers
-
-utils/                 # Shared utilities
-├── common.go         # Common functions
-├── lfs-track.go      # LFS tracking utilities
-└── util.go           # General utilities
-```
+The pre-commit cache is non-authoritative and safe to rebuild. The local DRS metadata objects are the real local source of truth.
 
-### Configuration System
-
-**Repository Configuration**: `.git/drs/config.yaml`
-```yaml
-current_server: gen3
-servers:
-  gen3:
-    endpoint: "https://data.example.org/"
-    profile: "myprofile"
-    project: "project-123"
-    bucket: "data-bucket"
-```
+## Current Workflow Paths
 
-### DRS Object Management
+### Setup path
 
-Objects are stored in `.git/drs/lfs/objects/` during pre-commit and referenced during push/pull workflows.
+`git drs remote add gen3 ...` or `git drs remote add local ...` is the standard entrypoint for connecting a repository.
 
-## Development Setup
+That path:
 
-### Prerequisites
+- stores or refreshes remote config
+- prepares credentials for the selected runtime
+- bootstraps repo-local `git-drs` wiring when it is missing
 
-- Go 1.24+
-- Git LFS installed
-- Access to a DRS server for testing
+You can still run `git drs init` explicitly, but the normal onboarding path is `remote add`.
 
-### Building from Source
+### Push path
 
-```bash
-# Clone repository
-git clone https://github.com/calypr/git-drs.git
-cd git-drs
+`git drs push`:
 
-# Install dependencies
-go mod download
+- discovers local pointer/object metadata
+- looks up existing scoped records
+- registers missing metadata
+- uploads missing payload bytes when local content exists
+- reconciles committed tracked-file deletes from the Git ref delta
+- then completes the Git push flow
 
-# Build
-go build
+The managed push path runs directly through the current Syfon client/runtime stack.
 
-# Install locally
-export PATH=$PATH:$(pwd)
-```
+### Pull path
+
+`git drs pull`:
+
+- scans tracked pointer files in the current checkout
+- resolves matching DRS records for the configured remote scope
+- downloads payload bytes into the local cache/object area
+- hydrates worktree files
+
+It does not run `git pull`.
+
+### Filter path
+
+Git clean/smudge/filter-process integration is handled by the current filter stack:
+
+- `git-drs clean`
+- `git-drs smudge`
+- `git-drs filter`
 
-### Development Workflow
+These commands use `internal/filter` plus `internal/transfer` rather than an old custom transfer-agent model.
 
-1. **Make changes** to source code
-2. **Build and test**:
-   ```bash
-   go build
-   go test ./...
-   ```
-3. **Test with real repository**:
-   ```bash
-   cd /path/to/test-repo
-   /path/to/git-drs/git-drs --help
-   ```
+## Pre-Commit Ownership
 
-## Debugging and Logging
+The current hook story is narrower than older versions of the repo:
 
-### Log Locations
+- `git drs precommit`
+  - reads staged Git content only
+  - updates the rebuildable `.git/drs/pre-commit` cache
+  - does not perform network I/O
+- `git drs add-url`
+  - writes a pointer file
+  - writes authoritative local DRS metadata
+  - updates the pre-commit cache for local coherence
 
-- **Commit logs**: `.git/drs/git-drs.log`
-- **Push/Pull logs**: `.git/drs/git-drs.log`
+Neither plain `git push` nor `git drs push` depends on the pre-commit cache for remote registration.
 
+## Development Notes
+
+### Building
+
+```bash
+go build
+```
+
+### Compile-oriented sweep
+
+```bash
+GOCACHE=$(pwd)/.gocache go test ./... -run TestDoesNotExist -count=1 -vet=off
+```
+
+### Lint
+
+```bash
+GOCACHE=$(pwd)/.gocache make lint
+```
 
-## Testing
+### Real-repo verification
 
-### Unit Tests
+When debugging behavior, validate the actual workflow split:
 
 ```bash
-# Test specific functionality
-go test ./utils -run TestLFSTrack
+git drs remote list
+git drs ls-files
+git drs ls-files --drs
+git drs pull --dry-run
 ```
 
-### Integration Tests
+That usually distinguishes:
 
-**WIP**
+- remote/config issues
+- tracking issues
+- hydration issues
+- DRS registration issues
diff --git a/docs/drs-registerfile-upsert.md b/docs/drs-registerfile-upsert.md
index 72f162b5..03d1cff4 100644
--- a/docs/drs-registerfile-upsert.md
+++ b/docs/drs-registerfile-upsert.md
@@ -1,4 +1,4 @@
-# ADR 0001: Configure RegisterFile upsert/bucket checks via git LFS config
+# ADR 0001: Configure RegisterFile upsert/bucket checks via git config
 
 ## Status
 Accepted
@@ -8,7 +8,7 @@ The DRS `RegisterFile` flow needs toggles for:
 - whether to upsert DRS records (create when no matching project record exists, or replace by deleting and re-registering when a ma
 - whether to check bucket existence before uploading (Unimplemented, currently always checks and skips upload if already present)
 
-These toggles must be controlled per-repository using git LFS configuration (`git config` entries under `drs.*`). This keeps behavior in repo-local configuration and avoids coupling to remote YAML configuration.
+These toggles must be controlled per-repository using git config (`git config` entries under `drs.*`). This keeps behavior in repo-local configuration and avoids coupling to remote YAML configuration.
 
 ## Decision
 Read `drs.upsert` from git config during DRS client initialization. Missing values default to `false`. Invalid values fail initialization with a clear error.
diff --git a/docs/drs-uri-canonical-identity.md b/docs/drs-uri-canonical-identity.md
new file mode 100644
index 00000000..c810d357
--- /dev/null
+++ b/docs/drs-uri-canonical-identity.md
@@ -0,0 +1,212 @@
+# ADR 0003: Use DRS URI as canonical remote identity and a derived compact OID for local pointer/cache identity
+
+## Status
+Proposed
+
+## Context
+
+`git-drs` no longer needs to treat the Git LFS-style `oid` as a literal content SHA256 in every workflow.
+
+This is most obvious in `add-url` and other metadata-first flows:
+
+- the authoritative remote object identity is the DRS object itself
+- the authoritative retrieval source is the DRS metadata (`access_methods`, checksums, scoped metadata)
+- local pointer files and local cache paths still need a compact identifier
+
+Today the code still assumes the local pointer/cache identifier is shaped like a Git LFS SHA256:
+
+- pointers are parsed only when they contain `oid sha256:<64-hex>`
+- local object fanout paths assume a 64-character hex identifier
+- some code still conflates "pointer OID" with "content SHA256"
+
+At the same time, raw DRS URIs are not a good direct substitute for the pointer `oid` slot:
+
+- they are long and punctuation-heavy
+- they are awkward as local cache keys and filesystem fanout paths
+- they couple local identity directly to remote URI syntax
+- they reduce cache/dedupe reuse if the same bytes exist under multiple DRS records
+
+So we need to separate two concepts that are currently blurred together:
+
+1. **Canonical remote identity**
+   - the DRS URI / DRS object ID that identifies the remote record
+2. **Local pointer/cache identity**
+   - a compact, filesystem-safe identifier used in pointer files, cache keys, and worktree inventory
+
+## Decision
+
+Adopt this identity model:
+
+1. **DRS URI is the canonical remote identity**
+   - it identifies the remote record
+   - it is the primary stable reference for metadata-first workflows
+2. **A derived compact OID is the local pointer/cache identity**
+   - it is derived deterministically from the canonical remote identity
+   - it is used in pointer files, local fanout paths, and cache indexing
+3. **Do not use the raw DRS URI as the literal pointer OID**
+   - the pointer/cache slot remains compact and derived
+4. **Do not require the derived compact OID to equal the content SHA256**
+   - content SHA256 remains useful metadata when known
+   - but it is not required to be the primary local identity in metadata-first flows
+
+## Recommended derived OID format
+
+The derived local OID should be:
+
+- deterministic
+- compact
+- filesystem-safe
+- independent of transient access URLs
+
+Recommended derivation:
+
+```text
+derived_oid = sha256("git-drs-object:v1\ndrs_uri=<normalized-drs-uri>\n")
+```
+
+This gives:
+
+- a stable 64-hex identifier
+- compatibility with existing local fanout assumptions
+- independence from raw URL punctuation/length
+- a clean boundary between remote identity and local cache identity
+
+## Why not use the raw DRS URI as the pointer OID?
+
+Because the pointer OID slot behaves like a local key, not just a human-readable identifier.
+
+Using raw DRS URI directly would:
+
+- make pointer parsing and cache fanout messy
+- force local storage assumptions to depend on URI syntax
+- complicate path encoding, diagnostics, and inventory code
+- make future URI normalization/versioning harder
+
+The DRS URI should be stored as first-class metadata, not jammed directly into the pointer key slot.
+
+## Before
+
+The current model is effectively:
+
+- pointer OID is assumed to be `sha256:<64hex>`
+- local cache fanout is based on that value
+- some workflows use placeholders, but still pretend the OID slot is "the SHA256"
+
+This causes confusion:
+
+- "OID" and "content checksum" are treated as the same thing even when they are not
+- metadata-first objects need placeholder semantics
+- design discussions keep returning to "can we use md5, etag, or path instead?"
+
+## After
+
+The identity model becomes explicit:
+
+- **DRS URI** = canonical remote identity
+- **derived OID** = compact local pointer/cache identity
+- **checksums** = content metadata, not always the primary local key
+
+In practical terms:
+
+- pointer files keep a compact OID
+- local fanout code keeps a compact OID
+- remote record matching and canonical reference logic prefer DRS URI
+- content SHA256 remains available when known, but no longer defines the whole identity model
+
+## Implementation guidance
+
+### Phase 1: Introduce explicit identity types
+
+Add an internal identity structure such as:
+
+```text
+ObjectIdentity
+  - DRSURI
+  - OID
+  - Checksums
+```
+
+This is the critical first step. It prevents more code from assuming:
+
+```text
+OID == content SHA256
+```
+
+### Phase 2: Keep pointer/cache format compact
+
+Retain the existing compact local OID shape for compatibility:
+
+- `oid sha256:<64hex>` in pointer files
+- existing local fanout layout
+
+But redefine the meaning:
+
+- in metadata-first flows, the 64-hex value is the derived local identity
+- not necessarily the file content SHA256
+
+This avoids a broad pointer-format migration up front.
+
+### Phase 3: Store DRS URI as authoritative metadata
+
+Wherever local DRS metadata is written or read:
+
+- persist the DRS URI explicitly
+- treat it as the canonical remote reference
+
+This applies especially to:
+
+- `add-url`
+- `add-ref`
+- local DRS object files
+- copy/query/register reconciliation logic
+
+### Phase 4: Remove code that equates OID and checksum
+
+Audit and reduce assumptions in:
+
+- pointer parsing/writing helpers
+- inventory
+- push/pull resolution
+- registration/update logic
+- cache helpers
+
+The main rule:
+
+- if code wants a checksum, ask for a checksum
+- if code wants a pointer/cache key, ask for the derived OID
+- if code wants remote identity, ask for the DRS URI
+
+## Consequences
+
+### Positive
+
+- clarifies identity semantics
+- makes metadata-first workflows more coherent
+- avoids raw DRS URI leakage into local cache/path mechanics
+- preserves compact local storage behavior
+- reduces pressure to misuse ETag/MD5/path directly as pointer OIDs
+
+### Negative
+
+- requires a modest identity refactor
+- some current code still assumes pointer OID is content SHA256
+- compatibility language around `oid sha256:` becomes semantically looser until or unless the external pointer format is generalized later
+
+## Explicit non-goals
+
+This ADR does **not** require:
+
+- raw DRS URI to become the literal pointer OID
+- multi-algorithm pointer syntax (`oid md5:...`, `oid etag:...`, etc.) immediately
+- full removal of the current compact SHA256-shaped local OID format
+
+Those may be considered later, but they are not required to fix the architectural confusion now.
+
+## Summary
+
+The correct split is:
+
+- **DRS URI** for canonical remote identity
+- **derived compact OID** for local pointer/cache identity
+
+That gives `git-drs` a cleaner architecture without forcing local storage and pointer behavior to inherit all the messiness of raw remote identifiers.
diff --git a/docs/e2e-modes-and-local-setup.md b/docs/e2e-modes-and-local-setup.md
index 20820cf2..36870659 100644
--- a/docs/e2e-modes-and-local-setup.md
+++ b/docs/e2e-modes-and-local-setup.md
@@ -81,7 +81,7 @@ TEST_STRICT_CLEANUP=true
   - HTTP basic auth via:
     - `TEST_LOCAL_USERNAME` + `TEST_LOCAL_PASSWORD`, or
     - `TEST_ADMIN_AUTH_HEADER="Authorization: Basic <base64(user:pass)>"`
-- `git drs remote add local ... --username ... --password ...` stores local basic auth in repo config for helper/LFS flows.
+- `git drs remote add local ... --username ... --password ...` stores local basic auth in repo config for credential-helper flows.
 
 ## How wrapper scripts map to the main suites
 
@@ -138,7 +138,7 @@ What it covers:
 
 - `git drs push` metadata register + upload
 - multipart/resume behavior
-- `git drs pull` and `git lfs pull` compatibility checks
+- `git drs pull` hydration and compatibility checks
 - cleanup by DID resolution
 
 ## Local add-url E2E: runbook
@@ -152,7 +152,7 @@ bash tests/e2e-local-addurl.sh
 What it covers:
 
 - known-sha add-url path (`--sha256 <real hash>`)
-- unknown-sha add-url path (sentinel pointer OID)
+- unknown-sha add-url path (placeholder pointer OID)
 - push/register + pull hydration checks
 
 ## Monorepo E2E (remote and local)
diff --git a/docs/ga4gh-drs-scalability-gaps.md b/docs/ga4gh-drs-scalability-gaps.md
new file mode 100644
index 00000000..db16e057
--- /dev/null
+++ b/docs/ga4gh-drs-scalability-gaps.md
@@ -0,0 +1,195 @@
+# GA4GH DRS Scalability Gaps for `git-drs`
+
+## Summary
+
+GA4GH DRS is a reasonable read/access protocol for individual object resolution, but it is not a good standalone fit for high-volume `git-drs` workflows when the client must translate one logical operation into many REST calls.
+
+The problem is not that DRS is incorrect. The problem is that the base API surface is too narrow for the operational patterns `git-drs` actually needs:
+
+- checksum-first lookup
+- bulk existence checks
+- bulk access URL resolution
+- bulk registration
+- upload orchestration
+- scoped delete/update flows
+
+If every one of those has to be decomposed into multiple per-object HTTP calls, the result is not operationally scalable.
+
+## The core issue
+
+For `git-drs`, many user-facing operations are logically single operations:
+
+- "do these 500 OIDs already exist?"
+- "give me access URLs for these 200 objects"
+- "register these 150 objects"
+- "delete the objects that match this checksum in this scope"
+
+Base GA4GH DRS mostly gives the client:
+
+- `GET /ga4gh/drs/v1/objects/{object_id}`
+- `GET /ga4gh/drs/v1/objects/{object_id}/access/{access_id}`
+- `GET /ga4gh/drs/v1/service-info`
+
+That works for one object at a time. It does not work well for batch-oriented Git and LFS workflows.
+
+## Why this is not scalable
+
+### 1. One logical operation turns into N network round-trips
+
+Examples:
+
+- checksum lookup by many OIDs:
+  - no native bulk checksum query in base DRS
+  - client must fan out one request per checksum
+- access resolution for many objects:
+  - no native bulk access URL resolution in base DRS
+  - client must fan out one request per object/access method
+- delete by hash:
+  - client must first resolve matching objects
+  - then issue one delete per object
+
+This is acceptable for a handful of objects. It is poor for large repos, monorepos, or push/pull batch flows.
+
+### 2. Latency compounds even when payload size is small
+
+Most of these calls are metadata calls, not large transfers. The bottleneck is round-trip count:
+
+- HTTP connection overhead
+- auth middleware and token processing
+- authz lookup
+- request routing
+- JSON encode/decode
+- repeated server-side DB lookups
+
+A workflow that should feel like "one batch metadata operation" becomes "hundreds of tiny RPCs over HTTP".
+
+### 3. Capability gaps force client-side orchestration complexity
+
+Without batch primitives, the client has to own:
+
+- fan-out scheduling
+- retry policy
+- partial failure handling
+- de-duplication
+- concurrency limits
+- fallback behavior when some objects resolve and some do not
+
+That complexity is not free. It moves real system cost from the server contract into every client.
+
+### 4. It weakens read-path ergonomics for Git/LFS-shaped workflows
+
+`git-drs` is not a generic browser for one object at a time. It is operating on working trees, pointer inventories, checksum sets, and batch synchronization.
+
+Those workflows are naturally set-oriented, not object-at-a-time.
+
+Trying to force them through only:
+
+- `GetObject(id)`
+- `GetAccessURL(id, access_id)`
+
+produces a client that is formally "more DRS-pure" but operationally worse.
+
+## Concrete examples
+
+### Bulk checksum validity
+
+Logical operation:
+
+- "tell me which of these 1000 SHA256 values already exist"
+
+Base DRS shape:
+
+- 1000 repeated checksum/object lookups
+
+What the client actually needs:
+
+- one bulk validity response:
+  - `sha256 -> exists`
+
+This is why `/index/bulk/sha256/validity` or an equivalent bulk DRS extension exists.
+
+### Bulk access resolution
+
+Logical operation:
+
+- "hydrate all unresolved pointer files in this checkout"
+
+Base DRS shape:
+
+- resolve object for each OID
+- resolve access URL for each object
+
+That means at least:
+
+- one object-resolution request per object
+- one access-resolution request per object
+
+For a checkout with many files, this is an avoidable round-trip explosion.
+
+### Delete by checksum or scoped cleanup
+
+Logical operation:
+
+- "delete matching records for this checksum in this repo scope"
+
+Base DRS shape:
+
+1. resolve records
+2. iterate matching IDs
+3. delete one by one
+
+That is technically possible. It is not a good contract for batch cleanup.
+
+## Position
+
+`git-drs` should not be forced into a "base DRS only" model when that model degrades correctness, simplicity, or scale.
+
+The better architecture is:
+
+- use base GA4GH DRS where it fits naturally
+  - single-object read
+  - access resolution
+  - service-info probing
+- keep explicit extension APIs where batch or write semantics are required
+  - bulk checksum validity
+  - bulk checksum lookup
+  - bulk access URL resolution
+  - bulk registration
+  - upload negotiation
+  - batch delete/update helpers
+
+## Recommended design rule
+
+Do not collapse one logical client operation into multiple mandatory REST calls unless there is no practical alternative.
+
+More concretely:
+
+- if a client operation is inherently batch-oriented, prefer a batch endpoint
+- if a workflow is write-oriented, do not pretend it is standard DRS when it is not
+- if an optimization is required for acceptable repo-scale performance, keep it as an explicit extension instead of hiding it behind repeated single-object DRS calls
+
+## Recommended client split
+
+`git-drs` should continue to distinguish:
+
+- **DRS read contract**
+  - `GetObject`
+  - `GetAccessURL`
+  - `GetServiceInfo`
+
+- **DRS extension contract**
+  - bulk checksum lookup / validity
+  - object registration
+  - upload request negotiation
+  - bulk access resolution
+  - delete/update helpers
+
+That is a more honest and more scalable model than pretending all useful client operations can be reduced to base DRS primitives without cost.
+
+## Bottom line
+
+GA4GH DRS is a solid object access protocol.
+
+It is not, by itself, a scalable batch control-plane for `git-drs`.
+
+Where one custom operation would otherwise require two or more mandatory REST operations per object, a dedicated extension is justified. The scalability cost is real, and the client should not absorb it just to preserve a cleaner-looking but weaker protocol story.
diff --git a/docs/getting-started.md b/docs/getting-started.md
index 92a2b636..da9d724e 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -1,373 +1,139 @@
 # Getting Started
 
-This guide walks you through setting up Git DRS and performing common workflows.
+This page assumes you already completed [Quick Start](quickstart.md).
 
-> **Navigation:** [Installation](installation.md) → **Getting Started** → [Commands Reference](commands.md) → [Troubleshooting](troubleshooting.md)
+Quick Start gets you running. This page explains how to think about `git-drs` once the repo is connected and usable.
 
-## Repository Initialization
+## The Mental Model
 
-Every Git repository using Git DRS requires configuration, whether you're creating a new repo or cloning an existing one.
+Use the tools at the right layer:
 
-### Cloning Existing Repository (Gen3)
+- use `git` for commits, branches, merges, and `git pull`
+- use `git-drs` for remote configuration, tracking rules, object hydration, upload/registration, and tracked-file delete reconciliation
 
-1. **Clone the Repository**
+The most important distinction is:
 
-   ```bash
-   git clone <repo-clone-url>.git
-   cd <name-of-repo>
-   ```
+- `git pull` updates commits and checkout state
+- `git drs pull` hydrates tracked pointer files already present in the checkout
 
-2. **Configure SSH** (if using SSH URLs)
+## The Setup Command
 
-   If using SSH URLs like `git@github.com:user/repo.git`, add to `~/.ssh/config`:
+The standard setup command is:
 
-   ```
-   Host github.com
-       TCPKeepAlive yes
-       ServerAliveInterval 30
-   ```
+```bash
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+```
 
-3. **Get Credentials**
+That command:
 
-   - Log in to your data commons (e.g., https://calypr-public.ohsu.edu/)
-   - Profile → Create API Key → Download JSON
-   - **Note**: Credentials expire after 30 days
+- stores the remote configuration
+- imports or refreshes credentials
+- bootstraps repo-local `git-drs` wiring when it is missing
 
-4. **Initialize Repository**
+## The Two Common Workflows
 
-   ```bash
-   git drs init
-   ```
+### Existing Repository
 
-5. **Verify Configuration**
+```bash
+git clone <repo-url>
+cd <repo-name>
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs pull
+```
 
-   ```bash
-   git drs remote list
-   ```
+### New Repository
 
-   Output:
-   ```
-   * production  gen3    https://calypr-public.ohsu.edu/
-   ```
+```bash
+mkdir my-data-repo
+cd my-data-repo
+git init
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs track "*.bam"
+git add .gitattributes
+git commit -m "Configure tracked files"
+```
 
-   The `*` indicates this is the default remote.
+## Typical Workflow
 
-### New Repository Setup (Gen3)
+Most work reduces to this loop:
 
-1. **Create and Clone Repository**
+1. update Git history
 
    ```bash
-   git clone <repo-clone-url>.git
-   cd <name-of-repo>
+   git pull
    ```
 
-2. **Configure SSH** (if needed - same as above)
-
-3. **Get Credentials** (same as above)
-
-4. **Get Project Details**
-
-   Contact your data coordinator for:
-   - DRS server URL
-   - Organization name
-   - Project ID
-   - Bucket name
-   - Confirmation that bucket mapping exists for your organization/project
-
-5. **Initialize Git DRS**
+2. hydrate tracked files when needed
 
    ```bash
-   git drs init
+   git drs pull
    ```
 
-6. **Add Remote Configuration**
+   To hydrate only part of a repository instead of everything, use include filters:
 
    ```bash
-   git drs remote add gen3 production \
-       --cred /path/to/credentials.json \
-       --url https://calypr-public.ohsu.edu \
-       --project my-project \
-       --bucket my-bucket
+   git drs pull -I "data/sample.bam"
+   git drs pull -I "*.vcf.gz"
    ```
 
-   **Note:** Since this is your first remote, it automatically becomes the default. No need to run `git drs remote set`.
-
-7. **Verify Configuration**
+3. edit or add files normally
 
    ```bash
-   git drs remote list
-   ```
-
-   Output:
+   git add ...
+   git commit -m "..."
    ```
-   * production  gen3    https://calypr-public.ohsu.edu
-   ```
-
-   **Important:** `git drs remote add` alone is not enough. Push/pull requires an existing bucket mapping for your `organization/project` (usually provisioned once by a steward/admin).
-
-**Managing Additional Remotes**
-
-You can add more remotes later for multi-environment workflows (development, staging, production):
-
-```bash
-# Add staging remote
-git drs remote add gen3 staging \
-    --cred /path/to/staging-credentials.json \
-    --url https://staging.calypr.ohsu.edu \
-    --project staging-project \
-    --bucket staging-bucket
-
-# View all remotes
-git drs remote list
-
-# Switch default remote
-git drs remote set staging
-
-# Or use specific remote for one command
-git drs push production
-git drs fetch staging
-```
-
-## File Tracking
 
-Git DRS can use Git LFS-compatible pointers and local object storage. You must explicitly track file patterns before adding LFS-managed files.
-
-### View Current Tracking
-
-```bash
-git lfs track
-```
-
-### Track Files
-
-**Single File**
-
-```bash
-git lfs track path/to/specific-file.txt
-git add .gitattributes
-```
-
-**File Pattern**
-
-```bash
-git lfs track "*.bam"
-git add .gitattributes
-```
-
-**Directory**
-
-```bash
-git lfs track "data/**"
-git add .gitattributes
-```
-
-### Untrack Files
-
-```bash
-# View tracked patterns
-git lfs track
-
-# Remove pattern
-git lfs untrack "*.bam"
-
-# Stage changes
-git add .gitattributes
-```
-
-## Basic Workflows
-
-### Adding and Pushing Files
-
-```bash
-# Track file type (if not already tracked)
-git lfs track "*.bam"
-git add .gitattributes
+4. push data changes
 
-# Add your file
-git add myfile.bam
-
-# Verify LFS is tracking it
-git lfs ls-files
-
-# Commit and push
-git commit -m "Add new data file"
-git push
-```
-
-> **Note**: Git DRS automatically creates DRS records during commit and uploads files to the default remote during push.
+   ```bash
+   git drs push
+   ```
 
-### Downloading Files
+`git drs push` handles the DRS upload flow and the Git push flow together.
 
-**Single File**
+Use plain `git push` when you only want Git ref updates and do not want the `git-drs` registration/upload stage.
 
-```bash
-git lfs pull -I path/to/file.bam
-```
+## The Core Tasks
 
-**Pattern**
+### Track files
 
 ```bash
-git lfs pull -I "*.bam"
+git drs track "*.bam"
+git drs track "data/**"
 ```
 
-**All Files**
-
-```bash
-git lfs pull
-```
+Always review and stage `.gitattributes` after changing tracking rules.
 
-**Directory**
+### Inspect local state
 
 ```bash
-git lfs pull -I "data/**"
+git drs ls-files
+git drs ls-files -l
+git drs ls-files --drs
 ```
 
-### Checking File Status
-
-```bash
-# List all LFS-tracked files
-git lfs ls-files
-
-# Check specific pattern
-git lfs ls-files -I "*.bam"
-
-# View localization status
-# (-) = not localized, (*) = localized
-git lfs ls-files
-```
+Interpretation:
 
-## Working with Cloud Object URLs
+- `*` means the worktree has localized bytes
+- `-` means the worktree still has a pointer
 
-You can add references to existing bucket objects without copying them:
+### Remove tracked files
 
 ```bash
-# Track the file pattern first
-git lfs track "myfile.txt"
-git add .gitattributes
-
-# Add object reference (known sha256 path)
-git drs add-url s3://bucket/path/to/file \
-  --sha256 <file-hash>
-
-# Or use unknown-sha (experimental sentinel mode)
-git drs add-url s3://bucket/path/to/file
-
-# Commit and push
-git commit -m "Add S3 file reference"
-git push
+git drs rm sample.bam
+git commit -m "Remove sample"
+git drs push
 ```
 
-See [Cloud URL Integration Guide](adding-s3-files.md) for detailed examples.
-
-## Configuration Management
-
-### View Configuration
-
-```bash
-git drs remote list
-```
+That is the supported delete flow for tracked `git-drs` objects. For the fuller decision tree, see [Removing Files](remove-files.md).
 
-### Update Configuration
+### Refresh credentials
 
 ```bash
-# Refresh credentials - re-add remote with new credentials
-git drs remote add gen3 production \
-    --cred /path/to/new-credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
-
-# Switch default remote
-git drs remote set staging
+git drs remote add gen3 production <organization/project> --cred /path/to/new-credentials.json
 ```
 
-### View Logs
-
-- Logs location: `.git/drs/` directory
-
-## Command Summary
-
-| Action             | Commands                                    |
-| ------------------ | ------------------------------------------- |
-| **Initialize**     | `git drs init`                              |
-| **Add remote**     | `git drs remote add gen3 <name> --cred...` |
-| **View remotes**   | `git drs remote list`                       |
-| **Set default**    | `git drs remote set <name>`                 |
-| **Track files**    | `git lfs track "pattern"`                   |
-| **Check tracked**  | `git lfs ls-files`                          |
-| **Add files**      | `git add file.ext`                          |
-| **Commit**         | `git commit -m "message"`                   |
-| **Push**           | `git push`                                  |
-| **Download**       | `git lfs pull -I "pattern"`                 |
-
-## Session Workflow
-
-> **Note**: You do NOT need to run `git drs init` again. Initialization is a one-time setup per Git repository clone.
-
-For each work session:
-
-1. **Refresh credentials** (if expired - credentials expire after 30 days)
-
-   ```bash
-   git drs remote add gen3 production \
-       --cred /path/to/new-credentials.json \
-       --url https://calypr-public.ohsu.edu \
-       --project my-project \
-       --bucket my-bucket
-   ```
-
-2. **Work with files** (track, add, commit, push)
-
-## Local DRS Server Setup
-
-Use this flow when developing against a local `drs-server` instead of hosted Gen3.
-
-1. **Initialize repo**
-
-   ```bash
-   git drs init
-   ```
-
-2. **Add local remote**
-
-   ```bash
-   git drs remote add local origin http://localhost:8080 \
-       --organization calypr \
-       --project end_to_end_test \
-       --bucket cbds \
-       --username drs-user \
-       --password drs-pass
-   ```
-
-   If your local server has no basic auth, omit `--username/--password`.
-
-3. **Track and push**
-
-   ```bash
-   git lfs track "*.bin"
-   git add .gitattributes data/example.bin
-   git commit -m "Add local DRS test file"
-   git drs push
-   ```
-
-4. **Verify pull**
-
-   ```bash
-   git drs pull
-   # or the Git LFS compatibility path
-   git lfs pull
-   ```
-
-For complete local/remote mode behavior and e2e runbooks, see [E2E Modes + Local Setup](e2e-modes-and-local-setup.md).
-
-3. **Download files as needed**
-
-   ```bash
-   git lfs pull -I "required-files*"
-   ```
-
-## Next Steps
+## Read Next
 
-- [Commands Reference](commands.md) - Complete command documentation
-- [Troubleshooting](troubleshooting.md) - Common issues and solutions
-- [Developer Guide](developer-guide.md) - Advanced usage and internals
+- [Commands Reference](commands.md) for exact command syntax
+- [Troubleshooting](troubleshooting.md) when a real workflow breaks
diff --git a/docs/git-lfs.md b/docs/git-lfs.md
new file mode 100644
index 00000000..4d3b683f
--- /dev/null
+++ b/docs/git-lfs.md
@@ -0,0 +1,37 @@
+# Git LFS Compatibility
+
+`git-drs` supports Git LFS compatibility, but Git LFS is not required for normal `git-drs` workflows.
+
+Use this page if you are working with an older repository, a mixed environment, or a team workflow that still expects Git LFS concepts.
+
+## What Is Optional
+
+You do **not** need Git LFS installed in order to:
+
+- install `git-drs`
+- add a `git-drs` remote
+- track files with `git drs track`
+- upload with `git drs push`
+- hydrate data with `git drs pull`
+
+## When Git LFS Still Matters
+
+Git LFS compatibility can still be useful when:
+
+- a repository already contains Git LFS-style pointer files
+- your team already understands Git LFS tracking patterns
+- you need to reason about clean/smudge filter behavior
+- you are debugging interoperability with older tooling
+
+`git-drs` uses a Git-compatible pointer workflow and fits into the same general filter architecture, but the day-to-day commands should come from `git-drs`, not from Git LFS.
+
+## Preferred Commands
+
+For current workflows, prefer:
+
+| Task | Use |
+|---|---|
+| Track files | `git drs track "*.bam"` |
+| See tracked files | `git drs ls-files` |
+| Hydrate file content | `git drs pull` |
+| Upload/register data | `git drs push` |
diff --git a/docs/installation.md b/docs/installation.md
index 723303d7..582ce425 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -1,153 +1,93 @@
 # Installation Guide
 
-This guide covers installation of Git DRS across different environments and target DRS servers.
+This page is only about getting the `git-drs` binary onto a machine. It does not teach the repository workflow.
 
-## Prerequisites
+If you want the shortest onboarding path, use [Quick Start](quickstart.md). If you want the workflow explained, use [Getting Started](getting-started.md).
 
-All installations require [Git LFS](https://git-lfs.com/) to be installed first:
+## Release Install
 
-```bash
-# macOS
-brew install git-lfs
+This guide uses release `v0.6.0`.
 
-# Linux (download binary)
-wget https://github.com/git-lfs/git-lfs/releases/download/v3.7.0/git-lfs-linux-amd64-v3.7.0.tar.gz
-tar -xvf git-lfs-linux-amd64-v3.7.0.tar.gz
-export PREFIX=$HOME
-./git-lfs-v3.7.0/install.sh
+- [GitHub Releases](https://github.com/calypr/git-drs/releases)
 
-# Configure LFS
-git lfs install --skip-smudge
-```
+=== "macOS (Apple Silicon)"
 
-## Local Installation (Gen3 Server)
-
-**Target Environment**: Local development machine targeting Gen3 data commons (e.g., CALYPR)
-
-### Steps
-
-1. **Install Git DRS**
-   ```bash
-   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)"
-   ```
-
-2. **Update PATH**
-   ```bash
-   # Add to ~/.bash_profile or ~/.zshrc
-   export PATH="$PATH:$HOME/.local/bin"
-   source ~/.bash_profile  # or source ~/.zshrc
-   ```
-
-3. **Verify Installation**
-   ```bash
-   git-drs --help
-   ```
-
-4. **Install Global Git Filters for git-drs**
-   ```bash
-   git drs install
-   ```
-
-   This writes the `filter.drs` settings to your `~/.gitconfig`.
-
-5. **Get Credentials**
-   - Log in to your data commons (e.g., https://calypr-public.ohsu.edu/)
-   - Click your email → Profile → Create API Key → Download JSON
-   - Note the download path for later configuration
-
-## HPC Installation (Gen3 Server)
-
-**Target Environment**: High-performance computing systems targeting Gen3 servers
-
-### Steps
-
-1. **Install Git LFS on HPC**
-   ```bash
-   # Download and install Git LFS
-   wget https://github.com/git-lfs/git-lfs/releases/download/v3.7.1/git-lfs-linux-amd64-v3.7.1.tar.gz
-   tar -xvf git-lfs-linux-amd64-v3.7.1.tar.gz
-   export PREFIX=$HOME
-   ./git-lfs-3.7.1/install.sh
-   
-   # Make permanent
-   echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bash_profile
-   source ~/.bash_profile
-   
-   # Configure
-   git lfs install --skip-smudge
-   
-   # Cleanup
-   rm git-lfs-linux-amd64-v3.7.0.tar.gz
-   rm -r git-lfs-3.7.0/
-   ```
-
-2. **Configure Git/SSH (if needed)**
-   ```bash
-   # Generate SSH key
-   ssh-keygen -t ed25519 -C "your_email@example.com"
-   
-   # Add to ssh-agent
-   eval "$(ssh-agent -s)"
-   ssh-add ~/.ssh/id_ed25519
-   
-   # Add public key to GitHub/GitLab
-   cat ~/.ssh/id_ed25519.pub
-   ```
-
-3. **Install Git DRS**
-   ```bash
-   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/calypr/git-drs/refs/heads/main/install.sh)"
-   
-   # Update PATH
-   echo 'export PATH="$PATH:$HOME/.local/bin"' >> ~/.bash_profile
-   source ~/.bash_profile
-   ```
-
-4. **Verify Installation**
-   ```bash
-   git-drs version
-   git drs install
-   ```
-
-## Build from Source
-
-For development or custom builds:
+    ```bash
+    curl -L -o git-drs-darwin-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
 
-```bash
-# Clone repository
-git clone https://github.com/calypr/git-drs.git
-cd git-drs
+=== "macOS (Intel)"
 
-# Build
-go build
+    ```bash
+    curl -L -o git-drs-darwin-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
 
-# Make accessible
-export PATH=$PATH:$(pwd)
-```
+=== "Linux (x86_64)"
+
+    ```bash
+    curl -L -o git-drs-linux-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Linux (arm64)"
+
+    ```bash
+    curl -L -o git-drs-linux-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Windows"
+
+    There is no packaged Windows release in this flow. Build `git-drs` from source instead.
+
+## PATH
 
-## Post-Installation
+If `$HOME/.local/bin` is not already in your shell path, add it in your shell startup file.
 
-After installation, verify your setup:
+Example:
+
+```bash
+export PATH="$PATH:$HOME/.local/bin"
+```
+
+## Verify The Install
 
 ```bash
-# Check Git DRS version
 git-drs version
+git drs version
+```
 
-# Check Git LFS
-git lfs version
+## Build From Source
 
-# View configured remotes (after setup)
-git drs remote list
+Use this when you need a local development build or a platform without a packaged release.
 
-# Verify git-drs global filter configuration
-git config --global --get filter.drs.process
+```bash
+git clone https://github.com/calypr/git-drs.git
+cd git-drs
+go build
 ```
 
-## Next Steps
+Then move or copy the built binary somewhere on your `PATH`.
+
+## What Installation Does Not Do
 
-After installation, see:
+Installing the binary does not configure a repository. Repository-local setup now normally happens when you run:
+
+```bash
+git drs remote add gen3 ...
+```
 
-> **Navigation:** [Installation](installation.md) → [Getting Started](getting-started.md) → [Commands Reference](commands.md)
+## Read Next
 
-- **[Getting Started](getting-started.md)** - Repository setup and basic workflows
-- **[Commands Reference](commands.md)** - Complete command documentation
+- [Quick Start](quickstart.md) for first setup on a real repo
+- [Getting Started](getting-started.md) for the workflow model
diff --git a/docs/precommit-cache-addurl-prepush.md b/docs/precommit-cache-addurl-prepush.md
deleted file mode 100644
index fe77ec08..00000000
--- a/docs/precommit-cache-addurl-prepush.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# ADR 0002: Align add-url and pre-push with the pre-commit cache
-
-## Status
-Proposed
-
-## Context
-`cmd/precommit` now maintains a local cache under `.git/drs/pre-commit/v1` that records:
-- path → LFS OID in `paths/<encoded-path>.json`
-- OID → paths + URL hint in `oids/<oid-hash>.json`
-
-`precommit_cache` provides read helpers for this cache and is intended to let the pre-push hook validate against authoritative sources while using cached hints to avoid re-scanning worktrees. `cmd/addurl` currently writes the LFS pointer and DRS files but does not update the pre-commit cache. `cmd/prepush` currently computes updates without consulting the cache. This means:
-- `add-url`-created objects are invisible to cache-aware workflows unless a pre-commit hook runs later.
-- `pre-push` cannot leverage cached OID/path/url hints or detect mismatches early.
-
-## Decision
-Update `cmd/addurl` and `cmd/prepush` to integrate with the pre-commit cache, while preserving the current fallback behavior when the cache is missing or stale.
-
-### Changes required in `cmd/addurl`
-1. **Write cache entries after LFS pointer creation**
-   - Create/update the path entry (`paths/<encoded-path>.json`) using the same encoding as `cmd/precommit` (`base64.RawURLEncoding` of the repo-relative path).
-   - Create/update the OID entry (`oids/<oid-hash>.json`) using the same OID hashing (`sha256(oid string)`), ensuring the `paths` list includes the new path.
-2. **Persist the external URL hint**
-   - Record the supplied S3 URL in the OID entry as the URL hint for pre-push.
-   - Align the JSON field name with the cache reader expectations (currently `external_url` in `precommit_cache`).
-3. **Respect cache semantics**
-   - Preserve existing `paths` for the same OID, append new ones idempotently, and update `updated_at`.
-   - Set `content_changed` when the path previously existed with a different OID.
-4. **Graceful fallback**
-   - If the cache directory is missing or non-writable, log a warning and continue without failing the `add-url` command.
-
-### Changes required in `cmd/prepush`
-1. **Use `precommit_cache` to seed work**
-   - Open the cache early and, when available, use it to map pushed paths/branches to their LFS OIDs and cached URL hints.
-   - If the cache is missing or entries are stale, fall back to current discovery/update logic.
-2. **Validate cached URL hints**
-   - When `updateDrsObjects` resolves authoritative URLs, compare them to cached hints via `precommit_cache.CheckExternalURLMismatch`.
-   - Warn (or fail, depending on policy) on mismatches to surface potentially stale or incorrect metadata before pushing.
-3. **Prefer cache data for DRS updates**
-   - Use cached OIDs/paths to reduce redundant file scans for LFS pointers.
-   - Carry cached `external_url` into DRS metadata when authoritative sources are unavailable, while still treating it as non-authoritative.
-
-## Consequences
-- `add-url` updates the same local cache used by pre-commit, so pre-push sees consistent data even when no commit occurs between add and push.
-- `pre-push` can use cached hints to speed up DRS updates and detect mismatches earlier, with a clear fallback path when cache data is missing or stale.
-- Cache schema alignment (`external_url` naming and OID hashing) becomes a shared contract between `cmd/precommit`, `cmd/addurl`, and `precommit_cache`.
diff --git a/docs/precommit.md b/docs/precommit.md
index 91682b6c..d3ea7b7e 100644
--- a/docs/precommit.md
+++ b/docs/precommit.md
@@ -1,128 +1,71 @@
-Below is **developer-facing documentation** you can drop into your repo (e.g. `docs/precommit-cache.md` or `README-precommit.md`).
-It assumes:
-
-* `cmd/precommit` installs the **pre-commit hook**
-* `precommit_cache` is the **read-only helper library** used by pre-push (and other tooling)
-
 ---
 
-# Developer Documentation: `.git/drs/pre-commit` Cache & Helpers
+# Developer Documentation: `.git/drs/pre-commit` Cache
 
 ## Overview
 
-This repository uses a **local, non-versioned cache** under:
+`git-drs` keeps two different kinds of local state under `.git/drs/`:
 
-```
-.git/drs/pre-commit/
+```text
+.git/drs/
+  lfs/objects/    authoritative local DRS metadata objects
+  pre-commit/     rebuildable local cache for path/OID/url hints
 ```
 
-to support fast, offline-friendly workflows for **Git LFS–tracked files**.
+They serve different jobs:
 
-The cache is:
+* `.git/drs/lfs/objects` stores the local DRS metadata records that commands such as `git drs push` and `git drs query` use directly.
+* `.git/drs/pre-commit` is a non-authoritative cache used to keep local path/OID bookkeeping coherent for the workflows that still write it today: `git drs precommit` and `git drs add-url`.
 
-* **LFS-only**
-* **non-authoritative**
-* **local to a working copy**
-* **never committed to Git**
+Plain `git push` does not read this cache. `git drs push` also does not depend on it for metadata registration.
 
-Its sole purpose is to bridge the gap between:
+## Current Ownership
 
-* **pre-commit** (file / path / content–centric, no network)
-* **pre-push** (ref / commit-range–centric, authoritative server resolution)
+### `cmd/precommit`
 
-> **Crisp rule:**
-> **Path is never authoritative; OID (sha256) is.**
+* Runs from the repo's `pre-commit` hook.
+* Reads staged Git content only.
+* Updates path and OID cache entries for tracked pointer files.
+* Never performs network I/O.
 
----
+### `cmd/addurl`
 
-## Responsibilities by Component
+* Writes a pointer file into the worktree.
+* Writes the local DRS metadata object under `.git/drs/lfs/objects`.
+* Updates the pre-commit cache so the new path/OID/object URL hint stay locally coherent.
 
-### `cmd/precommit` (pre-commit hook)
+### `internal/precommit_cache`
 
-* Runs on every `git commit`
-* Reads **staged content only**
-* Updates `.git/drs/pre-commit` cache
-* Never performs network I/O
-* Never queries DRS or DRS
-* Ignores all non-LFS files
+* Owns the cache layout definition shared by commands.
+* Provides the cache root/paths discovery logic plus the shared JSON types.
+* Does not own general cache mutation logic.
 
-### `precommit_cache` (helper library)
-
-* Read-only access to `.git/drs/pre-commit`
-* Used primarily by **pre-push**
-* Provides:
-
-    * path → OID lookups
-    * OID → paths lookups (advisory)
-    * OID → external URL hints
-* Does **not** modify cache contents
-
----
+## Cache Properties
 
-## Cache Scope (Important)
-
-Only files whose **staged content** is a valid Git LFS pointer are in scope:
-
-```
-version https://git-lfs.github.com/spec/v1
-oid sha256:<hex>
-```
-
-Everything else is ignored.
-
-This is by design.
+The cache is:
 
----
+* local to one checkout
+* never committed to Git
+* safe to delete and rebuild
+* non-authoritative
 
-## Cache Location & Versioning
+The authoritative local metadata store remains `.git/drs/lfs/objects`.
 
-All cache data lives under:
+## On-Disk Layout
 
-```
+```text
 .git/drs/pre-commit/v1/
+  paths/
+    <encoded-path>.json
+  oids/
+    <oid-hash>.json
+  tombstones/     optional, precommit-owned
+  state.json      reserved
 ```
 
-* Versioned by directory (`v1/`) to allow future format evolution
-* Safe to delete at any time (will be rebuilt)
-
----
-
-## Directory Layout
-
-```
-.git/drs/pre-commit/
-  v1/
-    paths/
-      <encoded-path>.json
-    oids/
-      <oid-hash>.json
-    tombstones/
-      <encoded-path>.json   (optional / best-effort)
-    state.json              (reserved for future use)
-```
-
----
-
-## Data Model
-
-The cache models **three non-authoritative relationships**:
-
-1. **Path → OID**
-2. **OID → Path(s)**
-3. **OID → External URL (hint)**
-
-All are **hints only**.
-The authoritative source of truth lives on the server (DRS / DRS).
-
----
-
-## File Formats
-
 ### Path Entry
 
-`v1/paths/<encoded-path>.json`
-
-Represents the **currently staged** LFS object at a given working-tree path.
+`paths/<encoded-path>.json`
 
 ```json
 {
@@ -132,31 +75,15 @@ Represents the **currently staged** LFS object at a given working-tree path.
 }
 ```
 
-Notes:
-
-* `path` is repo-relative
-* `lfs_oid` comes from the staged LFS pointer
-* Updated on:
-
-    * add
-    * modify
-    * rename
-    * undo / restage
-
----
+### OID Entry Written By `add-url`
 
-### OID Entry
-
-`v1/oids/<oid-hash>.json`
-
-Represents **advisory information** about an LFS object.
+`oids/<oid-hash>.json`
 
 ```json
 {
   "lfs_oid": "sha256:abc123...",
   "paths": [
-    "data/foo.bam",
-    "data/archive/foo-copy.bam"
+    "data/foo.bam"
   ],
   "external_url": "s3://bucket/key",
   "updated_at": "2026-02-01T12:34:56Z",
@@ -164,267 +91,24 @@ Represents **advisory information** about an LFS object.
 }
 ```
 
-Notes:
+### Legacy Read Compatibility
 
-* `paths[]` is advisory and may contain stale values
-* `external_url` is a **hint**, not authoritative
-* `content_changed` reflects local observation only
-
----
-
-### Tombstones (Optional)
-
-Used to record deleted paths for potential GC or debugging.
+Older cache entries may still contain:
 
 ```json
 {
-  "path": "data/old.bam",
-  "deleted_at": "2026-02-01T12:00:00Z"
+  "s3_url": "s3://bucket/key"
 }
 ```
 
----
-
-## Pre-Commit Behavior (What Happens Automatically)
-
-### Add / Modify LFS File
-
-* Extracts LFS OID from staged pointer
-* Updates:
-
-    * `paths/<path>.json`
-    * `oids/<oid>.json`
-* Preserves any existing `external_url` hint
-
-### Rename / Move LFS File
-
-* Moves `paths/<old>.json` → `paths/<new>.json`
-* Updates OID entry paths list
-* OID remains unchanged
-
-### Content Change
-
-* Detects OID change for same path
-* Updates path entry with new OID
-* Marks `content_changed=true` on new OID entry
-* Removes path from old OID entry (best-effort)
-
-### Undo / Reset / Restage
-
-* No special handling
-* Cache always reconciles from the staged index
-* Stale entries are tolerated
-
----
-
-## What the Cache Is *Not*
-
-* ❌ Not authoritative
-* ❌ Not guaranteed to be complete
-* ❌ Not synced across machines
-* ❌ Not committed to Git
-* ❌ Not validated against server state
-
-It exists purely to improve developer ergonomics.
-
----
-
-## `precommit_cache` Helper Library
-
-### Package Purpose
-
-`precommit_cache` provides **read-only helpers** for consumers such as:
-
-* `pre-push` hooks
-* diagnostic tools
-* developer utilities
-
-It never mutates cache state.
-
----
-
-### Opening the Cache
-
-```go
-cache, err := drscache.Open(ctx)
-if err != nil {
-    // handle error
-}
-```
-
-This locates `.git/drs/pre-commit/v1` automatically.
-
----
-
-### Common Lookups
-
-#### Path → OID
-
-```go
-oid, ok, err := cache.LookupOIDByPath("data/foo.bam")
-```
-
-* `ok=false` means no cache entry
-* Does not guarantee the file is still staged
-
----
-
-#### OID → Paths (Advisory)
-
-```go
-paths, ok, err := cache.LookupPathsByOID(oid)
-```
-
-Useful for:
-
-* error messages
-* diagnostics
-* explaining why an OID is required at push time
-
----
-
-#### OID → External URL Hint
-
-```go
-url, ok, err := cache.LookupExternalURLByOID(oid)
-```
-
-* Hint only
-* May be stale or missing
-* Must be validated against DRS / DRS
-
----
-
-#### Path → External URL Hint
-
-```go
-url, ok, err := cache.ResolveExternalURLByPath("data/foo.bam")
-```
-
-Convenience helper:
-
-```
-path → oid → external_url
-```
-
----
-
-### Validation Helpers
-
-```go
-err := drscache.CheckExternalURLMismatch(localHint, authoritativeURL)
-```
-
-Used by pre-push to compare local hints with server truth.
-
----
-
-## Intended Pre-Push Usage Pattern
-
-1. Determine commit range from pre-push stdin
-2. Enumerate **LFS OIDs** referenced by pushed commits
-3. For each OID:
-
-    * Optionally read local hints from `precommit_cache`
-    * Resolve authoritative data from DRS / DRS
-4. Enforce policy:
-
-    * unresolved OID → fail push
-    * mismatched external URL → warn or fail
-5. Proceed with push
-
----
-
-## Deleting or Rebuilding the Cache
-
-It is always safe to delete:
-
-```
-rm -rf .git/drs/pre-commit
-```
-
-The cache will be rebuilt automatically on the next commit.
-
----
-
-## Design Guarantees
-
-* Pre-commit remains:
-
-    * fast
-    * deterministic
-    * offline-friendly
-* Pre-push remains:
-
-    * authoritative
-    * ref-aware
-    * network-enabled
-* Git history remains:
-
-    * clean
-    * storage-agnostic
-    * reproducible via server index
-
----
-
-## Sequence Diagram
-
-```mermaid
-sequenceDiagram
-  autonumber
-  actor Dev as Developer
-  participant Git as git
-  participant PC as pre-commit hook (cmd/precommit)
-  participant Cache as .git/drs/pre-commit (local cache)
-  participant PP as pre-push hook
-  participant LFS as git-lfs
-  participant IDX as DRS (authoritative)
-  participant DRS as DRS (authoritative)
-
-  Dev->>Git: git add <files>
-  Dev->>Git: git commit
-
-  Git->>PC: invoke pre-commit (no stdin)
-  PC->>Git: git diff --cached --name-status -M
-  PC->>Git: git show :<path> (staged pointer)
-  alt staged file is LFS pointer
-    PC->>Cache: write paths/<encoded-path>.json (path -> oid)
-    PC->>Cache: upsert oids/<oid-hash>.json (oid -> paths[] + external_url hint)
-  else non-LFS file
-    PC-->>Git: ignore (out of scope)
-  end
-  PC-->>Git: exit 0 (commit proceeds)
-
-  Dev->>Git: git push <remote> <ref>
-  Git->>PP: invoke pre-push (stdin: ref updates)
-  PP->>PP: compute commit ranges from stdin
-  PP->>LFS: enumerate LFS OIDs referenced by pushed commits
-  loop for each required OID
-    PP->>Cache: lookup external_url hint (optional)
-    PP->>IDX: resolve by sha256 (OID) -> object_id + urls[]
-    opt DRS resolution
-      PP->>DRS: resolve by object_id -> access_methods[]
-    end
-    alt OID not resolvable
-      PP-->>Git: fail push (exit non-zero)
-    else resolvable
-      opt local hint present
-        PP->>PP: compare hint vs authoritative URL
-      end
-    end
-  end
-  PP-->>Git: exit 0 (push proceeds)
-```
+`internal/precommit_cache` still reads that legacy field, but current writers now normalize back to `external_url` on rewrite.
 
