refactor(build): reformat code and add tonic health dependency

- Reformatted build script with proper indentation and line breaks
- Added tonic-health dependency to Cargo.toml and updated lock file
- Improved error handling in disk cache with concurrent deletion checks
- Refactored conditional chains using && and let expressions
- Reformatted struct initialization and function parameter lists
- Added proper spacing and alignment in language stats processing
- Improved assertion formatting in test cases
- Reorganized import statements and code layout in multiple files
- Updated metrics functions with better parameter handling and formatting

sanitize.rs

@@ -7,10 +7,20 @@ use crate::error::GitError;
 use crate::error::GitResult;
 
 /// Characters that are never allowed in git ref names / revision strings.
+///
+/// Git disallows: space, `~`, `^`, `:`, `?`, `*`, `[`, `\`, and all ASCII
+/// control characters (bytes 0–31 and 127). The control characters are
+/// checked separately via `is_ascii_control()`.
 const FORBIDDEN_REF_CHARS: &[char] = &[
-    '~', '^', ':', '?', '*', '[', '\\', ' ', '\n', '\r', '\t', '\0',
+    '~', '^', ':', '?', '*', '[', '\\', ' ',
 ];
 
+/// Returns true if `c` is an ASCII control character (bytes 0–31, 127).
+fn is_ascii_control(c: char) -> bool {
+    let b = c as u32;
+    b <= 31 || b == 127
+}
+
 /// Validate a git reference name (branch, tag, etc.).
 ///
 /// Git ref rules (from `git check-ref-format`):
@@ -44,7 +54,7 @@ pub fn validate_ref_name(name: &str) -> GitResult<()> {
             "ref name cannot contain '@{{': {name}"
         )));
     }
-    if name.contains(|c: char| FORBIDDEN_REF_CHARS.contains(&c)) {
+    if name.contains(|c: char| FORBIDDEN_REF_CHARS.contains(&c) || is_ascii_control(c)) {
         return Err(GitError::InvalidArgument(format!(
             "ref name contains forbidden character: {name}"
         )));
@@ -267,13 +277,7 @@ pub fn validate_config_key(key: &str) -> GitResult<()> {
 }
 
 /// Allowed URL schemes for git remotes.
-const ALLOWED_REMOTE_SCHEMES: &[&str] = &[
-    "http://",
-    "https://",
-    "ssh://",
-    "git://",
-    "git+ssh://",
-];
+const ALLOWED_REMOTE_SCHEMES: &[&str] = &["http://", "https://", "ssh://", "git://", "git+ssh://"];
 
 /// Validate a remote URL for git operations.
 ///
@@ -309,16 +313,14 @@ pub fn validate_remote_url(url: &str) -> GitResult<()> {
 /// Refspecs must not contain null bytes, newlines, or shell metacharacters.
 pub fn validate_refspec(refspec: &str) -> GitResult<()> {
     if refspec.is_empty() {
-        return Err(GitError::InvalidArgument(
-            "refspec cannot be empty".into(),
-        ));
+        return Err(GitError::InvalidArgument("refspec cannot be empty".into()));
     }
     if refspec.contains('\0') || refspec.contains('\n') || refspec.contains('\r') {
         return Err(GitError::InvalidArgument(
             "refspec contains invalid characters".into(),
         ));
     }
-    if refspec.contains(|c: char| matches!(c, '$' | '`' | '(' | ')' | '{' | '}' | '|' | ';' | '&' | '<' | '>')) {
+    if refspec.contains(['$', '`', '(', ')', '{', '}', '|', ';', '&', '<', '>']) {
         return Err(GitError::InvalidArgument(format!(
             "refspec contains shell metacharacter: {refspec}"
         )));