# Radicle Overview (Old)
[TOC]
## Resources
- RIPs: https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:z3trNYnLWS11cJWC6BbxDs5niGo82
- Lars arch: https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/tree/07e455dc597b7c368ce658ba65b866a92b9a88c4/architecture/arch.md
-https://app.radicle.xyz/nodes/seed.rhizoma.dev/rad:z21RZuyuZwmmqB72Lq5A7hF8NGUF1
under slides/
- man pages: https://app.radicle.xyz/nodes/seed.radicle.xyz/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/tree/rad.1.adoc
- setting up seed node (outdated): https://github.com/radicle-dev/radicle-client-services
- Radicle 1.0 feature set: https://hackmd.io/CP_hhnhuTby-f_O6_E-Zew?both
- COBs: https://github.com/radicle-dev/radicle-link/blob/master/docs/rfc/0662-collaborative-objects.adoc
- Onboarding experience: https://hackmd.io/5_VS0D1DR_GTCyEhd39wTA
Docs Inspiration
- https://socketsupply.co/guides/#quick-start
- https://ssbc.github.io/scuttlebutt-protocol-guide/#keys-and-identities
## Protocol Doc Notes
- Protocol 1 Pager should be ~5 minute read. Just because its abridged doesn't mean we shouldnt be specific - it is important to still be specific.
- Protocol Detail Docs should have even more specifics, and be a 15 minute read
- Tone feedback: some aspects of the language are too colorful. be as matter of fact as possible. don’t use adjectives. instead of saying something is “secure” - say it is secured by cryptographic keys.
- a good example is satoshi's bitcoin paper, it explains things very precisely, but not using complicated language or lots of color
- [ ] diagram descriptions for all of the main sections & a few other important sub sections
- [ ] **COBs - need to be expanded with more details.**
- radicle comes with three collaborative projects out of the box
- issue
- patch
- id
- COBs are namespaced to keep them extensible, e.g. xyz.radicle.issue and xyz.radicle.patch
- it is exensible thanks to a bunch of things:
- the reason they are named like that - it ensures they are unique names
- someone else can create com.google.issue
- This section is a bit weak, we don't say much. I think we should say:
* what are cobs and how they are stored (you have some of that)
* what cobs are defined already by radicle (issue,patch,id)
* how cobs can be extended, and new cobs can be created
* how are cobs used to implement things like discussions etc.
- [ ] what is a git repo? a bunch of objects and a head - a master branch
- [ ] RIDs are URNs - and explain why
- [ ] Add more references that can enrich the reading experience. e.g. Git, DID, CRDT, Bootstrap nodes, TUF, Noise protocol, Tor
- [ ] It is nice how SSB's guide has supplementary info in side bar: https://ssbc.github.io/scuttlebutt-protocol-guide/#discovery
- [x] two topics to expand: 1. self-certifying aspect of the repository identity 2. the idea of canonicity.
- [x] issues and patches arent metadata - they are “social artifacts”. issues, patches, and cobs in general are “social artifacts”. id cob - parts of it are metadata, parts of it are social artifacts
- [ ] STORAGE - your upstream gets pushed locally - then that gets propagated to other nodes
- [x] Add something about how Radicle and Git tie to together (Repositories). git push rad -
https://git-scm.com/docs/gitremote-helpers - it invokes a git remote helper that invokes the rad protocol
- [ ] Likes how this resource explains p2p vs federation https://www.eff.org/deeplinks/2023/12/meet-spritely-and-veilid
- [ ] *** censorship resistance / noise protocol / tor:
- [ ] "I think we need to formulate this differently, because: (1) noise is just the handshake protocol, and (2) radicle doesn't really leverage tor, it's more that radicle has a tor integration that users can leverage for privacy"
- [ ] "I think this is a bit light, the noise protocol is just a handshake protocol for establishing secure connections. This section needs more thinking"
- [ ] *** We should explain what makes a node a public seed node, and also say that they are running the regular radicle client with a potentially different seeding policy. (you can ask me about this)
- [ ] *** So perhaps here there is a confusion that we should talk about. `sigrefs` are only used to sign the heads of all branches, not the individual commits, so let's talk about this so you understand it better
- [ ] *** git fetch tunneling / multiplexing "Here we can say that the fetch is tunneled over the same secure connection established between the nodes. It is effectively multiplexed over the physical connection"
- [ ] *** repository: settings terminology
- [ ] cloudhead: not a fan of the word 'settings', maybe 'metadata'? or 'configuration'?
- [ ] stellar: Why not the word settings? Imagine you gave user a UI for editing the details in the repository identity document. You wouldnt call it settings?
- [ ] easier to just say that they seed whatever is in the policy
- [ ] A few general notes/impressions:
- I think the order of things flows nicely, I didn't notice any hiccups until perhaps the very last part which felt duplicated
- The main weakness of the document is that it is vague in certain parts
- The diagrams will help a lot when we have them
- I think that we need to talk a bit more about source code, somehow; after all that's the main thing that people will publish on it; and we barely talk about how that specifically works
- We could talk more generally about the network, eg. by comparing it to the ssb network, saying that nodes maintain connections with other nodes, etc.
- I think we want to talk a bit about the storage layout, eg. how peer refs are layed out in storage
- The tone is generally good, the few issues that exist are usually because the language used is a bit heavy, eg. words like 'utilizing' vs. 'using', stuff like that
- [ ] I feel like the doc is mostly complete in the sense of covering all the major areas, though some need more clarification and specificity
- I think one thing that might be missing is an overview of the protocol in 1-2 paragraphs that explains the reason for it existing and the general ideas, which are roughly: (1) public keys, (2) everything must be verifiable, (3) p2p, (4) repo identities, (5) git interop
- basically a summary of all summaries that gives the rationale, ie. "what is this trying to achieve"
- because the sections at the moment can feel a bit out of context; they explain something, but not necessarily why
- the "why" could just be at the very beginning though and then it's easy to refer to it always
- The local first section doesn't really do it justice I think; we need to explain how all actions are local, and then are synced in the background/propagated asyncrhonously with the network
- ie. all actions are on your local storage
- Generally let's think of what is exciting about radicle and make sure that stuff is in there
- For me I think the exciting stuff is:
1) it's Git all the way down, so I don't have to relearn everything and it interops very well with a bunch of existing systems
2) it's all verifiable and I control my identity and repository identity
3) I can self-host while still being connected with the wider network
4) it's extensible, so I can implement my own workflows, datatypes etc.