-## Summary
+## Rebuild Story
 
-> `.git/drs/pre-commit` is a **local, LFS-only, non-authoritative cache** that tracks
-> **path ↔ OID ↔ external URL hints** to support rename, undo, and offline workflows.
->
-> `precommit_cache` provides safe, read-only access to this cache for enforcement at pre-push.
+If `.git/drs/pre-commit` is deleted:
 
-If you want, I can also:
+* `git drs precommit` will repopulate entries from staged pointer changes.
+* `git drs add-url` will recreate entries for files it writes.
+* `.git/drs/lfs/objects` is unaffected.
 
-* add **inline Go doc comments** suitable for `pkg.go.dev`
-* generate a **sequence diagram** (commit → cache → push → DRS/DRS)
-* or write a **pre-push reference implementation** that uses these helpers end-to-end
+This means cache cleanup is safe as long as commands that own the cache keep their current write paths.
diff --git a/docs/quickstart.md b/docs/quickstart.md
new file mode 100644
index 00000000..f8411aed
--- /dev/null
+++ b/docs/quickstart.md
@@ -0,0 +1,123 @@
+# Quick Start
+
+This page is intentionally minimal. It gets a new user from zero to a working `git-drs` repository with as little explanation as possible.
+
+If you want the workflow explained after setup, continue to [Getting Started](getting-started.md).
+
+## 1. Install `git-drs`
+
+This quick start uses release `v0.6.0`.
+
+- [GitHub Releases](https://github.com/calypr/git-drs/releases)
+
+=== "macOS (Apple Silicon)"
+
+    ```bash
+    curl -L -o git-drs-darwin-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "macOS (Intel)"
+
+    ```bash
+    curl -L -o git-drs-darwin-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-darwin-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-darwin-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Linux (x86_64)"
+
+    ```bash
+    curl -L -o git-drs-linux-amd64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-amd64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-amd64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Linux (arm64)"
+
+    ```bash
+    curl -L -o git-drs-linux-arm64-v0.6.0.tar.gz \
+      https://github.com/calypr/git-drs/releases/download/v0.6.0/git-drs-linux-arm64-v0.6.0.tar.gz
+    tar -xzf git-drs-linux-arm64-v0.6.0.tar.gz
+    install -m 0755 git-drs "$HOME/.local/bin/git-drs"
+    ```
+
+=== "Windows"
+
+    There is no packaged Windows release in this flow. Build `git-drs` from source instead.
+
+Verify:
+
+```bash
+git-drs version
+```
+
+## 2. Get Credentials
+
+Download your Gen3 API credentials JSON from your commons profile page and save it somewhere stable, for example:
+
+```bash
+~/.gen3/credentials.json
+```
+
+Typical flow:
+
+1. Sign in to the Gen3 portal.
+2. Open your profile page.
+3. Click `Create API Key`.
+4. Download the JSON file.
+5. Save it somewhere stable.
+
+## 3. Connect An Existing Repository
+
+```bash
+git clone <repo-url>
+cd <repo-name>
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs pull
+```
+
+Use this path when the repository already contains tracked pointers and you want local file contents.
+
+## 4. Start A New Repository
+
+```bash
+mkdir my-data-repo
+cd my-data-repo
+git init
+git drs remote add gen3 production <organization/project> --cred ~/.gen3/credentials.json
+git drs track "*.bam"
+git add .gitattributes
+git commit -m "Configure tracked files"
+```
+
+## 5. Day-One Commands
+
+Update Git history:
+
+```bash
+git pull
+```
+
+Hydrate tracked pointer files already present in the checkout:
+
+```bash
+git drs pull
+```
+
+Register/upload tracked objects and complete the managed push flow:
+
+```bash
+git drs push
+```
+
+Use plain `git push` only when you intentionally want Git-only ref updates without the managed `git-drs` upload/registration path.
+
+## Read Next
+
+- [Getting Started](getting-started.md) for the workflow model
+- [Commands Reference](commands.md) for exact command behavior
diff --git a/docs/remove-files.md b/docs/remove-files.md
new file mode 100644
index 00000000..88d2ef67
--- /dev/null
+++ b/docs/remove-files.md
@@ -0,0 +1,59 @@
+# Removing Files
+
+There are two different questions when you remove a file from a `git-drs` repository:
+
+1. Do you just want to remove the path from Git?
+2. Do you also want the pushed deletion to reconcile remote DRS state for that object?
+
+For tracked `git-drs` files, the recommended command is `git drs rm`.
+
+## Which Command To Use
+
+### Use `git drs rm` for tracked `git-drs` files
+
+```bash
+git drs rm DATA/subject-123/vcf/sample1.vcf.gz
+```
+
+Use this when you want the supported Git-DRS delete workflow.
+
+What it does immediately:
+
+- validates that the path is a tracked `git-drs` file
+- removes the path from the worktree and index
+- stages the deletion through normal Git
+
+What happens later, when the deletion is committed and pushed:
+
+- `git-drs` derives deleted pointers from the pushed Git commit delta
+- if the object is still live somewhere else in the pushed repo state, only the local path deletion is reconciled
+- if the scoped record has exactly one `controlled_access` resource, the remote record is deleted
+- if the record has multiple `controlled_access` resources, only the current `organization/project` resource is removed
+
+### Use `git rm` for ordinary Git-managed files
+
+```bash
+git rm README.md
+```
+
+Use this for files that are not tracked by `git-drs`.
+
+## Typical Tracked-File Removal Flow
+
+```bash
+git drs rm DATA/subject-123/vcf/sample1.vcf.gz
+git commit -m "Remove sample"
+git drs push
+```
+
+That is the supported tracked-object delete flow.
+
+## Best Practice
+
+For data objects managed by `git-drs`, prefer:
+
+```bash
+git drs rm <path>
+git commit -m "Remove tracked object"
+git drs push
+```
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 01ff0f3b..a65142f7 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -1,247 +1,169 @@
 # Troubleshooting
 
-Common issues and solutions when working with Git DRS.
+Common issues and solutions for the cleaned `git-drs` CLI.
 
-> **Navigation:** [Getting Started](getting-started.md) → [Commands Reference](commands.md) → **Troubleshooting**
+> **Navigation:** [Getting Started](getting-started.md) -> [Commands Reference](commands.md) -> **Troubleshooting**
 
 ## Frequently Asked Questions
 
 ### Do I need to run `git drs init` each time?
 
-**No.** `git drs init` is set up once per Git repo.
+No.
 
-**Run it once when:**
+`git drs init` is repository setup. In most cases you do not need to run it manually at all, because `git drs remote add ...` now bootstraps that setup automatically when it is missing.
 
-- You first clone a repository
-- You create a new repository
+Run it when:
 
-**Don't run it again:**
+- you want to initialize repo-local `git-drs` state before adding any remote
+- you want to repair hooks/config wiring explicitly
 
-- At the start of each work session
-- After refreshing credentials
-- After pulling updates
+Do not run it every session:
 
-**What it does:**
+- not at the start of normal daily work
+- not after refreshing credentials
+- not after `git pull`
 
-- Sets up `.drs/` directory structure
-- Configures Git LFS hooks
-- Updates `.gitignore`
+What it changes:
 
-These changes persist in your local repository. For subsequent sessions, you only need to refresh credentials if they've expired (every 30 days).
+- creates `.git/drs/` repository-local state
+- sets up `git-drs` repository configuration and hooks
+- prepares the repo for managed pointer/register/hydration behavior
 
-### What to do if you run `git drs init` again
+### What if I run `git drs init` again?
 
-Running `git drs init` a second time is usually harmless but unnecessary. It may re-create the `\`.git/drs/\`` directory, re-install hooks, or modify `\`.gitattributes\`` and `\`.gitignore\``. If you ran it accidentally, follow these steps:
+Usually nothing catastrophic, but it is unnecessary.
 
-1. Inspect what changed
-   - `git status`
-   - `git diff` (or `git diff -- <file>` for a specific file, e.g. `\`.gitignore\``)
+If you did it accidentally:
 
-2. If changes are fine
-   - No action required; commit the intended changes or leave them uncommitted.
+1. inspect what changed
 
-3. If you want to discard uncommitted changes
-   - Restore specific files: `git restore --staged \`.gitignore\`` && `git restore \`.gitignore\``
-   - Restore all working-tree changes: `git restore .`
-   - Or (destructive) reset everything: `git reset --hard`  \- use with caution.
-
-4. If you already committed the unintended changes
-   - Undo the last commit but keep changes staged: `git reset --soft HEAD~1`
-   - Or remove the commit and working changes: `git reset --hard HEAD~1`  \- use with caution.
-   - See the "Undo Last Commit" section above for alternatives.
-
-5. Hooks or credentials issues
-   - If hooks were replaced or credentials need refresh, run `git drs init` with the correct `--cred`/`--profile` options, or re-add the remote with `git drs remote add`.
-
-Summary: inspect with `git status`/`git diff`, then either accept, manually edit, or revert the changes using standard `git restore` / `git reset` commands.
-
-
-## When to Use Which Tool
-
-Understanding when to use Git, Git LFS, or Git DRS commands:
-
-### Git DRS Commands
-
-**Use for**: Repository and remote configuration
-
-- `git drs init` - Initialize Git LFS hooks
-- `git drs remote add` - Configure DRS server connections
-- `git drs remote list` - View configured remotes
-- `git drs add-url` - Add cloud object references
-
-**When**:
-
-- Setting up a new repository
-- Adding/managing DRS remotes
-- Refreshing expired credentials
-- Adding external file references
-
-### Git LFS Commands
-
-**Use for**: File tracking and management
-
-- `git lfs track` - Define which files to track
-- `git lfs ls-files` - See tracked files and status
-- `git lfs pull` - Download specific files
-- `git lfs untrack` - Stop tracking file patterns
-
-**When**:
-
-- Managing which files are stored externally
-- Downloading specific files
-- Checking file localization status
+   ```bash
+   git status
+   git diff
+   ```
 
-### Standard Git Commands
+2. if the changes are harmless, leave them alone or commit what you intended
 
-**Use for**: Version control operations
+3. if you want to discard the uncommitted changes, use normal Git restore/reset flow carefully
 
-- `git add` - Stage files for commit
-- `git commit` - Create commits
-- `git push` - Upload commits and trigger file uploads
-- `git pull` - Get latest commits
+4. if hooks or repo-local state were repaired intentionally, keep the changes
 
-**When**:
+The right default is: inspect first, then decide whether anything actually needs to be reverted.
 
-- Normal development workflow
-- Git DRS runs automatically in the background
+### What does `git drs init` actually change?
 
-## Common Error Messages
+It prepares repository-local `git-drs` state:
 
-## Git LFS-Oriented Troubleshooting Guide (Commit/Push/Clone/Pull)
+- `.git/drs/` metadata/state
+- hook/config wiring for `git-drs` workflows
+- the repo-local setup needed for pointer/register/hydration behavior
 
-The checks below prioritize Git LFS guidance and documentation because Git DRS relies on Git LFS for large-file handling. If you run into issues, start with the Git LFS troubleshooting docs and logs, then move to Git DRS-specific configuration checks. Primary references: the Git LFS troubleshooting guide and the Git LFS documentation for installation, tracking, and environment variables:  
+Those changes persist in the clone. They are not something you redo per session.
 
-- Git LFS troubleshooting: https://github.com/git-lfs/git-lfs/wiki/Troubleshooting  
-- Git LFS docs: https://github.com/git-lfs/git-lfs/tree/main/docs  
+## When to Use Which Tool
 
-### Failed Commit (Git LFS hooks or pointer issues)
+### Use `git-drs` for
 
-1. **Confirm Git LFS is installed and hooks are active**  
-   - Run: `git lfs version` and `git lfs env`  
-   - If `git lfs env` reports `git lfs install` is needed, run `git lfs install` to re-install hooks.  
-   - This is the most common cause of commits failing to convert large files into LFS pointers.  
+- repository-local `git-drs` setup
+- remote configuration
+- tracking rules
+- object hydration
+- DRS/Syfon metadata-oriented workflows
 
-2. **Check whether the file was tracked before the commit**  
-   - Run: `git lfs track` and confirm the file pattern is listed.  
-   - If not tracked, add it (`git lfs track "*.bam"`) and stage `.gitattributes`.  
+Examples:
 
-3. **Verify the file is staged as an LFS pointer**  
-   - Run: `git lfs ls-files` to confirm the file is listed.  
-   - If a large file was added to Git history directly, remove it from the index and re-add it after tracking.  
+- `git drs remote add gen3 ...`
+- `git drs remote remove ...`
+- `git drs init`
+- `git drs track`
+- `git drs ls-files`
+- `git drs pull`
+- `git drs add-url`
+- `git drs copy-records`
 
-4. **Review Git LFS logs for hook errors**  
-   - Run: `git lfs logs last` to inspect hook failures.  
-   - Common errors include missing filters or file locking issues.  
+### Use normal Git for
 
-### Failed Push (LFS uploads, auth, or bandwidth issues)
+- branch and commit movement
+- staging and committing
+- ordinary ref push/pull operations
 
-1. **Check Git LFS authentication and endpoint configuration**  
-   - Run: `git lfs env` and confirm `Endpoint` values are correct.  
-   - If tokens are expired, refresh credentials and re-run the push.  
+Examples:
 
-2. **Retry with LFS verbose logging**  
-   - Run: `GIT_TRACE=1 GIT_CURL_VERBOSE=1 git lfs push --all`  
-   - Use this output to identify `403/401` auth issues or proxy errors.  
+- `git add`
+- `git commit`
+- `git push`
+- `git pull`
 
-3. **Confirm the LFS objects exist locally**  
-   - Run: `git lfs ls-files` and ensure your large files are listed.  
-   - Missing objects indicate a tracking or filter issue before the push.  
+## First Principles
 
-4. **Validate the remote supports Git LFS**  
-   - Run: `git lfs env` to confirm the remote endpoint.  
-   - Some Git servers require explicit LFS enablement or URL configuration.  
+Before debugging behavior, keep the command split straight:
 
-### Failed Clone (LFS objects missing or blocked)
+- `git pull`
+  - updates commits, branches, and checkout state
+- `git drs pull`
+  - hydrates tracked pointer files already present in the current checkout
+- `git drs ls-files`
+  - shows tracked files and localization state
 
-1. **Confirm LFS objects were fetched**  
-   - After clone, run: `git lfs pull` to fetch large files.  
-   - If the repo only has LFS pointers, you will see pointer files until you pull.  
+If you blur those together, the failure modes get confusing.
 
-2. **Check LFS smudge/clean filters**  
-   - Run: `git lfs env` and verify `git-lfs` filters are enabled.  
-   - If not, run `git lfs install` and re-run `git lfs pull`.  
+## Common Error Patterns
 
-3. **Validate access and authentication**  
-   - `git lfs env` will show which endpoint is used; 401/403 errors point to invalid credentials.  
+### Failed commit or pointer conversion issues
 
-4. **Inspect LFS logs for download errors**  
-   - Run: `git lfs logs last` for the most recent transfer errors.  
+Check these in order:
 
-### Failed Pull (LFS fetch/checkout issues)
+1. confirm the file pattern was tracked before the add/commit flow
 
-1. **Run `git lfs pull` separately**  
-   - This isolates LFS download errors from Git merge errors.  
+   ```bash
+   git drs track
+   ```
 
-2. **Check LFS file locking or concurrent transfers**  
-   - If your Git host uses LFS file locking, verify the file is not locked by another user.  
+2. confirm `.gitattributes` was staged after changing tracking rules
 
-3. **Review filters and tracking**  
-   - Run: `git lfs track` to ensure required patterns are present.  
-   - If a file type is newly tracked, re-run `git add .gitattributes` and commit.  
+   ```bash
+   git status
+   ```
 
-4. **Check for storage or bandwidth limits**  
-   - Some Git LFS hosts enforce quotas; errors will show in `git lfs logs last`.  
+3. confirm the file shows up in the tracked inventory
 
-### Authentication Errors
+   ```bash
+   git drs ls-files
+   ```
 
-**Error**: `Upload error: 403 Forbidden` or `401 Unauthorized`
+4. inspect `.git/drs/` logs if the hook path failed
 
-**Cause**: Expired or invalid credentials
+### Failed push: upload, register, or auth
 
-**Solution**:
+Check:
 
 ```bash
-# Download new credentials from your data commons
-# Then refresh them by re-adding the remote
-git drs remote add gen3 production \
-    --cred /path/to/new-credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
+git drs remote list
+git drs ls-files --drs
 ```
 
-**Prevention**:
+Then retry with higher Git/HTTP verbosity if needed:
 
-- Credentials expire after 30 days
-- Set a reminder to refresh them regularly
-
----
-
-**Error**: `Upload error: 503 Service Unavailable`
-
-**Cause**: DRS server is temporarily unavailable or credentials expired
-
-**Solutions**:
-
-1. Wait and retry the operation
-2. Refresh credentials:
-   ```bash
-   git drs remote add gen3 production \
-       --cred /path/to/credentials.json \
-       --url https://calypr-public.ohsu.edu \
-       --project my-project \
-       --bucket my-bucket
-   ```
-3. If persistent, download new credentials from the data commons
-
-### Network Errors
-
-**Error**: `net/http: TLS handshake timeout`
+```bash
+GIT_TRACE=1 GIT_CURL_VERBOSE=1 git drs push
+```
 
-**Cause**: Network connectivity issues
+### Failed clone or fresh checkout still has pointer files
 
-**Solution**:
+That usually just means hydration has not happened yet.
 
-- Simply retry the command
-- These are usually temporary network issues
+Run:
 
----
+```bash
+git drs remote list
+git drs pull
+```
 
-**Error**: Git push timeout during large file uploads
+If the repo has never had a `git-drs` remote configured, run `git drs remote add ...` first. That command will also install the repo-local hooks/config.
 
-**Cause**: Long-running operations timing out
+### Network timeout during push or download
 
-**Solution**: Add to `~/.ssh/config`:
+If you use SSH remotes, keepalives help:
 
 ```
 Host github.com
@@ -249,297 +171,276 @@ Host github.com
     ServerAliveInterval 30
 ```
 
-### File Tracking Issues
+## Common Problems
 
-**Error**: Files not being tracked by LFS
+### `git drs pull` did not update my branch
 
-**Symptoms**:
+That is expected.
 
-- Large files committed directly to Git
-- `git lfs ls-files` doesn't show your files
+`git drs pull` no longer runs `git pull`.
 
-**Solution**:
+Use:
 
 ```bash
-# Check what's currently tracked
-git lfs track
+git pull
+git drs pull
+```
 
-# Track your file type
-git lfs track "*.bam"
-git add .gitattributes
+### `git drs ls-files` does not show my file
 
-# Remove from Git and re-add
-git rm --cached large-file.bam
-git add large-file.bam
-git commit -m "Track large file with LFS"
-```
+Check these in order:
 
----
+1. is the path actually tracked?
 
-**Error**: `[404] Object does not exist on the server`
+```bash
+git drs track
+```
 
-**Symptoms**:
+2. did you stage `.gitattributes` after adding the pattern?
 
-- After clone, git pull fails
+```bash
+git add .gitattributes
+```
 
-**Solution**:
+3. is the file part of the current checkout?
 
 ```bash
-# confirm repo has complete configuration
-git drs list-config
+git ls-files -- path/to/file
+```
 
-# init your git drs project
-git drs init --cred /path/to/cred/file --profile <name>
+4. inspect the local view:
 
-# attempt git pull again
-git lfs pull -I path/to/file
+```bash
+git drs ls-files -l
 ```
 
----
+### `git remote remove` did not remove my `git-drs` remote
 
-**Error**: `git lfs ls-files` shows files but they won't download
+That is expected.
 
-**Cause**: Files may not have been properly uploaded or DRS records missing
+Git remotes and `git-drs` remotes live in different config domains.
 
-**Solution**:
+Use:
 
 ```bash
-# Check repository status
-git drs list-config
+git drs remote list
+git drs remote remove <name>
+```
 
-# Try pulling with verbose output
-git lfs pull -I "problematic-file*" --verbose
+or:
 
-# Check logs
-cat .git/drs/*.log
+```bash
+git drs remote rm <name>
 ```
 
-### Configuration Issues
+### `git drs pull` does nothing
 
-**Error**: `git drs remote list` shows empty or incomplete configuration
+That usually means one of these:
 
-**Cause**: Repository not properly initialized or no remotes configured
+- the current checkout already has localized bytes
+- there are no tracked pointer files matching your include filters
+- the file is not tracked by `git-drs`
 
-**Solution**:
+Check:
 
 ```bash
-# Initialize repository if needed
-git drs init
-
-# Add Gen3 remote
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
-
-# Verify configuration
-git drs remote list
+git drs ls-files
+git drs ls-files -I "*.bam"
+git drs pull --dry-run -I "*.bam"
 ```
 
----
+### `git drs pull` still leaves pointer files
 
-**Error**: Configuration exists but commands fail
+Check DRS registration status:
 
-**Cause**: Mismatched configuration between global and local settings, or expired credentials
+```bash
+git drs ls-files --drs
+```
+
+If the object is not registered or not resolvable from the configured remote, hydration cannot succeed.
 
-**Solution**:
+Also confirm the remote configuration:
 
 ```bash
-# Check configuration
 git drs remote list
-
-# Refresh credentials by re-adding the remote
-git drs remote add gen3 production \
-    --cred /path/to/new-credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
 ```
 
-### Remote Configuration Issues
+If needed, inspect the detailed logs:
 
-**Error**: `no default remote configured`
+```bash
+ls -la .git/drs/
+```
 
-**Cause**: Repository initialized but no remotes added yet
+### `git drs remote add gen3` fails on bucket mapping
 
-**Solution**:
+Current shape:
 
 ```bash
-# Add your first remote (automatically becomes default)
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
+git drs remote add gen3 [remote-name] <organization/project> [--cred <file> | --token <token>]
 ```
 
----
+If this fails, the likely cause is missing bucket mapping for that scope.
 
-**Error**: `default remote 'X' not found`
+That mapping is usually steward/admin setup, not something the end user invents ad hoc.
 
-**Cause**: Default remote was deleted or configuration is corrupted
+### My credentials expired
 
-**Solution**:
+Refresh by re-adding the remote with a new credential file or token:
 
 ```bash
-# List available remotes
-git drs remote list
+git drs remote add gen3 production HTAN_INT/BForePC --cred /path/to/new-credentials.json
+```
 
-# Set a different remote as default
-git drs remote set staging
+You do not need to run `git drs init` again.
 
-# Or add a new remote
-git drs remote add gen3 production \
-    --cred /path/to/credentials.json \
-    --url https://calypr-public.ohsu.edu \
-    --project my-project \
-    --bucket my-bucket
-```
+What `git-drs` does automatically:
 
----
+- if the stored access token is expired but the stored API key is still valid, `git-drs` will attempt to refresh the access token
+- if the API key itself is expired, revoked, or replaced, you need to re-run `git drs remote add gen3 ...`
 
-**Error**: Commands using wrong remote
+How to think about recovery:
 
-**Cause**: Default remote is not the one you want to use
+- token expired, key still valid:
+  - often automatic
+- key expired or replaced:
+  - rerun `git drs remote add gen3 ... --cred ...` or `--token ...`
 
-**Solution**:
+How to check what is in use:
 
 ```bash
-# Check current default
 git drs remote list
-
-# Option 1: Change default remote
-git drs remote set production
-
-# Option 2: Specify remote for single command
-git drs push staging
-git drs fetch production
 ```
 
-## Undoing Changes
-
-### Untrack LFS Files
+And for the underlying Gen3 profile data:
 
-If you accidentally tracked the wrong files:
+- inspect `~/.gen3/gen3_client_config.ini`
 
-```bash
-# See current tracking
-git lfs track
+If you want the least surprising fix, just re-run `git drs remote add gen3 ...` with the current credential file. That updates the stored profile and repo token plumbing in one step.
 
-# Remove incorrect pattern
-git lfs untrack "wrong-dir/**"
+### `git drs push` fails with upload or register errors
 
-# Add correct pattern
-git lfs track "correct-dir/**"
+Check:
 
-# Stage the changes
-git add .gitattributes
-git commit -m "Fix LFS tracking patterns"
+```bash
+git drs remote list
+git drs ls-files --drs
 ```
 
-### Undo Git Add
+Typical root causes:
 
-Remove files from staging area:
+- expired credentials
+- wrong remote selected
+- missing server-side bucket mapping
+- object registration or upload permissions missing for the target scope
 
-```bash
-# Check what's staged
-git status
-
-# Unstage specific files
-git restore --staged file1.bam file2.bam
+If the failure happened during managed data push behavior, make sure you actually ran:
 
-# Unstage all files
-git restore --staged .
+```bash
+git drs push
 ```
 
-### Undo Last Commit
+Plain `git push` does not run `git-drs` registration/upload behavior.
 
-To retry a commit with different files:
+### Files are not being tracked
 
-```bash
-# Undo last commit, keep files in working directory
-git reset --soft HEAD~1
-
-# Or undo and unstage files
-git reset HEAD~1
-
-# Or completely undo commit and changes (BE CAREFUL!)
-git reset --hard HEAD~1
-```
+Symptoms:
 
-### Remove Files from LFS History
+- large files were committed directly to Git
+- `git drs ls-files` does not show the file
 
-If you committed large files directly to Git by mistake:
+Recovery:
 
 ```bash
-# Remove from Git history (use carefully!)
-git filter-branch --tree-filter 'rm -f large-file.dat' HEAD
-
-# Then track properly with LFS
-git lfs track "*.dat"
+git drs track "*.bam"
 git add .gitattributes
-git add large-file.dat
-git commit -m "Track large file with LFS"
+git rm --cached large-file.bam
+git add large-file.bam
+git commit -m "Track large file with git-drs"
 ```
 
-## Diagnostic Commands
+### Cloned repo only has pointer files
 
-### Check System Status
+That is normal.
 
-```bash
-# Git DRS version and help
-git-drs version
-git-drs --help
-
-# Configuration
-git drs remote list
+After cloning:
 
-# Repository status
-git status
-git lfs ls-files
+```bash
+git drs pull
 ```
 
-### View Logs
+Or hydrate only what you need:
 
 ```bash
-# Git DRS logs (in repository)
-ls -la .git/drs/
-cat .git/drs/*.log
+git drs pull -I "*.bam"
 ```
 
-### Test Connectivity
+### `git clone` or `git checkout` downloads too much data
 
-```bash
-# Test basic Git operations
-git lfs pull --dry-run
+**`git checkout` is fully safe by default.** Git DRS automatically skips downloading file payloads during checkout/clone (to keep checkouts fast). Only the lightweight pointer files are written to the working tree initially.
 
-# Test DRS configuration
+1. **Hydrate file content explicitly (Standard Workflow)**:
+   When you need the actual content of the files, run:
+   ```bash
+   git drs pull
+   ```
+   Or hydrate only what you need:
+   ```bash
+   git drs pull -I "*.bam"
+   ```
+
+2. **Force download during checkout (Optional)**:
+   If you want Git DRS to always download and hydrate all file payloads automatically during checkouts (reverting to non-skip behavior), you can:
+   - Configure it during remote setup:
+     ```bash
+     git drs remote add gen3 public HTAN_INT/BForePC --no-skip-smudge
+     ```
+   - Or configure it directly in Git settings:
+     ```bash
+     git config drs.skipsmudge false
+     ```
+   - Or run individual commands with the environment variable:
+     ```bash
+     export GIT_LFS_SKIP_SMUDGE=false
+     ```
+
+## Debugging Workflow
+
+When behavior is unclear, use this sequence:
+
+```bash
 git drs remote list
+git drs track
+git drs ls-files -l
+git drs ls-files --drs
+git drs pull --dry-run
 ```
 
-## Getting Help
+That usually tells you whether the problem is:
 
-### Log Analysis
+- tracking
+- hydration state
+- DRS registration
+- remote configuration
 
-When reporting issues, include:
+## Log and State Inspection
 
-```bash
-# System information
-git-drs version
-git lfs version
-git --version
+Useful checks:
 
-# Configuration
+```bash
 git drs remote list
-
-# Recent logs
-tail -50 .git/drs/*.log
+git drs track
+git drs ls-files -l
+git drs ls-files --drs
+ls -la .git/drs/
 ```
 
-## Prevention Best Practices
+## Removed Commands
+
+If you see old notes mentioning these, ignore them:
+
+- `git drs fetch`
+- `git drs list`
+- `git drs upload`
+- `git drs download`
 
-1. **Test in small batches** - Don't commit hundreds of files at once
-2. **Verify tracking** - Always check `git lfs ls-files` after adding files
-3. **Use .gitignore** - Prevent accidental commits of temporary files
-4. **Monitor repository size** - Keep an eye on `.git` directory size
+Those were removed from the cleaned CLI surface.
diff --git a/go.mod b/go.mod
index 8765febe..6d56a149 100644
--- a/go.mod
+++ b/go.mod
@@ -1,19 +1,20 @@
 module github.com/calypr/git-drs
 
-go 1.26.2
+go 1.26.4
 
 require (
 	github.com/bytedance/sonic v1.15.0
-	github.com/calypr/data-client v0.0.0-20260504172902-8e9b714aa299
-	github.com/calypr/syfon v0.2.8-0.20260503003649-cda722e27216
-	github.com/calypr/syfon/apigen v0.2.6-0.20260503003649-cda722e27216
+	github.com/calypr/calypr-cli v0.0.4-0.20260628024636-bb44afe0c576
+	github.com/calypr/syfon v0.3.2-0.20260616212227-547f1e22e1ac
+	github.com/calypr/syfon/apigen v0.2.9-0.20260616212227-547f1e22e1ac
 	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1
-	github.com/go-git/go-git/v5 v5.13.0
+	github.com/go-git/go-git/v5 v5.19.1
 	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/google/uuid v1.6.0
+	github.com/mattn/go-isatty v0.0.22
 	github.com/spf13/cobra v1.10.2
 	github.com/stretchr/testify v1.11.1
-	golang.org/x/sync v0.20.0
+	golang.org/x/sync v0.21.0
 )
 
 require (
@@ -37,10 +38,10 @@ require (
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.56.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.56.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.3 // indirect
+	github.com/ProtonMail/go-crypto v1.4.1 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
-	github.com/andybalholm/brotli v1.2.0 // indirect
+	github.com/andybalholm/brotli v1.2.1 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect
@@ -62,24 +63,24 @@ require (
 	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cloudflare/circl v1.6.4 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
+	github.com/cyphar/filepath-securejoin v0.7.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/envoyproxy/go-control-plane/envoy v1.37.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.3.3 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.0 // indirect
+	github.com/go-git/go-billy/v5 v5.9.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gofiber/fiber/v3 v3.1.0 // indirect
-	github.com/gofiber/schema v1.7.0 // indirect
-	github.com/gofiber/utils/v2 v2.0.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/gofiber/fiber/v3 v3.2.0 // indirect
+	github.com/gofiber/schema v1.7.1 // indirect
+	github.com/gofiber/utils/v2 v2.0.5 // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/wire v0.7.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
@@ -87,26 +88,25 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.18.5 // indirect
+	github.com/kevinburke/ssh_config v1.6.0 // indirect
+	github.com/klauspost/compress v1.18.6 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
-	github.com/mattn/go-isatty v0.0.21 // indirect
 	github.com/mattn/go-runewidth v0.0.23 // indirect
 	github.com/oapi-codegen/runtime v1.4.0 // indirect
 	github.com/philhofer/fwd v1.2.0 // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pjbgf/sha1cd v0.6.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20250313105119-ba97887b0a25 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
+	github.com/sergi/go-diff v1.4.0 // indirect
+	github.com/skeema/knownhosts v1.3.2 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
-	github.com/tinylib/msgp v1.6.3 // indirect
+	github.com/tinylib/msgp v1.6.4 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fasthttp v1.69.0 // indirect
+	github.com/valyala/fasthttp v1.71.0 // indirect
 	github.com/vbauerster/mpb/v8 v8.12.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
@@ -120,10 +120,10 @@ require (
 	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	gocloud.dev v0.45.0 // indirect
 	golang.org/x/arch v0.20.0 // indirect
-	golang.org/x/crypto v0.50.0 // indirect
-	golang.org/x/net v0.53.0 // indirect
+	golang.org/x/crypto v0.53.0 // indirect
+	golang.org/x/net v0.56.0 // indirect
 	golang.org/x/oauth2 v0.36.0 // indirect
-	golang.org/x/text v0.36.0 // indirect
+	golang.org/x/text v0.38.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
 	google.golang.org/api v0.276.0 // indirect
@@ -141,10 +141,10 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.32.14
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.14
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0
-	github.com/calypr/syfon/client v0.2.7-0.20260503003649-cda722e27216
+	github.com/calypr/syfon/client v0.3.1-0.20260616212227-547f1e22e1ac
 	github.com/hashicorp/go-version v1.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
-	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/sys v0.46.0 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 514e9f90..920f63b6 100644
--- a/go.sum
+++ b/go.sum
@@ -53,15 +53,15 @@ github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapp
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
-github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67IQOfM=
+github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
-github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
+github.com/andybalholm/brotli v1.2.1 h1:R+f5xP285VArJDRgowrfb9DqL18yVK0gKAW/F+eTWro=
+github.com/andybalholm/brotli v1.2.1/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
@@ -115,33 +115,33 @@ github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uS
 github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
 github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
 github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
-github.com/calypr/data-client v0.0.0-20260504172902-8e9b714aa299 h1:q5clCvC1DVNgswtek9iXa0AW31Pz0zAVEAryN/Ertdo=
-github.com/calypr/data-client v0.0.0-20260504172902-8e9b714aa299/go.mod h1:cAKvEGQogXFM4Hz22/JNOH+l2bRaz+pjT3N2H5cC8D4=
-github.com/calypr/syfon v0.2.8-0.20260503003649-cda722e27216 h1:f/fr9r4N3yKARlX+RPiZmg6fJG3xuSLpeTvk6as6AxM=
-github.com/calypr/syfon v0.2.8-0.20260503003649-cda722e27216/go.mod h1:m2jd8Snb+Gjc32AcOTdioZVjLmhsAXw7F4uzHQTGBtg=
-github.com/calypr/syfon/apigen v0.2.6-0.20260503003649-cda722e27216 h1:MuPHiYQXGX7frvN3EQZ4ZM5RjRZ1eGVY0D4iXCNAj0s=
-github.com/calypr/syfon/apigen v0.2.6-0.20260503003649-cda722e27216/go.mod h1:9JNwTgR57yKJlWqZpdqP+/l4zCNzH1EIFrW+e20PyMQ=
-github.com/calypr/syfon/client v0.2.7-0.20260503003649-cda722e27216 h1:1LFo3dMc4ZQHml9zQsBE5/k2ZEcHT4EpqxL+Hr/ROjo=
-github.com/calypr/syfon/client v0.2.7-0.20260503003649-cda722e27216/go.mod h1:DQSqNkxl9V3w08BiMconcJh3xtc+/Je7Xeo7qRH7wto=
+github.com/calypr/calypr-cli v0.0.4-0.20260628024636-bb44afe0c576 h1:ToXXURxRa8Cev0WjAvwDoOFYof5TDbrOjV+gNBz7v60=
+github.com/calypr/calypr-cli v0.0.4-0.20260628024636-bb44afe0c576/go.mod h1:9r9ffAA6QUCjJlrdJIlu0jPmS7rwv977Uau2xipVkaM=
+github.com/calypr/syfon v0.3.2-0.20260616212227-547f1e22e1ac h1:pNwp1J6K3BP6PieEzQrpLyt5xSFm2H4jAJDD2PRoV6A=
+github.com/calypr/syfon v0.3.2-0.20260616212227-547f1e22e1ac/go.mod h1:MNfdZjCOeg7dMQU3P19gh8h0tezh4dCe5uYvCC2qu9U=
+github.com/calypr/syfon/apigen v0.2.9-0.20260616212227-547f1e22e1ac h1:Oidz0ogmUHFD/9TkW5KsrSdCcuMrISawzIumOwtONss=
+github.com/calypr/syfon/apigen v0.2.9-0.20260616212227-547f1e22e1ac/go.mod h1:/NCUo74xusygxyf9zpMFcE9TfGFxh6abFsplVyMArkw=
+github.com/calypr/syfon/client v0.3.1-0.20260616212227-547f1e22e1ac h1:6pywyLmzjc17tyw2GYpO0SpaFbUu11N+qyUYEBWg534=
+github.com/calypr/syfon/client v0.3.1-0.20260616212227-547f1e22e1ac/go.mod h1:96He/A5DYwkeQM5XuzYgduJnP8gbat8lMYELIZcC0W0=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
 github.com/clipperhouse/uax29/v2 v2.7.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.6.4 h1:pOXuDTCEYyzydgUpQ0CQz3LsinKjiSk6nNP5Lt5K64U=
+github.com/cloudflare/circl v1.6.4/go.mod h1:YxarevkLlbaHuWsxG6vmYNWBEsSp4pnp7j+4VljMavY=
 github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
 github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 h1:aBangftG7EVZoUb69Os8IaYg++6uMOdKK83QtkkvJik=
 github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2/go.mod h1:qwXFYgsP6T7XnJtbKlf1HP8AjxZZyzxMmc+Lq5GjlU4=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
-github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.7.0 h1:s0Y3ITPy6sQn5xt54DuYvTF8hu134ooYLUb58DX/HjE=
+github.com/cyphar/filepath-securejoin v0.7.0/go.mod h1:ymLGms/u3BYaviIiuKFnUx8EkQEZeK6cInNoAPJA3o4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/elazarl/goproxy v1.2.1 h1:njjgvO6cRG9rIqN2ebkqy6cQz2Njkx7Fsfv/zIZqgug=
-github.com/elazarl/goproxy v1.2.1/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64=
+github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
+github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA=
@@ -156,20 +156,20 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78=
+github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1 h1:mtDjlmloH7ytdblogrMz1/8Hqua1y8B4ID+bh3rvod0=
 github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1/go.mod h1:fenKRzpXDjNpsIBhuhUzvjCKlDjKam0boRAenTE0Q6A=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
-github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
+github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA=
+github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E=
-github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw=
+github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00=
+github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
 github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
 github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -177,16 +177,16 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/gofiber/fiber/v3 v3.1.0 h1:1p4I820pIa+FGxfwWuQZ5rAyX0WlGZbGT6Hnuxt6hKY=
-github.com/gofiber/fiber/v3 v3.1.0/go.mod h1:n2nYQovvL9z3Too/FGOfgtERjW3GQcAUqgfoezGBZdU=
-github.com/gofiber/schema v1.7.0 h1:yNM+FNRZjyYEli9Ey0AXRBrAY9jTnb+kmGs3lJGPvKg=
-github.com/gofiber/schema v1.7.0/go.mod h1:A/X5Ffyru4p9eBdp99qu+nzviHzQiZ7odLT+TwxWhbk=
-github.com/gofiber/utils/v2 v2.0.2 h1:ShRRssz0F3AhTlAQcuEj54OEDtWF7+HJDwEi/aa6QLI=
-github.com/gofiber/utils/v2 v2.0.2/go.mod h1:+9Ub4NqQ+IaJoTliq5LfdmOJAA/Hzwf4pXOxOa3RrJ0=
+github.com/gofiber/fiber/v3 v3.2.0 h1:g9+09D320foINPpCnR3ibQ5oBEFHjAWRRfDG1te54u8=
+github.com/gofiber/fiber/v3 v3.2.0/go.mod h1:FHOsc2Db7HhHpsE62QAaJlXVV1pNkbZEptZ4jtti7m4=
+github.com/gofiber/schema v1.7.1 h1:oSJBKdgP8JeIME4TQSAqlNKTU2iBB+2RNmKi8Nsc+TI=
+github.com/gofiber/schema v1.7.1/go.mod h1:A/X5Ffyru4p9eBdp99qu+nzviHzQiZ7odLT+TwxWhbk=
+github.com/gofiber/utils/v2 v2.0.5 h1:IMXoI2A5Dao/aMMBURTNxnhbtQO4kUwUFOgcwFSIjLU=
+github.com/gofiber/utils/v2 v2.0.5/go.mod h1:FwwopfzwAQsoXLCHhOT24eH2jQfBgrrra9S5p0+luxg=
 github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
 github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
@@ -220,12 +220,12 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
-github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
-github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kevinburke/ssh_config v1.6.0 h1:J1FBfmuVosPHf5GRdltRLhPJtJpTlMdKTBjRgTaQBFY=
+github.com/kevinburke/ssh_config v1.6.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
-github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
+github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao=
+github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -239,8 +239,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
-github.com/mattn/go-isatty v0.0.21 h1:xYae+lCNBP7QuW4PUnNG61ffM4hVIfm+zUzDuSzYLGs=
-github.com/mattn/go-isatty v0.0.21/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
+github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
+github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
 github.com/mattn/go-runewidth v0.0.23 h1:7ykA0T0jkPpzSvMS5i9uoNn2Xy3R383f9HDx3RybWcw=
 github.com/mattn/go-runewidth v0.0.23/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/oapi-codegen/runtime v1.4.0 h1:KLOSFOp7UzkbS7Cs1ms6NBEKYr0WmH2wZG0KKbd2er4=
@@ -249,8 +249,8 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
 github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
-github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
-github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pjbgf/sha1cd v0.6.0 h1:3WJ8Wz8gvDz29quX1OcEmkAlUg9diU4GxJHqs0/XiwU=
+github.com/pjbgf/sha1cd v0.6.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -263,13 +263,13 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
-github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
+github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
+github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shamaton/msgpack/v3 v3.1.0 h1:jsk0vEAqVvvS9+fTZ5/EcQ9tz860c9pWxJ4Iwecz8gU=
 github.com/shamaton/msgpack/v3 v3.1.0/go.mod h1:DcQG8jrdrQCIxr3HlMYkiXdMhK+KfN2CitkyzsQV4uc=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
-github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
+github.com/skeema/knownhosts v1.3.2 h1:EDL9mgf4NzwMXCTfaxSD/o/a5fxDw/xL9nkU28JjdBg=
+github.com/skeema/knownhosts v1.3.2/go.mod h1:bEg3iQAuw+jyiw+484wwFJoKSLwcfd7fqRy+N0QTiow=
 github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
 github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -291,14 +291,14 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/tinylib/msgp v1.6.3 h1:bCSxiTz386UTgyT1i0MSCvdbWjVW+8sG3PjkGsZQt4s=
-github.com/tinylib/msgp v1.6.3/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
+github.com/tinylib/msgp v1.6.4 h1:mOwYbyYDLPj35mkA2BjjYejgJk9BuHxDdvRnb6v2ZcQ=
+github.com/tinylib/msgp v1.6.4/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.69.0 h1:fNLLESD2SooWeh2cidsuFtOcrEi4uB4m1mPrkJMZyVI=
-github.com/valyala/fasthttp v1.69.0/go.mod h1:4wA4PfAraPlAsJ5jMSqCE2ug5tqUPwKXxVj8oNECGcw=
+github.com/valyala/fasthttp v1.71.0 h1:tepR7H+Guh9VUqxxcPggYi8R3lGUu2Rsdh+z7/FCY3k=
+github.com/valyala/fasthttp v1.71.0/go.mod h1:z1sDUvOShhXq/C9mwH/fSm1Vb71tUJwmQdgkBrBNwnA=
 github.com/vbauerster/mpb/v8 v8.12.0 h1:+gneY3ifzc88tKDzOtfG8k8gfngCx615S2ZmFM4liWg=
 github.com/vbauerster/mpb/v8 v8.12.0/go.mod h1:V02YIuMVo301Y1VE9VtZlD8s84OMsk+EKN6mwvf/588=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -333,17 +333,17 @@ gocloud.dev v0.45.0/go.mod h1:0kXKmkCLG6d31N7NyLZWzt7jDSQura9zD/mWgiB6THI=
 golang.org/x/arch v0.20.0 h1:dx1zTU0MAE98U+TQ8BLl7XsJbgze2WnNKF/8tGp/Q6c=
 golang.org/x/arch v0.20.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
-golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
+golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
+golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM=
+golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
-golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
+golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
+golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec=
 golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
 golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
+golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -351,14 +351,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
+golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
+golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
-golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
+golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
+golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
 golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
 golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/internal/common/common.go b/internal/common/common.go
deleted file mode 100644
index 21480c5c..00000000
--- a/internal/common/common.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package common
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/bytedance/sonic"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-)
-
-// ParseOrgProject resolves the effective org and project from the conventional
-// arguments. When org is provided it is used directly. When org is empty the
-// project string is split on the first "-" to derive org and project.
-func ParseOrgProject(org, project string) (string, string) {
-	if org != "" {
-		return org, project
-	}
-	if project == "" {
-		return "", ""
-	}
-	if !strings.Contains(project, "-") {
-		return "default", project
-	}
-	parts := strings.SplitN(project, "-", 2)
-	return parts[0], parts[1]
-}
-
-// CalculateFileSHA256 returns the lowercase hex SHA256 checksum for a file.
-func CalculateFileSHA256(path string) (string, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return "", fmt.Errorf("open file %s: %w", path, err)
-	}
-	defer f.Close()
-
-	h := sha256.New()
-	if _, err := io.Copy(h, f); err != nil {
-		return "", fmt.Errorf("hash file %s: %w", path, err)
-	}
-
-	return hex.EncodeToString(h.Sum(nil)), nil
-}
-
-// PrintDRSObject marshals and prints a DRS object as JSON.
-func PrintDRSObject(obj drsapi.DrsObject, pretty bool) error {
-	var out []byte
-	var err error
-
-	if pretty {
-		out, err = sonic.ConfigFastest.MarshalIndent(obj, "", "  ")
-	} else {
-		out, err = sonic.ConfigFastest.Marshal(obj)
-	}
-	if err != nil {
-		return err
-	}
-
-	fmt.Printf("%s\n", string(out))
-	return nil
-}
diff --git a/internal/common/common_test.go b/internal/common/common_test.go
deleted file mode 100644
index 047745e5..00000000
--- a/internal/common/common_test.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package common
-
-import (
-	"os"
-	"strings"
-	"testing"
-)
-
-func TestParseOrgProject(t *testing.T) {
-	org, proj := ParseOrgProject("", "prog-project")
-	if org != "prog" || proj != "project" {
-		t.Fatalf("expected prog/project, got %s/%s", org, proj)
-	}
-	org, proj = ParseOrgProject("myorg", "myproject")
-	if org != "myorg" || proj != "myproject" {
-		t.Fatalf("expected myorg/myproject, got %s/%s", org, proj)
-	}
-	org, proj = ParseOrgProject("", "nohyphen")
-	if org != "default" || proj != "nohyphen" {
-		t.Fatalf("expected default/nohyphen, got %s/%s", org, proj)
-	}
-}
-
-func TestCalculateFileSHA256(t *testing.T) {
-	t.Run("returns checksum for file content", func(t *testing.T) {
-		tmp, err := os.CreateTemp(t.TempDir(), "sha256-*.txt")
-		if err != nil {
-			t.Fatalf("CreateTemp error: %v", err)
-		}
-		defer tmp.Close()
-
-		if _, err := tmp.WriteString("hello world\n"); err != nil {
-			t.Fatalf("WriteString error: %v", err)
-		}
-
-		got, err := CalculateFileSHA256(tmp.Name())
-		if err != nil {
-			t.Fatalf("CalculateFileSHA256 error: %v", err)
-		}
-
-		const want = "a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447"
-		if got != want {
-			t.Fatalf("unexpected checksum: got %s, want %s", got, want)
-		}
-	})
-
-	t.Run("returns error for missing file", func(t *testing.T) {
-		_, err := CalculateFileSHA256("/path/that/does/not/exist")
-		if err == nil {
-			t.Fatalf("expected error for missing file")
-		}
-		if !strings.Contains(err.Error(), "open file") {
-			t.Fatalf("expected open file error, got %v", err)
-		}
-	})
-}
diff --git a/internal/common/confirmation.go b/internal/common/confirmation.go
deleted file mode 100644
index 27328c57..00000000
--- a/internal/common/confirmation.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package common
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-)
-
-// PromptForConfirmation displays a prompt and reads user input to confirm an operation.
-// Returns nil if the response matches expectedResponse, error otherwise.
-// If caseSensitive is false, comparison is case-insensitive.
-func PromptForConfirmation(w io.Writer, prompt string, expectedResponse string, caseSensitive bool) error {
-	fmt.Fprintf(w, "%s: ", prompt)
-
-	reader := bufio.NewReader(os.Stdin)
-	response, err := reader.ReadString('\n')
-	if err != nil {
-		return fmt.Errorf("error reading confirmation: %v", err)
-	}
-
-	response = strings.TrimSpace(response)
-	if !caseSensitive {
-		response = strings.ToLower(response)
-		expectedResponse = strings.ToLower(expectedResponse)
-	}
-
-	if response != expectedResponse {
-		return fmt.Errorf("operation cancelled: confirmation did not match")
-	}
-
-	return nil
-}
-
-// DisplayWarningHeader writes a formatted warning header to the writer
-func DisplayWarningHeader(w io.Writer, operation string) {
-	fmt.Fprintf(w, "\n⚠️  WARNING: You are about to %s\n\n", operation)
-}
-
-// DisplayField writes a formatted key-value field to the writer
-func DisplayField(w io.Writer, key, value string) {
-	fmt.Fprintf(w, "%-11s %s\n", key+":", value)
-}
-
-// DisplayFooter writes the standard "cannot be undone" footer to the writer
-func DisplayFooter(w io.Writer) {
-	fmt.Fprintf(w, "\nThis action CANNOT be undone.\n\n")
-}
diff --git a/internal/common/confirmation_test.go b/internal/common/confirmation_test.go
deleted file mode 100644
index d231d8f8..00000000
--- a/internal/common/confirmation_test.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package common
-
-import (
-	"bytes"
-	"os"
-	"testing"
-)
-
-func TestPromptForConfirmation(t *testing.T) {
-	reader, writer, err := os.Pipe()
-	if err != nil {
-		t.Fatalf("pipe: %v", err)
-	}
-	_, _ = writer.WriteString("YES\n")
-	_ = writer.Close()
-
-	oldStdin := os.Stdin
-	os.Stdin = reader
-	t.Cleanup(func() {
-		os.Stdin = oldStdin
-		_ = reader.Close()
-	})
-
-	buf := &bytes.Buffer{}
-	if err := PromptForConfirmation(buf, "Confirm", "yes", false); err != nil {
-		t.Fatalf("PromptForConfirmation error: %v", err)
-	}
-}
-
-func TestPromptForConfirmation_Mismatch(t *testing.T) {
-	reader, writer, err := os.Pipe()
-	if err != nil {
-		t.Fatalf("pipe: %v", err)
-	}
-	_, _ = writer.WriteString("no\n")
-	_ = writer.Close()
-
-	oldStdin := os.Stdin
-	os.Stdin = reader
-	t.Cleanup(func() {
-		os.Stdin = oldStdin
-		_ = reader.Close()
-	})
-
-	buf := &bytes.Buffer{}
-	if err := PromptForConfirmation(buf, "Confirm", "yes", true); err == nil {
-		t.Fatalf("expected mismatch error")
-	}
-}
-
-func TestDisplayHelpers(t *testing.T) {
-	buf := &bytes.Buffer{}
-	DisplayWarningHeader(buf, "delete files")
-	DisplayField(buf, "Key", "Value")
-	DisplayFooter(buf)
-
-	out := buf.String()
-	if out == "" || !bytes.Contains([]byte(out), []byte("WARNING")) {
-		t.Fatalf("unexpected output: %s", out)
-	}
-}
diff --git a/internal/common/jwt.go b/internal/common/jwt.go
deleted file mode 100644
index f94f69ce..00000000
--- a/internal/common/jwt.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package common
-
-import (
-	"fmt"
-	"net/url"
-
-	"github.com/golang-jwt/jwt/v5"
-)
-
-func ParseEmailFromToken(tokenString string) (string, error) {
-	claims := jwt.MapClaims{}
-	_, _, err := jwt.NewParser().ParseUnverified(tokenString, &claims)
-	if err != nil {
-		return "", fmt.Errorf("failed to decode token in ParseEmailFromToken: '%s': %w", tokenString, err)
-	}
-	context, ok := claims["context"].(map[string]any)
-	if !ok {
-		return "", fmt.Errorf("missing or invalid 'context' claim structure")
-	}
-	user, ok := context["user"].(map[string]any)
-	if !ok {
-		return "", fmt.Errorf("missing or invalid 'context.user' claim structure")
-	}
-	name, ok := user["name"].(string)
-	if !ok {
-		return "", fmt.Errorf("missing or invalid 'context.user.name' claim")
-	}
-	return name, nil
-}
-
-func ParseAPIEndpointFromToken(tokenString string) (string, error) {
-	claims := jwt.MapClaims{}
-	_, _, err := jwt.NewParser().ParseUnverified(tokenString, &claims)
-	if err != nil {
-		return "", fmt.Errorf("failed to decode token in ParseAPIEndpointFromToken: '%s': %w", tokenString, err)
-	}
-	issUrl, ok := claims["iss"].(string)
-	if !ok {
-		return "", fmt.Errorf("missing or invalid 'iss' claim")
-	}
-	parsedURL, err := url.Parse(issUrl)
-	if err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host), nil
-}
diff --git a/internal/common/jwt_test.go b/internal/common/jwt_test.go
deleted file mode 100644
index 556decc3..00000000
--- a/internal/common/jwt_test.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package common
-
-import (
-	"testing"
-
-	"github.com/golang-jwt/jwt/v5"
-)
-
-func TestParseEmailFromToken(t *testing.T) {
-	claims := jwt.MapClaims{
-		"context": map[string]any{
-			"user": map[string]any{
-				"name": "user@example.com",
-			},
-		},
-	}
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	tokenString, err := token.SignedString([]byte("secret"))
-	if err != nil {
-		t.Fatalf("sign token: %v", err)
-	}
-
-	email, err := ParseEmailFromToken(tokenString)
-	if err != nil {
-		t.Fatalf("ParseEmailFromToken error: %v", err)
-	}
-	if email != "user@example.com" {
-		t.Fatalf("expected user@example.com, got %s", email)
-	}
-}
-
-func TestParseEmailFromTokenErrors(t *testing.T) {
-	t.Run("invalid token", func(t *testing.T) {
-		if _, err := ParseEmailFromToken("not-a-token"); err == nil {
-			t.Fatalf("expected error for invalid token")
-		}
-	})
-
-	t.Run("missing context", func(t *testing.T) {
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{})
-		tokenString, err := token.SignedString([]byte("secret"))
-		if err != nil {
-			t.Fatalf("sign token: %v", err)
-		}
-		if _, err := ParseEmailFromToken(tokenString); err == nil {
-			t.Fatalf("expected error for missing context")
-		}
-	})
-
-	t.Run("missing user", func(t *testing.T) {
-		claims := jwt.MapClaims{
-			"context": map[string]any{},
-		}
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-		tokenString, err := token.SignedString([]byte("secret"))
-		if err != nil {
-			t.Fatalf("sign token: %v", err)
-		}
-		if _, err := ParseEmailFromToken(tokenString); err == nil {
-			t.Fatalf("expected error for missing user")
-		}
-	})
-
-	t.Run("missing name", func(t *testing.T) {
-		claims := jwt.MapClaims{
-			"context": map[string]any{
-				"user": map[string]any{},
-			},
-		}
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-		tokenString, err := token.SignedString([]byte("secret"))
-		if err != nil {
-			t.Fatalf("sign token: %v", err)
-		}
-		if _, err := ParseEmailFromToken(tokenString); err == nil {
-			t.Fatalf("expected error for missing name")
-		}
-	})
-}
-
-func TestParseAPIEndpointFromToken(t *testing.T) {
-	claims := jwt.MapClaims{
-		"iss": "https://api.example.com/auth",
-	}
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	tokenString, err := token.SignedString([]byte("secret"))
-	if err != nil {
-		t.Fatalf("sign token: %v", err)
-	}
-
-	endpoint, err := ParseAPIEndpointFromToken(tokenString)
-	if err != nil {
-		t.Fatalf("ParseAPIEndpointFromToken error: %v", err)
-	}
-	if endpoint != "https://api.example.com" {
-		t.Fatalf("expected https://api.example.com, got %s", endpoint)
-	}
-}
-
-func TestParseAPIEndpointFromTokenErrors(t *testing.T) {
-	t.Run("missing iss", func(t *testing.T) {
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{})
-		tokenString, err := token.SignedString([]byte("secret"))
-		if err != nil {
-			t.Fatalf("sign token: %v", err)
-		}
-		if _, err := ParseAPIEndpointFromToken(tokenString); err == nil {
-			t.Fatalf("expected error for missing iss")
-		}
-	})
-
-	t.Run("invalid url", func(t *testing.T) {
-		claims := jwt.MapClaims{
-			"iss": "://missing",
-		}
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-		tokenString, err := token.SignedString([]byte("secret"))
-		if err != nil {
-			t.Fatalf("sign token: %v", err)
-		}
-		if _, err := ParseAPIEndpointFromToken(tokenString); err == nil {
-			t.Fatalf("expected error for invalid url")
-		}
-	})
-}
diff --git a/internal/common/values.go b/internal/common/values.go
deleted file mode 100644
index 023e1aaf..00000000
--- a/internal/common/values.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package common
-
-const (
-	LFS_OBJS_PATH string = ".git/lfs/objects"
-	DRS_OBJS_PATH string = ".git/drs/lfs/objects"
-	CONFIG_YAML   string = "config.yaml"
-
-	DRS_REF_DIR     string = ".git/drs/objects"
-	DRS_LOG_FILE    string = ".git/drs/drs.log"
-	ConfirmationYes string = "yes"
-	DRS_DIR         string = ".git/drs"
-)
diff --git a/internal/config/config.go b/internal/config/config.go
index 58a94fa2..6006626e 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -3,11 +3,10 @@ package config
 import (
 	"errors"
 	"fmt"
-	"log/slog"
 	"path/filepath"
+	"sort"
 	"strings"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/go-git/go-git/v5"
 )
@@ -28,51 +27,12 @@ const (
 
