git-remote-rns 0.0.1__tar.gz

git_remote_rns-0.0.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Nathaniel "Eeems" van Diepen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

git_remote_rns-0.0.1/PKG-INFO

@@ -0,0 +1,21 @@
+Metadata-Version: 2.4
+Name: git-remote-rns
+Version: 0.0.1
+Summary: Git remote helper for syncing repositories over Reticulum
+Author: Eeems
+License-Expression: MIT
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: rns>=1.1.4
+Requires-Dist: lxmf>=0.9.4
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: prospector[with_everything]; extra == "dev"
+Requires-Dist: basedpyright; extra == "dev"
+Dynamic: license-file
+
+git-remote-rns
+==============
+
+Reticulum remote transport for git

git_remote_rns-0.0.1/README.md

@@ -0,0 +1,4 @@
+git-remote-rns
+==============
+
+Reticulum remote transport for git

git_remote_rns-0.0.1/git_remote_rns.egg-info/PKG-INFO

@@ -0,0 +1,21 @@
+Metadata-Version: 2.4
+Name: git-remote-rns
+Version: 0.0.1
+Summary: Git remote helper for syncing repositories over Reticulum
+Author: Eeems
+License-Expression: MIT
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: rns>=1.1.4
+Requires-Dist: lxmf>=0.9.4
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: prospector[with_everything]; extra == "dev"
+Requires-Dist: basedpyright; extra == "dev"
+Dynamic: license-file
+
+git-remote-rns
+==============
+
+Reticulum remote transport for git

git_remote_rns-0.0.1/git_remote_rns.egg-info/SOURCES.txt

@@ -0,0 +1,15 @@
+LICENSE
+README.md
+pyproject.toml
+git_remote_rns.egg-info/PKG-INFO
+git_remote_rns.egg-info/SOURCES.txt
+git_remote_rns.egg-info/dependency_links.txt
+git_remote_rns.egg-info/entry_points.txt
+git_remote_rns.egg-info/requires.txt
+git_remote_rns.egg-info/top_level.txt
+rngit/__init__.py
+rngit/__main__.py
+rngit/client.py
+rngit/server.py
+rngit/shared.py
+tests/test_integration.py

git_remote_rns-0.0.1/git_remote_rns.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

git_remote_rns-0.0.1/git_remote_rns.egg-info/entry_points.txt

@@ -0,0 +1,3 @@
+[console_scripts]
+git-remote-rns = rngit.__main__:client
+rngit = rngit.__main__:server

git_remote_rns-0.0.1/git_remote_rns.egg-info/requires.txt

@@ -0,0 +1,7 @@
+rns>=1.1.4
+lxmf>=0.9.4
+
+[dev]
+pytest>=7.0
+prospector[with_everything]
+basedpyright

git_remote_rns-0.0.1/git_remote_rns.egg-info/top_level.txt

@@ -0,0 +1 @@
+rngit

git_remote_rns-0.0.1/pyproject.toml

@@ -0,0 +1,45 @@
+[project]
+name = "git-remote-rns"
+version = "0.0.1"
+description = "Git remote helper for syncing repositories over Reticulum"
+readme = "README.md"
+requires-python = ">=3.11"
+license = "MIT"
+authors = [{name = "Eeems"}]
+dependencies = ["rns>=1.1.4", "lxmf>=0.9.4"]
+
+[project.optional-dependencies]
+dev = ["pytest>=7.0", "prospector[with_everything]", 'basedpyright']
+
+[project.scripts]
+git-remote-rns = "rngit.__main__:client"
+rngit = "rngit.__main__:server"
+
+[build-system]
+requires = ["setuptools>=70.1", "nuitka>=4.0.6"]
+build-backend = "nuitka.distutils.Build"
+
+[tool.setuptools]
+packages = ["rngit"]
+
+[tool.ruff]
+exclude = [".venv", "typings", "build"]
+
+[tool.pyright]
+exclude = [".venv/**", "typings/**", "build/**"]
+reportMissingTypeStubs = false
+
+[tool.pylint."messages control"]
+disable = [
+	"line-too-long",
+	"invalid-name",
+	"global-statement",
+	"broad-exception-caught",
+	"too-many-statements",
+	"too-many-return-statements",
+	"too-many-branches",
+	"too-many-locals"
+]
+
+[tool.bandit]
+exclude_dirs = [".venv", "typings", "build"]

git_remote_rns-0.0.1/rngit/__init__.py

@@ -0,0 +1,10 @@
+from importlib.metadata import (
+    PackageNotFoundError,
+    version,
+)
+
+try:
+    __version__ = version("git-remote-rns")
+
+except PackageNotFoundError:
+    __version__ = "0.1.0"

git_remote_rns-0.0.1/rngit/__main__.py

@@ -0,0 +1,15 @@
+import sys
+
+from .client import main as _client
+from .server import main as _server
+
+
+def client():
+    sys.exit(_client())
+
+
+def server():
+    sys.exit(_server())
+
+
+__all__ = ["client", "server"]