- I think most of that is in there somehow, but might be worth thinking about it and making sure we really drive the point
## Writing guidelines
- Network vs. Protocol
- cloudhead: I think just 'Radicle' when talking about the whole thing and the product / user facing stuff
- cloudhead: And 'Radicle protocol' when talking about the underlying protocol
- cloudhead: 'Radicle network' is the physical network of nodes
- Node vs. Client
- How to talk about the client software
# Radicle Protocol Overview (Heartwood Release)
The Heartwood release of the Radicle protocol establishes a sovereign data network for code collaboration and publishing, built on top of Git. Radicle nodes, designed to function on standard laptops or home computers, facilitate the hosting and synchronization of Git repositories across a peer-to-peer network. Nodes employ a custom gossip protocol for peer and repository discovery, alongside the Git protocol for data replication. In combination, this enables peers to locate, replicate, and verify any repository published to the network, provided at least one other peer seeding the repository is online. All user actions, from code commits to issue comments, are cryptographically signed, allowing peers to verify authenticity and data provenance without reliance on a centralized authority. Additionally, Radicle's architecture is local-first, ensuring continuous access to one's own repositories directly from their machine, regardless of internet connectivity.
Radicle's protocol is engineered to cater to multiple scenarios such as code collaboration, publishing, knowledge sharing, project coordination, and data set collaboration. This guide outlines the Heartwood release's functionalities, primarily emphasizing code collaboration and publishing.
## The Radicle Network
Radicle is a peer-to-peer network that locates, replicates, and verifies the authenticity of data or code stored in Git repositories. It is designed to guarantee access to repositories, regardless of their location or replica count. Radicle uses its own gossip protocol to exchange peer and repository information between nodes and the Git protocol for data replication. Nodes, identified by Decentralized Identifiers (DIDs), gossip repository information to build routing tables that aid in discovery and replication. Emphasizing resistance to censorship and continuous availability, Radicle incorporates the Noise protocol for secure, encrypted communications and leverages Tor to enhance the privacy and security of network interactions.
::: info
show high level network diagram
:::
### Radicle Nodes
Each user in the Radicle network runs a node. A node's primary responsibility is to *seed repositories*, which includes both hosting the data and synchronizing changes with other nodes. All nodes run the same code, regardless of their specific role or activity within the network. Nodes have a `NodeID` (NID), which is stable identifier independent of their network address, as the network address may change frequently (e.g. if the user moves from home to a coffee shop). Users configure nodes with a *seeding policy* which specifies the list of repositories they are interested in seeding, in addition to retention rules. Nodes can be run a home computer or laptop, without the need for an always-on server. No specialized equipment is required.
::: info
show 3 nodes with different seeding projects and whether they are connected to one another or not based on shared project set.
:::
### Gossip Protocol
The Radicle networking layer is designed as a gossip protocol that employs three types of messages for its core functionality:
1. **Inventory Announcements**: Used for sharing repository inventories and constructing routing tables.
2. **Reference Announcements**: Used for broadcasting updates to repositories, relayed only to nodes seeding the relevant repository.
3. **Node Announcements**: Facilitate the discovery of peers within the network.
To prevent endless propagation, nodes drop any message already encountered. However, for the sake of new nodes, gossip messages may be temporarily stored for future dissemination. Each message contains the `NodeId`, which is the originating node's public key, in addition to a `Signature`, which ensures that network participants can verify the authenticity of each message they receive.
### Replication via Git
While gossip is used to exchange metadata, the actual repository data, ie. Git objects are transferred via the process of replication. To do this, the node establishes a connection with one or more of the repository's seeds, and initiates a git-fetch via the git protocol, which is tunneled over the same connection established between the nodes. This fetch operation downloads the relevant git objects into the node’s storage, making them available to other interested nodes.
> Here we can say that the fetch is tunneled over the same secure connection established between the nodes. It is effectively multiplexed over the physical connection
### Bootstrap Nodes
A node joining the network for the first time will not know of any peers. Hence, the reference implementation of the network client software has been pre-configured with two *Bootstrap Nodes*: `seed.radicle.garden` and `seed.radicle.xyz`, which are registered DNS names that resolve to node addresses on the network. In the bootstrapping process, nodes resolve these names to have a set of addresses to initially connect to, and once they establish connection with a peer, use the regular peer discovery process to find more peers.
### Public Seed Nodes
In Radicle, while all nodes hosting a repository contribute to *seeding data* to the network, the term "Public Seed Node" is reserved for those that play a more significant role of ensuring data availability and redundancy. Anyone interested in providing stable and reliable points for data replication can set up a Public Seed Node and help contribute to Radicle's resilience.
### Permissionless Access
To ensure resilience against censorship and consistent availability, the Radicle network employs the Noise protocol for establishing secure, encrypted peer connections. Additionally Radicle is designed to integrate with anonymity networks like Tor and Nym to enhance IP address privacy, although this feature is still under development.
## Repositories
A Radicle repository is fundamentally a Git repository, supplemented with a unique repository identifier (RID) and metadata essential for validating the authenticity of its data. These repositories, which can be either public or private, can accommodate diverse content including source code, documentation, and data sets. Repositories are managed by **delegates**, who can be individuals, groups, or bots, and are responsible for critical tasks such as merging patches, addressing issues, and modifying repository settings.
::: info
show some diagram that displays information architecture of a repo + the additional radicle metadata
:::
### Delegates
Delegates are the set of maintainers and automatons, entrusted with key responsibilities such as merging patches, managing issues, and updating the repository’s settings (also known as the **identity document**). A repository always begins with one delegate, its creator, and can remain at that size for smaller projects, or can eventually involve multiple delegates.
