feat(vendor): hold patch blobs in memory — vendoring writes no .socket/blobs or temp files

Vendor flows (vendor, scan --vendor, --detached) no longer persist patch
content anywhere on disk: a vendored project's .socket holds only
manifest.json and vendor/.

- core: PatchSources.mem_blobs overlay, checked before the on-disk blob
  read in the apply pipeline's blob strategy.
- core: harvest_artifact_blobs — re-stage afterHash blobs from the
  committed vendor artifact itself (uuid-matched against the ledger,
  every blob self-verified by its own git-sha256), so in-sync re-runs
  and fresh clones of vendored projects stage with no network.
- cli: stage_vendor_sources_in_memory replaces the disk stager in all
  vendor flows; missing content is fetched per patch via the proxy-aware
  patch-view endpoint straight into memory.
- cli: DownloadParams.persist_blobs — scan passes !args.vendor so the
  scan --vendor download phase writes only the manifest.
- e2e: .socket-stays-lean assertions (manifest mode, detached, fresh
  clone) + no-blobs detached idempotency; core harvest unit tests
  (tgz, dir-shaped, stale-uuid, escaping-path fail-closed).
- docs: CLI contract "Patch sources stay in memory" section.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Author: mikolalysenko

crates/socket-patch-cli/CLI_CONTRACT.md

@@ -82,7 +82,7 @@ Beyond the globals above, each subcommand defines a small set of local arguments
 
 `scan --sync` is sugar for `--apply --prune` — the canonical single-flag bot invocation. `scan --json --sync --yes` discovers, applies, and reconciles state in one pass.
 
-`scan --vendor` swaps the in-place apply for the vendor pipeline: discover → download (manifest written, as `--apply`) → vendor every patched dependency via the same engine as the `vendor` command (under the same lock). The whole manifest is vendored, so a package vendored at an older patch uuid is **re-vendored automatically** (its old uuid dir is removed — `vendor_stale_artifact_removed`); same-uuid re-runs are `already_vendored` skips. With `--prune`, GC runs **before** the vendor step so stale manifest entries don't fail vendoring with `package_not_installed`. JSON output gains a `download` sub-object (the download phase; no `applied` field — nothing is applied in place) and a `vendor` sub-object (a full vendor Envelope). `--dry-run` previews per-patch `would_vendor` | `would_revendor` (+`oldUuid`) | `already_vendored` without network downloads or disk writes. Interactive mode prompts "Download and vendor N patch(es)?".
+`scan --vendor` swaps the in-place apply for the vendor pipeline: discover → download (manifest written, as `--apply`) → vendor every patched dependency via the same engine as the `vendor` command (under the same lock). The whole manifest is vendored, so a package vendored at an older patch uuid is **re-vendored automatically** (its old uuid dir is removed — `vendor_stale_artifact_removed`); same-uuid re-runs are `already_vendored` skips. With `--prune`, GC runs **before** the vendor step so stale manifest entries don't fail vendoring with `package_not_installed`. JSON output gains a `download` sub-object (the download phase; no `applied` field — nothing is applied in place) and a `vendor` sub-object (a full vendor Envelope). The download phase writes only `.socket/manifest.json`; patch blobs are held in memory (see "Patch sources stay in memory" under the vendor contract). `--dry-run` previews per-patch `would_vendor` | `would_revendor` (+`oldUuid`) | `already_vendored` without network downloads or disk writes. Interactive mode prompts "Download and vendor N patch(es)?".
 
 `scan --vendor --detached` performs the same vendoring **without ever writing `.socket/manifest.json`**: records are fetched into memory (`download.detached: true`), the artifacts are built + wired, and the ledger entry carries `detached: true` plus an embedded copy of the patch record (`record`) as the verification source. Detached patches are invisible to apply/rollback/repair (nothing is in the manifest), exempt from `vendor`'s manifest reconcile, and exit via `remove <purl>` (which reverts them) or `vendor --revert`. Idempotent re-runs reuse the embedded record and skip the patch-view fetch entirely.
 
@@ -326,6 +326,14 @@ machines with **no socket-patch installed and no Socket API access** (registry a
 unvendored dependencies may still be needed). Every mechanism below was validated against the real
 package managers (`spikes/PHASE0-FINDINGS.txt`).
 