git_remote_rns-0.0.1/rngit/client.py

@@ -0,0 +1,322 @@
+import argparse
+import logging
+import os
+import signal
+import subprocess  # noqa: B404
+import sys
+import threading
+import traceback
+from collections.abc import Sequence
+from tempfile import TemporaryDirectory
+from typing import cast
+
+import RNS
+
+from . import __version__
+from .shared import (
+    APP_NAME,
+    configure_logging,
+    is_valid_hexhash,
+    packets,
+)
+
+__all__ = [
+    "main",
+]
+
+log: logging.Logger = logging.getLogger(__name__)
+
+_linkEvent: threading.Event = threading.Event()
+_identity: RNS.Identity | None = None
+_repo_path: str | None = None
+
+
+def on_link_established(link: RNS.Link):
+    global _identity  # pylint: disable=W0602 # noqa: F999
+    assert _identity is not None  # nosec B101
+    log.debug("ESTABLISHED: %s", link)
+    link.set_packet_callback(on_packet)  # pyright: ignore[reportUnknownMemberType]
+    _ = link.identify(_identity)  # pyright: ignore[reportUnknownMemberType]
+
+
+def on_link_closed(link: RNS.Link):
+    global _linkEvent  # pylint: disable=W0602 # noqa: F999
+    log.debug("CLOSED: %s", link)
+    _linkEvent.clear()
+
+
+def on_packet(message: bytes, _packet: RNS.Packet):
+    global _linkEvent  # pylint: disable=W0602 # noqa: F999
+    log.debug("PACKET: %s", message)
+    match message:
+        case packets.PACKET_IDENTIFIED.value:
+            _linkEvent.set()
+
+        case _:
+            log.error("Invalid packet: %d", message)
+
+
+def request(
+    link: RNS.Link, path: str, data: bytes = b""
+) -> tuple[str | None, bytes | None]:
+    global _repo_path  # pylint: disable=W0602 # noqa: F999
+    assert _repo_path is not None  # nosec B101
+    event = threading.Event()
+    log.debug("REQUEST %s", path)
+    receipt = link.request(  # pyright: ignore[reportUnknownMemberType]
+        path,
+        _repo_path.encode() + b"\n" + data,
+        response_callback=lambda _, e=event: e.set(),  # pyright: ignore[reportUnknownLambdaType]
+        failed_callback=lambda _, e=event: e.set(),  # pyright: ignore[reportUnknownLambdaType]
+    )
+    if not receipt:
+        return "Failed to send request", None
+
+    _ = event.wait()
+    match receipt.get_status():
+        case RNS.RequestReceipt.FAILED:
+            return "Failed to send request", None
+
+        case RNS.RequestReceipt.READY:
+            data = receipt.get_response()  # pyright: ignore[reportUnknownVariableType, reportAssignmentType]
+            assert isinstance(data, bytes)  # nosec B101
+            returncode = int.from_bytes(data[0:1], "big")
+            if returncode:
+                return "Remote error: " + data[1:].decode(), None
+
+            return None, data[1:]
+
+        case _:
+            return f"Invalid status: {receipt.get_status()}", None
+
+
+def main(argv: Sequence[str] | None = None) -> int:  # noqa: MC0001
+    parser = argparse.ArgumentParser(prog="git-remote-rns")
+    _ = parser.add_argument("remote", help="Remote name (ignored)")
+    _ = parser.add_argument("url", help="Remote URL (<hash>[/path])")
+    _ = parser.add_argument(
+        "--version", action="version", version=f"git-remote-rns {__version__}"
+    )
+    _ = parser.add_argument(
+        "-i", "--identity", help="Path identity file", dest="identity"
+    )
+    _ = parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        help="Enable verbose logging",
+        dest="verbose",
+    )
+    args = parser.parse_args(argv)
+
+    assert isinstance(args.identity, str | None)  # pyright: ignore[reportAny] # nosec B101
+    identity_path = args.identity
+
+    assert isinstance(args.verbose, bool)  # pyright: ignore[reportAny] # nosec B101
+    verbose = args.verbose or bool(os.environ.get("VERBOSE", 0))
+    configure_logging(logging.DEBUG if verbose else logging.WARNING)
+
+    assert isinstance(args.url, str)  # pyright: ignore[reportAny] # nosec B101
+    url = args.url
+    parts = url.split("/", 1)
+    destination_hexhash = parts[0]
+    if not is_valid_hexhash(destination_hexhash):
+        log.error("error: Invalid URL. Hexhash invalid: %s", destination_hexhash)
+        return 1
+
+    destination = bytes.fromhex(destination_hexhash)
+
+    global _repo_path
+    _repo_path = parts[1] if len(parts) > 1 else "."
+
+    config_path = os.environ.get("RNS_CONFIG_PATH", None)
+    _ = RNS.Reticulum(config_path, RNS.LOG_VERBOSE if verbose else RNS.LOG_WARNING)
+
+    assert RNS.Reticulum.configdir is not None  # pyright: ignore[reportUnknownMemberType] # nosec B101
+    if identity_path is None:
+        identity_path = os.path.join(RNS.Reticulum.configdir, "identity")  # pyright: ignore[reportUnknownMemberType, reportUnknownArgumentType]
+
+    assert identity_path is not None  # nosec B101
+    log.info("Identity: %s", identity_path)
+    log.info("Destination: %s", destination_hexhash)
+    identity: RNS.Identity | None = None
+    if os.path.exists(identity_path):
+        identity = RNS.Identity.from_file(identity_path)  # pyright: ignore[reportUnknownMemberType]
+
+    if identity is None:
+        identity = RNS.Identity(True)
+        _ = identity.to_file(identity_path)  # pyright: ignore[reportUnknownMemberType]
+
+    global _identity
+    _identity = identity
+
+    if not RNS.Transport.has_path(destination):  # pyright: ignore[reportUnknownMemberType]
+        RNS.Transport.request_path(destination)  # pyright: ignore[reportUnknownMemberType]
+        if not RNS.Transport.await_path(destination, 30):  # pyright: ignore[reportUnknownMemberType]
+            log.error("Timed out waiting for path")
+            return 1
+
+    server_identity = RNS.Identity.recall(destination)  # pyright: ignore[reportUnknownMemberType]
+    if server_identity is None:
+        log.error("Failed to get server identity")
+        return 1
+
+    server_destination = RNS.Destination(
+        server_identity,
+        RNS.Destination.OUT,
+        RNS.Destination.SINGLE,
+        APP_NAME,
+    )
+    link = RNS.Link(server_destination, on_link_established, on_link_closed)
+    push_queue: list[tuple[str, str]] = []
