Commit
Purpose: Create a clean, well-documented commit Mode: Git operations with user confirmation required Usage:
/commit [scope flags]
Iron Laws
- •NEVER COMMIT WITHOUT EXPLICIT APPROVAL — Valid approval per
ai-assistant-protocol, pluscommitas a domain-specific term. Silence, questions, "okay" are NOT approval. - •NEVER COMMIT SECRETS — .env, credentials, API keys. Scan before staging.
- •ONE CONCERN PER COMMIT — If changes include both a feature and a refactor, suggest splitting into separate commits.
Constraints
- •Read + git only — Do not modify source code
- •Never force push without explicit request
- •Never amend commits you didn't create
- •Never skip hooks without explicit request
Scope Flags
| Flag | Description |
|---|---|
--files=<paths> | Commit only specified files |
--uncommitted | Commit all uncommitted changes (default) |
--staged | Commit only already-staged files |
Note: Command examples use
npmas default. Adapt to the project's package manager perai-assistant-protocol— Project Commands.
Workflow
Step 0: Branch Safety
CURRENT_BRANCH=$(git branch --show-current) git status --porcelain MAIN=$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@' || echo "main")
If on main/master: Warn and suggest creating a feature branch. Wait for response.
Step 1: Review Changes
git diff $MAIN...HEAD -- [scope-paths] git diff -- [scope-paths] git diff --staged -- [scope-paths]
## Changes to Commit **Branch:** `[current branch]` **Modified:** `path/to/file.ts` — [brief description] **Added:** `path/to/new.ts` — [purpose] **Deleted:** `path/to/old.ts` — [reason] **Stats:** X files changed, +Y insertions, -Z deletions
Step 2: Mixed-Concern Check
If changes include different concern types (feature + refactor, or feature + config), flag it:
These changes appear to mix concerns: - **Feature:** [files related to new behavior] - **Refactor:** [files with structural changes only] Split into separate commits? (yes / no)
Step 3: Security Scan (Always Runs)
Scan changed files for security issues before committing:
# Secrets detection in changed files grep -rn --include="*.ts" --include="*.tsx" --include="*.js" --include="*.json" \ -E "(api[_-]?key|secret|password|token|credential|private[_-]?key)\s*[:=]" [scope-paths] # Insecure patterns grep -rn --include="*.ts" --include="*.tsx" --include="*.js" \ -E "(eval\(|new Function\(|innerHTML\s*=|dangerouslySetInnerHTML|\.exec\(|rejectUnauthorized:\s*false)" [scope-paths]
If secrets detected: STOP. Warn the user. Do NOT proceed to commit. If insecure patterns detected: Flag for review — ask user to confirm these are intentional before proceeding.
Exclude test files and example/documentation files from blocking — flag them as informational only.
Step 4: Validate (Optional)
npm run typecheck npm run lint npm run test -- [affected]
Step 5: Confirm
**Suggested commit message:**
type: [description]
[optional body]
Options: **yes** / **edit** / **review** / **cancel**
GATE: Do NOT run git commit until user responds with explicit approval.
Step 6: Commit
git add [scope-paths] # NOT -A unless scope is "all" git commit -m "[message]"
Step 7: Report
**Committed:** `abc1234` — [type](scope): [description] **Files:** X changed **Next:** Push? Create PR? Continue working?
Commit Message Format
[type](scope): [short description] [optional body] [optional footer: references, breaking changes]
Types
| Type | Use |
|---|---|
feat | New feature |
fix | Bug fix |
refactor | Structure change (no behavior change) |
test | Adding/updating tests |
docs | Documentation |
chore | Maintenance, dependencies |
perf | Performance |
Rules
- •Imperative mood ("add" not "added")
- •Max 50 characters subject, 72 body
- •No period at end
- •Every message answers: what changed and why
Banned Messages
"update code", "fix bug", "changes", "misc", "wip", "stuff", "updates"
Issue References
Fixes #123 / Closes #123 (closes on merge) — Refs #123 (links without closing)
AI Attribution
When AI wrote most of the code: Co-Authored-By: Claude <noreply@anthropic.com>