pub fn new<P: AsRef<Path>, S: Signer + 'static>(

pub use ed25519::Error;

/// Verified (used as type witness).

#[derive(Debug, Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]

pub struct Verified;

/// Unverified (used as type witness).

#[derive(Debug, Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]

pub struct Unverified;

pub trait Signer: Send + Sync {

impl<T> Signer for &T

where

    T: Signer + ?Sized,

{

    fn sign(&self, msg: &[u8]) -> Signature {

        self.deref().sign(msg)

    }

    fn public_key(&self) -> &PublicKey {

        self.deref().public_key()

    }

}

use crate::storage::refs::Refs;

use crate::storage::RemoteId;

pub fn remote_refs(url: &Url) -> Result<HashMap<RemoteId, Refs>, ListRefsError> {

        let entry = remotes.entry(id).or_insert_with(Refs::default);

        entry.insert(refname.to_string(), r.oid().into());

    Ok(remotes)

    // TODO: Take the ref as parameter.

use crate::storage::{Inventory, ReadStorage, Remotes, WriteStorage};

                let refs = remote.refs.unverified();

                self.context

                    .broadcast(Message::RefsUpdate { proj, user, refs }, peers);

    pub local: Option<Remotes<crypto::Verified>>,

use crate::storage::refs::SignedRefs;

        refs: SignedRefs<crypto::Unverified>,

            (PeerState::Negotiated { git, .. }, Message::RefsUpdate { proj, user, refs }) => {

                if refs.verified(&user).is_ok() {

use crate::crypto::Verified;

use crate::storage::refs::SignedRefs;

) -> Result<(ProjId, SignedRefs<Verified>), InitError> {

    let signed = storage.sign_refs(&project)?;

    Ok((id, signed))

        let (_id, _refs) = init(

pub mod refs;

use radicle_git_ext as git_ext;

use crate::crypto::{self, Unverified, Verified};

use crate::git::Url;

use crate::storage::refs::Refs;

use self::refs::SignedRefs;

    #[error(transparent)]

    Refs(#[from] refs::Error),

impl<V> Deref for Remotes<V> {

    type Target = HashMap<RemoteId, Remote<V>>;

    fn deref(&self) -> &Self::Target {

        &self.0

    }

}

impl<V> Remotes<V> {

    pub fn new(remotes: HashMap<RemoteId, Remote<V>>) -> Self {

impl Remotes<Verified> {

    pub fn unverified(self) -> Remotes<Unverified> {

        Remotes(

            self.into_iter()

                .map(|(id, r)| (id, r.unverified()))

                .collect(),

        )

    }

}

impl<V> Default for Remotes<V> {

#[allow(clippy::from_over_into)]

impl<V> Into<HashMap<RemoteId, Refs>> for Remotes<V> {

    fn into(self) -> HashMap<RemoteId, Refs> {

        let mut remotes = HashMap::with_hasher(fastrand::Rng::new().into());

        for (k, v) in self.into_iter() {

            remotes.insert(k, v.refs.into());

        }

        remotes

    }

}

    pub refs: SignedRefs<V>,

impl<V> Remote<V> {

    pub fn new(id: UserId, refs: impl Into<SignedRefs<V>>) -> Self {

            refs: refs.into(),

impl Remote<Unverified> {

    pub fn verified(self) -> Result<Remote<Verified>, crypto::Error> {

        let refs = self.refs.verified(&self.id)?;

        Ok(Remote {

            id: self.id,

            refs,

            delegate: self.delegate,

            verified: PhantomData,

        })

    }

}

impl Remote<Verified> {

    pub fn unverified(self) -> Remote<Unverified> {

        Remote {

            id: self.id,

            refs: self.refs.unverified(),

            delegate: self.delegate,

            verified: PhantomData,

        }

    }

}

    fn get(&self, proj: &ProjId) -> Result<Option<Remotes<Verified>>, Error>;

    fn sign_refs(&self, repository: &Self::Repository) -> Result<SignedRefs<Verified>, Error>;

    fn blob_at<'a>(&'a self, oid: Oid, path: &'a Path) -> Result<git2::Blob<'a>, git_ext::Error>;

    fn reference(

        &self,

        user: &UserId,

        reference: &str,

    ) -> Result<Option<git2::Reference>, git2::Error>;

    fn reference_oid(&self, user: &UserId, reference: &str) -> Result<Option<Oid>, git2::Error>;

    fn references(&self, user: &UserId) -> Result<Refs, Error>;

    fn remote(&self, user: &UserId) -> Result<Remote<Verified>, refs::Error>;

    fn remotes(&self) -> Result<Remotes<Verified>, refs::Error>;

    fn raw(&self) -> &git2::Repository;

    fn get(&self, proj: &ProjId) -> Result<Option<Remotes<Verified>>, Error> {

    fn sign_refs(&self, repository: &S::Repository) -> Result<SignedRefs<Verified>, Error> {

        self.deref().sign_refs(repository)

