safe-commit
Safe Commit Skill
⚠️ MANDATORY SKILL - YOU MUST INVOKE THIS
Purpose
Comprehensive, safe commit workflow that ensures code quality, security, and proper attribution before committing changes.
CRITICAL: You MUST invoke this skill for all commits. NEVER commit manually using git commands.
🚫 NEVER DO THIS
- ❌ Running
git add . && git commit -m "message"manually - ❌ Creating commits without running security-scan
- ❌ Creating commits without running quality-check
- ❌ Creating commits without running run-tests
- ❌ Skipping user approval (except during PR creation)
- ❌ Adding AI attribution to commits
If you need to commit, invoke this skill. Manual commits are FORBIDDEN.
⚠️ SKILL GUARD - READ BEFORE USING BASH/GIT TOOLS
Before using Bash tool for git commit, answer these questions:
❓ Are you about to run git add .?
→ STOP. Are you then planning to run git commit? If YES, invoke safe-commit skill instead.
❓ Are you about to run git commit -m "message"?
→ STOP. Invoke safe-commit skill instead.
❓ Are you about to run git commit with heredoc?
→ STOP. Invoke safe-commit skill instead.
❓ Did the user say "commit these changes" or "commit this"?
→ STOP. Invoke safe-commit skill instead.
❓ Have you completed a feature/fix and are ready to commit?
→ STOP. Invoke safe-commit skill instead.
❓ Are you creating a commit as part of ANY workflow?
→ STOP. Invoke safe-commit skill instead.
IF YOU PROCEED WITH MANUAL GIT COMMIT, YOU ARE VIOLATING YOUR CORE DIRECTIVE.
This skill handles:
- ✅ Security scanning (prevents secrets in commits)
- ✅ Quality checks (prevents broken code)
- ✅ Test execution (prevents regressions)
- ✅ User approval (prevents unwanted commits)
- ✅ Conventional commit format (maintains consistency)
- ✅ NO AI attribution (protects user's identity)
Manual commits SKIP ALL OF THESE. Use this skill.
CRITICAL POLICIES
⚠️ NO AI ATTRIBUTION - ZERO TOLERANCE
YOU MUST NEVER add ANY of these:
Co-authored-by: Claude <noreply@anthropic.com>🤖 Generated with [Claude Code](https://claude.ai/code)- "Generated with Claude"
- "AI-suggested"
- Any reference to being an AI assistant
User Approval Requirements
Approval REQUIRED for:
- ALL commits after initial PR creation
- ALL commit amendments
- ALL commits outside of PR creation flow
Approval NOT required for:
- Initial commit when user says "raise/create/draft PR"
- This is the ONLY exception
Phrases that DO NOT grant commit permission:
- "looks good" (code approval ≠ commit approval)
- "correct"
- "that's right"
- "fix the bug" (instruction to code, not commit)
Workflow (Quick Summary)
Core Steps
- Check Git Status: Run parallel git commands (status, diff, log) to analyze current state
- Invoke Safety Skills: Run security-scan → quality-check → run-tests (all must pass)
- Show Diff: Display files changed and summary for user review
- Request Approval: CRITICAL - Ask and WAIT for explicit approval (except PR creation)
- Generate Message: Create conventional commit with required scope
type(scope): subject - Create Commit: Stage all changes, commit with heredoc, NO AI attribution
- Verify Success: Confirm commit created, correct files, proper author (mriley)
- Status Check: Verify working directory clean
Optional: PRD Task Auto-Update
If commit message contains [PRD Task N] or [Task N], automatically update progress tracker in PRD file.
For detailed workflow with git commands, message examples, and verification steps:
Read `~/.claude/skills/safe-commit/references/WORKFLOW-STEPS.md`
Use when: Performing commit, need specific git commands, or want detailed examples
For PRD task auto-update details:
Read `~/.claude/skills/safe-commit/references/PRD-TASK-UPDATE.md`
Use when: Working with PRD tracking or implementing progress automation
For pre-commit hook handling:
Read `~/.claude/skills/safe-commit/references/PRE-COMMIT-HOOKS.md`
Use when: Dealing with hook-modified files or commit amendment scenarios
Integration with Other Skills
This skill invokes:
security-scan- Step 2.1quality-check- Step 2.2run-tests- Step 2.3
This skill is invoked by:
create-pr- As part of PR creation workflow
Exception: PR Creation Flow
When invoked by create-pr skill:
- Skip Step 4 (user approval)
- Proceed directly to commit
- This is the ONLY time auto-commit is allowed
The create-pr skill is only invoked when user explicitly says "raise/create/draft PR"
Error Handling
If security scan fails:
❌ Cannot commit: Security issues detected
[Details from security-scan skill]
Please fix security issues and try again.
If quality check fails:
❌ Cannot commit: Code quality issues detected
[Details from quality-check skill]
Please fix linter/formatter issues and try again.
If tests fail:
❌ Cannot commit: Tests failing or coverage below threshold
[Details from run-tests skill]
Please fix failing tests and improve coverage, then try again.
If git commit fails:
❌ Commit failed
Error: [git error message]
Possible causes:
- Pre-commit hook failure
- Git configuration issue
- File system permissions
Please investigate and retry.
Best Practices
- Always run in order - Security → Quality → Tests → Commit
- No skipping checks - All must pass
- Get explicit approval - Don't assume permission (except PR creation)
- Descriptive messages - Help future you understand why
- Proper scopes - Never omit scope from commit message
- Verify attribution - Always ensure mriley is sole author
- Clean commits - Stage all changes, commit once
Commit Message Quality Checklist
Before committing, verify message has:
- ✅ Type and scope in format:
type(scope): - ✅ Imperative mood in subject
- ✅ Subject ≤ 50 characters
- ✅ Body explains why (if needed)
- ✅ References issues/tickets (if applicable)
- ✅ NO AI attribution anywhere
- ✅ NO Co-authored-by tags
Emergency Override
If user explicitly states "force commit" or "skip checks":
YOU MUST:
- Warn about risks
- List which checks are being skipped
- Get explicit re-confirmation
- Document in commit message what was skipped
- Create follow-up ticket for remediation
This should be EXTREMELY RARE.