+**Patch sources stay in memory (v3.4)**: vendoring never writes `.socket/blobs/`, `.socket/diffs/`,
+or temporary patch files. Pre-existing `.socket/` artifacts (from a prior `apply`/`get`/`repair`)
+are read in place; already-vendored purls re-stage patch content from the committed artifact itself
+(uuid-matched against the ledger, every harvested blob self-verified by its afterHash — so in-sync
+re-runs and fresh clones of vendored projects need no network); anything still missing is fetched
+into memory via the patch-view endpoint. A vendored project's `.socket/` holds only
+`manifest.json` (omitted in detached mode) and `vendor/`.
+
 ### Path convention + patch-UUID recovery (stable)
 
 ```text

crates/socket-patch-cli/src/commands/apply.rs

@@ -5,8 +5,8 @@ use socket_patch_core::crawlers::{
 };
 use socket_patch_core::manifest::operations::read_manifest;
 use socket_patch_core::manifest::schema::PatchRecord;
-use socket_patch_core::patch::apply::{MismatchPolicy, 
-    apply_package_patch, verify_file_patch, ApplyResult, PatchSources, VerifyStatus,
+use socket_patch_core::patch::apply::{
+    apply_package_patch, verify_file_patch, ApplyResult, MismatchPolicy, PatchSources, VerifyStatus,
 };
 /// Files whose pre-apply content matched NEITHER hash and were (or would
 /// be) overwritten with the verified patched content — the promoted
@@ -94,10 +94,7 @@ async fn ensure_blobs_for_mismatches(
     }
     let (client, _) = get_api_client_with_overrides(args.common.api_client_overrides()).await;
     let _ = socket_patch_core::api::blob_fetcher::fetch_blobs_by_hash(
-        &needed,
-        blobs_path,
-        &client,
-        None,
+        &needed, blobs_path, &client, None,
     )
     .await;
 }
@@ -732,17 +729,13 @@ pub async fn run(args: ApplyArgs) -> i32 {
                             };
                             println!(
                                 "  {}{}",
-                                socket_patch_core::utils::purl::normalize_purl(
-                                    &result.package_key
-                                ),
+                                socket_patch_core::utils::purl::normalize_purl(&result.package_key),
                                 suffix
                             );
                         } else if all_files_already_patched(result) {
                             println!(
                                 "  {} (already patched)",
-                                socket_patch_core::utils::purl::normalize_purl(
-                                    &result.package_key
-                                )
+                                socket_patch_core::utils::purl::normalize_purl(&result.package_key)
                             );
                         }
                     }
@@ -1102,6 +1095,7 @@ async fn apply_patches_inner(
                     blobs_path: &blobs_path,
                     packages_path: Some(&packages_path),
                     diffs_path: Some(&diffs_path),
+                    mem_blobs: None,
                 };
                 let result = apply_package_patch(
                     variant_purl,
@@ -1186,38 +1180,38 @@ async fn apply_patches_inner(
                 blobs_path: &blobs_path,
                 packages_path: Some(&packages_path),
                 diffs_path: Some(&diffs_path),
+                mem_blobs: None,
             };
             // Local go redirects to a project-local patched copy under
             // `.socket/go-patches/` wired via a `go.mod` `replace` (the module
             // cache is `go.sum`-verified, so in-place patching can't build).
             // Everything else — npm/pypi/gem and cargo (vendored or registry
             // cache) — patches in place via `apply_package_patch`. Without the
             // `golang` feature `try_local_go_apply` is an inert `None`.
-            let result =
-                match try_local_go_apply(
-                    purl,
-                    pkg_path,
-                    patch,
-                    &sources,
-                    &args.common,
-                    mismatch_policy(args.force, args.common.strict),
-                )
+            let result = match try_local_go_apply(
+                purl,
+                pkg_path,
+                patch,
+                &sources,
+                &args.common,
+                mismatch_policy(args.force, args.common.strict),
+            )
+            .await
+            {
+                Some(r) => r,
+                None => {
+                    apply_package_patch(
+                        purl,