 var ErrNoDefaultRemote = errors.New("no default remote configured")
 
-func AllRemoteTypes() []RemoteType {
-	return []RemoteType{Gen3ServerType, LocalServerType}
-}
-
-func IsValidRemoteType(mode string) error {
-	modeOptions := make([]string, len(AllRemoteTypes()))
-	for i, m := range AllRemoteTypes() {
-		modeOptions[i] = string(m)
-	}
-
-	for _, validMode := range modeOptions {
-		if mode == string(validMode) {
-			return nil
-		}
-	}
-
-	return fmt.Errorf("invalid mode '%s'. Valid options are: %s", mode, strings.Join(modeOptions, ", "))
-}
-
 // Config holds the overall config structure
 type Config struct {
 	DefaultRemote Remote
 	Remotes       map[Remote]RemoteSelect
 }
 
-func (c Config) GetRemoteClient(remote Remote, logger *slog.Logger) (*GitContext, error) {
-	x, ok := c.Remotes[remote]
-	if !ok {
-		return nil, fmt.Errorf("GetRemoteClient no remote configuration found for current remote: %s", remote)
-	}
-	if x.Local != nil {
-		return x.Local.GetClient(string(remote), logger)
-	}
-	if x.Gen3 != nil {
-		username, password, err := gitrepo.GetRemoteBasicAuth(string(remote))
-		if err == nil && strings.TrimSpace(username) != "" && strings.TrimSpace(password) != "" {
-			// If repo-local basic auth is configured, prefer the local/basic-auth client
-			// path even when the remote entry was parsed as Gen3.
-			return localRemoteFromGen3(x.Gen3, username, password).GetClient(string(remote), logger)
-		}
-		return x.Gen3.GetClient(string(remote), logger)
-	}
-	return nil, fmt.Errorf("no valid remote configuration found for current remote: %s", remote)
-}
-
 func (c Config) GetRemote(remote Remote) DRSRemote {
 	x, ok := c.Remotes[remote]
 	if !ok {
@@ -287,18 +247,6 @@ func CreateEmptyConfig() error {
 	return err
 }
 
-func GetProjectId(remote Remote) (string, error) {
-	cfg, err := LoadConfig()
-	if err != nil {
-		return "", fmt.Errorf("error loading config: %v", err)
-	}
-	rmt := cfg.GetRemote(remote)
-	if rmt == nil {
-		return "", fmt.Errorf("no remote configuration found for current remote: %s", remote)
-	}
-	return rmt.GetProjectId(), nil
-}
-
 // SaveConfig writes the configuration using go-git
 func SaveConfig(cfg *Config) error {
 	repo, err := getRepo()
@@ -318,6 +266,64 @@ func SaveConfig(cfg *Config) error {
 	return repo.Storer.SetConfig(conf)
 }
 
+func RemoveRemote(name Remote) (*Config, error) {
+	cfg, err := LoadConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	if _, ok := cfg.Remotes[name]; !ok {
+		return nil, fmt.Errorf("remote '%s' not found", name)
+	}
+
+	delete(cfg.Remotes, name)
+
+	keys := []string{
+		fmt.Sprintf("drs.remote.%s.type", name),
+		fmt.Sprintf("drs.remote.%s.endpoint", name),
+		fmt.Sprintf("drs.remote.%s.project", name),
+		fmt.Sprintf("drs.remote.%s.bucket", name),
+		fmt.Sprintf("drs.remote.%s.organization", name),
+		fmt.Sprintf("drs.remote.%s.storage_prefix", name),
+		fmt.Sprintf("drs.remote.%s.token", name),
+		fmt.Sprintf("drs.remote.%s.username", name),
+		fmt.Sprintf("drs.remote.%s.password", name),
+		fmt.Sprintf("remote.%s.lfsurl", name),
+	}
+	if err := gitrepo.UnsetGitConfigOptions(keys); err != nil {
+		return nil, err
+	}
+
+	if cfg.DefaultRemote == name {
+		cfg.DefaultRemote = firstRemote(cfg)
+	}
+
+	if err := SaveConfig(cfg); err != nil {
+		return nil, err
+	}
+
+	if cfg.DefaultRemote == "" {
+		if err := gitrepo.UnsetGitConfigOptions([]string{"drs.default-remote"}); err != nil {
+			return nil, err
+		}
+	}
+
+	return LoadConfig()
+}
+
+func firstRemote(cfg *Config) Remote {
+	if cfg == nil || len(cfg.Remotes) == 0 {
+		return ""
+	}
+
+	names := make([]string, 0, len(cfg.Remotes))
+	for name := range cfg.Remotes {
+		names = append(names, string(name))
+	}
+	sort.Strings(names)
+	return Remote(names[0])
+}
+
 // GetGitConfigInt reads an integer value from git config
 // getGitConfigValue retrieves a value from git config by key
 func getConfigPath() (string, error) {
@@ -326,6 +332,6 @@ func getConfigPath() (string, error) {
 		return "", err
 	}
 
-	configPath := filepath.Join(topLevel, common.DRS_DIR, common.CONFIG_YAML)
+	configPath := filepath.Join(topLevel, gitrepo.DRSDir, gitrepo.ConfigYAML)
 	return configPath, nil
 }
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index e555b340..7b6ab109 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -4,9 +4,6 @@ import (
 	"os"
 	"os/exec"
 	"testing"
-
-	"github.com/calypr/git-drs/internal/drslog"
-	"github.com/calypr/git-drs/internal/gitrepo"
 )
 
 func setupTestRepo(t *testing.T) string {
@@ -160,30 +157,6 @@ func TestConfig_FindRemote(t *testing.T) {
 	}
 }
 
-func TestRemote_Validation(t *testing.T) {
-	// IsValidRemoteType test
-	tests := []struct {
-		name    string
-		mode    string
-		isValid bool
-	}{
-		{"valid gen3", "gen3", true},
-		{"valid local", "local", true},
-		{"invalid", "foo", false},
-		{"empty", "", false},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			err := IsValidRemoteType(tt.mode)
-			valid := err == nil
-			if valid != tt.isValid {
-				t.Errorf("IsValidRemoteType(%q) = %v, want %v", tt.mode, valid, tt.isValid)
-			}
-		})
-	}
-}
-
 func TestConfig_MultipleRemotes(t *testing.T) {
 	cfg := &Config{
 		Remotes: make(map[Remote]RemoteSelect),
@@ -318,68 +291,3 @@ func TestUpdateRemote_LocalTypePersistence(t *testing.T) {
 		t.Errorf("Expected BaseURL http://localhost:8080, got %s", localRemote.BaseURL)
 	}
 }
-
-func TestGetRemoteClient_LocalIncludesRepoBasicAuth(t *testing.T) {
-	setupTestRepo(t)
-
-	remoteName := Remote("origin")
-	_, err := UpdateRemote(remoteName, RemoteSelect{
-		Local: &LocalRemote{
-			BaseURL: "http://localhost:8080",
-		},
-	})
-	if err != nil {
-		t.Fatalf("UpdateRemote failed: %v", err)
-	}
-
-	if err := gitrepo.SetRemoteBasicAuth("origin", "alice", "secret"); err != nil {
-		t.Fatalf("SetRemoteBasicAuth failed: %v", err)
-	}
-
-	cfg, err := LoadConfig()
-	if err != nil {
-		t.Fatalf("LoadConfig failed: %v", err)
-	}
-	logger := drslog.GetLogger()
-	gitCtx, err := cfg.GetRemoteClient(remoteName, logger)
-	if err != nil {
-		t.Fatalf("GetRemoteClient failed: %v", err)
-	}
-	if gitCtx == nil {
-		t.Fatalf("expected *GitContext, got nil")
-	}
-	if gitCtx.Client == nil {
-		t.Fatalf("expected client to be initialized, got nil")
-	}
-	// Basic auth is baked into the HTTP client during construction;
-	// the test verifies that GetRemoteClient completes without error when
-	// repo credentials are present, and that a usable GitContext is returned.
-}
-
-func TestLocalRemoteGetClientResolvesBucketScopeMappings(t *testing.T) {
-	setupTestRepo(t)
-
-	if err := gitrepo.SetBucketMapping("org-a", "", "mapped-bucket", "program-root"); err != nil {
-		t.Fatalf("SetBucketMapping org: %v", err)
-	}
-	if err := gitrepo.SetBucketMapping("org-a", "proj-1", "mapped-bucket", "project-subpath"); err != nil {
-		t.Fatalf("SetBucketMapping project: %v", err)
-	}
-
-	remote := LocalRemote{
-		BaseURL:      "http://localhost:8080",
-		Organization: "org-a",
-		ProjectID:    "proj-1",
-		Bucket:       "configured-bucket",
-	}
-	gitCtx, err := remote.GetClient("origin", drslog.GetLogger())
-	if err != nil {
-		t.Fatalf("GetClient failed: %v", err)
-	}
-	if gitCtx.BucketName != "mapped-bucket" {
-		t.Fatalf("BucketName = %q, want mapped-bucket", gitCtx.BucketName)
-	}
-	if gitCtx.StoragePrefix != "program-root/project-subpath" {
-		t.Fatalf("StoragePrefix = %q, want program-root/project-subpath", gitCtx.StoragePrefix)
-	}
-}
diff --git a/internal/config/remote.go b/internal/config/remote.go
index 8bb0b0bc..f08ae114 100644
--- a/internal/config/remote.go
+++ b/internal/config/remote.go
@@ -1,38 +1,11 @@
 package config
 
-import (
-	"context"
-	"fmt"
-	"log/slog"
-	"net/url"
-	"strings"
-
-	"github.com/calypr/data-client/credentials"
-	"github.com/calypr/git-drs/internal/gitrepo"
-	syclient "github.com/calypr/syfon/client"
-	syconf "github.com/calypr/syfon/client/config"
-)
-
 type DRSRemote interface {
 	GetProjectId() string
 	GetOrganization() string
 	GetEndpoint() string
 	GetBucketName() string
 	GetStoragePrefix() string
-	GetClient(remoteName string, logger *slog.Logger) (*GitContext, error)
-}
-
-type GitContext struct {
-	Client             *syclient.Client
-	Organization       string
-	ProjectId          string
-	BucketName         string
-	StoragePrefix      string
-	Upsert             bool
-	MultiPartThreshold int64
-	UploadConcurrency  int
-	Logger             *slog.Logger
-	Credential         *syconf.Credential
 }
 
 type RemoteSelect struct {
@@ -54,18 +27,6 @@ func (s Gen3Remote) GetEndpoint() string      { return s.Endpoint }
 func (s Gen3Remote) GetBucketName() string    { return s.Bucket }
 func (s Gen3Remote) GetStoragePrefix() string { return s.StoragePrefix }
 
-func (s Gen3Remote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) {
-	manager := syconf.NewConfigure(logger)
-	cred, err := manager.Load(remoteName)
-	if err != nil {
-		return nil, err
-	}
-	if err := credentials.EnsureValidCredential(context.Background(), cred, logger); err != nil {
-		return nil, err
-	}
-	return newGitContext(*cred, s, logger)
-}
-
 type LocalRemote struct {
 	BaseURL       string
 	ProjectID     string
@@ -87,110 +48,3 @@ func (l LocalRemote) GetOrganization() string  { return l.Organization }
 func (l LocalRemote) GetEndpoint() string      { return l.BaseURL }
 func (l LocalRemote) GetBucketName() string    { return l.Bucket }
 func (l LocalRemote) GetStoragePrefix() string { return l.StoragePrefix }
-
-func (l LocalRemote) GetClient(remoteName string, logger *slog.Logger) (*GitContext, error) {
-	if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil && username != "" && password != "" {
-		l.BasicUsername = username
-		l.BasicPassword = password
-	}
-	projectID := l.GetProjectId()
-	bucketName := l.GetBucketName()
-	storagePrefix := l.GetStoragePrefix()
-	if strings.TrimSpace(l.GetOrganization()) != "" || strings.TrimSpace(bucketName) != "" || strings.TrimSpace(storagePrefix) != "" {
-		scope, err := gitrepo.ResolveBucketScope(
-			l.GetOrganization(),
-			projectID,
-			bucketName,
-			storagePrefix,
-		)
-		if err != nil {
-			return nil, err
-		}
-		bucketName = scope.Bucket
-		storagePrefix = scope.Prefix
-	}
-
-	cred := &syconf.Credential{APIEndpoint: l.BaseURL}
-	if l.BasicUsername != "" || l.BasicPassword != "" {
-		cred.KeyID = l.BasicUsername
-		cred.APIKey = l.BasicPassword
-	}
-
-	raw, err := syclient.New(l.BaseURL, syclient.WithBasicAuth(cred.KeyID, cred.APIKey))
-	if err != nil {
-		return nil, err
-	}
-	client, ok := raw.(*syclient.Client)
-	if !ok {
-		return nil, fmt.Errorf("unexpected syfon client type %T", raw)
-	}
-
-	return &GitContext{
-		Client:        client,
-		Organization:  l.GetOrganization(),
-		ProjectId:     projectID,
-		BucketName:    bucketName,
-		StoragePrefix: storagePrefix,
-		Logger:        logger,
-		Credential:    cred,
-	}, nil
-}
-
-func newGitContext(profileConfig syconf.Credential, remote Gen3Remote, logger *slog.Logger) (*GitContext, error) {
-	if _, err := url.Parse(profileConfig.APIEndpoint); err != nil {
-		return nil, err
-	}
-	projectID := remote.GetProjectId()
-	if projectID == "" {
-		return nil, fmt.Errorf("no gen3 project specified")
-	}
-
-	scope, err := gitrepo.ResolveBucketScope(
-		remote.GetOrganization(),
-		projectID,
-		remote.GetBucketName(),
-		remote.GetStoragePrefix(),
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	raw, err := syclient.New(profileConfig.APIEndpoint, syclient.WithBearerToken(profileConfig.AccessToken))
-	if err != nil {
-		return nil, err
-	}
-	client, ok := raw.(*syclient.Client)
-	if !ok {
-		return nil, fmt.Errorf("unexpected syfon client type %T", raw)
-	}
-
-	uploadConcurrency := int(gitrepo.GetGitConfigInt("lfs.concurrenttransfers", 4))
-	if uploadConcurrency < 1 {
-		uploadConcurrency = 1
-	}
-
-	return &GitContext{
-		Client:             client,
-		ProjectId:          projectID,
-		BucketName:         scope.Bucket,
-		Organization:       remote.GetOrganization(),
-		StoragePrefix:      scope.Prefix,
-		Upsert:             gitrepo.GetGitConfigBool("drs.upsert", false),
-		MultiPartThreshold: int64(gitrepo.GetGitConfigInt("drs.multipart-threshold", 5120)) * 1024 * 1024,
-		UploadConcurrency:  uploadConcurrency,
-		Logger:             logger,
-		Credential:         &profileConfig,
-	}, nil
-}
-
-func localRemoteFromGen3(gen3 *Gen3Remote, username string, password string) *LocalRemote {
-	return &LocalRemote{
-		BaseURL:       gen3.Endpoint,
-		ProjectID:     gen3.ProjectID,
-		Bucket:        gen3.Bucket,
-		Organization:  gen3.Organization,
-		StoragePrefix: gen3.StoragePrefix,
-		BasicUsername: strings.TrimSpace(username),
-		BasicPassword: strings.TrimSpace(password),
-	}
-}
diff --git a/internal/config/token.go b/internal/config/token.go
new file mode 100644
index 00000000..de9fef15
--- /dev/null
+++ b/internal/config/token.go
@@ -0,0 +1,25 @@
+package config
+
+import (
+	"fmt"
+	"net/url"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+func ParseAPIEndpointFromToken(tokenString string) (string, error) {
+	claims := jwt.MapClaims{}
+	_, _, err := jwt.NewParser().ParseUnverified(tokenString, &claims)
+	if err != nil {
+		return "", fmt.Errorf("failed to decode token in ParseAPIEndpointFromToken: '%s': %w", tokenString, err)
+	}
+	issURL, ok := claims["iss"].(string)
+	if !ok {
+		return "", fmt.Errorf("missing or invalid 'iss' claim")
+	}
+	parsedURL, err := url.Parse(issURL)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%s://%s", parsedURL.Scheme, parsedURL.Host), nil
+}
diff --git a/internal/config/token_test.go b/internal/config/token_test.go
new file mode 100644
index 00000000..3991582e
--- /dev/null
+++ b/internal/config/token_test.go
@@ -0,0 +1,27 @@
+package config
+
+import "testing"
+
+func TestParseAPIEndpointFromToken(t *testing.T) {
+	tokenString := "eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2NvbW1vbnMuZXhhbXBsZS5vcmcvIn0.c2ln"
+
+	endpoint, err := ParseAPIEndpointFromToken(tokenString)
+	if err != nil {
+		t.Fatalf("ParseAPIEndpointFromToken error: %v", err)
+	}
+	if endpoint != "https://commons.example.org" {
+		t.Fatalf("endpoint = %q, want https://commons.example.org", endpoint)
+	}
+}
+
+func TestParseAPIEndpointFromTokenErrors(t *testing.T) {
+	tests := []string{
+		"invalid-token",
+		"eyJhbGciOiJIUzI1NiJ9.e30.signature",
+	}
+	for _, tokenString := range tests {
+		if _, err := ParseAPIEndpointFromToken(tokenString); err == nil {
+			t.Fatalf("expected error for token %q", tokenString)
+		}
+	}
+}
diff --git a/internal/drslog/logger.go b/internal/drslog/logger.go
index 5512b95b..44818a1e 100644
--- a/internal/drslog/logger.go
+++ b/internal/drslog/logger.go
@@ -11,7 +11,6 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/gitrepo"
 
 	"github.com/calypr/syfon/client/logs"
@@ -97,11 +96,11 @@ func NewLogger(filename string, logToStderr bool) (*slog.Logger, error) {
 
 	if filename == "" {
 		// create drs dir if it doesn't exist
-		if err := os.MkdirAll(common.DRS_DIR, 0755); err != nil {
+		if err := os.MkdirAll(gitrepo.DRSDir, 0755); err != nil {
 			return nil, err
 		}
 
-		filename = filepath.Join(common.DRS_DIR, "git-drs.log")
+		filename = gitrepo.DRSLogFile
 	}
 
 	file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
diff --git a/internal/drsmap/drs_map.go b/internal/drsmap/drs_map.go
deleted file mode 100644
index 2d88734a..00000000
--- a/internal/drsmap/drs_map.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package drsmap
-
-import (
-	"fmt"
-	"log/slog"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/lfs"
-	"github.com/calypr/git-drs/internal/precommit_cache"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	syfoncommon "github.com/calypr/syfon/common"
-	"github.com/google/uuid"
-)
-
-type WriteOptions struct {
-	Cache          *precommit_cache.Cache
-	PreferCacheURL bool
-	Logger         *slog.Logger
-}
-
-func WriteObjectsForLFSFiles(builder drsobject.Builder, lfsFiles map[string]lfs.LfsFileInfo, opts WriteOptions) error {
-	if opts.Logger == nil {
-		return fmt.Errorf("logger is required")
-	}
-	opts.Logger.Debug("writing local DRS objects for LFS files")
-
-	if builder.Project == "" {
-		return fmt.Errorf("no project configured")
-	}
-	if len(lfsFiles) == 0 {
-		return nil
-	}
-
-	for _, file := range lfsFiles {
-		var authoritativeObj *drsapi.DrsObject
-		existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, file.Oid)
-		if err == nil && existing != nil {
-			authoritativeObj = existing
-			name := file.Name
-			authoritativeObj.Name = &name
-			authoritativeObj.Size = file.Size
-
-			authzMap := syfoncommon.AuthzMapFromScope(builder.Organization, builder.Project)
-			authoritativeObj, _ = syfoncommon.EnsureAccessMethodAuthorizations(authoritativeObj, authzMap)
-		} else {
-			drsID := uuid.NewSHA1(drsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", builder.Project, drsobject.NormalizeOid(file.Oid)))).String()
-			authoritativeObj, err = builder.Build(file.Name, file.Oid, file.Size, drsID)
-			if err != nil {
-				opts.Logger.Error(fmt.Sprintf("Could not build DRS object for %s OID %s %v", file.Name, file.Oid, err))
-				continue
-			}
-		}
-
-		authoritativeURL := ""
-		if authoritativeObj.AccessMethods != nil && len(*authoritativeObj.AccessMethods) > 0 && (*authoritativeObj.AccessMethods)[0].AccessUrl != nil {
-			authoritativeURL = (*authoritativeObj.AccessMethods)[0].AccessUrl.Url
-		}
-
-		var hint string
-		if opts.Cache != nil {
-			externalURL, ok, err := opts.Cache.LookupExternalURLByOID(file.Oid)
-			if err != nil {
-				opts.Logger.Debug(fmt.Sprintf("cache lookup failed for %s: %v", file.Oid, err))
-			} else if ok {
-				hint = externalURL
-			}
-		}
-
-		if hint != "" {
-			if err := precommit_cache.CheckExternalURLMismatch(hint, authoritativeURL); err != nil {
-				opts.Logger.Warn(fmt.Sprintf("Warning. %s (path=%s oid=%s)", err.Error(), file.Name, file.Oid))
-			}
-		}
-
-		if opts.PreferCacheURL && hint != "" {
-			cacheAuthzMap := syfoncommon.AuthzMapFromScope(builder.Organization, builder.Project)
-			if authoritativeObj.AccessMethods != nil && len(*authoritativeObj.AccessMethods) > 0 {
-				am := &(*authoritativeObj.AccessMethods)[0]
-				am.AccessUrl = &struct {
-					Headers *[]string `json:"headers,omitempty"`
-					Url     string    `json:"url"`
-				}{Url: hint}
-				if cacheAuthzMap != nil {
-					am.Authorizations = syfoncommon.AccessMethodAuthorizationsFromAuthzMap(cacheAuthzMap)
-				}
-			} else {
-				newAm := drsapi.AccessMethod{
-					Type: drsapi.AccessMethodTypeS3,
-					AccessUrl: &struct {
-						Headers *[]string `json:"headers,omitempty"`
-						Url     string    `json:"url"`
-					}{Url: hint},
-				}
-				if cacheAuthzMap != nil {
-					newAm.Authorizations = syfoncommon.AccessMethodAuthorizationsFromAuthzMap(cacheAuthzMap)
-				}
-				authoritativeObj.AccessMethods = &[]drsapi.AccessMethod{newAm}
-			}
-		}
-
-		if err := drsobject.WriteObject(common.DRS_OBJS_PATH, authoritativeObj, file.Oid); err != nil {
-			opts.Logger.Error(fmt.Sprintf("could not write local DRS object for %s OID %s: %v", file.Name, file.Oid, err))
-			continue
-		}
-		opts.Logger.Info(fmt.Sprintf("Prepared File %s OID %s with DRS ID %s for commit", file.Name, file.Oid, authoritativeObj.Id))
-	}
-
-	return nil
-}
diff --git a/internal/drsmap/drs_map_test.go b/internal/drsmap/drs_map_test.go
deleted file mode 100644
index 00fd3b70..00000000
--- a/internal/drsmap/drs_map_test.go
+++ /dev/null
@@ -1,207 +0,0 @@
-package drsmap
-
-import (
-	"crypto/sha256"
-	"encoding/json"
-	"fmt"
-	"io"
-	"log/slog"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/lfs"
-	"github.com/calypr/git-drs/internal/precommit_cache"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	syfoncommon "github.com/calypr/syfon/common"
-)
-
-func setupTestRepo(t *testing.T) {
-	t.Helper()
-	tmpDir := t.TempDir()
-	cmd := exec.Command("git", "init", tmpDir)
-	if out, err := cmd.CombinedOutput(); err != nil {
-		t.Fatalf("git init failed: %v: %s", err, string(out))
-	}
-	cwd, err := os.Getwd()
-	if err != nil {
-		t.Fatalf("getwd: %v", err)
-	}
-	if err := os.Chdir(tmpDir); err != nil {
-		t.Fatalf("chdir: %v", err)
-	}
-	t.Cleanup(func() { _ = os.Chdir(cwd) })
-}
-
-func TestWriteObjectsForLFSFilesBackfillsMissingAuthzWithoutOverwritingURL(t *testing.T) {
-	setupTestRepo(t)
-
-	oid := "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
-	explicitURL := "s3://bucket/existing/path"
-	if err := drsobject.WriteObject(common.DRS_OBJS_PATH, &drsapi.DrsObject{
-		Id: "did-1",
-		AccessMethods: &[]drsapi.AccessMethod{{
-			Type: drsapi.AccessMethodTypeS3,
-			AccessUrl: &struct {
-				Headers *[]string `json:"headers,omitempty"`
-				Url     string    `json:"url"`
-			}{Url: explicitURL},
-		}},
-		Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: oid}},
-	}, oid); err != nil {
-		t.Fatalf("seed DRS object: %v", err)
-	}
-
-	builder := drsobject.NewBuilder("bucket", "proj")
-	builder.Organization = "org"
-	files := map[string]lfs.LfsFileInfo{
-		oid: {Name: "file.txt", Size: 12, Oid: oid},
-	}
-	if err := WriteObjectsForLFSFiles(builder, files, WriteOptions{Logger: testLogger(t)}); err != nil {
-		t.Fatalf("WriteObjectsForLFSFiles error: %v", err)
-	}
-
-	got, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid)
-	if err != nil {
-		t.Fatalf("ReadObject error: %v", err)
-	}
-	method := (*got.AccessMethods)[0]
-	if method.AccessUrl == nil || method.AccessUrl.Url != explicitURL {
-		t.Fatalf("access url overwritten: %+v", method.AccessUrl)
-	}
-	authz := syfoncommon.AuthzMapFromAccessMethodAuthorizations(method.Authorizations)
-	want := map[string][]string{"org": {"proj"}}
-	if !equalAuthzMaps(authz, want) {
-		t.Fatalf("unexpected authz: got=%v want=%v", authz, want)
-	}
-}
-
-func TestWriteObjectsForLFSFilesPreservesExistingAuthz(t *testing.T) {
-	setupTestRepo(t)
-
-	oid := "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
-	existingAuthz := syfoncommon.AccessMethodAuthorizationsFromAuthzMap(map[string][]string{"keep": {"me"}})
-	if err := drsobject.WriteObject(common.DRS_OBJS_PATH, &drsapi.DrsObject{
-		Id: "did-2",
-		AccessMethods: &[]drsapi.AccessMethod{{
-			Type:           drsapi.AccessMethodTypeS3,
-			Authorizations: existingAuthz,
-		}},
-		Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: oid}},
-	}, oid); err != nil {
-		t.Fatalf("seed DRS object: %v", err)
-	}
-
-	builder := drsobject.NewBuilder("bucket", "proj")
-	builder.Organization = "org"
-	files := map[string]lfs.LfsFileInfo{
-		oid: {Name: "file.txt", Size: 12, Oid: oid},
-	}
-	if err := WriteObjectsForLFSFiles(builder, files, WriteOptions{Logger: testLogger(t)}); err != nil {
-		t.Fatalf("WriteObjectsForLFSFiles error: %v", err)
-	}
-
-	got, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid)
-	if err != nil {
-		t.Fatalf("ReadObject error: %v", err)
-	}
-	authz := syfoncommon.AuthzMapFromAccessMethodAuthorizations((*got.AccessMethods)[0].Authorizations)
-	want := map[string][]string{"keep": {"me"}}
-	if !equalAuthzMaps(authz, want) {
-		t.Fatalf("existing authz overwritten: got=%v want=%v", authz, want)
-	}
-}
-
-func TestWriteObjectsForLFSFilesPreferCacheURLPreservesAuthz(t *testing.T) {
-	setupTestRepo(t)
-
-	oid := "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-	builder := drsobject.NewBuilder("bucket", "proj")
-	builder.Organization = "org"
-	files := map[string]lfs.LfsFileInfo{
-		oid: {Name: "file.txt", Size: 12, Oid: oid},
-	}
-
-	cache := makeTestCache(t, oid, "s3://cache/object")
-	if err := WriteObjectsForLFSFiles(builder, files, WriteOptions{
-		Cache:          cache,
-		PreferCacheURL: true,
-		Logger:         testLogger(t),
-	}); err != nil {
-		t.Fatalf("WriteObjectsForLFSFiles error: %v", err)
-	}
-
-	got, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid)
-	if err != nil {
-		t.Fatalf("ReadObject error: %v", err)
-	}
-	method := (*got.AccessMethods)[0]
-	if method.AccessUrl == nil || method.AccessUrl.Url != "s3://cache/object" {
-		t.Fatalf("expected cache URL, got %+v", method.AccessUrl)
-	}
-	authz := syfoncommon.AuthzMapFromAccessMethodAuthorizations(method.Authorizations)
-	want := map[string][]string{"org": {"proj"}}
-	if !equalAuthzMaps(authz, want) {
-		t.Fatalf("unexpected authz after cache URL preference: got=%v want=%v", authz, want)
-	}
-}
-
-func ptrString(s string) *string { return &s }
-
-func testLogger(t *testing.T) *slog.Logger {
-	t.Helper()
-	return slog.New(slog.NewTextHandler(io.Discard, nil))
-}
-
-func equalAuthzMaps(got, want map[string][]string) bool {
-	if len(got) != len(want) {
-		return false
-	}
-	for org, wantProjects := range want {
-		gotProjects, ok := got[org]
-		if !ok {
-			return false
-		}
-		if len(gotProjects) != len(wantProjects) {
-			return false
-		}
-		for i := range wantProjects {
-			if gotProjects[i] != wantProjects[i] {
-				return false
-			}
-		}
-	}
-	return true
-}
-
-func makeTestCache(t *testing.T, oid, externalURL string) *precommit_cache.Cache {
-	t.Helper()
-	root := t.TempDir()
-	cache := &precommit_cache.Cache{
-		Root:     root,
-		PathsDir: filepath.Join(root, "paths"),
-		OIDsDir:  filepath.Join(root, "oids"),
-	}
-	if err := os.MkdirAll(cache.OIDsDir, 0o755); err != nil {
-		t.Fatalf("mkdir cache oid dir: %v", err)
-	}
-	entry := precommit_cache.OIDEntry{
-		LFSOID:      oid,
-		ExternalURL: externalURL,
-		UpdatedAt:   time.Now().UTC().Format(time.RFC3339),
-	}
-	body, err := json.Marshal(entry)
-	if err != nil {
-		t.Fatalf("marshal cache entry: %v", err)
-	}
-	sum := sha256.Sum256([]byte(oid))
-	filename := filepath.Join(cache.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
-	if err := os.WriteFile(filename, body, 0o644); err != nil {
-		t.Fatalf("write cache entry: %v", err)
-	}
-	return cache
-}
diff --git a/internal/drsobject/object.go b/internal/drsobject/object.go
index fd85bd38..52e2e710 100644
--- a/internal/drsobject/object.go
+++ b/internal/drsobject/object.go
@@ -3,9 +3,11 @@ package drsobject
 import (
 	"fmt"
 	"net/url"
+	"path/filepath"
 	"strings"
 
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	internalapi "github.com/calypr/syfon/apigen/client/internalapi"
 	syfoncommon "github.com/calypr/syfon/common"
 	"github.com/google/uuid"
 )
@@ -53,21 +55,38 @@ func BuildWithPrefix(fileName string, checksum string, size int64, drsID string,
 	})
 }
 
-func ConvertToCandidate(obj *drsapi.DrsObject) drsapi.DrsObjectCandidate {
+func ConvertToInternalRecord(obj *drsapi.DrsObject, fileName string, organization string, project string) internalapi.InternalRecord {
 	if obj == nil {
-		return drsapi.DrsObjectCandidate{}
-	}
-	return drsapi.DrsObjectCandidate{
-		AccessMethods: obj.AccessMethods,
-		Aliases:       obj.Aliases,
-		Checksums:     obj.Checksums,
-		Contents:      obj.Contents,
-		Description:   obj.Description,
-		MimeType:      obj.MimeType,
-		Name:          obj.Name,
-		Size:          obj.Size,
-		Version:       obj.Version,
+		return internalapi.InternalRecord{}
+	}
+	hashes := make(internalapi.HashInfo, len(obj.Checksums))
+	for _, checksum := range obj.Checksums {
+		typ := strings.TrimSpace(checksum.Type)
+		val := strings.TrimSpace(checksum.Checksum)
+		if typ == "" || val == "" {
+			continue
+		}
+		hashes[typ] = val
+	}
+
+	fileName = filepath.ToSlash(strings.TrimSpace(fileName))
+	record := internalapi.InternalRecord{
+		Did:              strings.TrimSpace(obj.Id),
+		AccessMethods:    obj.AccessMethods,
+		ControlledAccess: obj.ControlledAccess,
+		Description:      obj.Description,
+		FileName:         &fileName,
+		Hashes:           &hashes,
+		Size:             &obj.Size,
+		Version:          obj.Version,
+	}
+	if organization = strings.TrimSpace(organization); organization != "" {
+		record.Organization = &organization
+	}
+	if project = strings.TrimSpace(project); project != "" {
+		record.Project = &project
 	}
+	return record
 }
 
 type LocationOptions struct {
@@ -113,11 +132,12 @@ func BuildWithOptions(fileName string, checksum string, size int64, drsID string
 			Url     string    `json:"url"`
 		}{Url: accessURL},
 	}
-	if authzMap := syfoncommon.AuthzMapFromScope(opts.Organization, opts.Project); authzMap != nil {
-		am.Authorizations = syfoncommon.AccessMethodAuthorizationsFromAuthzMap(authzMap)
-	}
 	ams := []drsapi.AccessMethod{am}
 	obj.AccessMethods = &ams
+	if authzMap := syfoncommon.AuthzMapFromScope(opts.Organization, opts.Project); authzMap != nil {
+		controlled := syfoncommon.AuthzMapToControlledAccess(authzMap)
+		obj.ControlledAccess = &controlled
+	}
 	return obj, nil
 }
 
diff --git a/internal/drsremote/remote.go b/internal/drsremote/remote.go
deleted file mode 100644
index 4d7c2a01..00000000
--- a/internal/drsremote/remote.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package drsremote
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"log/slog"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/calypr/git-drs/internal/config"
-	"github.com/calypr/git-drs/internal/drsobject"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	"github.com/calypr/syfon/client/request"
-	"github.com/calypr/syfon/client/transfer"
-	sydownload "github.com/calypr/syfon/client/transfer/download"
-)
-
-func ObjectsByHash(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) {
-	if drsCtx == nil || drsCtx.Client == nil {
-		return nil, fmt.Errorf("DRS client unavailable")
-	}
-	checksum = drsobject.NormalizeChecksum(checksum)
-	if checksum == "" {
-		return nil, nil
-	}
-	page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, []string{checksum})
-	if err != nil {
-		return nil, err
-	}
-	return page.DrsObjects, nil
-}
-
-func ObjectsByHashForScope(ctx context.Context, drsCtx *config.GitContext, checksum string) ([]drsapi.DrsObject, error) {
-	objects, err := ObjectsByHash(ctx, drsCtx, checksum)
-	if err != nil {
-		return nil, err
-	}
-	result := make([]drsapi.DrsObject, 0, len(objects))
-	for _, obj := range objects {
-		if MatchesScope(&obj, drsCtx.Organization, drsCtx.ProjectId) {
-			result = append(result, obj)
-		}
-	}
-	return result, nil
-}
-
-func AccessURLForHashScope(ctx context.Context, drsCtx *config.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) {
-	records, err := ObjectsByHashForScope(ctx, drsCtx, checksum)
-	if err != nil {
-		return nil, nil, err
-	}
-	if len(records) == 0 {
-		return nil, nil, fmt.Errorf("no matching DRS record found for oid %s", drsobject.NormalizeChecksum(checksum))
-	}
-	match := records[0]
-	if match.AccessMethods == nil || len(*match.AccessMethods) == 0 {
-		return nil, nil, fmt.Errorf("no access methods available for DRS object %s", match.Id)
-	}
-	accessType := (*match.AccessMethods)[0].Type
-	if accessType == "" {
-		return nil, nil, fmt.Errorf("no access type found in access method for DRS object %s", match.Id)
-	}
-	accessURL, err := drsCtx.Client.DRS().GetAccessURL(ctx, match.Id, string(accessType))
-	if err != nil {
-		return nil, nil, err
-	}
-	return &accessURL, &match, nil
-}
-
-func BulkAccessURLsForObjects(ctx context.Context, drsCtx *config.GitContext, objects []drsapi.DrsObject) (map[string]drsapi.AccessURL, error) {
-	if drsCtx == nil || drsCtx.Client == nil {
-		return nil, fmt.Errorf("DRS client unavailable")
-	}
-	req, ok := bulkAccessRequest(objects)
-	if !ok {
-		return map[string]drsapi.AccessURL{}, nil
-	}
-
-	resp, err := drsCtx.Client.DRSAPI().GetBulkAccessURLWithResponse(ctx, req)
-	if err != nil {
-		return nil, err
-	}
-	if resp.JSON200 == nil {
-		return nil, fmt.Errorf("unexpected response: %d", resp.StatusCode())
-	}
-
-	out := map[string]drsapi.AccessURL{}
-	if resp.JSON200.ResolvedDrsObjectAccessUrls == nil {
-		return out, nil
-	}
-	for _, resolved := range *resp.JSON200.ResolvedDrsObjectAccessUrls {
-		if resolved.DrsObjectId == nil {
-			continue
-		}
-		objectID := *resolved.DrsObjectId
-		if strings.TrimSpace(objectID) == "" || strings.TrimSpace(resolved.Url) == "" {
-			continue
-		}
-		out[strings.TrimSpace(objectID)] = drsapi.AccessURL{Headers: resolved.Headers, Url: resolved.Url}
-	}
-	return out, nil
-}
-
-// DownloadToCachePath downloads the DRS object identified by oid to cachePath
-// using the project-scoped URL resolution preferred by git-drs.
-func DownloadToCachePath(ctx context.Context, drsCtx *config.GitContext, logger *slog.Logger, oid, cachePath string) error {
-	_ = logger
-	if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil {
-		return fmt.Errorf("mkdir for cache path: %w", err)
-	}
-
-	accessURL, match, err := AccessURLForHashScope(ctx, drsCtx, oid)
-	if err != nil {
-		return err
-	}
-	return downloadResolved(ctx, drsCtx, oid, cachePath, match, accessURL)
-}
-
-func DownloadResolvedToCachePath(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error {
-	if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil {
-		return fmt.Errorf("mkdir for cache path: %w", err)
-	}
-	if obj == nil || accessURL == nil || accessURL.Url == "" {
-		return DownloadToCachePath(ctx, drsCtx, nil, oid, cachePath)
-	}
-	return downloadResolved(ctx, drsCtx, oid, cachePath, obj, accessURL)
-}
-
-func DownloadResolvedToPath(ctx context.Context, drsCtx *config.GitContext, oid, dstPath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL, opts sydownload.DownloadOptions) error {
-	if drsCtx == nil || drsCtx.Client == nil {
-		return fmt.Errorf("DRS client unavailable")
-	}
-	if obj == nil || accessURL == nil || strings.TrimSpace(accessURL.Url) == "" {
-		return fmt.Errorf("resolved DRS object and access URL are required")
-	}
-	src := &resolvedSource{
-		requestor:    drsCtx.Client.Requestor(),
-		accessURL:    strings.TrimSpace(accessURL.Url),
-		expectedSize: obj.Size,
-	}
-	return sydownload.DownloadToPathWithOptions(ctx, src, oid, dstPath, opts)
-}
-
-func downloadResolved(ctx context.Context, drsCtx *config.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error {
-	return DownloadResolvedToPath(ctx, drsCtx, oid, cachePath, obj, accessURL, sydownload.DownloadOptions{
-		MultipartThreshold: 5 * 1024 * 1024,
-		Concurrency:        2,
-		ChunkSize:          64 * 1024 * 1024,
-	})
-}
-
-type resolvedSource struct {
-	requestor    request.Requester
-	accessURL    string
-	expectedSize int64
-}
-
-func (s *resolvedSource) Name() string {
-	return "resolved-url"
-}
-
-func (s *resolvedSource) Logger() transfer.TransferLogger {
-	return transfer.NoOpLogger{}
-}
-
-func (s *resolvedSource) Stat(ctx context.Context, guid string) (*transfer.ObjectMetadata, error) {
-	return &transfer.ObjectMetadata{
-		Size:         s.expectedSize,
-		AcceptRanges: s.expectedSize > 0,
-		Provider:     "drs",
-	}, nil
-}
-
-func (s *resolvedSource) GetReader(ctx context.Context, guid string) (io.ReadCloser, error) {
-	return s.download(ctx, nil, nil)
-}
-
-func (s *resolvedSource) GetRangeReader(ctx context.Context, guid string, offset, length int64) (io.ReadCloser, error) {
-	if length <= 0 {
-		return s.download(ctx, nil, nil)
-	}
-	end := offset + length - 1
-	return s.download(ctx, &offset, &end)
-}
-
-func (s *resolvedSource) download(ctx context.Context, start, end *int64) (io.ReadCloser, error) {
-	resp, err := transfer.GenericDownload(ctx, s.requestor, s.accessURL, start, end)
-	if err != nil {
-		return nil, err
-	}
-	if start != nil && resp.StatusCode == http.StatusOK {
-		resp.Body.Close()
-		return nil, transfer.ErrRangeIgnored
-	}
-	return resp.Body, nil
-}
diff --git a/internal/drsfilter/clean.go b/internal/filter/clean.go
similarity index 68%
rename from internal/drsfilter/clean.go
rename to internal/filter/clean.go
index 4d86ce86..bb0b019d 100644
--- a/internal/drsfilter/clean.go
+++ b/internal/filter/clean.go
@@ -1,4 +1,4 @@
-package drsfilter
+package filter
 
 import (
 	"context"
@@ -10,14 +10,12 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/lfs"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
-// writeDrsMap records a local DRS object entry in .git/drs/lfs/objects so that
-// the pre-push workflow can discover and upload the file.
 func writeDrsMap(pathname string, oid string, size int64) error {
 	name := filepath.Base(pathname)
 	drsObj := &drsapi.DrsObject{
@@ -27,7 +25,7 @@ func writeDrsMap(pathname string, oid string, size int64) error {
 			{Type: "sha256", Checksum: oid},
 		},
 	}
-	if existing, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid); err == nil && existing != nil {
+	if existing, err := drsobject.ReadObject(gitrepo.DRSObjectsPath, oid); err == nil && existing != nil {
 		drsObj = existing
 		drsObj.Name = &name
 		drsObj.Size = size
@@ -35,25 +33,15 @@ func writeDrsMap(pathname string, oid string, size int64) error {
 			{Type: "sha256", Checksum: oid},
 		}
 	}
-	return drsobject.WriteObject(common.DRS_OBJS_PATH, drsObj, oid)
+	return drsobject.WriteObject(gitrepo.DRSObjectsPath, drsObj, oid)
 }
 
