github-commit-recovery

The github-commit-recovery skill is a specialized utility designed for digital forensics and security research within GitHub repositories. It allows researchers and developers to retrieve commit data that is no longer referenced by any active branch—typically due to a force-push or deletion operation. Even when GitHub removes references from the UI, the underlying commit objects often remain stored on their infrastructure, accessible via specific SHAs if known. This skill automates the discovery and extraction of such artifacts to ensure data integrity during security audits or incident response.

• Retrieves raw commit content, patches (.patch), and unified diffs (.diff) directly from GitHub server endpoints using only the commit SHA.

• Integrates with the GitHub REST API to fetch comprehensive metadata, including authorship, verification status, and file-level modifications.

• Utilizes optimized git fetch operations, including --filter=blob:none and --no-checkout, to pull specific objects without cloning entire repositories.

• Supports batch processing of commit lists, making it suitable for large-scale forensic investigations or verifying history across multiple repositories.

• Features rate-limit management and courtesy delays to prevent throttling while interacting with GitHub's infrastructure.

• Use this skill when you have orphan commit SHAs from CI/CD logs, reflogs, or external security reports and need to reconstruct the original code state.

• Always ensure you have appropriate authentication via a GitHub Token if performing high-volume queries to benefit from the 5,000 requests/hour limit instead of the unauthenticated 60 requests/hour limit.

• Be aware that short SHAs (4 hex characters) can be used for lookup, but always prefer full SHAs to avoid collision risks.

• Treat this as a powerful retrieval mechanism for dangling commits that were force-pushed over; however, note that it does not 'undelete' the commit into the repository's visible history, but rather exposes the object for analysis and extraction.

• Ideal for OSINT investigations, verifying commit authorship (distinguishing between the author and the committer), and examining security-sensitive changes that were obscured by subsequent force-pushes.