+    global _linkEvent  # pylint: disable=W0602 # noqa: F999
+    try:  # pylint: disable=too-many-nested-blocks
+        for line in sys.stdin:
+            _ = _linkEvent.wait()
+            if not line:
+                continue
+
+            log.debug("STDIN '%s'", line.rstrip())
+
+            parts = cast(list[str], line.split(maxsplit=1))
+            assert isinstance(parts, list)  # nosec B101
+            if not parts:
+                log.debug("\\n")
+                while push_queue:
+                    local_ref, remote_ref = push_queue.pop(0)
+                    if local_ref.startswith("+"):
+                        local_ref = local_ref[1:]
+
+                    if not local_ref:
+                        err, data = request(
+                            link,
+                            "delete",
+                            remote_ref.encode(),
+                        )
+                        if err is not None:
+                            _ = sys.stderr.write(err)
+                            _ = sys.stderr.write("\n")
+                            _ = sys.stderr.flush()
+                            return 1
+
+                        if data:
+                            _ = sys.stderr.buffer.write(data)
+                            _ = sys.stderr.buffer.write(b"\n")
+                            _ = sys.stderr.flush()
+
+                    else:
+                        with TemporaryDirectory() as tmpdir:
+                            bundle = os.path.join(tmpdir, "bundle")
+                            _ = subprocess.check_call(  # nosec B607 B603
+                                [
+                                    "git",
+                                    "bundle",
+                                    "create",
+                                    "--progress",
+                                    bundle,
+                                    local_ref,
+                                ]
+                            )
+                            with open(bundle, "rb") as f:
+                                data = f.read()
+
+                            err, data = request(
+                                link,
+                                "push",
+                                f"{local_ref}:{remote_ref}\n".encode() + data,
+                            )
+                            if err is not None:
+                                _ = sys.stderr.write(err)
+                                _ = sys.stderr.write("\n")
+                                _ = sys.stderr.flush()
+                                return 1
+
+                            if data:
+                                _ = sys.stderr.buffer.write(data)
+                                _ = sys.stderr.buffer.write(b"\n")
+                                _ = sys.stderr.flush()
+
+                _ = sys.stdout.write("\n")
+                try:
+                    _ = sys.stdout.flush()
+
+                except BrokenPipeError:
+                    # Ignoring as git likes to close stdout early
+                    pass
+
+                continue
+
+            match parts[0]:
+                case "capabilities":
+                    log.debug("CAPABILITIES")
+                    _ = sys.stdout.write("list\n")
+                    _ = sys.stdout.write("fetch\n")
+                    _ = sys.stdout.write("push\n")
+                    _ = sys.stdout.write("\n")
+                    _ = sys.stdout.flush()
+
+                case "fetch":
+                    sha, ref = parts[1].rstrip().split(" ", maxsplit=1)
+                    log.debug("FETCH %s %s", sha, ref)
+                    err, data = request(link, "fetch", f"{sha} {ref}".encode())
+                    if err is not None:
+                        _ = sys.stderr.write(err)
+                        _ = sys.stderr.write("\n")
+                        _ = sys.stderr.flush()
+                        return 1
+
+                    assert data is not None  # nosec B101
+                    with TemporaryDirectory() as tmpdir:
+                        bundle = os.path.join(tmpdir, f"{sha}.bundle")
+                        with open(bundle, "wb") as f:
+                            _ = f.write(data)
+
+                        _ = subprocess.check_call(  # nosec B607 B603
+                            ["git", "bundle", "verify", bundle],
+                            stdout=subprocess.DEVNULL,
+                        )
+                        _ = subprocess.check_call(  # nosec B607 B603
+                            ["git", "bundle", "unbundle", "--progress", bundle, ref],
+                            stdout=subprocess.DEVNULL,
+                        )
+
+                case "push":
+                    local_ref, remote_ref = parts[1].rstrip().split(":", maxsplit=1)
+                    log.debug("PUSH %s %s", local_ref, remote_ref)
+                    push_queue.append((local_ref, remote_ref))
+
+                case "list":
+                    log.debug("LIST")
+                    path = "list"
+                    if len(parts) > 1 and "for-push" in parts[1]:
+                        path = "list-for-push"
+
+                    err, data = request(link, path)
+                    if err is not None:
+                        _ = sys.stderr.write(err)
+                        _ = sys.stderr.write("\n")
+                        _ = sys.stderr.flush()
+                        return 1
+
+                    assert data is not None  # nosec B101
+                    _ = sys.stdout.buffer.write(data)
+                    _ = sys.stdout.write("\n")
+                    _ = sys.stdout.flush()
+
+                case _:
+                    _ = sys.stderr.write(f"Unknown command: {parts[1]}\n")
+                    _ = sys.stderr.flush()
+                    return 1
+
+        log.debug("End of stdin")
+        _ = signal.signal(signal.SIGPIPE, signal.SIG_DFL)
+
+    except Exception:
+        log.error(traceback.format_exc())
+        return 1
+
+    finally:
+        log.debug("Closing link")
+        link.teardown()
+
+    return 0