    }

use std::collections::BTreeMap;

use crate::crypto::{Signer, Verified};

use crate::storage::refs;

use crate::storage::refs::{Refs, SignedRefs};

use crate::storage::{

    Error, Inventory, ReadRepository, ReadStorage, Remote, Remotes, WriteRepository, WriteStorage,

use super::RemoteId;

pub static SIGNATURES_GLOB: Lazy<refspec::PatternString> =

    Lazy::new(|| refspec::pattern!("refs/remotes/*/radicle/signature"));

    fn url(&self) -> git::Url {

        git::Url {

            ..git::Url::default()

    fn get(&self, id: &ProjId) -> Result<Option<Remotes<Verified>>, Error> {

        // TODO: Don't create a repo here if it doesn't exist?

        //       Perhaps for checking we could have a `contains` method?

        match self.repository(id) {

            Ok(r) => {

                let remotes = r.remotes()?;

                if remotes.is_empty() {

                    Ok(None)

                } else {

                    Ok(Some(remotes))

                }

            }

            Err(e) => Err(e),

        }

    fn sign_refs(&self, repository: &Repository) -> Result<SignedRefs<Verified>, Error> {

        let remote = self.signer.public_key();

        let refs = repository.references(remote)?;

        let signed = refs.signed(self.signer.clone())?;

        signed.save(remote, repository)?;

        Ok(signed)

    }

    pub fn open<P: AsRef<Path>, S: Signer + 'static>(

        path: P,

        signer: S,

    ) -> Result<Self, io::Error> {

    pub fn with_signer(&self, signer: impl Signer + 'static) -> Self {

        Self {

            path: self.path.clone(),

            signer: Arc::new(signer),

        }

    }

    pub fn inspect(&self) -> Result<(), Error> {

        for proj in self.projects()? {

            let repo = self.repository(&proj)?;

            for r in repo.raw().references()? {

                let r = r?;

                let name = r.name().ok_or(Error::InvalidRef)?;

                let oid = r.target().ok_or(Error::InvalidRef)?;

                println!("{} {} {}", proj, oid, name);

            }

        }

        Ok(())

    }

    // TODO: Add project id here so we can refer to it

    // in a bunch of places. We could write it to the

    // git config for later.

                let mut config = backend.config()?;

                // TODO: Get ahold of user name and/or key.

                config.set_str("user.name", "radicle")?;

                config.set_str("user.email", "radicle@localhost")?;

    pub fn inspect(&self) -> Result<(), Error> {

        for r in self.backend.references()? {

            let r = r?;

            let name = r.name().ok_or(Error::InvalidRef)?;

            let oid = r.target().ok_or(Error::InvalidRef)?;

            println!("{} {}", oid, name);

        }

        Ok(())

    fn blob_at<'a>(&'a self, oid: Oid, path: &'a Path) -> Result<git2::Blob<'a>, git_ext::Error> {

        git_ext::Blob::At {

            object: oid.into(),

            path,

        }

        .get(&self.backend)

    }

    fn reference(

        &self,

        remote: &RemoteId,

        name: &str,

    ) -> Result<Option<git2::Reference>, git2::Error> {

        let name = format!("refs/remotes/{remote}/{name}");

        self.backend.find_reference(&name).map(Some).or_else(|e| {

            if git_ext::is_not_found_err(&e) {

                Ok(None)

            } else {

                Err(e)

            }

        })

    }

    fn reference_oid(&self, user: &RemoteId, reference: &str) -> Result<Option<Oid>, git2::Error> {

        let reference = self.reference(user, reference)?;

        Ok(reference.and_then(|r| r.target().map(|o| o.into())))

    }

    fn remote(&self, remote: &RemoteId) -> Result<Remote<Verified>, refs::Error> {

        let refs = SignedRefs::load(remote, self)?;

        Ok(Remote::new(*remote, refs))

    }

    fn references(&self, remote: &RemoteId) -> Result<Refs, Error> {

        // TODO: Only return known refs, eg. heads/ rad/ tags/ etc..

