Git 清理工具 - 安全清理本地分支和工作树，智能分类合并与未合并分支

git-cleanup by trailofbits/skills

762 周安装量

3,900 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/trailofbits/skills --skill git-cleanup

开发自动化开发运维

🇨🇳中文介绍

Git 清理

通过将累积的 git 工作树和本地分支分类为：可安全删除（已合并）、可能相关（相似主题）和活跃工作（保留），来安全地清理它们。

何时使用

当用户积累了大量的本地分支和工作树时
当分支已合并但未在本地清理时
当远程分支已被删除但本地跟踪分支仍然存在时

何时不使用

不要用于远程分支管理（这仅用于本地清理）
不要用于像 gc 或 prune 这样的仓库维护任务
不适用于无头或非交互式自动化（需要用户在两个关卡处进行确认）

核心原则：安全第一

未经用户明确确认，绝不删除任何内容。 此技能使用一个分阶段的工作流程，用户必须在任何破坏性操作之前批准每个步骤。

关键实现说明

压缩合并的分支需要强制删除

重要提示： 对于压缩合并的分支，git branch -d 将总是失败，因为 git 无法检测到工作已被合并。这是预期行为，不是错误。

当你识别出一个分支是压缩合并的时：

计划从一开始就使用 git branch -D（强制删除）
不要先尝试 git branch -d，然后再询问是否使用 -D —— 这会浪费用户的确认次数
在确认步骤中，对压缩合并的分支显示

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

FlyClaw：零登录航班聚合查询工具，Python实现多源航班信息与价格搜索

4,000,000 周安装

find-skills 技能搜索工具 - Vercel Labs 开源智能体技能包管理器

749,400 周安装

Vercel React 最佳实践指南 | 58条Next.js性能优化规则与代码重构

255,700 周安装

Vercel Web界面规范检查工具 - 自动检测代码是否符合Web设计指南

205,600 周安装

# 获取默认分支名称
default_branch=$(git symbolic-ref refs/remotes/origin/HEAD \
  2>/dev/null | sed 's@^refs/remotes/origin/@@' || echo "main")

# 受保护的分支 - 永不分析或删除
protected='^(main|master|develop|release/.*)$'

# 列出所有带有跟踪信息的本地分支
git branch -vv

# 列出所有工作树
git worktree list

# 获取并清理以同步远程状态
git fetch --prune

# 获取已合并的分支（合并到默认分支）
git branch --merged "$default_branch"

# 获取最近的 PR 合并历史（检测压缩合并）
git log --oneline "$default_branch" | grep -iE "#[0-9]+" | head -30

# 对于每个非受保护分支，获取唯一的提交和同步状态
for branch in $(git branch --format='%(refname:short)' \
  | grep -vE "$protected"); do
  echo "=== $branch ==="
  echo "不在 $default_branch 中的提交："
  git log --oneline "$default_branch".."$branch" 2>/dev/null \
    | head -5
  echo "未推送到远程的提交："
  git log --oneline "origin/$branch".."$branch" 2>/dev/null \
    | head -5 || echo "（无远程跟踪）"
done

### 相关分支组：feature/api-*

| 分支 | 提交数 | 合并的 PR | 状态 |
|--------|---------|-----------|--------|
| feature/api | 12 | #29 (初始 API) | 已被取代 - 工作在主分支中 |
| feature/api-v2 | 8 | #45 (API 改进) | 已被取代 - 工作在主分支中 |
| feature/api-refactor | 5 | #67 (重构) | 已被取代 - 工作在主分支中 |
| feature/api-final | 4 | 未找到 | 被上述 PR 取代 |

