1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
//! Git support for Bashkit
//!
//! Provides virtual git operations on the virtual filesystem.
//! Requires the `git` feature to be enabled.
//!
//! # Security Model
//!
//! - **Disabled by default**: Git access requires explicit configuration
//! - **Virtual filesystem only**: All operations confined to VFS
//! - **Remote URL allowlist**: Only allowed URLs can be accessed (Phase 2)
//! - **Virtual identity**: Author name/email are configurable, never from host
//! - **No host access**: Cannot read host ~/.gitconfig or credentials
//!
//! # Usage
//!
//! Configure git access using [`GitConfig`] with [`crate::Bash::builder`]:
//!
//! ```rust,ignore
//! use bashkit::{Bash, GitConfig};
//!
//! # #[tokio::main]
//! # async fn main() -> bashkit::Result<()> {
//! let mut bash = Bash::builder()
//! .git(GitConfig::new()
//! .author("Bot", "bot@example.com"))
//! .build();
//!
//! // Now git commands work on the virtual filesystem
//! let result = bash.exec("git init /repo && cd /repo && git status").await?;
//! # Ok(())
//! # }
//! ```
//!
//! # Supported Commands (Phase 1)
//!
//! - `git init [path]` - Create empty repository
//! - `git config [key] [value]` - Get/set config
//! - `git add <pathspec>...` - Stage files
//! - `git commit -m <message>` - Record changes
//! - `git status` - Show working tree status
//! - `git log [-n N]` - Show commit history
//!
//! # Security Threats
//!
//! See `specs/006-threat-model.md` Section 9: Git Security (TM-GIT-*)
pub use GitConfig;
pub use GitClient;