git_remote_rns-0.0.1/rngit/server.py

@@ -0,0 +1,513 @@
+import argparse
+import logging
+import os
+import subprocess  # noqa: B404
+import time
+import traceback
+from collections.abc import Sequence
+from tempfile import TemporaryDirectory
+from typing import cast
+
+import RNS
+
+from . import __version__
+from .shared import (
+    APP_NAME,
+    configure_logging,
+    is_valid_hexhash,
+    packets,
+)
+
+__all__ = [
+    "main",
+]
+
+log: logging.Logger = logging.getLogger(__name__)
+_repo_path: str | None = None
+_write_list: set[str] = set()
+_read_list: set[str] | None = set()
+
+
+def on_link_closed(link: RNS.Link):
+    log.debug("CLOSED: %s %s", link, link.get_remote_identity())  # pyright: ignore[reportUnknownArgumentType]
+
+
+def on_link_established(link: RNS.Link):
+    try:
+        log.debug("ESTABLISHED: %s", link)
+        link.set_link_closed_callback(on_link_closed)  # pyright: ignore[reportUnknownMemberType]
+        link.set_remote_identified_callback(on_identified)  # pyright: ignore[reportUnknownMemberType]
+
+    except Exception:
+        traceback.print_exc()
+        raise
+
+
+def on_identified(link: RNS.Link, identity: RNS.Identity):
+    try:
+        assert link.get_remote_identity() == identity  # nosec B101
+        _ = RNS.Packet(link, packets.PACKET_IDENTIFIED.value).send()
+        log.debug("IDENTIFIED: %s %s", link, identity)
+
+    except Exception:
+        traceback.print_exc()
+        raise
+
+
+def identity_allowed_error(
+    identity: RNS.Identity | None, allow_list: set[str]
+) -> str | None:
+    if identity is None:
+        return "Not identified"
+
+    if identity.hexhash not in allow_list:
+        return "Not allowed"
+
+    return None
+
+
+def read_allowed_error(identity: RNS.Identity | None) -> str | None:
+    global _read_list  # pylint: disable=W0602 # noqa: F999
+    if _read_list is None:
+        return None
+
+    return identity_allowed_error(identity, _read_list)
+
+
+def write_allowed_error(identity: RNS.Identity | None) -> str | None:
+    global _write_list  # pylint: disable=W0602 # noqa: F999
+    return identity_allowed_error(identity, _write_list)
+
+
+def request_repo_path(data: bytes) -> tuple[str | None, tuple[str, bytes] | None]:
+    global _repo_path  # pylint: disable=W0602 # noqa: F999
+    try:
+        assert isinstance(data, bytes), "data must be bytes"  # nosec B101
+        assert _repo_path is not None, "_repo_path not set"  # nosec B101
+        parts = data.split(b"\n", maxsplit=1)
+        path = parts[0].decode()
+        if ".." in path:
+            return "Invalid path", None
+
+        base_path = os.path.realpath(_repo_path)
+        repo_path = os.path.realpath(os.path.join(base_path, path))
+        if not repo_path.startswith(base_path):
+            return "Invalid path", None
+
+        if not os.path.exists(repo_path):
+            return "Path not Found", None
+
+        if not os.path.isdir(repo_path):
+            return "Path is not directory", None
+
+        proc = subprocess.run(  # nosec B607 B603# nosec B607 B603
+            ["git", "rev-parse", "--git-dir"],
+            cwd=repo_path,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            check=False,
+        )
+        if proc.returncode:
+            return (
+                proc.stderr.rstrip().decode()
+                or proc.stdout.rstrip().decode()
+                or "Unknown error",
+                None,
+            )
+
+        git_dir = proc.stdout.rstrip().decode()
+        if git_dir not in (".", ".git"):
+            return "Path not a valid repository", None
+
+        return (None, (repo_path, b"" if len(parts) == 1 else parts[1]))
+
+    except Exception as e:
+        traceback.print_exc()
+        return str(e), None
+
+
+def log_request(path: str, repo_path: str, *args: object):
+    global _repo_path  # pylint: disable=W0602 # noqa: F999
+    repo_path = os.path.relpath(repo_path, _repo_path)
+    log.debug("REQUEST %s %s %s", path, repo_path, " ".join(f"{f}" for f in args))
+
+
+def on_list_request(
+    path: str,
+    data: bytes,
+    _request_id: bytes,
+    remote_identity: RNS.Identity | None,
+    _request_at: float,
+) -> bytes | None:
+    try:
+        err = (
+            write_allowed_error(remote_identity)
+            if path == "list-for-push"
+            else read_allowed_error(remote_identity)
+        )
+        if err is not None:
+            return b"\1" + err.encode()
+
+        err, res = request_repo_path(data)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        assert res is not None  # nosec B101
+        repo_path, data = res
+
+        log_request(path, repo_path)
+        head_path = os.path.join(repo_path, ".git", "HEAD")
+        if not os.path.exists(head_path):
+            head_path = os.path.join(repo_path, "HEAD")
+
+        with open(head_path, "rb") as f:
+            ref = f.read()[5:].rstrip().decode()
+
+        proc = subprocess.run(  # nosec B607 B603
+            ["git", "refs", "list", "--format", "%(objectname) %(refname)"],
+            text=False,
+            cwd=repo_path,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            check=False,
+        )
+        log.debug("git refs list code: %d", proc.returncode)
+        if proc.returncode:
+            return proc.returncode.to_bytes(1, "big") + proc.stderr
+
+        return b"\0" + proc.stdout + f"@{ref} HEAD\n".encode()
+
+    except Exception as e:
+        traceback.print_exc()
+        return b"\1" + str(e).encode()
+
+
+def on_fetch_request(
+    path: str,
+    data: bytes,
