Architecture · 11.07
Graph Hashing & Content-Addressing
Why an unchanged workflow graph resumes without re-validation, and how assets get deduplicated by SHA-256.
A fingerprint for divergence detection, honestly scoped
A workflow graph's content hash is a SHA-256 fingerprint over its behavior-significant canonical form, used for two concrete purposes: detecting when a run actually executed a different graph than what's now stored (save/run divergence), and letting the canvas notice unsaved local edits by comparing a locally-computed hash against the server's own contentHash. The hashing logic deliberately lives in the API package rather than in shared core types, specifically so that packages/core can stay import-safe in a browser context with no node:crypto dependency pulled in just for this. And it's stated plainly that this is not a tamper or security boundary — it's a correctness and staleness signal, not a cryptographic guarantee against a malicious actor.
The same idea, applied to every generated asset
Every image, document, and generated artifact lands in a content-addressed store keyed by the SHA-256 of its own bytes. Generate the same output twice — the same prompt, the same extracted document — and the store recognizes the identical hash and reuses the existing blob rather than writing a second copy, the same content-addressing principle applied to storage economics instead of change detection.