Our review

Enforces Git workflow conventions for branch naming, commit messages, and secret protection with automatic safety guards.

Strengths

Automates validation of branch names and commit messages against a defined convention
Prevents accidental exposure of sensitive files (keys, tokens) before commit
Blocks pushes to protected branches and dangerous operations (force-push, amend after push)
Provides interactive mode to clarify user intent when ambiguous

Limitations

The imposed conventions may not suit all project styles
Requires initial setup of .gitignore and conventions configuration
Can slow down workflow if rules are too strict for quick changes

When to use it

Use this skill in a team context where standardized Git workflow and secret safety are priorities.

When not to use it

Avoid this skill for personal or experimental projects where flexibility is preferred, or when the team has not agreed on conventions.

Examples

Create a feature branch

Create a new branch for the user authentication feature with scope 'auth'.

Commit changes with proper format

Commit the staged changes with a message describing the fix for the login timeout issue in the auth module.

Push to protected branch blocked

Push the current branch to main to deploy the latest changes.

name: git description: Git workflow with enforced branch naming, commit formatting, secret protection, and safety guards. Use when: creating branches, committing changes, pushing code, merging, resolving conflicts, creating PRs. Triggers: git operations, create branch, commit, push, merge, branch naming, commit message format. allowed-tools: Bash(git:*)

Git Workflow

Enforces repository conventions for branches, commits, and pushes.

Conventions: See @.claude/skills/git/references/conventions.md

Process

VALIDATE → EXECUTE → VERIFY

Decision Rules

Branch Type

New functionality → feature/<scope>/<desc>
Bug fix → fix/<scope>/<desc>
Refactor → refactor/<scope>/<desc>
Docs → docs/<scope>/<desc>
Maintenance → chore/<scope>/<desc>
Urgent fix → hotfix/<desc>
Release → release/<version>

Commit Type

Feature → feature(<scope>): ...
Fix → fix(<scope>): ...
Refactor → refactor(<scope>): ...
Test → test(<scope>): ...
Docs → docs(<scope>): ...

Source Branch

feature/fix/refactor/docs/chore → from main
hotfix → from release/* or main
release → from main

Secret Protection

Protected Patterns

Files (block commit):

*.env
*.env.*
*.pem
*.key
*.p12
*.pfx
*.crt
credentials.*
secrets.*
*_secret.*
*.keystore

Directories (block commit):

.secrets/
.credentials/

Allowed exceptions:

*.env.example
*.example

Pre-Commit Check

Before any commit, scan staged files:

git diff --cached --name-only

If protected pattern detected:

⚠ Secret Protection

Detected secret file staged for commit:
  [filename]

Action: Adding to .gitignore and unstaging file.

Then:

Add pattern to .gitignore
Unstage file: git reset HEAD [file]
Continue commit without secret

.gitignore Management

If .gitignore doesn't exist:

ℹ Creating .gitignore

Project has no .gitignore. Creating with security patterns.

Create with standard security block:

# Secrets - NEVER COMMIT
.env
.env.*
!.env.example
*.pem
*.key
*.p12
*.secret
.secrets/
.credentials/

If .gitignore exists but missing pattern:

Append missing pattern to existing .gitignore.

Safety Guards

Block Operations

| Trigger | Action | |---------|--------| | Push to main/master/release/*/prod/* | Block → suggest PR | | Force-push on shared branch | Block | | Amend after push | Block → suggest new commit | | Secret file in staged changes | Block → update .gitignore | | Binary >100MB | Block |

Warn Only

Binary >10MB

Validation

Before commit/push:

Branch name matches convention?
Commit message format correct?
No secrets in staged files?
Not pushing to protected branch?

Interactive Mode

When ambiguous, ask:

"Possible actions:
1. Create branch
2. Commit changes  
3. Push commits
Which matches your intent?"

Secure Git Workflow

Recommended for