            .references_glob(format!("refs/remotes/{remote}/*").as_str())?;

        let mut refs = BTreeMap::new();

            let (_, refname) = git::parse_ref::<RemoteId>(name)?;

        Ok(refs.into())

    fn remotes(&self) -> Result<Remotes<Verified>, refs::Error> {

        // TODO: Should use the id glob here instead of signature.

        let refs = self.backend.references_glob(SIGNATURES_GLOB.as_str())?;

            let name = r.name().ok_or(refs::Error::InvalidRef)?;

            let (id, _) = git::parse_ref::<RemoteId>(name)?;

            let remote = self.remote(&id)?;

            remotes.insert(id, remote);

    fn fetch(&mut self, url: &git::Url) -> Result<(), git2::Error> {

    fn raw(&self) -> &git2::Repository {

        &self.backend

    }

    use crate::storage::refs::SIGNATURE_REF;

    use crate::test::arbitrary;

    fn test_remote_refs() {

        let mut refs = git::remote_refs(&git::Url {

            ..git::Url::default()

        let project = storage.repository(proj).unwrap();

        let remotes = project.remotes().unwrap();

        // Strip the remote refs of sigrefs so we can compare them.

        for remote in refs.values_mut() {

            remote.remove(SIGNATURE_REF).unwrap();

        }

        assert_eq!(refs, remotes.into());

            .fetch(&git::Url {

                ..git::Url::default()

            let alice_repo = alice.repository(proj).unwrap();

            let alice_oid = alice_repo.reference(&id, refname).unwrap().unwrap();

            let bob_repo = bob.repository(proj).unwrap();

            let bob_oid = bob_repo.reference(&id, refname).unwrap().unwrap();

            assert_eq!(alice_oid.target(), bob_oid.target());

    #[test]

    fn test_sign_refs() {

        let tmp = tempfile::tempdir().unwrap();

        let mut rng = fastrand::Rng::new();

        let signer = MockSigner::new(&mut rng);

        let storage = Storage::open(tmp.path(), signer).unwrap();

        let proj_id = arbitrary::gen::<ProjId>(1);

        let alice = *storage.user_id();

        let project = storage.repository(&proj_id).unwrap();

        let backend = &project.backend;

        let sig = git2::Signature::now(&alice.to_string(), "anonymous@radicle.xyz").unwrap();

        let head = git::initial_commit(backend, &sig).unwrap();

        let head = git::commit(backend, &head, "Second commit", &alice.to_string()).unwrap();

        backend

            .reference(

                &format!("refs/remotes/{alice}/heads/master"),

                head.id(),

                false,

                "test",

            )

            .unwrap();

        let signed = storage.sign_refs(&project).unwrap();

        let remote = project.remote(&alice).unwrap();

        let mut unsigned = project.references(&alice).unwrap();

        // The signed refs doesn't contain the signature ref itself.

        unsigned.remove(SIGNATURE_REF).unwrap();

        assert_eq!(remote.refs, signed);

        assert_eq!(*remote.refs, unsigned);

    }

use std::collections::BTreeMap;

use std::fmt::Debug;

use std::io;

use std::io::{BufRead, BufReader};

use std::marker::PhantomData;

use std::ops::{Deref, DerefMut};

use std::path::Path;

use std::str::FromStr;

use radicle_git_ext as git_ext;

use serde::{Deserialize, Serialize};

use thiserror::Error;

use crate::crypto;

use crate::crypto::{PublicKey, Signature, Signer, Unverified, Verified};

use crate::git;

use crate::git::Oid;

use crate::storage;

use crate::storage::{ReadRepository, RemoteId, WriteRepository};

pub const SIGNATURE_REF: &str = "radicle/signature";

pub const REFS_BLOB_PATH: &str = "refs";

pub const SIGNATURE_BLOB_PATH: &str = "signature";

#[derive(Debug)]

pub enum Updated {

    /// The computed [`Refs`] were stored as a new commit.

    Updated { oid: Oid },

    /// The stored [`Refs`] were the same as the computed ones, so no new commit

    /// was created.

