Expand description
§git-forensic
Forensic anomaly auditor for Git object stores, built on git_core. It
reads commits via the reader and emits graded
forensicnomicon::report::Findings — observations, never legal
conclusions; the analyst draws the conclusion.
First finding: commit-time inversion — a commit whose committer timestamp precedes its author timestamp. In a normal flow the committer time is at or after the author time, so an inversion is consistent with timestamp backdating (benign causes include cross-machine clock skew).
Re-exports§
pub use reflog::audit_reflog;pub use reflog::ReflogAnomaly;pub use signatures::audit_signatures;pub use signatures::SignatureAnomaly;pub use unreachable::audit_unreachable;pub use unreachable::UnreachableObject;
Modules§
- attribution
- Attribution timeline — who did what, when, from which timezone.
- reflog
- Reflog-residue analysis: history-rewriting operations recorded in the reflog.
- signatures
- Signature-policy analysis: an unsigned commit in an otherwise-signed history.
- unreachable
- Reachability analysis: objects present in the store but reachable from no ref. Such an object is residue of deleted or rewritten history — it remains resurrectable from the object store until garbage-collected. Commits are the most telling (a whole dropped line of development); blobs and trees are lower-signal. An examiner follows these leads; they are never a verdict.
Enums§
- GitAnomaly
- A forensic anomaly observed in a Git object store.
Functions§
- audit_
commit - Audit a single parsed commit for anomalies (pure; side-effect free).
- audit_
repo - Audit every commit reachable from
from(first-parent walk) inrepo. - source
- The
Sourcestamp for findings this analyzer emits.