**建议：** 所有 4 个分支都可以删除 - 工作已通过 PR #29、#45、#67 合并

分支是否已合并到默认分支？
├─ 是 → 可安全删除 (使用 -d)
└─ 否 → 是否跟踪远程？
        ├─ 是 → 远程是否已删除？([gone])
        │        ├─ 是 → 工作是否被压缩合并？(在主分支中检查 PR)
        │        │        ├─ 是 → 压缩合并 (使用 -D)
        │        │        └─ 否 → 远程已删除 (需要审查)
        │        └─ 否 → 本地是否领先于远程？(检查：git log origin/<branch>..<branch>)
        │                ├─ 是 (有输出) → 未推送的工作 (保留)
        │                └─ 否 (空输出) → 与远程同步 (保留)
        └─ 否 → 是否有唯一提交？
                ├─ 是 → 本地工作 (保留)
                └─ 否 → 可安全删除 (使用 -d)

类别	含义	删除命令
可安全删除	已合并到默认分支	`git branch -d`
压缩合并	工作通过压缩合并合并	`git branch -D`
已被取代	属于一个组，工作已通过 PR 或在较新分支中验证在主分支中	`git branch -D`
远程已删除	远程已删除，工作未在主分支中找到	需要审查
未推送的工作	有未推送到远程的提交	保留
本地工作	具有唯一提交的未跟踪分支	保留
与远程同步	与远程保持同步	保留

## Git 清理分析

### 相关分支组

**组：feature/api-* (4 个分支)**
| 分支 | 状态 | 证据 |
|--------|--------|----------|
| feature/api | 已被取代 | 工作在 PR #29 中合并 |
| feature/api-v2 | 已被取代 | 工作在 PR #45 中合并 |
| feature/api-refactor | 已被取代 | 工作在 PR #67 中合并 |
| feature/api-final | 已被取代 | 旧迭代，已偏离 |

建议：删除所有 4 个（工作已在主分支中）

---

### 单个分支

**可安全删除（已合并，使用 -d）**
| 分支 | 合并到 |
|--------|-------------|
| fix/typo | main |

**可安全删除（压缩合并，需要 -D）**
| 分支 | 合并为 |
|--------|-----------|
| feature/login | PR #42 |

**需要审查（远程 [gone]，未找到 PR）**
| 分支 | 最后提交 |
|--------|-------------|
| experiment/old | abc1234 "WIP something" |

**保留（活跃工作）**
| 分支 | 状态 |
|--------|--------|
| wip/new-feature | 5 个未推送的提交 |

### 工作树
| 路径 | 分支 | 状态 |
|------|--------|--------|
| ../proj-auth | feature/auth | 陈旧 (已合并) |

---

**总结：**
- 4 个相关分支 (feature/api-*) - 建议全部删除
- 1 个已合并分支 - 可安全删除
- 1 个压缩合并分支 - 可安全删除
- 1 个需要审查
- 1 个保留

您想清理哪些？

永不自动调用 - 仅当用户明确使用 /git-cleanup 时运行
仅有两个确认关卡 - 分析审查，然后删除确认
使用正确的删除命令 - -d 用于已合并，-D 用于压缩合并/已被取代
永不触及受保护分支 - main、master、develop、release/*（通过编程方式过滤）
阻止脏工作树移除 - 未经明确的数据丢失确认则拒绝
分组相关分支 - 不要将它们分散在各个类别中

合理化理由	为何错误
“分支很旧，删除可能很安全”	年龄并不表示合并状态。旧分支可能包含未合并的工作。
“如果需要，我可以从 reflog 恢复”	Reflog 条目会过期。用户通常不知道如何使用 reflog。不要依赖它作为安全网。
“这只是一个本地分支，没什么重要的”	本地分支可能包含未推送到任何地方的唯一工作副本。
“PR 已合并，所以分支是安全的”	压缩合并不保留分支历史。验证特定的提交已被合并。
“我就删除所有 `[gone]` 分支”	`[gone]` 仅表示远程已被删除。本地分支可能有未推送的提交。
“用户似乎想删除所有内容”	始终先呈现分析。让用户选择要删除的内容。
“分支有不在主分支中的提交，所以它有未推送的工作”	“不在主分支中” ≠ “未推送”。一个分支可以与其远程同步但未合并到主分支。始终检查 `git log origin/<branch>..<branch>`。

🇺🇸English

Git Cleanup

Safely clean up accumulated git worktrees and local branches by categorizing them into: safely deletable (merged), potentially related (similar themes), and active work (keep).