+    _request_id: bytes,
+    remote_identity: RNS.Identity | None,
+    _request_at: float,
+) -> bytes | None:
+    try:
+        err = read_allowed_error(remote_identity)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        err, res = request_repo_path(data)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        assert res is not None  # nosec B101
+        repo_path, data = res
+
+        sha, ref = data.decode().split(" ", maxsplit=1)
+        log_request(path, repo_path, sha, ref)
+        with TemporaryDirectory() as tmpdir:
+            bundle = os.path.join(tmpdir, f"{sha}.bundle")
+            proc = subprocess.run(  # nosec B607 B603
+                ["git", "bundle", "create", "--no-progress", bundle, ref],
+                cwd=repo_path,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                check=False,
+            )
+            log.debug("git bundle create return code: %d", proc.returncode)
+            if proc.returncode:
+                return proc.returncode.to_bytes(1, "big") + proc.stderr
+
+            with open(bundle, "rb") as f:
+                return b"\0" + f.read()
+
+    except Exception as e:
+        traceback.print_exc()
+        return b"\1" + str(e).encode()
+
+
+def on_push_request(
+    path: str,
+    data: bytes,
+    _request_id: bytes,
+    remote_identity: RNS.Identity | None,
+    _request_at: float,
+) -> bytes | None:
+    try:
+        err = write_allowed_error(remote_identity)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        err, res = request_repo_path(data)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        assert res is not None  # nosec B101
+        repo_path, data = res
+
+        info, data = data.split(b"\n", maxsplit=1)
+        local_ref, remote_ref = info.decode().split(":", maxsplit=1)
+        force = local_ref.startswith("+")
+        if force:
+            local_ref = local_ref[1:]
+
+        log_request(path, repo_path, local_ref, remote_ref, "(force) " if force else "")
+        with TemporaryDirectory() as tmpdir:
+            bundle = os.path.join(tmpdir, "bundle")
+            with open(bundle, "wb") as f:
+                _ = f.write(data)
+
+            proc = subprocess.run(  # nosec B607 B603
+                ["git", "bundle", "verify", bundle],
+                cwd=repo_path,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                check=False,
+            )
+            log.debug("git bundle verifyreturn code: %d", proc.returncode)
+            if proc.returncode:
+                return proc.returncode.to_bytes(1, "big") + proc.stderr
+
+            proc = subprocess.run(  # nosec B607 B603
+                [
+                    "git",
+                    "fetch",
+                    bundle,
+                    f"{local_ref}:{remote_ref}",
+                    *(["--force"] if force else []),
+                ],
+                cwd=repo_path,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                check=False,
+            )
+            log.debug("git bundle unbundle return code: %d", proc.returncode)
+
+        return proc.returncode.to_bytes(1, "big") + proc.stderr
+
+    except Exception as e:
+        traceback.print_exc()
+        return b"\1" + str(e).encode()
+
+
+def on_delete_request(
+    path: str,
+    data: bytes,
+    _request_id: bytes,
+    remote_identity: RNS.Identity | None,
+    _request_at: float,
+):
+    try:
+        err = write_allowed_error(remote_identity)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        err, res = request_repo_path(data)
+        if err is not None:
+            return b"\1" + err.encode()
+
+        assert res is not None  # nosec B101
+        repo_path, data = res
+
+        ref = data
+        log_request(path, repo_path, data)
+
+        proc = subprocess.run(  # nosec B607 B603
+            ["git", "update-ref", "-d", ref],
+            cwd=repo_path,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            check=False,
+        )
+        log.debug("git update-ref return code: %d", proc.returncode)
+        return b"\0" + proc.stderr
+
+    except Exception as e:
+        traceback.print_exc()
+        return b"\1" + str(e).encode()
+
+
+def main(argv: Sequence[str] | None = None) -> int:  # noqa: MC0001
+    parser = argparse.ArgumentParser(description="RNS Git Server", allow_abbrev=False)
+    _ = parser.add_argument("repo", help="Path to git repository to serve")
+    _ = parser.add_argument(
+        "-c", "--config", help="Path to Reticulum config directory", dest="config"
+    )
+    _ = parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        help="Enable verbose logging",
+        dest="verbose",
+    )
+    _ = parser.add_argument(
+        "-i", "--identity", help="Path identity file", dest="identity"
+    )
+    _ = parser.add_argument(
+        "--version", action="version", version=f"rngit {__version__}"
+    )
+    _ = parser.add_argument(
+        "-a",
+        "--announce-interval",
+        type=int,
+        default=None,
+        help="Interval in seconds between announces (default: announce once)",
+        dest="announce_interval",
+    )
+    _ = parser.add_argument(
+        "-w",
+        "--allow-write",
+        action="append",
+        default=[],
+        help="Identities allowed to write to the repository. Will automatically be allowed to read.",
+        dest="allow_write",
+    )
+    _ = parser.add_argument(
+        "-r",
+        "--allow-read",
+        action="append",
+        default=[],
+        help="Identities allowed to read the repository",