### Identity Document
The repository Identity Document, stored under `refs/rad/id`, is a foundational element for establishing trust and authenticity within a repository. This canonical JSON file comprises essential metadata: the repository's name, description, and information about its delegates, including public keys and approval thresholds. It details how many delegate approvals are necessary for key actions—for instance, requiring two out of three delegates for changes to be authenticated into the default branch. Updates to this document are exclusively made by specified delegates, adhering to the set approval threshold.
### Collaborative Objects
Collaborative Objects (COBs) act as a dynamic API for crafting a range of collaborative functionalities, such as identity, issue tracking, and code review. COBs are stored as Git objects under the `refs/cobs` directory. Utilizing Conflict-Free Replicated Data Types (CRDTs), COBs can synchronize various social artifacts, including user-defined ones, providing an adaptable system for diverse use cases. While initially focused on enhancing code collaboration, COBs are the root of Radicle's extensibility, opening avenues for future functionalities such as knowledge management, project managment, data set collaboration, and publishing.
::: info
show how these varying COBs all fit together and the api / data flows wrt to the protocol / network
:::
### Private Repositories
Radicle's private repositories restrict access to a designated group of trusted peers, defined in an "allow list" within the repository's settings. This ensures only nodes in the privacy set can replicate and access the data, maintaining confidentiality. However, as the data is not encrypted at rest, these repositories rely on selective replication through the allow list for privacy, rendering them invisible and inaccessible to other nodes in the Radicle network.
## Identification within the Radicle Network
In Radicle, both peer connections and repository management hinge on a system where node identifiers (NIDs) and repository identifiers (RIDs) are based on Decentralized Identifiers (DIDs), adhering to W3C standards to support interoperability.
### Node Identifier (NID)
The core of Radicle's node identifier (NID) is an Ed25519[^id01] key pair, encoded as a DID using the `did:key` method[^did]. A changeable, non-unique `alias` can also be associated to nodes for easier recognition across the network. This public key cryptographic framework is flexible to support a range of user types, from individuals to organizations and even automated bots.
::: info
show something like this, yet have a DID and alias on it
:::
[^id01]: https://ed25519.cr.yp.to/
[^did]: https://w3c-ccg.github.io/did-method-key/
### Repository Identifier (RID)
To ensure uniqueness and easy identification of repositories, a stable and globally unique identifier, known as the Repository Identifier (RID), is assigned to each repository. The RID is deterministically derived from the Repository Identity Document. This process involves hashing the document using Git’s hash-object command to produce a SHA-1 hash. The hash is then encoded using `multibase` encoding with the `base-58-btc` alphabet, the same method used for the `did:key` method, and prefixed with `rad:`, creating a valid URN[^urn]. For example, here's the RID for the Heartwood repo: `rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5`.
[^urn]: https://datatracker.ietf.org/doc/html/rfc8141
[^mb]: https://w3c-ccg.github.io/multibase/
## Integrity and Trust
(needs better intro) At its core, Radicle rethinks traditional data storage and integrity verification methods, adapting them to a peer-to-peer environment. The network employs a decentralized storage model where each user maintains their own version of a repository, alongside mechanisms like cryptographically signed references to ensure data authenticity and trust.
### Distributed Storage with Local Forks
In Radicle's architecture, storage is managed through a partitioned approach where users individually maintain their own *local forks* of repositories they are interested in. These personal forks are shared across the network, with each fork having a singular owner and writer. Users have exclusive permission to modify their respective forks. This structure underpins Radicle's local-first strategy, facilitating offline work and eliminating the need for centralized servers.
#### Working & Stored Copies
Users will typically have *two* copies of a repository: one local *working copy* and one in network storage, called the *stored* copy. The working copy is setup in such a way that it is linked to storage via a *git remote helper*[^grh] named `git-remote-rad`. Publishing code is then a matter of running `git push rad`, for example.
```
┌╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴┐ ┌╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴┐
┆ ┌───────────────────┐ ┌──────┐ ┆ ┆ ┌──────┐ ┌─────────────────┐ ┆
┆ │ Storage │ │ │ ┆ Git ┆ │ │ │ Storage │ ┆
┆ │ ├╸┆╸╸╸╸╸╸┆╸╸╸╸╸╸╸╸╸╸╸╸╸╸┆╸╸╸╸╸╸┆╸┤ │ ┆
┆ │ ┌──────┐ ┌─────┐ ┌│ │ │ ┆ protocol ┆ │ │ │ ┌─────┐ ┌─────┐ │ ┆
┆ │ │repo │ │repo │ ││ │ │ ┆ ┆ │ │ │ │repo │ │repo │ │ ┆
┆ │ ├──────┤ ├─────┤ ├│ │ │ ┆ ┆ │ │ │ ├─────┤ ├─────┤ │ ┆
┆ └─┴───╿──┴─┴───┬─┴─┴┘ │ │ ┆ ┆ │ │ └─┴───┬─┴─┴───╿─┴─┘ ┆
┆ │ │ │ │ ┆ gossip ┆ │ │ │ │ ┆
┆ │ │ │ Node ├╸╸╸╸╸╸╸╸╸╸╸╸╸╸┤ Node │ │ │ ┆
┆ │ │ │ │ ┆ protocol ┆ │ │ │ │ ┆
┆ push pull │ │ ┆ ┆ │ │ pull push ┆
┆ │ │ │ │ ┆ ┆ │ │ │ │ ┆
┆ │ │ │ │ ┆ ┆ │ │ │ │ ┆
┆ │ │ │ │ ┆ ┆ │ │ │ │ ┆
┆ ┌────┴───┐ ┌──╽─────┐│ │ ┆ ┆ │ │ ┌─────╽──┐ ┌──┴────┐┆
┆ │working │ │working ││ │ ┆ ┆ │ │ │working │ │working│┆
┆ │copy │ │copy ││ │ ┆ ┆ │ │ │copy │ │copy │┆
┆ └────────┘ └────────┘└──────┘ ┆ ┆ └──────┘ └────────┘ └───────┘┆
└╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴┘ └╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴╴┘
```
[^grh]: https://git-scm.com/docs/gitremote-helpers
#### Repository State Changes
Based on this soft forking design paradigm, in the Radicle model, there are no shared branches. Instead, each branch (or set of branches under a tree? - do we need this fragment) is owned by one user, where they are partitioned by a public key in the repository hierarchy. This means that each delegate has the exclusive ability to write to their own branch alone.