    Unchanged { oid: Oid },

}

#[derive(Debug, Error)]

pub enum Error {

    #[error("invalid signature: {0}")]

    InvalidSignature(#[from] crypto::Error),

    #[error("canonical refs: {0}")]

    Canonical(#[from] canonical::Error),

    #[error("invalid reference")]

    InvalidRef,

    #[error("invalid reference: {0}")]

    Ref(#[from] git::RefError),

    #[error(transparent)]

    Git(#[from] git2::Error),

    #[error(transparent)]

    GitExt(#[from] git_ext::Error),

    #[error("refs were not found")]

    NotFound,

}

/// The published state of a local repository.

#[derive(Default, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]

pub struct Refs(BTreeMap<String, Oid>);

impl Refs {

    /// Verify the given signature on these refs, and return [`SignedRefs`] on success.

    pub fn verified(

        self,

        signer: &PublicKey,

        signature: Signature,

    ) -> Result<SignedRefs<Verified>, Error> {

        let refs = self;

        let msg = refs.canonical();

        match signer.verify(&signature, &msg) {

            Ok(()) => Ok(SignedRefs {

                refs,

                signature,

                _verified: PhantomData,

            }),

            Err(e) => Err(e.into()),

        }

    }

    /// Sign these refs with the given signer and return [`SignedRefs`].

    pub fn signed<S>(self, signer: S) -> Result<SignedRefs<Verified>, Error>

    where

        S: Signer,

    {

        let refs = self;

        let msg = refs.canonical();

        let signature = signer.sign(&msg);

        Ok(SignedRefs {

            refs,

            signature,

            _verified: PhantomData,

        })

    }

    /// Create refs from a canonical representation.

    pub fn from_canonical(bytes: &[u8]) -> Result<Self, canonical::Error> {

        let reader = BufReader::new(bytes);

        let mut refs = BTreeMap::new();

        for line in reader.lines() {

            let line = line?;

            let (oid, name) = line

                .split_once(' ')

                .ok_or(canonical::Error::InvalidFormat)?;

            let name = name.to_owned();

            let oid = Oid::from_str(oid)?;

            refs.insert(name, oid);

        }

        Ok(Self(refs))

    }

    pub fn canonical(&self) -> Vec<u8> {

        let mut buf = String::new();

        let refs = self.iter().filter(|(name, _)| *name != SIGNATURE_REF);

        for (name, oid) in refs {

            buf.push_str(&oid.to_string());

            buf.push(' ');

            buf.push_str(name);

            buf.push('\n');

        }

        buf.into_bytes()

    }

}

impl From<Refs> for BTreeMap<String, Oid> {

    fn from(refs: Refs) -> Self {

        refs.0

    }

}

impl<V> From<SignedRefs<V>> for Refs {

    fn from(signed: SignedRefs<V>) -> Self {

        signed.refs

    }

}

impl From<BTreeMap<String, Oid>> for Refs {

    fn from(refs: BTreeMap<String, Oid>) -> Self {

        Self(refs)

    }

}

impl Deref for Refs {

    type Target = BTreeMap<String, Oid>;

    fn deref(&self) -> &Self::Target {

        &self.0

    }

}

impl DerefMut for Refs {

    fn deref_mut(&mut self) -> &mut Self::Target {

        &mut self.0

    }

}

/// Combination of [`Refs`] and a [`Signature`]. The signature is a cryptographic

/// signature over the refs. This allows us to easily verify if a set of refs

/// came from a particular user.

///

/// The type parameter keeps track of whether the signature was [`Verified`] or

/// [`Unverified`].

#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]

pub struct SignedRefs<V> {

    refs: Refs,

    signature: Signature,

    #[serde(skip)]

    _verified: PhantomData<V>,

}

impl SignedRefs<Unverified> {

    pub fn new(refs: Refs, signature: Signature) -> Self {

        Self {

            refs,

            signature,

            _verified: PhantomData,

        }

    }

    pub fn verified(self, signer: &PublicKey) -> Result<SignedRefs<Verified>, crypto::Error> {

        let canonical = self.refs.canonical();

        match signer.verify(&self.signature, &canonical) {

            Ok(()) => Ok(SignedRefs {

                refs: self.refs,

                signature: self.signature,

                _verified: PhantomData,

            }),

            Err(e) => Err(e),

        }

    }

}

impl SignedRefs<Verified> {

    pub fn load<S>(remote: &RemoteId, repo: &S) -> Result<Self, Error>

    where

        S: ReadRepository,

    {

        if let Some(oid) = repo.reference_oid(remote, SIGNATURE_REF)? {

            Self::load_at(oid, remote, repo)