-// CleanContent reads raw file content from content, hashes it with SHA-256,
-// stores the content in the git-lfs local object cache under lfsRoot, and
-// writes an LFS pointer to dst. It also records a DRS map entry so that
-// `git drs push` can discover the file.
-//
-// pathname is the repo-relative path of the file being cleaned; it is used
-// only for the DRS map entry name and log messages.
-func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Reader, dst io.Writer, logger *slog.Logger) error {
-	_ = ctx // reserved for future cancellation propagation
-
+func CleanContent(_ context.Context, lfsRoot, pathname string, content io.Reader, dst io.Writer, logger *slog.Logger) (retErr error) {
 	objDir := filepath.Join(lfsRoot, "objects")
 	if err := os.MkdirAll(objDir, 0o755); err != nil {
 		return fmt.Errorf("clean: mkdir LFS objects: %w", err)
 	}
 
-	// Buffer the content into a temp file while computing its SHA-256.
 	tmp, err := os.CreateTemp(objDir, "git-drs-clean-*")
 	if err != nil {
 		return fmt.Errorf("clean: create temp file: %w", err)
@@ -61,7 +49,9 @@ func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Read
 	tmpPath := tmp.Name()
 	defer func() {
 		if _, statErr := os.Stat(tmpPath); statErr == nil {
-			_ = os.Remove(tmpPath)
+			if rmErr := os.Remove(tmpPath); rmErr != nil && retErr == nil {
+				retErr = fmt.Errorf("clean: remove temp file: %w", rmErr)
+			}
 		}
 	}()
 
@@ -92,8 +82,7 @@ func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Read
 		}
 	}
 
-	// Move temp file to the final content-addressed location.
-	cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+	cachePath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, oid)
 	if err != nil {
 		return fmt.Errorf("clean: resolve cache path: %w", err)
 	}
@@ -106,7 +95,6 @@ func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Read
 
 	logger.Debug("clean: stored LFS object", "pathname", pathname, "oid", oid, "size", size)
 
-	// Write the LFS pointer to dst.
 	pointer := fmt.Sprintf(
 		"version https://git-lfs.github.com/spec/v1\noid sha256:%s\nsize %d\n",
 		oid, size,
@@ -115,7 +103,6 @@ func CleanContent(ctx context.Context, lfsRoot, pathname string, content io.Read
 		return fmt.Errorf("clean: write pointer: %w", err)
 	}
 
-	// Record a DRS map entry so `git drs push` can find the file.
 	if mapErr := writeDrsMap(pathname, oid, size); mapErr != nil {
 		logger.Warn("clean: failed to write DRS map entry", "pathname", pathname, "error", mapErr)
 	}
diff --git a/internal/drsfilter/clean_test.go b/internal/filter/clean_test.go
similarity index 79%
rename from internal/drsfilter/clean_test.go
rename to internal/filter/clean_test.go
index 1e2f982c..fbfd1766 100644
--- a/internal/drsfilter/clean_test.go
+++ b/internal/filter/clean_test.go
@@ -1,4 +1,4 @@
-package drsfilter
+package filter
 
 import (
 	"bytes"
@@ -11,8 +11,8 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/lfs"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
@@ -31,7 +31,7 @@ func TestCleanContentPassesThroughExistingPointer(t *testing.T) {
 	oid := "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 	pointer := "version https://git-lfs.github.com/spec/v1\noid sha256:" + oid + "\nsize 21\n"
 	explicitURL := "s3://bucket/path/to/file.bin"
-	if err := drsobject.WriteObject(common.DRS_OBJS_PATH, &drsapi.DrsObject{
+	if err := drsobject.WriteObject(gitrepo.DRSObjectsPath, &drsapi.DrsObject{
 		Size: 21,
 		AccessMethods: &[]drsapi.AccessMethod{{
 			Type: drsapi.AccessMethodTypeS3,
@@ -53,12 +53,7 @@ func TestCleanContentPassesThroughExistingPointer(t *testing.T) {
 		t.Fatalf("expected pointer passthrough, got %q", out.String())
 	}
 
-	if objPath, err := lfs.ObjectPath(common.DRS_OBJS_PATH, oid); err != nil {
-		t.Fatalf("ObjectPath: %v", err)
-	} else if _, err := os.Stat(objPath); err != nil {
-		t.Fatalf("expected DRS map entry at %s: %v", objPath, err)
-	}
-	gotObj, err := drsobject.ReadObject(common.DRS_OBJS_PATH, oid)
+	gotObj, err := drsobject.ReadObject(gitrepo.DRSObjectsPath, oid)
 	if err != nil {
 		t.Fatalf("read DRS map entry: %v", err)
 	}
@@ -68,7 +63,7 @@ func TestCleanContentPassesThroughExistingPointer(t *testing.T) {
 
 	sum := sha256.Sum256([]byte(pointer))
 	contentOID := hex.EncodeToString(sum[:])
-	if cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, contentOID); err == nil {
+	if cachePath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, contentOID); err == nil {
 		if _, statErr := os.Stat(cachePath); !os.IsNotExist(statErr) {
 			t.Fatalf("did not expect pointer text to be cached as payload at %s", cachePath)
 		}
diff --git a/internal/gitfilter/filter_process.go b/internal/filter/process.go
similarity index 58%
rename from internal/gitfilter/filter_process.go
rename to internal/filter/process.go
index 1f86aa88..57ddb13e 100644
--- a/internal/gitfilter/filter_process.go
+++ b/internal/filter/process.go
@@ -1,4 +1,4 @@
-package gitfilter
+package filter
 
 import (
 	"bytes"
@@ -12,38 +12,15 @@ import (
 	"github.com/git-lfs/pktline"
 )
 
-// SmudgeFunc is called for each smudge (checkout) request.
-// req contains the pathname and command metadata.
-// ptr is the LFS pointer payload received from git (may be non-LFS content for untracked files).
-// dst is where the real file content must be written.
 type SmudgeFunc func(ctx context.Context, req FilterRequest, ptr io.Reader, dst io.Writer) error
 
-// CleanFunc is called for each clean (stage) request.
-// req contains the pathname and command metadata.
-// content is the full file content received from git.
-// dst is where the LFS pointer must be written.
 type CleanFunc func(ctx context.Context, req FilterRequest, content io.Reader, dst io.Writer) error
 
-// FilterRequest describes a single filter request from git.
 type FilterRequest struct {
-	// Command is "smudge" or "clean".
-	Command string
-	// Pathname is the repo-relative file path being processed.
+	Command  string
 	Pathname string
 }
 
-// GitFilter implements the git long-running filter process protocol v2.
-//
-// Protocol reference:
-//
-//	https://git-scm.com/docs/gitattributes#_long_running_filter_process
-//
-// Usage:
-//
-//	f := NewGitFilter(os.Stdin, os.Stdout).
-//	    OnSmudge(smudgeFn).
-//	    OnClean(cleanFn)
-//	err := f.Run(ctx)
 type GitFilter struct {
 	pl     *pktline.Pktline
 	out    io.Writer
@@ -52,7 +29,6 @@ type GitFilter struct {
 	logger *slog.Logger
 }
 
-// NewGitFilter creates a GitFilter that reads from in and writes to out.
 func NewGitFilter(in io.Reader, out io.Writer, logger *slog.Logger) *GitFilter {
 	return &GitFilter{
 		pl:     pktline.NewPktline(in, out),
@@ -61,20 +37,16 @@ func NewGitFilter(in io.Reader, out io.Writer, logger *slog.Logger) *GitFilter {
 	}
 }
 
-// OnSmudge registers the smudge handler and returns the receiver for chaining.
 func (f *GitFilter) OnSmudge(fn SmudgeFunc) *GitFilter {
 	f.smudge = fn
 	return f
 }
 
-// OnClean registers the clean handler and returns the receiver for chaining.
 func (f *GitFilter) OnClean(fn CleanFunc) *GitFilter {
 	f.clean = fn
 	return f
 }
 
-// Run performs the capability handshake and then processes filter requests
-// until the underlying reader is exhausted or the context is cancelled.
 func (f *GitFilter) Run(ctx context.Context) error {
 	f.logger.Debug("Starting git filter process")
 	if err := f.handshake(); err != nil {
@@ -94,27 +66,7 @@ func (f *GitFilter) Run(ctx context.Context) error {
 	}
 }
 
-// --------------------------------------------------------------------------
-// Handshake
-// --------------------------------------------------------------------------
-
-// handshake implements the git filter v2 capability exchange.
-//
-// git → filter:
-//
-//	PKT-LINE("git-filter-client\n")
-//	PKT-LINE("version=2\n")
-//	flush-pkt
-//	PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
-//
-// filter → git:
-//
-//	PKT-LINE("git-filter-server\n")
-//	PKT-LINE("version=2\n")
-//	flush-pkt
-//	PKT-LINE("capability=clean\n") + PKT-LINE("capability=smudge\n") + flush-pkt
 func (f *GitFilter) handshake() error {
-	// --- version negotiation from git ---
 	initMsg, err := f.pl.ReadPacketText()
 	if err != nil {
 		return fmt.Errorf("reading welcome: %w", err)
@@ -131,24 +83,17 @@ func (f *GitFilter) handshake() error {
 		return fmt.Errorf("unsupported filter protocol versions %v (requires version=2)", versions)
 	}
 
-	// --- send our identity ---
 	if err := f.pl.WritePacketList([]string{"git-filter-server", "version=2"}); err != nil {
 		return err
 	}
 
-	// --- read capabilities from git ---
 	if _, err := f.pl.ReadPacketList(); err != nil {
 		return fmt.Errorf("reading capabilities: %w", err)
 	}
 
-	// --- advertise our capabilities ---
 	return f.pl.WritePacketList([]string{"capability=clean", "capability=smudge"})
 }
 
-// --------------------------------------------------------------------------
-// Per-request processing
-// --------------------------------------------------------------------------
-
 func (f *GitFilter) processOne(ctx context.Context) error {
 	f.logger.Debug("Waiting for next filter request...")
 	req, err := f.readRequest()
@@ -157,7 +102,6 @@ func (f *GitFilter) processOne(ctx context.Context) error {
 		return err
 	}
 	f.logger.Debug("Received filter request", "command", req.Command, "pathname", req.Pathname)
-	// Read content (between the delimiter and the trailing flush).
 	content, err := f.readContent()
 	if err != nil {
 		return fmt.Errorf("reading content for %s %s: %w", req.Command, req.Pathname, err)
@@ -170,12 +114,10 @@ func (f *GitFilter) processOne(ctx context.Context) error {
 	case "clean":
 		handlerErr = f.handleClean(ctx, req, content)
 	default:
-		// Unknown command: respond with error status and empty content.
 		handlerErr = fmt.Errorf("unknown command %q", req.Command)
 	}
 
 	if handlerErr != nil {
-		// Send error status; git will use the pointer/raw bytes itself.
 		if err := f.pl.WritePacketList([]string{"status=error"}); err != nil {
 			return err
 		}
@@ -208,25 +150,14 @@ func (f *GitFilter) handleClean(ctx context.Context, req FilterRequest, content
 	return f.writeSuccessResponse(dst.Bytes())
 }
 
-// passthroughSmudge sends content as-is (smudge no-op).
 func (f *GitFilter) passthroughSmudge(content []byte) error {
 	return f.writeSuccessResponse(content)
 }
 
-// passthroughClean sends content as-is (clean no-op).
 func (f *GitFilter) passthroughClean(content []byte) error {
 	return f.writeSuccessResponse(content)
 }
 
-// writeSuccessResponse writes the success response including pkt-line framed content.
-//
-// Format:
-//
-//	PKT-LINE("status=success\n")
-//	flush-pkt
-//	[PKT-LINE(content chunks)]
-//	flush-pkt
-//	flush-pkt  (second flush signals end of command)
 func (f *GitFilter) writeSuccessResponse(data []byte) error {
 	if err := f.pl.WritePacketList([]string{"status=success"}); err != nil {
 		return err
@@ -242,16 +173,9 @@ func (f *GitFilter) writeSuccessResponse(data []byte) error {
 		return err
 	}
 
-	// Send trailing key=value list (empty) terminated with flush.
 	return f.pl.WritePacketList(nil)
 }
 
-// --------------------------------------------------------------------------
-// Helpers
-// --------------------------------------------------------------------------
-
-// readRequest reads the command header section terminated by a delimiter packet.
-// Returns (FilterRequest, nil) on success, or (_, io.EOF) if the stream is done.
 func (f *GitFilter) readRequest() (FilterRequest, error) {
 	requestList, err := f.pl.ReadPacketList()
 	if err != nil {
@@ -272,8 +196,6 @@ func (f *GitFilter) readRequest() (FilterRequest, error) {
 	return req, nil
 }
 
-// readContent reads pkt-line data packets until a flush packet, returning all
-// data concatenated. git sends content flush-terminated.
 func (f *GitFilter) readContent() ([]byte, error) {
 	return io.ReadAll(pktline.NewPktlineReaderFromPktline(f.pl, pktline.MaxPacketLength))
 }
diff --git a/internal/gitfilter/filter_process_test.go b/internal/filter/process_test.go
similarity index 51%
rename from internal/gitfilter/filter_process_test.go
rename to internal/filter/process_test.go
index 1b6f4a88..7fd0ea77 100644
--- a/internal/gitfilter/filter_process_test.go
+++ b/internal/filter/process_test.go
@@ -1,4 +1,4 @@
-package gitfilter
+package filter
 
 import (
 	"bytes"
@@ -11,7 +11,7 @@ import (
 	"github.com/git-lfs/pktline"
 )
 
-func TestGitFilter_ProtocolSmudgeFraming(t *testing.T) {
+func TestGitFilterProtocolSmudgeFraming(t *testing.T) {
 	var in bytes.Buffer
 
 	inPL := pktline.NewPktline(nil, &in)
@@ -40,13 +40,6 @@ func TestGitFilter_ProtocolSmudgeFraming(t *testing.T) {
 	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
 
 	f := NewGitFilter(&in, &out, logger).OnSmudge(func(ctx context.Context, req FilterRequest, ptr io.Reader, dst io.Writer) error {
-		if req.Command != "smudge" {
-			t.Fatalf("unexpected command: %q", req.Command)
-		}
-		if req.Pathname != "path/test.dat" {
-			t.Fatalf("unexpected pathname: %q", req.Pathname)
-		}
-
 		gotPayload, err := io.ReadAll(ptr)
 		if err != nil {
 			t.Fatalf("read pointer payload: %v", err)
@@ -54,7 +47,6 @@ func TestGitFilter_ProtocolSmudgeFraming(t *testing.T) {
 		if string(gotPayload) != "pointer-bytes\n" {
 			t.Fatalf("unexpected pointer payload: %q", string(gotPayload))
 		}
-
 		_, err = dst.Write([]byte("smudged-content"))
 		return err
 	})
@@ -64,47 +56,11 @@ func TestGitFilter_ProtocolSmudgeFraming(t *testing.T) {
 	}
 
 	outPL := pktline.NewPktline(&out, nil)
-
 	serverInit, err := outPL.ReadPacketList()
 	if err != nil {
 		t.Fatalf("read server init: %v", err)
 	}
-	wantServerInit := []string{"git-filter-server", "version=2"}
-	if !reflect.DeepEqual(serverInit, wantServerInit) {
-		t.Fatalf("unexpected server init list: got %v, want %v", serverInit, wantServerInit)
-	}
-
-	serverCaps, err := outPL.ReadPacketList()
-	if err != nil {
-		t.Fatalf("read server capabilities: %v", err)
-	}
-	wantServerCaps := []string{"capability=clean", "capability=smudge"}
-	if !reflect.DeepEqual(serverCaps, wantServerCaps) {
-		t.Fatalf("unexpected server capabilities: got %v, want %v", serverCaps, wantServerCaps)
-	}
-
-	statusList, err := outPL.ReadPacketList()
-	if err != nil {
-		t.Fatalf("read status list: %v", err)
-	}
-	wantStatusList := []string{"status=success"}
-	if !reflect.DeepEqual(statusList, wantStatusList) {
-		t.Fatalf("unexpected status list: got %v, want %v", statusList, wantStatusList)
-	}
-
-	responseContent, err := io.ReadAll(pktline.NewPktlineReaderFromPktline(outPL, pktline.MaxPacketLength))
-	if err != nil {
-		t.Fatalf("read response content: %v", err)
-	}
-	if string(responseContent) != "smudged-content" {
-		t.Fatalf("unexpected response content: %q", string(responseContent))
-	}
-
-	trailingList, err := outPL.ReadPacketList()
-	if err != nil {
-		t.Fatalf("read trailing list: %v", err)
-	}
-	if len(trailingList) != 0 {
-		t.Fatalf("expected empty trailing list, got %v", trailingList)
+	if !reflect.DeepEqual(serverInit, []string{"git-filter-server", "version=2"}) {
+		t.Fatalf("unexpected server init list: %v", serverInit)
 	}
 }
diff --git a/internal/filter/skip_smudge.go b/internal/filter/skip_smudge.go
new file mode 100644
index 00000000..316cc2b5
--- /dev/null
+++ b/internal/filter/skip_smudge.go
@@ -0,0 +1,29 @@
+package filter
+
+import (
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/gitrepo"
+)
+
+func ShouldSkipSmudge() bool {
+	if val := os.Getenv("GIT_LFS_SKIP_SMUDGE"); val != "" {
+		return val == "1" || strings.ToLower(val) == "true"
+	}
+	if val := os.Getenv("GIT_DRS_SKIP_SMUDGE"); val != "" {
+		return val == "1" || strings.ToLower(val) == "true"
+	}
+	if valStr, err := gitrepo.GetGitConfigString("drs.skipsmudge"); err == nil && valStr != "" {
+		if val, err := strconv.ParseBool(valStr); err == nil {
+			return val
+		}
+	}
+	if valStr, err := gitrepo.GetGitConfigString("lfs.skipsmudge"); err == nil && valStr != "" {
+		if val, err := strconv.ParseBool(valStr); err == nil {
+			return val
+		}
+	}
+	return true
+}
diff --git a/internal/drsfilter/smudge.go b/internal/filter/smudge.go
similarity index 78%
rename from internal/drsfilter/smudge.go
rename to internal/filter/smudge.go
index 14c67de7..b3fca1a0 100644
--- a/internal/drsfilter/smudge.go
+++ b/internal/filter/smudge.go
@@ -1,4 +1,4 @@
-package drsfilter
+package filter
 
 import (
 	"context"
@@ -10,15 +10,12 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/calypr/git-drs/internal/common"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/lfs"
 )
 
-// SmudgeDownloadFunc downloads the object identified by oid into cachePath.
 type SmudgeDownloadFunc func(ctx context.Context, oid, cachePath string) error
 
-// SmudgeContent reads pointer content from ptr and writes smudged content to dst.
-// If the payload is not an LFS pointer, it passes data through unchanged.
 func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.Writer, logger *slog.Logger, download SmudgeDownloadFunc) error {
 	ptrBytes, err := io.ReadAll(ptr)
 	if err != nil {
@@ -38,7 +35,7 @@ func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.W
 		logger.Debug("smudge", "pathname", pathname, "oid", oid, "size", size)
 	}
 
-	cachePath, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+	cachePath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, oid)
 	if err != nil {
 		return fmt.Errorf("smudge: resolve cache path: %w", err)
 	}
@@ -52,8 +49,6 @@ func SmudgeContent(ctx context.Context, pathname string, ptr io.Reader, dst io.W
 	}
 
 	if download == nil {
-		// No remote configured — write the pointer back to the working tree
-		// unchanged, matching git-lfs --skip-smudge behaviour.
 		if logger != nil {
 			logger.Debug("smudge: no downloader configured, writing pointer", "oid", oid)
 		}
diff --git a/internal/drsfilter/smudge_test.go b/internal/filter/smudge_test.go
similarity index 57%
rename from internal/drsfilter/smudge_test.go
rename to internal/filter/smudge_test.go
index e7008190..13d32c8d 100644
--- a/internal/drsfilter/smudge_test.go
+++ b/internal/filter/smudge_test.go
@@ -1,4 +1,4 @@
-package drsfilter
+package filter
 
 import (
 	"bytes"
@@ -11,11 +11,11 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/calypr/git-drs/internal/common"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/lfs"
 )
 
-func TestSmudgeContent_PassthroughNonPointer(t *testing.T) {
+func TestSmudgeContentPassthroughNonPointer(t *testing.T) {
 	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
 	var out bytes.Buffer
 
@@ -23,13 +23,12 @@ func TestSmudgeContent_PassthroughNonPointer(t *testing.T) {
 	if err != nil {
 		t.Fatalf("SmudgeContent returned error: %v", err)
 	}
-
 	if got := out.String(); got != "plain-bytes\n" {
 		t.Fatalf("unexpected output: got %q", got)
 	}
 }
 
-func TestSmudgeContent_UsesCacheWhenPresent(t *testing.T) {
+func TestSmudgeContentUsesCacheWhenPresent(t *testing.T) {
 	repo := setupSmudgeTestRepo(t)
 	oid := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 	cachePath := mustObjectPath(t, oid)
@@ -44,52 +43,35 @@ func TestSmudgeContent_UsesCacheWhenPresent(t *testing.T) {
 	var out bytes.Buffer
 	downloaderCalled := false
 
-	err := SmudgeContent(
-		context.Background(),
-		filepath.Join(repo, "data.txt"),
-		bytes.NewBufferString(pointerForOID(oid, 14)),
-		&out,
-		logger,
-		func(ctx context.Context, gotOID, gotPath string) error {
-			downloaderCalled = true
-			return nil
-		},
-	)
+	err := SmudgeContent(context.Background(), filepath.Join(repo, "data.txt"), bytes.NewBufferString(pointerForOID(oid, 14)), &out, logger, func(ctx context.Context, gotOID, gotPath string) error {
+		downloaderCalled = true
+		return nil
+	})
 	if err != nil {
 		t.Fatalf("SmudgeContent returned error: %v", err)
 	}
 	if downloaderCalled {
 		t.Fatal("expected downloader not to be called on cache hit")
 	}
-	if got := out.String(); got != "cached-content" {
-		t.Fatalf("unexpected output: got %q", got)
-	}
 }
 
-func TestSmudgeContent_DownloadsWhenCacheMiss(t *testing.T) {
+func TestSmudgeContentDownloadsWhenCacheMiss(t *testing.T) {
 	oid := "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
 	setupSmudgeTestRepo(t)
 	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
 	var out bytes.Buffer
 	called := 0
 
-	err := SmudgeContent(
-		context.Background(),
-		"file.bin",
-		bytes.NewBufferString(pointerForOID(oid, 15)),
-		&out,
-		logger,
-		func(ctx context.Context, gotOID, cachePath string) error {
-			called++
-			if gotOID != oid {
-				return errors.New("unexpected oid")
-			}
-			if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil {
-				return err
-			}
-			return os.WriteFile(cachePath, []byte("downloaded-bytes"), 0o644)
-		},
-	)
+	err := SmudgeContent(context.Background(), "file.bin", bytes.NewBufferString(pointerForOID(oid, 15)), &out, logger, func(ctx context.Context, gotOID, cachePath string) error {
+		called++
+		if gotOID != oid {
+			return errors.New("unexpected oid")
+		}
+		if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil {
+			return err
+		}
+		return os.WriteFile(cachePath, []byte("downloaded-bytes"), 0o644)
+	})
 	if err != nil {
 		t.Fatalf("SmudgeContent returned error: %v", err)
 	}
@@ -101,28 +83,6 @@ func TestSmudgeContent_DownloadsWhenCacheMiss(t *testing.T) {
 	}
 }
 
-func TestSmudgeContent_WritesPointerWithoutDownloaderOnCacheMiss(t *testing.T) {
-	oid := "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
-	setupSmudgeTestRepo(t)
-	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
-	var out bytes.Buffer
-
-	err := SmudgeContent(
-		context.Background(),
-		"missing.bin",
-		bytes.NewBufferString(pointerForOID(oid, 10)),
-		&out,
-		logger,
-		nil,
-	)
-	if err != nil {
-		t.Fatalf("SmudgeContent returned error: %v", err)
-	}
-	if got := out.String(); got != pointerForOID(oid, 10) {
-		t.Fatalf("expected pointer passthrough, got %q", got)
-	}
-}
-
 func setupSmudgeTestRepo(t *testing.T) string {
 	t.Helper()
 
@@ -147,7 +107,7 @@ func setupSmudgeTestRepo(t *testing.T) string {
 
 func mustObjectPath(t *testing.T, oid string) string {
 	t.Helper()
-	path, err := lfs.ObjectPath(common.LFS_OBJS_PATH, oid)
+	path, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, oid)
 	if err != nil {
 		t.Fatalf("ObjectPath: %v", err)
 	}
diff --git a/internal/gitrepo/bucket_scope.go b/internal/gitrepo/bucket_scope.go
index 643aeee3..7ad45d55 100644
--- a/internal/gitrepo/bucket_scope.go
+++ b/internal/gitrepo/bucket_scope.go
@@ -66,7 +66,10 @@ func ResolveBucketScope(organization, project, configuredBucket, configuredPrefi
 	}
 
 	if configuredBucket == "" {
-		return ResolvedBucketScope{}, fmt.Errorf("bucket is required (or configure mapping with `git drs bucket add-organization --organization %s --path <scheme>://<bucket>/<prefix>`)", organization)
+		if project != "" {
+			return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q project=%q; configure one first with `git drs bucket add-organization --organization %s --path <scheme>://<bucket>/<prefix>` or `git drs bucket add-project --organization %s --project %s --path <scheme>://<bucket>/<prefix>`", organization, project, organization, organization, project)
+		}
+		return ResolvedBucketScope{}, fmt.Errorf("no bucket mapping found for organization=%q; configure one first with `git drs bucket add-organization --organization %s --path <scheme>://<bucket>/<prefix>`", organization, organization)
 	}
 	return ResolvedBucketScope{
 		Bucket: configuredBucket,
diff --git a/internal/drstrack/routes.go b/internal/gitrepo/gitattributes_routes.go
similarity index 95%
rename from internal/drstrack/routes.go
rename to internal/gitrepo/gitattributes_routes.go
index f871656c..9f954138 100644
--- a/internal/drstrack/routes.go
+++ b/internal/gitrepo/gitattributes_routes.go
@@ -1,4 +1,4 @@
-package drstrack
+package gitrepo
 
 import (
 	"bufio"
@@ -8,9 +8,6 @@ import (
 	"strings"
 )
 
-// UpsertDRSRouteLines adds or updates .gitattributes lines of the form:
-//
-//	<pattern> drs.route=<ro|rw>
 func UpsertDRSRouteLines(gitattributesPath string, mode string, patterns []string) (changed bool, err error) {
 	mode = strings.ToLower(strings.TrimSpace(mode))
 	if mode != "ro" && mode != "rw" {
diff --git a/internal/drstrack/routes_test.go b/internal/gitrepo/gitattributes_routes_test.go
similarity index 88%
rename from internal/drstrack/routes_test.go
rename to internal/gitrepo/gitattributes_routes_test.go
index 93b964b5..c855c03a 100644
--- a/internal/drstrack/routes_test.go
+++ b/internal/gitrepo/gitattributes_routes_test.go
@@ -1,4 +1,4 @@
-package drstrack
+package gitrepo
 
 import (
 	"os"
@@ -6,7 +6,7 @@ import (
 	"testing"
 )
 
-func TestUpsertDRSRouteLines_AddNew(t *testing.T) {
+func TestUpsertDRSRouteLinesAddNew(t *testing.T) {
 	dir := t.TempDir()
 	p := filepath.Join(dir, ".gitattributes")
 
@@ -26,7 +26,7 @@ func TestUpsertDRSRouteLines_AddNew(t *testing.T) {
 	}
 }
 
-func TestUpsertDRSRouteLines_UpdateExisting(t *testing.T) {
+func TestUpsertDRSRouteLinesUpdateExisting(t *testing.T) {
 	dir := t.TempDir()
 	p := filepath.Join(dir, ".gitattributes")
 
@@ -50,7 +50,7 @@ func TestUpsertDRSRouteLines_UpdateExisting(t *testing.T) {
 	}
 }
 
-func TestUpsertDRSRouteLines_Idempotent(t *testing.T) {
+func TestUpsertDRSRouteLinesIdempotent(t *testing.T) {
 	dir := t.TempDir()
 	p := filepath.Join(dir, ".gitattributes")
 
diff --git a/internal/drstrack/tracking.go b/internal/gitrepo/gitattributes_tracking.go
similarity index 93%
rename from internal/drstrack/tracking.go
rename to internal/gitrepo/gitattributes_tracking.go
index ca2fafa1..9180a42c 100644
--- a/internal/drstrack/tracking.go
+++ b/internal/gitrepo/gitattributes_tracking.go
@@ -1,4 +1,4 @@
-package drstrack
+package gitrepo
 
 import (
 	"bufio"
@@ -9,12 +9,9 @@ import (
 	"path/filepath"
 	"runtime"
 	"strings"
-
-	"github.com/calypr/git-drs/internal/gitrepo"
 )
 
-func TrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) {
-	_ = ctx
+func TrackPatterns(_ context.Context, patterns []string, verbose bool, dryRun bool) (string, error) {
 	changedAttribLines := make(map[string]string, len(patterns))
 	var output strings.Builder
 
@@ -54,10 +51,7 @@ func TrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun
 	return output.String(), nil
 }
 
-func ListTrackedPatterns(ctx context.Context, verbose bool) (string, error) {
-	_ = ctx
-	_ = verbose
-
+func ListTrackedPatterns(_ context.Context, _ bool) (string, error) {
 	attribContents, err := readLocalGitAttributes()
 	if err != nil {
 		return "", fmt.Errorf("git drs track failed: %w", err)
@@ -92,10 +86,7 @@ func ListTrackedPatterns(ctx context.Context, verbose bool) (string, error) {
 	return out.String(), nil
 }
 
-func UntrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRun bool) (string, error) {
-	_ = ctx
-	_ = verbose
-
+func UntrackPatterns(_ context.Context, patterns []string, _ bool, dryRun bool) (string, error) {
 	attribContents, err := readLocalGitAttributes()
 	if err != nil {
 		return "", fmt.Errorf("git drs untrack failed: %w", err)
@@ -151,6 +142,25 @@ func UntrackPatterns(ctx context.Context, patterns []string, verbose bool, dryRu
 	return out.String(), nil
 }
 
+func TrackReadOnly(ctx context.Context, path string) (bool, error) {
+	if _, err := TrackPatterns(ctx, []string{path}, false, false); err != nil {
+		return false, fmt.Errorf("git lfs track failed: %w", err)
+	}
+
+	repoRoot, err := GitTopLevel()
+	if err != nil {
+		return false, err
+	}
+
+	attrPath := filepath.Join(repoRoot, ".gitattributes")
+	changed, err := UpsertDRSRouteLines(attrPath, "ro", []string{path})
+	if err != nil {
+		return false, err
+	}
+
+	return changed, nil
+}
+
 func readLocalGitAttributes() ([]byte, error) {
 	data, err := os.ReadFile(".gitattributes")
 	if err != nil {
@@ -260,22 +270,3 @@ func unescapeAttrPattern(escaped string) string {
 
 	return unescaped
 }
-
-func TrackReadOnly(ctx context.Context, path string) (bool, error) {
-	if _, err := TrackPatterns(ctx, []string{path}, false, false); err != nil {
-		return false, fmt.Errorf("git lfs track failed: %w", err)
-	}
-
-	repoRoot, err := gitrepo.GitTopLevel()
-	if err != nil {
-		return false, err
-	}
-
-	attrPath := filepath.Join(repoRoot, ".gitattributes")
-	changed, err := UpsertDRSRouteLines(attrPath, "ro", []string{path})
-	if err != nil {
-		return false, err
-	}
-
-	return changed, nil
-}
diff --git a/internal/drstrack/tracking_test.go b/internal/gitrepo/gitattributes_tracking_test.go
similarity index 92%
rename from internal/drstrack/tracking_test.go
rename to internal/gitrepo/gitattributes_tracking_test.go
index 0b4150f2..cc9ca3df 100644
--- a/internal/drstrack/tracking_test.go
+++ b/internal/gitrepo/gitattributes_tracking_test.go
@@ -1,4 +1,4 @@
-package drstrack
+package gitrepo
 
 import (
 	"context"
@@ -8,7 +8,7 @@ import (
 	"testing"
 )
 
-func TestTrackPatterns_WritesGitattributes(t *testing.T) {
+func TestTrackPatternsWritesGitattributes(t *testing.T) {
 	repo := t.TempDir()
 	oldwd := mustChdirTrackTest(t, repo)
 	t.Cleanup(func() { _ = os.Chdir(oldwd) })
@@ -34,7 +34,7 @@ func TestTrackPatterns_WritesGitattributes(t *testing.T) {
 	}
 }
 
-func TestTrackPatterns_DryRunDoesNotWrite(t *testing.T) {
+func TestTrackPatternsDryRunDoesNotWrite(t *testing.T) {
 	repo := t.TempDir()
 	oldwd := mustChdirTrackTest(t, repo)
 	t.Cleanup(func() { _ = os.Chdir(oldwd) })
@@ -51,7 +51,7 @@ func TestTrackPatterns_DryRunDoesNotWrite(t *testing.T) {
 	}
 }
 
-func TestListTrackedPatterns_ReadsGitattributes(t *testing.T) {
+func TestListTrackedPatternsReadsGitattributes(t *testing.T) {
 	repo := t.TempDir()
 	oldwd := mustChdirTrackTest(t, repo)
 	t.Cleanup(func() { _ = os.Chdir(oldwd) })
@@ -73,7 +73,7 @@ func TestListTrackedPatterns_ReadsGitattributes(t *testing.T) {
 	}
 }
 
-func TestUntrackPatterns_RemovesPattern(t *testing.T) {
+func TestUntrackPatternsRemovesPattern(t *testing.T) {
 	repo := t.TempDir()
 	oldwd := mustChdirTrackTest(t, repo)
 	t.Cleanup(func() { _ = os.Chdir(oldwd) })
@@ -104,7 +104,7 @@ func TestUntrackPatterns_RemovesPattern(t *testing.T) {
 	}
 }
 
-func TestUntrackPatterns_DryRunDoesNotWrite(t *testing.T) {
+func TestUntrackPatternsDryRunDoesNotWrite(t *testing.T) {
 	repo := t.TempDir()
 	oldwd := mustChdirTrackTest(t, repo)
 	t.Cleanup(func() { _ = os.Chdir(oldwd) })
diff --git a/internal/gitrepo/lfs_auth.go b/internal/gitrepo/lfs_auth.go
index 2880e2b4..80626a36 100644
--- a/internal/gitrepo/lfs_auth.go
+++ b/internal/gitrepo/lfs_auth.go
@@ -32,18 +32,6 @@ func GetRemoteToken(remoteName string) (string, error) {
 	return GetGitConfigString(remoteTokenKey(remoteName))
 }
 
-// SetRemoteToken stores a remote-specific bearer token in repo-local git config.
-func SetRemoteToken(remoteName, token string) error {
-	if strings.TrimSpace(remoteName) == "" {
-		return fmt.Errorf("remote name is required")
-	}
-	if strings.TrimSpace(token) == "" {
-		return fmt.Errorf("token is required")
-	}
-	configs := map[string]string{remoteTokenKey(remoteName): token}
-	return SetGitConfigOptions(configs)
-}
-
 func GetRemoteBasicAuth(remoteName string) (string, string, error) {
 	username, err := GetGitConfigString(remoteUsernameKey(remoteName))
 	if err != nil {
diff --git a/internal/gitrepo/paths.go b/internal/gitrepo/paths.go
new file mode 100644
index 00000000..ab2669e2
--- /dev/null
+++ b/internal/gitrepo/paths.go
@@ -0,0 +1,9 @@
+package gitrepo
+
+const (
+	LFSObjectsPath = ".git/lfs/objects"
+	DRSObjectsPath = ".git/drs/lfs/objects"
+	ConfigYAML     = "config.yaml"
+	DRSLogFile     = ".git/drs/git-drs.log"
+	DRSDir         = ".git/drs"
+)
diff --git a/internal/gitrepo/repo.go b/internal/gitrepo/repo.go
index 866f2054..f5a89f06 100644
--- a/internal/gitrepo/repo.go
+++ b/internal/gitrepo/repo.go
@@ -7,18 +7,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/calypr/git-drs/internal/common"
 	"github.com/go-git/go-git/v5"
 )
 
-func DrsTopLevel() (string, error) {
-	base, err := GitTopLevel()
-	if err != nil {
-		return "", err
-	}
-	return filepath.Join(base, common.DRS_DIR), nil
-}
-
 // GetRepo opens the current git repository
 func GetRepo() (*git.Repository, error) {
 	cwd, err := os.Getwd()
@@ -132,17 +123,3 @@ func GetGitHooksDir() (string, error) {
 	// we might need more robust logic, but this matches previous behavior.
 	return filepath.Join(wt.Filesystem.Root(), ".git", "hooks"), nil
 }
-
-// AddFile adds a file to the git staging area (index)
-func AddFile(path string) error {
-	repo, err := GetRepo()
-	if err != nil {
-		return err
-	}
-	wt, err := repo.Worktree()
-	if err != nil {
-		return err
-	}
-	_, err = wt.Add(path)
-	return err
-}
diff --git a/internal/lfs/inventory.go b/internal/lfs/inventory.go
index 69b490d6..bb8d7012 100644
--- a/internal/lfs/inventory.go
+++ b/internal/lfs/inventory.go
@@ -3,7 +3,9 @@ package lfs
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
+	"io"
 	"log/slog"
 	"os"
 	"os/exec"
@@ -45,10 +47,12 @@ func IsLFSTracked(path string) (bool, error) {
 	if len(fields) < 3 {
 		return false, nil
 	}
-	return strings.TrimSpace(fields[2]) == "lfs", nil
+	return isTrackedFilter(strings.TrimSpace(fields[2])), nil
 }
 
-func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string, logger *slog.Logger) (map[string]LfsFileInfo, error) {
+// GetLfsFilesForRefs scans arbitrary refs or SHAs and returns the LFS pointer
+// files present in those trees.
+func GetLfsFilesForRefs(refs []string, logger *slog.Logger) (map[string]LfsFileInfo, error) {
 	if logger == nil {
 		return nil, fmt.Errorf("logger is required")
 	}
@@ -57,59 +61,146 @@ func GetAllLfsFiles(gitRemoteName, gitRemoteLocation string, branches []string,
 		return nil, err
 	}
 
-	if gitRemoteName == "" {
-		gitRemoteName = "origin"
-	}
-	if gitRemoteLocation != "" {
-		logger.Debug(fmt.Sprintf("Using git remote %s at %s for LFS inventory", gitRemoteName, gitRemoteLocation))
-	} else {
-		logger.Debug(fmt.Sprintf("Using git remote %s for LFS inventory", gitRemoteName))
-	}
-	logger.Debug("Scanning Git refs for LFS pointer files (no git lfs CLI required)")
-
-	// no timeout for now
 	ctx := context.Background()
-	refs := buildRefs(branches)
 	lfsFileMap := make(map[string]LfsFileInfo)
+	seen := make(map[string]struct{}, len(refs))
 	for _, ref := range refs {
+		ref = strings.TrimSpace(ref)
+		if ref == "" {
+			continue
+		}
+		if _, ok := seen[ref]; ok {
+			continue
+		}
+		seen[ref] = struct{}{}
 		if err := addFilesFromRef(ctx, repoDir, ref, logger, lfsFileMap); err != nil {
 			return nil, err
 		}
 	}
-
 	return lfsFileMap, nil
 }
 
-func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error {
-	out, err := runGitCommand(ctx, repoDir, "ls-tree", "-r", "-z", "--long", ref)
+// GetLfsFilesForRefPaths scans the given paths in a specific ref/tree and
+// returns only those entries whose blob content is a valid Git LFS pointer.
+func GetLfsFilesForRefPaths(ref string, paths []string, logger *slog.Logger) (map[string]LfsFileInfo, error) {
+	if logger == nil {
+		return nil, fmt.Errorf("logger is required")
+	}
+	repoDir, err := os.Getwd()
 	if err != nil {
-		return fmt.Errorf("git ls-tree failed for %s: %w", ref, err)
+		return nil, err
+	}
+	ref = strings.TrimSpace(ref)
+	if ref == "" {
+		ref = "HEAD"
+	}
+	normalized := uniquePaths(paths)
+	files := make(map[string]LfsFileInfo)
+	if len(normalized) == 0 {
+		return files, nil
+	}
+	if err := addFilesFromPaths(context.Background(), repoDir, ref, normalized, logger, files); err != nil {
+		return nil, err
 	}
+	return files, nil
+}
 
-	entries := strings.Split(out, "\x00")
-	for _, entry := range entries {
-		entry = strings.TrimSpace(entry)
-		if entry == "" {
+// GetWorktreeLfsFiles scans the current checkout and returns tracked files whose
+// worktree content is currently a valid Git LFS pointer. This is the fast path
+// for interactive commands like `git-drs ls-files`.
+func GetWorktreeLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) {
+	if logger == nil {
+		return nil, fmt.Errorf("logger is required")
+	}
+	repoDir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	logger.Debug("Scanning current worktree for LFS pointer files")
+	ctx := context.Background()
+	paths, err := listTrackedWorktreeFiles(ctx, repoDir)
+	if err != nil {
+		return nil, err
+	}
+	files := make(map[string]LfsFileInfo)
+	for _, path := range paths {
+		payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
+		if err != nil {
 			continue
 		}
-
-		oid, path, err := parseLsTreeEntry(entry)
-		if err != nil {
-			logger.Debug(fmt.Sprintf("skipping unparseable ls-tree entry for %s: %q", ref, entry))
+		pointer, ok := parseLFSPointer(string(payload))
+		if !ok {
 			continue
 		}
+		files[path] = LfsFileInfo{
+			Name:      path,
+			Size:      pointer.Size,
+			IsPointer: true,
+			OidType:   pointer.OidType,
+			Oid:       pointer.Oid,
+			Version:   pointer.Version,
+		}
+	}
+	return files, nil
+}
 
-		blob, err := runGitCommand(ctx, repoDir, "cat-file", "-p", oid)
-		if err != nil {
-			logger.Debug(fmt.Sprintf("skipping path %s in %s: unable to read blob %s", path, ref, oid))
+// GetTrackedLfsFiles scans the current checkout and returns files that are LFS
+// tracked according to Git attributes. Pointer metadata is taken from the
+// worktree when still present, or from the index when the worktree has already
+// been hydrated.
+func GetTrackedLfsFiles(logger *slog.Logger) (map[string]LfsFileInfo, error) {
+	if logger == nil {
+		return nil, fmt.Errorf("logger is required")
+	}
+	repoDir, err := os.Getwd()
+	if err != nil {
+		return nil, err
+	}
+	logger.Debug("Scanning current worktree for LFS-tracked files")
+	ctx := context.Background()
+	paths, err := listTrackedWorktreeFiles(ctx, repoDir)
+	if err != nil {
+		return nil, err
+	}
+	tracked, err := filterLfsTrackedPaths(ctx, repoDir, paths)
+	if err != nil {
+		return nil, err
+	}
+	files := make(map[string]LfsFileInfo, len(tracked))
+	for _, path := range tracked {
+		if info, ok := readWorktreePointerInfo(repoDir, path); ok {
+			files[path] = info
 			continue
 		}
+		if info, ok := readIndexPointerInfo(ctx, repoDir, path); ok {
+			files[path] = info
+		}
+	}
+	return files, nil
+}
 
+func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logger, lfsFileMap map[string]LfsFileInfo) error {
+	paths, err := grepPointerPaths(ctx, repoDir, ref)
+	if err != nil {
+		return fmt.Errorf("git grep failed for %s: %w", ref, err)
+	}
+	return addFilesFromPaths(ctx, repoDir, ref, paths, logger, lfsFileMap)
+}
+
+func addFilesFromPaths(ctx context.Context, repoDir, ref string, paths []string, _ *slog.Logger, lfsFileMap map[string]LfsFileInfo) error {
+	if len(paths) == 0 {
+		return nil
+	}
+
+	blobs, err := readRefBlobsBatch(ctx, repoDir, ref, paths)
+	if err != nil {
+		return fmt.Errorf("git cat-file batch failed for %s: %w", ref, err)
+	}
+	for path, blob := range blobs {
 		pointer, ok := parseLFSPointer(blob)
 		if !ok {
 			continue
 		}
-
 		lfsFileMap[path] = LfsFileInfo{
 			Name:      path,
 			Size:      pointer.Size,
@@ -123,9 +214,34 @@ func addFilesFromRef(ctx context.Context, repoDir, ref string, logger *slog.Logg
 	return nil
 }
 
-func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) {
-	cmd := exec.CommandContext(ctx, "git", args...)
+func uniquePaths(paths []string) []string {
+	if len(paths) == 0 {
+		return nil
+	}
+	seen := make(map[string]struct{}, len(paths))
+	out := make([]string, 0, len(paths))
+	for _, path := range paths {
+		path = strings.TrimSpace(path)
+		if path == "" {
+			continue
+		}
+		if _, ok := seen[path]; ok {
+			continue
+		}
+		seen[path] = struct{}{}
+		out = append(out, path)
+	}
+	return out
+}
+
+func readRefBlobsBatch(ctx context.Context, repoDir, ref string, paths []string) (map[string]string, error) {
+	if len(paths) == 0 {
+		return map[string]string{}, nil
+	}
+
+	cmd := exec.CommandContext(ctx, "git", "cat-file", "--batch")
 	cmd.Dir = repoDir
+	cmd.Stdin = strings.NewReader(joinBatchSpecs(ref, paths))
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout
 	cmd.Stderr = &stderr
@@ -134,31 +250,232 @@ func runGitCommand(ctx context.Context, repoDir string, args ...string) (string,
 		if msg == "" {
 			msg = err.Error()
 		}
-		return "", fmt.Errorf("%s", msg)
+		return nil, fmt.Errorf("%s", msg)
 	}
-	return stdout.String(), nil
+
+	reader := bytes.NewReader(stdout.Bytes())
+	blobs := make(map[string]string, len(paths))
+	for _, path := range paths {
+		header, err := readBatchHeader(reader)
+		if err != nil {
+			return nil, err
+		}
+		if strings.HasSuffix(header, " missing") {
+			continue
+		}
+		size, err := parseBatchHeaderSize(header)
+		if err != nil {
+			return nil, err
+		}
+		payload := make([]byte, size)
+		if _, err := io.ReadFull(reader, payload); err != nil {
+			return nil, fmt.Errorf("read batch payload for %s:%s: %w", ref, path, err)
+		}
+		if err := consumeBatchSeparator(reader); err != nil {
+			return nil, err
+		}
+		blobs[path] = string(payload)
+	}
+	return blobs, nil
 }
 
-func parseLsTreeEntry(entry string) (string, string, error) {
-	tab := strings.Index(entry, "\t")
-	if tab < 0 {
-		return "", "", fmt.Errorf("missing tab separator")
+func joinBatchSpecs(ref string, paths []string) string {
+	var b strings.Builder
+	for _, path := range paths {
+		b.WriteString(ref)
+		b.WriteByte(':')
+		b.WriteString(path)
+		b.WriteByte('\n')
 	}
+	return b.String()
+}
 