In a project with multiple delegates, for example, Alice, Bob and Eve, each would have their own `main` branch as follows:
```
<alice>/refs/heads/main
<bob>/refs/heads/main
<eve>/refs/heads/main
```
The concept of a canonical or 'authoritative' version of the repository is established dynamically based on the delegate approval thresholds defined in the identity document. For example, if a threshold of two out of three delegate approvals is set, and both Alice and Bob have the same commit in their `main` branches, that specific commit is recognized as the authoritative, current state of the repository.
::: info
show push quorum image
:::
### Ensuring Trust with Self-Certifying Repositories
Radicle's approach to data integrity and trust within its distributed network hinges on the self-certifying nature of its repositories, where each update within a repository is cryptographically signed, establishing a *verifiable record of changes*. This system is inspired by The Update Framework (TUF)[^tuf], a framework for securing software update systems.
In Radicle, a repository must be initialized with an **identity document** before being published to the network. This document contains crucial metadata like the repository’s name, description, and the public keys of its delegates. The initial version of this identity document is critical for deterministically generating a unique Repository Identifier (RID). Together, the RID and the identity document form the repository's identity and the *ownership proof* for verifying all subsequent updates within the repository. Simply put, with an RID, anyone can retrieve the initial identity document, confirm its match with the RID, and then authenticate all following updates to the repository.
To ensure self-certification, delegates in Radicle authenticate changes by cryptographically signing over repository heads, tags, and pertinent Git references, as well as essential metadata like the repository name and description. These cryptographically signed verifications are termed *signed refs* and are stored under the `refs/rad/sigref` directory. These signatures enable tracking of each change back to a delegate's public keys, as defined in the repository's identity document. Updated with each approved change, signed refs maintain the repository's authenticated, canonical state.
<!--This approach ensures that verification is possible for anyone within the network, reinforcing the integrity and authenticity of the changes and the delegates behind them.-->
::: info
show something like this: 
:::
[^tuf]: https://theupdateframework.github.io/specification/latest/
<!--# Radicle 1.0: Heartwood - Protocol Overview
Heartwood, the first major release of Radicle, introduces a sovereign data network initially focused on code collaboration. It builds upon Git's foundational features, integrating a distributed network and enriching it with additional social artifacts like issues and patches. Each element within this network is secured with cryptographic signatures and underpinned by Decentralized Identifiers (DIDs), ensuring both security and interoperability. This approach facilitates a portable and offline-capable environment, extending the potential of Radicle beyond code collaboration to encompass diverse applications such as knowledge management, project managment, data set collaboration, and publishing. This guide provides insight into the fundamental elements and unique capabilities of the Heartwood 1.0 release of the Radicle protocol.
## The Radicle Network
The Radicle Network focuses on locating, replicating, and verifying repositories in a peer-to-peer sovereign data network. Its distributed design guarantees access to repositories, regardless of their location or replica count. Radicle uses the Git protocol for data replication and its own gossip protocol to exchange peer and repository information between nodes, which are identified by Decentralized Identifiers (DIDs). Nodes gossip repository information to build routing tables that aid in repository discovery and replication. Emphasizing resistance to censorship and continuous availability, Radicle incorporates the Noise protocol for secure, encrypted communications and leverages Tor to enhance the privacy and security of network interactions.
::: info
show high level network diagram
:::
### Radicle Nodes
A node's primary responsibility is to *seed repositories*, which includes both hosting the data and synchronizing changes with other nodes. To do this, nodes have a stable identifier independent of its network address, as the network address may change frequently (e.g. if the user moves from home to a coffee shop). Nodes are configured with a *seeding policy* which includes the list of repositories that they are meant to seed.
As Radicle is a peer-to-peer network, users and nodes are one and the same, where all nodes work identically, regardless of their specific role or activity within the network. No specialized equipment is required to run a node: Radicle is designed so it can work from a home computer or laptop, without the need to have an always-on server.
::: info
show 3 nodes with different seeding projects and whether they are connected to one another or not based on shared project set.
:::
<details>
<summary>Learn more about the Radicle Network</summary>
### Gossip Protocol
Nodes, identifiable by public keys, leverage Radicle's gossip protocol comprising three message types: *inventory announcements* for constructing routing tables and sharing repository inventories, *reference announcements* for broadcasting repository updates, and *node announcements* for peer discovery.
### Replication via Git
While gossip is used to exchange metadata, the actual repository data, ie. Git objects are transferred via the process of replication. To do this, the node consults its routing table, locates the repository’s seeds, and initiates a git-fetch via the git protocol, with one or more seed. This fetch operation downloads the relevant git objects into the node’s storage, making them available to other interested nodes.
### Bootstrap Nodes
A node joining the network for the first time will not know of any peers. Hence, it's advised that network client software be pre-configured with "Bootstrap Nodes" which have registered DNS names that resolve to node addresses on the network, e.g. `seeds.radicle.xyz`. In the bootstrapping process, nodes can resolve these names to have a set of addresses to initially connect to, and once they find a peer, use the regular peer discovery process to find more nodes.
### Seed Nodes
In Radicle, while all nodes hosting a repository contribute to *seeding data* to the network, the term "Seed Node" is reserved for those that play a more significant role. Seed Nodes are pivotal for ensuring data availability and redundancy by providing stable and reliable points for data replication. Anyone interested can set up a Seed Node, thus contributing to the strength and resilience of the Radicle network.