+                        pkg_path,
+                        &patch.files,
+                        &sources,
+                        Some(&patch.uuid),
+                        args.common.dry_run,
+                        mismatch_policy(args.force, args.common.strict),
+                    )
                     .await
-                {
-                    Some(r) => r,
-                    None => {
-                        apply_package_patch(
-                            purl,
-                            pkg_path,
-                            &patch.files,
-                            &sources,
-                            Some(&patch.uuid),
-                            args.common.dry_run,
-                            mismatch_policy(args.force, args.common.strict),
-                        )
-                        .await
-                    }
-                };
+                }
+            };
 
             warn_mismatch_overwrites(&result, &args.common);
             if !result.success {
@@ -1434,7 +1428,7 @@ mod tests {
             .enumerate()
             .map(|(i, status)| VerifyResult {
                 file: format!("package/f{i}.js"),
-                status: status.clone(),
+                status: *status,
                 message: None,
                 current_hash: None,
                 expected_hash: None,

crates/socket-patch-cli/src/commands/fetch_stage.rs

@@ -7,6 +7,7 @@
 //! cache is `repair`'s job, keeping these commands read-only against
 //! `.socket/`).
 
+use std::collections::HashMap;
 use std::path::{Path, PathBuf};
 
 use socket_patch_core::api::blob_fetcher::{
@@ -36,6 +37,7 @@ impl StagedSources {
             blobs_path: &self.blobs,
             packages_path: Some(&self.packages),
             diffs_path: Some(&self.diffs),
+            mem_blobs: None,
         }
     }
 }
@@ -199,6 +201,7 @@ pub async fn stage_patch_sources(
         blobs_path: &stage_blobs,
         packages_path: Some(&stage_packages),
         diffs_path: Some(&stage_diffs),
+        mem_blobs: None,
     };
     let fetch_result =
         fetch_missing_sources(manifest, &sources, download_mode, &client, None).await;
@@ -244,3 +247,191 @@ pub async fn stage_patch_sources(
         _stage: Some(stage),
     }))
 }
+
+/// In-memory staged sources for the VENDOR flows.
+///
+/// Existing `.socket/` artifacts are read in place (never copied, never
+/// rewritten); patch content that is missing locally is fetched into
+/// MEMORY via the patch view endpoint — vendoring writes no
+/// `.socket/blobs` entries and no temporary files. The committed
+/// `.socket/vendor/` artifact is the patch; nothing else should land on
+/// disk.
+pub struct MemStagedSources {
+    blobs: PathBuf,
+    diffs: PathBuf,
+    packages: PathBuf,
+    mem: HashMap<String, Vec<u8>>,
+}
+
+impl MemStagedSources {
+    /// Borrow as the core pipeline's source set (memory overlay first,
+    /// on-disk artifacts as the read-only fallback).
+    pub fn as_patch_sources(&self) -> PatchSources<'_> {
+        PatchSources {
+            blobs_path: &self.blobs,
+            packages_path: Some(&self.packages),
+            diffs_path: Some(&self.diffs),
+            mem_blobs: Some(&self.mem),
+        }
+    }
+}
+
+/// The in-memory staging outcome (mirror of [`StageOutcome`]).
+pub enum MemStageOutcome {
+    Ready(MemStagedSources),
+    Unavailable,
+}
+
+/// Stage patch sources for a VENDOR run without writing anything:
+/// per-record availability follows the same rule as
+/// [`stage_patch_sources`] (all after-blobs on disk, or a diff/package
+/// archive on disk), and records with no usable local source have their
+/// full per-file content fetched into memory from the patch view
+/// endpoint (`blobContent`). Offline runs with missing sources are
+/// `Unavailable` with the same diagnostics as the disk stager.
+pub async fn stage_vendor_sources_in_memory(
+    common: &GlobalArgs,
+    manifest: &PatchManifest,
+    socket_dir: &Path,
+    project_root: &Path,
+) -> Result<MemStageOutcome, String> {
+    let blobs = socket_dir.join("blobs");
+    let diffs = socket_dir.join("diffs");
+    let packages = socket_dir.join("packages");
+
+    let missing_blobs = get_missing_blobs(manifest, &blobs).await;
+    let missing_diff_archives = get_missing_archives(manifest, &diffs).await;
+    let missing_package_archives = get_missing_archives(manifest, &packages).await;
+
+    let mut to_fetch: Vec<(&str, &str)> = manifest
+        .patches
+        .iter()
+        .filter_map(|(purl, record)| {
+            let all_blobs_present = record