-	meta := strings.Fields(entry[:tab])
-	if len(meta) < 3 {
-		return "", "", fmt.Errorf("invalid ls-tree metadata")
+func readBatchHeader(r *bytes.Reader) (string, error) {
+	var line []byte
+	for {
+		b, err := r.ReadByte()
+		if err != nil {
+			return "", err
+		}
+		if b == '\n' {
+			return strings.TrimSpace(string(line)), nil
+		}
+		line = append(line, b)
+	}
+}
+
+func parseBatchHeaderSize(header string) (int, error) {
+	fields := strings.Fields(header)
+	if len(fields) < 3 {
+		return 0, fmt.Errorf("unexpected git cat-file batch header %q", header)
+	}
+	size, err := strconv.Atoi(fields[2])
+	if err != nil || size < 0 {
+		return 0, fmt.Errorf("unexpected git cat-file object size in header %q", header)
+	}
+	return size, nil
+}
+
+func consumeBatchSeparator(r *bytes.Reader) error {
+	b, err := r.ReadByte()
+	if err != nil {
+		return err
+	}
+	if b != '\n' {
+		return fmt.Errorf("unexpected git cat-file batch separator %q", string([]byte{b}))
+	}
+	return nil
+}
+
+func listTrackedWorktreeFiles(ctx context.Context, repoDir string) ([]string, error) {
+	out, err := runGitCommand(ctx, repoDir, "ls-files", "-z")
+	if err != nil {
+		return nil, fmt.Errorf("git ls-files failed: %w", err)
+	}
+	raw := strings.Split(out, "\x00")
+	paths := make([]string, 0, len(raw))
+	for _, entry := range raw {
+		entry = strings.TrimSpace(entry)
+		if entry == "" {
+			continue
+		}
+		paths = append(paths, entry)
+	}
+	return paths, nil
+}
+
+func filterLfsTrackedPaths(ctx context.Context, repoDir string, paths []string) ([]string, error) {
+	if len(paths) == 0 {
+		return nil, nil
+	}
+
+	cmd := exec.CommandContext(ctx, "git", "check-attr", "-z", "--stdin", "filter")
+	cmd.Dir = repoDir
+	cmd.Stdin = strings.NewReader(strings.Join(paths, "\x00") + "\x00")
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	if err := cmd.Run(); err != nil {
+		msg := strings.TrimSpace(stderr.String())
+		if msg == "" {
+			msg = err.Error()
+		}
+		return nil, fmt.Errorf("git check-attr failed: %s", msg)
+	}
+
+	raw := strings.Split(stdout.String(), "\x00")
+	filtered := make([]string, 0, len(paths))
+	for i := 0; i+2 < len(raw); i += 3 {
+		path := strings.TrimSpace(raw[i])
+		attr := strings.TrimSpace(raw[i+1])
+		value := strings.TrimSpace(raw[i+2])
+		if path == "" || attr != "filter" {
+			continue
+		}
+		if isTrackedFilter(value) {
+			filtered = append(filtered, path)
+		}
+	}
+	return filtered, nil
+}
+
+func isTrackedFilter(value string) bool {
+	switch strings.TrimSpace(value) {
+	case "lfs", "drs":
+		return true
+	default:
+		return false
+	}
+}
+
+func readWorktreePointerInfo(repoDir, path string) (LfsFileInfo, bool) {
+	payload, err := os.ReadFile(filepath.Join(repoDir, filepath.FromSlash(path)))
+	if err != nil {
+		return LfsFileInfo{}, false
+	}
+	pointer, ok := parseLFSPointer(string(payload))
+	if !ok {
+		return LfsFileInfo{}, false
 	}
-	if meta[1] != "blob" {
-		return "", "", fmt.Errorf("not a blob entry")
+	return LfsFileInfo{
+		Name:      path,
+		Size:      pointer.Size,
+		IsPointer: true,
+		OidType:   pointer.OidType,
+		Oid:       pointer.Oid,
+		Version:   pointer.Version,
+	}, true
+}
+
+func readIndexPointerInfo(ctx context.Context, repoDir, path string) (LfsFileInfo, bool) {
+	blob, err := runGitCommand(ctx, repoDir, "show", ":"+path)
+	if err != nil {
+		return LfsFileInfo{}, false
+	}
+	pointer, ok := parseLFSPointer(blob)
+	if !ok {
+		return LfsFileInfo{}, false
+	}
+	return LfsFileInfo{
+		Name:      path,
+		Size:      pointer.Size,
+		IsPointer: false,
+		OidType:   pointer.OidType,
+		Oid:       pointer.Oid,
+		Version:   pointer.Version,
+	}, true
+}
+
+func grepPointerPaths(ctx context.Context, repoDir, ref string) ([]string, error) {
+	cmd := exec.CommandContext(ctx, "git", "grep", "-z", "-l", "https://git-lfs.github.com/spec/v1", ref, "--")
+	cmd.Dir = repoDir
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	err := cmd.Run()
+	if err != nil {
+		var exitErr *exec.ExitError
+		if errors.As(err, &exitErr) && exitErr.ExitCode() == 1 {
+			return nil, nil
+		}
+		msg := strings.TrimSpace(stderr.String())
+		if msg == "" {
+			msg = err.Error()
+		}
+		return nil, fmt.Errorf("%s", msg)
 	}
 
-	oid := strings.TrimSpace(meta[2])
-	path := strings.TrimSpace(entry[tab+1:])
-	if oid == "" || path == "" {
-		return "", "", fmt.Errorf("missing oid or path")
+	raw := strings.Split(stdout.String(), "\x00")
+	paths := make([]string, 0, len(raw))
+	prefix := ref + ":"
+	for _, entry := range raw {
+		entry = strings.TrimSpace(entry)
+		if entry == "" {
+			continue
+		}
+		path := entry
+		if strings.HasPrefix(path, prefix) {
+			path = strings.TrimPrefix(path, prefix)
+		}
+		paths = append(paths, path)
 	}
-	return oid, path, nil
+	return paths, nil
+}
+
+func runGitCommand(ctx context.Context, repoDir string, args ...string) (string, error) {
+	cmd := exec.CommandContext(ctx, "git", args...)
+	cmd.Dir = repoDir
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+	if err := cmd.Run(); err != nil {
+		msg := strings.TrimSpace(stderr.String())
+		if msg == "" {
+			msg = err.Error()
+		}
+		return "", fmt.Errorf("%s", msg)
+	}
+	return stdout.String(), nil
 }
 
 type lfsPointer struct {
@@ -221,33 +538,6 @@ func ParseLFSPointer(data []byte) (oid string, size int64, ok bool) {
 	return pointer.Oid, pointer.Size, true
 }
 
-func buildRefs(branches []string) []string {
-	if len(branches) == 0 {
-		return []string{"HEAD"}
-	}
-	refs := make([]string, 0, len(branches))
-	seen := make(map[string]struct{})
-	for _, branch := range branches {
-		branch = strings.TrimSpace(branch)
-		if branch == "" {
-			continue
-		}
-		ref := branch
-		if branch != "HEAD" && !strings.HasPrefix(branch, "refs/") {
-			ref = fmt.Sprintf("refs/heads/%s", branch)
-		}
-		if _, ok := seen[ref]; ok {
-			continue
-		}
-		seen[ref] = struct{}{}
-		refs = append(refs, ref)
-	}
-	if len(refs) == 0 {
-		return []string{"HEAD"}
-	}
-	return refs
-}
-
 // CreateLfsPointer creates a Git LFS pointer file for the given DRS object.
 func CreateLfsPointer(drsObj *drsapi.DrsObject, dst string) error {
 	hashInfo := hash.ConvertDrsChecksumsToHashInfo(drsObj.Checksums)
diff --git a/internal/lfs/inventory_test.go b/internal/lfs/inventory_test.go
index 9b876760..388106be 100644
--- a/internal/lfs/inventory_test.go
+++ b/internal/lfs/inventory_test.go
@@ -9,35 +9,23 @@ import (
 	"github.com/calypr/git-drs/internal/drslog"
 )
 
-func TestGetAllLfsFilesFromGitRefsWithoutLfsCli(t *testing.T) {
+func TestGetLfsFilesForRefPaths(t *testing.T) {
 	repo := t.TempDir()
 	runGitCmdTest(t, repo, "init")
 	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
 	runGitCmdTest(t, repo, "config", "user.name", "Test User")
 	runGitCmdTest(t, repo, "checkout", "-b", "main")
 
-	oidMain := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-	mainPointerPath := filepath.Join(repo, "data", "main-pointer.dat")
-	writePointerFile(t, mainPointerPath, oidMain, "123")
-
-	nonPointerPath := filepath.Join(repo, "data", "regular.txt")
-	if err := os.MkdirAll(filepath.Dir(nonPointerPath), 0o755); err != nil {
-		t.Fatalf("mkdir non-pointer dir: %v", err)
-	}
-	if err := os.WriteFile(nonPointerPath, []byte("not an lfs pointer"), 0o644); err != nil {
-		t.Fatalf("write non-pointer file: %v", err)
+	oid := "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
+	pointerPath := filepath.Join(repo, "data", "main-pointer.dat")
+	writePointerFile(t, pointerPath, oid, "123")
+	regularPath := filepath.Join(repo, "data", "regular.txt")
+	if err := os.WriteFile(regularPath, []byte("not a pointer"), 0o644); err != nil {
+		t.Fatalf("write regular file: %v", err)
 	}
-
 	runGitCmdTest(t, repo, "add", ".")
 	runGitCmdTest(t, repo, "commit", "-m", "main commit")
 
-	runGitCmdTest(t, repo, "checkout", "-b", "feature")
-	oidFeature := "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
-	featurePointerPath := filepath.Join(repo, "feature", "space name.bin")
-	writePointerFile(t, featurePointerPath, oidFeature, "456")
-	runGitCmdTest(t, repo, "add", ".")
-	runGitCmdTest(t, repo, "commit", "-m", "feature commit")
-
 	cwd, err := os.Getwd()
 	if err != nil {
 		t.Fatalf("getwd: %v", err)
@@ -50,41 +38,133 @@ func TestGetAllLfsFilesFromGitRefsWithoutLfsCli(t *testing.T) {
 	}
 
 	logger := drslog.NewNoOpLogger()
-	files, err := GetAllLfsFiles("origin", "", []string{"main", "feature"}, logger)
+	files, err := GetLfsFilesForRefPaths("HEAD", []string{"data/main-pointer.dat", "data/regular.txt", "data/missing.bin"}, logger)
 	if err != nil {
-		t.Fatalf("GetAllLfsFiles error: %v", err)
+		t.Fatalf("GetLfsFilesForRefPaths error: %v", err)
 	}
-
-	mainInfo, ok := files["data/main-pointer.dat"]
+	if len(files) != 1 {
+		t.Fatalf("expected one pointer file, got %+v", files)
+	}
+	info, ok := files["data/main-pointer.dat"]
 	if !ok {
-		t.Fatalf("missing main pointer in result")
+		t.Fatalf("missing pointer file in result: %+v", files)
+	}
+	if info.Oid != oid || info.Size != 123 || !info.IsPointer {
+		t.Fatalf("unexpected pointer info: %+v", info)
+	}
+}
+
+func TestGetWorktreeLfsFiles(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmdTest(t, repo, "init")
+	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
+	runGitCmdTest(t, repo, "config", "user.name", "Test User")
+
+	oid := "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
+	pointerPath := filepath.Join(repo, "data", "pointer.dat")
+	writePointerFile(t, pointerPath, oid, "789")
+
+	localizedPath := filepath.Join(repo, "data", "localized.bin")
+	if err := os.WriteFile(localizedPath, []byte("hydrated"), 0o644); err != nil {
+		t.Fatalf("write localized file: %v", err)
+	}
+
+	runGitCmdTest(t, repo, "add", ".")
+	runGitCmdTest(t, repo, "commit", "-m", "commit pointer")
+
+	if err := os.WriteFile(pointerPath, []byte("hydrated pointer replacement"), 0o644); err != nil {
+		t.Fatalf("replace pointer with hydrated content: %v", err)
+	}
+
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
 	}
-	if mainInfo.Oid != oidMain {
-		t.Fatalf("main pointer oid mismatch: expected %s, got %s", oidMain, mainInfo.Oid)
+	t.Cleanup(func() {
+		_ = os.Chdir(oldWD)
+	})
+
+	logger := drslog.NewNoOpLogger()
+	files, err := GetWorktreeLfsFiles(logger)
+	if err != nil {
+		t.Fatalf("GetWorktreeLfsFiles error: %v", err)
 	}
-	if mainInfo.Size != 123 {
-		t.Fatalf("main pointer size mismatch: expected 123, got %d", mainInfo.Size)
+	if _, exists := files["data/pointer.dat"]; exists {
+		t.Fatalf("hydrated file should not still appear as a pointer")
 	}
-	if !mainInfo.IsPointer {
-		t.Fatalf("main pointer IsPointer should be true")
+
+	if err := os.WriteFile(pointerPath, []byte("version https://git-lfs.github.com/spec/v1\noid sha256:"+oid+"\nsize 789\n"), 0o644); err != nil {
+		t.Fatalf("restore pointer file: %v", err)
 	}
 
-	featureInfo, ok := files["feature/space name.bin"]
+	files, err = GetWorktreeLfsFiles(logger)
+	if err != nil {
+		t.Fatalf("GetWorktreeLfsFiles error after restore: %v", err)
+	}
+	info, ok := files["data/pointer.dat"]
 	if !ok {
-		t.Fatalf("missing feature pointer in result")
+		t.Fatalf("expected pointer in worktree inventory")
+	}
+	if info.Oid != oid || info.Size != 789 {
+		t.Fatalf("unexpected pointer info: %+v", info)
+	}
+}
+
+func TestGetTrackedLfsFiles_IncludesHydratedTrackedFileUsingIndexPointer(t *testing.T) {
+	repo := t.TempDir()
+	runGitCmdTest(t, repo, "init")
+	runGitCmdTest(t, repo, "config", "user.email", "test@example.com")
+	runGitCmdTest(t, repo, "config", "user.name", "Test User")
+	runGitCmdTest(t, repo, "config", "filter.drs.clean", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.smudge", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.process", "cat")
+	runGitCmdTest(t, repo, "config", "filter.drs.required", "false")
+
+	attrPath := filepath.Join(repo, ".gitattributes")
+	if err := os.WriteFile(attrPath, []byte("*.dat filter=drs diff=drs merge=drs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+
+	oid := "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
+	pointerPath := filepath.Join(repo, "data", "hydrated.dat")
+	writePointerFile(t, pointerPath, oid, "321")
+
+	runGitCmdTest(t, repo, "add", ".")
+	runGitCmdTest(t, repo, "commit", "-m", "commit tracked pointer")
+
+	if err := os.WriteFile(pointerPath, []byte("localized payload"), 0o644); err != nil {
+		t.Fatalf("hydrate tracked file: %v", err)
 	}
-	if featureInfo.Oid != oidFeature {
-		t.Fatalf("feature pointer oid mismatch: expected %s, got %s", oidFeature, featureInfo.Oid)
+
+	oldWD, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
 	}
-	if featureInfo.Size != 456 {
-		t.Fatalf("feature pointer size mismatch: expected 456, got %d", featureInfo.Size)
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
 	}
-	if !featureInfo.IsPointer {
-		t.Fatalf("feature pointer IsPointer should be true")
+	t.Cleanup(func() {
+		_ = os.Chdir(oldWD)
+	})
+
+	logger := drslog.NewNoOpLogger()
+	files, err := GetTrackedLfsFiles(logger)
+	if err != nil {
+		t.Fatalf("GetTrackedLfsFiles error: %v", err)
 	}
 
-	if _, exists := files["data/regular.txt"]; exists {
-		t.Fatalf("non-pointer file should not be returned")
+	info, ok := files["data/hydrated.dat"]
+	if !ok {
+		t.Fatalf("expected hydrated tracked file in inventory")
+	}
+	if info.Oid != oid || info.Size != 321 {
+		t.Fatalf("unexpected hydrated tracked info: %+v", info)
+	}
+	if info.IsPointer {
+		t.Fatalf("expected hydrated tracked file to be marked non-pointer in worktree inventory")
 	}
 }
 
@@ -118,7 +198,7 @@ func TestIsLFSTracked(t *testing.T) {
 	repo := t.TempDir()
 	mustRun(t, repo, "git", "init")
 
-	attr := []byte("*.dat filter=lfs diff=lfs merge=lfs -text\n")
+	attr := []byte("*.dat filter=drs diff=drs merge=drs -text\n")
 	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), attr, 0o644); err != nil {
 		t.Fatalf("write .gitattributes: %v", err)
 	}
diff --git a/internal/lfs/sentinel.go b/internal/lfs/sentinel.go
deleted file mode 100644
index a47beab5..00000000
--- a/internal/lfs/sentinel.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package lfs
-
-import (
-	"crypto/sha256"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-const addURLSentinelHeader = "git-drs-add-url-sentinel:v1\n"
-
-func SyntheticOIDFromETag(etag string) (string, error) {
-	e := strings.TrimSpace(strings.Trim(etag, `"`))
-	if e == "" {
-		return "", fmt.Errorf("etag is required for synthetic oid")
-	}
-	sum := sha256.Sum256([]byte(e))
-	return fmt.Sprintf("%x", sum[:]), nil
-}
-
-func buildAddURLSentinel(etag string, sourceURL string) ([]byte, error) {
-	e := strings.TrimSpace(strings.Trim(etag, `"`))
-	if e == "" {
-		return nil, fmt.Errorf("etag is required for sentinel")
-	}
-	return []byte(addURLSentinelHeader + "etag=" + e + "\nsource=" + strings.TrimSpace(sourceURL) + "\n"), nil
-}
-
-func IsAddURLSentinelBytes(data []byte) bool {
-	return strings.HasPrefix(string(data), addURLSentinelHeader)
-}
-
-func IsAddURLSentinelObject(path string) (bool, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return false, err
-	}
-	defer f.Close()
-
-	buf := make([]byte, len(addURLSentinelHeader))
-	n, err := f.Read(buf)
-	if err != nil && n == 0 {
-		return false, err
-	}
-	return IsAddURLSentinelBytes(buf[:n]), nil
-}
-
-func WriteAddURLSentinelObject(lfsRoot string, oid string, etag string, sourceURL string) (string, error) {
-	objPath, err := ObjectPath(filepath.Join(lfsRoot, "objects"), oid)
-	if err != nil {
-		return "", err
-	}
-	if err := os.MkdirAll(filepath.Dir(objPath), 0o755); err != nil {
-		return "", fmt.Errorf("mkdir %s: %w", filepath.Dir(objPath), err)
-	}
-	payload, err := buildAddURLSentinel(etag, sourceURL)
-	if err != nil {
-		return "", err
-	}
-	if err := os.WriteFile(objPath, payload, 0o644); err != nil {
-		return "", fmt.Errorf("write sentinel %s: %w", objPath, err)
-	}
-	return objPath, nil
-}
diff --git a/internal/lfs/sentinel_test.go b/internal/lfs/sentinel_test.go
deleted file mode 100644
index 74d5b9e5..00000000
--- a/internal/lfs/sentinel_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package lfs
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestSyntheticOIDFromETag(t *testing.T) {
-	oid, err := SyntheticOIDFromETag("abcd1234")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if len(oid) != 64 {
-		t.Fatalf("expected 64-char oid, got %q", oid)
-	}
-}
-
-func TestWriteAndDetectAddURLSentinelObject(t *testing.T) {
-	root := t.TempDir()
-	oid, err := SyntheticOIDFromETag("etag-abc")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	path, err := WriteAddURLSentinelObject(root, oid, "etag-abc", "s3://bucket/key")
-	if err != nil {
-		t.Fatalf("write sentinel: %v", err)
-	}
-	if _, err := os.Stat(path); err != nil {
-		t.Fatalf("expected sentinel file: %v", err)
-	}
-	ok, err := IsAddURLSentinelObject(path)
-	if err != nil {
-		t.Fatalf("IsAddURLSentinelObject error: %v", err)
-	}
-	if !ok {
-		t.Fatalf("expected sentinel detection true")
-	}
-}
-
-func TestIsAddURLSentinelBytes(t *testing.T) {
-	payload, err := buildAddURLSentinel("etag", "s3://bucket/key")
-	if err != nil {
-		t.Fatalf("build sentinel: %v", err)
-	}
-	if !IsAddURLSentinelBytes(payload) {
-		t.Fatalf("expected sentinel bytes to be detected")
-	}
-	non := []byte("not-a-sentinel")
-	if IsAddURLSentinelBytes(non) {
-		t.Fatalf("did not expect non-sentinel to match")
-	}
-}
-
-func TestWriteAddURLSentinelObjectCreatesDirectories(t *testing.T) {
-	root := t.TempDir()
-	oid := "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-	path, err := WriteAddURLSentinelObject(root, oid, "etag", "s3://bucket/key")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	expected := filepath.Join(root, "objects", oid[:2], oid[2:4], oid)
-	if path != expected {
-		t.Fatalf("expected %s, got %s", expected, path)
-	}
-}
diff --git a/internal/lookup/lookup.go b/internal/lookup/lookup.go
new file mode 100644
index 00000000..2ae0a38e
--- /dev/null
+++ b/internal/lookup/lookup.go
@@ -0,0 +1,139 @@
+package lookup
+
+import (
+	"context"
+	"fmt"
+	"sync"
+
+	"github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	"golang.org/x/sync/errgroup"
+)
+
+func ObjectsByHash(ctx context.Context, drsCtx *remoteruntime.GitContext, checksum string) ([]drsapi.DrsObject, error) {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return nil, fmt.Errorf("DRS client unavailable")
+	}
+	checksum = drsobject.NormalizeChecksum(checksum)
+	if checksum == "" {
+		return nil, nil
+	}
+	page, err := drsCtx.Client.DRS().BatchGetObjectsByHash(ctx, []string{checksum})
+	if err != nil {
+		return nil, err
+	}
+	return page.DrsObjects, nil
+}
+
+func ObjectsByHashes(ctx context.Context, drsCtx *remoteruntime.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return nil, fmt.Errorf("DRS client unavailable")
+	}
+	normalizedToOriginal := make(map[string]string, len(checksums))
+	queryChecksums := make([]string, 0, len(checksums))
+	for _, checksum := range checksums {
+		normalized := drsobject.NormalizeChecksum(checksum)
+		if normalized == "" {
+			continue
+		}
+		if _, exists := normalizedToOriginal[normalized]; exists {
+			continue
+		}
+		normalizedToOriginal[normalized] = checksum
+		queryChecksums = append(queryChecksums, normalized)
+	}
+	if len(queryChecksums) == 0 {
+		return map[string][]drsapi.DrsObject{}, nil
+	}
+
+	var mu sync.Mutex
+	drsObjects := make([]drsapi.DrsObject, 0)
+	concurrency := 20
+	sem := make(chan struct{}, concurrency)
+	g, gCtx := errgroup.WithContext(ctx)
+
+	for _, checksum := range queryChecksums {
+		checksum := checksum
+		g.Go(func() error {
+			sem <- struct{}{}
+			defer func() { <-sem }()
+
+			resp, err := drsCtx.Client.DRSAPI().GetObjectsByChecksumWithResponse(gCtx, drsapi.ChecksumParameter(checksum))
+			if err != nil {
+				return fmt.Errorf("get objects by checksum %s: %w", checksum, err)
+			}
+			if resp.JSON200 == nil || resp.JSON200.ResolvedDrsObject == nil {
+				return fmt.Errorf("get objects by checksum %s failed: unexpected response: %d", checksum, resp.StatusCode())
+			}
+
+			mu.Lock()
+			drsObjects = append(drsObjects, *resp.JSON200.ResolvedDrsObject...)
+			mu.Unlock()
+			return nil
+		})
+	}
+
+	if err := g.Wait(); err != nil {
+		return nil, err
+	}
+
+	results := make(map[string][]drsapi.DrsObject, len(normalizedToOriginal))
+	for normalized, original := range normalizedToOriginal {
+		results[original] = nil
+		results[normalized] = nil
+	}
+	for _, obj := range drsObjects {
+		for _, checksum := range obj.Checksums {
+			if checksum.Type == "" || checksum.Checksum == "" {
+				continue
+			}
+			normalized := drsobject.NormalizeChecksum(fmt.Sprintf("%s:%s", checksum.Type, checksum.Checksum))
+			if normalized == "" {
+				continue
+			}
+			original, ok := normalizedToOriginal[normalized]
+			if !ok {
+				continue
+			}
+			results[original] = append(results[original], obj)
+			if original != normalized {
+				results[normalized] = append(results[normalized], obj)
+			}
+		}
+	}
+
+	return results, nil
+}
+
+func ObjectsByHashForScope(ctx context.Context, drsCtx *remoteruntime.GitContext, checksum string) ([]drsapi.DrsObject, error) {
+	objects, err := ObjectsByHash(ctx, drsCtx, checksum)
+	if err != nil {
+		return nil, err
+	}
+	result := make([]drsapi.DrsObject, 0, len(objects))
+	for _, obj := range objects {
+		if MatchesScope(&obj, drsCtx.Organization, drsCtx.ProjectId) {
+			result = append(result, obj)
+		}
+	}
+	return result, nil
+}
+
+func ObjectsByHashesForScope(ctx context.Context, drsCtx *remoteruntime.GitContext, checksums []string) (map[string][]drsapi.DrsObject, error) {
+	objectsByChecksum, err := ObjectsByHashes(ctx, drsCtx, checksums)
+	if err != nil {
+		return nil, err
+	}
+	results := make(map[string][]drsapi.DrsObject, len(objectsByChecksum))
+	for checksum, objects := range objectsByChecksum {
+		filtered := make([]drsapi.DrsObject, 0, len(objects))
+		for _, obj := range objects {
+			if MatchesScope(&obj, drsCtx.Organization, drsCtx.ProjectId) {
+				filtered = append(filtered, obj)
+			}
+		}
+		results[checksum] = filtered
+	}
+	return results, nil
+}
diff --git a/internal/lookup/lookup_test.go b/internal/lookup/lookup_test.go
new file mode 100644
index 00000000..4f655784
--- /dev/null
+++ b/internal/lookup/lookup_test.go
@@ -0,0 +1,87 @@
+package lookup
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	syclient "github.com/calypr/syfon/client"
+)
+
+type lookupRoundTripFunc func(*http.Request) (*http.Response, error)
+
+func (f lookupRoundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
+
+func TestObjectsByHashesForScopeFiltersByScope(t *testing.T) {
+	t.Parallel()
+
+	projectAccessID := "s3-project"
+	orgAccessID := "s3-org"
+	projectMethods := []drsapi.AccessMethod{{
+		Type:     drsapi.AccessMethodTypeS3,
+		AccessId: &projectAccessID,
+	}}
+	orgMethods := []drsapi.AccessMethod{{
+		Type:     drsapi.AccessMethodTypeS3,
+		AccessId: &orgAccessID,
+	}}
+	otherMethods := []drsapi.AccessMethod{{
+		Type: drsapi.AccessMethodTypeS3,
+	}}
+	projectControlled := []string{"/organization/org1/project/proj1"}
+	orgControlled := []string{"/organization/org1"}
+	otherControlled := []string{"/organization/other/project/proj"}
+	checksumResponse := drsapi.N200OkDrsObjects{ResolvedDrsObject: &[]drsapi.DrsObject{
+		{Id: "obj-project", ControlledAccess: &projectControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &projectMethods},
+		{Id: "obj-org", ControlledAccess: &orgControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &orgMethods},
+		{Id: "obj-other", ControlledAccess: &otherControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "def"}}, AccessMethods: &otherMethods},
+	}}
+	checksumBody, err := json.Marshal(checksumResponse)
+	if err != nil {
+		t.Fatalf("marshal checksum response: %v", err)
+	}
+
+	httpClient := &http.Client{Transport: lookupRoundTripFunc(func(r *http.Request) (*http.Response, error) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/abc":
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(strings.NewReader(string(checksumBody))),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/def":
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(strings.NewReader(`{"resolved_drs_object":[]}`)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+				Request:    r,
+			}, nil
+		default:
+			return nil, io.EOF
+		}
+	})}
+
+	raw, err := syclient.New("http://example.test", syclient.WithHTTPClient(httpClient))
+	if err != nil {
+		t.Fatalf("syclient.New: %v", err)
+	}
+	client := raw.(*syclient.Client)
+	ctx := &remoteruntime.GitContext{Client: client, Organization: "org1", ProjectId: "proj1"}
+
+	got, err := ObjectsByHashesForScope(context.Background(), ctx, []string{"sha256:abc", "sha256:def"})
+	if err != nil {
+		t.Fatalf("ObjectsByHashesForScope returned error: %v", err)
+	}
+	if len(got["sha256:abc"]) != 2 {
+		t.Fatalf("expected project and org-wide matches for abc, got %+v", got["sha256:abc"])
+	}
+	if len(got["sha256:def"]) != 0 {
+		t.Fatalf("expected non-matching scope to be filtered, got %+v", got["sha256:def"])
+	}
+}
diff --git a/internal/drsremote/scope.go b/internal/lookup/scope.go
similarity index 55%
rename from internal/drsremote/scope.go
rename to internal/lookup/scope.go
index 4692f8f3..aff77de1 100644
--- a/internal/drsremote/scope.go
+++ b/internal/lookup/scope.go
@@ -1,14 +1,27 @@
-package drsremote
+package lookup
 
 import (
 	"fmt"
 	"strings"
 
-	drscommon "github.com/calypr/git-drs/internal/common"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 	syfoncommon "github.com/calypr/syfon/common"
 )
 
+func ParseOrgProject(org, project string) (string, string) {
+	if org != "" {
+		return org, project
+	}
+	if project == "" {
+		return "", ""
+	}
+	if !strings.Contains(project, "-") {
+		return "default", project
+	}
+	parts := strings.SplitN(project, "-", 2)
+	return parts[0], parts[1]
+}
+
 func MatchesScope(obj *drsapi.DrsObject, organization, project string) bool {
 	return syfoncommon.DrsObjectMatchesScope(obj, organization, project)
 }
@@ -18,23 +31,14 @@ func FindMatchingRecord(records []drsapi.DrsObject, organization, projectID stri
 		return nil, nil
 	}
 
-	org, project := drscommon.ParseOrgProject(strings.TrimSpace(organization), strings.TrimSpace(projectID))
+	org, project := ParseOrgProject(strings.TrimSpace(organization), strings.TrimSpace(projectID))
 	if org == "" {
 		return nil, fmt.Errorf("could not determine organization from inputs org=%q project=%q", organization, projectID)
 	}
 
 	for _, record := range records {
-		if record.AccessMethods == nil {
-			continue
-		}
-		for _, access := range *record.AccessMethods {
-			authzMap := syfoncommon.AuthzMapFromAccessMethodAuthorizations(access.Authorizations)
-			if len(authzMap) == 0 {
-				continue
-			}
-			if syfoncommon.AuthzMapMatchesScope(authzMap, org, project) {
-				return &record, nil
-			}
+		if MatchesScope(&record, org, project) {
+			return &record, nil
 		}
 	}
 	return nil, nil
diff --git a/internal/lookup/scope_test.go b/internal/lookup/scope_test.go
new file mode 100644
index 00000000..5adf4104
--- /dev/null
+++ b/internal/lookup/scope_test.go
@@ -0,0 +1,75 @@
+package lookup
+
+import (
+	"testing"
+
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+)
+
+func TestParseOrgProject(t *testing.T) {
+	org, proj := ParseOrgProject("", "prog-project")
+	if org != "prog" || proj != "project" {
+		t.Fatalf("expected prog/project, got %s/%s", org, proj)
+	}
+	org, proj = ParseOrgProject("myorg", "myproject")
+	if org != "myorg" || proj != "myproject" {
+		t.Fatalf("expected myorg/myproject, got %s/%s", org, proj)
+	}
+	org, proj = ParseOrgProject("", "nohyphen")
+	if org != "default" || proj != "nohyphen" {
+		t.Fatalf("expected default/nohyphen, got %s/%s", org, proj)
+	}
+}
+
+func TestFindMatchingRecordEmptyList(t *testing.T) {
+	result, err := FindMatchingRecord([]drsapi.DrsObject{}, "", "test-project")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result != nil {
+		t.Fatalf("expected nil result for empty list")
+	}
+}
+
+func makeScopedRecord(id, resource string) drsapi.DrsObject {
+	controlledAccess := []string{resource}
+	return drsapi.DrsObject{
+		Id:               id,
+		ControlledAccess: &controlledAccess,
+		Checksums:        []drsapi.Checksum{{Type: "sha256", Checksum: "sha256"}},
+	}
+}
+
+func TestFindMatchingRecordMatchFound(t *testing.T) {
+	records := []drsapi.DrsObject{
+		makeScopedRecord("no-match", "/organization/OTHER/project/resource"),
+		makeScopedRecord("match", "/organization/PROG/project/PROJ"),
+	}
+
+	result, err := FindMatchingRecord(records, "", "PROG-PROJ")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result == nil || result.Id != "match" {
+		t.Fatalf("expected controlled_access record match, got %#v", result)
+	}
+}
+
+func TestFindMatchingRecordNoControlledAccessMatchReturnsNil(t *testing.T) {
+	records := []drsapi.DrsObject{
+		makeScopedRecord("no-match", "/organization/OTHER/project/resource"),
+	}
+	result, err := FindMatchingRecord(records, "", "PROG-PROJ")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result != nil {
+		t.Fatalf("expected nil when no controlled_access matches, got id=%q", result.Id)
+	}
+}
+
+func TestFindMatchingRecordNonHyphenated(t *testing.T) {
+	if _, err := FindMatchingRecord([]drsapi.DrsObject{}, "", "no-hyphen"); err != nil {
+		t.Fatalf("FindMatchingRecord should accept non-hyphenated project ID: %v", err)
+	}
+}
diff --git a/internal/precommit_cache/helpers.go b/internal/precommit_cache/helpers.go
index 0a178621..ba174587 100644
--- a/internal/precommit_cache/helpers.go
+++ b/internal/precommit_cache/helpers.go
@@ -13,7 +13,6 @@ import (
 	"path/filepath"
 	"sort"
 	"strings"
-	"time"
 )
 
 const (
@@ -31,20 +30,58 @@ type PathEntry struct {
 	UpdatedAt string `json:"updated_at"`
 }
 
-// OIDEntry represents the per-OID cache file format.
-// It lists repository paths that referenced the OID, an optional
-// non-authoritative external URL hint, a timestamp and a flag that
-// indicates whether content changed for a path update.
+// OIDEntry represents the canonical per-OID cache file format.
+// The cache historically used `s3_url`; we still read that for compatibility,
+// but new writes use `external_url`.
 type OIDEntry struct {
 	LFSOID        string   `json:"lfs_oid"`
 	Paths         []string `json:"paths"`
-	ExternalURL   string   `json:"external_url,omitempty"` // non-authoritative hint
+	ExternalURL   string   `json:"external_url,omitempty"`
 	UpdatedAt     string   `json:"updated_at"`
 	ContentChange bool     `json:"content_changed"`
 }
 
-// Cache provides read-only access to the `.git/drs/pre-commit` cache.
-// Use Open to construct an instance with correct paths resolved.
+func (e OIDEntry) MarshalJSON() ([]byte, error) {
+	type wireOIDEntry struct {
+		LFSOID        string   `json:"lfs_oid"`
+		Paths         []string `json:"paths"`
+		ExternalURL   string   `json:"external_url,omitempty"`
+		UpdatedAt     string   `json:"updated_at"`
+		ContentChange bool     `json:"content_changed"`
+	}
+	return json.Marshal(wireOIDEntry{
+		LFSOID:        e.LFSOID,
+		Paths:         e.Paths,
+		ExternalURL:   strings.TrimSpace(e.ExternalURL),
+		UpdatedAt:     e.UpdatedAt,
+		ContentChange: e.ContentChange,
+	})
+}
+
+func (e *OIDEntry) UnmarshalJSON(data []byte) error {
+	type wireOIDEntry struct {
+		LFSOID        string   `json:"lfs_oid"`
+		Paths         []string `json:"paths"`
+		ExternalURL   string   `json:"external_url,omitempty"`
+		S3URL         string   `json:"s3_url,omitempty"`
+		UpdatedAt     string   `json:"updated_at"`
+		ContentChange bool     `json:"content_changed"`
+	}
+	var wire wireOIDEntry
+	if err := json.Unmarshal(data, &wire); err != nil {
+		return err
+	}
+	e.LFSOID = wire.LFSOID
+	e.Paths = wire.Paths
+	e.ExternalURL = firstNonEmpty(wire.ExternalURL, wire.S3URL)
+	e.UpdatedAt = wire.UpdatedAt
+	e.ContentChange = wire.ContentChange
+	return nil
+}
+
+// Cache describes the on-disk layout for the local pre-commit cache.
+// The cache is shared local bookkeeping for precommit/add-url, not an
+// authoritative metadata store.
 type Cache struct {
 	GitDir    string
 	Root      string
@@ -53,9 +90,8 @@ type Cache struct {
 	StatePath string
 }
 
-// Open discovers the repository `.git` directory and returns a Cache
-// configured to read the repository's pre-commit cache layout.
-// Returns an error if git metadata cannot be resolved.
+// Open discovers the repository `.git` directory and returns a Cache with the
+// current pre-commit cache layout resolved.
 func Open(ctx context.Context) (*Cache, error) {
 	gitDir, err := gitRevParseGitDir(ctx)
 	if err != nil {
@@ -71,176 +107,192 @@ func Open(ctx context.Context) (*Cache, error) {
 	}, nil
 }
 
-//
-// Primary lookup helpers
-//
-
-// LookupOIDByPath returns the cached LFS OID for a repo-relative path.
-// It returns (oid, true, nil) when present, (\"\", false, nil) when absent,
-// and an error if the underlying read failed.
-func (c *Cache) LookupOIDByPath(path string) (string, bool, error) {
-	pe, ok, err := c.ReadPathEntry(path)
-	if err != nil || !ok {
-		return "", ok, err
+func EnsureLayout(cache *Cache) error {
+	if cache == nil {
+		return errors.New("cache is nil")
 	}
-	if pe.LFSOID == "" {
-		return "", false, nil
+	for _, dir := range []string{cache.Root, cache.PathsDir, cache.OIDsDir} {
+		if err := os.MkdirAll(dir, 0o755); err != nil {
+			return err
+		}
 	}
-	return pe.LFSOID, true, nil
+	return nil
 }
 
-// LookupPathsByOID returns advisory repository-relative paths that recently
-// referenced the given LFS OID. Paths are returned sorted. Absent OID yields
-// (nil, false, nil).
-func (c *Cache) LookupPathsByOID(oid string) ([]string, bool, error) {
-	oe, ok, err := c.ReadOIDEntry(oid)
-	if err != nil || !ok {
-		return nil, ok, err
-	}
-	paths := append([]string(nil), oe.Paths...)
-	sort.Strings(paths)
-	return paths, true, nil
+// EncodePath returns a filesystem-safe base64 raw-URL encoding for a path.
+func EncodePath(path string) string {
+	return base64.RawURLEncoding.EncodeToString([]byte(path))
 }
 
-// LookupExternalURLByOID returns the cached external URL hint for an OID.
-// Returns (\"\", false, nil) if the entry is missing or the hint is empty.
-func (c *Cache) LookupExternalURLByOID(oid string) (string, bool, error) {
-	oe, ok, err := c.ReadOIDEntry(oid)
-	if err != nil || !ok {
-		return "", ok, err
-	}
-	u := strings.TrimSpace(oe.ExternalURL)
-	if u == "" {
-		return "", false, nil
-	}
-	return u, true, nil
+func PathEntryPath(cache *Cache, path string) string {
+	return filepath.Join(cache.PathsDir, EncodePath(path)+".json")
 }
 
-// ResolveExternalURLByPath resolves a path -> oid -> external_url (hint).
-// Returns the external URL hint when available. Missing data yields
-// (\"\", false, nil).
-func (c *Cache) ResolveExternalURLByPath(path string) (string, bool, error) {
-	oid, ok, err := c.LookupOIDByPath(path)
-	if err != nil || !ok {
-		return "", false, err
-	}
-	return c.LookupExternalURLByOID(oid)
+func OIDEntryPath(cache *Cache, oid string) string {
+	sum := sha256.Sum256([]byte(oid))
+	return filepath.Join(cache.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
 }
 
-//
-// Lower-level file access
-//
-
-// ReadPathEntry reads and parses the JSON path entry for a repository-relative
-// path. Returns (entry, true, nil) on success, (nil, false, nil) if the file
-// does not exist, or an error on I/O/parse failure.
-func (c *Cache) ReadPathEntry(path string) (*PathEntry, bool, error) {
-	f := c.pathEntryFile(path)
-	b, err := os.ReadFile(f)
+func ReadPathEntry(cache *Cache, path string) (*PathEntry, bool, error) {
+	file := PathEntryPath(cache, path)
+	data, err := os.ReadFile(file)
 	if err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			return nil, false, nil
 		}
-		return nil, false, fmt.Errorf("read path entry %q: %w", f, err)
+		return nil, false, err
 	}
-	var pe PathEntry
-	if err := json.Unmarshal(b, &pe); err != nil {
-		return nil, false, fmt.Errorf("parse path entry %q: %w", f, err)
+	var entry PathEntry
+	if err := json.Unmarshal(data, &entry); err != nil {
+		return nil, false, err
 	}
-	return &pe, true, nil
+	return &entry, true, nil
 }
 
-// ReadOIDEntry reads and parses the JSON OID entry for an LFS OID string.
-// Returns (entry, true, nil) on success, (nil, false, nil) if missing,
-// or an error on I/O/parse failure.
-func (c *Cache) ReadOIDEntry(oid string) (*OIDEntry, bool, error) {
-	f := c.oidEntryFile(oid)
-	b, err := os.ReadFile(f)
+func WritePathEntry(cache *Cache, entry PathEntry) error {
+	return writeJSONAtomic(PathEntryPath(cache, entry.Path), entry)
+}
+
+func ReadOIDEntry(cache *Cache, oid string, now string) (*OIDEntry, error) {
+	file := OIDEntryPath(cache, oid)
+	entry := &OIDEntry{
+		LFSOID:    oid,
+		Paths:     []string{},
+		UpdatedAt: now,
+	}
+	data, err := os.ReadFile(file)
 	if err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
-			return nil, false, nil
+			return entry, nil
 		}
-		return nil, false, fmt.Errorf("read oid entry %q: %w", f, err)
+		return nil, err
 	}
-	var oe OIDEntry
-	if err := json.Unmarshal(b, &oe); err != nil {
-		return nil, false, fmt.Errorf("parse oid entry %q: %w", f, err)
+	if err := json.Unmarshal(data, entry); err != nil {
+		return nil, err
 	}
-	return &oe, true, nil
+	entry.LFSOID = oid
+	return entry, nil
 }
 
-//
-// Validation helpers (optional)
-//
+func UpsertOIDPath(cache *Cache, oid, oldPath, newPath, externalURL, now string, contentChanged bool) error {
+	entry, err := ReadOIDEntry(cache, oid, now)
+	if err != nil {
+		return err
+	}
 
-// CheckExternalURLMismatch compares a cached external URL hint against an
-// authoritative URL. If either value is empty this is a no-op. When both are
-// non-empty and differ an error describing the mismatch is returned.
-func CheckExternalURLMismatch(localHint, authoritative string) error {
-	l := strings.TrimSpace(localHint)
-	a := strings.TrimSpace(authoritative)
-	if l == "" || a == "" {
-		return nil
+	paths := make(map[string]struct{}, len(entry.Paths)+1)
+	for _, existing := range entry.Paths {
+		existing = strings.TrimSpace(existing)
+		if existing == "" {
+			continue
+		}
+		paths[existing] = struct{}{}
 	}
-	if l != a {
-		return fmt.Errorf(
-			"external URL mismatch: cache=%q authoritative=%q",
-			l, a,
-		)
+	if oldPath != "" {
+		delete(paths, oldPath)
 	}
-	return nil
+	if newPath != "" {
+		paths[newPath] = struct{}{}
+	}
+
+	entry.Paths = sortedKeys(paths)
+	entry.UpdatedAt = now
+	entry.ContentChange = entry.ContentChange || contentChanged
+	entry.ExternalURL = firstNonEmpty(externalURL, entry.ExternalURL)
+
+	return writeJSONAtomic(OIDEntryPath(cache, oid), entry)
 }
 
-// StaleAfter reports whether a JSON entry with the given updatedAt RFC3339
-// timestamp is older than maxAge. Returns false if the timestamp cannot be parsed.
-func StaleAfter(updatedAt string, maxAge time.Duration) bool {
-	t, err := time.Parse(time.RFC3339, updatedAt)
+func RemoveOIDPath(cache *Cache, oid, path, now string) error {
+	entry, err := ReadOIDEntry(cache, oid, now)
 	if err != nil {
-		return false
+		if errors.Is(err, fs.ErrNotExist) {
+			return nil
+		}
+		return err
+	}
+	paths := make(map[string]struct{}, len(entry.Paths))
+	for _, existing := range entry.Paths {
+		existing = strings.TrimSpace(existing)
+		if existing == "" || existing == path {
+			continue
+		}
+		paths[existing] = struct{}{}
 	}
-	return time.Since(t) > maxAge
+	entry.Paths = sortedKeys(paths)
+	entry.UpdatedAt = now
+	return writeJSONAtomic(OIDEntryPath(cache, oid), entry)
 }
 
-//
-// Filename / encoding helpers
-//
-
-// pathEntryFile returns the filesystem path to the JSON file for the given
-// repository-relative path within the Cache.PathsDir.
-func (c *Cache) pathEntryFile(path string) string {
-	return filepath.Join(c.PathsDir, EncodePath(path)+".json")
+func firstNonEmpty(values ...string) string {
+	for _, value := range values {
+		value = strings.TrimSpace(value)
+		if value != "" {
+			return value
+		}
+	}
+	return ""
 }
 
-// oidEntryFile returns the filesystem path to the JSON file for the given
-// LFS OID. Files are named by sha256(oid) to avoid filesystem restrictions.
-func (c *Cache) oidEntryFile(oid string) string {
-	sum := sha256.Sum256([]byte(oid))
-	return filepath.Join(c.OIDsDir, fmt.Sprintf("%x.json", sum[:]))
+func sortedKeys(values map[string]struct{}) []string {
+	out := make([]string, 0, len(values))
+	for value := range values {
+		out = append(out, value)
+	}
+	sort.Strings(out)
+	return out
 }
 
-// EncodePath returns a filesystem-safe base64 raw-URL encoding for a path.
-// The encoding is reversible by DecodePath.
-func EncodePath(path string) string {
-	return base64.RawURLEncoding.EncodeToString([]byte(path))
-}
+func writeJSONAtomic(path string, v any) (retErr error) {
+	dir := filepath.Dir(path)
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return err
+	}
 
-// DecodePath decodes a value produced by EncodePath back to the original path.
-// Returns an error if the input is not valid base64 raw-URL.
-func DecodePath(encoded string) (string, error) {
-	b, err := base64.RawURLEncoding.DecodeString(encoded)
+	tmp := path + ".tmp"
+	f, err := os.OpenFile(tmp, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o644)
 	if err != nil {
-		return "", err
+		return err
+	}
+	defer func() {
+		if closeErr := f.Close(); closeErr != nil && !errors.Is(closeErr, os.ErrClosed) && retErr == nil {
+			retErr = closeErr
+		}
+	}()
+
+	enc := json.NewEncoder(f)
+	enc.SetIndent("", "  ")
+	if err := enc.Encode(v); err != nil {
+		if rmErr := removeIfExists(tmp); rmErr != nil {
+			return errors.Join(err, rmErr)
+		}
+		return err
 	}
-	return string(b), nil
+	if err := f.Sync(); err != nil {
+		if rmErr := removeIfExists(tmp); rmErr != nil {
+			return errors.Join(err, rmErr)
+		}
+		return err
+	}
+	if err := f.Close(); err != nil {
+		if rmErr := removeIfExists(tmp); rmErr != nil {
+			return errors.Join(err, rmErr)
+		}
+		return err
+	}
+	return os.Rename(tmp, path)
 }
 
-//
-// Git helpers
-//
+func removeIfExists(path string) error {
+	err := os.Remove(path)
+	if err == nil || errors.Is(err, os.ErrNotExist) {
+		return nil
+	}
+	return err
+}
 
 // gitRevParseGitDir runs `git rev-parse --git-dir` (and `--show-toplevel` if
 // necessary) to return an absolute path to the repository `.git` directory.
-// Returns an error when git fails or the result cannot be resolved.
 func gitRevParseGitDir(ctx context.Context) (string, error) {
 	out, err := git(ctx, "rev-parse", "--git-dir")
 	if err != nil {
@@ -261,8 +313,6 @@ func gitRevParseGitDir(ctx context.Context) (string, error) {
 	return gitDir, nil
 }
 
-// git executes a git command and returns combined output. If git exits with
-// a non-zero status the returned error includes the command and stderr/stdout.
 func git(ctx context.Context, args ...string) ([]byte, error) {
 	cmd := exec.CommandContext(ctx, "git", args...)
 	cmd.Env = os.Environ()
diff --git a/internal/precommit_cache/helpers_test.go b/internal/precommit_cache/helpers_test.go
index 2c6064aa..5b491a61 100644
--- a/internal/precommit_cache/helpers_test.go
+++ b/internal/precommit_cache/helpers_test.go
@@ -8,91 +8,16 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
-	"time"
 )
 
-func TestEncodeDecodePathRoundTrip(t *testing.T) {
+func TestEncodePathRoundTripStability(t *testing.T) {
 	original := "data/nested file.txt"
 	encoded := EncodePath(original)
-	decoded, err := DecodePath(encoded)
-	if err != nil {
-		t.Fatalf("DecodePath error: %v", err)
-	}
-	if decoded != original {
-		t.Fatalf("expected %q, got %q", original, decoded)
-	}
-}
-
-func TestLookupExternalURLByOID(t *testing.T) {
-	cache := newTestCache(t)
-	oid := "sha256:abc123"
-	entry := OIDEntry{
-		LFSOID:      oid,
-		Paths:       []string{"data/foo.bin"},
-		ExternalURL: "s3://bucket/key",
-		UpdatedAt:   time.Now().UTC().Format(time.RFC3339),
-	}
-	writeJSON(t, cache.oidEntryFile(oid), entry)
-
-	url, ok, err := cache.LookupExternalURLByOID(oid)
-	if err != nil {
-		t.Fatalf("LookupExternalURLByOID error: %v", err)
-	}
-	if !ok {
-		t.Fatalf("expected external url to be present")
-	}
-	if url != entry.ExternalURL {
-		t.Fatalf("expected %q, got %q", entry.ExternalURL, url)
-	}
-}
-
-func TestResolveExternalURLByPath(t *testing.T) {
-	cache := newTestCache(t)
-	oid := "sha256:def456"
-	now := time.Now().UTC().Format(time.RFC3339)
-	writeJSON(t, cache.pathEntryFile("data/foo.bin"), PathEntry{
-		Path:      "data/foo.bin",
-		LFSOID:    oid,
-		UpdatedAt: now,
-	})
-	writeJSON(t, cache.oidEntryFile(oid), OIDEntry{
-		LFSOID:      oid,
-		Paths:       []string{"data/foo.bin"},
-		ExternalURL: "s3://bucket/other",
-		UpdatedAt:   now,
-	})
-
-	url, ok, err := cache.ResolveExternalURLByPath("data/foo.bin")
-	if err != nil {
-		t.Fatalf("ResolveExternalURLByPath error: %v", err)
-	}
-	if !ok {
-		t.Fatalf("expected to resolve external url")
-	}
-	if url != "s3://bucket/other" {
-		t.Fatalf("expected url to match, got %q", url)
+	if encoded == "" {
+		t.Fatal("expected encoded path")
 	}
-}
-
-func TestCheckExternalURLMismatch(t *testing.T) {
-	if err := CheckExternalURLMismatch("s3://bucket/a", "s3://bucket/a"); err != nil {
-		t.Fatalf("expected no mismatch, got %v", err)
-	}
-	if err := CheckExternalURLMismatch("", "s3://bucket/a"); err != nil {
-		t.Fatalf("expected empty hint to skip mismatch, got %v", err)
-	}
-	if err := CheckExternalURLMismatch("s3://bucket/a", "s3://bucket/b"); err == nil {
-		t.Fatalf("expected mismatch error")
-	}
-}
-
-func TestStaleAfter(t *testing.T) {
-	old := time.Now().Add(-2 * time.Hour).UTC().Format(time.RFC3339)
-	if !StaleAfter(old, time.Hour) {
-		t.Fatalf("expected timestamp to be stale")
-	}
-	if StaleAfter("not-a-time", time.Hour) {
-		t.Fatalf("expected invalid timestamp to be non-stale")
+	if strings.Contains(encoded, "/") {
+		t.Fatalf("expected filesystem-safe encoding, got %q", encoded)
 	}
 }
 