### Permissionless Access
The Radicle Network is diligently crafted to ensure resilience against censorship and consistent availability. To fortify this commitment, the network employs the Noise protocol for establishing secure, encrypted peer connections, alongside anonymity networks such as Tor to protect against surveillance.
</details>
## Identification within the Radicle Network
In Radicle, both peer connections and repository management hinge on a system where node identifiers (NID) and repository identifiers (RIDs) are based on Decentralized Identifiers (DIDs), adhering to W3C standards to support interoperability.
The core of Radicle's node identifier is an Ed25519[^id01] key pair, encoded as a DID using the `did:key` method. By leveraging public key cryptography as the basis of identity, this public key can represent various entities - from individuals to organizations or even automated entities like bots. Additionally, users can associate a changeable, non-unique `alias` with their identity for easier recognition across the network.
::: info
show something like this, yet have a DID and alias on it
:::
<details>
<summary>Learn more about Identification</summary>
### Unified Node and User Identities
In Radicle's network, the distinction between users and nodes is seamlessly integrated, with each participant functioning equally as a node. This unified framework treats all nodes identically, regardless of their specific role or activity within the network. A user's node, whether it belongs to a regular participant, a delegate managing a repository, or even a more complex entity, is indistinguishable at the protocol level.
### Repository Identifier (RID)
Each repository in Radicle is uniquely identified by a Repository Identifier (RID), derived from its identity document (COB). The RID is generated by hashing the document with Git’s hash-object command to produce a SHA-1 hash, which is then encoded using the base-58-btc multibase encoding (same as the `did:key` method) and prefixed with "rad:". The resulting RID is globally unique, ensuring precise repository identification within the Radicle's sovereign network.
Example of an RID:
```
rad:z42hL2jL4XNk6K8oHQaSWfMgCL7ji
```
</details>
## Repositories
A Radicle repository is fundamentally a Git repository, yet it possesses a unique repository identifier (RID) and is supplemented with metadata essential for validating the authenticity of its data. These repositories, which can be either public or private, can accommodate diverse content including source code, documentation, and data sets. Repositories in Radicle are managed by **delegates**, who can be individuals, groups, or bots, and are responsible for critical tasks such as merging patches, addressing issues, and modifying repository settings. To assure data integrity and authenticity, every update within a repository is cryptographically signed.
::: info
show some diagram that displays information architecture of a repo + the additional radicle metadata
:::
### Collaborative Objects
Collaborative Objects (COBs) act as a dynamic API for crafting a range of collaborative functionalities, such as repository identity, issue tracking, and code review. COBs are stored as Git objects under the `refs/cobs` directory. Utilizing Conflict-Free Replicated Data Types (CRDTs), COBs can synchronize various social artifacts, including user-defined ones, providing an adaptable system for diverse use cases. While initially focused on enhancing code collaboration, COBs are the root of Radicle's extensibility, opening avenues for future functionalities such as knowledge management, project managment, data set collaboration, and publishing.
::: info
show how these varying COBs all fit together and the api / data flows wrt to the protocol / network
:::
<details>
<summary>Learn more about Repositories</summary>
### Delegates
Delegates are the set of maintainers and automatons, entrusted with key responsibilities such as merging patches, managing issues, and updating the repository’s identity document. A repository typically begins with one delegate, its creator, and can remain at that size for smaller projects, or can eventually involve multiple delegates, including other individuals, organizations, or bots.
### Privacy
Private repositories can be created where data access is exclusive to trusted peers, configured through an “allow list” in the repository’s identity document. Although nodes on Radicle’s peer-to-peer network are unaware of and cannot access these repositories, the trusted nodes specified in the allow list have full visibility of the hosted data, e.g. it is not end-to-end encrypted.
</details>
## Integrity and Trust
At its core, Radicle rethinks traditional data storage and integrity verification methods, adapting them to a peer-to-peer environment. The network employs a decentralized storage model where each user maintains their own version of a repository, alongside mechanisms like cryptographically signed references to ensure data authenticity and trust.
### Identity Document
The Repository Identity Document, a core Collaborative Object (COB) in Radicle, encapsulates vital metadata such as the repository's name, description, and delegates' public keys. It forms the foundation of trust and verification within the network. This document details the number of delegate signatures necessary for significant actions like merging changes, thereby establishing clear governance rules. Through these defined thresholds and delegate keys, the Identity Document guarantees that all repository modifications are authenticated and aligned with its established guidelines, thus upholding the repository's integrity and authenticity.
### Canonical Data in Distributed Storage
Unlike conventional systems where shared branches are the norm, Radicle adopts a unique distributed storage model. Each user maintains their own distinct fork, identifiable by their public key, effectively functioning as a unique branch with a single owner and writer. This decentralized structure promotes a local-first methodology, enabling offline functionality and negating reliance on centralized servers.
Users will typically have *two* copies of a repository: one local *working copy* and one in network storage, called the *stored* copy. The working copy is setup in such a way that it is linked to storage via a *remote* named `rad`. Publishing code is then a matter of running for eg. `git push rad`.
The concept of a canonical or 'official' version of a repository is dynamically established, based on criteria within the identity document. This typically points to the latest commit validated by the necessary threshold of delegates, enabling a flexible and consensus-driven definition of canonical data.
::: info
show push quorum image
:::
### Ensuring Trust with Signed References
Signed references, or 'signed refs', are a pivotal aspect of Radicle's approach to data integrity and trust in a distributed network. In Radicle, signed refs are akin to Git's branches or tags, but with an additional layer of security: they are cryptographically signed using the private key of a delegate. This cryptographic signature confirms the identity of the entity making changes or updates and is integral in a network where trust is not centralized. Each signed ref acts as a verifiable marker, ensuring that any modifications to the code or data are traceable back to a specific, authenticated entity.
::: info
show something like this: 
:::
[^id01]: https://ed25519.cr.yp.to/
[^tuf]: https://theupdateframework.github.io/specification/latest/
-->
<!--- TO EDIT
## Participate in the Radicle Network
Now that you understand the basics of the Radicle protocol, we invite you to **[get started using the Radicle CLI](#)**, an offline-first command line interface for Radicle. It provides a suite of tools to interact with your local Radicle state, including commands for managing issues, patches, and repositories, as well as user identities and profiles, in addition to controlling and querying your Radicle Node.
