securegit 0.8.5

Zero-trust git replacement with 12 built-in security scanners, LLM redteam bridge, universal undo, durable backups, and a 50-tool MCP server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

use crate::auth;
use crate::auth::SecureString;
use crate::cli::UI;
use crate::graphrag;
use anyhow::{bail, Result};
use std::path::Path;

pub struct PushOptions<'a> {
    pub set_upstream: bool,
    pub force: bool,
    pub tags: bool,
    pub all: bool,
    pub token: Option<&'a SecureString>,
    pub ssh_key: Option<&'a Path>,
}

pub fn execute(
    path: &Path,
    remote_name: &str,
    branch: Option<&str>,
    opts: PushOptions,
    ui: &UI,
) -> Result<()> {
    let repo = crate::ops::open_repo(path)?;

    let prefix = if opts.force { "+" } else { "" };
    let mut refspecs: Vec<String> = Vec::new();
    let mut resolved_branch: Option<String> = None;

    if opts.all {
        let branches = repo.branches(Some(git2::BranchType::Local))?;
        for branch_result in branches {
            let (b, _) = branch_result?;
            if let Some(name) = b.name()? {
                refspecs.push(format!("{}refs/heads/{}:refs/heads/{}", prefix, name, name));
            }
        }
        // Capture current branch for set_upstream
        if let Ok(head) = repo.head() {
            resolved_branch = head.shorthand().map(|s| s.to_string());
        }
    } else if !opts.tags {
        // Push a specific branch or tag (or the current branch)
        let ref_name = if let Some(b) = branch {
            b.to_string()
        } else {
            if repo.head_detached()? {
                bail!(
                    "You are not currently on any branch.\n\
                     To push, specify the branch name: securegit push <remote> <branch>"
                );
            }
            let head = repo.head()?;
            head.shorthand()
                .ok_or_else(|| anyhow::anyhow!("Could not determine current branch name"))?
                .to_string()
        };

        // Detect if the argument is a tag (when no local branch of that name exists)
        let is_tag = repo
            .find_branch(&ref_name, git2::BranchType::Local)
            .is_err()
            && repo
                .find_reference(&format!("refs/tags/{}", ref_name))
                .is_ok();

        if is_tag {
            refspecs.push(format!(
                "{}refs/tags/{}:refs/tags/{}",
                prefix, ref_name, ref_name
            ));
        } else {
            refspecs.push(format!(
                "{}refs/heads/{}:refs/heads/{}",
                prefix, ref_name, ref_name
            ));
            resolved_branch = Some(ref_name);
        }
    } else if let Some(b) = branch {
        // --tags with an explicit branch: push the branch too
        let branch_name = b.to_string();
        refspecs.push(format!(
            "{}refs/heads/{}:refs/heads/{}",
            prefix, branch_name, branch_name
        ));
        resolved_branch = Some(branch_name);
    }

    if opts.tags {
        let tag_names = repo.tag_names(None)?;
        for tag in tag_names.iter().flatten() {
            refspecs.push(format!("{}refs/tags/{}:refs/tags/{}", prefix, tag, tag));
        }
    }

    if refspecs.is_empty() {
        bail!("Nothing to push.");
    }

    let mut remote = repo.find_remote(remote_name)?;

    let host = remote
        .url()
        .and_then(|u| url::Url::parse(u).ok())
        .and_then(|u| u.host_str().map(|h| h.to_string()));
    let mut callbacks = auth::build_git2_callbacks(opts.token, opts.ssh_key, host);
    callbacks.push_transfer_progress(|_current, _total, _bytes| {});

    let mut push_opts = git2::PushOptions::new();
    push_opts.remote_callbacks(callbacks);

    let refspec_strs: Vec<&str> = refspecs.iter().map(|s| s.as_str()).collect();
    remote.push(&refspec_strs, Some(&mut push_opts))?;

    let remote_url = remote.url().map(|s| s.to_string());
    ui.info(format!("To {}", remote_url.as_deref().unwrap_or("")));

    if let Some(ref branch_name) = resolved_branch {
        ui.field("Branch", format!("{} -> {}", branch_name, branch_name));
    }
    if opts.tags {
        ui.info("[tags pushed]");
    }
    if opts.all {
        ui.info("[all branches pushed]");
    }

    // Set upstream tracking if requested
    if opts.set_upstream {
        if let Some(ref branch_name) = resolved_branch {
            let mut local_branch = repo.find_branch(branch_name, git2::BranchType::Local)?;
            let upstream_name = format!("{}/{}", remote_name, branch_name);
            local_branch.set_upstream(Some(&upstream_name))?;
            ui.success(format!(
                "Branch '{}' set up to track '{}' from '{}'.",
                branch_name, branch_name, remote_name
            ));
        }
    }

    // Trigger GraphRAG indexing after push
    let branch_for_graphrag = resolved_branch.as_deref();
    graphrag::client::trigger_indexing_sync(path, remote_url.as_deref(), branch_for_graphrag);

    // Trigger auto-backup to configured destinations
    crate::ops::backup::trigger_auto_backup(path);

    Ok(())
}