securegit 0.8.5

Zero-trust git replacement with 12 built-in security scanners, LLM redteam bridge, universal undo, durable backups, and a 50-tool MCP server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

use crate::cli::UI;
use crate::ops::oplog;
use crate::ops::utils::short_oid;
use anyhow::{bail, Result};
use git2::{build::CheckoutBuilder, Repository};
use std::path::Path;

pub fn execute(path: &Path, target: &str, create_branch: bool, force: bool, ui: &UI) -> Result<()> {
    let desc = if create_branch {
        format!("checkout -b '{}'", target)
    } else {
        format!("checkout '{}'", target)
    };
    oplog::with_oplog(path, "checkout", &desc, || {
        execute_inner(path, target, create_branch, force, ui)
    })
}

fn checkout_opts(force: bool) -> Option<CheckoutBuilder<'static>> {
    if force {
        let mut cb = CheckoutBuilder::new();
        cb.force();
        Some(cb)
    } else {
        None
    }
}

fn execute_inner(
    path: &Path,
    target: &str,
    create_branch: bool,
    force: bool,
    ui: &UI,
) -> Result<()> {
    let repo = crate::ops::open_repo(path)?;

    // Handle "checkout -" (previous branch)
    if target == "-" {
        return switch_to_previous(&repo, force, ui);
    }

    if create_branch {
        let head_commit = repo.head()?.peel_to_commit()?;
        let branch = repo.branch(target, &head_commit, false)?;
        let obj = branch.get().peel(git2::ObjectType::Commit)?;

        let mut opts = checkout_opts(force);
        repo.checkout_tree(&obj, opts.as_mut())?;
        repo.set_head(&format!("refs/heads/{}", target))?;
        ui.success(format!("Switched to a new branch '{}'", target));
        return Ok(());
    }

    // Try as local branch
    if let Ok(branch) = repo.find_branch(target, git2::BranchType::Local) {
        let obj = branch.get().peel(git2::ObjectType::Commit)?;
        let mut opts = checkout_opts(force);
        repo.checkout_tree(&obj, opts.as_mut())?;
        repo.set_head(&format!("refs/heads/{}", target))?;
        ui.success(format!("Switched to branch '{}'", target));
        return Ok(());
    }

    // Try as remote branch (create local tracking)
    for remote_name in repo.remotes()?.iter().flatten() {
        let remote_branch = format!("{}/{}", remote_name, target);
        if let Ok(branch) = repo.find_branch(&remote_branch, git2::BranchType::Remote) {
            let commit = branch.get().peel_to_commit()?;
            let local_branch = repo.branch(target, &commit, false)?;
            let obj = local_branch.get().peel(git2::ObjectType::Commit)?;
            let mut opts = checkout_opts(force);
            repo.checkout_tree(&obj, opts.as_mut())?;
            repo.set_head(&format!("refs/heads/{}", target))?;
            ui.success(format!(
                "Switched to a new branch '{}' tracking '{}'",
                target, remote_branch
            ));
            return Ok(());
        }
    }

    // Try as commit/tag
    if let Ok(obj) = repo.revparse_single(target) {
        let commit = obj.peel_to_commit()?;
        let mut opts = checkout_opts(force);
        repo.checkout_tree(commit.as_object(), opts.as_mut())?;
        repo.set_head_detached(commit.id())?;
        ui.info(format!(
            "HEAD is now at {} {}",
            short_oid(&commit.id()),
            commit.summary().unwrap_or("")
        ));
        return Ok(());
    }

    bail!("pathspec '{}' did not match any known refs", target);
}

fn switch_to_previous(repo: &Repository, force: bool, ui: &UI) -> Result<()> {
    // Read the reflog to find the previous branch
    let reflog = repo.reflog("HEAD")?;
    for i in 0..reflog.len() {
        if let Some(entry) = reflog.get(i) {
            let msg = entry.message().unwrap_or("");
            // Look for "checkout: moving from X to Y" — we want X
            if let Some(rest) = msg.strip_prefix("checkout: moving from ") {
                if let Some(from_branch) = rest.split(" to ").next() {
                    // Verify the branch still exists
                    if repo
                        .find_branch(from_branch, git2::BranchType::Local)
                        .is_ok()
                    {
                        let branch = repo.find_branch(from_branch, git2::BranchType::Local)?;
                        let obj = branch.get().peel(git2::ObjectType::Commit)?;
                        let mut opts = checkout_opts(force);
                        repo.checkout_tree(&obj, opts.as_mut())?;
                        repo.set_head(&format!("refs/heads/{}", from_branch))?;
                        ui.success(format!("Switched to branch '{}'", from_branch));
                        return Ok(());
                    }
                }
            }
        }
    }
    bail!("No previous branch found in reflog");
}