Additionally, for those interested in strengthening the Radicle Network by running a Seed Node, detailed information is [available here](#).
# Quick Start
The Radicle CLI is a set of tools designed for human and non-human intelligence alike of the Radicle peer-to-peer code collaboration stack. The CLI provides the ability to manage Radicle profiles and publish repositories to the Radicle network. In this guide we will setup Radicle and publish a repository from the network.
## Requirements
There are a few important requirements for running the Radicle CLI: first, a recent version of *git* (*2.34.0* or later) must be installed. You can check your installation by running *git --version*. Second, *ssh-agent* must be installed and running. To bypass ssh-agent, it's possible to set the *RAD_PASSPHRASE* environment variable. See the _Environment_ section.
## Install
You can install Radicle by running the following command in your terminal:
```
$ sh <(curl -sSf https://radicle.xyz/install)
```
Now, make sure that the install was successful and that the *rad* binary is available on your system by running:
$ rad
This is the base command and the output will show you all available sub-commands.
## Creating a profile
When using Radicle for the first time, you have to create a new Radicle _profile_. A profile is simply a cryptographic key pair associated with some storage space on your local device.
Radicle stores everything under the Radicle _home_ directory, which defaults to *~/.radicle* on most systems.
To create your profile, run:
$ rad auth
Follow the instructions by entering an alias and a passphrase to protect your key pair. When you've completed the steps, your new Radicle _DID_ (Decentralized Identifier) will be displayed. This identifies your device, as well as all the code you publish. Share it freely with collaborators. Your alias is a non-unique name that is shared across the network to identify your node. It can always be changed at a later time.
After running *rad auth*, you should have a new profile and key pair under your Radicle home. The key pair is used for identifying peers across the network, as well as signing code and other artifacts published on the network.
To avoid having to re-enter your passphrase every time a signature is required, *rad auth* adds your secret key to *ssh-agent*.
You can always display the full path to your Radicle home directory using:
$ rad self --home
The *self* sub-command is useful for querying profile information. You can run it without any arguments to show all of your profile information, including your DID:
$ rad self
## Connecting to the network
Radicle is a peer-to-peer system. This means that there are no clients or servers; only _nodes_, and every user has to run their own. This ensures that there is no single point of failure, and the Radicle network can keep on existing as long as there are users to run nodes.
The Radicle node is a lightweight process that runs in the background and manages connections with other nodes, as well as data replication. To check your node's status, run:
$ rad node status
If the node is not running, you can start it with:
$ rad node start
This will start the node in the foreground. Simply add *--daemon* to run the node in the background.
When daemonized, the node will log all output to a file under your Radicle home. On most systems, this will be *~/.radicle/node/node.log*.
You can also display the latest logs at any time using:
$ rad node logs
After your node starts, it will attempt to connect to peers on the network.
To connect to a specific peer, the *connect* sub-command can be used. For example, to connect to the *radicle.garden* community node, you can run:
$ rad node connect z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@seed.radicle.garden:8776
The argument given to *connect* is called a node _address_. It is composed of a Node ID (NID), followed by an *@* symbol, and the _host_ name and _port_.
You can display your NID with *rad self --nid*.
To make these connections permanent, such that they are always tried on startup, add the addresses to your configuration file at *~/.radicle/config.json*, under the *"connect"* field.
Now that you're connected to the network, we can try to clone a repository hosted on Radicle.
=== Cloning a repository
To clone a repository from the Radicle network, you need to be connected to a
seed which is hosting the repository. Eventually, this won't be necessary,
but for now, a direct connection with the seed you are cloning from is
required. Once the connection is established, you can run the *rad clone*
command to clone a repository, by supplying a Repository Identifier (RID).
RIDs are globally unique URNs that identify a repository on Radicle.
For example, let's clone the Radicle heartwood repository:
$ rad clone rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5
If the command succeeds, you will have a checkout of the repository under
*./heartwood*, with a *rad* remote setup, which you can pull from and push to.
The *rad* remote is special in that it will always return the _authoritative_
branch of the repo, when fetched from. This is defined as the latest commit
on the repository's default branch that a threshold of delegates have published.
Under the hood, the *clone* command does a few important things:
* It subscribes to updates from this repository; this is called _tracking_.
* It creates a copy of the repository under your local storage, which provides
a replica to the network.
* It creates a Git remote for every repository _delegate_. These are usually
the repository maintainers.
* It creates a fork of the repository that is under your public key.
* It creates a *rad* remote which you can push to, to update your fork.
You can see all replicated and locally-available repositories using:
$ rad ls
By default, your node will subscribe to updates from _all_ peers. This
behavior can be changed by passing *--scope trusted* when cloning. It can
also be changed later via the *rad track* command.
=== Publishing a repository on Radicle
To publish an existing Git repository on the Radicle network, navigate to
a working copy and run the *rad init* command:
$ cd my-repo
$ rad init
You will be prompted to enter a project name and default branch. Once the
repository is created, the Repository Identifier (RID) will be printed.
Share this with collaborators so that they can clone your repository.
Note that your new repository will only be replicated by nodes that you are
connected to and either have an open tracking policy, or trust your Node ID.
The *rad init* command creates a special remote in your working copy named
*rad*. Pushing to this remote publishes changes to your local storage and to
the network.
You can view information about the *rad* remote with:
$ git remote show rad
You can display the Repository ID (RID) from the root of any Git repository
by running:
$ rad .
You can also show the repository's identity payload, which contains its name,
description and default branch by running:
$ rad inspect --payload
== Files
*~/.radicle*::
The _Radicle Home_. This is the default location for Radicle configuration
files, keys, and repository storage. Can be controlled by settting the
**RAD_HOME** environment variable.
*~/.radicle/config.json*::
The default configuration file for Radicle. To display its exact
location on your system, you can use the *rad self --config* command.