+                .files
+                .values()
+                .all(|f| !missing_blobs.contains(&f.after_hash));
+            let diff_present = !missing_diff_archives.contains(&record.uuid);
+            let pkg_present = !missing_package_archives.contains(&record.uuid);
+            if all_blobs_present || diff_present || pkg_present {
+                None
+            } else {
+                Some((purl.as_str(), record.uuid.as_str()))
+            }
+        })
+        .collect();
+
+    if to_fetch.is_empty() {
+        return Ok(MemStageOutcome::Ready(MemStagedSources {
+            blobs,
+            diffs,
+            packages,
+            mem: HashMap::new(),
+        }));
+    }
+
+    // The committed vendor artifact IS the patched content: harvest its
+    // afterHash blobs into memory so in-sync re-runs and fresh clones of
+    // already-vendored projects stage with no network and no disk blobs.
+    let mut mem =
+        socket_patch_core::patch::vendor::harvest_artifact_blobs(project_root, &manifest.patches)
+            .await;
+    if !mem.is_empty() {
+        to_fetch.retain(|(purl, _)| {
+            manifest.patches.get(*purl).is_none_or(|record| {
+                !record.files.values().all(|f| {
+                    !missing_blobs.contains(&f.after_hash) || mem.contains_key(&f.after_hash)
+                })
+            })
+        });
+        if to_fetch.is_empty() {
+            return Ok(MemStageOutcome::Ready(MemStagedSources {
+                blobs,
+                diffs,
+                packages,
+                mem,
+            }));
+        }
+    }
+
+    if common.offline {
+        if !common.silent && !common.json {
+            eprintln!(
+                "Error: {} patch(es) have no local source and --offline is set:",
+                to_fetch.len()
+            );
+            for (purl, _) in to_fetch.iter().take(5) {
+                eprintln!("  - {}", purl);
+            }
+            if to_fetch.len() > 5 {
+                eprintln!("  ... and {} more", to_fetch.len() - 5);
+            }
+            eprintln!("Run \"socket-patch repair\" to download missing artifacts.");
+        }
+        return Ok(MemStageOutcome::Unavailable);
+    }
+
+    if !common.silent && !common.json {
+        println!(
+            "Fetching {} patch(es)' content (kept in memory)...",
+            to_fetch.len()
+        );
+    }
+
+    let (client, _) = get_api_client_with_overrides(common.api_client_overrides()).await;
+    let mut failed: Vec<&str> = Vec::new();
+    for (purl, uuid) in &to_fetch {
+        match client.fetch_patch(common.org.as_deref(), uuid).await {
+            Ok(Some(patch)) => {
+                let mut complete = true;
+                for (file, info) in &patch.files {
+                    let (Some(b64), Some(hash)) = (&info.blob_content, &info.after_hash) else {
+                        if !common.silent && !common.json {
+                            eprintln!("  [error] {purl}: no blob content served for {file}");
+                        }
+                        complete = false;
+                        break;
+                    };
+                    // Same key guard as the disk writer: the hash names the
+                    // lookup key the apply pipeline gates writes on.
+                    if hash.len() != 64 || !hash.bytes().all(|b| b.is_ascii_hexdigit()) {
+                        complete = false;
+                        break;
+                    }
+                    match super::get::base64_decode(b64) {
+                        Ok(bytes) => {
+                            mem.insert(hash.clone(), bytes);
+                        }
+                        Err(_) => {
+                            complete = false;
+                            break;
+                        }
+                    }
+                }
+                if !complete {
+                    failed.push(purl);
+                }
+            }
+            _ => failed.push(purl),
+        }
+    }
+    if !failed.is_empty() {
+        if !common.silent && !common.json {
+            eprintln!(
+                "Error: could not fetch patch content for {} patch(es):",
+                failed.len()
+            );
+            for purl in failed.iter().take(5) {
+                eprintln!("  - {}", purl);
+            }
+        }
+        return Ok(MemStageOutcome::Unavailable);
+    }
+
+    Ok(MemStageOutcome::Ready(MemStagedSources {
+        blobs,
+        diffs,
+        packages,
+        mem,
+    }))
+}