When to Use

When the user has accumulated many local branches and worktrees
When branches have been merged but not cleaned up locally
When remote branches have been deleted but local tracking branches remain

When NOT to Use

Do not use for remote branch management (this is local cleanup only)
Do not use for repository maintenance tasks like gc or prune
Not designed for headless or non-interactive automation (requires user confirmations at two gates)

Core Principle: SAFETY FIRST

Never delete anything without explicit user confirmation. This skill uses a gated workflow where users must approve each step before any destructive action.

Critical Implementation Notes

Squash-Merged Branches Require Force Delete

IMPORTANT: git branch -d will ALWAYS fail for squash-merged branches because git cannot detect that the work was incorporated. This is expected behavior, not an error.

When you identify a branch as squash-merged:

Plan to use git branch -D (force delete) from the start
Do NOT try git branch -d first and then ask again for -D - this wastes user confirmations
In the confirmation step, show git branch -D for squash-merged branches

Group Related Branches BEFORE Categorization

MANDATORY: Before categorizing individual branches, group them by name prefix:

# Extract common prefixes from branch names
# e.g., feature/auth-*, feature/api-*, fix/login-*

Branches sharing a prefix (e.g., feature/api, feature/api-v2, feature/api-refactor) are almost certainly related iterations. Analyze them as a group:

Find the oldest and newest by commit date
Check if newer branches contain commits from older ones
Check which PRs merged work from each
Determine if older branches are superseded

Present related branches together with a clear recommendation, not scattered across categories.

Thorough PR History Investigation

Don't rely on simple keyword matching. For [gone] branches:

# 1. Get the branch's commits that aren't in default branch
git log --oneline "$default_branch".."$branch"

# 2. Search default branch for PRs that incorporated this work
# Search by: branch name, commit message keywords, PR numbers
git log --oneline "$default_branch" | grep -iE "(branch-name|keyword|#[0-9]+)"

# 3. For related branch groups, trace which PRs merged which work
git log --oneline "$default_branch" | grep -iE "(#[0-9]+)" | head -20

Workflow

Phase 1: Comprehensive Analysis

Gather ALL information upfront before any categorization:

# Get default branch name
default_branch=$(git symbolic-ref refs/remotes/origin/HEAD \
  2>/dev/null | sed 's@^refs/remotes/origin/@@' || echo "main")

# Protected branches - never analyze or delete
protected='^(main|master|develop|release/.*)$'

# List all local branches with tracking info
git branch -vv

# List all worktrees
git worktree list

# Fetch and prune to sync remote state
git fetch --prune

# Get merged branches (into default branch)
git branch --merged "$default_branch"

# Get recent PR merge history (squash-merge detection)
git log --oneline "$default_branch" | grep -iE "#[0-9]+" | head -30

# For EACH non-protected branch, get unique commits and sync status
for branch in $(git branch --format='%(refname:short)' \
  | grep -vE "$protected"); do
  echo "=== $branch ==="
  echo "Commits not in $default_branch:"
  git log --oneline "$default_branch".."$branch" 2>/dev/null \
    | head -5
  echo "Commits not pushed to remote:"
  git log --oneline "origin/$branch".."$branch" 2>/dev/null \
    | head -5 || echo "(no remote tracking)"
done

Note on branch names: Git branch names can contain characters that break shell expansion. Always quote "$branch" in commands.

Phase 2: Group Related Branches

Do this BEFORE individual categorization.