@@ -116,29 +41,39 @@ func TestOpenCache(t *testing.T) {
 	}
 }
 
-func newTestCache(t *testing.T) *Cache {
-	t.Helper()
+func TestReadOIDEntryAcceptsLegacyS3URL(t *testing.T) {
 	root := t.TempDir()
-	return &Cache{
-		GitDir:    root,
-		Root:      root,
-		PathsDir:  filepath.Join(root, "paths"),
-		OIDsDir:   filepath.Join(root, "oids"),
-		StatePath: filepath.Join(root, "state.json"),
+	cache := &Cache{
+		Root:     root,
+		PathsDir: filepath.Join(root, "paths"),
+		OIDsDir:  filepath.Join(root, "oids"),
+	}
+	if err := os.MkdirAll(cache.OIDsDir, 0o755); err != nil {
+		t.Fatalf("mkdir oids: %v", err)
+	}
+	file := OIDEntryPath(cache, "sha256:deadbeef")
+	raw := []byte(`{"lfs_oid":"sha256:deadbeef","paths":["data/file.bin"],"s3_url":"s3://bucket/key","updated_at":"2026-01-01T00:00:00Z","content_changed":false}`)
+	if err := os.WriteFile(file, raw, 0o644); err != nil {
+		t.Fatalf("write legacy oid entry: %v", err)
 	}
-}
 
-func writeJSON(t *testing.T, path string, v any) {
-	t.Helper()
-	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
-		t.Fatalf("mkdir: %v", err)
+	entry, err := ReadOIDEntry(cache, "sha256:deadbeef", "2026-01-01T00:00:00Z")
+	if err != nil {
+		t.Fatalf("ReadOIDEntry error: %v", err)
+	}
+	if entry.ExternalURL != "s3://bucket/key" {
+		t.Fatalf("expected legacy s3_url to map to ExternalURL, got %q", entry.ExternalURL)
 	}
-	data, err := json.Marshal(v)
+
+	data, err := json.Marshal(entry)
 	if err != nil {
-		t.Fatalf("marshal: %v", err)
+		t.Fatalf("marshal entry: %v", err)
+	}
+	if strings.Contains(string(data), `"s3_url"`) {
+		t.Fatalf("expected normalized marshal to omit legacy s3_url field: %s", string(data))
 	}
-	if err := os.WriteFile(path, data, 0o644); err != nil {
-		t.Fatalf("write: %v", err)
+	if !strings.Contains(string(data), `"external_url":"s3://bucket/key"`) {
+		t.Fatalf("expected normalized marshal to write external_url: %s", string(data))
 	}
 }
 
diff --git a/internal/pushsync/batch_sync.go b/internal/pushsync/batch_sync.go
deleted file mode 100644
index 427b9444..00000000
--- a/internal/pushsync/batch_sync.go
+++ /dev/null
@@ -1,308 +0,0 @@
-package pushsync
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sort"
-
-	localcommon "github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
-	localdrsobject "github.com/calypr/git-drs/internal/drsobject"
-	"github.com/calypr/git-drs/internal/drsremote"
-	"github.com/calypr/git-drs/internal/lfs"
-	drsapi "github.com/calypr/syfon/apigen/client/drs"
-	"github.com/calypr/syfon/client/hash"
-	"github.com/google/uuid"
-	"golang.org/x/sync/errgroup"
-)
-
-type batchSyncSession struct {
-	ctx            context.Context
-	rt             *pushRuntime
-	filesByOID     map[string]lfs.LfsFileInfo
-	oids           []string
-	drsObjByOID    map[string]*drsapi.DrsObject
-	existingByHash map[string][]drsapi.DrsObject
-	registeredOids map[string]bool
-}
-
-type uploadCandidate struct {
-	oid  string
-	obj  *drsapi.DrsObject
-	file lfs.LfsFileInfo
-	size int64
-	src  string
-}
-
-// BatchSyncForPush performs checksum-first push preparation.
-func BatchSyncForPush(cl *config.GitContext, ctx context.Context, files map[string]lfs.LfsFileInfo) error {
-	session := &batchSyncSession{
-		ctx:            ctx,
-		rt:             newPushRuntime(cl),
-		drsObjByOID:    make(map[string]*drsapi.DrsObject),
-		existingByHash: make(map[string][]drsapi.DrsObject),
-		registeredOids: make(map[string]bool),
-	}
-	if len(files) == 0 {
-		return nil
-	}
-
-	session.normalizeFiles(files)
-	if err := session.lookupMetadata(); err != nil {
-		return err
-	}
-	if err := session.ensureMetadataRegistered(); err != nil {
-		return err
-	}
-
-	candidates, err := session.identifyUploadCandidates()
-	if err != nil {
-		return err
-	}
-	if len(candidates) == 0 {
-		return nil
-	}
-
-	return session.executeUploadPlan(candidates)
-}
-
-func (s *batchSyncSession) normalizeFiles(files map[string]lfs.LfsFileInfo) {
-	s.filesByOID = make(map[string]lfs.LfsFileInfo, len(files))
-	for _, f := range files {
-		oid := localdrsobject.NormalizeOid(f.Oid)
-		if oid == "" {
-			continue
-		}
-		if _, exists := s.filesByOID[oid]; exists {
-			continue
-		}
-		f.Oid = oid
-		s.filesByOID[oid] = f
-		s.oids = append(s.oids, oid)
-	}
-	sort.Strings(s.oids)
-}
-
-func (s *batchSyncSession) lookupMetadata() error {
-	s.existingByHash = make(map[string][]drsapi.DrsObject, len(s.oids))
-	for _, oid := range s.oids {
-		objects, err := drsremote.ObjectsByHash(s.ctx, s.rt.API, oid)
-		if err != nil {
-			return fmt.Errorf("hash lookup failed for oid %s: %w", oid, err)
-		}
-		for _, obj := range objects {
-			objOID := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
-			if objOID == "" {
-				continue
-			}
-			s.existingByHash[objOID] = append(s.existingByHash[objOID], obj)
-		}
-	}
-	return nil
-}
-
-func (s *batchSyncSession) ensureMetadataRegistered() error {
-	toRegister := make([]drsapi.DrsObjectCandidate, 0)
-
-	for _, oid := range s.oids {
-		obj, err := s.getOrCreateDRSObjectCandidate(oid)
-		if err != nil {
-			return err
-		}
-		s.drsObjByOID[oid] = obj
-
-		recs := s.existingByHash[oid]
-		if len(recs) == 0 {
-			toRegister = append(toRegister, localdrsobject.ConvertToCandidate(obj))
-			s.registeredOids[oid] = true
-			continue
-		}
-		if match, err := drsremote.FindMatchingRecord(recs, s.rt.Scope.Organization, s.rt.Scope.Project); err == nil && match != nil {
-			s.drsObjByOID[oid] = match
-		}
-	}
-
-	if len(toRegister) == 0 {
-		return nil
-	}
-
-	s.rt.Logger.InfoContext(s.ctx, fmt.Sprintf("bulk registering %d missing records", len(toRegister)))
-	registered, err := s.rt.API.Client.DRS().RegisterObjects(s.ctx, drsapi.RegisterObjectsJSONRequestBody{
-		Candidates: toRegister,
-	})
-	if err != nil {
-		return fmt.Errorf("bulk register failed: %w", err)
-	}
-	for i := range registered.Objects {
-		obj := registered.Objects[i]
-		oid := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
-		if oid != "" {
-			copyObj := obj
-			s.drsObjByOID[oid] = &copyObj
-		}
-	}
-	return nil
-}
-
-func (s *batchSyncSession) getOrCreateDRSObjectCandidate(oid string) (*drsapi.DrsObject, error) {
-	file := s.filesByOID[oid]
-	if localObj, err := localdrsobject.ReadObject(localcommon.DRS_OBJS_PATH, oid); err == nil && localObj != nil {
-		return scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, localObj)
-	}
-	stat, err := os.Stat(file.Name)
-	if err != nil {
-		return nil, fmt.Errorf("failed to stat file %s for oid %s: %w", file.Name, oid, err)
-	}
-	obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, stat.Size(), nil)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build drs object for oid %s: %w", oid, err)
-	}
-	return obj, nil
-}
-
-func scopedDRSObjectForPush(rt *pushRuntime, oid string, path string, size int64, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) {
-	if rt == nil {
-		return existing, nil
-	}
-	if existing != nil && size <= 0 {
-		size = existing.Size
-	}
-	if size <= 0 {
-		if stat, err := os.Stat(path); err == nil {
-			size = stat.Size()
-		}
-	}
-
-	name := filepath.Base(path)
-	if existing != nil && existing.Name != nil && *existing.Name != "" {
-		name = *existing.Name
-	}
-	if name == "" || name == "." {
-		name = oid
-	}
-
-	did := uuid.NewSHA1(localdrsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", rt.Scope.Project, localdrsobject.NormalizeOid(oid)))).String()
-	if existing != nil && existing.Id != "" {
-		did = existing.Id
-	}
-
-	obj, err := localdrsobject.BuildWithPrefix(name, oid, size, did, rt.Scope.Bucket, rt.Scope.Organization, rt.Scope.Project, rt.Scope.StoragePref)
-	if err != nil {
-		return nil, err
-	}
-	if existing == nil {
-		return obj, nil
-	}
-
-	if existing.AccessMethods != nil && len(*existing.AccessMethods) > 0 {
-		obj.AccessMethods = existing.AccessMethods
-	}
-	obj.Aliases = existing.Aliases
-	obj.Contents = existing.Contents
-	obj.Description = existing.Description
-	obj.MimeType = existing.MimeType
-	if existing.Version != nil {
-		obj.Version = existing.Version
-	}
-	if !existing.CreatedTime.IsZero() {
-		obj.CreatedTime = existing.CreatedTime
-	}
-	if existing.UpdatedTime != nil {
-		obj.UpdatedTime = existing.UpdatedTime
-	}
-	return obj, nil
-}
-
-func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error) {
-	candidates := make([]uploadCandidate, 0)
-	for _, oid := range s.oids {
-		if !s.needsUpload(oid) {
-			continue
-		}
-
-		file := s.filesByOID[oid]
-		srcPath, canUpload, err := resolveUploadSourcePath(oid, file.Name, file.IsPointer)
-		if err != nil {
-			return nil, fmt.Errorf("failed to resolve upload source for oid %s: %w", oid, err)
-		}
-		if !canUpload {
-			s.rt.Logger.WarnContext(s.ctx, "no local payload available; skipping upload", "oid", oid, "path", file.Name)
-			continue
-		}
-
-		stat, err := os.Stat(srcPath)
-		if err != nil {
-			return nil, fmt.Errorf("failed to stat upload source %s: %w", srcPath, err)
-		}
-
-		candidates = append(candidates, uploadCandidate{
-			oid:  oid,
-			obj:  s.drsObjByOID[oid],
-			file: file,
-			size: stat.Size(),
-			src:  srcPath,
-		})
-	}
-	return candidates, nil
-}
-
-func (s *batchSyncSession) needsUpload(oid string) bool {
-	if s.registeredOids[oid] {
-		return true
-	}
-	if len(s.existingByHash[oid]) == 0 {
-		return true
-	}
-	if downloadable, err := isFileDownloadable(s.rt, s.ctx, s.drsObjByOID[oid]); err != nil || !downloadable {
-		return true
-	}
-	return false
-}
-
-func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error {
-	threshold := s.rt.Tuning.MultiPartThreshold
-	if threshold <= 0 {
-		threshold = 5 * 1024 * 1024 * 1024
-	}
-	concurrency := s.rt.Tuning.UploadConcurrency
-	if concurrency <= 0 {
-		concurrency = 1
-	}
-
-	small, large := splitCandidatesByThreshold(candidates, threshold)
-	s.rt.Logger.InfoContext(s.ctx, "upload plan prepared", "total", len(candidates), "parallel_small", len(small), "sequential_large", len(large))
-
-	if len(small) > 0 {
-		eg, egCtx := errgroup.WithContext(s.ctx)
-		eg.SetLimit(concurrency)
-		for _, c := range small {
-			c := c
-			eg.Go(func() error {
-				return uploadFileForObject(s.rt, egCtx, c.obj, c.src, false)
-			})
-		}
-		if err := eg.Wait(); err != nil {
-			return err
-		}
-	}
-
-	for _, c := range large {
-		if err := uploadFileForObject(s.rt, s.ctx, c.obj, c.src, false); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func splitCandidatesByThreshold(candidates []uploadCandidate, threshold int64) (small, large []uploadCandidate) {
-	for _, c := range candidates {
-		if c.size < threshold {
-			small = append(small, c)
-		} else {
-			large = append(large, c)
-		}
-	}
-	return
-}
diff --git a/internal/pushsync/register_test.go b/internal/pushsync/register_test.go
deleted file mode 100644
index 36e57074..00000000
--- a/internal/pushsync/register_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package pushsync
-
-import (
-	"context"
-	"io"
-	"net/http"
-	"strings"
-	"testing"
-)
-
-func TestProbeDownloadURLUsesProvidedHTTPClient(t *testing.T) {
-	t.Parallel()
-
-	client := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
-		if r.Method != http.MethodHead {
-			t.Fatalf("expected HEAD request, got %s", r.Method)
-		}
-		return &http.Response{
-			StatusCode: http.StatusOK,
-			Body:       io.NopCloser(strings.NewReader("")),
-			Header:     make(http.Header),
-			Request:    r,
-		}, nil
-	})}
-
-	if err := probeDownloadURL(context.Background(), client, "https://signed.example/object.bin"); err != nil {
-		t.Fatalf("probeDownloadURL returned error: %v", err)
-	}
-}
-
-type roundTripFunc func(*http.Request) (*http.Response, error)
-
-func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
diff --git a/internal/remoteruntime/runtime.go b/internal/remoteruntime/runtime.go
new file mode 100644
index 00000000..39410cdc
--- /dev/null
+++ b/internal/remoteruntime/runtime.go
@@ -0,0 +1,185 @@
+package remoteruntime
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"net/url"
+	"strings"
+	"time"
+
+	calyprconf "github.com/calypr/calypr-cli/conf"
+	"github.com/calypr/calypr-cli/credentials"
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	syclient "github.com/calypr/syfon/client"
+	syconf "github.com/calypr/syfon/client/config"
+)
+
+const credentialHelpSuffix = "Refresh credentials with `git drs remote add gen3 <remote-name> <organization/project> --cred <path>` or `--token <token>`. See docs/getting-started.md."
+
+type GitContext struct {
+	Client             *syclient.Client
+	Organization       string
+	ProjectId          string
+	BucketName         string
+	StoragePrefix      string
+	Upsert             bool
+	ForceUpload        bool
+	MultiPartThreshold int64
+	UploadConcurrency  int
+	Logger             *slog.Logger
+	Credential         *syconf.Credential
+}
+
+func New(cfg *config.Config, remote config.Remote, logger *slog.Logger) (*GitContext, error) {
+	x, ok := cfg.Remotes[remote]
+	if !ok {
+		return nil, fmt.Errorf("GetRemoteClient no remote configuration found for current remote: %s", remote)
+	}
+	if x.Local != nil {
+		return localClient(string(remote), *x.Local, logger)
+	}
+	if x.Gen3 != nil {
+		username, password, err := gitrepo.GetRemoteBasicAuth(string(remote))
+		if err == nil && strings.TrimSpace(username) != "" && strings.TrimSpace(password) != "" {
+			return localClient(string(remote), *localRemoteFromGen3(x.Gen3, username, password), logger)
+		}
+		return gen3Client(string(remote), *x.Gen3, logger)
+	}
+	return nil, fmt.Errorf("no valid remote configuration found for current remote: %s", remote)
+}
+
+func gen3Client(remoteName string, remote config.Gen3Remote, logger *slog.Logger) (*GitContext, error) {
+	manager := calyprconf.NewConfigure(logger)
+	cred, err := manager.Load(remoteName)
+	if err != nil {
+		return nil, err
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+	if err := credentials.EnsureValidCredential(ctx, cred, logger); err != nil {
+		return nil, WrapCredentialValidationError(remoteName, err)
+	}
+	if err := manager.Save(cred); err != nil {
+		return nil, fmt.Errorf("save refreshed credential for remote %q: %w", remoteName, err)
+	}
+	return newGitContext(*cred, remote, logger)
+}
+
+func localClient(remoteName string, remote config.LocalRemote, logger *slog.Logger) (*GitContext, error) {
+	if username, password, err := gitrepo.GetRemoteBasicAuth(remoteName); err == nil && username != "" && password != "" {
+		remote.BasicUsername = username
+		remote.BasicPassword = password
+	}
+	projectID := remote.GetProjectId()
+	bucketName := remote.GetBucketName()
+	storagePrefix := remote.GetStoragePrefix()
+	if strings.TrimSpace(remote.GetOrganization()) != "" || strings.TrimSpace(bucketName) != "" || strings.TrimSpace(storagePrefix) != "" {
+		scope, err := gitrepo.ResolveBucketScope(
+			remote.GetOrganization(),
+			projectID,
+			bucketName,
+			storagePrefix,
+		)
+		if err != nil {
+			return nil, err
+		}
+		bucketName = scope.Bucket
+		storagePrefix = scope.Prefix
+	}
+
+	cred := &syconf.Credential{APIEndpoint: remote.BaseURL}
+	if remote.BasicUsername != "" || remote.BasicPassword != "" {
+		cred.KeyID = remote.BasicUsername
+		cred.APIKey = remote.BasicPassword
+	}
+
+	raw, err := syclient.New(remote.BaseURL, syclient.WithBasicAuth(cred.KeyID, cred.APIKey))
+	if err != nil {
+		return nil, err
+	}
+	client, ok := raw.(*syclient.Client)
+	if !ok {
+		return nil, fmt.Errorf("unexpected syfon client type %T", raw)
+	}
+
+	return &GitContext{
+		Client:        client,
+		Organization:  remote.GetOrganization(),
+		ProjectId:     projectID,
+		BucketName:    bucketName,
+		StoragePrefix: storagePrefix,
+		Logger:        logger,
+		Credential:    cred,
+	}, nil
+}
+
+func newGitContext(profileConfig syconf.Credential, remote config.Gen3Remote, logger *slog.Logger) (*GitContext, error) {
+	if _, err := url.Parse(profileConfig.APIEndpoint); err != nil {
+		return nil, err
+	}
+	projectID := remote.GetProjectId()
+	if projectID == "" {
+		return nil, fmt.Errorf("no gen3 project specified")
+	}
+
+	scope, err := gitrepo.ResolveBucketScope(
+		remote.GetOrganization(),
+		projectID,
+		remote.GetBucketName(),
+		remote.GetStoragePrefix(),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	raw, err := syclient.New(profileConfig.APIEndpoint, syclient.WithBearerToken(profileConfig.AccessToken))
+	if err != nil {
+		return nil, err
+	}
+	client, ok := raw.(*syclient.Client)
+	if !ok {
+		return nil, fmt.Errorf("unexpected syfon client type %T", raw)
+	}
+
+	uploadConcurrency := int(gitrepo.GetGitConfigInt("lfs.concurrenttransfers", 4))
+	if uploadConcurrency < 1 {
+		uploadConcurrency = 1
+	}
+
+	return &GitContext{
+		Client:             client,
+		ProjectId:          projectID,
+		BucketName:         scope.Bucket,
+		Organization:       remote.GetOrganization(),
+		StoragePrefix:      scope.Prefix,
+		Upsert:             gitrepo.GetGitConfigBool("drs.upsert", false),
+		MultiPartThreshold: int64(gitrepo.GetGitConfigInt("drs.multipart-threshold", 5120)) * 1024 * 1024,
+		UploadConcurrency:  uploadConcurrency,
+		Logger:             logger,
+		Credential:         &profileConfig,
+	}, nil
+}
+
+func localRemoteFromGen3(gen3 *config.Gen3Remote, username string, password string) *config.LocalRemote {
+	return &config.LocalRemote{
+		BaseURL:       gen3.Endpoint,
+		ProjectID:     gen3.ProjectID,
+		Bucket:        gen3.Bucket,
+		Organization:  gen3.Organization,
+		StoragePrefix: gen3.StoragePrefix,
+		BasicUsername: strings.TrimSpace(username),
+		BasicPassword: strings.TrimSpace(password),
+	}
+}
+
+func WrapCredentialValidationError(remoteName string, err error) error {
+	if err == nil {
+		return nil
+	}
+	if strings.TrimSpace(remoteName) == "" {
+		return fmt.Errorf("%w. %s", err, credentialHelpSuffix)
+	}
+	return fmt.Errorf("%w. Remote %q requires refreshed credentials. %s", err, remoteName, credentialHelpSuffix)
+}
diff --git a/internal/remoteruntime/runtime_test.go b/internal/remoteruntime/runtime_test.go
new file mode 100644
index 00000000..2b4d6720
--- /dev/null
+++ b/internal/remoteruntime/runtime_test.go
@@ -0,0 +1,116 @@
+package remoteruntime
+
+import (
+	"os"
+	"os/exec"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/drslog"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	syconf "github.com/calypr/syfon/client/config"
+)
+
+func setupTestRepo(t *testing.T) string {
+	t.Helper()
+
+	tmpDir := t.TempDir()
+	cmd := exec.Command("git", "init", tmpDir)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		t.Fatalf("git init failed: %v: %s", err, string(out))
+	}
+	cmd = exec.Command("git", "config", "user.email", "test@example.com")
+	cmd.Dir = tmpDir
+	_ = cmd.Run()
+	cmd = exec.Command("git", "config", "user.name", "Test User")
+	cmd.Dir = tmpDir
+	_ = cmd.Run()
+
+	cwd, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("getwd: %v", err)
+	}
+	if err := os.Chdir(tmpDir); err != nil {
+		t.Fatalf("chdir: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(cwd) })
+	return tmpDir
+}
+
+func TestNewLocalIncludesRepoBasicAuth(t *testing.T) {
+	setupTestRepo(t)
+
+	cfg, err := config.UpdateRemote(config.Remote("origin"), config.RemoteSelect{
+		Local: &config.LocalRemote{BaseURL: "http://localhost:8080"},
+	})
+	if err != nil {
+		t.Fatalf("UpdateRemote failed: %v", err)
+	}
+	if err := gitrepo.SetRemoteBasicAuth("origin", "alice", "secret"); err != nil {
+		t.Fatalf("SetRemoteBasicAuth failed: %v", err)
+	}
+	logger := drslog.GetLogger()
+	gitCtx, err := New(cfg, config.Remote("origin"), logger)
+	if err != nil {
+		t.Fatalf("New failed: %v", err)
+	}
+	if gitCtx == nil || gitCtx.Client == nil {
+		t.Fatalf("expected usable GitContext, got %+v", gitCtx)
+	}
+}
+
+func TestLocalClientResolvesBucketScopeMappings(t *testing.T) {
+	setupTestRepo(t)
+
+	if err := gitrepo.SetBucketMapping("org-a", "", "mapped-bucket", "program-root"); err != nil {
+		t.Fatalf("SetBucketMapping org: %v", err)
+	}
+	if err := gitrepo.SetBucketMapping("org-a", "proj-1", "mapped-bucket", "project-subpath"); err != nil {
+		t.Fatalf("SetBucketMapping project: %v", err)
+	}
+
+	gitCtx, err := localClient("origin", config.LocalRemote{
+		BaseURL:      "http://localhost:8080",
+		Organization: "org-a",
+		ProjectID:    "proj-1",
+		Bucket:       "configured-bucket",
+	}, drslog.GetLogger())
+	if err != nil {
+		t.Fatalf("localClient failed: %v", err)
+	}
+	if gitCtx.BucketName != "mapped-bucket" {
+		t.Fatalf("BucketName = %q, want mapped-bucket", gitCtx.BucketName)
+	}
+	if gitCtx.StoragePrefix != "program-root/project-subpath" {
+		t.Fatalf("StoragePrefix = %q, want program-root/project-subpath", gitCtx.StoragePrefix)
+	}
+}
+
+func TestNewGitContextReadsLFSConcurrentTransfers(t *testing.T) {
+	setupTestRepo(t)
+
+	if err := gitrepo.SetGitConfigOptions(map[string]string{
+		"lfs.concurrenttransfers": "7",
+	}); err != nil {
+		t.Fatalf("SetGitConfigOptions failed: %v", err)
+	}
+
+	cred := syconf.Credential{
+		APIEndpoint: "https://example.test",
+		AccessToken: "token",
+	}
+	remote := config.Gen3Remote{
+		Endpoint:     "https://example.test",
+		Organization: "org1",
+		ProjectID:    "proj1",
+		Bucket:       "bucket1",
+	}
+
+	gitCtx, err := newGitContext(cred, remote, drslog.GetLogger())
+	if err != nil {
+		t.Fatalf("newGitContext failed: %v", err)
+	}
+	if gitCtx.UploadConcurrency != 7 {
+		t.Fatalf("UploadConcurrency = %d, want 7", gitCtx.UploadConcurrency)
+	}
+}
diff --git a/internal/testutils/config.go b/internal/testutils/config.go
index bc012cde..e8ab73bc 100644
--- a/internal/testutils/config.go
+++ b/internal/testutils/config.go
@@ -67,11 +67,17 @@ func CreateTestConfig(t *testing.T, tmpDir string, cfg *config.Config) {
 			setConfig(prefix+".endpoint", remote.Gen3.Endpoint)
 			setConfig(prefix+".project", remote.Gen3.ProjectID)
 			setConfig(prefix+".bucket", remote.Gen3.Bucket)
+			if remote.Gen3.Organization != "" {
+				setConfig(prefix+".organization", remote.Gen3.Organization)
+			}
 		} else if remote.Local != nil {
 			setConfig(prefix+".type", "local")
 			setConfig(prefix+".endpoint", remote.Local.BaseURL)
 			setConfig(prefix+".project", remote.Local.ProjectID)
 			setConfig(prefix+".bucket", remote.Local.Bucket)
+			if remote.Local.Organization != "" {
+				setConfig(prefix+".organization", remote.Local.Organization)
+			}
 		}
 	}
 }
diff --git a/internal/drsremote/bulk.go b/internal/transfer/access.go
similarity index 51%
rename from internal/drsremote/bulk.go
rename to internal/transfer/access.go
index bd31c01c..9b3c89da 100644
--- a/internal/drsremote/bulk.go
+++ b/internal/transfer/access.go
@@ -1,11 +1,48 @@
-package drsremote
+package transfer
 
 import (
+	"context"
+	"fmt"
 	"strings"
 
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 )
 
+func BulkAccessURLsForObjects(ctx context.Context, drsCtx *remoteruntime.GitContext, objects []drsapi.DrsObject) (map[string]drsapi.AccessURL, error) {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return nil, fmt.Errorf("DRS client unavailable")
+	}
+	req, ok := bulkAccessRequest(objects)
+	if !ok {
+		return map[string]drsapi.AccessURL{}, nil
+	}
+
+	resp, err := drsCtx.Client.DRSAPI().GetBulkAccessURLWithResponse(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	if resp.JSON200 == nil {
+		return nil, fmt.Errorf("unexpected response: %d", resp.StatusCode())
+	}
+
+	out := map[string]drsapi.AccessURL{}
+	if resp.JSON200.ResolvedDrsObjectAccessUrls == nil {
+		return out, nil
+	}
+	for _, resolved := range *resp.JSON200.ResolvedDrsObjectAccessUrls {
+		if resolved.DrsObjectId == nil {
+			continue
+		}
+		objectID := *resolved.DrsObjectId
+		if strings.TrimSpace(objectID) == "" || strings.TrimSpace(resolved.Url) == "" {
+			continue
+		}
+		out[strings.TrimSpace(objectID)] = drsapi.AccessURL{Headers: resolved.Headers, Url: resolved.Url}
+	}
+	return out, nil
+}
+
 func bulkAccessRequest(objects []drsapi.DrsObject) (drsapi.BulkObjectAccessId, bool) {
 	req := drsapi.BulkObjectAccessId{}
 	items := make([]struct {
diff --git a/internal/transfer/delete_git_history.go b/internal/transfer/delete_git_history.go
new file mode 100644
index 00000000..9e4bbf29
--- /dev/null
+++ b/internal/transfer/delete_git_history.go
@@ -0,0 +1,98 @@
+package transfer
+
+import (
+	"context"
+	"fmt"
+	"os/exec"
+	"sort"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/lfs"
+)
+
+type deletedPointer struct {
+	Path string
+	OID  string
+}
+
+func collectDeletedPointers(ctx context.Context, refs []RefUpdate) (map[string][]deletedPointer, error) {
+	grouped := make(map[string][]deletedPointer)
+	seen := make(map[string]struct{})
+	for _, ref := range refs {
+		oldSHA := strings.TrimSpace(ref.OldSHA)
+		newSHA := strings.TrimSpace(ref.NewSHA)
+		if oldSHA == "" || newSHA == "" || isZeroSHA(oldSHA) || isZeroSHA(newSHA) {
+			continue
+		}
+		paths, err := gitDeletedPaths(ctx, oldSHA, newSHA)
+		if err != nil {
+			return nil, err
+		}
+		for _, path := range paths {
+			key := oldSHA + "\x00" + path
+			if _, ok := seen[key]; ok {
+				continue
+			}
+			seen[key] = struct{}{}
+
+			oid, ok, err := gitPointerOID(ctx, oldSHA, path)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			grouped[oid] = append(grouped[oid], deletedPointer{Path: path, OID: oid})
+		}
+	}
+	return grouped, nil
+}
+
+func deletedPaths(items []deletedPointer) []string {
+	out := make([]string, 0, len(items))
+	for _, item := range items {
+		out = append(out, item.Path)
+	}
+	sort.Strings(out)
+	return out
+}
+
+func gitDeletedPaths(ctx context.Context, oldSHA, newSHA string) ([]string, error) {
+	cmd := exec.CommandContext(ctx, "git", "diff", "--name-status", "--diff-filter=D", "-M", oldSHA, newSHA)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("git diff deleted paths %s..%s: %s", oldSHA, newSHA, strings.TrimSpace(string(out)))
+	}
+	lines := strings.Split(strings.TrimSpace(string(out)), "\n")
+	paths := make([]string, 0, len(lines))
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" {
+			continue
+		}
+		parts := strings.Split(line, "\t")
+		if len(parts) < 2 || parts[0] != "D" {
+			continue
+		}
+		paths = append(paths, parts[1])
+	}
+	return paths, nil
+}
+
+func gitPointerOID(ctx context.Context, ref, path string) (string, bool, error) {
+	spec := ref + ":" + path
+	cmd := exec.CommandContext(ctx, "git", "show", spec)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return "", false, fmt.Errorf("git show %s: %s", spec, strings.TrimSpace(string(out)))
+	}
+	oid, _, ok := lfs.ParseLFSPointer(out)
+	if !ok {
+		return "", false, nil
+	}
+	return "sha256:" + strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), true, nil
+}
+
+func isZeroSHA(sha string) bool {
+	return strings.TrimSpace(sha) == "0000000000000000000000000000000000000000"
+}
diff --git a/internal/transfer/delete_reconcile.go b/internal/transfer/delete_reconcile.go
new file mode 100644
index 00000000..92976e76
--- /dev/null
+++ b/internal/transfer/delete_reconcile.go
@@ -0,0 +1,147 @@
+package transfer
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log/slog"
+	"sort"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	sycommon "github.com/calypr/syfon/common"
+)
+
+type RefUpdate struct {
+	OldSHA string
+	NewSHA string
+}
+
+type DeleteSummary struct {
+	DeletedRecords   int
+	RemovedResources int
+	ClearedLocalOnly int
+	PendingMissing   int
+	PendingAmbiguous int
+}
+
+func ReconcileCommittedDeletes(ctx context.Context, drsCtx *remoteruntime.GitContext, refs []RefUpdate, logger *slog.Logger) (DeleteSummary, error) {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return DeleteSummary{}, fmt.Errorf("DRS client unavailable")
+	}
+	if logger == nil {
+		logger = slog.New(slog.NewTextHandler(io.Discard, nil))
+	}
+	if len(refs) == 0 {
+		return DeleteSummary{}, nil
+	}
+
+	deletedByOID, err := collectDeletedPointers(ctx, refs)
+	if err != nil {
+		return DeleteSummary{}, err
+	}
+	if len(deletedByOID) == 0 {
+		return DeleteSummary{}, nil
+	}
+
+	liveByOID, err := collectLivePathsByOID(refs, logger)
+	if err != nil {
+		return DeleteSummary{}, err
+	}
+
+	resource, err := sycommon.ResourcePath(drsCtx.Organization, drsCtx.ProjectId)
+	if err != nil {
+		return DeleteSummary{}, err
+	}
+
+	summary := DeleteSummary{}
+	for oid, deletions := range deletedByOID {
+		if livePaths := liveByOID[oid]; len(livePaths) > 0 {
+			summary.ClearedLocalOnly += len(deletions)
+			continue
+		}
+
+		records, err := lookup.ObjectsByHashForScope(ctx, drsCtx, oid)
+		if err != nil {
+			return summary, err
+		}
+		switch len(records) {
+		case 0:
+			summary.PendingMissing += len(deletions)
+			logger.Warn("deleted pointer has no scoped DRS match", "oid", oid, "paths", deletedPaths(deletions))
+			continue
+		case 1:
+		default:
+			summary.PendingAmbiguous += len(deletions)
+			logger.Warn("deleted pointer matched multiple scoped DRS records", "oid", oid, "count", len(records), "paths", deletedPaths(deletions))
+			continue
+		}
+
+		record := records[0]
+		controlled := []string(nil)
+		if record.ControlledAccess != nil {
+			controlled = sycommon.NormalizeAccessResources(*record.ControlledAccess)
+		}
+		if len(controlled) <= 1 {
+			if err := drsCtx.Client.DRS().DeleteObject(ctx, record.Id, true); err != nil {
+				return summary, err
+			}
+			summary.DeletedRecords++
+			continue
+		}
+
+		var out map[string]any
+		if err := drsCtx.Client.Requestor().Do(ctx, "POST", "/index/"+record.Id+"/controlled-access/remove", map[string]string{
+			"resource": resource,
+		}, &out); err != nil {
+			return summary, err
+		}
+		summary.RemovedResources++
+	}
+
+	if summary.DeletedRecords > 0 || summary.RemovedResources > 0 || summary.ClearedLocalOnly > 0 || summary.PendingMissing > 0 || summary.PendingAmbiguous > 0 {
+		logger.Info("delete reconciliation complete",
+			"deleted_records", summary.DeletedRecords,
+			"removed_resources", summary.RemovedResources,
+			"cleared_local_only", summary.ClearedLocalOnly,
+			"pending_missing", summary.PendingMissing,
+			"pending_ambiguous", summary.PendingAmbiguous,
+		)
+	}
+	return summary, nil
+}
+
+func collectLivePathsByOID(refs []RefUpdate, logger *slog.Logger) (map[string][]string, error) {
+	targets := make([]string, 0, len(refs))
+	seen := make(map[string]struct{}, len(refs))
+	for _, ref := range refs {
+		newSHA := strings.TrimSpace(ref.NewSHA)
+		if newSHA == "" || isZeroSHA(newSHA) {
+			continue
+		}
+		if _, ok := seen[newSHA]; ok {
+			continue
+		}
+		seen[newSHA] = struct{}{}
+		targets = append(targets, newSHA)
+	}
+	if len(targets) == 0 {
+		return map[string][]string{}, nil
+	}
+
+	files, err := lfs.GetLfsFilesForRefs(targets, logger)
+	if err != nil {
+		return nil, err
+	}
+	liveByOID := make(map[string][]string)
+	for path, info := range files {
+		oid := "sha256:" + strings.TrimPrefix(strings.TrimSpace(info.Oid), "sha256:")
+		liveByOID[oid] = append(liveByOID[oid], path)
+	}
+	for oid := range liveByOID {
+		sort.Strings(liveByOID[oid])
+	}
+	return liveByOID, nil
+}
diff --git a/internal/transfer/delete_reconcile_test.go b/internal/transfer/delete_reconcile_test.go
new file mode 100644
index 00000000..b4ae133d
--- /dev/null
+++ b/internal/transfer/delete_reconcile_test.go
@@ -0,0 +1,258 @@
+package transfer
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	syclient "github.com/calypr/syfon/client"
+)
+
+type pointerSpec struct {
+	Path string
+	OID  string
+}
+
+func TestReconcileCommittedDeletesRemovesControlledAccess(t *testing.T) {
+	repo := initRepoWithDelete(t, []pointerSpec{{Path: "data.dat", OID: strings.Repeat("a", 64)}})
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	oldSHA := gitRevParse(t, repo, "HEAD~1")
+	newSHA := gitRevParse(t, repo, "HEAD")
+
+	var removedResource string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/"+strings.Repeat("a", 64):
+			obj := drsapi.DrsObject{
+				Id:               "did-1",
+				ControlledAccess: &[]string{"/organization/org/project/proj", "/organization/other/project/x"},
+				Checksums:        []drsapi.Checksum{{Type: "sha256", Checksum: strings.Repeat("a", 64)}},
+			}
+			records := []drsapi.DrsObject{obj}
+			writeJSON(t, w, http.StatusOK, drsapi.N200OkDrsObjects{ResolvedDrsObject: &records})
+		case r.Method == http.MethodPost && r.URL.Path == "/index/did-1/controlled-access/remove":
+			var req struct {
+				Resource string `json:"resource"`
+			}
+			if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+				t.Fatalf("decode remove controlled access: %v", err)
+			}
+			removedResource = req.Resource
+			writeJSON(t, w, http.StatusOK, map[string]any{"did": "did-1"})
+		default:
+			t.Fatalf("unexpected request: %s %s", r.Method, r.URL.Path)
+		}
+	}))
+	defer server.Close()
+
+	drsCtx := newGitContext(t, server.URL)
+	summary, err := ReconcileCommittedDeletes(context.Background(), drsCtx, []RefUpdate{{OldSHA: oldSHA, NewSHA: newSHA}}, nil)
+	if err != nil {
+		t.Fatalf("reconcile returned error: %v", err)
+	}
+	if summary.RemovedResources != 1 {
+		t.Fatalf("expected one removed resource, got %+v", summary)
+	}
+	if removedResource != "/organization/org/project/proj" {
+		t.Fatalf("unexpected removed resource: %s", removedResource)
+	}
+}
+
+func TestReconcileCommittedDeletesDeletesWholeRecord(t *testing.T) {
+	repo := initRepoWithDelete(t, []pointerSpec{{Path: "other.dat", OID: strings.Repeat("b", 64)}})
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	oldSHA := gitRevParse(t, repo, "HEAD~1")
+	newSHA := gitRevParse(t, repo, "HEAD")
+
+	deleted := false
+	var deleteReq struct {
+		DeleteObjectMetadata bool `json:"delete_object_metadata"`
+		DeleteStorageData    bool `json:"delete_storage_data"`
+	}
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/"+strings.Repeat("b", 64):
+			obj := drsapi.DrsObject{
+				Id:               "did-2",
+				ControlledAccess: &[]string{"/organization/org/project/proj"},
+				Checksums:        []drsapi.Checksum{{Type: "sha256", Checksum: strings.Repeat("b", 64)}},
+			}
+			records := []drsapi.DrsObject{obj}
+			writeJSON(t, w, http.StatusOK, drsapi.N200OkDrsObjects{ResolvedDrsObject: &records})
+		case r.Method == http.MethodPut && r.URL.Path == "/ga4gh/drs/v1/objects/did-2/delete":
+			if err := json.NewDecoder(r.Body).Decode(&deleteReq); err != nil {
+				t.Fatalf("decode delete request: %v", err)
+			}
+			deleted = true
+			w.WriteHeader(http.StatusOK)
+		default:
+			t.Fatalf("unexpected request: %s %s", r.Method, r.URL.Path)
+		}
+	}))
+	defer server.Close()
+
+	drsCtx := newGitContext(t, server.URL)
+	summary, err := ReconcileCommittedDeletes(context.Background(), drsCtx, []RefUpdate{{OldSHA: oldSHA, NewSHA: newSHA}}, nil)
+	if err != nil {
+		t.Fatalf("reconcile returned error: %v", err)
+	}
+	if summary.DeletedRecords != 1 || !deleted {
+		t.Fatalf("expected full delete, deleted=%v summary=%+v", deleted, summary)
+	}
+	if !deleteReq.DeleteObjectMetadata || !deleteReq.DeleteStorageData {
+		t.Fatalf("expected delete request to purge metadata and storage, got %+v", deleteReq)
+	}
+}
+
+func TestReconcileCommittedDeletesSkipsWhenOIDStillLive(t *testing.T) {
+	oid := strings.Repeat("c", 64)
+	repo := t.TempDir()
+	runGit(t, repo, "init")
+	runGit(t, repo, "config", "user.email", "test@example.com")
+	runGit(t, repo, "config", "user.name", "Test User")
+	runGit(t, repo, "config", "filter.lfs.clean", "cat")
+	runGit(t, repo, "config", "filter.lfs.smudge", "cat")
+	runGit(t, repo, "config", "filter.lfs.process", "cat")
+	runGit(t, repo, "config", "filter.lfs.required", "false")
+	runGit(t, repo, "checkout", "-b", "main")
+	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), []byte("*.dat filter=lfs diff=lfs merge=lfs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+	writePointerFile(t, filepath.Join(repo, "data.dat"), oid, "12")
+	writePointerFile(t, filepath.Join(repo, "copy.dat"), oid, "12")
+	runGit(t, repo, "add", ".")
+	runGit(t, repo, "commit", "-m", "add two pointers")
+	runGit(t, repo, "rm", "--", "data.dat")
+	runGit(t, repo, "commit", "-m", "delete one pointer")
+
+	oldWD, _ := os.Getwd()
+	if err := os.Chdir(repo); err != nil {
+		t.Fatalf("chdir repo: %v", err)
+	}
+	t.Cleanup(func() { _ = os.Chdir(oldWD) })
+
+	oldSHA := gitRevParse(t, repo, "HEAD~1")
+	newSHA := gitRevParse(t, repo, "HEAD")
+
+	called := false
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		called = true
+		t.Fatalf("unexpected remote mutation request: %s %s", r.Method, r.URL.Path)
+	}))
+	defer server.Close()
+
+	drsCtx := newGitContext(t, server.URL)
+	summary, err := ReconcileCommittedDeletes(context.Background(), drsCtx, []RefUpdate{{OldSHA: oldSHA, NewSHA: newSHA}}, nil)
+	if err != nil {
+		t.Fatalf("reconcile returned error: %v", err)
+	}
+	if called {
+		t.Fatalf("expected no remote call when oid still live")
+	}
+	if summary.ClearedLocalOnly != 1 {
+		t.Fatalf("expected local-only clear, got %+v", summary)
+	}
+}
+
+func initRepoWithDelete(t *testing.T, specs []pointerSpec) string {
+	t.Helper()
+	repo := t.TempDir()
+	runGit(t, repo, "init")
+	runGit(t, repo, "config", "user.email", "test@example.com")
+	runGit(t, repo, "config", "user.name", "Test User")
+	runGit(t, repo, "config", "filter.lfs.clean", "cat")
+	runGit(t, repo, "config", "filter.lfs.smudge", "cat")
+	runGit(t, repo, "config", "filter.lfs.process", "cat")
+	runGit(t, repo, "config", "filter.lfs.required", "false")
+	runGit(t, repo, "checkout", "-b", "main")
+
+	if err := os.WriteFile(filepath.Join(repo, ".gitattributes"), []byte("*.dat filter=lfs diff=lfs merge=lfs -text\n"), 0o644); err != nil {
+		t.Fatalf("write .gitattributes: %v", err)
+	}
+	for _, spec := range specs {
+		writePointerFile(t, filepath.Join(repo, spec.Path), spec.OID, "12")
+	}
+	runGit(t, repo, "add", ".")
+	runGit(t, repo, "commit", "-m", "add pointers")
+	for _, spec := range specs {
+		runGit(t, repo, "rm", "--", spec.Path)
+	}
+	runGit(t, repo, "commit", "-m", "delete pointers")
+	return repo
+}
+
+func newGitContext(t *testing.T, serverURL string) *remoteruntime.GitContext {
+	t.Helper()
+	rawClient, err := syclient.New(serverURL)
+	if err != nil {
+		t.Fatalf("new client: %v", err)
+	}
+	client := rawClient.(*syclient.Client)
+	return &remoteruntime.GitContext{
+		Client:       client,
+		Organization: "org",
+		ProjectId:    "proj",
+	}
+}
+
+func gitRevParse(t *testing.T, dir, ref string) string {
+	t.Helper()
+	cmd := exec.Command("git", "rev-parse", ref)
+	cmd.Dir = dir
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("git rev-parse %s failed: %v\n%s", ref, err, string(out))
+	}
+	return strings.TrimSpace(string(out))
+}
+
+func runGit(t *testing.T, dir string, args ...string) {
+	t.Helper()
+	cmd := exec.Command("git", args...)
+	cmd.Dir = dir
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("git %s failed: %v\n%s", strings.Join(args, " "), err, string(out))
+	}
+}
+
+func writeJSON(t *testing.T, w http.ResponseWriter, status int, v any) {
+	t.Helper()
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	if err := json.NewEncoder(w).Encode(v); err != nil {
+		t.Fatalf("encode json: %v", err)
+	}
+}
+
+func writePointerFile(t *testing.T, path, oid, size string) {
+	t.Helper()
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		t.Fatalf("mkdir pointer dir: %v", err)
+	}
+	content := "version https://git-lfs.github.com/spec/v1\n" +
+		"oid sha256:" + oid + "\n" +
+		"size " + size + "\n"
+	if err := os.WriteFile(path, []byte(content), 0o644); err != nil {
+		t.Fatalf("write pointer file: %v", err)
+	}
+}
diff --git a/internal/transfer/download.go b/internal/transfer/download.go
new file mode 100644
index 00000000..70928b5c
--- /dev/null
+++ b/internal/transfer/download.go
@@ -0,0 +1,139 @@
+package transfer
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	sycommon "github.com/calypr/syfon/client/common"
+	"github.com/calypr/syfon/client/request"
+	sytransfer "github.com/calypr/syfon/client/transfer"
+	sydownload "github.com/calypr/syfon/client/transfer/download"
+)
+
+func AccessURLForHashScope(ctx context.Context, drsCtx *remoteruntime.GitContext, checksum string) (*drsapi.AccessURL, *drsapi.DrsObject, error) {
+	records, err := lookup.ObjectsByHashForScope(ctx, drsCtx, checksum)
+	if err != nil {
+		return nil, nil, err
+	}
+	if len(records) == 0 {
+		return nil, nil, fmt.Errorf("no matching DRS record found for oid %s", drsobject.NormalizeChecksum(checksum))
+	}
+	match := records[0]
+	if match.AccessMethods == nil || len(*match.AccessMethods) == 0 {
+		return nil, nil, fmt.Errorf("no access methods available for DRS object %s", match.Id)
+	}
+	accessType := (*match.AccessMethods)[0].Type
+	if accessType == "" {
+		return nil, nil, fmt.Errorf("no access type found in access method for DRS object %s", match.Id)
+	}
+	accessURL, err := drsCtx.Client.DRS().GetAccessURL(ctx, match.Id, string(accessType))
+	if err != nil {
+		return nil, nil, err
+	}
+	return &accessURL, &match, nil
+}
+
+func DownloadToCachePath(ctx context.Context, drsCtx *remoteruntime.GitContext, oid, cachePath string) error {
+	if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil {
+		return fmt.Errorf("mkdir for cache path: %w", err)
+	}
+
+	accessURL, match, err := AccessURLForHashScope(ctx, drsCtx, oid)
+	if err != nil {
+		return err
+	}
+	return downloadResolved(ctx, drsCtx, oid, cachePath, match, accessURL)
+}
+
+func DownloadResolvedToCachePath(ctx context.Context, drsCtx *remoteruntime.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error {
+	if err := os.MkdirAll(filepath.Dir(cachePath), 0o755); err != nil {
+		return fmt.Errorf("mkdir for cache path: %w", err)
+	}
+	if obj == nil || accessURL == nil || accessURL.Url == "" {
+		return DownloadToCachePath(ctx, drsCtx, oid, cachePath)
+	}
+	return downloadResolved(ctx, drsCtx, oid, cachePath, obj, accessURL)
+}
+
+func DownloadResolvedToPath(ctx context.Context, drsCtx *remoteruntime.GitContext, oid, dstPath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL, opts sydownload.DownloadOptions) error {
+	if drsCtx == nil || drsCtx.Client == nil {
+		return fmt.Errorf("DRS client unavailable")
+	}
+	if obj == nil || accessURL == nil || strings.TrimSpace(accessURL.Url) == "" {
+		return fmt.Errorf("resolved DRS object and access URL are required")
+	}
+	src := &resolvedSource{
+		requestor:    drsCtx.Client.Requestor(),
+		accessURL:    strings.TrimSpace(accessURL.Url),
+		expectedSize: obj.Size,
+	}
+	return sydownload.DownloadToPathWithOptions(ctx, src, oid, dstPath, opts)
+}
+
+func downloadResolved(ctx context.Context, drsCtx *remoteruntime.GitContext, oid, cachePath string, obj *drsapi.DrsObject, accessURL *drsapi.AccessURL) error {
+	return DownloadResolvedToPath(ctx, drsCtx, oid, cachePath, obj, accessURL, sydownload.DownloadOptions{
+		MultipartThreshold: 5 * 1024 * 1024,
+		Concurrency:        2,
+		ChunkSize:          64 * 1024 * 1024,
+	})
+}
+
+type resolvedSource struct {
+	requestor    request.Requester
+	accessURL    string
+	expectedSize int64
+}
+
+func (s *resolvedSource) Name() string {
+	return "resolved-url"
+}
+
+func (s *resolvedSource) Logger() sytransfer.TransferLogger {
+	return sytransfer.NoOpLogger{}
+}
+
+func (s *resolvedSource) Stat(ctx context.Context, guid string) (*sytransfer.ObjectMetadata, error) {
+	return &sytransfer.ObjectMetadata{
+		Size:         s.expectedSize,
+		AcceptRanges: s.expectedSize > 0,
+		Provider:     "drs",
+	}, nil
+}
+
+func (s *resolvedSource) GetReader(ctx context.Context, guid string) (io.ReadCloser, error) {
+	return s.download(ctx, nil, nil)
+}
+
+func (s *resolvedSource) GetRangeReader(ctx context.Context, guid string, offset, length int64) (io.ReadCloser, error) {
+	if length <= 0 {
+		return s.download(ctx, nil, nil)
+	}
+	end := offset + length - 1
+	return s.download(ctx, &offset, &end)
+}
+
+func (s *resolvedSource) download(ctx context.Context, start, end *int64) (io.ReadCloser, error) {
+	resp, err := sytransfer.GenericDownload(ctx, s.requestor, s.accessURL, start, end)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode >= http.StatusBadRequest {
+		err := sycommon.ResponseBodyError(resp, fmt.Sprintf("download from %s failed", s.accessURL))
+		resp.Body.Close()
+		return nil, err
+	}
+	if start != nil && resp.StatusCode == http.StatusOK {
+		resp.Body.Close()
+		return nil, sytransfer.ErrRangeIgnored
+	}
+	return resp.Body, nil
+}
diff --git a/internal/drsremote/remote_test.go b/internal/transfer/download_test.go
similarity index 55%
rename from internal/drsremote/remote_test.go
rename to internal/transfer/download_test.go
index fadc40f3..f88a5f8e 100644
--- a/internal/drsremote/remote_test.go
+++ b/internal/transfer/download_test.go
@@ -1,4 +1,4 @@
-package drsremote
+package transfer
 
 import (
 	"context"
@@ -10,25 +10,21 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/calypr/git-drs/internal/config"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
 	syclient "github.com/calypr/syfon/client"
 	sydownload "github.com/calypr/syfon/client/transfer/download"
-	syfoncommon "github.com/calypr/syfon/common"
 )
 