+        dest="allow_read",
+    )
+    _ = parser.add_argument(
+        "-A",
+        "--allow-all-read",
+        action="store_true",
+        dest="allow_all_read",
+        help="Allow any connection to read the repository",
+    )
+    args = parser.parse_args(argv)
+
+    assert isinstance(args.repo, str)  # pyright: ignore[reportAny] # nosec B101
+    repo_path = os.path.realpath(args.repo)
+    if not os.path.exists(repo_path):
+        raise FileNotFoundError(repo_path)
+
+    if not os.path.isdir(repo_path):
+        raise ValueError(f"Not a directory: {repo_path}")
+
+    global _repo_path
+    _repo_path = repo_path
+
+    assert isinstance(args.config, str | None)  # pyright: ignore[reportAny] # nosec B101
+    config_path = args.config
+    if config_path is None:
+        config_path = os.environ.get("RNS_CONFIG_PATH", None)
+
+    assert isinstance(args.verbose, bool)  # pyright: ignore[reportAny] # nosec B101
+    verbose = args.verbose
+
+    assert isinstance(args.identity, str | None)  # pyright: ignore[reportAny] # nosec B101
+    identity_path = args.identity
+
+    assert isinstance(args.announce_interval, int | None)  # pyright: ignore[reportAny] # nosec B101
+    announce_interval = args.announce_interval
+
+    assert isinstance(args.allow_all_read, bool)  # pyright: ignore[reportAny] # nosec B101
+    allow_all_read = args.allow_all_read
+
+    assert isinstance(args.allow_read, list)  # pyright: ignore[reportAny]# nosec B101
+    assert all(x for x in args.allow_read if isinstance(x, str))  # pyright: ignore[reportUnknownMemberType, reportUnknownVariableType]# nosec B101
+    read_list = set(cast(list[str], args.allow_read))
+
+    for allow in read_list:
+        if not is_valid_hexhash(allow):
+            raise ValueError(f"Invalid read hexhash: {allow}")
+
+    if allow_all_read and read_list:
+        raise ValueError(
+            "--allow-read and --allow-all-read cannot be used at the same time"
+        )
+
+    assert isinstance(args.allow_write, list)  # pyright: ignore[reportAny] # nosec B101
+    assert all(x for x in args.allow_write if isinstance(x, str))  # pyright: ignore[reportUnknownMemberType, reportUnknownVariableType] # nosec B101
+    write_list = set(cast(list[str], args.allow_write))
+
+    global _write_list
+    _write_list = write_list
+
+    for allow in write_list:
+        if not is_valid_hexhash(allow):
+            raise ValueError(f"Invalid write hexhash: {allow}")
+
+    read_list |= write_list
+
+    global _read_list
+    _read_list = None if allow_all_read else read_list
+
+    configure_logging(logging.DEBUG if verbose else logging.WARNING)
+
+    _ = RNS.Reticulum(config_path, RNS.LOG_VERBOSE if verbose else RNS.LOG_WARNING)
+
+    assert RNS.Reticulum.configdir is not None  # pyright: ignore[reportUnknownMemberType] # nosec B101
+    if identity_path is None:
+        identity_path = os.path.join(RNS.Reticulum.configdir, "identity")  # pyright: ignore[reportUnknownMemberType, reportUnknownArgumentType]
+
+    assert identity_path is not None  # nosec B101
+    log.info("Identity: %s", identity_path)
+    identity: RNS.Identity | None = None
+    if os.path.exists(identity_path):
+        identity = RNS.Identity.from_file(identity_path)  # pyright: ignore[reportUnknownMemberType]
+
+    if identity is None:
+        identity = RNS.Identity(True)
+        _ = identity.to_file(identity_path)  # pyright: ignore[reportUnknownMemberType]
+
+    assert identity is not None  # nosec B101
+    assert identity.hexhash is not None  # nosec B101
+
+    server_destination = RNS.Destination(
+        identity,
+        RNS.Destination.IN,
+        RNS.Destination.SINGLE,
+        APP_NAME,
+    )
+
+    log.info("Destination: %s", RNS.prettyhexrep(server_destination.hash))  # pyright: ignore[reportUnknownMemberType]
+    log.info("Read list: %s", "(any)" if allow_all_read else read_list)
+    log.info("Write list: %s", write_list)
+    allow_list = (bytes.fromhex(x) for x in read_list)
+    server_destination.register_request_handler(  # pyright: ignore[reportUnknownMemberType]
+        "list",
+        on_list_request,
+        RNS.Destination.ALLOW_ALL,
+        allow_list,
+    )
+    server_destination.register_request_handler(  # pyright: ignore[reportUnknownMemberType]
+        "list-for-push",
+        on_list_request,
+        RNS.Destination.ALLOW_ALL,
+        allow_list,
+    )
+    server_destination.register_request_handler(  # pyright: ignore[reportUnknownMemberType]
+        "fetch",
+        on_fetch_request,
+        RNS.Destination.ALLOW_ALL,
+        allow_list,
+    )
+    server_destination.register_request_handler(  # pyright: ignore[reportUnknownMemberType]
+        "push",
+        on_push_request,
+        RNS.Destination.ALLOW_ALL,
+        allow_list,
+    )
+    server_destination.register_request_handler(  # pyright: ignore[reportUnknownMemberType]
+        "delete",
+        on_delete_request,
+        RNS.Destination.ALLOW_ALL,
+        allow_list,
+    )
+    server_destination.set_link_established_callback(on_link_established)  # pyright: ignore[reportUnknownMemberType]
+
+    _ = server_destination.announce()  # pyright: ignore[reportUnknownMemberType]
+    if announce_interval is None:
+        while True:
+            time.sleep(10)
+
+    last_announce = time.time()
+    while True:
+        current = time.time()
+        if last_announce + announce_interval >= current:
+            _ = server_destination.announce()  # pyright: ignore[reportUnknownMemberType]
+            last_announce = current
+
+        time.sleep(0.1)