Identify branch groups by shared prefixes:

# List branches and extract prefixes
git branch --format='%(refname:short)' | sed 's/-[^-]*$//' | sort | uniq -c | sort -rn

For each group with 2+ branches:

Compare commit histories - Which branches contain commits from others?
Find merge evidence - Which PRs incorporated work from this group?
Identify the "final" branch - Usually the most recent or most complete
Mark superseded branches - Older iterations whose work is in main or in a newer branch

SUPERSEDED requires evidence, not just shared prefix:

A PR merged the work into main, OR
A newer branch contains all commits from the older branch
Name prefix alone is NOT sufficient — similarly named branches may contain independent work

Example analysis for feature/api-* branches:

### Related Branch Group: feature/api-*

| Branch | Commits | PR Merged | Status |
|--------|---------|-----------|--------|
| feature/api | 12 | #29 (initial API) | Superseded - work in main |
| feature/api-v2 | 8 | #45 (API improvements) | Superseded - work in main |
| feature/api-refactor | 5 | #67 (refactor) | Superseded - work in main |
| feature/api-final | 4 | None found | Superseded by above PRs |

**Recommendation:** All 4 branches can be deleted - work incorporated via PRs #29, #45, #67

Phase 3: Categorize Remaining Branches

For branches NOT in a related group, categorize individually:

Is branch merged into default branch?
├─ YES → SAFE_TO_DELETE (use -d)
└─ NO → Is tracking a remote?
        ├─ YES → Remote deleted? ([gone])
        │        ├─ YES → Was work squash-merged? (check main for PR)
        │        │        ├─ YES → SQUASH_MERGED (use -D)
        │        │        └─ NO → REMOTE_GONE (needs review)
        │        └─ NO → Local ahead of remote? (check: git log origin/<branch>..<branch>)
        │                ├─ YES (has output) → UNPUSHED_WORK (keep)
        │                └─ NO (empty output) → SYNCED_WITH_REMOTE (keep)
        └─ NO → Has unique commits?
                ├─ YES → LOCAL_WORK (keep)
                └─ NO → SAFE_TO_DELETE (use -d)

Category definitions:

Category	Meaning	Delete Command
SAFE_TO_DELETE	Merged into default branch	`git branch -d`
SQUASH_MERGED	Work incorporated via squash merge	`git branch -D`
SUPERSEDED	Part of a group, work verified in main via PR or in newer branch	`git branch -D`
REMOTE_GONE	Remote deleted, work NOT found in main	Review needed
UNPUSHED_WORK	Has commits not pushed to remote	Keep
LOCAL_WORK	Untracked branch with unique commits	Keep
SYNCED_WITH_REMOTE

Phase 4: Dirty State Detection

Check ALL worktrees and current directory for uncommitted changes:

# For each worktree path
git -C <worktree-path> status --porcelain

# For current directory
git status --porcelain

Display warnings prominently:

WARNING: ../proj-auth has uncommitted changes:
  M  src/auth.js
  ?? new-file.txt

These changes will be LOST if you remove this worktree.

GATE 1: Present Complete Analysis

Present everything in ONE comprehensive view. Group related branches together:

## Git Cleanup Analysis

### Related Branch Groups

**Group: feature/api-* (4 branches)**
| Branch | Status | Evidence |
|--------|--------|----------|
| feature/api | Superseded | Work merged in PR #29 |
| feature/api-v2 | Superseded | Work merged in PR #45 |
| feature/api-refactor | Superseded | Work merged in PR #67 |
| feature/api-final | Superseded | Older iteration, diverged |

Recommendation: Delete all 4 (work is in main)

---

### Individual Branches

**Safe to Delete (merged with -d)**
| Branch | Merged Into |
|--------|-------------|
| fix/typo | main |

**Safe to Delete (squash-merged, requires -D)**
| Branch | Merged As |
|--------|-----------|
| feature/login | PR #42 |

**Needs Review ([gone] remotes, no PR found)**
| Branch | Last Commit |
|--------|-------------|
| experiment/old | abc1234 "WIP something" |

**Keep (active work)**
| Branch | Status |
|--------|--------|
| wip/new-feature | 5 unpushed commits |

### Worktrees
| Path | Branch | Status |
|------|--------|--------|
| ../proj-auth | feature/auth | STALE (merged) |

---

**Summary:**
- 4 related branches (feature/api-*) - recommend delete all
- 1 merged branch - safe to delete
- 1 squash-merged branch - safe to delete
- 1 needs review
- 1 to keep

Which would you like to clean up?