        } else {

            Err(Error::NotFound)

        }

    }

    pub fn load_at<S>(oid: Oid, remote: &RemoteId, repo: &S) -> Result<Self, Error>

    where

        S: storage::ReadRepository,

    {

        let refs = repo.blob_at(oid, Path::new(REFS_BLOB_PATH))?;

        let signature = repo.blob_at(oid, Path::new(SIGNATURE_BLOB_PATH))?;

        let signature = crypto::Signature::try_from(signature.content())?;

        match remote.verify(&signature, refs.content()) {

            Ok(()) => {

                let refs = Refs::from_canonical(refs.content())?;

                Ok(Self {

                    refs,

                    signature,

                    _verified: PhantomData,

                })

            }

            Err(e) => Err(e.into()),

        }

    }

    /// Save the signed refs to disk.

    /// This creates a new commit on the signed refs branch, and updates the branch pointer.

    pub fn save<S: WriteRepository>(

        &self,

        // TODO: This should be part of the signed refs.

        remote: &RemoteId,

        repo: &S,

    ) -> Result<Updated, Error> {

        let parent: Option<git2::Commit> = repo

            .reference(remote, SIGNATURE_REF)?

            .map(|r| r.peel_to_commit())

            .transpose()?;

        let tree = {

            let raw = repo.raw();

            let refs_blob_oid = raw.blob(&self.canonical())?;

            let sig_blob_oid = raw.blob(&self.signature.to_bytes())?;

            let mut builder = raw.treebuilder(None)?;

            builder.insert(REFS_BLOB_PATH, refs_blob_oid, 0o100_644)?;

            builder.insert(SIGNATURE_BLOB_PATH, sig_blob_oid, 0o100_644)?;

            let oid = builder.write()?;

            raw.find_tree(oid)

        }?;

        if let Some(ref parent) = parent {

            if parent.tree()?.id() == tree.id() {

                return Ok(Updated::Unchanged {

                    oid: parent.id().into(),

                });

            }

        }

        let sigref = format!("refs/remotes/{remote}/{SIGNATURE_REF}");

        let author = repo.raw().signature()?;

        let commit = repo.raw().commit(

            Some(&sigref),

            &author,

            &author,

            &format!("Update {} for {}", SIGNATURE_REF, remote),

            &tree,

            &parent.iter().collect::<Vec<&git2::Commit>>(),

        );

        match commit {

            Ok(oid) => Ok(Updated::Updated { oid: oid.into() }),

            Err(e) => match (e.class(), e.code()) {

                (git2::ErrorClass::Object, git2::ErrorCode::Modified) => {

                    log::warn!("Concurrent modification of refs: {:?}", e);

                    Err(Error::Git(e))

                }

                _ => Err(e.into()),

            },

        }

    }

    pub fn unverified(self) -> SignedRefs<Unverified> {

        SignedRefs {

            refs: self.refs,

            signature: self.signature,

            _verified: PhantomData,

        }

    }

}

impl<V> Deref for SignedRefs<V> {

    type Target = Refs;

    fn deref(&self) -> &Self::Target {

        &self.refs

    }

}

pub mod canonical {

    use super::*;

    #[derive(Debug, thiserror::Error)]

    pub enum Error {

        #[error("invalid canonical format")]

        InvalidFormat,

        #[error(transparent)]

        Io(#[from] io::Error),

        #[error(transparent)]

        Git(#[from] git2::Error),

    }

}

// TODO: Test canonical/from_canonical

use std::collections::{BTreeMap, HashSet};

use quickcheck::Arbitrary;

use crate::crypto::{self, Signer};

use crate::crypto::{PublicKey, SecretKey};

use crate::identity::ProjId;

use crate::storage::refs::Refs;

use super::crypto::MockSigner;

pub fn set<T: Eq + Hash + Arbitrary>(range: impl RangeBounds<usize>) -> HashSet<T> {

pub fn gen<T: Arbitrary>(size: usize) -> T {

impl Arbitrary for storage::Remotes<crypto::Verified> {

        let remotes: HashMap<storage::RemoteId, storage::Remote<crypto::Verified>> =

            Arbitrary::arbitrary(g);

impl Arbitrary for MockStorage {

        let inventory = Arbitrary::arbitrary(g);

impl Arbitrary for Refs {

        let mut refs: BTreeMap<storage::RefName, storage::Oid> = BTreeMap::new();

        // TODO: Use refs other than branch names.