git_remote_rns-0.0.1/rngit/shared.py

@@ -0,0 +1,30 @@
+import logging
+import string
+import sys
+from enum import Enum
+
+import RNS
+
+APP_NAME = "git"
+EXPECTED_HEXHASH_LENGTH = (RNS.Reticulum.TRUNCATED_HASHLENGTH // 8) * 2
+
+
+class packets(Enum):
+    PACKET_IDENTIFIED = 0x01.to_bytes(1, "big")
+
+
+def configure_logging(level: int = logging.WARNING):
+    while logging.root.handlers:
+        logging.root.removeHandler(logging.root.handlers[0])
+
+    logging.basicConfig(
+        level=level,
+        format="%(asctime)s [%(levelname)s] %(message)s",
+        stream=sys.stderr,
+    )
+
+
+def is_valid_hexhash(hexhash: str) -> bool:
+    return len(hexhash) == EXPECTED_HEXHASH_LENGTH and all(
+        c in string.hexdigits for c in hexhash
+    )

git_remote_rns-0.0.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

git_remote_rns-0.0.1/tests/test_integration.py

@@ -0,0 +1,238 @@
+import os
+import pathlib
+import re
+import shutil
+import subprocess
+import sys
+import time
+from pathlib import Path
+
+import pytest
+
+RETICULUM_CONFIG = """
+[reticulum]
+  share_instance = Yes
+
+[interfaces]
+  [[AutoInterface]]
+    type = AutoInterface
+    enabled = no
+
+  [[Dummy]]
+    type = BackboneInterface
+    enable = yes
+    listen_on = 127.0.0.2
+"""
+
+
+def _run_stack(tmp_path: Path, stdin: str) -> str:
+    if not shutil.which("rnsd"):
+        pytest.skip("rnsd binary not found in PATH")
+
+    venv_python: str = sys.executable
+    venv_bin: Path = pathlib.Path(venv_python).parent
+    rngit_bin: str = str(venv_bin / "rngit")
+    git_remote_rns_bin: str = str(venv_bin / "git-remote-rns")
+    rnsd: str = str(venv_bin / "rnsd")
+
+    if not pathlib.Path(rngit_bin).exists():
+        pytest.skip("rngit not installed in venv")
+
+    rns_config_dir: Path = tmp_path / "rns"
+    rns_config_dir.mkdir()
+    repo_dir: Path = tmp_path / "repo"
+    repo_dir.mkdir()
+
+    _ = subprocess.run(["git", "init"], cwd=repo_dir, capture_output=True, check=True)
+    with open(repo_dir / "test.txt", "w") as f:
+        _ = f.write("hello")
+    _ = subprocess.run(
+        ["git", "add", "."], cwd=repo_dir, capture_output=True, check=True
+    )
+    _ = subprocess.run(
+        ["git", "commit", "-m", "init"],
+        cwd=repo_dir,
+        capture_output=True,
+        check=True,
+    )
+
+    rns_config: Path = rns_config_dir / "config"
+    _ = rns_config.write_text(RETICULUM_CONFIG)
+
+    workdir: Path = pathlib.Path.cwd()
+
+    rnsd_proc: subprocess.Popen[str] = subprocess.Popen(
+        [rnsd, "--config", str(rns_config_dir), "-v"],
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE,
+        text=True,
+        bufsize=1,
+        cwd=str(workdir),
+    )
+
+    # Check if rnsd started successfully
+    time.sleep(1)
+    if rnsd_proc.poll() is not None:
+        out = rnsd_proc.stdout.read().strip() if rnsd_proc.stdout else ""
+        err = rnsd_proc.stderr.read().strip() if rnsd_proc.stderr else ""
+        pytest.skip(
+            f"rnsd failed to start ({rnsd_proc.returncode}). stdout: {out!r}, stderr: {err!r}"
+        )
+
+    def wait_for_rns_ready(timeout: float = 15) -> bool:
+        import subprocess as subp
+
+        time.sleep(2)  # Give rnsd time to start
+        start = time.time()
+        while time.time() - start < timeout:
+            result = subp.run(
+                ["rnstatus", "--config", str(rns_config_dir), "-a"],
+                capture_output=True,
+                text=True,
+            )
+            if "Shared Instance" in result.stdout and "Up" in result.stdout:
+                return True
+            time.sleep(0.5)
+        # Print debug info on failure
+        result = subp.run(
+            ["rnstatus", "--config", str(rns_config_dir), "-a"],
+            capture_output=True,
+            text=True,
+        )
+        print(f"rnstatus stdout: {result.stdout}")
+        print(f"rnstatus stderr: {result.stderr}")
+        return False
+
+    rns_ready = wait_for_rns_ready()
+    print(f"RNS ready: {rns_ready}")
+
+    if not rns_ready:
+        rnsd_proc.terminate()
+        pytest.skip("RNS shared instance failed to start")
+
+    server_proc = subprocess.Popen(
+        [
+            rngit_bin,
+            str(repo_dir),
+            "--verbose",
