Git rescue agent

Get out of the git mess.
Without losing a thing.

The conflict. The bad rebase. The detached HEAD at 11pm. nit reads the wreck, proposes the fix in plain English, and guarantees you can undo every move.

The 4pm that eats your evening

You didn't sign up to fight git.

You signed up to ship. But the mess that matters most doesn't live in a pull request. It lives in the working tree on your machine, and it doesn't care that standup is in ten minutes.

CONFLICT (content): both modified rebase-apply/ · interrupted HEAD detached at 3f9a1c fatal: reference is not a tree you are not currently on a branch submodule → dead SHA did I just lose that commit?
The whole idea

It's not "AI resolves your conflict."
It's AI proposes, and you can always undo it.

An LLM turned loose on a real repo is a data-loss machine. So the product isn't the model. It's the safety layer around it: snapshot first, confirm anything destructive, verify after, roll back on the smallest doubt. That layer is what makes nit safe to point at your work, and what survives a corporate security review.

How it works

Two halves. One never leaves your laptop.

nit is local-first by design. The half with hands on your repo runs on your machine. The half that reasons about the mess runs in the cloud, and it only ever sees a redacted map of the wreck, never your code.

Local agent your machine

The only component that ever touches your working tree.

  • Repo sensor reads the working tree, index, reflog, MERGE_HEAD, rebase-apply/, and submodule SHAs into a structured picture.
  • Safety vault captures a restore point before any change: a bundle of refs, a reflog anchor, a tag. This is the load-bearing part.
  • Executor runs only whitelisted git operations, dry-run and diff-preview first, then applies the approved plan step by step.

Server brain the cloud

Reasoning and audit. Sees a redacted situation, returns a plan.

  • Diagnoser classifies the mess from the redacted situation object.
  • Planner emits an ordered, reversible plan plus a plain-English explanation of every step.
  • Audit store keeps an immutable who / what / when for every action, exportable. The thing your security team actually wants.
up redacted situation: paths, ref graph, SHAs down an ordered, confirm-gated plan
The safety model

Reversible by construction.

Not a promise. A design. Five rules stand between the model and your repo, and none of them are optional.

01 · load-bearing

Snapshot before touch

No mutating operation runs until the vault has a restore point. nit undo is always one command away. If the snapshot can't be taken, nit refuses to act.

02

Two-phase writes

Anything destructive (reset --hard, force-push, ref delete) is gated behind an explicit yes. Only clearly-safe moves like a rescue branch or a stash auto-run.

03

Dry-run + diff preview

You see the resulting tree and diff before a single byte changes. No surprises, no "trust me."

04

Verify, then auto-undo

After each step nit checks the post-state is sane. If it isn't, it rolls back to the vault on its own and tells you which step failed.

05

A whitelist, not a shell

The executor runs a fixed set of git operations. It never runs arbitrary shell the model dreamed up. The model advises; it doesn't hold the keys.

What it rescues

The messes that ruin the afternoon.

<<<<<<<

Merge & rebase conflicts

Content conflicts sorted out hunk by hunk, with a strategy you approve before it lands.

⏸ rebase-apply/

Interrupted rebase

Stuck mid-rebase with a half-applied stack. nit gets you to a clean continue or a clean abort.

⌥ HEAD

Detached HEAD

Back onto a real branch without orphaning the work you did while you were adrift.

↺ reflog

Lost commits

That commit you thought a reset ate. It's in the reflog. nit finds it and brings it home.

↪ .gitmodules

Submodule drift

A submodule pointing at a dead SHA. Diagnosed, reported, and re-pointed only when you say so.

? unsure

When it isn't sure

Low confidence means nit asks instead of acting. It never guesses a destructive plan.

The privacy invariant

Your code never crosses the wire.

This isn't a setting you harden later. It's a constraint from day one, and it's the honest answer to "an AI touching our repos." Conflict content is stripped by default. Nothing leaves without your opt-in, and a what-we-send inspector lets you audit the exact payload, byte for byte.

UP ↑ Situation only — paths, ref graph, SHAs, submodule pointers
DOWN ↓ The plan — git ops + rationale. No code, no secrets.
NEVER Source & credentials — they stay on your machine. Full stop.
Straight talk

What nit is, and what it isn't.

v1 does one job well. Here's the honest edge of it.

Built for this

  • Developers who live in a terminal and hit real git messes
  • Getting unstuck from a conflict, rebase, or detached HEAD, fast
  • Recovering work you thought you discarded
  • Anyone who wants a guaranteed undo before an AI touches their repo

Not for this (yet)

  • A general chat bot. One job: git rescue.
  • Auto-resolving semantic conflicts it isn't sure about. It proposes; you confirm.
  • PR / merge-queue orchestration or branch governance (that's a later phase).
  • Teams & billing. v1 is self-serve, single-user.
Get it

Next time git bites,
you'll be glad it's already there.

$ brew install nit copy

v1 is in the shop. Drop a line to hello@nit.fyi to be first through the door.