-type roundTripFunc func(*http.Request) (*http.Response, error)
+type downloadRoundTripFunc func(*http.Request) (*http.Response, error)
 
-func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
+func (f downloadRoundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
 
 func TestBulkAccessURLsForObjects(t *testing.T) {
 	accessID := "s3"
-	methods := []drsapi.AccessMethod{{
-		Type:     drsapi.AccessMethodTypeS3,
-		AccessId: &accessID,
-	}}
+	methods := []drsapi.AccessMethod{{Type: drsapi.AccessMethodTypeS3, AccessId: &accessID}}
 	var gotMethod, gotPath string
-	httpClient := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+	httpClient := &http.Client{Transport: downloadRoundTripFunc(func(r *http.Request) (*http.Response, error) {
 		gotMethod = r.Method
 		gotPath = r.URL.Path
 		header := make(http.Header)
@@ -49,7 +45,7 @@ func TestBulkAccessURLsForObjects(t *testing.T) {
 	}
 	client := raw.(*syclient.Client)
 
-	got, err := BulkAccessURLsForObjects(context.Background(), &config.GitContext{Client: client}, []drsapi.DrsObject{
+	got, err := BulkAccessURLsForObjects(context.Background(), &remoteruntime.GitContext{Client: client}, []drsapi.DrsObject{
 		{Id: "obj-1", AccessMethods: &methods},
 	})
 	if err != nil {
@@ -66,88 +62,25 @@ func TestBulkAccessURLsForObjects(t *testing.T) {
 	}
 }
 
-func TestFindMatchingRecord_EmptyList(t *testing.T) {
-	result, err := FindMatchingRecord([]drsapi.DrsObject{}, "", "test-project")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil {
-		t.Fatalf("expected nil result for empty list")
-	}
-}
-
-func makeAuthzRecord(id, org, project string) drsapi.DrsObject {
-	authzMap := map[string][]string{org: {project}}
-	accessMethods := []drsapi.AccessMethod{{
-		Type:           "s3",
-		Authorizations: syfoncommon.AccessMethodAuthorizationsFromAuthzMap(authzMap),
-	}}
-	return drsapi.DrsObject{
-		Id:            id,
-		AccessMethods: &accessMethods,
-		Checksums:     []drsapi.Checksum{{Type: "sha256", Checksum: "sha256"}},
-	}
-}
-
-func TestFindMatchingRecord_MatchFound(t *testing.T) {
-	records := []drsapi.DrsObject{
-		makeAuthzRecord("no-match", "OTHER", "resource"),
-		makeAuthzRecord("match", "PROG", "PROJ"),
-	}
-
-	result, err := FindMatchingRecord(records, "", "PROG-PROJ")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Id != "match" {
-		t.Fatalf("expected record id match, got %#v", result)
-	}
-}
-
-func TestFindMatchingRecord_NoAuthzMatchReturnsNil(t *testing.T) {
-	records := []drsapi.DrsObject{
-		makeAuthzRecord("no-match", "OTHER", "resource"),
-	}
-	result, err := FindMatchingRecord(records, "", "PROG-PROJ")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil {
-		t.Fatalf("expected nil when no authz matches, got id=%q", result.Id)
-	}
-}
-
-func TestFindMatchingRecord_NonHyphenated(t *testing.T) {
-	if _, err := FindMatchingRecord([]drsapi.DrsObject{}, "", "no-hyphen"); err != nil {
-		t.Fatalf("FindMatchingRecord should accept non-hyphenated project ID: %v", err)
-	}
-}
-
-func TestAccessURLForHashScope_FiltersByScope(t *testing.T) {
+func TestAccessURLForHashScopeFiltersByScope(t *testing.T) {
 	t.Parallel()
 
 	projectAccessID := "s3-project"
 	orgAccessID := "s3-org"
-	projectMethods := []drsapi.AccessMethod{{
-		Type:           drsapi.AccessMethodTypeS3,
-		AccessId:       &projectAccessID,
-		Authorizations: syfoncommon.AccessMethodAuthorizationsFromAuthzMap(map[string][]string{"org1": {"proj1"}}),
-	}}
-	orgMethods := []drsapi.AccessMethod{{
-		Type:           drsapi.AccessMethodTypeS3,
-		AccessId:       &orgAccessID,
-		Authorizations: syfoncommon.AccessMethodAuthorizationsFromAuthzMap(map[string][]string{"org1": {}}),
-	}}
+	projectMethods := []drsapi.AccessMethod{{Type: drsapi.AccessMethodTypeS3, AccessId: &projectAccessID}}
+	orgMethods := []drsapi.AccessMethod{{Type: drsapi.AccessMethodTypeS3, AccessId: &orgAccessID}}
+	projectControlled := []string{"/organization/org1/project/proj1"}
+	orgControlled := []string{"/organization/org1"}
 	checksumResponse := drsapi.N200OkDrsObjects{ResolvedDrsObject: &[]drsapi.DrsObject{
-		{Id: "obj-project", Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &projectMethods},
-		{Id: "obj-org", Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &orgMethods},
+		{Id: "obj-project", ControlledAccess: &projectControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &projectMethods},
+		{Id: "obj-org", ControlledAccess: &orgControlled, Checksums: []drsapi.Checksum{{Type: "sha256", Checksum: "abc"}}, AccessMethods: &orgMethods},
 	}}
 	checksumBody, err := json.Marshal(checksumResponse)
 	if err != nil {
 		t.Fatalf("marshal checksum response: %v", err)
 	}
 
-	httpClient := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+	httpClient := &http.Client{Transport: downloadRoundTripFunc(func(r *http.Request) (*http.Response, error) {
 		switch {
 		case r.Method == http.MethodGet && r.URL.Path == "/ga4gh/drs/v1/objects/checksum/abc":
 			return &http.Response{
@@ -173,15 +106,7 @@ func TestAccessURLForHashScope_FiltersByScope(t *testing.T) {
 		t.Fatalf("syclient.New: %v", err)
 	}
 	client := raw.(*syclient.Client)
-	ctx := &config.GitContext{Client: client, Organization: "org1", ProjectId: "proj1"}
-
-	gotObjects, err := ObjectsByHashForScope(context.Background(), ctx, "sha256:abc")
-	if err != nil {
-		t.Fatalf("ObjectsByHashForScope returned error: %v", err)
-	}
-	if len(gotObjects) != 2 {
-		t.Fatalf("expected both project and org-wide matches, got %+v", gotObjects)
-	}
+	ctx := &remoteruntime.GitContext{Client: client, Organization: "org1", ProjectId: "proj1"}
 
 	accessURL, obj, err := AccessURLForHashScope(context.Background(), ctx, "sha256:abc")
 	if err != nil {
@@ -195,12 +120,12 @@ func TestAccessURLForHashScope_FiltersByScope(t *testing.T) {
 	}
 }
 
-func TestDownloadResolvedToPath_RangeIgnoredRestartsDownload(t *testing.T) {
+func TestDownloadResolvedToPathRangeIgnoredRestartsDownload(t *testing.T) {
 	t.Parallel()
 
 	payload := []byte("abcdefghijklmnopqrstuvwxyz")
 	var rangeRequests int
-	httpClient := &http.Client{Transport: roundTripFunc(func(r *http.Request) (*http.Response, error) {
+	httpClient := &http.Client{Transport: downloadRoundTripFunc(func(r *http.Request) (*http.Response, error) {
 		if r.URL.Path != "/download/object.bin" {
 			return nil, io.EOF
 		}
@@ -220,7 +145,7 @@ func TestDownloadResolvedToPath_RangeIgnoredRestartsDownload(t *testing.T) {
 		t.Fatalf("syclient.New: %v", err)
 	}
 	client := raw.(*syclient.Client)
-	drsCtx := &config.GitContext{Client: client}
+	drsCtx := &remoteruntime.GitContext{Client: client}
 
 	tmpDir := t.TempDir()
 	dstPath := filepath.Join(tmpDir, "cache", "object.bin")
@@ -253,3 +178,52 @@ func TestDownloadResolvedToPath_RangeIgnoredRestartsDownload(t *testing.T) {
 		t.Fatal("expected downloader to attempt a range request before restarting")
 	}
 }
+
+func TestDownloadResolvedToPathReturnsHTTPErrorBeforeWritingBody(t *testing.T) {
+	t.Parallel()
+
+	httpClient := &http.Client{Transport: downloadRoundTripFunc(func(r *http.Request) (*http.Response, error) {
+		if r.URL.Path != "/download/object.bin" {
+			return nil, io.EOF
+		}
+		return &http.Response{
+			StatusCode: http.StatusForbidden,
+			Body:       io.NopCloser(strings.NewReader("<html><body><h1>403 Forbidden</h1></body></html>")),
+			Header:     make(http.Header),
+			Request:    r,
+		}, nil
+	})}
+
+	raw, err := syclient.New("http://example.test", syclient.WithHTTPClient(httpClient))
+	if err != nil {
+		t.Fatalf("syclient.New: %v", err)
+	}
+	client := raw.(*syclient.Client)
+	drsCtx := &remoteruntime.GitContext{Client: client}
+
+	tmpDir := t.TempDir()
+	dstPath := filepath.Join(tmpDir, "cache", "object.bin")
+	obj := &drsapi.DrsObject{Id: "obj-1", Size: 685585}
+	accessURL := &drsapi.AccessURL{Url: "https://signed.example/download/object.bin"}
+
+	err = DownloadResolvedToPath(context.Background(), drsCtx, "obj-1", dstPath, obj, accessURL, sydownload.DownloadOptions{
+		MultipartThreshold: 685586,
+		Concurrency:        2,
+		ChunkSize:          8,
+	})
+	if err == nil {
+		t.Fatal("expected HTTP error")
+	}
+	if !strings.Contains(err.Error(), "download from https://signed.example/download/object.bin failed") {
+		t.Fatalf("expected download URL in error, got %v", err)
+	}
+	if !strings.Contains(err.Error(), "403") {
+		t.Fatalf("expected 403 in error, got %v", err)
+	}
+	if !strings.Contains(err.Error(), "Forbidden") {
+		t.Fatalf("expected response body in error, got %v", err)
+	}
+	if _, statErr := os.Stat(dstPath); !os.IsNotExist(statErr) {
+		t.Fatalf("expected no downloaded file to be written, got stat err=%v", statErr)
+	}
+}
diff --git a/internal/transfer/progress_pull.go b/internal/transfer/progress_pull.go
new file mode 100644
index 00000000..9cbbd8af
--- /dev/null
+++ b/internal/transfer/progress_pull.go
@@ -0,0 +1,184 @@
+package transfer
+
+import (
+	"fmt"
+	"io"
+)
+
+type pullProgressPhase string
+
+const (
+	pullProgressPending     pullProgressPhase = "pending"
+	pullProgressDownloading pullProgressPhase = "downloading"
+	pullProgressCheckingOut pullProgressPhase = "checking_out"
+	pullProgressCompleted   pullProgressPhase = "completed"
+)
+
+type pullFileProgress struct {
+	path    string
+	total   int64
+	current int64
+	phase   pullProgressPhase
+}
+
+type PullProgressRenderer struct {
+	base      *Renderer
+	err       error
+	planned   bool
+	files     map[string]*pullFileProgress
+	fileOrder []string
+}
+
+func NewPullProgressRenderer(out io.Writer) *PullProgressRenderer {
+	return &PullProgressRenderer{
+		base:  NewRenderer(out),
+		files: make(map[string]*pullFileProgress),
+	}
+}
+
+func (r *PullProgressRenderer) render(force bool) {
+	if r.err != nil {
+		return
+	}
+	lines := make([]string, 0, len(r.fileOrder))
+	for _, id := range r.fileOrder {
+		item := r.files[id]
+		if item == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(item))
+	}
+	r.err = r.base.Render(force, lines)
+}
+
+func (r *PullProgressRenderer) OnPlan(files []PullFile) {
+	r.planned = len(files) > 0
+	r.files = make(map[string]*pullFileProgress, len(files))
+	r.fileOrder = r.fileOrder[:0]
+	for _, file := range files {
+		r.files[file.Name] = &pullFileProgress{
+			path:  file.Name,
+			total: file.Size,
+			phase: pullProgressPending,
+		}
+		r.fileOrder = append(r.fileOrder, file.Name)
+	}
+	if r.planned {
+		r.render(true)
+	}
+}
+
+func (r *PullProgressRenderer) OnDownloadStart(file PullFile) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[file.Name]
+	if !ok {
+		return
+	}
+	item.path = file.Name
+	if file.Size > 0 {
+		item.total = file.Size
+	}
+	item.phase = pullProgressDownloading
+	r.render(false)
+}
+
+func (r *PullProgressRenderer) OnDownloadProgress(id string, bytesSoFar int64, total int64) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[id]
+	if !ok {
+		return
+	}
+	if total > 0 {
+		item.total = total
+	}
+	if bytesSoFar > item.current {
+		item.current = bytesSoFar
+	}
+	item.phase = pullProgressDownloading
+	r.render(false)
+}
+
+func (r *PullProgressRenderer) OnCheckoutStart(file PullFile) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[file.Name]
+	if !ok {
+		return
+	}
+	item.phase = pullProgressCheckingOut
+	if item.total == 0 && file.Size > 0 {
+		item.total = file.Size
+	}
+	r.render(false)
+}
+
+func (r *PullProgressRenderer) OnCompleted(file PullFile) {
+	if !r.planned {
+		return
+	}
+	item, ok := r.files[file.Name]
+	if !ok {
+		return
+	}
+	if item.total == 0 && file.Size > 0 {
+		item.total = file.Size
+	}
+	if item.total > 0 {
+		item.current = item.total
+	}
+	item.phase = pullProgressCompleted
+	r.render(false)
+}
+
+func (r *PullProgressRenderer) Finish() error {
+	if !r.planned {
+		return r.err
+	}
+	lines := make([]string, 0, len(r.fileOrder))
+	for _, id := range r.fileOrder {
+		item := r.files[id]
+		if item == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(item))
+	}
+	if r.err == nil {
+		r.err = r.base.Finish(lines)
+	}
+	r.planned = false
+	return r.err
+}
+
+func (r *PullProgressRenderer) renderLine(file *pullFileProgress) string {
+	label := "preparing pull"
+	if file != nil && file.path != "" {
+		label = TrimLabel(file.path, 48)
+	}
+
+	prefix := ""
+	if file != nil {
+		switch file.phase {
+		case pullProgressDownloading, pullProgressCheckingOut:
+			if !(file.total > 0 && file.current >= file.total) {
+				prefix = r.base.Spinner() + " "
+			}
+		}
+	}
+
+	current := int64(0)
+	total := int64(0)
+	if file != nil {
+		current = file.current
+		total = file.total
+	}
+	bar := RenderProgressBar(current, total, 24)
+	pct := RenderPercent(current, total)
+	bytesLabel := RenderByteProgress(current, total, current >= total)
+
+	return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)
+}
diff --git a/internal/transfer/progress_pull_test.go b/internal/transfer/progress_pull_test.go
new file mode 100644
index 00000000..919bee50
--- /dev/null
+++ b/internal/transfer/progress_pull_test.go
@@ -0,0 +1,59 @@
+package transfer
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestPullProgressRendererTTY(t *testing.T) {
+	var out bytes.Buffer
+	r := NewPullProgressRenderer(&out)
+	r.base.SetTTY(true)
+	r.base.SetClock(func() time.Time { return time.Unix(0, 0) })
+
+	files := []PullFile{
+		{Name: "a.bin", Oid: "oid-1", Size: 100},
+		{Name: "b.bin", Oid: "oid-2", Size: 100},
+	}
+	r.OnPlan(files)
+	r.OnDownloadStart(files[0])
+	r.OnDownloadProgress("a.bin", 50, 100)
+	r.OnCheckoutStart(files[0])
+	r.OnCompleted(files[0])
+	r.OnCompleted(files[1])
+
+	got := out.String()
+	if !strings.Contains(got, "a.bin [============") {
+		t.Fatalf("expected progress bar output for a.bin, got %q", got)
+	}
+}
+
+func TestPullProgressRendererNonTTYThrottles(t *testing.T) {
+	var out bytes.Buffer
+	now := time.Unix(0, 0)
+	r := NewPullProgressRenderer(&out)
+	r.base.SetTTY(false)
+	r.base.SetClock(func() time.Time { return now })
+
+	file := PullFile{Name: "a.bin", Oid: "oid-1", Size: 100}
+	r.OnPlan([]PullFile{file})
+	initial := out.String()
+	if !strings.Contains(initial, "a.bin") {
+		t.Fatalf("expected initial non-tty progress line, got %q", initial)
+	}
+
+	r.OnDownloadStart(file)
+	r.OnDownloadProgress("a.bin", 10, 100)
+	if got := out.String(); got != initial {
+		t.Fatalf("expected throttled output before interval, got %q", got)
+	}
+
+	now = now.Add(NonTTYProgressInterval)
+	r.OnCompleted(file)
+	got := out.String()
+	if !strings.Contains(got, "100.0% 100 B/100 B") {
+		t.Fatalf("expected rendered completion after interval, got %q", got)
+	}
+}
diff --git a/internal/transfer/progress_push.go b/internal/transfer/progress_push.go
new file mode 100644
index 00000000..8b31df71
--- /dev/null
+++ b/internal/transfer/progress_push.go
@@ -0,0 +1,235 @@
+package transfer
+
+import (
+	"fmt"
+	"io"
+	"sync"
+)
+
+type uploadFileProgress struct {
+	path      string
+	total     int64
+	current   int64
+	started   bool
+	completed bool
+}
+
+type metadataProgress struct {
+	total     int
+	completed int
+	active    bool
+	done      bool
+}
+
+type UploadProgressRenderer struct {
+	mu        sync.Mutex
+	base      *Renderer
+	err       error
+	planned   bool
+	plan      UploadPlanSummary
+	metadata  metadataProgress
+	files     map[string]*uploadFileProgress
+	fileOrder []string
+}
+
+func NewUploadProgressRenderer(out io.Writer) *UploadProgressRenderer {
+	return &UploadProgressRenderer{
+		base:  NewRenderer(out),
+		files: make(map[string]*uploadFileProgress),
+	}
+}
+
+func (r *UploadProgressRenderer) renderLocked(force bool) {
+	if r.err != nil {
+		return
+	}
+	lines := make([]string, 0, len(r.fileOrder)+1)
+	if r.metadata.total > 0 {
+		lines = append(lines, r.renderMetadataLine())
+	}
+	for idx, oid := range r.fileOrder {
+		file := r.files[oid]
+		if file == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))
+	}
+	r.err = r.base.Render(force, lines)
+}
+
+func (r *UploadProgressRenderer) OnMetadataPlan(plan MetadataPlanSummary) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	r.metadata = metadataProgress{
+		total:  plan.TotalObjects,
+		active: plan.TotalObjects > 0,
+		done:   false,
+	}
+	if plan.TotalObjects > 0 {
+		r.renderLocked(true)
+	}
+}
+
+func (r *UploadProgressRenderer) OnMetadataProgress(ev MetadataProgressEvent) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if ev.Total > 0 {
+		r.metadata.total = ev.Total
+	}
+	if ev.Completed > r.metadata.completed {
+		r.metadata.completed = ev.Completed
+	}
+	if ev.Phase == MetadataProgressRegistering {
+		r.metadata.active = true
+	}
+	if ev.Phase == MetadataProgressCompleted {
+		r.metadata.active = false
+		r.metadata.done = true
+		if r.metadata.total > 0 {
+			r.metadata.completed = r.metadata.total
+		}
+	}
+	if r.metadata.total > 0 {
+		r.renderLocked(false)
+	}
+}
+
+func (r *UploadProgressRenderer) OnUploadPlan(plan UploadPlanSummary) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	r.plan = plan
+	r.planned = plan.TotalFiles > 0
+	r.files = make(map[string]*uploadFileProgress, len(plan.Files))
+	r.fileOrder = r.fileOrder[:0]
+	for _, file := range plan.Files {
+		r.files[file.OID] = &uploadFileProgress{
+			path:  file.Path,
+			total: file.Bytes,
+		}
+		r.fileOrder = append(r.fileOrder, file.OID)
+	}
+	if r.planned {
+		r.renderLocked(true)
+	}
+}
+
+func (r *UploadProgressRenderer) OnUploadProgress(ev UploadProgressEvent) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if !r.planned {
+		return
+	}
+	file, ok := r.files[ev.OID]
+	if !ok {
+		return
+	}
+	if ev.Path != "" {
+		file.path = ev.Path
+	}
+	if ev.TotalBytes > 0 {
+		file.total = ev.TotalBytes
+	}
+	if ev.BytesSoFar > file.current {
+		file.current = ev.BytesSoFar
+	}
+	if ev.Phase == UploadProgressUploading {
+		file.started = true
+	}
+	if ev.Phase == UploadProgressCompleted && !file.completed {
+		file.started = true
+		file.completed = true
+		if file.total > 0 {
+			file.current = file.total
+		}
+	}
+	r.renderLocked(false)
+}
+
+func (r *UploadProgressRenderer) Finish() error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if !r.planned && r.metadata.total == 0 {
+		return r.err
+	}
+	lines := make([]string, 0, len(r.fileOrder))
+	if r.metadata.total > 0 {
+		lines = append(lines, r.renderMetadataLine())
+	}
+	for idx, oid := range r.fileOrder {
+		file := r.files[oid]
+		if file == nil {
+			continue
+		}
+		lines = append(lines, r.renderLine(idx, len(r.fileOrder), file))
+	}
+	if r.err == nil {
+		r.err = r.base.Finish(lines)
+	}
+	r.planned = false
+	r.metadata = metadataProgress{}
+	return r.err
+}
+
+func (r *UploadProgressRenderer) HadUploads() bool {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	return r != nil && r.planned
+}
+
+func (r *UploadProgressRenderer) Err() error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	return r.err
+}
+
+func (r *UploadProgressRenderer) renderLine(_ int, _ int, file *uploadFileProgress) string {
+	label := "preparing upload"
+	if file != nil && file.path != "" {
+		label = TrimLabel(file.path, 48)
+	}
+	prefix := ""
+	if file != nil {
+		switch {
+		case file.started && !file.completed:
+			prefix = r.base.Spinner() + " "
+		}
+	}
+
+	current := int64(0)
+	totalBytes := int64(0)
+	completed := false
+	if file != nil {
+		current = file.current
+		totalBytes = file.total
+		completed = file.completed
+	}
+	displayCurrent := VisibleProgressBytes(current, totalBytes, completed)
+	bar := RenderProgressBar(displayCurrent, totalBytes, 24)
+	pct := RenderPercentCapped(displayCurrent, totalBytes, completed)
+	bytesLabel := RenderByteProgress(displayCurrent, totalBytes, completed)
+
+	return fmt.Sprintf("%s%s %s %s %s", prefix, label, bar, pct, bytesLabel)
+}
+
+func (r *UploadProgressRenderer) renderMetadataLine() string {
+	total := r.metadata.total
+	completed := r.metadata.completed
+	if completed < 0 {
+		completed = 0
+	}
+	if total > 0 && completed > total {
+		completed = total
+	}
+	prefix := ""
+	if r.metadata.active && !r.metadata.done {
+		prefix = r.base.Spinner() + " "
+	}
+	bar := RenderProgressBar(int64(completed), int64(total), 24)
+	pct := RenderPercent(int64(completed), int64(total))
+	return fmt.Sprintf("%sregistering metadata %s %s %d/%d", prefix, bar, pct, completed, total)
+}
diff --git a/internal/transfer/progress_push_test.go b/internal/transfer/progress_push_test.go
new file mode 100644
index 00000000..dc6b906f
--- /dev/null
+++ b/internal/transfer/progress_push_test.go
@@ -0,0 +1,126 @@
+package transfer
+
+import (
+	"bytes"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+)
+
+func TestUploadProgressRendererTTY(t *testing.T) {
+	var out bytes.Buffer
+	r := NewUploadProgressRenderer(&out)
+	r.base.SetTTY(true)
+
+	r.OnUploadPlan(UploadPlanSummary{
+		Files: []UploadPlanFile{
+			{OID: "oid-1", Path: "a.bin", Bytes: 100},
+			{OID: "oid-2", Path: "b.bin", Bytes: 100},
+		},
+		TotalFiles: 2,
+		TotalBytes: 200,
+	})
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 0, TotalBytes: 100, Phase: UploadProgressUploading})
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 50, BytesSinceLast: 50, TotalBytes: 100, Phase: UploadProgressUploading})
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: UploadProgressCompleted})
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-2", Path: "b.bin", BytesSoFar: 0, TotalBytes: 100, Phase: UploadProgressUploading})
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-2", Path: "b.bin", BytesSoFar: 100, TotalBytes: 100, Phase: UploadProgressCompleted})
+	r.Finish()
+
+	got := out.String()
+	if !strings.Contains(got, "a.bin [============            ]  50.0% 50 B/100 B") {
+		t.Fatalf("expected first file uploading line, got %q", got)
+	}
+	if !strings.Contains(got, "b.bin [                        ]   0.0% 0 B/100 B") {
+		t.Fatalf("expected second file pending line, got %q", got)
+	}
+	if !strings.Contains(got, "b.bin [========================] 100.0% 100 B/100 B") {
+		t.Fatalf("expected completed second file line, got %q", got)
+	}
+}
+
+func TestUploadProgressRendererNonTTYThrottles(t *testing.T) {
+	var out bytes.Buffer
+	r := NewUploadProgressRenderer(&out)
+	r.base.SetTTY(false)
+	now := time.Unix(0, 0)
+	r.base.SetClock(func() time.Time { return now })
+
+	r.OnUploadPlan(UploadPlanSummary{
+		Files:      []UploadPlanFile{{OID: "oid-1", Path: "a.bin", Bytes: 100}},
+		TotalFiles: 1,
+		TotalBytes: 100,
+	})
+	first := out.String()
+	if first == "" {
+		t.Fatal("expected initial non-tty progress line")
+	}
+
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 10, BytesSinceLast: 10, TotalBytes: 100, Phase: UploadProgressUploading})
+	if out.String() != first {
+		t.Fatalf("expected throttled output to remain unchanged, got %q", out.String())
+	}
+
+	now = now.Add(3 * time.Second)
+	r.OnUploadProgress(UploadProgressEvent{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: UploadProgressCompleted})
+	got := out.String()
+	if strings.Count(got, "\n") < 2 {
+		t.Fatalf("expected throttled summary updates, got %q", got)
+	}
+}
+
+func TestUploadProgressRendererMetadataOnly(t *testing.T) {
+	var out bytes.Buffer
+	r := NewUploadProgressRenderer(&out)
+	r.base.SetTTY(true)
+
+	r.OnMetadataPlan(MetadataPlanSummary{TotalObjects: 3})
+	r.OnMetadataProgress(MetadataProgressEvent{Completed: 0, Total: 3, Phase: MetadataProgressRegistering})
+	r.OnMetadataProgress(MetadataProgressEvent{Completed: 3, Total: 3, Phase: MetadataProgressCompleted})
+	r.Finish()
+
+	got := out.String()
+	if !strings.Contains(got, "registering metadata") {
+		t.Fatalf("expected metadata line, got %q", got)
+	}
+}
+
+func TestUploadProgressRendererConcurrentProgress(t *testing.T) {
+	var out bytes.Buffer
+	r := NewUploadProgressRenderer(&out)
+	r.base.SetTTY(false)
+
+	r.OnUploadPlan(UploadPlanSummary{
+		Files: []UploadPlanFile{
+			{OID: "oid-1", Path: "a.bin", Bytes: 100},
+			{OID: "oid-2", Path: "b.bin", Bytes: 100},
+		},
+		TotalFiles: 2,
+		TotalBytes: 200,
+	})
+
+	events := []UploadProgressEvent{
+		{OID: "oid-1", Path: "a.bin", BytesSoFar: 10, BytesSinceLast: 10, TotalBytes: 100, Phase: UploadProgressUploading},
+		{OID: "oid-2", Path: "b.bin", BytesSoFar: 20, BytesSinceLast: 20, TotalBytes: 100, Phase: UploadProgressUploading},
+		{OID: "oid-1", Path: "a.bin", BytesSoFar: 100, TotalBytes: 100, Phase: UploadProgressCompleted},
+		{OID: "oid-2", Path: "b.bin", BytesSoFar: 100, TotalBytes: 100, Phase: UploadProgressCompleted},
+	}
+
+	var wg sync.WaitGroup
+	wg.Add(len(events))
+	for _, ev := range events {
+		ev := ev
+		go func() {
+			defer wg.Done()
+			r.OnUploadProgress(ev)
+		}()
+	}
+	wg.Wait()
+	r.Finish()
+
+	got := out.String()
+	if !strings.Contains(got, "a.bin") || !strings.Contains(got, "b.bin") {
+		t.Fatalf("expected both files in concurrent progress output, got %q", got)
+	}
+}
diff --git a/internal/transfer/progress_render.go b/internal/transfer/progress_render.go
new file mode 100644
index 00000000..3ecd10ec
--- /dev/null
+++ b/internal/transfer/progress_render.go
@@ -0,0 +1,244 @@
+package transfer
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/mattn/go-isatty"
+)
+
+const NonTTYProgressInterval = 2 * time.Second
+
+var SpinnerFrames = []string{"|", "/", "-", `\`}
+
+type Renderer struct {
+	out           io.Writer
+	isTTY         bool
+	now           func() time.Time
+	lastRender    time.Time
+	mu            sync.Mutex
+	active        bool
+	renderedLines int
+	spinnerIndex  int
+}
+
+func NewRenderer(out io.Writer) *Renderer {
+	return &Renderer{
+		out:   out,
+		isTTY: IsWriterTTY(out),
+		now:   time.Now,
+	}
+}
+
+func IsWriterTTY(w io.Writer) bool {
+	type fdWriter interface{ Fd() uintptr }
+	f, ok := w.(fdWriter)
+	if !ok {
+		return false
+	}
+	fd := f.Fd()
+	return isatty.IsTerminal(fd) || isatty.IsCygwinTerminal(fd)
+}
+
+func (r *Renderer) SetClock(now func() time.Time) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.now = now
+}
+
+func (r *Renderer) SetTTY(isTTY bool) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.isTTY = isTTY
+}
+
+func (r *Renderer) Render(force bool, lines []string) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if len(lines) == 0 {
+		return nil
+	}
+
+	now := r.now()
+	if !force && !r.isTTY && !r.lastRender.IsZero() && now.Sub(r.lastRender) < NonTTYProgressInterval {
+		return nil
+	}
+	r.lastRender = now
+	r.spinnerIndex = (r.spinnerIndex + 1) % len(SpinnerFrames)
+	r.active = true
+
+	if r.isTTY {
+		if r.renderedLines > 0 {
+			if _, err := fmt.Fprintf(r.out, "\x1b[%dA", r.renderedLines); err != nil {
+				return err
+			}
+		}
+		for _, line := range lines {
+			if _, err := fmt.Fprintf(r.out, "\r\x1b[2K%s\n", line); err != nil {
+				return err
+			}
+		}
+		r.renderedLines = len(lines)
+		return nil
+	}
+
+	for _, line := range lines {
+		if _, err := fmt.Fprintln(r.out, line); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (r *Renderer) Finish(lines []string) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if !r.active {
+		return nil
+	}
+	r.lastRender = r.now()
+	if len(lines) > 0 {
+		if r.isTTY {
+			if r.renderedLines > 0 {
+				if _, err := fmt.Fprintf(r.out, "\x1b[%dA", r.renderedLines); err != nil {
+					return err
+				}
+			}
+			for _, line := range lines {
+				if _, err := fmt.Fprintf(r.out, "\r\x1b[2K%s\n", line); err != nil {
+					return err
+				}
+			}
+			r.renderedLines = len(lines)
+		} else {
+			for _, line := range lines {
+				if _, err := fmt.Fprintln(r.out, line); err != nil {
+					return err
+				}
+			}
+		}
+	}
+	if _, err := fmt.Fprintln(r.out); err != nil {
+		return err
+	}
+	r.active = false
+	r.renderedLines = 0
+	return nil
+}
+
+func (r *Renderer) Spinner() string {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	return SpinnerFrames[r.spinnerIndex]
+}
+
+func TrimLabel(s string, max int) string {
+	if max <= 3 || len(s) <= max {
+		return s
+	}
+	return "..." + s[len(s)-(max-3):]
+}
+
+func RenderProgressBar(current, total int64, width int) string {
+	if width <= 0 {
+		return "[]"
+	}
+	if total <= 0 {
+		return "[" + Spaces(width) + "]"
+	}
+	if current < 0 {
+		current = 0
+	}
+	if current > total {
+		current = total
+	}
+	filled := int((current * int64(width)) / total)
+	if filled > width {
+		filled = width
+	}
+	return "[" + strings.Repeat("=", filled) + Spaces(width-filled) + "]"
+}
+
+func RenderPercent(current, total int64) string {
+	if total <= 0 {
+		return "  0.0%"
+	}
+	if current < 0 {
+		current = 0
+	}
+	if current > total {
+		current = total
+	}
+	value := (float64(current) * 100.0) / float64(total)
+	return fmt.Sprintf("%5.1f%%", value)
+}
+
+func RenderPercentCapped(current, total int64, completed bool) string {
+	if total <= 0 {
+		return "  0.0%"
+	}
+	if current < 0 {
+		current = 0
+	}
+	if current > total {
+		current = total
+	}
+	value := (float64(current) * 100.0) / float64(total)
+	if !completed && current < total && value > 99.9 {
+		value = 99.9
+	}
+	return fmt.Sprintf("%5.1f%%", value)
+}
+
+func FormatBinaryBytes(n int64) string {
+	if n <= 0 {
+		return "0 B"
+	}
+	const unit = 1024
+	if n < unit {
+		return fmt.Sprintf("%d B", n)
+	}
+	div, exp := int64(unit), 0
+	for value := n / unit; value >= unit && exp < 5; value /= unit {
+		div *= unit
+		exp++
+	}
+	suffix := []string{"KiB", "MiB", "GiB", "TiB", "PiB", "EiB"}[exp]
+	return fmt.Sprintf("%.1f %s", float64(n)/float64(div), suffix)
+}
+
+func VisibleProgressBytes(current, total int64, completed bool) int64 {
+	if current < 0 {
+		current = 0
+	}
+	if total <= 0 {
+		return current
+	}
+	if current > total {
+		current = total
+	}
+	if !completed && current >= total {
+		return total - 1
+	}
+	return current
+}
+
+func RenderByteProgress(current, total int64, completed bool) string {
+	formattedTotal := FormatBinaryBytes(total)
+	formattedCurrent := FormatBinaryBytes(current)
+	if !completed && total > 0 && current < total && formattedCurrent == formattedTotal {
+		formattedCurrent = "<" + formattedTotal
+	}
+	return fmt.Sprintf("%s/%s", formattedCurrent, formattedTotal)
+}
+
+func Spaces(count int) string {
+	if count <= 0 {
+		return ""
+	}
+	return strings.Repeat(" ", count)
+}
diff --git a/internal/transfer/push.go b/internal/transfer/push.go
new file mode 100644
index 00000000..f84e20f3
--- /dev/null
+++ b/internal/transfer/push.go
@@ -0,0 +1,571 @@
+package transfer
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
+
+	localdrsobject "github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/gitrepo"
+	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/lookup"
+	"github.com/calypr/git-drs/internal/remoteruntime"
+	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+	sycommon "github.com/calypr/syfon/client/common"
+	"github.com/calypr/syfon/client/hash"
+	"github.com/google/uuid"
+	"golang.org/x/sync/errgroup"
+)
+
+type batchSyncSession struct {
+	ctx            context.Context
+	rt             *pushRuntime
+	reporter       UploadProgressReporter
+	filesByOID     map[string]lfs.LfsFileInfo
+	oids           []string
+	drsObjByOID    map[string]*drsapi.DrsObject
+	existingByHash map[string][]drsapi.DrsObject
+	uploadRequired map[string]bool
+}
+
+type uploadCandidate struct {
+	oid  string
+	obj  *drsapi.DrsObject
+	file lfs.LfsFileInfo
+	size int64
+	src  string
+}
+
+const metadataLookupBatchSize = 500
+
+func BatchSyncForPush(cl *remoteruntime.GitContext, ctx context.Context, files map[string]lfs.LfsFileInfo, reporter UploadProgressReporter) error {
+	session := &batchSyncSession{
+		ctx:            ctx,
+		rt:             newPushRuntime(cl),
+		reporter:       reporter,
+		drsObjByOID:    make(map[string]*drsapi.DrsObject),
+		existingByHash: make(map[string][]drsapi.DrsObject),
+		uploadRequired: make(map[string]bool),
+	}
+	if len(files) == 0 {
+		return nil
+	}
+
+	fmt.Fprintln(os.Stderr, "DEBUG: BatchSyncForPush: Normalizing files...")
+	session.normalizeFiles(files)
+	fmt.Fprintf(os.Stderr, "DEBUG: BatchSyncForPush: Looking up metadata for %d unique OIDs...\n", len(session.oids))
+	if err := session.lookupMetadata(); err != nil {
+		return err
+	}
+	fmt.Fprintln(os.Stderr, "DEBUG: BatchSyncForPush: Ensuring metadata registered...")
+	if err := session.ensureMetadataRegistered(); err != nil {
+		return err
+	}
+
+	fmt.Fprintln(os.Stderr, "DEBUG: BatchSyncForPush: Identifying upload candidates...")
+	candidates, err := session.identifyUploadCandidates()
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(os.Stderr, "DEBUG: BatchSyncForPush: Identified %d upload candidates\n", len(candidates))
+	if len(candidates) == 0 {
+		return nil
+	}
+
+	fmt.Fprintln(os.Stderr, "DEBUG: BatchSyncForPush: Executing upload plan...")
+	return session.executeUploadPlan(candidates)
+}
+
+func (s *batchSyncSession) normalizeFiles(files map[string]lfs.LfsFileInfo) {
+	s.filesByOID = make(map[string]lfs.LfsFileInfo, len(files))
+	for _, f := range files {
+		oid := localdrsobject.NormalizeOid(f.Oid)
+		if oid == "" {
+			continue
+		}
+		if _, exists := s.filesByOID[oid]; exists {
+			continue
+		}
+		f.Oid = oid
+		s.filesByOID[oid] = f
+		s.oids = append(s.oids, oid)
+	}
+	sort.Strings(s.oids)
+}
+
+func (s *batchSyncSession) lookupMetadata() error {
+	s.existingByHash = make(map[string][]drsapi.DrsObject, len(s.oids))
+	batches := chunkStrings(s.oids, metadataLookupBatchSize)
+	for idx, batch := range batches {
+		fmt.Fprintf(os.Stderr, "DEBUG:   lookupMetadata batch %d/%d (size: %d)\n", idx+1, len(batches), len(batch))
+		objectsByHash, err := lookup.ObjectsByHashes(s.ctx, s.rt.API, batch)
+		if err != nil {
+			return fmt.Errorf("batch hash lookup failed: %w", err)
+		}
+		for _, oid := range batch {
+			objects := objectsByHash[oid]
+			for _, obj := range objects {
+				objOID := localdrsobject.NormalizeOid(hash.ConvertDrsChecksumsToHashInfo(obj.Checksums).SHA256)
+				if objOID == "" {
+					continue
+				}
+				s.existingByHash[objOID] = append(s.existingByHash[objOID], obj)
+			}
+		}
+	}
+	return nil
+}
+
+func chunkStrings(items []string, size int) [][]string {
+	if len(items) == 0 {
+		return nil
+	}
+	if size <= 0 || len(items) <= size {
+		return [][]string{items}
+	}
+	chunks := make([][]string, 0, (len(items)+size-1)/size)
+	for start := 0; start < len(items); start += size {
+		end := start + size
+		if end > len(items) {
+			end = len(items)
+		}
+		chunks = append(chunks, items[start:end])
+	}
+	return chunks
+}
+
+func (s *batchSyncSession) ensureMetadataRegistered() error {
+	toRegister := make([]internalapi.InternalRecord, 0)
+
+	for idx, oid := range s.oids {
+		if idx > 0 && idx%500 == 0 {
+			fmt.Fprintf(os.Stderr, "DEBUG:   ensureMetadataRegistered processing object %d/%d\n", idx, len(s.oids))
+		}
+		obj, err := s.getOrCreateDRSObjectCandidate(oid)
+		if err != nil {
+			return err
+		}
+		s.drsObjByOID[oid] = obj
+
+		recs := s.existingByHash[oid]
+		if len(recs) == 0 {
+			toRegister = append(toRegister, s.metadataRecordForOID(oid, obj))
+			s.uploadRequired[oid] = true
+			continue
+		}
+		if match, err := lookup.FindMatchingRecord(recs, s.rt.Scope.Organization, s.rt.Scope.Project); err == nil && match != nil {
+			toRegister = append(toRegister, s.metadataRecordForOID(oid, obj))
+			s.uploadRequired[oid] = s.rt.Tuning.ForceUpload
+			continue
+		}
+
+		reusable := s.findReusableRecord(recs)
+		if reusable != nil && !s.rt.Tuning.ForceUpload {
+			reuseObj, err := s.buildReusableScopedObject(oid, reusable)
+			if err != nil {
+				return err
+			}
+			s.drsObjByOID[oid] = reuseObj
+			toRegister = append(toRegister, s.metadataRecordForOID(oid, reuseObj))
+			continue
+		}
+
+		toRegister = append(toRegister, s.metadataRecordForOID(oid, obj))
+		s.uploadRequired[oid] = true
+	}
+
+	if len(toRegister) == 0 {
+		return nil
+	}
+
+	if s.reporter != nil {
+		s.reporter.OnMetadataPlan(MetadataPlanSummary{TotalObjects: len(toRegister)})
+		s.reporter.OnMetadataProgress(MetadataProgressEvent{
+			Completed: 0,
+			Total:     len(toRegister),
+			Phase:     MetadataProgressRegistering,
+		})
+	}
+
+	s.rt.Logger.InfoContext(s.ctx, fmt.Sprintf("bulk registering %d missing records", len(toRegister)))
+	registered, err := s.rt.API.Client.InternalAPI().InternalBulkCreateWithResponse(s.ctx, internalapi.InternalBulkCreateJSONRequestBody(
+		internalapi.BulkCreateRequest{Records: toRegister},
+	))
+	if err != nil {
+		return fmt.Errorf("bulk register failed: %w", err)
+	}
+	if registered.JSON201 == nil {
+		return fmt.Errorf("bulk register failed: unexpected response %d", registered.StatusCode())
+	}
+	if registered.JSON201.Records == nil {
+		return fmt.Errorf("bulk register failed: empty record response")
+	}
+	for i := range *registered.JSON201.Records {
+		rec := (*registered.JSON201.Records)[i]
+		oid := ""
+		if rec.Hashes != nil {
+			oid = localdrsobject.NormalizeOid((*rec.Hashes)["sha256"])
+		}
+		if oid == "" {
+			continue
+		}
+		if obj := s.drsObjByOID[oid]; obj != nil && strings.TrimSpace(obj.Id) == "" {
+			obj.Id = strings.TrimSpace(rec.Did)
+		}
+	}
+	if s.reporter != nil {
+		s.reporter.OnMetadataProgress(MetadataProgressEvent{
+			Completed: len(toRegister),
+			Total:     len(toRegister),
+			Phase:     MetadataProgressCompleted,
+		})
+	}
+	return nil
+}
+
+func (s *batchSyncSession) metadataRecordForOID(oid string, obj *drsapi.DrsObject) internalapi.InternalRecord {
+	file := s.filesByOID[oid]
+	return localdrsobject.ConvertToInternalRecord(obj, file.Name, s.rt.Scope.Organization, s.rt.Scope.Project)
+}
+
+func (s *batchSyncSession) findReusableRecord(records []drsapi.DrsObject) *drsapi.DrsObject {
+	for i := range records {
+		record := records[i]
+		if hasResolvableAccessMethod(&record) {
+			return &record
+		}
+	}
+	return nil
+}
+
+func (s *batchSyncSession) buildReusableScopedObject(oid string, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) {
+	file := s.filesByOID[oid]
+	obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, existing)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build scoped reusable object for oid %s: %w", oid, err)
+	}
+	if existing != nil && existing.AccessMethods != nil {
+		obj.AccessMethods = existing.AccessMethods
+	}
+	return obj, nil
+}
+
+func (s *batchSyncSession) getOrCreateDRSObjectCandidate(oid string) (*drsapi.DrsObject, error) {
+	file := s.filesByOID[oid]
+	if localObj, err := localdrsobject.ReadObject(gitrepo.DRSObjectsPath, oid); err == nil && localObj != nil {
+		return scopedDRSObjectForPush(s.rt, oid, file.Name, file.Size, localObj)
+	}
+	stat, err := os.Stat(file.Name)
+	if err != nil {
+		return nil, fmt.Errorf("failed to stat file %s for oid %s: %w", file.Name, oid, err)
+	}
+	obj, err := scopedDRSObjectForPush(s.rt, oid, file.Name, stat.Size(), nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build drs object for oid %s: %w", oid, err)
+	}
+	return obj, nil
+}
+
+func scopedDRSObjectForPush(rt *pushRuntime, oid string, path string, size int64, existing *drsapi.DrsObject) (*drsapi.DrsObject, error) {
+	if rt == nil {
+		return existing, nil
+	}
+	if existing != nil && size <= 0 {
+		size = existing.Size
+	}
+	if size <= 0 {
+		if stat, err := os.Stat(path); err == nil {
+			size = stat.Size()
+		}
+	}
+
+	name := strings.TrimSpace(filepath.Base(path))
+	if name == "" || name == "." {
+		if existing != nil && existing.Name != nil && strings.TrimSpace(*existing.Name) != "" {
+			name = strings.TrimSpace(*existing.Name)
+		}
+	}
+	if name == "" || name == "." {
+		name = oid
+	}
+
+	did := uuid.NewSHA1(localdrsobject.UUIDNamespace, []byte(fmt.Sprintf("%s:%s", rt.Scope.Project, localdrsobject.NormalizeOid(oid)))).String()
+	if existing != nil && existing.Id != "" {
+		did = existing.Id
+	}
+
+	obj, err := localdrsobject.BuildWithPrefix(name, oid, size, did, rt.Scope.Bucket, rt.Scope.Organization, rt.Scope.Project, rt.Scope.StoragePref)
+	if err != nil {
+		return nil, err
+	}
+	if existing == nil {
+		return obj, nil
+	}
+
+	if shouldPreserveExistingAccessMethodsForPush(existing, obj, oid) {
+		obj.AccessMethods = existing.AccessMethods
+	}
+
+	obj.Aliases = existing.Aliases
+	obj.Contents = existing.Contents
+	obj.Description = existing.Description
+	obj.MimeType = existing.MimeType
+	if existing.Version != nil {
+		obj.Version = existing.Version
+	}
+	if !existing.CreatedTime.IsZero() {
+		obj.CreatedTime = existing.CreatedTime
+	}
+	if existing.UpdatedTime != nil {
+		obj.UpdatedTime = existing.UpdatedTime
+	}
+	return obj, nil
+}
+
+func shouldPreserveExistingAccessMethodsForPush(existing *drsapi.DrsObject, generated *drsapi.DrsObject, oid string) bool {
+	existingURL := firstAccessURL(existing)
+	if existingURL == "" {
+		return false
+	}
+	generatedURL := firstAccessURL(generated)
+	if existingURL == generatedURL {
+		return true
+	}
+	existingBucket, existingKey, existingOK := parseStorageURL(existingURL)
+	if !existingOK {
+		return true
+	}
+	generatedBucket, generatedKey, generatedOK := parseStorageURL(generatedURL)
+	normalizedOID := strings.Trim(strings.TrimPrefix(strings.TrimSpace(oid), "sha256:"), "/")
+	existingKey = strings.Trim(existingKey, "/")
+	if strings.EqualFold(existingBucket, "objects") {
+		return false
+	}
+	if generatedOK && existingKey == "" {
+		return false
+	}
+	if generatedOK && !strings.EqualFold(existingBucket, generatedBucket) && existingKey == normalizedOID {
+		return false
+	}
+	if generatedOK && existingKey == generatedKey && strings.EqualFold(existingBucket, generatedBucket) {
+		return true
+	}
+	return true
+}
+
+func firstAccessURL(obj *drsapi.DrsObject) string {
+	if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 {
+		return ""
+	}
+	am := (*obj.AccessMethods)[0]
+	if am.AccessUrl == nil {
+		return ""
+	}
+	return strings.TrimSpace(am.AccessUrl.Url)
+}
+
+func parseStorageURL(raw string) (bucket string, key string, ok bool) {
+	u, err := url.Parse(strings.TrimSpace(raw))
+	if err != nil || u.Scheme == "" || u.Host == "" {
+		return "", "", false
+	}
+	switch strings.ToLower(u.Scheme) {
+	case "s3", "gs", "azblob":
+		return u.Host, strings.Trim(u.Path, "/"), true
+	default:
+		return "", "", false
+	}
+}
+
+func (s *batchSyncSession) identifyUploadCandidates() ([]uploadCandidate, error) {
+	candidates := make([]uploadCandidate, 0)
+	for _, oid := range s.oids {
+		needsUpload, err := s.needsUpload(oid)
+		if err != nil {
+			return nil, err
+		}
+		if !needsUpload {
+			continue
+		}
+
+		file := s.filesByOID[oid]
+		srcPath, canUpload, err := resolveUploadSourcePath(oid, file.Name, file.IsPointer)
+		if err != nil {
+			return nil, fmt.Errorf("failed to resolve upload source for oid %s: %w", oid, err)
+		}
+		if !canUpload {
+			s.rt.Logger.WarnContext(s.ctx, "no local payload available; skipping upload", "oid", oid, "path", file.Name)
+			continue
+		}
+
+		stat, err := os.Stat(srcPath)
+		if err != nil {
+			return nil, fmt.Errorf("failed to stat upload source %s: %w", srcPath, err)
+		}
+
+		candidates = append(candidates, uploadCandidate{
+			oid:  oid,
+			obj:  s.drsObjByOID[oid],
+			file: file,
+			size: stat.Size(),
+			src:  srcPath,
+		})
+	}
+	return candidates, nil
+}
+
+func (s *batchSyncSession) needsUpload(oid string) (bool, error) {
+	if s.rt.Tuning.ForceUpload {
+		return true, nil
+	}
+	if s.uploadRequired[oid] {
+		return true, nil
+	}
+	if len(s.existingByHash[oid]) == 0 {
+		return true, nil
+	}
+	return false, nil
+}
+
+func hasResolvableAccessMethod(obj *drsapi.DrsObject) bool {
+	if obj == nil || obj.AccessMethods == nil || len(*obj.AccessMethods) == 0 {
+		return false
+	}
+	for _, am := range *obj.AccessMethods {
+		if strings.TrimSpace(string(am.Type)) == "" || am.AccessUrl == nil {
+			continue
+		}
+		if strings.TrimSpace(am.AccessUrl.Url) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func (s *batchSyncSession) executeUploadPlan(candidates []uploadCandidate) error {
+	threshold := s.rt.Tuning.MultiPartThreshold
+	if threshold <= 0 {
+		threshold = 5 * 1024 * 1024 * 1024
+	}
+	concurrency := s.rt.Tuning.UploadConcurrency
+	if concurrency <= 0 {
+		concurrency = 1
+	}
+
+	small, large := splitCandidatesByThreshold(candidates, threshold)
+	s.rt.Logger.InfoContext(s.ctx, "upload plan prepared", "total", len(candidates), "parallel_small", len(small), "sequential_large", len(large))
+	if s.reporter != nil {
+		s.reporter.OnUploadPlan(buildUploadPlanSummary(candidates))
+	}
+
+	if len(small) > 0 {
+		eg, egCtx := errgroup.WithContext(s.ctx)
+		eg.SetLimit(concurrency)
+		for _, c := range small {
+			c := c
+			eg.Go(func() error {
+				s.reportUploadStarted(c)
+				uploadCtx := s.progressContextForCandidate(egCtx, c)
+				if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil {
+					return err
+				}
+				s.reportUploadCompleted(c)
+				return nil
+			})
+		}
+		if err := eg.Wait(); err != nil {
+			return err
+		}
+	}
+
+	for _, c := range large {
+		s.reportUploadStarted(c)
+		uploadCtx := s.progressContextForCandidate(s.ctx, c)
+		if err := uploadFileForObject(s.rt, uploadCtx, c.obj, c.src, false); err != nil {
+			return err
+		}
+		s.reportUploadCompleted(c)
+	}
+	return nil
+}
+
+func buildUploadPlanSummary(candidates []uploadCandidate) UploadPlanSummary {
+	files := make([]UploadPlanFile, 0, len(candidates))
+	var totalBytes int64
+	for _, c := range candidates {
+		files = append(files, UploadPlanFile{
+			OID:   c.oid,
+			Path:  c.file.Name,
+			Bytes: c.size,
+		})
+		totalBytes += c.size
+	}
+	return UploadPlanSummary{
+		Files:      files,
+		TotalFiles: len(files),
+		TotalBytes: totalBytes,
+	}
+}
+
+func (s *batchSyncSession) progressContextForCandidate(ctx context.Context, c uploadCandidate) context.Context {
+	if s.reporter == nil {
+		return ctx
+	}
+	ctx = sycommon.WithOid(ctx, c.oid)
+	return sycommon.WithProgress(ctx, func(ev sycommon.ProgressEvent) error {
+		if ev.Event != "progress" {
+			return nil
+		}
+		s.reporter.OnUploadProgress(UploadProgressEvent{
+			OID:            c.oid,
+			Path:           c.file.Name,
+			BytesSoFar:     ev.BytesSoFar,
+			BytesSinceLast: ev.BytesSinceLast,
+			TotalBytes:     c.size,
+			Phase:          UploadProgressUploading,
+		})
+		return nil
+	})
+}
+
+func (s *batchSyncSession) reportUploadStarted(c uploadCandidate) {
+	if s.reporter == nil {
+		return
+	}
+	s.reporter.OnUploadProgress(UploadProgressEvent{
+		OID:        c.oid,
+		Path:       c.file.Name,
+		BytesSoFar: 0,
+		TotalBytes: c.size,
+		Phase:      UploadProgressUploading,
+	})
+}
+
+func (s *batchSyncSession) reportUploadCompleted(c uploadCandidate) {
+	if s.reporter == nil {
+		return
+	}
+	s.reporter.OnUploadProgress(UploadProgressEvent{
+		OID:        c.oid,
+		Path:       c.file.Name,
+		BytesSoFar: c.size,
+		TotalBytes: c.size,
+		Phase:      UploadProgressCompleted,
+	})
+}
+
+func splitCandidatesByThreshold(candidates []uploadCandidate, threshold int64) (small, large []uploadCandidate) {
+	for _, c := range candidates {
+		if threshold > 0 && c.size >= threshold {
+			large = append(large, c)
+			continue
+		}
+		small = append(small, c)
+	}
+	return small, large
+}
diff --git a/internal/pushsync/register.go b/internal/transfer/push_runtime.go
similarity index 60%
rename from internal/pushsync/register.go
rename to internal/transfer/push_runtime.go
index de7a2bd3..c8f47714 100644
--- a/internal/pushsync/register.go
+++ b/internal/transfer/push_runtime.go
@@ -1,4 +1,4 @@
-package pushsync
+package transfer
 
 import (
 	"context"
@@ -9,16 +9,36 @@ import (
 	"os"
 	"strings"
 
