Nice, thanks for the info, very helpful! I don't currently know anything about Grasp, but I would expect that it handles authentication simply by allowing anyone to upload any commts anywhere, but checking whether branches, tags, and other such labels are authored by authorised persons, depending on the specific repo owner and repo name that those labels are pushed under? If it's done in that way, then forking would be very straightforward as far as backend implementation is concerned: just create a new set of labels pointing to the same commit-ishes/tree-ishes under a different owner name and/or repo name.