== Environment
Various environment variables are used by *rad*.
*RAD_HOME*::
This sets the location of your Radicle home. If unset, your Radicle home will
be located at *~/.radicle*.
*RAD_PASSPHRASE*::
If you would like to bypass *ssh-agent*, you can store your passphrase in this
environment variable. Note that this is not secure and is equivalent to having
an unencrypted secret key.
-->
<!---
old
## Identification within the Radicle Network
To establish and maintain peer connections, nodes need a stable identity independent of its network address, as the network address may change frequently (e.g. if the user moves from home to a coffee shop). An identity is also needed to specify delegates, and know who is contributing to a data repository. In the Radicle network, the lines between nodes, users, and delegates are seamlessly blurred, establishing a unified identity system. This convergence is central to the network's functionality, where a single identity can represent multiple roles. The identity of a node, which is pivotal for identifying a user’s device and potentially their code contributions, is interchangeable with the terms 'Peer ID' and 'Public Key.'
### Identity
An identity in Radicle is an Ed25519 key pair, encoded as a DID leveraging the `did:key` method. DIDs are a W3C standard that enables a secure and interoperable identity system. Technically, it is flexible what an identity represents: such as an individual, an organization, or even a bot. A user can also choose to give themselves a changeable, non-unique `alias` to aid in recognition across the network.
### Unified Identity: Nodes, Users, and Delegates
In practical scenarios, a delegate, responsible for key decisions and actions within a repository, often operates as a user and a node, using their public key as a unique identifier. This multi-faceted identity approach allows for a streamlined and integrated experience within the Radicle network, blurring traditional distinctions and fostering a more cohesive and adaptable collaborative environment.
### Repository Identifier (RID)
Radicle creates a unique Repository Identifier (RID) for each repository, derived from the repository's identity document. This stable identifier is generated by hashing the document using Git's hash-object command, which produces a SHA-1 hash. This hash is then encoded with the base-58-btc multibase encoding (same as the `did:key` method) and prefixed with "rad:". The resulting RID is globally unique, ensuring precise repository identification within the Radicle's sovereign network.
An example of an RID:
```
rad:z42hL2jL4XNk6K8oHQaSWfMgCL7ji
```
---
# old
## Network
At its core, Radicle utilizes a decentralized identities (DIDs) for both peers and repositories, enabling nodes to efficiently share information about hosted projects. This approach not only secures data but also fosters an environment free from vendor lock-in, ensuring that all aspects of collaboration remain in the control of those who ultimately own the data.
### Node Identities & Keys
The first thing a user needs to participate in Radicle is an identity.
This process involves generating a cryptographic keypair, with the public key—specifically an Ed25519 key—being encoded as a Decentralized Identifier (DID) using the did:key method.
An identity is an Ed25519 key pair and typically represents a person, a device, a server or a bot. It’s normal for a person to have several Radicle identities.
Upon starting for the first time, Scuttlebutt clients will automatically generate an Ed25519 key pair and save it in the user’s home folder under `~/.radicle/keys`.
Because identities are generated using public-key cryptography, no coordination or permission is required to create a new one, which is essential to the network’s design.
A user can also choose to give themselves an `alias` to make themselves easier to refer to. Over time aliases may change but identities stay the same. If a user loses their secret key or has it stolen they will need to generate a new identity and tell people to use their new one instead.
### Node Identities & Keys
A node's responsibility is to *seed* every repository its user is interested in, which includes both hosting the data and synchronizing any changes with other nodes. To do this, nodes need a stable identity independent of its network address, as the network address may change frequently (e.g. if the user moves from home to a coffee shop, the network address changes, but it's still the same node.)
Hence the creation of a secure *node identity* is a critical first step for new users joining the Radicle network. This process involves generating a cryptographic keypair, with the public key—specifically an Ed25519 key—being encoded as a Decentralized Identifier (DID) using the `did:key` method. This DID forms the cornerstone of the node identity, complying with the W3C standard to enable a secure and interoperable system for identity. Users also have the option to assign a changeable, non-unique *alias* associated to their node identity, to aid in recognition across the network.
Furthermore, users are able to maintain multiple identities for varied purposes. The node identity is pivotal in identifying a user's device and, if the same identity is utilized, their code contributions within the network. Note that terms such as 'Node ID,' 'Peer ID,' and 'Public Key' are synonymous, highlighting that nodes are indistinguishable from users at the protocol level.
### Gossip Protocol
Radicle uses the Git protocol for data replication and its own gossip protocol to exchange peer and repository information between nodes. Nodes, identifiable by public keys, share repository information to facilitate discovery and replication, ensuring repository accessibility as long as one node remains online.
Radicle's network architecture is diligently crafted to ensure resilience against censorship and consistent availability. To fortify this commitment, the network employs the Noise protocol for establishing secure, encrypted peer connections, and anonymity networks such as Tor are harnessed to bolster privacy.
The Radicle network utilizes a gossip protocol comprising three message types: *inventory announcements* for constructing routing tables and sharing project inventories, *reference announcements* for broadcasting project updates, and *node announcements* for peer discovery.
### Seeding & Replication
Nodes are configured with a list of projects that they are meant to host. These are called *seeded projects*, and this configuration is called the *seeding policy*.
While gossip is used to exchange metadata, the actual repository data, ie. Git objects are transferred via the process of replication. To do this, the node consults its routing table, locates the project's seeds, and initiates a git-fetch via the git protocol, with one or more seed. This fetch operation downloads the relevant git objects into the node's storage, making them available to other interested nodes.
Replication is only possible because of the exchange of information on the gossip layer. Without it, nodes wouldn't know where to replicate projects from, and would quickly fall behind.
### Discovery
### Bootstrap Nodes
A node joining the network for the first time will not know of any peers. Hence, it's advised that network client software be pre-configured with "Bootstrap Nodes" which have registered DNS names that resolve to node addresses on the network, e.g. `seeds.radicle.xyz`. In the bootstrapping process, nodes can resolve these names to have a set of addresses to initially connect to, and once they find a peer, use the regular peer discovery process to find more nodes.
