git-forensics-scanner

# Git Forensics Scanner Surfaces and classifies all code changes in a repository using git diff analysis, providing structured change sets for downstream semantic analysis. ## Purpose The first phase of nation-state trojan detection: identify exactly what changed, how much changed, and classify each change by risk level. Small diffs in critical code paths are flagged as highest-risk since business-logic trojans typically modify 1-5 lines. ## Capabilities ### Change Set Extraction - Unstaged changes (`git diff`) - Staged changes (`git diff --cached`) - Commit range diffs (`git diff <base>..<head>`) - Branch diffs (`git diff <base>...<head>`) - Per-file patch extraction with full hunk context ### Change Classification - **code** — Logic, algorithms, formulas, control flow - **config** — Constants, parameters, thresholds, defaults - **data-model** — Schemas, types, model properties, ORM mappings - **cosmetic** — Formatting, comments, whitespace, rounding wrappers ### Risk Triage - Files with 1-5 line changes in prediction/financial/auth code → HIGH RISK - Single-character operator changes → CRITICAL RISK - Comment-only changes accompanying code changes → CAMOUFLAGE RISK ## Input Schema ```json { "type": "object", "required": ["projectRoot"], "properties": { "projectRoot": { "type": "string", "description": "Absolute path to the git repository" }, "scanMode": { "type": "string", "enum": ["uncommitted", "commit-range", "branch-dif...