        Self::from(refs)

    }

}

impl Arbitrary for storage::Remote<crypto::Verified> {

    fn arbitrary(g: &mut quickcheck::Gen) -> Self {

        let refs = Refs::arbitrary(g);

        let signer = MockSigner::arbitrary(g);

        let signed = refs.signed(&signer).unwrap();

        storage::Remote::new(*signer.public_key(), signed)

    }

}

impl Arbitrary for MockSigner {

    fn arbitrary(g: &mut quickcheck::Gen) -> Self {

        let mut bytes: [u8; 32] = [0; 32];

        for byte in &mut bytes {

            *byte = u8::arbitrary(g);

        }

        MockSigner::from(SecretKey::from(bytes))

impl Arbitrary for ProjId {

impl Arbitrary for hash::Digest {

        let bytes: Vec<u8> = Arbitrary::arbitrary(g);

impl Arbitrary for PublicKey {

#[derive(Debug, Clone)]

        Self::from(SecretKey::from(bytes))

    }

}

impl From<SecretKey> for MockSigner {

    fn from(sk: SecretKey) -> Self {

        let pk = sk.verification_key().into();

        Self { sk, pk }

impl PartialEq for MockSigner {

    fn eq(&self, other: &Self) -> bool {

        self.pk == other.pk

    }

}

impl Eq for MockSigner {}

impl std::hash::Hash for MockSigner {

    fn hash<H: std::hash::Hasher>(&self, state: &mut H) {

        self.pk.hash(state)

    }

}

use crate::identity::ProjId;

use crate::storage::{ReadStorage, WriteStorage};

    let signers = arbitrary::set::<MockSigner>(1..3);

    let mut storages = signers

        .into_iter()

        .map(|s| Storage::open(path, s).unwrap())

        .collect::<Vec<_>>();

    for storage in &storages {

        let remote = storage.user_id();

        log::debug!("signer {}...", remote);

        for proj in proj_ids.iter() {

            let repo = storage.repository(proj).unwrap();

            let raw = &repo.backend;

            let sig = git2::Signature::now(&remote.to_string(), "anonymous@radicle.xyz").unwrap();

            let head = git::initial_commit(raw, &sig).unwrap();

            log::debug!("{}: creating {}...", remote, proj);

            raw.reference(

                &format!("refs/remotes/{remote}/heads/radicle/id"),

            let head = git::commit(raw, &head, "Second commit", &remote.to_string()).unwrap();

            raw.reference(

                &format!("refs/remotes/{remote}/heads/master"),

            let head = git::commit(raw, &head, "Third commit", &remote.to_string()).unwrap();

            raw.reference(

                &format!("refs/remotes/{remote}/heads/patch/3"),

            storage.sign_refs(&repo).unwrap();

    storages.pop().unwrap()

use crate::crypto::Verified;

use crate::storage::refs;

    Error, Inventory, ReadRepository, ReadStorage, Remote, Remotes, WriteRepository, WriteStorage,

    pub inventory: Vec<(ProjId, Remotes<Verified>)>,

    pub fn new(inventory: Vec<(ProjId, Remotes<Verified>)>) -> Self {

    fn get(&self, proj: &ProjId) -> Result<Option<Remotes<Verified>>, Error> {

    fn sign_refs(

        &self,

        _repository: &Self::Repository,

    ) -> Result<crate::storage::refs::SignedRefs<Verified>, Error> {

        todo!()

    }

    fn remote(&self, _user: &UserId) -> Result<Remote<Verified>, refs::Error> {

        todo!()

    }

    fn remotes(&self) -> Result<Remotes<Verified>, refs::Error> {

        todo!()

    }

    fn blob_at<'a>(

        &'a self,

        _oid: radicle_git_ext::Oid,

        _path: &'a std::path::Path,

    ) -> Result<git2::Blob<'a>, radicle_git_ext::Error> {

    fn reference(

        &self,

        _user: &UserId,

        _reference: &str,

    ) -> Result<Option<git2::Reference>, git2::Error> {

        todo!()

    }

    fn reference_oid(

        &self,

        _user: &UserId,

        _reference: &str,

    ) -> Result<Option<radicle_git_ext::Oid>, git2::Error> {

        todo!()

    }

    fn references(&self, _user: &UserId) -> Result<crate::storage::refs::Refs, Error> {

    fn raw(&self) -> &git2::Repository {

        todo!()

    }