git-core
A from-scratch, forensic-grade Git object-store reader — loose + packfile (v2, OFS/REF delta) objects, refs, commits, trees, and reflogs over a content-addressed Merkle DAG. No unsafe, no libgit2, no C bindings — reads any OS's .git.
[]
= "0.1"
use GitRepo;
use Path;
let repo = open?;
// Resolve HEAD and read the commit it points at…
let head = repo.head?;
let commit = repo.read_commit?;
println!;
// …walk first-parent history, or enumerate every object in the store.
for commit in repo.walk_commits
for hash in repo.all_objects?
# Ok::
The bare crate name git on crates.io is taken, so this crate publishes as git-core and imports as git_core.
What it parses
GitRepo (open, head, resolve_ref, read_object, read_commit, read_tree, read_blob, walk_commits, reflog, all_objects, all_refs) · loose object read + zlib inflation (object, loose) · packfile v2 read with OFS and REF delta resolution (pack) · commit parsing with author/committer signatures, parents, tree, message, and gpgsig presence (commit::CommitObject, Signature) · tree parsing (tree::TreeObject, TreeEntry) · ref + reflog parsing (refs, reflog::parse_reflog, ReflogEntry) · GitHash (SHA-1) with hex/byte conversion and object-path derivation.
Trust, but verify
#![forbid(unsafe_code)]; panic-free on crafted input (the workspace denies clippy::unwrap_used / expect_used in production code, every length, offset, and delta instruction bounds-checked); fuzzed with four cargo-fuzz targets (loose, commit, tree, delta); the reader is exercised against real .git directories with object inflation and packfile delta resolution cross-checked against git itself.
Forensic analysis
Severity-graded anomaly auditing (commit-time inversion / history-rewrite residue / unsigned-in-signed-history / unreachable-object findings) lives in the sibling git-forensic crate, built on this one — the reader/analyzer split mirrors ntfs-core/ntfs-forensic.
Privacy Policy · Terms of Service · © 2026 Security Ronin Ltd