-	localcommon "github.com/calypr/git-drs/internal/common"
-	"github.com/calypr/git-drs/internal/config"
 	localdrsobject "github.com/calypr/git-drs/internal/drsobject"
+	"github.com/calypr/git-drs/internal/gitrepo"
 	"github.com/calypr/git-drs/internal/lfs"
+	"github.com/calypr/git-drs/internal/remoteruntime"
 	drsapi "github.com/calypr/syfon/apigen/client/drs"
+	internalapi "github.com/calypr/syfon/apigen/client/internalapi"
+	sycommon "github.com/calypr/syfon/client/common"
 	conf "github.com/calypr/syfon/client/config"
 	"github.com/calypr/syfon/client/hash"
+	syrequest "github.com/calypr/syfon/client/request"
+	sytransfer "github.com/calypr/syfon/client/transfer"
 	syupload "github.com/calypr/syfon/client/transfer/upload"
 )
 
+var uploadBackendForRuntime = func(rt *pushRuntime) sytransfer.MultipartBackend {
+	if rt == nil || rt.API == nil || rt.API.Client == nil {
+		return nil
+	}
+	return rt.API.Client.Data()
+}
+
+type scopedUploadURLBackend struct {
+	sytransfer.MultipartBackend
+	rt *pushRuntime
+}
+
+func (b *scopedUploadURLBackend) ResolveUploadURL(ctx context.Context, guid string, filename string, metadata sycommon.FileMetadata, bucket string) (string, error) {
+	return resolveScopedUploadURL(b.rt, ctx, b.MultipartBackend, guid, filename)
+}
+
 type pushScope struct {
 	Organization string
 	Project      string
@@ -28,12 +48,13 @@ type pushScope struct {
 
 type pushTuning struct {
 	Upsert             bool
+	ForceUpload        bool
 	MultiPartThreshold int64
 	UploadConcurrency  int
 }
 
 type pushRuntime struct {
-	API        *config.GitContext
+	API        *remoteruntime.GitContext
 	Credential *conf.Credential
 	Logger     *slog.Logger
 	Scope      pushScope
@@ -41,7 +62,7 @@ type pushRuntime struct {
 	ProbeURL   func(context.Context, string) error
 }
 
-func newPushRuntime(cl *config.GitContext) *pushRuntime {
+func newPushRuntime(cl *remoteruntime.GitContext) *pushRuntime {
 	if cl == nil {
 		return &pushRuntime{}
 	}
@@ -57,6 +78,7 @@ func newPushRuntime(cl *config.GitContext) *pushRuntime {
 		},
 		Tuning: pushTuning{
 			Upsert:             cl.Upsert,
+			ForceUpload:        cl.ForceUpload,
 			MultiPartThreshold: cl.MultiPartThreshold,
 			UploadConcurrency:  cl.UploadConcurrency,
 		},
@@ -64,16 +86,13 @@ func newPushRuntime(cl *config.GitContext) *pushRuntime {
 	}
 }
 
-// isFileDownloadable checks if a file is already available for download
 func isFileDownloadable(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject) (bool, error) {
-	// Try to get a download URL - if successful, file is downloadable
 	if drsObject.AccessMethods == nil || len(*drsObject.AccessMethods) == 0 {
 		return false, nil
 	}
 	accessType := (*drsObject.AccessMethods)[0].Type
 	res, err := rt.API.Client.DRS().GetAccessURL(ctx, drsObject.Id, string(accessType))
 	if err != nil {
-		// If we can't get a download URL, assume file is not downloadable
 		return false, nil
 	}
 	if rt.ProbeURL == nil {
@@ -103,8 +122,6 @@ func uploadKeyFromObject(obj *drsapi.DrsObject, bucket string, storagePrefix str
 		}
 		if raw != "" {
 			if u, err := url.Parse(raw); err == nil && strings.EqualFold(u.Scheme, "s3") {
-				// Preserve the full object key path from DRS metadata.
-				// Taking only filepath.Base(...) loses CAS/storage prefixes and causes 404 downloads.
 				key := strings.TrimSpace(strings.TrimPrefix(u.Path, "/"))
 				if key != "" && (bucket == "" || strings.EqualFold(strings.TrimSpace(u.Host), strings.TrimSpace(bucket))) {
 					return key
@@ -124,14 +141,9 @@ func resolveUploadSourcePath(oid string, worktreePath string, isPointer bool) (s
 		return "", false, fmt.Errorf("empty oid")
 	}
 
-	lfsObjPath, err := lfs.ObjectPath(localcommon.LFS_OBJS_PATH, oid)
+	lfsObjPath, err := lfs.ObjectPath(gitrepo.LFSObjectsPath, oid)
 	if err == nil {
 		if st, statErr := os.Stat(lfsObjPath); statErr == nil && !st.IsDir() && st.Size() > 0 {
-			if isPointer {
-				if sentinel, sentinelErr := lfs.IsAddURLSentinelObject(lfsObjPath); sentinelErr == nil && sentinel {
-					return "", false, nil
-				}
-			}
 			return lfsObjPath, true, nil
 		}
 	}
@@ -153,7 +165,7 @@ func resolveUploadSourcePath(oid string, worktreePath string, isPointer bool) (s
 func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi.DrsObject, filePath string, skipIfDownloadable bool) error {
 	hInfo := hash.ConvertDrsChecksumsToHashInfo(drsObject.Checksums)
 	if skipIfDownloadable {
-		rt.Logger.InfoContext(ctx, fmt.Sprintf("checking if oid %s is already downloadable", hInfo.SHA256))
+		rt.Logger.DebugContext(ctx, fmt.Sprintf("checking if oid %s is already downloadable", hInfo.SHA256))
 		downloadable, err := isFileDownloadable(rt, ctx, drsObject)
 		if err != nil {
 			return fmt.Errorf("error checking if file is downloadable: oid %s %v", hInfo.SHA256, err)
@@ -164,7 +176,7 @@ func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi
 		}
 	}
 
-	rt.Logger.InfoContext(ctx, fmt.Sprintf("file %s is not downloadable, proceeding to upload", hInfo.SHA256))
+	rt.Logger.DebugContext(ctx, fmt.Sprintf("file %s is not downloadable, proceeding to upload", hInfo.SHA256))
 	multiPartThreshold := int64(5 * 1024 * 1024 * 1024)
 	if rt.Tuning.MultiPartThreshold > 0 {
 		multiPartThreshold = rt.Tuning.MultiPartThreshold
@@ -197,13 +209,75 @@ func uploadFileForObject(rt *pushRuntime, ctx context.Context, drsObject *drsapi
 		"threshold", multiPartThreshold,
 		"forceMultipart", forceMultipart,
 	)
-	if err := syupload.UploadObjectFile(ctx, rt.API.Client.Data(), filePath, objectKey, drsObject.Id, rt.Scope.Bucket, forceMultipart); err != nil {
+	backend := uploadBackendForRuntime(rt)
+	if backend == nil {
+		return fmt.Errorf("upload backend is required")
+	}
+	if strings.TrimSpace(rt.Scope.Organization) != "" && strings.TrimSpace(rt.Scope.Project) != "" {
+		backend = &scopedUploadURLBackend{MultipartBackend: backend, rt: rt}
+	}
+	if forceMultipart {
+		if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, true); err != nil {
+			return fmt.Errorf("upload error: %w", err)
+		}
+		return nil
+	}
+	if err := syupload.Upload(ctx, backend, filePath, objectKey, drsObject.Id, rt.Scope.Bucket, scopedUploadMetadata(rt), false, false); err != nil {
 		return fmt.Errorf("upload error: %w", err)
 	}
 	return nil
 }
 
-func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error {
+func resolveScopedUploadURL(rt *pushRuntime, ctx context.Context, backend sytransfer.MultipartBackend, did, objectKey string) (string, error) {
+	organization := strings.TrimSpace(rt.Scope.Organization)
+	project := strings.TrimSpace(rt.Scope.Project)
+	if organization == "" || project == "" {
+		return "", fmt.Errorf("upload scope organization/project is required")
+	}
+
+	if rt.API != nil && rt.API.Client != nil && rt.API.Client.Requestor() != nil {
+		query := url.Values{}
+		query.Set("organization", organization)
+		query.Set("project", project)
+		query.Set("file_name", objectKey)
+		var out internalapi.InternalSignedURL
+		if err := rt.API.Client.Requestor().Do(ctx, http.MethodGet, "/data/upload/"+url.PathEscape(did), nil, &out, syrequest.WithQueryValues(query)); err != nil {
+			return "", err
+		}
+		if out.Url == nil || strings.TrimSpace(*out.Url) == "" {
+			return "", fmt.Errorf("response missing URL")
+		}
+		return *out.Url, nil
+	}
+
+	resolver, ok := backend.(interface {
+		ResolveUploadURL(context.Context, string, string, sycommon.FileMetadata, string) (string, error)
+	})
+	if !ok {
+		return "", fmt.Errorf("upload backend cannot resolve upload URLs")
+	}
+	metadata := sycommon.FileMetadata{
+		Authorizations: map[string][]string{
+			organization: {project},
+		},
+	}
+	return resolver.ResolveUploadURL(ctx, did, objectKey, metadata, "")
+}
+
+func scopedUploadMetadata(rt *pushRuntime) sycommon.FileMetadata {
+	organization := strings.TrimSpace(rt.Scope.Organization)
+	project := strings.TrimSpace(rt.Scope.Project)
+	if organization == "" || project == "" {
+		return sycommon.FileMetadata{}
+	}
+	return sycommon.FileMetadata{
+		Authorizations: map[string][]string{
+			organization: {project},
+		},
+	}
+}
+
+func newDownloadProbe(cl *remoteruntime.GitContext) func(context.Context, string) error {
 	httpClient := http.DefaultClient
 	if cl != nil && cl.Client != nil && cl.Client.HTTPClient() != nil {
 		httpClient = cl.Client.HTTPClient()
@@ -214,10 +288,11 @@ func newDownloadProbe(cl *config.GitContext) func(context.Context, string) error
 }
 
 func probeDownloadURL(ctx context.Context, httpClient *http.Client, rawURL string) error {
-	req, err := http.NewRequestWithContext(ctx, http.MethodHead, rawURL, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, rawURL, nil)
 	if err != nil {
 		return err
 	}
+	req.Header.Set("Range", "bytes=0-0")
 	if httpClient == nil {
 		httpClient = http.DefaultClient
 	}
diff --git a/internal/transfer/types.go b/internal/transfer/types.go
new file mode 100644
index 00000000..4682a85d
--- /dev/null
+++ b/internal/transfer/types.go
@@ -0,0 +1,59 @@
+package transfer
+
+type UploadProgressPhase string
+
+const (
+	UploadProgressUploading UploadProgressPhase = "uploading"
+	UploadProgressCompleted UploadProgressPhase = "completed"
+)
+
+type MetadataProgressPhase string
+
+const (
+	MetadataProgressRegistering MetadataProgressPhase = "registering"
+	MetadataProgressCompleted   MetadataProgressPhase = "completed"
+)
+
+type MetadataPlanSummary struct {
+	TotalObjects int
+}
+
+type MetadataProgressEvent struct {
+	Completed int
+	Total     int
+	Phase     MetadataProgressPhase
+}
+
+type UploadPlanFile struct {
+	OID   string
+	Path  string
+	Bytes int64
+}
+
+type UploadPlanSummary struct {
+	Files      []UploadPlanFile
+	TotalFiles int
+	TotalBytes int64
+}
+
+type UploadProgressEvent struct {
+	OID            string
+	Path           string
+	BytesSoFar     int64
+	BytesSinceLast int64
+	TotalBytes     int64
+	Phase          UploadProgressPhase
+}
+
+type UploadProgressReporter interface {
+	OnMetadataPlan(MetadataPlanSummary)
+	OnMetadataProgress(MetadataProgressEvent)
+	OnUploadPlan(UploadPlanSummary)
+	OnUploadProgress(UploadProgressEvent)
+}
+
+type PullFile struct {
+	Name string
+	Oid  string
+	Size int64
+}
diff --git a/internal/version/version.go b/internal/version/version.go
deleted file mode 100644
index 6f060845..00000000
--- a/internal/version/version.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Package version reports the Git-DRS version.
-package version
-
-import "fmt"
-
-// Build and version details
-var (
-	GitCommit   = ""
-	GitBranch   = ""
-	GitUpstream = ""
-	BuildDate   = ""
-	Version     = ""
-)
-
-var tpl = `git commit: %s
-git branch: %s
-git upstream: %s
-build date: %s
-version: %s`
-
-// String formats a string with version details.
-func String() string {
-	return fmt.Sprintf(tpl, GitCommit, GitBranch, GitUpstream, BuildDate, Version)
-}
-
-// LogFields logs build and version information to the given logger.
-func LogFields() []any {
-	return []any{
-		"GitCommit", GitCommit,
-		"GitBranch", GitBranch,
-		"GitUpstream", GitUpstream,
-		"BuildDate", BuildDate,
-		"Version", Version,
-	}
-}
diff --git a/internal/version/version_test.go b/internal/version/version_test.go
deleted file mode 100644
index 52bdd23c..00000000
--- a/internal/version/version_test.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package version
-
-import (
-	"strings"
-	"testing"
-)
-
-func TestString(t *testing.T) {
-	// Set vars for consistent testing
-	GitCommit = "chk123"
-	GitBranch = "test-branch"
-	GitUpstream = "origin/test"
-	BuildDate = "2023-01-01"
-	Version = "v0.0.1"
-
-	s := String()
-	if !strings.Contains(s, "git commit: chk123") {
-		t.Errorf("String() missing commit info")
-	}
-	if !strings.Contains(s, "git branch: test-branch") {
-		t.Errorf("String() missing branch info")
-	}
-	if !strings.Contains(s, "version: v0.0.1") {
-		t.Errorf("String() missing version info")
-	}
-}
-
-func TestLogFields(t *testing.T) {
-	// Ensure vars are set
-	GitCommit = "chk123"
-	Version = "v0.0.1"
-
-	fields := LogFields()
-	if len(fields) != 10 {
-		t.Errorf("LogFields returned wrong number of fields: %d", len(fields))
-	}
-
-	fieldsMap := make(map[string]interface{})
-	for i := 0; i < len(fields); i += 2 {
-		key, ok := fields[i].(string)
-		if !ok {
-			t.Errorf("LogField key at index %d is not a string", i)
-			continue
-		}
-		fieldsMap[key] = fields[i+1]
-	}
-
-	if val, ok := fieldsMap["GitCommit"]; !ok || val != "chk123" {
-		t.Errorf("LogFields missing correct GitCommit")
-	}
-	if val, ok := fieldsMap["Version"]; !ok || val != "v0.0.1" {
-		t.Errorf("LogFields missing correct Version")
-	}
-}
diff --git a/tests/README.md b/tests/README.md
index 5a2c02ff..daf48d6d 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -66,7 +66,7 @@ TEST_STRICT_CLEANUP=true
   - multipart/resume checks
   - LFS compatibility path
 - `tests/e2e-gen3-remote-addurl.sh`
-  - add-url with known SHA and unknown SHA sentinel path
+  - add-url with known SHA and unknown SHA placeholder path
 - `tests/e2e-local-full.sh`
   - wrapper for full suite in `local` server mode
 - `tests/e2e-local-addurl.sh`
diff --git a/tests/coverage-test.sh b/tests/coverage-test.sh
index b2c57572..0bc980d1 100755
--- a/tests/coverage-test.sh
+++ b/tests/coverage-test.sh
@@ -276,7 +276,7 @@ export AWS_SECRET_ACCESS_KEY="$SECRET_KEY"
 export AWS_ENDPOINT_URL_S3="$ENDPOINT"
 export AWS_REGION="${AWS_REGION:-us-east-1}"
 
-# use add-url without --sha256 (experimental sentinel mode)
+# use add-url without --sha256
 git drs add-url s3://$PREFIX$BUCKET/simple_test_file.txt data/simple_test_file.txt
 
 # set the .gitattributes to track the file
@@ -305,7 +305,7 @@ if [ -z "$original_add_url_oid" ]; then
   exit 1
 fi
 if [ "$original_add_url_oid" = "$sha256" ]; then
-  err "expected sentinel/synthetic oid for unknown-sha add-url, but found real sha256"
+  err "expected placeholder oid for unknown-sha add-url, but found real sha256"
   exit 1
 fi
 
diff --git a/tests/e2e-gen3-remote-addurl.sh b/tests/e2e-gen3-remote-addurl.sh
index 7976a10c..b4b155e0 100755
--- a/tests/e2e-gen3-remote-addurl.sh
+++ b/tests/e2e-gen3-remote-addurl.sh
@@ -650,19 +650,15 @@ main() {
   if [[ "$SERVER_MODE" == "remote" ]]; then
     log "Configuring gen3 remote"
     run_cmd_with_timeout "$TEST_CMD_TIMEOUT_SECONDS" "git drs remote add gen3 (source repo)" \
-      git drs remote add gen3 "$REMOTE_NAME" \
-        --token "$GEN3_TOKEN" \
-        --bucket "$TEST_BUCKET_NAME" \
-        --organization "$ORGANIZATION" \
-        --project "$PROJECT_ID"
+      git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" \
+        --token "$GEN3_TOKEN"
   else
     log "Configuring local remote"
     local -a local_add_args
     local_add_args=(
       git drs remote add local "$REMOTE_NAME" "$DRS_URL"
+      "$ORGANIZATION/$PROJECT_ID"
       --bucket "$TEST_BUCKET_NAME"
-      --organization "$ORGANIZATION"
-      --project "$PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
@@ -717,7 +713,7 @@ main() {
     exit 1
   fi
   if [[ "$unknown_pointer_oid" == "$unknown_real_oid" ]]; then
-    echo "error: unknown-sha add-url unexpectedly used real sha256 (expected synthetic/sentinel oid)" >&2
+    echo "error: unknown-sha add-url unexpectedly used real sha256 (expected placeholder oid)" >&2
     exit 1
   fi
   ALL_OIDS+=("$unknown_pointer_oid")
@@ -755,18 +751,14 @@ main() {
   configure_lfs_endpoint_for_repo "$REMOTE_NAME"
   if [[ "$SERVER_MODE" == "remote" ]]; then
     run_cmd_with_timeout "$TEST_CMD_TIMEOUT_SECONDS" "git drs remote add gen3 (clone repo)" \
-      git drs remote add gen3 "$REMOTE_NAME" \
-        --token "$GEN3_TOKEN" \
-        --bucket "$TEST_BUCKET_NAME" \
-        --organization "$ORGANIZATION" \
-        --project "$PROJECT_ID"
+      git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" \
+        --token "$GEN3_TOKEN"
   else
     local -a local_add_args_clone
     local_add_args_clone=(
       git drs remote add local "$REMOTE_NAME" "$DRS_URL"
+      "$ORGANIZATION/$PROJECT_ID"
       --bucket "$TEST_BUCKET_NAME"
-      --organization "$ORGANIZATION"
-      --project "$PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args_clone+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
diff --git a/tests/e2e-gen3-remote-full.sh b/tests/e2e-gen3-remote-full.sh
index dea0572c..d1142f91 100755
--- a/tests/e2e-gen3-remote-full.sh
+++ b/tests/e2e-gen3-remote-full.sh
@@ -1416,10 +1416,10 @@ main() {
   configure_local_credential_helper
   git config --local lfs.basictransfersonly true
   if [[ "$SERVER_MODE" == "remote" ]]; then
-    git drs remote add gen3 "$REMOTE_NAME" --token "$GEN3_TOKEN" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID"
+    git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" --token "$GEN3_TOKEN"
   else
     local -a local_add_args
-    local_add_args=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID")
+    local_add_args=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" "$ORGANIZATION/$PROJECT_ID")
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
     fi
@@ -1544,10 +1544,10 @@ main() {
   configure_local_credential_helper
   git config --local lfs.basictransfersonly true
   if [[ "$SERVER_MODE" == "remote" ]]; then
-    git drs remote add gen3 "$REMOTE_NAME" --token "$GEN3_TOKEN" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID"
+    git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" --token "$GEN3_TOKEN"
   else
     local -a local_add_args_clone
-    local_add_args_clone=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID")
+    local_add_args_clone=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" "$ORGANIZATION/$PROJECT_ID")
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args_clone+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
     fi
@@ -1608,10 +1608,10 @@ main() {
     configure_local_credential_helper
     git config --local lfs.basictransfersonly true
     if [[ "$SERVER_MODE" == "remote" ]]; then
-      git drs remote add gen3 "$REMOTE_NAME" --token "$GEN3_TOKEN" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID"
+      git drs remote add gen3 "$REMOTE_NAME" "$ORGANIZATION/$PROJECT_ID" --token "$GEN3_TOKEN"
     else
       local -a local_add_args_lfs
-      local_add_args_lfs=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" --bucket "$active_bucket" --organization "$ORGANIZATION" --project "$PROJECT_ID")
+      local_add_args_lfs=(git drs remote add local "$REMOTE_NAME" "$DRS_URL" "$ORGANIZATION/$PROJECT_ID")
       if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
         local_add_args_lfs+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
       fi
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go
index 58984c1a..7ca29110 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_assertions_test.go
@@ -91,22 +91,14 @@ func normalizeDockerBucketMapKeyPart(v string) string {
 func upsertSyfonBucketScope(t *testing.T, serverURL string, minioEnv *minioContainer, org, project, path string) {
 	t.Helper()
 	body, err := json.Marshal(map[string]string{
-		"bucket":             minioEnv.bucket,
-		"provider":           "s3",
-		"region":             minioEnv.region,
-		"access_key":         minioEnv.accessKey,
-		"secret_key":         minioEnv.secretKey,
-		"endpoint":           minioEnv.endpoint,
-		"billing_log_bucket": minioEnv.bucket,
-		"billing_log_prefix": dockerE2EProviderLogPrefix,
-		"organization":       org,
-		"project_id":         project,
-		"path":               path,
+		"organization": org,
+		"project_id":   project,
+		"path":         path,
 	})
 	if err != nil {
 		t.Fatalf("marshal bucket scope request: %v", err)
 	}
-	req, err := http.NewRequest(http.MethodPut, strings.TrimRight(serverURL, "/")+"/data/buckets", bytes.NewReader(body))
+	req, err := http.NewRequest(http.MethodPost, strings.TrimRight(serverURL, "/")+"/data/buckets/"+minioEnv.bucket+"/scopes", bytes.NewReader(body))
 	if err != nil {
 		t.Fatalf("build bucket scope request: %v", err)
 	}
@@ -254,3 +246,33 @@ func assertMinIOObjectExists(t *testing.T, client *s3.Client, bucket, key string
 		t.Fatalf("expected MinIO object %s/%s to exist: %v", bucket, key, err)
 	}
 }
+
+func assertMinIOObjectMissing(t *testing.T, client *s3.Client, bucket, key string) {
+	t.Helper()
+	_, err := client.HeadObject(context.Background(), &s3.HeadObjectInput{
+		Bucket: aws.String(bucket),
+		Key:    aws.String(key),
+	})
+	if err == nil {
+		t.Fatalf("expected MinIO object %s/%s to be deleted", bucket, key)
+	}
+}
+
+func assertDRSRecordMissing(t *testing.T, serverURL, did string) {
+	t.Helper()
+	target := strings.TrimRight(serverURL, "/") + "/ga4gh/drs/v1/objects/" + did
+	req, err := http.NewRequest(http.MethodGet, target, nil)
+	if err != nil {
+		t.Fatalf("build GET %s: %v", target, err)
+	}
+	req.SetBasicAuth(dockerE2ELocalUser, dockerE2ELocalPassword)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("GET %s: %v", target, err)
+	}
+	defer resp.Body.Close()
+	body, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusNotFound {
+		t.Fatalf("expected DRS record %s to be deleted, got status=%d body=%s", did, resp.StatusCode, string(body))
+	}
+}
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go
index a77582e4..456ffca8 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_helpers_test.go
@@ -149,10 +149,9 @@ func configureLocalRepo(t *testing.T, dir, credentialStore string) {
 func configureGitDrsRemote(t *testing.T, repoDir, serverURL string, minioEnv *minioContainer) {
 	t.Helper()
 	t.Logf("configuring git-drs remote: repo=%s server=%s bucket=%s org=%s project=%s", repoDir, serverURL, minioEnv.bucket, dockerE2EOrganization, dockerE2EProjectID)
+	setLocalBucketMapping(t, repoDir, dockerE2EOrganization, dockerE2EProjectID, minioEnv.bucket, "")
 	runCommand(t, repoDir, nil, "git", "drs", "remote", "add", "local", "origin", serverURL,
-		"--bucket", minioEnv.bucket,
-		"--organization", dockerE2EOrganization,
-		"--project", dockerE2EProjectID,
+		dockerE2EOrganization+"/"+dockerE2EProjectID,
 		"--username", dockerE2ELocalUser,
 		"--password", dockerE2ELocalPassword,
 	)
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go
index 942cc263..63a87da9 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_setup_test.go
@@ -41,6 +41,7 @@ const (
 
 var gitDrsBinDir string
 var gitDrsTestHomeDir string
+var syfonBinPath string
 
 type minioContainer struct {
 	containerID string
@@ -86,6 +87,11 @@ func TestMain(m *testing.M) {
 		os.Stderr.WriteString(fmt.Sprintf("could not find git-drs root: %v\n", err))
 		os.Exit(2)
 	}
+	syfonRoot, err := resolveSyfonRoot()
+	if err != nil {
+		os.Stderr.WriteString(fmt.Sprintf("could not find syfon root: %v\n", err))
+		os.Exit(2)
+	}
 
 	gitDrsBinDir, err = os.MkdirTemp("", "git-drs-docker-e2e-bin-")
 	if err != nil {
@@ -115,6 +121,21 @@ func TestMain(m *testing.M) {
 		os.Exit(2)
 	}
 
+	if envBin := strings.TrimSpace(os.Getenv("TEST_SYFON_BIN")); envBin != "" {
+		syfonBinPath = envBin
+	} else {
+		syfonBinPath = filepath.Join(gitDrsBinDir, "syfon-docker-e2e")
+		buildSyfon := exec.Command("go", "build", "-o", syfonBinPath, ".")
+		buildSyfon.Dir = syfonRoot
+		os.Stderr.WriteString(fmt.Sprintf("building syfon integration binary into %s from %s\n", syfonBinPath, syfonRoot))
+		if out, err := buildSyfon.CombinedOutput(); err != nil {
+			os.Stderr.Write(out)
+			os.Stderr.WriteString(fmt.Sprintf("syfon build error: %v\n", err))
+			_ = os.RemoveAll(gitDrsBinDir)
+			os.Exit(2)
+		}
+	}
+
 	code := m.Run()
 	_ = os.RemoveAll(gitDrsBinDir)
 	_ = os.RemoveAll(gitDrsTestHomeDir)
@@ -139,3 +160,20 @@ func findGitDrsRoot() (string, error) {
 		dir = parent
 	}
 }
+
+func resolveSyfonRoot() (string, error) {
+	if root := strings.TrimSpace(os.Getenv("TEST_SYFON_ROOT")); root != "" {
+		return root, nil
+	}
+
+	root, err := findGitDrsRoot()
+	if err != nil {
+		return "", err
+	}
+	candidate := filepath.Join(filepath.Dir(root), "syfon")
+	info, statErr := os.Stat(candidate)
+	if statErr == nil && info.IsDir() {
+		return candidate, nil
+	}
+	return "", fmt.Errorf("could not find syfon checkout at %s", candidate)
+}
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go
index 38cb9fcd..feeb9cbf 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_syfon_test.go
@@ -188,14 +188,11 @@ s3_credentials:
 func buildSyfonBinary(t *testing.T, rootDir string) string {
 	t.Helper()
 
-	binaryPath := filepath.Join(t.TempDir(), "syfon-docker-e2e")
-	t.Logf("building syfon binary from %s into %s", rootDir, binaryPath)
-	cmd := exec.Command("go", "build", "-o", binaryPath, ".")
-	cmd.Dir = rootDir
-	if out, err := cmd.CombinedOutput(); err != nil {
-		t.Fatalf("build syfon binary: %v\n%s", err, string(out))
+	if strings.TrimSpace(syfonBinPath) == "" {
+		t.Fatalf("shared syfon binary path is not initialized")
 	}
-	return binaryPath
+	t.Logf("using prebuilt syfon binary %s from %s", syfonBinPath, rootDir)
+	return syfonBinPath
 }
 
 func reserveTCPPort(t *testing.T) int {
@@ -212,26 +209,11 @@ func reserveTCPPort(t *testing.T) int {
 func findSyfonRoot(t *testing.T) string {
 	t.Helper()
 
-	if root := strings.TrimSpace(os.Getenv("TEST_SYFON_ROOT")); root != "" {
-		return root
-	}
-
-	dir, err := os.Getwd()
+	root, err := resolveSyfonRoot()
 	if err != nil {
-		t.Fatalf("get working directory: %v", err)
-	}
-
-	for {
-		candidate := filepath.Join(dir, "..", "syfon")
-		if info, statErr := os.Stat(candidate); statErr == nil && info.IsDir() {
-			return candidate
-		}
-		parent := filepath.Dir(dir)
-		if parent == dir {
-			t.Fatalf("could not find syfon checkout from %s", dir)
-		}
-		dir = parent
+		t.Fatalf("resolve syfon root: %v", err)
 	}
+	return root
 }
 
 func logServerProcessOutput(t *testing.T, serverURL string, stdoutBuf, stderrBuf *bytes.Buffer) {
diff --git a/tests/integration/docker_syfon/docker_syfon_e2e_test.go b/tests/integration/docker_syfon/docker_syfon_e2e_test.go
index 4d90ce32..40f604ef 100644
--- a/tests/integration/docker_syfon/docker_syfon_e2e_test.go
+++ b/tests/integration/docker_syfon/docker_syfon_e2e_test.go
@@ -65,6 +65,7 @@ func TestGitDrsDockerMinIOE2E(t *testing.T) {
 	runCommand(t, repoDir, nil, "git", "remote", "add", "origin", gogsEnv.repoCloneURL)
 	runCommand(t, repoDir, nil, "git", "drs", "init")
 	configureGitDrsRemote(t, repoDir, server.url, minioEnv)
+	upsertSyfonBucketScope(t, server.url, minioEnv, dockerE2EOrganization, dockerE2EProjectID, "s3://"+minioEnv.bucket)
 	logRepoSnapshot(t, repoDir, "post-init")
 
 	t.Logf("STEP 5: Uploading tracked files through git-drs push...")
@@ -105,6 +106,7 @@ func TestGitDrsDockerMinIOE2E(t *testing.T) {
 		t.Fatalf("restore git credential store: %v", err)
 	}
 	runCommand(t, repoDir, nil, "git", "drs", "push", "origin")
+	runCommand(t, repoDir, nil, "git", "branch", "--set-upstream-to=origin/main", "main")
 	logRepoSnapshot(t, repoDir, "post-push")
 	querySmall := runCommand(t, repoDir, nil, "git", "drs", "query", "--remote", "origin", "--pretty", smallDid)
 	if !strings.Contains(querySmall, smallDid) {
@@ -169,6 +171,14 @@ func TestGitDrsDockerMinIOE2E(t *testing.T) {
 		t.Fatalf("multipart file checksum lookup mismatch: expected DID %s and hash %s in output %q", largeDid, largeSumHex, largeHashOut)
 	}
 	t.Logf("hash verification complete for source.txt=%s multipart.bin=%s", smallSumHex, largeSumHex)
+
+	t.Logf("STEP 7: Deleting a tracked file via git drs rm and verifying remote record + bucket removal...")
+	runCommand(t, repoDir, nil, "git", "drs", "rm", "data/source.txt")
+	runCommand(t, repoDir, nil, "git", "commit", "-m", "remove source.txt through git drs rm")
+	runCommand(t, repoDir, nil, "git", "drs", "push", "origin")
+	logRepoSnapshot(t, repoDir, "post-delete-push")
+	assertMinIOObjectMissing(t, minioEnv.s3Client, minioEnv.bucket, smallDid)
+	assertDRSRecordMissing(t, server.url, smallDid)
 }
 
 func TestGitDrsDockerAddURLE2E(t *testing.T) {
@@ -355,6 +365,7 @@ func TestGitDrsDockerBucketScopePathsE2E(t *testing.T) {
 	runCommand(t, repoDir, nil, "git", "drs", "track", "*.bin")
 
 	t.Logf("STEP 5: Adding managed uploads for each bucket scope path case...")
+	upsertSyfonBucketScope(t, server.url, minioEnv, dockerE2EOrganization, dockerE2EProjectID, "s3://"+minioEnv.bucket)
 	defaultOID := addTrackedPayloadCommit(t, repoDir, "data/default-root.bin", []byte("default bucket root payload"), ".gitattributes")
 	defaultKey := defaultOID
 	runCommand(t, repoDir, nil, "git", "drs", "push", "origin")
diff --git a/tests/monorepos/e2e-monorepo-remote.sh b/tests/monorepos/e2e-monorepo-remote.sh
index 7c40376b..d02bc19a 100755
--- a/tests/monorepos/e2e-monorepo-remote.sh
+++ b/tests/monorepos/e2e-monorepo-remote.sh
@@ -14,9 +14,10 @@ fi
 
 DRS_URL="${TEST_DRS_URL:-${DRS_URL:-https://caliper-training.ohsu.edu}}"
 SERVER_MODE="${TEST_SERVER_MODE:-${SERVER_MODE:-remote}}"
-GEN3_TOKEN="${TEST_GEN3_TOKEN:-${GEN3_TOKEN:-}}"
-GEN3_TOKEN_SOURCE="${TEST_GEN3_TOKEN:+env:TEST_GEN3_TOKEN}"
+GEN3_TOKEN=""
+GEN3_TOKEN_SOURCE=""
 GEN3_PROFILE="${TEST_GEN3_PROFILE:-${GEN3_PROFILE:-}}"
+USER_SUPPLIED_GEN3_TOKEN="${TEST_GEN3_TOKEN:-${GEN3_TOKEN:-}}"
 GEN3_CONFIG_PATH="${TEST_GEN3_CONFIG_PATH:-${GEN3_CONFIG_PATH:-$HOME/.gen3/gen3_client_config.ini}}"
 ADMIN_AUTH_HEADER="${TEST_ADMIN_AUTH_HEADER:-${ADMIN_AUTH_HEADER:-}}"
 LOCAL_USERNAME="${TEST_LOCAL_USERNAME:-${LOCAL_USERNAME:-${DRS_BASIC_AUTH_USER:-}}}"
@@ -259,15 +260,14 @@ resolve_auth_from_profile_if_needed() {
   if [[ "$SERVER_MODE" == "local" ]]; then
     return
   fi
-  if [[ -n "$GEN3_TOKEN" ]]; then
-    GEN3_TOKEN_SOURCE="${GEN3_TOKEN_SOURCE:-env:TEST_GEN3_TOKEN}"
-    return
-  fi
   require_env GEN3_PROFILE "$GEN3_PROFILE"
   if [[ ! -f "$GEN3_CONFIG_PATH" ]]; then
     echo "error: GEN3 profile config file not found at $GEN3_CONFIG_PATH" >&2
     exit 1
   fi
+  if [[ -n "$USER_SUPPLIED_GEN3_TOKEN" ]]; then
+    echo "warning: TEST_GEN3_TOKEN/GEN3_TOKEN is ignored by this script; using GEN3_PROFILE='$GEN3_PROFILE' from $GEN3_CONFIG_PATH" >&2
+  fi
 
   local profile_token profile_endpoint profile_api_key
   profile_token="$(load_profile_field "$GEN3_PROFILE" "access_token" "$GEN3_CONFIG_PATH")"
@@ -478,8 +478,8 @@ validate_config() {
       ;;
   esac
 
-  if [[ "$SERVER_MODE" == "remote" && -z "$GEN3_TOKEN" && -z "$GEN3_PROFILE" ]]; then
-    echo "error: remote mode requires TEST_GEN3_TOKEN or GEN3_PROFILE/TEST_GEN3_PROFILE" >&2
+  if [[ "$SERVER_MODE" == "remote" && -z "$GEN3_PROFILE" ]]; then
+    echo "error: remote mode requires GEN3_PROFILE/TEST_GEN3_PROFILE" >&2
     exit 1
   fi
   if [[ "$SERVER_MODE" == "local" ]]; then
@@ -504,7 +504,7 @@ validate_config() {
 configure_remote_auth() {
   MONO_REMOTE_URL_AUTH="$MONO_REMOTE_URL"
   if [[ -n "$TEST_GITHUB_TOKEN" && "$MONO_REMOTE_URL" =~ ^https://github.com/ ]]; then
-    MONO_REMOTE_URL_AUTH="${MONO_REMOTE_URL/https:\/\/github.com\//https:\/\/x-access-token:${TEST_GITHUB_TOKEN}@github.com/}"
+    MONO_REMOTE_URL_AUTH="${MONO_REMOTE_URL/https:\/\/github.com\//https://x-access-token:${TEST_GITHUB_TOKEN}@github.com/}"
   fi
 }
 
@@ -571,11 +571,12 @@ delete_github_repo_if_requested() {
 
   require_cmd gh
   if GH_TOKEN="$TEST_GITHUB_TOKEN" gh api "/repos/${GITHUB_OWNER_REPO}" >/dev/null 2>&1; then
-    log "Deleting existing GitHub repo ${GITHUB_OWNER_REPO} for clean test run"
-    GH_TOKEN="$TEST_GITHUB_TOKEN" gh api -X DELETE "/repos/${GITHUB_OWNER_REPO}" >/dev/null
-    DELETED_REMOTE_REPO_AT_START=true
-    # Small wait to avoid eventual-consistency race with immediate recreation.
-    sleep 2
+    # log "Deleting existing GitHub repo ${GITHUB_OWNER_REPO} for clean test run"
+    # GH_TOKEN="$TEST_GITHUB_TOKEN" gh api -X DELETE "/repos/${GITHUB_OWNER_REPO}" >/dev/null
+    # DELETED_REMOTE_REPO_AT_START=true
+    # # Small wait to avoid eventual-consistency race with immediate recreation.
+    # sleep 2
+    log "Skipping deletion of existing GitHub repo ${GITHUB_OWNER_REPO}; using push -f instead"
   fi
 }
 
@@ -650,18 +651,14 @@ setup_repo() {
   configure_local_credential_helper
   if [[ "$SERVER_MODE" == "remote" ]]; then
     git drs remote add gen3 "$MONO_REMOTE_NAME" \
-      --token "$GEN3_TOKEN" \
-      --bucket "$ACTIVE_BUCKET" \
-      --organization "$TEST_ORGANIZATION" \
-      --project "$TEST_PROJECT_ID"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
     ensure_repo_remote_token "$MONO_REMOTE_NAME"
   else
     local -a local_add_args
     local_add_args=(
       git drs remote add local "$MONO_REMOTE_NAME" "$DRS_URL"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
       --bucket "$ACTIVE_BUCKET"
-      --organization "$TEST_ORGANIZATION"
-      --project "$TEST_PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
@@ -683,7 +680,7 @@ push_dataset() {
   git add .gitattributes
   git commit -m "Initialize LFS tracking" || true
   # Ensure origin/main is established as upstream for subsequent git-drs pushes.
-  git push --set-upstream "$MONO_REMOTE_NAME" "$MONO_GIT_BRANCH"
+  git push -f --set-upstream "$MONO_REMOTE_NAME" "$MONO_GIT_BRANCH"
 
   if [[ "$MONO_RUN_MULTIPART_SMOKE" == "true" ]]; then
     mkdir -p fixtures/multipart-smoke
@@ -729,18 +726,14 @@ clone_and_verify() {
   configure_local_credential_helper
   if [[ "$SERVER_MODE" == "remote" ]]; then
     git drs remote add gen3 "$MONO_REMOTE_NAME" \
-      --token "$GEN3_TOKEN" \
-      --bucket "$ACTIVE_BUCKET" \
-      --organization "$TEST_ORGANIZATION" \
-      --project "$TEST_PROJECT_ID"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
     ensure_repo_remote_token "$MONO_REMOTE_NAME"
   else
     local -a local_add_args_clone
     local_add_args_clone=(
       git drs remote add local "$MONO_REMOTE_NAME" "$DRS_URL"
+      "$TEST_ORGANIZATION/$TEST_PROJECT_ID"
       --bucket "$ACTIVE_BUCKET"
-      --organization "$TEST_ORGANIZATION"
-      --project "$TEST_PROJECT_ID"
     )
     if [[ -n "$LOCAL_USERNAME" && -n "$LOCAL_PASSWORD" ]]; then
       local_add_args_clone+=(--username "$LOCAL_USERNAME" --password "$LOCAL_PASSWORD")
diff --git a/tests/monorepos/run-test.sh b/tests/monorepos/run-test.sh
index 47a5835e..263d0993 100755
--- a/tests/monorepos/run-test.sh
+++ b/tests/monorepos/run-test.sh
@@ -211,7 +211,7 @@ if [ "$CLONE" = "true" ]; then
   fi
   echo "Pulling LFS objects from remote" >&2
   git drs init
-  git drs remote add gen3 "$PROFILE" --cred "$CREDENTIALS_PATH"  --bucket $BUCKET --project "$PROGRAM-$PROJECT" --url https://calypr-dev.ohsu.edu
+  git drs remote add gen3 "$PROFILE" "$PROGRAM/$PROJECT" --cred "$CREDENTIALS_PATH"
   git lfs pull origin main
   if grep -q 'https://git-lfs.github.com/spec/v1' ./TARGET-ALL-P2/sub-directory-1/*file-0001.dat; then
     echo "error: LFS pointer resolved and data in `TARGET-ALL-P2/sub-directory-1/file-0001.dat`" >&2
@@ -235,7 +235,7 @@ else
 
   # Initialize drs configuration for this repo
   git drs init -t 16
-  git drs remote add gen3 "$PROFILE" --cred "$CREDENTIALS_PATH"  --bucket $BUCKET --project "$PROGRAM-$PROJECT" --url https://calypr-dev.ohsu.edu
+  git drs remote add gen3 "$PROFILE" "$PROGRAM/$PROJECT" --cred "$CREDENTIALS_PATH"
   # Set multipart-threshold to 10 (MB) for testing purposes
   # Using a smaller threshold to force a multipart upload for testing
   # default is 500 (MB)
diff --git a/tests/scripts/coverage/assert-coverage-timestamp.sh b/tests/scripts/coverage/assert-coverage-timestamp.sh
index 4abd1a54..681450bd 100755
--- a/tests/scripts/coverage/assert-coverage-timestamp.sh
+++ b/tests/scripts/coverage/assert-coverage-timestamp.sh
@@ -58,7 +58,7 @@ while IFS= read -r -d '' f; do
     max=$m
     latest_go="$f"
   fi
-done < <(find . -type f -name '*.go' -not -path './vendor/*' -print0)
+done < <(find . -type f -name '*.go' -not -path './vendor/*' -not -path '*/.*' -not -path './venv/*' -print0)
 
 if [ "$max" -eq 0 ]; then
   echo "No .go files found to compare against." >&2