Module Dependency Lock File
The lock file (invowkmod.lock.cue) records the exact versions of all resolved module dependencies, ensuring reproducible builds across machines and over time.
It is auto-generated by invowk module sync and invowk module update.
Example Lock File
version: "2.0"
generated: "2025-01-10T12:34:56Z"
modules: {
"https://github.com/example/common.invowkmod.git": {
git_url: "https://github.com/example/common.invowkmod.git"
version: "^1.0.0"
resolved_version: "1.2.3"
git_commit: "abc123def456789012345678901234567890abcd"
alias: "common"
namespace: "common"
content_hash: "sha256:a1b2c3d4e5f6..."
}
}
Root Fields
| Field | Description |
|---|---|
version | Lock file format version (current: "2.0") |
generated | Timestamp when the lock file was created |
modules | Map of module keys to locked module entries |
Module Entry Fields
Each entry in modules contains:
| Field | Description |
|---|---|
git_url | Git repository URL |
version | Original version constraint from invowkmod.cue |
resolved_version | Exact resolved version |
git_commit | Commit SHA for the resolved version |
alias | Namespace alias (if set) |
path | Subdirectory path (if set) |
namespace | Computed namespace for commands |
content_hash | SHA-256 content hash of the cached module tree (tamper detection) |
Module Keys
The key in the modules map is derived from the Git URL and optional path:
modules: {
"https://github.com/example/monorepo.invowkmod.git#modules/cli": {
git_url: "https://github.com/example/monorepo.invowkmod.git"
path: "modules/cli"
}
}
Usage Notes
- Commit
invowkmod.lock.cueto version control for reproducible builds. invowk module addwrites the lock file automatically (no need to runinvowk module syncafterward).
Common Workflows
# Resolve and lock
invowk module sync
# Commit the lock file
git add invowkmod.lock.cue
git commit -m "Lock module dependencies"