+            "--config",
+            str(rns_config_dir),
+            "--announce-interval",
+            "1",
+            "--allow-all-read",
+        ],
+        stdout=subprocess.PIPE,
+        stderr=subprocess.STDOUT,
+        text=True,
+        bufsize=1,
+        cwd=str(workdir),
+        env={**os.environ, "RNS_CONFIG_PATH": str(rns_config_dir)},
+    )
+
+    dest_hash = None
+    try:
+        assert server_proc.stdout is not None, "Server stdout is None"
+
+        print("Waiting for rngit output...")
+        import select
+
+        while True:
+            ready, _, _ = select.select([server_proc.stdout], [], [], 5)  # type: ignore[assignment]
+            if ready:
+                line = server_proc.stdout.readline()
+                if not line:
+                    print("rngit stdout closed")
+                    break
+
+                print(f"SERVER: {line.rstrip()}")
+                match = re.search(r"\[INFO\] Destination: <([a-f0-9]+)>", line)
+                if match:
+                    dest_hash = match.group(1)
+                    print(f"Destination: {dest_hash}")
+                    break
+
+                if "error" in line.lower():
+                    assert False, f"Server error: {line}"
+
+            else:
+                print("Timeout waiting for rngit output")
+                break
+
+        if server_proc.poll() is not None and dest_hash is None:
+            stderr_data = server_proc.stderr.read() if server_proc.stderr else ""
+            print(f"rngit exited early with code {server_proc.returncode}")
+            print(f"stderr: {stderr_data}")
+            assert False, f"rngit exited early with code {server_proc.returncode}"
+
+        assert dest_hash is not None, (
+            "Could not get destination hash from server. rngit output above."
+        )
+        assert len(dest_hash) == 32, f"Invalid destination hash length: {dest_hash}"
+
+        time.sleep(2)
+
+        try:
+            result = subprocess.run(
+                [git_remote_rns_bin, "origin", dest_hash],
+                env={**os.environ, "RNS_CONFIG_PATH": str(rns_config_dir)},
+                input=stdin,
+                capture_output=True,
+                text=True,
+                timeout=30,
+            )
+            print(f"STDOUT: {result.stdout}")
+            print(f"STDERR: {result.stderr}")
+            output = result.stdout + (result.stderr or "")
+
+            if result.returncode != 0:
+                print(f"Client exit code: {result.returncode}")
+
+            if (
+                "timeout" in output.lower()
+                or "failed to connect" in output.lower()
+                or "error" in output.lower()
+            ):
+                print(f"Client output: {output[:500]}")
+                assert False, (
+                    "Client failed to connect to server. "
+                    f"Server hash: {dest_hash}. "
+                    f"Output: {output}"
+                )
+
+            return output
+
+        except subprocess.TimeoutExpired as e:
+            print("Client timed out!")
+            print(f"stdout: {e.stdout}")
+            print(f"stderr: {e.stderr}")
+            raise
+
+    finally:
+        server_proc.terminate()
+        try:
+            _ = server_proc.wait(timeout=5)
+
+        except subprocess.TimeoutExpired:
+            server_proc.kill()
+            _ = server_proc.wait()
+
+        rnsd_proc.terminate()
+        try:
+            _ = rnsd_proc.wait(timeout=5)
+
+        except subprocess.TimeoutExpired:
+            rnsd_proc.kill()
+            _ = rnsd_proc.wait()
+
+
+class TestEndToEnd:
+    def test_capabilities(self, tmp_path: Path) -> None:
+        output = _run_stack(tmp_path, "capabilities\n\n")
+        assert "list" in output, f"'list' missing from capabilities: {output}"
+        assert "fetch" in output, f"'fetch' missing from capabilities: {output}"
+        assert "push" in output, f"'push' missing from capabilities: {output}"
+
+    def test_list(self, tmp_path: Path) -> None:
+        output = _run_stack(tmp_path, "list\n\n")
+        assert "refs/heads" in output, f"Expected refs/heads in output, got: {output}"
+        assert "HEAD" in output, f"Expected HEAD in output, got: {output}"