### Seed Nodes
In Radicle, while all nodes hosting a project contribute to *seeding data* to the network, the term "Seed Node" is reserved for those that play a more significant role. Seed Nodes are pivotal for ensuring data availability and redundancy by providing stable and reliable points for data replication. Anyone interested can set up a Seed Node, thus contributing to the strength and resilience of the Radicle network.
## Collaborative Objects
Collaborative Objects (COBs) in Radicle facilitate distributed collaboration features like issue tracking and code review, independent of centralized servers. As data structures, COBs are embedded in Git, stored under the `refs/cobs` directory. Additionally, COBs use Conflict-Free Replicated Data Types (CRDTs) to maintain data consistency.
A key aspect of Radicle's system is that all collaborative objects, including issues, patches, and the comments associated with them, are cryptographically signed, ensuring that collaborative artifacts can be easily moved, shared, and verified across different applications and workflows, making the collaboration process more flexible and trusted.
COBs are extensible: while Issues and Patches are the initial Collaborative Objects included in Radicle 1.0, developers can build any kind of collaborative feature that they can imagine on top of Radicle’s network.
## Repositories (Projects?)
Radicle's data repositories are essentially standard Git repositories, enriched with additional metadata such as the repository identity document, signed references, and collaborative objects like issues and patches. Each metadata component and collaborative artifact within the repository is cryptographically signed, establishing these repositories as self-authenticating and ensuring the integrity of the data. This approach significantly enhances data portability, in contrast to systems like GitHub where data such as issues, patches and their associated comments are platform-specific.
Radicle's augmentations to Git repositories are designed to enhance functionality while preserving compatibility with existing workflows. Furthermore, both metadata and repository content are distributed across the Radicle network using the gossip protocol, ensuring secure and uniform updates across the network.
### Repository Identity Document
(i assume this should be updated to refer to this as a COB as well?)
Before a repository can be published to the network, it needs to be initialized into a Radicle project. A project is simply a repository with an associated identity document.
The repository identity document is a cornerstone of trust and authenticity in Radicle's network. Presented in a canonical JSON format, it contains vital metadata about the repository, such as its name, description, and the public keys belonging to the repository's delegates or maintainers.
#### Delegates
In Radicle, the concept of a delegate is central to maintaining the integrity and management of repositories. Delegates are akin to trusted custodians or maintainers, entrusted with key responsibilities such as merging patches, managing issues, and updating the repository's identity document. Typically, a repository starts with at least one delegate, often the individual or entity who created it. Delegates are defined by their public key or "node identity", which can techincally be associated with varying entities such as an individual, an organization, or even automated systems like a "merge bot."
Additionally, the document specifies a threshold for delegate approvals necessary for significant repository actions. For instance, it might stipulate that at least two out of three delegates must agree to merge changes into the default branch. This mechanism establishes a robust framework of accountability and trust, where all changes to the repository are verifiable against the documented keys and approval thresholds.
### Repository Identifier (RID)
Radicle creates a unique Repository Identifier (RID) for each repository, derived from the repository's identity document. This stable identifier is generated by hashing the document using Git's hash-object command, which produces a SHA-1 hash. This hash is then encoded with the base-58-btc multibase encoding (same as the `did:key` method) and prefixed with "rad:". The resulting RID is globally unique, ensuring precise repository identification within the Radicle's sovereign network.
An example of an RID:
```
rad:z42hL2jL4XNk6K8oHQaSWfMgCL7ji
```
### Signed Refs in Radicle
In the Radicle network, 'signed references' or 'signed refs' play a pivotal role in establishing trust and verification. These refs, akin to branches or tags in Git, are cryptographically signed with a delegate's private key. This process confirms the identity of individuals making changes, a key feature in a decentralized trust environment.
Delegates are required to provide signed refs as a cryptographic signature, encompassing the repository's heads, tags, and other pertinent Git references, along with essential metadata like the repository's name and description. These signatures are updated with each approved change to the repository, thereby maintaining a current and accurate representation of the repository's canonical state. This approach ensures that identity verification is possible for anyone within the network, reinforcing the integrity and authenticity of the changes and the delegates behind them.
### Private Repositories
In Radicle, private repositories can be created where data access is exclusive to trusted peers, configured through an "allow list" in the repository's identity document. Although nodes on Radicle's peer-to-peer network are unaware of and cannot access these repositories, the trusted nodes specified in the allow list have full visibility of the hosted data, which is not end-to-end encrypted.
## Storage
In a peer-to-peer network, there is no centralized server or repository for users to submit their changes. Additionally, the absence of a consensus mechanism at the protocol level means that the sequence of operations cannot be guaranteed. To tackle these issues, Radicle implements a partitioned approach in which each user maintains their own local "fork" of a repository, as well as any other forks they have an interest in. These forks are then shared among users across the network. This method not only enhances the user experience by allowing offline work but also eliminates the need for a server to process data. Each repository fork has a single owner and writer, and users are only permitted to make changes to their respective forks.
### Canonicity
In the Radicle model, there are no shared branches: each branch or set of branches under a tree is owned by one key. This is why they are partitioned by a public key in the repository hierarchy.
In a project with multiple delegates, for example, Alice, Bob and Eve, each would have their own main branch which only they could write to, eg.:
```
<alice>/refs/heads/main
<bob>/refs/heads/main
<eve>/refs/heads/main
```
So how does a contributor know which of those branches is the canonical one? The protocol itself does not have a notion of canonicity. Agreements on canonicity can be encoded in the project's identity document, and leveraged by tooling, but it is entirely optional - being left up to social consensus as far as establishing these rules. Examples include agreeing on one of the delegates main branches to be the canonical one that everyone should pull from, or alternatively be based on *quorum* where the commit histories of all three main branches are examined, and the latest commit included in a majority of histories is selected as the canonical state.
```
The <canonical> branch always points to the latest commit of the default branch that is shared by >=$threshold delegates
```
-->
Sign in with Wallet
Connect another wallet