Use AskUserQuestion with clear options:

Delete all recommended (groups + merged + squash-merged)
Delete specific groups/categories
Let me pick individual branches

Do not proceed until user responds.

GATE 2: Final Confirmation with Exact Commands

Show the EXACT commands that will run, with correct flags:

I will execute:

# Merged branches (safe delete)
git branch -d fix/typo

# Squash-merged branches (force delete - work is in main via PRs)
git branch -D feature/login
git branch -D feature/api
git branch -D feature/api-v2
git branch -D feature/api-refactor
git branch -D feature/api-final

# Worktrees
git worktree remove ../proj-auth

Confirm? (yes/no)

IMPORTANT: This is the ONLY confirmation needed for deletion. Do not add extra confirmations if -D is required.

Phase 5: Execute

Run each deletion as a separate command so partial failures don't block remaining deletions. Report the result of each:

git branch -d fix/typo
git branch -D feature/login
git branch -D feature/api
git branch -D feature/api-v2
git branch -D feature/api-refactor
git branch -D feature/api-final
git worktree remove ../proj-auth

If a deletion fails, report the error and continue with remaining deletions.

Phase 6: Report

## Cleanup Complete

### Deleted
- fix/typo
- feature/login
- feature/api
- feature/api-v2
- feature/api-refactor
- feature/api-final
- Worktree: ../proj-auth

### Remaining (4 branches)
| Branch | Status |
|--------|--------|
| main | current |
| wip/new-feature | active work |
| experiment/old | needs review |

Safety Rules

Never invoke automatically - Only run when user explicitly uses /git-cleanup
Two confirmation gates only - Analysis review, then deletion confirmation
Use correct delete command - -d for merged, -D for squash-merged/superseded
Never touch protected branches - main, master, develop, release/* (filtered programmatically)
Block dirty worktree removal - Refuse without explicit data loss acknowledgment
Group related branches - Don't scatter them across categories

Rationalizations to Reject

These are common shortcuts that lead to data loss. Reject them:

Rationalization	Why It's Wrong
"The branch is old, it's probably safe to delete"	Age doesn't indicate merge status. Old branches may contain unmerged work.
"I can recover from reflog if needed"	Reflog entries expire. Users often don't know how to use reflog. Don't rely on it as a safety net.
"It's just a local branch, nothing important"	Local branches may contain the only copy of work not pushed anywhere.
"The PR was merged, so the branch is safe"	Squash merges don't preserve branch history. Verify the specific commits were incorporated.
"I'll just delete all the `[gone]` branches"	`[gone]` only means the remote was deleted. The local branch may have unpushed commits.
"The user seems to want everything deleted"	Always present analysis first. Let the user choose what to delete.
"The branch has commits not in main, so it has unpushed work"	"Not in main" ≠ "not pushed". A branch can be synced with its remote but not merged to main. Always check `git log origin/<branch>..<branch>`.

Weekly Installs

762

Repository

trailofbits/skills

GitHub Stars

3.9K

First Seen

Feb 12, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode683

codex682

claude-code677

gemini-cli672

github-copilot665

cursor663

Git 清理工具 - 安全清理本地分支和工作树，智能分类合并与未合并分支

🇨🇳中文介绍

Git 清理

何时使用

何时不使用

核心原则：安全第一

关键实现说明

压缩合并的分支需要强制删除

相关 Skills

在分类之前分组相关分支

彻底的 PR 历史调查

工作流程

阶段 1：全面分析

阶段 2：分组相关分支

阶段 3：对剩余分支进行分类

阶段 4：脏状态检测

关卡 1：呈现完整分析

关卡 2：带有确切命令的最终确认

阶段 5：执行

阶段 6：报告

安全规则

应拒绝的合理化理由